[gentoo-commits] repo/gentoo:master commit in: mail-client/roundcube/

["Aaron Swenson" <titanofold@gentoo.org>]

commit:     4d044d7e03b744873e0b61d3d9bb361518453e1b
Author:     Aaron W. Swenson <titanofold <AT> gentoo <DOT> org>
AuthorDate: Thu Nov  9 17:51:56 2017 +0000
Commit:     Aaron Swenson <titanofold <AT> gentoo <DOT> org>
CommitDate: Thu Nov  9 17:51:56 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4d044d7e

mail-client/roundcube: Security Bump (Bug 636970)

Security-related version bump to:
 * 1.3.3
 * 1.2.7

CVE-2017-16651 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-16651):
Roundcube Webmail before 1.2.x before 1.2.7, and 1.3.x before 1.3.3
allows unauthorized access to arbitrary files on the host's filesystem.

Gentoo-Bug: https://bugs.gentoo.org/636970
Package-Manager: Portage-2.3.8, Repoman-2.3.3

 mail-client/roundcube/Manifest               |  2 +
 mail-client/roundcube/roundcube-1.2.7.ebuild | 74 +++++++++++++++++++++++++++
 mail-client/roundcube/roundcube-1.3.3.ebuild | 76 ++++++++++++++++++++++++++++
 3 files changed, 152 insertions(+)

diff --git a/mail-client/roundcube/Manifest b/mail-client/roundcube/Manifest
index f68af0cb00d..faf84460e61 100644
--- a/mail-client/roundcube/Manifest
+++ b/mail-client/roundcube/Manifest
@@ -1,4 +1,6 @@
 DIST roundcubemail-1.2.5.tar.gz 3602701 SHA256 9c4d65951cc636d0e2e2296bfdf55fb53e23a4611fa96f17fb5d354db91bec38 SHA512 8f17c8222a59123e438a3683e5f2fbfef28c966899a271a2a11c25535e7188ff57846847108190a4d20ff53eccd10a2a7e88e8a5f958e9bc38c69e53824e7928 WHIRLPOOL 48bfc729da9e9ceb88a5125e7d713016b48986eb8debb21a2d92404011361ceddc536871b21acbe1094d4be365727a6f15a0c66433736fb34879a55aba009528
 DIST roundcubemail-1.2.6-complete.tar.gz 3893031 SHA256 2f5c674f41fb2c842b3e4d5d7feab00c674b0c834f5cd944a4d778c23c921ec1 SHA512 4b33ddc322446cf4d7915d9f57fa11946fb6056f91034ff9643363a87ad293d444bacf2a6e6502bbb8b57623f39548b7a6fff02f4bb70622843ecbc489949024 WHIRLPOOL a52c45d4995002f4096237e846841115c57ba4a4eb01d6f3c78ab3b821ccc2ad59d4cbc6b8e547b2a9ed1416fbb0084004ecd4342666e689136f7f4c3f343d17
+DIST roundcubemail-1.2.7-complete.tar.gz 3904612 SHA256 6dd7f117d1a9509a382edb9e04e52f26ff7eb19b52aa4bb6646cfb2fadde682d SHA512 545b3fe05ecfaede3d887ae71e41fc91aaaae280c71b67db9a5dcb516b5b238371327c2b1fabe87cf073cce38bc5a57b3db2592eb96d436bae280896c1f7017c WHIRLPOOL 0c43ae93034148bb87affa58d5d78115697805259f5da8a2f3ce5f29031fbef61286d8235526feef30f660145c4e3c3800209191a8647c3924a99cb0dfd19d10
 DIST roundcubemail-1.3.0.tar.gz 3104348 SHA256 a37e55a3b5f83420930ae20ef3ac6dbedb499c920bbcf3fc93a8f784f7773d21 SHA512 f3ab39cc3eec9bbcaf3d8f5d9004b0da92fe5d35b71687acc234fab5772abb92d970855716288cba10c8609532d42ddc6e791a1f7bca13de555174a37deca9c4 WHIRLPOOL a2fb856fa060a3e904cc528b73474fa64ebe4af1de6f1b2bb1c82f426143bf762d380f121902cea60ff7d00d73058786b7bb4f27ddd6f00cf798b15a0e8e8d38
 DIST roundcubemail-1.3.1-complete.tar.gz 5296647 SHA256 f071bbe84f90ba55582289dcef7b70198b81e0aedd4de8422945658bbee3da0b SHA512 79722d1213b6855af37dea4c2522eba12ded4ed430b5d96f5ba9eb851bbfbe68c406b0c5410e21e2721dfe2cf42fdc2fa825161a229f785921ebdc89221ab232 WHIRLPOOL 7df4ff8ba3e39ce217e4fea8c932707bb98dea68c7aa0a504efe56345d32afa369fcbb57fe053520cfad62a8090309113e8e4e8c2f49ff883a66cf31e0bdfd41
+DIST roundcubemail-1.3.3-complete.tar.gz 5339032 SHA256 05d9856c966c0d93accabf724e7ff2fd493bba1a57c44247ed0a2aacd617c879 SHA512 1f634fbc5d0967f28a7aa990a9b23f105b93030d43927237fc9b5decabe1b959de75c7c21bdb27389ec53730378565e7f309d7c009be427c7615372634273931 WHIRLPOOL c1a75b4e90afe34a18e789f6b5ca9e0af056bd0a48fc093135c0ff028594541cfdcb167b3c0c7ef05880e39f9fa5cd45575e39aa542e707a95f951076183c42a

diff --git a/mail-client/roundcube/roundcube-1.2.7.ebuild b/mail-client/roundcube/roundcube-1.2.7.ebuild
new file mode 100644
index 00000000000..1df11749a00
--- /dev/null
+++ b/mail-client/roundcube/roundcube-1.2.7.ebuild
@@ -0,0 +1,74 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit webapp
+
+MY_PN=${PN}mail
+MY_P=${MY_PN}-${PV}
+
+DESCRIPTION="A browser-based multilingual IMAP client with an application-like user interface"
+HOMEPAGE="https://roundcube.net"
+SRC_URI="https://github.com/${PN}/${MY_PN}/releases/download/${PV}/${MY_P}-complete.tar.gz"
+
+# roundcube is GPL-licensed, the rest of the licenses here are
+# for bundled PEAR components, googiespell and utf8.class.php
+LICENSE="GPL-3 BSD PHP-2.02 PHP-3 MIT public-domain"
+KEYWORDS="~amd64 ~arm ~ppc ~ppc64 ~x86"
+
+IUSE="enigma ldap managesieve mysql postgres sqlite ssl spell"
+REQUIRED_USE="|| ( mysql postgres sqlite )"
+
+# this function only sets DEPEND so we need to include that in RDEPEND
+need_httpd_cgi
+
+RDEPEND="
+	${DEPEND}
+	>=dev-lang/php-5.3.7[crypt,filter,gd,iconv,json,ldap?,pdo,postgres?,session,sockets,sqlite?,ssl?,unicode,xml]
+	>=dev-php/PEAR-Auth_SASL-1.0.6
+	>=dev-php/PEAR-Mail_Mime-1.8.9
+	>=dev-php/PEAR-Mail_mimeDecode-1.5.5
+	>=dev-php/PEAR-Net_IDNA2-0.1.1
+	>=dev-php/PEAR-Net_SMTP-1.6.2
+	virtual/httpd-php
+	enigma? ( >=dev-php/PEAR-Crypt_GPG-1.4.0 app-crypt/gnupg )
+	ldap? ( >=dev-php/PEAR-Net_LDAP2-2.0.12 dev-php/PEAR-Net_LDAP3 )
+	managesieve? ( >=dev-php/PEAR-Net_Sieve-1.3.2 )
+	mysql? ( || ( dev-lang/php[mysql] dev-lang/php[mysqli] ) )
+	spell? ( dev-lang/php[curl,spell] )
+"
+
+S=${WORKDIR}/${MY_P}
+
+src_install() {
+	webapp_src_preinst
+	dodoc CHANGELOG INSTALL README.md UPGRADING
+
+	insinto "${MY_HTDOCSDIR}"
+	doins -r [[:lower:]]* SQL
+	doins .htaccess
+
+	webapp_serverowned "${MY_HTDOCSDIR}"/logs
+	webapp_serverowned "${MY_HTDOCSDIR}"/temp
+
+	webapp_configfile "${MY_HTDOCSDIR}"/config/defaults.inc.php
+	webapp_postupgrade_txt en "${FILESDIR}/POST-UPGRADE.txt"
+	webapp_src_install
+}
+
+pkg_postinst() {
+	webapp_pkg_postinst
+
+	ewarn
+	ewarn "When upgrading from <= 0.9, note that the old configuration files"
+	ewarn "named main.inc.php and db.inc.php are deprecated and should be"
+	ewarn "replaced with one single config.inc.php file."
+	ewarn
+	ewarn "Run the ./bin/update.sh script to convert those"
+	ewarn "or manually merge the files."
+	ewarn
+	ewarn "The new config.inc.php should only contain options that"
+	ewarn "differ from the ones listed in defaults.inc.php."
+	ewarn
+}

diff --git a/mail-client/roundcube/roundcube-1.3.3.ebuild b/mail-client/roundcube/roundcube-1.3.3.ebuild
new file mode 100644
index 00000000000..37e237f4515
--- /dev/null
+++ b/mail-client/roundcube/roundcube-1.3.3.ebuild
@@ -0,0 +1,76 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit webapp
+
+MY_PN=${PN}mail
+MY_P=${MY_PN}-${PV}
+
+DESCRIPTION="A browser-based multilingual IMAP client with an application-like user interface"
+HOMEPAGE="https://roundcube.net"
+SRC_URI="https://github.com/${PN}/${MY_PN}/releases/download/${PV}/${MY_P}-complete.tar.gz"
+
+# roundcube is GPL-licensed, the rest of the licenses here are
+# for bundled PEAR components, googiespell and utf8.class.php
+LICENSE="GPL-3 BSD PHP-2.02 PHP-3 MIT public-domain"
+KEYWORDS="~amd64 ~arm ~ppc ~ppc64 ~x86"
+
+IUSE="enigma ldap managesieve mysql postgres sqlite ssl spell"
+REQUIRED_USE="|| ( mysql postgres sqlite )"
+
+# this function only sets DEPEND so we need to include that in RDEPEND
+need_httpd_cgi
+
+# :TODO: Support "endriod/qrcode: ~1.6.5" dep (ebuild needed)
+RDEPEND="
+	${DEPEND}
+	>=dev-lang/php-5.4.0[crypt,filter,gd,iconv,json,ldap?,pdo,postgres?,session,sockets,sqlite?,ssl?,unicode,xml]
+	>=dev-php/PEAR-Auth_SASL-1.1.0
+	>=dev-php/PEAR-Mail_Mime-1.10.0
+	>=dev-php/PEAR-Mail_mimeDecode-1.5.5
+	>=dev-php/PEAR-Net_IDNA2-0.2.0
+	>=dev-php/PEAR-Net_SMTP-1.7.1
+	>=dev-php/PEAR-Net_Socket-1.2.1
+	virtual/httpd-php
+	enigma? ( >=dev-php/PEAR-Crypt_GPG-1.6.0 app-crypt/gnupg )
+	ldap? ( >=dev-php/PEAR-Net_LDAP2-2.2.0 dev-php/PEAR-Net_LDAP3 )
+	managesieve? ( >=dev-php/PEAR-Net_Sieve-1.4.0 )
+	mysql? ( || ( dev-lang/php[mysql] dev-lang/php[mysqli] ) )
+	spell? ( dev-lang/php[curl,spell] )
+"
+
+S=${WORKDIR}/${MY_P}
+
+src_install() {
+	webapp_src_preinst
+	dodoc CHANGELOG INSTALL README.md UPGRADING
+
+	insinto "${MY_HTDOCSDIR}"
+	doins -r [[:lower:]]* SQL
+	doins .htaccess
+
+	webapp_serverowned "${MY_HTDOCSDIR}"/logs
+	webapp_serverowned "${MY_HTDOCSDIR}"/temp
+
+	webapp_configfile "${MY_HTDOCSDIR}"/config/defaults.inc.php
+	webapp_postupgrade_txt en "${FILESDIR}/POST-UPGRADE.txt"
+	webapp_src_install
+}
+
+pkg_postinst() {
+	webapp_pkg_postinst
+
+	ewarn
+	ewarn "When upgrading from <= 0.9, note that the old configuration files"
+	ewarn "named main.inc.php and db.inc.php are deprecated and should be"
+	ewarn "replaced with one single config.inc.php file."
+	ewarn
+	ewarn "Run the ./bin/update.sh script to convert those"
+	ewarn "or manually merge the files."
+	ewarn
+	ewarn "The new config.inc.php should only contain options that"
+	ewarn "differ from the ones listed in defaults.inc.php."
+	ewarn
+}