head	1.2;
access;
symbols
	pkgsrc-2013Q2:1.2.0.4
	pkgsrc-2013Q2-base:1.2
	pkgsrc-2012Q4:1.2.0.2
	pkgsrc-2012Q4-base:1.2
	pkgsrc-2012Q3:1.1.0.2;
locks; strict;
comment	@# @;


1.2
date	2012.12.05.15.38.01;	author taca;	state dead;
branches;
next	1.1;

1.1
date	2012.10.15.03.33.23;	author taca;	state Exp;
branches
	1.1.2.1;
next	;

1.1.2.1
date	2012.10.15.03.33.23;	author tron;	state dead;
branches;
next	1.1.2.2;

1.1.2.2
date	2012.10.16.18.45.01;	author tron;	state Exp;
branches;
next	;


desc
@@


1.2
log
@Update roundcube to 0.8.4.

A little improvement to MESSAGE about upgrading.

CHANGELOG Roundcube Webmail
===========================

- Fix XSS vulnerability in handling of text/enriched messages (#1488806)
- Fix handling of 'media' attribute on linked css (#1488789)
- Fix regression where unintentional page reload was done after request abort (#1488802)
- Fix excessive LFs at the end of composed message with top_posting=true (#1488797)
- Fix bug where leading blanks were stripped from quoted lines (#1488795)

RELEASE 0.8.3
-------------
- Fix AREA links handling (#1488792)
- Fix possible HTTP DoS on error in keep-alive requests (#1488782)
- Fix compatybility with MDB2 2.5.0b4 (#1488779)
- Fix a bug where saving a message in INBOX wasn't possible
- Fix HTML part detection in messages with attachments (#1488769)
- Fix bug where wrong words were highlighted on spell-before-send check
- Fix scrolling quirk in email preview frame using Opera 12 (#1488763)
- Fix displaying of multipart/alternative messages with empty parts (#1488750)
- Fix Warning: htmlspecialchars(): charset `RCMAIL_CHARSET' not supported warning in Installer (#1488744)
- Fix threaded list sorting on PHP < 5.2.9 (#1488748)

RELEASE 0.8.2
-------------
- Fix XSS vulnerability from HTTP User-Agent header (#1488737)
- Force fonts in compose fields to be all the same (#1488690)
- Add full headers view in message preview window (#1488538)
- Fix message display page issues (#1488590, #1488642)
- Fix handling vCard entries with TEL;TYPE=CELL (#1488728)
- Fix error where session wasn't updated after folder rename/delete (#1488692)
- Fix PLAIN authentication for some IMAP servers (#1488674)
- Fix encoding vCard file when contains PHOTO;ENCODING=b (#1488683)
- Fix focus issue in IE when selecting message row (#1488620)
- Fix displaying all headers when they contain malformed characters (#1488666)
- Fix decoding of HTML messages with UTF-16 charset specified (#1488654)
- Fix quota capability detection so it can be overwritten by a plugin (#1488655)
- Fix identity selection on reply (#1488101)
- Fix Larry's messages list filter in IE (#1488632)
- Fix more IE issues by disabling Compat. mode with X-UA-Compatible meta tag (#1488626)
- Fix setting locales under Solaris - use additional .UTF-8 suffix (#1488628)
- Fix email address validation for addresses with IP address in domain part
- Fix Larry skin issues in IE7 compat. mode (#1488618)
- Fix so subscribed non-existing/non-accessible shared folder can be unsubscribed
@
text
@$NetBSD: patch-program_steps_utils_error.inc,v 1.1 2012/10/15 03:33:23 taca Exp $

Minimum fix for XSS with HTTP_USER_AGENT from the repository.

--- program/steps/utils/error.inc.orig	2012-08-17 19:34:07.000000000 +0000
+++ program/steps/utils/error.inc
@@@@ -25,7 +25,7 @@@@
 
 // browser is not compatible with this application
 if ($ERROR_CODE==409) {
-  $user_agent = $_SERVER['HTTP_USER_AGENT'];
+  $user_agent = htmlentities($_SERVER['HTTP_USER_AGENT']);
   $__error_title = 'Your browser does not suit the requirements for this application';
   $__error_text = <<<EOF
 <i>Supported browsers:</i><br />
@


1.1
log
@Add minimum fix for XSS with HTTP_USER_AGENT from the repository.

Bump PKGREVISION.
@
text
@d1 1
a1 1
$NetBSD$
@


1.1.2.1
log
@file patch-program_steps_utils_error.inc was added on branch pkgsrc-2012Q3 on 2012-10-16 18:45:01 +0000
@
text
@d1 15
@


1.1.2.2
log
@Pullup ticket #3948 - requested by taca
mail/roundcube: security patch

Revisions pulled up:
- mail/roundcube/Makefile                                       1.47-1.48
- mail/roundcube/distinfo                                       1.26
- mail/roundcube/patches/patch-program_steps_utils_error.inc    1.1

---
   Module Name:	pkgsrc
   Committed By:	asau
   Date:		Mon Oct  8 12:19:35 UTC 2012

   Modified Files:
   	pkgsrc/mail/roundcube: Makefile

   Log Message:
   Drop PKG_DESTDIR_SUPPORT setting, "user-destdir" is default these days.

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Mon Oct 15 03:33:23 UTC 2012

   Modified Files:
   	pkgsrc/mail/roundcube: Makefile distinfo
   Added Files:
   	pkgsrc/mail/roundcube/patches: patch-program_steps_utils_error.inc

   Log Message:
   Add minimum fix for XSS with HTTP_USER_AGENT from the repository.

   Bump PKGREVISION.
@
text
@a0 15
$NetBSD$

Minimum fix for XSS with HTTP_USER_AGENT from the repository.

--- program/steps/utils/error.inc.orig	2012-08-17 19:34:07.000000000 +0000
+++ program/steps/utils/error.inc
@@@@ -25,7 +25,7 @@@@
 
 // browser is not compatible with this application
 if ($ERROR_CODE==409) {
-  $user_agent = $_SERVER['HTTP_USER_AGENT'];
+  $user_agent = htmlentities($_SERVER['HTTP_USER_AGENT']);
   $__error_title = 'Your browser does not suit the requirements for this application';
   $__error_text = <<<EOF
 <i>Supported browsers:</i><br />
@