Path to this page:
Subject: CVS commit: [pkgsrc-2021Q4] pkgsrc/mail
From: Benny Siegert
Date: 2022-01-30 18:01:00
Message id: 20220130170100.4470BFB24@cvs.NetBSD.org
Log Message:
Pullup ticket #6575 - requested by taca
mail/roundcube: security fix
Revisions pulled up:
- mail/roundcube-plugin-password/distinfo 1.28
- mail/roundcube/Makefile.common 1.26
- mail/roundcube/PLIST 1.50
- mail/roundcube/distinfo 1.79
---
Module Name: pkgsrc
Committed By: taca
Date: Sat Jan 29 13:34:44 UTC 2022
Modified Files:
pkgsrc/mail/roundcube: Makefile.common PLIST distinfo
pkgsrc/mail/roundcube-plugin-password: distinfo
Log Message:
mail/roundcube: update to 1.5.2
This update contains security fix.
Roundcube Webmail 1.5.1 (2021-11-28)
This is the first service release to update the new stable version 1.5. It
provides a bunch of small fixes and improvements after getting your feedback
from the 1.5.0 release. See the full changelog below.
Important note for MySQL and MariaDB database backends
The change to full UTF-8 support in MySQL/MariaDB didn't work for everybody
migrating an existing DB. Hence here's an important notice from the
UPGRADING instructions:
If you use MySQL < 5.7.7 or MariaDB < 10.2.2 make sure to configure it with:
innodb_large_prefix=1
innodb_file_per_table=1
innodb_file_format=Barracuda
This version is considered stable and we recommend to update all productive
installations of Roundcube with it. Please do backup your data before
updating!
CHANGELOG
* Fix importing contacts with no email address (#8227)
* Fix so session's search scope is not used if search is not active (#8199)
* Fix some PHP8 warnings (#8239)
* Fix so dark mode state is retained after closing the browser (#8237)
* Fix bug where new messages were not added to the list on refresh if
skip_deleted=true (#8234)
* Fix colors on "Show source" page in dark mode (#8246)
* Fix handling of dark_mode_support:false setting in skins meta.json - also
when devel_mode=false (#8249)
* Fix database initialization if db_prefix is a schema prefix (#8221)
* Fix undefined constant error in Installer on Windows (#8258)
* Fix installation/upgrade on MySQL 5.5 - Index column size too large (#8231)
* Fix regression in setting of contact listing name (#8260)
* Fix bug in Larry skin where headers toggle state was reset on full page
preview (#8203)
* Fix bug where \u200b characters were added into the recipient input
preventing mail delivery (#8269)
* Fix charset conversion errors on PHP < 8 for charsets not supported by
mbstring (#8252)
* Fix bug where adding a contact to trusted senders via "Always allow
from..." button didn't work (#8264, #8268)
* Fix bug with show_images setting where option 1 and 3 were swapped (#8268)
* Fix PHP fatal error on an undefined constant in contacts import action
(#8277)
* Fix fetching headers of multiple message parts at once in
rcube_imap_generic::fetchMIMEHeaders() (#8282)
* Fix bug where attachment download could sometimes fail with a CSRF check
error (#8283)
* Fix an infinite loop when parsing environment variables with float/integer
values (#8293)
* Fix so 'small-dark' logo has more priority than the 'small' logo (#8298)
Roundcube Webmail 1.5.2 (2021-12-30)
This is the second service release to update the new stable version 1.5. It
provides a bunch of small fixes and improvements to the OAuth feature as
well as a security fix to a recently reported XSS vulnerability. See the
full changelog below.
Security fix
* Cross-site scripting (XSS) via HTML messages with malicious CSS content
This version is considered stable and we recommend to update all productive
installations of Roundcube with it. Please do backup your data before
updating!
CHANGELOG
* OAuth: pass 'id_token' to 'oauth_login' plugin hook (#8214)
* OAuth: fix expiration of short-lived oauth tokens (#8147)
* OAuth: fix relative path to assets if /index.php/foo/bar url is used
(#8144)
* OAuth: no auto-redirect on imap login failures (#8370)
* OAuth: refresh access token in 'refresh' plugin hook (#8224)
* Fix so folder search parameters are honored by subscriptions_option plugin
(#8312)
* Fix password change with Directadmin driver (#8322, #8329)
* Fix so css files in plugins/jqueryui/themes will be minified too (#8337)
* Fix handling of unicode/special characters in custom From input (#8357)
* Fix some PHP8 compatibility issues (#8363)
* Fix chpass-wrapper.py helper compatibility with Python 3 (#8324)
* Fix scrolling and missing Close button in the Select image dialog in
Elastic/mobile (#8367)
* Security: fix cross-site scripting (XSS) via HTML messages with malicious
CSS content
Files: