summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRemi Collet <fedora@famillecollet.com>2014-12-21 08:07:01 +0100
committerRemi Collet <fedora@famillecollet.com>2014-12-21 08:07:01 +0100
commitbef834045b55ae2beae7b938f56268204dfc19ff (patch)
tree112c51df7fdef707aed73d5c46ddf08ce2bd1b3a
parentb143906ebad02bb57ab5a7fc5964e77ffa00609e (diff)
roundcubemail: sync with rawhide (drop tinymce bbcode plugin)
-rw-r--r--roundcubemail-README.rpm8
-rw-r--r--roundcubemail.spec36
2 files changed, 41 insertions, 3 deletions
diff --git a/roundcubemail-README.rpm b/roundcubemail-README.rpm
index afb5445..57a92c3 100644
--- a/roundcubemail-README.rpm
+++ b/roundcubemail-README.rpm
@@ -10,6 +10,14 @@ Notice
As those directories are not served by the web server,
there is no need to protect them.
+Databases
+
+Roundcube supports various database providers, including SQLite, MySQL and
+PostgreSQL. The package depends only on php-pdo, which provides SQLite
+support. However, the default configuration is for a MySQL database, for
+performance reasons. To use the MySQL database, ensure php-mysql is
+installed. If you want to use another database, adjust the configuration
+file, and ensure the appropriate PDO plugin is installed. If necessary.
The installer is available at http://localhost/roundcubemail/installer
diff --git a/roundcubemail.spec b/roundcubemail.spec
index 61bc42e..b72a69d 100644
--- a/roundcubemail.spec
+++ b/roundcubemail.spec
@@ -2,7 +2,7 @@
%global _logdir /var/log
Name: roundcubemail
Version: 1.0.4
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: Round Cube Webmail is a browser-based multilingual IMAP client
Group: Applications/System
@@ -19,7 +19,7 @@ Group: Applications/System
# http://www.tinymce.com/
License: GPLv3+ with exceptions and GPLv3+ and GPLv2 and LGPLv2+ and CC-BY-SA and (MIT or GPLv2)
URL: http://www.roundcube.net
-Source0: http://downloads.sourceforge.net/roundcubemail/roundcubemail-%{version}-dep.tar.gz
+Source0: https://downloads.sourceforge.net/roundcubemail/roundcubemail-%{version}-dep.tar.gz
Source1: roundcubemail.conf
Source2: roundcubemail.logrotate
Source4: roundcubemail-README.rpm
@@ -45,8 +45,9 @@ Requires: php-intl
Requires: php-json
Requires: php-ldap
Requires: php-mbstring
+# For 1.1, switch this to openssl, upstream now uses it in preference to
+# mcrypt if available - adamw 2014-12
Requires: php-mcrypt
-Requires: php-mysql
Requires: php-pcre
Requires: php-posix
Requires: php-pdo
@@ -66,6 +67,24 @@ Requires: php-pear(Net_IDNA2) >= 0.1.1
# mailcap for /etc/mime.types
Requires: mailcap
+# Optional deps
+# Spell check
+#Suggests: php-enchant
+# Caching
+#Suggests: php-apc
+#Suggests: php-memcache
+# EXIF images
+Requires: php-exif
+# Upload progress (shock!)
+#Suggests: php-uploadprogress
+# ZIP download plugin
+Requires: php-zip
+
+# Gearman support
+#Optional: php-gearman
+# PAM password support
+#Optional: php-pam
+
%description
RoundCube Webmail is a browser-based multilingual IMAP client
@@ -101,6 +120,11 @@ find . -type f -name '*.swf' | xargs rm -f
# drop file from patch
find . -type f -name '*.orig' | xargs rm -f
+# Wipe bbcode plugin from bundled TinyMCE to make doubleplus sure we cannot
+# be vulnerable to CVE-2012-4230, unaddressed upstream
+echo "CVE-2012-4230: removing tinymce bbcode plugin, check path if this fails."
+test -d program/js/*mce/plugins/bbcode && rm -rf program/js/*mce/plugins/bbcode || exit 1
+
%build
# Nothing
@@ -176,6 +200,12 @@ rm -rf %{buildroot}
%changelog
+* Sun Dec 21 2014 Remi Collet <remi@fedoraproject.org> - 1.0.4-2
+- sync with rawhide (drop tinymce bbcode plugin)
+
+* Sat Dec 20 2014 Adam Williamson <awilliam@redhat.com> - 1.0.4-2
+- drop tinymce bbcode plugin for safety (CVE-2012-4230)
+
* Fri Dec 19 2014 Remi Collet <remi@fedoraproject.org> - 1.0.4-1
- Update to 1.0.4 (service release, security)