Subject: CVS commit: [pkgsrc-2020Q1] pkgsrc/mail
From: Benny Siegert
Date: 2020-06-09 13:51:50
Message id: 20200609115150.53769FB27@cvs.NetBSD.org
Log Message:
Pullup ticket #6231 - requested by taca
mail/roundcube: security fix

Revisions pulled up:
- mail/roundcube-plugin-password/distinfo                       1.18-1.19
- mail/roundcube/Makefile                                       1.93
- mail/roundcube/Makefile.common                                1.18-1.19
- mail/roundcube/distinfo                                       1.69-1.70
- mail/roundcube/options.mk                                     1.17
- mail/roundcube/patches/patch-program_lib_Roundcube_rcube__mime.php 1.3
- mail/roundcube/patches/patch-rcube_mime_default               deleted

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Sun Jun  7 22:07:04 UTC 2020

   Modified Files:
   	pkgsrc/mail/roundcube: Makefile Makefile.common distinfo options.mk
   Added Files:
   	pkgsrc/mail/roundcube/patches:
   	    patch-program_lib_Roundcube_rcube__mime.php
   Removed Files:
   	pkgsrc/mail/roundcube/patches: patch-rcube_mime_default

   Log Message:
   mail/roundcube: update to 1.4.5

   Update roundcube to 1.4.5, including some security fixes.

   pkgsrc change:

   * Proper replace PHP interpreter.
   * Fix php-sockets option to work.

   RELEASE 1.4.5
   -------------
   - Fix bug in extracting required plugins from composer.json that led to \ 
spurious error in log (#7364)
   - Fix so the database setup description is compatible with MySQL 8 (#7340)
   - Markasjunk: Fix regression in jsevent driver (#7361)
   - Fix missing flag indication on collapsed thread in Larry and Elastic (#7366)
   - Fix default keyservers (use keys.openpgp.org), add note about CORS (#7373, \ 
#7367)
   - Mailvelope: Use sender's address to find pubkeys to check signatures (#7348)
   - Mailvelope: Fix Encrypt button hidden in Elastic (#7353)
   - Fix PHP warning: count(): Parameter must be an array or an object... in ID \ 
command handler (#7392)
   - Fix error when user-configured skin does not exist anymore (#7271)
   - Elastic: Fix aspect ratio of a contact photo in mail preview (#7339)
   - Fix bug where PDF attachments marked as inline could have not been attached \ 
on mail forward (#7382)
   - Security: Fix a couple of XSS issues in Installer (#7406)
   - Security: Fix XSS issue in template object 'username' (#7406)
   - Security: Better fix for CVE-2020-12641
   - Security: Fix cross-site scripting (XSS) via malicious XML attachment

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Sun Jun  7 22:08:37 UTC 2020

   Modified Files:
   	pkgsrc/mail/roundcube-plugin-password: distinfo

   Log Message:
   mail/roundcube-plugin-password: update to 1.4.5

   Update roundcube-plugin-password to 1.4.5

   RELEASE 1.4.5
   -------------
   - Password: Fix issue with Modoboa driver (#7372)

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Tue Jun  9 00:25:19 UTC 2020

   Modified Files:
   	pkgsrc/mail/roundcube: Makefile.common distinfo
   	pkgsrc/mail/roundcube-plugin-password: distinfo

   Log Message:
   mail/roundcube: update to 1.14.6

   Update roundcube to 1.14.6.

   RELEASE 1.4.6
   -------------
   - Installer: Fix regression in SMTP test section (#7417)
Files:
RevisionActionfile
1.92.2.1modifypkgsrc/mail/roundcube/Makefile
1.16.2.2modifypkgsrc/mail/roundcube/Makefile.common
1.66.2.3modifypkgsrc/mail/roundcube/distinfo
1.16.14.1modifypkgsrc/mail/roundcube/options.mk
1.17.2.4modifypkgsrc/mail/roundcube-plugin-password/distinfo
1.3.2.2addpkgsrc/mail/roundcube/patches/patch-program_lib_Roundcube_rcube__mime.php
1.3removepkgsrc/mail/roundcube/patches/patch-rcube_mime_default