- setting suhosin.session.encrypt per-dir doesn't seem to work

(even with suhosin.perdir set), so just force it in roundcubemail.conf
and remove the program/include/iniset.php patch.

- adjust permissions so the web-based installer can be used as pointed
out by aja, this used to be dangerous but is now controlled by the main
config file and defaults to 'off'.

- bump, adjust MESSAGE

mail/roundcubemail/Makefile

@@ -1,9 +1,9 @@
-# $OpenBSD: Makefile,v 1.25 2010/08/22 14:36:36 sthen Exp $
+# $OpenBSD: Makefile,v 1.26 2010/08/22 19:39:43 sthen Exp $
 
 COMMENT =	imap4 webmail client
 
 DISTNAME =	roundcubemail-0.4
-REVISION =	1
+REVISION =	2
 CATEGORIES =	mail www
 HOMEPAGE =	http://www.roundcube.net/
 
@@ -36,8 +36,8 @@ do-install:
 	mv ${INSTDIR}/$i ${INSTDIR}/$i.dist
 .endfor
 	${SUBST_CMD} -c ${FILESDIR}/roundcubemail.conf \
-	    ${INSTDIR}/roundcubemail.conf.dist
-	chown -R ${SHAREOWN}:${SHAREGRP} ${INSTDIR}
+	    ${INSTDIR}/roundcubemail.conf.dist; \
+	chown -R ${SHAREOWN}:${SHAREGRP} ${INSTDIR}; \
 	find ${INSTDIR} \( -name \*.orig -or -name \*.src \) -exec rm -f {} \;
 
 .include <bsd.port.mk>

mail/roundcubemail/files/roundcubemail.conf

@@ -1,11 +1,14 @@
-# $OpenBSD: roundcubemail.conf,v 1.2 2010/08/22 14:09:27 sthen Exp $
+# $OpenBSD: roundcubemail.conf,v 1.3 2010/08/22 19:39:43 sthen Exp $
+
+<IfModule mod_php5.c>
+    php_value suhosin.session.encrypt	0
+</IfModule>
 
 <Directory ${TINSTDIR}>
     AllowOverride Indexes FileInfo Options
     <IfModule mod_php5.c>
 	php_value file_uploads			1
 	php_value session.auto_start		0
-	php_value suhosin.session.encrypt	0
 	php_value mbstring.func_overload	0
     </IfModule>
 </Directory>

mail/roundcubemail/patches/patch-program_include_iniset_php

@@ -1,19 +0,0 @@
-$OpenBSD: patch-program_include_iniset_php,v 1.3 2010/08/22 14:09:27 sthen Exp $
-
-we set session.encrypt=0 per-directory via httpd in roundcubemail.conf.
-this does not apply to upgrade.sh because it's not run by httpd, so
-change to a warning rather than a fatal error so users can still use
-the upgrade script without forcing session.encrypt off for the whole
-server.
-
---- program/include/iniset.php.orig	Sun Aug 22 14:58:36 2010
-+++ program/include/iniset.php	Sun Aug 22 14:58:44 2010
-@@ -31,7 +31,7 @@ $crit_opts = array(
- );
- foreach ($crit_opts as $optname => $optval) {
-     if ($optval != ini_get($optname)) {
--        die("ERROR: Wrong '$optname' option value. Read REQUIREMENTS section in INSTALL file or use Roundcube Installer, please!");
-+        print("ERROR: Wrong '$optname' option value. Read REQUIREMENTS section in INSTALL file or use Roundcube Installer, please!");
-     }
- }
- 

mail/roundcubemail/pkg/MESSAGE

@@ -1,9 +1,14 @@
-With Apache, AllowOverride settings are required on the
-${INSTDIR} directory. You can configure this as follows:
+With Apache, AllowOverride settings are required on the ${INSTDIR}
+directory. You can configure this as follows:
 
 # ln -s ${PREFIX}/conf/modules.sample/roundcubemail.conf \
         ${PREFIX}/conf/modules
 # apachectl stop
 # apachectl start
 
+Create a link into an appropriate part of the web-server's
+document root, e.g.:
+
+# ln -s ${INSTDIR} /var/www/htdocs
+
 Next, follow ${INSTDIR}/INSTALL or ${INSTDIR}/UPGRADING

mail/roundcubemail/pkg/PLIST

@@ -1,4 +1,4 @@
-@comment $OpenBSD: PLIST,v 1.16 2010/08/22 12:37:14 sthen Exp $
+@comment $OpenBSD: PLIST,v 1.17 2010/08/22 19:39:43 sthen Exp $
 roundcubemail/
 roundcubemail/.htaccess.dist
 @sample roundcubemail/.htaccess
@@ -34,15 +34,11 @@ roundcubemail/config/main.inc.php.dist
 roundcubemail/config/mimetypes.php.dist
 @sample roundcubemail/config/mimetypes.php
 roundcubemail/index.php
-@mode 700
 roundcubemail/installer/
-@mode 600
 roundcubemail/installer/check.php
 roundcubemail/installer/client.js
 roundcubemail/installer/config.php
-@mode 700
 roundcubemail/installer/images/
-@mode 600
 roundcubemail/installer/images/add.png
 roundcubemail/installer/images/banner_bg.gif
 roundcubemail/installer/images/banner_logo.gif