cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
171,576 Commits 1 Branch 0 Tags
Commit Graph

178 Commits

Author SHA1 Message Date
sthen
46e2aac63b rcube-skin-(classic|larry) need @conflict on the old roundcubemail 2022-07-29 13:36:16 +00:00
sthen
8dc231bb0a update to roundcube-1.6.0 
upstream no longer bundles the old default classic/larry skins; split
into subpackages so that we can continue providing them more easily for
users wanting to continue using them. "make install-all" from ports,
or pkg_add rcube-skin-classic / pkg_add rcube-skin-larry if you want
them.
 2022-07-29 13:34:00 +00:00
sthen
cbbad63b0d update to roundcubemail-1.5.3 2022-06-27 07:37:11 +00:00
sthen
4dbdcb690b no more need for SUBST_VARS=MODPHP_BIN, suggested by aja@ 2022-05-21 09:43:00 +00:00
sthen
60a48cf9c2 switch the default php version to 8.0 2022-03-23 23:58:28 +00:00
sthen
a98e0e6666 remove rcs IDs in ports that I maintain 2022-03-07 21:36:41 +00:00
sthen
8415f2e1c7 another rcsid 2022-03-07 12:39:49 +00:00
sthen
121d8f8ded roundcubemail: add 2 missing @sample lines for optional plugins 2022-03-07 12:39:07 +00:00
sthen
36fdaee5bb drop rcs ids 2022-03-07 12:33:17 +00:00
sthen
0113c1c89b roundcubemail: fixed for sample config for Apache httpd 2022-03-07 12:32:27 +00:00
sthen
dfaf814f0c update to roundcubemail-1.5.2 2021-12-31 08:54:19 +00:00
sthen
b2b37475d8 update to roundcubemail-1.5.1 2021-11-29 10:27:01 +00:00
sthen
ccb346462d Roundcube 1.5 includes unicode homograph detection which requires php-intl, 
add a RUN_DEPENDS. Reported by weerd@
 2021-11-16 16:11:39 +00:00
sthen
8cce3d79ca roundcube: cherrypick a few fixes from the release-1.5 branch 2021-10-29 14:00:00 +00:00
sthen
a25dc5c55e update to roundcubemail-1.5.0 2021-10-19 07:55:12 +00:00
sthen
577fe1e268 change some hardcoded 'rm *.orig'-like commands to ${PATCHORIG} 2021-08-01 21:06:54 +00:00
sthen
06e20cb110 switch default MODPHP_VERSION to 7.4 and bump ports which have changed 
version. (as of 6 Dec 2020, 7.3 went into "security fixes only" mode).
 2021-02-24 16:48:59 +00:00
sthen
4bcf75c8cf update to roundcubemail-1.4.11 
https://roundcube.net/news/2021/02/08/security-update-1.4.11
https://github.com/roundcube/roundcubemail/releases/tag/1.4.11
 2021-02-09 14:22:16 +00:00
sthen
8e1142abb7 switch roundcube/plugins and librenms to MODPHP_VERSION=7.4 2021-02-06 20:33:27 +00:00
sthen
935cd2b199 update to roundcube-1.4.10 
fixes XSS via HTML or plain text messages with malicious content
 2020-12-28 00:31:42 +00:00
sthen
c0828f1318 update to roundcubemail-1.4.9 2020-10-02 18:45:24 +00:00
sthen
65395133b2 update to roundcubemail-1.4.8, including XSS fixes 2020-08-10 22:36:07 +00:00
sthen
6cc9779250 switch my maintainer email addresses to my own domain 2020-07-11 22:54:35 +00:00
sthen
761b257941 update to roundcubemail-1.4.7, fixes an XSS via HTML messages with malicious 
svg/namespace, and a few other non-security fixes
 2020-07-05 22:30:34 +00:00
sthen
bfc6375a50 update to roundcubemail-1.4.6, minor updating fixing issue introduced with 1.4.5 2020-06-08 13:48:19 +00:00
sthen
3ecc18d1a2 update to roundcubemail-1.4.5 including some XSS fixes 
https://github.com/roundcube/roundcubemail/releases/tag/1.4.5
 2020-06-08 08:46:08 +00:00
sthen
218211c334 security update to roundcubemail-1.4.4 
Security fixes:
- Cross-Site Scripting (XSS) via malicious HTML content
- CSRF attack can cause an authenticated user to be logged out
- Remote code execution via crafted config options
- Path traversal vulnerability allowing local file inclusion via crafted
'plugins' option

The latter two vulnerabilities are classified minor because they only
affect Roundcube installations with public access to the Roundcube
installer. That’s generally a high-risk situation and is expected to be
rare or practically non-existent in productive Roundcube deployments.
However, the fixes are done in core in order to also prevent from future
and yet unknown attack vectors.

Changelog at https://github.com/roundcube/roundcubemail/releases/tag/1.4.4
 2020-04-29 23:15:11 +00:00
naddy
f88a93d598 * Combine and tweak some find(1) invocations. 
* Use the -delete operator to remove files.
 2020-03-22 18:13:35 +00:00
sthen
2b1f400719 update to roundcube 1.4.3 2020-02-20 14:37:56 +00:00
sthen
ff04bacd71 update to roundcubemail-1.4.2 2020-01-03 11:29:59 +00:00
sthen
e5783beac0 update to roundcubemail-1.4.1 2019-11-22 12:38:28 +00:00
sthen
25b6e37dda update to roundcubemail-1.4.0 2019-11-10 12:02:45 +00:00
sthen
961e5936cd drop MODPHP_VERSION=7.3, it is now the default 2019-09-26 22:01:47 +00:00
sthen
65727666c1 bump to make -current package version is higher than -stable 2019-09-02 09:58:03 +00:00
sthen
98a737fcd1 update to roundcubemail-1.3.10 2019-08-30 12:08:09 +00:00
sthen
9c6e9626b9 s/PERMIT_PACKAGE_CDROM/PERMIT_PACKAGE/ and some light whitespace tidying 
in ports which I maintain
 2019-06-03 16:06:50 +00:00
sthen
59b9d5d0ef - switch librenms, roundcube and related ports to php 7.3 
- mention in rcube-sieverules/pkg/DESCR that it's unmaintained upstream
(suggest using the bundled Managesieve plugin instead)
 2019-05-20 13:23:44 +00:00
sthen
2a09e0c70d update to roundcubemail-1.3.9 2019-04-01 10:29:42 +00:00
sthen
a49e0c3c7a patch roundcubemail to fix typo 2018-12-21 13:18:26 +00:00
sthen
9153551649 update to roundcubemail-1.3.8 
various fixes including an XSS in handling invalid style tag content
 2018-10-26 20:57:55 +00:00
sthen
44f8a14fd9 switch default php version from 7.0 to 7.1 (not 7.2 yet as some things are still 
using mcrypt).
 2018-10-17 14:15:55 +00:00
espie
f4b7f81318 convert to PKGSTEM 2018-09-04 12:46:09 +00:00
sthen
62ae66e375 bump REVISION to be above 6.3-stable due to changes for newer PHP version 
and split-off pdo_sqlite
 2018-07-29 22:11:53 +00:00
sthen
7b126b1bdb update to roundcube 1.3.7 
"It contains fixes to several bugs backported from the master branch
including a security fix mitigating the EFAIL issue recently discovered
in OpenPGP."

https://github.com/roundcube/roundcubemail/releases/tag/1.3.7
 2018-07-29 22:09:29 +00:00
sthen
be815a74f7 bump; tweak MODPHP_PDO_DEPENDS order 2018-06-02 20:58:30 +00:00
sthen
abbcd9d662 use MODPHP_PDO_DEPENDS where it makes sense (ports that do require 
PDO but it was being defaulted in from pdo_mysql in the main php
package).

hints+ok for ownCloud/nextcloud aja@
 2018-05-25 14:03:36 +00:00
sthen
1cd7e295e8 drop MODPHP_VERSION=7.0 for ports which switched early 2018-05-22 08:19:06 +00:00
sthen
f8c62a01d7 flip roundcube and associated ports over to PHP 7.0, I've been using 
roundcube and some of the others with 7 for ages.
 2018-05-17 08:33:20 +00:00
sthen
eaf8a2a299 update to Roundcube 1.3.6, a couple of fixes, the main one being: 
"In Roundcube from versions 1.2.0 to 1.3.5, with the archive
plugin enabled and configured, it's possible to exploit the
unsanitized, user-controlled "_uid" parameter (in an archive.php
_task=mail&_mbox=INBOX&_action=plugin.move2archive request) to perform
an MX (IMAP) injection attack by placing an IMAP command after a %0d%0a
sequence. NOTE: this is less easily exploitable in 1.3.4 and later
because of a Same Origin Policy protection mechanism."

https://github.com/roundcube/roundcubemail/releases/tag/1.3.6
 2018-04-11 21:20:40 +00:00
sthen
cb33f6e886 Add a rewrite to the nginx config snippet to allow use of the config 
setting "$config['use_secure_urls'] = true;" which adds anti-csrf tokens
to the URL.
 2018-03-30 10:50:14 +00:00