diff options
Diffstat (limited to 'mail-client/roundcube')
-rw-r--r-- | mail-client/roundcube/ChangeLog | 7 | ||||
-rw-r--r-- | mail-client/roundcube/files/roundcube-0.3.1-disable-dns-prefetching.patch | 40 | ||||
-rw-r--r-- | mail-client/roundcube/roundcube-0.3.1-r1.ebuild | 69 | ||||
-rw-r--r-- | mail-client/roundcube/roundcube-0.3.1.ebuild | 66 |
4 files changed, 6 insertions, 176 deletions
diff --git a/mail-client/roundcube/ChangeLog b/mail-client/roundcube/ChangeLog index 0d4f7a60b3be..0c4692c050c2 100644 --- a/mail-client/roundcube/ChangeLog +++ b/mail-client/roundcube/ChangeLog @@ -1,6 +1,11 @@ # ChangeLog for mail-client/roundcube # Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/mail-client/roundcube/ChangeLog,v 1.32 2010/10/10 20:51:04 maekke Exp $ +# $Header: /var/cvsroot/gentoo-x86/mail-client/roundcube/ChangeLog,v 1.33 2010/10/11 00:55:50 radhermit Exp $ + + 11 Oct 2010; Tim Harder <radhermit@gentoo.org> -roundcube-0.3.1.ebuild, + -roundcube-0.3.1-r1.ebuild, + -files/roundcube-0.3.1-disable-dns-prefetching.patch: + Remove old versions with security issues (bug #308065). 10 Oct 2010; Markus Meier <maekke@gentoo.org> roundcube-0.4.ebuild: arm stable, bug #308065 diff --git a/mail-client/roundcube/files/roundcube-0.3.1-disable-dns-prefetching.patch b/mail-client/roundcube/files/roundcube-0.3.1-disable-dns-prefetching.patch deleted file mode 100644 index 0ec3c77b706e..000000000000 --- a/mail-client/roundcube/files/roundcube-0.3.1-disable-dns-prefetching.patch +++ /dev/null @@ -1,40 +0,0 @@ ---- roundcubemail-0.3.1.orig/CHANGELOG 2009-10-31 08:20:02.000000000 -0500 -+++ roundcubemail-0.3.1/CHANGELOG 2010-09-27 23:58:39.540056153 -0500 -@@ -1,6 +1,7 @@ - CHANGELOG RoundCube Webmail - =========================== - -+- Fix CVE-2010-0464: Disable DNS prefetching (#1486449)
- - Specify toolbar container in compose template (#1486247) - - Fix $_SERVER['HTTPS'] check for SSL forcing on IIS (#1486243) - - Avoid unnecessary page loads for selected tab (#1486032) ---- roundcubemail-0.3.1.orig/program/include/rcube_shared.inc 2009-10-27 04:43:39.000000000 -0500 -+++ roundcubemail-0.3.1/program/include/rcube_shared.inc 2010-09-27 23:58:39.541053001 -0500 -@@ -39,6 +39,8 @@ - header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT"); - header("Cache-Control: private, must-revalidate, post-check=0, pre-check=0"); - header("Pragma: no-cache"); -+ // Request browser to disable DNS prefetching (CVE-2010-0464)
-+ header("X-DNS-Prefetch-Control: off");
- - // We need to set the following headers to make downloads work using IE in HTTPS mode. - if (rcube_https_check()) { ---- roundcubemail-0.3.1.orig/program/steps/mail/get.inc 2009-09-22 02:50:32.000000000 -0500 -+++ roundcubemail-0.3.1/program/steps/mail/get.inc 2010-09-28 00:00:16.001053823 -0500 -@@ -41,6 +41,7 @@ - $MESSAGE = new rcube_message(get_input_value('_uid', RCUBE_INPUT_GET)); - } - -+send_nocacheing_headers();
- - // show part page - if (!empty($_GET['_frame'])) { -@@ -66,8 +67,6 @@ - - $browser = new rcube_browser; - -- send_nocacheing_headers(); -- - // send download headers - if ($_GET['_download']) { - header("Content-Type: application/octet-stream"); diff --git a/mail-client/roundcube/roundcube-0.3.1-r1.ebuild b/mail-client/roundcube/roundcube-0.3.1-r1.ebuild deleted file mode 100644 index 778d8b875ed5..000000000000 --- a/mail-client/roundcube/roundcube-0.3.1-r1.ebuild +++ /dev/null @@ -1,69 +0,0 @@ -# Copyright 1999-2010 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/mail-client/roundcube/roundcube-0.3.1-r1.ebuild,v 1.1 2010/09/28 05:30:26 radhermit Exp $ - -EAPI="2" - -MY_PN="${PN}mail" -MY_P="${MY_PN}-${PV}" - -inherit webapp depend.php depend.apache - -DESCRIPTION="A browser-based multilingual IMAP client with an application-like user interface" -HOMEPAGE="http://roundcube.net" -SRC_URI="mirror://sourceforge/${MY_PN}/${MY_P}.tar.gz" - -# roundcube is GPL-licensed, the rest of the licenses here are -# for bundled PEAR components, googiespell and utf8.class.php -LICENSE="GPL-2 BSD PHP-2.02 PHP-3 MIT public-domain" -KEYWORDS="~amd64 ~arm ~ppc ~ppc64 ~sparc ~x86" -IUSE="ldap mysql postgres ssl spell" - -DEPEND="" -RDEPEND="|| ( <dev-lang/php-5.3[crypt,iconv,ldap?,pcre,postgres?,session,spl,ssl?,unicode] - >=dev-lang/php-5.3[crypt,iconv,ldap?,postgres?,session,ssl?,unicode] ) - !postgres? ( !mysql? ( dev-lang/php[sqlite] ) ) - spell? ( dev-lang/php[curl,spell] ) - dev-php/PEAR-PEAR" - -need_httpd_cgi -need_php_httpd - -S=${WORKDIR}/${MY_P} - -pkg_setup() { - use mysql && require_php_with_any_use mysql mysqli - - # add some warnings about optional functionality - if ! PHPCHECKNODIE="yes" require_php_with_any_use gd gd-external; then - ewarn "IMAP quota display will not work correctly without GD support in PHP." - ewarn "Recompile PHP with either gd or gd-external in USE if you want this feature." - ewarn - fi - - webapp_pkg_setup -} - -src_prepare() { - epatch "${FILESDIR}"/${P}-disable-dns-prefetching.patch - - cp config/db.inc.php{.dist,} - cp config/main.inc.php{.dist,} -} - -src_install () { - webapp_src_preinst - dodoc CHANGELOG INSTALL README UPGRADING - - insinto "${MY_HTDOCSDIR}" - doins -r [[:lower:]]* SQL - doins .htaccess - - webapp_serverowned "${MY_HTDOCSDIR}"/logs - webapp_serverowned "${MY_HTDOCSDIR}"/temp - - webapp_configfile "${MY_HTDOCSDIR}"/config/{db,main}.inc.php - webapp_postinst_txt en "${FILESDIR}"/postinstall-en.txt - webapp_postupgrade_txt en UPGRADING - webapp_src_install -} diff --git a/mail-client/roundcube/roundcube-0.3.1.ebuild b/mail-client/roundcube/roundcube-0.3.1.ebuild deleted file mode 100644 index 0452ca747622..000000000000 --- a/mail-client/roundcube/roundcube-0.3.1.ebuild +++ /dev/null @@ -1,66 +0,0 @@ -# Copyright 1999-2010 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/mail-client/roundcube/roundcube-0.3.1.ebuild,v 1.11 2010/08/12 08:09:16 a3li Exp $ - -EAPI="2" - -MY_PN="${PN}mail" -MY_P="${MY_PN}-${PV}" - -inherit webapp depend.php depend.apache - -DESCRIPTION="A browser-based multilingual IMAP client with an application-like user interface" -HOMEPAGE="http://roundcube.net" -SRC_URI="mirror://sourceforge/${MY_PN}/${MY_P}.tar.gz" - -# roundcube is GPL-licensed, the rest of the licenses here are -# for bundled PEAR components, googiespell and utf8.class.php -LICENSE="GPL-2 BSD PHP-2.02 PHP-3 MIT public-domain" -KEYWORDS="amd64 arm ppc ppc64 ~sparc x86" -IUSE="ldap mysql postgres ssl spell" - -DEPEND="" -RDEPEND="dev-lang/php[crypt,iconv,ldap?,pcre,postgres?,session,spl,ssl?,unicode] - !postgres? ( !mysql? ( dev-lang/php[sqlite] ) ) - spell? ( dev-lang/php[curl,spell] ) - dev-php/PEAR-PEAR -" - -need_httpd_cgi -need_php_httpd - -S=${WORKDIR}/${MY_P} - -pkg_setup() { - use mysql && require_php_with_any_use mysql mysqli - - # add some warnings about optional functionality - if ! PHPCHECKNODIE="yes" require_php_with_any_use gd gd-external; then - ewarn "IMAP quota display will not work correctly without GD support in PHP." - ewarn "Recompile PHP with either gd or gd-external in USE if you want this feature." - ewarn - fi - - webapp_pkg_setup -} - -src_prepare() { - mv config/db.inc.php{.dist,} - mv config/main.inc.php{.dist,} -} - -src_install () { - webapp_src_preinst - dodoc CHANGELOG INSTALL README UPGRADING - - insinto "${MY_HTDOCSDIR}" - doins -r [[:lower:]]* SQL - - webapp_serverowned "${MY_HTDOCSDIR}"/logs - webapp_serverowned "${MY_HTDOCSDIR}"/temp - - webapp_configfile "${MY_HTDOCSDIR}"/config/{db,main}.inc.php - webapp_postinst_txt en "${FILESDIR}"/postinstall-en.txt - webapp_postupgrade_txt en UPGRADING - webapp_src_install -} |