Hello community, here is the log from the commit of package roundcubemail for openSUSE:Factory checked in at 2020-08-17 12:05:52 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/roundcubemail (Old) and /work/SRC/openSUSE:Factory/.roundcubemail.new.3399 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "roundcubemail" Mon Aug 17 12:05:52 2020 rev:66 rq:826894 version:1.4.8 Changes: -------- --- /work/SRC/openSUSE:Factory/roundcubemail/roundcubemail.changes 2020-07-20 21:10:29.469647708 +0200 +++ /work/SRC/openSUSE:Factory/.roundcubemail.new.3399/roundcubemail.changes 2020-08-17 12:06:17.622724803 +0200 @@ -1,0 +2,16 @@ +Thu Aug 13 15:37:19 UTC 2020 - Lars Vogdt <[email protected]> + +- finally renamed roundcubemail-1.4.8-config_dir.patch to + roundcubemail-config_dir.patch to avoid additional roundtrip + times with each submission: + + removed roundcubemail-1.4.7-config_dir.patch + + added roundcubemail-config_dir.patch + +------------------------------------------------------------------- +Tue Aug 11 03:52:20 UTC 2020 - Michael Ströder <[email protected]> + +- update to 1.4.8 with security fixes: + * Fix cross-site scripting (XSS) via HTML messages with malicious svg content (CVE-2020-16145) + * Fix cross-site scripting (XSS) via HTML messages with malicious math content + +------------------------------------------------------------------- Old: ---- roundcubemail-1.4.7-complete.tar.gz roundcubemail-1.4.7-complete.tar.gz.asc roundcubemail-1.4.7-config_dir.patch New: ---- roundcubemail-1.4.8-complete.tar.gz roundcubemail-1.4.8-complete.tar.gz.asc roundcubemail-config_dir.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ roundcubemail.spec ++++++ --- /var/tmp/diff_new_pack.JZVG1c/_old 2020-08-17 12:06:18.218725135 +0200 +++ /var/tmp/diff_new_pack.JZVG1c/_new 2020-08-17 12:06:18.222725137 +0200 @@ -22,7 +22,7 @@ %define roundcubeconfigpath %{_sysconfdir}/%{name} %define php_major_version %(php -r "echo PHP_MAJOR_VERSION;") Name: roundcubemail -Version: 1.4.7 +Version: 1.4.8 Release: 0 Summary: A browser-based multilingual IMAP client License: GPL-3.0-or-later AND GPL-2.0-only AND BSD-3-Clause @@ -37,8 +37,8 @@ Source6: https://roundcube.net/download/pubkey.asc#/%{name}.keyring Source7: https://github.com/roundcube/%{name}/releases/download/%{version}/%{name}-%{version}-complete.tar.gz.asc Source8: robots.txt -# PATCH-FIX-OPENSUSE roundcubemail-1.1-beta-config_dir.patch -- use the general config directory /etc -Patch0: %{name}-%{version}-config_dir.patch +# PATCH-FIX-OPENSUSE roundcubemail-config_dir.patch -- use the general config directory /etc +Patch0: %{name}-config_dir.patch BuildRequires: apache2-devel BuildRequires: pcre-devel BuildRequires: php ++++++ roundcubemail-1.4.7-complete.tar.gz -> roundcubemail-1.4.8-complete.tar.gz ++++++ /work/SRC/openSUSE:Factory/roundcubemail/roundcubemail-1.4.7-complete.tar.gz /work/SRC/openSUSE:Factory/.roundcubemail.new.3399/roundcubemail-1.4.8-complete.tar.gz differ: char 5, line 1 ++++++ roundcubemail-config_dir.patch ++++++ Index: roundcubemail-1.4.8/program/include/iniset.php =================================================================== --- roundcubemail-1.4.8.orig/program/include/iniset.php +++ roundcubemail-1.4.8/program/include/iniset.php @@ -28,7 +28,7 @@ if (!defined('INSTALL_PATH')) { } if (!defined('RCMAIL_CONFIG_DIR')) { - define('RCMAIL_CONFIG_DIR', getenv('ROUNDCUBE_CONFIG_DIR') ?: (INSTALL_PATH . 'config')); + define('RCMAIL_CONFIG_DIR', getenv('ROUNDCUBE_CONFIG_DIR') ?: '/etc/roundcubemail'); } if (!defined('RCUBE_LOCALIZATION_DIR')) {
