diff options
author | tron <tron@pkgsrc.org> | 2012-10-16 18:45:01 +0000 |
---|---|---|
committer | tron <tron@pkgsrc.org> | 2012-10-16 18:45:01 +0000 |
commit | ef7703120ed446df5976880a234840cda92bc98b (patch) | |
tree | c11b344de6181391cccceb5827555a5d046c5130 /mail | |
parent | 49d9848b090682c030855b4248f85ef4f8eb8092 (diff) | |
download | pkgsrc-ef7703120ed446df5976880a234840cda92bc98b.tar.gz |
Pullup ticket #3948 - requested by taca
mail/roundcube: security patch
Revisions pulled up:
- mail/roundcube/Makefile 1.47-1.48
- mail/roundcube/distinfo 1.26
- mail/roundcube/patches/patch-program_steps_utils_error.inc 1.1
---
Module Name: pkgsrc
Committed By: asau
Date: Mon Oct 8 12:19:35 UTC 2012
Modified Files:
pkgsrc/mail/roundcube: Makefile
Log Message:
Drop PKG_DESTDIR_SUPPORT setting, "user-destdir" is default these days.
---
Module Name: pkgsrc
Committed By: taca
Date: Mon Oct 15 03:33:23 UTC 2012
Modified Files:
pkgsrc/mail/roundcube: Makefile distinfo
Added Files:
pkgsrc/mail/roundcube/patches: patch-program_steps_utils_error.inc
Log Message:
Add minimum fix for XSS with HTTP_USER_AGENT from the repository.
Bump PKGREVISION.
Diffstat (limited to 'mail')
-rw-r--r-- | mail/roundcube/Makefile | 5 | ||||
-rw-r--r-- | mail/roundcube/distinfo | 3 | ||||
-rw-r--r-- | mail/roundcube/patches/patch-program_steps_utils_error.inc | 15 |
3 files changed, 19 insertions, 4 deletions
diff --git a/mail/roundcube/Makefile b/mail/roundcube/Makefile index a0c49fc67a0..7196c0d9a9d 100644 --- a/mail/roundcube/Makefile +++ b/mail/roundcube/Makefile @@ -1,7 +1,8 @@ -# $NetBSD: Makefile,v 1.46 2012/08/21 15:26:31 taca Exp $ +# $NetBSD: Makefile,v 1.46.2.1 2012/10/16 18:45:01 tron Exp $ DISTNAME= roundcubemail-0.8.1-dep PKGNAME= ${DISTNAME:S/mail-/-/:S/-dep//} +PKGREVISION= 1 CATEGORIES= mail MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=roundcubemail/} @@ -10,8 +11,6 @@ HOMEPAGE= http://roundcube.net/ COMMENT= Browser-based multilingual IMAP client LICENSE= gnu-gpl-v3 -PKG_DESTDIR_SUPPORT= user-destdir - DEPENDS+= ${PHP_PKG_PREFIX}-pear-Net_SMTP>=1.4.2:../../net/pear-Net_SMTP DEPENDS+= ${PHP_PKG_PREFIX}-pear-Mail_Mime>=1.8.1:../../mail/pear-Mail_Mime DEPENDS+= ${PHP_PKG_PREFIX}-pear-MDB2>=2.5.0:../../databases/pear-MDB2 diff --git a/mail/roundcube/distinfo b/mail/roundcube/distinfo index bed71d089c3..0687fb41dcf 100644 --- a/mail/roundcube/distinfo +++ b/mail/roundcube/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.25 2012/08/21 15:26:31 taca Exp $ +$NetBSD: distinfo,v 1.25.2.1 2012/10/16 18:45:01 tron Exp $ SHA1 (roundcubemail-0.8.1-dep.tar.gz) = 3e9642800e7e5226057b54c61baba17f5ba75680 RMD160 (roundcubemail-0.8.1-dep.tar.gz) = 92430f23b5241ef9cf8942d75455d2aba84fdc72 @@ -7,3 +7,4 @@ SHA1 (patch-aa) = 4946fab1dd1a809d32de7fa16b9eb1075eb8424a SHA1 (patch-ab) = ac9f7ac488f9c309fd1b30a8ecec73e52b245c11 SHA1 (patch-ac) = c25fc1c662bbdbde388165fe835e8af9b5665c5b SHA1 (patch-af) = e2bae396f049b2c5030f24e539b7f418a3d09d78 +SHA1 (patch-program_steps_utils_error.inc) = d2062e13762d33bcd8426c7c2db1f49e910b9d50 diff --git a/mail/roundcube/patches/patch-program_steps_utils_error.inc b/mail/roundcube/patches/patch-program_steps_utils_error.inc new file mode 100644 index 00000000000..69e77279741 --- /dev/null +++ b/mail/roundcube/patches/patch-program_steps_utils_error.inc @@ -0,0 +1,15 @@ +$NetBSD: patch-program_steps_utils_error.inc,v 1.1.2.2 2012/10/16 18:45:01 tron Exp $ + +Minimum fix for XSS with HTTP_USER_AGENT from the repository. + +--- program/steps/utils/error.inc.orig 2012-08-17 19:34:07.000000000 +0000 ++++ program/steps/utils/error.inc +@@ -25,7 +25,7 @@ + + // browser is not compatible with this application + if ($ERROR_CODE==409) { +- $user_agent = $_SERVER['HTTP_USER_AGENT']; ++ $user_agent = htmlentities($_SERVER['HTTP_USER_AGENT']); + $__error_title = 'Your browser does not suit the requirements for this application'; + $__error_text = <<<EOF + <i>Supported browsers:</i><br /> |