From bef834045b55ae2beae7b938f56268204dfc19ff Mon Sep 17 00:00:00 2001
From: Remi Collet <fedora@famillecollet.com>
Date: Sun, 21 Dec 2014 08:07:01 +0100
Subject: roundcubemail: sync with rawhide (drop tinymce bbcode plugin)

---
 roundcubemail-README.rpm |  8 ++++++++
 roundcubemail.spec       | 36 +++++++++++++++++++++++++++++++++---
 2 files changed, 41 insertions(+), 3 deletions(-)

diff --git a/roundcubemail-README.rpm b/roundcubemail-README.rpm
index afb5445..57a92c3 100644
--- a/roundcubemail-README.rpm
+++ b/roundcubemail-README.rpm
@@ -10,6 +10,14 @@ Notice
 As those directories are not served by the web server,
 there is no need to protect them.
 
+Databases
+
+Roundcube supports various database providers, including SQLite, MySQL and
+PostgreSQL. The package depends only on php-pdo, which provides SQLite
+support. However, the default configuration is for a MySQL database, for
+performance reasons. To use the MySQL database, ensure php-mysql is
+installed. If you want to use another database, adjust the configuration
+file, and ensure the appropriate PDO plugin is installed. If necessary.
 
 
 The installer is available at http://localhost/roundcubemail/installer
diff --git a/roundcubemail.spec b/roundcubemail.spec
index 61bc42e..b72a69d 100644
--- a/roundcubemail.spec
+++ b/roundcubemail.spec
@@ -2,7 +2,7 @@
 %global _logdir /var/log  
 Name: roundcubemail
 Version:  1.0.4
-Release:  1%{?dist}
+Release:  2%{?dist}
 Summary: Round Cube Webmail is a browser-based multilingual IMAP client
 
 Group: Applications/System
@@ -19,7 +19,7 @@ Group: Applications/System
 # http://www.tinymce.com/
 License: GPLv3+ with exceptions and GPLv3+ and GPLv2 and LGPLv2+ and CC-BY-SA and (MIT or GPLv2)
 URL: http://www.roundcube.net
-Source0: http://downloads.sourceforge.net/roundcubemail/roundcubemail-%{version}-dep.tar.gz
+Source0: https://downloads.sourceforge.net/roundcubemail/roundcubemail-%{version}-dep.tar.gz
 Source1: roundcubemail.conf
 Source2: roundcubemail.logrotate
 Source4: roundcubemail-README.rpm
@@ -45,8 +45,9 @@ Requires: php-intl
 Requires: php-json
 Requires: php-ldap
 Requires: php-mbstring
+# For 1.1, switch this to openssl, upstream now uses it in preference to
+# mcrypt if available - adamw 2014-12
 Requires: php-mcrypt
-Requires: php-mysql
 Requires: php-pcre
 Requires: php-posix
 Requires: php-pdo
@@ -66,6 +67,24 @@ Requires: php-pear(Net_IDNA2)       >= 0.1.1
 # mailcap for /etc/mime.types
 Requires: mailcap
 
+# Optional deps
+# Spell check
+#Suggests: php-enchant
+# Caching
+#Suggests: php-apc
+#Suggests: php-memcache
+# EXIF images
+Requires: php-exif
+# Upload progress (shock!)
+#Suggests: php-uploadprogress
+# ZIP download plugin
+Requires: php-zip
+
+# Gearman support
+#Optional: php-gearman
+# PAM password support
+#Optional: php-pam
+
 
 %description
 RoundCube Webmail is a browser-based multilingual IMAP client
@@ -101,6 +120,11 @@ find . -type f -name '*.swf' | xargs rm -f
 # drop file from patch
 find . -type f -name '*.orig' | xargs rm -f
 
+# Wipe bbcode plugin from bundled TinyMCE to make doubleplus sure we cannot
+# be vulnerable to CVE-2012-4230, unaddressed upstream
+echo "CVE-2012-4230: removing tinymce bbcode plugin, check path if this fails."
+test -d program/js/*mce/plugins/bbcode && rm -rf program/js/*mce/plugins/bbcode || exit 1
+
 
 %build
 # Nothing
@@ -176,6 +200,12 @@ rm -rf %{buildroot}
 
 
 %changelog
+* Sun Dec 21 2014 Remi Collet <remi@fedoraproject.org> - 1.0.4-2
+- sync with rawhide (drop tinymce bbcode plugin)
+
+* Sat Dec 20 2014 Adam Williamson <awilliam@redhat.com> - 1.0.4-2
+- drop tinymce bbcode plugin for safety (CVE-2012-4230)
+
 * Fri Dec 19 2014 Remi Collet <remi@fedoraproject.org> - 1.0.4-1
 - Update to 1.0.4 (service release, security)
 
-- 
cgit