Hello community,

here is the log from the commit of package roundcubemail for openSUSE:Factory 
checked in at 2018-11-05 22:56:20
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/roundcubemail (Old)
 and      /work/SRC/openSUSE:Factory/.roundcubemail.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "roundcubemail"

Mon Nov  5 22:56:20 2018 rev:53 rq:646191 version:1.3.8

Changes:
--------
--- /work/SRC/openSUSE:Factory/roundcubemail/roundcubemail.changes      
2018-08-08 14:53:53.809589333 +0200
+++ /work/SRC/openSUSE:Factory/.roundcubemail.new/roundcubemail.changes 
2018-11-05 22:56:22.699980818 +0100
@@ -1,0 +2,31 @@
+Fri Oct 26 14:19:46 UTC 2018 - l...@linux-schulserver.de - 1.3.8
+
+- Upgrade to version 1.3.8:
+  * Fix PHP warnings on dummy QUOTA responses in Courier-IMAP 4.17.1 (#6374)
+  * Fix so fallback from BINARY to BODY FETCH is used also on [PARSE] errors 
in dovecot 2.3 (#6383)
+  * Enigma: Fix deleting keys with authentication subkeys (#6381)
+  * Fix invalid regular expressions that throw warnings on PHP 7.3 (#6398)
+  * Fix so Classic skin splitter does not escape out of window (#6397)
+  * Fix XSS issue in handling invalid style tag content (#6410)
+  * Fix compatibility with MySQL 8 - error on 'system' table use
+  * Managesieve: Fix bug where show_real_foldernames setting wasn't respected 
(#6422)
+  * New_user_identity: Fix %fu/%u vars substitution in user specific LDAP 
params (#6419)
+  * Fix support for "allow-from " in x_frame_options config option (#6449)
+  * Fix bug where valid content between HTML comments could have been skipped 
in some cases (#6464)
+  * Fix multiple VCard field search (#6466)
+  * Fix session issue on long running requests (#6470)
+- add files with .log entry to logrotate config
+- enhance apache configuration by:
+  + disable mbstring function overload (http://bugs.php.net/bug.php?id=30766)
+  + do not allow to see README*, INSTALL, LICENSE or CHANGELOG files
+  + set additional headers:
+  ++ Content-Security-Policy: ask browsers to not set the referrer
+  ++ Cache-Control: ask not to cache the content
+  ++ Strict-Transport-Security: set HSTS rules for SSL traffic
+  ++ X-XSS-Protection: configure built in reflective XSS protection
+- adjust README.openSUSE: 
+  + db.inc.php is not used any longer
+  + flush privileges after creating/changing users in mysql
+- use %%license macro on newer distributions
+
+-------------------------------------------------------------------

Old:
----
  roundcubemail-1.3.7-complete.tar.gz
  roundcubemail-1.3.7-complete.tar.gz.asc

New:
----
  roundcubemail-1.3.8-complete.tar.gz
  roundcubemail-1.3.8-complete.tar.gz.asc

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ roundcubemail.spec ++++++
--- /var/tmp/diff_new_pack.6YVxIo/_old  2018-11-05 22:56:23.383979952 +0100
+++ /var/tmp/diff_new_pack.6YVxIo/_new  2018-11-05 22:56:23.387979947 +0100
@@ -12,12 +12,12 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.
 
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
 
 
 Name:           roundcubemail
-Version:        1.3.7
+Version:        1.3.8
 Release:        0
 Summary:        A browser-based multilingual IMAP client
 License:        GPL-3.0-or-later AND GPL-2.0-only AND BSD-3-Clause
@@ -260,8 +260,10 @@
 
 %files
 %defattr(0644, root, root,0755)
-%doc CHANGELOG
-%doc LICENSE
+%doc CHANGELOG LICENSE
+%if 0%{?suse_version} >= 1500
+%license LICENSE
+%endif
 %doc README.md
 %doc README.openSUSE
 %doc UPGRADING

++++++ README.openSUSE ++++++
--- /var/tmp/diff_new_pack.6YVxIo/_old  2018-11-05 22:56:23.423979901 +0100
+++ /var/tmp/diff_new_pack.6YVxIo/_new  2018-11-05 22:56:23.427979897 +0100
@@ -1,5 +1,4 @@
 
-
 This README contains additional information specific to the
 openSUSE package of roundcube.
 
@@ -27,16 +26,15 @@
 
 # mysql
 > CREATE DATABASE roundcubemail /*!40101 CHARACTER SET utf8 COLLATE 
 > utf8_general_ci */;
-> GRANT ALL PRIVILEGES ON roundcubemail.* TO roundcube@localhost
-  IDENTIFIED BY 'password';
+> GRANT ALL PRIVILEGES ON roundcubemail.* TO 'roundcube'@'localhost' 
IDENTIFIED BY 'password';
+> FLUSH PRIVILEGES;
 > quit
 
 # mysql roundcubemail < 
/usr/share/doc/packages/roundcubemail/SQL/mysql.initial.sql
 
 Note 1: 'password' is the master password for the roundcube user. It is 
strongly
 recommended you replace this with a more secure password. Please keep in
-mind: You need to specify this password later in 
'/etc/roundcubemail/db.inc.php'.
-
+mind: You need to specify this password later in 
'/etc/roundcubemail/config.inc.php'.
 
 To use the integrated web based installer you need to enable it first
 in /etc/roundcubemail/config.inc.php:

++++++ roundcubemail-1.3.7-complete.tar.gz -> 
roundcubemail-1.3.8-complete.tar.gz ++++++
++++ 2423 lines of diff (skipped)

++++++ roundcubemail-httpd.conf ++++++
--- /var/tmp/diff_new_pack.6YVxIo/_old  2018-11-05 22:56:24.579978439 +0100
+++ /var/tmp/diff_new_pack.6YVxIo/_new  2018-11-05 22:56:24.579978439 +0100
@@ -57,6 +57,8 @@
         php_value       session.gc_maxlifetime          21600
         php_value       session.gc_divisor              500
         php_value       session.gc_probability          1
+        # http://bugs.php.net/bug.php?id=30766
+        php_value       mbstring.func_overload          0
     </IfModule>
 
     <IfModule mod_php7.c>
@@ -80,6 +82,8 @@
         php_value       session.gc_maxlifetime          21600
         php_value       session.gc_divisor              500
         php_value       session.gc_probability          1
+        # http://bugs.php.net/bug.php?id=30766
+        php_value       mbstring.func_overload          0
     </IfModule>
 
     <IfModule mod_rewrite.c>
@@ -92,11 +96,11 @@
         #   in all locations except installer directory
         RewriteRule ^(?!installer|\.well-known\/|[a-f0-9]{16})(\.?[^\.]+)$ - 
[F]
         # - deny access to some locations
-        RewriteRule 
^/?(\.git|\.tx|SQL|bin|config|logs|temp|tests|program\/(include|lib|localization|steps))
 - [F]
+        RewriteRule 
^/?(\.git|\.tx|\.md|SQL|bin|config|logs|temp|tests|program\/(include|lib|localization|steps))
 - [F]
         # - deny access to composer binaries
         RewriteRule ^/vendor\/bin\/.* - [F]
         # - deny access to some documentation files
-        RewriteRule 
/?(README\.md|composer\.json-dist|composer\.json|package\.xml|Dockerfile)$ - [F]
+        RewriteRule 
/?(README|INSTALL|LICENSE|CHANGELOG|composer\.json-dist|composer\.json|package\.xml|Dockerfile)$
 - [F]
         # security rules
     </IfModule>
 
@@ -105,9 +109,17 @@
     </IfModule>
 
     <IfModule mod_headers.c>
-        #Header merge Cache-Control public env=!NO_CACHE
         # for better privacy/security ask browsers to not set the Referer
-        #Header set Content-Security-Policy "referrer no-referrer"
+        Header set Content-Security-Policy "referrer no-referrer"
+        # don't cache, please
+        Header merge Cache-Control public env=!NO_CACHE
+        <IfModule mod_ssl.c>
+            # HSTS - HTTP Strict Transport Security
+            Header always set Strict-Transport-Security "max-age=31536000; 
preload" env=HTTPS
+        </IfModule>
+        # X-Xss-Protection
+        # This header is used to configure the built in reflective XSS 
protection found in Internet Explorer, Chrome and Safari (Webkit). 
+        Header set X-XSS-Protection "1; mode=block"
     </IfModule>
 
     <IfModule mod_expires.c>


++++++ roundcubemail.logrotate ++++++
--- /var/tmp/diff_new_pack.6YVxIo/_old  2018-11-05 22:56:24.639978363 +0100
+++ /var/tmp/diff_new_pack.6YVxIo/_new  2018-11-05 22:56:24.639978363 +0100
@@ -1,4 +1,14 @@
-/var/log/roundcubemail/console /var/log/roundcubemail/errors 
/var/log/roundcubemail/imap /var/log/roundcubemail/ldap 
/var/log/roundcubemail/sendmail /var/log/roundcubemail/sieve 
/var/log/roundcubemail/smtp /var/log/roundcubemail/sql 
/var/log/roundcubemail/userlogins {
+/var/log/roundcubemail/console 
+/var/log/roundcubemail/errors 
+/var/log/roundcubemail/imap 
+/var/log/roundcubemail/ldap 
+/var/log/roundcubemail/sendmail 
+/var/log/roundcubemail/sieve 
+/var/log/roundcubemail/smtp 
+/var/log/roundcubemail/sql 
+/var/log/roundcubemail/userlogins 
+/var/log/roundcubemail/*.log 
+{
     missingok
     compress
     notifempty


Reply via email to