commit roundcubemail for openSUSE:Factory
5 Nov
2018
5 Nov
'18
21:56
Hello community,
here is the log from the commit of package roundcubemail for openSUSE:Factory checked in at 2018-11-05 22:56:20
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/roundcubemail (Old)
and /work/SRC/openSUSE:Factory/.roundcubemail.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "roundcubemail"
Mon Nov 5 22:56:20 2018 rev:53 rq:646191 version:1.3.8
Changes:
--------
--- /work/SRC/openSUSE:Factory/roundcubemail/roundcubemail.changes 2018-08-08 14:53:53.809589333 +0200
+++ /work/SRC/openSUSE:Factory/.roundcubemail.new/roundcubemail.changes 2018-11-05 22:56:22.699980818 +0100
@@ -1,0 +2,31 @@
+Fri Oct 26 14:19:46 UTC 2018 - lars@linux-schulserver.de - 1.3.8
+
+- Upgrade to version 1.3.8:
+ * Fix PHP warnings on dummy QUOTA responses in Courier-IMAP 4.17.1 (#6374)
+ * Fix so fallback from BINARY to BODY FETCH is used also on [PARSE] errors in dovecot 2.3 (#6383)
+ * Enigma: Fix deleting keys with authentication subkeys (#6381)
+ * Fix invalid regular expressions that throw warnings on PHP 7.3 (#6398)
+ * Fix so Classic skin splitter does not escape out of window (#6397)
+ * Fix XSS issue in handling invalid style tag content (#6410)
+ * Fix compatibility with MySQL 8 - error on 'system' table use
+ * Managesieve: Fix bug where show_real_foldernames setting wasn't respected (#6422)
+ * New_user_identity: Fix %fu/%u vars substitution in user specific LDAP params (#6419)
+ * Fix support for "allow-from " in x_frame_options config option (#6449)
+ * Fix bug where valid content between HTML comments could have been skipped in some cases (#6464)
+ * Fix multiple VCard field search (#6466)
+ * Fix session issue on long running requests (#6470)
+- add files with .log entry to logrotate config
+- enhance apache configuration by:
+ + disable mbstring function overload (http://bugs.php.net/bug.php?id=30766)
+ + do not allow to see README*, INSTALL, LICENSE or CHANGELOG files
+ + set additional headers:
+ ++ Content-Security-Policy: ask browsers to not set the referrer
+ ++ Cache-Control: ask not to cache the content
+ ++ Strict-Transport-Security: set HSTS rules for SSL traffic
+ ++ X-XSS-Protection: configure built in reflective XSS protection
+- adjust README.openSUSE:
+ + db.inc.php is not used any longer
+ + flush privileges after creating/changing users in mysql
+- use %%license macro on newer distributions
+
+-------------------------------------------------------------------
Old:
----
roundcubemail-1.3.7-complete.tar.gz
roundcubemail-1.3.7-complete.tar.gz.asc
New:
----
roundcubemail-1.3.8-complete.tar.gz
roundcubemail-1.3.8-complete.tar.gz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ roundcubemail.spec ++++++
--- /var/tmp/diff_new_pack.6YVxIo/_old 2018-11-05 22:56:23.383979952 +0100
+++ /var/tmp/diff_new_pack.6YVxIo/_new 2018-11-05 22:56:23.387979947 +0100
@@ -12,12 +12,12 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: roundcubemail
-Version: 1.3.7
+Version: 1.3.8
Release: 0
Summary: A browser-based multilingual IMAP client
License: GPL-3.0-or-later AND GPL-2.0-only AND BSD-3-Clause
@@ -260,8 +260,10 @@
%files
%defattr(0644, root, root,0755)
-%doc CHANGELOG
-%doc LICENSE
+%doc CHANGELOG LICENSE
+%if 0%{?suse_version} >= 1500
+%license LICENSE
+%endif
%doc README.md
%doc README.openSUSE
%doc UPGRADING
++++++ README.openSUSE ++++++
--- /var/tmp/diff_new_pack.6YVxIo/_old 2018-11-05 22:56:23.423979901 +0100
+++ /var/tmp/diff_new_pack.6YVxIo/_new 2018-11-05 22:56:23.427979897 +0100
@@ -1,5 +1,4 @@
-
This README contains additional information specific to the
openSUSE package of roundcube.
@@ -27,16 +26,15 @@
# mysql
> CREATE DATABASE roundcubemail /*!40101 CHARACTER SET utf8 COLLATE utf8_general_ci */;
-> GRANT ALL PRIVILEGES ON roundcubemail.* TO roundcube@localhost
- IDENTIFIED BY 'password';
+> GRANT ALL PRIVILEGES ON roundcubemail.* TO 'roundcube'@'localhost' IDENTIFIED BY 'password';
+> FLUSH PRIVILEGES;
> quit
# mysql roundcubemail < /usr/share/doc/packages/roundcubemail/SQL/mysql.initial.sql
Note 1: 'password' is the master password for the roundcube user. It is strongly
recommended you replace this with a more secure password. Please keep in
-mind: You need to specify this password later in '/etc/roundcubemail/db.inc.php'.
-
+mind: You need to specify this password later in '/etc/roundcubemail/config.inc.php'.
To use the integrated web based installer you need to enable it first
in /etc/roundcubemail/config.inc.php:
++++++ roundcubemail-1.3.7-complete.tar.gz -> roundcubemail-1.3.8-complete.tar.gz ++++++
++++ 2423 lines of diff (skipped)
++++++ roundcubemail-httpd.conf ++++++
--- /var/tmp/diff_new_pack.6YVxIo/_old 2018-11-05 22:56:24.579978439 +0100
+++ /var/tmp/diff_new_pack.6YVxIo/_new 2018-11-05 22:56:24.579978439 +0100
@@ -57,6 +57,8 @@
php_value session.gc_maxlifetime 21600
php_value session.gc_divisor 500
php_value session.gc_probability 1
+ # http://bugs.php.net/bug.php?id=30766
+ php_value mbstring.func_overload 0
</IfModule>
<IfModule mod_php7.c>
@@ -80,6 +82,8 @@
php_value session.gc_maxlifetime 21600
php_value session.gc_divisor 500
php_value session.gc_probability 1
+ # http://bugs.php.net/bug.php?id=30766
+ php_value mbstring.func_overload 0
</IfModule>
<IfModule mod_rewrite.c>
@@ -92,11 +96,11 @@
# in all locations except installer directory
RewriteRule ^(?!installer|\.well-known\/|[a-f0-9]{16})(\.?[^\.]+)$ - [F]
# - deny access to some locations
- RewriteRule ^/?(\.git|\.tx|SQL|bin|config|logs|temp|tests|program\/(include|lib|localization|steps)) - [F]
+ RewriteRule ^/?(\.git|\.tx|\.md|SQL|bin|config|logs|temp|tests|program\/(include|lib|localization|steps)) - [F]
# - deny access to composer binaries
RewriteRule ^/vendor\/bin\/.* - [F]
# - deny access to some documentation files
- RewriteRule /?(README\.md|composer\.json-dist|composer\.json|package\.xml|Dockerfile)$ - [F]
+ RewriteRule /?(README|INSTALL|LICENSE|CHANGELOG|composer\.json-dist|composer\.json|package\.xml|Dockerfile)$ - [F]
# security rules
</IfModule>
@@ -105,9 +109,17 @@
</IfModule>
<IfModule mod_headers.c>
- #Header merge Cache-Control public env=!NO_CACHE
# for better privacy/security ask browsers to not set the Referer
- #Header set Content-Security-Policy "referrer no-referrer"
+ Header set Content-Security-Policy "referrer no-referrer"
+ # don't cache, please
+ Header merge Cache-Control public env=!NO_CACHE
+ <IfModule mod_ssl.c>
+ # HSTS - HTTP Strict Transport Security
+ Header always set Strict-Transport-Security "max-age=31536000; preload" env=HTTPS
+ </IfModule>
+ # X-Xss-Protection
+ # This header is used to configure the built in reflective XSS protection found in Internet Explorer, Chrome and Safari (Webkit).
+ Header set X-XSS-Protection "1; mode=block"
</IfModule>
<IfModule mod_expires.c>
++++++ roundcubemail.logrotate ++++++
--- /var/tmp/diff_new_pack.6YVxIo/_old 2018-11-05 22:56:24.639978363 +0100
+++ /var/tmp/diff_new_pack.6YVxIo/_new 2018-11-05 22:56:24.639978363 +0100
@@ -1,4 +1,14 @@
-/var/log/roundcubemail/console /var/log/roundcubemail/errors /var/log/roundcubemail/imap /var/log/roundcubemail/ldap /var/log/roundcubemail/sendmail /var/log/roundcubemail/sieve /var/log/roundcubemail/smtp /var/log/roundcubemail/sql /var/log/roundcubemail/userlogins {
+/var/log/roundcubemail/console
+/var/log/roundcubemail/errors
+/var/log/roundcubemail/imap
+/var/log/roundcubemail/ldap
+/var/log/roundcubemail/sendmail
+/var/log/roundcubemail/sieve
+/var/log/roundcubemail/smtp
+/var/log/roundcubemail/sql
+/var/log/roundcubemail/userlogins
+/var/log/roundcubemail/*.log
+{
missingok
compress
notifempty
2251
Age (days ago)
2251
Last active (days ago)
0 comments
1 participants
participants (1)
-
root