Next | Query returned 3 messages, browsing 1 to 10 | previous

History of commit frequency

CVS Commit History:


   2018-05-19 11:18:37 by S.P.Zeidler | Files touched by this commit (10) | Package updated
Log message:
Pullup ticket #5759 - requested by bsiegert
mail/roundcube: security update

Revisions pulled up:
- mail/roundcube/Makefile                                       1.89
- mail/roundcube/Makefile.common                                1.10
- mail/roundcube/PLIST                                          1.45
- mail/roundcube/distinfo                                       1.61
- mail/roundcube/files/apache.conf                              1.2
- mail/roundcube/files/lighttpd.conf                            1.1
- mail/roundcube/files/nginx.conf                               1.2
- mail/roundcube/options.mk                                     1.16
- mail/roundcube/patches/patch-ac                               deleted
- mail/roundcube/patches/patch-rcube_mime_default               1.3

-------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   triaxx
   Date:           Wed May 16 08:14:41 UTC 2018

   Modified Files:
            pkgsrc/mail/roundcube: Makefile Makefile.common PLIST distinfo
                options.mk
            pkgsrc/mail/roundcube/files: apache.conf nginx.conf
            pkgsrc/mail/roundcube/patches: patch-rcube_mime_default
   Added Files:
            pkgsrc/mail/roundcube/files: lighttpd.conf
   Removed Files:
            pkgsrc/mail/roundcube/patches: patch-ac

   Log message:
   roundcube: update to 1.3.6

   * add JavaScript dependencies listed in jsdeps.json
      * put them on /pub/pkgsrc/distfiles/roundcube to avoid checksum error due
        to archive automatic generation (e.g. tinymce_languages.zip)
   * remove patch-ac
   * add example configuration fragment for www/lighttpd

   CHANGELOG Roundcube Webmail
   ===========================

   RELEASE 1.3.6
   -------------
   - Fix parsing date strings (e.g. from a Date: mail header) with comments
   (#6216)
   - Fix PHP 7.2: count(): Parameter must be an array in enchant-based
   spellchecker (#6234)
   - Fix possible IMAP command injection and type juggling vulnerabilities
   (#6229)
   - Enigma: Fix key selection for signing
   - Enigma: Enable keypair generation on Internet Explorer 11
   - Fix check_request() bypass in places using get_uids() [CVE-2018-9846]
   (#6238)
   - Fix bug where usernames without domain part could be malformed or
   converted to lower-case on logon (#6224)

   RELEASE 1.3.5
   -------------
   - Managesieve: Fix bug where text: syntax was forced for strings longer
   than 1024 characters (#6143)
   - Managesieve: Fix missing Save button in Edit Filter Set page of Classic
   skin (#6154)
   - Fix duplicated labels in Test SMTP Config section (#6166)
   - Fix PHP Warning: exif_read_data(...): Illegal IFD size (#6169)
   - Enigma: Fix key generation in Safari by upgrade to OpenPGP 2.6.2 (#6149)
   - Fix security issue in remote content blocking on HTML image and style
   tags (#6178)
   - Added 9pt and 11pt to the list of font sizes in HTML editor
   - Fix handling encoding of HTML tags in "inline" JSON output (#6207)
   - Fix bug where some unix timestamps were not handled correctly by
   rcube_utils::anytodatetime() (#6212)

   RELEASE 1.3.4
   -------------
   - Fix bug where contacts search could skip some records (#6130)
   - Fix possible information leak - add more strict sql error check on user
   creation (#6125)
   - Fix a couple of warnings on PHP 7.2 (#6098)
   - Fix broken long filenames when using imap4d server - workaround server
   bug (#6048)
   - Fix so temp_dir misconfiguration prints an error to the log (#6045)
   - Fix untagged COPYUID responses handling - again (#5982)
   - Fix PHP warning "idn_to_utf8(): INTL_IDNA_VARIANT_2003 is deprecated"
   with PHP 7.2 (#6075)
   - Fix bug where Archive folder wasn't auto-created on login with
   create_default_folders=true
   - Fix performance issue when parsing malformed and long Date header (#6087)
   - Fix syntax error in mssql.initial.sql (#6097)
   - Fix bug where contacts export by selection returned no more than 10
   entries (#6103)
   - Fix searching contacts by address in LDAP source (#6084)
   - Fix X-Frame-Options:ALLOW-FROM support, remove custom click-jacking
   protection (#6057)

   RELEASE 1.3.3
   -------------
   - Fix decoding of mailto: links with + character in HTML messages (#6020)
   - Fix false reporting of failed upgrade in installto.sh (#6019)
   - Fix file disclosure vulnerability caused by insufficient input validation
   [CVE-2017-16651] (#6026)
   - Fix mangled non-ASCII characters in links in HTML messages (#6028)

   RELEASE 1.3.2
   -------------
   - Improve detection for Egde browser and add pointer event support (#5922)
   - Fix bug where pink image was used instead of a thumbnail when image
   resize fails (#5933)
   - Fix so files size/count limit is verified (client-side) also on
   drag-n-drop uploads (#5940)
   - Fix invalid template loading on a message error in preview frame (#5941)
   - Fix bug where HTML messages could have been rendered empty on some
   systems (#5957)
   - Fix wording of "Mark previewed messages as read" to "Mark \ 
messages as
   read" (#5952)
   - Enigma: Fix decryption of messages encoded with non-ascii charset (#5962)
   - Fix missing cursor in HTML editor on mail reply (#5969)
   - Fix (again) bug where image data URIs in css style were treated as
   evil/remote in mail preview (#5580)
   - Fix bug where mail search could return empty result on servers without
   SORT capability (#5973)
   - Fix bug where assets_path wasn't added to some watermark frames
   - Fix so untagged COPYUID responses are also supported according to RFC6851
   (#5982)
   - Fix issue caused by non-default session.cookie_lifetime setting (#5961)
   - Fix Edge encoding bug when pasting text into the HTML editor, update to
   TinyMCE 4.5.8 (#5885)
   - Fix handling of unknown Content-Disposition type (#6002)
   - Fix truncated folder name on messages list in multi-folder mode, for
   folders with non-ascii characters (#6004)
   - Fix bug where removing the last subfolder did not hide toggle button on
   its parent record (#6007)
   - Fix bug where ghost messages could be added to the list after fast delete
   (#5941)

   RELEASE 1.3.1
   -------------
   - Don't ignore (global) userlogins/sendmail logs in per_user_logging mode
   - Add Preferences > Mailbox View > Main Options > Layout (#5829)
   - Password: Fix compatibility with PHP 7+ in cpanel_webmail driver (#5820)
   - Managesieve: Fix parsing dot-staffed lines in multiline text (#5838)
   - Managesieve: Fix AM/PM suffix in vacation time selectors
   - Managesieve: Fix bug where 'exists' operator was reset to 'contains'
   (#5899)
   - Remove non-printable characters from filenames on download/display (#5880)
   - Fix decoding non-ascii attachment names from TNEF attachments (#5646,
   #5799)
   - Fix uninitialized string offset in rcube_utils::bin2ascii() and make sure
   rcube_utils::random_bytes() result has always requested length (#5788)
   - Fix bug where HTML messages with @media styles could moddify style of
   page body (#5811)
   - Fix style issue on selected and unfocused message that is part of a
   thread (#5798)
   - Fix bug where a.button style from managesieve plugin could impact other
   elements (#5800)
   - Fix position of selected icon for (Mailvelope) Encrypt button
   - Fix fatal error when using DMY- or MDY-based date format in PostgreSQL
   (#5808)
   - Fix bug where errors were not printed when using bin/update.sh (#5834)
   - Fix PHP 7.2 warnings on count() use (#5845)
   - Fix bug where Chrome could not upload the same file that was selected
   before (#5854)
   - Fix duplicate messages on the list after deleting messages on the next to
   the last page (#5862)
   - Fix bug where messages count was not updated after delete when imap_cache
   is set (#5872)
   - Fix potential XSS vulnerability with malformed HTML message markup
   - Fix sending message with "Too many public recipients" dialog buttons
   (#5924)
   - Bring back double-click behavior on the message list which was removed in
   1.3.0 (#5823)
   - Enigma: Fix decrypting an encrypted+signed message when signature
   verification fails (#5914)

   RELEASE 1.3.0
   -------------
   - Update to TinyMCE 4.5.7
   - Fix bug where invalid recipients could be silently discarded (#5739)
   - Fix conflict with _gid cookie of Google Analytics (#5748)
   - Print error from CLI scripts when system/exec function is disabled (#5744)
   - Fix bug where comment notation within style tag would cause the whole
   style to be ignored (#5747)
   - Fix bug where it wasn't possible to scroll folders list in Edge (#5750)
   - Fix folders list sorting on Windows - if php-intl is available (#5732)
   - Fix addressbook searching by gender (#5757)
   - Fix prevention from using % and * characters in folder name (#5762)
   - Fix POST parameter reflection in default_charset selector (#5768)
   - Enigma: Fix compatibility with assets_dir
   - Managesieve: Skip redundant LISTSCRIPTS command
   - Fix SQL syntax error on MariaDB 10.2 (#5774)
   - Fix bug where zipdownload ignored files with the same name (#5777)
   - Fix bug where it wasn't possible to set timezone to auto-detected value
   (#5782)

   RELEASE 1.3-rc
   --------------
   - "Flattened" the larry theme: fresher look by removing shadows and
   gradients
   - Support logging to php://stdout (#5721)
   - Add support for DelSp=Yes in format=flowed messages (#5702)
   - Update to jQuery 3.2.1
   - Update to TinyMCE 4.5.6
   - Plugin API: Call message_part_structure hook for sub-parts of
   multipart/alternative message (#5678)
   - Enigma: Always use detached signatures (#5624)
   - Enigma: Fix handling of messages with nested PGP encrypted parts (#5634)
   - Minimize unwanted message loading in preview frame on drag (#5616)
   - Fix failing database schema check in all engines except mysql (#5730)
   - Fix autocomplete popup closing with click outside the input, don't handle
   Tab key as Enter (#5606)
   - Fix jsdeps.json synchronization on update, warn about missing
   requirements of install-jsdeps.sh (#5598)
   - Fix missing thread expand icon on search result in widescreen mode (#5613)
   - Fix bug where image data URIs in css style were treated as evil/remote in
   mail preview (#5580)
   - Fix bug where external content in src attribute of input/video tags was
   not secured (#5583)
   - Fix PHP error on update of a contact with multiple email addresses when
   using PHP 7.1 (#5587)
   - Fix bug where mail content frame couldn't be reset in some corner cases
   (#5608)
   - Fix bug where some classic skin images were not displayed in IE/Edge
   (#5614)
   - Fix bug where signature couldn't be added above the quote in Firefox 51
   (#5628)
   - Fix regression where groups with email address were resolved to its
   members' addresses
   - Fix update of group name in the contacts list header on group rename
   (#5648)
   - Add rewrite rule to disable access to /vendor/bin folder in .htaccess
   (#5630)
   - Fix bug where it was too easy accidentally move a folder when using the
   subscription checkbox (#5655)
   - Managesieve: Fix parser issue with empty lines between comments (#5657)
   - Managesieve: Fix possible defect in handling \r\n in scripts (#5685)
   - Fix/rephrase "unsaved changes" warning when cancelling a draft (#5610)
   - Fix XSS issue in handling of a style tag inside of an svg element
   [CVE-2017-6820]
   - Fix bug where settings/upload.inc could not be used by plugins (#5694)
   - Fix regression in LDAP fuzzy search where it always used prefix search
   instead (#5713)
   - Fix bug where namespace prefix could not be truncated on folders list if
   show_real_foldernames=true (#5695)
   - Fix undesired effects when postgres database uses different timezone than
   PHP host (#5708)
   - Installer: Fix DB schema initialization on MS SQL Server
   - Fix bug where base_dn setting was ignored inside group_filters (#5720)
   - Password: Fix security issue in virtualmin and sasl drivers
   [CVE-2017-8114]

   RELEASE 1.3-beta
   ----------------
   - Nicely handle contact deletion on contact edit (#5522)
   - vcard_attachments: Add possibility to attach contact vCard to composed
   message (#4997)
   - Preserve message internal/received date on import in mbox format (#5559)
   - Zipdownload: Fix date format in mbox "From line"
   - Possibility to display QR code for contacts data (#5030)
   - Added identicon plugin
   - Widescreen layout aka three column view (#5093)
   - Unify automatic marking as \Seen in preview pane, full-page and extwin
   views (#5071)
   - Disable double-click on the list when preview pane is on (#5199)
   - Support hostname and hostname:port in force_https option (#5511)
   - Support ALLOW-FROM in x_frame_options (#5122)
   - Allow to omit a subject when sending an email (#5068)
   - Warn about too many disclosed recipients in composed email
   [max_disclosed_recipients] (#5132)
   - identity_select: Support Received header (#5085)
   - Plugin API: Added get_compose_responses hook (#5457)
   - Display error when trying to upload more files than specified in
   max_file_uploads (#5483)
   - Add missing sql upgrade file for 'ip' column resize in session table
   (#5465)
   - Do not show inline images of unsupported mimetype (#5463)
   - Password: Added replacement variables support in password_pop_host (#5539)
   - Password: Don't store passwords in temp files when using dovecotpw (#5531)
   - Password: Added LDAP PPolicy driver (#5364)
   - Password: Added cpanel_webmail driver (#5549)
   - Password: Added possibility to nicely redirect from other plugins on
   password expiration (#5468)
   - Implement separate action to mark all messages in a folder as \Seen
   (#5006)
   - Implement marking as \Seen in all folders or in a folder and its
   subfolders (#5076)
   - Archive: Don't reload messages list when it's not needed (#5225)
   - Archive: Add option to automatically mark archived messages as \Seen
   (#5142)
   - Improve randomness of password salts and random hashes (#5266)
   - Password/cPanel: Add support for hash authentication and reseller
   accounts (#5252)
   - Support host-specific
   imap_conn_options/smtp_conn_options/managesieve_conn_options (#5136)
   - Center and scale images in attachment preview frame (#5421)
   - Added max_message_size option enforced when attaching files to a composed
   message (#4993)
   - Added Search button in quick search menus (#5312)
   - Implement "one click" attachment/messages/photo upload (#5024)
   - Squirrelmail_usercopy: Add option to define character set of data files
   - Removed useless 'created' column from 'session' table (#5389)
   - Dropped legacy browsers support (#5167)
        - Removed legacy_browser plugin
        - Removed hacks for IE < 10
        - Update to jQuery 3.1.1 and jQuery-UI 1.12.0
        - compile .min.js files with ECMASCRIPT5 option
   - Require PHP >= 5.4
   - Add possibility to preview and download attachments in mail compose
   (#5053)
   - Add possibility to rename attachments in mail compose (#4996)
   - Remove backward compatibility "layer" of bc.php (#4902)
   - Support WEBP images in mail messages (#5362)
   - Support MathML in HTML message preview (#5182)
   - Rename Addressbook to Contacts (#5233)
   - Remove PHP mail() support, smtp_server is required now (#5340)
   - Display full message subject in onmouseover on truncated subject in mail
   view (#5346)
   - Enigma: Support GnuPG 2.1 (#5313)
   - Enigma: Support key generation for multiple identities (#5383)
   - Enigma: Import keys from key-server(s) (#5286)
   - Enigma: Search missing public keys on a key-server in mail compose (#5286)
   - Enigma: Delete user keys when using deluser.sh script
   - Enigma: Fix redundant list-secret-keys/list-public-keys calls on
   signing/encryption
   - Enigma: Implement PGP encryption and signing in one go (#5302)
   - Enigma: Display signature verification status for encrypted+signed
   messages (#5302)
   - Display different attachment icon on encrypted messages
   - Display different confirmation text when moving messages to Trash (#5220)
   - Indicate that a collapsed thread has flagged children (#5013)
   - Implemented message/rfc822 attachment preview
   - Update to jsTimezoneDetect 1.0.6
   - Managesieve: Add (optional) RAW script editor (#5414)
   - Managesieve: Add option to automatically set vacation :from address
   (#5428)
   - Managesieve: Support 'string' test from variables extension [RFC 5229]
   (#5248)
   - Managesieve: Support 'duplicate' extension [RFC 7352]
   - Managesieve: Unhide advanced rule controls if there are inputs with errors
   - Managesieve: Display warning message when filter form contains errors
   - Control search engine crawlers via X-Robots-Tag header instead of <meta>
   and robots.txt (#5098)
   - Fixed redundancy in sql caching system and compatibility with Galera
   Cluster (#5439)
        - Removed redundant 'created' column from cache and cache_shared tables
        - Removed use of redundant data records
        - Added missing primary keys (dictionary, cache, cache_shared tables)
   - Fix so templating system does not mess with external (e.g. email) content
   (#5499)
   - Fix redundant keep-alive/refresh after session error on compose page
   (#5500)
   - Managesieve: Fix handling of scripts with nested rules (#5540)
   - Fix variable substitution in ldap host for some use-cases, e.g.
   new_user_identity (#5544)
   - Enigma: Fix PHP fatal error when decrypting a message with invalid
   signature (#5555)
   - Fix adding images to new identity signatures
   - Fix rsync error handling in installto.sh script (#5562)
   - Fix some advanced search issues with multiple addressbooks (#5572)
   - Fix so group/addressbook selection is retained on page refresh

   To generate a diff of this commit:
   cvs rdiff -u -r1.88 -r1.89 pkgsrc/mail/roundcube/Makefile
   cvs rdiff -u -r1.9 -r1.10 pkgsrc/mail/roundcube/Makefile.common
   cvs rdiff -u -r1.44 -r1.45 pkgsrc/mail/roundcube/PLIST
   cvs rdiff -u -r1.60 -r1.61 pkgsrc/mail/roundcube/distinfo
   cvs rdiff -u -r1.15 -r1.16 pkgsrc/mail/roundcube/options.mk
   cvs rdiff -u -r1.1 -r1.2 pkgsrc/mail/roundcube/files/apache.conf \
        pkgsrc/mail/roundcube/files/nginx.conf
   cvs rdiff -u -r0 -r1.1 pkgsrc/mail/roundcube/files/lighttpd.conf
   cvs rdiff -u -r1.10 -r0 pkgsrc/mail/roundcube/patches/patch-ac
   cvs rdiff -u -r1.2 -r1.3 \
        pkgsrc/mail/roundcube/patches/patch-rcube_mime_default
   2018-05-06 11:13:56 by S.P.Zeidler | Files touched by this commit (6) | Package updated
Log message:
Pullup ticket #5742 - requested by taca
mail/roundcube: regression fix
mail/roundcube-plugin-enigma: regression fix
mail/roundcube-plugin-password: regression fix
mail/roundcube-plugin-zipdownload: regression fix

Revisions pulled up:
- mail/roundcube-plugin-enigma/distinfo                         1.9
- mail/roundcube-plugin-password/distinfo                       1.9
- mail/roundcube-plugin-zipdownload/distinfo                    1.9
- mail/roundcube/Makefile.common                                1.9
- mail/roundcube/distinfo                                       1.60
- mail/roundcube/plugins.mk                                     1.2

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Mon Apr 30 06:44:11 UTC 2018

   Modified Files:
   	pkgsrc/mail/roundcube: plugins.mk

   Log message:
   mail/roundcube: fix typo

   Fix typo in DEPENDS.

   To generate a diff of this commit:
   cvs rdiff -u -r1.1 -r1.2 pkgsrc/mail/roundcube/plugins.mk

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Mon Apr 30 06:45:04 UTC 2018

   Modified Files:
   	pkgsrc/mail/roundcube: Makefile.common distinfo
   	pkgsrc/mail/roundcube-plugin-enigma: distinfo
   	pkgsrc/mail/roundcube-plugin-password: distinfo
   	pkgsrc/mail/roundcube-plugin-zipdownload: distinfo

   Log message:
   mail/roundcube: update to 1.2.9

   RELEASE 1.2.9
   -------------
   - Fix regression where IMAP commands with '*' uidset argument wasn't working

   To generate a diff of this commit:
   cvs rdiff -u -r1.8 -r1.9 pkgsrc/mail/roundcube/Makefile.common
   cvs rdiff -u -r1.59 -r1.60 pkgsrc/mail/roundcube/distinfo
   cvs rdiff -u -r1.8 -r1.9 pkgsrc/mail/roundcube-plugin-enigma/distinfo
   cvs rdiff -u -r1.8 -r1.9 pkgsrc/mail/roundcube-plugin-password/distinfo
   cvs rdiff -u -r1.8 -r1.9 pkgsrc/mail/roundcube-plugin-zipdownload/distinfo
   2018-05-06 10:40:13 by S.P.Zeidler | Files touched by this commit (5) | Package updated
Log message:
Pullup ticket #5739 - requested by bsiegert
mail/roundcube: security update
mail/roundcube-plugin-enigma: security update
mail/roundcube-plugin-password: security update
mail/roundcube-plugin-zipdownload: security update

Revisions pulled up:
- mail/roundcube-plugin-enigma/distinfo                         1.8
- mail/roundcube-plugin-password/distinfo                       1.8
- mail/roundcube-plugin-zipdownload/distinfo                    1.8
- mail/roundcube/Makefile.common                                1.8
- mail/roundcube/distinfo                                       1.59

-------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   taca
   Date:           Mon Apr 23 13:55:00 UTC 2018

   Modified Files:
            pkgsrc/mail/roundcube: Makefile.common distinfo
            pkgsrc/mail/roundcube-plugin-enigma: distinfo
            pkgsrc/mail/roundcube-plugin-password: distinfo
            pkgsrc/mail/roundcube-plugin-zipdownload: distinfo

   Log message:
   mail/roundcube: update to 1.2.8

   This is a security update to the stable version 1.2.  It fixes a recently
   reported vulnerability allowing IMAP command injection via a GET parameters.
   More details about this are published under CVE-2018-9846.

   The second fix is about a missed remote content blocking on HTML messages
   with
   specially crafted image and style tags.

   We strongly recommend to update all productive installations of Roundcube
   1.2.x.  Please do backup your data before updating!

   CHANGELOG

   * Fix check_request() bypass in places using get_uids() [CVE-2018-9846]
      (#6238)

   * Fix possible IMAP command injection vulnerability [CVE-2018-9846] (#6229)

   * Fix security issue in remote content blocking on HTML image and style tags
      (#6178)

   To generate a diff of this commit:
   cvs rdiff -u -r1.7 -r1.8 pkgsrc/mail/roundcube/Makefile.common
   cvs rdiff -u -r1.58 -r1.59 pkgsrc/mail/roundcube/distinfo
   cvs rdiff -u -r1.7 -r1.8 pkgsrc/mail/roundcube-plugin-enigma/distinfo
   cvs rdiff -u -r1.7 -r1.8 pkgsrc/mail/roundcube-plugin-password/distinfo
   cvs rdiff -u -r1.7 -r1.8 pkgsrc/mail/roundcube-plugin-zipdownload/distinfo

Next | Query returned 3 messages, browsing 1 to 10 | previous