From bef834045b55ae2beae7b938f56268204dfc19ff Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Sun, 21 Dec 2014 08:07:01 +0100 Subject: roundcubemail: sync with rawhide (drop tinymce bbcode plugin) --- roundcubemail-README.rpm | 8 ++++++++ roundcubemail.spec | 36 +++++++++++++++++++++++++++++++++--- 2 files changed, 41 insertions(+), 3 deletions(-) diff --git a/roundcubemail-README.rpm b/roundcubemail-README.rpm index afb5445..57a92c3 100644 --- a/roundcubemail-README.rpm +++ b/roundcubemail-README.rpm @@ -10,6 +10,14 @@ Notice As those directories are not served by the web server, there is no need to protect them. +Databases + +Roundcube supports various database providers, including SQLite, MySQL and +PostgreSQL. The package depends only on php-pdo, which provides SQLite +support. However, the default configuration is for a MySQL database, for +performance reasons. To use the MySQL database, ensure php-mysql is +installed. If you want to use another database, adjust the configuration +file, and ensure the appropriate PDO plugin is installed. If necessary. The installer is available at http://localhost/roundcubemail/installer diff --git a/roundcubemail.spec b/roundcubemail.spec index 61bc42e..b72a69d 100644 --- a/roundcubemail.spec +++ b/roundcubemail.spec @@ -2,7 +2,7 @@ %global _logdir /var/log Name: roundcubemail Version: 1.0.4 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Round Cube Webmail is a browser-based multilingual IMAP client Group: Applications/System @@ -19,7 +19,7 @@ Group: Applications/System # http://www.tinymce.com/ License: GPLv3+ with exceptions and GPLv3+ and GPLv2 and LGPLv2+ and CC-BY-SA and (MIT or GPLv2) URL: http://www.roundcube.net -Source0: http://downloads.sourceforge.net/roundcubemail/roundcubemail-%{version}-dep.tar.gz +Source0: https://downloads.sourceforge.net/roundcubemail/roundcubemail-%{version}-dep.tar.gz Source1: roundcubemail.conf Source2: roundcubemail.logrotate Source4: roundcubemail-README.rpm @@ -45,8 +45,9 @@ Requires: php-intl Requires: php-json Requires: php-ldap Requires: php-mbstring +# For 1.1, switch this to openssl, upstream now uses it in preference to +# mcrypt if available - adamw 2014-12 Requires: php-mcrypt -Requires: php-mysql Requires: php-pcre Requires: php-posix Requires: php-pdo @@ -66,6 +67,24 @@ Requires: php-pear(Net_IDNA2) >= 0.1.1 # mailcap for /etc/mime.types Requires: mailcap +# Optional deps +# Spell check +#Suggests: php-enchant +# Caching +#Suggests: php-apc +#Suggests: php-memcache +# EXIF images +Requires: php-exif +# Upload progress (shock!) +#Suggests: php-uploadprogress +# ZIP download plugin +Requires: php-zip + +# Gearman support +#Optional: php-gearman +# PAM password support +#Optional: php-pam + %description RoundCube Webmail is a browser-based multilingual IMAP client @@ -101,6 +120,11 @@ find . -type f -name '*.swf' | xargs rm -f # drop file from patch find . -type f -name '*.orig' | xargs rm -f +# Wipe bbcode plugin from bundled TinyMCE to make doubleplus sure we cannot +# be vulnerable to CVE-2012-4230, unaddressed upstream +echo "CVE-2012-4230: removing tinymce bbcode plugin, check path if this fails." +test -d program/js/*mce/plugins/bbcode && rm -rf program/js/*mce/plugins/bbcode || exit 1 + %build # Nothing @@ -176,6 +200,12 @@ rm -rf %{buildroot} %changelog +* Sun Dec 21 2014 Remi Collet - 1.0.4-2 +- sync with rawhide (drop tinymce bbcode plugin) + +* Sat Dec 20 2014 Adam Williamson - 1.0.4-2 +- drop tinymce bbcode plugin for safety (CVE-2012-4230) + * Fri Dec 19 2014 Remi Collet - 1.0.4-1 - Update to 1.0.4 (service release, security) -- cgit