Hello community, here is the log from the commit of package roundcubemail for openSUSE:Factory checked in at 2012-08-28 20:55:42 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/roundcubemail (Old) and /work/SRC/openSUSE:Factory/.roundcubemail.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "roundcubemail", Maintainer is "" Changes: -------- --- /work/SRC/openSUSE:Factory/roundcubemail/roundcubemail.changes 2012-05-14 16:18:45.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.roundcubemail.new/roundcubemail.changes 2012-08-28 20:55:44.000000000 +0200 @@ -1,0 +2,14 @@ +Thu Aug 23 06:32:14 UTC 2012 - [email protected] + +- Update to version 0.8.1 + * lot of bugfixes and new features including new skin + (please check the CHANGELOG) + * contains security related fixes (bnc#777446) + * Fix XSS vulnerability in message subject handling using + Larry skin (CVE-2012-3507) + * Fix XSS issue where plain signatures wasn't secured in HTML + mode (CVE-2012-3508) + * Fix XSS issue where href="javascript:" wasn't secured + (CVE-2012-3508) + +------------------------------------------------------------------- Old: ---- roundcubemail-0.7.2.tar.gz New: ---- roundcubemail-0.8.1.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ roundcubemail.spec ++++++ --- /var/tmp/diff_new_pack.UviWul/_old 2012-08-28 20:55:52.000000000 +0200 +++ /var/tmp/diff_new_pack.UviWul/_new 2012-08-28 20:55:52.000000000 +0200 @@ -18,10 +18,10 @@ Name: roundcubemail Summary: A modern browser-based multilingual IMAP client -License: GPL-2.0 ; BSD-3-Clause +License: GPL-3.0+ ; GPL-2.0 ; BSD-3-Clause Group: Productivity/Networking/Email/Clients Url: http://www.roundcube.net/ -Version: 0.7.2 +Version: 0.8.1 Release: 0 BuildRequires: apache2-devel BuildRequires: fdupes @@ -67,6 +67,8 @@ %setup -q -n %{name}-%{version} %patch0 -p1 cp %{SOURCE4} . +# remove cruft from source archive +find . -name ".gitignore" -exec rm {} \; %build @@ -85,7 +87,7 @@ # install docs install -d -m 0755 %buildroot%_defaultdocdir/%name -for i in CHANGELOG INSTALL UPGRADING LICENSE README README.openSUSE; do +for i in CHANGELOG INSTALL UPGRADING LICENSE README.md README.openSUSE; do mv -v %{buildroot}%{roundcubepath}/$i %{buildroot}%{_defaultdocdir}/%name/ done ++++++ roundcubemail-0.7.2.tar.gz -> roundcubemail-0.8.1.tar.gz ++++++ ++++ 165511 lines of diff (skipped) ++++++ roundcubemail-config-dir.patch ++++++ --- /var/tmp/diff_new_pack.UviWul/_old 2012-08-28 20:55:52.000000000 +0200 +++ /var/tmp/diff_new_pack.UviWul/_new 2012-08-28 20:55:52.000000000 +0200 @@ -1,23 +1,25 @@ ---- roundcubemail-0.6.old/installer/index.php 2011-09-05 10:49:04.000000000 +0200 -+++ roundcubemail-0.6/installer/index.php 2011-09-30 16:22:07.248970217 +0200 -@@ -32,7 +32,8 @@ +diff --git a/installer/index.php b/installer/index.php +index bb1b1ba..572ef80 100644 +--- a/installer/index.php ++++ b/installer/index.php +@@ -43,7 +43,7 @@ ini_set('error_reporting', E_ALL&~E_NOTICE); ini_set('display_errors', 1); define('INSTALL_PATH', realpath(dirname(__FILE__) . '/../').'/'); -define('RCMAIL_CONFIG_DIR', INSTALL_PATH . 'config'); +define('RCMAIL_CONFIG_DIR', '/etc/roundcubemail'); -+ $include_path = INSTALL_PATH . 'program/lib' . PATH_SEPARATOR; $include_path .= INSTALL_PATH . 'program' . PATH_SEPARATOR; ---- roundcubemail-0.6.old/program/include/iniset.php 2011-09-28 21:16:41.000000000 +0200 -+++ roundcubemail-0.6/program/include/iniset.php 2011-09-30 16:25:26.292976385 +0200 -@@ -41,15 +41,13 @@ +diff --git a/program/include/iniset.php b/program/include/iniset.php +index f223b0d..630001f 100644 +--- a/program/include/iniset.php ++++ b/program/include/iniset.php +@@ -46,15 +46,12 @@ define('RCMAIL_VERSION', '0.8.1'); define('RCMAIL_CHARSET', 'UTF-8'); define('JS_OBJECT_NAME', 'rcmail'); define('RCMAIL_START', microtime(true)); +define('RCMAIL_CONFIG_DIR', '/etc/roundcubemail'); -+ if (!defined('INSTALL_PATH')) { define('INSTALL_PATH', dirname($_SERVER['SCRIPT_FILENAME']).'/'); ++++++ roundcubemail-httpd.conf ++++++ --- /var/tmp/diff_new_pack.UviWul/_old 2012-08-28 20:55:52.000000000 +0200 +++ /var/tmp/diff_new_pack.UviWul/_new 2012-08-28 20:55:52.000000000 +0200 @@ -49,10 +49,10 @@ <IfModule mod_rewrite.c> RewriteEngine On - RewriteRule ^favicon.ico$ skins/default/images/favicon.ico + RewriteRule ^favicon\.ico$ skins/larry/images/favicon.ico # security rules - RewriteRule .svn/ - [F] - RewriteRule ^README|INSTALL|LICENSE|SQL|bin|CHANGELOG$ - [F] + RewriteRule .git - [F] + RewriteRule ^/?(README(.md)?|INSTALL|LICENSE|SQL|bin|CHANGELOG)$ - [F] </IfModule> <IfModule mod_deflate.c> -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
