commit roundcubemail for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package roundcubemail for openSUSE:Factory 
checked in at 2016-01-17 09:23:22
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/roundcubemail (Old)
 and      /work/SRC/openSUSE:Factory/.roundcubemail.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "roundcubemail"

Changes:
--------
--- /work/SRC/openSUSE:Factory/roundcubemail/roundcubemail.changes      
2016-01-01 19:51:18.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.roundcubemail.new/roundcubemail.changes 
2016-01-17 09:23:26.000000000 +0100
@@ -1,0 +2,5 @@
+Fri Jan 15 11:57:10 UTC 2016 - a...@ajaissle.de
+
+- Changed apache2 config
+
+-------------------------------------------------------------------
@@ -23 +28 @@
-    Fix path traversal vulnerability (CWE-22) in setting a skin (#1490620)
+    Fix path traversal vulnerability (CWE-22) in setting a skin (#1490620) 
[CVE-2015-8770] [bnc#962067]

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ roundcubemail-httpd.conf ++++++
--- /var/tmp/diff_new_pack.rurBpB/_old  2016-01-17 09:23:27.000000000 +0100
+++ /var/tmp/diff_new_pack.rurBpB/_new  2016-01-17 09:23:27.000000000 +0100
@@ -48,6 +48,7 @@
         php_value       post_max_size                   6M
         php_value       memory_limit                    64M
 
+        php_flag        register_globals                Off
         php_flag        zlib.output_compression         Off
         php_flag        magic_quotes_gpc                Off
         php_flag        magic_quotes_runtime            Off
@@ -59,18 +60,21 @@
         php_value       session.gc_maxlifetime          21600
         php_value       session.gc_divisor              500
         php_value       session.gc_probability          1
-
-        # http://bugs.php.net/bug.php?id=30766
-        php_value       mbstring.func_overload          0
     </IfModule>
 
     <IfModule mod_rewrite.c>
         RewriteEngine On
         RewriteRule ^favicon\.ico$ skins/larry/images/favicon.ico
+
+        # security rules:
+        # - deny access to files not containing a dot or starting with a dot
+        #   in all locations except installer directory
+        RewriteRule ^(?!installer|\.well-known\/|[a-f0-9]{16})(\.?[^\.]+)$ - 
[F]
+        # - deny access to some locations
+        RewriteRule 
^/?(\.git|\.tx|SQL|bin|config|logs|temp|tests|program\/(include|lib|localization|steps))
 - [F]
+        # - deny access to some documentation files
+        RewriteRule 
/?(README\.md|composer\.json-dist|composer\.json|package\.xml|Dockerfile)$ - [F]
         # security rules
-        RewriteRule .git - [F]
-        RewriteRule ^/?(README(.md)?|INSTALL|LICENSE|SQL|bin|CHANGELOG)$ - [F]
-        RewriteRule ^(?!installer|[a-f0-9]{16})(\.?[^\.]+)$ - [F]
     </IfModule>
 
     <IfModule mod_deflate.c>