![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.NetBSD.org] / pkgsrc / mail / roundcube
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.87 / (download) - annotate - [select for diffs], Thu Nov 9 16:28:55 2023 UTC (4 weeks, 3 days ago) by taca
Branch: MAIN
CVS Tags: HEAD
Changes since 1.86: +4 -4
lines
Diff to previous 1.86 (colored)
mail/roundcube: update to 1.6.5 This is security release, quoted from release announce: Security fix Fix cross-site scripting (XSS) vulnerability in setting Content-Type/Content-Disposition for attachment preview/download. Credits for this finding go to Rene Rehme (rehme.infosec). See the full changelogs in the release notes on the Github download pages for the updated versions 1.6.5 and 1.5.6. We strongly recommend to update all productive installations of Roundcube 1.6.x and 1.5.x with this new versions. 1.6.5 (2023-11-05) * Fix PHP8 fatal error when parsing a malformed BODYSTRUCTURE (#9171) * Fix duplicated Inbox folder on IMAP servers that do not use Inbox folder with all capital letters (#9166) * Fix PHP warnings (#9174) * Fix UI issue when dealing with an invalid managesieve_default_headers value (#9175) * Fix bug where images attached to application/smil messages weren't displayed (#8870) * Fix PHP string replacement error in utils/error.php (#9185) * Fix regression where `smtp_user` did not allow pre/post strings before/after `%u` placeholder (#9162) * Fix cross-site scripting (XSS) vulnerability in setting Content-Type/Content-Disposition for attachment preview/download
Revision 1.86 / (download) - annotate - [select for diffs], Tue Oct 17 15:47:08 2023 UTC (7 weeks, 5 days ago) by taca
Branch: MAIN
Changes since 1.85: +5 -5
lines
Diff to previous 1.85 (colored)
mail/roundcube: update to 1.6.4 1.6.4 (2023-10-16) Security update. - Fix PHP8 warnings (#9142, #9160) - Fix default 'mime.types' path on Windows (#9113) - Managesieve: Fix javascript error when relational or spamtest extension is not enabled (#9139) - Fix cross-site scripting (XSS) vulnerability in handling of SVG in HTML messages (#9168)
Revision 1.83.4.1 / (download) - annotate - [select for diffs], Sat Sep 23 18:29:15 2023 UTC (2 months, 2 weeks ago) by bsiegert
Branch: pkgsrc-2023Q2
Changes since 1.83: +4 -4
lines
Diff to previous 1.83 (colored) next main 1.84 (colored)
Pullup ticket #6800 - requested by taca
mail/roundcube: security fix
Revisions pulled up:
- mail/roundcube-plugin-enigma/Makefile 1.16
- mail/roundcube-plugin-enigma/PLIST 1.6
- mail/roundcube-plugin-password/Makefile 1.22
- mail/roundcube-plugin-password/PLIST 1.7
- mail/roundcube-plugin-password/distinfo 1.32-1.33
- mail/roundcube-plugin-zipdownload/Makefile 1.13
- mail/roundcube-plugin-zipdownload/PLIST 1.6
- mail/roundcube/Makefile 1.98-1.99
- mail/roundcube/Makefile.common 1.30-1.31
- mail/roundcube/PLIST 1.53-1.55
- mail/roundcube/distinfo 1.84-1.85
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Jul 7 12:57:21 UTC 2023
Modified Files:
pkgsrc/mail/roundcube: Makefile.common PLIST distinfo
pkgsrc/mail/roundcube-plugin-enigma: PLIST
pkgsrc/mail/roundcube-plugin-password: PLIST distinfo
pkgsrc/mail/roundcube-plugin-zipdownload: PLIST
Log Message:
mail/roundcube: update to 1.6.2
1.6.2 (2023-07-02)
* Add Uyghur localization
* Fix regression in OAuth request URI caused by use of REQUEST_URI instead
of SCRIPT_NAME as a default (#8878)
* Fix bug where false attachment reminder was displayed on HTML mail with
inline images (#8885)
* Fix bug where a non-ASCII character in app.js could cause error in
javascript engine (#8894)
* Fix JWT decoding with url safe base64 schema (#8890)
* Fix bug where .wav instead of .mp3 file was used for the new mail
notification in Firefox (#8895)
* Fix PHP8 warning (#8891)
* Fix support for Windows-31J charset (#8869)
* Fix so LDAP VLV option is disabled by default as documented (#8833)
* Fix so an email address with name is supported as input to the managesieve
notify :from parameter (#8918)
* Fix Help plugin menu (#8898)
* Fix invalid onclick handler on the logo image when using non-array
skin_logo setting (#8933)
* Fix duplicate recipients in "To" and "Cc" on reply (#8912)
* Fix bug where it wasn't possible to scroll lists by clicking middle mouse
button (#8942)
* Fix bug where label text in a single-input dialog could be partially
invisible in some locales (#8905)
* Fix bug where LDAP (fulltext) search didn't work without 'search_fields'
in config (#8874)
* Fix extra leading newlines in plain text converted from HTML (#8973)
* Fix so recipients with a domain ending with .s are allowed (#8854)
* Fix so vCard output does not contain non-standard/redundant TYPE=OTHER and
TYPE=INTERNET (#8838)
* Fix QR code images for contacts with non-ASCII characters (#9001)
* Fix PHP8 warnings when using list_flags and list_cols properties by
plugins (#8998)
* Fix bug where subfolders could loose subscription on parent folder rename
(#8892)
* Fix connecting to LDAP using an URI with ldapi:// scheme (#8990)
* Fix insecure shell command params handling in cmd_learn driver of
markasjunk plugin (#9005)
* Fix bug where some mail headers didn't work in cmd_learn driver of
markasjunk plugin (#9005)
* Fix PHP fatal error when importing vcf file using PHP 8.2 (#9025)
* Fix so output of log_date_format with microseconds contains time in server
time zone, not UTC
---
Module Name: pkgsrc
Committed By: abs
Date: Thu Jul 27 08:18:00 UTC 2023
Modified Files:
pkgsrc/mail/roundcube: Makefile PLIST
Log Message:
Also install the "vendor/" contents to resolve guzzlehttp requirement
Bump PKGREVISION
---
Module Name: pkgsrc
Committed By: taca
Date: Mon Sep 18 03:39:03 UTC 2023
Modified Files:
pkgsrc/mail/roundcube: Makefile Makefile.common PLIST distinfo
pkgsrc/mail/roundcube-plugin-enigma: Makefile
pkgsrc/mail/roundcube-plugin-password: Makefile distinfo
pkgsrc/mail/roundcube-plugin-zipdownload: Makefile
Log Message:
mail/roundcube: update to 1.6.3
From release announce:
We just published a security update to the version 1.6 of Roundcube Webmail.
It provides a fix to a recently reported XSS vulnerability:
Fix cross-site scripting (XSS) vulnerability in handling of linkrefs in
plain text messages, reported by Niraj Shivtarkar. See the full changelog
in the release notes in the release notes on the Github download page.
We strongly recommend to update all productive installations of Roundcube
1.6.x with this new version.
1.6.3 (2023-09-15)
* Fix bug where installto.sh/update.sh scripts were removing some essential
options from the config file (#9051)
* Update jQuery-UI to version 1.13.2 (#9041)
* Fix regression that broke use_secure_urls feature (#9052)
* Fix potential PHP fatal error when opening a message with message/rfc822
part (#8953)
* Fix bug where a duplicate `<title>` tag in HTML email could cause some
parts being cut off (#9029)
* Fix bug where a list of folders could have been sorted incorrectly (#9057)
* Fix regression where LDAP addressbook 'filter' option was ignored (#9061)
* Fix wrong order of a multi-folder search result when sorting by size
(#9065)
* Fix so install/update scripts do not require PEAR (#9037)
* Fix regression where some mail parts could have been decoded incorrectly,
or not at all (#9096)
* Fix handling of an error case in Cyrus IMAP BINARY FETCH, fallback to
non-binary FETCH (#9097)
* Fix PHP8 deprecation warning in the reconnect plugin (#9083)
* Fix "Show source" on mobile with x_frame_options = deny (#9084)
* Fix various PHP warnings (#9098)
* Fix deprecated use of ldap_connect() in password's ldap_simple driver
(#9060)
* Fix cross-site scripting (XSS) vulnerability in handling of linkrefs in
plain text messages
Revision 1.85 / (download) - annotate - [select for diffs], Mon Sep 18 03:39:02 2023 UTC (2 months, 3 weeks ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2023Q3-base,
pkgsrc-2023Q3
Changes since 1.84: +4 -4
lines
Diff to previous 1.84 (colored)
mail/roundcube: update to 1.6.3 From release announce: We just published a security update to the version 1.6 of Roundcube Webmail. It provides a fix to a recently reported XSS vulnerability: Fix cross-site scripting (XSS) vulnerability in handling of linkrefs in plain text messages, reported by Niraj Shivtarkar. See the full changelog in the release notes in the release notes on the Github download page. We strongly recommend to update all productive installations of Roundcube 1.6.x with this new version. 1.6.3 (2023-09-15) * Fix bug where installto.sh/update.sh scripts were removing some essential options from the config file (#9051) * Update jQuery-UI to version 1.13.2 (#9041) * Fix regression that broke use_secure_urls feature (#9052) * Fix potential PHP fatal error when opening a message with message/rfc822 part (#8953) * Fix bug where a duplicate `<title>` tag in HTML email could cause some parts being cut off (#9029) * Fix bug where a list of folders could have been sorted incorrectly (#9057) * Fix regression where LDAP addressbook 'filter' option was ignored (#9061) * Fix wrong order of a multi-folder search result when sorting by size (#9065) * Fix so install/update scripts do not require PEAR (#9037) * Fix regression where some mail parts could have been decoded incorrectly, or not at all (#9096) * Fix handling of an error case in Cyrus IMAP BINARY FETCH, fallback to non-binary FETCH (#9097) * Fix PHP8 deprecation warning in the reconnect plugin (#9083) * Fix "Show source" on mobile with x_frame_options = deny (#9084) * Fix various PHP warnings (#9098) * Fix deprecated use of ldap_connect() in password's ldap_simple driver (#9060) * Fix cross-site scripting (XSS) vulnerability in handling of linkrefs in plain text messages
Revision 1.84 / (download) - annotate - [select for diffs], Fri Jul 7 12:57:21 2023 UTC (5 months ago) by taca
Branch: MAIN
Changes since 1.83: +4 -4
lines
Diff to previous 1.83 (colored)
mail/roundcube: update to 1.6.2 1.6.2 (2023-07-02) * Add Uyghur localization * Fix regression in OAuth request URI caused by use of REQUEST_URI instead of SCRIPT_NAME as a default (#8878) * Fix bug where false attachment reminder was displayed on HTML mail with inline images (#8885) * Fix bug where a non-ASCII character in app.js could cause error in javascript engine (#8894) * Fix JWT decoding with url safe base64 schema (#8890) * Fix bug where .wav instead of .mp3 file was used for the new mail notification in Firefox (#8895) * Fix PHP8 warning (#8891) * Fix support for Windows-31J charset (#8869) * Fix so LDAP VLV option is disabled by default as documented (#8833) * Fix so an email address with name is supported as input to the managesieve notify :from parameter (#8918) * Fix Help plugin menu (#8898) * Fix invalid onclick handler on the logo image when using non-array skin_logo setting (#8933) * Fix duplicate recipients in "To" and "Cc" on reply (#8912) * Fix bug where it wasn't possible to scroll lists by clicking middle mouse button (#8942) * Fix bug where label text in a single-input dialog could be partially invisible in some locales (#8905) * Fix bug where LDAP (fulltext) search didn't work without 'search_fields' in config (#8874) * Fix extra leading newlines in plain text converted from HTML (#8973) * Fix so recipients with a domain ending with .s are allowed (#8854) * Fix so vCard output does not contain non-standard/redundant TYPE=OTHER and TYPE=INTERNET (#8838) * Fix QR code images for contacts with non-ASCII characters (#9001) * Fix PHP8 warnings when using list_flags and list_cols properties by plugins (#8998) * Fix bug where subfolders could loose subscription on parent folder rename (#8892) * Fix connecting to LDAP using an URI with ldapi:// scheme (#8990) * Fix insecure shell command params handling in cmd_learn driver of markasjunk plugin (#9005) * Fix bug where some mail headers didn't work in cmd_learn driver of markasjunk plugin (#9005) * Fix PHP fatal error when importing vcf file using PHP 8.2 (#9025) * Fix so output of log_date_format with microseconds contains time in server time zone, not UTC
Revision 1.83 / (download) - annotate - [select for diffs], Sat Jan 28 13:48:39 2023 UTC (10 months, 1 week ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2023Q2-base,
pkgsrc-2023Q1-base,
pkgsrc-2023Q1
Branch point for: pkgsrc-2023Q2
Changes since 1.82: +4 -4
lines
Diff to previous 1.82 (colored)
mail/roundcube: update to 1.6.1 1.6.1 (2022-01-23) * Kill session if refreshing oauth token fails (#8734) * Fix various PHP 8.1 warnings (#8628, #8644, #8667, #8656, #8647) * Password: Remove references to %c variable that has been removed before (#8633) * Fix anchor links in HTML mail (#8632) * Fix bug where config creation in Installer did ignore options in the form (#8634) * Fix bug where renamed options were removed from the config on installto.sh (update.sh) run (#8643) * Fix favicon rewrite rule in .htaccess (#8654) * Fix various PHP 8.2 warnings * Fix bug where it wasn't possible to create more than one response record on SQLite and Postgres (#8664) * Fix support for ManageSieve over implicit SSL (#8670) * Fix bug where "about:blank" page could trigger "load error" (#8554) * Fix bug where setting 'Clear Trash on Logout' to 'all messages' didn't work (#8687) * Fix bug where the attachment menu wouldn't disappear after an action is selected (#8691) * Fix bug where some dialogs in an eml attachment preview would not close on mobile (#8627) * Fix bug where multiline data:image URI's in emails were stripped from the message on display (#8613) * Fix fatal error on identity page if Enigma plugin is misconfigured (#8719) * Fix so N property always exists in a vCard export (#8771) * Fix authenticating to Courier IMAP with passwords containing a '~' character (#8772) * Fix handling of smtp/imap port options on configuration file update (#8756) * Fix bug where array values could not be saved in utils/save_pref action (#8781) * Add workaround for using Roundcube behind a reverse proxy with a subpath: 'request_path' option (#8738, #8770) * Fix bug where "Invalid skin name" error was logged on preferences save if there's only one skin (#8825) * Fix SIGBUS raised in ImageMagick when more than one process tried to generate a thumbnail of the same image attachment (#8511) * Fix bug where updater does not update the vendor packages (#8642) * Fix missing mail composing textarea on reply/draft with a long plain text content (#8866)
Revision 1.82 / (download) - annotate - [select for diffs], Fri Aug 19 13:09:38 2022 UTC (15 months, 3 weeks ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2022Q4-base,
pkgsrc-2022Q4,
pkgsrc-2022Q3-base,
pkgsrc-2022Q3
Changes since 1.81: +7 -4
lines
Diff to previous 1.81 (colored)
mail/roundcube: restore patches Restore patches accidently removed by me. Noted by tnn@ and thanks much. Bump PKGREVISION.
Revision 1.81 / (download) - annotate - [select for diffs], Wed Aug 17 15:41:43 2022 UTC (15 months, 3 weeks ago) by taca
Branch: MAIN
Changes since 1.80: +4 -7
lines
Diff to previous 1.80 (colored)
mail/roundcube: update to 1.6.0
pkgsrc changes:
* Add "USE_TOOLS+= pax" to plugins.mk.
* Add some note to MESSAGES.
* update DESCR.
1.6.0 (2022-07-28)
We proudly announce the release of the next major version 1.6 of Roundcube
webmail. With this milestone we cleaned up the codebase and bring full
support for PHP 8.1. The most noteworthy changes, as already announced with
the beta release, are:
* PHP 8.1 support
* Dropped support for PHP < 7.3
* Support responses (snippets) in HTML format
* Option to purge deleted mails older than 30, 60 or 90 days
* Unified and simplified services connection config options
* Removed the Classic and Larry skins from the release packages
* SQLite: Use foreign keys, require SQLite >= 3.6.19
See the full changelog in the release notes on the Github download page.
Breaking Changes to 1.5 and prior versions
The following config options have either been removed or renamed:
1. IMAP:
* renamed default_host to imap_host
* removed default_port option (non-standard port can be set via
imap_host)
* set "localhost:143" as a default for imap_host
2. SMTP:
* renamed smtp_server to smtp_host
* removed smtp_port option (non-standard port can be set via smtp_host)
* set "localhost:587" as a default for smtp_host
3. LDAP:
* removed port option from ldap_public array (non-standard port can be set
via host)
* removed use_tls option from ldap_public array (use tls:// prefix in host)
4. Managesieve:
* removed managesieve_port option (non-standard port can be set via
managesieve_host)
* removed managesieve_usetls option (set tls:// prefix to managesieve_host)
Revision 1.80 / (download) - annotate - [select for diffs], Thu Jul 21 15:17:34 2022 UTC (16 months, 3 weeks ago) by taca
Branch: MAIN
Changes since 1.79: +4 -4
lines
Diff to previous 1.79 (colored)
mail/roundcube: update to 1.5.3 1.5.3 (2022-06-26) * Enigma: Fix initial synchronization of private keys * Enigma: Fix double quoted-printable encoding of pgp-signed messages with no attachments (#8413) * Fix various PHP8 warnings (#8392) * Fix mail headers injection via the subject field on mail compose (#8404) * Fix bug where small message/rfc822 parts could not be decoded (#8408) * Fix setting HTML mode on reply/forward of a signed message (#8405) * Fix handling of RFC2231-encoded attachment names inside of a message/rfc822 part (#8418) * Fix bug where some mail parts (images) could have not be listed as attachments (#8425) * Fix bug where attachment icons were stuck at the top of the messages list in Safari (#8433) * Fix handling of message/rfc822 parts that are small and are multipart structures with a single part (#8458) * Fix bug where session could time out if DB and PHP timezone were different (#8303) * Fix bug where DSN flag state wasn't stored with a draft (#8371) * Fix broken encoding of HTML content encapsulated in a RTF attachment (#8444) * Fix problem with aria-hidden=true on toolbar menus in the Elastic skin (#8517) * Fix bug where title tag content was displayed in the body if it contained HTML tags (#8540) * Fix support for DSN specification without host e.g. pgsql:///dbname (#8558)
Revision 1.78.2.1 / (download) - annotate - [select for diffs], Sun Jan 30 17:01:00 2022 UTC (22 months, 1 week ago) by bsiegert
Branch: pkgsrc-2021Q4
Changes since 1.78: +4 -4
lines
Diff to previous 1.78 (colored) next main 1.79 (colored)
Pullup ticket #6575 - requested by taca
mail/roundcube: security fix
Revisions pulled up:
- mail/roundcube-plugin-password/distinfo 1.28
- mail/roundcube/Makefile.common 1.26
- mail/roundcube/PLIST 1.50
- mail/roundcube/distinfo 1.79
---
Module Name: pkgsrc
Committed By: taca
Date: Sat Jan 29 13:34:44 UTC 2022
Modified Files:
pkgsrc/mail/roundcube: Makefile.common PLIST distinfo
pkgsrc/mail/roundcube-plugin-password: distinfo
Log Message:
mail/roundcube: update to 1.5.2
This update contains security fix.
Roundcube Webmail 1.5.1 (2021-11-28)
This is the first service release to update the new stable version 1.5. It
provides a bunch of small fixes and improvements after getting your feedback
from the 1.5.0 release. See the full changelog below.
Important note for MySQL and MariaDB database backends
The change to full UTF-8 support in MySQL/MariaDB didn't work for everybody
migrating an existing DB. Hence here's an important notice from the
UPGRADING instructions:
If you use MySQL < 5.7.7 or MariaDB < 10.2.2 make sure to configure it with:
innodb_large_prefix=1
innodb_file_per_table=1
innodb_file_format=Barracuda
This version is considered stable and we recommend to update all productive
installations of Roundcube with it. Please do backup your data before
updating!
CHANGELOG
* Fix importing contacts with no email address (#8227)
* Fix so session's search scope is not used if search is not active (#8199)
* Fix some PHP8 warnings (#8239)
* Fix so dark mode state is retained after closing the browser (#8237)
* Fix bug where new messages were not added to the list on refresh if
skip_deleted=true (#8234)
* Fix colors on "Show source" page in dark mode (#8246)
* Fix handling of dark_mode_support:false setting in skins meta.json - also
when devel_mode=false (#8249)
* Fix database initialization if db_prefix is a schema prefix (#8221)
* Fix undefined constant error in Installer on Windows (#8258)
* Fix installation/upgrade on MySQL 5.5 - Index column size too large (#8231)
* Fix regression in setting of contact listing name (#8260)
* Fix bug in Larry skin where headers toggle state was reset on full page
preview (#8203)
* Fix bug where \u200b characters were added into the recipient input
preventing mail delivery (#8269)
* Fix charset conversion errors on PHP < 8 for charsets not supported by
mbstring (#8252)
* Fix bug where adding a contact to trusted senders via "Always allow
from..." button didn't work (#8264, #8268)
* Fix bug with show_images setting where option 1 and 3 were swapped (#8268)
* Fix PHP fatal error on an undefined constant in contacts import action
(#8277)
* Fix fetching headers of multiple message parts at once in
rcube_imap_generic::fetchMIMEHeaders() (#8282)
* Fix bug where attachment download could sometimes fail with a CSRF check
error (#8283)
* Fix an infinite loop when parsing environment variables with float/integer
values (#8293)
* Fix so 'small-dark' logo has more priority than the 'small' logo (#8298)
Roundcube Webmail 1.5.2 (2021-12-30)
This is the second service release to update the new stable version 1.5. It
provides a bunch of small fixes and improvements to the OAuth feature as
well as a security fix to a recently reported XSS vulnerability. See the
full changelog below.
Security fix
* Cross-site scripting (XSS) via HTML messages with malicious CSS content
This version is considered stable and we recommend to update all productive
installations of Roundcube with it. Please do backup your data before
updating!
CHANGELOG
* OAuth: pass 'id_token' to 'oauth_login' plugin hook (#8214)
* OAuth: fix expiration of short-lived oauth tokens (#8147)
* OAuth: fix relative path to assets if /index.php/foo/bar url is used
(#8144)
* OAuth: no auto-redirect on imap login failures (#8370)
* OAuth: refresh access token in 'refresh' plugin hook (#8224)
* Fix so folder search parameters are honored by subscriptions_option plugin
(#8312)
* Fix password change with Directadmin driver (#8322, #8329)
* Fix so css files in plugins/jqueryui/themes will be minified too (#8337)
* Fix handling of unicode/special characters in custom From input (#8357)
* Fix some PHP8 compatibility issues (#8363)
* Fix chpass-wrapper.py helper compatibility with Python 3 (#8324)
* Fix scrolling and missing Close button in the Select image dialog in
Elastic/mobile (#8367)
* Security: fix cross-site scripting (XSS) via HTML messages with malicious
CSS content
Revision 1.79 / (download) - annotate - [select for diffs], Sat Jan 29 13:34:44 2022 UTC (22 months, 1 week ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2022Q2-base,
pkgsrc-2022Q2,
pkgsrc-2022Q1-base,
pkgsrc-2022Q1
Changes since 1.78: +4 -4
lines
Diff to previous 1.78 (colored)
mail/roundcube: update to 1.5.2 This update contains security fix. Roundcube Webmail 1.5.1 (2021-11-28) This is the first service release to update the new stable version 1.5. It provides a bunch of small fixes and improvements after getting your feedback from the 1.5.0 release. See the full changelog below. Important note for MySQL and MariaDB database backends The change to full UTF-8 support in MySQL/MariaDB didn't work for everybody migrating an existing DB. Hence here's an important notice from the UPGRADING instructions: If you use MySQL < 5.7.7 or MariaDB < 10.2.2 make sure to configure it with: innodb_large_prefix=1 innodb_file_per_table=1 innodb_file_format=Barracuda This version is considered stable and we recommend to update all productive installations of Roundcube with it. Please do backup your data before updating! CHANGELOG * Fix importing contacts with no email address (#8227) * Fix so session's search scope is not used if search is not active (#8199) * Fix some PHP8 warnings (#8239) * Fix so dark mode state is retained after closing the browser (#8237) * Fix bug where new messages were not added to the list on refresh if skip_deleted=true (#8234) * Fix colors on "Show source" page in dark mode (#8246) * Fix handling of dark_mode_support:false setting in skins meta.json - also when devel_mode=false (#8249) * Fix database initialization if db_prefix is a schema prefix (#8221) * Fix undefined constant error in Installer on Windows (#8258) * Fix installation/upgrade on MySQL 5.5 - Index column size too large (#8231) * Fix regression in setting of contact listing name (#8260) * Fix bug in Larry skin where headers toggle state was reset on full page preview (#8203) * Fix bug where \u200b characters were added into the recipient input preventing mail delivery (#8269) * Fix charset conversion errors on PHP < 8 for charsets not supported by mbstring (#8252) * Fix bug where adding a contact to trusted senders via "Always allow from..." button didn't work (#8264, #8268) * Fix bug with show_images setting where option 1 and 3 were swapped (#8268) * Fix PHP fatal error on an undefined constant in contacts import action (#8277) * Fix fetching headers of multiple message parts at once in rcube_imap_generic::fetchMIMEHeaders() (#8282) * Fix bug where attachment download could sometimes fail with a CSRF check error (#8283) * Fix an infinite loop when parsing environment variables with float/integer values (#8293) * Fix so 'small-dark' logo has more priority than the 'small' logo (#8298) Roundcube Webmail 1.5.2 (2021-12-30) This is the second service release to update the new stable version 1.5. It provides a bunch of small fixes and improvements to the OAuth feature as well as a security fix to a recently reported XSS vulnerability. See the full changelog below. Security fix * Cross-site scripting (XSS) via HTML messages with malicious CSS content This version is considered stable and we recommend to update all productive installations of Roundcube with it. Please do backup your data before updating! CHANGELOG * OAuth: pass 'id_token' to 'oauth_login' plugin hook (#8214) * OAuth: fix expiration of short-lived oauth tokens (#8147) * OAuth: fix relative path to assets if /index.php/foo/bar url is used (#8144) * OAuth: no auto-redirect on imap login failures (#8370) * OAuth: refresh access token in 'refresh' plugin hook (#8224) * Fix so folder search parameters are honored by subscriptions_option plugin (#8312) * Fix password change with Directadmin driver (#8322, #8329) * Fix so css files in plugins/jqueryui/themes will be minified too (#8337) * Fix handling of unicode/special characters in custom From input (#8357) * Fix some PHP8 compatibility issues (#8363) * Fix chpass-wrapper.py helper compatibility with Python 3 (#8324) * Fix scrolling and missing Close button in the Select image dialog in Elastic/mobile (#8367) * Security: fix cross-site scripting (XSS) via HTML messages with malicious CSS content
Revision 1.78 / (download) - annotate - [select for diffs], Sat Nov 20 15:13:32 2021 UTC (2 years ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2021Q4-base
Branch point for: pkgsrc-2021Q4
Changes since 1.77: +4 -4
lines
Diff to previous 1.77 (colored)
mail/roundcube: update to 1.5.0
1.5.0 (2021-10-17)
Quote from release announce:
We proudly announce the final release of the next major version 1.5 of
Roundcube webmail. With this milestone we introduce new features and full
PHP 8.0 support. The most noteworthy additions are:
- Dark mode for Elastic skin
- OAuth2/XOauth support (with plugin hooks)
- Collected recipients and trusted senders
- Moving recipients between inputs with drag & drop
- Full unicode support with MySQL database
- Support of IMAP LITERAL- extension RFC 7888
<https://datatracker.ietf.org/doc/html/rfc7888>
- Support of RFC 2231 <https://datatracker.ietf.org/doc/html/rfc2231>
encoded names
- Cache refactoring
Revision 1.77 / (download) - annotate - [select for diffs], Tue Oct 26 10:54:26 2021 UTC (2 years, 1 month ago) by nia
Branch: MAIN
Changes since 1.76: +2 -2
lines
Diff to previous 1.76 (colored)
mail: Replace RMD160 checksums with BLAKE2s checksums All checksums have been double-checked against existing RMD160 and SHA512 hashes The following distfiles were unfetchable (possibly fetched conditionally?): ./mail/qmail/distinfo netqmail-1.05-TAI-leapsecs.patch
Revision 1.76 / (download) - annotate - [select for diffs], Thu Oct 7 14:25:44 2021 UTC (2 years, 2 months ago) by nia
Branch: MAIN
Changes since 1.75: +1 -2
lines
Diff to previous 1.75 (colored)
mail: Remove SHA1 hashes for distfiles
Revision 1.75 / (download) - annotate - [select for diffs], Tue Feb 9 00:46:41 2021 UTC (2 years, 10 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2021Q3-base,
pkgsrc-2021Q3,
pkgsrc-2021Q2-base,
pkgsrc-2021Q2,
pkgsrc-2021Q1-base,
pkgsrc-2021Q1
Changes since 1.74: +5 -5
lines
Diff to previous 1.74 (colored)
mail/roundcube: update to 1.4.11 RELEASE 1.4.11 -------------- - Display a nice error informing about no PHP8 support - Elastic: Fix compatibility with Less v3 and v4 (#7813) - Fix bug with managesieve_domains in Settings > Forwarding form (#7849) - Fix errors in MSSQL database update scripts (#7853) - Security: Fix cross-site scripting (XSS) via HTML messages with malicious CSS content
Revision 1.74 / (download) - annotate - [select for diffs], Mon Dec 28 08:58:10 2020 UTC (2 years, 11 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2020Q4-base,
pkgsrc-2020Q4
Changes since 1.73: +5 -5
lines
Diff to previous 1.73 (colored)
mail/roundcube: update to 1.4.10 Update roundcube to 1.4.10, including security fix. RELEASE 1.4.10 -------------- - Fix extra angle brackets in In-Reply-To header derived from mailto: params (#7655) - Fix folder list issue whan special folder is a subfolder (#7647) - Fix Elastic's folder subscription toggle in search result (#7653) - Fix state of subscription toggle on folders list after changing folder state from the search result (#7653) - Security: Fix cross-site scripting (XSS) via HTML or Plain text messages with malicious content [CVE-2020-35730]
Revision 1.73 / (download) - annotate - [select for diffs], Sun Oct 4 06:26:11 2020 UTC (3 years, 2 months ago) by taca
Branch: MAIN
Changes since 1.72: +5 -5
lines
Diff to previous 1.72 (colored)
mail/roundcube: update to 1.4.9 Update roundcube package to 1.4.9. Roundcube Webmail 1.4.9 (2020-09-27) This is a service update to the stable version 1.4 of Roundcube Webmail. It contains fixes and general improvements from our issue tracker, mainly related to email composition and UI oddities in Elastic skin and with the TinyMCE richtext editor. See the full changelog below. This version is considered stable and we recommend to update all productive installations of Roundcube with it. Please do backup your data before updating! CHANGELOG * Fix HTML editor in latest Chrome 85.0.4183.102, update to TinyMCE 4.9.11 (#7615) * Add missing localization for some label/legend elements in userinfo plugin (#7478) * Fix importing birthday dates from Gmail vCards (BDAY:YYYYMMDD) * Fix restoring Cc/Bcc fields from local storage (#7554) * Fix jstz.min.js installation, bump version to 1.0.7 * Fix incorrect PDO::lastInsertId() use in sqlsrv driver (#7564) * Fix link to closure compiler in bin/jsshrink.sh script (#7567) * Fix bug where some parts of a message could have been missing in a reply/forward body (#7568) * Fix empty space on mail printouts in Chrome (#7604) * Fix empty output from HTML5 parser when content contains XML tag (#7624) * Fix scroll jump on key press in plain text mode of the HTML editor (#7622) * Fix so autocompletion list does not hide on scroll inside it (#7592)
Revision 1.70.2.2 / (download) - annotate - [select for diffs], Sun Aug 23 18:58:28 2020 UTC (3 years, 3 months ago) by bsiegert
Branch: pkgsrc-2020Q2
Changes since 1.70.2.1: +5 -5
lines
Diff to previous 1.70.2.1 (colored) to branchpoint 1.70 (colored) next main 1.71 (colored)
Pullup ticket #6302 - requested by taca mail/roundcube: security fix Revisions pulled up: - mail/roundcube-plugin-password/distinfo 1.21 - mail/roundcube/Makefile.common 1.21 - mail/roundcube/distinfo 1.72 --- Module Name: pkgsrc Committed By: taca Date: Mon Aug 10 22:30:41 UTC 2020 Modified Files: pkgsrc/mail/roundcube: Makefile.common distinfo pkgsrc/mail/roundcube-plugin-password: distinfo Log Message: mail/roundcube: update to 1.4.8 Update roundcube to 1.4.8, security release. RELEASE 1.4.8 ------------- - Security: Fix potential XSS issue in HTML editor of the identity signature input (#7507) - Managesieve: Fix too-small input field in Elastic when using custom headers (#7498) - Fix support for an error as a string in message_before_send hook (#7475) - Elastic: Fix redundant scrollbar in plain text editor on mail reply (#7500) - Elastic: Fix deleted and replied+forwarded icons on messages list (#7503) - Managesieve: Allow angle brackets in out-of-office message body (#7518) - Fix bug in conversion of email addresses to mailto links in plain text messages (#7526) - Fix format=flowed formatting on plain text part derived from the HTML content (#7504) - Fix incorrect rewriting of internal links in HTML content (#7512) - Fix handling links without defined protocol (#7454) - Fix paging of search results on IMAP servers with no SORT capability (#7462) - Fix detecting special folders on servers with both SPECIAL-USE and LIST-STATUS (#7525) - Security: Fix cross-site scripting (XSS) via HTML messages with malicious svg content [CVE-2020-16145] - Security: Fix cross-site scripting (XSS) via HTML messages with malicious math content
Revision 1.72 / (download) - annotate - [select for diffs], Mon Aug 10 22:30:41 2020 UTC (3 years, 4 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2020Q3-base,
pkgsrc-2020Q3
Changes since 1.71: +5 -5
lines
Diff to previous 1.71 (colored)
mail/roundcube: update to 1.4.8 Update roundcube to 1.4.8, security release. RELEASE 1.4.8 ------------- - Security: Fix potential XSS issue in HTML editor of the identity signature input (#7507) - Managesieve: Fix too-small input field in Elastic when using custom headers (#7498) - Fix support for an error as a string in message_before_send hook (#7475) - Elastic: Fix redundant scrollbar in plain text editor on mail reply (#7500) - Elastic: Fix deleted and replied+forwarded icons on messages list (#7503) - Managesieve: Allow angle brackets in out-of-office message body (#7518) - Fix bug in conversion of email addresses to mailto links in plain text messages (#7526) - Fix format=flowed formatting on plain text part derived from the HTML content (#7504) - Fix incorrect rewriting of internal links in HTML content (#7512) - Fix handling links without defined protocol (#7454) - Fix paging of search results on IMAP servers with no SORT capability (#7462) - Fix detecting special folders on servers with both SPECIAL-USE and LIST-STATUS (#7525) - Security: Fix cross-site scripting (XSS) via HTML messages with malicious svg content [CVE-2020-16145] - Security: Fix cross-site scripting (XSS) via HTML messages with malicious math content
Revision 1.70.2.1 / (download) - annotate - [select for diffs], Wed Jul 29 19:39:44 2020 UTC (3 years, 4 months ago) by bsiegert
Branch: pkgsrc-2020Q2
Changes since 1.70: +5 -5
lines
Diff to previous 1.70 (colored)
Pullup ticket #6274 - requested by taca mail/roundcube: security fix Revisions pulled up: - mail/roundcube-plugin-password/distinfo 1.20 - mail/roundcube/Makefile.common 1.20 - mail/roundcube/distinfo 1.71 --- Module Name: pkgsrc Committed By: taca Date: Tue Jul 7 04:37:26 UTC 2020 Modified Files: pkgsrc/mail/roundcube: Makefile.common distinfo pkgsrc/mail/roundcube-plugin-password: distinfo Log Message: mail/roundcube: update to 1.4.7 Update roundcube to 1.4.7. RELEASE 1.4.7 ------------- - Fix bug where subfolders of special folders could have been duplicated on folder list - Increase maximum size of contact jobtitle and department fields to 128 characters - Fix missing newline after the logged line when writing to stdout (#7418) - Elastic: Fix context menu (paste) on the recipient input (#7431) - Fix problem with forwarding inline images attached to messages with no HTML part (#7414) - Fix problem with handling attached images with same name when using database_attachments/redundant_attachments (#7455) - Security: Fix cross-site scripting (XSS) via HTML messages with malicious svg/namespace
Revision 1.71 / (download) - annotate - [select for diffs], Tue Jul 7 04:37:26 2020 UTC (3 years, 5 months ago) by taca
Branch: MAIN
Changes since 1.70: +5 -5
lines
Diff to previous 1.70 (colored)
mail/roundcube: update to 1.4.7 Update roundcube to 1.4.7. RELEASE 1.4.7 ------------- - Fix bug where subfolders of special folders could have been duplicated on folder list - Increase maximum size of contact jobtitle and department fields to 128 characters - Fix missing newline after the logged line when writing to stdout (#7418) - Elastic: Fix context menu (paste) on the recipient input (#7431) - Fix problem with forwarding inline images attached to messages with no HTML part (#7414) - Fix problem with handling attached images with same name when using database_attachments/redundant_attachments (#7455) - Security: Fix cross-site scripting (XSS) via HTML messages with malicious svg/namespace
Revision 1.66.2.3 / (download) - annotate - [select for diffs], Tue Jun 9 11:51:49 2020 UTC (3 years, 6 months ago) by bsiegert
Branch: pkgsrc-2020Q1
Changes since 1.66.2.2: +6 -6
lines
Diff to previous 1.66.2.2 (colored) to branchpoint 1.66 (colored) next main 1.67 (colored)
Pullup ticket #6231 - requested by taca mail/roundcube: security fix Revisions pulled up: - mail/roundcube-plugin-password/distinfo 1.18-1.19 - mail/roundcube/Makefile 1.93 - mail/roundcube/Makefile.common 1.18-1.19 - mail/roundcube/distinfo 1.69-1.70 - mail/roundcube/options.mk 1.17 - mail/roundcube/patches/patch-program_lib_Roundcube_rcube__mime.php 1.3 - mail/roundcube/patches/patch-rcube_mime_default deleted --- Module Name: pkgsrc Committed By: taca Date: Sun Jun 7 22:07:04 UTC 2020 Modified Files: pkgsrc/mail/roundcube: Makefile Makefile.common distinfo options.mk Added Files: pkgsrc/mail/roundcube/patches: patch-program_lib_Roundcube_rcube__mime.php Removed Files: pkgsrc/mail/roundcube/patches: patch-rcube_mime_default Log Message: mail/roundcube: update to 1.4.5 Update roundcube to 1.4.5, including some security fixes. pkgsrc change: * Proper replace PHP interpreter. * Fix php-sockets option to work. RELEASE 1.4.5 ------------- - Fix bug in extracting required plugins from composer.json that led to spurious error in log (#7364) - Fix so the database setup description is compatible with MySQL 8 (#7340) - Markasjunk: Fix regression in jsevent driver (#7361) - Fix missing flag indication on collapsed thread in Larry and Elastic (#7366) - Fix default keyservers (use keys.openpgp.org), add note about CORS (#7373, #7367) - Mailvelope: Use sender's address to find pubkeys to check signatures (#7348) - Mailvelope: Fix Encrypt button hidden in Elastic (#7353) - Fix PHP warning: count(): Parameter must be an array or an object... in ID command handler (#7392) - Fix error when user-configured skin does not exist anymore (#7271) - Elastic: Fix aspect ratio of a contact photo in mail preview (#7339) - Fix bug where PDF attachments marked as inline could have not been attached on mail forward (#7382) - Security: Fix a couple of XSS issues in Installer (#7406) - Security: Fix XSS issue in template object 'username' (#7406) - Security: Better fix for CVE-2020-12641 - Security: Fix cross-site scripting (XSS) via malicious XML attachment --- Module Name: pkgsrc Committed By: taca Date: Sun Jun 7 22:08:37 UTC 2020 Modified Files: pkgsrc/mail/roundcube-plugin-password: distinfo Log Message: mail/roundcube-plugin-password: update to 1.4.5 Update roundcube-plugin-password to 1.4.5 RELEASE 1.4.5 ------------- - Password: Fix issue with Modoboa driver (#7372) --- Module Name: pkgsrc Committed By: taca Date: Tue Jun 9 00:25:19 UTC 2020 Modified Files: pkgsrc/mail/roundcube: Makefile.common distinfo pkgsrc/mail/roundcube-plugin-password: distinfo Log Message: mail/roundcube: update to 1.14.6 Update roundcube to 1.14.6. RELEASE 1.4.6 ------------- - Installer: Fix regression in SMTP test section (#7417)
Revision 1.70 / (download) - annotate - [select for diffs], Tue Jun 9 00:25:19 2020 UTC (3 years, 6 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2020Q2-base
Branch point for: pkgsrc-2020Q2
Changes since 1.69: +5 -5
lines
Diff to previous 1.69 (colored)
mail/roundcube: update to 1.14.6 Update roundcube to 1.14.6. RELEASE 1.4.6 ------------- - Installer: Fix regression in SMTP test section (#7417)
Revision 1.69 / (download) - annotate - [select for diffs], Sun Jun 7 22:07:04 2020 UTC (3 years, 6 months ago) by taca
Branch: MAIN
Changes since 1.68: +6 -6
lines
Diff to previous 1.68 (colored)
mail/roundcube: update to 1.4.5 Update roundcube to 1.4.5, including some security fixes. pkgsrc change: * Proper replace PHP interpreter. * Fix php-sockets option to work. RELEASE 1.4.5 ------------- - Fix bug in extracting required plugins from composer.json that led to spurious error in log (#7364) - Fix so the database setup description is compatible with MySQL 8 (#7340) - Markasjunk: Fix regression in jsevent driver (#7361) - Fix missing flag indication on collapsed thread in Larry and Elastic (#7366) - Fix default keyservers (use keys.openpgp.org), add note about CORS (#7373, #7367) - Mailvelope: Use sender's address to find pubkeys to check signatures (#7348) - Mailvelope: Fix Encrypt button hidden in Elastic (#7353) - Fix PHP warning: count(): Parameter must be an array or an object... in ID command handler (#7392) - Fix error when user-configured skin does not exist anymore (#7271) - Elastic: Fix aspect ratio of a contact photo in mail preview (#7339) - Fix bug where PDF attachments marked as inline could have not been attached on mail forward (#7382) - Security: Fix a couple of XSS issues in Installer (#7406) - Security: Fix XSS issue in template object 'username' (#7406) - Security: Better fix for CVE-2020-12641 - Security: Fix cross-site scripting (XSS) via malicious XML attachment
Revision 1.66.2.2 / (download) - annotate - [select for diffs], Fri May 8 19:17:54 2020 UTC (3 years, 7 months ago) by bsiegert
Branch: pkgsrc-2020Q1
Changes since 1.66.2.1: +5 -5
lines
Diff to previous 1.66.2.1 (colored) to branchpoint 1.66 (colored)
Pullup ticket #6185 - requested by taca mail/roundcube: security fix Revisions pulled up: - mail/roundcube-plugin-password/Makefile 1.9 - mail/roundcube-plugin-password/distinfo 1.17 - mail/roundcube/Makefile.common 1.17 - mail/roundcube/PLIST 1.48 - mail/roundcube/distinfo 1.68 --- Module Name: pkgsrc Committed By: taca Date: Thu Apr 30 07:09:34 UTC 2020 Modified Files: pkgsrc/mail/roundcube: Makefile.common PLIST distinfo Log Message: mail/roundcube: update to 1.4.4 Update roundcube, roundcube-plugin-enigma and roundcube-plugin-zipdownload to 1.4.4. This includes security fixes.. RELEASE 1.4.4 ------------- - Fix bug where attachments with Content-Id were attached to the message on reply (#7122) - Fix identity selection on reply when both sender and recipient addresses are included in identities (#7211) - Elastic: Fix text selection with Shift+PageUp and Shift+PageDown in plain text editor when using Chrome (#7230) - Elastic: Fix recipient input bug when using click to select a contact from autocomplete list (#7231) - Elastic: Fix color of a folder with recent messages (#7281) - Elastic: Restrict logo size in print view (#7275) - Fix invalid Content-Type for messages with only html part and inline images - Mail_Mime-1.10.7 (#7261) - Fix missing contact display name in QR Code data (#7257) - Fix so button label in Select image/media dialogs is "Close" not "Cancel" (#7246) - Fix regression in testing database schema on MSSQL (#7227) - Fix cursor position after inserting a group to a recipient input using autocompletion (#7267) - Fix string literals handling in IMAP STATUS (and various other) responses (#7290) - Fix bug where multiple images in a message were replaced by the first one on forward/reply/edit (#7293) - Fix handling keyservers configured with protocol prefix (#7295) - Markasjunk: Fix marking as spam/ham on moving messages with Move menu (#7189) - Markasjunk: Fix bug where moving to Junk was failing on messages selected with Select > All (#7206) - Fix so imap error message is displayed to the user on folder create/update (#7245) - Fix bug where a special folder couldn't be created if a special-use flag is not supported (#7147) - Mailvelope: Fix bug where recipients with name were not handled properly in mail compose (#7312) - Fix characters encoding in group rename input after group creation/rename (#7330) - Fix bug where some message/rfc822 parts could not be attached on forward (#7323) - Make install-jsdeps.sh script working without the 'file' program installed (#7325) - Fix performance issue of parsing big HTML messages by disabling HTML5 parser for these (#7331) - Fix so Print button for PDF attachments works on Firefox >= 75 (#5125) - Security: Fix XSS issue in handling of CDATA in HTML messages - Security: Fix remote code execution via crafted 'im_convert_path' or 'im_identify_path' settings - Security: Fix local file inclusion (and code execution) via crafted 'plugins' option - Security: Fix CSRF bypass that could be used to log out an authenticated user (#7302) RELEASE 1.4.3 ------------- - Enigma: Fix so key list selection is reset when opening key creation form (#7154) - Enigma: Fix so using list checkbox selection does not load the key preview frame - Enigma: Fix generation of key pairs for identities with IDN domains (#7181) - Enigma: Display IDN domains of key users and identities in UTF8 - Enigma: Fix bug where "Send unencrypted" button didn't work in Elastic skin (#7205) - Managesieve: Fix bug where it wasn't possible to save flag actions (#7188) - Markasjunk: Fix bug where marking as spam/ham didn't work on moving messages with drag-and-drop (#7137) - Elastic: Fix disappearing sidebar in mail compose after clicking Mail button - Elastic: Fix incorrect aria-disabled attribute on Mail taskmenu button in mail compose - Elastic: Fix bug where it was possible to switch editor mode when 'htmleditor' was in 'dont_override' (#7143) - Elastic: Fix text selection in recipient inputs (#7129) - Elastic: Fix missing Close button in "more recipients" dialog - Elastic: Fix non-working folder subscription checkbox for newly added folders (#7174) - Fix regression where "Open in new window" action didn't work (#7155) - Fix PHP Warning: array_filter() expects parameter 1 to be array, null given in subscriptions_option plugin (#7165) - Fix unexpected error message when mail refresh involves folder auto-unsubscribe (#6923) - Fix recipient duplicates in print-view when the recipient list has been expanded (#7169) - Fix bug where files in skins/ directory were listed on skins list (#7180) - Fix bug where message parts with no Content-Disposition header and no name were not listed on attachments list (#7117) - Fix display issues with mail subject that contains line-breaks (#7191) - Fix invalid Content-Transfer-Encoding on multipart messages - Mail_Mime fix (#7170) - Fix regression where using an absolute path to SQLite database file on Windows didn't work (#7196) - Fix using unix:///path/to/socket.file in memcached driver (#7210) --- Module Name: pkgsrc Committed By: taca Date: Thu Apr 30 07:11:16 UTC 2020 Modified Files: pkgsrc/mail/roundcube-plugin-password: Makefile distinfo Log Message: mail/roundcube-plugin-password: update to 1.4.4 Update roundcube-plugin-password to 1.4.4. pkgsrc change: add dependecy to lang/tcl-expect. RELEASE 1.4.3 ------------- - Password: Make chpass-wrapper.py Python 3 compatible (#7135)
Revision 1.66.2.1 / (download) - annotate - [select for diffs], Wed May 6 10:01:06 2020 UTC (3 years, 7 months ago) by bsiegert
Branch: pkgsrc-2020Q1
Changes since 1.66: +1 -2
lines
Diff to previous 1.66 (colored)
Pullup ticket #6182 - requested by taca mail/roundcube-plugin-password: bugfix Revisions pulled up: - mail/roundcube-plugin-password/Makefile 1.8 - mail/roundcube-plugin-password/distinfo 1.16 - mail/roundcube-plugin-password/patches/patch-plugins_password_helpers_passwd-expect 1.1 - mail/roundcube/distinfo 1.67 - mail/roundcube/patches/patch-plugins_password_helpers_passwd-expect deleted --- Module Name: pkgsrc Committed By: taca Date: Sun Apr 26 08:48:24 UTC 2020 Modified Files: pkgsrc/mail/roundcube: distinfo pkgsrc/mail/roundcube-plugin-password: Makefile Added Files: pkgsrc/mail/roundcube-plugin-password: distinfo pkgsrc/mail/roundcube-plugin-password/patches: patch-plugins_password_helpers_passwd-expect Removed Files: pkgsrc/mail/roundcube/patches: patch-plugins_password_helpers_passwd-expect Log Message: mail/roundcube-plugin-password: fix runtime problem Fix roundcube-plugin-password. * Patch for roundcube-plugin-password had not been applied accidently. * More changes were required to make it work on *BSD system. Bump PKGREVISION.
Revision 1.68 / (download) - annotate - [select for diffs], Thu Apr 30 07:09:34 2020 UTC (3 years, 7 months ago) by taca
Branch: MAIN
Changes since 1.67: +5 -5
lines
Diff to previous 1.67 (colored)
mail/roundcube: update to 1.4.4 Update roundcube, roundcube-plugin-enigma and roundcube-plugin-zipdownload to 1.4.4. This includes security fixes.. RELEASE 1.4.4 ------------- - Fix bug where attachments with Content-Id were attached to the message on reply (#7122) - Fix identity selection on reply when both sender and recipient addresses are included in identities (#7211) - Elastic: Fix text selection with Shift+PageUp and Shift+PageDown in plain text editor when using Chrome (#7230) - Elastic: Fix recipient input bug when using click to select a contact from autocomplete list (#7231) - Elastic: Fix color of a folder with recent messages (#7281) - Elastic: Restrict logo size in print view (#7275) - Fix invalid Content-Type for messages with only html part and inline images - Mail_Mime-1.10.7 (#7261) - Fix missing contact display name in QR Code data (#7257) - Fix so button label in Select image/media dialogs is "Close" not "Cancel" (#7246) - Fix regression in testing database schema on MSSQL (#7227) - Fix cursor position after inserting a group to a recipient input using autocompletion (#7267) - Fix string literals handling in IMAP STATUS (and various other) responses (#7290) - Fix bug where multiple images in a message were replaced by the first one on forward/reply/edit (#7293) - Fix handling keyservers configured with protocol prefix (#7295) - Markasjunk: Fix marking as spam/ham on moving messages with Move menu (#7189) - Markasjunk: Fix bug where moving to Junk was failing on messages selected with Select > All (#7206) - Fix so imap error message is displayed to the user on folder create/update (#7245) - Fix bug where a special folder couldn't be created if a special-use flag is not supported (#7147) - Mailvelope: Fix bug where recipients with name were not handled properly in mail compose (#7312) - Fix characters encoding in group rename input after group creation/rename (#7330) - Fix bug where some message/rfc822 parts could not be attached on forward (#7323) - Make install-jsdeps.sh script working without the 'file' program installed (#7325) - Fix performance issue of parsing big HTML messages by disabling HTML5 parser for these (#7331) - Fix so Print button for PDF attachments works on Firefox >= 75 (#5125) - Security: Fix XSS issue in handling of CDATA in HTML messages - Security: Fix remote code execution via crafted 'im_convert_path' or 'im_identify_path' settings - Security: Fix local file inclusion (and code execution) via crafted 'plugins' option - Security: Fix CSRF bypass that could be used to log out an authenticated user (#7302) RELEASE 1.4.3 ------------- - Enigma: Fix so key list selection is reset when opening key creation form (#7154) - Enigma: Fix so using list checkbox selection does not load the key preview frame - Enigma: Fix generation of key pairs for identities with IDN domains (#7181) - Enigma: Display IDN domains of key users and identities in UTF8 - Enigma: Fix bug where "Send unencrypted" button didn't work in Elastic skin (#7205) - Managesieve: Fix bug where it wasn't possible to save flag actions (#7188) - Markasjunk: Fix bug where marking as spam/ham didn't work on moving messages with drag-and-drop (#7137) - Elastic: Fix disappearing sidebar in mail compose after clicking Mail button - Elastic: Fix incorrect aria-disabled attribute on Mail taskmenu button in mail compose - Elastic: Fix bug where it was possible to switch editor mode when 'htmleditor' was in 'dont_override' (#7143) - Elastic: Fix text selection in recipient inputs (#7129) - Elastic: Fix missing Close button in "more recipients" dialog - Elastic: Fix non-working folder subscription checkbox for newly added folders (#7174) - Fix regression where "Open in new window" action didn't work (#7155) - Fix PHP Warning: array_filter() expects parameter 1 to be array, null given in subscriptions_option plugin (#7165) - Fix unexpected error message when mail refresh involves folder auto-unsubscribe (#6923) - Fix recipient duplicates in print-view when the recipient list has been expanded (#7169) - Fix bug where files in skins/ directory were listed on skins list (#7180) - Fix bug where message parts with no Content-Disposition header and no name were not listed on attachments list (#7117) - Fix display issues with mail subject that contains line-breaks (#7191) - Fix invalid Content-Transfer-Encoding on multipart messages - Mail_Mime fix (#7170) - Fix regression where using an absolute path to SQLite database file on Windows didn't work (#7196) - Fix using unix:///path/to/socket.file in memcached driver (#7210)
Revision 1.67 / (download) - annotate - [select for diffs], Sun Apr 26 08:48:23 2020 UTC (3 years, 7 months ago) by taca
Branch: MAIN
Changes since 1.66: +1 -2
lines
Diff to previous 1.66 (colored)
mail/roundcube-plugin-password: fix runtime problem Fix roundcube-plugin-password. * Patch for roundcube-plugin-password had not been applied accidently. * More changes were required to make it work on *BSD system. Bump PKGREVISION.
Revision 1.66 / (download) - annotate - [select for diffs], Tue Jan 14 14:30:00 2020 UTC (3 years, 10 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2020Q1-base
Branch point for: pkgsrc-2020Q1
Changes since 1.65: +7 -31
lines
Diff to previous 1.65 (colored)
mail/roundcube: update to 1.4.2
Update roundcube ot 1.4.2.
pkgsrc change:
* Use "complete" distfile and avoid downloading each JavaScript libraries.
* Use common patches/distinfo directory.
* Use REPLACE_PHP.
Here is release 1.4.0 announce (2019/11/09):
It's a big honor for me to announce the final release of the long awaited
major version 1.4 of Roundcube webmail.
After more than two years of hard work by Alec and other volunteer
contributors, Roundcube finally gets the responsive skin with full mobile
device support - the Elastic.
In addition to the new UI we introduce these new features:
* Email Resent (Bounce) feature
* Improved [Mailvelope](https://www.mailvelope.com) integration
* Support for Redis and Memcached cache
* Support for SMTPUTF8 and GSSAPI
Plus numerous improvements and bug fixes collected from your precious
feedback as well as updates to recent versions of 3rd party libraries like
jQuery and TinyMCE. See the full changelog in the release notes on the
Github download page [1].
The new Elastic theme, which is the new default skin, is built with LESS
and of course the sources are included. They allow a certain degree of
customization by adjusting some colors and variables using the
`_styles.less` and `_variables.less` files. Please consider customizing
your Roundcube installation in order to make phishing [2] harder. You'll
find guidance in the README.md file inside the skin folder.
This release is considered stable and we encourage you to update your
productive installations after carefully testing the upgrade scenario and
preparing your users to the significant changes in their webmail UI.
Download it from https://roundcube.net/download.
With the release of Roundcube 1.4.0, the previous stable release branches
1.3.x and 1.2.x will change into LTS low maintenance mode which means they
will only receive important security updates but no longer any regular
improvement updates. The 1.1.x series is no longer supported and maintained.
RELEASE 1.4.1 (2019/11/22)
-------------
- Elastic: Change HTML editor widget to improve form flow (#6992)
- Elastic: Fix position of mobile floating action button (#7038)
- Managesieve: Fix locked UI after opening filter frame (#7007)
- Fix PHP warning: "array_merge(): Expected parameter 2 to be an array, null given in sendmail.inc (#7003)
- Fix bug where cache keys could exceed length limit specified in db schema (#7004)
- Fix invalid Signature button state after escaping Mailvelope mode (#7015)
- Fix so 401 error is returned only on failed logon requests (#7010)
- Fix db_prefix handling in queries with `TRUNCATE TABLE <name>` and `UNIQUE <name>` (#7013)
- Fix so update.sh script warns about changed defaults (#7011)
- Fix tables listing routine when DSN contained a database with unsupported suffix (#7034)
- Fix so Elastic is also a default in jqueryui plugin (#7039)
- Fix bug where the Installer would not warn about required schema upgrade (#7042)
RELEASE 1.4.2 (2020/01/01)
-------------
- Plugin API: Make actionbefore, before<action>, actionafter and after<action> events working with plugin actions (#7106)
- Managesieve: Replace "Filter disabled" with "Filter enabled" (#7028)
- Managesieve: Fix so modifier type select wasn't hidden after hiding modifier select on header change
- Managesieve: Fix filter selection after removing a first filter (#7079)
- Markasjunk: Fix marking more than one message as spam/ham with email_learn driver (#7121)
- Installer: Fix DB Write test on SQLite database ("database is locked" error) (#7064)
- Installer: Fix so SQLite DSN with a relative path to the database file works in Installer
- Elastic: Fix contrast of warning toasts (#7058)
- Elastic: Simple search in pretty selects (#7072)
- Elastic: Fix hidden list widget on mobile/tablet when selecting folder while search menu is open (#7120)
- Fix so type attribute on script tags is not used on HTML5 pages (#6975)
- Fix unread count after purge on a folder that is not currently selected (#7051)
- Fix bug where Enter key didn't work on messages list in "List" layout (#7052)
- Fix bug where deleting a saved search in addressbook caused display issue on sources/groups list (#7061)
- Fix bug where a new saved search added after removing all searches wasn't added to the list (#7061)
- Fix bug where a new contact group added after removing all groups from addressbook wasn't added to the list
- Fix bug where Ctype extension wasn't required in Installer and INSTALL file (#7049)
- Fix so install-jsdeps.sh removes Bootstrap's sourceMappingURL (#7035)
- Fix so use of Ctrl+A does not scroll the list (#7020)
- Fix/remove useless keyup event handler on username input in logon form (#6970)
- Fix bug where cancelling switching from HTML to plain text didn't set the flag properly (#7077)
- Fix bug where HTML reply could add an empty line with extra indentation above the original message (#7088)
- Fix matching multiple X-Forwarded-For addresses with 'proxy_whitelist' (#7107)
- Fix so displayed maximum attachment size depends also on 'max_message_size' (#7105)
- Fix bug where 'skins_allowed' option didn't enforce user skin preference (#7080)
- Fix so contact's organization field accepts up to 128 characters (it was 50)
- Fix bug where listing tables in PostgreSQL database with db_prefix didn't work (#7093)
- Fix bug where 'text' attribute on body tag was ignored when displaying HTML message (#7109)
- Fix bug where next message wasn't displayed after delete in List mode (#7096)
- Fix so number of contacts in a group is not limited to 200 when redirecting to mail composer from Contacts (#6972)
- Fix malformed characters in HTML message with charset meta tag not in head (#7116)
Revision 1.64.2.1 / (download) - annotate - [select for diffs], Tue Sep 10 18:10:55 2019 UTC (4 years, 3 months ago) by bsiegert
Branch: pkgsrc-2019Q2
Changes since 1.64: +5 -5
lines
Diff to previous 1.64 (colored) next main 1.65 (colored)
Pullup ticket #6046 - requested by taca
mail/roundcube, mail/roundcube-plugin-*: security fix
Revisions pulled up:
- mail/roundcube-plugin-enigma/Makefile 1.6
- mail/roundcube-plugin-enigma/distinfo 1.14
- mail/roundcube-plugin-password/Makefile 1.6
- mail/roundcube-plugin-password/distinfo 1.14
- mail/roundcube-plugin-zipdownload/Makefile 1.4
- mail/roundcube-plugin-zipdownload/distinfo 1.14
- mail/roundcube/Makefile.common 1.14
- mail/roundcube/distinfo 1.65
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Sep 1 13:08:09 UTC 2019
Modified Files:
pkgsrc/mail/roundcube: Makefile.common distinfo
Log Message:
mail/roundcube: update to 1.3.10
RELEASE 1.3.10
--------------
- Managesieve: Fix so "Create filter" option does not show up when Filters menu is disabled (#6723)
- Fix compatibility with kolab/net_ldap3 > 1.0.7 (#6785)
- Fix bug where bmp images couldn't be displayed on some systems (#6728)
- Fix bug in parsing vCard data using PHP 7.3 due to an invalid regexp (#6744)
- Fix bug where bold/strong text was converted to upper-case on html-to-text conversion (6758)
- Fix bug in rcube_utils::parse_hosts() where %t, %d, %z could return only tld (#6746)
- Fix bug where Next/Prev button in mail view didn't work with multi-folder search result (#6793)
- Fix bug where selection of columns on messages list wasn't working
- Fix bug in converting multi-page Tiff images to Jpeg (#6824)
- Fix wrong messages order after returning to a multi-folder search result (#6836)
- Fix PHP 7.4 deprecation: implode() wrong parameter order (#6866)
- Fix bug where it was possible to bypass the position:fixed CSS check in received messages (#6898)
- Fix bug where some strict remote URIs in url() style were unintentionally blocked (#6899)
- Fix bug where it was possible to bypass the CSS jail in HTML messages using :root pseudo-class (#6897)
- Fix bug where it was possible to bypass href URI check with data:application/xhtml+xml URIs (#6896)
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Sep 1 13:08:56 UTC 2019
Modified Files:
pkgsrc/mail/roundcube-plugin-enigma: Makefile distinfo
Log Message:
mail/roundcube-plugin-enigma: update to 1.3.10
RELEASE 1.3.10
--------------
- Enigma: Fix bug where revoked users/keys were not greyed out in key info
- Enigma: Fix error message when trying to encrypt with a revoked key (#6607)
- Enigma: Fix "decryption oracle" bug [CVE-2019-10740] (#6638)
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Sep 1 13:10:39 UTC 2019
Modified Files:
pkgsrc/mail/roundcube-plugin-password: Makefile distinfo
Log Message:
mail/roundcube-plugin-password: update to 1.3.10
Update roundcube-plugin-password to 1.3.10. No changes except version.
pkgsrc change: remove duplicated setting PLUGIN.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Sep 1 13:11:47 UTC 2019
Modified Files:
pkgsrc/mail/roundcube-plugin-zipdownload: Makefile distinfo
Log Message:
mail/roundcube-plugin-zipdownload: update to 1.3.10
Update roundcube-plugin-password to 1.3.10. No changes except version.
pkgsrc change: remove duplicated setting PLUGIN.
Revision 1.65 / (download) - annotate - [select for diffs], Sun Sep 1 13:08:09 2019 UTC (4 years, 3 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2019Q4-base,
pkgsrc-2019Q4,
pkgsrc-2019Q3-base,
pkgsrc-2019Q3
Changes since 1.64: +5 -5
lines
Diff to previous 1.64 (colored)
mail/roundcube: update to 1.3.10 RELEASE 1.3.10 -------------- - Managesieve: Fix so "Create filter" option does not show up when Filters menu is disabled (#6723) - Fix compatibility with kolab/net_ldap3 > 1.0.7 (#6785) - Fix bug where bmp images couldn't be displayed on some systems (#6728) - Fix bug in parsing vCard data using PHP 7.3 due to an invalid regexp (#6744) - Fix bug where bold/strong text was converted to upper-case on html-to-text conversion (6758) - Fix bug in rcube_utils::parse_hosts() where %t, %d, %z could return only tld (#6746) - Fix bug where Next/Prev button in mail view didn't work with multi-folder search result (#6793) - Fix bug where selection of columns on messages list wasn't working - Fix bug in converting multi-page Tiff images to Jpeg (#6824) - Fix wrong messages order after returning to a multi-folder search result (#6836) - Fix PHP 7.4 deprecation: implode() wrong parameter order (#6866) - Fix bug where it was possible to bypass the position:fixed CSS check in received messages (#6898) - Fix bug where some strict remote URIs in url() style were unintentionally blocked (#6899) - Fix bug where it was possible to bypass the CSS jail in HTML messages using :root pseudo-class (#6897) - Fix bug where it was possible to bypass href URI check with data:application/xhtml+xml URIs (#6896)
Revision 1.64 / (download) - annotate - [select for diffs], Tue Apr 30 03:58:45 2019 UTC (4 years, 7 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2019Q2-base
Branch point for: pkgsrc-2019Q2
Changes since 1.63: +5 -5
lines
Diff to previous 1.63 (colored)
mail/roundcube: update to 1.3.9 Update roundcube and related pacakges to 1.3.9. RELEASE 1.3.9 ------------- - Fix TinyMCE download location (#6694) - Fix bug where a message/rfc822 part without a filename wasn't listed on the attachments list (#6494) - Fix handling of empty entries in vCard import (#6564) - Fix bug in parsing some IMAP command responses that include unsolicited replies (#6577) - Fix PHP 7.2 compatibility in debug_logger plugin (#6586) - Fix so ANY record is not used for email domain validation, use A, MX, CNAME, AAAA instead (#6581) - Fix so mime_content_type check in Installer uses files that should always be available (i.e. from program/resources) (#6599) - Fix missing CSRF token on a link to download too-big message part (#6621) - Fix bug when aborting dragging with ESC key didn't stop the move action (#6623) - Fix bug where next row wasn't selected after deleting a collapsed thread (#6655)
Revision 1.62.2.1 / (download) - annotate - [select for diffs], Fri Nov 9 18:39:00 2018 UTC (5 years, 1 month ago) by spz
Branch: pkgsrc-2018Q3
Changes since 1.62: +5 -5
lines
Diff to previous 1.62 (colored) next main 1.63 (colored)
Pullup ticket #5875 - requested by taca mail/roundcube: security update Revisions pulled up: - mail/roundcube/Makefile.common 1.12 - mail/roundcube/distinfo 1.63 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Sun Oct 28 15:23:34 UTC 2018 Modified Files: pkgsrc/mail/roundcube: Makefile.common distinfo Log Message: mail/roundcube: update to 1.3.8 This update includes XSS security problem. RELEASE 1.3.8 ------------- - Fix PHP warnings on dummy QUOTA responses in Courier-IMAP 4.17.1 (#6374) - Fix so fallback from BINARY to BODY FETCH is used also on [PARSE] errors in dovecot 2.3 (#6383) - Fix invalid regular expressions that throw warnings on PHP 7.3 (#6398) - Fix so Classic skin splitter does not escape out of window (#6397) - Fix XSS issue in handling invalid style tag content (#6410) - Fix compatibility with MySQL 8 - error on 'system' table use - Managesieve: Fix bug where show_real_foldernames setting wasn't respected (#6422) - New_user_identity: Fix %fu/%u vars substitution in user specific LDAP params (#6419) - Fix support for "allow-from <uri>" in "x_frame_options" config option (#6449) - Fix bug where valid content between HTML comments could have been skipped in some cases (#6464) - Fix multiple VCard field search (#6466) - Fix session issue on long running requests (#6470) To generate a diff of this commit: cvs rdiff -u -r1.11 -r1.12 pkgsrc/mail/roundcube/Makefile.common cvs rdiff -u -r1.62 -r1.63 pkgsrc/mail/roundcube/distinfo
Revision 1.63 / (download) - annotate - [select for diffs], Sun Oct 28 15:23:34 2018 UTC (5 years, 1 month ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2019Q1-base,
pkgsrc-2019Q1,
pkgsrc-2018Q4-base,
pkgsrc-2018Q4
Changes since 1.62: +5 -5
lines
Diff to previous 1.62 (colored)
mail/roundcube: update to 1.3.8 This update includes XSS security problem. RELEASE 1.3.8 ------------- - Fix PHP warnings on dummy QUOTA responses in Courier-IMAP 4.17.1 (#6374) - Fix so fallback from BINARY to BODY FETCH is used also on [PARSE] errors in dovecot 2.3 (#6383) - Fix invalid regular expressions that throw warnings on PHP 7.3 (#6398) - Fix so Classic skin splitter does not escape out of window (#6397) - Fix XSS issue in handling invalid style tag content (#6410) - Fix compatibility with MySQL 8 - error on 'system' table use - Managesieve: Fix bug where show_real_foldernames setting wasn't respected (#6422) - New_user_identity: Fix %fu/%u vars substitution in user specific LDAP params (#6419) - Fix support for "allow-from <uri>" in "x_frame_options" config option (#6449) - Fix bug where valid content between HTML comments could have been skipped in some cases (#6464) - Fix multiple VCard field search (#6466) - Fix session issue on long running requests (#6470)
Revision 1.61.2.1 / (download) - annotate - [select for diffs], Sat Aug 25 16:15:21 2018 UTC (5 years, 3 months ago) by bsiegert
Branch: pkgsrc-2018Q2
Changes since 1.61: +5 -5
lines
Diff to previous 1.61 (colored) next main 1.62 (colored)
Pullup ticket #5816 - requested by taca mail/roundcube: security fix, build fix Revisions pulled up: - mail/roundcube-plugin-enigma/distinfo 1.11 - mail/roundcube-plugin-password/Makefile 1.3 - mail/roundcube-plugin-password/distinfo 1.11 - mail/roundcube-plugin-zipdownload/distinfo 1.11 - mail/roundcube/Makefile.common 1.11 - mail/roundcube/distinfo 1.62 --- Module Name: pkgsrc Committed By: taca Date: Thu Aug 9 15:03:57 UTC 2018 Modified Files: pkgsrc/mail/roundcube: Makefile.common distinfo Log Message: mail/roundcube: update to 1.3.7 RELEASE 1.3.7 ------------- - Fix PHP Warning: Use of undefined constant IDNA_DEFAULT on systems without php-intl (#6244) - Fix bug where some parts of quota information could have been ignored (#6280) - Fix bug where some escape sequences in html styles could bypass security checks - Fix bug where some forbidden characters on Cyrus-IMAP were not prevented from use in folder names - Fix bug where only attachments with the same name would be ignored on zip download (#6301) - Fix bug where unicode contact names could have been broken/emptied or caused DB errors (#6299) - Fix bug where after "mark all folders as read" action message counters were not reset (#6307) - Enigma: [EFAIL] Don't decrypt PGP messages with no MDC protection (#6289) - Fix bug where some HTML comments could have been malformed by HTML parser (#6333) --- Module Name: pkgsrc Committed By: taca Date: Thu Aug 9 15:07:01 UTC 2018 Modified Files: pkgsrc/mail/roundcube-plugin-enigma: distinfo Log Message: mail/roundcube-plugin-enigma: update to 1.3.7 - Enigma: [EFAIL] Don't decrypt PGP messages with no MDC protection (#6289) --- Module Name: pkgsrc Committed By: taca Date: Thu Aug 9 15:08:15 UTC 2018 Modified Files: pkgsrc/mail/roundcube-plugin-password: Makefile distinfo Log Message: mail/roundcube-plugin-password: update to 1.3.7 * No change except version. Reset PKGREVISION. --- Module Name: pkgsrc Committed By: taca Date: Thu Aug 9 15:09:31 UTC 2018 Modified Files: pkgsrc/mail/roundcube-plugin-zipdownload: distinfo Log Message: mail/roundcube-plugin-zipdownload: update to 1.3.7 A small PHP poratbility fix.
Revision 1.62 / (download) - annotate - [select for diffs], Thu Aug 9 15:03:56 2018 UTC (5 years, 4 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2018Q3-base
Branch point for: pkgsrc-2018Q3
Changes since 1.61: +5 -5
lines
Diff to previous 1.61 (colored)
mail/roundcube: update to 1.3.7 RELEASE 1.3.7 ------------- - Fix PHP Warning: Use of undefined constant IDNA_DEFAULT on systems without php-intl (#6244) - Fix bug where some parts of quota information could have been ignored (#6280) - Fix bug where some escape sequences in html styles could bypass security checks - Fix bug where some forbidden characters on Cyrus-IMAP were not prevented from use in folder names - Fix bug where only attachments with the same name would be ignored on zip download (#6301) - Fix bug where unicode contact names could have been broken/emptied or caused DB errors (#6299) - Fix bug where after "mark all folders as read" action message counters were not reset (#6307) - Enigma: [EFAIL] Don't decrypt PGP messages with no MDC protection (#6289) - Fix bug where some HTML comments could have been malformed by HTML parser (#6333)
Revision 1.58.4.3 / (download) - annotate - [select for diffs], Sat May 19 09:18:37 2018 UTC (5 years, 6 months ago) by spz
Branch: pkgsrc-2018Q1
Changes since 1.58.4.2: +30 -7
lines
Diff to previous 1.58.4.2 (colored) to branchpoint 1.58 (colored) next main 1.59 (colored)
Pullup ticket #5759 - requested by bsiegert
mail/roundcube: security update
Revisions pulled up:
- mail/roundcube/Makefile 1.89
- mail/roundcube/Makefile.common 1.10
- mail/roundcube/PLIST 1.45
- mail/roundcube/distinfo 1.61
- mail/roundcube/files/apache.conf 1.2
- mail/roundcube/files/lighttpd.conf 1.1
- mail/roundcube/files/nginx.conf 1.2
- mail/roundcube/options.mk 1.16
- mail/roundcube/patches/patch-ac deleted
- mail/roundcube/patches/patch-rcube_mime_default 1.3
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: triaxx
Date: Wed May 16 08:14:41 UTC 2018
Modified Files:
pkgsrc/mail/roundcube: Makefile Makefile.common PLIST distinfo
options.mk
pkgsrc/mail/roundcube/files: apache.conf nginx.conf
pkgsrc/mail/roundcube/patches: patch-rcube_mime_default
Added Files:
pkgsrc/mail/roundcube/files: lighttpd.conf
Removed Files:
pkgsrc/mail/roundcube/patches: patch-ac
Log Message:
roundcube: update to 1.3.6
* add JavaScript dependencies listed in jsdeps.json
* put them on /pub/pkgsrc/distfiles/roundcube to avoid checksum error due
to archive automatic generation (e.g. tinymce_languages.zip)
* remove patch-ac
* add example configuration fragment for www/lighttpd
CHANGELOG Roundcube Webmail
===========================
RELEASE 1.3.6
-------------
- Fix parsing date strings (e.g. from a Date: mail header) with comments
(#6216)
- Fix PHP 7.2: count(): Parameter must be an array in enchant-based
spellchecker (#6234)
- Fix possible IMAP command injection and type juggling vulnerabilities
(#6229)
- Enigma: Fix key selection for signing
- Enigma: Enable keypair generation on Internet Explorer 11
- Fix check_request() bypass in places using get_uids() [CVE-2018-9846]
(#6238)
- Fix bug where usernames without domain part could be malformed or
converted to lower-case on logon (#6224)
RELEASE 1.3.5
-------------
- Managesieve: Fix bug where text: syntax was forced for strings longer
than 1024 characters (#6143)
- Managesieve: Fix missing Save button in Edit Filter Set page of Classic
skin (#6154)
- Fix duplicated labels in Test SMTP Config section (#6166)
- Fix PHP Warning: exif_read_data(...): Illegal IFD size (#6169)
- Enigma: Fix key generation in Safari by upgrade to OpenPGP 2.6.2 (#6149)
- Fix security issue in remote content blocking on HTML image and style
tags (#6178)
- Added 9pt and 11pt to the list of font sizes in HTML editor
- Fix handling encoding of HTML tags in "inline" JSON output (#6207)
- Fix bug where some unix timestamps were not handled correctly by
rcube_utils::anytodatetime() (#6212)
RELEASE 1.3.4
-------------
- Fix bug where contacts search could skip some records (#6130)
- Fix possible information leak - add more strict sql error check on user
creation (#6125)
- Fix a couple of warnings on PHP 7.2 (#6098)
- Fix broken long filenames when using imap4d server - workaround server
bug (#6048)
- Fix so temp_dir misconfiguration prints an error to the log (#6045)
- Fix untagged COPYUID responses handling - again (#5982)
- Fix PHP warning "idn_to_utf8(): INTL_IDNA_VARIANT_2003 is deprecated"
with PHP 7.2 (#6075)
- Fix bug where Archive folder wasn't auto-created on login with
create_default_folders=true
- Fix performance issue when parsing malformed and long Date header (#6087)
- Fix syntax error in mssql.initial.sql (#6097)
- Fix bug where contacts export by selection returned no more than 10
entries (#6103)
- Fix searching contacts by address in LDAP source (#6084)
- Fix X-Frame-Options:ALLOW-FROM support, remove custom click-jacking
protection (#6057)
RELEASE 1.3.3
-------------
- Fix decoding of mailto: links with + character in HTML messages (#6020)
- Fix false reporting of failed upgrade in installto.sh (#6019)
- Fix file disclosure vulnerability caused by insufficient input validation
[CVE-2017-16651] (#6026)
- Fix mangled non-ASCII characters in links in HTML messages (#6028)
RELEASE 1.3.2
-------------
- Improve detection for Egde browser and add pointer event support (#5922)
- Fix bug where pink image was used instead of a thumbnail when image
resize fails (#5933)
- Fix so files size/count limit is verified (client-side) also on
drag-n-drop uploads (#5940)
- Fix invalid template loading on a message error in preview frame (#5941)
- Fix bug where HTML messages could have been rendered empty on some
systems (#5957)
- Fix wording of "Mark previewed messages as read" to "Mark messages as
read" (#5952)
- Enigma: Fix decryption of messages encoded with non-ascii charset (#5962)
- Fix missing cursor in HTML editor on mail reply (#5969)
- Fix (again) bug where image data URIs in css style were treated as
evil/remote in mail preview (#5580)
- Fix bug where mail search could return empty result on servers without
SORT capability (#5973)
- Fix bug where assets_path wasn't added to some watermark frames
- Fix so untagged COPYUID responses are also supported according to RFC6851
(#5982)
- Fix issue caused by non-default session.cookie_lifetime setting (#5961)
- Fix Edge encoding bug when pasting text into the HTML editor, update to
TinyMCE 4.5.8 (#5885)
- Fix handling of unknown Content-Disposition type (#6002)
- Fix truncated folder name on messages list in multi-folder mode, for
folders with non-ascii characters (#6004)
- Fix bug where removing the last subfolder did not hide toggle button on
its parent record (#6007)
- Fix bug where ghost messages could be added to the list after fast delete
(#5941)
RELEASE 1.3.1
-------------
- Don't ignore (global) userlogins/sendmail logs in per_user_logging mode
- Add Preferences > Mailbox View > Main Options > Layout (#5829)
- Password: Fix compatibility with PHP 7+ in cpanel_webmail driver (#5820)
- Managesieve: Fix parsing dot-staffed lines in multiline text (#5838)
- Managesieve: Fix AM/PM suffix in vacation time selectors
- Managesieve: Fix bug where 'exists' operator was reset to 'contains'
(#5899)
- Remove non-printable characters from filenames on download/display (#5880)
- Fix decoding non-ascii attachment names from TNEF attachments (#5646,
#5799)
- Fix uninitialized string offset in rcube_utils::bin2ascii() and make sure
rcube_utils::random_bytes() result has always requested length (#5788)
- Fix bug where HTML messages with @media styles could moddify style of
page body (#5811)
- Fix style issue on selected and unfocused message that is part of a
thread (#5798)
- Fix bug where a.button style from managesieve plugin could impact other
elements (#5800)
- Fix position of selected icon for (Mailvelope) Encrypt button
- Fix fatal error when using DMY- or MDY-based date format in PostgreSQL
(#5808)
- Fix bug where errors were not printed when using bin/update.sh (#5834)
- Fix PHP 7.2 warnings on count() use (#5845)
- Fix bug where Chrome could not upload the same file that was selected
before (#5854)
- Fix duplicate messages on the list after deleting messages on the next to
the last page (#5862)
- Fix bug where messages count was not updated after delete when imap_cache
is set (#5872)
- Fix potential XSS vulnerability with malformed HTML message markup
- Fix sending message with "Too many public recipients" dialog buttons
(#5924)
- Bring back double-click behavior on the message list which was removed in
1.3.0 (#5823)
- Enigma: Fix decrypting an encrypted+signed message when signature
verification fails (#5914)
RELEASE 1.3.0
-------------
- Update to TinyMCE 4.5.7
- Fix bug where invalid recipients could be silently discarded (#5739)
- Fix conflict with _gid cookie of Google Analytics (#5748)
- Print error from CLI scripts when system/exec function is disabled (#5744)
- Fix bug where comment notation within style tag would cause the whole
style to be ignored (#5747)
- Fix bug where it wasn't possible to scroll folders list in Edge (#5750)
- Fix folders list sorting on Windows - if php-intl is available (#5732)
- Fix addressbook searching by gender (#5757)
- Fix prevention from using % and * characters in folder name (#5762)
- Fix POST parameter reflection in default_charset selector (#5768)
- Enigma: Fix compatibility with assets_dir
- Managesieve: Skip redundant LISTSCRIPTS command
- Fix SQL syntax error on MariaDB 10.2 (#5774)
- Fix bug where zipdownload ignored files with the same name (#5777)
- Fix bug where it wasn't possible to set timezone to auto-detected value
(#5782)
RELEASE 1.3-rc
--------------
- "Flattened" the larry theme: fresher look by removing shadows and
gradients
- Support logging to php://stdout (#5721)
- Add support for DelSp=Yes in format=flowed messages (#5702)
- Update to jQuery 3.2.1
- Update to TinyMCE 4.5.6
- Plugin API: Call message_part_structure hook for sub-parts of
multipart/alternative message (#5678)
- Enigma: Always use detached signatures (#5624)
- Enigma: Fix handling of messages with nested PGP encrypted parts (#5634)
- Minimize unwanted message loading in preview frame on drag (#5616)
- Fix failing database schema check in all engines except mysql (#5730)
- Fix autocomplete popup closing with click outside the input, don't handle
Tab key as Enter (#5606)
- Fix jsdeps.json synchronization on update, warn about missing
requirements of install-jsdeps.sh (#5598)
- Fix missing thread expand icon on search result in widescreen mode (#5613)
- Fix bug where image data URIs in css style were treated as evil/remote in
mail preview (#5580)
- Fix bug where external content in src attribute of input/video tags was
not secured (#5583)
- Fix PHP error on update of a contact with multiple email addresses when
using PHP 7.1 (#5587)
- Fix bug where mail content frame couldn't be reset in some corner cases
(#5608)
- Fix bug where some classic skin images were not displayed in IE/Edge
(#5614)
- Fix bug where signature couldn't be added above the quote in Firefox 51
(#5628)
- Fix regression where groups with email address were resolved to its
members' addresses
- Fix update of group name in the contacts list header on group rename
(#5648)
- Add rewrite rule to disable access to /vendor/bin folder in .htaccess
(#5630)
- Fix bug where it was too easy accidentally move a folder when using the
subscription checkbox (#5655)
- Managesieve: Fix parser issue with empty lines between comments (#5657)
- Managesieve: Fix possible defect in handling \r\n in scripts (#5685)
- Fix/rephrase "unsaved changes" warning when cancelling a draft (#5610)
- Fix XSS issue in handling of a style tag inside of an svg element
[CVE-2017-6820]
- Fix bug where settings/upload.inc could not be used by plugins (#5694)
- Fix regression in LDAP fuzzy search where it always used prefix search
instead (#5713)
- Fix bug where namespace prefix could not be truncated on folders list if
show_real_foldernames=true (#5695)
- Fix undesired effects when postgres database uses different timezone than
PHP host (#5708)
- Installer: Fix DB schema initialization on MS SQL Server
- Fix bug where base_dn setting was ignored inside group_filters (#5720)
- Password: Fix security issue in virtualmin and sasl drivers
[CVE-2017-8114]
RELEASE 1.3-beta
----------------
- Nicely handle contact deletion on contact edit (#5522)
- vcard_attachments: Add possibility to attach contact vCard to composed
message (#4997)
- Preserve message internal/received date on import in mbox format (#5559)
- Zipdownload: Fix date format in mbox "From line"
- Possibility to display QR code for contacts data (#5030)
- Added identicon plugin
- Widescreen layout aka three column view (#5093)
- Unify automatic marking as \Seen in preview pane, full-page and extwin
views (#5071)
- Disable double-click on the list when preview pane is on (#5199)
- Support hostname and hostname:port in force_https option (#5511)
- Support ALLOW-FROM in x_frame_options (#5122)
- Allow to omit a subject when sending an email (#5068)
- Warn about too many disclosed recipients in composed email
[max_disclosed_recipients] (#5132)
- identity_select: Support Received header (#5085)
- Plugin API: Added get_compose_responses hook (#5457)
- Display error when trying to upload more files than specified in
max_file_uploads (#5483)
- Add missing sql upgrade file for 'ip' column resize in session table
(#5465)
- Do not show inline images of unsupported mimetype (#5463)
- Password: Added replacement variables support in password_pop_host (#5539)
- Password: Don't store passwords in temp files when using dovecotpw (#5531)
- Password: Added LDAP PPolicy driver (#5364)
- Password: Added cpanel_webmail driver (#5549)
- Password: Added possibility to nicely redirect from other plugins on
password expiration (#5468)
- Implement separate action to mark all messages in a folder as \Seen
(#5006)
- Implement marking as \Seen in all folders or in a folder and its
subfolders (#5076)
- Archive: Don't reload messages list when it's not needed (#5225)
- Archive: Add option to automatically mark archived messages as \Seen
(#5142)
- Improve randomness of password salts and random hashes (#5266)
- Password/cPanel: Add support for hash authentication and reseller
accounts (#5252)
- Support host-specific
imap_conn_options/smtp_conn_options/managesieve_conn_options (#5136)
- Center and scale images in attachment preview frame (#5421)
- Added max_message_size option enforced when attaching files to a composed
message (#4993)
- Added Search button in quick search menus (#5312)
- Implement "one click" attachment/messages/photo upload (#5024)
- Squirrelmail_usercopy: Add option to define character set of data files
- Removed useless 'created' column from 'session' table (#5389)
- Dropped legacy browsers support (#5167)
- Removed legacy_browser plugin
- Removed hacks for IE < 10
- Update to jQuery 3.1.1 and jQuery-UI 1.12.0
- compile .min.js files with ECMASCRIPT5 option
- Require PHP >= 5.4
- Add possibility to preview and download attachments in mail compose
(#5053)
- Add possibility to rename attachments in mail compose (#4996)
- Remove backward compatibility "layer" of bc.php (#4902)
- Support WEBP images in mail messages (#5362)
- Support MathML in HTML message preview (#5182)
- Rename Addressbook to Contacts (#5233)
- Remove PHP mail() support, smtp_server is required now (#5340)
- Display full message subject in onmouseover on truncated subject in mail
view (#5346)
- Enigma: Support GnuPG 2.1 (#5313)
- Enigma: Support key generation for multiple identities (#5383)
- Enigma: Import keys from key-server(s) (#5286)
- Enigma: Search missing public keys on a key-server in mail compose (#5286)
- Enigma: Delete user keys when using deluser.sh script
- Enigma: Fix redundant list-secret-keys/list-public-keys calls on
signing/encryption
- Enigma: Implement PGP encryption and signing in one go (#5302)
- Enigma: Display signature verification status for encrypted+signed
messages (#5302)
- Display different attachment icon on encrypted messages
- Display different confirmation text when moving messages to Trash (#5220)
- Indicate that a collapsed thread has flagged children (#5013)
- Implemented message/rfc822 attachment preview
- Update to jsTimezoneDetect 1.0.6
- Managesieve: Add (optional) RAW script editor (#5414)
- Managesieve: Add option to automatically set vacation :from address
(#5428)
- Managesieve: Support 'string' test from variables extension [RFC 5229]
(#5248)
- Managesieve: Support 'duplicate' extension [RFC 7352]
- Managesieve: Unhide advanced rule controls if there are inputs with errors
- Managesieve: Display warning message when filter form contains errors
- Control search engine crawlers via X-Robots-Tag header instead of <meta>
and robots.txt (#5098)
- Fixed redundancy in sql caching system and compatibility with Galera
Cluster (#5439)
- Removed redundant 'created' column from cache and cache_shared tables
- Removed use of redundant data records
- Added missing primary keys (dictionary, cache, cache_shared tables)
- Fix so templating system does not mess with external (e.g. email) content
(#5499)
- Fix redundant keep-alive/refresh after session error on compose page
(#5500)
- Managesieve: Fix handling of scripts with nested rules (#5540)
- Fix variable substitution in ldap host for some use-cases, e.g.
new_user_identity (#5544)
- Enigma: Fix PHP fatal error when decrypting a message with invalid
signature (#5555)
- Fix adding images to new identity signatures
- Fix rsync error handling in installto.sh script (#5562)
- Fix some advanced search issues with multiple addressbooks (#5572)
- Fix so group/addressbook selection is retained on page refresh
To generate a diff of this commit:
cvs rdiff -u -r1.88 -r1.89 pkgsrc/mail/roundcube/Makefile
cvs rdiff -u -r1.9 -r1.10 pkgsrc/mail/roundcube/Makefile.common
cvs rdiff -u -r1.44 -r1.45 pkgsrc/mail/roundcube/PLIST
cvs rdiff -u -r1.60 -r1.61 pkgsrc/mail/roundcube/distinfo
cvs rdiff -u -r1.15 -r1.16 pkgsrc/mail/roundcube/options.mk
cvs rdiff -u -r1.1 -r1.2 pkgsrc/mail/roundcube/files/apache.conf \
pkgsrc/mail/roundcube/files/nginx.conf
cvs rdiff -u -r0 -r1.1 pkgsrc/mail/roundcube/files/lighttpd.conf
cvs rdiff -u -r1.10 -r0 pkgsrc/mail/roundcube/patches/patch-ac
cvs rdiff -u -r1.2 -r1.3 \
pkgsrc/mail/roundcube/patches/patch-rcube_mime_default
Revision 1.61 / (download) - annotate - [select for diffs], Wed May 16 08:14:40 2018 UTC (5 years, 6 months ago) by triaxx
Branch: MAIN
CVS Tags: pkgsrc-2018Q2-base
Branch point for: pkgsrc-2018Q2
Changes since 1.60: +29 -6
lines
Diff to previous 1.60 (colored)
roundcube: update to 1.3.6
* add JavaScript dependencies listed in jsdeps.json
* put them on /pub/pkgsrc/distfiles/roundcube to avoid checksum error due
to archive automatic generation (e.g. tinymce_languages.zip)
* remove patch-ac
* add example configuration fragment for www/lighttpd
CHANGELOG Roundcube Webmail
===========================
RELEASE 1.3.6
-------------
- Fix parsing date strings (e.g. from a Date: mail header) with comments (#6216)
- Fix PHP 7.2: count(): Parameter must be an array in enchant-based spellchecker (#6234)
- Fix possible IMAP command injection and type juggling vulnerabilities (#6229)
- Enigma: Fix key selection for signing
- Enigma: Enable keypair generation on Internet Explorer 11
- Fix check_request() bypass in places using get_uids() [CVE-2018-9846] (#6238)
- Fix bug where usernames without domain part could be malformed or converted to lower-case on logon (#6224)
RELEASE 1.3.5
-------------
- Managesieve: Fix bug where text: syntax was forced for strings longer than 1024 characters (#6143)
- Managesieve: Fix missing Save button in Edit Filter Set page of Classic skin (#6154)
- Fix duplicated labels in Test SMTP Config section (#6166)
- Fix PHP Warning: exif_read_data(...): Illegal IFD size (#6169)
- Enigma: Fix key generation in Safari by upgrade to OpenPGP 2.6.2 (#6149)
- Fix security issue in remote content blocking on HTML image and style tags (#6178)
- Added 9pt and 11pt to the list of font sizes in HTML editor
- Fix handling encoding of HTML tags in "inline" JSON output (#6207)
- Fix bug where some unix timestamps were not handled correctly by rcube_utils::anytodatetime() (#6212)
RELEASE 1.3.4
-------------
- Fix bug where contacts search could skip some records (#6130)
- Fix possible information leak - add more strict sql error check on user creation (#6125)
- Fix a couple of warnings on PHP 7.2 (#6098)
- Fix broken long filenames when using imap4d server - workaround server bug (#6048)
- Fix so temp_dir misconfiguration prints an error to the log (#6045)
- Fix untagged COPYUID responses handling - again (#5982)
- Fix PHP warning "idn_to_utf8(): INTL_IDNA_VARIANT_2003 is deprecated" with PHP 7.2 (#6075)
- Fix bug where Archive folder wasn't auto-created on login with create_default_folders=true
- Fix performance issue when parsing malformed and long Date header (#6087)
- Fix syntax error in mssql.initial.sql (#6097)
- Fix bug where contacts export by selection returned no more than 10 entries (#6103)
- Fix searching contacts by address in LDAP source (#6084)
- Fix X-Frame-Options:ALLOW-FROM support, remove custom click-jacking protection (#6057)
RELEASE 1.3.3
-------------
- Fix decoding of mailto: links with + character in HTML messages (#6020)
- Fix false reporting of failed upgrade in installto.sh (#6019)
- Fix file disclosure vulnerability caused by insufficient input validation [CVE-2017-16651] (#6026)
- Fix mangled non-ASCII characters in links in HTML messages (#6028)
RELEASE 1.3.2
-------------
- Improve detection for Egde browser and add pointer event support (#5922)
- Fix bug where pink image was used instead of a thumbnail when image resize fails (#5933)
- Fix so files size/count limit is verified (client-side) also on drag-n-drop uploads (#5940)
- Fix invalid template loading on a message error in preview frame (#5941)
- Fix bug where HTML messages could have been rendered empty on some systems (#5957)
- Fix wording of "Mark previewed messages as read" to "Mark messages as read" (#5952)
- Enigma: Fix decryption of messages encoded with non-ascii charset (#5962)
- Fix missing cursor in HTML editor on mail reply (#5969)
- Fix (again) bug where image data URIs in css style were treated as evil/remote in mail preview (#5580)
- Fix bug where mail search could return empty result on servers without SORT capability (#5973)
- Fix bug where assets_path wasn't added to some watermark frames
- Fix so untagged COPYUID responses are also supported according to RFC6851 (#5982)
- Fix issue caused by non-default session.cookie_lifetime setting (#5961)
- Fix Edge encoding bug when pasting text into the HTML editor, update to TinyMCE 4.5.8 (#5885)
- Fix handling of unknown Content-Disposition type (#6002)
- Fix truncated folder name on messages list in multi-folder mode, for folders with non-ascii characters (#6004)
- Fix bug where removing the last subfolder did not hide toggle button on its parent record (#6007)
- Fix bug where ghost messages could be added to the list after fast delete (#5941)
RELEASE 1.3.1
-------------
- Don't ignore (global) userlogins/sendmail logs in per_user_logging mode
- Add Preferences > Mailbox View > Main Options > Layout (#5829)
- Password: Fix compatibility with PHP 7+ in cpanel_webmail driver (#5820)
- Managesieve: Fix parsing dot-staffed lines in multiline text (#5838)
- Managesieve: Fix AM/PM suffix in vacation time selectors
- Managesieve: Fix bug where 'exists' operator was reset to 'contains' (#5899)
- Remove non-printable characters from filenames on download/display (#5880)
- Fix decoding non-ascii attachment names from TNEF attachments (#5646, #5799)
- Fix uninitialized string offset in rcube_utils::bin2ascii() and make sure rcube_utils::random_bytes() result has always requested length (#5788)
- Fix bug where HTML messages with @media styles could moddify style of page body (#5811)
- Fix style issue on selected and unfocused message that is part of a thread (#5798)
- Fix bug where a.button style from managesieve plugin could impact other elements (#5800)
- Fix position of selected icon for (Mailvelope) Encrypt button
- Fix fatal error when using DMY- or MDY-based date format in PostgreSQL (#5808)
- Fix bug where errors were not printed when using bin/update.sh (#5834)
- Fix PHP 7.2 warnings on count() use (#5845)
- Fix bug where Chrome could not upload the same file that was selected before (#5854)
- Fix duplicate messages on the list after deleting messages on the next to the last page (#5862)
- Fix bug where messages count was not updated after delete when imap_cache is set (#5872)
- Fix potential XSS vulnerability with malformed HTML message markup
- Fix sending message with "Too many public recipients" dialog buttons (#5924)
- Bring back double-click behavior on the message list which was removed in 1.3.0 (#5823)
- Enigma: Fix decrypting an encrypted+signed message when signature verification fails (#5914)
RELEASE 1.3.0
-------------
- Update to TinyMCE 4.5.7
- Fix bug where invalid recipients could be silently discarded (#5739)
- Fix conflict with _gid cookie of Google Analytics (#5748)
- Print error from CLI scripts when system/exec function is disabled (#5744)
- Fix bug where comment notation within style tag would cause the whole style to be ignored (#5747)
- Fix bug where it wasn't possible to scroll folders list in Edge (#5750)
- Fix folders list sorting on Windows - if php-intl is available (#5732)
- Fix addressbook searching by gender (#5757)
- Fix prevention from using % and * characters in folder name (#5762)
- Fix POST parameter reflection in default_charset selector (#5768)
- Enigma: Fix compatibility with assets_dir
- Managesieve: Skip redundant LISTSCRIPTS command
- Fix SQL syntax error on MariaDB 10.2 (#5774)
- Fix bug where zipdownload ignored files with the same name (#5777)
- Fix bug where it wasn't possible to set timezone to auto-detected value (#5782)
RELEASE 1.3-rc
--------------
- "Flattened" the larry theme: fresher look by removing shadows and gradients
- Support logging to php://stdout (#5721)
- Add support for DelSp=Yes in format=flowed messages (#5702)
- Update to jQuery 3.2.1
- Update to TinyMCE 4.5.6
- Plugin API: Call message_part_structure hook for sub-parts of multipart/alternative message (#5678)
- Enigma: Always use detached signatures (#5624)
- Enigma: Fix handling of messages with nested PGP encrypted parts (#5634)
- Minimize unwanted message loading in preview frame on drag (#5616)
- Fix failing database schema check in all engines except mysql (#5730)
- Fix autocomplete popup closing with click outside the input, don't handle Tab key as Enter (#5606)
- Fix jsdeps.json synchronization on update, warn about missing requirements of install-jsdeps.sh (#5598)
- Fix missing thread expand icon on search result in widescreen mode (#5613)
- Fix bug where image data URIs in css style were treated as evil/remote in mail preview (#5580)
- Fix bug where external content in src attribute of input/video tags was not secured (#5583)
- Fix PHP error on update of a contact with multiple email addresses when using PHP 7.1 (#5587)
- Fix bug where mail content frame couldn't be reset in some corner cases (#5608)
- Fix bug where some classic skin images were not displayed in IE/Edge (#5614)
- Fix bug where signature couldn't be added above the quote in Firefox 51 (#5628)
- Fix regression where groups with email address were resolved to its members' addresses
- Fix update of group name in the contacts list header on group rename (#5648)
- Add rewrite rule to disable access to /vendor/bin folder in .htaccess (#5630)
- Fix bug where it was too easy accidentally move a folder when using the subscription checkbox (#5655)
- Managesieve: Fix parser issue with empty lines between comments (#5657)
- Managesieve: Fix possible defect in handling \r\n in scripts (#5685)
- Fix/rephrase "unsaved changes" warning when cancelling a draft (#5610)
- Fix XSS issue in handling of a style tag inside of an svg element [CVE-2017-6820]
- Fix bug where settings/upload.inc could not be used by plugins (#5694)
- Fix regression in LDAP fuzzy search where it always used prefix search instead (#5713)
- Fix bug where namespace prefix could not be truncated on folders list if show_real_foldernames=true (#5695)
- Fix undesired effects when postgres database uses different timezone than PHP host (#5708)
- Installer: Fix DB schema initialization on MS SQL Server
- Fix bug where base_dn setting was ignored inside group_filters (#5720)
- Password: Fix security issue in virtualmin and sasl drivers [CVE-2017-8114]
RELEASE 1.3-beta
----------------
- Nicely handle contact deletion on contact edit (#5522)
- vcard_attachments: Add possibility to attach contact vCard to composed message (#4997)
- Preserve message internal/received date on import in mbox format (#5559)
- Zipdownload: Fix date format in mbox "From line"
- Possibility to display QR code for contacts data (#5030)
- Added identicon plugin
- Widescreen layout aka three column view (#5093)
- Unify automatic marking as \Seen in preview pane, full-page and extwin views (#5071)
- Disable double-click on the list when preview pane is on (#5199)
- Support hostname and hostname:port in force_https option (#5511)
- Support ALLOW-FROM in x_frame_options (#5122)
- Allow to omit a subject when sending an email (#5068)
- Warn about too many disclosed recipients in composed email [max_disclosed_recipients] (#5132)
- identity_select: Support Received header (#5085)
- Plugin API: Added get_compose_responses hook (#5457)
- Display error when trying to upload more files than specified in max_file_uploads (#5483)
- Add missing sql upgrade file for 'ip' column resize in session table (#5465)
- Do not show inline images of unsupported mimetype (#5463)
- Password: Added replacement variables support in password_pop_host (#5539)
- Password: Don't store passwords in temp files when using dovecotpw (#5531)
- Password: Added LDAP PPolicy driver (#5364)
- Password: Added cpanel_webmail driver (#5549)
- Password: Added possibility to nicely redirect from other plugins on password expiration (#5468)
- Implement separate action to mark all messages in a folder as \Seen (#5006)
- Implement marking as \Seen in all folders or in a folder and its subfolders (#5076)
- Archive: Don't reload messages list when it's not needed (#5225)
- Archive: Add option to automatically mark archived messages as \Seen (#5142)
- Improve randomness of password salts and random hashes (#5266)
- Password/cPanel: Add support for hash authentication and reseller accounts (#5252)
- Support host-specific imap_conn_options/smtp_conn_options/managesieve_conn_options (#5136)
- Center and scale images in attachment preview frame (#5421)
- Added max_message_size option enforced when attaching files to a composed message (#4993)
- Added Search button in quick search menus (#5312)
- Implement "one click" attachment/messages/photo upload (#5024)
- Squirrelmail_usercopy: Add option to define character set of data files
- Removed useless 'created' column from 'session' table (#5389)
- Dropped legacy browsers support (#5167)
- Removed legacy_browser plugin
- Removed hacks for IE < 10
- Update to jQuery 3.1.1 and jQuery-UI 1.12.0
- compile .min.js files with ECMASCRIPT5 option
- Require PHP >= 5.4
- Add possibility to preview and download attachments in mail compose (#5053)
- Add possibility to rename attachments in mail compose (#4996)
- Remove backward compatibility "layer" of bc.php (#4902)
- Support WEBP images in mail messages (#5362)
- Support MathML in HTML message preview (#5182)
- Rename Addressbook to Contacts (#5233)
- Remove PHP mail() support, smtp_server is required now (#5340)
- Display full message subject in onmouseover on truncated subject in mail view (#5346)
- Enigma: Support GnuPG 2.1 (#5313)
- Enigma: Support key generation for multiple identities (#5383)
- Enigma: Import keys from key-server(s) (#5286)
- Enigma: Search missing public keys on a key-server in mail compose (#5286)
- Enigma: Delete user keys when using deluser.sh script
- Enigma: Fix redundant list-secret-keys/list-public-keys calls on signing/encryption
- Enigma: Implement PGP encryption and signing in one go (#5302)
- Enigma: Display signature verification status for encrypted+signed messages (#5302)
- Display different attachment icon on encrypted messages
- Display different confirmation text when moving messages to Trash (#5220)
- Indicate that a collapsed thread has flagged children (#5013)
- Implemented message/rfc822 attachment preview
- Update to jsTimezoneDetect 1.0.6
- Managesieve: Add (optional) RAW script editor (#5414)
- Managesieve: Add option to automatically set vacation :from address (#5428)
- Managesieve: Support 'string' test from variables extension [RFC 5229] (#5248)
- Managesieve: Support 'duplicate' extension [RFC 7352]
- Managesieve: Unhide advanced rule controls if there are inputs with errors
- Managesieve: Display warning message when filter form contains errors
- Control search engine crawlers via X-Robots-Tag header instead of <meta> and robots.txt (#5098)
- Fixed redundancy in sql caching system and compatibility with Galera Cluster (#5439)
- Removed redundant 'created' column from cache and cache_shared tables
- Removed use of redundant data records
- Added missing primary keys (dictionary, cache, cache_shared tables)
- Fix so templating system does not mess with external (e.g. email) content (#5499)
- Fix redundant keep-alive/refresh after session error on compose page (#5500)
- Managesieve: Fix handling of scripts with nested rules (#5540)
- Fix variable substitution in ldap host for some use-cases, e.g. new_user_identity (#5544)
- Enigma: Fix PHP fatal error when decrypting a message with invalid signature (#5555)
- Fix adding images to new identity signatures
- Fix rsync error handling in installto.sh script (#5562)
- Fix some advanced search issues with multiple addressbooks (#5572)
- Fix so group/addressbook selection is retained on page refresh
Revision 1.58.4.2 / (download) - annotate - [select for diffs], Sun May 6 09:13:55 2018 UTC (5 years, 7 months ago) by spz
Branch: pkgsrc-2018Q1
Changes since 1.58.4.1: +5 -5
lines
Diff to previous 1.58.4.1 (colored) to branchpoint 1.58 (colored)
Pullup ticket #5742 - requested by taca mail/roundcube: regression fix mail/roundcube-plugin-enigma: regression fix mail/roundcube-plugin-password: regression fix mail/roundcube-plugin-zipdownload: regression fix Revisions pulled up: - mail/roundcube-plugin-enigma/distinfo 1.9 - mail/roundcube-plugin-password/distinfo 1.9 - mail/roundcube-plugin-zipdownload/distinfo 1.9 - mail/roundcube/Makefile.common 1.9 - mail/roundcube/distinfo 1.60 - mail/roundcube/plugins.mk 1.2 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Mon Apr 30 06:44:11 UTC 2018 Modified Files: pkgsrc/mail/roundcube: plugins.mk Log Message: mail/roundcube: fix typo Fix typo in DEPENDS. To generate a diff of this commit: cvs rdiff -u -r1.1 -r1.2 pkgsrc/mail/roundcube/plugins.mk ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Mon Apr 30 06:45:04 UTC 2018 Modified Files: pkgsrc/mail/roundcube: Makefile.common distinfo pkgsrc/mail/roundcube-plugin-enigma: distinfo pkgsrc/mail/roundcube-plugin-password: distinfo pkgsrc/mail/roundcube-plugin-zipdownload: distinfo Log Message: mail/roundcube: update to 1.2.9 RELEASE 1.2.9 ------------- - Fix regression where IMAP commands with '*' uidset argument wasn't working To generate a diff of this commit: cvs rdiff -u -r1.8 -r1.9 pkgsrc/mail/roundcube/Makefile.common cvs rdiff -u -r1.59 -r1.60 pkgsrc/mail/roundcube/distinfo cvs rdiff -u -r1.8 -r1.9 pkgsrc/mail/roundcube-plugin-enigma/distinfo cvs rdiff -u -r1.8 -r1.9 pkgsrc/mail/roundcube-plugin-password/distinfo cvs rdiff -u -r1.8 -r1.9 pkgsrc/mail/roundcube-plugin-zipdownload/distinfo
Revision 1.58.4.1 / (download) - annotate - [select for diffs], Sun May 6 08:40:13 2018 UTC (5 years, 7 months ago) by spz
Branch: pkgsrc-2018Q1
Changes since 1.58: +5 -5
lines
Diff to previous 1.58 (colored)
Pullup ticket #5739 - requested by bsiegert
mail/roundcube: security update
mail/roundcube-plugin-enigma: security update
mail/roundcube-plugin-password: security update
mail/roundcube-plugin-zipdownload: security update
Revisions pulled up:
- mail/roundcube-plugin-enigma/distinfo 1.8
- mail/roundcube-plugin-password/distinfo 1.8
- mail/roundcube-plugin-zipdownload/distinfo 1.8
- mail/roundcube/Makefile.common 1.8
- mail/roundcube/distinfo 1.59
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Mon Apr 23 13:55:00 UTC 2018
Modified Files:
pkgsrc/mail/roundcube: Makefile.common distinfo
pkgsrc/mail/roundcube-plugin-enigma: distinfo
pkgsrc/mail/roundcube-plugin-password: distinfo
pkgsrc/mail/roundcube-plugin-zipdownload: distinfo
Log Message:
mail/roundcube: update to 1.2.8
This is a security update to the stable version 1.2. It fixes a recently
reported vulnerability allowing IMAP command injection via a GET parameters.
More details about this are published under CVE-2018-9846.
The second fix is about a missed remote content blocking on HTML messages
with
specially crafted image and style tags.
We strongly recommend to update all productive installations of Roundcube
1.2.x. Please do backup your data before updating!
CHANGELOG
* Fix check_request() bypass in places using get_uids() [CVE-2018-9846]
(#6238)
* Fix possible IMAP command injection vulnerability [CVE-2018-9846] (#6229)
* Fix security issue in remote content blocking on HTML image and style tags
(#6178)
To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.8 pkgsrc/mail/roundcube/Makefile.common
cvs rdiff -u -r1.58 -r1.59 pkgsrc/mail/roundcube/distinfo
cvs rdiff -u -r1.7 -r1.8 pkgsrc/mail/roundcube-plugin-enigma/distinfo
cvs rdiff -u -r1.7 -r1.8 pkgsrc/mail/roundcube-plugin-password/distinfo
cvs rdiff -u -r1.7 -r1.8 pkgsrc/mail/roundcube-plugin-zipdownload/distinfo
Revision 1.60 / (download) - annotate - [select for diffs], Mon Apr 30 06:45:03 2018 UTC (5 years, 7 months ago) by taca
Branch: MAIN
Changes since 1.59: +5 -5
lines
Diff to previous 1.59 (colored)
mail/roundcube: update to 1.2.9 RELEASE 1.2.9 ------------- - Fix regression where IMAP commands with '*' uidset argument wasn't working
Revision 1.59 / (download) - annotate - [select for diffs], Mon Apr 23 13:54:59 2018 UTC (5 years, 7 months ago) by taca
Branch: MAIN
Changes since 1.58: +5 -5
lines
Diff to previous 1.58 (colored)
mail/roundcube: update to 1.2.8 This is a security update to the stable version 1.2. It fixes a recently reported vulnerability allowing IMAP command injection via a GET parameters. More details about this are published under CVE-2018-9846. The second fix is about a missed remote content blocking on HTML messages with specially crafted image and style tags. We strongly recommend to update all productive installations of Roundcube 1.2.x. Please do backup your data before updating! CHANGELOG * Fix check_request() bypass in places using get_uids() [CVE-2018-9846] (#6238) * Fix possible IMAP command injection vulnerability [CVE-2018-9846] (#6229) * Fix security issue in remote content blocking on HTML image and style tags (#6178)
Revision 1.57.4.1 / (download) - annotate - [select for diffs], Sun Nov 12 13:15:44 2017 UTC (6 years ago) by spz
Branch: pkgsrc-2017Q3
Changes since 1.57: +5 -5
lines
Diff to previous 1.57 (colored) next main 1.58 (colored)
Pullup ticket #5635 - requested by taca
mail/roundcube: security update
mail/roundcube-plugin-enigma: security update
mail/roundcube-plugin-password: security update
mail/roundcube-plugin-zipdownload: security update
Revisions pulled up:
- mail/roundcube-plugin-enigma/distinfo 1.7
- mail/roundcube-plugin-password/distinfo 1.7
- mail/roundcube-plugin-zipdownload/distinfo 1.7
- mail/roundcube/Makefile.common 1.7
- mail/roundcube/distinfo 1.58
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu Nov 9 01:13:12 UTC 2017
Modified Files:
pkgsrc/mail/roundcube: Makefile.common distinfo
pkgsrc/mail/roundcube-plugin-enigma: distinfo
pkgsrc/mail/roundcube-plugin-password: distinfo
pkgsrc/mail/roundcube-plugin-zipdownload: distinfo
Log Message:
mail/roundcube: update to 1.2.7
Security fix for CVE-2017-16651.
RELEASE 1.2.7
-------------
- Fix rewind(): stream does not support seeking (#5950)
- Fix bug where HTML messages could have been rendered empty on some systems
(#5957)
- Fix (again) bug where image data URIs in css style were treated as
evil/remote in mail preview (#5580)
- Managesieve: Fix parsing dot-staffed lines in multiline text (#5838, #5959)
- Fix file disclosure vulnerability caused by insufficient input validation
[CVE-2017-16651] (#6026)
To generate a diff of this commit:
cvs rdiff -u -r1.6 -r1.7 pkgsrc/mail/roundcube/Makefile.common
cvs rdiff -u -r1.57 -r1.58 pkgsrc/mail/roundcube/distinfo
cvs rdiff -u -r1.6 -r1.7 pkgsrc/mail/roundcube-plugin-enigma/distinfo
cvs rdiff -u -r1.6 -r1.7 pkgsrc/mail/roundcube-plugin-password/distinfo
cvs rdiff -u -r1.6 -r1.7 pkgsrc/mail/roundcube-plugin-zipdownload/distinfo
Revision 1.58 / (download) - annotate - [select for diffs], Thu Nov 9 01:13:11 2017 UTC (6 years, 1 month ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2018Q1-base,
pkgsrc-2017Q4-base,
pkgsrc-2017Q4
Branch point for: pkgsrc-2018Q1
Changes since 1.57: +5 -5
lines
Diff to previous 1.57 (colored)
mail/roundcube: update to 1.2.7 Security fix for CVE-2017-16651. RELEASE 1.2.7 ------------- - Fix rewind(): stream does not support seeking (#5950) - Fix bug where HTML messages could have been rendered empty on some systems (#5957) - Fix (again) bug where image data URIs in css style were treated as evil/remote in mail preview (#5580) - Managesieve: Fix parsing dot-staffed lines in multiline text (#5838, #5959) - Fix file disclosure vulnerability caused by insufficient input validation [CVE-2017-16651] (#6026)
Revision 1.57 / (download) - annotate - [select for diffs], Mon Sep 11 13:56:39 2017 UTC (6 years, 3 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2017Q3-base
Branch point for: pkgsrc-2017Q3
Changes since 1.56: +5 -5
lines
Diff to previous 1.56 (colored)
Update roundcube to 1.2.6. RELEASE 1.2.6 ------------- - Don't ignore (global) userlogins/sendmail logging in per_user_logging mode - Managesieve: Fix AM/PM suffix in vacation time selectors - Fix bug where comment notation within style tag would cause the whole style to be ignored (#5747) - Fix bug where it wasn't possible to scroll folders list in Edge (#5750) - Fix addressbook searching by gender (#5757) - Fix SQL syntax error on MariaDB 10.2 (#5774) - Fix bug where it wasn't possible to set timezone to auto-detected value (#5782) - Fix uninitialized string offset in rcube_utils::bin2ascii() and make sure rcube_utils::random_bytes() result has always requested length (#5788) - Fix potential XSS vulnerability with malformed HTML message markup
Revision 1.56 / (download) - annotate - [select for diffs], Fri Apr 28 13:48:29 2017 UTC (6 years, 7 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2017Q2-base,
pkgsrc-2017Q2
Changes since 1.55: +5 -5
lines
Diff to previous 1.55 (colored)
Update roundcube to 1.2.5. RELEASE 1.2.5 ------------- - Fix re-positioning of the fixed header of messages list in Chrome when using minimal mode toggle and About dialog (#5711) - Fix so settings/upload.inc could not be used by plugins (#5694) - Fix regression in LDAP fuzzy search where it always used prefix search instead (#5713) - Fix bug where namespace prefix could not be truncated on folders list if show_real_foldernames=true (#5695) - Fix bug where base_dn setting was ignored inside group_filters (#5720)
Revision 1.55 / (download) - annotate - [select for diffs], Sun Mar 12 13:34:04 2017 UTC (6 years, 9 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2017Q1-base,
pkgsrc-2017Q1
Changes since 1.54: +5 -5
lines
Diff to previous 1.54 (colored)
Update roundcube to 1.2.4. CHANGELOG Roundcube Webmail =========================== RELEASE 1.2.4 ------------- - Managesieve: Fix handling of scripts with nested rules (#5540) - Managesieve: Fix parser issue with empty lines between comments (#5657) - Managesieve: Fix possible defect in handling \r\n in scripts (#5685) - Fix variable substitution in ldap host for some use-cases, e.g. new_user_identity (#5544) - Fix adding images to new identity signatures - Fix rsync error handling in installto.sh script (#5562) - Fix some advanced search issues with multiple addressbooks (#5572) - Fix so group/addressbook selection is retained on page refresh - Fix bug where image data URIs in css style were treated as evil/remote in mail preview (#5580) - Fix bug where external content in src attribute of input/video tags was not secured (#5583) - Fix PHP error on update of a contact with multiple email addresses when using PHP 7.1 (#5587) - Fix bug where mail content frame couldn't be reset in some corner cases (#5608) - Fix bug where some classic skin images were not displayed in IE/Edge (#5614) - Fix bug where signature couldn't be added above the quote in Firefox 51 (#5628) - Fix regression where groups with email address were resolved to its members' addresses - Fix update of group name in the contacts list header on group rename (#5648) - Add rewrite rule to disable access to /vendor/bin folder in .htaccess (#5630) - Fix bug where it was too easy accidentally move a folder when using the subscription checkbox (#5655) - Fix XSS issue in handling of a style tag inside of an svg element
Revision 1.54 / (download) - annotate - [select for diffs], Mon Dec 5 16:13:51 2016 UTC (7 years ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2016Q4-base,
pkgsrc-2016Q4
Changes since 1.53: +5 -5
lines
Diff to previous 1.53 (colored)
Update roundcube to 1.2.3, including security fix. pkgsrc changes: * Drop dependency to pear-Mail_mimeDecode. * Update dependency. Other changes: * Add is_IS, ku_IQ and sq_AL locale support. RELEASE 1.2.3 * Searching in both contacts and groups when LDAP addressbook with group_filters option is used * Fix vulnerability in handling of mail()'s 5th argument * Fix To: header encoding in mail sent with mail() method (#5475) * Fix flickering of header topline in min-mode (#5426) * Fix bug where folders list would scroll to top when clicking on subscription checkbox (#5447) * Fix decoding of GB2312/GBK text when iconv is not installed (#5448) * Fix regression where creation of default folders wasn't functioning without prefix (#5460) * Fix bug where deleting folders with subfolders could fail in some cases (#5466) * Fix bug where IMAP password could be exposed via error message (#5472) * Fix bug where it wasn't possible to store more that 2MB objects in memcache/apc, Added memcache_max_allowed_packet and apc_max_allowed_packet settings (#5452) * Fix "Illegal string offset" warning in rcube::log_bug() on PHP 7.1 (#5508) * Fix storing "empty" values in rcube_cache/rcube_cache_shared (#5519) * Fix missing content check when image resize fails on attachment thumbnail generation (#5485) * Fix displaying attached images with wrong Content-Type specified (#5527)
Revision 1.53 / (download) - annotate - [select for diffs], Sat Oct 8 14:41:52 2016 UTC (7 years, 2 months ago) by taca
Branch: MAIN
Changes since 1.52: +5 -5
lines
Diff to previous 1.52 (colored)
Update roundcube to 1.2.2. RELEASE 1.2.2 ------------- - Fix regression in resizing JPEG images with Imagick (#5376) - Managesieve: Fix parsing of vacation date-time with non-default date_format (#5372) - Use SymLinksIfOwnerMatch in .htaccess instead of FollowSymLinks disabled on some hosts for security reasons (#5370) - Wash position:fixed style in HTML mail for better security (#5264) - Fix bug where memcache_debug didn't work for session operations - Fix bug where Message-ID domain part was tied to username instead of current identity (#5385) - Fix bug where blocked.gif couldn't be attached to reply/forward with insecure content - Fix E_DEPRECATED warning when using Auth_SASL::factory() (#5401) - Fix bug where names of downloaded files could be malformed when derived from the message subject (#5404) - Fix so "All" messages selection is resetted on search reset (#5413) - Fix bug where folder creation could fail if personal namespace contained more than one entry (#5403) - Fix error causing empty INBOX listing in Firefox when using an URL with user:password specified (#5400) - Fix PHP warning when handling shared namespace with empty prefix (#5420) - Fix so folders list is scrolled to the selected folder on page load (#5424) - Fix so when moving to Trash we make sure the folder exists (#5192) - Fix displaying size of attachments with zero size - Fix so "Action disabled" error uses more appropriate 404 code (#5440)
Revision 1.52 / (download) - annotate - [select for diffs], Tue Sep 13 15:56:01 2016 UTC (7 years, 2 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2016Q3-base,
pkgsrc-2016Q3
Changes since 1.51: +6 -6
lines
Diff to previous 1.51 (colored)
Update roundcube to 1.2.1. pkgsrc changes: o Split some plugins (enigma, password and zipdownload) to separate packages. o Drop PHP_VERSIONS_ACCEPTED since now it support PHP 7.0. o Rename sockets PKG_OPTIONS to php-sockets. Catch up PR pkg/51370 in a little different way. RELEASE 1.2.1 ------------- - Update TinyMCE to version 4.3.13 (#5309) - Fix bug where errors could have been not logged when per_user_logging=true - Fix bug where message list columns could be in wrong order after column drag-n-drop and list sorting - Fix so minified publickey.js (with cache-buster) is used when available (#5254) - Fix (replace) application/x-tar file extension test as it might not exist in nginx config (#5253) - Fix PHP warning when password_hosts is set, but is not an array (#5260) - Fix redundant keep-alive requests when session_lifetime is greater than ~20000 (#5273) - Fix so subfolders of INBOX can be set as Archive (#5274) - Fix bug where multi-folder search could choose a wrong folder in "this and subfolders" scope (#5282) - Fix bug where multi-folder search didn't work for unsubscribed INBOX (#5259) - Fix bug where "no body" alert could be displayed when sending mailvelope email - Enigma: Fix keys import from inside of an encrypted message (#5285) - Enigma: Fix malformed signed messages with force_7bit=true (#5292) - Enigma: Add possibility to configure gpg binary location (enigma_pgp_binary) - Enigma: Add possibility to export private keys (#5321) - Fix searching by email address in contacts with multiple addresses (#5291) - Fix handling of --delete argument in moduserprefs.sh script (#5296) - Workaround PHP issue by calling closelog() on script shutdown when using log_driver=syslog (#5289) - Fix so upgrade script makes sure program/lib directory does not contain old libraries (#5287) - Fix subscription checkbox state on error in folder subscribe/unsubscribe action (#5243) - Fix bug where microsecond format in logged date didn't work in some cases - Fix conflict in new_user_dialog and password_force_new_user settings (#5275) - Don't create multipart/alternative messages with empty text/plain part (#5283) - Use contact_search_name format in popup on results in compose contacts search - Fix handling of 'mailto' and 'error' arguments in message_before_send hook (#5347) - Fix missing localization of HTML editor when assets_dir != INSTALL_PATH - Fix handling of blockquote tags with mixed case on html2text conversion (#5363) - Fix javascript errors in IE on page with iframe that points to another domain RELEASE 1.2.0 ------------- - Enigma: Added enigma_debug option - Fix message list multi-select/deselect issue (#5219) - Fix bug where getting HTML editor content could steal focus from other form controls (#5223) - Fix bug where contact search menu fields where always unchecked in Larry skin - Fix autoloading of 'html' class - Fix bug where Encrypt button appears when switching editor to HTML (#5235) - Fix XSS issue in href attribute on area tag (#5240) RELEASE 1.2-rc -------------- - Managesieve: Refactored script parser to be 100x faster - Enigma: added option to force users to use signing/encryption - Enigma: Added option to attach public keys to sent mail (#5152) - Enigma: Handle messages with text before an encrypted block (#5149) - Enigma: Handle encrypted/signed content inside message/rfc822 attachments - Enigma: Fix missing html/plain switch on multipart/signed messages (#4963) - Enigma: Disable format=flowed for signed plain text messages (#4960) - Enigma: Fix handling of encrypted + signed messages (#4950) - Enigma: Fix invalid boundary use in signed messages structure - Enable use of TLSv1.1 and TLSv1.2 for IMAP (#4955) - Save copy of original .htaccess file when using installto.sh script (#4947) - Fix regression where some message attachments could be missing on edit/forward (#4939) - Fix regression in displaying contents of message/rfc822 parts (#4937) - Fix handling of message/rfc822 attachments on replies and forwards (#4938) - Fix PDF support detection in Firefox > 19 (#4941) - Fix path traversal vulnerability in setting a skin [CVE-2015-8770] (#4945) - Fix so drag-n-drop of text (e.g. recipient addresses) on compose page actually works (#4944) - Fix .htaccess rewrite rules to not block .well-known URIs (#4943) - Fix mail view scaling on iOS (#4915) - Fix PHP7 warning "session_start(): Session callback expects true/false return value" (#4948) - Fix XSS issue in SVG images handling (#4949) - Fix missing language name in "Add to Dictionary" request in HTML mode (#4951) - Fix (again) security issue in DBMail driver of password plugin [CVE-2015-2181] (#4958) - Fix bug where Archive/Junk buttons were not active after page jump with select=all mode (#4961) - Fix bug in long recipients list parsing for cases where recipient name contained @-char (#4964) - Plugin API: Added addressbook_export hook - Fix additional_message_headers plugin compatibility with Mail_Mime >= 1.9 (#4966) - Hide DSN option in Preferences when smtp_server is not used (#4967) - Fix handling of body parameter in mail compose request - Protect download urls against CSRF using unique request tokens (#4957) - newmail_notifier: Refactor desktop notifications - Fix so contactlist_fields option can be set via config file - Fix so SPECIAL-USE assignments are forced only until user sets special folders (#4782) - Fix performance in reverting order of THREAD result - Fix converting mail addresses with @www. into mailto links (#5197) RELEASE 1.2-beta ---------------- - Update TinyMCE to version 4.2 - Added support for Redis session handler - Removed some deprecated methods: https://github.com/roundcube/roundcubemail/commit/454b0b1c - Remove backward compatibility "layer" of bc.php (#4902) - Add possibility to define date format in write operations for ldap attributes (#3956) - Display attachment size in compose (#1329) - Added possibility to drag-n-drop attachments from mail preview to compose window - Implemented mail messages searching with predefined date interval - PGP encryption support via Mailvelope integration - PGP encryption support via Enigma plugin - PHP7 compatibility fixes (#4836) - Security: Added brute-force attack prevention via login rate limit (#4922) - Security: Added options to validate username/password on logon (#4884) - Security: Improve randomness of security tokens (#4899) - Security: Use random security tokens instead of hashes based on encryption key (#4829) - Security: Improved encrypt/decrypt methods with option to choose the cipher_method (#4492) - Make optional adding of standard signature separator - sig_separator (#3276) - Optimize folder_size() on Cyrus IMAP by using special folder annotation (#4894) - Make optional hidding of folders with name starting with a dot - imap_skip_hidden_folders (#4870) - Add option to enable HTML editor always, except when replying to plain text messages (#4352) - Emoticons: Added option to switch on/off emoticons in compose editor (#2076) - Emoticons: Added option to switch on/off emoticons in plain text messages - Emoticons: All emoticons-related functionality is handled by the plugin now - Installer: Add button to save generated config file in system temp directory (#3553) - Remove common subject prefixes Re:, Re[x]:, Re-x: on reply (#4882) - Added GSSAPI/Kerberos authentication plugin - krb_authentication - Password: Allow temporarily disabling the plugin functionality with a notice - Require Mbstring and OpenSSL extensions (#5166) - Add --config and --type options to moduserprefs.sh script (#4651) - Implemented memcache_debug and apc_debug options - Installer: Remove system() function use (#4695) - Password plugin: Added 'kpasswd' driver by Peter Allgeyer - Add initdb.sh to create database from initial.sql script with prefix support (#4722) - Plugin API: Added disabled_plugins an disabled_buttons options in html_editor hook - Plugin API: Added html2text hook - Plugin API: Added message_part_body hook - Plugin API: Added message_ready hook - Plugin API: Add special onload() method to execute plugin actions before startup (session and GUI initialization) - Implemented UI element to jump to specified page of the messages list (#1677) - Fix searching of contacts to allow remote images for known senders (#4886) - Fix bug where clicking date column with 'arrival' sorting would switch to sorting by 'date' (#4690) - Fix bug where message content could overlap attachments list in Larry skin (#4876) - Fix so microseconds macro (u) in log_date_format works (#4855) - Fix so unrecognized TNEF attachments are displayed on the list of attachments (#5138) - Fix so database_attachments::cleanup() does not remove attachments from other sessions (#4907) - Fix responses list update issue after response name change (#4917) - Fix bug where message preview was unintentionally reset on check-recent action (#4921) - Fix bug where HTML messages with invalid/excessive css styles couldn't be displayed (#4905) - Fix redundant blank lines when using HTML and top posting (#4927) - Fix redundant blank lines on start of text after html to text conversion (#4928) - Fix HTML sanitizer to skip <!-- node type X --> in output (#4932) - Fix invalid LDAP query in ACL user autocompletion (#4934)
Revision 1.48.4.1 / (download) - annotate - [select for diffs], Sat Jun 4 19:39:34 2016 UTC (7 years, 6 months ago) by bsiegert
Branch: pkgsrc-2016Q1
Changes since 1.48: +7 -6
lines
Diff to previous 1.48 (colored) next main 1.49 (colored)
Pullup ticket #5033 - requested by taca mail/roundcube: security fix Revisions pulled up: - mail/roundcube/Makefile 1.81-1.83 - mail/roundcube/PLIST 1.40-1.41 - mail/roundcube/distinfo 1.49-1.51 - mail/roundcube/patches/patch-config.inc.php deleted - mail/roundcube/patches/patch-plugins_password_helpers_passwd-expect 1.1 - mail/roundcube/patches/patch-program_lib_Roundcube_rcube__washtml.php 1.3 --- Module Name: pkgsrc Committed By: taca Date: Thu May 26 03:20:37 UTC 2016 Modified Files: pkgsrc/mail/roundcube: Makefile PLIST distinfo Removed Files: pkgsrc/mail/roundcube/patches: patch-config.inc.php Log Message: Update roundcube to 1.1.5, including security fix. RELEASE 1.1.5 ------------- - Plugin API: Add html2text hook - Plugin API: Added addressbook_export hook - Fix missing emoticons on html-to-text conversion - Fix random "access to this resource is secured against CSRF" message at logout (#4956) - Fix missing language name in "Add to Dictionary" request in HTML mode (#4951) - Enable use of TLSv1.1 and TLSv1.2 for IMAP (#4955) - Fix XSS issue in SVG images handling (#4949) - Fix (again) security issue in DBMail driver of password plugin [CVE-2015-2181] (#4958) - Fix bug where Archive/Junk buttons were not active after page jump with select=all mode (#4961) - Fix bug in long recipients list parsing for cases where recipient name contained @-char (#4964) - Fix additional_message_headers plugin compatibility with Mail_Mime >= 1.9 (#4966) - Hide DSN option in Preferences when smtp_server is not used (#4967) - Protect download urls against CSRF using unique request tokens (#4957) - newmail_notifier: Refactor desktop notifications - Fix so contactlist_fields option can be set via config file - Fix so SPECIAL-USE assignments are forced only until user sets special folders (#4782) - Fix performance in reverting order of THREAD result - Fix converting mail addresses with @www. into mailto links (#5197) --- Module Name: pkgsrc Committed By: taca Date: Thu May 26 03:23:39 UTC 2016 Added Files: pkgsrc/mail/roundcube/patches: patch-plugins_password_helpers_passwd-expect Log Message: Oops, forgot to add a patch file for NetBSD (and perhaps for *BSD) to make password plugin work. --- Module Name: pkgsrc Committed By: taca Date: Thu May 26 23:22:17 UTC 2016 Modified Files: pkgsrc/mail/roundcube: Makefile distinfo Added Files: pkgsrc/mail/roundcube/patches: patch-program_lib_Roundcube_rcube__washtml.php Log Message: Update security path for CVE-2016-5103 (XSS) from upstream. Bump PKGREVISION. --- Module Name: pkgsrc Committed By: taca Date: Sun May 29 15:46:59 UTC 2016 Modified Files: pkgsrc/mail/roundcube: Makefile PLIST distinfo Log Message: Switch to get distfiles from GitHub, noted by David Brownlee via private e-mail. And some installed files are changed, bump PKGREVISION.
Revision 1.51 / (download) - annotate - [select for diffs], Sun May 29 15:46:59 2016 UTC (7 years, 6 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2016Q2-base,
pkgsrc-2016Q2
Changes since 1.50: +5 -5
lines
Diff to previous 1.50 (colored)
Switch to get distfiles from GitHub, noted by David Brownlee via private e-mail. And some installed files are changed, bump PKGREVISION.
Revision 1.50 / (download) - annotate - [select for diffs], Thu May 26 23:22:17 2016 UTC (7 years, 6 months ago) by taca
Branch: MAIN
Changes since 1.49: +2 -1
lines
Diff to previous 1.49 (colored)
Update security path for CVE-2016-5103 (XSS) from upstream. Bump PKGREVISION.
Revision 1.49 / (download) - annotate - [select for diffs], Thu May 26 03:20:37 2016 UTC (7 years, 6 months ago) by taca
Branch: MAIN
Changes since 1.48: +6 -6
lines
Diff to previous 1.48 (colored)
Update roundcube to 1.1.5, including security fix. RELEASE 1.1.5 ------------- - Plugin API: Add html2text hook - Plugin API: Added addressbook_export hook - Fix missing emoticons on html-to-text conversion - Fix random "access to this resource is secured against CSRF" message at logout (#4956) - Fix missing language name in "Add to Dictionary" request in HTML mode (#4951) - Enable use of TLSv1.1 and TLSv1.2 for IMAP (#4955) - Fix XSS issue in SVG images handling (#4949) - Fix (again) security issue in DBMail driver of password plugin [CVE-2015-2181] (#4958) - Fix bug where Archive/Junk buttons were not active after page jump with select=all mode (#4961) - Fix bug in long recipients list parsing for cases where recipient name contained @-char (#4964) - Fix additional_message_headers plugin compatibility with Mail_Mime >= 1.9 (#4966) - Hide DSN option in Preferences when smtp_server is not used (#4967) - Protect download urls against CSRF using unique request tokens (#4957) - newmail_notifier: Refactor desktop notifications - Fix so contactlist_fields option can be set via config file - Fix so SPECIAL-USE assignments are forced only until user sets special folders (#4782) - Fix performance in reverting order of THREAD result - Fix converting mail addresses with @www. into mailto links (#5197)
Revision 1.48 / (download) - annotate - [select for diffs], Sat Dec 26 14:24:48 2015 UTC (7 years, 11 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2016Q1-base,
pkgsrc-2015Q4-base,
pkgsrc-2015Q4
Branch point for: pkgsrc-2016Q1
Changes since 1.47: +7 -7
lines
Diff to previous 1.47 (colored)
Update roundcube to 1.1.4 including security fixes. * Fix a potential path traversal vulnerability. * Adds some measures against brute-force attacks RELEASE 1.1.4 ------------- - Add workaround for https://bugs.php.net/bug.php?id=70757 (#1490582) - Fix duplicate messages in list and wrong count after delete (#1490572) - Fix so Installer requires PHP5 - Make brute force attacks harder by re-generating security token on every failed login (#1490549) - Slow down brute-force attacks by waiting for a second after failed login (#1490549) - Fix .htaccess rewrite rules to not block .well-known URIs (#1490615) - Fix mail view scaling on iOS (#1490551) - Fix so database_attachments::cleanup() does not remove attachments from other sessions (#1490542) - Fix responses list update issue after response name change (#1490555) - Fix bug where message preview was unintentionally reset on check-recent action (#1490563) - Fix bug where HTML messages with invalid/excessive css styles couldn't be displayed (#1490539) - Fix redundant blank lines when using HTML and top posting (#1490576) - Fix redundant blank lines on start of text after html to text conversion (#1490577) - Fix HTML sanitizer to skip <!-- node type X --> in output (#1490583) - Fix invalid LDAP query in ACL user autocompletion (#1490591) - Fix regression in displaying contents of message/rfc822 parts (#1490606) - Fix handling of message/rfc822 attachments on replies and forwards (#1490607) - Fix PDF support detection in Firefox > 19 (#1490610) - Fix path traversal vulnerability (CWE-22) in setting a skin (#1490620) - Fix so drag-n-drop of text (e.g. recipient addresses) on compose page actually works (#1490619)
Revision 1.44.4.1 / (download) - annotate - [select for diffs], Tue Nov 24 19:45:41 2015 UTC (8 years ago) by bsiegert
Branch: pkgsrc-2015Q3
Changes since 1.44: +5 -4
lines
Diff to previous 1.44 (colored) next main 1.45 (colored)
Pullup ticket #4862 - requested by taca mail/roundcube: security fix Revisions pulled up: - mail/roundcube/Makefile 1.77 - mail/roundcube/PLIST 1.38 - mail/roundcube/distinfo 1.45 - mail/roundcube/options.mk 1.14 --- Module Name: pkgsrc Committed By: prlw1 Date: Thu Oct 29 15:54:20 UTC 2015 Modified Files: pkgsrc/mail/roundcube: Makefile PLIST distinfo options.mk Log Message: Update roundcube to 1.1.3 ok taca@ Since Makefile 1.59, the iconv option had no effect - reinstate iconv as being optional. This update to 1.1.3 makes multibyte and openssl a requirement (and drops mcrypt support). RELEASE 1.1.3 ------------- - Fix closing of nested menus (#1490443) - Fix so E_DEPRECATED errors from PEAR libs are ignored by error_reporting change (#1490281) - Fix compatibility with PHP 5.3 in rcube_ldap class (#1490424) - Get rid of Mail_mimeDecode package dependency (#1490416) - Fix "Importing..." message does not hide on error (#1490422) - Fix Compose action in addressbook for results from multiple addressbooks (#1490413) - Fix bug where some messages in multi-folder search couldn't be viewed/printed/downloaded (#1490426) - Fix unintentional messages list page change on page switch in compose addressbook (#1490427) - Fix race-condition in saving user preferences and loading plugin config (#1490431) - Fix so plain text signature field uses monospace font (#1490435) - Fix so links with href == content aren't added to links list on html to text conversion (#1490434) - Fix handling of non-break spaces in html to text conversion (#1490436) - Fix self-reply detection issues (#1490439) - Fix multi-folder search result sorting by arrival date (#1490450) - Fix so *-request@ addresses in Sender: header are also ignored on reply-all (#1490452) - Update to TinyMCE 4.1.10 (#1490405) - Fix draft removal after a message is sent and storing sent message is disabled (#1490467) - Fix so imap folder attribute comparisons are case-insensitive (#1490466) - Fix bug where new messages weren't added to the list in search mode - Fix wrong positioning of message list header on page scroll in Webkit browsers (#1490035) - Fix some javascript errors in rare situations (#1490441) - Fix error when using back button after sending an email (#1490009) - Fix removing signature when switching to identity with an empty sig in HTML mode (#1490470) - Disable links list generation on html-to-text conversion of identities or composed message (#1490437) - Fix "washing" of style elements wrapped into many lines - Fix so input field (e.g. search box) does not loose focus on list load (#1490455) - Fix so css of one html part does not apply to other text parts on message display (#1490505) - Fix XSS issue in drag-n-drop file uploads (#1490530) - Fix handling of plus character in mailto: links (#1490510) - Fix so adding CC/BCC recipients from the sidebar unhides compose form fields in Classic skin (#1490472) - Fix so gc.sh script removes also expired sessions from sql database (#1490512) - Fix support for Mozilla-based browsers, e.g. Pale Moon (#1490517) - Fix various issues with Turkish (and similar) locales (#1490519) - Fix so In-Reply-To header is set also for MDN receipts (#1490523) - Fix missing HTTP_X_FORWARDED_FOR address in generated Received header - Fix issue where Content-Length of some attachments could be set to wrong value causing browser errors (#1490482)
Revision 1.47 / (download) - annotate - [select for diffs], Wed Nov 4 17:41:20 2015 UTC (8 years, 1 month ago) by agc
Branch: MAIN
Changes since 1.46: +1 -2
lines
Diff to previous 1.46 (colored)
Remove duplicate SHA512 digests that crept in.
Revision 1.46 / (download) - annotate - [select for diffs], Tue Nov 3 23:27:19 2015 UTC (8 years, 1 month ago) by agc
Branch: MAIN
Changes since 1.45: +2 -1
lines
Diff to previous 1.45 (colored)
Add SHA512 digests for distfiles for mail category Problems found locating distfiles: Package mutt: missing distfile patch-1.5.24.rr.compressed.gz Package p5-Email-Valid: missing distfile Email-Valid-1.198.tar.gz Package pine: missing distfile fancy.patch.gz Package postgrey: missing distfile targrey-0.31-postgrey-1.34.patch Package qmail: missing distfile badrcptto.patch Package qmail: missing distfile outgoingip.patch Package qmail: missing distfile qmail-1.03-realrcptto-2006.12.10.patch Package qmail: missing distfile qmail-smtpd-viruscan-1.3.patch Package thunderbird24: missing distfile enigmail-1.7.2.tar.gz Package thunderbird31: missing distfile enigmail-1.7.2.tar.gz Otherwise, existing SHA1 digests verified and found to be the same on the machine holding the existing distfiles (morden). All existing SHA1 digests retained for now as an audit trail.
Revision 1.45 / (download) - annotate - [select for diffs], Thu Oct 29 15:54:20 2015 UTC (8 years, 1 month ago) by prlw1
Branch: MAIN
Changes since 1.44: +5 -4
lines
Diff to previous 1.44 (colored)
Update roundcube to 1.1.3 ok taca@ Since Makefile 1.59, the iconv option had no effect - reinstate iconv as being optional. This update to 1.1.3 makes multibyte and openssl a requirement (and drops mcrypt support). RELEASE 1.1.3 ------------- - Fix closing of nested menus (#1490443) - Fix so E_DEPRECATED errors from PEAR libs are ignored by error_reporting change (#1490281) - Fix compatibility with PHP 5.3 in rcube_ldap class (#1490424) - Get rid of Mail_mimeDecode package dependency (#1490416) - Fix "Importing..." message does not hide on error (#1490422) - Fix Compose action in addressbook for results from multiple addressbooks (#1490413) - Fix bug where some messages in multi-folder search couldn't be viewed/printed/downloaded (#1490426) - Fix unintentional messages list page change on page switch in compose addressbook (#1490427) - Fix race-condition in saving user preferences and loading plugin config (#1490431) - Fix so plain text signature field uses monospace font (#1490435) - Fix so links with href == content aren't added to links list on html to text conversion (#1490434) - Fix handling of non-break spaces in html to text conversion (#1490436) - Fix self-reply detection issues (#1490439) - Fix multi-folder search result sorting by arrival date (#1490450) - Fix so *-request@ addresses in Sender: header are also ignored on reply-all (#1490452) - Update to TinyMCE 4.1.10 (#1490405) - Fix draft removal after a message is sent and storing sent message is disabled (#1490467) - Fix so imap folder attribute comparisons are case-insensitive (#1490466) - Fix bug where new messages weren't added to the list in search mode - Fix wrong positioning of message list header on page scroll in Webkit browsers (#1490035) - Fix some javascript errors in rare situations (#1490441) - Fix error when using back button after sending an email (#1490009) - Fix removing signature when switching to identity with an empty sig in HTML mode (#1490470) - Disable links list generation on html-to-text conversion of identities or composed message (#1490437) - Fix "washing" of style elements wrapped into many lines - Fix so input field (e.g. search box) does not loose focus on list load (#1490455) - Fix so css of one html part does not apply to other text parts on message display (#1490505) - Fix XSS issue in drag-n-drop file uploads (#1490530) - Fix handling of plus character in mailto: links (#1490510) - Fix so adding CC/BCC recipients from the sidebar unhides compose form fields in Classic skin (#1490472) - Fix so gc.sh script removes also expired sessions from sql database (#1490512) - Fix support for Mozilla-based browsers, e.g. Pale Moon (#1490517) - Fix various issues with Turkish (and similar) locales (#1490519) - Fix so In-Reply-To header is set also for MDN receipts (#1490523) - Fix missing HTTP_X_FORWARDED_FOR address in generated Received header - Fix issue where Content-Length of some attachments could be set to wrong value causing browser errors (#1490482)
Revision 1.44 / (download) - annotate - [select for diffs], Sat Jun 6 14:14:12 2015 UTC (8 years, 6 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2015Q3-base,
pkgsrc-2015Q2-base,
pkgsrc-2015Q2
Branch point for: pkgsrc-2015Q3
Changes since 1.43: +4 -4
lines
Diff to previous 1.43 (colored)
Update roundcube to 1.1.2. It includes security fix. RELEASE 1.1.2 ------------- - Add new plugin hook 'identity_create_after' providing the ID of the inserted identity (#1490358) - Add option to place signature at bottom of the quoted text even in top-posting mode [sig_below] - Fix handling of %-encoded entities in mailto: URLs (#1490346) - Fix zipped messages downloads after selecting all messages in a folder (#1490339) - Fix vpopmaild driver of password plugin - Fix PHP warning: Non-static method PEAR::setErrorHandling() should not be called statically (#1490343) - Fix tables listing routine on mysql and postgres so it skips system or other database tables and views (#1490337) - Fix message list header in classic skin on window resize in Internet Explorer (#1490213) - Fix so text/calendar parts are listed as attachments even if not marked as such (#1490325) - Fix lack of signature separator for plain text signatures in html mode (#1490352) - Fix font artifact in Google Chrome on Windows (#1490353) - Fix bug where forced extwin page reload could exit from the extwin mode (#1490350) - Fix bug where some unrelated attachments in multipart/related message were not listed (#1490355) - Fix mouseup event handling when dragging a list record (#1490359) - Fix bug where preview_pane setting wasn't always saved into user preferences (#1490362) - Fix bug where messages count was not updated after message move/delete with skip_deleted=false (#1490372) - Fix security issue in contact photo handling (#1490379) - Fix possible memcache/apc cache data consistency issues (#1490390) - Fix bug where imap_conn_options were ignored in IMAP connection test (#1490392) - Fix bug where some files could have "executable" extension when stored in temp folder (#1490377) - Fix attached file path unsetting in database_attachments plugin (#1490393) - Fix issues when using moduserprefs.sh without --user argument (#1490399) - Fix potential info disclosure issue by protecting directory access (#1490378) - Fix blank image in html_signature when saving identity changes (#1490412) - Installer: Use openssl_random_pseudo_bytes() (if available) to generate des_key (#1490402) - Fix XSS vulnerability in _mbox argument handling (#1490417)
Revision 1.43 / (download) - annotate - [select for diffs], Sun May 24 14:48:54 2015 UTC (8 years, 6 months ago) by jym
Branch: MAIN
Changes since 1.42: +3 -1
lines
Diff to previous 1.42 (colored)
- install SQL update scripts used by installer for upgrading DB schemas; - change rights for the spool, log and tmp directories from 0755 to 0750, they contain sensitive information depending on configuration; - fix the default paths of potential mime.types files; - change config.inc.php to respect pkgsrc paths especially VARBASE; No regression expected. Bump rev. ok taca@.
Revision 1.42 / (download) - annotate - [select for diffs], Thu Mar 19 15:46:26 2015 UTC (8 years, 8 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2015Q1-base,
pkgsrc-2015Q1
Changes since 1.41: +4 -4
lines
Diff to previous 1.41 (colored)
Update roundcube to 1.1.1, a leaf package. RELEASE 1.1.1 ------------- - ACL: Allow other plugins to adjust the list of permissions and groups to edit - Add possibility to print contact information (of a single contact) - Add possibility to configure max_allowed_packet value for all database engines (#1490283) - Improved handling of storage errors after message is sent - Update to TinyMCE 4.1.9 - Unified request* event arguments handling, added support for _unlock and _action parameters - Security: Generate random hash for the per-user local storage prefix (#1490279) - Fix refreshing of drafts list when sending a message which was saved in meantime (#1490238) - Fix saving/sending emoticon images when assets_dir is set - Fix PHP fatal error when visiting Vacation interface and there's no sieve script yet (#1490292) - Fix setting max packet size for DB caches and check packet size also in shared cache - Fix needless security warning on BMP attachments display (#1490282) - Fix handling of some improper constructs in format=flowed text as per the RFC3676[4.5] (#1490284) - Fix performance of rcube_db_mysql::get_variable() - Fix missing or not up-to-date CATEGORIES entry in vCard export (#1490277) - Fix fatal errors on systems without mbstring extension or mb_regex_encoding() function (#1490280) - Fix cursor position on reply below the quote in HTML mode (#1490263) - Fix so "over quota" errors are displayed also in message compose page - Fix duplicate entries supression in autocomplete result (#1490290) - Fix "Non-static method PEAR::isError() should not be called statically" errors (#1490281) - Fix parsing invalid HTML messages with BOM after <!DOCTYPE> (#1490291) - Fix duplicate entry on timezones list in rcube_config::timezone_name_from_abbr() (#1490293) - Fix so localized folder name is displayed in multi-folder search result (#1490243) - Fix javascript error after creating a folder which is a subfolder of another one (#1490297) - Fix bug where subject of sent/saved message was removed if mbstring wasn't installed (#1490295) - Fix missing vcard_attachment icon on messages list (#1490303) - Fix storing signatures with big images in MySQL database (#1490306) - Fix Opera browser detection in javascript (#1490307) - Fix so search filter, scope and fields are reset on folder change - Fix rows count when messages search fails (#1490266) - Fix bug where spellchecking in HTML editor do not work after switching editor type more than once (#1490311) - Fix bug where TinyMCE area height was too small on slow network connection (#1490310) - Fix backtick character handling in sql queries (#1490312) - Fix redirct URL for attachments loaded in an iframe when behind proxy (#1490191) - Fix menu container references to point to the actual <ul> element (#1490313) - Fix javascripts errors in IE8 - lack of Event.which, focusing a hidden element (#1490318)
Revision 1.41 / (download) - annotate - [select for diffs], Tue Feb 17 03:52:31 2015 UTC (8 years, 9 months ago) by taca
Branch: MAIN
Changes since 1.40: +1 -3
lines
Diff to previous 1.40 (colored)
Remove patch-installer_check.php and add dependency to php-exif since roundcube use php-exif if available and comment in patch-installer_check.php was wrong. Bump PKGREVISION.
Revision 1.40 / (download) - annotate - [select for diffs], Mon Feb 16 15:33:32 2015 UTC (8 years, 9 months ago) by adam
Branch: MAIN
Changes since 1.39: +7 -7
lines
Diff to previous 1.39 (colored)
Changes 1.1.0: Allow searching across multiple folders Improved support for screen readers and assistive technology using WCAG 2.0 and WAI ARIA standards Update to TinyMCE 4.1 to support images in HTML signatures (copy & paste) Added namespace filter and folder searching in folder manager New config option to disable UI elements/actions Stronger password encryption using OpenSSL Support for the IMAP SPECIAL-USE extension Support for Oracle as database backend Manage 3rd party libs with Composer
Revision 1.38.2.1 / (download) - annotate - [select for diffs], Thu Feb 5 18:45:28 2015 UTC (8 years, 10 months ago) by tron
Branch: pkgsrc-2014Q4
Changes since 1.38: +4 -4
lines
Diff to previous 1.38 (colored) next main 1.39 (colored)
Pullup ticket #4601 - requested by taca mail/roundcube: security update Revisions pulled up: - mail/roundcube/Makefile 1.66 - mail/roundcube/distinfo 1.39 --- Module Name: pkgsrc Committed By: taca Date: Sat Jan 24 16:36:29 UTC 2015 Modified Files: pkgsrc/mail/roundcube: Makefile distinfo Log Message: Update roundcube to 1.0.5. RELEASE 1.0.5 ------------- - Fix bug where some valid text in a message was handled as uuencoded attachment - Fix wrong icon for download button in classic skin - Fix bug where sent message was saved in Sent folder even if disabled by user (#1490208) - Fix checks based on window.ActiveXObject in IE > 10 - Fix XSS issue in style attribute handling (#1490227) - Fix bug where Drafts list wasn't updated on draft-save action in new window (#1490225) - Fix so "set as default" option is hidden if identities_level > 1 (#1490226) - Fix bug where search was reset after returning from compose visited for reply - Fix javascript error in "IE 8.0/Tablet PC" browser (#1490210) - Fix bug where empty fieldmap config entries caused empty results of ldap search (#1490229)
Revision 1.39 / (download) - annotate - [select for diffs], Sat Jan 24 16:36:29 2015 UTC (8 years, 10 months ago) by taca
Branch: MAIN
Changes since 1.38: +4 -4
lines
Diff to previous 1.38 (colored)
Update roundcube to 1.0.5. RELEASE 1.0.5 ------------- - Fix bug where some valid text in a message was handled as uuencoded attachment - Fix wrong icon for download button in classic skin - Fix bug where sent message was saved in Sent folder even if disabled by user (#1490208) - Fix checks based on window.ActiveXObject in IE > 10 - Fix XSS issue in style attribute handling (#1490227) - Fix bug where Drafts list wasn't updated on draft-save action in new window (#1490225) - Fix so "set as default" option is hidden if identities_level > 1 (#1490226) - Fix bug where search was reset after returning from compose visited for reply - Fix javascript error in "IE 8.0/Tablet PC" browser (#1490210) - Fix bug where empty fieldmap config entries caused empty results of ldap search (#1490229)
Revision 1.36.2.1 / (download) - annotate - [select for diffs], Sun Dec 21 09:52:54 2014 UTC (8 years, 11 months ago) by tron
Branch: pkgsrc-2014Q3
Changes since 1.36: +4 -4
lines
Diff to previous 1.36 (colored) next main 1.37 (colored)
Pullup ticket #4576 - requested by taca mail/roundcube: security update Revisions pulled up: - mail/roundcube/Makefile 1.64-1.65 - mail/roundcube/PLIST 1.33 - mail/roundcube/distinfo 1.37-1.38 --- Module Name: pkgsrc Committed By: adam Date: Tue Oct 7 10:22:49 UTC 2014 Modified Files: pkgsrc/mail/roundcube: Makefile distinfo Log Message: Changes 1.0.3: - Fix insert-signature command in external compose window if opened from inline compose screen - Initialize HTML editor before restoring a message from localStorage - Add 'sig_max_lines' config option to default config file - Add option to specify IMAP connection socket parameters - imap_conn_options - Add option to set default message list mode - default_list_mode - Enable contextmenu plugin for TinyMCE editor - Fix some mime-type to extension mapping checks in Installer - Fix errors when using localStorage in Safari's private browsing mode - Fix bug where $Forwarded flag was being set even if server didn't support it - Fix various iCloud vCard issues, added fallback for external photos - Fix invalid Content-Type header when send_format_flowed=false - Fix errors when adding/updating contacts in active search - Fix incorrect thumbnail rotation with GD and exif orientation data - Fix contacts list update after adding/deleting/moving a contact - Fix handling of email addresses with quoted domain part - Fix comm_path update on task switch - Fix error in MSSQL update script 2013061000.sql - Fix validation of email addresses with IDNA domains --- Module Name: pkgsrc Committed By: taca Date: Fri Dec 19 03:32:00 UTC 2014 Modified Files: pkgsrc/mail/roundcube: Makefile PLIST distinfo Log Message: Update roundcube to 1.0.4, which contains fix for possible CSRF attack. RELEASE 1.0.4 ------------- - Disable TinyMCE contextmenu plugin as there are more cons than pros in using it (#1490118) - Fix bug where show_real_foldernames setting wasn't honored on compose page (#1490153) - Fix issue where Archive folder wasn't protected in Folder Manager (#1490154) - Fix compatibility with PHP 5.2. in rcube_imap_generic (#1490115) - Fix setting flags on servers with no PERMANENTFLAGS response (#1490087) - Fix regression in SHAA password generation in ldap driver of password plugin (#1490094) - Fix displaying of HTML messages with absolutely positioned elements in Larry skin (#1490103) - Fix font style display issue in HTML messages with styled <span> elements (#1490101) - Fix download of attachments that are part of TNEF message (#1490091) - Fix handling of uuencoded messages if messages_cache is enabled (#1490108) - Fix handling of base64-encoded attachments with extra spaces (#1490111) - Fix handling of UNKNOWN-CTE response, try do decode content client-side (#1490046) - Fix bug where creating subfolders in shared folders wasn't possible without ACL extension (#1490113) - Fix reply scrolling issue with text mode and start message below the quote (#1490114) - Fix possible issues in skin/skin_path config handling (#1490125) - Fix lack of delimiter for recipient addresses in smtp_log (#1490150) - Fix generation of Blowfish-based password hashes (#1490184) - Fix bugs where CSRF attacks were still possible on some requests
Revision 1.38 / (download) - annotate - [select for diffs], Fri Dec 19 03:32:00 2014 UTC (8 years, 11 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2014Q4-base
Branch point for: pkgsrc-2014Q4
Changes since 1.37: +4 -4
lines
Diff to previous 1.37 (colored)
Update roundcube to 1.0.4, which contains fix for possible CSRF attack. RELEASE 1.0.4 ------------- - Disable TinyMCE contextmenu plugin as there are more cons than pros in using it (#1490118) - Fix bug where show_real_foldernames setting wasn't honored on compose page (#1490153) - Fix issue where Archive folder wasn't protected in Folder Manager (#1490154) - Fix compatibility with PHP 5.2. in rcube_imap_generic (#1490115) - Fix setting flags on servers with no PERMANENTFLAGS response (#1490087) - Fix regression in SHAA password generation in ldap driver of password plugin (#1490094) - Fix displaying of HTML messages with absolutely positioned elements in Larry skin (#1490103) - Fix font style display issue in HTML messages with styled <span> elements (#1490101) - Fix download of attachments that are part of TNEF message (#1490091) - Fix handling of uuencoded messages if messages_cache is enabled (#1490108) - Fix handling of base64-encoded attachments with extra spaces (#1490111) - Fix handling of UNKNOWN-CTE response, try do decode content client-side (#1490046) - Fix bug where creating subfolders in shared folders wasn't possible without ACL extension (#1490113) - Fix reply scrolling issue with text mode and start message below the quote (#1490114) - Fix possible issues in skin/skin_path config handling (#1490125) - Fix lack of delimiter for recipient addresses in smtp_log (#1490150) - Fix generation of Blowfish-based password hashes (#1490184) - Fix bugs where CSRF attacks were still possible on some requests
Revision 1.37 / (download) - annotate - [select for diffs], Tue Oct 7 10:22:49 2014 UTC (9 years, 2 months ago) by adam
Branch: MAIN
Changes since 1.36: +4 -4
lines
Diff to previous 1.36 (colored)
Changes 1.0.3: - Fix insert-signature command in external compose window if opened from inline compose screen - Initialize HTML editor before restoring a message from localStorage - Add 'sig_max_lines' config option to default config file - Add option to specify IMAP connection socket parameters - imap_conn_options - Add option to set default message list mode - default_list_mode - Enable contextmenu plugin for TinyMCE editor - Fix some mime-type to extension mapping checks in Installer - Fix errors when using localStorage in Safari's private browsing mode - Fix bug where $Forwarded flag was being set even if server didn't support it - Fix various iCloud vCard issues, added fallback for external photos - Fix invalid Content-Type header when send_format_flowed=false - Fix errors when adding/updating contacts in active search - Fix incorrect thumbnail rotation with GD and exif orientation data - Fix contacts list update after adding/deleting/moving a contact - Fix handling of email addresses with quoted domain part - Fix comm_path update on task switch - Fix error in MSSQL update script 2013061000.sql - Fix validation of email addresses with IDNA domains
Revision 1.36 / (download) - annotate - [select for diffs], Wed Jul 23 15:25:28 2014 UTC (9 years, 4 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2014Q3-base
Branch point for: pkgsrc-2014Q3
Changes since 1.35: +4 -5
lines
Diff to previous 1.35 (colored)
Changes 1.0.2: - Fix storing unsaved drafts in localStorage - Fix redundant horizontal scrollbar in HTML editor - Fix PHP error in Preferences when default_folders was in dont_override - Add configurable LDAP_OPT_DEREF option - Fix unintentional draft autosave request if autosave is disabled - Fix malformed References: header in send/saved mail - Fix handling unicode characters in links - Fix incorrect handling of HTML comments in messages sanitization code - Fix so current page is reset on list-mode change - Fix so responses menu hides on click in classic skin - Fix unintentional line-height style modification in HTML messages - Fix broken normalize_string(), add support for ISO-8859-2 - Support csv contacts import in German localization - Fix so message list and counters are updated when a message is opened in new window - Fix malformed recipient name when composing a message by clicking on mailto link - Fix list reload after sending message in another window - Fix so address format errors are ignored when saving a draft - Fix incorrect label translation in return receipt - Fix security issue in delete-response action - allow only ajax request - Fix Delete button state after deleting identity/response - Fix bug where contacts with no email address were listed on compose addressbook - Fix images import from various vCard formats - Fix sorting messages by size on servers without SORT capability
Revision 1.35 / (download) - annotate - [select for diffs], Sun Jun 8 13:35:24 2014 UTC (9 years, 6 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2014Q2-base,
pkgsrc-2014Q2
Changes since 1.34: +7 -8
lines
Diff to previous 1.34 (colored)
Update roundcube to 1.0.1. Add dependency to net/pear-Net_Sieve. Please refer UPGRADING from older relase, especially configuration files are changed. Please refer CHANGELOG for detail.
Revision 1.33.2.1 / (download) - annotate - [select for diffs], Mon Oct 28 13:53:32 2013 UTC (10 years, 1 month ago) by tron
Branch: pkgsrc-2013Q3
Changes since 1.33: +5 -5
lines
Diff to previous 1.33 (colored) next main 1.34 (colored)
Pullup ticket #4249 - requested by taca mail/roundcube: security update Revisions pulled up: - mail/roundcube/Makefile 1.60 - mail/roundcube/distinfo 1.34 - mail/roundcube/patches/patch-aa 1.11 --- Module Name: pkgsrc Committed By: taca Date: Tue Oct 22 03:21:45 UTC 2013 Modified Files: pkgsrc/mail/roundcube: Makefile distinfo pkgsrc/mail/roundcube/patches: patch-aa Log Message: Update roundcube to 0.9.5. This release contains fix for CVE-2013-6172. RELEASE 0.9.5 ------------- - Fix failing vCard import when email address field contains spaces (#1489386) - Fix default spell-check configuration after Google suspended their spell service - Fix vulnerability in handling _session argument of utils/save-prefs (#1489382) - Fix iframe onload for upload errors handling (#1489379) - Fix address matching in Return-Path header on identity selection (#1489374) - Fix text wrapping issue with long unwrappable lines (#1489371) - Fixed mispelling: occured -> occurred (#1489366) - Fixed issues where HTML comments inside style tag would hang Internet Explorer - Fix setting domain in virtualmin password driver (#1489332) - Hide Delivery Status Notification option when smtp_server is unset (#1489336) - Display full attachment name using title attribute when name is too long to display (#1489320) - Fix attachment icon issue when rare font/language is used (#1489326) - Fix expanded thread root message styling after refreshing messages list (#1489327) - Fix issue where From address was removed from Cc and Bcc fields when editing a draft (#1489319) - Fix error_reporting directive check (#1489323) - Fix de_DE localization of "About" label in Help plugin (#1489325)
Revision 1.34 / (download) - annotate - [select for diffs], Tue Oct 22 03:21:45 2013 UTC (10 years, 1 month ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2014Q1-base,
pkgsrc-2014Q1,
pkgsrc-2013Q4-base,
pkgsrc-2013Q4
Changes since 1.33: +5 -5
lines
Diff to previous 1.33 (colored)
Update roundcube to 0.9.5. This release contains fix for CVE-2013-6172. RELEASE 0.9.5 ------------- - Fix failing vCard import when email address field contains spaces (#1489386) - Fix default spell-check configuration after Google suspended their spell service - Fix vulnerability in handling _session argument of utils/save-prefs (#1489382) - Fix iframe onload for upload errors handling (#1489379) - Fix address matching in Return-Path header on identity selection (#1489374) - Fix text wrapping issue with long unwrappable lines (#1489371) - Fixed mispelling: occured -> occurred (#1489366) - Fixed issues where HTML comments inside style tag would hang Internet Explorer - Fix setting domain in virtualmin password driver (#1489332) - Hide Delivery Status Notification option when smtp_server is unset (#1489336) - Display full attachment name using title attribute when name is too long to display (#1489320) - Fix attachment icon issue when rare font/language is used (#1489326) - Fix expanded thread root message styling after refreshing messages list (#1489327) - Fix issue where From address was removed from Cc and Bcc fields when editing a draft (#1489319) - Fix error_reporting directive check (#1489323) - Fix de_DE localization of "About" label in Help plugin (#1489325)
Revision 1.33 / (download) - annotate - [select for diffs], Fri Sep 13 11:13:49 2013 UTC (10 years, 2 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2013Q3-base
Branch point for: pkgsrc-2013Q3
Changes since 1.32: +7 -5
lines
Diff to previous 1.32 (colored)
Update roundcubemail to 0.9.4. pkgsrc changes: * Make installer work. * Add various dependency to PHP extensions. RELEASE 0.9.4 ------------- - Make identities matching case insensitive (#1485480) - Fix issue where too big message data was stored in cache causing sql errors (#1489316) - Fix iframe scrollbars on webkit desktop browsers (#1489306) - Fix issue where legacy config was overriden by default config (#1489288) - Fix newmail_notifier issue where favicon wasn't changed back to default (#1489313) - Fix setting of Junk and NonJunk flags by markasjunk plugin (#1489285) - Fix lack of Reply-To address in header of forwarded message body (#1489298) - Fix bugs when invoking contact creation form when read-only addressbook is selected (#1489296) - Fix identity selection on reply (#1489291) - Fix so additional headers are added to all messages sent (#1489284) - Fix display issue after moving folder in Folder Manager (#1489293) - Fix handling of non-default date formats (#1489294) - Fix unquoted path in PREG expression on Windows (#1489290) - Fix Junk folder icon alignment when it's nested in inbox folder (#1489292) - Fix wrong close tag in /template/mail.html (#1489295)
Revision 1.31.2.1 / (download) - annotate - [select for diffs], Sun Aug 25 17:44:15 2013 UTC (10 years, 3 months ago) by tron
Branch: pkgsrc-2013Q2
Changes since 1.31: +4 -4
lines
Diff to previous 1.31 (colored) next main 1.32 (colored)
Pullup ticket #4224 - requested by taca
mail/roundcube: security update
Revisions pulled up:
- mail/roundcube/Makefile 1.58
- mail/roundcube/PLIST 1.30
- mail/roundcube/distinfo 1.32
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Aug 22 17:08:10 UTC 2013
Modified Files:
pkgsrc/mail/roundcube: Makefile PLIST distinfo
Log Message:
Update roundcube to 0.9.3.
RELEASE 0.9.3
-------------
- Fix setting refresh_interval to "Never" in Preferences (#1489286)
- Optimized UI behavior for touch devices
- Fix purge action in folder manager (#1489280)
- Fix base URL resolving on attribute values with no quotes (#1489275)
- Fix wrong handling of links with '|' character (#1489276)
- Fix colorspace issue on image conversion using ImageMagick (#1489270)
- Fix XSS vulnerability when saving HTML signatures (#1489251)
- Fix XSS vulnerability when editing a message "as new" or draft (#1489251)
- Fix rewrite rule in .htaccess (#1489240)
- Fix detecting Turkish language in ISO-8859-9 encoding (#1489252)
- Fix identity-selection using Return-Path headers (#1489241)
- Fix parsing of links with ... in URL (#1489192)
- Fix compose priority selector when opening in new window (#1489257)
- Fix bug where signature wasn't changed on identity selection when editing
a draft (#1489229)
- Fix IMAP SETMETADATA parameters quoting (#1489231)
- Fix "could not load message" error on valid empty message body (#1489228)
- Fix handling of message/rfc822 attachments on message forward and edit
(#1489214)
- Fix parsing of square bracket characters in IMAP response strings (#1489223)
- Don't clear References and in-Reply-To when a message is "edited as new"
(#1489216)
- Fix messages list sorting with THREAD=REFS
- Remove deprecated (in PHP 5.5) PREG /e modifier usage (#1489174)
- Fix empty messages list when register_globals is enabled (#1489157)
- Fix so valid and set date.timezone is not required by installer checks
(#1489180)
- Canonize boolean ini_get() results (#1489189)
- Fix so install do not fail when one of DB driver checks fails but other
drivers exist (#1489178)
- Fix so exported vCard specifies encoding in v3-compatible format (#1489183)
Revision 1.32 / (download) - annotate - [select for diffs], Thu Aug 22 17:08:10 2013 UTC (10 years, 3 months ago) by taca
Branch: MAIN
Changes since 1.31: +4 -4
lines
Diff to previous 1.31 (colored)
Update roundcube to 0.9.3. RELEASE 0.9.3 ------------- - Fix setting refresh_interval to "Never" in Preferences (#1489286) - Optimized UI behavior for touch devices - Fix purge action in folder manager (#1489280) - Fix base URL resolving on attribute values with no quotes (#1489275) - Fix wrong handling of links with '|' character (#1489276) - Fix colorspace issue on image conversion using ImageMagick (#1489270) - Fix XSS vulnerability when saving HTML signatures (#1489251) - Fix XSS vulnerability when editing a message "as new" or draft (#1489251) - Fix rewrite rule in .htaccess (#1489240) - Fix detecting Turkish language in ISO-8859-9 encoding (#1489252) - Fix identity-selection using Return-Path headers (#1489241) - Fix parsing of links with ... in URL (#1489192) - Fix compose priority selector when opening in new window (#1489257) - Fix bug where signature wasn't changed on identity selection when editing a draft (#1489229) - Fix IMAP SETMETADATA parameters quoting (#1489231) - Fix "could not load message" error on valid empty message body (#1489228) - Fix handling of message/rfc822 attachments on message forward and edit (#1489214) - Fix parsing of square bracket characters in IMAP response strings (#1489223) - Don't clear References and in-Reply-To when a message is "edited as new" (#1489216) - Fix messages list sorting with THREAD=REFS - Remove deprecated (in PHP 5.5) PREG /e modifier usage (#1489174) - Fix empty messages list when register_globals is enabled (#1489157) - Fix so valid and set date.timezone is not required by installer checks (#1489180) - Canonize boolean ini_get() results (#1489189) - Fix so install do not fail when one of DB driver checks fails but other drivers exist (#1489178) - Fix so exported vCard specifies encoding in v3-compatible format (#1489183)
Revision 1.31 / (download) - annotate - [select for diffs], Sun Jun 16 22:04:07 2013 UTC (10 years, 5 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2013Q2-base
Branch point for: pkgsrc-2013Q2
Changes since 1.30: +6 -25
lines
Diff to previous 1.30 (colored)
Update roundcube to 0.9.2. RELEASE 0.9.2 ------------- - Fix image thumbnails display in print mode (#1489134) - Fix height of message headers block (#1489108) - Fix timeout issue on drag&drop uploads (#1489170) - Fix default sorting of threaded list when THREAD=REFS isn't supported - Fix list mode switch to 'List' after saving list settings in Larry skin (#1489164) - Fix error when there's no writeable addressbook source (#1489162) - Fix zipdownload plugin issue with filenames charset (#1489156) - Fix so non-inline images aren't skipped on forward (#1489150) - Fix "null" instead of empty string on messages list in IE10 (#1489145) - Fix legacy options handling - Fix so bounces addresses in Sender headers are skipped on Reply-All (#1489011) - Fix bug where serialized strings were truncated in PDO::quote() (#1489142) - Fix displaying messages with invalid self-closing HTML tags (#1489137) - Fix PHP warning when responding to a message with many Return-Path headers (#1489136) - Fix unintentional compose window resize (#1489114) - Fix performance regression in text wrapping function (#1489133) - Fix connection to posgtres db using unix socket (#1489132) - Fix handling of comma when adding contact from contacts widget (#1489107) - Fix bug where a message was opened in both preview pane and new window on double-click (#1489122) - Fix fatal error when xdebug.max_nesting_level was exceeded in rcube_washtml (#1489110) - Fix PHP warning in html_table::set_row_attribs() in PHP 5.4 (#1489094) - Fix invalid option selected in default_font selector when font is unset (#1489112) - Fix displaying contact with ID divisible by 100 in sql addressbook (#1489121) - Fix browser warnings on PDF plugin detection (#1489118) - Fix fatal error when parsing UUencoded messages (#1489119)
Revision 1.30 / (download) - annotate - [select for diffs], Sat Jun 15 16:08:09 2013 UTC (10 years, 5 months ago) by taca
Branch: MAIN
Changes since 1.29: +26 -7
lines
Diff to previous 1.29 (colored)
Update roundcube to 0.9.1. Changes are too any to write here and please refer CHANGELOG. pkgsrc changes: * Add note to enable access_compat_module Apache 2.3 or later. * Make php-mcrypt mandatory. * Clean up PKG_OPTIONS. * Add several patches from official repository.
Revision 1.29 / (download) - annotate - [select for diffs], Thu Mar 28 17:24:39 2013 UTC (10 years, 8 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2013Q1-base,
pkgsrc-2013Q1
Changes since 1.28: +4 -4
lines
Diff to previous 1.28 (colored)
Update roundcube to 0.8.6. - Fix security issue in save-pref command.
Revision 1.27.2.1 / (download) - annotate - [select for diffs], Mon Feb 11 14:25:59 2013 UTC (10 years, 10 months ago) by tron
Branch: pkgsrc-2012Q4
Changes since 1.27: +4 -4
lines
Diff to previous 1.27 (colored) next main 1.28 (colored)
Pullup ticket #4061 - requested by taca
mail/roundcube: security update
Revisions pulled up:
- mail/roundcube/Makefile 1.50-1.51
- mail/roundcube/PLIST 1.26
- mail/roundcube/distinfo 1.28
- mail/roundcube/files/roundcube.conf 1.5
---
Module Name: pkgsrc
Committed By: jym
Date: Tue Jan 8 23:27:55 UTC 2013
Modified Files:
pkgsrc/mail/roundcube/files: roundcube.conf
Log Message:
roundcube defines its default configuration in .htaccess files and this
will take precedence over any parameter specified in the <Directory>
section.
So remove the php blocks and add a comment to explain this.
---
Module Name: pkgsrc
Committed By: jym
Date: Thu Jan 10 00:15:55 UTC 2013
Modified Files:
pkgsrc/mail/roundcube: Makefile
Log Message:
Bump revision, as noted by wiz@ and gdt@. Thanks!
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Feb 8 14:01:03 UTC 2013
Modified Files:
pkgsrc/mail/roundcube: Makefile PLIST distinfo
Log Message:
Update roundcube to 0.8.5.
CHANGELOG Roundcube Webmail
===========================
- Fix #countcontrols issue in IE<=8 when text is very long (#1488890)
- Fix unwanted horizontal scrollbar in message preview header (#1488866)
- Add workaround for IE<=8 bug where Content-Disposition:inline was ignored
(#1488844)
- Fix XSS vulnerability in vbscript: and data:text links handling (#1488850)
- Fix absolute positioning in HTML messages (#1488819)
- Fix keybord events on messages list in opera browser (#1488823)
- Fix cache (in)validation after setting \Deleted flag
- Fix selection of collapsed thread rows (#1488772)
- Fix wrapping of quoted text with format=flowed (#1488177)
Revision 1.28 / (download) - annotate - [select for diffs], Fri Feb 8 14:01:03 2013 UTC (10 years, 10 months ago) by taca
Branch: MAIN
Changes since 1.27: +4 -4
lines
Diff to previous 1.27 (colored)
Update roundcube to 0.8.5. CHANGELOG Roundcube Webmail =========================== - Fix #countcontrols issue in IE<=8 when text is very long (#1488890) - Fix unwanted horizontal scrollbar in message preview header (#1488866) - Add workaround for IE<=8 bug where Content-Disposition:inline was ignored (#1488844) - Fix XSS vulnerability in vbscript: and data:text links handling (#1488850) - Fix absolute positioning in HTML messages (#1488819) - Fix keybord events on messages list in opera browser (#1488823) - Fix cache (in)validation after setting \Deleted flag - Fix selection of collapsed thread rows (#1488772) - Fix wrapping of quoted text with format=flowed (#1488177)
Revision 1.27 / (download) - annotate - [select for diffs], Wed Dec 5 15:38:01 2012 UTC (11 years ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2012Q4-base
Branch point for: pkgsrc-2012Q4
Changes since 1.26: +5 -6
lines
Diff to previous 1.26 (colored)
Update roundcube to 0.8.4. A little improvement to MESSAGE about upgrading. CHANGELOG Roundcube Webmail =========================== - Fix XSS vulnerability in handling of text/enriched messages (#1488806) - Fix handling of 'media' attribute on linked css (#1488789) - Fix regression where unintentional page reload was done after request abort (#1488802) - Fix excessive LFs at the end of composed message with top_posting=true (#1488797) - Fix bug where leading blanks were stripped from quoted lines (#1488795) RELEASE 0.8.3 ------------- - Fix AREA links handling (#1488792) - Fix possible HTTP DoS on error in keep-alive requests (#1488782) - Fix compatybility with MDB2 2.5.0b4 (#1488779) - Fix a bug where saving a message in INBOX wasn't possible - Fix HTML part detection in messages with attachments (#1488769) - Fix bug where wrong words were highlighted on spell-before-send check - Fix scrolling quirk in email preview frame using Opera 12 (#1488763) - Fix displaying of multipart/alternative messages with empty parts (#1488750) - Fix Warning: htmlspecialchars(): charset `RCMAIL_CHARSET' not supported warning in Installer (#1488744) - Fix threaded list sorting on PHP < 5.2.9 (#1488748) RELEASE 0.8.2 ------------- - Fix XSS vulnerability from HTTP User-Agent header (#1488737) - Force fonts in compose fields to be all the same (#1488690) - Add full headers view in message preview window (#1488538) - Fix message display page issues (#1488590, #1488642) - Fix handling vCard entries with TEL;TYPE=CELL (#1488728) - Fix error where session wasn't updated after folder rename/delete (#1488692) - Fix PLAIN authentication for some IMAP servers (#1488674) - Fix encoding vCard file when contains PHOTO;ENCODING=b (#1488683) - Fix focus issue in IE when selecting message row (#1488620) - Fix displaying all headers when they contain malformed characters (#1488666) - Fix decoding of HTML messages with UTF-16 charset specified (#1488654) - Fix quota capability detection so it can be overwritten by a plugin (#1488655) - Fix identity selection on reply (#1488101) - Fix Larry's messages list filter in IE (#1488632) - Fix more IE issues by disabling Compat. mode with X-UA-Compatible meta tag (#1488626) - Fix setting locales under Solaris - use additional .UTF-8 suffix (#1488628) - Fix email address validation for addresses with IP address in domain part - Fix Larry skin issues in IE7 compat. mode (#1488618) - Fix so subscribed non-existing/non-accessible shared folder can be unsubscribed
Revision 1.25.2.1 / (download) - annotate - [select for diffs], Tue Oct 16 18:45:01 2012 UTC (11 years, 1 month ago) by tron
Branch: pkgsrc-2012Q3
Changes since 1.25: +2 -1
lines
Diff to previous 1.25 (colored) next main 1.26 (colored)
Pullup ticket #3948 - requested by taca mail/roundcube: security patch Revisions pulled up: - mail/roundcube/Makefile 1.47-1.48 - mail/roundcube/distinfo 1.26 - mail/roundcube/patches/patch-program_steps_utils_error.inc 1.1 --- Module Name: pkgsrc Committed By: asau Date: Mon Oct 8 12:19:35 UTC 2012 Modified Files: pkgsrc/mail/roundcube: Makefile Log Message: Drop PKG_DESTDIR_SUPPORT setting, "user-destdir" is default these days. --- Module Name: pkgsrc Committed By: taca Date: Mon Oct 15 03:33:23 UTC 2012 Modified Files: pkgsrc/mail/roundcube: Makefile distinfo Added Files: pkgsrc/mail/roundcube/patches: patch-program_steps_utils_error.inc Log Message: Add minimum fix for XSS with HTTP_USER_AGENT from the repository. Bump PKGREVISION.
Revision 1.26 / (download) - annotate - [select for diffs], Mon Oct 15 03:33:22 2012 UTC (11 years, 1 month ago) by taca
Branch: MAIN
Changes since 1.25: +2 -1
lines
Diff to previous 1.25 (colored)
Add minimum fix for XSS with HTTP_USER_AGENT from the repository. Bump PKGREVISION.
Revision 1.24.4.1 / (download) - annotate - [select for diffs], Tue Sep 4 20:30:25 2012 UTC (11 years, 3 months ago) by tron
Branch: pkgsrc-2012Q2
Changes since 1.24: +4 -4
lines
Diff to previous 1.24 (colored) next main 1.25 (colored)
Pullup ticket #3915 - requested by taca mail/roundcube: security update Revisions pulled up: - mail/roundcube/MESSAGE 1.7 - mail/roundcube/Makefile 1.44-1.46 - mail/roundcube/PLIST 1.24 - mail/roundcube/distinfo 1.25 --- Module Name: pkgsrc Committed By: fhajny Date: Wed Jul 25 11:24:21 UTC 2012 Modified Files: pkgsrc/mail/roundcube: Makefile Log Message: Make package more portable by pre-creating destination for pax --- Module Name: pkgsrc Committed By: taca Date: Sun Aug 12 16:19:41 UTC 2012 Modified Files: pkgsrc/mail/roundcube: MESSAGE Makefile Log Message: Some tweak in MESSAGE. * Note UPGRADING document which describes update process. * Remove note for older package. Bump PKGREVISION. --- Module Name: pkgsrc Committed By: taca Date: Tue Aug 21 15:26:32 UTC 2012 Modified Files: pkgsrc/mail/roundcube: Makefile PLIST distinfo Log Message: Update roundcube to 0.8.1. Fixes two XSS issue. Here is quote from changelog of 0.8.1, please refer CHAGNGELOG file for full changes from 0.7.2. - Fix bug where domain name was converted to lower-case even with login_lc=false (#1488593) - Fix lower-casing email address on replies (#1488598) - Fix line separator in exported messages (#1488603) - Fix XSS issue where plain signatures wasn't secured in HTML mode (#1488613) - Fix XSS issue where href="javascript:" wasn't secured (#1488613) - Fix impossible to create message with empty plain text part (#1488610) - Fix stripped apostrophes when replying in plain text to HTML message (#1488606) - Fix inactive Save search option after advanced search (#1488607) - Fix Remove from group option is active for contact search result (#1488608) - Disable autocapitalization in login form on iPad/iPhone (#1488609) - Fix focus on the list when list row is clicked (#1488600) - Added separate From and To columns apart from smart From/To column (#1486891) - Fix fallback to Larry skin when configured skin isn't available (#1488591) - Fix (workaround) delete operations with some versions of memcache (#1488592) - Fix (disable) request validation for spell and spell_html actions
Revision 1.25 / (download) - annotate - [select for diffs], Tue Aug 21 15:26:31 2012 UTC (11 years, 3 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2012Q3-base
Branch point for: pkgsrc-2012Q3
Changes since 1.24: +4 -4
lines
Diff to previous 1.24 (colored)
Update roundcube to 0.8.1. Fixes two XSS issue. Here is quote from changelog of 0.8.1, please refer CHAGNGELOG file for full changes from 0.7.2. - Fix bug where domain name was converted to lower-case even with login_lc=false (#1488593) - Fix lower-casing email address on replies (#1488598) - Fix line separator in exported messages (#1488603) - Fix XSS issue where plain signatures wasn't secured in HTML mode (#1488613) - Fix XSS issue where href="javascript:" wasn't secured (#1488613) - Fix impossible to create message with empty plain text part (#1488610) - Fix stripped apostrophes when replying in plain text to HTML message (#1488606) - Fix inactive Save search option after advanced search (#1488607) - Fix Remove from group option is active for contact search result (#1488608) - Disable autocapitalization in login form on iPad/iPhone (#1488609) - Fix focus on the list when list row is clicked (#1488600) - Added separate From and To columns apart from smart From/To column (#1486891) - Fix fallback to Larry skin when configured skin isn't available (#1488591) - Fix (workaround) delete operations with some versions of memcache (#1488592) - Fix (disable) request validation for spell and spell_html actions
Revision 1.24 / (download) - annotate - [select for diffs], Mon Mar 12 15:38:05 2012 UTC (11 years, 9 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2012Q2-base,
pkgsrc-2012Q1-base,
pkgsrc-2012Q1
Branch point for: pkgsrc-2012Q2
Changes since 1.23: +4 -4
lines
Diff to previous 1.23 (colored)
Update roundcube package to 0.7.2. - Fix handling of % character in IMAP protocol (#1488382) - Fix duplicate names handling in addressbook searches (#1488375) - Fix displaying of HTML messages from Disqus (#1488372) - Disable E_STRICT warnings on PHP 5.4 - Prevent from folder selection on virtual folder collapsing (#1488346) - Fix automatic unsubscribe of non-existent folders - Fix double-quotes handling in recipient names - User configurable setting how to display contact names in list - Make contacts list sorting configurable for the admin/user - Fix parse errors in DDL files for MS SQL Server - Revert SORT=DISPLAY support, removed by mistake (#1488327) - Add lost translation label in de_DE (#1488315) - Fix drafts update issues when edited from preview pane (#1488314) - Fix wrong variable name in rcube_ldap.php (#1488302) - Make mime type detection based on filename extension to be case-insensitive - Fix failure on MySQL database upgrade from 0.7 - text column can't have default value (#1488300)
Revision 1.23 / (download) - annotate - [select for diffs], Sat Jan 14 15:36:24 2012 UTC (11 years, 10 months ago) by taca
Branch: MAIN
Changes since 1.22: +8 -8
lines
Diff to previous 1.22 (colored)
Update roundcube package to 0.7.1. * Handle config file of plugins, too. * Roundcube use GNU GPL3 now. * take maintainer ship. Detail changes are too may, please refer CHANGELOG file (http://trac.roundcube.net/browser/tags/roundcubemail/v0.7.1/CHANGELOG) and old changes (http://lists.roundcube.net/mail-archive/announce/2011-08/0000002.html).
Revision 1.21.2.1 / (download) - annotate - [select for diffs], Tue Aug 23 18:18:52 2011 UTC (12 years, 3 months ago) by tron
Branch: pkgsrc-2011Q2
Changes since 1.21: +4 -4
lines
Diff to previous 1.21 (colored) next main 1.22 (colored)
Pullup ticket #3511 - requested by pettai mail/roundcube: security update Revisions pulled up: - mail/roundcube/Makefile 1.35 - mail/roundcube/distinfo 1.22 --- Module Name: pkgsrc Committed By: adam Date: Wed Aug 17 08:31:36 UTC 2011 Modified Files: pkgsrc/mail/roundcube: Makefile distinfo Log Message: Changes 0.5.4: * Fixes XSS vulnerability
Revision 1.22 / (download) - annotate - [select for diffs], Wed Aug 17 08:31:36 2011 UTC (12 years, 3 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2011Q4-base,
pkgsrc-2011Q4,
pkgsrc-2011Q3-base,
pkgsrc-2011Q3
Changes since 1.21: +4 -4
lines
Diff to previous 1.21 (colored)
Changes 0.5.4: * Fixes XSS vulnerability
Revision 1.21 / (download) - annotate - [select for diffs], Fri Jun 3 07:21:01 2011 UTC (12 years, 6 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2011Q2-base
Branch point for: pkgsrc-2011Q2
Changes since 1.20: +4 -4
lines
Diff to previous 1.20 (colored)
Changes 0.5.3: This bugfix release fixes two important bugs in the IMAP communication which prevented sent messages from being saved in version 0.5.2.
Revision 1.20 / (download) - annotate - [select for diffs], Tue Apr 26 13:47:33 2011 UTC (12 years, 7 months ago) by adam
Branch: MAIN
Changes since 1.19: +4 -4
lines
Diff to previous 1.19 (colored)
Changes 0.5.2: * TinyMCE 3.4.2 now compatible with IE9 * PEAR::Net_SMTP 1.5.2, fixed timeout issue * Fix bug where template name without plugin prefix was used in render_page hook * Support 'abort' and 'result' response in 'preferences_save' hook, add error handling * Fix bug where some content would cause hang on html2text conversion * Improve space-stuffing handling in format=flowed messages * Fix bug where some dates would produce SQL error in MySQL * Added workaround for some IMAP server with broken STATUS response * Fix bug where default_charset was not used for text messages * Stateless request tokens. No keep-alive necessary on login page * Force names of unique constraints in PostgreSQL DDL * Add code for prevention from IMAP connection hangs when server closes socket unexpectedly * Remove redundant DELETE query (for old session deletion) on login * Get around unreliable rand() and mt_rand() in session ID generation * Fix some emails are not shown using Cyrus IMAP * Fix handling of mime-encoded words with non-integral number of octets in a word * Fix parsing links with non-printable characters inside * Fixed de_CH/de_DE localization bugs * Add variable for 'Today' label in date_today option * Applied plugin changes since 0.5-stable release * Fix SQL query in rcube_user::query() so it uses index on MySQL again * Use only one from IMAP authentication methods to prevent login delays * Fix strftime format support in date_today option * Removed redundant </form> tags from contact add/edit pages * Fix CSS error in contact details screen on IE7
Revision 1.19 / (download) - annotate - [select for diffs], Fri Feb 11 14:37:08 2011 UTC (12 years, 10 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2011Q1-base,
pkgsrc-2011Q1
Changes since 1.18: +4 -4
lines
Diff to previous 1.18 (colored)
Changes 0.5.1: This update release fixes some bugs discovered with the 0.5 stable version and also improves security by preventing some possible CSRF attacks. IDNA support has now been improved and some visual glitches in IE and Safari have been resolved.
Revision 1.18 / (download) - annotate - [select for diffs], Thu Jan 13 12:19:19 2011 UTC (12 years, 11 months ago) by adam
Branch: MAIN
Changes since 1.17: +5 -5
lines
Diff to previous 1.17 (colored)
Changes 0.5: - Fix double-login/session issue - Wrap HTML parts with <html><body> and add Doctype declaration - Make rcube_autoload silently skip unknown classes - Fix charset detection in vcards with encoded values - Better CSS cursors for splitters - Show the same message only once - Fix namespaces handling - Add handling of multifolder METADATA/ANNOTATION responses - Fix handling of INBOX when personal namespace prefix is non-empty - Fix handling square brackets in links - Add description of 'use_https' option in main.inc.php.dist file
Revision 1.17 / (download) - annotate - [select for diffs], Wed Oct 6 21:40:35 2010 UTC (13 years, 2 months ago) by pettai
Branch: MAIN
CVS Tags: pkgsrc-2010Q4-base,
pkgsrc-2010Q4,
pkgsrc-2010Q3-base,
pkgsrc-2010Q3
Changes since 1.16: +4 -4
lines
Diff to previous 1.16 (colored)
RELEASE 0.4.2 ------------- - Fix handling of backslash as IMAP delimiter - Fix charset replacement in HTML message bodies (#1487021) - Fix: contact group input is empty when using rename action more than once on t he same group record - Fix "Server Error! (Not Found)" when using utils/save-pref action (#1487023) - Fix handling of Thunderbird's vCards (#1487024) Oked by wiz@
Revision 1.16 / (download) - annotate - [select for diffs], Sun Oct 3 22:13:38 2010 UTC (13 years, 2 months ago) by pettai
Branch: MAIN
Changes since 1.15: +5 -5
lines
Diff to previous 1.15 (colored)
RELEASE 0.4.1 ------------- - Fix space-stuffing in format=flowed messages (#1487018) - Fix msgexport.sh now using the new imap wrapper - Avoid displaying password on shell (#1486947) - Only lower-case user name if first login attempt failed (#1486393) - Make alias setting in squirrelmail_usercopy plugin configurable (patch by pomm i, #1487007) - Prevent from saving a non-existing skin path in user prefs (#1486936) - Improve handling of single-part messages with bogus BODYSTRUCTURE (#1486898) - Fix path to SQL files when using pgsql/mysqli/sqlsrv drivers (#1486902) - Fix upgrade script for SQLite (#1486903) - Fixes in SQL init script + added update script for MSSQL database - Remove redundant date in syslog messages (#1486945) - Fix contacts list page controls when a group is selected (#1486946) - Fix SMTP test in Installer (#1486952) - Fix "Select all" causes message to be opened in folder with exactly one messag e (#1486913) - Fix Tab key doesn't work in HTML editor in Google Chrome (#1486925) - Fix TinyMCE uses zh_CN when zh_TW locale is set (#1486929) - Fix TinyMCE buttons are hidden in Opera (#1486922) - Fix JS error on IE when trying to send HTML message with enabled spellchecker (#1486940) - Display inline images with known extensions and non-image content-type (#14869 34) - Fix "Threaded" checkbox after subfolder creation (#1486928) - Fix timezone string in sent mail (#1486961) - Show disabled checkboxes for protected folders instead of dots (#1485498) - Added fieldsets in Identity form, added 'identity_form' hook - Re-added 'Close' button in upload form (#1486930, #1486823) - Fix handling of charsets with LATIN-* label - Fix messages background image handling in some cases (#1486990) - Fix format=flowed handling (#1486989) - Fix when IMAP connection fails in 'get' action session shouldn't be destroyed (#1486995) - Fix list_cols is not updated after column dragging (#1486999) - Support %z variable in host configuration options (#1487003) Oked by wiz@
Revision 1.15 / (download) - annotate - [select for diffs], Thu Sep 23 23:54:40 2010 UTC (13 years, 2 months ago) by pettai
Branch: MAIN
Changes since 1.14: +7 -7
lines
Diff to previous 1.14 (colored)
RELEASE 0.4-stable ------------------ - Fix disapearing upload form disapears when user selects a file on Safari (#148 6823) - Don't replace error messages with loading info (#1486300) - Fix JS errors on compose mode switch (#1486870) - Fix message structure parsing when it lacks optional fields (#1486881) - Include all recipients in sendmail log - Support HTTP_X_FORWARDED_PROTO header for HTTPS detecting (#1486866) - Fix default IMAP port configuration (#1486864) - Create Sent folder when starting to compose a new message (#1486802) - Fix handling of messages with Content-Type: application/* and no filename (#14 84050) - Improved compose screen: resizable body and attachments list, vertical splitte r, options menu - Fix RC forgets search results (#1483883) - TinyMCE 3.3.7 - Improve parsing of styled empty tags in HTML messages (#1486812) - Add %dc variable support in base_dn/bind_dn config (#1486779) - Add button to hide/unhide the preview pane (#1484215) - Fix no-cache headers on https to prevent content caching by proxies (#1486798) - Fix attachment filenames broken with TNEF decoder using long filenames (#14867 95) - Use user's timezone in Date header, not server's timezone (#1486119) - Add option to set separate footer for HTML messages (#1486660) - Add real SMTP error description to displayed error messages (#1485927) - Fix some IMAP errors handling when opening the message (#1485443) - Fix related parts aren't displayed when got mimetype other than image/* (#1486 432) - Multiple identity and database support for squirrelmail_usercopy plugin (#1486 517) - Support dynamic hostname (%d/%n) variables in configuration options (#1485438) - Add 'messages_list' hook (#1486266) - Add request* event triggers in http_post/http_request (#1486054) - Fix use RFC-compliant line-delimiter when saving messages on IMAP (#1486712) - Add 'imap_timeout' option (#1486760) - Fix forwarding of messages with winmail attachments - Fix handling of uuencoded attachments in message body (#1485839) - Added list_mailboxes hook in rcube_imap::list_unsubscribed() (#1486668) - Fix wrong message on file upload error (#1486725) - Add support for data URI scheme [RFC2397] (#1486740) - Added 'actionbefore', 'actionafter', 'responsebefore', 'responseafter' events - Fix double-addition of e-mail domain to content ID in HTML images - Read and send messages with format=flowed (#1484370), fixes word wrapping issu es (#1486543) - Fix duplicated attachments when forwarding a message (#1486487) - Fix message/rfc822 attachments containing only attachments are not parsed prop erly (#1486743) - Fix %00 character in winmail.dat attachments names (#1486738) - Fix handling errors of folder deletion (#1486705) - Parse untagged CAPABILITY response for LOGIN command (#1486742) - Renamed all php-cli scripts to use .sh extension - Some files from /bin + spellchecking actions moved to the new 'utils' task - Added thread tree icons - Extend contact groups support (#1486682) - Fix check-recent action issues and performance (#1486526) - Fix messages order after checking for recent (#1484664) - Fix autocomplete shows entries without email (#1486452) - Fix listupdate event doesn't trigger on search response (#1486708) - Fix select_all_mode value after selecting a message (#1486720) - Set focus to editor on reply in HTML mode (#1486632) - Fix composing in HTML jumps cursor to body instead of recipients (#1486674) - Allow columns order change per user - drag&drop (#1485795) - Add References header in read receipt (#1486681) - Fix database constraint violation when opening a message (#1486696) - Add 'loading' message while login is in progress (#1486667) - Fix quota_zero_as_unlimited (#1486662) - Fix folder subscription checking (#1486684) - Fix INBOX appears (sometimes) twice in mailbox list (#1486672) - Fix listing of attachments of some types e.g. "x-epoc/x-sisx-app" (#1486653) - Fix DB Schema checking when some db_table_* options are not set (#1486654) RELEASE 0.4-beta ---------------- - Add sizelimit and timelimit variables in LDAP config (#1486544) - Hide IMAP host dropdown when single host is defined (#1486326) - Add images pre-loading on login page (#1451160) - Add HTTP_X_REAL_IP and HTTP_X_FORWARDED_FOR to successful logins log (#1486441 ) - Fix setting spellcheck languages with extended codes (#1486605) - Fix messages list scrolling in FF3.6 (#1486472) - Fix quicksearch input focus (#1486637) - Always set changed date when flagging a DB record as deleted + provide a clean up script - Fix address book/group selection (#1486619) - Assign newly created contacts to the active group (#1486626) - Added option not to mark messages as read when viewed in preview pane (#148501 2) - Allow plugins modify the Sent folder when composing (#1486548) - Added optional (max_recipients) support to restrict total number of recipients per message (#1484542) - Re-organize editor buttons, add blockquote and search buttons - Make possible to write inside or after a quoted html message (#1485476) - Fix bugs on unexpected IMAP connection close (#1486190, #1486270) - Iloha's imap.inc rewritten into rcube_imap_generic class - Added contact groups in address book (not finished yet) - Added PageUp/PageDown/Home/End keys support on lists (#1486430) - Added possibility to select all messages in a folder (#1484756) - Added 'imap_force_caps' option for after-login CAPABILITY checking (#1485750) - Password: Support dovecotpw encryption - TinyMCE 3.3.1 - Implemented messages copying using drag&drop + SHIFT (#1484086) - Improved performance of folders operations (#1486525) - Fix blocked.gif attachment is not attached to the message (#1486516) - Managesieve: import from Horde-INGO - Managesieve: support for more than one match (#1486078) - Managesieve: support for selectively disabling rules within a single sieve scr ipt (#1485882) - Threaded message listing now available - Added sorting by ARRIVAL and CC - Message list columns configurable by the user - Removed 'index_sort' option, now we're using empty 'message_sort_col' for this - virtuser_query: support other identity data (#1486148) - Options virtuser_* replaced with virtuser_* plugins - Plugin API: Implemented 'email2user' and 'user2email' hooks - Fix forwarding message omits CC header (#1486305) - Add 'default_charset' option to user preferences (#1485451) - Add 'delete_always' option to user preferences - Support/Require tls:// prefix in 'smtp_server' option for TLS connections - Fix inconsistent behaviour of 'delete_always' option (#1486299) - Fix deleting all messages from last list page (#1486293) - Flag original messages when sending a draft (#1486203) - Changed signature separator when top-posting (#1486330) - Let the admin define defaults for search modifiers (#1485897) - Fix long e-mail addresses validation (#1486453) - Remember search modifiers in user prefs (#1486146) - Added force_7bit option to force MIME encoding of plain/text messages (#148651 0) - Use case sensitive check when checking for default folders (#1486346) - Fix checking for new mail: now checks unseen count of inbox (#1485794) - Improve performance by avoiding unnecessary updates to the session table (#148 6325) - Fix invalid <font> tags which cause HTML message rendering problems (#1486521) - Fix CVE-2010-0464: Disable DNS prefetching (#1486449) - Fix Received headers to behave better with SpamAssassin (#1486513) - Password: Make passwords encoding consistent with core, add 'password_charset' global option (#1486473) - Fix adding contacts SQL error on mysql (#1486459) - Squirrelmail_usercopy: support reply-to field (#1486506) - Fix IE spellcheck suggestion popup issue (#1486471) - Fix email address auto-completion shows regexp pattern (#1486258) - Fix merging of configuration parameters: user prefs always survive (#1486368) - Fix quota indicator value after folder purge/expunge (#1486488) - Fix external mailto links support for use as protocol handler (#1486037) - Fix attachment excessive memory use, support messages of any size (#1484660) - Fix setting task name according to auth state - Password: fix vpopmaild driver (#1486478) - Add workaround for MySQL bug [http://bugs.mysql.com/bug.php?id=46293] (#148647 4) - Fix quoted text wrapping when replying to an HTML email in plain text (#148414 1) - Fix handling of extended mailto links (with params) (#1486354) - Fix sorting by date of messages without date header on servers without SORT (# 1486286) - Fix inconsistency when not using default table names (#1486467) - Fix folder rename/delete buttons do not appear on creation of first folder (#1 486468) - Fix character set conversion fails on systems where iconv doesn't accept //IGN ORE (#1486375) - Log in performance: Create default folders on first login only - Import contacts into the selected address book (by Phil Weir) - Add support for MDB2's 'sqlsrv' driver (#1486395) - Use jQuery-1.4 - Removed problematic browser-caching of messages - Fix incompatybility with suhosin.executor.disable_emodifier (#1486321) - Use PLAIN auth when CRAM fails and imap_auth_type='check' (#1486371) - Fix removal of <title> tag from HTML messages (#1486432) - Fix 'force_https' to specified port when URL contains a port number (#1486411) - Fix to-text converting of HTML entities inside b/strong/th/hX tags (#1486422) - Bug in spellchecker suggestions when server charset != UTF8 (#1486406) - Managesieve: Fix requires generation for multiple actions (#1486397) - Fix LDAP problem with special characters in RDN (#1486320) - Improved handling of message parts of type message/rfc822 - Plugin API: added 'quota' hook - Fix parsing conditional comments in HTML messages (#1486350) - Use built-in json_encode() for proper JSON format in AJAX replies - Allow setting only selected params in 'message_compose' hook (#1486312) - Plugin API: added 'message_compose_body' hook (#1486285) - Fix counters of all folders are checked in 'getunread' action with check_all_ folders disabled (#1486128) - Fix displaying alternative parts in messages of type message/rfc822 (#1486246) - Fix possible messages exposure when using Roundcube behind a proxy (#1486281) - Fix unicode para and line separators in javascript response (#1486310) - Additional_message_headers: allow unsetting headers, support plugin's config f ile (#1486268) - Fix displaying of hidden directories in skins list (#1486301) - Fix open_basedir restriction error when reading skins list (#1486304) - Fix pasting from Office apps into html editor (#1486271) - Fix empty <a> tags parsing (#1486272) - Don't cut off attachment names when using non-RFC2231 encoding (#1485515) - Allow inserting signatures above replied message body (#1484272) - Managesieve 2.0: multi-script support - Fix imap_auth_type regression (#1486263) (ok schmonz, take over maintainer)
Revision 1.14 / (download) - annotate - [select for diffs], Mon Nov 23 09:37:46 2009 UTC (14 years ago) by ghen
Branch: MAIN
CVS Tags: pkgsrc-2010Q2-base,
pkgsrc-2010Q2,
pkgsrc-2010Q1-base,
pkgsrc-2010Q1,
pkgsrc-2009Q4-base,
pkgsrc-2009Q4
Changes since 1.13: +5 -5
lines
Diff to previous 1.13 (colored)
Update to Roundcube 0.3.1 (ok schmonz). Changes since 0.3-stable: * Specify toolbar container in compose template (#1486247) * Fix $_SERVER['HTTPS'] check for SSL forcing on IIS (#1486243) * Avoid unnecessary page loads for selected tab (#1486032) * Fix quota indicator issues by content generation on client-size (#1486197, #1486220) * Don't display disabled sections in Settings (#1486099) * Added server-side e-mail address validation with 'email_dns_check' option (#1485857) * Fix login page loading into an iframe when session expires (#1485952) * Allow setting port number in 'force_https' option (#1486091) * Option 'force_https' replaced by 'force_https' plugin * Fix IE issue with non-UTF-8 characters in AJAX response (#1486159) * Partially fixed "empty body" issue by showing raw body of malformed message (#1486166) * Fix importing/sending to email address with whitespace (#1486214) * Added XIMSS (CommuniGate) driver for Password plugin * Fix newly attached files are not saved in drafts w/o editing any text (#1486202) * Added attachment upload indicator with parallel upload (#1486058) * Use default_charset for bodies of messages without charset definition (#1486187) * Password: added cPanel driver * Fix return to first page from e-mail screen (#1486105) * Fix handling HTML comments in HTML messages (#1486189) * Fix folder/messagelist controls alignment - icons used (#1486072) * Fix LDAP addressbook shows 'Contact not found' error sometimes (#1486178) * Fix cache status checking + improve cache operations performance (#1486104) * Prevent from setting INBOX as any of special folders (#1486114) * Fix regular expression for e-mail address (#1486152) * Fix Received header format * Implemented sorting by message index - added 'index_sort' option (#1485936) * Fix dl() use in installer (#1486150) * Added 'ldap_debug' option * Fix "Empty startup greeting" bug (#1486085) * Fix setting user name in 'new_user_identity' plugin (#1486137) * Fix incorrect count of new messages in folder list when using multiple IMAP clients (#1485995) * Fix all folders checking for new messages with disabled caching (#1486128) * Support skins in 'archive' and 'markasjunk' plugins * Added 'html_editor' hook (#1486068) * Fix DB constraint violation when populating messages cache (#1486052) * Password: added password strength options (#1486062) * Fix LDAP partial result warning (#1485536) * Fix delete in message view deletes permanently with flag_for_deletion=true (#1486101) * Use faster/secure mt_rand() (#1486094) * Fix roundcube hangs on empty inbox with bincimapd (#1486093) * Fix wrong headers for IE on servers without $_SERVERHTTPS? (#1485926) * Force IE style headers for attachments in non-HTTPS session, 'use_https' option (#1485655) * Check 'post_max_size' for upload max filesize (#1486089) * Password Plugin: Fix %d inserts username instead of domain (#1486088) * Fix rcube_mdb2::affected_rows() (#1486082)
Revision 1.13 / (download) - annotate - [select for diffs], Sun Sep 20 02:59:32 2009 UTC (14 years, 2 months ago) by schmonz
Branch: MAIN
CVS Tags: pkgsrc-2009Q3-base,
pkgsrc-2009Q3
Changes since 1.12: +5 -5
lines
Diff to previous 1.12 (colored)
Update to 0.3. From the changelog: - Fix gn and givenName should be synonymous in LDAP addressbook (#1485892) - Add mail_domain to LDAP email entries without @ sign (#1485201) - Fix saving empty values in LDAP contact data (#1485781) - Fix LDAP contact update when RDN field is changed (#1485788) - Fix LDAP attributes case senitivity problems (#1485830) - Fix LDAP addressbook browsing when only one directory is used (#1486022) - Fix endless loop on error response for APPEND command (#1486060) - Don't require date.timezone setting in installer (#1485989) - Fix date sorting problem with Courier IMAP server (#1486065) - Unselect pressed buttons on mouse up (#1485987) - Don't set php_value error_log in .htaccess but mention in INSTALL (#1485924) - Fix too small status/flag/attachment columns in Safari 4 (#1486063) - Fix selection disabling while dragging splitter in webkit browsers (#1486056) - Added 'new_messages' plugin hook (#1486005) - Added 'logout_after' plugin hook (#1486042) - Added 'message_compose' hook - Added 'imap_connect' hook (#1485956) - Fix vcard_attachments plugin (#1486035) - Updated PEAR::Auth_SASL to 1.0.3 version - Use sequence names only with PostgreSQL (#1486018) - Re-designed User Preferences interface - Fix MS SQL DDL (#1486020) - Fix rcube_mdb2.php: call to setCharset not implemented in mssql driver (#1486019) - Added 'display_next' option - Fix rcube_mdb2::unixtimestamp for MS SQL (#1486015) - Fix HTML washing to respect character encoding - Fix endless loop in iil_C_Login() with Courier IMAP (#1486010) - Fix #messagemenu display on IE (#1486006) - Speedup UI by using sprites for (toolbar) buttons - Fix charset names with X- prefix handling - Fix displaying of HTML messages with unknown/malformed tags (#1486003) From Fredrik Pettai in pkg/42099.
Revision 1.12 / (download) - annotate - [select for diffs], Sat Jul 25 01:19:16 2009 UTC (14 years, 4 months ago) by schmonz
Branch: MAIN
Changes since 1.11: +4 -4
lines
Diff to previous 1.11 (colored)
Update to 0.2.2. From the changelog:
- Fix quicksearchbox look in Chrome and Konqueror (#1484841)
- Fix UTF-8 byte-order mark removing (#1485514)
- Fix folders subscribtions on Konqueror (#1484841)
- Fix debug console on Konqueror and Safari
- Fix messagelist focus issue when modifying status of selected
messages (#1485807)
- Support STARTTLS in IMAP connection (#1485284)
- Fix DEL key problem in search boxes (#1485528)
- Support several e-mail addresses per user from virtuser_file (#1485678)
- Fix drag&drop with scrolling on IE (#1485786)
- Fix adding signature separator in html mode (#1485350)
- Fix opening attachment marks message as read (#1485803)
- Fix 'temp_dir' does not support relative path under Windows (#1484529)
- Fix "Initialize Database" button missing from installer (#1485802)
- Fix compose window doesn't fit 1024x768 window (#1485396)
- Fix service not available error when pressing back from compose
dialog (#1485552)
- Fix using mail() on Windows (#1485779)
- Fix word wrapping in message-part's <PRE>s for printing (#1485787)
- Fix incorrect word wrapping in outgoing plaintext multibyte
messages (#1485714)
- Fix double footer in HTML message with embedded images
- Fix TNEF implementation bug (#1485773)
- Fix incorrect row id parsing for LDAP contacts list (#1485784)
- Fix 'mode' parameter in sqlite DSN (#1485772)
From Fredrik Pettai in PR pkg/41778 (and private mail that once
again got lost in the shuffle, sorry).
Revision 1.11 / (download) - annotate - [select for diffs], Wed Mar 11 12:55:10 2009 UTC (14 years, 9 months ago) by abs
Branch: MAIN
CVS Tags: pkgsrc-2009Q2-base,
pkgsrc-2009Q2,
pkgsrc-2009Q1-base,
pkgsrc-2009Q1
Changes since 1.10: +4 -4
lines
Diff to previous 1.10 (colored)
Updated mail/roundcube to 0.2.1 pkgsrc changes - add PKG_DESTDIR_SUPPORT= user-destdir distribution changes: - Use US-ASCII as failover when Unicode searching fails (#1485762) - Fix errors handling in IMAP command continuations (#1485762) - Fix FETCH result parsing for servers returning flags at the end of result (#1485763) - Fix datetime columns defaults in mysql's DDL (#1485641) - Fix attaching more than nine inline images (#1485759) - Support 'UNICODE-1-1-UTF-7' alias for UTF-7 encoding (#1485758) - Fix mime-type detection using a hard-coded map (#1485311) - Don't return empty string if charset conversion failed (#1485757) - Disable concurrent autocomplete query results display (#1485743) - Fix new lines stripped from message footer (#1485751) - Fix IE problem with mouse click autocomplete (#1485739) - Fix html body washing on reply/forward + fix attachments handling (#1485676) - Fix multiple recipients input parsing (#1485733) - Fix replying to message with html attachment (#1485676) - Use default_charset for messages without specified charset (#1485661, #1484961) - Support non-standard "GMT-XXXX" literal in date header (#1485729) - Added TNEF support to decode MS Outlook attachments (winmail.dat) - Fix "value continuation" MIME headers by adding required semicolon (#1485727) - Fix pressing select all/unread multiple times (#1485723) - Fix selecting all unread does not honor new messages (#1485724) - Fix some base64 encoded attachments handling (#1485725) - Support NGINX as IMAP backend: better BAD response handling (#1485720) - Performance fix: don't fetch attachment parts headers twice to parse filename - Fix checking for recent messages on various IMAP servers (#1485702) - Performance fix: Don't fetch quota and recent messages in "message view" mode - Fix displaying of alternative-inside-alternative messages (#1485713) - Fix MDNSent flag checking, use arbitrary keywords (asterisk) flag (#1485706) - Fix creation of folders with '&' sign in name - Fix parsing of email addresses without angle brackets (#1485693) - Save spellcheck corrections when switching from plain to html editor (and spellchecking is on) - Fix large search results on server without SORT capability (#1485668) - Get rid of preg_replace() with eval modifier and create_function usage (#1485686) - Bring back <base> and <link> tags in HTML messages - Fix XSS vulnerability through background attributes as reported by Julien Cayssol - Fix problems with backslash as IMAP hierarchy delimiter (#1484467) - Secure vcard export by getting rid of preg's 'e' modifier use (#1485689) - Fix authentication when submitting form with existing session (#1485679) - Allow absolute URLs to images in HTML messages/sigs (#1485666) - Fix message body which contains both inline attachments and emotions - Fix SQL query execution errors handling in rcube_mdb2 class (#1485509) - Fix address names with '@' sign handling (#1485654) - Improve messages display performance - Fix messages searching with 'to:' modifier
Revision 1.10 / (download) - annotate - [select for diffs], Mon Jan 19 20:15:49 2009 UTC (14 years, 10 months ago) by abs
Branch: MAIN
Changes since 1.9: +6 -6
lines
Diff to previous 1.9 (colored)
Updated mail/roundcube to 0.2stable - Fix mark popup in IE 7 (#1485369) - Fix line-break issue when copy & paste in Firefox (#1485425) - Fix autocomplete "unknown server error" (#1485637) - Fix STARTTLS before AUTH in SMTP connection (#1484883) - Support multiple quota values in QUOTAROOT resonse (#1485626) - Only abbreviate file name for IE < 7 browsers (#1485063) - Performance: allow setting imap rootdir and delimiter before connect (#1485172) - Fix sorting of folders with more than 2 levels (#1485569) - Fix search results page jumps in LDAP addressbook (#1485253) - Fix empty line before the signature in IE (#1485351) - Fix horizontal scrollbar in preview pane on IE (#1484633) - Add Robots meta tag in login page and installer (#1484846) - Added 'show_images' option, removed 'addrbook_show_images' (#1485597) - Option to check for new mails in all folders (#1484374) - Don't set client busy when checking for new messages (#1485276) - Allow UTF-8 folder names in config (#1485579) - Add junk_mbox option configuration in installer (#1485579) - Do serverside addressbook queries for autocompletion (#1485531) - Allow setting attachment col position in 'list_cols' option - Allow override 'list_cols' via skin (#1485577) - Fix 'cache' table cleanup on session destroy (#1485516) - Increase speed of session destroy and garbage clean up - Fix session timeout when DB server got clock skew (#1485490) - Fix handling of some malformed messages (#1484438) - Speed up raw message body handling - Better HTML entities conversion in html2text (#1485519) - Fix big memory consumption and speed up searching on servers without SORT capability - Fix setting locale to tr_TR, ku and az_AZ (#1485470) - Use SORT for searching on servers with SORT capability - Added message status filter - Fix empty file sending (#1485389) - Improved searching with many criterias (calling one SEARCH command) - Fix HTML editor initialization on IE (#1485304) - Add warning when switching editor mode from html to plain (#1485488) - Make identities list scrollable (#1485538) - Fix problem with numeric folder names (#1485527) - Added BYE response simple support to prevent from endless loops in imap.inc (#1483956) - Fix unread message unintentionally marked as read if read_when_deleted=true (#1485409) - Remove port number from SERVER_NAME in smtp_helo_host (#1485518) - Don't send disposition notification receipts for messages marked as 'read' (#1485523) - Added 'keep_alive' and 'min_keep_alive' options (#1485360) - Added option 'identities_level', removed 'multiple_identities' - Allow deleting identities when multiple_identities=false (#1485435) - Added option focus_on_new_message (#1485374) - Fix html2text class autoloading on Windows (#1485505) - Fix html signature formatting when identity save error occured (#1485426) - Add feedback and set busy when moving folder (#1485497) - Fix 'Empty' link visibility for some languages e.g. Slovak (#1485489) - Fix messages count bar overlapping (#1485270) - Fix adding signature in drafts compose mode (#1485484) - Fix iil_C_Sort() to support very long and/or divided responses (#1485283) - Fix matching case sensitivity when setting identity on reply (#1485480) - Prefer default identity on reply - Fix imap searching on ISMail server (#1485466) - Add css class for flagged messages (#1485464) - Write username instead of id in sendmail log (#1485477) - Fix htmlspecialchars() use for PHP version < 5.2.3 (#1485475) - Fix js keywords escaping in json_serialize() for IE/Opera (#1485472) - Added bin/killcache.php script (#1485434) - Add support for SJIS, GB2312, BIG5 in rc_detect_encoding() - Fix vCard file encoding detection for non-UTF-8 strings (#1485410) - Add 'skip_deleted' option in User Preferences (#1485445) - Minimize "inline" javascript scripts use (#1485433) - Fix css class setting for folders with names matching defined classes names (#1485355) - Fix race conditions when changing mailbox - Fix spellchecking when switching to html editor (#1485362) - Fix compose window width/height (#1485396) - Allow calling msgimport.sh/msgexport.sh from any directory (#1485431) - Localized filesize units (#1485340) - Better handling of "no identity" and "no email in identity" situations (#1485117) - Added 'mime_param_folding' option with possibility to choose long/non-ascii attachment names encoding eg. to be readable in MS Outlook/OE (#1485320) - Added "advanced options" feature in User Preferences - Fix unread counter when displaying cached massage in preview panel (#1485290) - Fix htmleditor spellchecking on MS Windows (#1485397) - Fix problem with non-ascii attachment names in Mail_mime (#1485267, #1485096) - Fix language autodetection (#1485401) - Fix button label in folders management (#1485405) - Fix collapsed folder not indicating unread msgs count of all subfolders (#1485403) - Fix handling of apostrophes in filenames decoded according to rfc2231
Revision 1.9 / (download) - annotate - [select for diffs], Tue Dec 23 23:26:38 2008 UTC (14 years, 11 months ago) by ahoka
Branch: MAIN
CVS Tags: pkgsrc-2008Q4-base,
pkgsrc-2008Q4
Changes since 1.8: +4 -4
lines
Diff to previous 1.8 (colored)
Update to version 2.0beta2. This update fixes a serious security flaw, which can lead to arbitrary command execution on the server running roundcube. I could not find a formal changelog, but here's what the website writes: There were two security issues reported which are now fixed. The first was as possible code injection using the html2text conversion script. The other exploit used the unchecked size parameters of the quota image to let PHP create huge images eating up all the server memory.
Revision 1.8 / (download) - annotate - [select for diffs], Thu Oct 2 15:47:15 2008 UTC (15 years, 2 months ago) by schmonz
Branch: MAIN
CVS Tags: pkgsrc-2008Q3-base,
pkgsrc-2008Q3
Changes since 1.7: +8 -12
lines
Diff to previous 1.7 (colored)
Update to 0.2beta (from 0.2alpha), and take MAINTAINER. From the changelog:
- Made config files location configurable (#1485215)
- Reduced memory footprint when forwarding attachments (#1485345)
- Allow and use spellcheck attribute for input/textarea fields (#1485060)
- Added icons for forwarded/forwarded+replied messages (#1485257)
- Added Reply-To to forwarded emails (#1485315)
- Display progress message for folders create/delete/rename (#1485357)
- Smart Tags and NOBR tag support in html messages (#1485363, #1485327)
- Redesign of the identities settings (#1484042)
- Add config option to disable creation/deletion of identities (#1484498)
- Added 'sendmail_delay' option to restrict messages sending interval
(#1484491)
- Added vertical splitter for folders list resizing
- Added possibility to view all headers in message view
- Fixed splitter drag/resize on Opera (#1485170)
- Fixed quota img height/width setting from template (#1484857)
- Refactor drag & drop functionality. Don't rely on browser events
anymore (#1484453)
- Insert "virtual" folders in subscription list (#1484779)
- Added link to open message in new window
- Enable export of address book contacts as vCard
- Add feature to import contacts from vcard files (#1326103)
- Respect Content-Location headers in multipart/related messages
according to RFC2110 (#1484946)
- Allowed max. attachment size now indicated in compose screen (#1485030)
- Also capture backspace key in list mode (#1484566)
- Allow application/pgp parts to be displayed (#1484753)
- Correctly handle options in mailto-links (#1485228)
- Immediately save sort_col/sort_order in user prefs (#1485265)
- Truncate very long (above 50 characters) attachment filenames
when displaying
- Allow to auto-detect client language if none set (#1484434)
- Auto-detect the client timezone (user configurable)
- Add RFC2231 header value continuations support for attachment
filenames + hack for servers that not support that feature
- Fix Reply-To header displaying (#1485314)
- Mark form buttons that provide the most obvious operation (mainaction)
- Added option 'quota_zero_as_unlimited' (#1484604)
- Added PRE handling in html2text class (#1484740)
- Added folder hierarchy collapsing
- Added options to use syslog instead of log file (#1484850)
- Added Logging & Debugging section in Installer
- Fix In-Reply-To and References headers when composing saved draft
message (#1485288)
- Fix html message charset conversion for charsets with underline (#1485287)
- Fix buttons status after contacts deletion (#1485233)
- Fix escaping of To: and From: fields when building message body
for reply or forward in the HTML editor (#1484904)
- Use current mailbox name in template (#1485256)
- Better fix for skipping untagged responses (#1485261)
- Added pspell support patch by Kris Steinhoff (#1483960)
- Enable spellchecker for HTML editor (#1485114)
- Respect spellcheck_uri in tinyMCE spellchecker (#1484196)
- Case insensitive contacts searching using PostgreSQL (#1485259)
- Make default imap folders configurable for each user (#1485075)
- Save outgoing mail to selectable folder (#1324581)
- Fix hiding of mark menu when clicking th button again (#1484944)
- Use long date format in print mode (#1485191)
- Updated TinyMCE to version 3.1.0.1
- Re-enable autocomplete attribute for login form (#1485211)
- Check PERMANENTFLAGS before saving $MDNSent flag (#1484963, #1485163)
- Added flag column on messages list (#1484623)
- Patched Mail/MimePart.php (http://pear.php.net/bugs/bug.php?id=14232)
- Allow trash/junk subfolders to be purged (#1485085)
- Store compose parameters in session and redirect to a unique URL
- Fixed CRAM-MD5 authentication (#1484819)
- Fixed forwarding messages with one HTML attachment (#1484442)
- Fixed encoding of message/rfc822 attachments and image/pjpeg
handling (#1484914)
- Added option to select skin in user preferences
- Added option to configure displaying of attached images below
the message body
- Added option to display images in messages from known senders (#1484601)
- User preferences grouped in more fieldsets
- Fix corrupted MIME headers of messages in Sent folder (#1485111)
- Fixed bug in MDB2 package: http://pear.php.net/bugs/bug.php?id=14124
- Use keypress instead of keydown to select list's row (#1484816)
- Don't call expunge and don't remove message row after message
move if flag_for_deletion is set to true (#1485002)
Revision 1.7 / (download) - annotate - [select for diffs], Wed Jul 30 21:29:57 2008 UTC (15 years, 4 months ago) by schmonz
Branch: MAIN
CVS Tags: cube-native-xorg-base,
cube-native-xorg
Changes since 1.6: +11 -6
lines
Diff to previous 1.6 (colored)
Update to 0.2-alpha, which is no less alpha than 0.1.1 and fixes a
major bug preventing the display of non-UTF8 messages. Includes a
pkgsrc patch to restore PKG_SYSCONFDIR support (#1485215). From the
changelog:
- Added option to disable autocompletion from selected LDAP address
books (#1484922)
- TLS support in LDAP connections: 'use_tls' property (#1485104)
- Fixed removing messages from search set after deleting them (#1485106)
- imap.inc: Fixed iil_C_FetchStructureString() to handle many
literal strings in response (#1484969)
- Support for subfolders in default/protected folders (#1484665)
- Disallowed delimiter in folder name (#1484803)
- Support " and \ in folder names
- Escape \ in login (#1484614)
- Better HTML sanitization with the DOM-based washtml script (#1484701)
- Fixed sorting of folders with non-ascii characters
- Fixed Mysql DDL for default identities creation (#1485070)
- In Preferences added possibility to configure 'read_when_deleted',
'mdn_requests', 'flag_for_deletion' options
- Made IMAP auth type configurable (#1483825)
- Fixed empty values with FROM_UNIXTIME() in rcube_mdb2 (#1485055)
- Fixed attachment list on IE 6/7 (#1484807)
- Fixed JavaScript in compose.html that shows cc/bcc fields if populated
- Make password input fields of type password in installer (#1484886)
- Don't attempt to delete cache entries if enable_caching is FALSE (#1485051)
- Optimized messages sorting on servers without sort capability (#1485049)
- Corrected message headers decoding when charset isn't specified and improved
support for native languages (#1485050, #1485048)
- Expanded LDAP configuration options to support LDAP server writes.
- Installer: encode special characters in DB username/password (#1485042)
- Fixed management of folders with national characters in names
(#1485036, #1485001)
- Fixed identities saving when using MDB2 pgsql driver (#1485032)
- Fixed BCC header reset (#1484997)
- Improved messages list performance - patch from Justin Heesemann
- Append skin_path to images location only when it starts with '/'
sign (#1484859)
- Fix IMAP response in message body when message has no body (#1484964)
- Fixed non-RFC dates formatting (#1484901)
- Fixed typo in set_charset() (#1484991)
- Decode entities when inserting HTML signature to plain text message (#1484990)
- HTML editing is now working with PHP5 updates and TinyMCE v3.0.6
- Fixed signature loading on Windows (#1484545)
- Added language support to HTML editing (#1484862)
- Fixed remove signature when replying (#1333167)
- Fixed problem with line with a space at the end (#1484916)
- Fixed <!DOCTYPE> tag filtering (#1484391)
- Fixed <?xml> tag filtering (#1484403)
- Added sections (fieldset+label) in Settings interface
- Mark as read in one action with message preview (#1484972)
- Deleted redundant quota reads (#1484972)
- Added options for empty trash and expunge inbox on logout (#1483863)
- Removed lines wrapping when displaying message
- Fixed month localization
- Changed codebase to PHP5 with autoloader
Revision 1.6 / (download) - annotate - [select for diffs], Sun May 4 16:34:03 2008 UTC (15 years, 7 months ago) by adrianp
Branch: MAIN
CVS Tags: pkgsrc-2008Q2-base,
pkgsrc-2008Q2,
cwrapper
Changes since 1.5: +6 -5
lines
Diff to previous 1.5 (colored)
Update to 0.1.1
pkgsrc changes:
- Use the 'dep' version to install roundcube with no included dependencies
and instead manage it all through pkgsrc - suggestion from schmonz@
- Move the config files to ${PREFIX}/share/roundcube/config as it was
becomming difficult to manage them under ${PKG_SYSCONFDIR}
- Add the GUI installer scripts to the install so users can use it for the
initial setup and generation of the configuration files.
- Add a note to the roundcube.conf file about protection of the
installer directory once initially used.
- Don't assume apache is the only supported web server (because it's not)
we don't support any additional ones now but this will make integration
down the track easier if we do.
- Increased PKG_SUGGESTED_OPTIONS based on documentation in the INSTALL file.
- Add more required PHP options to roundcube.conf
Thanks to Dan Engholm for feedback on the package.
From the ChangeLog:
* Clear selection when selecting single item (1484942)
* Remove hard-coded image size in skin templates (1484893)
* Database schema improvements (dropped unnecessary indexes)
* Fixed creating a new folder with a comma in its name (1484681)
* Fixed sorting of messages when default mailbox is empty (1484317)
* Improve message previewpane - less loading (1484316)
* Fixed login form autocompletion (1484839)
* Fixed virtuser_query option for mdb2 backend (1484874)
* Fixed attachment resoting from Drafts when message body was empty (1484506)
* Fixed usage of ob_gzhandler (1484851)
* Fixed message part window in IE6 (1484610)
* Fixed decoding of mime-encoded strings (1484191)
* Fixed some iconv/mb_string problems (1484598)
* Correctly quote mailbox name when using in URL (1484313)
* Fixed "headers already sent" errors (1484860)
Revision 1.5 / (download) - annotate - [select for diffs], Sat Mar 15 13:54:59 2008 UTC (15 years, 9 months ago) by adrianp
Branch: MAIN
CVS Tags: pkgsrc-2008Q1-base,
pkgsrc-2008Q1
Changes since 1.4: +5 -5
lines
Diff to previous 1.4 (colored)
Patches from schmonz@ for 0.1-stable Notes: First "stable" release ever. Introduces an install script, some new features and many bug fixes. Changes: - Added interactive installer script - Allow to send mail with BCC recipients only - Remember decision to display images for a certain message during session - Remember search results - Add Received header on outgoing mail - Implement Message-Disposition-Notification (Receipts) - Don't create default folders by default - Fixed some potential security risks (audited by Andris) - Filter linked/imported CSS files - Improve message compose screen and many bug fixes. See http://trac.roundcube.net/wiki/Changelog for details.
Revision 1.4 / (download) - annotate - [select for diffs], Thu Nov 8 23:35:33 2007 UTC (16 years, 1 month ago) by adrianp
Branch: MAIN
CVS Tags: pkgsrc-2007Q4-base,
pkgsrc-2007Q4
Changes since 1.3: +5 -5
lines
Diff to previous 1.3 (colored)
Update to RC2 New message parser (less memory consuming) Works with PHP safe_mode Create valid HTML New LDAP integration Search for contacts Improve message compose screen IPv6 Compatability Improved XHTML validation Identify mailboxes case-sensitive Lowered status message time from 5 to 3 seconds to improve responsiveness See http://trac.roundcube.net/wiki/Changelog for all the details
Revision 1.3 / (download) - annotate - [select for diffs], Tue Jun 5 20:25:26 2007 UTC (16 years, 6 months ago) by adrianp
Branch: MAIN
CVS Tags: pkgsrc-2007Q3-base,
pkgsrc-2007Q3,
pkgsrc-2007Q2-base,
pkgsrc-2007Q2
Changes since 1.2: +4 -4
lines
Diff to previous 1.2 (colored)
* Incorporate some suggestions from justin (at) shiningsilence.com and just explain a little better how RoundCube is setup in pkgsrc. * While were here update to 20070528 2007/05/28 (thomasb) --------- - Fixed buggy imap_root settings (closes 1484379) - Prevent default events on subject links (1484399) - Typo in rcube_smtp.inc 2007/05/23 (estadtherr) ---------- - Upgrade to TinyMCE v2.1.1.1 2007/05/18 (thomasb) ---------- - Use HTTP-POST requests for actions that change state 2007/05/17 (thomasb) ---------- - Updated Catalan, Russian, Portuguese, Slovak and Chinese translations - Renamed localization folder for Chinese (Big5) - Chanegd Slovenian language code from 'si' to 'sl' - Added Sinhala (Sri-Lanka) localization - Use global filters and bind username/ for Ldap searches (1484159) - Hide quota display if imap server does not support it - Hide address groups if no LDAP servers configured - Add link to message subjects (closes 1484257) - Better SQL query for contact listing/search (closes 1484369) 2007/05/13 (thomasb) ---------- - Updated Norwegian (bokmal), Czech, Danish and Portuguese (standard) translation - Fixed marking as read in preview pane (closes 1484364) - CSS hack to display attachments correctly in IE6 - Wrap message body text (closes 1484148)
Revision 1.2 / (download) - annotate - [select for diffs], Fri May 11 11:51:05 2007 UTC (16 years, 7 months ago) by schmonz
Branch: MAIN
Changes since 1.1: +6 -4
lines
Diff to previous 1.1 (colored)
Update to 20070508 snapshot. From the changelog:
2007/05/01 (thomasb)
----------
- Updated German, Euskara, Hungarian, Romanian and Spanish translation
- Added Hindi and Kurdish localization
2007/04/28 (thomasb)
----------
- LDAP access is back in address book (closes #1484087)
- Added search function for contacts
- New Template parsing and output encoding
- Fixed bugs #1484119 and #1483978
2007/04/08 (thomasb)
----------
- Fixed message moving procedure (closes #1484308)
- Fixed display of multiple attachments (closes #1466563)
- Fixed check for new messages (closes #1484310)
- List attachments without filename
2007/03/27 (thomasb)
----------
- New session authentication: Change sessid cookie when login, authentication with sessauth cookie is now configurable.
Should close bugs #1483951 and #1484299
2007/03/23 (thomasb)
----------
- Correctly translate mailbox names (closes #1484276)
- Quote e-mail address links (closes #1484300)
2007/03/21 (thomasb)
----------
- Updated PEAR::Mail_mime package
- Added Persian localization
- Updated Catalan and Brazilian Portuguese translations
- Updated INSTALL manual with a note about database passwords
- Accept single quotes for HTML attributes when modifying message body (thanks Jason)
- Sanitize input for new users/identities (thanks Colin Alston)
2007/03/19 (thomasb)
----------
- Don't download HTML message parts
- Convert HTML parts to plaintext if 'prefer_html' is off
- Correctly parse message/rfc822 parts (closes #1484045)
- Code cleanup
2007/03/18 (thomasb)
----------
- Also use user_id for unique key in messages table (closes #1484074)
- Hide contacts drop down on blur (closes #1484203)
- Make entries in contacts drop down clickable
- Turn off browser autocompletion on login page
- Quote <? in text/html message parts
- Hide border around radio buttons
- Replaced old JS function calls.
2007/03/13 (thomasb)
----------
- Applied patch for attachment download by crichardson (closes #1484198)
- Fixed bug in Postgres DB handling (closes #1484068)
- Fixed bug of invalid calls to fetchRow() in rcube_db.inc (closes #1484280)
- Fixed array_merge bug (closes #1484281)
- Fixed flag for deletion in list view (closes #1484264)
- Finally support semicolons as recipient separator (closes ##1484251)
- Fixed message headers (subject) encoding
pkgsrc changes:
* Make iconv and mbstring dependencies PKG_OPTIONS ("iconv" and "multibyte")
* Write logs and tempfiles under ${VARBASE}, not ${PREFIX}
* Cosmetic and pkglint-appeasing tweaks
Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Sun Apr 8 17:04:08 2007 UTC (16 years, 8 months ago) by adrianp
Branch: TNF
CVS Tags: pkgsrc-base
Changes since 1.1: +0 -0
lines
Diff to previous 1.1 (colored)
RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in PHP and requires the MySQL database. The user interface is fully skinnable using XHTML and CSS 2. This is roundcube-0.1-20070314 (SVN build 508) Suggested by schmonz@
Revision 1.1 / (download) - annotate - [select for diffs], Sun Apr 8 17:04:08 2007 UTC (16 years, 8 months ago) by adrianp
Branch: MAIN
Initial revision