diff --git a/.gitignore b/.gitignore index 2d58979..efe7217 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,7 @@ roundcubemail-0.3.1-dep.tar.gz /roundcubemail-0.5.2-dep.tar.gz /roundcubemail-0.5.3-dep.tar.gz /roundcubemail-0.5.4-dep.tar.gz +/roundcubemail-0.6-dep.tar.gz +/roundcubemail-0.7-dep.tar.gz +/roundcubemail-0.7.1-dep.tar.gz +/roundcubemail-0.7.2-dep.tar.gz diff --git a/roundcubemail-0.1.1-mysql.update.sql.patch b/roundcubemail-0.1.1-mysql.update.sql.patch deleted file mode 100644 index e1039f7..0000000 --- a/roundcubemail-0.1.1-mysql.update.sql.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- SQL/mysql.update.sql 2008-04-09 08:34:22.000000000 -0500 -+++ SQL/mysql.update.sql 2008-04-09 08:34:22.000000000 -0500 -@@ -5,7 +5,7 @@ - - ALTER TABLE `messages` - DROP INDEX `idx`, -- DROP INDEX `uid` -+ DROP INDEX `uid`; - - ALTER TABLE `cache` - DROP INDEX `cache_key`, diff --git a/roundcubemail-0.1.1-pear.patch b/roundcubemail-0.1.1-pear.patch deleted file mode 100644 index 0c770e6..0000000 --- a/roundcubemail-0.1.1-pear.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- index.php~ 2008-04-10 11:15:39.000000000 -0500 -+++ index.php 2008-04-10 11:15:39.000000000 -0500 -@@ -82,7 +82,7 @@ - require_once('include/rcube_imap.inc'); - require_once('include/bugs.inc'); - require_once('include/main.inc'); --require_once('PEAR.php'); -+#require_once('PEAR.php'); - - - // set PEAR error handling diff --git a/roundcubemail-0.2-CVE-2009-0413.patch b/roundcubemail-0.2-CVE-2009-0413.patch deleted file mode 100644 index 44c274f..0000000 --- a/roundcubemail-0.2-CVE-2009-0413.patch +++ /dev/null @@ -1,24 +0,0 @@ ---- CHANGELOG~ 2009-02-04 09:58:46.000000000 -0600 -+++ CHANGELOG 2009-02-04 09:58:46.000000000 -0600 -@@ -3,0 +4,4 @@ -+2009/01/20 (thomasb) -+---------- -+- Fix XSS vulnerability through background attributes as reported by Julien Cayssol -+ ---- program/lib/washtml.php~ 2009-02-04 10:01:02.000000000 -0600 -+++ program/lib/washtml.php 2009-02-04 10:01:02.000000000 -0600 -@@ -83 +83 @@ -- static $html_attribs = array('name', 'class', 'title', 'alt', 'width', 'height', 'align', 'nowrap', 'col', 'row', 'id', 'rowspan', 'colspan', 'cellspacing', 'cellpadding', 'valign', 'bgcolor', 'color', 'border', 'bordercolorlight', 'bordercolordark', 'face', 'marginwidth', 'marginheight', 'axis', 'border', 'abbr', 'char', 'charoff', 'clear', 'compact', 'coords', 'vspace', 'hspace', 'cellborder', 'size', 'lang', 'dir', 'background'); -+ static $html_attribs = array('name', 'class', 'title', 'alt', 'width', 'height', 'align', 'nowrap', 'col', 'row', 'id', 'rowspan', 'colspan', 'cellspacing', 'cellpadding', 'valign', 'bgcolor', 'color', 'border', 'bordercolorlight', 'bordercolordark', 'face', 'marginwidth', 'marginheight', 'axis', 'border', 'abbr', 'char', 'charoff', 'clear', 'compact', 'coords', 'vspace', 'hspace', 'cellborder', 'size', 'lang', 'dir'); -@@ -163 +163 @@ -- ($key == 'href' && preg_match('/^(http|https|ftp|mailto):.*/i', $value))) -+ ($key == 'href' && preg_match('/^(http|https|ftp|mailto):.+/i', $value))) -@@ -167 +167 @@ -- else if($key == 'src' && strtolower($node->tagName) == 'img') { //check tagName anyway -+ else if($key == 'background' || ($key == 'src' && strtolower($node->tagName) == 'img')) { //check tagName anyway -@@ -171 +171 @@ -- else if(preg_match('/^(http|https|ftp):.*/i', $value)) { -+ else if(preg_match('/^(http|https|ftp):.+/i', $value)) { -@@ -177 +177 @@ -- $t .= ' src="' . htmlspecialchars($this->config['blocked_src'], ENT_QUOTES) . '"'; -+ $t .= ' ' . $key . '="' . htmlspecialchars($this->config['blocked_src'], ENT_QUOTES) . '"'; diff --git a/roundcubemail-0.2-alpha-confpath.patch b/roundcubemail-0.2-alpha-confpath.patch deleted file mode 100644 index efbf60e..0000000 --- a/roundcubemail-0.2-alpha-confpath.patch +++ /dev/null @@ -1,18 +0,0 @@ ---- program/include/rcube_config.php 2008-06-13 10:15:51.000000000 -0500 -+++ program/include/rcube_config.php 2008-06-13 10:15:51.000000000 -0500 -@@ -50,11 +50,13 @@ - ob_start(); - - // load main config file -- include_once(INSTALL_PATH . 'config/main.inc.php'); -+ #include_once(INSTALL_PATH . 'config/main.inc.php'); -+ include_once('/etc/roundcubemail/main.inc.php'); - $this->prop = (array)$rcmail_config; - - // load database config -- include_once(INSTALL_PATH . 'config/db.inc.php'); -+ #include_once(INSTALL_PATH . 'config/db.inc.php'); -+ include_once('/etc/roundcubemail/db.inc.php'); - $this->prop += (array)$rcmail_config; - - // load host-specific configuration diff --git a/roundcubemail-0.2-beta-CVE-2008-5620.patch b/roundcubemail-0.2-beta-CVE-2008-5620.patch deleted file mode 100644 index b6e6ff2..0000000 --- a/roundcubemail-0.2-beta-CVE-2008-5620.patch +++ /dev/null @@ -1,60 +0,0 @@ ---- bin/quotaimg.php.orig 2008-09-12 11:48:23.000000000 -0500 -+++ bin/quotaimg.php 2008-12-16 11:21:30.000000000 -0600 -@@ -4 +4 @@ -- | program/bin/quotaimg.php | -+ | bin/quotaimg.php | -@@ -7 +7 @@ -- | Copyright (C) 2005-2007, RoundCube Dev. - Switzerland | -+ | Copyright (C) 2005-2008, RoundCube Dev. - Switzerland | -@@ -17 +17 @@ -- $Id: $ -+ $Id$ -@@ -21,4 +21,4 @@ --$used = ((isset($_GET['u']) && !empty($_GET['u'])) || $_GET['u']=='0')?(int)$_GET['u']:'??'; --$quota = ((isset($_GET['q']) && !empty($_GET['q'])) || $_GET['q']=='0')?(int)$_GET['q']:'??'; --$width = empty($_GET['w']) ? 100 : (int)$_GET['w']; --$height = empty($_GET['h']) ? 14 : (int)$_GET['h']; -+$used = isset($_GET['u']) ? intval($_GET['u']) : '??'; -+$quota = isset($_GET['q']) ? intval($_GET['q']) : '??'; -+$width = empty($_GET['w']) ? 100 : min(300, intval($_GET['w'])); -+$height = empty($_GET['h']) ? 14 : min(50, intval($_GET['h'])); -@@ -99 +99 @@ -- } -+ } -@@ -101,2 +101 @@ -- if (strpos($used, '?') !== false || strpos($total, '?') !== false -- && $used != 0) { -+ if (strpos($used, '?') !== false || strpos($total, '?') !== false && $used != 0) { -@@ -104 +103 @@ -- } -+ } -@@ -156 +155 @@ -- // if($quota >= $limit['low']) -+ // if($quota >= $limit['low']) -@@ -166 +165 @@ -- // Print percent in black -+ // Print percent in black -@@ -171,5 +170,5 @@ -- -- // @todo is harcoding GMT necessary? -- header('Expires: ' . gmdate('D, d M Y H:i:s', mktime()+86400) . ' GMT'); -- header('Cache-Control: '); -- header('Pragma: '); -+ -+ // cache for 1 hour -+ $maxage = 3600; -+ header('Expires: ' . gmdate('D, d M Y H:i:s', time()+$maxage). ' GMT'); -+ header('Cache-Control: max-age=' . $maxage); -@@ -181 +180,7 @@ --genQuota($used, $quota, $width, $height); -+if ($width > 1 && $height > 1) { -+ genQuota($used, $quota, $width, $height); -+} -+else { -+ header("HTTP/1.0 404 Not Found"); -+} -+ -@@ -183 +188 @@ --?> -\ No newline at end of file -+?> diff --git a/roundcubemail-0.2-beta-confpath.patch b/roundcubemail-0.2-beta-confpath.patch deleted file mode 100644 index 258ab6e..0000000 --- a/roundcubemail-0.2-beta-confpath.patch +++ /dev/null @@ -1,12 +0,0 @@ ---- program/include/iniset.php 2008-10-09 07:43:13.000000000 -0500 -+++ program/include/iniset.php 2008-10-09 07:43:13.000000000 -0500 -@@ -30,7 +30,8 @@ - define('INSTALL_PATH', dirname($_SERVER['SCRIPT_FILENAME']).'/'); - } - --define('RCMAIL_CONFIG_DIR', INSTALL_PATH . 'config'); -+#define('RCMAIL_CONFIG_DIR', INSTALL_PATH . 'config'); -+define('RCMAIL_CONFIG_DIR', '/etc/roundcubemail'); - - // make sure path_separator is defined - if (!defined('PATH_SEPARATOR')) { diff --git a/roundcubemail-0.2-beta-html2text.patch b/roundcubemail-0.2-beta-html2text.patch deleted file mode 100644 index c927caa..0000000 --- a/roundcubemail-0.2-beta-html2text.patch +++ /dev/null @@ -1,94 +0,0 @@ ---- program/lib/html2text.php.orig 2008-08-30 07:35:36.000000000 -0500 -+++ program/lib/html2text.php 2008-12-12 10:09:19.000000000 -0600 -@@ -152,2 +151,0 @@ -- '/]*>(.*?)<\/h[123]>/ie', // H1 - H3 -- '/]*>(.*?)<\/h[456]>/ie', // H4 - H6 -@@ -156,2 +153,0 @@ -- '/]*>(.*?)<\/b>/ie', // -- '/]*>(.*?)<\/strong>/ie', // -@@ -164,2 +159,0 @@ -- '/]*href=("|\')([^"\']+)\1[^>]*>(.*?)<\/a>/ie', -- // -@@ -170 +163,0 @@ -- '/]*>(.*?)<\/th>/ie', // and -@@ -204,2 +196,0 @@ -- "strtoupper(\"\n\n\\1\n\n\")", // H1 - H3 -- "ucwords(\"\n\n\\1\n\")", // H4 - H6 -@@ -208,2 +198,0 @@ -- 'strtoupper("\\1")', // -- 'strtoupper("\\1")', // -@@ -216,2 +204,0 @@ -- '$this->_build_link_list("\\2", "\\3")', -- // -@@ -222 +208,0 @@ -- "strtoupper(\"\t\t\\1\n\")", // and -@@ -235 +221 @@ -- '�', -+ '£', -@@ -240,0 +227,16 @@ -+ /** -+ * List of preg* regular expression patterns to search for -+ * and replace using callback function. -+ * -+ * @var array $callback_search -+ * @access public -+ */ -+ var $callback_search = array( -+ '/<(h)[123456][^>]*>(.*?)<\/h[123456]>/i', // H1 - H3 -+ '/<(b)[^>]*>(.*?)<\/b>/i', // -+ '/<(strong)[^>]*>(.*?)<\/strong>/i', // -+ '/<(a) [^>]*href=("|\')([^"\']+)\2[^>]*>(.*?)<\/a>/i', -+ // -+ '/<(th)[^>]*>(.*?)<\/th>/i', // and -+ ); -+ -@@ -468 +470,4 @@ -- -+ -+ // Replace known html entities -+ $text = html_entity_decode($text, ENT_COMPAT, 'UTF-8'); -+ -@@ -470,0 +476 @@ -+ $text = preg_replace_callback($this->callback_search, array('html2text', '_preg_callback'), $text); -@@ -546 +552 @@ -- $text = preg_replace('/]*>.*<\/pre>/ismU', '

' . $result . '
', $text); -+ $text = preg_replace('/]*>.*<\/pre>/ismU', '

' . $result . '
', $text, 1); -@@ -548,0 +555,38 @@ -+ -+ /** -+ * Callback function for preg_replace_callback use. -+ * -+ * @param array PREG matches -+ * @return string -+ * @access private -+ */ -+ function _preg_callback($matches) -+ { -+ switch($matches[1]) -+ { -+ case 'b': -+ case 'strong': -+ return $this->_strtoupper($matches[2]); -+ case 'hr': -+ return $this->_strtoupper("\t\t". $matches[2] ."\n"); -+ case 'h': -+ return $this->_strtoupper("\n\n". $matches[2] ."\n\n"); -+ case 'a': -+ return $this->_build_link_list($matches[3], $matches[4]); -+ } -+ } -+ -+ /** -+ * Strtoupper multibyte wrapper function -+ * -+ * @param string -+ * @return string -+ * @access private -+ */ -+ function _strtoupper($str) -+ { -+ if (function_exists('mb_strtoupper')) -+ return mb_strtoupper($str); -+ else -+ return strtoupper($str); -+ } diff --git a/roundcubemail-0.2-stable-pg-mdb2.patch b/roundcubemail-0.2-stable-pg-mdb2.patch deleted file mode 100644 index 2938ce8..0000000 --- a/roundcubemail-0.2-stable-pg-mdb2.patch +++ /dev/null @@ -1,5 +0,0 @@ ---- program/include/rcube_mdb2.php~ 2009-03-30 15:10:59.000000000 -0500 -+++ program/include/rcube_mdb2.php 2009-03-30 15:10:59.000000000 -0500 -@@ -89 +89 @@ -- $db_options['disable_smart_seqname'] = true; -+ #$db_options['disable_smart_seqname'] = true; diff --git a/roundcubemail-0.3.1-CVE-2010-0464.patch b/roundcubemail-0.3.1-CVE-2010-0464.patch deleted file mode 100644 index 37bb9c0..0000000 --- a/roundcubemail-0.3.1-CVE-2010-0464.patch +++ /dev/null @@ -1,17 +0,0 @@ ---- program/include/rcube_html_page.php~ 2009-06-22 11:20:34.000000000 -0500 -+++ program/include/rcube_html_page.php 2010-02-01 12:21:44.000000000 -0600 -@@ -164,7 +164,13 @@ - $__page_header.= ' content="text/html; charset='; - $__page_header.= $this->charset . '" />'."\n"; - } -- -+ // add hint to disable DNS prefetching -+ if (!headers_sent()) { -+ header('X-DNS-Prefetch-Control: off'); -+ } else { -+ $__page_header.= ''."\n"; -+ } -+ - // definition of the code to be placed in the document header and footer - if (is_array($this->script_files['head'])) { - foreach ($this->script_files['head'] as $file) { diff --git a/roundcubemail-0.4.1-pg-mdb2.patch b/roundcubemail-0.4.1-pg-mdb2.patch deleted file mode 100644 index 5d54ada..0000000 --- a/roundcubemail-0.4.1-pg-mdb2.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- program/include/rcube_mdb2.php~ 2010-09-26 06:17:03.000000000 -0500 -+++ program/include/rcube_mdb2.php 2010-10-04 08:32:58.509966177 -0500 -@@ -87,7 +87,7 @@ - 'portability' => MDB2_PORTABILITY_ALL ^ MDB2_PORTABILITY_EMPTY_TO_NULL); - - if ($this->db_provider == 'pgsql') { -- $db_options['disable_smart_seqname'] = true; -+ #$db_options['disable_smart_seqname'] = true; - $db_options['seqname_format'] = '%s'; - } - diff --git a/roundcubemail-0.5.1-CVE-2010-0464.patch b/roundcubemail-0.5.1-CVE-2010-0464.patch deleted file mode 100644 index 6cd2065..0000000 --- a/roundcubemail-0.5.1-CVE-2010-0464.patch +++ /dev/null @@ -1,17 +0,0 @@ ---- program/include/rcube_html_page.php~ 2011-01-29 08:55:12.000000000 -0600 -+++ program/include/rcube_html_page.php 2011-02-10 12:34:16.439813090 -0600 -@@ -192,6 +192,14 @@ - $page_header.= $this->charset . '" />'."\n"; - } - -+ // add hint to disable DNS prefetching -+ if (!headers_sent()) { -+ header('X-DNS-Prefetch-Control: off'); -+ } else { -+ $__page_header.= ''."\n"; -+ } -+ -+ - // definition of the code to be placed in the document header and footer - if (is_array($this->script_files['head'])) { - foreach ($this->script_files['head'] as $file) { diff --git a/roundcubemail-0.7.1-strict.patch b/roundcubemail-0.7.1-strict.patch new file mode 100644 index 0000000..55eca3c --- /dev/null +++ b/roundcubemail-0.7.1-strict.patch @@ -0,0 +1,11 @@ +--- program/include/iniset.php~ 2012-02-16 09:26:48.000000000 -0600 ++++ program/include/iniset.php 2012-02-16 09:29:20.792947143 -0600 +@@ -66,7 +66,7 @@ + die("Fatal error: ini_set/set_include_path does not work."); + } + +-ini_set('error_reporting', E_ALL&~E_NOTICE); ++ini_set('error_reporting', E_ALL & ~E_NOTICE & ~E_STRICT); + + // increase maximum execution time for php scripts + // (does not work in safe mode) diff --git a/roundcubemail-0.7.2-strict.patch b/roundcubemail-0.7.2-strict.patch new file mode 100644 index 0000000..615a905 --- /dev/null +++ b/roundcubemail-0.7.2-strict.patch @@ -0,0 +1,11 @@ +--- program/include/iniset.php~ 2012-03-12 14:35:39.000000000 -0500 ++++ program/include/iniset.php 2012-03-12 14:39:50.253176744 -0500 +@@ -66,7 +66,7 @@ + die("Fatal error: ini_set/set_include_path does not work."); + } + +-ini_set('error_reporting', E_ALL &~ (E_NOTICE | E_STRICT)); ++ini_set('error_reporting', E_ALL & ~E_NOTICE & ~E_STRICT); + + // increase maximum execution time for php scripts + // (does not work in safe mode) diff --git a/roundcubemail.spec b/roundcubemail.spec index 1d68c44..e47a63c 100644 --- a/roundcubemail.spec +++ b/roundcubemail.spec @@ -1,27 +1,20 @@ %define roundcubedir %{_datadir}/roundcubemail %global _logdir /var/log Name: roundcubemail -Version: 0.5.4 -Release: 3%{?dist} +Version: 0.7.2 +Release: 2%{?dist} Summary: Round Cube Webmail is a browser-based multilingual IMAP client Group: Applications/System License: GPLv2 URL: http://www.roundcube.net -Source0: roundcubemail-%{version}-dep.tar.gz +Source0: http://downloads.sourceforge.net/roundcubemail/roundcubemail-%{version}-dep.tar.gz Source1: roundcubemail.conf Source2: roundcubemail.logrotate Source4: roundcubemail-README.fedora -#Patch0: roundcubemail-0.2-beta-confpath.patch -# From upstream, not in a release yet, BZ 476223. -#Patch1: roundcubemail-0.2-beta-html2text.patch -# From upstream, not in a release yet, BZ 476830. -#Patch2: roundcubemail-0.2-beta-CVE-2008-5620.patch -#Patch3: roundcubemail-0.2-CVE-2009-0413.patch -#Patch4: roundcubemail-0.2-stable-pg-mdb2.patch -Patch5: roundcubemail-0.5.1-CVE-2010-0464.patch +# Non-upstremable: Adjusts config path to Fedora policy Patch6: roundcubemail-0.4.1-confpath.patch -Patch7: roundcubemail-0.4.1-pg-mdb2.patch +Patch7: roundcubemail-0.7.2-strict.patch BuildArch: noarch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root%(%{__id_u} -n) @@ -52,12 +45,6 @@ interface is fully skinnable using XHTML and CSS 2. %prep %setup -q -n roundcubemail-%{version}-dep -#%patch0 -p0 -#%patch1 -p0 -#%patch2 -p0 -#%patch3 -p0 -#%patch4 -p0 -%patch5 -p0 %patch6 -p0 %patch7 -p0 @@ -151,11 +138,32 @@ exit 0 %config(noreplace) %{_sysconfdir}/logrotate.d/roundcubemail %changelog -* Fri Mar 23 2012 Jon Ciesla - 0.5.4-3 -- Revert logrotate fix. +* Mon Mar 12 2012 Jon Ciesla - 0.7.2-2 +- Rediffed strict patch. -* Fri Mar 02 2012 Jon Ciesla - 0.5.4-2 -- Fix logrotate, BZ 753983. +* Mon Mar 12 2012 Adam Williamson - 0.7.2-1 +- new upstream release 0.7.2 + +* Thu Feb 16 2012 Jon Ciesla - 0.7.1-2 +- Fix logrotate, BZ 789552. +- Modify error logging for strict, BZ 789576. + +* Wed Feb 1 2012 Adam Williamson - 0.7.1-1 +- new upstream release + +* Sat Jan 14 2012 Fedora Release Engineering - 0.7-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Wed Dec 14 2011 Adam Williamson - 0.7-1 +- new upstream release +- drop all patches except confpath.patch: + + html2text.patch and all CVE fixes were merged upstream + + pg-mdb2.patch no longer necessary as all currently supported + Fedora releases have a php-pear-MDB2-Driver-pgsql package new + enough to work with this option + +* Fri Oct 07 2011 Jon Ciesla = 0.6-1 +- New upstream. * Tue Sep 06 2011 Jon Ciesla = 0.5.4-1 - New upstream, fixes multiple security issues. diff --git a/sources b/sources index 0d4b6f7..a252c10 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -38fe28ccdb34a8e88ac27021c018b490 roundcubemail-0.5.4-dep.tar.gz +2b77fe823de00a7ebd85b8919e40d78d roundcubemail-0.7.2-dep.tar.gz