Index: branches/2016Q2/mail/roundcube/Makefile =================================================================== --- branches/2016Q2/mail/roundcube/Makefile (revision 416648) +++ branches/2016Q2/mail/roundcube/Makefile (revision 416649) @@ -1,109 +1,109 @@ # $FreeBSD$ PORTNAME= roundcube -DISTVERSION= 1.1.4 +DISTVERSION= 1.1.5 PORTREVISION= 1 PORTEPOCH= 1 CATEGORIES?= mail www -MASTER_SITES= SF/${PORTNAME}mail/${PORTNAME}mail/${DISTVERSION:tu} +MASTER_SITES= https://github.com/roundcube/roundcubemail/releases/download/${DISTVERSION}/ DISTNAME= ${PORTNAME}mail-${DISTVERSION}-complete MAINTAINER?= ale@FreeBSD.org COMMENT= Fully skinnable XHTML/CSS webmail written in PHP LICENSE= GPLv3 NO_BUILD= yes WRKSRC= ${WRKDIR}/${PORTNAME}mail-${DISTVERSION} RCUBECOMP= SQL config index.php installer logs plugins program robots.txt skins temp vendor PORTDOCS= CHANGELOG INSTALL README.md UPGRADING USES= cpe CPE_PRODUCT= webmail CPE_VENDOR= roundcube WANT_PHP_WEB= yes USE_PHP= pcre mbstring session iconv dom xml json intl zip filter -IGNORE_WITH_PHP=52 +IGNORE_WITH_PHP=70 OPTIONS_DEFINE= SSL LDAP GD PSPELL NSC DOCS OPTIONS_SINGLE= DB OPTIONS_SINGLE_DB= MYSQL PGSQL SQLITE OPTIONS_DEFAULT=MYSQL MYSQL_DESC= Use MySQL backend PGSQL_DESC= Use PostgreSQL backend SQLITE_DESC= Use SQLite backend SSL_DESC= Enable SSL support (imaps or google spellcheck) LDAP_DESC= Enable LDAP support (address book) GD_DESC= Enable GD support (image conversion) PSPELL_DESC= Enable PSpell support (internal spellcheck) NSC_DESC= Install network spellchecker .include .if ${PORT_OPTIONS:MMYSQL} USE_PHP+= pdo_mysql .endif .if ${PORT_OPTIONS:MPGSQL} USE_PHP+= pdo_pgsql .endif .if ${PORT_OPTIONS:MSQLITE} USE_PHP+= pdo_sqlite .endif .if ${PORT_OPTIONS:MSSL} USE_PHP+= openssl .endif .if ${PORT_OPTIONS:MLDAP} USE_PHP+= ldap .endif .if ${PORT_OPTIONS:MGD} USE_PHP+= gd .endif .if ${PORT_OPTIONS:MPSPELL} || ${PORT_OPTIONS:MNSC} USE_PHP+= pspell .endif .if ${PORT_OPTIONS:MNSC} RCUBECOMP+= spellchecker.php USE_PHP+= simplexml PLIST_SUB+= SPELLCHECK="" .else PLIST_SUB+= SPELLCHECK="@comment " .endif .if ${PORT_OPTIONS:MNSC} post-extract: @${CP} ${FILESDIR}/spellchecker.php ${WRKSRC} .endif post-patch: @${FIND} ${WRKSRC} -name \*.orig -type f -delete do-install: -${MKDIR} ${STAGEDIR}${WWWDIR} @cd ${WRKSRC} && ${COPYTREE_BIN} bin ${STAGEDIR}${WWWDIR} .for i in ${RCUBECOMP} @cd ${WRKSRC} && ${COPYTREE_SHARE} ${i} ${STAGEDIR}${WWWDIR} .endfor .if ${PORT_OPTIONS:MDOCS} ${MKDIR} ${STAGEDIR}${DOCSDIR} .for i in ${PORTDOCS} @${INSTALL_DATA} ${WRKSRC}/${i} ${STAGEDIR}${DOCSDIR}/ .endfor .endif @(cd ${WRKSRC}; ${FIND} bin ${RCUBECOMP} -not -type d) | ${SORT} | \ ${SED} -ne 's,^,${WWWDIR_REL}/,p' >> ${TMPPLIST} @${ECHO_CMD} '@exec chown ${WWWOWN}:${WWWGRP} %D/${WWWDIR_REL}/logs' \ >> ${TMPPLIST} @${ECHO_CMD} '@exec chown ${WWWOWN}:${WWWGRP} %D/${WWWDIR_REL}/temp' \ >> ${TMPPLIST} .include Index: branches/2016Q2/mail/roundcube/distinfo =================================================================== --- branches/2016Q2/mail/roundcube/distinfo (revision 416648) +++ branches/2016Q2/mail/roundcube/distinfo (revision 416649) @@ -1,2 +1,2 @@ -SHA256 (roundcubemail-1.1.4-complete.tar.gz) = 9bfe88255d4ffc288f5776de1cead78352469b1766d5ebaebe6e28043affe181 -SIZE (roundcubemail-1.1.4-complete.tar.gz) = 4578600 +SHA256 (roundcubemail-1.1.5-complete.tar.gz) = 476a1d45b0592b2ad43e3e08cbc72e69ef31e33ed8a8f071f02e5a1ae3e7f334 +SIZE (roundcubemail-1.1.5-complete.tar.gz) = 4581781 Index: branches/2016Q2/mail/roundcube/files/patch-CVE-2016-5103 =================================================================== --- branches/2016Q2/mail/roundcube/files/patch-CVE-2016-5103 (nonexistent) +++ branches/2016Q2/mail/roundcube/files/patch-CVE-2016-5103 (revision 416649) @@ -0,0 +1,19 @@ +commit 6652367d656de7e5f404935be04e10aa281add53 +Author: Aleksander Machniak +Date: Fri May 6 08:28:15 2016 +0200 + + Fix XSS issue in href attribute on area tag (#5240, #5241) + +diff --git a/program/lib/Roundcube/rcube_washtml.php b/program/lib/Roundcube/rcube_washtml.php +index 5938d9b..d03f04a 100644 +--- program/lib/Roundcube/rcube_washtml.php ++++ program/lib/Roundcube/rcube_washtml.php +@@ -370,7 +370,7 @@ class rcube_washtml + */ + private function is_link_attribute($tag, $attr) + { +- return $tag == 'a' && $attr == 'href'; ++ return ($tag == 'a' || $tag == 'area') && $attr == 'href'; + } + + /** Property changes on: branches/2016Q2/mail/roundcube/files/patch-CVE-2016-5103 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: branches/2016Q2 =================================================================== --- branches/2016Q2 (revision 416648) +++ branches/2016Q2 (revision 416649) Property changes on: branches/2016Q2 ___________________________________________________________________ Modified: svn:mergeinfo ## -0,0 +0,1 ## Merged /head:r414979,416648