1 |
commit: 4d31c895c86b85f0fec9effbaf37b55c8a2229fb |
2 |
Author: Aaron W. Swenson <titanofold <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sun May 29 17:35:04 2016 +0000 |
4 |
Commit: Aaron Swenson <titanofold <AT> gentoo <DOT> org> |
5 |
CommitDate: Sun May 29 17:36:08 2016 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4d31c895 |
7 |
|
8 |
mail-client/roundcube: Fix Multiple Vulnerabilities |
9 |
|
10 |
Many security issues/enhancements are resolved with this release. The |
11 |
most significant being: |
12 |
|
13 |
* Fix (again) security issue in DBMail driver of password plugin (CVE-2015-2181) |
14 |
* Fix path traversal vulnerability in setting a skin (CVE-2015-8770) |
15 |
* Fix XSS issue in SVG images handling |
16 |
* Fix XSS issue in href attribute on area tag |
17 |
|
18 |
You can find the complete list of changes in the included CHANGELOG or at: |
19 |
https://github.com/roundcube/roundcubemail/wiki/Changelog |
20 |
|
21 |
Bug: 580746, 584200, 584098 |
22 |
|
23 |
Package-Manager: portage-2.2.26 |
24 |
|
25 |
mail-client/roundcube/Manifest | 1 + |
26 |
mail-client/roundcube/roundcube-1.2.0.ebuild | 75 ++++++++++++++++++++++++++++ |
27 |
2 files changed, 76 insertions(+) |
28 |
|
29 |
diff --git a/mail-client/roundcube/Manifest b/mail-client/roundcube/Manifest |
30 |
index 894f804..b9a7848 100644 |
31 |
--- a/mail-client/roundcube/Manifest |
32 |
+++ b/mail-client/roundcube/Manifest |
33 |
@@ -1,2 +1,3 @@ |
34 |
DIST roundcubemail-1.1.4.tar.gz 3209549 SHA256 539a11ed38838b221f8139b193d9762638f155c7b0ea9391315865896be16852 SHA512 18c2422d65292cd13bc4ce592e8490cc0a9d3e9551ac4d188db93eb989525af7ccf519642dd2e68a7380ab0d0d4ad4f999af2b7e99da75d88274743949b42f8a WHIRLPOOL c3e310ddb4dc50b46ff28566d030865029364f69db5a3f39be0d37f165c83486a979b4d3ab7d42835baa7ea9506df8947381612403355a628864ecbde1238d02 |
35 |
DIST roundcubemail-1.2-beta.tar.gz 3421215 SHA256 b7ab853c0a6e52641c851624c4405ce49643553b76c1f50b02b413cb7954fb25 SHA512 454083d6377a07bd418de5593cafb2cc7c0af474e178e322d07adeaa3473ce140a57e6d0a0ee3f58862091bc559596c98d4fb523ef6b9cee91d38064233aade6 WHIRLPOOL 059cd348397a31a3ebf2a6f58acbf832b0722b2740496ae32b4ef036a963a8199fd4f6e718895512ce1fc996da3af65c583f65faef8b817ba94d99fdfda896d3 |
36 |
+DIST roundcubemail-1.2.0.tar.gz 3453543 SHA256 e3b89c2772c2c5990da9bca640bc342f486edf356016cf717e6a1083c822b523 SHA512 3d97e816560830437902ede352e8be81cd93050975934b9dfc86ccf745234119bdf63d5f882fa0d1cc445575c1ea05906a87ae81befdb0bbb38002433e4de199 WHIRLPOOL f9b14ffb2520cd7eda798eb96ec8547af9f5b8d288605d5d777d126cddb3f531f53887ae9bd9b16be7bf194e87165ff48722885328c6dab0d1c1a0ee589817c4 |
37 |
|
38 |
diff --git a/mail-client/roundcube/roundcube-1.2.0.ebuild b/mail-client/roundcube/roundcube-1.2.0.ebuild |
39 |
new file mode 100644 |
40 |
index 0000000..b3e54be |
41 |
--- /dev/null |
42 |
+++ b/mail-client/roundcube/roundcube-1.2.0.ebuild |
43 |
@@ -0,0 +1,75 @@ |
44 |
+# Copyright 1999-2016 Gentoo Foundation |
45 |
+# Distributed under the terms of the GNU General Public License v2 |
46 |
+# $Id$ |
47 |
+ |
48 |
+EAPI=6 |
49 |
+ |
50 |
+inherit webapp |
51 |
+ |
52 |
+MY_PN=${PN}mail |
53 |
+MY_P=${MY_PN}-${PV/_/-} |
54 |
+ |
55 |
+DESCRIPTION="A browser-based multilingual IMAP client with an application-like user interface" |
56 |
+HOMEPAGE="http://roundcube.net" |
57 |
+SRC_URI="https://github.com/${PN}/${MY_PN}/releases/download/${PV/_/-}/${MY_P}.tar.gz" |
58 |
+ |
59 |
+# roundcube is GPL-licensed, the rest of the licenses here are |
60 |
+# for bundled PEAR components, googiespell and utf8.class.php |
61 |
+LICENSE="GPL-3 BSD PHP-2.02 PHP-3 MIT public-domain" |
62 |
+KEYWORDS="~amd64 ~arm ~hppa ~ppc ~ppc64 ~sparc ~x86" |
63 |
+ |
64 |
+IUSE="enigma ldap managesieve mysql postgres sqlite ssl spell" |
65 |
+REQUIRED_USE="|| ( mysql postgres sqlite )" |
66 |
+ |
67 |
+# this function only sets DEPEND so we need to include that in RDEPEND |
68 |
+need_httpd_cgi |
69 |
+ |
70 |
+RDEPEND=" |
71 |
+ ${DEPEND} |
72 |
+ >=dev-lang/php-5.3.7[crypt,filter,gd,iconv,json,ldap?,pdo,postgres?,session,sockets,sqlite?,ssl?,unicode,xml] |
73 |
+ >=dev-php/PEAR-Auth_SASL-1.0.6 |
74 |
+ >=dev-php/PEAR-Mail_Mime-1.8.9 |
75 |
+ >=dev-php/PEAR-Mail_mimeDecode-1.5.5 |
76 |
+ >=dev-php/PEAR-Net_IDNA2-0.1.1 |
77 |
+ >=dev-php/PEAR-Net_SMTP-1.6.2 |
78 |
+ virtual/httpd-php |
79 |
+ enigma? ( >=dev-php/PEAR-Crypt_GPG-1.2.0 app-crypt/gnupg ) |
80 |
+ ldap? ( >=dev-php/PEAR-Net_LDAP2-2.0.12 ) |
81 |
+ managesieve? ( >=dev-php/PEAR-Net_Sieve-1.3.2 ) |
82 |
+ mysql? ( || ( dev-lang/php[mysql] dev-lang/php[mysqli] ) ) |
83 |
+ spell? ( dev-lang/php[curl,spell] ) |
84 |
+" |
85 |
+ |
86 |
+S=${WORKDIR}/${MY_P} |
87 |
+ |
88 |
+src_install() { |
89 |
+ webapp_src_preinst |
90 |
+ dodoc CHANGELOG INSTALL README.md UPGRADING |
91 |
+ |
92 |
+ insinto "${MY_HTDOCSDIR}" |
93 |
+ doins -r [[:lower:]]* SQL |
94 |
+ doins .htaccess |
95 |
+ |
96 |
+ webapp_serverowned "${MY_HTDOCSDIR}"/logs |
97 |
+ webapp_serverowned "${MY_HTDOCSDIR}"/temp |
98 |
+ |
99 |
+ webapp_configfile "${MY_HTDOCSDIR}"/config/defaults.inc.php |
100 |
+ webapp_postupgrade_txt en "${FILESDIR}/POST-UPGRADE.txt" |
101 |
+ webapp_src_install |
102 |
+} |
103 |
+ |
104 |
+pkg_postinst() { |
105 |
+ webapp_pkg_postinst |
106 |
+ |
107 |
+ ewarn |
108 |
+ ewarn "When upgrading from <= 0.9, note that the old configuration files" |
109 |
+ ewarn "named main.inc.php and db.inc.php are deprecated and should be" |
110 |
+ ewarn "replaced with one single config.inc.php file." |
111 |
+ ewarn |
112 |
+ ewarn "Run the ./bin/update.sh script to convert those" |
113 |
+ ewarn "or manually merge the files." |
114 |
+ ewarn |
115 |
+ ewarn "The new config.inc.php should only contain options that" |
116 |
+ ewarn "differ from the ones listed in defaults.inc.php." |
117 |
+ ewarn |
118 |
+} |