diff options
| author | taca <taca@pkgsrc.org> | 2016-05-26 23:22:17 +0000 |
|---|---|---|
| committer | taca <taca@pkgsrc.org> | 2016-05-26 23:22:17 +0000 |
| commit | c17289effed63b53b242238bf8e8720ac7f3e91b (patch) | |
| tree | 18511b666076b230131b4bc27ceb6871b350cf4e /mail | |
| parent | cccd66ce00103612fe9ac29df4ee43955e8f8d99 (diff) | |
| download | pkgsrc-c17289effed63b53b242238bf8e8720ac7f3e91b.tar.gz | |
Update security path for CVE-2016-5103 (XSS) from upstream.
Bump PKGREVISION.
Diffstat (limited to 'mail')
| -rw-r--r-- | mail/roundcube/Makefile | 3 | ||||
| -rw-r--r-- | mail/roundcube/distinfo | 3 | ||||
| -rw-r--r-- | mail/roundcube/patches/patch-program_lib_Roundcube_rcube__washtml.php | 15 |
3 files changed, 19 insertions, 2 deletions
diff --git a/mail/roundcube/Makefile b/mail/roundcube/Makefile index 07eb6e9458d..d8cfbcd1c9e 100644 --- a/mail/roundcube/Makefile +++ b/mail/roundcube/Makefile @@ -1,7 +1,8 @@ -# $NetBSD: Makefile,v 1.81 2016/05/26 03:20:37 taca Exp $ +# $NetBSD: Makefile,v 1.82 2016/05/26 23:22:17 taca Exp $ DISTNAME= roundcubemail-1.1.5 PKGNAME= ${PHP_PKG_PREFIX}-${DISTNAME:S/mail-/-/} +PKGREVISION= 1 CATEGORIES= mail MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=roundcubemail/} diff --git a/mail/roundcube/distinfo b/mail/roundcube/distinfo index 9dd369fad61..78d7d6e7d0b 100644 --- a/mail/roundcube/distinfo +++ b/mail/roundcube/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.49 2016/05/26 03:20:37 taca Exp $ +$NetBSD: distinfo,v 1.50 2016/05/26 23:22:17 taca Exp $ SHA1 (roundcubemail-1.1.5.tar.gz) = d0843b592a810435dff49aa615fd3075691ca18d RMD160 (roundcubemail-1.1.5.tar.gz) = b716851dc55fa88553ad06c21e8c8080416303f1 @@ -7,4 +7,5 @@ Size (roundcubemail-1.1.5.tar.gz) = 3147385 bytes SHA1 (patch-ac) = 235116580665d5d58edc218c063b41171a2d9227 SHA1 (patch-af) = 1f95a7005569207469563aa37ff48da0383b7668 SHA1 (patch-plugins_password_helpers_passwd-expect) = 9e0082f23e37bbab26e8bb1439668132d5aacca2 +SHA1 (patch-program_lib_Roundcube_rcube__washtml.php) = 3a38804d81ead4cd0271befaacc370e78c103b7a SHA1 (patch-rcube_mime_default) = fe6ff1bea0a2c4223b34e44a6d0ca76e6476d2aa diff --git a/mail/roundcube/patches/patch-program_lib_Roundcube_rcube__washtml.php b/mail/roundcube/patches/patch-program_lib_Roundcube_rcube__washtml.php new file mode 100644 index 00000000000..df12a887b04 --- /dev/null +++ b/mail/roundcube/patches/patch-program_lib_Roundcube_rcube__washtml.php @@ -0,0 +1,15 @@ +$NetBSD: patch-program_lib_Roundcube_rcube__washtml.php,v 1.3 2016/05/26 23:22:17 taca Exp $ + +Fix CVE-2016-5103, XSS from upstream. + +--- program/lib/Roundcube/rcube_washtml.php.orig 2016-04-17 16:22:20.000000000 +0000 ++++ program/lib/Roundcube/rcube_washtml.php +@@ -370,7 +370,7 @@ class rcube_washtml + */ + private function is_link_attribute($tag, $attr) + { +- return $tag == 'a' && $attr == 'href'; ++ return ($tag == 'a' || $tag == 'area') && $attr == 'href'; + } + + /** |