Hello community,
here is the log from the commit of package roundcubemail.1531 for
openSUSE:12.3:Update checked in at 2013-04-12 08:28:06
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:12.3:Update/roundcubemail.1531 (Old)
and /work/SRC/openSUSE:12.3:Update/.roundcubemail.1531.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "roundcubemail.1531", Maintainer is ""
Changes:
--------
New Changes file:
--- /dev/null 2013-04-05 00:01:41.916011506 +0200
+++
/work/SRC/openSUSE:12.3:Update/.roundcubemail.1531.new/roundcubemail.changes
2013-04-12 08:28:08.000000000 +0200
@@ -0,0 +1,361 @@
+-------------------------------------------------------------------
+Fri Mar 29 22:26:24 UTC 2013 - [email protected]
+
+- Update to version 0.8.6 (bnc#812568)
+ * Fix security issue in save-pref command (CVE-2013-1904)
+
+-------------------------------------------------------------------
+Wed Jan 30 01:52:24 UTC 2013 - [email protected]
+
+- New upstream release 0.8.5
+ * Fix #countcontrols issue in IE<=8 when text is very long
+ (#1488890)
+ * Fix unwanted horizontal scrollbar in message preview header
+ (#1488866)
+ * Add workaround for IE<=8 bug where Content-Disposition:inline
+ was ignored (#1488844)
+ * Fix XSS vulnerability in vbscript: and data:text links handling
+ (#1488850)
+ * Fix absolute positioning in HTML messages (#1488819)
+ * Fix keybord events on messages list in opera browser (#1488823)
+ * Fix cache (in)validation after setting \Deleted flag
+ * Fix selection of collapsed thread rows (#1488772)
+ * Fix wrapping of quoted text with format=flowed (#1488177)
+
+-------------------------------------------------------------------
+Mon Nov 19 20:59:17 UTC 2012 - [email protected]
+
+- Update to version 0.8.4
+ * fix a regression from 0.8.3 in compose window which could lead
+ to dataloss
+ * some bugfixes including a fixed XSS vulnerability
+
+-------------------------------------------------------------------
+Sat Nov 10 21:12:16 UTC 2012 - [email protected]
+
+- Update to version 0.8.3
+ * This update adds small bug fixes and improvements to the 0.8
+ stable series. It also fixes a possible, although unintended,
+ DoS to the webserver running Roundcube. See the included
+ CHANGELOG file for details.
+
+-------------------------------------------------------------------
+Mon Oct 29 07:00:08 UTC 2012 - [email protected]
+
+- Update to version 0.8.2
+ * bugfix release (detailed changes in CHANGELOG)
+
+-------------------------------------------------------------------
+Tue Sep 25 21:21:32 UTC 2012 - [email protected]
+
+- Installer expects to find php-exif during install, added to spec
+ Requires since it does not say if it's recommended or optional
+
+-------------------------------------------------------------------
+Thu Aug 23 06:32:14 UTC 2012 - [email protected]
+
+- Update to version 0.8.1
+ * lot of bugfixes and new features including new skin
+ (please check the CHANGELOG)
+ * contains security related fixes (bnc#777446)
+ * Fix XSS vulnerability in message subject handling using
+ Larry skin (CVE-2012-3507)
+ * Fix XSS issue where plain signatures wasn't secured in HTML
+ mode (CVE-2012-3508)
+ * Fix XSS issue where href="javascript:" wasn't secured
+ (CVE-2012-3508)
+
+-------------------------------------------------------------------
+Sat May 12 17:59:17 UTC 2012 - [email protected]
+
+- added README.openSUSE to document openSUSE specifics needed for
+ installation/configuration
+
+-------------------------------------------------------------------
+Mon Apr 30 13:50:22 UTC 2012 - [email protected]
+
+- enable Roundcube access from everywhere by default after
+ installation
+- ship *.dist configuration files
+
+-------------------------------------------------------------------
+Sun Apr 15 18:38:01 UTC 2012 - [email protected]
+
+- Update to version 0.7.2
+ * bugfixes as outlined in CHANGELOG
+
+-------------------------------------------------------------------
+Sun Feb 12 12:17:08 UTC 2012 - [email protected]
+
+- Update to version 0.7.1
+ * lot of bugfixes and improvements (see CHANGELOG)
+ * reworked and completed Apache config
+- moved SQL directory from docdir to application
+ (to make the installer work)
+- use fdupes
+- removed README.SUSE as the upstream INSTALL document is equally
+ useful already and describes using the delivered installer
+
+-------------------------------------------------------------------
+Fri Sep 30 15:07:28 CEST 2011 - [email protected]
+
+- Release 0.6-RC
+ * Send X-Frame-Options headers to protect from clickjacking (#1487037)
+ * Fallback to mail_domain in LDAP variable replacements; added 'host' to
'user_create' hook arguments (#1488024)
+ * Fixed wrong vCard type parameter mobile (#1488067)
+ * Fixed vCard WORKFAX issue (#1488046)
+ * Add vCard's Profile URL support (#1488062)
+ * jQuery 1.6.3
+ * Fix imap_cache setting to values other than 'db' (#1488060)
+ * Fix handling of attachments inside message/rfc822 parts (#1488026)
+ * Make list of mimetypes that open in preview window configurable
(#1487625)
+ * Added plugin hook 'message_part_get' for attachment downloads
+ * Localize forwarded message header (#1488058)
+ * Added unique connection identifier to IMAP debug messages
+ * Added 'priority' column on messages list (#1486782)
+ * Fix image type check for contact photo uploads
+- Release 0.6-beta
+ * Add option to hide selected LDAP addressbook on the list
+ * Add client-side checking of uploaded files size
+ * Add newlines between organization, department, jobtitle (#1488028)
+ * Recalculate date when replying to a message and localize the cite header
(#1487675)
+ * Fix handling of email addresses with quoted local part (#1487939)
+ * Fix EOL character in vCard exports (#1487873)
+ * Added optional "multithreading" autocomplete feature
+ * Plugin API: Added 'config_get' hook
+ * Fixed new_user_identity plugin to work with updated rcube_ldap class
(#1487994)
+ * Plugin API: added folder_delete and folder_rename hooks
+ * Added possibility to undo last contact delete operation
+ * Fix sorting of contact groups after group create (#1487747)
+ * Add optional textual upload progress indicator (#1486039)
+ * Fix parsing URLs containing commas (#1487970)
+ * Added vertical splitter for books/groups list in addressbook (#1487923)
+ * Improved namespace roots handling in folder manager
+ * Added searching in all addressbook sources
+ * Added addressbook source selection in contacts import
+ * Implement LDAPv3 Virtual List View (VLV) for paged results listing
+ * Use 'address_template' config option when adding a new address block
(#1487944)
+ * Added addressbook advanced search
+ * Add popup with basic fields selection for addressbook search
+ * Case-insensitive matching in autocompletion (#1487933)
+ * Added option to force spellchecking before sending a message (#1485458)
+ * Fix handling of "<" character in contact data, search fields and folder
names (#1487864)
+ * Fix saving "<" character in identity name and organization fields
(#1487864)
+ * Added option to specify to which address book add new contacts
+ * Added plugin hook for keep-alive requests
+ * Store user preferences in session when write-master is not available and
session is stored in memcache, write them later
+ * Improve performence of folder manager operations
+ * Fix default_port option handling in Installer when config.inc.php file
exists (#1487925)
+ * Removed option focus_on_new_message, added newmail_notifier plugin
+ * Added general rcube_cache class with Memcache and APC support
+ * Improved caching performance by skipping writes of unchanged data
+ * Option enable_caching replaced by imap_cache and messages_cache options
+ * Fix WORKFAX saving in address book (#1487910)
+ * Add forward-as-attachment feature
+ * jQuery-1.6.2 (#1487913, #1487144)
+ * Improve display name composition when saving contacts (#1487143)
+ * Fix problems with subfolders of INBOX folder on some IMAP servers
(#1487725)
+ * Fix handling of folders that doesn't belong to any namespace (#1487637)
+ * Enable multiselection for attachments uploading in capable browsers
(#1485969)
+ * Add possibility to change HTML editor configuration by skin
+ * Fix a bug where selecting too many contacts would produce too large URI
request (#1487892)
+ * Improve performance by including files with absolute path (#1487849)
+ * Move folder name truncation to client/skin (#1485412)
+ * Added plugin hook for request token creation
+ * Replace LDAP vars in group queries (#1487837)
+ * Fix vcard folding with uncode characters (#1487868)
+ * Keep all submitted data if contact form validation fails (#1487865)
+ * Handle uncode strings in rcube_addressbook::normalize_string() (#1487866)
+ * Fix handling of debug_level=4 in ajax requests (#1487831)
+ * Enable TinyMCE's contextmenu (#1487014)
+ * Allow multiple concurrent compose sessions
+ * New config option for custom logo
+ * Allow skins to define/override texts with <roundcube:label />
+ * Add simple ACL rights/namespace handling in folder manager
+ * Force IE to send referers (#1487806)
+ * Better display of vcard import results (#1485457)
+ * Improved vcard import
+ * Interactive update script with improved DB schema check
+ * Fix problem with contactgroupmembers table creation on MySQL 4.x, add
index on contact_id column
+ * Add LDAP SASL bind and proxy authentication (#1486692)
+ * Replying to a sent message puts the old recipient as the new recipient
(#1487074)
+ * Fulltext search over (almost) all data for contacts
+ * Extend address book with rich contact information
+
+-------------------------------------------------------------------
+Fri Sep 23 12:52:42 CEST 2011 - [email protected]
+
+- Release 0.5.4 upstream update
+ * Fix XSS vulnerability in UI messages (#1488030)
+
+-------------------------------------------------------------------
+Wed Jul 13 10:39:18 CEST 2011 - [email protected]
+
+Release 0.5.3 upstream update
+ * Fix identities "reply-to" and "bcc" fields have a bogus value when left
empty (#1487943)
+ * Fix issue which cases IMAP disconnection when encrypt() method was used
(#1487900)
+ * Fix some CSS issues in Settings for Internet Explorer
++++ 164 more lines (skipped)
++++ between /dev/null
++++ and
/work/SRC/openSUSE:12.3:Update/.roundcubemail.1531.new/roundcubemail.changes
New:
----
README.openSUSE
roundcubemail-0.8.6.tar.gz
roundcubemail-config-dir.patch
roundcubemail-httpd.conf
roundcubemail-rpmlintrc
roundcubemail.changes
roundcubemail.spec
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ roundcubemail.spec ++++++
#
# spec file for package roundcubemail
#
# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
Name: roundcubemail
Summary: A modern browser-based multilingual IMAP client
License: GPL-3.0+ and GPL-2.0 and BSD-3-Clause
Group: Productivity/Networking/Email/Clients
Url: http://www.roundcube.net/
Version: 0.8.6
Release: 0
BuildRequires: apache2-devel
%if 0%{suse_version} >= 1100
BuildRequires: fdupes
%endif
BuildRequires: pcre-devel
Requires: http_daemon
Requires: mod_php_any
Requires: php-exif
Requires: php-gettext
Requires: php-iconv
Requires: php-mbstring
Requires: php-mcrypt
Requires: php-openssl
Requires: php-session
Requires: php_any_db
Recommends: php-mysql
Recommends: php5-intl
Recommends: php5-fileinfo
## Requires: for upstream dep package
#Requires: php5-pear-Auth_SASL
Source0: %{name}-%{version}.tar.gz
Source2: %{name}-httpd.conf
Source3: %{name}-rpmlintrc
Source4: README.openSUSE
# PATCH-FIX-OPENSUSE use the general config directory /etc
Patch0: %{name}-config-dir.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildArch: noarch
%define apache_serverroot %(/usr/sbin/apxs2 -q DATADIR)
%define apache_sysconfdir %(/usr/sbin/apxs2 -q SYSCONFDIR)
%define roundcubepath %{apache_serverroot}/%name
%define roundcubeconfigpath %_sysconfdir/%name
%description
RoundCube Webmail is a browser-based multilingual IMAP client with an
application-like user interface. It provides full functionality you
expect from an e-mail client, including MIME support, address book,
folder manipulation, message searching and spell checking.
RoundCube Webmail is written in PHP and requires the MySQL database.
The user interface is fully skinnable using XHTML and CSS 2.
%prep
%setup -q -n %{name}-%{version}
%patch0 -p1
cp %{SOURCE4} .
# remove cruft from source archive
find . -name ".gitignore" -exec rm {} \;
%build
%install
install -d -m 0755 %buildroot%roundcubepath
cp -a * %buildroot%{roundcubepath}/
mkdir -p %buildroot/%_sysconfdir/%name
cp config/* %buildroot/%{roundcubeconfigpath}/
cp %buildroot/%{roundcubeconfigpath}/main.inc.php.dist
%buildroot/%{roundcubeconfigpath}/main.inc.php
cp %buildroot/%{roundcubeconfigpath}/db.inc.php.dist
%buildroot/%{roundcubeconfigpath}/db.inc.php
rm -rf %buildroot%{roundcubepath}/config
# install httpd.conf file and adapt the configuration
install -d -m 0755 %buildroot/%{apache_sysconfdir}/conf.d
sed -e "s#__ROUNDCUBEPATH__#%{roundcubepath}#g" %{SOURCE2} >
%buildroot%{apache_sysconfdir}/conf.d/roundcubemail.conf
# install docs
install -d -m 0755 %buildroot%_defaultdocdir/%name
for i in CHANGELOG INSTALL UPGRADING LICENSE README.md README.openSUSE; do
mv -v %{buildroot}%{roundcubepath}/$i %{buildroot}%{_defaultdocdir}/%name/
done
# no need to check .htaccess each time, the apache config takes care of the
restrictions
find %buildroot/%{roundcubepath} -name .htaccess -delete
# fdupes
%if 0%{suse_version} >= 1100
%fdupes %{buildroot}/%{roundcubepath}
%endif
%clean
rm -rf %buildroot
%post
# enable apache required apache modules
if [ -x /usr/sbin/a2enmod ]; then
a2enmod -q alias || a2enmod alias
a2enmod -q rewrite || a2enmod rewrite
fi
if [ ! -f %{roundcubeconfigpath}/main.inc.php ]; then
cp %{roundcubeconfigpath}/main.inc.php.dist
%{roundcubeconfigpath}/main.inc.php
fi
if [ ! -f %{roundcubeconfigpath}/db.inc.php ]; then
cp %{roundcubeconfigpath}/db.inc.php.dist %{roundcubeconfigpath}/db.inc.php
fi
exit 0
%files
%defattr(0644, root, root,0755)
%doc %_defaultdocdir/%name/
%dir %{roundcubepath}
%dir %{roundcubeconfigpath}
%ghost %config(noreplace) %{roundcubeconfigpath}/db.inc.php
%ghost %config(noreplace) %{roundcubeconfigpath}/main.inc.php
%config %{roundcubeconfigpath}/*
%config %{roundcubeconfigpath}/mimetypes.php
%config(noreplace) %{apache_sysconfdir}/conf.d/roundcubemail.conf
%{roundcubepath}/index.php
%{roundcubepath}/robots.txt
%attr(0755,root,root) %{roundcubepath}/bin/*.sh
%dir %{roundcubepath}/bin
%{roundcubepath}/installer/
%{roundcubepath}/plugins/
%{roundcubepath}/program/
%{roundcubepath}/skins/
%{roundcubepath}/SQL
%attr(-, wwwrun, root) %{roundcubepath}/logs/
%attr(-, wwwrun, root) %{roundcubepath}/temp/
%changelog
++++++ README.openSUSE ++++++
This README contains additional information specific to the
openSUSE package of roundcube.
INSTALLATION
============
This application is packaged to integrate with Apache and MySQL but
it can basically run with every webserver being able to run PHP and
also use other SQL based database engines.
After installation of the package the application will immediately
be reachable from everywhere once Apache is enabled under the URL
http://IP-ADDRESS/roundcube
The configuration is copied from the example config files from the
package and therefore not really working.
First step is to prepare the MySQL database for Roundcube:
Setting up the mysql database can be done by creating an empty database,
importing the table layout and granting the proper permissions to the
roundcube user. Here is an example of that procedure:
# mysql
> CREATE DATABASE roundcubemail /*!40101 CHARACTER SET utf8 COLLATE
> utf8_general_ci */;
> GRANT ALL PRIVILEGES ON roundcubemail.* TO roundcube@localhost
IDENTIFIED BY 'password';
> quit
# mysql roundcubemail < /srv/www/roundcubemail/SQL/mysql.initial.sql
Note 1: 'password' is the master password for the roundcube user. It is strongly
recommended you replace this with a more secure password. Please keep in
mind: You need to specify this password later in
'/etc/roundcubemail/db.inc.php'.
To use the integrated web based installer you need to enable it first
in /etc/roundcubemail/main.inc.php:
$rcmail_config['enable_installer'] = true;
IMPORTANT: This MUST be disabled again after installation is finished
for SECURITY reasons
and then access
http://IP-ADDRESS/roundcube/installer
to finish the installation.
++++++ roundcubemail-config-dir.patch ++++++
diff --git a/installer/index.php b/installer/index.php
index 4c94fea..204cdf4 100644
--- a/installer/index.php
+++ b/installer/index.php
@@ -43,7 +43,7 @@ ini_set('error_reporting', E_ALL&~E_NOTICE);
ini_set('display_errors', 1);
define('INSTALL_PATH', realpath(dirname(__FILE__) . '/../').'/');
-define('RCMAIL_CONFIG_DIR', INSTALL_PATH . 'config');
+define('RCMAIL_CONFIG_DIR', '/etc/roundcubemail');
define('RCMAIL_CHARSET', 'UTF-8');
$include_path = INSTALL_PATH . 'program/lib' . PATH_SEPARATOR;
diff --git a/program/include/iniset.php b/program/include/iniset.php
index 3809479..5004448 100644
--- a/program/include/iniset.php
+++ b/program/include/iniset.php
@@ -52,7 +52,7 @@ if (!defined('INSTALL_PATH')) {
}
if (!defined('RCMAIL_CONFIG_DIR')) {
- define('RCMAIL_CONFIG_DIR', INSTALL_PATH . 'config');
+ define('RCMAIL_CONFIG_DIR', '/etc/roundcubemail');
}
// make sure path_separator is defined
++++++ roundcubemail-httpd.conf ++++++
# You might want to set up a virtual host for the server, but it is
# not a requirement. You can as well reach the server under its
# common name under http://your.server.name/roundcube
#
# NameVirtualHost *
# <VirtualHost *>
# ServerName your.server.name
# DocumentRoot /srv/www/roundcubemail
<IfModule mod_alias.c>
Alias /roundcube __ROUNDCUBEPATH__
</IfModule>
# AddDefaultCharset UTF-8
AddType text/x-component .htc
<Directory __ROUNDCUBEPATH__>
Order allow,deny
#Allow from 127.0.0.1
Allow from all
Options -Indexes FollowSymLinks
<IfModule mod_php5.c>
php_flag display_errors Off
php_flag log_errors On
# php_value error_log logs/errors
php_value upload_max_filesize 5M
php_value post_max_size 6M
php_value memory_limit 64M
php_flag zlib.output_compression Off
php_flag magic_quotes_gpc Off
php_flag magic_quotes_runtime Off
php_flag zend.ze1_compatibility_mode Off
php_flag suhosin.session.encrypt Off
#php_value session.cookie_path /
php_flag session.auto_start Off
php_value session.gc_maxlifetime 21600
php_value session.gc_divisor 500
php_value session.gc_probability 1
# http://bugs.php.net/bug.php?id=30766
php_value mbstring.func_overload 0
</IfModule>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^favicon\.ico$ skins/larry/images/favicon.ico
# security rules
RewriteRule .git - [F]
RewriteRule ^/?(README(.md)?|INSTALL|LICENSE|SQL|bin|CHANGELOG)$ - [F]
</IfModule>
<IfModule mod_deflate.c>
SetOutputFilter DEFLATE
</IfModule>
<IfModule mod_headers.c>
# replace 'append' with 'merge' for Apache version 2.2.9 and later
#Header append Cache-Control public env=!NO_CACHE
</IfModule>
<IfModule mod_expires.c>
ExpiresActive On
ExpiresDefault "access plus 1 month"
</IfModule>
FileETag MTime Size
</Directory>
# Special directories
<Directory __ROUNDCUBEPATH__/bin>
Order allow,deny
Deny from all
</Directory>
<Directory __ROUNDCUBEPATH__/program>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule !^js|.*\.gif$ - [F]
</IfModule>
</Directory>
<Directory __ROUNDCUBEPATH__/config>
Order allow,deny
Deny from all
</Directory>
<Directory __ROUNDCUBEPATH__/logs>
Order allow,deny
Deny from all
</Directory>
<Directory __ROUNDCUBEPATH__/temp>
Order allow,deny
Deny from all
</Directory>
<Directory __ROUNDCUBEPATH__/plugins/enigma/home>
Order allow,deny
Deny from all
</Directory>
# </VirtualHost>
++++++ roundcubemail-rpmlintrc ++++++
addFilter("devel-file-in-non-devel-package")
addFilter("files-duplicate /etc/roundcubemail/main.inc.php.dist")
addFilter("files-duplicate /etc/roundcubemail/db.inc.php")
addFilter("non-executable-script
/srv/www/roundcubemail/plugins/password/drivers/chpass-wrapper.py")
addFilter("wrong-file-end-of-line-encoding
/usr/share/doc/packages/roundcubemail/SQL/mssql.initial.sql")
addFilter("wrong-file-end-of-line-encoding
/usr/share/doc/packages/roundcubemail/SQL/mssql.upgrade.sql")
--
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
