Subject: CVS commit: [pkgsrc-2018Q3] pkgsrc/mail/roundcube
From: S.P.Zeidler
Date: 2018-11-09 19:39:01
Message id: 20181109183901.156FFFB1F@cvs.NetBSD.org
Log Message:
Pullup ticket #5875 - requested by taca
mail/roundcube: security update

Revisions pulled up:
- mail/roundcube/Makefile.common                                1.12
- mail/roundcube/distinfo                                       1.63

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Sun Oct 28 15:23:34 UTC 2018

   Modified Files:
   	pkgsrc/mail/roundcube: Makefile.common distinfo

   Log Message:
   mail/roundcube: update to 1.3.8

   This update includes XSS security problem.

   RELEASE 1.3.8
   -------------

   - Fix PHP warnings on dummy QUOTA responses in Courier-IMAP 4.17.1 (#6374)
   - Fix so fallback from BINARY to BODY FETCH is used also on [PARSE] errors in \ 
dovecot 2.3 (#6383)
   - Fix invalid regular expressions that throw warnings on PHP 7.3 (#6398)
   - Fix so Classic skin splitter does not escape out of window (#6397)
   - Fix XSS issue in handling invalid style tag content (#6410)
   - Fix compatibility with MySQL 8 - error on 'system' table use
   - Managesieve: Fix bug where show_real_foldernames setting wasn't respected \ 
(#6422)
   - New_user_identity: Fix %fu/%u vars substitution in user specific LDAP \ 
params (#6419)
   - Fix support for "allow-from <uri>" in \ 
"x_frame_options" config option (#6449)
   - Fix bug where valid content between HTML comments could have been skipped \ 
in some cases (#6464)
   - Fix multiple VCard field search (#6466)
   - Fix session issue on long running requests (#6470)

   To generate a diff of this commit:
   cvs rdiff -u -r1.11 -r1.12 pkgsrc/mail/roundcube/Makefile.common
   cvs rdiff -u -r1.62 -r1.63 pkgsrc/mail/roundcube/distinfo
Files:
RevisionActionfile
1.11.2.1modifypkgsrc/mail/roundcube/Makefile.common
1.62.2.1modifypkgsrc/mail/roundcube/distinfo