Index: head/mail/roundcube/Makefile =================================================================== --- head/mail/roundcube/Makefile (revision 448030) +++ head/mail/roundcube/Makefile (revision 448031) @@ -1,77 +1,77 @@ # $FreeBSD$ PORTNAME= roundcube -DISTVERSION= 1.2.5 +DISTVERSION= 1.3.0 PORTEPOCH= 1 CATEGORIES?= mail www MASTER_SITES= https://github.com/roundcube/roundcubemail/releases/download/${DISTVERSION}/ DISTNAME= ${PORTNAME}mail-${DISTVERSION}-complete MAINTAINER?= ale@FreeBSD.org COMMENT= Fully skinnable XHTML/CSS webmail written in PHP LICENSE= GPLv3 NO_ARCH= yes NO_BUILD= yes WRKSRC= ${WRKDIR}/${PORTNAME}mail-${DISTVERSION} RCUBECOMP= SQL config .htaccess index.php installer logs \ - plugins program robots.txt skins temp vendor + plugins program skins temp vendor PORTDOCS= CHANGELOG INSTALL README.md UPGRADING USES= cpe php:web CPE_PRODUCT= webmail CPE_VENDOR= roundcube USE_PHP= pcre mbstring session iconv dom xml json intl zip filter openssl fileinfo exif OPTIONS_DEFINE= LDAP GD PSPELL NSC DOCS OPTIONS_SINGLE= DB OPTIONS_SINGLE_DB= MYSQL PGSQL SQLITE OPTIONS_DEFAULT=MYSQL DB_DESC= Database backend MYSQL_DESC= Use MySQL backend PGSQL_DESC= Use PostgreSQL backend SQLITE_DESC= Use SQLite backend LDAP_DESC= Enable LDAP support (address book) GD_DESC= Enable GD support (image conversion) PSPELL_DESC= Enable PSpell support (internal spellcheck) NSC_DESC= Install network spellchecker GD_VARS= use_php+=gd LDAP_VARS= use_php+=ldap MYSQL_VARS= use_php+=pdo_mysql NSC_IMPLIES= PSPELL NSC_VARS= use_php+=simplexml rcubecomp+=spellchecker.php PGSQL_VARS= use_php+=pdo_pgsql PSPELL_VARS= use_php+=pspell SQLITE_VARS= use_php+=pdo_sqlite post-extract-NSC: @${CP} ${FILESDIR}/spellchecker.php ${WRKSRC} post-patch: @${FIND} ${WRKSRC} -name \*.orig -type f -delete do-install: -${MKDIR} ${STAGEDIR}${WWWDIR} @cd ${WRKSRC} && ${COPYTREE_BIN} bin ${STAGEDIR}${WWWDIR} .for i in ${RCUBECOMP} @cd ${WRKSRC} && ${COPYTREE_SHARE} ${i} ${STAGEDIR}${WWWDIR} .endfor @(cd ${WRKSRC}; ${FIND} bin ${RCUBECOMP} -not -type d) | ${SORT} | \ ${SED} -ne 's,^,${WWWDIR_REL}/,p' >> ${TMPPLIST} - @${ECHO_CMD} '@exec chown ${WWWOWN}:${WWWGRP} %D/${WWWDIR_REL}/logs' \ + @${ECHO_CMD} '@postexec chown ${WWWOWN}:${WWWGRP} %D/${WWWDIR_REL}/logs' \ >> ${TMPPLIST} - @${ECHO_CMD} '@exec chown ${WWWOWN}:${WWWGRP} %D/${WWWDIR_REL}/temp' \ + @${ECHO_CMD} '@postexec chown ${WWWOWN}:${WWWGRP} %D/${WWWDIR_REL}/temp' \ >> ${TMPPLIST} do-install-DOCS-on: ${MKDIR} ${STAGEDIR}${DOCSDIR} .for i in ${PORTDOCS} @${INSTALL_DATA} ${WRKSRC}/${i} ${STAGEDIR}${DOCSDIR}/ .endfor .include Index: head/mail/roundcube/distinfo =================================================================== --- head/mail/roundcube/distinfo (revision 448030) +++ head/mail/roundcube/distinfo (revision 448031) @@ -1,3 +1,3 @@ -TIMESTAMP = 1497032006 -SHA256 (roundcubemail-1.2.5-complete.tar.gz) = 5494f0a29ff1bc8542c6efc70fa3c35bba6229aebb9cd0d086fd552cb10bf4f3 -SIZE (roundcubemail-1.2.5-complete.tar.gz) = 3900925 +TIMESTAMP = 1498605012 +SHA256 (roundcubemail-1.3.0-complete.tar.gz) = a9c4d084716482171b23216d57ad9dafd85bd34f1eee73824c62327fc22b995a +SIZE (roundcubemail-1.3.0-complete.tar.gz) = 6158919 Index: head/mail/roundcube/files/patch-INSTALL =================================================================== --- head/mail/roundcube/files/patch-INSTALL (revision 448030) +++ head/mail/roundcube/files/patch-INSTALL (revision 448031) @@ -1,10 +1,10 @@ ---- INSTALL.orig 2016-05-22 11:06:47 UTC -+++ INSTALL -@@ -29,7 +29,6 @@ REQUIREMENTS +--- INSTALL.orig 2017-06-26 20:56:47.000000000 +0200 ++++ INSTALL 2017-06-30 10:19:42.732739000 +0200 +@@ -30,7 +30,6 @@ REQUIREMENTS - memory_limit > 16MB (increase as suitable to support large attachments) - file_uploads enabled (for attachment upload features) - session.auto_start disabled - - suhosin.session.encrypt disabled - mbstring.func_overload disabled - - magic_quotes_runtime disabled - - magic_quotes_sybase disabled + * A MySQL, PostgreSQL, MS SQL Server (2005 or newer), Oracle database + or SQLite support in PHP - with permission to create tables Index: head/mail/roundcube/files/patch-config_defaults.inc.php =================================================================== --- head/mail/roundcube/files/patch-config_defaults.inc.php (revision 448030) +++ head/mail/roundcube/files/patch-config_defaults.inc.php (revision 448031) @@ -1,13 +1,13 @@ ---- config/defaults.inc.php.orig 2016-05-22 11:06:45 UTC -+++ config/defaults.inc.php -@@ -717,8 +717,8 @@ $config['spellcheck_dictionary'] = false +--- config/defaults.inc.php.orig 2017-06-26 20:56:47.000000000 +0200 ++++ config/defaults.inc.php 2017-06-30 10:19:42.733949000 +0200 +@@ -739,8 +739,8 @@ $config['spellcheck_dictionary'] = false // You can connect to any other googie-compliant service by setting 'spellcheck_uri' accordingly. $config['spellcheck_engine'] = 'googie'; -// For locally installed Nox Spell Server or After the Deadline services, -// please specify the URI to call it. +// For a locally installed spellcheker, specify the URI to call it, for example: +// 'http://' . $_SERVER['HTTP_HOST'] . '/spellchecker.php?lang=' // Get Nox Spell Server from http://orangoo.com/labs/?page_id=72 or // the After the Deadline package from http://www.afterthedeadline.com. // Leave empty to use the public API of service.afterthedeadline.com Index: head/mail/roundcube/files/patch-installer_check.php =================================================================== --- head/mail/roundcube/files/patch-installer_check.php (revision 448030) +++ head/mail/roundcube/files/patch-installer_check.php (revision 448031) @@ -1,10 +1,10 @@ ---- installer/check.php.orig 2016-05-22 11:06:45 UTC -+++ installer/check.php +--- installer/check.php.orig 2017-06-26 20:56:47.000000000 +0200 ++++ installer/check.php 2017-06-30 10:20:01.306208000 +0200 @@ -43,7 +43,6 @@ $ini_checks = array( 'file_uploads' => 1, 'session.auto_start' => 0, 'mbstring.func_overload' => 0, - 'suhosin.session.encrypt' => 0, - 'magic_quotes_runtime' => 0, - 'magic_quotes_sybase' => 0, ); + + $optional_checks = array( Index: head/mail/roundcube/files/patch-program_lib_Roundcube_bootstrap.php =================================================================== --- head/mail/roundcube/files/patch-program_lib_Roundcube_bootstrap.php (revision 448030) +++ head/mail/roundcube/files/patch-program_lib_Roundcube_bootstrap.php (revision 448031) @@ -1,10 +1,10 @@ ---- program/lib/Roundcube/bootstrap.php.orig 2016-05-22 11:06:47 UTC -+++ program/lib/Roundcube/bootstrap.php -@@ -37,7 +37,6 @@ $config = array( +--- program/lib/Roundcube/bootstrap.php.orig 2017-06-26 20:56:48.000000000 +0200 ++++ program/lib/Roundcube/bootstrap.php 2017-06-30 10:20:36.888301000 +0200 +@@ -35,7 +35,6 @@ $config = array( // check these additional ini settings if not called via CLI if (php_sapi_name() != 'cli') { $config += array( - 'suhosin.session.encrypt' => false, 'file_uploads' => true, ); } Index: head/mail/roundcube/files/patch-program_lib_Roundcube_rcube_message.php =================================================================== --- head/mail/roundcube/files/patch-program_lib_Roundcube_rcube_message.php (revision 448030) +++ head/mail/roundcube/files/patch-program_lib_Roundcube_rcube_message.php (revision 448031) @@ -1,13 +1,13 @@ ---- program/lib/Roundcube/rcube_message.php.orig 2016-05-22 11:06:47 UTC -+++ program/lib/Roundcube/rcube_message.php -@@ -766,9 +766,7 @@ class rcube_message +--- program/lib/Roundcube/rcube_message.php.orig 2017-06-26 20:56:48.000000000 +0200 ++++ program/lib/Roundcube/rcube_message.php 2017-06-30 10:20:36.889381000 +0200 +@@ -830,9 +830,7 @@ class rcube_message } // part is a file/attachment else if (preg_match('/^(inline|attach)/', $mail_part->disposition) || - $mail_part->headers['content-id'] || - ($mail_part->filename && - (empty($mail_part->disposition) || preg_match('/^[a-z0-9!#$&.+^_-]+$/i', $mail_part->disposition))) + $mail_part->headers['content-id'] || $mail_part->filename ) { // skip apple resource forks if ($message_ctype_secondary == 'appledouble' && $secondary_type == 'applefile') Index: head/mail/roundcube/files/patch-program_lib_Roundcube_rcube_session.php =================================================================== --- head/mail/roundcube/files/patch-program_lib_Roundcube_rcube_session.php (revision 448030) +++ head/mail/roundcube/files/patch-program_lib_Roundcube_rcube_session.php (revision 448031) @@ -1,102 +1,102 @@ ---- program/lib/Roundcube/rcube_session.php.orig 2016-05-22 11:06:47 UTC -+++ program/lib/Roundcube/rcube_session.php +--- program/lib/Roundcube/rcube_session.php.orig 2017-06-26 20:56:48.000000000 +0200 ++++ program/lib/Roundcube/rcube_session.php 2017-06-30 10:20:36.890382000 +0200 @@ -39,7 +39,6 @@ abstract class rcube_session protected $time_diff = 0; protected $reloaded = false; protected $appends = array(); - protected $unsets = array(); protected $gc_enabled = 0; protected $gc_handlers = array(); protected $cookiename = 'roundcube_sessauth'; @@ -158,7 +157,7 @@ abstract class rcube_session // if there are cached vars, update store, else insert new data if ($oldvars) { - $newvars = $this->_fixvars($vars, $oldvars); + $newvars = $vars; return $this->update($key, $newvars, $oldvars); } else { -@@ -180,39 +179,6 @@ abstract class rcube_session +@@ -198,39 +197,6 @@ abstract class rcube_session } /** - * Merge vars with old vars and apply unsets - */ - protected function _fixvars($vars, $oldvars) - { - if ($oldvars !== null) { - $a_oldvars = $this->unserialize($oldvars); - if (is_array($a_oldvars)) { - // remove unset keys on oldvars - foreach ((array)$this->unsets as $var) { - if (isset($a_oldvars[$var])) { - unset($a_oldvars[$var]); - } - else { - $path = explode('.', $var); - $k = array_pop($path); - $node = &$this->get_node($path, $a_oldvars); - unset($node[$k]); - } - } - - $newvars = $this->serialize(array_merge( - (array)$a_oldvars, (array)$this->unserialize($vars))); - } - else { - $newvars = $vars; - } - } - - $this->unsets = array(); - return $newvars; - } - - /** * Execute registered garbage collector routines */ public function gc($maxlifetime) -@@ -321,11 +287,6 @@ abstract class rcube_session +@@ -339,11 +305,6 @@ abstract class rcube_session } $this->appends[] = $path; - - // when overwriting a previously unset variable - if ($this->unsets[$path]) { - unset($this->unsets[$path]); - } } /** -@@ -340,8 +301,6 @@ abstract class rcube_session +@@ -358,8 +319,6 @@ abstract class rcube_session return $this->destroy(session_id()); } - $this->unsets[] = $var; - if (isset($_SESSION[$var])) { unset($_SESSION[$var]); } -@@ -387,21 +346,6 @@ abstract class rcube_session +@@ -405,21 +364,6 @@ abstract class rcube_session if ($data) { session_decode($data); - - // apply appends and unsets to reloaded data - $_SESSION = array_merge_recursive($_SESSION, $merge_data); - - foreach ((array)$this->unsets as $var) { - if (isset($_SESSION[$var])) { - unset($_SESSION[$var]); - } - else { - $path = explode('.', $var); - $k = array_pop($path); - $node = &$this->get_node($path, $_SESSION); - unset($node[$k]); - } - } } } Index: head/mail/roundcube/files/patch-program_lib_Roundcube_rcube_session_db.php =================================================================== --- head/mail/roundcube/files/patch-program_lib_Roundcube_rcube_session_db.php (revision 448030) +++ head/mail/roundcube/files/patch-program_lib_Roundcube_rcube_session_db.php (revision 448031) @@ -1,71 +1,71 @@ ---- program/lib/Roundcube/rcube_session_db.php.orig 2016-05-22 11:06:47 UTC -+++ program/lib/Roundcube/rcube_session_db.php +--- program/lib/Roundcube/rcube_session_db.php.orig 2017-06-26 20:56:48.000000000 +0200 ++++ program/lib/Roundcube/rcube_session_db.php 2017-06-30 10:21:12.859240000 +0200 @@ -32,6 +32,7 @@ class rcube_session_db extends rcube_ses { private $db; private $table_name; + private $need_base64; /** * @param Object $config @@ -39,6 +40,9 @@ class rcube_session_db extends rcube_ses public function __construct($config) { parent::__construct($config); + + // base64 encode if suhosin is not enabled + $this->need_base64 = ini_get("suhosin.session.encrypt") !== "1"; // get db instance $this->db = rcube::get_instance()->get_dbh(); @@ -103,7 +107,7 @@ class rcube_session_db extends rcube_ses $this->time_diff = time() - strtotime($sql_arr['ts']); $this->changed = strtotime($sql_arr['changed']); $this->ip = $sql_arr['ip']; - $this->vars = base64_decode($sql_arr['vars']); + $this->vars = $this->_decode($sql_arr['vars']); $this->key = $key; - return !empty($this->vars) ? (string) $this->vars : ''; -@@ -126,7 +130,7 @@ class rcube_session_db extends rcube_ses + $this->db->reset(); +@@ -128,7 +132,7 @@ class rcube_session_db extends rcube_ses $this->db->query("INSERT INTO {$this->table_name}" - . " (`sess_id`, `vars`, `ip`, `created`, `changed`)" - . " VALUES (?, ?, ?, $now, $now)", + . " (`sess_id`, `vars`, `ip`, `changed`)" + . " VALUES (?, ?, ?, $now)", - $key, base64_encode($vars), (string)$this->ip); + $key, $this->_encode($vars), (string)$this->ip); return true; } -@@ -150,7 +154,7 @@ class rcube_session_db extends rcube_ses +@@ -152,7 +156,7 @@ class rcube_session_db extends rcube_ses if ($newvars !== $oldvars) { $this->db->query("UPDATE {$this->table_name} " . "SET `changed` = $now, `vars` = ? WHERE `sess_id` = ?", - base64_encode($newvars), $key); + $this->_encode($newvars), $key); } else if ($ts - $this->changed + $this->time_diff > $this->lifetime / 2) { $this->db->query("UPDATE {$this->table_name} SET `changed` = $now" -@@ -173,4 +177,23 @@ class rcube_session_db extends rcube_ses +@@ -175,4 +179,23 @@ class rcube_session_db extends rcube_ses . date('Y-m-d H:i:s', time() - $this->gc_enabled) . '; rows = ' . intval($this->db->affected_rows())); } + + private function _encode($vars) + { + if ($this->need_base64) { + return base64_encode($vars); + } else { + return $vars; + } + } + + private function _decode($vars) + { + if ($this->need_base64) { + return base64_decode($vars); + } else { + return $vars; + } + } + }