diff options
author | Aaron W. Swenson <titanofold@gentoo.org> | 2017-11-09 12:51:56 -0500 |
---|---|---|
committer | Aaron W. Swenson <titanofold@gentoo.org> | 2017-11-09 12:51:56 -0500 |
commit | 4d044d7e03b744873e0b61d3d9bb361518453e1b (patch) | |
tree | ac9dbb1b9fc64c8aa4342fd24847b6170e2ab207 | |
parent | net-misc/aria2: 1.33.1 (diff) | |
download | gentoo-4d044d7e03b744873e0b61d3d9bb361518453e1b.tar.gz gentoo-4d044d7e03b744873e0b61d3d9bb361518453e1b.tar.bz2 gentoo-4d044d7e03b744873e0b61d3d9bb361518453e1b.zip |
mail-client/roundcube: Security Bump (Bug 636970)
Security-related version bump to:
* 1.3.3
* 1.2.7
CVE-2017-16651 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-16651):
Roundcube Webmail before 1.2.x before 1.2.7, and 1.3.x before 1.3.3
allows unauthorized access to arbitrary files on the host's filesystem.
Gentoo-Bug: https://bugs.gentoo.org/636970
Package-Manager: Portage-2.3.8, Repoman-2.3.3
-rw-r--r-- | mail-client/roundcube/Manifest | 2 | ||||
-rw-r--r-- | mail-client/roundcube/roundcube-1.2.7.ebuild | 74 | ||||
-rw-r--r-- | mail-client/roundcube/roundcube-1.3.3.ebuild | 76 |
3 files changed, 152 insertions, 0 deletions
diff --git a/mail-client/roundcube/Manifest b/mail-client/roundcube/Manifest index f68af0cb00d1..faf84460e61a 100644 --- a/mail-client/roundcube/Manifest +++ b/mail-client/roundcube/Manifest @@ -1,4 +1,6 @@ DIST roundcubemail-1.2.5.tar.gz 3602701 SHA256 9c4d65951cc636d0e2e2296bfdf55fb53e23a4611fa96f17fb5d354db91bec38 SHA512 8f17c8222a59123e438a3683e5f2fbfef28c966899a271a2a11c25535e7188ff57846847108190a4d20ff53eccd10a2a7e88e8a5f958e9bc38c69e53824e7928 WHIRLPOOL 48bfc729da9e9ceb88a5125e7d713016b48986eb8debb21a2d92404011361ceddc536871b21acbe1094d4be365727a6f15a0c66433736fb34879a55aba009528 DIST roundcubemail-1.2.6-complete.tar.gz 3893031 SHA256 2f5c674f41fb2c842b3e4d5d7feab00c674b0c834f5cd944a4d778c23c921ec1 SHA512 4b33ddc322446cf4d7915d9f57fa11946fb6056f91034ff9643363a87ad293d444bacf2a6e6502bbb8b57623f39548b7a6fff02f4bb70622843ecbc489949024 WHIRLPOOL a52c45d4995002f4096237e846841115c57ba4a4eb01d6f3c78ab3b821ccc2ad59d4cbc6b8e547b2a9ed1416fbb0084004ecd4342666e689136f7f4c3f343d17 +DIST roundcubemail-1.2.7-complete.tar.gz 3904612 SHA256 6dd7f117d1a9509a382edb9e04e52f26ff7eb19b52aa4bb6646cfb2fadde682d SHA512 545b3fe05ecfaede3d887ae71e41fc91aaaae280c71b67db9a5dcb516b5b238371327c2b1fabe87cf073cce38bc5a57b3db2592eb96d436bae280896c1f7017c WHIRLPOOL 0c43ae93034148bb87affa58d5d78115697805259f5da8a2f3ce5f29031fbef61286d8235526feef30f660145c4e3c3800209191a8647c3924a99cb0dfd19d10 DIST roundcubemail-1.3.0.tar.gz 3104348 SHA256 a37e55a3b5f83420930ae20ef3ac6dbedb499c920bbcf3fc93a8f784f7773d21 SHA512 f3ab39cc3eec9bbcaf3d8f5d9004b0da92fe5d35b71687acc234fab5772abb92d970855716288cba10c8609532d42ddc6e791a1f7bca13de555174a37deca9c4 WHIRLPOOL a2fb856fa060a3e904cc528b73474fa64ebe4af1de6f1b2bb1c82f426143bf762d380f121902cea60ff7d00d73058786b7bb4f27ddd6f00cf798b15a0e8e8d38 DIST roundcubemail-1.3.1-complete.tar.gz 5296647 SHA256 f071bbe84f90ba55582289dcef7b70198b81e0aedd4de8422945658bbee3da0b SHA512 79722d1213b6855af37dea4c2522eba12ded4ed430b5d96f5ba9eb851bbfbe68c406b0c5410e21e2721dfe2cf42fdc2fa825161a229f785921ebdc89221ab232 WHIRLPOOL 7df4ff8ba3e39ce217e4fea8c932707bb98dea68c7aa0a504efe56345d32afa369fcbb57fe053520cfad62a8090309113e8e4e8c2f49ff883a66cf31e0bdfd41 +DIST roundcubemail-1.3.3-complete.tar.gz 5339032 SHA256 05d9856c966c0d93accabf724e7ff2fd493bba1a57c44247ed0a2aacd617c879 SHA512 1f634fbc5d0967f28a7aa990a9b23f105b93030d43927237fc9b5decabe1b959de75c7c21bdb27389ec53730378565e7f309d7c009be427c7615372634273931 WHIRLPOOL c1a75b4e90afe34a18e789f6b5ca9e0af056bd0a48fc093135c0ff028594541cfdcb167b3c0c7ef05880e39f9fa5cd45575e39aa542e707a95f951076183c42a diff --git a/mail-client/roundcube/roundcube-1.2.7.ebuild b/mail-client/roundcube/roundcube-1.2.7.ebuild new file mode 100644 index 000000000000..1df11749a007 --- /dev/null +++ b/mail-client/roundcube/roundcube-1.2.7.ebuild @@ -0,0 +1,74 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" + +inherit webapp + +MY_PN=${PN}mail +MY_P=${MY_PN}-${PV} + +DESCRIPTION="A browser-based multilingual IMAP client with an application-like user interface" +HOMEPAGE="https://roundcube.net" +SRC_URI="https://github.com/${PN}/${MY_PN}/releases/download/${PV}/${MY_P}-complete.tar.gz" + +# roundcube is GPL-licensed, the rest of the licenses here are +# for bundled PEAR components, googiespell and utf8.class.php +LICENSE="GPL-3 BSD PHP-2.02 PHP-3 MIT public-domain" +KEYWORDS="~amd64 ~arm ~ppc ~ppc64 ~x86" + +IUSE="enigma ldap managesieve mysql postgres sqlite ssl spell" +REQUIRED_USE="|| ( mysql postgres sqlite )" + +# this function only sets DEPEND so we need to include that in RDEPEND +need_httpd_cgi + +RDEPEND=" + ${DEPEND} + >=dev-lang/php-5.3.7[crypt,filter,gd,iconv,json,ldap?,pdo,postgres?,session,sockets,sqlite?,ssl?,unicode,xml] + >=dev-php/PEAR-Auth_SASL-1.0.6 + >=dev-php/PEAR-Mail_Mime-1.8.9 + >=dev-php/PEAR-Mail_mimeDecode-1.5.5 + >=dev-php/PEAR-Net_IDNA2-0.1.1 + >=dev-php/PEAR-Net_SMTP-1.6.2 + virtual/httpd-php + enigma? ( >=dev-php/PEAR-Crypt_GPG-1.4.0 app-crypt/gnupg ) + ldap? ( >=dev-php/PEAR-Net_LDAP2-2.0.12 dev-php/PEAR-Net_LDAP3 ) + managesieve? ( >=dev-php/PEAR-Net_Sieve-1.3.2 ) + mysql? ( || ( dev-lang/php[mysql] dev-lang/php[mysqli] ) ) + spell? ( dev-lang/php[curl,spell] ) +" + +S=${WORKDIR}/${MY_P} + +src_install() { + webapp_src_preinst + dodoc CHANGELOG INSTALL README.md UPGRADING + + insinto "${MY_HTDOCSDIR}" + doins -r [[:lower:]]* SQL + doins .htaccess + + webapp_serverowned "${MY_HTDOCSDIR}"/logs + webapp_serverowned "${MY_HTDOCSDIR}"/temp + + webapp_configfile "${MY_HTDOCSDIR}"/config/defaults.inc.php + webapp_postupgrade_txt en "${FILESDIR}/POST-UPGRADE.txt" + webapp_src_install +} + +pkg_postinst() { + webapp_pkg_postinst + + ewarn + ewarn "When upgrading from <= 0.9, note that the old configuration files" + ewarn "named main.inc.php and db.inc.php are deprecated and should be" + ewarn "replaced with one single config.inc.php file." + ewarn + ewarn "Run the ./bin/update.sh script to convert those" + ewarn "or manually merge the files." + ewarn + ewarn "The new config.inc.php should only contain options that" + ewarn "differ from the ones listed in defaults.inc.php." + ewarn +} diff --git a/mail-client/roundcube/roundcube-1.3.3.ebuild b/mail-client/roundcube/roundcube-1.3.3.ebuild new file mode 100644 index 000000000000..37e237f45153 --- /dev/null +++ b/mail-client/roundcube/roundcube-1.3.3.ebuild @@ -0,0 +1,76 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" + +inherit webapp + +MY_PN=${PN}mail +MY_P=${MY_PN}-${PV} + +DESCRIPTION="A browser-based multilingual IMAP client with an application-like user interface" +HOMEPAGE="https://roundcube.net" +SRC_URI="https://github.com/${PN}/${MY_PN}/releases/download/${PV}/${MY_P}-complete.tar.gz" + +# roundcube is GPL-licensed, the rest of the licenses here are +# for bundled PEAR components, googiespell and utf8.class.php +LICENSE="GPL-3 BSD PHP-2.02 PHP-3 MIT public-domain" +KEYWORDS="~amd64 ~arm ~ppc ~ppc64 ~x86" + +IUSE="enigma ldap managesieve mysql postgres sqlite ssl spell" +REQUIRED_USE="|| ( mysql postgres sqlite )" + +# this function only sets DEPEND so we need to include that in RDEPEND +need_httpd_cgi + +# :TODO: Support "endriod/qrcode: ~1.6.5" dep (ebuild needed) +RDEPEND=" + ${DEPEND} + >=dev-lang/php-5.4.0[crypt,filter,gd,iconv,json,ldap?,pdo,postgres?,session,sockets,sqlite?,ssl?,unicode,xml] + >=dev-php/PEAR-Auth_SASL-1.1.0 + >=dev-php/PEAR-Mail_Mime-1.10.0 + >=dev-php/PEAR-Mail_mimeDecode-1.5.5 + >=dev-php/PEAR-Net_IDNA2-0.2.0 + >=dev-php/PEAR-Net_SMTP-1.7.1 + >=dev-php/PEAR-Net_Socket-1.2.1 + virtual/httpd-php + enigma? ( >=dev-php/PEAR-Crypt_GPG-1.6.0 app-crypt/gnupg ) + ldap? ( >=dev-php/PEAR-Net_LDAP2-2.2.0 dev-php/PEAR-Net_LDAP3 ) + managesieve? ( >=dev-php/PEAR-Net_Sieve-1.4.0 ) + mysql? ( || ( dev-lang/php[mysql] dev-lang/php[mysqli] ) ) + spell? ( dev-lang/php[curl,spell] ) +" + +S=${WORKDIR}/${MY_P} + +src_install() { + webapp_src_preinst + dodoc CHANGELOG INSTALL README.md UPGRADING + + insinto "${MY_HTDOCSDIR}" + doins -r [[:lower:]]* SQL + doins .htaccess + + webapp_serverowned "${MY_HTDOCSDIR}"/logs + webapp_serverowned "${MY_HTDOCSDIR}"/temp + + webapp_configfile "${MY_HTDOCSDIR}"/config/defaults.inc.php + webapp_postupgrade_txt en "${FILESDIR}/POST-UPGRADE.txt" + webapp_src_install +} + +pkg_postinst() { + webapp_pkg_postinst + + ewarn + ewarn "When upgrading from <= 0.9, note that the old configuration files" + ewarn "named main.inc.php and db.inc.php are deprecated and should be" + ewarn "replaced with one single config.inc.php file." + ewarn + ewarn "Run the ./bin/update.sh script to convert those" + ewarn "or manually merge the files." + ewarn + ewarn "The new config.inc.php should only contain options that" + ewarn "differ from the ones listed in defaults.inc.php." + ewarn +} |