diff options
| -rw-r--r-- | mail-client/roundcube/ChangeLog | 13 | ||||
| -rw-r--r-- | mail-client/roundcube/files/roundcube-0.3.1-disable-dns-prefetching.patch | 40 | ||||
| -rw-r--r-- | mail-client/roundcube/roundcube-0.3.1-r1.ebuild | 69 |
3 files changed, 121 insertions, 1 deletions
diff --git a/mail-client/roundcube/ChangeLog b/mail-client/roundcube/ChangeLog index 4b406054773d..901c88e13218 100644 --- a/mail-client/roundcube/ChangeLog +++ b/mail-client/roundcube/ChangeLog @@ -1,6 +1,17 @@ # ChangeLog for mail-client/roundcube # Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/mail-client/roundcube/ChangeLog,v 1.23 2010/08/12 08:09:16 a3li Exp $ +# $Header: /var/cvsroot/gentoo-x86/mail-client/roundcube/ChangeLog,v 1.24 2010/09/28 05:30:26 radhermit Exp $ + +*roundcube-0.3.1-r1 (28 Sep 2010) + + 28 Sep 2010; Tim Harder <radhermit@gentoo.org> +roundcube-0.3.1-r1.ebuild, + +files/roundcube-0.3.1-disable-dns-prefetching.patch: + Revision bump to install .htaccess file (fixes bug #292692, thanks to + Richard Scott for reporting), apply patch to fix security bug #308065 + (CVE-2010-0464), fix USE flag dependencies with dev-lang/php-5.3* (fixes + bug #328231, thanks to Charlie Gehlin for reporting), and install config + files so the web-based installer works (fixes bug #329565, thanks to + Andrey Yurchuk for reporting). 12 Aug 2010; Alex Legler <a3li@gentoo.org> -roundcube-0.3.ebuild, +roundcube-0.3.1.ebuild: diff --git a/mail-client/roundcube/files/roundcube-0.3.1-disable-dns-prefetching.patch b/mail-client/roundcube/files/roundcube-0.3.1-disable-dns-prefetching.patch new file mode 100644 index 000000000000..0ec3c77b706e --- /dev/null +++ b/mail-client/roundcube/files/roundcube-0.3.1-disable-dns-prefetching.patch @@ -0,0 +1,40 @@ +--- roundcubemail-0.3.1.orig/CHANGELOG 2009-10-31 08:20:02.000000000 -0500 ++++ roundcubemail-0.3.1/CHANGELOG 2010-09-27 23:58:39.540056153 -0500 +@@ -1,6 +1,7 @@ + CHANGELOG RoundCube Webmail + =========================== + ++- Fix CVE-2010-0464: Disable DNS prefetching (#1486449)
+ - Specify toolbar container in compose template (#1486247) + - Fix $_SERVER['HTTPS'] check for SSL forcing on IIS (#1486243) + - Avoid unnecessary page loads for selected tab (#1486032) +--- roundcubemail-0.3.1.orig/program/include/rcube_shared.inc 2009-10-27 04:43:39.000000000 -0500 ++++ roundcubemail-0.3.1/program/include/rcube_shared.inc 2010-09-27 23:58:39.541053001 -0500 +@@ -39,6 +39,8 @@ + header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT"); + header("Cache-Control: private, must-revalidate, post-check=0, pre-check=0"); + header("Pragma: no-cache"); ++ // Request browser to disable DNS prefetching (CVE-2010-0464)
++ header("X-DNS-Prefetch-Control: off");
+ + // We need to set the following headers to make downloads work using IE in HTTPS mode. + if (rcube_https_check()) { +--- roundcubemail-0.3.1.orig/program/steps/mail/get.inc 2009-09-22 02:50:32.000000000 -0500 ++++ roundcubemail-0.3.1/program/steps/mail/get.inc 2010-09-28 00:00:16.001053823 -0500 +@@ -41,6 +41,7 @@ + $MESSAGE = new rcube_message(get_input_value('_uid', RCUBE_INPUT_GET)); + } + ++send_nocacheing_headers();
+ + // show part page + if (!empty($_GET['_frame'])) { +@@ -66,8 +67,6 @@ + + $browser = new rcube_browser; + +- send_nocacheing_headers(); +- + // send download headers + if ($_GET['_download']) { + header("Content-Type: application/octet-stream"); diff --git a/mail-client/roundcube/roundcube-0.3.1-r1.ebuild b/mail-client/roundcube/roundcube-0.3.1-r1.ebuild new file mode 100644 index 000000000000..778d8b875ed5 --- /dev/null +++ b/mail-client/roundcube/roundcube-0.3.1-r1.ebuild @@ -0,0 +1,69 @@ +# Copyright 1999-2010 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/mail-client/roundcube/roundcube-0.3.1-r1.ebuild,v 1.1 2010/09/28 05:30:26 radhermit Exp $ + +EAPI="2" + +MY_PN="${PN}mail" +MY_P="${MY_PN}-${PV}" + +inherit webapp depend.php depend.apache + +DESCRIPTION="A browser-based multilingual IMAP client with an application-like user interface" +HOMEPAGE="http://roundcube.net" +SRC_URI="mirror://sourceforge/${MY_PN}/${MY_P}.tar.gz" + +# roundcube is GPL-licensed, the rest of the licenses here are +# for bundled PEAR components, googiespell and utf8.class.php +LICENSE="GPL-2 BSD PHP-2.02 PHP-3 MIT public-domain" +KEYWORDS="~amd64 ~arm ~ppc ~ppc64 ~sparc ~x86" +IUSE="ldap mysql postgres ssl spell" + +DEPEND="" +RDEPEND="|| ( <dev-lang/php-5.3[crypt,iconv,ldap?,pcre,postgres?,session,spl,ssl?,unicode] + >=dev-lang/php-5.3[crypt,iconv,ldap?,postgres?,session,ssl?,unicode] ) + !postgres? ( !mysql? ( dev-lang/php[sqlite] ) ) + spell? ( dev-lang/php[curl,spell] ) + dev-php/PEAR-PEAR" + +need_httpd_cgi +need_php_httpd + +S=${WORKDIR}/${MY_P} + +pkg_setup() { + use mysql && require_php_with_any_use mysql mysqli + + # add some warnings about optional functionality + if ! PHPCHECKNODIE="yes" require_php_with_any_use gd gd-external; then + ewarn "IMAP quota display will not work correctly without GD support in PHP." + ewarn "Recompile PHP with either gd or gd-external in USE if you want this feature." + ewarn + fi + + webapp_pkg_setup +} + +src_prepare() { + epatch "${FILESDIR}"/${P}-disable-dns-prefetching.patch + + cp config/db.inc.php{.dist,} + cp config/main.inc.php{.dist,} +} + +src_install () { + webapp_src_preinst + dodoc CHANGELOG INSTALL README UPGRADING + + insinto "${MY_HTDOCSDIR}" + doins -r [[:lower:]]* SQL + doins .htaccess + + webapp_serverowned "${MY_HTDOCSDIR}"/logs + webapp_serverowned "${MY_HTDOCSDIR}"/temp + + webapp_configfile "${MY_HTDOCSDIR}"/config/{db,main}.inc.php + webapp_postinst_txt en "${FILESDIR}"/postinstall-en.txt + webapp_postupgrade_txt en UPGRADING + webapp_src_install +} |