From f4647c634d36b5eea078ba7701ee3667c65e3a30e179423c83434407bc186dcc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aeneas=20Jai=C3=9Fle?= Date: Wed, 4 Sep 2024 07:03:28 +0000 Subject: [PATCH] update to 1.6.9 OBS-URL: https://build.opensuse.org/package/show/server:php:applications/roundcubemail?expand=0&rev=176 --- .gitattributes | 23 + .gitignore | 1 + README.openSUSE | 52 + robots.txt | 2 + roundcubemail-1.6.7-complete.tar.gz | 3 + roundcubemail-1.6.7-complete.tar.gz.asc | 16 + roundcubemail-1.6.8-complete.tar.gz | 3 + roundcubemail-1.6.8-complete.tar.gz.asc | 17 + roundcubemail-1.6.9-complete.tar.gz | 3 + roundcubemail-1.6.9-complete.tar.gz.asc | 17 + roundcubemail-config_dir.patch | 13 + roundcubemail-httpd.conf | 323 ++++ roundcubemail-httpd.inc | 22 + roundcubemail-rpmlintrc | 1 + roundcubemail.changes | 2322 +++++++++++++++++++++++ roundcubemail.keyring | 102 + roundcubemail.logrotate | 18 + roundcubemail.spec | 353 ++++ 18 files changed, 3291 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 README.openSUSE create mode 100644 robots.txt create mode 100644 roundcubemail-1.6.7-complete.tar.gz create mode 100644 roundcubemail-1.6.7-complete.tar.gz.asc create mode 100644 roundcubemail-1.6.8-complete.tar.gz create mode 100644 roundcubemail-1.6.8-complete.tar.gz.asc create mode 100644 roundcubemail-1.6.9-complete.tar.gz create mode 100644 roundcubemail-1.6.9-complete.tar.gz.asc create mode 100644 roundcubemail-config_dir.patch create mode 100644 roundcubemail-httpd.conf create mode 100644 roundcubemail-httpd.inc create mode 100644 roundcubemail-rpmlintrc create mode 100644 roundcubemail.changes create mode 100644 roundcubemail.keyring create mode 100644 roundcubemail.logrotate create mode 100644 roundcubemail.spec diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/README.openSUSE b/README.openSUSE new file mode 100644 index 0000000..441e389 --- /dev/null +++ b/README.openSUSE @@ -0,0 +1,52 @@ + +This README contains additional information specific to the +openSUSE package of roundcube. + + +INSTALLATION +============ + +This application is packaged to integrate with Apache and MySQL but +it can basically run with every webserver being able to run PHP and +also use other SQL based database engines. + +After installation of the package the application will immediately +be reachable from everywhere once Apache is enabled under the URL + + http://IP-ADDRESS/roundcubemail + +The configuration is copied from the example config files from the +package and therefore not really working. + +First step is to prepare the MySQL database for Roundcube: + +Setting up the mysql database can be done by creating an empty database, +importing the table layout and granting the proper permissions to the +roundcube user. Here is an example of that procedure: + +# mysql +> CREATE DATABASE roundcubemail /*!40101 CHARACTER SET utf8 COLLATE utf8_general_ci */; +> GRANT ALL PRIVILEGES ON roundcubemail.* TO 'roundcube'@'localhost' IDENTIFIED BY 'password'; +> FLUSH PRIVILEGES; +> quit + +# mysql roundcubemail < /usr/share/doc/packages/roundcubemail/SQL/mysql.initial.sql + +Note 1: 'password' is the master password for the roundcube user. It is strongly +recommended you replace this with a more secure password. Please keep in +mind: You need to specify this password later in '/etc/roundcubemail/config.inc.php'. + +To use the integrated web based installer you need to enable it first +in /etc/roundcubemail/config.inc.php: + +$rcmail_config['enable_installer'] = true; + +IMPORTANT: This MUST be disabled again after installation is finished + for SECURITY reasons + +and then access + + http://IP-ADDRESS/roundcubemail/installer + +to finish the installation. + diff --git a/robots.txt b/robots.txt new file mode 100644 index 0000000..416ed18 --- /dev/null +++ b/robots.txt @@ -0,0 +1,2 @@ +User-agent: * +Disallow: / diff --git a/roundcubemail-1.6.7-complete.tar.gz b/roundcubemail-1.6.7-complete.tar.gz new file mode 100644 index 0000000..b9457ca --- /dev/null +++ b/roundcubemail-1.6.7-complete.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:cf52515e65b2818cb02fd7a202c766367b8c54d8b7fea27dda9c81aa7ce1d3a6 +size 5899345 diff --git a/roundcubemail-1.6.7-complete.tar.gz.asc b/roundcubemail-1.6.7-complete.tar.gz.asc new file mode 100644 index 0000000..ba45b81 --- /dev/null +++ b/roundcubemail-1.6.7-complete.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEiXDjemmK93XYfVkNwpRqlgnNVrQFAmZJ0UIACgkQwpRqlgnN +VrRndRAAicU/OXjddhgBxfUn2OwfuQCVgC3lj8dvquVkdYfGMUieoxaGiJuzUO+2 +K6Ohm+ztsosGDG5qb8stI1wki00dFZ8vNQ4rmZOXy4fv94zT5Ytm4kUojUVfvERr +Ksd/LHEnbNxIQNnBcD5aUrkVv9OxD4lnwYkBkt4vA2G7IDNDC9raDWLcJTZSUvQb +juQ7HIvUp5tzQ0Y9coMhB52jpVJYLZlCdNLvd9zGTebwO/TBBAPLasLusVacQN4W +Sp33RSS/VMQjx1rnmvnltu+0TKXFUYL620Mn6woEhiF/ahXYgcRqz2im2520YNIK +mpz6laU6kc4bNTD6ynQtZ+ZWorC+NrENMhh+T8oX7BPqBKK6T/fuLSiGJfNecaUH +TfH2O9DIiZZ0AP8sAz+Dcjz21sm0Sh2iRSntycbIrhON5nvV/mVDXxOjZ0ZbS3wm +fs8JRvMOk5tXcH4u8y6Z66z19JGjcXnp6FpTfn0mjfy7HcMGN/6OaykVDDQbng7q +Z9DLXlXjN1dNiLELPVQAfUZNy/KbUPy4GI7uifcCGIcx4V1kW2XDGe8tzDMwNUhS +ToS8r0F2VnYcfu+dPXZ2OOWxf+ZT1Mp5shzbCK+ZWWn2/e8t2h2pRFCMgVOmJrWd +yRpNS/zoDjcGp6eLBWragpA2fhOPNktXMH4r2iYfhQkkk+qIrr4= +=s8Ri +-----END PGP SIGNATURE----- diff --git a/roundcubemail-1.6.8-complete.tar.gz b/roundcubemail-1.6.8-complete.tar.gz new file mode 100644 index 0000000..31fbcff --- /dev/null +++ b/roundcubemail-1.6.8-complete.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:8468be0204a734c574adef4be01578c7dc4fab9c2fe34003bf341a2bd20efd2a +size 5899212 diff --git a/roundcubemail-1.6.8-complete.tar.gz.asc b/roundcubemail-1.6.8-complete.tar.gz.asc new file mode 100644 index 0000000..3a43c32 --- /dev/null +++ b/roundcubemail-1.6.8-complete.tar.gz.asc @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- + +iQJHBAABCgAxFiEEiXDjemmK93XYfVkNwpRqlgnNVrQFAmavVQUTHGRldnNAcm91 +bmRjdWJlLm5ldAAKCRDClGqWCc1WtKZ3EADiC6a2RyTGOMcHsS4OgKzpXfPRJ2qw +6Eh/1/VXX0AqJsTGIFXfVJuljFrTE1YQCiWUusiMrhZDIC4kIcFZGxTJQxDLecWn +uuW+rnyjjqOvWUCBzGCcwOXQRB1sj4XOGLrduN05U0bkGLs918OmjrISYhpXLZzK +oxArBXiz74v+BIBd4Ee0JgqQQ3pltC5x547bOOOuLQPb0dCl3fBHzXUYvE7m1U+t +WRtaB3UUtYRGysbyQbgV0EoyZqHF4VYEV5obGOxm4OMGMeO0Kx9fw/zv2lMvu5gg +Xm19rub08SUX85HB21sw53tUSiDORn0LvJoOkRHMwGMqwO1u7zh6Jvdl/FR2SXLK +h52N0lLRY+RyNsXj5asJD7h9E/kNcU9bWV+FtSDeqtH3iSNZ79xKRm+nz5I9To6B +niaIYWn5PwvE32tJUtAJ93Aq32BGxq10F4aV+6imCUYOLJ2B4LQnk6gXCdB+FbiF +LVGkU5VEt/a4+nWdfzIYW/uThTNOAQMA/BTWipEGybpuQxxdJeoMGujQRlkTL38J +CtS2xuXxR9zPRnNTZpFDVQcvuOM3vY4mhWzdDXBrJ+xx4YNbze0UtHUR6c+0LEd+ +4uAIfUDy6dcHOVnm/60ae6eL1TjAyrglPDqQxhLMDmDlS8c5++1zQmcm8Ji9eVMI +r5mki4B+78fygg== +=a8Gh +-----END PGP SIGNATURE----- diff --git a/roundcubemail-1.6.9-complete.tar.gz b/roundcubemail-1.6.9-complete.tar.gz new file mode 100644 index 0000000..7fa0e7b --- /dev/null +++ b/roundcubemail-1.6.9-complete.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:b61a5f5c22f890c299e935aacfcf0870676990d8aebff0d6cdff075bf17cef4f +size 5899444 diff --git a/roundcubemail-1.6.9-complete.tar.gz.asc b/roundcubemail-1.6.9-complete.tar.gz.asc new file mode 100644 index 0000000..6bdeb36 --- /dev/null +++ b/roundcubemail-1.6.9-complete.tar.gz.asc @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- + +iQJHBAABCgAxFiEEiXDjemmK93XYfVkNwpRqlgnNVrQFAmbUI18THGRldnNAcm91 +bmRjdWJlLm5ldAAKCRDClGqWCc1WtH0gD/9NelCSaDRSXciqL+93I6NHOu8hGitt +y32JSEhv8AviKjSxPqVJ83x9gjDUW08QASdQtppAPMVsid19J7egZesLE4geCStE +ryrHW/ELvAqG865SydO5iLxfkzRcnK5sJ5ZKi1tgWXaBoctakV41OqnJVO0Q+YtL +bCu/tF3tqaLsRjCXLcT8+JEV+jAPHMxLgiWcy6QJ+UX5bhY7Op1ZFT5hgcgwFtqE +KGWGktd6Igix97/kFcJ71GnV7MyYIsvtQ94o7B0Uvh4Y7X4iPfwsxBMdAbch1oq1 +h2R6QBIrJQmP5V+xB2QMXO4w/PTekT3p3exS3HKROdKyGlLUrNdGYPerqglZ/Wr+ +VD3gGGw2tSSPNigmqMx7Zsglwe9waWD/hQEKnfH/lckyK1tp67+2aFdIQK7y5K32 +M/4vLmWRLCjjbdROipbrXl2vr/ND7l8Sm6+joVQco8O1dankSuJ8YcQeq4NMu++S +zXdSTe2XQi5M6QZTIEGSG+J6jDBNXoq2wNRv9QcjFrW9/vSgQb7SzG/v3U7tXUWf +qt9b2ieKORbqMPeJyLy6raxZrvCnziB+DfmFJKCfCzgi+ZaGXazDbcpSf/UzXrz3 +CPJKjzkiVG9yi/x1IwN6ZZTXA6orQDw5cgcB7tCFtK6/BTvrDUmpAW86sWqJ7JWu +Txz5ibozQbQPgA== +=WHA/ +-----END PGP SIGNATURE----- diff --git a/roundcubemail-config_dir.patch b/roundcubemail-config_dir.patch new file mode 100644 index 0000000..8a3b702 --- /dev/null +++ b/roundcubemail-config_dir.patch @@ -0,0 +1,13 @@ +Index: roundcubemail-1.4.8/program/include/iniset.php +=================================================================== +--- roundcubemail-1.4.8.orig/program/include/iniset.php ++++ roundcubemail-1.4.8/program/include/iniset.php +@@ -28,7 +28,7 @@ if (!defined('INSTALL_PATH')) { + } + + if (!defined('RCMAIL_CONFIG_DIR')) { +- define('RCMAIL_CONFIG_DIR', getenv('ROUNDCUBE_CONFIG_DIR') ?: (INSTALL_PATH . 'config')); ++ define('RCMAIL_CONFIG_DIR', getenv('ROUNDCUBE_CONFIG_DIR') ?: '/etc/roundcubemail'); + } + + if (!defined('RCUBE_LOCALIZATION_DIR')) { diff --git a/roundcubemail-httpd.conf b/roundcubemail-httpd.conf new file mode 100644 index 0000000..34699d6 --- /dev/null +++ b/roundcubemail-httpd.conf @@ -0,0 +1,323 @@ +# You might want to set up a virtual host for the server, but it is +# not a requirement. You can as well reach the server under its +# common name under https://yourroundcubeserver.example.com/ +# +# NameVirtualHost * +# +# ServerName yourroundcubeserver.example.com +# DocumentRoot __ROUNDCUBEPATH__ + + + + Alias /roundcube "__ROUNDCUBEPATH__/public_html" + Alias /roundcubemail "__ROUNDCUBEPATH__/public_html" + + +# AddDefaultCharset UTF-8 +AddType text/x-component .htc + + + + + Order allow,deny + Allow from all + + = 2.4> + + Require all granted + + + Order allow,deny + Allow from all + + + + + Order allow,deny + Allow from all + + + + Include @apache_sysconfdir@/conf.d/@name@.inc + + + + Include @apache_sysconfdir@/conf.d/@name@.inc + + + + Options +SymLinksIfOwnerMatch + RewriteEngine On + RewriteRule ^favicon\.ico$ skins/larry/images/favicon.ico + + # security rules: + # - deny access to files not containing a dot or starting with a dot + # in all locations except installer directory + RewriteRule ^(?!installer|\.well-known\/|[a-f0-9]{16})(\.?[^\.]+)$ - [F] + # - deny access to some locations + RewriteRule ^/?(\.git|\.tx|\.md|SQL|bin|config|logs|temp|tests|program\/(include|lib|localization|steps)) - [F] + # - deny access to composer binaries + RewriteRule ^/vendor\/bin\/.* - [F] + # - deny access to some documentation files + RewriteRule /?(README|INSTALL|LICENSE|CHANGELOG|composer\.json-dist|composer\.json|package\.xml|Dockerfile)$ - [F] + # security rules + + + + SetOutputFilter DEFLATE + + + # prefer to brotli over gzip if brotli is available + + SetOutputFilter BROTLI_COMPRESS + # some assets have been compressed, so no need to do it again + SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png|web[pm]|woff2?)$ no-brotli + + + + AddOutputFilterByType DEFLATE application/javascript + AddOutputFilterByType DEFLATE application/x-javascript + AddOutputFilterByType DEFLATE application/xhtml+xml + AddOutputFilterByType DEFLATE application/xml + AddOutputFilterByType DEFLATE application/json + AddOutputFilterByType DEFLATE text/css + AddOutputFilterByType DEFLATE text/html + AddOutputFilterByType DEFLATE text/plain + AddOutputFilterByType DEFLATE text/x-component + AddOutputFilterByType DEFLATE text/xml + + SetEnvIfNoCase Request_URI .(?:gif|jpe?g|png)$ no-gzip dont-vary + BrowserMatch ^Mozilla/4 gzip-only-text/html + BrowserMatch ^Mozilla/4.0[678] no-gzip + BrowserMatch bMSIE !no-gzip !gzip-only-text/html + + + + + # for better privacy/security ask browsers to not set the Referer + Header set Content-Security-Policy "referrer no-referrer" + # don't cache, please + Header merge Cache-Control public env=!NO_CACHE + + # HSTS - HTTP Strict Transport Security + Header always set Strict-Transport-Security "max-age=31536000; preload" env=HTTPS + + # X-Xss-Protection + # This header is used to configure the built in reflective XSS protection found in Internet Explorer, Chrome and Safari (Webkit). + Header set X-XSS-Protection "1; mode=block" + + + + ExpiresActive On + ExpiresDefault "access plus 1 month" + + + FileETag MTime Size + + + Options -Indexes + + + +# +# Special directories +# + + + Options -FollowSymLinks + AllowOverride None + + + Order deny,allow + Deny from all + + = 2.4> + + Require all denied + + + Order deny,allow + Deny from all + + + + + Order deny,allow + Deny from all + + + + + + + Order deny,allow + Deny from all + + = 2.4> + + Require all denied + + + Order deny,allow + Deny from all + + + + + Order deny,allow + Deny from all + + + + + Options -FollowSymLinks + AllowOverride None + + + Order deny,allow + Deny from all + + = 2.4> + + Require all denied + + + Order deny,allow + Deny from all + + + + + Order deny,allow + Deny from all + + + + + Options -FollowSymLinks + AllowOverride None + + + Order deny,allow + Deny from all + + = 2.4> + + Require all denied + + + Order deny,allow + Deny from all + + + + + Order deny,allow + Deny from all + + + + + Options -FollowSymLinks + AllowOverride None + + + Order deny,allow + Deny from all + + = 2.4> + + Require all denied + + + Order deny,allow + Deny from all + + + + + Order deny,allow + Deny from all + + + + + Options -FollowSymLinks + AllowOverride None + + + Order deny,allow + Deny from all + + = 2.4> + + Require all denied + + + Order deny,allow + Deny from all + + + + + Order deny,allow + Deny from all + + + + + + + Order deny,allow + Deny from all + + = 2.4> + + Require all denied + + + Order deny,allow + Deny from all + + + + + Order deny,allow + Deny from all + + + + + + RewriteEngine On + RewriteRule !^js|.*\.gif$ - [F] + + + + + Options -FollowSymLinks + AllowOverride None + + + Order deny,allow + Deny from all + + = 2.4> + + Require all denied + + + Order deny,allow + Deny from all + + + + + Order deny,allow + Deny from all + + + +# +# + diff --git a/roundcubemail-httpd.inc b/roundcubemail-httpd.inc new file mode 100644 index 0000000..7e9b5ed --- /dev/null +++ b/roundcubemail-httpd.inc @@ -0,0 +1,22 @@ +php_admin_flag display_errors off +php_admin_flag log_errors on +#php_admin_value error_log logs/errors + +php_admin_flag magic_quotes_gpc off +php_admin_flag magic_quotes_runtime off +php_admin_flag register_globals off +php_admin_flag suhosin.session.encrypt off +php_admin_flag zlib.output_compression off + +php_admin_value upload_max_filesize 5M +php_admin_value post_max_size 6M +php_admin_value memory_limit 64M + +php_admin_flag session.auto_start off +#php_admin_value session.cookie_path / +#php_admin_value session.hash_function sha256 +php_admin_value session.gc_maxlifetime 21600 +php_admin_value session.gc_divisor 500 +php_admin_value session.gc_probability 1 +# http://bugs.php.net/bug.php?id=30766 +php_admin_value mbstring.func_overload 0 diff --git a/roundcubemail-rpmlintrc b/roundcubemail-rpmlintrc new file mode 100644 index 0000000..eb4daa3 --- /dev/null +++ b/roundcubemail-rpmlintrc @@ -0,0 +1 @@ +addFilter("E: devel-file-in-non-devel-package") diff --git a/roundcubemail.changes b/roundcubemail.changes new file mode 100644 index 0000000..01f08da --- /dev/null +++ b/roundcubemail.changes @@ -0,0 +1,2322 @@ +------------------------------------------------------------------- +Wed Sep 4 06:54:31 UTC 2024 - Aeneas Jaißle + +- update to 1.6.9 + This is the next service release to update the stable version 1.6. + It provides two regression fixes that were introduced in from the previous release. See the full changelog below. + * Fix regression where printing/scaling/rotating image attachments was broken (#9571) + * Fix regression where HTML messages were displayed unstyled (#9586) + +------------------------------------------------------------------- +Tue Aug 6 15:14:35 UTC 2024 - Aeneas Jaißle + +- update to 1.6.8 + This is a security update to the stable version 1.6 of Roundcube Webmail. + It provides fixes to recently reported security vulnerabilities: + * Fix XSS vulnerability in post-processing of sanitized HTML content [CVE-2024-42009] [bsc#1228900] + * Fix XSS vulnerability in serving of attachments other than HTML or SVG [CVE-2024-42008] + * Fix information leak (access to remote content) via insufficient CSS filtering [CVE-2024-42010] [bsc#1228901] + +- For further changes, see https://github.com/roundcube/roundcubemail/releases/tag/1.6.8 + +------------------------------------------------------------------- +Sun May 19 17:12:36 UTC 2024 - Lars Vogdt + +- update to 1.6.7 + This is a security update to the stable version 1.6 of Roundcube Webmail. + It provides a fix to a recently reported XSS vulnerabilities: + * Fix cross-site scripting (XSS) vulnerability in handling SVG animate attributes. + Reported by Valentin T. and Lutz Wolf of CrowdStrike. + * Fix cross-site scripting (XSS) vulnerability in handling list columns from user preferences. + Reported by Huy Nguyễn Phạm Nhật. + * Fix command injection via crafted im_convert_path/im_identify_path on Windows. + Reported by Huy Nguyễn Phạm Nhật. + CHANGELOG + * Makefile: Use phpDocumentor v3.4 for the Framework docs (#9313) + * Fix bug where HTML entities in URLs were not decoded on HTML to plain text conversion (#9312) + * Fix bug in collapsing/expanding folders with some special characters in names (#9324) + * Fix PHP8 warnings (#9363, #9365, #9429) + * Fix missing field labels in CSV import, for some locales (#9393) + * Fix cross-site scripting (XSS) vulnerability in handling SVG animate attributes + * Fix cross-site scripting (XSS) vulnerability in handling list columns from user preferences + * Fix command injection via crafted im_convert_path/im_identify_path on Windows + +------------------------------------------------------------------- +Fri Feb 23 11:43:56 UTC 2024 - Dominique Leuenberger + +- Use %autosetup macro. Allows to eliminate the usage of deprecated + %patchN. + +------------------------------------------------------------------- +Tue Feb 13 09:40:59 UTC 2024 - Lars Vogdt + +- update to 1.6.6 + * Fix regression in handling LDAP search_fields configuration parameter (#9210) + * Enigma: Fix finding of a private key when decrypting a message using GnuPG v2.3 + * Fix page jump menu flickering on click (#9196) + * Update to TinyMCE 5.10.9 security release (#9228) + * Fix PHP8 warnings (#9235, #9238, #9242, #9306) + * Fix saving other encryption settings besides enigma's (#9240) + * Fix unneeded php command use in installto.sh and deluser.sh scripts (#9237) + * Fix TinyMCE localization installation (#9266) + * Fix bug where trailing non-ascii characters in email addresses + could have been removed in recipient input (#9257) + * Fix IMAP GETMETADATA command with options - RFC5464 + +------------------------------------------------------------------- +Mon Nov 6 16:39:57 UTC 2023 - Lars Vogdt + +- update to 1.6.5 (bsc#1216895) + * Fix cross-site scripting (XSS) vulnerability in setting + Content-Type/Content-Disposition for attachment + preview/download CVE-2023-47272 + Other changes + * Fix PHP8 fatal error when parsing a malformed BODYSTRUCTURE (#9171) + * Fix duplicated Inbox folder on IMAP servers that do not use Inbox + folder with all capital letters (#9166) + * Fix PHP warnings (#9174) + * Fix UI issue when dealing with an invalid managesieve_default_headers + value (#9175) + * Fix bug where images attached to application/smil messages + weren't displayed (#8870) + * Fix PHP string replacement error in utils/error.php (#9185) + * Fix regression where smtp_user did not allow pre/post strings + before/after %u placeholder (#9162) + +------------------------------------------------------------------- +Wed Oct 25 15:36:52 UTC 2023 - Lars Vogdt + +- update to 1.6.4 (bsc#1216429) + * Fix cross-site scripting (XSS) vulnerability in handling of SVG + in HTML messages (#9168) CVE-2023-5631 + * Fix PHP8 warnings (#9142, #9160) + * Fix default 'mime.types' path on Windows (#9113) + * Managesieve: Fix javascript error when relational or spamtest + extension is not enabled (#9139) + +------------------------------------------------------------------- +Wed Sep 20 15:57:21 UTC 2023 - Alexander Bergmann + +- update to 1.6.3 (bsc#1215433) + * Fix bug where installto.sh/update.sh scripts were removing some + essential options from the config file (#9051) + * Update jQuery-UI to version 1.13.2 (#9041) + * Fix regression that broke use_secure_urls feature (#9052) + * Fix potential PHP fatal error when opening a message with + message/rfc822 part (#8953) + * Fix bug where a duplicate tag in HTML email could cause some + parts being cut off (#9029) + * Fix bug where a list of folders could have been sorted + incorrectly (#9057) + * Fix regression where LDAP addressbook 'filter' option was + ignored (#9061) + * Fix wrong order of a multi-folder search result when sorting by + size (#9065) + * Fix so install/update scripts do not require PEAR (#9037) + * Fix regression where some mail parts could have been decoded + incorrectly, or not at all (#9096) + * Fix handling of an error case in Cyrus IMAP BINARY FETCH, fallback to + non-binary FETCH (#9097) + * Fix PHP8 deprecation warning in the reconnect plugin (#9083) + * Fix "Show source" on mobile with x_frame_options = deny (#9084) + * Fix various PHP warnings (#9098) + * Fix deprecated use of ldap_connect() in password's ldap_simple driver (#9060) + * Fix cross-site scripting (XSS) vulnerability in handling of linkrefs + in plain text messages + +------------------------------------------------------------------- +Mon Jul 3 12:41:18 UTC 2023 - Lars Vogdt <lars@linux-schulserver.de> + +- update to 1.6.2 + * Add Uyghur localization + * Fix regression in OAuth request URI caused by use of REQUEST_URI + instead of SCRIPT_NAME as a default (#8878) + * Fix bug where false attachment reminder was displayed on HTML mail + with inline images (#8885) + * Fix bug where a non-ASCII character in app.js could cause error in + javascript engine (#8894) + * Fix JWT decoding with url safe base64 schema (#8890) + * Fix bug where .wav instead of .mp3 file was used for the new mail + notification in Firefox (#8895) + * Fix PHP8 warning (#8891) + * Fix support for Windows-31J charset (#8869) + * Fix so LDAP VLV option is disabled by default as documented (#8833) + * Fix so an email address with name is supported as input to the + managesieve notify :from parameter (#8918) + * Fix Help plugin menu (#8898) + * Fix invalid onclick handler on the logo image when using non-array + skin_logo setting (#8933) + * Fix duplicate recipients in "To" and "Cc" on reply (#8912) + * Fix bug where it wasn't possible to scroll lists by clicking middle + mouse button (#8942) + * Fix bug where label text in a single-input dialog could be partially + invisible in some locales (#8905) + * Fix bug where LDAP (fulltext) search didn't work without 'search_fields' + in config (#8874) + * Fix extra leading newlines in plain text converted from HTML (#8973) + * Fix so recipients with a domain ending with .s are allowed (#8854) + * Fix so vCard output does not contain non-standard/redundant TYPE=OTHER + and TYPE=INTERNET (#8838) + * Fix QR code images for contacts with non-ASCII characters (#9001) + * Fix PHP8 warnings when using list_flags and list_cols properties by plugins (#8998) + * Fix bug where subfolders could loose subscription on parent folder rename (#8892) + * Fix connecting to LDAP using an URI with ldapi:// scheme (#8990) + * Fix insecure shell command params handling in cmd_learn driver of markasjunk plugin (#9005) + * Fix bug where some mail headers didn't work in cmd_learn driver of markasjunk plugin (#9005) + * Fix PHP fatal error when importing vcf file using PHP 8.2 (#9025) + * Fix so output of log_date_format with microseconds contains time in + server time zone, not UTC + +------------------------------------------------------------------- +Tue Jan 24 10:10:14 UTC 2023 - Lars Vogdt <lars@linux-schulserver.de> + +- update to 1.6.1 + * Kill session if refreshing oauth token fails (#8734) + * Fix various PHP 8.1 warnings (#8628, #8644, #8667, #8656, #8647) + * Password: Remove references to %c variable that has been removed before (#8633) + * Fix anchor links in HTML mail (#8632) + * Fix bug where config creation in Installer did ignore options in the form (#8634) + * Fix bug where renamed options were removed from the config on + installto.sh (update.sh) run (#8643) + * Fix favicon rewrite rule in .htaccess (#8654) + * Fix various PHP 8.2 warnings + * Fix bug where it wasn't possible to create more than one response + record on SQLite and Postgres (#8664) + * Fix support for ManageSieve over implicit SSL (#8670) + * Fix bug where "about:blank" page could trigger "load error" (#8554) + * Fix bug where setting 'Clear Trash on Logout' to 'all messages' + didn't work (#8687) + * Fix bug where the attachment menu wouldn't disappear after an action + is selected (#8691) + * Fix bug where some dialogs in an eml attachment preview would not + close on mobile (#8627) + * Fix bug where multiline data:image URI's in emails were stripped + from the message on display (#8613) + * Fix fatal error on identity page if Enigma plugin is misconfigured (#8719) + * Fix so N property always exists in a vCard export (#8771) + * Fix authenticating to Courier IMAP with passwords containing + a '~' character (#8772) + * Fix handling of smtp/imap port options on configuration file + update (#8756) + * Fix bug where array values could not be saved in utils/save_pref + action (#8781) + * Add workaround for using Roundcube behind a reverse proxy with a + subpath: 'request_path' option (#8738, #8770) + * Fix bug where "Invalid skin name" error was logged on preferences + save if there's only one skin (#8825) + * Fix SIGBUS raised in ImageMagick when more than one process tried + to generate a thumbnail of the same image attachment (#8511) + * Fix bug where updater does not update the vendor packages (#8642) + * Fix missing mail composing textarea on reply/draft with a long + plain text content (#8866) + +------------------------------------------------------------------- +Thu Jul 28 23:16:09 UTC 2022 - Michael Ströder <michael@stroeder.com> + +- update to 1.6.0 with these most noteworthy changes: + * PHP 8.1 support + * Dropped support for PHP < 7.3 + * Support responses (snippets) in HTML format + * Option to purge deleted mails older than 30, 60 or 90 days + * Unified and simplified services connection config options + * Removed the Classic and Larry skins from the release packages + * SQLite: Use foreign keys, require SQLite >= 3.6.19 + +------------------------------------------------------------------- +Sun Jun 26 21:55:20 UTC 2022 - Michael Ströder <michael@stroeder.com> + +- update to 1.5.3 + * Enigma: Fix initial synchronization of private keys + * Enigma: Fix double quoted-printable encoding of pgp-signed messages with no attachments (#8413) + * Fix various PHP8 warnings (#8392) + * Fix mail headers injection via the subject field on mail compose (#8404) + * Fix bug where small message/rfc822 parts could not be decoded (#8408) + * Fix setting HTML mode on reply/forward of a signed message (#8405) + * Fix handling of RFC2231-encoded attachment names inside of a message/rfc822 part (#8418) + * Fix bug where some mail parts (images) could have not be listed as attachments (#8425) + * Fix bug where attachment icons were stuck at the top of the messages list in Safari (#8433) + * Fix handling of message/rfc822 parts that are small and are multipart structures with a single part (#8458) + * Fix bug where session could time out if DB and PHP timezone were different (#8303) + * Fix bug where DSN flag state wasn't stored with a draft (#8371) + * Fix broken encoding of HTML content encapsulated in a RTF attachment (#8444) + * Fix problem with aria-hidden=true on toolbar menus in the Elastic skin (#8517) + * Fix bug where title tag content was displayed in the body if it contained HTML tags (#8540) + * Fix support for DSN specification without host e.g. pgsql:///dbname (#8558) + +------------------------------------------------------------------- +Fri Dec 31 12:03:35 UTC 2021 - Michael Ströder <michael@stroeder.com> + +- update to 1.5.2 + * OAuth: pass 'id_token' to 'oauth_login' plugin hook (#8214) + * OAuth: fix expiration of short-lived oauth tokens (#8147) + * OAuth: fix relative path to assets if /index.php/foo/bar url is used (#8144) + * OAuth: no auto-redirect on imap login failures (#8370) + * OAuth: refresh access token in 'refresh' plugin hook (#8224) + * Fix so folder search parameters are honored by subscriptions_option plugin (#8312) + * Fix password change with Directadmin driver (#8322, #8329) + * Fix so css files in plugins/jqueryui/themes will be minified too (#8337) + * Fix handling of unicode/special characters in custom From input (#8357) + * Fix some PHP8 compatibility issues (#8363) + * Fix chpass-wrapper.py helper compatibility with Python 3 (#8324) + * Fix scrolling and missing Close button in the Select image dialog in Elastic/mobile (#8367) + * Security: fix cross-site scripting (XSS) via HTML messages with malicious CSS content +- added Suggests: php-sqlite + +------------------------------------------------------------------- +Tue Dec 28 13:25:37 UTC 2021 - Lars Vogdt <lars@linux-schulserver.de> + +- use the virtual provides from each PHP module, to allow the installation + of roundcubemail with various PHP versions. + The only problem, we are currently facing is the automatic + enablement of the PHP apache module during post-installation: + Trying to evaluate the correct PHP module now during post as well, + which should eleminate the pre-definition of the required + PHP-Version during build completely. + See https://build.opensuse.org/request/show/940859 for the initial + discussion. + +------------------------------------------------------------------- +Sun Nov 28 20:14:40 UTC 2021 - Michael Ströder <michael@stroeder.com> + +- update to 1.5.1 + * Fix importing contacts with no email address (#8227) + * Fix so session's search scope is not used if search is not active (#8199) + * Fix some PHP8 warnings (#8239) + * Fix so dark mode state is retained after closing the browser (#8237) + * Fix bug where new messages were not added to the list on refresh if skip_deleted=true (#8234) + * Fix colors on "Show source" page in dark mode (#8246) + * Fix handling of dark_mode_support:false setting in skins meta.json - also when devel_mode=false (#8249) + * Fix database initialization if db_prefix is a schema prefix (#8221) + * Fix undefined constant error in Installer on Windows (#8258) + * Fix installation/upgrade on MySQL 5.5 - Index column size too large (#8231) + * Fix regression in setting of contact listing name (#8260) + * Fix bug in Larry skin where headers toggle state was reset on full page preview (#8203) + * Fix bug where \u200b characters were added into the recipient input preventing mail delivery (#8269) + * Fix charset conversion errors on PHP < 8 for charsets not supported by mbstring (#8252) + * Fix bug where adding a contact to trusted senders via "Always allow from..." button didn't work (#8264, #8268) + * Fix bug with show_images setting where option 1 and 3 were swapped (#8268) + * Fix PHP fatal error on an undefined constant in contacts import action (#8277) + * Fix fetching headers of multiple message parts at once in rcube_imap_generic::fetchMIMEHeaders() (#8282) + * Fix bug where attachment download could sometimes fail with a CSRF check error (#8283) + * Fix an infinite loop when parsing environment variables with float/integer values (#8293) + * Fix so 'small-dark' logo has more priority than the 'small' logo (#8298) + +------------------------------------------------------------------- +Tue Oct 19 07:20:01 UTC 2021 - lars@linux-schulserver.de - 1.5.0 + +- update to 1.5.0 + + full PHP8 support + + Dark mode for Elastic skin + + OAuth2/XOauth support (with plugin hooks) + + Collected recipients and trusted senders + + Moving recipients between inputs with drag & drop + + Full unicode support with MySQL database + + Support of IMAP LITERAL- extension RFC 7888 + <https://datatracker.ietf.org/doc/html/rfc7888> + + Support of RFC 2231 <https://datatracker.ietf.org/doc/html/rfc2231> + encoded names + + Cache refactoring + More at https://github.com/roundcube/roundcubemail/releases/tag/1.5.0 +- adjusted some file names to new release + (_styles.less -> styles.less; _variables.less -> variables.less; + CHANGELOG -> CHANGELOG.md) +- vendor/roundcube/plugin-installer/src/bin/rcubeinitdb.sh does not exist + any longer +- added SECURITY.md to documentation +- mark the whole documentation directory as documentation instead of + listing some files and others not (avoid duplicate entries in RPM-DB) +- adjust requirements: php-intl is now required + +------------------------------------------------------------------- +Mon Feb 8 21:26:29 UTC 2021 - Michael Ströder <michael@stroeder.com> + +- update to 1.4.11 with security fix: + Fix cross-site scripting (XSS) via HTML messages with malicious CSS content + +------------------------------------------------------------------- +Fri Jan 22 17:46:59 UTC 2021 - Arjen de Korte <suse+build@de-korte.org> + +- add PHP version to Requires: and Recommends: to make sure the same + version is installed as used during packaging +- drop Requires: http_daemon (fixes boo#1180132) and Suggests: apache2 + (which is already required though mod_php_any) + +------------------------------------------------------------------- +Mon Dec 28 10:17:11 UTC 2020 - Lars Vogdt <lars@linux-schulserver.de> + +- update to 1.4.10: + * Stored cross-site scripting (XSS) via HTML or plain text messages + with malicious content ( CVE-2020-35730 boo#1180399 ) + * Fix extra angle brackets in In-Reply-To header derived from mailto: params (#7655) + * Fix folder list issue when special folder is a subfolder (#7647) + * Fix Elastic's folder subscription toggle in search result (#7653) + * Fix state of subscription toggle on folders list after changing + folder state from the search result (#7653) + * Security: Fix cross-site scripting (XSS) via HTML or plain text + messages with malicious content + +------------------------------------------------------------------- +Tue Dec 1 14:37:42 UTC 2020 - pgajdos@suse.com + +- use system apache rpm macros + +------------------------------------------------------------------- +Mon Sep 28 07:38:28 UTC 2020 - Michael Ströder <michael@stroeder.com> + +- update to 1.4.9: + * Fix HTML editor in latest Chrome 85.0.4183.102, update to TinyMCE 4.9.11 (#7615) + * Add missing localization for some label/legend elements in userinfo plugin (#7478) + * Fix importing birthday dates from Gmail vCards (BDAY:YYYYMMDD) + * Fix restoring Cc/Bcc fields from local storage (#7554) + * Fix jstz.min.js installation, bump version to 1.0.7 + * Fix incorrect PDO::lastInsertId() use in sqlsrv driver (#7564) + * Fix link to closure compiler in bin/jsshrink.sh script (#7567) + * Fix bug where some parts of a message could have been missing in a reply/forward body (#7568) + * Fix empty space on mail printouts in Chrome (#7604) + * Fix empty output from HTML5 parser when content contains XML tag (#7624) + * Fix scroll jump on key press in plain text mode of the HTML editor (#7622) + * Fix so autocompletion list does not hide on scroll inside it (#7592) + +------------------------------------------------------------------- +Thu Aug 13 15:37:19 UTC 2020 - Lars Vogdt <lars@linux-schulserver.de> + +- finally renamed roundcubemail-1.4.8-config_dir.patch to + roundcubemail-config_dir.patch to avoid additional roundtrip + times with each submission: + + removed roundcubemail-1.4.7-config_dir.patch + + added roundcubemail-config_dir.patch + +------------------------------------------------------------------- +Tue Aug 11 03:52:20 UTC 2020 - Michael Ströder <michael@stroeder.com> + +- update to 1.4.8 with security fixes: + * Fix cross-site scripting (XSS) via HTML messages with malicious svg content (CVE-2020-16145) + * Fix cross-site scripting (XSS) via HTML messages with malicious math content + +------------------------------------------------------------------- +Mon Jul 6 12:00:02 UTC 2020 - Michael Ströder <michael@stroeder.com> + +- update to 1.4.7 with security fix: + * Security: Fix cross-site scripting (XSS) via HTML messages with malicious svg/namespace + * Fix bug where subfolders of special folders could have been duplicated on folder list + * Increase maximum size of contact jobtitle and department fields to 128 characters + * Fix missing newline after the logged line when writing to stdout (#7418) + * Elastic: Fix context menu (paste) on the recipient input (#7431) + * Fix problem with forwarding inline images attached to messages with no HTML part (#7414) + * Fix problem with handling attached images with same name when using + database_attachments/redundant_attachments (#7455) +- renamed roundcubemail-1.4.6-config_dir.patch to + roundcubemail-1.4.7-config_dir.patch + +------------------------------------------------------------------- +Fri Jul 3 18:43:00 UTC 2020 - chris@computersalat.de + +- add http.inc file + * include one file for php5/php7 admin flags/values + +------------------------------------------------------------------- +Sun Jun 7 14:27:25 UTC 2020 - Michael Ströder <michael@stroeder.com> + +- update to 1.4.6 + * Installer: Fix regression in SMTP test section (#7417) +- renamed roundcubemail-1.4.5-config_dir.patch to + roundcubemail-1.4.6-config_dir.patch + +------------------------------------------------------------------- +Wed Jun 3 08:20:49 UTC 2020 - Lars Vogdt <lars@linux-schulserver.de> + +- update to 1.4.5 + Security fixes + * Fix XSS issue in template object 'username' (#7406) + * Fix cross-site scripting (XSS) via malicious XML attachment + * Fix a couple of XSS issues in Installer (#7406) + * Better fix for CVE-2020-12641 + Other changes + * Fix bug in extracting required plugins from composer.json that led + to spurious error in log (#7364) + * Fix so the database setup description is compatible with MySQL 8 (#7340) + * Markasjunk: Fix regression in jsevent driver (#7361) + * Fix missing flag indication on collapsed thread in Larry and Elastic (#7366) + * Fix default keyservers (use keys.openpgp.org), add note about CORS (#7373, #7367) + * Password: Fix issue with Modoboa driver (#7372) + * Mailvelope: Use sender's address to find pubkeys to check signatures (#7348) + * Mailvelope: Fix Encrypt button hidden in Elastic (#7353) + * Fix PHP warning: count(): Parameter must be an array or an object... + in ID command handler (#7392) + * Fix error when user-configured skin does not exist anymore (#7271) + * Elastic: Fix aspect ratio of a contact photo in mail preview (#7339) + * Fix bug where PDF attachments marked as inline could have not been + attached on mail forward (#7382) + * Security: Fix a couple of XSS issues in Installer (#7406) + * Security: Fix XSS issue in template object 'username' (#7406) + * Security: Fix cross-site scripting (XSS) via malicious XML attachment + * Security: Better fix for CVE-2020-12641 +- renamed roundcubemail-1.4.4-config_dir.patch to + roundcubemail-1.4.5-config_dir.patch + +------------------------------------------------------------------- +Wed Apr 29 22:16:50 UTC 2020 - Michael Ströder <michael@stroeder.com> + +- update to 1.4.4 + * Fix bug where attachments with Content-Id were attached to the message on reply (#7122) + * Fix identity selection on reply when both sender and recipient addresses are included in identities (#7211) + * Elastic: Fix text selection with Shift+PageUp and Shift+PageDown in plain text editor when using Chrome (#7230) + * Elastic: Fix recipient input bug when using click to select a contact from autocomplete list (#7231) + * Elastic: Fix color of a folder with recent messages (#7281) + * Elastic: Restrict logo size in print view (#7275) + * Fix invalid Content-Type for messages with only html part and inline images * Mail_Mime-1.10.7 (#7261) + * Fix missing contact display name in QR Code data (#7257) + * Fix so button label in Select image/media dialogs is "Close" not "Cancel" (#7246) + * Fix regression in testing database schema on MSSQL (#7227) + * Fix cursor position after inserting a group to a recipient input using autocompletion (#7267) + * Fix string literals handling in IMAP STATUS (and various other) responses (#7290) + * Fix bug where multiple images in a message were replaced by the first one on forward/reply/edit (#7293) + * Fix handling keyservers configured with protocol prefix (#7295) + * Markasjunk: Fix marking as spam/ham on moving messages with Move menu (#7189) + * Markasjunk: Fix bug where moving to Junk was failing on messages selected with Select > All (#7206) + * Fix so imap error message is displayed to the user on folder create/update (#7245) + * Fix bug where a special folder couldn't be created if a special-use flag is not supported (#7147) + * Mailvelope: Fix bug where recipients with name were not handled properly in mail compose (#7312) + * Fix characters encoding in group rename input after group creation/rename (#7330) + * Fix bug where some message/rfc822 parts could not be attached on forward (#7323) + * Make install-jsdeps.sh script working without the 'file' program installed (#7325) + * Fix performance issue of parsing big HTML messages by disabling HTML5 parser for these (#7331) + * Fix so Print button for PDF attachments works on Firefox >= 75 (#5125) + * Security: Fix XSS issue in handling of CDATA in HTML messages + * Security: Fix remote code execution via crafted 'im_convert_path' or 'im_identify_path' settings + * Security: Fix local file inclusion (and code execution) via crafted 'plugins' option + * Security: Fix CSRF bypass that could be used to log out an authenticated user (#7302) +- adjusted/renamed roundcubemail-1.4.3-config_dir.patch to + roundcubemail-1.4.4-config_dir.patch + +------------------------------------------------------------------- +Thu Feb 20 09:55:08 UTC 2020 - Michael Ströder <michael@stroeder.com> + +- update to 1.4.3 + * Enigma: Fix so key list selection is reset when opening key creation form (#7154) + * Enigma: Fix so using list checkbox selection does not load the key preview frame + * Enigma: Fix generation of key pairs for identities with IDN domains (#7181) + * Enigma: Display IDN domains of key users and identities in UTF8 + * Enigma: Fix bug where "Send unencrypted" button didn't work in Elastic skin (#7205) + * Managesieve: Fix bug where it wasn't possible to save flag actions (#7188) + * Markasjunk: Fix bug where marking as spam/ham didn't work on moving messages with drag-and-drop (#7137) + * Password: Make chpass-wrapper.py Python 3 compatible (#7135) + * Elastic: Fix disappearing sidebar in mail compose after clicking Mail button + * Elastic: Fix incorrect aria-disabled attribute on Mail taskmenu button in mail compose + * Elastic: Fix bug where it was possible to switch editor mode when 'htmleditor' was in 'dont_override' (#7143) + * Elastic: Fix text selection in recipient inputs (#7129) + * Elastic: Fix missing Close button in "more recipients" dialog + * Elastic: Fix non-working folder subscription checkbox for newly added folders (#7174) + * Fix regression where "Open in new window" action didn't work (#7155) + * Fix PHP Warning: array_filter() expects parameter 1 to be array, null given in subscriptions_option plugin (#7165) + * Fix unexpected error message when mail refresh involves folder auto-unsubscribe (#6923) + * Fix recipient duplicates in print-view when the recipient list has been expanded (#7169) + * Fix bug where files in skins/ directory were listed on skins list (#7180) + * Fix bug where message parts with no Content-Disposition header and no name were not listed on attachments list (#7117) + * Fix display issues with mail subject that contains line-breaks (#7191) + * Fix invalid Content-Transfer-Encoding on multipart messages - Mail_Mime fix (#7170) + * Fix regression where using an absolute path to SQLite database file on Windows didn't work (#7196) + * Fix using unix:///path/to/socket.file in memcached driver (#7210) +- adjusted/renamed roundcubemail-1.4.2-config_dir.patch to + roundcubemail-1.4.3-config_dir.patch + +------------------------------------------------------------------- +Tue Feb 18 11:39:33 UTC 2020 - Lars Vogdt <lars@linux-schulserver.de> + +- prefer brotli over gzip if brotli is available: + + enable mod_brotli in roundcubemail-httpd.conf (after deflate) + + enable brotli via a2enmod for new installations + +------------------------------------------------------------------- +Thu Jan 2 19:43:40 UTC 2020 - Lars Vogdt <lars@linux-schulserver.de> + +- update to 1.4.2: + * Plugin API: Make actionbefore, before, actionafter and after + events working with plugin actions (#7106) + * Managesieve: Replace "Filter disabled" with "Filter enabled" (#7028) + * Managesieve: Fix so modifier type select wasn't hidden after hiding + modifier select on header change + * Managesieve: Fix filter selection after removing a first filter (#7079) + * Markasjunk: Fix marking more than one message as spam/ham with + email_learn driver (#7121) + * Password: Fix kpasswd and smb drivers' double-escaping bug (#7092) + * Enigma: Add script to import keys from filesystem to the db + storage (for multihost) + * Installer: Fix DB Write test on SQLite database + ("database is locked" error) (#7064) + * Installer: Fix so SQLite DSN with a relative path to the database + file works in Installer + * Elastic: Fix contrast of warning toasts (#7058) + * Elastic: Simple search in pretty selects (#7072) + * Elastic: Fix hidden list widget on mobile/tablet when selecting + folder while search menu is open (#7120) + * Fix so type attribute on script tags is not used on HTML5 pages (#6975) + * Fix unread count after purge on a folder that is not currently selected (#7051) + * Fix bug where Enter key didn't work on messages list in "List" layout (#7052) + * Fix bug where deleting a saved search in addressbook caused + display issue on sources/groups list (#7061) + * Fix bug where a new saved search added after removing all searches + wasn't added to the list (#7061) + * Fix bug where a new contact group added after removing all groups + from addressbook wasn't added to the list + * Fix so install-jsdeps.sh removes Bootstrap's sourceMappingURL (#7035) + * Fix so use of Ctrl+A does not scroll the list (#7020) + * Fix/remove useless keyup event handler on username input in logon form (#6970) + * Fix bug where cancelling switching from HTML to plain text didn't + set the flag properly (#7077) + * Fix bug where HTML reply could add an empty line with extra indentation + above the original message (#7088) + * Fix matching multiple X-Forwarded-For addresses with 'proxy_whitelist' (#7107) + * Fix so displayed maximum attachment size depends also on 'max_message_size' (#7105) + * Fix bug where 'skins_allowed' option didn't enforce user skin + preference (#7080) + * Fix so contact's organization field accepts up to 128 characters + (it was 50) + * Fix bug where listing tables in PostgreSQL database with db_prefix + didn't work (#7093) + * Fix bug where 'text' attribute on body tag was ignored when + displaying HTML message (#7109) + * Fix bug where next message wasn't displayed after delete in List mode (#7096) + * Fix so number of contacts in a group is not limited to 200 when + redirecting to mail composer from Contacts (#6972) + * Fix malformed characters in HTML message with charset meta tag + not in head (#7116) +- renamed patches: + - roundcubemail-1.1-beta-config_dir.patch + + roundcubemail-1.4.2-config_dir.patch + +------------------------------------------------------------------- +Mon Dec 16 09:48:52 UTC 2019 - Lars Vogdt <lars@linux-schulserver.de> + +- remove more cruft from the source (like .tavis or .gitignore) +- php documentor is not needed on a productive system -> remove +- also fix /usr/bin/env calls for two vendor scripts +- skins now have some configurable files in their directories: + move those files over to /etc/roundcubemail/skins/ +- move other text files (incl. vendor ones) out of the root + directory (and handle the LICENSE file a bit different) +- enable mod_filter and add AddOutputFilterByType for common media + types like html, javascript or xml +- enable php7 on newer openSUSE versions +- enable deflate, expires, filter, headers and setenvif on a new + installation - do not enable any module in case of an update +- recommend php-imagick for additional features + +------------------------------------------------------------------- +Fri Dec 6 14:39:12 UTC 2019 - Johannes Weberhofer <jweberhofer@weberhofer.at> + +- Updated dependencies +- Moved LICENCE file to proper directory +- removed travis files +- fixed most of the shell scripts to contain /usr/bin/php + +------------------------------------------------------------------- +Fri Nov 22 14:49:44 UTC 2019 - Michael Ströder <michael@stroeder.com> + +- Upgrade to version 1.4.1: + * new defaults for smtp_* config options + * changed default password_charset to UTF-8 + * login page returning 401 Unauthorized status + +------------------------------------------------------------------- +Sun Nov 10 09:47:19 UTC 2019 - Michael Ströder <michael@stroeder.com> + +- Upgrade to version 1.4.0: + * Update to jQuery 3.4.1 + * Update to TinyMCE 4.8.2 + * Update to jQuery-MiniColors 2.3.4 + * Clarified 'address_book_type' option behavior (#6680) + * Added cookie mismatch detection, display an error message informing the user to clear cookies + * Renamed 'log_session' option to 'session_debug' + * Removed 'delete_always' option (#6782) + * Don't log full session identifiers in userlogins log (#6625) + * Support $HasAttachment/$HasNoAttachment keywords (#6201) + * Support PECL memcached extension as a session and cache storage driver (experimental) + * Switch to IDNA2008 variant (#6806) + * installto.sh: Add possibility to run the update even on the up-to-date installation (#6533) + * Plugin API: Add 'render_folder_selector' hook + * Added 'keyservers' option to define list of HKP servers for Enigma/Mailvelope (#6326) + * Added flag to disable server certificate validation via Mysql DSN argument (#6848) + * Select all records on the current list page with CTRL + A (#6813) + * Use Left/Right Arrow keys to faster move over threaded messages list (#6399) + * Changes in display_next setting (#6795): + * * Move it to Preferences > User Interface > Main Options + * * Make it apply to Contacts interface too + * * Make it apply only if deleting/moving a previewed message/contact + * Redis: Support connection to unix socket + * Put charset meta specification before a title tag, add page title automatically (#6811) + * Elastic: Various internal refactorings + * Elastic: Add Prev/Next buttons on message page toolbar (#6648) + * Elastic: Close search options on Enter key press in quick-search input (#6660) + * Elastic: Changed some icons (#6852) + * Elastic: Changed read/unread icons (#6636) + * Elastic: Changed "Move to..." icon (#6637) + * Elastic: Add hide/show for advanced preferences (#6632) + * Elastic: Add default icon on Settings/Preferences lists for external plugins (#6814) + * Elastic: Add indicator for popover menu items that open a submenu (#6868) + * Elastic: Move compose attachments/options to the right side (#6839) + * Elastic: Add border/background to attachments list widget (#6842) + * Elastic: Add "Show unread messages" button to the search bar (#6587) + * Elastic: Fix bug where toolbar disappears on attachment menu use in Chrome (#6677) + * Elastic: Fix folders list scrolling on touch devices (#6706) + * Elastic: Fix non-working pretty selects in Chrome browser (#6705) + * Elastic: Fix issue with absolute positioned mail content (#6739) + * Elastic: Fix bug where some menu actions could cause a browser popup warning + * Elastic: Fix handling mailto: URL parameters in contact menu (#6751) + * Elastic: Fix keyboard navigation in some menus, e.g. the contact menu + * Elastic: Fix visual issue with long buttons in .boxwarning (#6797) + * Elastic: Fix handling new-line in text pasted to a recipient input + * Elastic: Fix so search is not reset when returning from the message preview page (#6847) + * Larry: Fix regression where menu actions didn't work with keyboard (#6740) + * ACL: Display user/group names (from ldap) instead of acl identifier + * Password: Added ldap_exop driver (#4992) + * Password: Added support for SSHA512 password algorithm (#6805) + * Managesieve: Fix bug where global includes were requested for vacation (#6716) + * Managesieve: Use RFC-compliant line endings, CRLF instead of LF (#6686) + * Managesieve: Fix so "Create filter" option does not show up when Filters menu is disabled (#6723) + * Enigma: For verified signatures, display the user id associated with the sender address (#5958) + * Enigma: Fix bug where revoked users/keys were not greyed out in key info + * Enigma: Fix error message when trying to encrypt with a revoked key (#6607) + * Enigma: Fix "decryption oracle" bug [CVE-2019-10740] (#6638) + * Enigma: Fix bug where signature verification could have been skipped for some message structures (#6838) + * Fix language selection for spellchecker in html mode (#6915) + * Fix css styles leak from replied/forwarded message to the rest of the composed text (#6831) + * Fix invalid path to "add contact" icon when using assets_path setting + * Fix invalid path to blocked.gif when using assets_path setting (#6752) + * Fix so advanced search dialog is not automatically displayed on searchonly addressbooks (#6679) + * Fix so an error is logged when more than one attachment plugin has been enabled, initialize the first one (#6735) + * Fix bug where flag change could have been passed to a preview frame when not expected + * Fix bug in HTML parser that could cause missing text fragments when there was no head/body tag (#6713) + * Fix bug where HTML messages with a xml:namespace tag were not rendered (#6697) + * Fix TinyMCE download location (#6694) + * Fix so "Open in new window" consistently displays "external window" interface (#6659) + * Fix bug where next row wasn't selected after deleting a collapsed thread (#6655) + * Fix bug where external content (e.g. mail body) was passed to templates parsing code (#6640) + * Fix bug where attachment preview didn't work with x_frame_options=deny (#6688) + * Fix so bin/install-jsdeps.sh returns error code on error (#6704) + * Fix bug where bmp images couldn't be displayed on some systems (#6728) + * Fix bug in parsing vCard data using PHP 7.3 due to an invalid regexp (#6744) + * Fix bug where bold/strong text was converted to upper-case on html-to-text conversion (6758) + * Fix bug in rcube_utils::parse_hosts() where %t, %d, %z could return only tld (#6746) + * Fix bug where Next/Prev button in mail view didn't work with multi-folder search result (#6793) + * Fix bug where selection of columns on messages list wasn't working + * Fix bug in converting multi-page Tiff images to Jpeg (#6824) + * Fix bug where handling multiple messages from multi-folder search result could not work (#6845) + * Fix bug where unread count wasn't updated after moving multi-folder result (#6846) + * Fix wrong messages order after returning to a multi-folder search result (#6836) + * Fix some PHP 7.4 compat. issues (#6884, #6866) + * Fix bug where it was possible to bypass the position:fixed CSS check in received messages (#6898) + * Fix bug where some strict remote URIs in url() style were unintentionally blocked (#6899) + * Fix bug where it was possible to bypass the CSS jail in HTML messages using :root pseudo-class (#6897) + * Fix bug where it was possible to bypass href URI check with data:application/xhtml+xml URIs (#6896) + * Changed 'password_charset' default to 'UTF-8' (#6522) + * Add skins_allowed option (#6483) + * SMTP GSSAPI support via krb_authentication plugin (#6417) + * Avoid Referer leaking by using Referrer-Policy:same-origin header (#6385) + * Removed 'referer_check' option (#6440) + * Use constant prefix for temp file names, don't remove temp files from other apps (#6511) + * Ignore 'Sender' header on Reply-All action (#6506) + * deluser.sh: Add option to delete users who have not logged in for more than X days (#6340) + * HTML5 Upload Progress - as a replacement for the old server-side solution (#6177) + * Prevent from using deprecated timezone names from jsTimezoneDetect + * Force session.gc_probability=1 when using custom session handlers (#6560) + * Support simple field labels (e.g. LetterHub examples) in csv imports (#6541) + * Add cache busters also to images used by templates (#6610) + * Plugin API: Added 'raise_error' hook (#6199) + * Plugin API: Added 'common_headers' hook (#6385) + * Plugin API: Added 'ldap_connected' hook + * Enigma: Update to OpenPGPjs 4.2.1 - fixes user name encoding issues in key generation (#6524) + * Enigma: Fixed multi-host synchronization of private and deleted keys and pubring.kbx file + * Managesieve: Added support for 'editheader' extension - RFC5293 (#5954) + * Managesieve: Fix bug where custom header or variable could be lost on form submission (#6594) + * Markasjunk: Integrate markasjunk2 features into markasjunk - marking as non-junk + learning engine (#6504) + * Password: Added 'modoboa' driver (#6361) + * Password: Fix bug where password_dovecotpw_with_method setting could be ignored (#6436) + * Password: Fix bug where new users could skip forced password change (#6434) + * Password: Allow drivers to override default password comparisons (eg new is not same as current) (#6473) + * Password: Allow drivers to override default strength checks (eg allow for 'not the same as last x passwords') (#246) + * Passowrd: Allow drivers to define password strength rules displayed to the user + * Password: Allow separate password saving and strength drivers for use of strength checking services (#5040) + * Password: Add zxcvbn driver for checking password strength (#6479) + * Password: Disallow control characters in passwords + * Password: Add support for Plesk >= 17.8 (#6526) + * Elastic: Improved datepicker displayed always in parent window + * Elastic: On touch devices display attachment icons on messages list (#6296) + * Elastic: Make menu button inactive if all subactions are inactive (#6444) + * Elastic: On mobile/tablet jump to the list on folder selection (#6415) + * Elastic: Various improvements on mail compose screen (#6413) + * Elastic: Support new-line char as a separator for pasted recipients (#6460) + * Elastic: Improved UX of search dialogs (#6416) + * Elastic: Fix unwanted thread expanding when selecting a collapsed thread in non-mobile mode (#6445) + * Elastic: Fix too small height of mailvelope mail preview frame (#6600) + * Elastic: Add "status bar" for mobile in mail composer + * Elastic: Add selection options on contacts list (#6595) + * Elastic: Fix unintentional layout preference overwrite (#6613) + * Elastic: Fix bug where Enigma options in mail compose could sometimes be ignored (#6515) + * Log errors caused by low pcre.backtrack_limit when sending a mail message (#6433) + * Fix regression where drafts were not deleted after sending the message (#6756) + * Fix so max_message_size limit is checked also when forwarding messages as attachments (#6580) + * Fix so performance stats are logged to the main console log also when per_user_logging=true + * Fix malformed message saved into Sent folder when using big attachments and low memory limit (#6498) + * Fix incorrect IMAP SASL GSSAPI negotiation (#6308) + * Fix so unicode in local part of the email address is also supported in recipient inputs (#6490) + * Fix bug where autocomplete list could be displayed out of screen (#6469) + * Fix style/navigation on error page depending on authentication state (#6362) + * Fix so invalid smtp_helo_host is never used, fallback to localhost (#6408) + * Fix custom logo size in Elastic (#6424) + * Fix listing the same attachment multiple times on forwarded messages + * Fix bug where a message/rfc822 part without a filename wasn't listed on the attachments list (#6494) + * Fix inconsistent offset for various time zones - always display Standard Time offset (#6531) + * Fix dummy Message-Id when resuming a draft without Message-Id header (#6548) + * Fix handling of empty entries in vCard import (#6564) + * Fix bug in parsing some IMAP command responses that include unsolicited replies (#6577) + * Fix PHP 7.2 compatibility in debug_logger plugin (#6586) + * Fix so ANY record is not used for email domain validation, use A, MX, CNAME, AAAA instead (#6581) + * Fix so mime_content_type check in Installer uses files that should always be available (i.e. from program/resources) (#6599) + * Fix missing CSRF token on a link to download too-big message part (#6621) + * Fix bug when aborting dragging with ESC key didn't stop the move action (#6623) + * Improved Mailvelope integration + * * Added private key listing and generating to identity settings + * * Enable encrypt & sign option if Mailvelope supports it + * Allow contacts without an email address (#5079) + * Support SMTPUTF8 and relax email address validation to support unicode in local part (#5120) + * Support for IMAP folders that cannot contain both folders and messages (#5057) + * Remove sample PHP configuration from .htaccess and .user.ini files (#5850) + * Extend skin_logo setting to allow per skin logos (#6272) + * Use Masterminds/HTML5 parser for better HTML5 support (#5761) + * Add More actions button in Contacts toolbar with Copy/Move actions (#6081) + * Display an error when clicking disabled link to register protocol handler (#6079) + * Add option trusted_host_patterns (#6009, #5752) + * Support additional connect parameters in PostgreSQL database wrapper + * Use UI dialogs instead of confirm() and alert() where possible + * Display value of the SMTP message size limit in the error message (#6032) + * Show message flagged status in message view (#5080) + * Skip redundant INSERT query on successful logon when using PHP7 + * Replace display_version with display_product_version (#5904) + * Extend disabled_actions config so it accepts also button names (#5903) + * Handle remote stylesheets the same as remote images, ask the user to allow them (#5994) + * Add Message-ID to the sendmail log (#5871) + * Add option to hide folders in share/other-user namespace or outside of the personal namespace root (#5073) + * Archive: Fix archiving by sender address on cyrus-imap + * Archive: Style Archive folder also on folder selector and folder manager lists + * Archive: Add Thunderbird compatible Month option (#5623) + * Archive: Create archive folder automatically if it's configured, but does not exist (#6076) + * Enigma: Add button to send mail unencrypted if no key was found (#5913) + * Enigma: Add options to set PGP cipher/digest algorithms (#5645) + * Enigma: Multi-host support + * Managesieve: Add ability to disable filter sets and other actions (#5496, #5898) + * Managesieve: Add option managesieve_forward to enable settings dialog for simple forwarding (#6021) + * Managesieve: Support filter action with custom IMAP flags (#6011) + * Managesieve: Support 'mime' extension tests - RFC5703 (#5832) + * Managesieve: Support GSSAPI authentication with krb_authentication plugin (#5779) + * Managesieve: Support enabling the plugin for specified hosts only (#6292) + * Password: Support host variables in password_db_dsn option (#5955) + * Password: Automatic virtualmin domain setting, removed password_virtualmin_format option (#5759) + * Password: Added password_username_format option (#5766) + * subscriptions_option: show \Noselect folders greyed out (#5621) + * zipdownload: Added option to define size limit for multiple messages download (#5696) + * vcard_attachments: Add possibility to send contact vCard from Contacts toolbar (#6080) + * Changed defaults for smtp_user (%u), smtp_pass (%p) and smtp_port (587) + * Composer: Fix certificate validation errors by using packagist only (#5148) + * Add --get and --extract arguments and CACHEDIR env-variable support to install-jsdeps.sh (#5882) + * Support _filter and _scope as GET arguments for opening mail UI (#5825) + * Various improvements for templating engine and skin behaviours + * * Support conditional include + * * Support for 'link' objects + * * Support including files with path relative to templates directory + * * Use instead of for submit button on logon screen + * Support skin localization (#5853) + * Reset onerror on images if placeholder does not exist to prevent from requests storm + * Unified and simplified code for loading content frame for responses and identities + * Display contact import and advanced search in popup dialogs + * Display a dialog for mail import with supported format description and upload size hint + * Make possible to set (some) config options from a skin + * Added optional checkbox selection for the list widget + * Make 'compose' command always enabled + * Add .log suffix to all log file names, add option log_file_ext to control this (#313) + * Return "401 Unauthorized" status when login fails (#5663) + * Support both comma and semicolon as recipient separator, drop recipients_separator option (#5092) + * Plugin API: Added 'show_bytes' hook (#5001) + * Add option to not indent quoted text on top-posting reply (#5105) + * Removed global $CONFIG variable + * Removed debug_level setting + * Support AUTHENTICATE LOGIN for IMAP connections (#5563) + * Support LDAP GSSAPI authentication (#5703) + * Localized timezone selector (#4983) + * Use 7bit encoding for ISO-2022-* charsets in sent mail (#5640) + * Handle inline images also inside multipart/mixed messages (#5905) + * Allow style tags in HTML editor on composed/reply messages (#5751) + * Use Github API as a fallback to fetch js dependencies to workaround throttling issues (#6248) + * Show confirm dialog when moving folders using drag and drop (#6119) + * Fix bug where new_user_dialog email check could have been circumvented by deleting / abandoning session (#5929) + * Fix skin extending for assets (#5115) + * Fix handling of forwarded messages inside of a TNEF message (#5632) + * Fix bug where attachment size wasn't visible when the filename was too long (#6033) + * Fix checking table columns when there's more schemas/databases in postgres/mysql (#6047) + * Fix css conflicts in user interface and e-mail content (#5891) + * Fix duplicated signature when using Back button in Chrome (#5809) + * Fix touch event issue on messages list in IE/Edge (#5781) + * Fix so links over images are not removed in plain text signatures converted from HTML (#4473) + * Fix various issues when downloading files with names containing non-ascii chars, use RFC 2231 (#5772) + +------------------------------------------------------------------- +Wed Aug 28 21:57:02 UTC 2019 - Michael Ströder <michael@stroeder.com> + +- Upgrade to version 1.3.10: + * Managesieve: Fix so "Create filter" option does not show up when Filters menu is disabled (#6723) + * Enigma: Fix bug where revoked users/keys were not greyed out in key info + * Enigma: Fix error message when trying to encrypt with a revoked key (#6607) + * Enigma: Fix "decryption oracle" bug [CVE-2019-10740] (#6638) + * Fix compatibility with kolab/net_ldap3 > 1.0.7 (#6785) + * Fix bug where bmp images couldn't be displayed on some systems (#6728) + * Fix bug in parsing vCard data using PHP 7.3 due to an invalid regexp (#6744) + * Fix bug where bold/strong text was converted to upper-case on html-to-text conversion (6758) + * Fix bug in rcube_utils::parse_hosts() where %t, %d, %z could return only tld (#6746) + * Fix bug where Next/Prev button in mail view didn't work with multi-folder search result (#6793) + * Fix bug where selection of columns on messages list wasn't working + * Fix bug in converting multi-page Tiff images to Jpeg (#6824) + * Fix wrong messages order after returning to a multi-folder search result (#6836) + * Fix PHP 7.4 deprecation: implode() wrong parameter order (#6866) + * Fix bug where it was possible to bypass the position:fixed CSS check in received messages (#6898) + * Fix bug where some strict remote URIs in url() style were unintentionally blocked (#6899) + * Fix bug where it was possible to bypass the CSS jail in HTML messages using :root pseudo-class (#6897) + * Fix bug where it was possible to bypass href URI check with data:application/xhtml+xml URIs (#6896) + +------------------------------------------------------------------- +Sun Mar 31 17:58:42 UTC 2019 - Michael Ströder <michael@stroeder.com> + +- Upgrade to version 1.3.9: + * Fix TinyMCE download location(s) (#6694) + * Fix bug where a message/rfc822 part without a filename wasn't listed on the attachments list (#6494) + * Fix handling of empty entries in vCard import (#6564) + * Fix bug in parsing some IMAP command responses that include unsolicited replies (#6577) + * Fix PHP 7.2 compatibility in debug_logger plugin (#6586) + * Fix so ANY record is not used for email domain validation, use A, MX, CNAME, AAAA instead (#6581) + * Fix so mime_content_type check in Installer uses files that should always be available (i.e. from program/resources) (#6599) + * Fix missing CSRF token on a link to download too-big message part (#6621) + * Fix bug when aborting dragging with ESC key didn't stop the move action (#6623) + * Fix bug where next row wasn't selected after deleting a collapsed thread (#6655) + +------------------------------------------------------------------- +Fri Oct 26 14:19:46 UTC 2018 - lars@linux-schulserver.de - 1.3.8 + +- Upgrade to version 1.3.8: + * Fix PHP warnings on dummy QUOTA responses in Courier-IMAP 4.17.1 (#6374) + * Fix so fallback from BINARY to BODY FETCH is used also on [PARSE] errors in dovecot 2.3 (#6383) + * Enigma: Fix deleting keys with authentication subkeys (#6381) + * Fix invalid regular expressions that throw warnings on PHP 7.3 (#6398) + * Fix so Classic skin splitter does not escape out of window (#6397) + * Fix XSS issue in handling invalid style tag content (#6410) + * Fix compatibility with MySQL 8 - error on 'system' table use + * Managesieve: Fix bug where show_real_foldernames setting wasn't respected (#6422) + * New_user_identity: Fix %fu/%u vars substitution in user specific LDAP params (#6419) + * Fix support for "allow-from " in x_frame_options config option (#6449) + * Fix bug where valid content between HTML comments could have been skipped in some cases (#6464) + * Fix multiple VCard field search (#6466) + * Fix session issue on long running requests (#6470) +- add files with .log entry to logrotate config +- enhance apache configuration by: + + disable mbstring function overload (http://bugs.php.net/bug.php?id=30766) + + do not allow to see README*, INSTALL, LICENSE or CHANGELOG files + + set additional headers: + ++ Content-Security-Policy: ask browsers to not set the referrer + ++ Cache-Control: ask not to cache the content + ++ Strict-Transport-Security: set HSTS rules for SSL traffic + ++ X-XSS-Protection: configure built in reflective XSS protection +- adjust README.openSUSE: + + db.inc.php is not used any longer + + flush privileges after creating/changing users in mysql +- use %%license macro on newer distributions + +------------------------------------------------------------------- +Sat Aug 4 20:59:18 UTC 2018 - michael@stroeder.com + +- upstream fixed broken tar.gz archive keeping same version 1.3.7 + +------------------------------------------------------------------- +Sat Jul 28 12:21:12 UTC 2018 - michael@stroeder.com + +- Upgrade to version 1.3.7 + * Fix PHP Warning: Use of undefined constant IDNA_DEFAULT on systems without php-intl (#6244) + * Fix bug where some parts of quota information could have been ignored (#6280) + * Fix bug where some escape sequences in html styles could bypass security checks + * Fix bug where some forbidden characters on Cyrus-IMAP were not prevented from use in folder names + * Fix bug where only attachments with the same name would be ignored on zip download (#6301) + * Fix bug where unicode contact names could have been broken/emptied or caused DB errors (#6299) + * Fix bug where after "mark all folders as read" action message counters were not reset (#6307) + * Enigma: [EFAIL] Don't decrypt PGP messages with no MDC protection (#6289) + * Fix bug where some HTML comments could have been malformed by HTML parser (#6333) + +------------------------------------------------------------------- +Fri Apr 13 06:40:00 UTC 2018 - kbabioch@suse.com + +- Upgrade to version 1.3.6 + * Fix parsing date strings (e.g. from a Date: mail header) with comments + * Fix PHP 7.2: count(): Parameter must be an array in enchant-based spellchecker + * Fix possible IMAP command injection and type juggling vulnerabilities + * Enigma: Fix key selection for signing + * Enigma: Enable keypair generation on Internet Explorer 11 + * Fix check_request() bypass in places using get_uids() (CVE-2018-9846 boo#1067574) + * Fix bug where usernames without domain part could be malformed or converted to lower-case on logon + +------------------------------------------------------------------- +Fri Mar 16 08:57:47 UTC 2018 - joop.boonen@opensuse.org + +- Upgrade to version 1.3.5 + * Added new skin with mobile support - the Elastic + * Support Redis cache + * Improved Mailvelope integration + - Added private key listing and generating to identity settings + - Enable encrypt & sign option if Mailvelope supports it + * Update to jQuery-3.3.1 + * vcard_attachments: Add possibility to send contact vCard from Contacts toolbar (#6080) + * Add More actions button in Contacts toolbar with Copy/Move actions (#6081) + * Display an error when clicking disabled link to register protocol handler (#6079) + * Add option trusted_host_patterns (#6009, #5752) + * Support SMTPUTF8 and relax email address validation to support unicode in local part (#5120) + * Support additional connect parameters in PostgreSQL database wrapper + * Use UI dialogs instead of confirm() and alert() where possible + * Display value of the SMTP message size limit in the error message (#6032) + * Skip redundant INSERT query on successful logon when using PHP7 + * Replace display_version with display_product_version (#5904) + * Extend disabled_actions config so it accepts also button names (#5903) + * Handle remote stylesheets the same as remote images, ask the user to allow them (#5994) + * Add Message-ID to the sendmail log (#5871) + * Managesieve: Add ability to disable filter sets and other actions (#5496, #5898) + * Managesieve: Add option managesieve_forward to enable settings dialog for simple forwarding (#6021) + * Managesieve: Support filter action with custom IMAP flags (#6011) + * Managesieve: Support 'mime' extension tests - RFC5703 (#5832) + * Managesieve: Support GSSAPI authentication with krb_authentication plugin (#5779) + * Changed defaults for smtp_user (%u), smtp_pass (%p) and smtp_port (587) + * Composer: Fix certificate validation errors by using packagist only (#5148) + * Enigma: Add button to send mail unencrypted if no key was found (#5913) + * Enigma: Add options to set PGP cipher/digest algorithms (#5645) + * Enigma: Multi-host support + * Add --get and --extract arguments and CACHEDIR env-variable support to install-jsdeps.sh (#5882) + * Update to jquery-minicolors 2.2.6 + * Support _filter and _scope as GET arguments for opening mail UI (#5825) + * Support for IMAP folders that cannot contain both folders and messages (#5057) + * Added .user.ini file for php-fpm (#5846) + * Email Resent (Bounce) feature (#4985) + * Various improvements for templating engine and skin behaviours + - Support conditional include + - Support for 'link' objects + - Support including files with path relative to templates directory + - Use <button> instead of <input> for submit button on logon screen + * Reset onerror on images if placeholder does not exist to prevent from requests storm + * Unified and simplified code for loading content frame for responses and identities + * Display contact import and advanced search in popup dialogs + * Make possible to set (some) config options from a skin + * Added optional checkbox selection for the list widget + * Make 'compose' command always enabled + * Add .log suffix to all log file names, add option log_file_ext to control this (#313) + * Archive: Fix archiving by sender address on cyrus-imap + * Archive: Style Archive folder also on folder selector and folder manager lists + * Archive: Add Thunderbird compatible Month option (#5623) + * Return "401 Unauthorized" status when login fails (#5663) + * Support both comma and semicolon as recipient separator, drop recipients_separator option (#5092) + * Plugin API: Added 'show_bytes' hook (#5001) + * subscriptions_option: show \\Noselect folders greyed out (#5621) + * Add option to not indent quoted text on top-posting reply (#5105) + * Removed global $CONFIG variable + * Password: Support host variables in password_db_dsn option (#5955) + * Password: Automatic virtualmin domain setting, removed password_virtualmin_format option (#5759) + * Support AUTHENTICATE LOGIN for IMAP connections (#5563) + * Support LDAP GSSAPI authentication (#5703) + * Allow contacts without an email address (#5079) + * Localized timezone selector (#4983) + * Use 7bit encoding for ISO-2022-* charsets in sent mail (#5640) + * Handle inline images also inside multipart/mixed messages (#5905) + * Fix bug where attachment size wasn't visible when the filename was too long (#6033) + * Fix checking table columns when there's more schemas/databases in postgres/mysql (#6047) + * Fix css conflicts in user interface and e-mail content (#5891) + * Fix duplicated signature when using Back button in Chrome (#5809) + * Fix touch event issue on messages list in IE/Edge (#5781) + * Fix so links over images are not removed in plain text signatures converted from HTML (#4473) + * Fix various issues when downloading files with names containing non-ascii chars, use RFC 2231 (#5772) + * Managesieve: Fix bug where text: syntax was forced for strings longer than 1024 characters (#6143) + * Managesieve: Fix missing Save button in Edit Filter Set page of Classic skin (#6154) + * Fix duplicated labels in Test SMTP Config section (#6166) + * Fix PHP Warning: exif_read_data(...): Illegal IFD size (#6169) + * Enigma: Fix key generation in Safari by upgrade to OpenPGP 2.6.2 (#6149) + * Fix security issue in remote content blocking on HTML image and style tags (#6178) + * Added 9pt and 11pt to the list of font sizes in HTML editor + * Fix handling encoding of HTML tags in "inline" JSON output (#6207) + * Fix bug where some unix timestamps were not handled correctly by rcube_utils::anytodatetime() (#6212) + +------------------------------------------------------------------- +Fri Feb 16 08:06:57 UTC 2018 - ecsos@opensuse.org + +- fix rights for enigma plugin + +------------------------------------------------------------------- +Mon Feb 5 19:14:45 UTC 2018 - jengelh@inai.de + +- Trim bias from description. +- Replace %__-type macro indirections. +- Avoid bashisms in build logic. + +------------------------------------------------------------------- +Sun Feb 4 22:36:44 UTC 2018 - joop.boonen@opensuse.org + +- Upgrade to version 1.3.4 +- RELEASE 1.3.4 + * Fix bug where contacts search could skip some records (#6130) + * Fix possible information leak - add more strict sql error check on user creation (#6125) + * Fix a couple of warnings on PHP 7.2 (#6098) + * Fix broken long filenames when using imap4d server - workaround server bug (#6048) + * Fix so temp_dir misconfiguration prints an error to the log (#6045) + * Fix untagged COPYUID responses handling - again (#5982) + * Fix PHP warning "idn_to_utf8(): INTL_IDNA_VARIANT_2003 is deprecated" with PHP 7.2 (#6075) + * Fix bug where Archive folder wasn't auto-created on login with create_default_folders=true + * Fix performance issue when parsing malformed and long Date header (#6087) + * Fix syntax error in mssql.initial.sql (#6097) + * Fix bug where contacts export by selection returned no more than 10 entries (#6103) + * Fix searching contacts by address in LDAP source (#6084) + * Fix X-Frame-Options:ALLOW-FROM support, remove custom click-jacking protection (#6057) +- RELEASE 1.3.3 + * Fix decoding of mailto: links with + character in HTML messages (#6020) + * Fix false reporting of failed upgrade in installto.sh (#6019) + * Fix file disclosure vulnerability caused by insufficient input validation [CVE-2017-16651] (#6026) + * Fix mangled non-ASCII characters in links in HTML messages (#6028) +- RELEASE 1.3.2 + * Fix bug where pink image was used instead of a thumbnail when image resize fails (#5933) + * Fix so files size/count limit is verified (client-side) also on drag-n-drop uploads (#5940) + * Fix invalid template loading on a message error in preview frame (#5941) + * Fix bug where HTML messages could have been rendered empty on some systems (#5957) + * Fix wording of "Mark previewed messages as read" to "Mark messages as read" (#5952) + * Enigma: Fix decryption of messages encoded with non-ascii charset (#5962) + * Fix missing cursor in HTML editor on mail reply (#5969) + * Fix (again) bug where image data URIs in css style were treated as evil/remote in mail preview (#5580) + * Fix bug where mail search could return empty result on servers without SORT capability (#5973) + * Fix bug where assets_path wasn't added to some watermark frames + * Fix so untagged COPYUID responses are also supported according to RFC6851 (#5982) + * Fix issue caused by non-default session.cookie_lifetime setting (#5961) + * Fix Edge encoding bug when pasting text into the HTML editor, update to TinyMCE 4.5.8 (#5885) + * Fix handling of unknown Content-Disposition type (#6002) + * Fix truncated folder name on messages list in multi-folder mode, for folders with non-ascii characters (#6004) + * Fix bug where removing the last subfolder did not hide toggle button on its parent record (#6007) + * Fix bug where ghost messages could be added to the list after fast delete (#5941) +- RELEASE 1.3.1 + * Add Preferences > Mailbox View > Main Options > Layout (#5829) + * Password: Fix compatibility with PHP 7+ in cpanel_webmail driver (#5820) + * Managesieve: Fix parsing dot-staffed lines in multiline text (#5838) + * Managesieve: Fix AM/PM suffix in vacation time selectors + * Managesieve: Fix bug where 'exists' operator was reset to 'contains' (#5899) + * Remove non-printable characters from filenames on download/display (#5880) + * Fix decoding non-ascii attachment names from TNEF attachments (#5646, #5799) + * Fix uninitialized string offset in rcube_utils::bin2ascii() and make sure rcube_utils::random_bytes() result has always requested length (#5788) + * Fix bug where HTML messages with @media styles could moddify style of page body (#5811) + * Fix style issue on selected and unfocused message that is part of a thread (#5798) + * Fix bug where a.button style from managesieve plugin could impact other elements (#5800) + * Fix position of selected icon for (Mailvelope) Encrypt button + * Fix fatal error when using DMY- or MDY-based date format in PostgreSQL (#5808) + * Fix bug where errors were not printed when using bin/update.sh (#5834) + * Fix PHP 7.2 warnings on count() use (#5845) + * Fix bug where Chrome could not upload the same file that was selected before (#5854) + * Fix duplicate messages on the list after deleting messages on the next to the last page (#5862) + * Fix bug where messages count was not updated after delete when imap_cache is set (#5872) + * Fix potential XSS vulnerability with malformed HTML message markup + * Fix sending message with "Too many public recipients" dialog buttons (#5924) + * Bring back double-click behavior on the message list which was removed in 1.3.0 (#5823) + * Enigma: Fix decrypting an encrypted+signed message when signature verification fails (#5914) +- RELEASE 1.3.0 + * Update to TinyMCE 4.5.7 + * Fix bug where invalid recipients could be silently discarded (#5739) + * Fix conflict with _gid cookie of Google Analytics (#5748) + * Print error from CLI scripts when system/exec function is disabled (#5744) + * Fix bug where comment notation within style tag would cause the whole style to be ignored (#5747) + * Fix bug where it wasn't possible to scroll folders list in Edge (#5750) + * Fix folders list sorting on Windows - if php-intl is available (#5732) + * Fix addressbook searching by gender (#5757) + * Fix prevention from using % and * characters in folder name (#5762) + * Fix POST parameter reflection in default_charset selector (#5768) + * Enigma: Fix compatibility with assets_dir + * Managesieve: Skip redundant LISTSCRIPTS command + * Fix SQL syntax error on MariaDB 10.2 (#5774) + * Fix bug where zipdownload ignored files with the same name (#5777) + * Fix bug where it wasn't possible to set timezone to auto-detected value (#5782) +- Build roundcube correcty for both php5 and php7 + +------------------------------------------------------------------- +Fri Nov 10 10:50:57 UTC 2017 - lars@linux-schulserver.de + +- Update to 1.2.7: + + Fix file disclosure vulnerability caused by insufficient + input validation (CVE-2017-16651; boo#1067574) + +------------------------------------------------------------------- +Tue Sep 19 09:02:32 UTC 2017 - michael@stroeder.com + +- Update to 1.2.6 + * Don't ignore (global) userlogins/sendmail logging in per_user_logging mode + * Enigma: Fix compatibility with assets_dir + * Managesieve: Fix AM/PM suffix in vacation time selectors + * Fix bug where comment notation within style tag would cause the whole style to be ignored (#5747) + * Fix bug where it wasn't possible to scroll folders list in Edge (#5750) + * Fix addressbook searching by gender (#5757) + * Fix SQL syntax error on MariaDB 10.2 (#5774) + * Fix bug where it wasn't possible to set timezone to auto-detected value (#5782) + * Fix uninitialized string offset in rcube_utils::bin2ascii() and make sure rcube_utils::random_bytes() result has always requested length (#5788) + * Fix potential XSS vulnerability with malformed HTML message markup + +------------------------------------------------------------------- +Fri Jul 28 09:59:22 UTC 2017 - chris@computersalat.de + +- fix for boo#1050980 + * php-mcrypt will be removed with php >= 7.2 + * anyway not a dependency anymore since roundcube version 1.2 + +------------------------------------------------------------------- +Wed May 3 18:19:03 UTC 2017 - michael@stroeder.com + +- Update to 1.2.5 which fixes vulnerability in the virtualmin and + sasl drivers of the password plugin (CVE-2017-8114, bsc#1036955) + +------------------------------------------------------------------- +Thu Mar 16 18:20:18 UTC 2017 - aj@ajaissle.de + +- Update to 1.2.4 [boo#1029035] + - Managesieve: Fix handling of scripts with nested rules (#5540) + - Managesieve: Fix parser issue with empty lines between comments (#5657) + - Managesieve: Fix possible defect in handling \r\n in scripts (#5685) + - Enigma: Fix handling of messages with nested PGP encrypted parts (#5634) + - Enigma: Fix PHP fatal error when decrypting a message with invalid signature (#5555) + - Enigma: Fix missing require statement for Crypt_GPG_KeyGenerator (#5641) + - Fix variable substitution in ldap host for some use-cases, e.g. new_user_identity (#5544) + - Fix adding images to new identity signatures + - Fix rsync error handling in installto.sh script (#5562) + - Fix some advanced search issues with multiple addressbooks (#5572) + - Fix so group/addressbook selection is retained on page refresh + - Fix bug where image data URIs in css style were treated as evil/remote in mail preview (#5580) + - Fix bug where external content in src attribute of input/video tags was not secured (#5583) + - Fix PHP error on update of a contact with multiple email addresses when using PHP 7.1 (#5587) + - Fix bug where mail content frame couldn't be reset in some corner cases (#5608) + - Fix bug where some classic skin images were not displayed in IE/Edge (#5614) + - Fix bug where signature couldn't be added above the quote in Firefox 51 (#5628) + - Fix regression where groups with email address were resolved to its members' addresses + - Fix update of group name in the contacts list header on group rename (#5648) + - Add rewrite rule to disable access to /vendor/bin folder in .htaccess (#5630) + - Fix bug where it was too easy accidentally move a folder when using the subscription checkbox (#5655) + - Fix XSS issue in handling of a style tag inside of an svg element [CVE-2017-6820] + +------------------------------------------------------------------- +Tue Nov 29 10:34:37 UTC 2016 - aj@ajaissle.de + +- Update to 1.2.3 [boo#1012493] + - Searching in both contacts and groups when LDAP addressbook with group_filters option is used + - Fix vulnerability in handling of mail()'s 5th argument [boo#1012493] + - Fix To: header encoding in mail sent with mail() method (#5475) + - Fix flickering of header topline in min-mode (#5426) + - Fix bug where folders list would scroll to top when clicking on subscription checkbox (#5447) + - Fix decoding of GB2312/GBK text when iconv is not installed (#5448) + - Fix regression where creation of default folders wasn't functioning without prefix (#5460) + - Enigma: Fix bug where last records on keys list were hidden (#5461) + - Enigma: Fix key search with keyword containing non-ascii characters (#5459) + - Fix bug where deleting folders with subfolders could fail in some cases (#5466) + - Fix bug where IMAP password could be exposed via error message (#5472) + - Fix bug where it wasn't possible to store more that 2MB objects in memcache/apc, Added memcache_max_allowed_packet and apc_max_allowed_packet settings (#5452) + - Fix "Illegal string offset" warning in rcube::log_bug() on PHP 7.1 (#5508) + - Fix storing "empty" values in rcube_cache/rcube_cache_shared (#5519) + - Fix missing content check when image resize fails on attachment thumbnail generation (#5485) + - Fix displaying attached images with wrong Content-Type specified (#5527) + +------------------------------------------------------------------- +Wed Oct 5 16:30:35 UTC 2016 - astieger@suse.com + +- verify source signature + +------------------------------------------------------------------- +Thu Sep 29 14:23:42 UTC 2016 - aj@ajaissle.de + +- Update to 1.2.2 [boo#1001856] + - Enigma: Add possibility to configure gpg-agent binary location (enigma_pgp_agent) + - Enigma: Fix signature verification with some IMAP servers, e.g. Gmail, DBMail (#5371) + - Enigma: Make recipient key searches case-insensitive (#5434) + - Fix regression in resizing JPEG images with Imagick (#5376) + - Managesieve: Fix parsing of vacation date-time with non-default date_format (#5372) + - Use SymLinksIfOwnerMatch in .htaccess instead of FollowSymLinks disabled on some hosts for security reasons (#5370) + - Wash position:fixed style in HTML mail for better security (#5264) [boo#1001856] + - Fix bug where memcache_debug didn't work for session operations + - Fix bug where Message-ID domain part was tied to username instead of current identity (#5385) + - Fix bug where blocked.gif couldn't be attached to reply/forward with insecure content + - Fix E_DEPRECATED warning when using Auth_SASL::factory() (#5401) + - Fix bug where names of downloaded files could be malformed when derived from the message subject (#5404) + - Fix so "All" messages selection is resetted on search reset (#5413) + - Fix bug where folder creation could fail if personal namespace contained more than one entry (#5403) + - Fix error causing empty INBOX listing in Firefox when using an URL with user:password specified (#5400) + - Fix PHP warning when handling shared namespace with empty prefix (#5420) + - Fix so folders list is scrolled to the selected folder on page load (#5424) + - Fix so when moving to Trash we make sure the folder exists (#5192) + - Fix displaying size of attachments with zero size + - Fix so "Action disabled" error uses more appropriate 404 code (#5440) + +------------------------------------------------------------------- +Thu Aug 11 17:02:25 UTC 2016 - aj@ajaissle.de + +- Update to 1.2.1 + - Update TinyMCE to version 4.3.13 (#5309) + - Fix bug where errors could have been not logged when per_user_logging=true + - Fix bug where message list columns could be in wrong order after column drag-n-drop and list sorting + - Fix so minified publickey.js (with cache-buster) is used when available (#5254) + - Fix (replace) application/x-tar file extension test as it might not exist in nginx config (#5253) + - Fix PHP warning when password_hosts is set, but is not an array (#5260) + - Fix redundant keep-alive requests when session_lifetime is greater than ~20000 (#5273) + - Fix so subfolders of INBOX can be set as Archive (#5274) + - Fix bug where multi-folder search could choose a wrong folder in "this and subfolders" scope (#5282) + - Fix bug where multi-folder search didn't work for unsubscribed INBOX (#5259) + - Fix bug where "no body" alert could be displayed when sending mailvelope email + - Enigma: Fix keys import from inside of an encrypted message (#5285) + - Enigma: Fix malformed signed messages with force_7bit=true (#5292) + - Enigma: Add possibility to configure gpg binary location (enigma_pgp_binary) + - Enigma: Add possibility to export private keys (#5321) + - Fix searching by email address in contacts with multiple addresses (#5291) + - Fix handling of --delete argument in moduserprefs.sh script (#5296) + - Workaround PHP issue by calling closelog() on script shutdown when using log_driver=syslog (#5289) + - Fix so upgrade script makes sure program/lib directory does not contain old libraries (#5287) + - Fix subscription checkbox state on error in folder subscribe/unsubscribe action (#5243) + - Fix bug where microsecond format in logged date didn't work in some cases + - Fix conflict in new_user_dialog and password_force_new_user settings (#5275) + - Don't create multipart/alternative messages with empty text/plain part (#5283) + - Use contact_search_name format in popup on results in compose contacts search + - Fix handling of 'mailto' and 'error' arguments in message_before_send hook (#5347) + - Fix missing localization of HTML editor when assets_dir != INSTALL_PATH + - Fix handling of blockquote tags with mixed case on html2text conversion (#5363) + - Fix javascript errors in IE on page with iframe that points to another domain + +------------------------------------------------------------------- +Tue May 24 07:21:22 UTC 2016 - opensuse@dstoecker.de + +- update to version 1.2.0 [boo#982003] [CVE-2016-5103] + PHP7 compatibility + PGP encryption + Drag-n-drop attachments from mail preview to compose window + Mail messages searching with predefined date interval + Improved security measures to protect from brute-force attacks + + And of course plenty of small improvements and bug fixes. + +------------------------------------------------------------------- +Mon Apr 25 09:46:41 UTC 2016 - lars@linux-schulserver.de + +- Update to 1.1.5 + Plugin API: Add html2text hook + Plugin API: Added addressbook_export hook + Fix missing emoticons on html-to-text conversion + Fix random "access to this resource is secured against CSRF" message at logout (#4956) + Fix missing language name in "Add to Dictionary" request in HTML mode (#4951) + Enable use of TLSv1.1 and TLSv1.2 for IMAP (#4955) + Fix XSS issue in SVG images handling (#4949) + Fix (again) security issue in DBMail driver of password plugin CVE-2015-2181 + Fix bug where Archive/Junk buttons were not active after page jump with select=all mode (#4961) + Fix bug in long recipients list parsing for cases where recipient name contained @-char (#4964) + Fix additional_message_headers plugin compatibility with Mail_Mime >= 1.9 (#4966) + Hide DSN option in Preferences when smtp_server is not used (#4967) + Protect download urls against CSRF using unique request tokens (#4957) + newmail_notifier: Refactor desktop notifications + Fix so contactlist_fields option can be set via config file + Fix so SPECIAL-USE assignments are forced only until user sets special folders (#4782) + Fix performance in reverting order of THREAD result + Fix converting mail addresses with @www. into mailto links (#5197) + + +------------------------------------------------------------------- +Fri Feb 5 15:13:42 UTC 2016 - aj@ajaissle.de + +- Added "Suggests:" for apache2 + +------------------------------------------------------------------- +Fri Jan 15 11:57:10 UTC 2016 - aj@ajaissle.de + +- Changed apache2 config + +------------------------------------------------------------------- +Thu Dec 31 10:42:03 UTC 2015 - lars@linux-schulserver.de + +- Update to 1.1.4 + Add workaround for ​https://bugs.php.net/bug.php?id=70757 (#1490582) + Fix duplicate messages in list and wrong count after delete (#1490572) + Fix so Installer requires PHP5 + Make brute force attacks harder by re-generating security token on every failed login (#1490549) + Slow down brute-force attacks by waiting for a second after failed login (#1490549) + Fix .htaccess rewrite rules to not block .well-known URIs (#1490615) + Fix mail view scaling on iOS (#1490551) + Fix so database_attachments::cleanup() does not remove attachments from other sessions (#1490542) + Fix responses list update issue after response name change (#1490555) + Fix bug where message preview was unintentionally reset on check-recent action (#1490563) + Fix bug where HTML messages with invalid/excessive css styles couldn't be displayed (#1490539) + Fix redundant blank lines when using HTML and top posting (#1490576) + Fix redundant blank lines on start of text after html to text conversion (#1490577) + Fix HTML sanitizer to skip <!-- node type X --> in output (#1490583) + Fix invalid LDAP query in ACL user autocompletion (#1490591) + Fix regression in displaying contents of message/rfc822 parts (#1490606) + Fix handling of message/rfc822 attachments on replies and forwards (#1490607) + Fix PDF support detection in Firefox > 19 (#1490610) + Fix path traversal vulnerability (CWE-22) in setting a skin (#1490620) [CVE-2015-8770] [bnc#962067] + Fix so drag-n-drop of text (e.g. recipient addresses) on compose page actually works (#1490619) + +- explicitely add required PHP packages (according to INSTALL): + + php-dom, php-json, php-sockets +- also recommend additional PHP packages: + + php-zip, php-pear-Crypt_GPG +- use generic php- prefix also for recommended packages (no explicit php5-) +- no Dockerfile readme any more + +------------------------------------------------------------------- +Fri Oct 23 11:55:15 UTC 2015 - aj@ajaissle.de + +- Changed roundcubemail-httpd.conf +- Enable mod_version.c per default [boo#938840] + +------------------------------------------------------------------- +Tue Sep 15 10:27:10 UTC 2015 - aj@ajaissle.de + +- Update to 1.1.3 + Fix closing of nested menus (#1490443) + Fix so E_DEPRECATED errors from PEAR libs are ignored by error_reporting change (#1490281) + Fix compatibility with PHP 5.3 in rcube_ldap class (#1490424) + Get rid of Mail_mimeDecode package dependency (#1490416) + Fix "Importing..." message does not hide on error (#1490422) + Fix SQL error on logout when using session_storage=php (#1490421) + Update to jQuery 2.1.4 (#1490406) + Fix Compose action in addressbook for results from multiple addressbooks (#1490413) + Fix bug where some messages in multi-folder search couldn't be viewed/printed/downloaded (#1490426) + Fix unintentional messages list page change on page switch in compose addressbook (#1490427) + Fix race-condition in saving user preferences and loading plugin config (#1490431) + Fix so plain text signature field uses monospace font (#1490435) + Fix so links with href == content aren't added to links list on html to text conversion (#1490434) + Fix handling of non-break spaces in html to text conversion (#1490436) + Fix self-reply detection issues (#1490439) + Fix multi-folder search result sorting by arrival date (#1490450) + Fix so *-request@ addresses in Sender: header are also ignored on reply-all (#1490452) + Update to TinyMCE 4.1.10 (#1490405) + Fix draft removal after a message is sent and storing sent message is disabled (#1490467) + Fix so imap folder attribute comparisons are case-insensitive (#1490466) + Fix bug where new messages weren't added to the list in search mode + Fix wrong positioning of message list header on page scroll in Webkit browsers (#1490035) + Fix some javascript errors in rare situations (#1490441) + Fix error when using back button after sending an email (#1490009) + Fix removing signature when switching to identity with an empty sig in HTML mode (#1490470) + Disable links list generation on html-to-text conversion of identities or composed message (#1490437) + Fix "washing" of style elements wrapped into many lines + Fix so input field (e.g. search box) does not loose focus on list load (#1490455) + Fix minor XSS issue in drag-n-drop file uploads (#1490530) + +------------------------------------------------------------------- +Mon Jun 8 20:45:27 UTC 2015 - draht@schaltsekun.de + +- Update to 1.1.2 + Add new plugin hook 'identity_create_after' providing the ID of the inserted identity (#1490358) + Add option to place signature at bottom of the quoted text even in top-posting mode [sig_below] + Fix handling of %-encoded entities in mailto: URLs (#1490346) + Fix zipped messages downloads after selecting all messages in a folder (#1490339) + Fix vpopmaild driver of password plugin + Fix PHP warning: Non-static method PEAR::setErrorHandling() should not be called statically (#1490343) + Fix tables listing routine on mysql and postgres so it skips system or other database tables and views (#1490337) + Fix message list header in classic skin on window resize in Internet Explorer (#1490213) + Fix so text/calendar parts are listed as attachments even if not marked as such (#1490325) + Fix lack of signature separator for plain text signatures in html mode (#1490352) + Fix font artifact in Google Chrome on Windows (#1490353) + Fix bug where forced extwin page reload could exit from the extwin mode (#1490350) + Fix bug where some unrelated attachments in multipart/related message were not listed (#1490355) + Fix mouseup event handling when dragging a list record (#1490359) + Fix bug where preview_pane setting wasn't always saved into user preferences (#1490362) + Fix bug where messages count was not updated after message move/delete with skip_deleted=false (#1490372) + Fix security issue in contact photo handling (#1490379) + Fix possible memcache/apc cache data consistency issues (#1490390) + Fix bug where imap_conn_options were ignored in IMAP connection test (#1490392) + Fix bug where some files could have "executable" extension when stored in temp folder (#1490377) + Fix attached file path unsetting in database_attachments plugin (#1490393) + Fix issues when using moduserprefs.sh without --user argument (#1490399) + Fix potential info disclosure issue by protecting directory access (#1490378) + Fix blank image in html_signature when saving identity changes (#1490412) + Installer: Use openssl_random_pseudo_bytes() (if available) to generate des_key (#1490402) + Fix XSS vulnerability in _mbox argument handling (#1490417) + +------------------------------------------------------------------- +Thu Mar 26 08:47:49 UTC 2015 - aj@ajaissle.de + +- Update to 1.1.1 + ACL: Allow other plugins to adjust the list of permissions and groups to edit + Add possibility to print contact information (of a single contact) + Add possibility to configure max_allowed_packet value for all database engines (#1490283) + Improved handling of storage errors after message is sent + Update to TinyMCE 4.1.9 + Unified request* event arguments handling, added support for _unlock and _action parameters + Security: Generate random hash for the per-user local storage prefix (#1490279) + Fix refreshing of drafts list when sending a message which was saved in meantime (#1490238) + Fix saving/sending emoticon images when assets_dir is set + Fix PHP fatal error when visiting Vacation interface and there's no sieve script yet (#1490292) + Fix setting max packet size for DB caches and check packet size also in shared cache + Fix needless security warning on BMP attachments display (#1490282) + Fix handling of some improper constructs in format=flowed text as per the RFC3676[4.5] (#1490284) + Fix performance of rcube_db_mysql::get_variable() + Fix missing or not up-to-date CATEGORIES entry in vCard export (#1490277) + Fix fatal errors on systems without mbstring extension or mb_regex_encoding() function (#1490280) + Fix cursor position on reply below the quote in HTML mode (#1490263) + Fix so "over quota" errors are displayed also in message compose page + Fix duplicate entries supression in autocomplete result (#1490290) + Fix "Non-static method PEAR::isError() should not be called statically" errors (#1490281) + Fix parsing invalid HTML messages with BOM after <!DOCTYPE> (#1490291) + Fix duplicate entry on timezones list in rcube_config::timezone_name_from_abbr() (#1490293) + Fix so localized folder name is displayed in multi-folder search result (#1490243) + Fix javascript error after creating a folder which is a subfolder of another one (#1490297) + Fix bug where subject of sent/saved message was removed if mbstring wasn't installed (#1490295) + Fix missing vcard_attachment icon on messages list (#1490303) + Fix storing signatures with big images in MySQL database (#1490306) + Fix Opera browser detection in javascript (#1490307) + Fix so search filter, scope and fields are reset on folder change + Fix rows count when messages search fails (#1490266) + Fix bug where spellchecking in HTML editor do not work after switching editor type more than once (#1490311) + Fix bug where TinyMCE area height was too small on slow network connection (#1490310) + Fix backtick character handling in sql queries (#1490312) + Fix redirect URL for attachments loaded in an iframe when behind a proxy (#1490191) + Fix menu container references to point to the actual <ul> element (#1490313) + Fix javascripts errors in IE8 - lack of Event.which, focusing a hidden element (#1490318) + +------------------------------------------------------------------- +Tue Feb 10 12:27:59 UTC 2015 - aj@ajaissle.de + +- Update to 1.1.0 + + New features: + - Allow searching across multiple folders + - Improved support for screen readers and assistive technology using + WCAG 2.0 andWAI ARIA standards + - Update to TinyMCE 4.1 to support images in HTML signatures (copy & paste) + - Added namespace filter and folder searching in folder manager + - New config option to disable UI elements/actions + - Stronger password encryption using OpenSSL + - Support for the IMAP SPECIAL-USE extension + - Support for Oracle as database backend + - Manage 3rd party libs with Composer + - Secure URLs [1] (disabled by default) + + Changelog: + Make SMTP error log more verbose - include server response and error code + Fix download options menu (added by zipdownload plugin) in classic skin (#1490228) + Fix blocked.gif image usage with assets_dir set + Fix bug where max_group_members was ignored when adding a new contact (#1490214) + Hide MDN and DSN options in compose if disabled by admin (#1490221) + Fix checks based on window.ActiveXObject in IE > 10 + Fix XSS issue in style attribute handling (#1490227) + Fix bug where Drafts list wasn't updated on draft-save action in new window (#1490225) + Fix so "set as default" option is hidden if identities_level > 1 (#1490226) + Fix bug where search was reset after returning from compose visited for reply + Fix javascript error in "IE 8.0/Tablet PC" browser (#1490210) + Fix bug where Reply-To address was ignored on reply to messages sent by self (#1490233) + Fix bug where empty fieldmap config entries caused empty results of ldap search (#1490229) + Fix bug where drafts list wasn't refreshed after draft message was sent from another window (#1490238) + Fix keyboard navigation and css in datepicker widget across many Firefox versions + Fix false warning when opening attached text/plain files (#1490241) + Fix bug where signature could have been inserted twice after plain-to-html switch (#1490239) + Fix security issue in DBMail driver of password plugin (#1490261) + Enable FollowSymLinks? option in .htaccess file which is required by rewrite rules (#1490255) + Fix so JSON.parse() errors on localStorage items are ignored (#1490249) + +[1] http://trac.roundcube.net/wiki/Howto_Config/Secure_URLs + +------------------------------------------------------------------- +Sun Feb 1 12:37:13 UTC 2015 - aj@ajaissle.de + +- Update to 1.1-rc (1.0.95) + Update jQuery to version 2.1.3 + Improve system security by using optional special URL with security token - use_secure_urls + Allow to define separate server/path for image/js/css files - assets_url/assets_dir + Sync vendor folder if exists in source package (#1490145) + Avoid useless reloading list when resetting search with active filter (#1490057) + Fix invalid folder selection if clicked while busy (#1490158) + Fix import of multiple contact email addresses from Outlook-csv format (#1490169) + Fix drag-n-drop to folders expanded while dragging (#1490157) + Fix import of multiple contact groups from Google-csv format (#1490159) + Fix import of contacts with multiple email addresses from Google-csv format (#1490178) + Fix bugs where CSRF attacks were still possible on some requests + Fix some rcube_utils::anytodatetime() corner cases with timezone mismatches (#1490163) + Improve move-to and contact-export button in classic skin (#1490166) + Fix wrong icon for download button in classic skin + Fix bug where sent message was saved in Sent folder even if disabled by user (#1490208) + +- Update to 1.1-beta (1.0.90) + Fix skin path handling in plugin context (#1488967) + Prevent memory exhaustion on image resizing with GD on Windows (#1489937) + Add plugin hook for database table name lookups as requested in #1489837 + Added Oracle database support + Support contacts import in GMail CSV format + Added namespace filter in Folder Manager + Added folder searching in Folder Manager + Fix restoring draft messages from localStorage if editor mode differs (#1490016) + Added config option/user preference to disable saving messages in localStorage (#1489979) + Added config option 'imap_log_session' to enable Roundcube <-> IMAP session ID logging + Added config option 'log_session_id' to control the length of the session identifier in logs + Implemented 'storage_connected' API hook after successful IMAP login (#1490025) + Integrate Net_LDAP3 and rcube_ldap_generic classes + Add option (disabled_actions) to disable UI elements/actions (#1489638) + Support password encryption using openssl extension (#1489989) + Create/rename groups in UI dialogs (#1489951) + Added 'contact_search_name' option to define autocompletion entry format + Display quota information for current folder not INBOX only (#1487993) + Support images in HTML signatures (#1488676) + Display full quota information in popup (#1485769, #1486604) + Mail compose: Selecting contact inserts recipient to previously focused input - to/cc/bcc accordingly (#1489684) + Close "no subject" prompt with Enter key (#1489580) + Password: Add option to force new users to change their password (#1486884) + Improve support for screen readers and assistive technology using WCAG 2.0 and WAI ARIA standards + Enable basic keyboard navigation throughout the UI (#1487845) + Select/scroll to previously selected message when returning from message page (#1489023) + Display a warning if popup window was blocked (#1489618) + Remove (was: ...) from message subject on reply (#1489375) + Update to TinyMCE 4.1 (#1489057) + Enable autolink plugin in TinyMCE (#1488845) + Support image operations with Imagick extension (#1489734) + Support upload progress with session.upload_progress and PECL uploadprogress module (#1488702) + Make identity name field optional (#1489510) + Utility script to remove user records from the local database + Plugin API: Added message_saved hook (#1489752) + Plugin API: Added imap_search_before hook + Support messages import from zip archives + Zipdownload: Added mbox format support (#1486069) + Drop support for IE6, move IE7/IE8 support to legacy_browser plugin + Update to jQuery-2.1.1 + Search across multiple folders (#1485234) + Improve UI integration of ACL settings + Drop support for PHP < 5.3.7 + Set In-Reply-To and References for forwarded messages (#1489593) + Removed redundant default_folders config option (#1489737) + Implemented IMAP SPECIAL-USE extension support [RFC6154] (#1487830) + Optimize some framed pages content for better performance (#1489792) + Improve text messages display and conversion to HTML (#1488937) + Don't remove links when html signature is converted to text (#1489621) + Fix page title when using search filter (#1490023) + Fix mbox files import + Fix some character sets detection (#1490135) + Fix so attachment charset is set in headers of forward/draft message (#1490109) + Fix bug where wrong charset could be used for text attachment preview page (#1490106) + Fix setting flags on servers with no PERMANENTFLAGS response (#1490087) + Fix regression in SHAA password generation in ldap driver of password plugin (#1490094) + Fix displaying of HTML messages with absolutely positioned elements in Larry skin (#1490103) + Fix font style display issue in HTML messages with styled <span> elements (#1490101) + Fix download of attachments that are part of TNEF message (#1490091) + Fix handling of uuencoded messages if messages_cache is enabled (#1490108) + Fix handling of base64-encoded attachments with extra spaces (#1490111) + Fix handling of UNKNOWN-CTE response, try do decode content client-side (#1490046) + Fix bug where creating subfolders in shared folders wasn't possible without ACL extension (#1490113) + Fix reply scrolling issue with text mode and start message below the quote (#1490114) + Fix possible issues in skin/skin_path config handling (#1490125) + +- Rebased roundcubemail-0.9.1_config-dir.patch as roundcubemail-1.1-beta-config_dir.patch + +------------------------------------------------------------------- +Sun Feb 1 12:33:22 UTC 2015 - aj@ajaissle.de + +- Update to 1.0.5 + Fix bug where some valid text in a message was handled as uuencoded attachment + Fix wrong icon for download button in classic skin + Fix bug where sent message was saved in Sent folder even if disabled by user (#1490208) + Fix checks based on window.ActiveXObject in IE > 10 + Fix XSS issue in style attribute handling (#1490227) + Fix bug where Drafts list wasn't updated on draft-save action in new window (#1490225) + Fix so "set as default" option is hidden if identities_level > 1 (#1490226) + Fix bug where search was reset after returning from compose visited for reply + Fix javascript error in "IE 8.0/Tablet PC" browser (#1490210) + Fix bug where empty fieldmap config entries caused empty results of ldap search (#1490229) +- Update to 1.1-rc (1.0.95) + +------------------------------------------------------------------- +Thu Dec 18 17:28:40 UTC 2014 - aj@ajaissle.de + +- Update to 1.0.4 + Disable TinyMCE contextmenu plugin as there are more cons than pros in using it (#1490118) + Fix bug where show_real_foldernames setting wasn't honored on compose page (#1490153) + Fix issue where Archive folder wasn't protected in Folder Manager (#1490154) + Fix compatibility with PHP 5.2. in rcube_imap_generic (#1490115) + Fix setting flags on servers with no PERMANENTFLAGS response (#1490087) + Fix regression in SHAA password generation in ldap driver of password plugin (#1490094) + Fix displaying of HTML messages with absolutely positioned elements in Larry skin (#1490103) + Fix font style display issue in HTML messages with styled <span> elements (#1490101) + Fix download of attachments that are part of TNEF message (#1490091) + Fix handling of uuencoded messages if messages_cache is enabled (#1490108) + Fix handling of base64-encoded attachments with extra spaces (#1490111) + Fix handling of UNKNOWN-CTE response, try do decode content client-side (#1490046) + Fix bug where creating subfolders in shared folders wasn't possible without ACL extension (#1490113) + Fix reply scrolling issue with text mode and start message below the quote (#1490114) + Fix possible issues in skin/skin_path config handling (#1490125) + Fix lack of delimiter for recipient addresses in smtp_log (#1490150) + Fix generation of Blowfish-based password hashes (#1490184) + Fix bugs where CSRF attacks were still possible on some requests + +------------------------------------------------------------------- +Sat Nov 08 20:02:00 UTC 2014 - Led <ledest@gmail.com> + +- fix bashisms in post scripts + +------------------------------------------------------------------- +Mon Sep 29 17:23:39 UTC 2014 - aj@ajaissle.de + +- Update to 1.0.3 + Fix insert-signature command in external compose window if opened from inline compose screen (#1490074) + Initialize HTML editor before restoring a message from localStorage (#1490016) + Add 'sig_max_lines' config option to default config file (#1490071) + Add option to specify IMAP connection socket parameters - imap_conn_options (#1489948) + Add option to set default message list mode - default_list_mode (#1487312) + Enable contextmenu plugin for TinyMCE editor (#1487014) + Fix some mime-type to extension mapping checks in Installer (#1489983) + Fix errors when using localStorage in Safari's private browsing mode (#1489996) + Fix bug where $Forwarded flag was being set even if server didn't support it (#1490000) + Fix various iCloud vCard issues, added fallback for external photos (#1489993) + Fix invalid Content-Type header when send_format_flowed=false (#1489992) + Fix errors when adding/updating contacts in active search (#1490015) + Fix incorrect thumbnail rotation with GD and exif orientation data (#1490029) + Fix contacts list update after adding/deleting/moving a contact (#1490028, #1490033) + Fix handling of email addresses with quoted domain part (#1490040) + Fix comm_path update on task switch (#1490041) + Fix error in MSSQL update script 2013061000.sql (#1490061) + Fix validation of email addresses with IDNA domains (#1490067) + +------------------------------------------------------------------- +Sun Jul 20 23:14:51 UTC 2014 - aj@ajaissle.de + +- Update to 1.0.2 + * Fix storing unsaved drafts in localStorage (#1489818) + * Fix redundant horizontal scrollbar in HTML editor (#1489950) + * Fix PHP error in Preferences when default_folders was in dont_override (#1489940) + * Add configurable LDAP_OPT_DEREF option (#1489864) + * Fix unintentional draft autosave request if autosave is disabled (#1489882) + * Fix malformed References: header in send/saved mail (#1489891) + * Fix handling unicode characters in links (#1489898) + * Fix incorrect handling of HTML comments in messages sanitization code (#1489904) + * Fix so current page is reset on list-mode change (#1489907) + * Fix so responses menu hides on click in classic skin (#1489915) + * Fix unintentional line-height style modification in HTML messages (#1489917) + * Fix broken normalize_string(), add support for ISO-8859-2 (#1489918) + * Support csv contacts import in German localization (#1489920) + * Fix so message list and counters are updated when a message is opened in new window (#1489919) + * Fix malformed recipient name when composing a message by clicking on mailto link (#1489942) + * Fix list reload after sending message in another window (#1489931) + * Fix so address format errors are ignored when saving a draft (#1489954) + * Fix incorrect label translation in return receipt (#1489963) + * Fix security issue in delete-response action - allow only ajax request + * Fix Delete button state after deleting identity/response (#1489972) + * Fix bug where contacts with no email address were listed on compose addressbook (#1489970) + * Fix images import from various vCard formats (#1489977) + * Fix sorting messages by size on servers without SORT capability (#1489981) + +------------------------------------------------------------------- +Mon Jun 23 20:26:06 UTC 2014 - jamesp@vicidial.com + +- Modify roundcubemail-httpd.conf for OpenSuSE v.13.1 apache2 + o Apache2 on OpenSuSE v.13.1 has the mod_access_compat.c module + statically compiled into the Apache2 core. This means it can't + be unloaded and the older pre-2.4 access directives must be + used. Since it is not advised to mix pre and post 2.4 access + methods the file had to be modified to look for this static + module and load pre-2.4 directives if found on Apache 2.4. It + should be forward compatible if the mod_access_compat.c module + become dynamic in the future and is not loaded. + +------------------------------------------------------------------- +Sun May 11 18:01:57 UTC 2014 - aj@ajaissle.de + +- Update to 1.0.1 + * Support 'error' and 'body_file' return attribs in 'message_before_send' hook (#1489595) + * Apply user-specific replacements to group's base_dn property (#1489779) + * Fix missing email address when importing contacts from outlook csv (#1489830) + * Fix bug where "With attachment" option in search filter wasn't selected after return from mail view (#1489774) + * Fix "washing" of unicoded style attributes (#1489777) + * Fix unintentional redirect from compose page in Webkit browsers (#1489789) + * Fix messages index cache update under some conditions (e.g. proxy) (#1489756) + * Fix lack of translation of special folders in some configurations (#1489799) + * Fix XSS issue in plain text spellchecker (#1489806) + * Fix invalid page title for some folders (1489804) + * Fix redundant alert message on over-size uploads (#1489817) + * Fix next message display after removing a message (#1489800) + * Fix missing Mail-Followup-To header in sent mail (#1489829) + * Fix error when spell-checking an empty text (#1489831) + * Avoid popupmenus being closed when scrollbar is clicked (#1489832) + * Add proxy_whitelist configuration option (#1489729) + * Fix identities_level=4 handling in new_user_dialog plugin (#1489840) + * Fix various db_prefix issues (#1489839) + * Fix too small length of users.preferences column data type on MySQL + * Fix redundant warning when switching from html to text in empty editor (#1489819) + * Fix invalid host validation on login (#1489841) + * Fix IMAP connection test in installer so it is aware of imap_auth_type (#1489746) + +------------------------------------------------------------------- +Thu Apr 10 20:22:54 UTC 2014 - aj@ajaissle.de + +- Remove possible 'leftover' SQL directory from document root, + preventing upgrades from versions > 0.9.5 [bnc#872790] + +------------------------------------------------------------------- +Tue Apr 8 06:55:11 UTC 2014 - aj@ajaissle.de + +- Update to 1.0.0 + * Cleaned up the configuration into a single file + * Importing email messages and contact group assignments + * Advanced LDAP address book functionality + * A toggle to switch between HTML and plaintext view + * Save drafts in local storage for recovery + * Canned responses to save and recall boilerplate texts + * Improved keyboard navigation in messages list + * Optimized UI to work on tablet devices + * Attachment reminder plugin + + many bug fixes + +------------------------------------------------------------------- +Fri Mar 7 11:24:50 UTC 2014 - aj@ajaissle.de + +- Use macros for DES string replacement + +------------------------------------------------------------------- +Fri Feb 28 16:52:47 UTC 2014 - aj@ajaissle.de + +- Require php-pear-Net_Sieve for managesieve plugin + +------------------------------------------------------------------- +Thu Feb 27 16:39:07 UTC 2014 - aj@ajaissle.de + +- Be more verbose if migration happened +- Deny web access to roundcubemail/{migration,migrated} + +------------------------------------------------------------------- +Mon Feb 24 14:02:07 UTC 2014 - aj@ajaissle.de + +- Dropped SQL_dir.patch, it's way easier to maintain to just create + a symlink. + +------------------------------------------------------------------- +Thu Feb 13 09:35:39 UTC 2014 - aj@ajaissle.de + +- Renamed logrotate config to just 'roundcubemail' + +------------------------------------------------------------------- +Wed Feb 12 16:57:46 UTC 2014 - aj@ajaissle.de + +- Fixed logrotate config installation path (bnc#863569) + +------------------------------------------------------------------- +Wed Feb 12 14:41:25 UTC 2014 - aj@ajaissle.de + +- Add %ghost for /migration and /migrated + +------------------------------------------------------------------- +Wed Feb 12 10:18:43 UTC 2014 - aj@ajaissle.de + +- Update to roundcubemail-1.0-rc +- Removed roundcubemail-1.0.beta_SQL_dir.patch + +------------------------------------------------------------------- +Wed Jan 22 11:15:31 UTC 2014 - aj@ajaissle.de + +- Update to roundcubemail-1.0-beta +- Rebased roundcubemail-0.9.5_SQL_dir.patch as roundcubemail-1.0.beta_SQL_dir.patch + +------------------------------------------------------------------- +Fri Jan 10 17:54:21 UTC 2014 - aj@ajaissle.de + +- Fixed typo in apache2 config file [bnc#842800] + +------------------------------------------------------------------- +Fri Jan 10 15:58:15 UTC 2014 - aj@ajaissle.de + +- Renamed Patch0 (was: roundcubemail-config-dir.patch, now is: + roundcubemail-0.9.1_config-dir.patch) +- PATCH-FIX-OPENSUSE roundcubemail-0.9.5_SQL_dir.pacth -- SQL files + are located in _docdir + +------------------------------------------------------------------- +Fri Nov 22 15:46:06 UTC 2013 - aj@ajaissle.de + +- Also alias /roundcubemail to roundcube path + +------------------------------------------------------------------- +Thu Nov 21 17:11:33 UTC 2013 - aj@ajaissle.de + +- Changed source package to *-dep.tar.gz +- Optimized spec file + * Replaced default DES string with some more secure, random string + * Moved SQL files to %doc + * Moved logs/ and temp/ to /var/log/ and /var/lib/ +- httpd.conf now 'speaks' Apache 2.4 + +------------------------------------------------------------------- +Thu Nov 21 15:50:31 UTC 2013 - aj@ajaissle.de + +- New upstream release 0.9.5 (bnc#847179) (CVE-2013-6172) + * Fix failing vCard import when email address field contains spaces (#1489386) + * Fix default spell-check configuration after Google suspended their spell service + * Fix vulnerability in handling _session argument of utils/save-prefs (#1489382) + * Fix iframe onload for upload errors handling (#1489379) + * Fix address matching in Return-Path header on identity selection (#1489374) + * Fix text wrapping issue with long unwrappable lines (#1489371) + * Fixed mispelling: occured -> occurred (#1489366) + * Fixed issues where HTML comments inside style tag would hang Internet Explorer + * Fix setting domain in virtualmin password driver (#1489332) + * Hide Delivery Status Notification option when smtp_server is unset (#1489336) + * Display full attachment name using title attribute when name is too long to display (#1489320) + * Fix attachment icon issue when rare font/language is used (#1489326) + * Fix expanded thread root message styling after refreshing messages list (#1489327) + * Fix issue where From address was removed from Cc and Bcc fields when editing a draft (#1489319) + * Fix error_reporting directive check (#1489323) + * Fix de_DE localization of "About" label in Help plugin (#1489325) + +------------------------------------------------------------------- +Sun Sep 8 19:16:28 UTC 2013 - wr@rosenauer.org + +- Update to version 0.9.4 + * Make identities matching case insensitive + * Fix issue where too big message data was stored in cache causing + sql errors + * Fix iframe scrollbars on webkit desktop browsers + * Fix issue where legacy config was overriden by default config + * Fix newmail_notifier issue where favicon wasn't changed back to + default + * Fix setting of Junk and NonJunk? flags by markasjunk plugin + * Fix lack of Reply-To address in header of forwarded message body + * Fix bugs when invoking contact creation form when read-only + addressbook is selected + * Fix identity selection on reply + * Fix so additional headers are added to all messages sent + * Fix display issue after moving folder in Folder Manager + * Fix handling of non-default date formats + * Fix unquoted path in PREG expression on Windows + * Fix Junk folder icon alignment when it's nested in inbox folder + * Fix wrong close tag in /template/mail.html + +------------------------------------------------------------------- +Thu Aug 29 07:38:09 UTC 2013 - wr@rosenauer.org + +- Update to version 0.9.3 (bnc#837436) (CVE-2013-5645) + * Optimized UI behavior for touch devices + * Fix setting refresh_interval to "Never" in Preferences + * Fix purge action in folder manager + * Fix base URL resolving on attribute values with no quotes + * Fix wrong handling of links with '|' character + * Fix colorspace issue on image conversion using ImageMagick? + * Fix XSS vulnerability when saving HTML signatures + * Fix XSS vulnerability when editing a message "as new" or draft + * Fix rewrite rule in .htaccess + * Fix detecting Turkish language in ISO-8859-9 encoding + * Fix identity-selection using Return-Path headers + * Fix parsing of links with ... in URL + * Fix compose priority selector when opening in new window + * Fix bug where signature wasn't changed on identity selection when editing a draft + * Fix IMAP SETMETADATA parameters quoting + * Fix "could not load message" error on valid empty message body + * Fix handling of message/rfc822 attachments on message forward and edit + * Fix parsing of square bracket characters in IMAP response strings + * Don't clear References and in-Reply-To when a message is "edited as new" + * Fix messages list sorting with THREAD=REFS + * Remove deprecated (in PHP 5.5) PREG /e modifier usage + * Fix empty messages list when register_globals is enabled + * Fix so valid and set date.timezone is not required by installer checks + * Canonize boolean ini_get() results + * Fix so install do not fail when one of DB driver checks fails but other drivers exist + * Fix so exported vCard specifies encoding in v3-compatible format +- Update to version 0.9.2 + * Fix image thumbnails display in print mode + * Fix height of message headers block + * Fix timeout issue on drag&drop uploads + * Fix default sorting of threaded list when THREAD=REFS isn't supported + * Fix list mode switch to 'List' after saving list settings in Larry skin + * Fix error when there's no writeable addressbook source + * Fix zipdownload plugin issue with filenames charset + * Fix so non-inline images aren't skipped on forward + * Fix "null" instead of empty string on messages list in IE10 + * Fix legacy options handling + * Fix so bounces addresses in Sender headers are skipped on Reply-All + * Fix bug where serialized strings were truncated in PDO::quote() + * Fix displaying messages with invalid self-closing HTML tags + * Fix PHP warning when responding to a message with many Return-Path headers + * Fix unintentional compose window resize + * Fix performance regression in text wrapping function + * Fix connection to posgtres db using unix socket + * Fix handling of comma when adding contact from contacts widget + * Fix bug where a message was opened in both preview pane and new window on double-click + * Fix fatal error when xdebug.max_nesting_level was exceeded in rcube_washtml + * Fix PHP warning in html_table::set_row_attribs() in PHP 5.4 + * Fix invalid option selected in default_font selector when font is unset + * Fix displaying contact with ID divisible by 100 in sql addressbook + * Fix browser warnings on PDF plugin detection + * Fix fatal error when parsing UUencoded messages + +------------------------------------------------------------------- +Mon Jun 3 17:15:26 UTC 2013 - wr@rosenauer.org + +- Update to version 0.9.1 + * a lot of bugfixes and smaller improvements + (http://trac.roundcube.net/wiki/Changelog) + +------------------------------------------------------------------- +Sat Apr 27 09:31:24 UTC 2013 - wr@rosenauer.org + +- Update to version 0.9.0 + * Improved rendering of forwarded and attached messages + * Optionally display and compose email messages a new windows + * Unified UI for message view and composition + * Show sender photos from contacts in email view + * Render thumbnails for image attachments + * Download all attachments as zip archive (using the zipdownload plugin) + * Forward multiple emails as attachments + * CSV import for contacts + +------------------------------------------------------------------- +Fri Mar 29 22:26:24 UTC 2013 - wr@rosenauer.org + +- Update to version 0.8.6 (bnc#812568) + * Fix security issue in save-pref command + +------------------------------------------------------------------- +Wed Jan 30 01:52:24 UTC 2013 - aj@ajaissle.de + +- New upstream release 0.8.5 + * Fix #countcontrols issue in IE<=8 when text is very long + (#1488890) + * Fix unwanted horizontal scrollbar in message preview header + (#1488866) + * Add workaround for IE<=8 bug where Content-Disposition:inline + was ignored (#1488844) + * Fix XSS vulnerability in vbscript: and data:text links handling + (#1488850) + * Fix absolute positioning in HTML messages (#1488819) + * Fix keybord events on messages list in opera browser (#1488823) + * Fix cache (in)validation after setting \Deleted flag + * Fix selection of collapsed thread rows (#1488772) + * Fix wrapping of quoted text with format=flowed (#1488177) + +------------------------------------------------------------------- +Mon Nov 19 20:59:17 UTC 2012 - wr@rosenauer.org + +- Update to version 0.8.4 + * fix a regression from 0.8.3 in compose window which could lead + to dataloss + * some bugfixes including a fixed XSS vulnerability + +------------------------------------------------------------------- +Sat Nov 10 21:12:16 UTC 2012 - wr@rosenauer.org + +- Update to version 0.8.3 + * This update adds small bug fixes and improvements to the 0.8 + stable series. It also fixes a possible, although unintended, + DoS to the webserver running Roundcube. See the included + CHANGELOG file for details. + +------------------------------------------------------------------- +Mon Oct 29 07:00:08 UTC 2012 - wr@rosenauer.org + +- Update to version 0.8.2 + * bugfix release (detailed changes in CHANGELOG) + +------------------------------------------------------------------- +Tue Sep 25 21:21:32 UTC 2012 - jamesp@vicidial.com + +- Installer expects to find php-exif during install, added to spec + Requires since it does not say if it's recommended or optional + +------------------------------------------------------------------- +Thu Aug 23 06:32:14 UTC 2012 - wr@rosenauer.org + +- Update to version 0.8.1 + * lot of bugfixes and new features including new skin + (please check the CHANGELOG) + * contains security related fixes (bnc#777446) + * Fix XSS vulnerability in message subject handling using + Larry skin (CVE-2012-3507) + * Fix XSS issue where plain signatures wasn't secured in HTML + mode (CVE-2012-3508) + * Fix XSS issue where href="javascript:" wasn't secured + (CVE-2012-3508) + +------------------------------------------------------------------- +Sat May 12 17:59:17 UTC 2012 - wr@rosenauer.org + +- added README.openSUSE to document openSUSE specifics needed for + installation/configuration + +------------------------------------------------------------------- +Mon Apr 30 13:50:22 UTC 2012 - wr@rosenauer.org + +- enable Roundcube access from everywhere by default after + installation +- ship *.dist configuration files + +------------------------------------------------------------------- +Sun Apr 15 18:38:01 UTC 2012 - wr@rosenauer.org + +- Update to version 0.7.2 + * bugfixes as outlined in CHANGELOG + +------------------------------------------------------------------- +Sun Feb 12 12:17:08 UTC 2012 - wr@rosenauer.org + +- Update to version 0.7.1 + * lot of bugfixes and improvements (see CHANGELOG) + * reworked and completed Apache config +- moved SQL directory from docdir to application + (to make the installer work) +- use fdupes +- removed README.SUSE as the upstream INSTALL document is equally + useful already and describes using the delivered installer + +------------------------------------------------------------------- +Fri Sep 30 15:07:28 CEST 2011 - asemen@suse.de + +- Release 0.6-RC + * Send X-Frame-Options headers to protect from clickjacking (#1487037) + * Fallback to mail_domain in LDAP variable replacements; added 'host' to 'user_create' hook arguments (#1488024) + * Fixed wrong vCard type parameter mobile (#1488067) + * Fixed vCard WORKFAX issue (#1488046) + * Add vCard's Profile URL support (#1488062) + * jQuery 1.6.3 + * Fix imap_cache setting to values other than 'db' (#1488060) + * Fix handling of attachments inside message/rfc822 parts (#1488026) + * Make list of mimetypes that open in preview window configurable (#1487625) + * Added plugin hook 'message_part_get' for attachment downloads + * Localize forwarded message header (#1488058) + * Added unique connection identifier to IMAP debug messages + * Added 'priority' column on messages list (#1486782) + * Fix image type check for contact photo uploads +- Release 0.6-beta + * Add option to hide selected LDAP addressbook on the list + * Add client-side checking of uploaded files size + * Add newlines between organization, department, jobtitle (#1488028) + * Recalculate date when replying to a message and localize the cite header (#1487675) + * Fix handling of email addresses with quoted local part (#1487939) + * Fix EOL character in vCard exports (#1487873) + * Added optional "multithreading" autocomplete feature + * Plugin API: Added 'config_get' hook + * Fixed new_user_identity plugin to work with updated rcube_ldap class (#1487994) + * Plugin API: added folder_delete and folder_rename hooks + * Added possibility to undo last contact delete operation + * Fix sorting of contact groups after group create (#1487747) + * Add optional textual upload progress indicator (#1486039) + * Fix parsing URLs containing commas (#1487970) + * Added vertical splitter for books/groups list in addressbook (#1487923) + * Improved namespace roots handling in folder manager + * Added searching in all addressbook sources + * Added addressbook source selection in contacts import + * Implement LDAPv3 Virtual List View (VLV) for paged results listing + * Use 'address_template' config option when adding a new address block (#1487944) + * Added addressbook advanced search + * Add popup with basic fields selection for addressbook search + * Case-insensitive matching in autocompletion (#1487933) + * Added option to force spellchecking before sending a message (#1485458) + * Fix handling of "<" character in contact data, search fields and folder names (#1487864) + * Fix saving "<" character in identity name and organization fields (#1487864) + * Added option to specify to which address book add new contacts + * Added plugin hook for keep-alive requests + * Store user preferences in session when write-master is not available and session is stored in memcache, write them later + * Improve performence of folder manager operations + * Fix default_port option handling in Installer when config.inc.php file exists (#1487925) + * Removed option focus_on_new_message, added newmail_notifier plugin + * Added general rcube_cache class with Memcache and APC support + * Improved caching performance by skipping writes of unchanged data + * Option enable_caching replaced by imap_cache and messages_cache options + * Fix WORKFAX saving in address book (#1487910) + * Add forward-as-attachment feature + * jQuery-1.6.2 (#1487913, #1487144) + * Improve display name composition when saving contacts (#1487143) + * Fix problems with subfolders of INBOX folder on some IMAP servers (#1487725) + * Fix handling of folders that doesn't belong to any namespace (#1487637) + * Enable multiselection for attachments uploading in capable browsers (#1485969) + * Add possibility to change HTML editor configuration by skin + * Fix a bug where selecting too many contacts would produce too large URI request (#1487892) + * Improve performance by including files with absolute path (#1487849) + * Move folder name truncation to client/skin (#1485412) + * Added plugin hook for request token creation + * Replace LDAP vars in group queries (#1487837) + * Fix vcard folding with uncode characters (#1487868) + * Keep all submitted data if contact form validation fails (#1487865) + * Handle uncode strings in rcube_addressbook::normalize_string() (#1487866) + * Fix handling of debug_level=4 in ajax requests (#1487831) + * Enable TinyMCE's contextmenu (#1487014) + * Allow multiple concurrent compose sessions + * New config option for custom logo + * Allow skins to define/override texts with <roundcube:label /> + * Add simple ACL rights/namespace handling in folder manager + * Force IE to send referers (#1487806) + * Better display of vcard import results (#1485457) + * Improved vcard import + * Interactive update script with improved DB schema check + * Fix problem with contactgroupmembers table creation on MySQL 4.x, add index on contact_id column + * Add LDAP SASL bind and proxy authentication (#1486692) + * Replying to a sent message puts the old recipient as the new recipient (#1487074) + * Fulltext search over (almost) all data for contacts + * Extend address book with rich contact information + +------------------------------------------------------------------- +Fri Sep 23 12:52:42 CEST 2011 - asemen@suse.de + +- Release 0.5.4 upstream update + * Fix XSS vulnerability in UI messages (#1488030) + +------------------------------------------------------------------- +Wed Jul 13 10:39:18 CEST 2011 - asemen@suse.de + +Release 0.5.3 upstream update + * Fix identities "reply-to" and "bcc" fields have a bogus value when left empty (#1487943) + * Fix issue which cases IMAP disconnection when encrypt() method was used (#1487900) + * Fix some CSS issues in Settings for Internet Explorer + * Fixed handling of folder with name "0" in folder selector + * Fix bug where messages were deleted instead moved to trash folder after Shift key was used (#1487902) + * Fix relative URLs handling according to a <base> in HTML (#1487889) + * Fix handling of top-level domains with more than 5 chars or unicode chars (#1487883) + * Fix usage of non-standard HTTP error codes (#1487797) + * Fix PHP warning on mistaken in_array() usage (#1487901) + +Release 0.5.2 upstream update + * TinyMCE 3.4.2 now compatible with IE9 + * PEAR::Net_SMTP 1.5.2, fixed timeout issue (#1487843) + * Fix bug where template name without plugin prefix was used in render_page hook + * Support 'abort' and 'result' response in 'preferences_save' hook, add error handling + * Fix bug where some content would cause hang on html2text conversion (#1487863) + * Improve space-stuffing handling in format=flowed messages (#1487861) + * Fix bug where some dates would produce SQL error in MySQL (#1487856) + * Added workaround for some IMAP server with broken STATUS response (#1487859) + * Fix bug where default_charset was not used for text messages (#1487836) + * Stateless request tokens. No keep-alive necessary on login page (#1487829) + * Force names of unique constraints in PostgreSQL DDL + * Add code for prevention from IMAP connection hangs when server closes socket unexpectedly + * Remove redundant DELETE query (for old session deletion) on login + * Get around unreliable rand() and mt_rand() in session ID generation (#1486281) + * Fix some emails are not shown using Cyrus IMAP (#1487820) + * Fix handling of mime-encoded words with non-integral number of octets in a word (#1487801) + * Fix parsing links with non-printable characters inside (#1487805) + * Fixed de_CH/de_DE localization bugs (#1487773) + * Add variable for 'Today' label in date_today option (#1486120) + * Applied plugin changes since 0.5-stable release + * Fix SQL query in rcube_user::query() so it uses index on MySQL again + * Use only one from IMAP authentication methods to prevent login delays (1487784) + * Fix strftime format support in date_today option + * Removed redundant </form> tags from contact add/edit pages + * Fix CSS error in contact details screen on IE7 (#1487775) + +------------------------------------------------------------------- +Mon Feb 21 09:58:15 UTC 2011 - wr@rosenauer.org + +- patch installer to use /etc/roundcubemail as config dir + (installer workflow is broken otherwise) +- create temp subdirectory writable for Apache +- line ending conversion disabled (it broke a lot of PNGs) +- *.dist files are not %config + +------------------------------------------------------------------- +Fri Feb 11 21:20:53 UTC 2011 - toganm@opensuse.org + +- Update to 0.5.1 + + This update release fixes some bugs discovered with the 0.5 stable + version and also improves security by preventing some possible CSRF + attacks. IDNA support has now been improved and some visual glitches + in IE and Safari have been resolved. + +------------------------------------------------------------------- +Wed Jan 12 19:35:31 UTC 2011 - toganm@opensuse.org + +- Update to 0.5 for changes read CHANGELOG +- fixed rpmlint warning for languages + +------------------------------------------------------------------- +Sat Nov 20 19:48:41 UTC 2010 - toganm@opensuse.org + +- update to 0.4.2 +- fixed the roundcubemail-config-dir.patch so it applies again +- worked around warnings with roundcubemail-rpmlintrc + +------------------------------------------------------------------- +Wed Nov 04 12:00:00 CET 2009 - opensuse@dstoecker.de + +- update to 0.3.1: + +------------------------------------------------------------------- +Tue May 19 12:15:52 CEST 2009 - lars@linux-schulserver.de + +- update to 0.2.2: + + This is a little service release with minor bug fixes and a + newly added support for STARTTLS in IMAP connections. + +------------------------------------------------------------------- +Tue Mar 10 16:15:10 CET 2009 - lars@linux-schulserver.de + +- update to 0.2.1: + + more than 40 bug fixes + + completes some missing translations + + added TNEF support to decode proprietary MS Outlook attachments + (winmail.dat) + +------------------------------------------------------------------- +Thu Jan 1 18:40:35 CET 2009 - lars@linux-schulserver.de + +- update to 0.2 stable: + + many, many bugfixes + + improved addressbook and global search + + support multiple quota values + + added "show_images" option + + added message status filter + + ...and many more. Please read the CHANGELOG file +- for updates, please refer to the UPGRADING file +- added bin directory to not allowed paths + +------------------------------------------------------------------- +Tue Sep 23 13:09:19 CEST 2008 - lrupp@suse.de + +- update to 0.2-Beta +- move config directory to /etc/roundcubemail +- fix wrong line end encoding + +------------------------------------------------------------------- +Thu Jul 24 10:39:32 CEST 2008 - lrupp@suse.de + +- update to 0.2-Alpha1: + - Added option to disable autocompletion from selected LDAP address books + - Support for subfolders in default/protected folders + - Better HTML sanitization with the DOM-based washtml script + - Fixed sorting of folders with non-ascii characters + - Made IMAP auth type configurable + - Fixed attachment list on IE 6/7 + - Expanded LDAP implementation to support LDAP server writes + - Fixed management of folders with national characters in names + - Improved messages list performance + - Fixed non-RFC dates parsing + - Fixed signature loading on Windows + - Added language support to HTML editing + - Added sections (fieldset+label) in Settings interface + - Added options for empty trash and expunge inbox on logout + - Removed lines wrapping when displaying message + - Fixed month localization + - Changed codebase to PHP5 with autoloader + +------------------------------------------------------------------- +Tue Oct 23 18:27:22 CEST 2007 - lrupp@suse.de + +- update to 0.1-rc2: + + fixes the following bugs: + 1457344 1484356 1484386 1484056 1484383 1484387 1484067 1484373 + 1484570 1484395 1483965 1484429 1484552 1484550 1484473 1484490 + 1484402 1484508 1484338 1484027 1484426 1484420 1484023 1484290 + 1484292 1484292 1484409 1484487 1484496 1484487 1484353 1484379 + 1484399 + + Log error when login fails due to auto_create_user turned off + + Eval PHP code in template includes (if configured) + + Only display unread count in page title when new messages + arrived + + Improved XHTML validation + + Fixed moving/deleting messages when more than 1 is selected + + Applied patch for LDAP contacts listing by Glen Ogilvie + + Identify mailboxes case-sensitive + + Protect AJAX request from being fetched by a foreign site (XSS) + + Make autocomplete for loginform configurable by the skin + template + + Fixed bug with buttons not dimming/enabling properly after + switching folders + + Lowered status message time from 5 to 3 seconds to improve + responsiveness + + Fix address adding bug reported by David Koblas + + Applied socket error patch by Thomas Mangin + + Pass-by-reference workarround for PHP5 in sendmail.inc + + Use HTTP-POST requests for actions that change state +- Raised upload_max_filesize from 2M to 5M in apache config + +------------------------------------------------------------------- +Sun May 20 19:21:18 CEST 2007 - lrupp@suse.de + +- initial version 0.1-rc1 + diff --git a/roundcubemail.keyring b/roundcubemail.keyring new file mode 100644 index 0000000..47e70ac --- /dev/null +++ b/roundcubemail.keyring @@ -0,0 +1,102 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBFcNX2kBEACmCY1yOI8MUk0fHtMOqxzDwA/CH0yN2nQu/mNiwOzx9pCtpX2u +F//FAql2Ob8ZVpwichouC//y7+dpqhzF+1TQYKZP9wtR4f5Y5T4SEDMGS+mhsdvO +LBSSpbteLtwbWrWU7CGTx6ohGO15VYfLagVKUvKkslSXFgWAfH+VrD1x05AlNeio +rgbdHLZsh5+JhqiyOMg8lsLkUA5mwe75TLjMF7xS3BKqBlnE7grWUfBs3/5vhIiu +/vsmnLX98tbBk6ZY+FB0xuzqiA8rW1LCB0d8eIBHnU1Xi0n1ebEG2xqtxV2Kprvj +NZDIZfOrTRqoP0fe36PxWXGHoR7tntWyqXfC3ZWgw00S7wrp0f3YZAASVbj2863i +gMs06zSHhVKnKqo6r+eDRcie+CRvtRVlh3PKaluh1ea+ad8A3BK1F8MKEpm3zBAn +/RP+p0ZNa0K3IDkuacG/yJ8f+VAeJl5KYu6Uv3+jADbCUuZFbm8ZGDoT1qcxkATd +S35D26oe41STPRUMppb+aJFMbgFLQLE5lHPEROUG1I5trrV9cfi5zP4G1A9bc9Cj +B9m5kyz5tmST1WVYB2yFsngYCIRx2sbQwAY8z2JThTUUWL6KaJuwcFXInGQqjUU1 +GJHBGED0lduVnK3WgVKNLthABFMXJ34dzxPsiAJ68295OhUP9G4Qvo5DzQARAQAB +tClSb3VuZGN1YmUgRGV2ZWxvcGVycyA8ZGV2c0Byb3VuZGN1YmUubmV0PokCOQQT +AQgAIwUCVw1faQIbAwcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheAAAoJEFqyuqFB +xPfVN3IP/2ANH6mgd66Acz7AuUp9YhZ6A00VkrGfmdju9aA8LuEBdt2dUyUIvzzm +BqKbIfotbpn7lpJsDRV2L2alDUL0fvVcuH6vy1u/LrAOVXPuE0ACyRuwBIzmKV8g +iJYES5FOVVfjZh/k+rdWDj654ohOyQxPYiW/213/MNonbgodXk5H+jTMGxsVJHhi +VyRwiwzkFV9qozb+R/fCirCayHL6v0A0HWtAwXbHabZUoHXEY/XtQFnvEw1HR3u5 +1nIl17ClaKtoOeXh35ONXqu27Xzxw/skqOVUj3LNzZN7IhR4PzKaTCg4g6n1ngyU +VgrXIS6JLwLSyyurkdGCIKifW/5BqmikXdp6oJ6x3/nDzg7IzpEbipetiYsVVjZG +aZkuATC+Pj/kW/AmWYX9vxxEDnVEu6r71zMWIqiEzu+8JoO2IvvuU5tvbbMhRze7 +/tc/WxZSYOzaudb6Bi/4FX2x8l6FGiIP/xI6Gpyjd5HwRWYnUqv7pBqyzs0Z15vG +roYcayLaFAhLCxBnBhUVbwVoRif4h9ihPc6PndZp/nOIAOpNGVqZbXcoXjz+Ugvb +icGKul/q7t1vl+3cf0bBT8O918TvzVXJIixnW/f9rdPAGT0KtsE7B7UXxOkV3xpC +uh+kA0W8huJLaEWFZ5izBixkhzdLwITJD2VQ/TVuwHSI2A4kFnF5iQIiBBMBCAAM +BQJXDWCdBYMHhh+AAAoJED5UKNAmLFT4KOoQAJ7qQ25imKrnebNVQ7unSCDIcZ7n +wc7MGlOCmO0txGtDgaVZy2pvBd/zIliYtrGkbkDpMTTVds73/XofLJ+n41nNLPI7 +jDdVOnYpcu2bj74KUQRY+2WQ6riewsFUF52FtNOegsIj8JXmK58CPoW3M/uVZRdf +ISVAUHkQuP9YWJoeToB/RXqICCRX3DfUgFSbHaEVRqpln+mnljopNBrDMe9ZthC2 +6Py8HwhshtBiwcP9NlaGTeG+Ks2A7Ujt2BUgBWyN4ouf8ehmyjD5D9RCxjPh7lof +Ap8JhGpbd8Yu97Ax8bwZcHZ1ePx9NxcC+PFf6wK3jK464Vx7JTKk4gS3Ktk/+adA +b9dasn+/OOaWwzHkpBTUJP7gW1pv8xhA+Op2VqwRNqB2WfiqOHyydQSZKJVncdA6 +/p3p4ABluPtbe8L1SE0ZDEOGjXwTMxH3ssDLlQ4BlqlWzhudeNv9Tizd8tlgtBvg +VprEpWd++JovQs8MmEcoLaDS1DSglEsoRnrpCJ1vkacQZlN2wpv7PEEmH8SBaYU7 +xRZhRmc1arRFnelVo4OPzLTSMSFjZIdmMs8Lfzrw2fRGesrJGpb3DnVphwML1aXp +mSFHKuXDqDVMW+Ey437KadG/Bd92q4FEeyCjjoHYa2C86dZG1yMfuVVMfvVz0A+v +lSR6abLAK3f+VO1piQEcBBMBAgAGBQJXGG4NAAoJEL7mdKAZNZ3BLmkH/i03cRxM +WU9baZgpZ7IkIz77tJJdcW51dZKy04FhbFKH6Qlp6WcGHEPy6EZWRdktJlSXTc+T +/1lhlXeRPGesqvIAqnDfOayKf2rihBoAfPQCzxaJOAldt0KdDX6zGIYa4Xqappla +kPLHeCSKhGm8eYf7IQjiq3AoMRvtGDtv8ygrA7sN8vc7Ftr1fg3s8UaB8QULLRD4 +INRgxfuPG9St5V5zYV/3Xf/61uOlNfxxikx5PCHle4jKJGkP+smXON4l8+XPyhSG +US7aIGalr58acv0VZHFkTaCi+96s14df0XRENO5D4l5n18PiHQvh/th995ba96K/ +8jrcY7f8wjM0OYm5Ag0EVw1faQEQAPII9TY0LeEWP+4/FFQCBmgXR+aWjMK0O3fa +BuPzL/VVHQJ3i41PvvP+Osb7BYPFTxPWkvVF2J1bLZfH1wFq+hMfEOkGMGtBFOP2 +VxWEYxMondktMhKDHT5EppPwqsZYPqlNz6Sk/bW81IXKtSG/hvPyBDv1+GaHZlz+ +NJrKjVlBN+6U4noM2P9n/QPCd5VmkZMWzCfbtmGZKHspOJswMhcW28YvMmYTK+0b +ZcKCs2S2wgfM8d5EEeoYTXH6PqxfW3ezZXQ5ieM1sub59GnS+7gqxPEs+LyVQtxT +7dgCnZQ73tmQP3pG2Zx0pKQHK/hZk8R6aEaYtV1QlfUI1TMG1eH+xHXGSWFnCbiX +cGLltaLFBX11+qwF50FfYu8MRUM9rKW+ms2wBVmHuSGKgn0lglBGU2s/pPPw6Alu +GWa289vGdnztoQyY33L3u/la0wCBbM/8JxZYZdmTq1iL0oYuPbn3axfa6JCX9CwC +KQjOcJe8K+scRsSFI23M3ZySVgKpkOdhz9VfBZHTqMpbsTd8kNHBDu5J3C0v2NsV +gJsqI5c3cVtaGPL2NVdfjZ668aXs89JA0Sc9Q1ppiDQX2ArNbq0ZRG4pGfAP3zA9 +6RyfHTgM9PZ5M4BReeWJCYQb6UI8Uw/NlUYsMMMbi8yqhIkXCY0U7I0ZKtVUSHSR +W6gftdEhABEBAAGJAh8EGAEIAAkFAlcNX2kCGwwACgkQWrK6oUHE99XmpA/5AXxm +SfeyUcUUaMH+n1EJt7lH6u8Tg4WxoSpSoF/GrArEBfdDGmUog2kR8cgyTFKjtiuP +icCIapeezP2QMxWfm0TTITtFiHAUJZn0642SY4uXI/73Bwa0r5Vi1UevaFrRPkee +0Jt3Tg45nvkUNQBuRK81Wr2o+EuNiMgssd78MHiWjllVptFg0GnfE1VUeMeM8Rwa +QnVzVyYZbqe4jL20+QCba/zyrcQgcxZ/gtojADpPHojI2BQlsXnIhrSlXYXIDhmF +SCG4+RdUq+JVI8vjO42bHA51gGyvZR7Fh7tcdU++U6wbhF5gkzB3v+NjHxwmcI/t +pnrTP7nT1rZOUdyuKSJkcCUa3l8u+bqlxgQ3r+PJOXuW5Tn53HYkxdTSgzFwc9GS +SvyTZnz/JYE241Yf14Vjn8fZqPsN+uplc4b42G08gQi0Juni7W5dPo3Jl+7MgXJR +0vBtCEuZLJ49ZUpKwf0vS1aDDfMNA4ESs/TagIakUMGNH0tVsEm5YNMoNx9qZA3a +rJT+ZhpZNFBW94QU3hQ+hbtyR/0rO8BGlpA0XLhNoPUNhgWMobgWAIA9kEQilm1Y +tPDS5EHhsAiLi60/bIuti4T0nhxlgw+yfeb5kEnm5v5XYSj5w0XzfyGirfV80QP4 +7CE8GKy2q+e3xau15t/eVvMtYd2RDgykqIjvwtC5Ag0EVw1f/QEQAO2JeXBrzcBt +TeUcPA70W9quirv4wnXtUTwAGRXklK/OaKPruPTPJIQu6qdimJO+p6KbWP4mD8b9 +t7mWilDpJO3omZKqMqCRqd+TPp0rzvHde1QhwCNIByCIkrTjcsq2JuGTSEME09Aa +nOTE5/UeThTeXI+xvta63kpHgBolBunMUwPlde36KOUgWktr6NiCr3CQ1MtzDuBl +wEAi1/K8/mkIU5SXmmC7NOKQVsK/HCpuhkT0fZY4RGIHlauIiOs8vXvJ9kajkvF+ +HJcmsQ/8GuMELVKi/V9BnObCCL49EykK5s5VEF4guQ4r3ElbS/PXvE4OXL+0vmBR +YQFdVUdHNS36LErGzYIgghQIgDF1JS08EuoD86+fVHwwbupCp9SMQRWjrvWroipG +Sk6K3BJfM9deZhuMH2j2ab4OleHZdJH+4PLIa+NwXMhuvKPJPKXmP5c1Seu7AyON +hUQEU/lHEW03NvS4nh/ArM/za+dFplzSSaoUq8Qhr3AeyAVd+4PXgpbj7pIdfaBI +IADx/uFYLLcc/whD/2C2t37h3TIjR18IS05aiGHDJyZ9eV2K/wf8kZ7Xq4ix+6Or +Jt37g2/klHsvHo3kb+6XPpo263+pRj/bcA2vUA3c26cZ8nCsHu9K4aN4VN8DTTPS +YYT9940OfRh8CRCNlcVerfbjNAE3fgnbABEBAAGJBD4EGAEIAAkFAlcNX/0CGwIC +KQkQWrK6oUHE99XBXSAEGQEIAAYFAlcNX/0ACgkQwpRqlgnNVrRIXRAA48pg+pQG +aqghqsVPtRt4yZy3zc0RDr5vV3r00Tqutg7l1J/8gNm9NayyBX0BEY+bKvNPeNjl +gNkXCSH7eXX1mvUJuUUnbqJv+MT3roCcvLz6KLdQQdHarJSs4LmqF9/4NfHsSecg +jq3Y9fsG5sNf/a7BraIcdlOq92t0DlpAmAtm10ywUXJPc1uAxqd/2QyfuPQE/eoR +rmGnKR1W6FO1cAZYVWd3hyPAyr/EHHJonycpp8CKCe9CLu3iFXR8+GVq7ZiDVNk+ +MHMYg1Njfk3TY/UEUGXqFfTsD47S8fqEV/koWSSxTkSwPjwVP1z0yu9cV87ULeJN +LDdwyFvmTrQv71YkAD12CchRymqLxtItSF1QMiHBFXTICreYGk41pS89KNshgFpe +WfRq6WpPegUj1qdM/GJuBvSu7CTT2mpQQNk4maIIeUPcHRCA//H3WvXj3jMp3CFK +S82YYDkUW/XWkWIRmpALrX8gSYlthKFf24RZZFrAd7NfSq1Hy0RjAwtm0+LsRTtT +znzTUr2SocCEGqFjiczIJ/4zQ+25N2PPg1G5lCrIeE7VOifKD3jujMYiAEr6QUUm +Vldw7Rn0tmJIiq0bc3MbadUxrT0PJXxOlQpfV2ZjM76gMpvvSCe6o6mckDT4sT3G +4vfc02Pe4g4DYpVPlV/GE1T26NzK1Z3ONFzhLQ//abRaJKfy19+lNNJoGfGGLher +AdymumxmGZf74wS6xAlP+LwJldUA8iidSxM0gR6bmw8q2SO7dqziGreaPaFVmeUB +62rSXD0QSielIoRP1QZuD1ZO5tEZ2wxjcCnaBj2nG3bBj4RJ7FAD9CceSyPJFNYD +n6cvslV/MGzacMtTTIwdFJmHaoU86heADWkYIFm/jndYX6b/IdJDNOYDYA4m+5S8 +ANQ3uOuaBMDo4sOAUCeophdjZeyne2kIWR7kmWis5kFf/Criy6u+yPs+a7kt+PbI +2Uo1rmrNUiMiROkezbnZAEf/8wUi7KgRjZ6qfij/QM+0WMeUWu8NRqiS+KRLQIh7 +Y8f3u0ddlfGF7/UpAEXzv2KKpLO+SaUkvaatZucOD/hbDThqOVCtX7mQ03XTO9Pn +SHVSxBsJse4Jn/n6oCt6FT7wMbh3IuZTeU7kiT9VO8+M/ehUS0sIbwwsYrdAT2Od +/Txs7jWinvsuH/qsNFVDrxKKcFQi99m0Zm3IIo2DX5PUo9KvPO8xzZgFKQDOIKBw +1PNQr0xRqbI1dsFcaN2yqF4hrYYmn4bDJCOMHV3gxltFaLU/rj7atdIWGOPzw/1N +WQujs2OMoiJWTidcd/LTxbEvEDyS9vMiIXrAoadvRtBxmFqJfcmRhOrbKIcA4A65 +0dXJnhEe7eXkwBbfEzk= +=lBKd +-----END PGP PUBLIC KEY BLOCK----- diff --git a/roundcubemail.logrotate b/roundcubemail.logrotate new file mode 100644 index 0000000..28d3f06 --- /dev/null +++ b/roundcubemail.logrotate @@ -0,0 +1,18 @@ +/var/log/roundcubemail/console +/var/log/roundcubemail/errors +/var/log/roundcubemail/imap +/var/log/roundcubemail/ldap +/var/log/roundcubemail/sendmail +/var/log/roundcubemail/sieve +/var/log/roundcubemail/smtp +/var/log/roundcubemail/sql +/var/log/roundcubemail/userlogins +/var/log/roundcubemail/*.log +{ + missingok + compress + notifempty + size 30k + su wwwrun www + create 0660 wwwrun www +} diff --git a/roundcubemail.spec b/roundcubemail.spec new file mode 100644 index 0000000..2c7a266 --- /dev/null +++ b/roundcubemail.spec @@ -0,0 +1,353 @@ +# +# spec file for package roundcubemail +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%define roundcubepath %{apache_serverroot}/%{name} +%define roundcubeconfigpath %{_sysconfdir}/%{name} + +Name: roundcubemail +Version: 1.6.9 +Release: 0 +Summary: A browser-based multilingual IMAP client +License: BSD-3-Clause AND GPL-2.0-only AND GPL-3.0-or-later +Group: Productivity/Networking/Email/Clients +URL: https://www.roundcube.net/ +Source0: https://github.com/roundcube/%{name}/releases/download/%{version}/%{name}-%{version}-complete.tar.gz +Source1: %{name}-rpmlintrc +Source2: %{name}-httpd.conf +Source3: %{name}-httpd.inc +Source4: README.openSUSE +Source5: %{name}.logrotate +Source6: https://roundcube.net/download/pubkey.asc#/%{name}.keyring +Source7: https://github.com/roundcube/%{name}/releases/download/%{version}/%{name}-%{version}-complete.tar.gz.asc +Source8: robots.txt +# PATCH-FIX-OPENSUSE roundcubemail-config_dir.patch -- use the general config directory /etc +Patch0: %{name}-config_dir.patch +BuildRequires: apache-rpm-macros +BuildRequires: apache2 +BuildRequires: php-cli +Requires: php-dom +Requires: php-exif +Requires: php-gettext +Requires: php-iconv +Requires: php-intl +Requires: php-json +Requires: php-mbstring +Requires: php-openssl +Requires(pre): mod_php_any +Requires: mod_php_any +## Requires: for upstream dep package +Requires: php-pear-Auth_SASL >= 1.0.6 +Requires: php-pear-MDB2_Driver_mysqli +Requires: php-pear-Mail_Mime >= 1.10.0 +Requires: php-pear-Net_IDNA2 >= 0.1.1 +Requires: php-pear-Net_LDAP2 +Requires: php-pear-Net_SMTP >= 1.8.1 +Requires: php-pear-Net_Sieve >= 1.4.3 +Requires: php-pear-Net_Socket >= 1.0.12 +Requires: php-sockets +Requires: (php-mysql or php-pgsql) +Recommends: logrotate +Recommends: php-fileinfo +Recommends: php-imagick +Recommends: php-pear-Crypt_GPG >= 1.6.3 +Recommends: php-zip +Suggests: php-mysql +Suggests: php-sqlite +Conflicts: roundcube-framework +Provides: roundcube_framework = %{version} +BuildArch: noarch +BuildRequires: fdupes + +%description +Roundcube Webmail is a browser-based multilingual IMAP client with an +application-like user interface. It provides MIME support, address +book, folder manipulation, message searching and spell checking. + +Roundcube Webmail is written in PHP and requires a MySQL database. +The user interface is skinnable using XHTML and CSS 2. + +%prep +%autosetup -p1 + +cp %{SOURCE4} . +# remove cruft from source archive: +# .arcconfig => file for phabricator.uri +# .gitignore => git config file +# .php_cs.dist => PhpCsFixer +# .scrutinizer.yml => PHP mess detector +# .travis.yml => Travis CI descriptions +for file in .arcconfig .gitignore .php_cs.dist .scrutinizer.yml .travis.yml ; do + find . -name "$file" -delete +done +# remove 0-byte files +find . -size 0 -delete +# no need to check .htaccess each time, the apache config takes care of the restrictions +find . -name ".htaccess" -delete +# remove travis files +find vendor/ -name ".travis.yml" -delete + +# remove obscure sub-directory +#rm -rf roundcubemail-git composer.json.rej +# remove mssql scripts (not needed on openSUSE) +rm -rf \ + SQL/mssql/ \ + SQL/mssql.*.sql +# remove shebang from chpass-wrapper +sed -i '1d' plugins/password/helpers/chpass-wrapper.py +# remove INSTALL doc +rm INSTALL +# fix interpreter for shell scripts +sed -i 's|/usr/bin/env php|%{_bindir}/php|' \ + bin/*.sh \ + vendor/pear/crypt_gpg/scripts/crypt-gpg-pinentry \ + plugins/enigma/bin/import_keys.sh + +%build + +%install +# install roundcubemail.logrotate +install -d -m 0755 %{buildroot}/%{_sysconfdir}/logrotate.d +install %{SOURCE5} %{buildroot}/%{_sysconfdir}/logrotate.d/%{name} + +# extract roundcube-framework +install -d -m 0755 %{buildroot}/%{_datadir}/php +mv program/lib/Roundcube %{buildroot}%{_datadir}/php/Roundcube +# fix path to the roundcube-framework via symlink +ln -s %{_datadir}/php/Roundcube program/lib/Roundcube + +# install roundcubemail +install -d -m 0755 %{buildroot}/%{roundcubepath} +cp -a * %{buildroot}%{roundcubepath}/ +cp %{SOURCE8} %{buildroot}%{roundcubepath}/ +ln -s %{roundcubepath}/installer %{buildroot}/%{roundcubepath}/public_html/installer + +# install config +mkdir -p %{buildroot}%{_sysconfdir}/%{name} +cp config/* %{buildroot}%{roundcubeconfigpath}/ +install %{buildroot}/%{roundcubeconfigpath}/config.inc.php.sample %{buildroot}/%{roundcubeconfigpath}/config.inc.php +rm -rf %{buildroot}/%{roundcubepath}/config +ln -s %{roundcubeconfigpath} %{buildroot}/%{roundcubepath}/config + +# logs + temp go into /var/ +rm -rf %{buildroot}/%{roundcubepath}/logs \ + %{buildroot}%{roundcubepath}/temp +install -d %{buildroot}/%{_localstatedir}/log/%{name} \ + %{buildroot}%{_localstatedir}/lib/%{name} +ln -s %{_localstatedir}/log/%{name}/ %{buildroot}/%{roundcubepath}/logs +ln -s %{_localstatedir}/lib/%{name}/ %{buildroot}/%{roundcubepath}/temp + +# move some plugin configs to /etc/roundcubemail +for PLUGIN in acl managesieve password; do + if [ -f %{buildroot}/%{roundcubepath}/plugins/$PLUGIN/config.inc.php.dist ]; then + mv %{buildroot}%{roundcubepath}/plugins/$PLUGIN/config.inc.php.dist %{buildroot}%{roundcubeconfigpath}/$PLUGIN.inc.php + ln -s %{roundcubeconfigpath}/$PLUGIN.inc.php %{buildroot}/%{roundcubepath}/plugins/$PLUGIN/config.inc.php + fi +done + +# skins have some configurable files in their directories +mkdir -p %{buildroot}%{roundcubeconfigpath}/skins/elastic/styles +for file in styles.less variables.less ; do + mv %{buildroot}%{roundcubepath}/skins/elastic/styles/$file %{buildroot}%{roundcubeconfigpath}/skins/elastic/styles/ + ln -s %{roundcubeconfigpath}/skins/elastic/styles/$file %{buildroot}%{roundcubepath}/skins/elastic/styles/ +done + +# install httpd.conf file and adapt the configuration +install -D -m0644 %{SOURCE3} %{buildroot}%{apache_sysconfdir}/conf.d/%{name}.inc +# fix paths in http config +sed -e "s#__ROUNDCUBEPATH__#%{roundcubepath}#g" \ + -e "s,@apache_sysconfdir@,%{apache_sysconfdir},g" \ + -e "s,@name@,%{name},g" \ +%{SOURCE2} > %{buildroot}%{apache_sysconfdir}/conf.d/%{name}.conf + +# install docs +install -d -m 0755 %{buildroot}/%{_defaultdocdir}/%{name} +%if 0%{?suse_version} >= 1500 +TXT="CHANGELOG.md UPGRADING README.md README.openSUSE SQL SECURITY.md" +rm %{buildroot}%{roundcubepath}/LICENSE +%else +TXT="CHANGELOG.md UPGRADING README.md README.openSUSE SQL SECURITY.md LICENSE" +%endif +for i in $TXT; do + mv -v %{buildroot}%{roundcubepath}/$i %{buildroot}%{_defaultdocdir}/%{name}/ +done + +# move Readme files to docdir +for file in LICENSE README README.rst *.md ; do + for i in $(find %{buildroot}%{roundcubepath}/vendor -type f -name "$file"); do + BASEDIR=$(echo "$i" | sed -e "s|%{buildroot}%{roundcubepath}/vendor||g") + BASEDIR=$(dirname "$BASEDIR") + mkdir -p "%{buildroot}%{_defaultdocdir}/%{name}/$BASEDIR" + mv "$i" "%{buildroot}%{_defaultdocdir}/%{name}/$BASEDIR" + done +done + +# create a link for SQL +ln -s %{_defaultdocdir}/%{name}/SQL %{buildroot}/%{roundcubepath}/SQL + +# Make ghost files +mkdir %{buildroot}%{roundcubepath}/migrated +mkdir %{buildroot}%{roundcubepath}/migration + +# fdupes +%fdupes %{buildroot}%{roundcubepath} +%fdupes %{buildroot}%{_defaultdocdir}/%{name} + +%pre +# backup logs, temp and config for migration +if [ ! -h %{roundcubepath}/logs ] && [ -d %{roundcubepath}/logs ]; then + mkdir -p %{roundcubepath}/migration + mv %{roundcubepath}/logs %{roundcubepath}/migration/. +fi +if [ ! -h %{roundcubepath}/temp ] && [ -d %{roundcubepath}/temp ]; then + mkdir -p %{roundcubepath}/migration + mv %{roundcubepath}/temp %{roundcubepath}/migration/. +fi +if [ ! -h %{roundcubepath}/SQL ] && [ -d %{roundcubepath}/SQL ]; then + mkdir -p %{roundcubepath}/migration + mv %{roundcubepath}/SQL %{roundcubepath}/migration/. +fi + +for PLUGIN in acl managesieve password; do + if [ ! -h %{roundcubepath}/plugins/$PLUGIN/config.inc.php ] && [ -f %{roundcubepath}/plugins/$PLUGIN/config.inc.php ]; then + mv %{roundcubepath}/plugins/$PLUGIN/config.inc.php %{roundcubepath}/migration/$PLUGIN.inc.php + fi +done + +%post +# replace default des string in config file for better security +makedesstr() { + local chars="0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ" + local max=${#chars} + for i in $(seq 1 24); do + echo "$chars" | dd bs=1 skip=$(($(od -An -d -N2 /dev/urandom) % $max)) count=1 2>/dev/null + done + echo +} + +sed -i "s/rcmail-\!24ByteDESkey\*Str/`makedesstr`/" %{roundcubeconfigpath}/defaults.inc.php || : &> /dev/null + +# Update ? +if [ ${1:-0} -eq 1 ]; then + if [ -x %{_sbindir}/a2enmod ]; then + # enable required apache modules + %if 0%{?suse_version} > 01500 + PHP_MODULE=$(php -r "print 'php' . PHP_MAJOR_VERSION;") + if ! grep -q php %{_sysconfdir}/sysconfig/apache2 1>&2 2>/dev/null; then + %{_sbindir}/a2enmod -q $PHP_MODULE || %{_sbindir}/a2enmod $PHP_MODULE + fi + %endif + for module in alias brotli deflate expires filter headers rewrite setenvif version ; do + %{_sbindir}/a2enmod -q $module || %{_sbindir}/a2enmod $module + done + fi +fi + +# restore backed up logs, temp and config +if [ -h %{roundcubepath}/logs ] && [ -d %{roundcubepath}/migration/logs ]; then + mkdir -p %{roundcubepath}/migrated + cp %{roundcubepath}/migration/logs/* %{roundcubepath}/logs/. + mv %{roundcubepath}/migration/logs %{roundcubepath}/migrated/. +fi +if [ -h %{roundcubepath}/temp ] && [ -d %{roundcubepath}/migration/temp ]; then + mkdir -p %{roundcubepath}/migrated + cp %{roundcubepath}/migration/temp/* %{roundcubepath}/temp/. + mv %{roundcubepath}/migration/temp %{roundcubepath}/migrated/. +fi +if [ -h %{roundcubepath}/SQL ] && [ -d %{roundcubepath}/migration/SQL ]; then + rm -r %{roundcubepath}/migration/SQL +fi +for PLUGIN in acl managesieve password; do + if [ -f %{roundcubepath}/migration/$PLUGIN.inc.php ] && [ -h %{roundcubepath}/plugins/$PLUGIN/config.inc.php ]; then + cp %{roundcubepath}/migration/$PLUGIN.inc.php %{roundcubeconfigpath}/. + mv %{roundcubepath}/migration/$PLUGIN.inc.php %{roundcubepath}/migrated/$PLUGIN.inc.php + fi +done +for MIGDIR in migration migrated; do + if [ -d %{roundcubepath}/$MIGDIR ]; then + find %{roundcubepath}/$MIGDIR -empty -delete + fi + if [ -d %{roundcubepath}/$MIGDIR ]; then + echo "Found %{roundcubepath}/$MIGDIR! Make sure you delete this folder after checking the migration!" + fi +done + +# update/make new config +if [ ! -f %{roundcubeconfigpath}/config.inc.php ]; then + if [ -f %{roundcubeconfigpath}/main.inc.php ] && [ -f %{roundcubeconfigpath}/db.inc.php ]; then + %{roundcubepath}/bin/update.sh \ + --version '?' \ + --accept + else + cp %{roundcubeconfigpath}/config.inc.php.sample %{roundcubeconfigpath}/config.inc.php + fi +fi + +exit 0 + +%files +%defattr(0644, root, root,0755) +%if 0%{?suse_version} >= 1500 +%license LICENSE +%else +%doc LICENSE +%endif +%doc %{_defaultdocdir}/%{name} +%dir %{roundcubepath} +%dir %{roundcubeconfigpath} +%dir %{roundcubeconfigpath}/skins +%dir %{roundcubeconfigpath}/skins/elastic +%dir %{roundcubeconfigpath}/skins/elastic/styles/ +%ghost %config(noreplace) %{roundcubeconfigpath}/config.inc.php +%config(noreplace) %{roundcubeconfigpath}/acl.inc.php +%config(noreplace) %{roundcubeconfigpath}/managesieve.inc.php +%config(noreplace) %{roundcubeconfigpath}/password.inc.php +%config %{roundcubeconfigpath}/config.inc.php.sample +%config %{roundcubeconfigpath}/defaults.inc.php +%config %{roundcubeconfigpath}/mimetypes.php +%config(noreplace) %{apache_sysconfdir}/conf.d/%{name}.conf +%config(noreplace) %{apache_sysconfdir}/conf.d/%{name}.inc +%config(noreplace) %{_sysconfdir}/logrotate.d/%{name} +%config(noreplace) %{roundcubeconfigpath}/skins/elastic/styles/styles.less +%config(noreplace) %{roundcubeconfigpath}/skins/elastic/styles/variables.less +%{roundcubepath}/composer.json-dist +%{roundcubepath}/composer.json +%{roundcubepath}/composer.lock +%{roundcubepath}/config +%{roundcubepath}/index.php +%{roundcubepath}/robots.txt +%dir %{roundcubepath}/bin +%attr(0755,root,root) %{roundcubepath}/bin/*.sh +%attr(0755,root,root) %{roundcubepath}/plugins/password/helpers/change_ldap_pass.pl +%attr(0755,root,root) %{roundcubepath}/vendor/pear/crypt_gpg/scripts/crypt-gpg-pinentry +%{roundcubepath}/installer/ +%{roundcubepath}/logs +%ghost %{roundcubepath}/migrated/ +%ghost %{roundcubepath}/migration/ +%{roundcubepath}/public_html/ +%{roundcubepath}/plugins/ +%{roundcubepath}/program/ +%{roundcubepath}/skins/ +%{roundcubepath}/SQL +%{roundcubepath}/temp +%{roundcubepath}/vendor/ +%dir %{_datadir}/php +%{_datadir}/php/Roundcube +%attr(-, wwwrun, root) %{_localstatedir}/log/%{name} +%attr(-, wwwrun, root) %{_localstatedir}/lib/%{name} + +%changelog