Projects
Kolab:Winterfell
roundcubemail
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Expand all
Collapse all
Changes of Revision 93
View file
roundcubemail.spec
Changed
@@ -49,7 +49,7 @@ Name: roundcubemail Version: 1.3.4 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Round Cube Webmail is a browser-based multilingual IMAP client @@ -70,6 +70,19 @@ Patch201: default-configuration.patch +Patch0001: 0001-Validate-ACL-identifiers.patch +Patch0002: 0002-Fix-PHP-7.2-warning-count-Parameter-must-be-an-array.patch +Patch0003: 0003-Fix-bug-where-text-syntax-was-forced-for-strings-lon.patch +Patch0004: 0004-Fix-seteditraw-classic-save-button-6164.patch +Patch0005: 0005-Update-changelog.patch +Patch0006: 0006-Fix-duplicated-labels-in-Test-SMTP-Config-section-61.patch +Patch0007: 0007-Fix-PHP-Warning-exif_read_data-.-Illegal-IFD-size-61.patch +Patch0008: 0008-Enigma-Fix-key-generation-in-Safari-by-upgrade-to-Op.patch +Patch0009: 0009-Fix-bug-in-remote-content-blocking-on-HTML-image-and.patch +Patch0010: 0010-Change-wording.patch +Patch0011: 0011-Remove-redundant-trim.patch +Patch0012: 0012-Update-composer-reference-to-endroid-qr-code-6132.patch + BuildArch: noarch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root%(%{__id_u} -n) @@ -1068,6 +1081,18 @@ %endif %patch201 -p1 +%patch0001 -p1 +%patch0002 -p1 +%patch0003 -p1 +%patch0004 -p1 +%patch0005 -p1 +%patch0006 -p1 +%patch0007 -p1 +%patch0008 -p1 +%patch0009 -p1 +%patch0010 -p1 +%patch0011 -p1 +%patch0012 -p1 # Remove the results of patching when there's an incidental offset find . -type f -name "*.orig" -delete @@ -2855,6 +2880,9 @@ %defattr(-,root,root,-) %changelog +* Wed Feb 28 2018 Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com> - 1.3.4-2 +- Check in 12 revisions ahead of 1.3.4 release + * Sun Feb 11 2018 Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com> - 1.3.4-1 - Check in upstream 1.3.4 release
View file
0001-Validate-ACL-identifiers.patch
Added
@@ -0,0 +1,31 @@ +From a4de40566deddbedf0b7eba00e7665a8723bc9b2 Mon Sep 17 00:00:00 2001 +From: Aleksander Machniak <alec@alec.pl> +Date: Tue, 16 Jan 2018 16:17:16 +0100 +Subject: [PATCH 01/12] Validate ACL identifiers + +... e.g. to prevent cyrus imap issues +--- + plugins/acl/acl.php | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/plugins/acl/acl.php b/plugins/acl/acl.php +index 31cb514f6..9a015956d 100644 +--- a/plugins/acl/acl.php ++++ b/plugins/acl/acl.php +@@ -494,6 +494,13 @@ class acl extends rcube_plugin + if (!strpos($user, '@') && ($realm = $this->get_realm())) { + $user .= '@' . rcube_utils::idn_to_ascii(preg_replace('/^@/', '', $realm)); + } ++ ++ // Make sure it's valid email address to prevent from "disappearing folder" ++ // issue in Cyrus IMAP e.g. when the acl user identifier contains spaces inside. ++ if (strpos($user, '@') && !rcube_utils::check_email($user, false)) { ++ $user = null; ++ } ++ + $username = $user; + } + +-- +2.14.3 +
View file
0002-Fix-PHP-7.2-warning-count-Parameter-must-be-an-array.patch
Added
@@ -0,0 +1,26 @@ +From 78d896d469c00f2aa2c16b39176c4b67c42d58db Mon Sep 17 00:00:00 2001 +From: Aleksander Machniak <alec@alec.pl> +Date: Mon, 22 Jan 2018 08:22:32 +0100 +Subject: [PATCH 02/12] Fix PHP 7.2 warning: count(): Parameter must be an + array or an object that implements Countable + +--- + program/steps/mail/sendmail.inc | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/program/steps/mail/sendmail.inc b/program/steps/mail/sendmail.inc +index 93483cd66..dad9a9795 100644 +--- a/program/steps/mail/sendmail.inc ++++ b/program/steps/mail/sendmail.inc +@@ -889,7 +889,7 @@ function rcmail_email_input_format($mailto, $count=false, $check=true) + else if (preg_match('/<*'.$email_regexp.'>*$/', $item, $matches)) { + $address = $matches[0]; + $name = trim(str_replace($address, '', $item)); +- if ($name[0] == '"' && $name[count($name)-1] == '"') { ++ if ($name[0] == '"' && $name[strlen($name)-1] == '"') { + $name = substr($name, 1, -1); + } + $name = stripcslashes($name); +-- +2.14.3 +
View file
0003-Fix-bug-where-text-syntax-was-forced-for-strings-lon.patch
Added
@@ -0,0 +1,80 @@ +From 369fedf3139b290df6b187dd7800ef4d11327469 Mon Sep 17 00:00:00 2001 +From: Aleksander Machniak <alec@alec.pl> +Date: Wed, 24 Jan 2018 14:50:29 +0100 +Subject: [PATCH 03/12] Fix bug where text: syntax was forced for strings + longer than 1024 characters (#6143) + +--- + CHANGELOG | 2 ++ + plugins/managesieve/Changelog | 1 + + plugins/managesieve/lib/Roundcube/rcube_sieve_script.php | 2 +- + plugins/managesieve/tests/src/parser | 6 ++++++ + plugins/managesieve/tests/src/parser.out | 6 ++++++ + 5 files changed, 16 insertions(+), 1 deletion(-) + +diff --git a/CHANGELOG b/CHANGELOG +index c261d8a85..386bccce6 100644 +--- a/CHANGELOG ++++ b/CHANGELOG +@@ -1,6 +1,8 @@ + CHANGELOG Roundcube Webmail + =========================== + ++- Managesieve: Fix bug where text: syntax was forced for strings longer than 1024 characters (#6143) ++ + RELEASE 1.3.4 + ------------- + - Fix bug where contacts search could skip some records (#6130) +diff --git a/plugins/managesieve/Changelog b/plugins/managesieve/Changelog +index 5a61f3d36..39276ce94 100644 +--- a/plugins/managesieve/Changelog ++++ b/plugins/managesieve/Changelog +@@ -1,3 +1,4 @@ ++- Fix bug where text: syntax was forced for strings longer than 1024 characters (#6143) + - Fix parsing dot-staffed lines in multiline text (#5838) + - Fix AM/PM suffix in vacation time selectors + - Fix bug where 'exists' operator was reset to 'contains' (#5899) +diff --git a/plugins/managesieve/lib/Roundcube/rcube_sieve_script.php b/plugins/managesieve/lib/Roundcube/rcube_sieve_script.php +index 228213bee..0e49c98f5 100644 +--- a/plugins/managesieve/lib/Roundcube/rcube_sieve_script.php ++++ b/plugins/managesieve/lib/Roundcube/rcube_sieve_script.php +@@ -1100,7 +1100,7 @@ class rcube_sieve_script + } + + // multi-line string +- if (preg_match('/[\r\n\0]/', $str) || strlen($str) > 1024) { ++ if (preg_match('/[\r\n\0]/', $str)) { + return sprintf("text:\n%s\n.\n", self::escape_multiline_string($str)); + } + // quoted-string +diff --git a/plugins/managesieve/tests/src/parser b/plugins/managesieve/tests/src/parser +index c99b49814..0e2cef218 100644 +--- a/plugins/managesieve/tests/src/parser ++++ b/plugins/managesieve/tests/src/parser +@@ -50,3 +50,9 @@ if envelope :domain :is "From" "domain.tld" + fileinto "domain.tld"; + stop; + } ++# rule:[do not wrap long lines] ++if envelope :domain :is "From" "1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890" ++{ ++ fileinto "domain.tld"; ++ stop; ++} +diff --git a/plugins/managesieve/tests/src/parser.out b/plugins/managesieve/tests/src/parser.out +index 796343d4a..45712d036 100644 +--- a/plugins/managesieve/tests/src/parser.out ++++ b/plugins/managesieve/tests/src/parser.out +@@ -50,3 +50,9 @@ if envelope :domain :is "From" "domain.tld" + fileinto "domain.tld"; + stop; + } ++# rule:[do not wrap long lines] ++if envelope :domain :is "From" "1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890" ++{ ++ fileinto "domain.tld"; ++ stop; ++} +-- +2.14.3 +
View file
0004-Fix-seteditraw-classic-save-button-6164.patch
Added
@@ -0,0 +1,31 @@ +From db83952247eb5cb9cc880d0c950c17c72c2368af Mon Sep 17 00:00:00 2001 +From: Jan Ehrhardt <github@ehrhardt.nl> +Date: Sun, 11 Feb 2018 11:39:59 +0100 +Subject: [PATCH 04/12] Fix seteditraw classic save button (#6164) + +Fixes https://github.com/roundcube/roundcubemail/issues/6154 +--- + plugins/managesieve/skins/classic/templates/seteditraw.html | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/plugins/managesieve/skins/classic/templates/seteditraw.html b/plugins/managesieve/skins/classic/templates/seteditraw.html +index eda50d75e..8ee656bba 100644 +--- a/plugins/managesieve/skins/classic/templates/seteditraw.html ++++ b/plugins/managesieve/skins/classic/templates/seteditraw.html +@@ -11,9 +11,11 @@ + <div id="filter-form" class="boxcontent"> + <roundcube:object name="filterseteditraw" /> + +-<p> ++<div id="footer"> ++<div class="footerleft formbuttons"> + <roundcube:button command="plugin.managesieve-save" type="input" class="button mainaction" label="save" /> +-</p> ++</div> ++</div> + + </form> + </div> +-- +2.14.3 +
View file
0005-Update-changelog.patch
Added
@@ -0,0 +1,35 @@ +From 96cee7cd92888aec1df2fa3a7d607f16e4aa23a4 Mon Sep 17 00:00:00 2001 +From: Aleksander Machniak <alec@alec.pl> +Date: Sun, 11 Feb 2018 11:42:42 +0100 +Subject: [PATCH 05/12] Update changelog + +--- + CHANGELOG | 1 + + plugins/managesieve/Changelog | 1 + + 2 files changed, 2 insertions(+) + +diff --git a/CHANGELOG b/CHANGELOG +index 386bccce6..c04208d56 100644 +--- a/CHANGELOG ++++ b/CHANGELOG +@@ -2,6 +2,7 @@ CHANGELOG Roundcube Webmail + =========================== + + - Managesieve: Fix bug where text: syntax was forced for strings longer than 1024 characters (#6143) ++- Managesieve: Fix missing Save button in Edit Filter Set page of Classic skin (#6154) + + RELEASE 1.3.4 + ------------- +diff --git a/plugins/managesieve/Changelog b/plugins/managesieve/Changelog +index 39276ce94..5d4069530 100644 +--- a/plugins/managesieve/Changelog ++++ b/plugins/managesieve/Changelog +@@ -1,4 +1,5 @@ + - Fix bug where text: syntax was forced for strings longer than 1024 characters (#6143) ++- Fix missing Save button in Edit Filter Set page of Classic skin (#6154) + - Fix parsing dot-staffed lines in multiline text (#5838) + - Fix AM/PM suffix in vacation time selectors + - Fix bug where 'exists' operator was reset to 'contains' (#5899) +-- +2.14.3 +
View file
0006-Fix-duplicated-labels-in-Test-SMTP-Config-section-61.patch
Added
@@ -0,0 +1,44 @@ +From 2240d43985c634db022d7d381b55fb9bb3a53f3d Mon Sep 17 00:00:00 2001 +From: Aleksander Machniak <alec@alec.pl> +Date: Sun, 11 Feb 2018 18:05:26 +0100 +Subject: [PATCH 06/12] Fix duplicated labels in Test SMTP Config section + (#6166) + +--- + CHANGELOG | 1 + + installer/test.php | 4 ++-- + 2 files changed, 3 insertions(+), 2 deletions(-) + +diff --git a/CHANGELOG b/CHANGELOG +index c04208d56..bdd920d42 100644 +--- a/CHANGELOG ++++ b/CHANGELOG +@@ -3,6 +3,7 @@ CHANGELOG Roundcube Webmail + + - Managesieve: Fix bug where text: syntax was forced for strings longer than 1024 characters (#6143) + - Managesieve: Fix missing Save button in Edit Filter Set page of Classic skin (#6154) ++- Fix duplicated labels in Test SMTP Config section (#6166) + + RELEASE 1.3.4 + ------------- +diff --git a/installer/test.php b/installer/test.php +index f3f36c85e..735e1f2c0 100644 +--- a/installer/test.php ++++ b/installer/test.php +@@ -268,11 +268,11 @@ if ($pass == '%p') { + <td><?php echo $RCI->getprop('smtp_port'); ?></td> + </tr> + <tr> +- <td><label for="smtp_user">Sender</label></td> ++ <td><label for="smtp_user">Username</label></td> + <td><?php echo $user; ?></td> + </tr> + <tr> +- <td><label for="smtp_pass">Recipient</label></td> ++ <td><label for="smtp_pass">Password</label></td> + <td><?php echo $pass; ?></td> + </tr> + </tbody> +-- +2.14.3 +
View file
0007-Fix-PHP-Warning-exif_read_data-.-Illegal-IFD-size-61.patch
Added
@@ -0,0 +1,42 @@ +From 96f792c1f21a30cf25deb923f97b3e7f6e1c32e5 Mon Sep 17 00:00:00 2001 +From: Aleksander Machniak <alec@alec.pl> +Date: Mon, 12 Feb 2018 15:48:23 +0100 +Subject: [PATCH 07/12] Fix PHP Warning: exif_read_data(...): Illegal IFD size + (#6169) + +--- + CHANGELOG | 1 + + program/lib/Roundcube/rcube_image.php | 4 ++-- + 2 files changed, 3 insertions(+), 2 deletions(-) + +diff --git a/CHANGELOG b/CHANGELOG +index bdd920d42..5ec4c279b 100644 +--- a/CHANGELOG ++++ b/CHANGELOG +@@ -4,6 +4,7 @@ CHANGELOG Roundcube Webmail + - Managesieve: Fix bug where text: syntax was forced for strings longer than 1024 characters (#6143) + - Managesieve: Fix missing Save button in Edit Filter Set page of Classic skin (#6154) + - Fix duplicated labels in Test SMTP Config section (#6166) ++- Fix PHP Warning: exif_read_data(...): Illegal IFD size (#6169) + + RELEASE 1.3.4 + ------------- +diff --git a/program/lib/Roundcube/rcube_image.php b/program/lib/Roundcube/rcube_image.php +index 9f442f90a..479cbb6e0 100644 +--- a/program/lib/Roundcube/rcube_image.php ++++ b/program/lib/Roundcube/rcube_image.php +@@ -256,9 +256,9 @@ class rcube_image + imagecopyresampled($new_image, $image, 0, 0, 0, 0, $width, $height, $props['width'], $props['height']); + $image = $new_image; + +- // fix rotation of image if EXIF data exists and specifies rotation (GD strips the EXIF data) ++ // fix orientation of image if EXIF data exists and specifies orientation (GD strips the EXIF data) + if ($this->image_file && $type == 'jpg' && function_exists('exif_read_data')) { +- $exif = exif_read_data($this->image_file); ++ $exif = @exif_read_data($this->image_file); + if ($exif && $exif['Orientation']) { + switch ($exif['Orientation']) { + case 3: +-- +2.14.3 +
View file
0008-Enigma-Fix-key-generation-in-Safari-by-upgrade-to-Op.patch
Added
@@ -0,0 +1,99 @@ +From fb791f3302820cc6b3c127b08925b56ab7c50e60 Mon Sep 17 00:00:00 2001 +From: Aleksander Machniak <alec@alec.pl> +Date: Mon, 12 Feb 2018 16:46:25 +0100 +Subject: [PATCH 08/12] Enigma: Fix key generation in Safari by upgrade to + OpenPGP 2.6.2 (#6149) + +--- + CHANGELOG | 1 + + jsdeps.json | 8 ++++---- + plugins/enigma/enigma.js | 7 ++++--- + plugins/enigma/lib/enigma_ui.php | 3 ++- + 4 files changed, 11 insertions(+), 8 deletions(-) + +diff --git a/CHANGELOG b/CHANGELOG +index 5ec4c279b..0872463d9 100644 +--- a/CHANGELOG ++++ b/CHANGELOG +@@ -5,6 +5,7 @@ CHANGELOG Roundcube Webmail + - Managesieve: Fix missing Save button in Edit Filter Set page of Classic skin (#6154) + - Fix duplicated labels in Test SMTP Config section (#6166) + - Fix PHP Warning: exif_read_data(...): Illegal IFD size (#6169) ++- Enigma: Fix key generation in Safari by upgrade to OpenPGP 2.6.2 (#6149) + + RELEASE 1.3.4 + ------------- +diff --git a/jsdeps.json b/jsdeps.json +index 12a6fe7cc..eca883e1d 100644 +--- a/jsdeps.json ++++ b/jsdeps.json +@@ -62,13 +62,13 @@ + { + "lib": "openpgp", + "name": "OpenPGP.js", +- "version": "1.6.2", +- "url": "https://raw.githubusercontent.com/openpgpjs/openpgpjs/v1.6.2/dist/openpgp.min.js", ++ "version": "2.6.2", ++ "url": "https://raw.githubusercontent.com/openpgpjs/openpgpjs/v2.6.2/dist/openpgp.min.js", + "dest": "plugins/enigma/openpgp.min.js", +- "sha1": "de75af6883019f490f69211e506377c84f49a85b", ++ "sha1": "cce0087eb20328453b9378a2b01cc6339cef97b2", + "license": "LGPL", + "copyright": "Copyright (c) OpenPGP Development Team", +- "source": "https://github.com/openpgpjs/openpgpjs/blob/v1.6.2/dist/openpgp.js" ++ "source": "https://github.com/openpgpjs/openpgpjs/blob/v2.6.2/dist/openpgp.js" + }, + { + "lib": "codemirror", +diff --git a/plugins/enigma/enigma.js b/plugins/enigma/enigma.js +index 80759a664..7cdd022f4 100644 +--- a/plugins/enigma/enigma.js ++++ b/plugins/enigma/enigma.js +@@ -99,7 +99,7 @@ rcube_webmail.prototype.enigma_key_create_save = function() + size = $('#key-size').val(); + + $('[name="identity[]"]:checked').each(function() { +- users.push(this.value); ++ users.push({name: $(this).data('name') || '', email: $(this).data('email')}); + }); + + // validate the form +@@ -118,11 +118,11 @@ rcube_webmail.prototype.enigma_key_create_save = function() + lock = this.set_busy(true, 'enigma.keygenerating'); + options = { + numBits: size, +- userId: users, ++ userIds: users, + passphrase: password + }; + +- openpgp.generateKeyPair(options).then(function(keypair) { ++ openpgp.generateKey(options).then(function(keypair) { + // success + var post = {_a: 'import', _keys: keypair.privateKeyArmored, _generated: 1, + _passwd: password, _keyid: keypair.key.primaryKey.fingerprint}; +@@ -131,6 +131,7 @@ rcube_webmail.prototype.enigma_key_create_save = function() + rcmail.http_post('plugin.enigmakeys', post, lock); + }, function(error) { + // failure ++ console.error(error); + rcmail.set_busy(false, null, lock); + rcmail.display_message(rcmail.get_label('enigma.keygenerateerror'), 'error'); + }); +diff --git a/plugins/enigma/lib/enigma_ui.php b/plugins/enigma/lib/enigma_ui.php +index a9036522f..92b1e42d8 100644 +--- a/plugins/enigma/lib/enigma_ui.php ++++ b/plugins/enigma/lib/enigma_ui.php +@@ -723,7 +723,8 @@ class enigma_ui + $checkbox = new html_checkbox(array('name' => 'identity[]')); + foreach ((array) $identities as $idx => $ident) { + $name = empty($ident['name']) ? ($ident['email']) : $ident['ident']; +- $identities[$idx] = html::label(null, $checkbox->show($name, array('value' => $name)) . rcube::Q($name)); ++ $attr = array('value' => $idx, 'data-name' => $ident['name'], 'data-email' => $ident['email']); ++ $identities[$idx] = html::label(null, $checkbox->show($idx, $attr) . rcube::Q($name)); + } + + $table->add('title', html::label('key-name', rcube::Q($this->enigma->gettext('newkeyident')))); +-- +2.14.3 +
View file
0009-Fix-bug-in-remote-content-blocking-on-HTML-image-and.patch
Added
@@ -0,0 +1,73 @@ +From 24dcdb54141e65f3672d459431fcf612efd68af3 Mon Sep 17 00:00:00 2001 +From: Aleksander Machniak <alec@alec.pl> +Date: Wed, 14 Feb 2018 20:19:32 +0100 +Subject: [PATCH 09/12] Fix bug in remote content blocking on HTML image and + style tags (#6178) + +--- + CHANGELOG | 1 + + program/lib/Roundcube/rcube_utils.php | 4 ++-- + program/lib/Roundcube/rcube_washtml.php | 2 +- + tests/Framework/Utils.php | 3 +++ + 4 files changed, 7 insertions(+), 3 deletions(-) + +diff --git a/CHANGELOG b/CHANGELOG +index 0872463d9..55a45a74a 100644 +--- a/CHANGELOG ++++ b/CHANGELOG +@@ -6,6 +6,7 @@ CHANGELOG Roundcube Webmail + - Fix duplicated labels in Test SMTP Config section (#6166) + - Fix PHP Warning: exif_read_data(...): Illegal IFD size (#6169) + - Enigma: Fix key generation in Safari by upgrade to OpenPGP 2.6.2 (#6149) ++- Fix bug in remote content blocking on HTML image and style tags (#6178) + + RELEASE 1.3.4 + ------------- +diff --git a/program/lib/Roundcube/rcube_utils.php b/program/lib/Roundcube/rcube_utils.php +index ad0a6b05d..ff7d327b0 100644 +--- a/program/lib/Roundcube/rcube_utils.php ++++ b/program/lib/Roundcube/rcube_utils.php +@@ -496,11 +496,11 @@ class rcube_utils + */ + public static function xss_entity_decode($content) + { +- $callback = function($matches) { return chr(hexdec($matches[1])); }; ++ $callback = function($matches) { return chr(hexdec(trim($matches[1]))); }; + + $out = html_entity_decode(html_entity_decode($content)); + $out = trim(preg_replace('/(^<!--|-->$)/', '', trim($out))); +- $out = preg_replace_callback('/\\\([0-9a-f]{4})/i', $callback, $out); ++ $out = preg_replace_callback('/\\\([0-9a-f]{2,4})\s*/i', $callback, $out); + $out = preg_replace('#/\*.*\*/#Ums', '', $out); + $out = strip_tags($out); + +diff --git a/program/lib/Roundcube/rcube_washtml.php b/program/lib/Roundcube/rcube_washtml.php +index 0880764a0..ac1af74ef 100644 +--- a/program/lib/Roundcube/rcube_washtml.php ++++ b/program/lib/Roundcube/rcube_washtml.php +@@ -408,7 +408,7 @@ class rcube_washtml + return $attr == 'background' + || $attr == 'color-profile' // SVG + || ($attr == 'poster' && $tag == 'video') +- || ($attr == 'src' && preg_match('/^(img|source|input|video|audio)$/i', $tag)) ++ || ($attr == 'src' && preg_match('/^(img|image|source|input|video|audio)$/i', $tag)) + || ($tag == 'image' && $attr == 'href'); // SVG + } + +diff --git a/tests/Framework/Utils.php b/tests/Framework/Utils.php +index 2a5c090d9..599ffedc2 100644 +--- a/tests/Framework/Utils.php ++++ b/tests/Framework/Utils.php +@@ -206,6 +206,9 @@ class Framework_Utils extends PHPUnit_Framework_TestCase + $mod = rcube_utils::mod_css_styles("background:\\0075\\0072\\006c( javascript:alert('xss') )", 'rcmbody'); + $this->assertEquals("/* evil! */", $mod, "Don't allow encoding quirks (2)"); + ++ $mod = rcube_utils::mod_css_styles("background: \\75 \\72 \\6C ('/images/img.png')", 'rcmbody'); ++ $this->assertEquals("/* evil! */", $mod, "Don't allow encoding quirks (3)"); ++ + // position: fixed (#5264) + $mod = rcube_utils::mod_css_styles(".test { position: fixed; }", 'rcmbody'); + $this->assertEquals("#rcmbody .test { position: absolute; }", $mod, "Replace position:fixed with position:absolute (0)"); +-- +2.14.3 +
View file
0010-Change-wording.patch
Added
@@ -0,0 +1,25 @@ +From 39146a90bce9002d6131ba26c335f6efeae7c43d Mon Sep 17 00:00:00 2001 +From: Aleksander Machniak <alec@alec.pl> +Date: Thu, 15 Feb 2018 08:37:58 +0100 +Subject: [PATCH 10/12] Change wording + +--- + CHANGELOG | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/CHANGELOG b/CHANGELOG +index 55a45a74a..aac6d58b8 100644 +--- a/CHANGELOG ++++ b/CHANGELOG +@@ -6,7 +6,7 @@ CHANGELOG Roundcube Webmail + - Fix duplicated labels in Test SMTP Config section (#6166) + - Fix PHP Warning: exif_read_data(...): Illegal IFD size (#6169) + - Enigma: Fix key generation in Safari by upgrade to OpenPGP 2.6.2 (#6149) +-- Fix bug in remote content blocking on HTML image and style tags (#6178) ++- Fix security issue in remote content blocking on HTML image and style tags (#6178) + + RELEASE 1.3.4 + ------------- +-- +2.14.3 +
View file
0011-Remove-redundant-trim.patch
Added
@@ -0,0 +1,25 @@ +From b8e51b9d2fa1819409e596e29378be0d20a748d3 Mon Sep 17 00:00:00 2001 +From: Aleksander Machniak <alec@alec.pl> +Date: Thu, 15 Feb 2018 08:59:59 +0100 +Subject: [PATCH 11/12] Remove redundant trim() + +--- + program/lib/Roundcube/rcube_utils.php | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/program/lib/Roundcube/rcube_utils.php b/program/lib/Roundcube/rcube_utils.php +index ff7d327b0..8fe12336c 100644 +--- a/program/lib/Roundcube/rcube_utils.php ++++ b/program/lib/Roundcube/rcube_utils.php +@@ -496,7 +496,7 @@ class rcube_utils + */ + public static function xss_entity_decode($content) + { +- $callback = function($matches) { return chr(hexdec(trim($matches[1]))); }; ++ $callback = function($matches) { return chr(hexdec($matches[1])); }; + + $out = html_entity_decode(html_entity_decode($content)); + $out = trim(preg_replace('/(^<!--|-->$)/', '', trim($out))); +-- +2.14.3 +
View file
0012-Update-composer-reference-to-endroid-qr-code-6132.patch
Added
@@ -0,0 +1,25 @@ +From dda4ec3dcaf0340c2770cad0b14372012957e74d Mon Sep 17 00:00:00 2001 +From: johndoh <roundcube@tehinterweb.co.uk> +Date: Thu, 11 Jan 2018 07:00:23 +0000 +Subject: [PATCH 12/12] Update composer reference to endroid/qr-code (#6132) + +--- + composer.json-dist | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/composer.json-dist b/composer.json-dist +index e29976c52..ad4aed741 100644 +--- a/composer.json-dist ++++ b/composer.json-dist +@@ -23,7 +23,7 @@ + "pear/crypt_gpg": "~1.6.0", + "pear/net_sieve": "~1.4.0", + "roundcube/plugin-installer": "~0.1.6", +- "endroid/qrcode": "~1.6.5" ++ "endroid/qr-code": "~1.6.5" + }, + "require-dev": { + "phpunit/phpunit": "^4.8.36 || ^5.7.15" +-- +2.14.3 +
View file
debian.changelog
Changed
@@ -1,3 +1,9 @@ +roundcubemail (1.3.4-0~kolab2) unstable; urgency=low + + * Check in 12 revisions ahead of upstream 1.3.4 release + + -- Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com> Wed, 28 Feb 2018 11:11:11 +0200 + roundcubemail (1.3.4-0~kolab1) unstable; urgency=low * Check in upstream 1.3.4 release
View file
debian.series
Changed
@@ -1,1 +1,13 @@ default-configuration.patch -p1 +0001-Validate-ACL-identifiers.patch -p1 +0002-Fix-PHP-7.2-warning-count-Parameter-must-be-an-array.patch -p1 +0003-Fix-bug-where-text-syntax-was-forced-for-strings-lon.patch -p1 +0004-Fix-seteditraw-classic-save-button-6164.patch -p1 +0005-Update-changelog.patch -p1 +0006-Fix-duplicated-labels-in-Test-SMTP-Config-section-61.patch -p1 +0007-Fix-PHP-Warning-exif_read_data-.-Illegal-IFD-size-61.patch -p1 +0008-Enigma-Fix-key-generation-in-Safari-by-upgrade-to-Op.patch -p1 +0009-Fix-bug-in-remote-content-blocking-on-HTML-image-and.patch -p1 +0010-Change-wording.patch -p1 +0011-Remove-redundant-trim.patch -p1 +0012-Update-composer-reference-to-endroid-qr-code-6132.patch -p1
View file
plesk.config.inc.php
Changed
@@ -176,4 +176,8 @@ $config['fileapi_manticore'] = false; $config['fileapi_wopi_office'] = false; + if (file_exists(RCUBE_CONFIG_DIR .'/'. $_SERVER['HTTP_HOST'] .'/'. basename(__FILE__))) { + @include_once(RCUBE_CONFIG_DIR .'/'. $_SERVER['HTTP_HOST'] .'/'. basename(__FILE__)); + } + @include('/etc/roundcubemail/licensing.inc.php');
View file
roundcubemail.dsc
Changed
@@ -2,7 +2,7 @@ Source: roundcubemail Binary: roundcubemail Architecture: all -Version: 1:1.3.4-0~kolab1 +Version: 1:1.3.4-0~kolab2 Maintainer: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com> Uploaders: Paul Klos <kolab@klos2day.nl> Homepage: http://www.roundcube.net/
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.