./mail/roundcube-plugin-password, Password change plugin for roundcube

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 1.6.9nb1, Package name: php74-roundcube-plugin-password-1.6.9nb1, Maintainer: taca

Password Plugin for Roundcube

Plugin that adds a possibility to change user password using many
methods (drivers) via Settings/Password tab.


Required to run:
[converters/php-iconv] [graphics/php-gd] [databases/php-pdo_mysql] [lang/perl5] [lang/tcl-expect] [net/php-sockets] [mail/roundcube] [lang/python310]

Required to build:
[www/apache24]

Package options: apache, gd, iconv, mysql, php-sockets

Master sites:

Filesize: 5761.176 KB

Version history: (Expand)

CVS history: (Expand)


   2024-11-16 13:08:07 by Thomas Klausner | Files touched by this commit (2504) 
Log message:
*: recursive bump for perl 5.40
   2024-09-01 16:55:11 by Takahiro Kambe | Files touched by this commit (3) | Package updated
Log message:
mail/roundcube: update to 1.6.9

1.6.9 (2024-09-01)

- Fix regression where printing/scaling/rotating image attachments was
  broken (#9571)
- Fix regression where HTML messages were displayed unstyled (#9586)
   2024-08-08 19:05:03 by Takahiro Kambe | Files touched by this commit (3) | Package updated
Log message:
mail/roundcube: update to 1.6.8

1.6.8 (2024-08-04)

This is a security update to the stable version 1.6 of Roundcube Webmail.
It provides fixes to recently reported security vulnerabilities:

* Fix XSS vulnerability in post-processing of sanitized HTML content
  [CVE-2024-42009]

* Fix XSS vulnerability in serving of attachments other than HTML or SVG
  [CVE-2024-42008]

* Fix information leak (access to remote content) via insufficient CSS
  filtering [CVE-2024-42010]

Credits to Oskar Zeino-Mahmalat (Sonar) for all these findings and thanks
for providing a very detailed report in a private communication.

This version is considered stable and we recommend to update all productive
installations of Roundcube 1.6.x with it.  Please do backup your data before
updating!

CHANGELOG

* Managesieve: Protect special scripts in managesieve_kolab_master mode
* Fix newmail_notifier notification focus in Chrome (#9467)
* Fix fatal error when parsing some TNEF attachments (#9462)
* Fix double scrollbar when composing a mail with many plain text lines
  (#7760)
* Fix decoding mail parts with multiple base64-encoded text blocks (#9290)
* Fix bug where some messages could get malformed in an import from a MBOX
  file (#9510)
* Fix invalid line break characters in multi-line text in Sieve scripts
  (#9543)
* Fix bug where "with attachment" filter could fail on some fts engines
  (#9514)
* Fix bug where an unhandled exception was caused by an invalid image
  attachment (#9475)
* Fix bug where a long subject title could not be displayed in some cases
  (#9416)
* Fix infinite loop when parsing malformed Sieve script (#9562)
* Fix bug where imap_conn_option's 'socket' was ignored (#9566)
* Fix XSS vulnerability in post-processing of sanitized HTML content
  [CVE-2024-42009]
* Fix XSS vulnerability in serving of attachments other than HTML or SVG
  [CVE-2024-42008]
* Fix information leak (access to remote content) via insufficient CSS
  filtering [CVE-2024-42010]
   2024-01-28 03:58:22 by Takahiro Kambe | Files touched by this commit (4) | Package updated
Log message:
mail/roundcube: update to 1.6.6

1.6.6 (2024-01-20)

* Fix regression in handling LDAP search_fields configuration parameter
  (#9210)
* Enigma: Fix finding of a private key when decrypting a message using GnuPG
  v2.3
* Fix page jump menu flickering on click (#9196)
* Update to TinyMCE 5.10.9 security release (#9228)
* Fix PHP8 warnings (#9235, #9238, #9242, #9306)
* Fix saving other encryption settings besides enigma's (#9240)
* Fix unneeded php command use in installto.sh and deluser.sh scripts
  (#9237)
* Fix TinyMCE localization installation (#9266)
* Fix bug where trailing non-ascii characters in email addresses could have
  been removed in recipient input (#9257)
* Fix IMAP GETMETADATA command with options - RFC5464
   2023-11-09 17:28:55 by Takahiro Kambe | Files touched by this commit (3) | Package updated
Log message:
mail/roundcube: update to 1.6.5

This is security release, quoted from release announce:

Security fix

Fix cross-site scripting (XSS) vulnerability in setting
Content-Type/Content-Disposition for attachment preview/download.
Credits for this finding go to Rene Rehme (rehme.infosec).

See the full changelogs in the release notes on the Github download pages
for the updated versions 1.6.5 and 1.5.6.

We strongly recommend to update all productive installations of Roundcube
1.6.x and 1.5.x with this new versions.

1.6.5 (2023-11-05)

* Fix PHP8 fatal error when parsing a malformed BODYSTRUCTURE (#9171)
* Fix duplicated Inbox folder on IMAP servers that do not use Inbox folder
  with all capital letters (#9166)
* Fix PHP warnings (#9174)
* Fix UI issue when dealing with an invalid managesieve_default_headers
  value (#9175)
* Fix bug where images attached to application/smil messages weren't
  displayed (#8870)
* Fix PHP string replacement error in utils/error.php (#9185)
* Fix regression where `smtp_user` did not allow pre/post strings
  before/after `%u` placeholder (#9162)
* Fix cross-site scripting (XSS) vulnerability in setting
  Content-Type/Content-Disposition for attachment preview/download
   2023-10-17 17:47:09 by Takahiro Kambe | Files touched by this commit (4) | Package updated
Log message:
mail/roundcube: update to 1.6.4

1.6.4 (2023-10-16)

Security update.

- Fix PHP8 warnings (#9142, #9160)
- Fix default 'mime.types' path on Windows (#9113)
- Managesieve: Fix javascript error when relational or spamtest
  extension is not enabled (#9139)
- Fix cross-site scripting (XSS) vulnerability in handling of SVG in
  HTML messages (#9168)
   2023-09-18 05:39:03 by Takahiro Kambe | Files touched by this commit (8) | Package updated
Log message:
mail/roundcube: update to 1.6.3

From release announce:

We just published a security update to the version 1.6 of Roundcube Webmail.
It provides a fix to a recently reported XSS vulnerability:

Fix cross-site scripting (XSS) vulnerability in handling of linkrefs in
plain text messages, reported by Niraj Shivtarkar.  See the full changelog
in the release notes in the release notes on the Github download page.

We strongly recommend to update all productive installations of Roundcube
1.6.x with this new version.

1.6.3 (2023-09-15)

* Fix bug where installto.sh/update.sh scripts were removing some essential
  options from the config file (#9051)

* Update jQuery-UI to version 1.13.2 (#9041)

* Fix regression that broke use_secure_urls feature (#9052)

* Fix potential PHP fatal error when opening a message with message/rfc822
  part (#8953)

* Fix bug where a duplicate `<title>` tag in HTML email could cause some
  parts being cut off (#9029)

* Fix bug where a list of folders could have been sorted incorrectly (#9057)

* Fix regression where LDAP addressbook 'filter' option was ignored (#9061)

* Fix wrong order of a multi-folder search result when sorting by size
  (#9065)

* Fix so install/update scripts do not require PEAR (#9037)

* Fix regression where some mail parts could have been decoded incorrectly,
  or not at all (#9096)

* Fix handling of an error case in Cyrus IMAP BINARY FETCH, fallback to
  non-binary FETCH (#9097)

* Fix PHP8 deprecation warning in the reconnect plugin (#9083)

* Fix "Show source" on mobile with x_frame_options = deny (#9084)

* Fix various PHP warnings (#9098)

* Fix deprecated use of ldap_connect() in password's ldap_simple driver
  (#9060)

* Fix cross-site scripting (XSS) vulnerability in handling of linkrefs in
  plain text messages
   2023-08-14 07:25:36 by Thomas Klausner | Files touched by this commit (1247) 
Log message:
*: recursive bump for Python 3.11 as new default