Projects
Kolab:Winterfell
roundcubemail
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Expand all
Collapse all
Changes of Revision 173
View file
roundcubemail.spec
Changed
@@ -49,14 +49,14 @@ %global tmpdir /var/lib/roundcubemail %global rc_version 1.4 -%global rc_rel_suffix rc1.120 +%global rc_rel_suffix rc1.127 %global dot_rel_suffix %{?rc_rel_suffix:.%{rc_rel_suffix}} %global dash_rel_suffix %{?rc_rel_suffix:-%{rc_rel_suffix}} Name: roundcubemail Version: 1.4 -Release: 206%{?dot_rel_suffix}%{?dist} +Release: 238%{?dot_rel_suffix}%{?dist} Summary: Round Cube Webmail is a browser-based multilingual IMAP client @@ -3438,8 +3438,8 @@ %defattr(-,root,root,-) %changelog -* Tue May 7 2019 Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com> - 1.4-237.rc1.120 -- Check in 120 revisions ahead of the upstream rc1 release +* Mon May 13 2019 Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com> - 1.4-238.rc1.127 +- Check in 127 revisions ahead of the upstream rc1 release * Mon Apr 15 2019 Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com> - 1.4-236.rc1.65 - Check in 65 revisions ahead of the upstream rc1 release
View file
debian.changelog
Changed
@@ -1,8 +1,8 @@ -roundcubemail (1.4-0~kolab237) unstable; urgency=low +roundcubemail (1.4-0~kolab238) unstable; urgency=low - * Check in 120 revisions ahead of upstream 1.4-rc1 release + * Check in 127 revisions ahead of upstream 1.4-rc1 release - -- Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com> Tue, 7 May 2019 11:11:11 +0200 + -- Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com> Mon, 13 May 2019 11:11:11 +0200 roundcubemail (1.4-0~kolab236) unstable; urgency=low
View file
roundcubemail-1.4-rc1.120.tar.gz/CHANGELOG -> roundcubemail-1.4-rc1.127.tar.gz/CHANGELOG
Changed
@@ -5,7 +5,6 @@ - Clarified 'address_book_type' option behavior (#6680) - Added cookie mismatch detection, display an error message informing the user to clear cookies - Renamed 'log_session' option to 'session_debug' -- Password: Added ldap_exop driver (#4992) - Don't log full session identifiers in userlogins log (#6625) - installto.sh: Add possibility to run the update even on the up-to-date installation (#6533) - Elastic: Add Prev/Next buttons on message page toolbar (#6648) @@ -19,10 +18,14 @@ - Elastic: Various internal refactorings - Elastic: Fix issue with absolute positioned mail content (#6739) - Elastic: Fix bug where some menu actions could cause a browser popup warning +- Larry: Fix regression where menu actions didn't work with keyboard (#6740) +- Password: Added ldap_exop driver (#4992) - Managesieve: Fix bug where global includes were requested for vacation (#6716) - Managesieve: Use RFC-compliant line endings, CRLF instead of LF (#6686) - Managesieve: Fix so "Create filter" option does not show up when Filters menu is disabled (#6723) -- Larry: Fix regression where menu actions didn't work with keyboard (#6740) +- Enigma: Fix bug where revoked users/keys were not greyed out in key info +- Enigma: Fix error message when trying to encrypt with a revoked key (#6607) +- Enigma: Fix "decryption oracle" bug [CVE-2019-10740] (#6638) - Fix so advanced search dialog is not automatically displayed on searchonly addressbooks (#6679) - Fix so an error is logged when more than one attachment plugin has been enabled, initialize the first one (#6735) - Fix bug where flag change could have been passed to a preview frame when not expected @@ -35,6 +38,7 @@ - Fix bug where attachment preview didn't work with x_frame_options=deny (#6688) - Fix so bin/install-jsdeps.sh returns error code on error (#6704) - Fix bug where bmp images couldn't be displayed on some systems (#6728) +- Fix bug in parsing vCard data using PHP 7.3 due to an invalid regexp (#6744) RELEASE 1.4-rc1 ---------------
View file
roundcubemail-1.4-rc1.120.tar.gz/README.md -> roundcubemail-1.4-rc1.127.tar.gz/README.md
Changed
@@ -19,14 +19,11 @@ from an email client, including MIME support, address book, folder management, message searching and spell checking. Roundcube Webmail is written in PHP and requires the MySQL, PostgreSQL or SQLite database. With its plugin API it is -easily extendable and the user interface is fully customizable using skins -which are pure XHTML and CSS 2. +easily extendable and the user interface is fully customizable using skins. -The code is mainly written in PHP and is designed to run on a webserver. -It includes other open-source classes/libraries from [PEAR][pear], -an IMAP library derived from [IlohaMail][iloha] the [TinyMCE][tinymce] rich -text editor, [Googiespell][googiespell] (archive) library for spell checking or -the [HTML5-PHP][html5-php] sanitizer by Masterminds. +The code designed to run on a webserver is mainly written in PHP and Javascript. +It includes a custom framework with an IMAP library derived from [IlohaMail][iloha] +and requires a set of external libraries (see composer.json and jsdeps.json files). The current default skin 'Larry' was kindly created by FLINT / Büro für Gestaltung, Berne, Switzerland. @@ -49,7 +46,7 @@ - Chrome: (Current - 1) and Current - Edge: (Current - 1) and Current - Firefox: (Current - 1) and Current, ESR -- Internet Explorer: 9+ +- Internet Explorer: 9+ (11+ for the Elastic skin) - Safari: (Current - 1) and Current - Opera: Current @@ -102,11 +99,7 @@ hello(at)roundcube(dot)net -[pear]: https://pear.php.net/ [iloha]: https://sourceforge.net/projects/ilohamail/ -[tinymce]: https://www.tiny.cloud/ -[googiespell]: https://web.archive.org/web/20170314162746/orangoo.com/labs/GoogieSpell/ -[html5-php]: https://github.com/Masterminds/html5-php [gpl]: https://www.gnu.org/licenses/ [license]: https://roundcube.net/license [contrib]: https://roundcube.net/contribute
View file
roundcubemail-1.4-rc1.127.tar.gz/autogen.sh
Added
@@ -0,0 +1,15 @@ +#!/bin/bash + +git clean -d -f -x + +bin/install-jsdeps.sh +bin/install-jsdeps.sh + +pushd .. + +rm -rf roundcubemail-$1/ +cp -a roundcubemail.git roundcubemail-$1/ +rm -rf roundcubemail-$1/.git/ + +tar czvf roundcubemail-$1.tar.gz roundcubemail-$1 +
View file
roundcubemail-1.4-rc1.120.tar.gz/installer/test.php -> roundcubemail-1.4-rc1.127.tar.gz/installer/test.php
Changed
@@ -301,8 +301,8 @@ echo '<p>Trying to send email...<br />'; - $from = idn_to_ascii(trim($_POST['_from'])); - $to = idn_to_ascii(trim($_POST['_to'])); + $from = rcube_utils::idn_to_ascii(trim($_POST['_from'])); + $to = rcube_utils::idn_to_ascii(trim($_POST['_to'])); if (preg_match('/^' . $RCI->email_pattern . '$/i', $from) && preg_match('/^' . $RCI->email_pattern . '$/i', $to) @@ -426,8 +426,8 @@ $imap_port = 993; } - $imap_host = idn_to_ascii($imap_host); - $imap_user = idn_to_ascii($_POST['_user']); + $imap_host = rcube_utils::idn_to_ascii($imap_host); + $imap_user = rcube_utils::idn_to_ascii($_POST['_user']); $imap = new rcube_imap(null); $imap->set_options(array(
View file
roundcubemail-1.4-rc1.120.tar.gz/plugins/enigma/README -> roundcubemail-1.4-rc1.127.tar.gz/plugins/enigma/README
Changed
@@ -69,7 +69,7 @@ Possible reasons: - non-working loader in shebang (#! /usr/bin/env php) Make sure it works for the user the php scripts are executed upon - (i.e. apache, www-date, etc.) + (i.e. apache, www-data, etc.) - SELinux setting, try command: setsebool -P httpd_unified 0 Note: pinentry is used with gpg >= 2.0 and <= 2.1.12.
View file
roundcubemail-1.4-rc1.120.tar.gz/plugins/enigma/lib/enigma_engine.php -> roundcubemail-1.4-rc1.127.tar.gz/plugins/enigma/lib/enigma_engine.php
Changed
@@ -265,10 +265,6 @@ $recipients = array_merge($recipients, $mime->getRecipients()); } - if (empty($recipients)) { - return new enigma_error(enigma_error::KEYNOTFOUND); - } - $recipients = array_unique($recipients); // find recipient public keys @@ -372,20 +368,36 @@ */ function part_structure($p, $body = null) { + static $got_content = false; + + // Prevent from "decryption oracle" [CVE-2019-10740] (#6638) + // On mail compose (edit/reply/forward) we support encrypted content only + // in the first "content part" of the message. + if ($got_content && $this->rc->task == 'mail' && $this->rc->action == 'compose') { + return; + } + // Don't be tempted to support encryption in text/html parts // Because of EFAIL vulnerability we should never support this (#6289) if ($p['mimetype'] == 'text/plain' || $p['mimetype'] == 'application/pgp') { $this->parse_plain($p, $body); + $got_content = true; } else if ($p['mimetype'] == 'multipart/signed') { $this->parse_signed($p, $body); + $got_content = true; } else if ($p['mimetype'] == 'multipart/encrypted') { $this->parse_encrypted($p); + $got_content = true; } else if ($p['mimetype'] == 'application/pkcs7-mime') { $this->parse_encrypted($p); + $got_content = true; + } + else { + $got_content = $p['structure']->type === 'content'; } return $p;
View file
roundcubemail-1.4-rc1.120.tar.gz/plugins/enigma/lib/enigma_ui.php -> roundcubemail-1.4-rc1.127.tar.gz/plugins/enigma/lib/enigma_ui.php
Changed
@@ -415,12 +415,12 @@ } } + $table->set_row_attribs($subkey->revoked || ($subkey->expires && $subkey->expires < $now) ? 'deleted' : ''); $table->add('id', $subkey->get_short_id()); $table->add('algo', $algo); $table->add('created', $subkey->created ? $this->rc->format_date($subkey->created, $date_format, false) : ''); $table->add('expires', $subkey->expires ? $this->rc->format_date($subkey->expires, $date_format, false) : $this->enigma->gettext('expiresnever')); $table->add('usage', implode(',', $usage)); - $table->set_row_attribs($subkey->revoked || ($subkey->expires && $subkey->expires < $now) ? 'deleted' : ''); } $out .= html::tag('fieldset', null, @@ -440,9 +440,9 @@ } $username .= ' <' . $user->email . '>'; + $table->set_row_attribs($user->revoked || !$user->valid ? 'deleted' : ''); $table->add('id', rcube::Q(trim($username))); $table->add('valid', $this->enigma->gettext($user->valid ? 'valid' : 'unknown')); - $table->set_row_attribs($user->revoked || !$user->valid ? 'deleted' : ''); } $out .= html::tag('fieldset', null, @@ -1158,10 +1158,14 @@ if ($mode && ($status instanceof enigma_error)) { $code = $status->getCode(); - if ($code == enigma_error::KEYNOTFOUND) { - $vars = array('email' => $status->getData('missing')); - $msg = 'enigma.' . $mode . 'nokey'; + if ($email = $status->getData('missing')) { + $vars = array('email' => $email); + $msg = 'enigma.' . $mode . 'nokey'; + } + else { + $msg = 'enigma.' . ($encrypt_enable ? 'encryptnoprivkey' : 'signnokey'); + } } else if ($code == enigma_error::BADPASS) { $this->password_prompt($status);
View file
roundcubemail-1.4-rc1.120.tar.gz/plugins/enigma/localization/en_US.inc -> roundcubemail-1.4-rc1.127.tar.gz/plugins/enigma/localization/en_US.inc
Changed
@@ -116,6 +116,7 @@ $messages['signnopass'] = 'Signing failed. Key password required.'; $messages['encrypterror'] = 'Encryption failed.'; $messages['encryptnokey'] = 'Encryption failed. Public key not found for $email.'; +$messages['encryptnoprivkey'] = 'Encryption failed. Private key not found.'; $messages['nokeysfound'] = 'No keys found'; $messages['keynotfound'] = 'Key not found!'; $messages['keyopenerror'] = 'Unable to get key information! Internal error.';
View file
roundcubemail-1.4-rc1.120.tar.gz/program/lib/Roundcube/rcube_vcard.php -> roundcubemail-1.4-rc1.127.tar.gz/program/lib/Roundcube/rcube_vcard.php
Changed
@@ -538,8 +538,8 @@ '/item(\d+)\.(TEL|EMAIL|URL)([^:]*?):(.*?)item\1.X-ABLabel:(?:_\$!<)?([\w() -]*)(?:>!\$_)?./si', '/^item\d*\.X-AB.*$/mi', // remove cruft like item1.X-AB* '/^item\d*\./mi', // remove item1.ADR instead of ADR - '/\n+/', // remove empty lines - '/^(N:[^;\R]*)$/m', // if N doesn't have any semicolons, add some + '/\n+/', // remove empty lines + '/^(N:[^;\r\n]*)$/m', // if N doesn't have any semicolons, add some ), array( '\2;type=\5\3:\4',
View file
roundcubemail-1.4-rc1.120.tar.gz/program/steps/mail/get.inc -> roundcubemail-1.4-rc1.127.tar.gz/program/steps/mail/get.inc
Changed
@@ -289,7 +289,7 @@ */ function rcmail_mimetype_compare($type1, $type2) { - $regexp = '|/(x-|x-ms-)|'; + $regexp = '~/(x-|x-ms-)~'; $type1 = preg_replace($regexp, '/', $type1); $type2 = preg_replace($regexp, '/', $type2);
View file
roundcubemail-1.4-rc1.120.tar.gz/skins/elastic/styles/widgets/common.less -> roundcubemail-1.4-rc1.127.tar.gz/skins/elastic/styles/widgets/common.less
Changed
@@ -570,6 +570,10 @@ fieldset.tab-pane & thead th { border: 0; } + + tr.deleted td { + color: @color-list-deleted !important; + } } /* Bootstrap's .table style overwrites */
View file
roundcubemail.dsc
Changed
@@ -2,7 +2,7 @@ Source: roundcubemail Binary: roundcubemail Architecture: all -Version: 1:1.4-0~kolab237 +Version: 1:1.4-0~kolab238 Maintainer: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com> Uploaders: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com> Homepage: http://www.roundcube.net/ @@ -14,5 +14,5 @@ roundcubemail deb web extra roundcubemail-core deb web extra Files: - 00000000000000000000000000000000 0 roundcubemail-1.4-rc1.120.tar.gz + 00000000000000000000000000000000 0 roundcubemail-1.4-rc1.127.tar.gz 00000000000000000000000000000000 0 debian.tar.gz
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.