Subject: CVS commit: [pkgsrc-2014Q3] pkgsrc/mail/roundcube
From: Matthias Scheler
Date: 2014-12-21 10:52:54
Message id: 20141221095254.4E1F198@cvs.netbsd.org

Log Message:
Pullup ticket #4576 - requested by taca
mail/roundcube: security update

Revisions pulled up:
- mail/roundcube/Makefile                                       1.64-1.65
- mail/roundcube/PLIST                                          1.33
- mail/roundcube/distinfo                                       1.37-1.38

---
   Module Name:	pkgsrc
   Committed By:	adam
   Date:		Tue Oct  7 10:22:49 UTC 2014

   Modified Files:
   	pkgsrc/mail/roundcube: Makefile distinfo

   Log Message:
   Changes 1.0.3:
   - Fix insert-signature command in external compose window if opened from \ 
inline compose screen
   - Initialize HTML editor before restoring a message from localStorage
   - Add 'sig_max_lines' config option to default config file
   - Add option to specify IMAP connection socket parameters - imap_conn_options
   - Add option to set default message list mode - default_list_mode
   - Enable contextmenu plugin for TinyMCE editor
   - Fix some mime-type to extension mapping checks in Installer
   - Fix errors when using localStorage in Safari's private browsing mode
   - Fix bug where $Forwarded flag was being set even if server didn't support it
   - Fix various iCloud vCard issues, added fallback for external photos
   - Fix invalid Content-Type header when send_format_flowed=false
   - Fix errors when adding/updating contacts in active search
   - Fix incorrect thumbnail rotation with GD and exif orientation data
   - Fix contacts list update after adding/deleting/moving a contact
   - Fix handling of email addresses with quoted domain part
   - Fix comm_path update on task switch
   - Fix error in MSSQL update script 2013061000.sql
   - Fix validation of email addresses with IDNA domains

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Fri Dec 19 03:32:00 UTC 2014

   Modified Files:
   	pkgsrc/mail/roundcube: Makefile PLIST distinfo

   Log Message:
   Update roundcube to 1.0.4, which contains fix for possible CSRF attack.

   RELEASE 1.0.4
   -------------
   - Disable TinyMCE contextmenu plugin as there are more cons than pros in \ 
using it (#1490118)
   - Fix bug where show_real_foldernames setting wasn't honored on compose page \ 
(#1490153)
   - Fix issue where Archive folder wasn't protected in Folder Manager (#1490154)
   - Fix compatibility with PHP 5.2. in rcube_imap_generic (#1490115)
   - Fix setting flags on servers with no PERMANENTFLAGS response (#1490087)
   - Fix regression in SHAA password generation in ldap driver of password \ 
plugin (#1490094)
   - Fix displaying of HTML messages with absolutely positioned elements in \ 
Larry skin (#1490103)
   - Fix font style display issue in HTML messages with styled <span> \ 
elements (#1490101)
   - Fix download of attachments that are part of TNEF message (#1490091)
   - Fix handling of uuencoded messages if messages_cache is enabled (#1490108)
   - Fix handling of base64-encoded attachments with extra spaces (#1490111)
   - Fix handling of UNKNOWN-CTE response, try do decode content client-side \ 
(#1490046)
   - Fix bug where creating subfolders in shared folders wasn't possible without \ 
ACL extension (#1490113)
   - Fix reply scrolling issue with text mode and start message below the quote \ 
(#1490114)
   - Fix possible issues in skin/skin_path config handling (#1490125)
   - Fix lack of delimiter for recipient addresses in smtp_log (#1490150)
   - Fix generation of Blowfish-based password hashes (#1490184)
   - Fix bugs where CSRF attacks were still possible on some requests

Files:
RevisionActionfile
1.63.2.1modifypkgsrc/mail/roundcube/Makefile
1.32.2.1modifypkgsrc/mail/roundcube/PLIST
1.36.2.1modifypkgsrc/mail/roundcube/distinfo