| 1 |
commit: 4d31c895c86b85f0fec9effbaf37b55c8a2229fb |
| 2 |
Author: Aaron W. Swenson <titanofold <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Sun May 29 17:35:04 2016 +0000 |
| 4 |
Commit: Aaron Swenson <titanofold <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Sun May 29 17:36:08 2016 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4d31c895 |
| 7 |
|
| 8 |
mail-client/roundcube: Fix Multiple Vulnerabilities |
| 9 |
|
| 10 |
Many security issues/enhancements are resolved with this release. The |
| 11 |
most significant being: |
| 12 |
|
| 13 |
* Fix (again) security issue in DBMail driver of password plugin (CVE-2015-2181) |
| 14 |
* Fix path traversal vulnerability in setting a skin (CVE-2015-8770) |
| 15 |
* Fix XSS issue in SVG images handling |
| 16 |
* Fix XSS issue in href attribute on area tag |
| 17 |
|
| 18 |
You can find the complete list of changes in the included CHANGELOG or at: |
| 19 |
https://github.com/roundcube/roundcubemail/wiki/Changelog |
| 20 |
|
| 21 |
Bug: 580746, 584200, 584098 |
| 22 |
|
| 23 |
Package-Manager: portage-2.2.26 |
| 24 |
|
| 25 |
mail-client/roundcube/Manifest | 1 + |
| 26 |
mail-client/roundcube/roundcube-1.2.0.ebuild | 75 ++++++++++++++++++++++++++++ |
| 27 |
2 files changed, 76 insertions(+) |
| 28 |
|
| 29 |
diff --git a/mail-client/roundcube/Manifest b/mail-client/roundcube/Manifest |
| 30 |
index 894f804..b9a7848 100644 |
| 31 |
--- a/mail-client/roundcube/Manifest |
| 32 |
+++ b/mail-client/roundcube/Manifest |
| 33 |
@@ -1,2 +1,3 @@ |
| 34 |
DIST roundcubemail-1.1.4.tar.gz 3209549 SHA256 539a11ed38838b221f8139b193d9762638f155c7b0ea9391315865896be16852 SHA512 18c2422d65292cd13bc4ce592e8490cc0a9d3e9551ac4d188db93eb989525af7ccf519642dd2e68a7380ab0d0d4ad4f999af2b7e99da75d88274743949b42f8a WHIRLPOOL c3e310ddb4dc50b46ff28566d030865029364f69db5a3f39be0d37f165c83486a979b4d3ab7d42835baa7ea9506df8947381612403355a628864ecbde1238d02 |
| 35 |
DIST roundcubemail-1.2-beta.tar.gz 3421215 SHA256 b7ab853c0a6e52641c851624c4405ce49643553b76c1f50b02b413cb7954fb25 SHA512 454083d6377a07bd418de5593cafb2cc7c0af474e178e322d07adeaa3473ce140a57e6d0a0ee3f58862091bc559596c98d4fb523ef6b9cee91d38064233aade6 WHIRLPOOL 059cd348397a31a3ebf2a6f58acbf832b0722b2740496ae32b4ef036a963a8199fd4f6e718895512ce1fc996da3af65c583f65faef8b817ba94d99fdfda896d3 |
| 36 |
+DIST roundcubemail-1.2.0.tar.gz 3453543 SHA256 e3b89c2772c2c5990da9bca640bc342f486edf356016cf717e6a1083c822b523 SHA512 3d97e816560830437902ede352e8be81cd93050975934b9dfc86ccf745234119bdf63d5f882fa0d1cc445575c1ea05906a87ae81befdb0bbb38002433e4de199 WHIRLPOOL f9b14ffb2520cd7eda798eb96ec8547af9f5b8d288605d5d777d126cddb3f531f53887ae9bd9b16be7bf194e87165ff48722885328c6dab0d1c1a0ee589817c4 |
| 37 |
|
| 38 |
diff --git a/mail-client/roundcube/roundcube-1.2.0.ebuild b/mail-client/roundcube/roundcube-1.2.0.ebuild |
| 39 |
new file mode 100644 |
| 40 |
index 0000000..b3e54be |
| 41 |
--- /dev/null |
| 42 |
+++ b/mail-client/roundcube/roundcube-1.2.0.ebuild |
| 43 |
@@ -0,0 +1,75 @@ |
| 44 |
+# Copyright 1999-2016 Gentoo Foundation |
| 45 |
+# Distributed under the terms of the GNU General Public License v2 |
| 46 |
+# $Id$ |
| 47 |
+ |
| 48 |
+EAPI=6 |
| 49 |
+ |
| 50 |
+inherit webapp |
| 51 |
+ |
| 52 |
+MY_PN=${PN}mail |
| 53 |
+MY_P=${MY_PN}-${PV/_/-} |
| 54 |
+ |
| 55 |
+DESCRIPTION="A browser-based multilingual IMAP client with an application-like user interface" |
| 56 |
+HOMEPAGE="http://roundcube.net" |
| 57 |
+SRC_URI="https://github.com/${PN}/${MY_PN}/releases/download/${PV/_/-}/${MY_P}.tar.gz" |
| 58 |
+ |
| 59 |
+# roundcube is GPL-licensed, the rest of the licenses here are |
| 60 |
+# for bundled PEAR components, googiespell and utf8.class.php |
| 61 |
+LICENSE="GPL-3 BSD PHP-2.02 PHP-3 MIT public-domain" |
| 62 |
+KEYWORDS="~amd64 ~arm ~hppa ~ppc ~ppc64 ~sparc ~x86" |
| 63 |
+ |
| 64 |
+IUSE="enigma ldap managesieve mysql postgres sqlite ssl spell" |
| 65 |
+REQUIRED_USE="|| ( mysql postgres sqlite )" |
| 66 |
+ |
| 67 |
+# this function only sets DEPEND so we need to include that in RDEPEND |
| 68 |
+need_httpd_cgi |
| 69 |
+ |
| 70 |
+RDEPEND=" |
| 71 |
+ ${DEPEND} |
| 72 |
+ >=dev-lang/php-5.3.7[crypt,filter,gd,iconv,json,ldap?,pdo,postgres?,session,sockets,sqlite?,ssl?,unicode,xml] |
| 73 |
+ >=dev-php/PEAR-Auth_SASL-1.0.6 |
| 74 |
+ >=dev-php/PEAR-Mail_Mime-1.8.9 |
| 75 |
+ >=dev-php/PEAR-Mail_mimeDecode-1.5.5 |
| 76 |
+ >=dev-php/PEAR-Net_IDNA2-0.1.1 |
| 77 |
+ >=dev-php/PEAR-Net_SMTP-1.6.2 |
| 78 |
+ virtual/httpd-php |
| 79 |
+ enigma? ( >=dev-php/PEAR-Crypt_GPG-1.2.0 app-crypt/gnupg ) |
| 80 |
+ ldap? ( >=dev-php/PEAR-Net_LDAP2-2.0.12 ) |
| 81 |
+ managesieve? ( >=dev-php/PEAR-Net_Sieve-1.3.2 ) |
| 82 |
+ mysql? ( || ( dev-lang/php[mysql] dev-lang/php[mysqli] ) ) |
| 83 |
+ spell? ( dev-lang/php[curl,spell] ) |
| 84 |
+" |
| 85 |
+ |
| 86 |
+S=${WORKDIR}/${MY_P} |
| 87 |
+ |
| 88 |
+src_install() { |
| 89 |
+ webapp_src_preinst |
| 90 |
+ dodoc CHANGELOG INSTALL README.md UPGRADING |
| 91 |
+ |
| 92 |
+ insinto "${MY_HTDOCSDIR}" |
| 93 |
+ doins -r [[:lower:]]* SQL |
| 94 |
+ doins .htaccess |
| 95 |
+ |
| 96 |
+ webapp_serverowned "${MY_HTDOCSDIR}"/logs |
| 97 |
+ webapp_serverowned "${MY_HTDOCSDIR}"/temp |
| 98 |
+ |
| 99 |
+ webapp_configfile "${MY_HTDOCSDIR}"/config/defaults.inc.php |
| 100 |
+ webapp_postupgrade_txt en "${FILESDIR}/POST-UPGRADE.txt" |
| 101 |
+ webapp_src_install |
| 102 |
+} |
| 103 |
+ |
| 104 |
+pkg_postinst() { |
| 105 |
+ webapp_pkg_postinst |
| 106 |
+ |
| 107 |
+ ewarn |
| 108 |
+ ewarn "When upgrading from <= 0.9, note that the old configuration files" |
| 109 |
+ ewarn "named main.inc.php and db.inc.php are deprecated and should be" |
| 110 |
+ ewarn "replaced with one single config.inc.php file." |
| 111 |
+ ewarn |
| 112 |
+ ewarn "Run the ./bin/update.sh script to convert those" |
| 113 |
+ ewarn "or manually merge the files." |
| 114 |
+ ewarn |
| 115 |
+ ewarn "The new config.inc.php should only contain options that" |
| 116 |
+ ewarn "differ from the ones listed in defaults.inc.php." |
| 117 |
+ ewarn |
| 118 |
+} |
Archives