| Age | Commit message (Collapse) | Author | Files | Lines |
|
pkgsrc changes:
* Add "USE_TOOLS+= pax" to plugins.mk.
* Add some note to MESSAGES.
* update DESCR.
1.6.0 (2022-07-28)
We proudly announce the release of the next major version 1.6 of Roundcube
webmail. With this milestone we cleaned up the codebase and bring full
support for PHP 8.1. The most noteworthy changes, as already announced with
the beta release, are:
* PHP 8.1 support
* Dropped support for PHP < 7.3
* Support responses (snippets) in HTML format
* Option to purge deleted mails older than 30, 60 or 90 days
* Unified and simplified services connection config options
* Removed the Classic and Larry skins from the release packages
* SQLite: Use foreign keys, require SQLite >= 3.6.19
See the full changelog in the release notes on the Github download page.
Breaking Changes to 1.5 and prior versions
The following config options have either been removed or renamed:
1. IMAP:
* renamed default_host to imap_host
* removed default_port option (non-standard port can be set via
imap_host)
* set "localhost:143" as a default for imap_host
2. SMTP:
* renamed smtp_server to smtp_host
* removed smtp_port option (non-standard port can be set via smtp_host)
* set "localhost:587" as a default for smtp_host
3. LDAP:
* removed port option from ldap_public array (non-standard port can be set
via host)
* removed use_tls option from ldap_public array (use tls:// prefix in host)
4. Managesieve:
* removed managesieve_port option (non-standard port can be set via
managesieve_host)
* removed managesieve_usetls option (set tls:// prefix to managesieve_host)
|
|
1.5.3 (2022-06-26)
* Enigma: Fix initial synchronization of private keys
* Enigma: Fix double quoted-printable encoding of pgp-signed messages with
no attachments (#8413)
* Fix various PHP8 warnings (#8392)
* Fix mail headers injection via the subject field on mail compose (#8404)
* Fix bug where small message/rfc822 parts could not be decoded (#8408)
* Fix setting HTML mode on reply/forward of a signed message (#8405)
* Fix handling of RFC2231-encoded attachment names inside of a
message/rfc822 part (#8418)
* Fix bug where some mail parts (images) could have not be listed as
attachments (#8425)
* Fix bug where attachment icons were stuck at the top of the messages list
in Safari (#8433)
* Fix handling of message/rfc822 parts that are small and are multipart
structures with a single part (#8458)
* Fix bug where session could time out if DB and PHP timezone were different
(#8303)
* Fix bug where DSN flag state wasn't stored with a draft (#8371)
* Fix broken encoding of HTML content encapsulated in a RTF attachment
(#8444)
* Fix problem with aria-hidden=true on toolbar menus in the Elastic
skin (#8517)
* Fix bug where title tag content was displayed in the body if it contained
HTML tags (#8540)
* Fix support for DSN specification without host e.g. pgsql:///dbname
(#8558)
|
|
|
|
|
|
This update contains security fix.
Roundcube Webmail 1.5.1 (2021-11-28)
This is the first service release to update the new stable version 1.5. It
provides a bunch of small fixes and improvements after getting your feedback
from the 1.5.0 release. See the full changelog below.
Important note for MySQL and MariaDB database backends
The change to full UTF-8 support in MySQL/MariaDB didn't work for everybody
migrating an existing DB. Hence here's an important notice from the
UPGRADING instructions:
If you use MySQL < 5.7.7 or MariaDB < 10.2.2 make sure to configure it with:
innodb_large_prefix=1
innodb_file_per_table=1
innodb_file_format=Barracuda
This version is considered stable and we recommend to update all productive
installations of Roundcube with it. Please do backup your data before
updating!
CHANGELOG
* Fix importing contacts with no email address (#8227)
* Fix so session's search scope is not used if search is not active (#8199)
* Fix some PHP8 warnings (#8239)
* Fix so dark mode state is retained after closing the browser (#8237)
* Fix bug where new messages were not added to the list on refresh if
skip_deleted=true (#8234)
* Fix colors on "Show source" page in dark mode (#8246)
* Fix handling of dark_mode_support:false setting in skins meta.json - also
when devel_mode=false (#8249)
* Fix database initialization if db_prefix is a schema prefix (#8221)
* Fix undefined constant error in Installer on Windows (#8258)
* Fix installation/upgrade on MySQL 5.5 - Index column size too large (#8231)
* Fix regression in setting of contact listing name (#8260)
* Fix bug in Larry skin where headers toggle state was reset on full page
preview (#8203)
* Fix bug where \u200b characters were added into the recipient input
preventing mail delivery (#8269)
* Fix charset conversion errors on PHP < 8 for charsets not supported by
mbstring (#8252)
* Fix bug where adding a contact to trusted senders via "Always allow
from..." button didn't work (#8264, #8268)
* Fix bug with show_images setting where option 1 and 3 were swapped (#8268)
* Fix PHP fatal error on an undefined constant in contacts import action
(#8277)
* Fix fetching headers of multiple message parts at once in
rcube_imap_generic::fetchMIMEHeaders() (#8282)
* Fix bug where attachment download could sometimes fail with a CSRF check
error (#8283)
* Fix an infinite loop when parsing environment variables with float/integer
values (#8293)
* Fix so 'small-dark' logo has more priority than the 'small' logo (#8298)
Roundcube Webmail 1.5.2 (2021-12-30)
This is the second service release to update the new stable version 1.5. It
provides a bunch of small fixes and improvements to the OAuth feature as
well as a security fix to a recently reported XSS vulnerability. See the
full changelog below.
Security fix
* Cross-site scripting (XSS) via HTML messages with malicious CSS content
This version is considered stable and we recommend to update all productive
installations of Roundcube with it. Please do backup your data before
updating!
CHANGELOG
* OAuth: pass 'id_token' to 'oauth_login' plugin hook (#8214)
* OAuth: fix expiration of short-lived oauth tokens (#8147)
* OAuth: fix relative path to assets if /index.php/foo/bar url is used
(#8144)
* OAuth: no auto-redirect on imap login failures (#8370)
* OAuth: refresh access token in 'refresh' plugin hook (#8224)
* Fix so folder search parameters are honored by subscriptions_option plugin
(#8312)
* Fix password change with Directadmin driver (#8322, #8329)
* Fix so css files in plugins/jqueryui/themes will be minified too (#8337)
* Fix handling of unicode/special characters in custom From input (#8357)
* Fix some PHP8 compatibility issues (#8363)
* Fix chpass-wrapper.py helper compatibility with Python 3 (#8324)
* Fix scrolling and missing Close button in the Select image dialog in
Elastic/mobile (#8367)
* Security: fix cross-site scripting (XSS) via HTML messages with malicious
CSS content
|
|
1.5.0 (2021-10-17)
Quote from release announce:
We proudly announce the final release of the next major version 1.5 of
Roundcube webmail. With this milestone we introduce new features and full
PHP 8.0 support. The most noteworthy additions are:
- Dark mode for Elastic skin
- OAuth2/XOauth support (with plugin hooks)
- Collected recipients and trusted senders
- Moving recipients between inputs with drag & drop
- Full unicode support with MySQL database
- Support of IMAP LITERAL- extension RFC 7888
<https://datatracker.ietf.org/doc/html/rfc7888>
- Support of RFC 2231 <https://datatracker.ietf.org/doc/html/rfc2231>
encoded names
- Cache refactoring
|
|
All checksums have been double-checked against existing RMD160 and
SHA512 hashes
The following distfiles were unfetchable (possibly fetched
conditionally?):
./mail/qmail/distinfo netqmail-1.05-TAI-leapsecs.patch
|
|
|
|
This moves the configuration files for Roundcube plug-ins to $PKG_SYSCONFDIR,
where they should belong instead of $RC_DIR/$PLUGIN_DIR.
This works without any further patches, because Roundcube falls back to
RCUBE_CONFIG_DIR.'/'.$this->ID . '.inc.php' for plug-ins basically.
Bumps PKGREVISION for the plug-ins using ../../mail/roundcube/plugins.mk
(enigma, password, and zipdownload).
Tested on NetBSD/amd64.
OK taca@
|
|
|
|
RELEASE 1.4.11
--------------
- Display a nice error informing about no PHP8 support
- Elastic: Fix compatibility with Less v3 and v4 (#7813)
- Fix bug with managesieve_domains in Settings > Forwarding form (#7849)
- Fix errors in MSSQL database update scripts (#7853)
- Security: Fix cross-site scripting (XSS) via HTML messages with
malicious CSS content
|
|
Update roundcube to 1.4.10, including security fix.
RELEASE 1.4.10
--------------
- Fix extra angle brackets in In-Reply-To header derived from mailto: params (#7655)
- Fix folder list issue whan special folder is a subfolder (#7647)
- Fix Elastic's folder subscription toggle in search result (#7653)
- Fix state of subscription toggle on folders list after changing folder state from the search result (#7653)
- Security: Fix cross-site scripting (XSS) via HTML or Plain text messages with malicious content [CVE-2020-35730]
|
|
For the Python 3.8 default switch.
|
|
Reset PKGREVSION with updating to 1.4.9.
|
|
Update roundcube package to 1.4.9.
Roundcube Webmail 1.4.9 (2020-09-27)
This is a service update to the stable version 1.4 of Roundcube Webmail.
It contains fixes and general improvements from our issue tracker, mainly
related to email composition and UI oddities in Elastic skin and with the
TinyMCE richtext editor. See the full changelog below.
This version is considered stable and we recommend to update all productive
installations of Roundcube with it.
Please do backup your data before updating!
CHANGELOG
* Fix HTML editor in latest Chrome 85.0.4183.102, update to TinyMCE 4.9.11
(#7615)
* Add missing localization for some label/legend elements in userinfo plugin
(#7478)
* Fix importing birthday dates from Gmail vCards (BDAY:YYYYMMDD)
* Fix restoring Cc/Bcc fields from local storage (#7554)
* Fix jstz.min.js installation, bump version to 1.0.7
* Fix incorrect PDO::lastInsertId() use in sqlsrv driver (#7564)
* Fix link to closure compiler in bin/jsshrink.sh script (#7567)
* Fix bug where some parts of a message could have been missing in a
reply/forward body (#7568)
* Fix empty space on mail printouts in Chrome (#7604)
* Fix empty output from HTML5 parser when content contains XML tag (#7624)
* Fix scroll jump on key press in plain text mode of the HTML editor (#7622)
* Fix so autocompletion list does not hide on scroll inside it (#7592)
|
|
|
|
Update roundcube to 1.4.8, security release.
RELEASE 1.4.8
-------------
- Security: Fix potential XSS issue in HTML editor of the identity signature input (#7507)
- Managesieve: Fix too-small input field in Elastic when using custom headers (#7498)
- Fix support for an error as a string in message_before_send hook (#7475)
- Elastic: Fix redundant scrollbar in plain text editor on mail reply (#7500)
- Elastic: Fix deleted and replied+forwarded icons on messages list (#7503)
- Managesieve: Allow angle brackets in out-of-office message body (#7518)
- Fix bug in conversion of email addresses to mailto links in plain text messages (#7526)
- Fix format=flowed formatting on plain text part derived from the HTML content (#7504)
- Fix incorrect rewriting of internal links in HTML content (#7512)
- Fix handling links without defined protocol (#7454)
- Fix paging of search results on IMAP servers with no SORT capability (#7462)
- Fix detecting special folders on servers with both SPECIAL-USE and LIST-STATUS (#7525)
- Security: Fix cross-site scripting (XSS) via HTML messages with malicious svg content [CVE-2020-16145]
- Security: Fix cross-site scripting (XSS) via HTML messages with malicious math content
|
|
Update roundcube to 1.4.7.
RELEASE 1.4.7
-------------
- Fix bug where subfolders of special folders could have been duplicated on folder list
- Increase maximum size of contact jobtitle and department fields to 128 characters
- Fix missing newline after the logged line when writing to stdout (#7418)
- Elastic: Fix context menu (paste) on the recipient input (#7431)
- Fix problem with forwarding inline images attached to messages with no HTML part (#7414)
- Fix problem with handling attached images with same name when using database_attachments/redundant_attachments (#7455)
- Security: Fix cross-site scripting (XSS) via HTML messages with malicious svg/namespace
|
|
Update roundcube to 1.14.6.
RELEASE 1.4.6
-------------
- Installer: Fix regression in SMTP test section (#7417)
|
|
Update roundcube-plugin-password to 1.4.5
RELEASE 1.4.5
-------------
- Password: Fix issue with Modoboa driver (#7372)
|
|
Update roundcube-plugin-password to 1.4.4.
pkgsrc change: add dependecy to lang/tcl-expect.
RELEASE 1.4.3
-------------
- Password: Make chpass-wrapper.py Python 3 compatible (#7135)
|
|
Fix roundcube-plugin-password.
* Patch for roundcube-plugin-password had not been applied accidently.
* More changes were required to make it work on *BSD system.
Bump PKGREVISION.
|
|
Update roundcube-plugin-password to 1.4.2.
pkgsrc change:
* Use common patches/distinfo directory with roundcube.
RELEASE 1.4.2
-------------
- Password: Fix kpasswd and smb drivers' double-escaping bug (#7092)
RELEASE 1.4-rc2
---------------
- Password: Added ldap_exop driver (#4992)
- Password: Added support for SSHA512 password algorithm (#6805)
RELEASE 1.4-rc1
---------------
- Password: Added 'modoboa' driver (#6361)
- Password: Fix bug where password_dovecotpw_with_method setting could be ignored (#6436)
- Password: Fix bug where new users could skip forced password change (#6434)
- Password: Allow drivers to override default password comparisons (eg new is not same as current) (#6473)
- Password: Allow drivers to override default strength checks (eg allow for 'not the same as last x passwords') (#246)
- Passowrd: Allow drivers to define password strength rules displayed to the user
- Password: Allow separate password saving and strength drivers for use of strength checking services (#5040)
- Password: Add zxcvbn driver for checking password strength (#6479)
- Password: Disallow control characters in passwords
- Password: Add support for Plesk >= 17.8 (#6526)
RELEASE 1.4-beta
----------------
- Password: Support host variables in password_db_dsn option (#5955)
- Password: Automatic virtualmin domain setting, removed password_virtualmin_format option (#5759)
- Password: Added password_username_format option (#5766)
|
|
Update roundcube-plugin-password to 1.3.10. No changes except version.
pkgsrc change: remove duplicated setting PLUGIN.
|
|
Update roundcube and related pacakges to 1.3.9.
RELEASE 1.3.9
-------------
- Fix TinyMCE download location (#6694)
- Fix bug where a message/rfc822 part without a filename wasn't listed on the attachments list (#6494)
- Fix handling of empty entries in vCard import (#6564)
- Fix bug in parsing some IMAP command responses that include unsolicited replies (#6577)
- Fix PHP 7.2 compatibility in debug_logger plugin (#6586)
- Fix so ANY record is not used for email domain validation, use A, MX, CNAME, AAAA instead (#6581)
- Fix so mime_content_type check in Installer uses files that should always be available (i.e. from program/resources) (#6599)
- Fix missing CSRF token on a link to download too-big message part (#6621)
- Fix bug when aborting dragging with ESC key didn't stop the move action (#6623)
- Fix bug where next row wasn't selected after deleting a collapsed thread (#6655)
|
|
This is a semi-manual PKGREVISION bump.
|
|
No change except version.
|
|
* No change except version.
Reset PKGREVISION.
|
|
* Replace interpreter of perl script.
* Do not set REPLACE_PYTHON but add to it.
Bump PKGREVISION.
|
|
Fix PLIST after update to 1.3.6.
|
|
|
|
RELEASE 1.2.9
-------------
- Fix regression where IMAP commands with '*' uidset argument wasn't working
|
|
This is a security update to the stable version 1.2. It fixes a recently
reported vulnerability allowing IMAP command injection via a GET parameters.
More details about this are published under CVE-2018-9846.
The second fix is about a missed remote content blocking on HTML messages with
specially crafted image and style tags.
We strongly recommend to update all productive installations of Roundcube
1.2.x. Please do backup your data before updating!
CHANGELOG
* Fix check_request() bypass in places using get_uids() [CVE-2018-9846]
(#6238)
* Fix possible IMAP command injection vulnerability [CVE-2018-9846] (#6229)
* Fix security issue in remote content blocking on HTML image and style tags
(#6178)
|
|
Security fix for CVE-2017-16651.
RELEASE 1.2.7
-------------
- Fix rewind(): stream does not support seeking (#5950)
- Fix bug where HTML messages could have been rendered empty on some systems
(#5957)
- Fix (again) bug where image data URIs in css style were treated as
evil/remote in mail preview (#5580)
- Managesieve: Fix parsing dot-staffed lines in multiline text (#5838, #5959)
- Fix file disclosure vulnerability caused by insufficient input validation
[CVE-2017-16651] (#6026)
|
|
No change except version.
|
|
RELEASE 1.2.5
-------------
- Password: Fix security issue in virtualmin and sasl drivers [CVE-2017-8114]
|
|
Nothing is changed expect version.
|
|
* Add is_IS locale support.
|
|
None except version.
|
|
official roundcube.
Password Plugin for Roundcube
Plugin that adds a possibility to change user password using many
methods (drivers) via Settings/Password tab.
|