From 4d31c895c86b85f0fec9effbaf37b55c8a2229fb Mon Sep 17 00:00:00 2001 From: "Aaron W. Swenson" Date: Sun, 29 May 2016 13:35:04 -0400 Subject: mail-client/roundcube: Fix Multiple Vulnerabilities Many security issues/enhancements are resolved with this release. The most significant being: * Fix (again) security issue in DBMail driver of password plugin (CVE-2015-2181) * Fix path traversal vulnerability in setting a skin (CVE-2015-8770) * Fix XSS issue in SVG images handling * Fix XSS issue in href attribute on area tag You can find the complete list of changes in the included CHANGELOG or at: https://github.com/roundcube/roundcubemail/wiki/Changelog Bug: 580746, 584200, 584098 Package-Manager: portage-2.2.26 --- mail-client/roundcube/Manifest | 1 + mail-client/roundcube/roundcube-1.2.0.ebuild | 75 ++++++++++++++++++++++++++++ 2 files changed, 76 insertions(+) create mode 100644 mail-client/roundcube/roundcube-1.2.0.ebuild (limited to 'mail-client') diff --git a/mail-client/roundcube/Manifest b/mail-client/roundcube/Manifest index 894f804cd78f..b9a7848ea4dd 100644 --- a/mail-client/roundcube/Manifest +++ b/mail-client/roundcube/Manifest @@ -1,2 +1,3 @@ DIST roundcubemail-1.1.4.tar.gz 3209549 SHA256 539a11ed38838b221f8139b193d9762638f155c7b0ea9391315865896be16852 SHA512 18c2422d65292cd13bc4ce592e8490cc0a9d3e9551ac4d188db93eb989525af7ccf519642dd2e68a7380ab0d0d4ad4f999af2b7e99da75d88274743949b42f8a WHIRLPOOL c3e310ddb4dc50b46ff28566d030865029364f69db5a3f39be0d37f165c83486a979b4d3ab7d42835baa7ea9506df8947381612403355a628864ecbde1238d02 DIST roundcubemail-1.2-beta.tar.gz 3421215 SHA256 b7ab853c0a6e52641c851624c4405ce49643553b76c1f50b02b413cb7954fb25 SHA512 454083d6377a07bd418de5593cafb2cc7c0af474e178e322d07adeaa3473ce140a57e6d0a0ee3f58862091bc559596c98d4fb523ef6b9cee91d38064233aade6 WHIRLPOOL 059cd348397a31a3ebf2a6f58acbf832b0722b2740496ae32b4ef036a963a8199fd4f6e718895512ce1fc996da3af65c583f65faef8b817ba94d99fdfda896d3 +DIST roundcubemail-1.2.0.tar.gz 3453543 SHA256 e3b89c2772c2c5990da9bca640bc342f486edf356016cf717e6a1083c822b523 SHA512 3d97e816560830437902ede352e8be81cd93050975934b9dfc86ccf745234119bdf63d5f882fa0d1cc445575c1ea05906a87ae81befdb0bbb38002433e4de199 WHIRLPOOL f9b14ffb2520cd7eda798eb96ec8547af9f5b8d288605d5d777d126cddb3f531f53887ae9bd9b16be7bf194e87165ff48722885328c6dab0d1c1a0ee589817c4 diff --git a/mail-client/roundcube/roundcube-1.2.0.ebuild b/mail-client/roundcube/roundcube-1.2.0.ebuild new file mode 100644 index 000000000000..b3e54be0b7e4 --- /dev/null +++ b/mail-client/roundcube/roundcube-1.2.0.ebuild @@ -0,0 +1,75 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=6 + +inherit webapp + +MY_PN=${PN}mail +MY_P=${MY_PN}-${PV/_/-} + +DESCRIPTION="A browser-based multilingual IMAP client with an application-like user interface" +HOMEPAGE="http://roundcube.net" +SRC_URI="https://github.com/${PN}/${MY_PN}/releases/download/${PV/_/-}/${MY_P}.tar.gz" + +# roundcube is GPL-licensed, the rest of the licenses here are +# for bundled PEAR components, googiespell and utf8.class.php +LICENSE="GPL-3 BSD PHP-2.02 PHP-3 MIT public-domain" +KEYWORDS="~amd64 ~arm ~hppa ~ppc ~ppc64 ~sparc ~x86" + +IUSE="enigma ldap managesieve mysql postgres sqlite ssl spell" +REQUIRED_USE="|| ( mysql postgres sqlite )" + +# this function only sets DEPEND so we need to include that in RDEPEND +need_httpd_cgi + +RDEPEND=" + ${DEPEND} + >=dev-lang/php-5.3.7[crypt,filter,gd,iconv,json,ldap?,pdo,postgres?,session,sockets,sqlite?,ssl?,unicode,xml] + >=dev-php/PEAR-Auth_SASL-1.0.6 + >=dev-php/PEAR-Mail_Mime-1.8.9 + >=dev-php/PEAR-Mail_mimeDecode-1.5.5 + >=dev-php/PEAR-Net_IDNA2-0.1.1 + >=dev-php/PEAR-Net_SMTP-1.6.2 + virtual/httpd-php + enigma? ( >=dev-php/PEAR-Crypt_GPG-1.2.0 app-crypt/gnupg ) + ldap? ( >=dev-php/PEAR-Net_LDAP2-2.0.12 ) + managesieve? ( >=dev-php/PEAR-Net_Sieve-1.3.2 ) + mysql? ( || ( dev-lang/php[mysql] dev-lang/php[mysqli] ) ) + spell? ( dev-lang/php[curl,spell] ) +" + +S=${WORKDIR}/${MY_P} + +src_install() { + webapp_src_preinst + dodoc CHANGELOG INSTALL README.md UPGRADING + + insinto "${MY_HTDOCSDIR}" + doins -r [[:lower:]]* SQL + doins .htaccess + + webapp_serverowned "${MY_HTDOCSDIR}"/logs + webapp_serverowned "${MY_HTDOCSDIR}"/temp + + webapp_configfile "${MY_HTDOCSDIR}"/config/defaults.inc.php + webapp_postupgrade_txt en "${FILESDIR}/POST-UPGRADE.txt" + webapp_src_install +} + +pkg_postinst() { + webapp_pkg_postinst + + ewarn + ewarn "When upgrading from <= 0.9, note that the old configuration files" + ewarn "named main.inc.php and db.inc.php are deprecated and should be" + ewarn "replaced with one single config.inc.php file." + ewarn + ewarn "Run the ./bin/update.sh script to convert those" + ewarn "or manually merge the files." + ewarn + ewarn "The new config.inc.php should only contain options that" + ewarn "differ from the ones listed in defaults.inc.php." + ewarn +} -- cgit v1.2.3-65-gdbad