From owner-svn-ports-head@freebsd.org Fri Jun 10 07:09:58 2016 Return-Path: Delivered-To: svn-ports-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 84D56B7198F; Fri, 10 Jun 2016 07:09:58 +0000 (UTC) (envelope-from ale@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 41ECD1AD1; Fri, 10 Jun 2016 07:09:58 +0000 (UTC) (envelope-from ale@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u5A79voY073807; Fri, 10 Jun 2016 07:09:57 GMT (envelope-from ale@FreeBSD.org) Received: (from ale@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u5A79udq073798; Fri, 10 Jun 2016 07:09:56 GMT (envelope-from ale@FreeBSD.org) Message-Id: <201606100709.u5A79udq073798@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: ale set sender to ale@FreeBSD.org using -f From: Alex Dupre Date: Fri, 10 Jun 2016 07:09:56 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r416656 - in head/mail/roundcube: . files X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Jun 2016 07:09:58 -0000 Author: ale Date: Fri Jun 10 07:09:56 2016 New Revision: 416656 URL: https://svnweb.freebsd.org/changeset/ports/416656 Log: Update to 1.2.0 release. Added: head/mail/roundcube/files/patch-program_lib_Roundcube_rcube_session_db.php (contents, props changed) Deleted: head/mail/roundcube/files/patch-CVE-2016-5103 head/mail/roundcube/files/patch-vendor_pear-pear.php.net_Net__Sieve_Net_Sieve.php Modified: head/mail/roundcube/Makefile head/mail/roundcube/distinfo head/mail/roundcube/files/patch-INSTALL head/mail/roundcube/files/patch-config_defaults.inc.php head/mail/roundcube/files/patch-installer_check.php head/mail/roundcube/files/patch-program_lib_Roundcube_bootstrap.php head/mail/roundcube/files/patch-program_lib_Roundcube_rcube_message.php head/mail/roundcube/files/patch-program_lib_Roundcube_rcube_session.php Modified: head/mail/roundcube/Makefile ============================================================================== --- head/mail/roundcube/Makefile Fri Jun 10 06:52:27 2016 (r416655) +++ head/mail/roundcube/Makefile Fri Jun 10 07:09:56 2016 (r416656) @@ -1,8 +1,7 @@ # $FreeBSD$ PORTNAME= roundcube -DISTVERSION= 1.1.5 -PORTREVISION= 1 +DISTVERSION= 1.2.0 PORTEPOCH= 1 CATEGORIES?= mail www MASTER_SITES= https://github.com/roundcube/roundcubemail/releases/download/${DISTVERSION}/ @@ -24,10 +23,10 @@ CPE_PRODUCT= webmail CPE_VENDOR= roundcube WANT_PHP_WEB= yes -USE_PHP= pcre mbstring session iconv dom xml json intl zip filter +USE_PHP= pcre mbstring session iconv dom xml json intl zip filter openssl fileinfo exif IGNORE_WITH_PHP=70 -OPTIONS_DEFINE= SSL LDAP GD PSPELL NSC DOCS +OPTIONS_DEFINE= LDAP GD PSPELL NSC DOCS OPTIONS_SINGLE= DB OPTIONS_SINGLE_DB= MYSQL PGSQL SQLITE OPTIONS_DEFAULT=MYSQL @@ -35,7 +34,6 @@ OPTIONS_DEFAULT=MYSQL MYSQL_DESC= Use MySQL backend PGSQL_DESC= Use PostgreSQL backend SQLITE_DESC= Use SQLite backend -SSL_DESC= Enable SSL support (imaps or google spellcheck) LDAP_DESC= Enable LDAP support (address book) GD_DESC= Enable GD support (image conversion) PSPELL_DESC= Enable PSpell support (internal spellcheck) @@ -55,10 +53,6 @@ USE_PHP+= pdo_pgsql USE_PHP+= pdo_sqlite .endif -.if ${PORT_OPTIONS:MSSL} -USE_PHP+= openssl -.endif - .if ${PORT_OPTIONS:MLDAP} USE_PHP+= ldap .endif Modified: head/mail/roundcube/distinfo ============================================================================== --- head/mail/roundcube/distinfo Fri Jun 10 06:52:27 2016 (r416655) +++ head/mail/roundcube/distinfo Fri Jun 10 07:09:56 2016 (r416656) @@ -1,2 +1,3 @@ -SHA256 (roundcubemail-1.1.5-complete.tar.gz) = 476a1d45b0592b2ad43e3e08cbc72e69ef31e33ed8a8f071f02e5a1ae3e7f334 -SIZE (roundcubemail-1.1.5-complete.tar.gz) = 4581781 +TIMESTAMP = 1465476478 +SHA256 (roundcubemail-1.2.0-complete.tar.gz) = 574895da03b5ad78eaf0843a78e0c0ab734a9327b4ba47b72405b768cb2854cc +SIZE (roundcubemail-1.2.0-complete.tar.gz) = 3748290 Modified: head/mail/roundcube/files/patch-INSTALL ============================================================================== --- head/mail/roundcube/files/patch-INSTALL Fri Jun 10 06:52:27 2016 (r416655) +++ head/mail/roundcube/files/patch-INSTALL Fri Jun 10 07:09:56 2016 (r416656) @@ -1,6 +1,6 @@ ---- INSTALL.orig 2015-02-08 13:43:29.000000000 +0000 -+++ INSTALL 2015-02-19 12:22:34.259436291 +0000 -@@ -29,7 +29,6 @@ +--- INSTALL.orig 2016-05-22 11:06:47 UTC ++++ INSTALL +@@ -29,7 +29,6 @@ REQUIREMENTS - memory_limit > 16MB (increase as suitable to support large attachments) - file_uploads enabled (for attachment upload features) - session.auto_start disabled Modified: head/mail/roundcube/files/patch-config_defaults.inc.php ============================================================================== --- head/mail/roundcube/files/patch-config_defaults.inc.php Fri Jun 10 06:52:27 2016 (r416655) +++ head/mail/roundcube/files/patch-config_defaults.inc.php Fri Jun 10 07:09:56 2016 (r416656) @@ -1,7 +1,7 @@ ---- config/defaults.inc.php.orig 2014-04-06 14:13:09.000000000 +0000 -+++ config/defaults.inc.php 2014-04-10 09:08:58.242144399 +0000 -@@ -596,8 +596,8 @@ - // connect to a Nox Spell Server when using 'googie' here. Therefore specify the 'spellcheck_uri' +--- config/defaults.inc.php.orig 2016-05-22 11:06:45 UTC ++++ config/defaults.inc.php +@@ -717,8 +717,8 @@ $config['spellcheck_dictionary'] = false + // You can connect to any other googie-compliant service by setting 'spellcheck_uri' accordingly. $config['spellcheck_engine'] = 'googie'; -// For locally installed Nox Spell Server or After the Deadline services, Modified: head/mail/roundcube/files/patch-installer_check.php ============================================================================== --- head/mail/roundcube/files/patch-installer_check.php Fri Jun 10 06:52:27 2016 (r416655) +++ head/mail/roundcube/files/patch-installer_check.php Fri Jun 10 07:09:56 2016 (r416656) @@ -1,8 +1,8 @@ ---- installer/check.php.orig 2012-08-06 18:18:13.000000000 +0200 -+++ installer/check.php 2012-08-13 12:36:52.000000000 +0200 -@@ -39,7 +39,6 @@ +--- installer/check.php.orig 2016-05-22 11:06:45 UTC ++++ installer/check.php +@@ -43,7 +43,6 @@ $ini_checks = array( + 'file_uploads' => 1, 'session.auto_start' => 0, - 'zend.ze1_compatibility_mode' => 0, 'mbstring.func_overload' => 0, - 'suhosin.session.encrypt' => 0, 'magic_quotes_runtime' => 0, Modified: head/mail/roundcube/files/patch-program_lib_Roundcube_bootstrap.php ============================================================================== --- head/mail/roundcube/files/patch-program_lib_Roundcube_bootstrap.php Fri Jun 10 06:52:27 2016 (r416655) +++ head/mail/roundcube/files/patch-program_lib_Roundcube_bootstrap.php Fri Jun 10 07:09:56 2016 (r416656) @@ -1,6 +1,6 @@ ---- program/lib/Roundcube/bootstrap.php.orig 2014-07-07 18:18:50.261368902 +0000 -+++ program/lib/Roundcube/bootstrap.php 2014-07-07 18:18:58.202127091 +0000 -@@ -38,7 +38,6 @@ +--- program/lib/Roundcube/bootstrap.php.orig 2016-05-22 11:06:47 UTC ++++ program/lib/Roundcube/bootstrap.php +@@ -37,7 +37,6 @@ $config = array( // check these additional ini settings if not called via CLI if (php_sapi_name() != 'cli') { $config += array( Modified: head/mail/roundcube/files/patch-program_lib_Roundcube_rcube_message.php ============================================================================== --- head/mail/roundcube/files/patch-program_lib_Roundcube_rcube_message.php Fri Jun 10 06:52:27 2016 (r416655) +++ head/mail/roundcube/files/patch-program_lib_Roundcube_rcube_message.php Fri Jun 10 07:09:56 2016 (r416656) @@ -1,6 +1,6 @@ ---- program/lib/Roundcube/rcube_message.php.orig 2010-11-26 13:41:16.000000000 +0100 -+++ program/lib/Roundcube/rcube_message.php 2010-12-13 17:20:59.000000000 +0100 -@@ -452,9 +452,7 @@ +--- program/lib/Roundcube/rcube_message.php.orig 2016-05-22 11:06:47 UTC ++++ program/lib/Roundcube/rcube_message.php +@@ -766,9 +766,7 @@ class rcube_message } // part is a file/attachment else if (preg_match('/^(inline|attach)/', $mail_part->disposition) || Modified: head/mail/roundcube/files/patch-program_lib_Roundcube_rcube_session.php ============================================================================== --- head/mail/roundcube/files/patch-program_lib_Roundcube_rcube_session.php Fri Jun 10 06:52:27 2016 (r416655) +++ head/mail/roundcube/files/patch-program_lib_Roundcube_rcube_session.php Fri Jun 10 07:09:56 2016 (r416656) @@ -1,73 +1,30 @@ ---- program/lib/Roundcube/rcube_session.php.orig 2015-09-22 15:24:26.400132239 +0000 -+++ program/lib/Roundcube/rcube_session.php 2015-09-22 15:24:08.430133455 +0000 -@@ -35,7 +35,6 @@ - private $time_diff = 0; - private $reloaded = false; - private $appends = array(); -- private $unsets = array(); - private $gc_handlers = array(); - private $cookiename = 'roundcube_sessauth'; - private $vars; -@@ -46,6 +45,7 @@ - private $logging = false; - private $storage; - private $memcache; -+ private $need_base64 = false; +--- program/lib/Roundcube/rcube_session.php.orig 2016-05-22 11:06:47 UTC ++++ program/lib/Roundcube/rcube_session.php +@@ -39,7 +39,6 @@ abstract class rcube_session + protected $time_diff = 0; + protected $reloaded = false; + protected $appends = array(); +- protected $unsets = array(); + protected $gc_enabled = 0; + protected $gc_handlers = array(); + protected $cookiename = 'roundcube_sessauth'; +@@ -158,7 +157,7 @@ abstract class rcube_session - /** - * Blocks session data from being written to database. -@@ -95,6 +95,9 @@ - else if ($this->storage != 'php') { - ini_set('session.serialize_handler', 'php'); - -+ if (ini_get("suhosin.session.encrypt") !== "1") -+ $this->need_base64 = true; -+ - // set custom functions for PHP session management - session_set_save_handler( - array($this, 'open'), -@@ -192,7 +195,7 @@ - $this->time_diff = time() - strtotime($sql_arr['ts']); - $this->changed = strtotime($sql_arr['changed']); - $this->ip = $sql_arr['ip']; -- $this->vars = base64_decode($sql_arr['vars']); -+ $this->vars = $this->_decode($sql_arr['vars']); - $this->key = $key; - - return !empty($this->vars) ? (string) $this->vars : ''; -@@ -232,12 +235,12 @@ - } - - if ($oldvars !== null) { + // if there are cached vars, update store, else insert new data + if ($oldvars) { - $newvars = $this->_fixvars($vars, $oldvars); -+ $newvars = $vars; - - if ($newvars !== $oldvars) { - $this->db->query("UPDATE {$this->table_name} " - . "SET `changed` = $now, `vars` = ? WHERE `sess_id` = ?", -- base64_encode($newvars), $key); -+ $this->_encode($newvars), $key); - } - else if ($ts - $this->changed + $this->time_diff > $this->lifetime / 2) { - $this->db->query("UPDATE {$this->table_name} SET `changed` = $now" -@@ -248,44 +251,30 @@ - $this->db->query("INSERT INTO {$this->table_name}" - . " (`sess_id`, `vars`, `ip`, `created`, `changed`)" - . " VALUES (?, ?, ?, $now, $now)", -- $key, base64_encode($vars), (string)$this->ip); -+ $key, $this->_encode($vars), (string)$this->ip); ++ $newvars = $vars); + return $this->update($key, $newvars, $oldvars); } - - return true; + else { +@@ -180,39 +179,6 @@ abstract class rcube_session } - -- /** + /** - * Merge vars with old vars and apply unsets - */ -- private function _fixvars($vars, $oldvars) -+ private function _encode($vars) - { +- protected function _fixvars($vars, $oldvars) +- { - if ($oldvars !== null) { - $a_oldvars = $this->unserialize($oldvars); - if (is_array($a_oldvars)) { @@ -90,36 +47,29 @@ - else { - $newvars = $vars; - } -+ if ($this->need_base64) { -+ return base64_encode($vars); -+ } else { -+ return $vars; - } -+ } - +- } +- - $this->unsets = array(); - return $newvars; -+ -+ private function _decode($vars) -+ { -+ if ($this->need_base64) { -+ return base64_decode($vars); -+ } else { -+ return $vars; -+ } - } +- } +- +- /** + * Execute registered garbage collector routines + */ + public function gc($maxlifetime) +@@ -321,11 +287,6 @@ abstract class rcube_session + } + $this->appends[] = $path; +- +- // when overwriting a previously unset variable +- if ($this->unsets[$path]) { +- unset($this->unsets[$path]); +- } + } -@@ -350,7 +339,7 @@ - else // else read data again - $oldvars = $this->mc_read($key); - -- $newvars = $oldvars !== null ? $this->_fixvars($vars, $oldvars) : $vars; -+ $newvars = $vars; - - if ($newvars !== $oldvars || $ts - $this->changed > $this->lifetime / 3) { - return $this->memcache->set($key, serialize(array('changed' => time(), 'ip' => $this->ip, 'vars' => $newvars)), -@@ -488,8 +477,6 @@ + /** +@@ -340,8 +301,6 @@ abstract class rcube_session return $this->destroy(session_id()); } @@ -128,3 +78,25 @@ if (isset($_SESSION[$var])) { unset($_SESSION[$var]); } +@@ -387,21 +346,6 @@ abstract class rcube_session + + if ($data) { + session_decode($data); +- +- // apply appends and unsets to reloaded data +- $_SESSION = array_merge_recursive($_SESSION, $merge_data); +- +- foreach ((array)$this->unsets as $var) { +- if (isset($_SESSION[$var])) { +- unset($_SESSION[$var]); +- } +- else { +- $path = explode('.', $var); +- $k = array_pop($path); +- $node = &$this->get_node($path, $_SESSION); +- unset($node[$k]); +- } +- } + } + } + Added: head/mail/roundcube/files/patch-program_lib_Roundcube_rcube_session_db.php ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/mail/roundcube/files/patch-program_lib_Roundcube_rcube_session_db.php Fri Jun 10 07:09:56 2016 (r416656) @@ -0,0 +1,71 @@ +--- program/lib/Roundcube/rcube_session_db.php.orig 2016-05-22 11:06:47 UTC ++++ program/lib/Roundcube/rcube_session_db.php +@@ -32,6 +32,7 @@ class rcube_session_db extends rcube_ses + { + private $db; + private $table_name; ++ private $need_base64; + + /** + * @param Object $config +@@ -39,6 +40,9 @@ class rcube_session_db extends rcube_ses + public function __construct($config) + { + parent::__construct($config); ++ ++ // base64 encode if suhosin is not enabled ++ $this->need_base64 = ini_get("suhosin.session.encrypt") !== "1"; + + // get db instance + $this->db = rcube::get_instance()->get_dbh(); +@@ -103,7 +107,7 @@ class rcube_session_db extends rcube_ses + $this->time_diff = time() - strtotime($sql_arr['ts']); + $this->changed = strtotime($sql_arr['changed']); + $this->ip = $sql_arr['ip']; +- $this->vars = base64_decode($sql_arr['vars']); ++ $this->vars = $this->_decode($sql_arr['vars']); + $this->key = $key; + + return !empty($this->vars) ? (string) $this->vars : ''; +@@ -126,7 +130,7 @@ class rcube_session_db extends rcube_ses + $this->db->query("INSERT INTO {$this->table_name}" + . " (`sess_id`, `vars`, `ip`, `created`, `changed`)" + . " VALUES (?, ?, ?, $now, $now)", +- $key, base64_encode($vars), (string)$this->ip); ++ $key, $this->_encode($vars), (string)$this->ip); + + return true; + } +@@ -150,7 +154,7 @@ class rcube_session_db extends rcube_ses + if ($newvars !== $oldvars) { + $this->db->query("UPDATE {$this->table_name} " + . "SET `changed` = $now, `vars` = ? WHERE `sess_id` = ?", +- base64_encode($newvars), $key); ++ $this->_encode($newvars), $key); + } + else if ($ts - $this->changed + $this->time_diff > $this->lifetime / 2) { + $this->db->query("UPDATE {$this->table_name} SET `changed` = $now" +@@ -173,4 +177,23 @@ class rcube_session_db extends rcube_ses + . date('Y-m-d H:i:s', time() - $this->gc_enabled) + . '; rows = ' . intval($this->db->affected_rows())); + } ++ ++ private function _encode($vars) ++ { ++ if ($this->need_base64) { ++ return base64_encode($vars); ++ } else { ++ return $vars; ++ } ++ } ++ ++ private function _decode($vars) ++ { ++ if ($this->need_base64) { ++ return base64_decode($vars); ++ } else { ++ return $vars; ++ } ++ } ++ + }