From 71be053b53aabc51df29c2558863a0dfe1471bd967c119c2dfc3845dbb51f9dd Mon Sep 17 00:00:00 2001 From: Lars Vogdt Date: Mon, 6 Nov 2023 16:41:04 +0000 Subject: [PATCH 1/3] - update to 1.6.5 (bsc#1216895) * Fix cross-site scripting (XSS) vulnerability in setting Content-Type/Content-Disposition for attachment preview/download OBS-URL: https://build.opensuse.org/package/show/server:php:applications/roundcubemail?expand=0&rev=168 --- roundcubemail-1.6.4-complete.tar.gz | 3 --- roundcubemail-1.6.4-complete.tar.gz.asc | 17 ----------------- roundcubemail-1.6.5-complete.tar.gz | 3 +++ roundcubemail-1.6.5-complete.tar.gz.asc | 17 +++++++++++++++++ roundcubemail.changes | 8 ++++++++ roundcubemail.spec | 2 +- 6 files changed, 29 insertions(+), 21 deletions(-) delete mode 100644 roundcubemail-1.6.4-complete.tar.gz delete mode 100644 roundcubemail-1.6.4-complete.tar.gz.asc create mode 100644 roundcubemail-1.6.5-complete.tar.gz create mode 100644 roundcubemail-1.6.5-complete.tar.gz.asc diff --git a/roundcubemail-1.6.4-complete.tar.gz b/roundcubemail-1.6.4-complete.tar.gz deleted file mode 100644 index 148695e..0000000 --- a/roundcubemail-1.6.4-complete.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:a5eabc7e0828e0261879aec90a9d4a6dc0203e988e14de2f93d6c061e64891c8 -size 6027429 diff --git a/roundcubemail-1.6.4-complete.tar.gz.asc b/roundcubemail-1.6.4-complete.tar.gz.asc deleted file mode 100644 index c0b4489..0000000 --- a/roundcubemail-1.6.4-complete.tar.gz.asc +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQJHBAABCgAxFiEEiXDjemmK93XYfVkNwpRqlgnNVrQFAmUtBwoTHGRldnNAcm91 -bmRjdWJlLm5ldAAKCRDClGqWCc1WtAfjEACTmIH7OGdFzfyMKiRRXha/tiu45Ytp -kN9NxaLcVrBBhYE+VvKjVOn/9+2Sav+zUfRAd6k3fVYVXaIkTfpAbK9Lh6E7gnrQ -u2nKdcV9exfpdsS5BlwvD1VDR8FW5qIyT/vo3ki2mZxiCoFwtirDP4qV52ATTSRe -67jqlQLpnFTwV2+RPb7WveaUggurx3nOo1PBd5F9hskB2+4BeX5EtEFtKXQx7EfH -kHVjFbA4SnOA+CGgaJcYxbp2hoABRZ1fGV9gSn/Nr6efC29fbH9p0SjaAquQhkVP -TVo1Fj1GPpQ8R6KK4yJ8Q+HoCDtTbbYJ3zMlDQ7E+6Qf72w1T776FqHFesGI1Vdo -G9C8OFmU/Fr95qswKWeyykixyqRnlV53/ZDgPZ/Q3CyLxlT+9n0GOKcjpgBf+4vh -fFVcL9PFuUtb6FzaIkrWMd7alFV93Z8//xHBc+kYfknIE9zRq7uIhv9d/+Jqcriu -U7QFqqmxoKPOYY6fbTvtzHv2W48128ZqrUvwyLztlgKcjzvAxCPf7grB066K/TlM -2gNrOC/ASXlL1+PiWbrr8HB4vVkeibMtBx3GsbImzsxF+HC21/gsT/Ngd3zEJSco -CZrVZSpHAuQhtR9Htq3zTX/VsWsC5YillEoD8oj1fv4rQQWQen4dFsy0tNz/24An -vI0dNXmpMjYQdg== -=q5xQ ------END PGP SIGNATURE----- diff --git a/roundcubemail-1.6.5-complete.tar.gz b/roundcubemail-1.6.5-complete.tar.gz new file mode 100644 index 0000000..c0e064b --- /dev/null +++ b/roundcubemail-1.6.5-complete.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:164b72cb78de89d104741ee9090f4024e63bfada43949034844365f3fa70b5fd +size 6028873 diff --git a/roundcubemail-1.6.5-complete.tar.gz.asc b/roundcubemail-1.6.5-complete.tar.gz.asc new file mode 100644 index 0000000..4caaf15 --- /dev/null +++ b/roundcubemail-1.6.5-complete.tar.gz.asc @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- + +iQJHBAABCgAxFiEEiXDjemmK93XYfVkNwpRqlgnNVrQFAmVHW7wTHGRldnNAcm91 +bmRjdWJlLm5ldAAKCRDClGqWCc1WtKBvD/43aAtElaQTNTNA+IUAiTofdFkrUWlN +VzMK/fUv8kmpJ975fB+PUYr+hKzUj+xBRWTq64PZkL1q78xJ0g0dNxYgZhkCO3d2 +oTP3EfoE0EqXvIXBnL54ftdu6d65Pw2m7qBZxMRA5XmuLbG23bZlcrCIUbRHvhFv +odOsr82jOYWzFwNYDYDDFYeqSXDmX8ISIJcn/Y7gP4Ifenz9YXtVSFG0zMGDOFcN +x2oxqEUx2guQBGvKXToOCADr33sB7rigY0MqvhP1Z10D2eOk4ViExNyTRVQQuepm +eyudQeyZlC0lLhWteuJyjgH/dX9mtjyGfQ6Eqr3HpR8untY1NNYebEgwFFbrlmr4 +Q9fLGU/HOXUcvpceZUR/mV60apuXcLRZ18qsjgMQjqnr6Eeq0Pg9Jpe6Hkb1xSYJ +vGVC5j/BMKH5b3ZNLc0VuoUFDFAoFyecivBYgWgEWag+Hfmw21TZKT1i+Hn5jWav +OD4bT7n/jmZI4eYbOmmf4vRSwv3uHj+9K80IM09mrIHNnL1R6MqeBezkF2vjdr9b +oy1dkEL8UDyfhklz+e5npR1ouJw4FttVqX5tLAbFzpgn80EKQD4N7oRTiZNQV/6w +fTKJH/2lqHSmqPLGwmXHDE9EGCOMyf6t3AXM0929pgKZwxTDUE7JQyaAMEHA8ZOC +P2qfZNVxQyrcbQ== +=dpSa +-----END PGP SIGNATURE----- diff --git a/roundcubemail.changes b/roundcubemail.changes index 49fb98e..4b8c2da 100644 --- a/roundcubemail.changes +++ b/roundcubemail.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Mon Nov 6 16:39:57 UTC 2023 - Lars Vogdt + +- update to 1.6.5 (bsc#1216895) + * Fix cross-site scripting (XSS) vulnerability in setting + Content-Type/Content-Disposition for attachment + preview/download + ------------------------------------------------------------------- Wed Oct 25 15:36:52 UTC 2023 - Lars Vogdt diff --git a/roundcubemail.spec b/roundcubemail.spec index 9bf3d5b..b8221d7 100644 --- a/roundcubemail.spec +++ b/roundcubemail.spec @@ -20,7 +20,7 @@ %define roundcubeconfigpath %{_sysconfdir}/%{name} Name: roundcubemail -Version: 1.6.4 +Version: 1.6.5 Release: 0 Summary: A browser-based multilingual IMAP client License: BSD-3-Clause AND GPL-2.0-only AND GPL-3.0-or-later From 85e2e9adfe7afa86c9118d517891b39d2d4aaa2c332fbe76a55052020a637354 Mon Sep 17 00:00:00 2001 From: Lars Vogdt Date: Mon, 6 Nov 2023 16:42:10 +0000 Subject: [PATCH 2/3] Other changes * Fix PHP8 fatal error when parsing a malformed BODYSTRUCTURE (#9171) * Fix duplicated Inbox folder on IMAP servers that do not use Inbox folder with all capital letters (#9166) * Fix PHP warnings (#9174) * Fix UI issue when dealing with an invalid managesieve_default_headers value (#9175) * Fix bug where images attached to application/smil messages weren't displayed (#8870) * Fix PHP string replacement error in utils/error.php (#9185) * Fix regression where smtp_user did not allow pre/post strings before/after %u placeholder (#9162) OBS-URL: https://build.opensuse.org/package/show/server:php:applications/roundcubemail?expand=0&rev=169 --- roundcubemail.changes | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/roundcubemail.changes b/roundcubemail.changes index 4b8c2da..99acb70 100644 --- a/roundcubemail.changes +++ b/roundcubemail.changes @@ -5,6 +5,18 @@ Mon Nov 6 16:39:57 UTC 2023 - Lars Vogdt * Fix cross-site scripting (XSS) vulnerability in setting Content-Type/Content-Disposition for attachment preview/download + Other changes + * Fix PHP8 fatal error when parsing a malformed BODYSTRUCTURE (#9171) + * Fix duplicated Inbox folder on IMAP servers that do not use Inbox + folder with all capital letters (#9166) + * Fix PHP warnings (#9174) + * Fix UI issue when dealing with an invalid managesieve_default_headers + value (#9175) + * Fix bug where images attached to application/smil messages + weren't displayed (#8870) + * Fix PHP string replacement error in utils/error.php (#9185) + * Fix regression where smtp_user did not allow pre/post strings + before/after %u placeholder (#9162) ------------------------------------------------------------------- Wed Oct 25 15:36:52 UTC 2023 - Lars Vogdt From 454ff606188238d3036bfe6185a64d528bd600e08f5e9a513d71819745db992f Mon Sep 17 00:00:00 2001 From: Lars Vogdt Date: Mon, 6 Nov 2023 16:50:29 +0000 Subject: [PATCH 3/3] preview/download CVE-2023-47272 OBS-URL: https://build.opensuse.org/package/show/server:php:applications/roundcubemail?expand=0&rev=170 --- roundcubemail.changes | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roundcubemail.changes b/roundcubemail.changes index 99acb70..952a312 100644 --- a/roundcubemail.changes +++ b/roundcubemail.changes @@ -4,7 +4,7 @@ Mon Nov 6 16:39:57 UTC 2023 - Lars Vogdt - update to 1.6.5 (bsc#1216895) * Fix cross-site scripting (XSS) vulnerability in setting Content-Type/Content-Disposition for attachment - preview/download + preview/download CVE-2023-47272 Other changes * Fix PHP8 fatal error when parsing a malformed BODYSTRUCTURE (#9171) * Fix duplicated Inbox folder on IMAP servers that do not use Inbox