Log message:
mail/roundcube: update to 1.4.8

Update roundcube to 1.4.8, security release.

RELEASE 1.4.8
-------------
- Security: Fix potential XSS issue in HTML editor of the identity signature \ 
input (#7507)
- Managesieve: Fix too-small input field in Elastic when using custom headers (#7498)
- Fix support for an error as a string in message_before_send hook (#7475)
- Elastic: Fix redundant scrollbar in plain text editor on mail reply (#7500)
- Elastic: Fix deleted and replied+forwarded icons on messages list (#7503)
- Managesieve: Allow angle brackets in out-of-office message body (#7518)
- Fix bug in conversion of email addresses to mailto links in plain text \ 
messages (#7526)
- Fix format=flowed formatting on plain text part derived from the HTML content \ 
(#7504)
- Fix incorrect rewriting of internal links in HTML content (#7512)
- Fix handling links without defined protocol (#7454)
- Fix paging of search results on IMAP servers with no SORT capability (#7462)
- Fix detecting special folders on servers with both SPECIAL-USE and LIST-STATUS \ 
(#7525)
- Security: Fix cross-site scripting (XSS) via HTML messages with malicious svg \ 
content [CVE-2020-16145]
- Security: Fix cross-site scripting (XSS) via HTML messages with malicious math \ 
content

Log message:
mail/roundcube: update to 1.4.7

Update roundcube to 1.4.7.

RELEASE 1.4.7
-------------
- Fix bug where subfolders of special folders could have been duplicated on \ 
folder list
- Increase maximum size of contact jobtitle and department fields to 128 characters
- Fix missing newline after the logged line when writing to stdout (#7418)
- Elastic: Fix context menu (paste) on the recipient input (#7431)
- Fix problem with forwarding inline images attached to messages with no HTML \ 
part (#7414)
- Fix problem with handling attached images with same name when using \ 
database_attachments/redundant_attachments (#7455)
- Security: Fix cross-site scripting (XSS) via HTML messages with malicious \ 
svg/namespace

Log message:
mail/roundcube: update to 1.14.6

Update roundcube to 1.14.6.

RELEASE 1.4.6
-------------
- Installer: Fix regression in SMTP test section (#7417)

Log message:
mail/roundcube: update to 1.4.5

Update roundcube to 1.4.5, including some security fixes.

pkgsrc change:

* Proper replace PHP interpreter.
* Fix php-sockets option to work.

RELEASE 1.4.5
-------------
- Fix bug in extracting required plugins from composer.json that led to spurious \ 
error in log (#7364)
- Fix so the database setup description is compatible with MySQL 8 (#7340)
- Markasjunk: Fix regression in jsevent driver (#7361)
- Fix missing flag indication on collapsed thread in Larry and Elastic (#7366)
- Fix default keyservers (use keys.openpgp.org), add note about CORS (#7373, #7367)
- Mailvelope: Use sender's address to find pubkeys to check signatures (#7348)
- Mailvelope: Fix Encrypt button hidden in Elastic (#7353)
- Fix PHP warning: count(): Parameter must be an array or an object... in ID \ 
command handler (#7392)
- Fix error when user-configured skin does not exist anymore (#7271)
- Elastic: Fix aspect ratio of a contact photo in mail preview (#7339)
- Fix bug where PDF attachments marked as inline could have not been attached on \ 
mail forward (#7382)
- Security: Fix a couple of XSS issues in Installer (#7406)
- Security: Fix XSS issue in template object 'username' (#7406)
- Security: Better fix for CVE-2020-12641
- Security: Fix cross-site scripting (XSS) via malicious XML attachment

Log message:
mail/roundcube: update to 1.4.4

Update roundcube, roundcube-plugin-enigma and roundcube-plugin-zipdownload to
1.4.4.  This includes security fixes..

RELEASE 1.4.4
-------------
- Fix bug where attachments with Content-Id were attached to the message on \ 
reply (#7122)
- Fix identity selection on reply when both sender and recipient addresses are \ 
included in identities (#7211)
- Elastic: Fix text selection with Shift+PageUp and Shift+PageDown in plain text \ 
editor when using Chrome (#7230)
- Elastic: Fix recipient input bug when using click to select a contact from \ 
autocomplete list (#7231)
- Elastic: Fix color of a folder with recent messages (#7281)
- Elastic: Restrict logo size in print view (#7275)
- Fix invalid Content-Type for messages with only html part and inline images - \ 
Mail_Mime-1.10.7 (#7261)
- Fix missing contact display name in QR Code data (#7257)
- Fix so button label in Select image/media dialogs is "Close" not \ 
"Cancel" (#7246)
- Fix regression in testing database schema on MSSQL (#7227)
- Fix cursor position after inserting a group to a recipient input using \ 
autocompletion (#7267)
- Fix string literals handling in IMAP STATUS (and various other) responses (#7290)
- Fix bug where multiple images in a message were replaced by the first one on \ 
forward/reply/edit (#7293)
- Fix handling keyservers configured with protocol prefix (#7295)
- Markasjunk: Fix marking as spam/ham on moving messages with Move menu (#7189)
- Markasjunk: Fix bug where moving to Junk was failing on messages selected with \ 
Select > All (#7206)
- Fix so imap error message is displayed to the user on folder create/update (#7245)
- Fix bug where a special folder couldn't be created if a special-use flag is \ 
not supported (#7147)
- Mailvelope: Fix bug where recipients with name were not handled properly in \ 
mail compose (#7312)
- Fix characters encoding in group rename input after group creation/rename (#7330)
- Fix bug where some message/rfc822 parts could not be attached on forward (#7323)
- Make install-jsdeps.sh script working without the 'file' program installed (#7325)
- Fix performance issue of parsing big HTML messages by disabling HTML5 parser \ 
for these (#7331)
- Fix so Print button for PDF attachments works on Firefox >= 75 (#5125)
- Security: Fix XSS issue in handling of CDATA in HTML messages
- Security: Fix remote code execution via crafted 'im_convert_path' or \ 
'im_identify_path' settings
- Security: Fix local file inclusion (and code execution) via crafted 'plugins' \ 
option
- Security: Fix CSRF bypass that could be used to log out an authenticated user \ 
(#7302)

RELEASE 1.4.3
-------------
- Enigma: Fix so key list selection is reset when opening key creation form (#7154)
- Enigma: Fix so using list checkbox selection does not load the key preview frame
- Enigma: Fix generation of key pairs for identities with IDN domains (#7181)
- Enigma: Display IDN domains of key users and identities in UTF8
- Enigma: Fix bug where "Send unencrypted" button didn't work in \ 
Elastic skin (#7205)
- Managesieve: Fix bug where it wasn't possible to save flag actions (#7188)
- Markasjunk: Fix bug where marking as spam/ham didn't work on moving messages \ 
with drag-and-drop (#7137)
- Elastic: Fix disappearing sidebar in mail compose after clicking Mail button
- Elastic: Fix incorrect aria-disabled attribute on Mail taskmenu button in mail \ 
compose
- Elastic: Fix bug where it was possible to switch editor mode when 'htmleditor' \ 
was in 'dont_override' (#7143)
- Elastic: Fix text selection in recipient inputs (#7129)
- Elastic: Fix missing Close button in "more recipients" dialog
- Elastic: Fix non-working folder subscription checkbox for newly added folders \ 
(#7174)
- Fix regression where "Open in new window" action didn't work (#7155)
- Fix PHP Warning: array_filter() expects parameter 1 to be array, null given in \ 
subscriptions_option plugin (#7165)
- Fix unexpected error message when mail refresh involves folder \ 
auto-unsubscribe (#6923)
- Fix recipient duplicates in print-view when the recipient list has been \ 
expanded (#7169)
- Fix bug where files in skins/ directory were listed on skins list (#7180)
- Fix bug where message parts with no Content-Disposition header and no name \ 
were not listed on attachments list (#7117)
- Fix display issues with mail subject that contains line-breaks (#7191)
- Fix invalid Content-Transfer-Encoding on multipart messages - Mail_Mime fix (#7170)
- Fix regression where using an absolute path to SQLite database file on Windows \ 
didn't work (#7196)
- Fix using unix:///path/to/socket.file in memcached driver (#7210)

Log message:
mail/roundcube-plugin-password: fix runtime problem

Fix roundcube-plugin-password.

* Patch for roundcube-plugin-password had not been applied accidently.
* More changes were required to make it work on *BSD system.

Bump PKGREVISION.

Log message:
mail/roundcube: update to 1.4.2

Update roundcube ot 1.4.2.
pkgsrc change:

* Use "complete" distfile and avoid downloading each JavaScript libraries.
* Use common patches/distinfo directory.
* Use REPLACE_PHP.

Here is release 1.4.0 announce (2019/11/09):

It's a big honor for me to announce the final release of the long awaited
major version 1.4 of Roundcube webmail.
After more than two years of hard work by Alec and other volunteer
contributors, Roundcube finally gets the responsive skin with full mobile
device support - the Elastic.

In addition to the new UI we introduce these new features:

* Email Resent (Bounce) feature
* Improved [Mailvelope](https://www.mailvelope.com) integration
* Support for Redis and Memcached cache
* Support for SMTPUTF8 and GSSAPI

Plus numerous improvements and bug fixes collected from your precious
feedback as well as updates to recent versions of 3rd party libraries like
jQuery and TinyMCE. See the full changelog in the release notes on the
Github download page [1].

The new Elastic theme, which is the new default skin, is built with LESS
and of course the sources are included. They allow a certain degree of
customization by adjusting some colors and variables using the
`_styles.less` and `_variables.less` files. Please consider customizing
your Roundcube installation in order to make phishing [2] harder. You'll
find guidance in the README.md file inside the skin folder.

This release is considered stable and we encourage you to update your
productive installations after carefully testing the upgrade scenario and
preparing your users to the significant changes in their webmail UI.
Download it from https://roundcube.net/download.

With the release of Roundcube 1.4.0, the previous stable release branches
1.3.x and 1.2.x will change into LTS low maintenance mode which means they
will only receive important security updates but no longer any regular
improvement updates. The 1.1.x series is no longer supported and maintained.

RELEASE 1.4.1 (2019/11/22)
-------------
- Elastic: Change HTML editor widget to improve form flow (#6992)
- Elastic: Fix position of mobile floating action button (#7038)
- Managesieve: Fix locked UI after opening filter frame (#7007)
- Fix PHP warning: "array_merge(): Expected parameter 2 to be an array, \ 
null given in sendmail.inc (#7003)
- Fix bug where cache keys could exceed length limit specified in db schema (#7004)
- Fix invalid Signature button state after escaping Mailvelope mode (#7015)
- Fix so 401 error is returned only on failed logon requests (#7010)
- Fix db_prefix handling in queries with `TRUNCATE TABLE <name>` and \ 
`UNIQUE <name>` (#7013)
- Fix so update.sh script warns about changed defaults (#7011)
- Fix tables listing routine when DSN contained a database with unsupported \ 
suffix (#7034)
- Fix so Elastic is also a default in jqueryui plugin (#7039)
- Fix bug where the Installer would not warn about required schema upgrade (#7042)

RELEASE 1.4.2 (2020/01/01)
-------------
- Plugin API: Make actionbefore, before<action>, actionafter and \ 
after<action> events working with plugin actions (#7106)
- Managesieve: Replace "Filter disabled" with "Filter \ 
enabled" (#7028)
- Managesieve: Fix so modifier type select wasn't hidden after hiding modifier \ 
select on header change
- Managesieve: Fix filter selection after removing a first filter (#7079)
- Markasjunk: Fix marking more than one message as spam/ham with email_learn \ 
driver (#7121)
- Installer: Fix DB Write test on SQLite database ("database is \ 
locked" error) (#7064)
- Installer: Fix so SQLite DSN with a relative path to the database file works \ 
in Installer
- Elastic: Fix contrast of warning toasts (#7058)
- Elastic: Simple search in pretty selects (#7072)
- Elastic: Fix hidden list widget on mobile/tablet when selecting folder while \ 
search menu is open (#7120)
- Fix so type attribute on script tags is not used on HTML5 pages (#6975)
- Fix unread count after purge on a folder that is not currently selected (#7051)
- Fix bug where Enter key didn't work on messages list in "List" \ 
layout (#7052)
- Fix bug where deleting a saved search in addressbook caused display issue on \ 
sources/groups list (#7061)
- Fix bug where a new saved search added after removing all searches wasn't \ 
added to the list (#7061)
- Fix bug where a new contact group added after removing all groups from \ 
addressbook wasn't added to the list
- Fix bug where Ctype extension wasn't required in Installer and INSTALL file (#7049)
- Fix so install-jsdeps.sh removes Bootstrap's sourceMappingURL (#7035)
- Fix so use of Ctrl+A does not scroll the list (#7020)
- Fix/remove useless keyup event handler on username input in logon form (#6970)
- Fix bug where cancelling switching from HTML to plain text didn't set the flag \ 
properly (#7077)
- Fix bug where HTML reply could add an empty line with extra indentation above \ 
the original message (#7088)
- Fix matching multiple X-Forwarded-For addresses with 'proxy_whitelist' (#7107)
- Fix so displayed maximum attachment size depends also on 'max_message_size' (#7105)
- Fix bug where 'skins_allowed' option didn't enforce user skin preference (#7080)
- Fix so contact's organization field accepts up to 128 characters (it was 50)
- Fix bug where listing tables in PostgreSQL database with db_prefix didn't work \ 
(#7093)
- Fix bug where 'text' attribute on body tag was ignored when displaying HTML \ 
message (#7109)
- Fix bug where next message wasn't displayed after delete in List mode (#7096)
- Fix so number of contacts in a group is not limited to 200 when redirecting to \ 
mail composer from Contacts (#6972)
- Fix malformed characters in HTML message with charset meta tag not in head (#7116)

Log message:
roundcube: install 'installer' directory for easier installation/upgrade

Depend on php-zip for zip support.

Bump PKGREVISION.

Log message:
roundcube: Follow HOMEPAGE redirect

Log message:
mail/roundcube: update to 1.3.10

 RELEASE 1.3.10
--------------
- Managesieve: Fix so "Create filter" option does not show up when \ 
Filters menu is disabled (#6723)
- Fix compatibility with kolab/net_ldap3 > 1.0.7 (#6785)
- Fix bug where bmp images couldn't be displayed on some systems (#6728)
- Fix bug in parsing vCard data using PHP 7.3 due to an invalid regexp (#6744)
- Fix bug where bold/strong text was converted to upper-case on html-to-text \ 
conversion (6758)
- Fix bug in rcube_utils::parse_hosts() where %t, %d, %z could return only tld \ 
(#6746)
- Fix bug where Next/Prev button in mail view didn't work with multi-folder \ 
search result (#6793)
- Fix bug where selection of columns on messages list wasn't working
- Fix bug in converting multi-page Tiff images to Jpeg (#6824)
- Fix wrong messages order after returning to a multi-folder search result (#6836)
- Fix PHP 7.4 deprecation: implode() wrong parameter order (#6866)
- Fix bug where it was possible to bypass the position:fixed CSS check in \ 
received messages (#6898)
- Fix bug where some strict remote URIs in url() style were unintentionally \ 
blocked (#6899)
- Fix bug where it was possible to bypass the CSS jail in HTML messages using \ 
:root pseudo-class (#6897)
- Fix bug where it was possible to bypass href URI check with \ 
data:application/xhtml+xml URIs (#6896)