| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Update roundcube to 1.14.6.
RELEASE 1.4.6
-------------
- Installer: Fix regression in SMTP test section (#7417)
|
|
Update roundcube to 1.4.5, including some security fixes.
pkgsrc change:
* Proper replace PHP interpreter.
* Fix php-sockets option to work.
RELEASE 1.4.5
-------------
- Fix bug in extracting required plugins from composer.json that led to spurious error in log (#7364)
- Fix so the database setup description is compatible with MySQL 8 (#7340)
- Markasjunk: Fix regression in jsevent driver (#7361)
- Fix missing flag indication on collapsed thread in Larry and Elastic (#7366)
- Fix default keyservers (use keys.openpgp.org), add note about CORS (#7373, #7367)
- Mailvelope: Use sender's address to find pubkeys to check signatures (#7348)
- Mailvelope: Fix Encrypt button hidden in Elastic (#7353)
- Fix PHP warning: count(): Parameter must be an array or an object... in ID command handler (#7392)
- Fix error when user-configured skin does not exist anymore (#7271)
- Elastic: Fix aspect ratio of a contact photo in mail preview (#7339)
- Fix bug where PDF attachments marked as inline could have not been attached on mail forward (#7382)
- Security: Fix a couple of XSS issues in Installer (#7406)
- Security: Fix XSS issue in template object 'username' (#7406)
- Security: Better fix for CVE-2020-12641
- Security: Fix cross-site scripting (XSS) via malicious XML attachment
|
|
Update roundcube, roundcube-plugin-enigma and roundcube-plugin-zipdownload to
1.4.4. This includes security fixes..
RELEASE 1.4.4
-------------
- Fix bug where attachments with Content-Id were attached to the message on reply (#7122)
- Fix identity selection on reply when both sender and recipient addresses are included in identities (#7211)
- Elastic: Fix text selection with Shift+PageUp and Shift+PageDown in plain text editor when using Chrome (#7230)
- Elastic: Fix recipient input bug when using click to select a contact from autocomplete list (#7231)
- Elastic: Fix color of a folder with recent messages (#7281)
- Elastic: Restrict logo size in print view (#7275)
- Fix invalid Content-Type for messages with only html part and inline images - Mail_Mime-1.10.7 (#7261)
- Fix missing contact display name in QR Code data (#7257)
- Fix so button label in Select image/media dialogs is "Close" not "Cancel" (#7246)
- Fix regression in testing database schema on MSSQL (#7227)
- Fix cursor position after inserting a group to a recipient input using autocompletion (#7267)
- Fix string literals handling in IMAP STATUS (and various other) responses (#7290)
- Fix bug where multiple images in a message were replaced by the first one on forward/reply/edit (#7293)
- Fix handling keyservers configured with protocol prefix (#7295)
- Markasjunk: Fix marking as spam/ham on moving messages with Move menu (#7189)
- Markasjunk: Fix bug where moving to Junk was failing on messages selected with Select > All (#7206)
- Fix so imap error message is displayed to the user on folder create/update (#7245)
- Fix bug where a special folder couldn't be created if a special-use flag is not supported (#7147)
- Mailvelope: Fix bug where recipients with name were not handled properly in mail compose (#7312)
- Fix characters encoding in group rename input after group creation/rename (#7330)
- Fix bug where some message/rfc822 parts could not be attached on forward (#7323)
- Make install-jsdeps.sh script working without the 'file' program installed (#7325)
- Fix performance issue of parsing big HTML messages by disabling HTML5 parser for these (#7331)
- Fix so Print button for PDF attachments works on Firefox >= 75 (#5125)
- Security: Fix XSS issue in handling of CDATA in HTML messages
- Security: Fix remote code execution via crafted 'im_convert_path' or 'im_identify_path' settings
- Security: Fix local file inclusion (and code execution) via crafted 'plugins' option
- Security: Fix CSRF bypass that could be used to log out an authenticated user (#7302)
RELEASE 1.4.3
-------------
- Enigma: Fix so key list selection is reset when opening key creation form (#7154)
- Enigma: Fix so using list checkbox selection does not load the key preview frame
- Enigma: Fix generation of key pairs for identities with IDN domains (#7181)
- Enigma: Display IDN domains of key users and identities in UTF8
- Enigma: Fix bug where "Send unencrypted" button didn't work in Elastic skin (#7205)
- Managesieve: Fix bug where it wasn't possible to save flag actions (#7188)
- Markasjunk: Fix bug where marking as spam/ham didn't work on moving messages with drag-and-drop (#7137)
- Elastic: Fix disappearing sidebar in mail compose after clicking Mail button
- Elastic: Fix incorrect aria-disabled attribute on Mail taskmenu button in mail compose
- Elastic: Fix bug where it was possible to switch editor mode when 'htmleditor' was in 'dont_override' (#7143)
- Elastic: Fix text selection in recipient inputs (#7129)
- Elastic: Fix missing Close button in "more recipients" dialog
- Elastic: Fix non-working folder subscription checkbox for newly added folders (#7174)
- Fix regression where "Open in new window" action didn't work (#7155)
- Fix PHP Warning: array_filter() expects parameter 1 to be array, null given in subscriptions_option plugin (#7165)
- Fix unexpected error message when mail refresh involves folder auto-unsubscribe (#6923)
- Fix recipient duplicates in print-view when the recipient list has been expanded (#7169)
- Fix bug where files in skins/ directory were listed on skins list (#7180)
- Fix bug where message parts with no Content-Disposition header and no name were not listed on attachments list (#7117)
- Fix display issues with mail subject that contains line-breaks (#7191)
- Fix invalid Content-Transfer-Encoding on multipart messages - Mail_Mime fix (#7170)
- Fix regression where using an absolute path to SQLite database file on Windows didn't work (#7196)
- Fix using unix:///path/to/socket.file in memcached driver (#7210)
|
|
Fix roundcube-plugin-password.
* Patch for roundcube-plugin-password had not been applied accidently.
* More changes were required to make it work on *BSD system.
Bump PKGREVISION.
|
|
Update roundcube ot 1.4.2.
pkgsrc change:
* Use "complete" distfile and avoid downloading each JavaScript libraries.
* Use common patches/distinfo directory.
* Use REPLACE_PHP.
Here is release 1.4.0 announce (2019/11/09):
It's a big honor for me to announce the final release of the long awaited
major version 1.4 of Roundcube webmail.
After more than two years of hard work by Alec and other volunteer
contributors, Roundcube finally gets the responsive skin with full mobile
device support - the Elastic.
In addition to the new UI we introduce these new features:
* Email Resent (Bounce) feature
* Improved [Mailvelope](https://www.mailvelope.com) integration
* Support for Redis and Memcached cache
* Support for SMTPUTF8 and GSSAPI
Plus numerous improvements and bug fixes collected from your precious
feedback as well as updates to recent versions of 3rd party libraries like
jQuery and TinyMCE. See the full changelog in the release notes on the
Github download page [1].
The new Elastic theme, which is the new default skin, is built with LESS
and of course the sources are included. They allow a certain degree of
customization by adjusting some colors and variables using the
`_styles.less` and `_variables.less` files. Please consider customizing
your Roundcube installation in order to make phishing [2] harder. You'll
find guidance in the README.md file inside the skin folder.
This release is considered stable and we encourage you to update your
productive installations after carefully testing the upgrade scenario and
preparing your users to the significant changes in their webmail UI.
Download it from https://roundcube.net/download.
With the release of Roundcube 1.4.0, the previous stable release branches
1.3.x and 1.2.x will change into LTS low maintenance mode which means they
will only receive important security updates but no longer any regular
improvement updates. The 1.1.x series is no longer supported and maintained.
RELEASE 1.4.1 (2019/11/22)
-------------
- Elastic: Change HTML editor widget to improve form flow (#6992)
- Elastic: Fix position of mobile floating action button (#7038)
- Managesieve: Fix locked UI after opening filter frame (#7007)
- Fix PHP warning: "array_merge(): Expected parameter 2 to be an array, null given in sendmail.inc (#7003)
- Fix bug where cache keys could exceed length limit specified in db schema (#7004)
- Fix invalid Signature button state after escaping Mailvelope mode (#7015)
- Fix so 401 error is returned only on failed logon requests (#7010)
- Fix db_prefix handling in queries with `TRUNCATE TABLE <name>` and `UNIQUE <name>` (#7013)
- Fix so update.sh script warns about changed defaults (#7011)
- Fix tables listing routine when DSN contained a database with unsupported suffix (#7034)
- Fix so Elastic is also a default in jqueryui plugin (#7039)
- Fix bug where the Installer would not warn about required schema upgrade (#7042)
RELEASE 1.4.2 (2020/01/01)
-------------
- Plugin API: Make actionbefore, before<action>, actionafter and after<action> events working with plugin actions (#7106)
- Managesieve: Replace "Filter disabled" with "Filter enabled" (#7028)
- Managesieve: Fix so modifier type select wasn't hidden after hiding modifier select on header change
- Managesieve: Fix filter selection after removing a first filter (#7079)
- Markasjunk: Fix marking more than one message as spam/ham with email_learn driver (#7121)
- Installer: Fix DB Write test on SQLite database ("database is locked" error) (#7064)
- Installer: Fix so SQLite DSN with a relative path to the database file works in Installer
- Elastic: Fix contrast of warning toasts (#7058)
- Elastic: Simple search in pretty selects (#7072)
- Elastic: Fix hidden list widget on mobile/tablet when selecting folder while search menu is open (#7120)
- Fix so type attribute on script tags is not used on HTML5 pages (#6975)
- Fix unread count after purge on a folder that is not currently selected (#7051)
- Fix bug where Enter key didn't work on messages list in "List" layout (#7052)
- Fix bug where deleting a saved search in addressbook caused display issue on sources/groups list (#7061)
- Fix bug where a new saved search added after removing all searches wasn't added to the list (#7061)
- Fix bug where a new contact group added after removing all groups from addressbook wasn't added to the list
- Fix bug where Ctype extension wasn't required in Installer and INSTALL file (#7049)
- Fix so install-jsdeps.sh removes Bootstrap's sourceMappingURL (#7035)
- Fix so use of Ctrl+A does not scroll the list (#7020)
- Fix/remove useless keyup event handler on username input in logon form (#6970)
- Fix bug where cancelling switching from HTML to plain text didn't set the flag properly (#7077)
- Fix bug where HTML reply could add an empty line with extra indentation above the original message (#7088)
- Fix matching multiple X-Forwarded-For addresses with 'proxy_whitelist' (#7107)
- Fix so displayed maximum attachment size depends also on 'max_message_size' (#7105)
- Fix bug where 'skins_allowed' option didn't enforce user skin preference (#7080)
- Fix so contact's organization field accepts up to 128 characters (it was 50)
- Fix bug where listing tables in PostgreSQL database with db_prefix didn't work (#7093)
- Fix bug where 'text' attribute on body tag was ignored when displaying HTML message (#7109)
- Fix bug where next message wasn't displayed after delete in List mode (#7096)
- Fix so number of contacts in a group is not limited to 200 when redirecting to mail composer from Contacts (#6972)
- Fix malformed characters in HTML message with charset meta tag not in head (#7116)
|
|
Depend on php-zip for zip support.
Bump PKGREVISION.
|
|
|
|
RELEASE 1.3.10
--------------
- Managesieve: Fix so "Create filter" option does not show up when Filters menu is disabled (#6723)
- Fix compatibility with kolab/net_ldap3 > 1.0.7 (#6785)
- Fix bug where bmp images couldn't be displayed on some systems (#6728)
- Fix bug in parsing vCard data using PHP 7.3 due to an invalid regexp (#6744)
- Fix bug where bold/strong text was converted to upper-case on html-to-text conversion (6758)
- Fix bug in rcube_utils::parse_hosts() where %t, %d, %z could return only tld (#6746)
- Fix bug where Next/Prev button in mail view didn't work with multi-folder search result (#6793)
- Fix bug where selection of columns on messages list wasn't working
- Fix bug in converting multi-page Tiff images to Jpeg (#6824)
- Fix wrong messages order after returning to a multi-folder search result (#6836)
- Fix PHP 7.4 deprecation: implode() wrong parameter order (#6866)
- Fix bug where it was possible to bypass the position:fixed CSS check in received messages (#6898)
- Fix bug where some strict remote URIs in url() style were unintentionally blocked (#6899)
- Fix bug where it was possible to bypass the CSS jail in HTML messages using :root pseudo-class (#6897)
- Fix bug where it was possible to bypass href URI check with data:application/xhtml+xml URIs (#6896)
|
|
pkglint -Wall -r --only "substitution command" -F
With manual review and indentation fixes since pkglint doesn't get that
part correct in every case.
|
|
Update roundcube and related pacakges to 1.3.9.
RELEASE 1.3.9
-------------
- Fix TinyMCE download location (#6694)
- Fix bug where a message/rfc822 part without a filename wasn't listed on the attachments list (#6494)
- Fix handling of empty entries in vCard import (#6564)
- Fix bug in parsing some IMAP command responses that include unsolicited replies (#6577)
- Fix PHP 7.2 compatibility in debug_logger plugin (#6586)
- Fix so ANY record is not used for email domain validation, use A, MX, CNAME, AAAA instead (#6581)
- Fix so mime_content_type check in Installer uses files that should always be available (i.e. from program/resources) (#6599)
- Fix missing CSRF token on a link to download too-big message part (#6621)
- Fix bug when aborting dragging with ESC key didn't stop the move action (#6623)
- Fix bug where next row wasn't selected after deleting a collapsed thread (#6655)
|
|
This update includes XSS security problem.
RELEASE 1.3.8
-------------
- Fix PHP warnings on dummy QUOTA responses in Courier-IMAP 4.17.1 (#6374)
- Fix so fallback from BINARY to BODY FETCH is used also on [PARSE] errors in dovecot 2.3 (#6383)
- Fix invalid regular expressions that throw warnings on PHP 7.3 (#6398)
- Fix so Classic skin splitter does not escape out of window (#6397)
- Fix XSS issue in handling invalid style tag content (#6410)
- Fix compatibility with MySQL 8 - error on 'system' table use
- Managesieve: Fix bug where show_real_foldernames setting wasn't respected (#6422)
- New_user_identity: Fix %fu/%u vars substitution in user specific LDAP params (#6419)
- Fix support for "allow-from <uri>" in "x_frame_options" config option (#6449)
- Fix bug where valid content between HTML comments could have been skipped in some cases (#6464)
- Fix multiple VCard field search (#6466)
- Fix session issue on long running requests (#6470)
|
|
RELEASE 1.3.7
-------------
- Fix PHP Warning: Use of undefined constant IDNA_DEFAULT on systems without php-intl (#6244)
- Fix bug where some parts of quota information could have been ignored (#6280)
- Fix bug where some escape sequences in html styles could bypass security checks
- Fix bug where some forbidden characters on Cyrus-IMAP were not prevented from use in folder names
- Fix bug where only attachments with the same name would be ignored on zip download (#6301)
- Fix bug where unicode contact names could have been broken/emptied or caused DB errors (#6299)
- Fix bug where after "mark all folders as read" action message counters were not reset (#6307)
- Enigma: [EFAIL] Don't decrypt PGP messages with no MDC protection (#6289)
- Fix bug where some HTML comments could have been malformed by HTML parser (#6333)
|
|
* add JavaScript dependencies listed in jsdeps.json
* put them on /pub/pkgsrc/distfiles/roundcube to avoid checksum error due
to archive automatic generation (e.g. tinymce_languages.zip)
* remove patch-ac
* add example configuration fragment for www/lighttpd
CHANGELOG Roundcube Webmail
===========================
RELEASE 1.3.6
-------------
- Fix parsing date strings (e.g. from a Date: mail header) with comments (#6216)
- Fix PHP 7.2: count(): Parameter must be an array in enchant-based spellchecker (#6234)
- Fix possible IMAP command injection and type juggling vulnerabilities (#6229)
- Enigma: Fix key selection for signing
- Enigma: Enable keypair generation on Internet Explorer 11
- Fix check_request() bypass in places using get_uids() [CVE-2018-9846] (#6238)
- Fix bug where usernames without domain part could be malformed or converted to lower-case on logon (#6224)
RELEASE 1.3.5
-------------
- Managesieve: Fix bug where text: syntax was forced for strings longer than 1024 characters (#6143)
- Managesieve: Fix missing Save button in Edit Filter Set page of Classic skin (#6154)
- Fix duplicated labels in Test SMTP Config section (#6166)
- Fix PHP Warning: exif_read_data(...): Illegal IFD size (#6169)
- Enigma: Fix key generation in Safari by upgrade to OpenPGP 2.6.2 (#6149)
- Fix security issue in remote content blocking on HTML image and style tags (#6178)
- Added 9pt and 11pt to the list of font sizes in HTML editor
- Fix handling encoding of HTML tags in "inline" JSON output (#6207)
- Fix bug where some unix timestamps were not handled correctly by rcube_utils::anytodatetime() (#6212)
RELEASE 1.3.4
-------------
- Fix bug where contacts search could skip some records (#6130)
- Fix possible information leak - add more strict sql error check on user creation (#6125)
- Fix a couple of warnings on PHP 7.2 (#6098)
- Fix broken long filenames when using imap4d server - workaround server bug (#6048)
- Fix so temp_dir misconfiguration prints an error to the log (#6045)
- Fix untagged COPYUID responses handling - again (#5982)
- Fix PHP warning "idn_to_utf8(): INTL_IDNA_VARIANT_2003 is deprecated" with PHP 7.2 (#6075)
- Fix bug where Archive folder wasn't auto-created on login with create_default_folders=true
- Fix performance issue when parsing malformed and long Date header (#6087)
- Fix syntax error in mssql.initial.sql (#6097)
- Fix bug where contacts export by selection returned no more than 10 entries (#6103)
- Fix searching contacts by address in LDAP source (#6084)
- Fix X-Frame-Options:ALLOW-FROM support, remove custom click-jacking protection (#6057)
RELEASE 1.3.3
-------------
- Fix decoding of mailto: links with + character in HTML messages (#6020)
- Fix false reporting of failed upgrade in installto.sh (#6019)
- Fix file disclosure vulnerability caused by insufficient input validation [CVE-2017-16651] (#6026)
- Fix mangled non-ASCII characters in links in HTML messages (#6028)
RELEASE 1.3.2
-------------
- Improve detection for Egde browser and add pointer event support (#5922)
- Fix bug where pink image was used instead of a thumbnail when image resize fails (#5933)
- Fix so files size/count limit is verified (client-side) also on drag-n-drop uploads (#5940)
- Fix invalid template loading on a message error in preview frame (#5941)
- Fix bug where HTML messages could have been rendered empty on some systems (#5957)
- Fix wording of "Mark previewed messages as read" to "Mark messages as read" (#5952)
- Enigma: Fix decryption of messages encoded with non-ascii charset (#5962)
- Fix missing cursor in HTML editor on mail reply (#5969)
- Fix (again) bug where image data URIs in css style were treated as evil/remote in mail preview (#5580)
- Fix bug where mail search could return empty result on servers without SORT capability (#5973)
- Fix bug where assets_path wasn't added to some watermark frames
- Fix so untagged COPYUID responses are also supported according to RFC6851 (#5982)
- Fix issue caused by non-default session.cookie_lifetime setting (#5961)
- Fix Edge encoding bug when pasting text into the HTML editor, update to TinyMCE 4.5.8 (#5885)
- Fix handling of unknown Content-Disposition type (#6002)
- Fix truncated folder name on messages list in multi-folder mode, for folders with non-ascii characters (#6004)
- Fix bug where removing the last subfolder did not hide toggle button on its parent record (#6007)
- Fix bug where ghost messages could be added to the list after fast delete (#5941)
RELEASE 1.3.1
-------------
- Don't ignore (global) userlogins/sendmail logs in per_user_logging mode
- Add Preferences > Mailbox View > Main Options > Layout (#5829)
- Password: Fix compatibility with PHP 7+ in cpanel_webmail driver (#5820)
- Managesieve: Fix parsing dot-staffed lines in multiline text (#5838)
- Managesieve: Fix AM/PM suffix in vacation time selectors
- Managesieve: Fix bug where 'exists' operator was reset to 'contains' (#5899)
- Remove non-printable characters from filenames on download/display (#5880)
- Fix decoding non-ascii attachment names from TNEF attachments (#5646, #5799)
- Fix uninitialized string offset in rcube_utils::bin2ascii() and make sure rcube_utils::random_bytes() result has always requested length (#5788)
- Fix bug where HTML messages with @media styles could moddify style of page body (#5811)
- Fix style issue on selected and unfocused message that is part of a thread (#5798)
- Fix bug where a.button style from managesieve plugin could impact other elements (#5800)
- Fix position of selected icon for (Mailvelope) Encrypt button
- Fix fatal error when using DMY- or MDY-based date format in PostgreSQL (#5808)
- Fix bug where errors were not printed when using bin/update.sh (#5834)
- Fix PHP 7.2 warnings on count() use (#5845)
- Fix bug where Chrome could not upload the same file that was selected before (#5854)
- Fix duplicate messages on the list after deleting messages on the next to the last page (#5862)
- Fix bug where messages count was not updated after delete when imap_cache is set (#5872)
- Fix potential XSS vulnerability with malformed HTML message markup
- Fix sending message with "Too many public recipients" dialog buttons (#5924)
- Bring back double-click behavior on the message list which was removed in 1.3.0 (#5823)
- Enigma: Fix decrypting an encrypted+signed message when signature verification fails (#5914)
RELEASE 1.3.0
-------------
- Update to TinyMCE 4.5.7
- Fix bug where invalid recipients could be silently discarded (#5739)
- Fix conflict with _gid cookie of Google Analytics (#5748)
- Print error from CLI scripts when system/exec function is disabled (#5744)
- Fix bug where comment notation within style tag would cause the whole style to be ignored (#5747)
- Fix bug where it wasn't possible to scroll folders list in Edge (#5750)
- Fix folders list sorting on Windows - if php-intl is available (#5732)
- Fix addressbook searching by gender (#5757)
- Fix prevention from using % and * characters in folder name (#5762)
- Fix POST parameter reflection in default_charset selector (#5768)
- Enigma: Fix compatibility with assets_dir
- Managesieve: Skip redundant LISTSCRIPTS command
- Fix SQL syntax error on MariaDB 10.2 (#5774)
- Fix bug where zipdownload ignored files with the same name (#5777)
- Fix bug where it wasn't possible to set timezone to auto-detected value (#5782)
RELEASE 1.3-rc
--------------
- "Flattened" the larry theme: fresher look by removing shadows and gradients
- Support logging to php://stdout (#5721)
- Add support for DelSp=Yes in format=flowed messages (#5702)
- Update to jQuery 3.2.1
- Update to TinyMCE 4.5.6
- Plugin API: Call message_part_structure hook for sub-parts of multipart/alternative message (#5678)
- Enigma: Always use detached signatures (#5624)
- Enigma: Fix handling of messages with nested PGP encrypted parts (#5634)
- Minimize unwanted message loading in preview frame on drag (#5616)
- Fix failing database schema check in all engines except mysql (#5730)
- Fix autocomplete popup closing with click outside the input, don't handle Tab key as Enter (#5606)
- Fix jsdeps.json synchronization on update, warn about missing requirements of install-jsdeps.sh (#5598)
- Fix missing thread expand icon on search result in widescreen mode (#5613)
- Fix bug where image data URIs in css style were treated as evil/remote in mail preview (#5580)
- Fix bug where external content in src attribute of input/video tags was not secured (#5583)
- Fix PHP error on update of a contact with multiple email addresses when using PHP 7.1 (#5587)
- Fix bug where mail content frame couldn't be reset in some corner cases (#5608)
- Fix bug where some classic skin images were not displayed in IE/Edge (#5614)
- Fix bug where signature couldn't be added above the quote in Firefox 51 (#5628)
- Fix regression where groups with email address were resolved to its members' addresses
- Fix update of group name in the contacts list header on group rename (#5648)
- Add rewrite rule to disable access to /vendor/bin folder in .htaccess (#5630)
- Fix bug where it was too easy accidentally move a folder when using the subscription checkbox (#5655)
- Managesieve: Fix parser issue with empty lines between comments (#5657)
- Managesieve: Fix possible defect in handling \r\n in scripts (#5685)
- Fix/rephrase "unsaved changes" warning when cancelling a draft (#5610)
- Fix XSS issue in handling of a style tag inside of an svg element [CVE-2017-6820]
- Fix bug where settings/upload.inc could not be used by plugins (#5694)
- Fix regression in LDAP fuzzy search where it always used prefix search instead (#5713)
- Fix bug where namespace prefix could not be truncated on folders list if show_real_foldernames=true (#5695)
- Fix undesired effects when postgres database uses different timezone than PHP host (#5708)
- Installer: Fix DB schema initialization on MS SQL Server
- Fix bug where base_dn setting was ignored inside group_filters (#5720)
- Password: Fix security issue in virtualmin and sasl drivers [CVE-2017-8114]
RELEASE 1.3-beta
----------------
- Nicely handle contact deletion on contact edit (#5522)
- vcard_attachments: Add possibility to attach contact vCard to composed message (#4997)
- Preserve message internal/received date on import in mbox format (#5559)
- Zipdownload: Fix date format in mbox "From line"
- Possibility to display QR code for contacts data (#5030)
- Added identicon plugin
- Widescreen layout aka three column view (#5093)
- Unify automatic marking as \Seen in preview pane, full-page and extwin views (#5071)
- Disable double-click on the list when preview pane is on (#5199)
- Support hostname and hostname:port in force_https option (#5511)
- Support ALLOW-FROM in x_frame_options (#5122)
- Allow to omit a subject when sending an email (#5068)
- Warn about too many disclosed recipients in composed email [max_disclosed_recipients] (#5132)
- identity_select: Support Received header (#5085)
- Plugin API: Added get_compose_responses hook (#5457)
- Display error when trying to upload more files than specified in max_file_uploads (#5483)
- Add missing sql upgrade file for 'ip' column resize in session table (#5465)
- Do not show inline images of unsupported mimetype (#5463)
- Password: Added replacement variables support in password_pop_host (#5539)
- Password: Don't store passwords in temp files when using dovecotpw (#5531)
- Password: Added LDAP PPolicy driver (#5364)
- Password: Added cpanel_webmail driver (#5549)
- Password: Added possibility to nicely redirect from other plugins on password expiration (#5468)
- Implement separate action to mark all messages in a folder as \Seen (#5006)
- Implement marking as \Seen in all folders or in a folder and its subfolders (#5076)
- Archive: Don't reload messages list when it's not needed (#5225)
- Archive: Add option to automatically mark archived messages as \Seen (#5142)
- Improve randomness of password salts and random hashes (#5266)
- Password/cPanel: Add support for hash authentication and reseller accounts (#5252)
- Support host-specific imap_conn_options/smtp_conn_options/managesieve_conn_options (#5136)
- Center and scale images in attachment preview frame (#5421)
- Added max_message_size option enforced when attaching files to a composed message (#4993)
- Added Search button in quick search menus (#5312)
- Implement "one click" attachment/messages/photo upload (#5024)
- Squirrelmail_usercopy: Add option to define character set of data files
- Removed useless 'created' column from 'session' table (#5389)
- Dropped legacy browsers support (#5167)
- Removed legacy_browser plugin
- Removed hacks for IE < 10
- Update to jQuery 3.1.1 and jQuery-UI 1.12.0
- compile .min.js files with ECMASCRIPT5 option
- Require PHP >= 5.4
- Add possibility to preview and download attachments in mail compose (#5053)
- Add possibility to rename attachments in mail compose (#4996)
- Remove backward compatibility "layer" of bc.php (#4902)
- Support WEBP images in mail messages (#5362)
- Support MathML in HTML message preview (#5182)
- Rename Addressbook to Contacts (#5233)
- Remove PHP mail() support, smtp_server is required now (#5340)
- Display full message subject in onmouseover on truncated subject in mail view (#5346)
- Enigma: Support GnuPG 2.1 (#5313)
- Enigma: Support key generation for multiple identities (#5383)
- Enigma: Import keys from key-server(s) (#5286)
- Enigma: Search missing public keys on a key-server in mail compose (#5286)
- Enigma: Delete user keys when using deluser.sh script
- Enigma: Fix redundant list-secret-keys/list-public-keys calls on signing/encryption
- Enigma: Implement PGP encryption and signing in one go (#5302)
- Enigma: Display signature verification status for encrypted+signed messages (#5302)
- Display different attachment icon on encrypted messages
- Display different confirmation text when moving messages to Trash (#5220)
- Indicate that a collapsed thread has flagged children (#5013)
- Implemented message/rfc822 attachment preview
- Update to jsTimezoneDetect 1.0.6
- Managesieve: Add (optional) RAW script editor (#5414)
- Managesieve: Add option to automatically set vacation :from address (#5428)
- Managesieve: Support 'string' test from variables extension [RFC 5229] (#5248)
- Managesieve: Support 'duplicate' extension [RFC 7352]
- Managesieve: Unhide advanced rule controls if there are inputs with errors
- Managesieve: Display warning message when filter form contains errors
- Control search engine crawlers via X-Robots-Tag header instead of <meta> and robots.txt (#5098)
- Fixed redundancy in sql caching system and compatibility with Galera Cluster (#5439)
- Removed redundant 'created' column from cache and cache_shared tables
- Removed use of redundant data records
- Added missing primary keys (dictionary, cache, cache_shared tables)
- Fix so templating system does not mess with external (e.g. email) content (#5499)
- Fix redundant keep-alive/refresh after session error on compose page (#5500)
- Managesieve: Fix handling of scripts with nested rules (#5540)
- Fix variable substitution in ldap host for some use-cases, e.g. new_user_identity (#5544)
- Enigma: Fix PHP fatal error when decrypting a message with invalid signature (#5555)
- Fix adding images to new identity signatures
- Fix rsync error handling in installto.sh script (#5562)
- Fix some advanced search issues with multiple addressbooks (#5572)
- Fix so group/addressbook selection is retained on page refresh
|
|
RELEASE 1.2.9
-------------
- Fix regression where IMAP commands with '*' uidset argument wasn't working
|
|
Fix typo in DEPENDS.
|
|
This is a security update to the stable version 1.2. It fixes a recently
reported vulnerability allowing IMAP command injection via a GET parameters.
More details about this are published under CVE-2018-9846.
The second fix is about a missed remote content blocking on HTML messages with
specially crafted image and style tags.
We strongly recommend to update all productive installations of Roundcube
1.2.x. Please do backup your data before updating!
CHANGELOG
* Fix check_request() bypass in places using get_uids() [CVE-2018-9846]
(#6238)
* Fix possible IMAP command injection vulnerability [CVE-2018-9846] (#6229)
* Fix security issue in remote content blocking on HTML image and style tags
(#6178)
|
|
Security fix for CVE-2017-16651.
RELEASE 1.2.7
-------------
- Fix rewind(): stream does not support seeking (#5950)
- Fix bug where HTML messages could have been rendered empty on some systems
(#5957)
- Fix (again) bug where image data URIs in css style were treated as
evil/remote in mail preview (#5580)
- Managesieve: Fix parsing dot-staffed lines in multiline text (#5838, #5959)
- Fix file disclosure vulnerability caused by insufficient input validation
[CVE-2017-16651] (#6026)
|
|
RELEASE 1.2.6
-------------
- Don't ignore (global) userlogins/sendmail logging in per_user_logging mode
- Managesieve: Fix AM/PM suffix in vacation time selectors
- Fix bug where comment notation within style tag would cause the whole style
to be ignored (#5747)
- Fix bug where it wasn't possible to scroll folders list in Edge (#5750)
- Fix addressbook searching by gender (#5757)
- Fix SQL syntax error on MariaDB 10.2 (#5774)
- Fix bug where it wasn't possible to set timezone to auto-detected value
(#5782)
- Fix uninitialized string offset in rcube_utils::bin2ascii() and make sure
rcube_utils::random_bytes() result has always requested length (#5788)
- Fix potential XSS vulnerability with malformed HTML message markup
|
|
RELEASE 1.2.5
-------------
- Fix re-positioning of the fixed header of messages list in Chrome when using
minimal mode toggle and About dialog (#5711)
- Fix so settings/upload.inc could not be used by plugins (#5694)
- Fix regression in LDAP fuzzy search where it always used prefix search
instead (#5713)
- Fix bug where namespace prefix could not be truncated on folders list if
show_real_foldernames=true (#5695)
- Fix bug where base_dn setting was ignored inside group_filters (#5720)
|
|
is built into PHP. Bump resp. PKGREVISION.
|
|
CHANGELOG Roundcube Webmail
===========================
RELEASE 1.2.4
-------------
- Managesieve: Fix handling of scripts with nested rules (#5540)
- Managesieve: Fix parser issue with empty lines between comments (#5657)
- Managesieve: Fix possible defect in handling \r\n in scripts (#5685)
- Fix variable substitution in ldap host for some use-cases,
e.g. new_user_identity (#5544)
- Fix adding images to new identity signatures
- Fix rsync error handling in installto.sh script (#5562)
- Fix some advanced search issues with multiple addressbooks (#5572)
- Fix so group/addressbook selection is retained on page refresh
- Fix bug where image data URIs in css style were treated as evil/remote in
mail preview (#5580)
- Fix bug where external content in src attribute of input/video tags was not
secured (#5583)
- Fix PHP error on update of a contact with multiple email addresses when
using PHP 7.1 (#5587)
- Fix bug where mail content frame couldn't be reset in some corner cases
(#5608)
- Fix bug where some classic skin images were not displayed in IE/Edge (#5614)
- Fix bug where signature couldn't be added above the quote in Firefox 51
(#5628)
- Fix regression where groups with email address were resolved to its members'
addresses
- Fix update of group name in the contacts list header on group rename (#5648)
- Add rewrite rule to disable access to /vendor/bin folder in .htaccess (#5630)
- Fix bug where it was too easy accidentally move a folder when using the
subscription checkbox (#5655)
- Fix XSS issue in handling of a style tag inside of an svg element
|
|
pkgsrc changes:
* Drop dependency to pear-Mail_mimeDecode.
* Update dependency.
Other changes:
* Add is_IS, ku_IQ and sq_AL locale support.
RELEASE 1.2.3
* Searching in both contacts and groups when LDAP addressbook with
group_filters option is used
* Fix vulnerability in handling of mail()'s 5th argument
* Fix To: header encoding in mail sent with mail() method (#5475)
* Fix flickering of header topline in min-mode (#5426)
* Fix bug where folders list would scroll to top when clicking on subscription
checkbox (#5447)
* Fix decoding of GB2312/GBK text when iconv is not installed (#5448)
* Fix regression where creation of default folders wasn't functioning without
prefix (#5460)
* Fix bug where deleting folders with subfolders could fail in some cases
(#5466)
* Fix bug where IMAP password could be exposed via error message (#5472)
* Fix bug where it wasn't possible to store more that 2MB objects in
memcache/apc, Added memcache_max_allowed_packet and apc_max_allowed_packet
settings (#5452)
* Fix "Illegal string offset" warning in rcube::log_bug() on PHP 7.1 (#5508)
* Fix storing "empty" values in rcube_cache/rcube_cache_shared (#5519)
* Fix missing content check when image resize fails on attachment thumbnail
generation (#5485)
* Fix displaying attached images with wrong Content-Type specified (#5527)
|
|
RELEASE 1.2.2
-------------
- Fix regression in resizing JPEG images with Imagick (#5376)
- Managesieve: Fix parsing of vacation date-time with non-default date_format (#5372)
- Use SymLinksIfOwnerMatch in .htaccess instead of FollowSymLinks disabled on some hosts for security reasons (#5370)
- Wash position:fixed style in HTML mail for better security (#5264)
- Fix bug where memcache_debug didn't work for session operations
- Fix bug where Message-ID domain part was tied to username instead of current identity (#5385)
- Fix bug where blocked.gif couldn't be attached to reply/forward with insecure content
- Fix E_DEPRECATED warning when using Auth_SASL::factory() (#5401)
- Fix bug where names of downloaded files could be malformed when derived from the message subject (#5404)
- Fix so "All" messages selection is resetted on search reset (#5413)
- Fix bug where folder creation could fail if personal namespace contained more than one entry (#5403)
- Fix error causing empty INBOX listing in Firefox when using an URL with user:password specified (#5400)
- Fix PHP warning when handling shared namespace with empty prefix (#5420)
- Fix so folders list is scrolled to the selected folder on page load (#5424)
- Fix so when moving to Trash we make sure the folder exists (#5192)
- Fix displaying size of attachments with zero size
- Fix so "Action disabled" error uses more appropriate 404 code (#5440)
|
|
pkgsrc changes:
o Split some plugins (enigma, password and zipdownload) to separate packages.
o Drop PHP_VERSIONS_ACCEPTED since now it support PHP 7.0.
o Rename sockets PKG_OPTIONS to php-sockets.
Catch up PR pkg/51370 in a little different way.
RELEASE 1.2.1
-------------
- Update TinyMCE to version 4.3.13 (#5309)
- Fix bug where errors could have been not logged when per_user_logging=true
- Fix bug where message list columns could be in wrong order after column drag-n-drop and list sorting
- Fix so minified publickey.js (with cache-buster) is used when available (#5254)
- Fix (replace) application/x-tar file extension test as it might not exist in nginx config (#5253)
- Fix PHP warning when password_hosts is set, but is not an array (#5260)
- Fix redundant keep-alive requests when session_lifetime is greater than ~20000 (#5273)
- Fix so subfolders of INBOX can be set as Archive (#5274)
- Fix bug where multi-folder search could choose a wrong folder in "this and subfolders" scope (#5282)
- Fix bug where multi-folder search didn't work for unsubscribed INBOX (#5259)
- Fix bug where "no body" alert could be displayed when sending mailvelope email
- Enigma: Fix keys import from inside of an encrypted message (#5285)
- Enigma: Fix malformed signed messages with force_7bit=true (#5292)
- Enigma: Add possibility to configure gpg binary location (enigma_pgp_binary)
- Enigma: Add possibility to export private keys (#5321)
- Fix searching by email address in contacts with multiple addresses (#5291)
- Fix handling of --delete argument in moduserprefs.sh script (#5296)
- Workaround PHP issue by calling closelog() on script shutdown when using log_driver=syslog (#5289)
- Fix so upgrade script makes sure program/lib directory does not contain old libraries (#5287)
- Fix subscription checkbox state on error in folder subscribe/unsubscribe action (#5243)
- Fix bug where microsecond format in logged date didn't work in some cases
- Fix conflict in new_user_dialog and password_force_new_user settings (#5275)
- Don't create multipart/alternative messages with empty text/plain part (#5283)
- Use contact_search_name format in popup on results in compose contacts search
- Fix handling of 'mailto' and 'error' arguments in message_before_send hook (#5347)
- Fix missing localization of HTML editor when assets_dir != INSTALL_PATH
- Fix handling of blockquote tags with mixed case on html2text conversion (#5363)
- Fix javascript errors in IE on page with iframe that points to another domain
RELEASE 1.2.0
-------------
- Enigma: Added enigma_debug option
- Fix message list multi-select/deselect issue (#5219)
- Fix bug where getting HTML editor content could steal focus from other form controls (#5223)
- Fix bug where contact search menu fields where always unchecked in Larry skin
- Fix autoloading of 'html' class
- Fix bug where Encrypt button appears when switching editor to HTML (#5235)
- Fix XSS issue in href attribute on area tag (#5240)
RELEASE 1.2-rc
--------------
- Managesieve: Refactored script parser to be 100x faster
- Enigma: added option to force users to use signing/encryption
- Enigma: Added option to attach public keys to sent mail (#5152)
- Enigma: Handle messages with text before an encrypted block (#5149)
- Enigma: Handle encrypted/signed content inside message/rfc822 attachments
- Enigma: Fix missing html/plain switch on multipart/signed messages (#4963)
- Enigma: Disable format=flowed for signed plain text messages (#4960)
- Enigma: Fix handling of encrypted + signed messages (#4950)
- Enigma: Fix invalid boundary use in signed messages structure
- Enable use of TLSv1.1 and TLSv1.2 for IMAP (#4955)
- Save copy of original .htaccess file when using installto.sh script (#4947)
- Fix regression where some message attachments could be missing on edit/forward (#4939)
- Fix regression in displaying contents of message/rfc822 parts (#4937)
- Fix handling of message/rfc822 attachments on replies and forwards (#4938)
- Fix PDF support detection in Firefox > 19 (#4941)
- Fix path traversal vulnerability in setting a skin [CVE-2015-8770] (#4945)
- Fix so drag-n-drop of text (e.g. recipient addresses) on compose page actually works (#4944)
- Fix .htaccess rewrite rules to not block .well-known URIs (#4943)
- Fix mail view scaling on iOS (#4915)
- Fix PHP7 warning "session_start(): Session callback expects true/false return value" (#4948)
- Fix XSS issue in SVG images handling (#4949)
- Fix missing language name in "Add to Dictionary" request in HTML mode (#4951)
- Fix (again) security issue in DBMail driver of password plugin [CVE-2015-2181] (#4958)
- Fix bug where Archive/Junk buttons were not active after page jump with select=all mode (#4961)
- Fix bug in long recipients list parsing for cases where recipient name contained @-char (#4964)
- Plugin API: Added addressbook_export hook
- Fix additional_message_headers plugin compatibility with Mail_Mime >= 1.9 (#4966)
- Hide DSN option in Preferences when smtp_server is not used (#4967)
- Fix handling of body parameter in mail compose request
- Protect download urls against CSRF using unique request tokens (#4957)
- newmail_notifier: Refactor desktop notifications
- Fix so contactlist_fields option can be set via config file
- Fix so SPECIAL-USE assignments are forced only until user sets special folders (#4782)
- Fix performance in reverting order of THREAD result
- Fix converting mail addresses with @www. into mailto links (#5197)
RELEASE 1.2-beta
----------------
- Update TinyMCE to version 4.2
- Added support for Redis session handler
- Removed some deprecated methods: https://github.com/roundcube/roundcubemail/commit/454b0b1c
- Remove backward compatibility "layer" of bc.php (#4902)
- Add possibility to define date format in write operations for ldap attributes (#3956)
- Display attachment size in compose (#1329)
- Added possibility to drag-n-drop attachments from mail preview to compose window
- Implemented mail messages searching with predefined date interval
- PGP encryption support via Mailvelope integration
- PGP encryption support via Enigma plugin
- PHP7 compatibility fixes (#4836)
- Security: Added brute-force attack prevention via login rate limit (#4922)
- Security: Added options to validate username/password on logon (#4884)
- Security: Improve randomness of security tokens (#4899)
- Security: Use random security tokens instead of hashes based on encryption key (#4829)
- Security: Improved encrypt/decrypt methods with option to choose the cipher_method (#4492)
- Make optional adding of standard signature separator - sig_separator (#3276)
- Optimize folder_size() on Cyrus IMAP by using special folder annotation (#4894)
- Make optional hidding of folders with name starting with a dot - imap_skip_hidden_folders (#4870)
- Add option to enable HTML editor always, except when replying to plain text messages (#4352)
- Emoticons: Added option to switch on/off emoticons in compose editor (#2076)
- Emoticons: Added option to switch on/off emoticons in plain text messages
- Emoticons: All emoticons-related functionality is handled by the plugin now
- Installer: Add button to save generated config file in system temp directory (#3553)
- Remove common subject prefixes Re:, Re[x]:, Re-x: on reply (#4882)
- Added GSSAPI/Kerberos authentication plugin - krb_authentication
- Password: Allow temporarily disabling the plugin functionality with a notice
- Require Mbstring and OpenSSL extensions (#5166)
- Add --config and --type options to moduserprefs.sh script (#4651)
- Implemented memcache_debug and apc_debug options
- Installer: Remove system() function use (#4695)
- Password plugin: Added 'kpasswd' driver by Peter Allgeyer
- Add initdb.sh to create database from initial.sql script with prefix support (#4722)
- Plugin API: Added disabled_plugins an disabled_buttons options in html_editor hook
- Plugin API: Added html2text hook
- Plugin API: Added message_part_body hook
- Plugin API: Added message_ready hook
- Plugin API: Add special onload() method to execute plugin actions before startup (session and GUI initialization)
- Implemented UI element to jump to specified page of the messages list (#1677)
- Fix searching of contacts to allow remote images for known senders (#4886)
- Fix bug where clicking date column with 'arrival' sorting would switch to sorting by 'date' (#4690)
- Fix bug where message content could overlap attachments list in Larry skin (#4876)
- Fix so microseconds macro (u) in log_date_format works (#4855)
- Fix so unrecognized TNEF attachments are displayed on the list of attachments (#5138)
- Fix so database_attachments::cleanup() does not remove attachments from other sessions (#4907)
- Fix responses list update issue after response name change (#4917)
- Fix bug where message preview was unintentionally reset on check-recent action (#4921)
- Fix bug where HTML messages with invalid/excessive css styles couldn't be displayed (#4905)
- Fix redundant blank lines when using HTML and top posting (#4927)
- Fix redundant blank lines on start of text after html to text conversion (#4928)
- Fix HTML sanitizer to skip <!-- node type X --> in output (#4932)
- Fix invalid LDAP query in ACL user autocompletion (#4934)
|
|
|
|
e-mail.
And some installed files are changed, bump PKGREVISION.
|
|
Bump PKGREVISION.
|
|
make password plugin work.
|
|
RELEASE 1.1.5
-------------
- Plugin API: Add html2text hook
- Plugin API: Added addressbook_export hook
- Fix missing emoticons on html-to-text conversion
- Fix random "access to this resource is secured against CSRF" message at logout (#4956)
- Fix missing language name in "Add to Dictionary" request in HTML mode (#4951)
- Enable use of TLSv1.1 and TLSv1.2 for IMAP (#4955)
- Fix XSS issue in SVG images handling (#4949)
- Fix (again) security issue in DBMail driver of password plugin [CVE-2015-2181] (#4958)
- Fix bug where Archive/Junk buttons were not active after page jump with select=all mode (#4961)
- Fix bug in long recipients list parsing for cases where recipient name contained @-char (#4964)
- Fix additional_message_headers plugin compatibility with Mail_Mime >= 1.9 (#4966)
- Hide DSN option in Preferences when smtp_server is not used (#4967)
- Protect download urls against CSRF using unique request tokens (#4957)
- newmail_notifier: Refactor desktop notifications
- Fix so contactlist_fields option can be set via config file
- Fix so SPECIAL-USE assignments are forced only until user sets special folders (#4782)
- Fix performance in reverting order of THREAD result
- Fix converting mail addresses with @www. into mailto links (#5197)
|
|
|
|
Make sure
${PREFIX}/share/roundcube/temp/
exists and is writable by the web server user.
|
|
|
|
* Fix a potential path traversal vulnerability.
* Adds some measures against brute-force attacks
RELEASE 1.1.4
-------------
- Add workaround for https://bugs.php.net/bug.php?id=70757 (#1490582)
- Fix duplicate messages in list and wrong count after delete (#1490572)
- Fix so Installer requires PHP5
- Make brute force attacks harder by re-generating security token on every failed login (#1490549)
- Slow down brute-force attacks by waiting for a second after failed login (#1490549)
- Fix .htaccess rewrite rules to not block .well-known URIs (#1490615)
- Fix mail view scaling on iOS (#1490551)
- Fix so database_attachments::cleanup() does not remove attachments from other sessions (#1490542)
- Fix responses list update issue after response name change (#1490555)
- Fix bug where message preview was unintentionally reset on check-recent action (#1490563)
- Fix bug where HTML messages with invalid/excessive css styles couldn't be displayed (#1490539)
- Fix redundant blank lines when using HTML and top posting (#1490576)
- Fix redundant blank lines on start of text after html to text conversion (#1490577)
- Fix HTML sanitizer to skip <!-- node type X --> in output (#1490583)
- Fix invalid LDAP query in ACL user autocompletion (#1490591)
- Fix regression in displaying contents of message/rfc822 parts (#1490606)
- Fix handling of message/rfc822 attachments on replies and forwards (#1490607)
- Fix PDF support detection in Firefox > 19 (#1490610)
- Fix path traversal vulnerability (CWE-22) in setting a skin (#1490620)
- Fix so drag-n-drop of text (e.g. recipient addresses) on compose page actually works (#1490619)
|
|
|
|
Problems found locating distfiles:
Package mutt: missing distfile patch-1.5.24.rr.compressed.gz
Package p5-Email-Valid: missing distfile Email-Valid-1.198.tar.gz
Package pine: missing distfile fancy.patch.gz
Package postgrey: missing distfile targrey-0.31-postgrey-1.34.patch
Package qmail: missing distfile badrcptto.patch
Package qmail: missing distfile outgoingip.patch
Package qmail: missing distfile qmail-1.03-realrcptto-2006.12.10.patch
Package qmail: missing distfile qmail-smtpd-viruscan-1.3.patch
Package thunderbird24: missing distfile enigmail-1.7.2.tar.gz
Package thunderbird31: missing distfile enigmail-1.7.2.tar.gz
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
|
|
ok taca@
Since Makefile 1.59, the iconv option had no effect - reinstate iconv as
being optional.
This update to 1.1.3 makes multibyte and openssl a requirement (and drops
mcrypt support).
RELEASE 1.1.3
-------------
- Fix closing of nested menus (#1490443)
- Fix so E_DEPRECATED errors from PEAR libs are ignored by error_reporting change (#1490281)
- Fix compatibility with PHP 5.3 in rcube_ldap class (#1490424)
- Get rid of Mail_mimeDecode package dependency (#1490416)
- Fix "Importing..." message does not hide on error (#1490422)
- Fix Compose action in addressbook for results from multiple addressbooks (#1490413)
- Fix bug where some messages in multi-folder search couldn't be viewed/printed/downloaded (#1490426)
- Fix unintentional messages list page change on page switch in compose addressbook (#1490427)
- Fix race-condition in saving user preferences and loading plugin config (#1490431)
- Fix so plain text signature field uses monospace font (#1490435)
- Fix so links with href == content aren't added to links list on html to text conversion (#1490434)
- Fix handling of non-break spaces in html to text conversion (#1490436)
- Fix self-reply detection issues (#1490439)
- Fix multi-folder search result sorting by arrival date (#1490450)
- Fix so *-request@ addresses in Sender: header are also ignored on reply-all (#1490452)
- Update to TinyMCE 4.1.10 (#1490405)
- Fix draft removal after a message is sent and storing sent message is disabled (#1490467)
- Fix so imap folder attribute comparisons are case-insensitive (#1490466)
- Fix bug where new messages weren't added to the list in search mode
- Fix wrong positioning of message list header on page scroll in Webkit browsers (#1490035)
- Fix some javascript errors in rare situations (#1490441)
- Fix error when using back button after sending an email (#1490009)
- Fix removing signature when switching to identity with an empty sig in HTML mode (#1490470)
- Disable links list generation on html-to-text conversion of identities or composed message (#1490437)
- Fix "washing" of style elements wrapped into many lines
- Fix so input field (e.g. search box) does not loose focus on list load (#1490455)
- Fix so css of one html part does not apply to other text parts on message display (#1490505)
- Fix XSS issue in drag-n-drop file uploads (#1490530)
- Fix handling of plus character in mailto: links (#1490510)
- Fix so adding CC/BCC recipients from the sidebar unhides compose form fields in Classic skin (#1490472)
- Fix so gc.sh script removes also expired sessions from sql database (#1490512)
- Fix support for Mozilla-based browsers, e.g. Pale Moon (#1490517)
- Fix various issues with Turkish (and similar) locales (#1490519)
- Fix so In-Reply-To header is set also for MDN receipts (#1490523)
- Fix missing HTTP_X_FORWARDED_FOR address in generated Received header
- Fix issue where Content-Length of some attachments could be set to wrong value causing browser errors (#1490482)
|
|
Thanks much!
|
|
PR pkg/50041.
Bump PKGREVISION.
|
|
It is not the version of Apache but using Apache modules.
Bump PKGREVISION.
|
|
Bump PKGREVISION.
|
|
|
|
RELEASE 1.1.2
-------------
- Add new plugin hook 'identity_create_after' providing the ID of the inserted identity (#1490358)
- Add option to place signature at bottom of the quoted text even in top-posting mode [sig_below]
- Fix handling of %-encoded entities in mailto: URLs (#1490346)
- Fix zipped messages downloads after selecting all messages in a folder (#1490339)
- Fix vpopmaild driver of password plugin
- Fix PHP warning: Non-static method PEAR::setErrorHandling() should not be called statically (#1490343)
- Fix tables listing routine on mysql and postgres so it skips system or other database tables and views (#1490337)
- Fix message list header in classic skin on window resize in Internet Explorer (#1490213)
- Fix so text/calendar parts are listed as attachments even if not marked as such (#1490325)
- Fix lack of signature separator for plain text signatures in html mode (#1490352)
- Fix font artifact in Google Chrome on Windows (#1490353)
- Fix bug where forced extwin page reload could exit from the extwin mode (#1490350)
- Fix bug where some unrelated attachments in multipart/related message were not listed (#1490355)
- Fix mouseup event handling when dragging a list record (#1490359)
- Fix bug where preview_pane setting wasn't always saved into user preferences (#1490362)
- Fix bug where messages count was not updated after message move/delete with skip_deleted=false (#1490372)
- Fix security issue in contact photo handling (#1490379)
- Fix possible memcache/apc cache data consistency issues (#1490390)
- Fix bug where imap_conn_options were ignored in IMAP connection test (#1490392)
- Fix bug where some files could have "executable" extension when stored in temp folder (#1490377)
- Fix attached file path unsetting in database_attachments plugin (#1490393)
- Fix issues when using moduserprefs.sh without --user argument (#1490399)
- Fix potential info disclosure issue by protecting directory access (#1490378)
- Fix blank image in html_signature when saving identity changes (#1490412)
- Installer: Use openssl_random_pseudo_bytes() (if available) to generate des_key (#1490402)
- Fix XSS vulnerability in _mbox argument handling (#1490417)
|
|
Add dependency on net/pear-Net_LDAP3 when ldap option is enabled, as
the LDAP directory feature of Roundcube requires it.
|
|
- change rights for the spool, log and tmp directories from 0755 to 0750,
they contain sensitive information depending on configuration;
- fix the default paths of potential mime.types files;
- change config.inc.php to respect pkgsrc paths especially VARBASE;
No regression expected. Bump rev.
ok taca@.
|
|
RELEASE 1.1.1
-------------
- ACL: Allow other plugins to adjust the list of permissions and groups to edit
- Add possibility to print contact information (of a single contact)
- Add possibility to configure max_allowed_packet value for all database engines (#1490283)
- Improved handling of storage errors after message is sent
- Update to TinyMCE 4.1.9
- Unified request* event arguments handling, added support for _unlock and _action parameters
- Security: Generate random hash for the per-user local storage prefix (#1490279)
- Fix refreshing of drafts list when sending a message which was saved in meantime (#1490238)
- Fix saving/sending emoticon images when assets_dir is set
- Fix PHP fatal error when visiting Vacation interface and there's no sieve script yet (#1490292)
- Fix setting max packet size for DB caches and check packet size also in shared cache
- Fix needless security warning on BMP attachments display (#1490282)
- Fix handling of some improper constructs in format=flowed text as per the RFC3676[4.5] (#1490284)
- Fix performance of rcube_db_mysql::get_variable()
- Fix missing or not up-to-date CATEGORIES entry in vCard export (#1490277)
- Fix fatal errors on systems without mbstring extension or mb_regex_encoding() function (#1490280)
- Fix cursor position on reply below the quote in HTML mode (#1490263)
- Fix so "over quota" errors are displayed also in message compose page
- Fix duplicate entries supression in autocomplete result (#1490290)
- Fix "Non-static method PEAR::isError() should not be called statically" errors (#1490281)
- Fix parsing invalid HTML messages with BOM after <!DOCTYPE> (#1490291)
- Fix duplicate entry on timezones list in rcube_config::timezone_name_from_abbr() (#1490293)
- Fix so localized folder name is displayed in multi-folder search result (#1490243)
- Fix javascript error after creating a folder which is a subfolder of another one (#1490297)
- Fix bug where subject of sent/saved message was removed if mbstring wasn't installed (#1490295)
- Fix missing vcard_attachment icon on messages list (#1490303)
- Fix storing signatures with big images in MySQL database (#1490306)
- Fix Opera browser detection in javascript (#1490307)
- Fix so search filter, scope and fields are reset on folder change
- Fix rows count when messages search fails (#1490266)
- Fix bug where spellchecking in HTML editor do not work after switching editor type more than once (#1490311)
- Fix bug where TinyMCE area height was too small on slow network connection (#1490310)
- Fix backtick character handling in sql queries (#1490312)
- Fix redirct URL for attachments loaded in an iframe when behind proxy (#1490191)
- Fix menu container references to point to the actual <ul> element (#1490313)
- Fix javascripts errors in IE8 - lack of Event.which, focusing a hidden element (#1490318)
|
|
* Setting PKGNAME was accidently removed.
* Fix typo on php-exif dependency.
Noted by tnn@.
|
|
roundcube use php-exif if available and comment in patch-installer_check.php
was wrong.
Bump PKGREVISION.
|
|
Allow searching across multiple folders
Improved support for screen readers and assistive technology using WCAG 2.0 and WAI ARIA standards
Update to TinyMCE 4.1 to support images in HTML signatures (copy & paste)
Added namespace filter and folder searching in folder manager
New config option to disable UI elements/actions
Stronger password encryption using OpenSSL
Support for the IMAP SPECIAL-USE extension
Support for Oracle as database backend
Manage 3rd party libs with Composer
|
|
RELEASE 1.0.5
-------------
- Fix bug where some valid text in a message was handled as uuencoded attachment
- Fix wrong icon for download button in classic skin
- Fix bug where sent message was saved in Sent folder even if disabled by user (#1490208)
- Fix checks based on window.ActiveXObject in IE > 10
- Fix XSS issue in style attribute handling (#1490227)
- Fix bug where Drafts list wasn't updated on draft-save action in new window (#1490225)
- Fix so "set as default" option is hidden if identities_level > 1 (#1490226)
- Fix bug where search was reset after returning from compose visited for reply
- Fix javascript error in "IE 8.0/Tablet PC" browser (#1490210)
- Fix bug where empty fieldmap config entries caused empty results of ldap search (#1490229)
|
|
RELEASE 1.0.4
-------------
- Disable TinyMCE contextmenu plugin as there are more cons than pros in using it (#1490118)
- Fix bug where show_real_foldernames setting wasn't honored on compose page (#1490153)
- Fix issue where Archive folder wasn't protected in Folder Manager (#1490154)
- Fix compatibility with PHP 5.2. in rcube_imap_generic (#1490115)
- Fix setting flags on servers with no PERMANENTFLAGS response (#1490087)
- Fix regression in SHAA password generation in ldap driver of password plugin (#1490094)
- Fix displaying of HTML messages with absolutely positioned elements in Larry skin (#1490103)
- Fix font style display issue in HTML messages with styled <span> elements (#1490101)
- Fix download of attachments that are part of TNEF message (#1490091)
- Fix handling of uuencoded messages if messages_cache is enabled (#1490108)
- Fix handling of base64-encoded attachments with extra spaces (#1490111)
- Fix handling of UNKNOWN-CTE response, try do decode content client-side (#1490046)
- Fix bug where creating subfolders in shared folders wasn't possible without ACL extension (#1490113)
- Fix reply scrolling issue with text mode and start message below the quote (#1490114)
- Fix possible issues in skin/skin_path config handling (#1490125)
- Fix lack of delimiter for recipient addresses in smtp_log (#1490150)
- Fix generation of Blowfish-based password hashes (#1490184)
- Fix bugs where CSRF attacks were still possible on some requests
|
