Subject: CVS commit: pkgsrc/mail
From: Takahiro Kambe
Date: 2023-11-09 17:28:55
Message id: 20231109162855.DC72CFA2F@cvs.NetBSD.org

Log Message:
mail/roundcube: update to 1.6.5

This is security release, quoted from release announce:

Security fix

Fix cross-site scripting (XSS) vulnerability in setting
Content-Type/Content-Disposition for attachment preview/download.
Credits for this finding go to Rene Rehme (rehme.infosec).

See the full changelogs in the release notes on the Github download pages
for the updated versions 1.6.5 and 1.5.6.

We strongly recommend to update all productive installations of Roundcube
1.6.x and 1.5.x with this new versions.

1.6.5 (2023-11-05)

* Fix PHP8 fatal error when parsing a malformed BODYSTRUCTURE (#9171)
* Fix duplicated Inbox folder on IMAP servers that do not use Inbox folder
  with all capital letters (#9166)
* Fix PHP warnings (#9174)
* Fix UI issue when dealing with an invalid managesieve_default_headers
  value (#9175)
* Fix bug where images attached to application/smil messages weren't
  displayed (#8870)
* Fix PHP string replacement error in utils/error.php (#9185)
* Fix regression where `smtp_user` did not allow pre/post strings
  before/after `%u` placeholder (#9162)
* Fix cross-site scripting (XSS) vulnerability in setting
  Content-Type/Content-Disposition for attachment preview/download

Files:
RevisionActionfile
1.33modifypkgsrc/mail/roundcube/Makefile.common
1.87modifypkgsrc/mail/roundcube/distinfo
1.35modifypkgsrc/mail/roundcube-plugin-password/distinfo