From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 1FF9713829B for ; Sun, 29 May 2016 17:42:22 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id A6C79143C4; Sun, 29 May 2016 17:42:18 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 2B929143C4 for ; Sun, 29 May 2016 17:42:18 +0000 (UTC) Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 9658F340896 for ; Sun, 29 May 2016 17:42:16 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id AD6B7180 for ; Sun, 29 May 2016 17:42:12 +0000 (UTC) From: "Aaron Swenson" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Aaron Swenson" Message-ID: <1464543368.4d31c895c86b85f0fec9effbaf37b55c8a2229fb.titanofold@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: mail-client/roundcube/ X-VCS-Repository: repo/gentoo X-VCS-Files: mail-client/roundcube/Manifest mail-client/roundcube/roundcube-1.2.0.ebuild X-VCS-Directories: mail-client/roundcube/ X-VCS-Committer: titanofold X-VCS-Committer-Name: Aaron Swenson X-VCS-Revision: 4d31c895c86b85f0fec9effbaf37b55c8a2229fb X-VCS-Branch: master Date: Sun, 29 May 2016 17:42:12 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: c1a54db0-90f1-417f-9495-72c5a7cab8e5 X-Archives-Hash: f5fcdcec73118e05d2fa87d642d44185 commit: 4d31c895c86b85f0fec9effbaf37b55c8a2229fb Author: Aaron W. Swenson gentoo org> AuthorDate: Sun May 29 17:35:04 2016 +0000 Commit: Aaron Swenson gentoo org> CommitDate: Sun May 29 17:36:08 2016 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4d31c895 mail-client/roundcube: Fix Multiple Vulnerabilities Many security issues/enhancements are resolved with this release. The most significant being: * Fix (again) security issue in DBMail driver of password plugin (CVE-2015-2181) * Fix path traversal vulnerability in setting a skin (CVE-2015-8770) * Fix XSS issue in SVG images handling * Fix XSS issue in href attribute on area tag You can find the complete list of changes in the included CHANGELOG or at: https://github.com/roundcube/roundcubemail/wiki/Changelog Bug: 580746, 584200, 584098 Package-Manager: portage-2.2.26 mail-client/roundcube/Manifest | 1 + mail-client/roundcube/roundcube-1.2.0.ebuild | 75 ++++++++++++++++++++++++++++ 2 files changed, 76 insertions(+) diff --git a/mail-client/roundcube/Manifest b/mail-client/roundcube/Manifest index 894f804..b9a7848 100644 --- a/mail-client/roundcube/Manifest +++ b/mail-client/roundcube/Manifest @@ -1,2 +1,3 @@ DIST roundcubemail-1.1.4.tar.gz 3209549 SHA256 539a11ed38838b221f8139b193d9762638f155c7b0ea9391315865896be16852 SHA512 18c2422d65292cd13bc4ce592e8490cc0a9d3e9551ac4d188db93eb989525af7ccf519642dd2e68a7380ab0d0d4ad4f999af2b7e99da75d88274743949b42f8a WHIRLPOOL c3e310ddb4dc50b46ff28566d030865029364f69db5a3f39be0d37f165c83486a979b4d3ab7d42835baa7ea9506df8947381612403355a628864ecbde1238d02 DIST roundcubemail-1.2-beta.tar.gz 3421215 SHA256 b7ab853c0a6e52641c851624c4405ce49643553b76c1f50b02b413cb7954fb25 SHA512 454083d6377a07bd418de5593cafb2cc7c0af474e178e322d07adeaa3473ce140a57e6d0a0ee3f58862091bc559596c98d4fb523ef6b9cee91d38064233aade6 WHIRLPOOL 059cd348397a31a3ebf2a6f58acbf832b0722b2740496ae32b4ef036a963a8199fd4f6e718895512ce1fc996da3af65c583f65faef8b817ba94d99fdfda896d3 +DIST roundcubemail-1.2.0.tar.gz 3453543 SHA256 e3b89c2772c2c5990da9bca640bc342f486edf356016cf717e6a1083c822b523 SHA512 3d97e816560830437902ede352e8be81cd93050975934b9dfc86ccf745234119bdf63d5f882fa0d1cc445575c1ea05906a87ae81befdb0bbb38002433e4de199 WHIRLPOOL f9b14ffb2520cd7eda798eb96ec8547af9f5b8d288605d5d777d126cddb3f531f53887ae9bd9b16be7bf194e87165ff48722885328c6dab0d1c1a0ee589817c4 diff --git a/mail-client/roundcube/roundcube-1.2.0.ebuild b/mail-client/roundcube/roundcube-1.2.0.ebuild new file mode 100644 index 0000000..b3e54be --- /dev/null +++ b/mail-client/roundcube/roundcube-1.2.0.ebuild @@ -0,0 +1,75 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=6 + +inherit webapp + +MY_PN=${PN}mail +MY_P=${MY_PN}-${PV/_/-} + +DESCRIPTION="A browser-based multilingual IMAP client with an application-like user interface" +HOMEPAGE="http://roundcube.net" +SRC_URI="https://github.com/${PN}/${MY_PN}/releases/download/${PV/_/-}/${MY_P}.tar.gz" + +# roundcube is GPL-licensed, the rest of the licenses here are +# for bundled PEAR components, googiespell and utf8.class.php +LICENSE="GPL-3 BSD PHP-2.02 PHP-3 MIT public-domain" +KEYWORDS="~amd64 ~arm ~hppa ~ppc ~ppc64 ~sparc ~x86" + +IUSE="enigma ldap managesieve mysql postgres sqlite ssl spell" +REQUIRED_USE="|| ( mysql postgres sqlite )" + +# this function only sets DEPEND so we need to include that in RDEPEND +need_httpd_cgi + +RDEPEND=" + ${DEPEND} + >=dev-lang/php-5.3.7[crypt,filter,gd,iconv,json,ldap?,pdo,postgres?,session,sockets,sqlite?,ssl?,unicode,xml] + >=dev-php/PEAR-Auth_SASL-1.0.6 + >=dev-php/PEAR-Mail_Mime-1.8.9 + >=dev-php/PEAR-Mail_mimeDecode-1.5.5 + >=dev-php/PEAR-Net_IDNA2-0.1.1 + >=dev-php/PEAR-Net_SMTP-1.6.2 + virtual/httpd-php + enigma? ( >=dev-php/PEAR-Crypt_GPG-1.2.0 app-crypt/gnupg ) + ldap? ( >=dev-php/PEAR-Net_LDAP2-2.0.12 ) + managesieve? ( >=dev-php/PEAR-Net_Sieve-1.3.2 ) + mysql? ( || ( dev-lang/php[mysql] dev-lang/php[mysqli] ) ) + spell? ( dev-lang/php[curl,spell] ) +" + +S=${WORKDIR}/${MY_P} + +src_install() { + webapp_src_preinst + dodoc CHANGELOG INSTALL README.md UPGRADING + + insinto "${MY_HTDOCSDIR}" + doins -r [[:lower:]]* SQL + doins .htaccess + + webapp_serverowned "${MY_HTDOCSDIR}"/logs + webapp_serverowned "${MY_HTDOCSDIR}"/temp + + webapp_configfile "${MY_HTDOCSDIR}"/config/defaults.inc.php + webapp_postupgrade_txt en "${FILESDIR}/POST-UPGRADE.txt" + webapp_src_install +} + +pkg_postinst() { + webapp_pkg_postinst + + ewarn + ewarn "When upgrading from <= 0.9, note that the old configuration files" + ewarn "named main.inc.php and db.inc.php are deprecated and should be" + ewarn "replaced with one single config.inc.php file." + ewarn + ewarn "Run the ./bin/update.sh script to convert those" + ewarn "or manually merge the files." + ewarn + ewarn "The new config.inc.php should only contain options that" + ewarn "differ from the ones listed in defaults.inc.php." + ewarn +}