diff options
author | Aaron W. Swenson <titanofold@gentoo.org> | 2018-04-27 15:41:26 -0400 |
---|---|---|
committer | Aaron W. Swenson <titanofold@gentoo.org> | 2018-04-27 15:41:26 -0400 |
commit | 2c769016cc36b9803c40f093f3ab9831529ded12 (patch) | |
tree | 738f1d7ca257a6cc8beea89e64920bbe9fe1fff3 /mail-client | |
parent | dev-python/eliot: Add maintainer-needed comment (diff) | |
download | gentoo-2c769016cc36b9803c40f093f3ab9831529ded12.tar.gz gentoo-2c769016cc36b9803c40f093f3ab9831529ded12.tar.bz2 gentoo-2c769016cc36b9803c40f093f3ab9831529ded12.zip |
mail-client/roundcube: Bump to 1.3.6
Fixes a security issue related to IMAP command injection.
Fixes a XSS concern.
Bug: https://bugs.gentoo.org/651124
Bug: https://bugs.gentoo.org/653044
Package-Manager: Portage-2.3.24, Repoman-2.3.6
Diffstat (limited to 'mail-client')
-rw-r--r-- | mail-client/roundcube/Manifest | 1 | ||||
-rw-r--r-- | mail-client/roundcube/roundcube-1.3.6.ebuild | 99 |
2 files changed, 100 insertions, 0 deletions
diff --git a/mail-client/roundcube/Manifest b/mail-client/roundcube/Manifest index 24fe10c5ba8b..587c57dce079 100644 --- a/mail-client/roundcube/Manifest +++ b/mail-client/roundcube/Manifest @@ -1,3 +1,4 @@ DIST roundcubemail-1.2.7-complete.tar.gz 3904612 BLAKE2B b001a9c57f2358b00e0290493f0bfb82001c769987ef98e2d34d6e6d9432a5c612fab6ba10306279a8bb73d1015332f29f1233a10ee32fd7f713cbf44d9cf7b5 SHA512 545b3fe05ecfaede3d887ae71e41fc91aaaae280c71b67db9a5dcb516b5b238371327c2b1fabe87cf073cce38bc5a57b3db2592eb96d436bae280896c1f7017c DIST roundcubemail-1.3.3-complete.tar.gz 5339032 BLAKE2B bb0b595ba13947db3b0644ad5bc76fa8280ac74733e3bf02a758ffaa49fb0c2ef80005081fb1f24500fa767b57d0df59751abb098a807bc6e04b5a63de3fc1ed SHA512 1f634fbc5d0967f28a7aa990a9b23f105b93030d43927237fc9b5decabe1b959de75c7c21bdb27389ec53730378565e7f309d7c009be427c7615372634273931 DIST roundcubemail-1.3.4-complete.tar.gz 5506887 BLAKE2B de353400706d893b8e95b23e20ebcab7478273bd6dbd009c766537826e260cd98f065f9d7d38740c60254ccbecd376ec6aafe82791be177bbee6ffc8d61a733b SHA512 e3442651bf762ceda3cb9ff78cb512703a7f82466d7de860848d1c9471f10b2561c2dd7a570218048fbc0df0fa573c6e2381ba8c0063e718c531c8ce1138a5e4 +DIST roundcubemail-1.3.6-complete.tar.gz 5529370 BLAKE2B 49fd04d81b7047c61d33007b49aff2fe8d68fb0572d305b51aa0ae997c06e4924a3ff32861c19741f0c4d82adb9abb317781de8c1b324120e57d77f413cfa480 SHA512 fc1627d4b539742524c43b3faaa8cb5d64f934ad03f7cf8a461580a3a38dccb11140d08499b988742a0892534b1eda52f37a50f0911015983b6e27703294c70e diff --git a/mail-client/roundcube/roundcube-1.3.6.ebuild b/mail-client/roundcube/roundcube-1.3.6.ebuild new file mode 100644 index 000000000000..fdb72d1c079b --- /dev/null +++ b/mail-client/roundcube/roundcube-1.3.6.ebuild @@ -0,0 +1,99 @@ +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit webapp + +MY_PN=${PN}mail +MY_P=${MY_PN}-${PV} + +DESCRIPTION="A browser-based multilingual IMAP client with an application-like user interface" +HOMEPAGE="https://roundcube.net" +SRC_URI="https://github.com/${PN}/${MY_PN}/releases/download/${PV}/${MY_P}-complete.tar.gz" + +# roundcube is GPL-licensed, the rest of the licenses here are +# for bundled PEAR components, googiespell and utf8.class.php +LICENSE="GPL-3 BSD PHP-2.02 PHP-3 MIT public-domain" +KEYWORDS="~amd64 ~arm ~ppc ~ppc64 ~x86" + +IUSE="enigma ldap managesieve mysql postgres sqlite ssl spell" +REQUIRED_USE="|| ( mysql postgres sqlite )" + +# this function only sets DEPEND so we need to include that in RDEPEND +need_httpd_cgi + +# :TODO: Support "endriod/qrcode: ~1.6.5" dep (ebuild needed) +RDEPEND=" + ${DEPEND} + >=dev-lang/php-5.4.0[filter,gd,iconv,json,ldap?,pdo,postgres?,session,sockets,sqlite?,ssl?,unicode,xml] + >=dev-php/PEAR-Auth_SASL-1.1.0 + >=dev-php/PEAR-Mail_Mime-1.10.0 + >=dev-php/PEAR-Mail_mimeDecode-1.5.5 + >=dev-php/PEAR-Net_IDNA2-0.2.0 + >=dev-php/PEAR-Net_SMTP-1.7.1 + >=dev-php/PEAR-Net_Socket-1.2.1 + dev-php/PEAR-Console_CommandLine + dev-php/PEAR-Console_Getopt + dev-php/PEAR-Exception + virtual/httpd-php + enigma? ( + >=dev-php/PEAR-Crypt_GPG-1.6.0 + app-crypt/gnupg + ) + ldap? ( + >=dev-php/PEAR-Net_LDAP2-2.2.0 + dev-php/PEAR-Net_LDAP3 + ) + managesieve? ( >=dev-php/PEAR-Net_Sieve-1.4.0 ) + mysql? ( + || ( + dev-lang/php[mysql] + dev-lang/php[mysqli] + ) + ) + spell? ( dev-lang/php[curl,spell] ) +" + +S=${WORKDIR}/${MY_P} + +src_prepare() { + default + + # Redundant. (Bug #644896) + rm -r vendor/pear || die +} + +src_install() { + webapp_src_preinst + + dodoc CHANGELOG INSTALL README.md UPGRADING + + insinto "${MY_HTDOCSDIR}" + doins -r [[:lower:]]* SQL + doins .htaccess + + webapp_serverowned "${MY_HTDOCSDIR}"/logs + webapp_serverowned "${MY_HTDOCSDIR}"/temp + + webapp_configfile "${MY_HTDOCSDIR}"/config/defaults.inc.php + webapp_postupgrade_txt en "${FILESDIR}/POST-UPGRADE.txt" + + webapp_src_install +} + +pkg_postinst() { + webapp_pkg_postinst + + ewarn + ewarn "When upgrading from <= 0.9, note that the old configuration files" + ewarn "named main.inc.php and db.inc.php are deprecated and should be" + ewarn "replaced with one single config.inc.php file." + ewarn + ewarn "Run the ./bin/update.sh script to convert those" + ewarn "or manually merge the files." + ewarn + ewarn "The new config.inc.php should only contain options that" + ewarn "differ from the ones listed in defaults.inc.php." + ewarn +} |