Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 10 Jun 2016 07:09:56 +0000 (UTC)
From:      Alex Dupre <ale@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r416656 - in head/mail/roundcube: . files
Message-ID:  <201606100709.u5A79udq073798@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: ale
Date: Fri Jun 10 07:09:56 2016
New Revision: 416656
URL: https://svnweb.freebsd.org/changeset/ports/416656

Log:
  Update to 1.2.0 release.

Added:
  head/mail/roundcube/files/patch-program_lib_Roundcube_rcube_session_db.php   (contents, props changed)
Deleted:
  head/mail/roundcube/files/patch-CVE-2016-5103
  head/mail/roundcube/files/patch-vendor_pear-pear.php.net_Net__Sieve_Net_Sieve.php
Modified:
  head/mail/roundcube/Makefile
  head/mail/roundcube/distinfo
  head/mail/roundcube/files/patch-INSTALL
  head/mail/roundcube/files/patch-config_defaults.inc.php
  head/mail/roundcube/files/patch-installer_check.php
  head/mail/roundcube/files/patch-program_lib_Roundcube_bootstrap.php
  head/mail/roundcube/files/patch-program_lib_Roundcube_rcube_message.php
  head/mail/roundcube/files/patch-program_lib_Roundcube_rcube_session.php

Modified: head/mail/roundcube/Makefile
==============================================================================
--- head/mail/roundcube/Makefile	Fri Jun 10 06:52:27 2016	(r416655)
+++ head/mail/roundcube/Makefile	Fri Jun 10 07:09:56 2016	(r416656)
@@ -1,8 +1,7 @@
 # $FreeBSD$
 
 PORTNAME=	roundcube
-DISTVERSION=	1.1.5
-PORTREVISION=	1
+DISTVERSION=	1.2.0
 PORTEPOCH=	1
 CATEGORIES?=	mail www
 MASTER_SITES=	https://github.com/roundcube/roundcubemail/releases/download/${DISTVERSION}/
@@ -24,10 +23,10 @@ CPE_PRODUCT=	webmail
 CPE_VENDOR=	roundcube
 
 WANT_PHP_WEB=	yes
-USE_PHP=	pcre mbstring session iconv dom xml json intl zip filter
+USE_PHP=	pcre mbstring session iconv dom xml json intl zip filter openssl fileinfo exif
 IGNORE_WITH_PHP=70
 
-OPTIONS_DEFINE=	SSL LDAP GD PSPELL NSC DOCS
+OPTIONS_DEFINE=	LDAP GD PSPELL NSC DOCS
 OPTIONS_SINGLE=	DB
 OPTIONS_SINGLE_DB=	MYSQL PGSQL SQLITE
 OPTIONS_DEFAULT=MYSQL
@@ -35,7 +34,6 @@ OPTIONS_DEFAULT=MYSQL
 MYSQL_DESC=	Use MySQL backend
 PGSQL_DESC=	Use PostgreSQL backend
 SQLITE_DESC=	Use SQLite backend
-SSL_DESC=	Enable SSL support (imaps or google spellcheck)
 LDAP_DESC=	Enable LDAP support (address book)
 GD_DESC=	Enable GD support (image conversion)
 PSPELL_DESC=	Enable PSpell support (internal spellcheck)
@@ -55,10 +53,6 @@ USE_PHP+=	pdo_pgsql
 USE_PHP+=	pdo_sqlite
 .endif
 
-.if ${PORT_OPTIONS:MSSL}
-USE_PHP+=	openssl
-.endif
-
 .if ${PORT_OPTIONS:MLDAP}
 USE_PHP+=	ldap
 .endif

Modified: head/mail/roundcube/distinfo
==============================================================================
--- head/mail/roundcube/distinfo	Fri Jun 10 06:52:27 2016	(r416655)
+++ head/mail/roundcube/distinfo	Fri Jun 10 07:09:56 2016	(r416656)
@@ -1,2 +1,3 @@
-SHA256 (roundcubemail-1.1.5-complete.tar.gz) = 476a1d45b0592b2ad43e3e08cbc72e69ef31e33ed8a8f071f02e5a1ae3e7f334
-SIZE (roundcubemail-1.1.5-complete.tar.gz) = 4581781
+TIMESTAMP = 1465476478
+SHA256 (roundcubemail-1.2.0-complete.tar.gz) = 574895da03b5ad78eaf0843a78e0c0ab734a9327b4ba47b72405b768cb2854cc
+SIZE (roundcubemail-1.2.0-complete.tar.gz) = 3748290

Modified: head/mail/roundcube/files/patch-INSTALL
==============================================================================
--- head/mail/roundcube/files/patch-INSTALL	Fri Jun 10 06:52:27 2016	(r416655)
+++ head/mail/roundcube/files/patch-INSTALL	Fri Jun 10 07:09:56 2016	(r416656)
@@ -1,6 +1,6 @@
---- INSTALL.orig	2015-02-08 13:43:29.000000000 +0000
-+++ INSTALL	2015-02-19 12:22:34.259436291 +0000
-@@ -29,7 +29,6 @@
+--- INSTALL.orig	2016-05-22 11:06:47 UTC
++++ INSTALL
+@@ -29,7 +29,6 @@ REQUIREMENTS
     - memory_limit > 16MB (increase as suitable to support large attachments)
     - file_uploads enabled (for attachment upload features)
     - session.auto_start disabled

Modified: head/mail/roundcube/files/patch-config_defaults.inc.php
==============================================================================
--- head/mail/roundcube/files/patch-config_defaults.inc.php	Fri Jun 10 06:52:27 2016	(r416655)
+++ head/mail/roundcube/files/patch-config_defaults.inc.php	Fri Jun 10 07:09:56 2016	(r416656)
@@ -1,7 +1,7 @@
---- config/defaults.inc.php.orig	2014-04-06 14:13:09.000000000 +0000
-+++ config/defaults.inc.php	2014-04-10 09:08:58.242144399 +0000
-@@ -596,8 +596,8 @@
- // connect to a Nox Spell Server when using 'googie' here. Therefore specify the 'spellcheck_uri'
+--- config/defaults.inc.php.orig	2016-05-22 11:06:45 UTC
++++ config/defaults.inc.php
+@@ -717,8 +717,8 @@ $config['spellcheck_dictionary'] = false
+ // You can connect to any other googie-compliant service by setting 'spellcheck_uri' accordingly.
  $config['spellcheck_engine'] = 'googie';
  
 -// For locally installed Nox Spell Server or After the Deadline services,

Modified: head/mail/roundcube/files/patch-installer_check.php
==============================================================================
--- head/mail/roundcube/files/patch-installer_check.php	Fri Jun 10 06:52:27 2016	(r416655)
+++ head/mail/roundcube/files/patch-installer_check.php	Fri Jun 10 07:09:56 2016	(r416656)
@@ -1,8 +1,8 @@
---- installer/check.php.orig	2012-08-06 18:18:13.000000000 +0200
-+++ installer/check.php	2012-08-13 12:36:52.000000000 +0200
-@@ -39,7 +39,6 @@
+--- installer/check.php.orig	2016-05-22 11:06:45 UTC
++++ installer/check.php
+@@ -43,7 +43,6 @@ $ini_checks = array(
+     'file_uploads'                  => 1,
      'session.auto_start'            => 0,
-     'zend.ze1_compatibility_mode'   => 0,
      'mbstring.func_overload'        => 0,
 -    'suhosin.session.encrypt'       => 0,
      'magic_quotes_runtime'          => 0,

Modified: head/mail/roundcube/files/patch-program_lib_Roundcube_bootstrap.php
==============================================================================
--- head/mail/roundcube/files/patch-program_lib_Roundcube_bootstrap.php	Fri Jun 10 06:52:27 2016	(r416655)
+++ head/mail/roundcube/files/patch-program_lib_Roundcube_bootstrap.php	Fri Jun 10 07:09:56 2016	(r416656)
@@ -1,6 +1,6 @@
---- program/lib/Roundcube/bootstrap.php.orig	2014-07-07 18:18:50.261368902 +0000
-+++ program/lib/Roundcube/bootstrap.php	2014-07-07 18:18:58.202127091 +0000
-@@ -38,7 +38,6 @@
+--- program/lib/Roundcube/bootstrap.php.orig	2016-05-22 11:06:47 UTC
++++ program/lib/Roundcube/bootstrap.php
+@@ -37,7 +37,6 @@ $config = array(
  // check these additional ini settings if not called via CLI
  if (php_sapi_name() != 'cli') {
      $config += array(

Modified: head/mail/roundcube/files/patch-program_lib_Roundcube_rcube_message.php
==============================================================================
--- head/mail/roundcube/files/patch-program_lib_Roundcube_rcube_message.php	Fri Jun 10 06:52:27 2016	(r416655)
+++ head/mail/roundcube/files/patch-program_lib_Roundcube_rcube_message.php	Fri Jun 10 07:09:56 2016	(r416656)
@@ -1,6 +1,6 @@
---- program/lib/Roundcube/rcube_message.php.orig	2010-11-26 13:41:16.000000000 +0100
-+++ program/lib/Roundcube/rcube_message.php	2010-12-13 17:20:59.000000000 +0100
-@@ -452,9 +452,7 @@
+--- program/lib/Roundcube/rcube_message.php.orig	2016-05-22 11:06:47 UTC
++++ program/lib/Roundcube/rcube_message.php
+@@ -766,9 +766,7 @@ class rcube_message
                  }
                  // part is a file/attachment
                  else if (preg_match('/^(inline|attach)/', $mail_part->disposition) ||

Modified: head/mail/roundcube/files/patch-program_lib_Roundcube_rcube_session.php
==============================================================================
--- head/mail/roundcube/files/patch-program_lib_Roundcube_rcube_session.php	Fri Jun 10 06:52:27 2016	(r416655)
+++ head/mail/roundcube/files/patch-program_lib_Roundcube_rcube_session.php	Fri Jun 10 07:09:56 2016	(r416656)
@@ -1,73 +1,30 @@
---- program/lib/Roundcube/rcube_session.php.orig	2015-09-22 15:24:26.400132239 +0000
-+++ program/lib/Roundcube/rcube_session.php	2015-09-22 15:24:08.430133455 +0000
-@@ -35,7 +35,6 @@
-     private $time_diff = 0;
-     private $reloaded = false;
-     private $appends = array();
--    private $unsets = array();
-     private $gc_handlers = array();
-     private $cookiename = 'roundcube_sessauth';
-     private $vars;
-@@ -46,6 +45,7 @@
-     private $logging = false;
-     private $storage;
-     private $memcache;
-+    private $need_base64 = false;
+--- program/lib/Roundcube/rcube_session.php.orig	2016-05-22 11:06:47 UTC
++++ program/lib/Roundcube/rcube_session.php
+@@ -39,7 +39,6 @@ abstract class rcube_session
+     protected $time_diff    = 0;
+     protected $reloaded     = false;
+     protected $appends      = array();
+-    protected $unsets       = array();
+     protected $gc_enabled   = 0;
+     protected $gc_handlers  = array();
+     protected $cookiename   = 'roundcube_sessauth';
+@@ -158,7 +157,7 @@ abstract class rcube_session
  
-     /**
-      * Blocks session data from being written to database.
-@@ -95,6 +95,9 @@
-         else if ($this->storage != 'php') {
-             ini_set('session.serialize_handler', 'php');
- 
-+            if (ini_get("suhosin.session.encrypt") !== "1")
-+                $this->need_base64 = true;
-+
-             // set custom functions for PHP session management
-             session_set_save_handler(
-                 array($this, 'open'),
-@@ -192,7 +195,7 @@
-             $this->time_diff = time() - strtotime($sql_arr['ts']);
-             $this->changed   = strtotime($sql_arr['changed']);
-             $this->ip        = $sql_arr['ip'];
--            $this->vars      = base64_decode($sql_arr['vars']);
-+            $this->vars      = $this->_decode($sql_arr['vars']);
-             $this->key       = $key;
- 
-             return !empty($this->vars) ? (string) $this->vars : '';
-@@ -232,12 +235,12 @@
-         }
- 
-         if ($oldvars !== null) {
+         // if there are cached vars, update store, else insert new data
+         if ($oldvars) {
 -            $newvars = $this->_fixvars($vars, $oldvars);
-+            $newvars = $vars;
- 
-             if ($newvars !== $oldvars) {
-                 $this->db->query("UPDATE {$this->table_name} "
-                     . "SET `changed` = $now, `vars` = ? WHERE `sess_id` = ?",
--                    base64_encode($newvars), $key);
-+                    $this->_encode($newvars), $key);
-             }
-             else if ($ts - $this->changed + $this->time_diff > $this->lifetime / 2) {
-                 $this->db->query("UPDATE {$this->table_name} SET `changed` = $now"
-@@ -248,44 +251,30 @@
-             $this->db->query("INSERT INTO {$this->table_name}"
-                 . " (`sess_id`, `vars`, `ip`, `created`, `changed`)"
-                 . " VALUES (?, ?, ?, $now, $now)",
--                $key, base64_encode($vars), (string)$this->ip);
-+                $key, $this->_encode($vars), (string)$this->ip);
++            $newvars = $vars);
+             return $this->update($key, $newvars, $oldvars);
          }
- 
-         return true;
+         else {
+@@ -180,39 +179,6 @@ abstract class rcube_session
      }
  
- 
--    /**
+     /**
 -     * Merge vars with old vars and apply unsets
 -     */
--    private function _fixvars($vars, $oldvars)
-+    private function _encode($vars)
-     {
+-    protected function _fixvars($vars, $oldvars)
+-    {
 -        if ($oldvars !== null) {
 -            $a_oldvars = $this->unserialize($oldvars);
 -            if (is_array($a_oldvars)) {
@@ -90,36 +47,29 @@
 -            else {
 -                $newvars = $vars;
 -            }
-+        if ($this->need_base64) {
-+            return base64_encode($vars);
-+        } else {
-+            return $vars;
-         }
-+    }
- 
+-        }
+-
 -        $this->unsets = array();
 -        return $newvars;
-+
-+    private function _decode($vars) 
-+    {
-+        if ($this->need_base64) {
-+            return base64_decode($vars);
-+        } else {
-+            return $vars;
-+        }
-     }
+-    }
+-
+-    /**
+      * Execute registered garbage collector routines
+      */
+     public function gc($maxlifetime)
+@@ -321,11 +287,6 @@ abstract class rcube_session
+         }
  
+         $this->appends[] = $path;
+-
+-        // when overwriting a previously unset variable
+-        if ($this->unsets[$path]) {
+-            unset($this->unsets[$path]);
+-        }
+     }
  
-@@ -350,7 +339,7 @@
-         else // else read data again
-             $oldvars = $this->mc_read($key);
- 
--        $newvars = $oldvars !== null ? $this->_fixvars($vars, $oldvars) : $vars;
-+        $newvars = $vars;
- 
-         if ($newvars !== $oldvars || $ts - $this->changed > $this->lifetime / 3) {
-             return $this->memcache->set($key, serialize(array('changed' => time(), 'ip' => $this->ip, 'vars' => $newvars)),
-@@ -488,8 +477,6 @@
+     /**
+@@ -340,8 +301,6 @@ abstract class rcube_session
              return $this->destroy(session_id());
          }
  
@@ -128,3 +78,25 @@
          if (isset($_SESSION[$var])) {
              unset($_SESSION[$var]);
          }
+@@ -387,21 +346,6 @@ abstract class rcube_session
+ 
+         if ($data) {
+             session_decode($data);
+-
+-            // apply appends and unsets to reloaded data
+-            $_SESSION = array_merge_recursive($_SESSION, $merge_data);
+-
+-            foreach ((array)$this->unsets as $var) {
+-                if (isset($_SESSION[$var])) {
+-                    unset($_SESSION[$var]);
+-                }
+-                else {
+-                    $path = explode('.', $var);
+-                    $k = array_pop($path);
+-                    $node = &$this->get_node($path, $_SESSION);
+-                    unset($node[$k]);
+-                }
+-            }
+         }
+     }
+ 

Added: head/mail/roundcube/files/patch-program_lib_Roundcube_rcube_session_db.php
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/mail/roundcube/files/patch-program_lib_Roundcube_rcube_session_db.php	Fri Jun 10 07:09:56 2016	(r416656)
@@ -0,0 +1,71 @@
+--- program/lib/Roundcube/rcube_session_db.php.orig	2016-05-22 11:06:47 UTC
++++ program/lib/Roundcube/rcube_session_db.php
+@@ -32,6 +32,7 @@ class rcube_session_db extends rcube_ses
+ {
+     private $db;
+     private $table_name;
++    private $need_base64;
+ 
+     /**
+      * @param Object $config
+@@ -39,6 +40,9 @@ class rcube_session_db extends rcube_ses
+     public function __construct($config)
+     {
+         parent::__construct($config);
++        
++        // base64 encode if suhosin is not enabled
++        $this->need_base64 = ini_get("suhosin.session.encrypt") !== "1";
+ 
+         // get db instance
+         $this->db = rcube::get_instance()->get_dbh();
+@@ -103,7 +107,7 @@ class rcube_session_db extends rcube_ses
+             $this->time_diff = time() - strtotime($sql_arr['ts']);
+             $this->changed   = strtotime($sql_arr['changed']);
+             $this->ip        = $sql_arr['ip'];
+-            $this->vars      = base64_decode($sql_arr['vars']);
++            $this->vars      = $this->_decode($sql_arr['vars']);
+             $this->key       = $key;
+ 
+             return !empty($this->vars) ? (string) $this->vars : '';
+@@ -126,7 +130,7 @@ class rcube_session_db extends rcube_ses
+         $this->db->query("INSERT INTO {$this->table_name}"
+             . " (`sess_id`, `vars`, `ip`, `created`, `changed`)"
+             . " VALUES (?, ?, ?, $now, $now)",
+-            $key, base64_encode($vars), (string)$this->ip);
++            $key, $this->_encode($vars), (string)$this->ip);
+ 
+         return true;
+     }
+@@ -150,7 +154,7 @@ class rcube_session_db extends rcube_ses
+         if ($newvars !== $oldvars) {
+             $this->db->query("UPDATE {$this->table_name} "
+                 . "SET `changed` = $now, `vars` = ? WHERE `sess_id` = ?",
+-                base64_encode($newvars), $key);
++                $this->_encode($newvars), $key);
+         }
+         else if ($ts - $this->changed + $this->time_diff > $this->lifetime / 2) {
+             $this->db->query("UPDATE {$this->table_name} SET `changed` = $now"
+@@ -173,4 +177,23 @@ class rcube_session_db extends rcube_ses
+             . date('Y-m-d H:i:s', time() - $this->gc_enabled)
+             . '; rows = ' . intval($this->db->affected_rows()));
+     }
++
++    private function _encode($vars)
++    {
++        if ($this->need_base64) {
++            return base64_encode($vars);
++        } else {
++            return $vars;
++        }
++    }
++
++    private function _decode($vars) 
++    {
++        if ($this->need_base64) {
++            return base64_decode($vars);
++        } else {
++            return $vars;
++        }
++    }
++
+ }



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201606100709.u5A79udq073798>