./mail/roundcube, Browser-based multilingual IMAP client

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 1.2.7, Package name: php56-roundcube-1.2.7, Maintainer: taca

RoundCube Webmail is a browser-based multilingual IMAP client with an
application-like user interface. It provides full functionality you expect
from an e-mail client, including MIME support, address book, folder
manipulation, message searching and spell checking. RoundCube Webmail is
written in PHP and requires the MySQL database. The user interface is fully
skinnable using XHTML and CSS 2.

Required to run:
[textproc/php-json] [converters/php-iconv] [graphics/php-exif] [graphics/php-gd] [databases/php-pdo_mysql] [net/pear-Net_Sieve] [net/pear-Net_SMTP] [mail/pear-Mail_Mime] [converters/php-mbstring] [textproc/php-intl] [net/pear-Net_IDNA2]

Required to build:
[www/apache24] [pkgtools/cwrappers]

Package options: apache, gd, iconv, mysql, php-sockets

Master sites:

SHA1: b5aa5303e0e940da2117802c7ffd22dc265c4699
RMD160: 7d24ca42391a62d494b0615e92203596f5573761
Filesize: 3456.237 KB

Version history: (Expand)

CVS history: (Expand)

   2017-11-09 02:13:12 by Takahiro Kambe | Files touched by this commit (5) | Package updated
Log message:
mail/roundcube: update to 1.2.7

Security fix for CVE-2017-16651.

- Fix rewind(): stream does not support seeking (#5950)
- Fix bug where HTML messages could have been rendered empty on some systems
- Fix (again) bug where image data URIs in css style were treated as
  evil/remote in mail preview (#5580)
- Managesieve: Fix parsing dot-staffed lines in multiline text (#5838, #5959)
- Fix file disclosure vulnerability caused by insufficient input validation
  [CVE-2017-16651] (#6026)
   2017-09-11 15:56:39 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
Update roundcube to 1.2.6.

- Don't ignore (global) userlogins/sendmail logging in per_user_logging mode
- Managesieve: Fix AM/PM suffix in vacation time selectors
- Fix bug where comment notation within style tag would cause the whole style
  to be ignored (#5747)
- Fix bug where it wasn't possible to scroll folders list in Edge (#5750)
- Fix addressbook searching by gender (#5757)
- Fix SQL syntax error on MariaDB 10.2 (#5774)
- Fix bug where it wasn't possible to set timezone to auto-detected value
- Fix uninitialized string offset in rcube_utils::bin2ascii() and make sure
  rcube_utils::random_bytes() result has always requested length (#5788)
- Fix potential XSS vulnerability with malformed HTML message markup
   2017-04-28 15:48:29 by Takahiro Kambe | Files touched by this commit (3) | Package updated
Log message:
Update roundcube to 1.2.5.

- Fix re-positioning of the fixed header of messages list in Chrome when using
  minimal mode toggle and About dialog (#5711)
- Fix so settings/upload.inc could not be used by plugins (#5694)
- Fix regression in LDAP fuzzy search where it always used prefix search
  instead (#5713)
- Fix bug where namespace prefix could not be truncated on folders list if
  show_real_foldernames=true (#5695)
- Fix bug where base_dn setting was ignored inside group_filters (#5720)
   2017-04-05 14:33:49 by Filip Hajny | Files touched by this commit (27)
Log message:
Remove traces of textproc/php-dom which is not needed anymore, now that dom is \ 
built into PHP. Bump resp. PKGREVISION.
   2017-03-12 14:34:04 by Takahiro Kambe | Files touched by this commit (3) | Package updated
Log message:
Update roundcube to 1.2.4.

CHANGELOG Roundcube Webmail

- Managesieve: Fix handling of scripts with nested rules (#5540)
- Managesieve: Fix parser issue with empty lines between comments (#5657)
- Managesieve: Fix possible defect in handling \r\n in scripts (#5685)
- Fix variable substitution in ldap host for some use-cases,
  e.g. new_user_identity (#5544)
- Fix adding images to new identity signatures
- Fix rsync error handling in installto.sh script (#5562)
- Fix some advanced search issues with multiple addressbooks (#5572)
- Fix so group/addressbook selection is retained on page refresh
- Fix bug where image data URIs in css style were treated as evil/remote in
  mail preview (#5580)
- Fix bug where external content in src attribute of input/video tags was not
  secured (#5583)
- Fix PHP error on update of a contact with multiple email addresses when
  using PHP 7.1 (#5587)
- Fix bug where mail content frame couldn't be reset in some corner cases
- Fix bug where some classic skin images were not displayed in IE/Edge (#5614)
- Fix bug where signature couldn't be added above the quote in Firefox 51
- Fix regression where groups with email address were resolved to its members'
- Fix update of group name in the contacts list header on group rename (#5648)
- Add rewrite rule to disable access to /vendor/bin folder in .htaccess (#5630)
- Fix bug where it was too easy accidentally move a folder when using the
  subscription checkbox (#5655)
- Fix XSS issue in handling of a style tag inside of an svg element
   2016-12-05 17:13:51 by Takahiro Kambe | Files touched by this commit (4) | Package updated
Log message:
Update roundcube to 1.2.3, including security fix.

pkgsrc changes:
* Drop dependency to pear-Mail_mimeDecode.
* Update dependency.

Other changes:
* Add is_IS, ku_IQ and sq_AL locale support.


* Searching in both contacts and groups when LDAP addressbook with
  group_filters option is used
* Fix vulnerability in handling of mail()'s 5th argument
* Fix To: header encoding in mail sent with mail() method (#5475)
* Fix flickering of header topline in min-mode (#5426)
* Fix bug where folders list would scroll to top when clicking on subscription
  checkbox (#5447)
* Fix decoding of GB2312/GBK text when iconv is not installed (#5448)
* Fix regression where creation of default folders wasn't functioning without
  prefix (#5460)
* Fix bug where deleting folders with subfolders could fail in some cases
* Fix bug where IMAP password could be exposed via error message (#5472)
* Fix bug where it wasn't possible to store more that 2MB objects in
  memcache/apc, Added memcache_max_allowed_packet and apc_max_allowed_packet
  settings (#5452)
* Fix "Illegal string offset" warning in rcube::log_bug() on PHP 7.1 \ 
* Fix storing "empty" values in rcube_cache/rcube_cache_shared (#5519)
* Fix missing content check when image resize fails on attachment thumbnail
  generation (#5485)
* Fix displaying attached images with wrong Content-Type specified (#5527)
   2016-10-08 16:41:52 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
Update roundcube to 1.2.2.

- Fix regression in resizing JPEG images with Imagick (#5376)
- Managesieve: Fix parsing of vacation date-time with non-default date_format (#5372)
- Use SymLinksIfOwnerMatch in .htaccess instead of FollowSymLinks disabled on \ 
some hosts for security reasons (#5370)
- Wash position:fixed style in HTML mail for better security (#5264)
- Fix bug where memcache_debug didn't work for session operations
- Fix bug where Message-ID domain part was tied to username instead of current \ 
identity (#5385)
- Fix bug where blocked.gif couldn't be attached to reply/forward with insecure \ 
- Fix E_DEPRECATED warning when using Auth_SASL::factory() (#5401)
- Fix bug where names of downloaded files could be malformed when derived from \ 
the message subject (#5404)
- Fix so "All" messages selection is resetted on search reset (#5413)
- Fix bug where folder creation could fail if personal namespace contained more \ 
than one entry (#5403)
- Fix error causing empty INBOX listing in Firefox when using an URL with \ 
user:password specified (#5400)
- Fix PHP warning when handling shared namespace with empty prefix (#5420)
- Fix so folders list is scrolled to the selected folder on page load (#5424)
- Fix so when moving to Trash we make sure the folder exists (#5192)
- Fix displaying size of attachments with zero size
- Fix so "Action disabled" error uses more appropriate 404 code (#5440)
   2016-09-13 17:56:01 by Takahiro Kambe | Files touched by this commit (8) | Package updated
Log message:
Update roundcube to 1.2.1.

pkgsrc changes:

o Split some plugins (enigma, password and zipdownload) to separate packages.
o Drop PHP_VERSIONS_ACCEPTED since now it support PHP 7.0.
o Rename sockets PKG_OPTIONS to php-sockets.

Catch up PR pkg/51370 in a little different way.

- Update TinyMCE to version 4.3.13 (#5309)
- Fix bug where errors could have been not logged when per_user_logging=true
- Fix bug where message list columns could be in wrong order after column \ 
drag-n-drop and list sorting
- Fix so minified publickey.js (with cache-buster) is used when available (#5254)
- Fix (replace) application/x-tar file extension test as it might not exist in \ 
nginx config (#5253)
- Fix PHP warning when password_hosts is set, but is not an array (#5260)
- Fix redundant keep-alive requests when session_lifetime is greater than ~20000 \ 
- Fix so subfolders of INBOX can be set as Archive (#5274)
- Fix bug where multi-folder search could choose a wrong folder in "this \ 
and subfolders" scope (#5282)
- Fix bug where multi-folder search didn't work for unsubscribed INBOX (#5259)
- Fix bug where "no body" alert could be displayed when sending \ 
mailvelope email
- Enigma: Fix keys import from inside of an encrypted message (#5285)
- Enigma: Fix malformed signed messages with force_7bit=true (#5292)
- Enigma: Add possibility to configure gpg binary location (enigma_pgp_binary)
- Enigma: Add possibility to export private keys (#5321)
- Fix searching by email address in contacts with multiple addresses (#5291)
- Fix handling of --delete argument in moduserprefs.sh script (#5296)
- Workaround PHP issue by calling closelog() on script shutdown when using \ 
log_driver=syslog (#5289)
- Fix so upgrade script makes sure program/lib directory does not contain old \ 
libraries (#5287)
- Fix subscription checkbox state on error in folder subscribe/unsubscribe \ 
action (#5243)
- Fix bug where microsecond format in logged date didn't work in some cases
- Fix conflict in new_user_dialog and password_force_new_user settings (#5275)
- Don't create multipart/alternative messages with empty text/plain part (#5283)
- Use contact_search_name format in popup on results in compose contacts search
- Fix handling of 'mailto' and 'error' arguments in message_before_send hook (#5347)
- Fix missing localization of HTML editor when assets_dir != INSTALL_PATH
- Fix handling of blockquote tags with mixed case on html2text conversion (#5363)
- Fix javascript errors in IE on page with iframe that points to another domain

- Enigma: Added enigma_debug option
- Fix message list multi-select/deselect issue (#5219)
- Fix bug where getting HTML editor content could steal focus from other form \ 
controls (#5223)
- Fix bug where contact search menu fields where always unchecked in Larry skin
- Fix autoloading of 'html' class
- Fix bug where Encrypt button appears when switching editor to HTML (#5235)
- Fix XSS issue in href attribute on area tag (#5240)

RELEASE 1.2-rc
- Managesieve: Refactored script parser to be 100x faster
- Enigma: added option to force users to use signing/encryption
- Enigma: Added option to attach public keys to sent mail (#5152)
- Enigma: Handle messages with text before an encrypted block (#5149)
- Enigma: Handle encrypted/signed content inside message/rfc822 attachments
- Enigma: Fix missing html/plain switch on multipart/signed messages (#4963)
- Enigma: Disable format=flowed for signed plain text messages (#4960)
- Enigma: Fix handling of encrypted + signed messages (#4950)
- Enigma: Fix invalid boundary use in signed messages structure
- Enable use of TLSv1.1 and TLSv1.2 for IMAP (#4955)
- Save copy of original .htaccess file when using installto.sh script (#4947)
- Fix regression where some message attachments could be missing on edit/forward \ 
- Fix regression in displaying contents of message/rfc822 parts (#4937)
- Fix handling of message/rfc822 attachments on replies and forwards (#4938)
- Fix PDF support detection in Firefox > 19 (#4941)
- Fix path traversal vulnerability in setting a skin [CVE-2015-8770] (#4945)
- Fix so drag-n-drop of text (e.g. recipient addresses) on compose page actually \ 
works (#4944)
- Fix .htaccess rewrite rules to not block .well-known URIs (#4943)
- Fix mail view scaling on iOS (#4915)
- Fix PHP7 warning "session_start(): Session callback expects true/false \ 
return value" (#4948)
- Fix XSS issue in SVG images handling (#4949)
- Fix missing language name in "Add to Dictionary" request in HTML \ 
mode (#4951)
- Fix (again) security issue in DBMail driver of password plugin [CVE-2015-2181] \ 
- Fix bug where Archive/Junk buttons were not active after page jump with \ 
select=all mode (#4961)
- Fix bug in long recipients list parsing for cases where recipient name \ 
contained @-char (#4964)
- Plugin API: Added addressbook_export hook
- Fix additional_message_headers plugin compatibility with Mail_Mime >= 1.9 \ 
- Hide DSN option in Preferences when smtp_server is not used (#4967)
- Fix handling of body parameter in mail compose request
- Protect download urls against CSRF using unique request tokens (#4957)
- newmail_notifier: Refactor desktop notifications
- Fix so contactlist_fields option can be set via config file
- Fix so SPECIAL-USE assignments are forced only until user sets special folders \ 
- Fix performance in reverting order of THREAD result
- Fix converting mail addresses with @www. into mailto links (#5197)

RELEASE 1.2-beta
- Update TinyMCE to version 4.2
- Added support for Redis session handler
- Removed some deprecated methods: \ 
https://github.com/roundcube/roundcubem … t/454b0b1c
- Remove backward compatibility "layer" of bc.php (#4902)
- Add possibility to define date format in write operations for ldap attributes \ 
- Display attachment size in compose (#1329)
- Added possibility to drag-n-drop attachments from mail preview to compose window
- Implemented mail messages searching with predefined date interval
- PGP encryption support via Mailvelope integration
- PGP encryption support via Enigma plugin
- PHP7 compatibility fixes (#4836)
- Security: Added brute-force attack prevention via login rate limit (#4922)
- Security: Added options to validate username/password on logon (#4884)
- Security: Improve randomness of security tokens (#4899)
- Security: Use random security tokens instead of hashes based on encryption key \ 
- Security: Improved encrypt/decrypt methods with option to choose the \ 
cipher_method (#4492)
- Make optional adding of standard signature separator - sig_separator (#3276)
- Optimize folder_size() on Cyrus IMAP by using special folder annotation (#4894)
- Make optional hidding of folders with name starting with a dot - \ 
imap_skip_hidden_folders (#4870)
- Add option to enable HTML editor always, except when replying to plain text \ 
messages (#4352)
- Emoticons: Added option to switch on/off emoticons in compose editor (#2076)
- Emoticons: Added option to switch on/off emoticons in plain text messages
- Emoticons: All emoticons-related functionality is handled by the plugin now
- Installer: Add button to save generated config file in system temp directory \ 
- Remove common subject prefixes Re:, Re[x]:, Re-x: on reply (#4882)
- Added GSSAPI/Kerberos authentication plugin - krb_authentication
- Password: Allow temporarily disabling the plugin functionality with a notice
- Require Mbstring and OpenSSL extensions (#5166)
- Add --config and --type options to moduserprefs.sh script (#4651)
- Implemented memcache_debug and apc_debug options
- Installer: Remove system() function use (#4695)
- Password plugin: Added 'kpasswd' driver by Peter Allgeyer
- Add initdb.sh to create database from initial.sql script with prefix support \ 
- Plugin API: Added disabled_plugins an disabled_buttons options in html_editor hook
- Plugin API: Added html2text hook
- Plugin API: Added message_part_body hook
- Plugin API: Added message_ready hook
- Plugin API: Add special onload() method to execute plugin actions before \ 
startup (session and GUI initialization)
- Implemented UI element to jump to specified page of the messages list (#1677)
- Fix searching of contacts to allow remote images for known senders (#4886)
- Fix bug where clicking date column with 'arrival' sorting would switch to \ 
sorting by 'date' (#4690)
- Fix bug where message content could overlap attachments list in Larry skin (#4876)
- Fix so microseconds macro (u) in log_date_format works (#4855)
- Fix so unrecognized TNEF attachments are displayed on the list of attachments \ 
- Fix so database_attachments::cleanup() does not remove attachments from other \ 
sessions (#4907)
- Fix responses list update issue after response name change (#4917)
- Fix bug where message preview was unintentionally reset on check-recent action \ 
- Fix bug where HTML messages with invalid/excessive css styles couldn't be \ 
displayed (#4905)
- Fix redundant blank lines when using HTML and top posting (#4927)
- Fix redundant blank lines on start of text after html to text conversion (#4928)
- Fix HTML sanitizer to skip <!-- node type X --> in output (#4932)
- Fix invalid LDAP query in ACL user autocompletion (#4934)