Attachment #171099 for bug #210077

View | Details | Raw Unified | Return to bug 210077
Collapse All | Expand All




# $FreeBSD: head/mail/roundcube/Makefile 414979 2016-05-11 08:20:00Z ale $

PORTNAME=	roundcube
DISTVERSION=	1.2.0
PORTEPOCH=	1
CATEGORIES?=	mail www
MASTER_SITES=	https://github.com/roundcube/roundcubemail/releases/download/${DISTVERSION}/

CPE_VENDOR=	roundcube

WANT_PHP_WEB=	yes
USE_PHP=	pcre mbstring session iconv dom xml json intl zip filter openssl
#IGNORE_WITH_PHP=70

OPTIONS_DEFINE=	LDAP GD PSPELL NSC DOCS
OPTIONS_SINGLE=	DB
OPTIONS_SINGLE_DB=	MYSQL PGSQL SQLITE
OPTIONS_DEFAULT=MYSQL

MYSQL_DESC=	Use MySQL backend
PGSQL_DESC=	Use PostgreSQL backend
SQLITE_DESC=	Use SQLite backend
SSL_DESC=	Enable SSL support (imaps or google spellcheck)
LDAP_DESC=	Enable LDAP support (address book)
GD_DESC=	Enable GD support (image conversion)
PSPELL_DESC=	Enable PSpell support (internal spellcheck)

USE_PHP+=	pdo_sqlite
.endif

.if ${PORT_OPTIONS:MSSL}
USE_PHP+=	openssl
.endif

.if ${PORT_OPTIONS:MLDAP}
USE_PHP+=	ldap
.endif

Lines 1-2 Link Here

(-)../../home/pi/myp/mail/roundcube/distinfo (-2 / +3 lines)
1	SHA256 (roundcubemail-1.1.5-complete.tar.gz) = 476a1d45b0592b2ad43e3e08cbc72e69ef31e33ed8a8f071f02e5a1ae3e7f334	1	TIMESTAMP = 1465063173
2	SIZE (roundcubemail-1.1.5-complete.tar.gz) = 4581781	2	SHA256 (roundcubemail-1.2.0-complete.tar.gz) = 574895da03b5ad78eaf0843a78e0c0ab734a9327b4ba47b72405b768cb2854cc
		3	SIZE (roundcubemail-1.2.0-complete.tar.gz) = 3748290




--- program/lib/Roundcube/rcube_session.php.orig	2015-09-22 15:24:26.400132239 +0000
+++ program/lib/Roundcube/rcube_session.php	2015-09-22 15:24:08.430133455 +0000
@@ -35,7 +35,6 @@
     private $time_diff = 0;
     private $reloaded = false;
     private $appends = array();
-    private $unsets = array();
     private $gc_handlers = array();
     private $cookiename = 'roundcube_sessauth';
     private $vars;
@@ -46,6 +45,7 @@
     private $logging = false;
     private $storage;
     private $memcache;
+    private $need_base64 = false;
 
     /**
      * Blocks session data from being written to database.
@@ -95,6 +95,9 @@
         else if ($this->storage != 'php') {
             ini_set('session.serialize_handler', 'php');
 
+            if (ini_get("suhosin.session.encrypt") !== "1")
+                $this->need_base64 = true;
+
             // set custom functions for PHP session management
             session_set_save_handler(
                 array($this, 'open'),
@@ -192,7 +195,7 @@
             $this->time_diff = time() - strtotime($sql_arr['ts']);
             $this->changed   = strtotime($sql_arr['changed']);
             $this->ip        = $sql_arr['ip'];
-            $this->vars      = base64_decode($sql_arr['vars']);
+            $this->vars      = $this->_decode($sql_arr['vars']);
             $this->key       = $key;
 
             return !empty($this->vars) ? (string) $this->vars : '';
@@ -232,12 +235,12 @@
         }
 
         if ($oldvars !== null) {
-            $newvars = $this->_fixvars($vars, $oldvars);
+            $newvars = $vars;
 
             if ($newvars !== $oldvars) {
                 $this->db->query("UPDATE {$this->table_name} "
                     . "SET `changed` = $now, `vars` = ? WHERE `sess_id` = ?",
-                    base64_encode($newvars), $key);
+                    $this->_encode($newvars), $key);
             }
             else if ($ts - $this->changed + $this->time_diff > $this->lifetime / 2) {
                 $this->db->query("UPDATE {$this->table_name} SET `changed` = $now"
@@ -248,44 +251,30 @@
             $this->db->query("INSERT INTO {$this->table_name}"
                 . " (`sess_id`, `vars`, `ip`, `created`, `changed`)"
                 . " VALUES (?, ?, ?, $now, $now)",
-                $key, base64_encode($vars), (string)$this->ip);
+                $key, $this->_encode($vars), (string)$this->ip);
         }
 
         return true;
     }
 
 
-    /**
-     * Merge vars with old vars and apply unsets
-     */
-    private function _fixvars($vars, $oldvars)
+    private function _encode($vars)
     {
-        if ($oldvars !== null) {
-            $a_oldvars = $this->unserialize($oldvars);
-            if (is_array($a_oldvars)) {
-                // remove unset keys on oldvars
-                foreach ((array)$this->unsets as $var) {
-                    if (isset($a_oldvars[$var])) {
-                        unset($a_oldvars[$var]);
-                    }
-                    else {
-                        $path = explode('.', $var);
-                        $k = array_pop($path);
-                        $node = &$this->get_node($path, $a_oldvars);
-                        unset($node[$k]);
-                    }
-                }
-
-                $newvars = $this->serialize(array_merge(
-                    (array)$a_oldvars, (array)$this->unserialize($vars)));
-            }
-            else {
-                $newvars = $vars;
-            }
+        if ($this->need_base64) {
+            return base64_encode($vars);
+        } else {
+            return $vars;
         }
+    }
 
-        $this->unsets = array();
-        return $newvars;
+
+    private function _decode($vars) 
+    {
+        if ($this->need_base64) {
+            return base64_decode($vars);
+        } else {
+            return $vars;
+        }
     }
 
 
@@ -350,7 +339,7 @@
         else // else read data again
             $oldvars = $this->mc_read($key);
 
-        $newvars = $oldvars !== null ? $this->_fixvars($vars, $oldvars) : $vars;
+        $newvars = $vars;
 
         if ($newvars !== $oldvars || $ts - $this->changed > $this->lifetime / 3) {
             return $this->memcache->set($key, serialize(array('changed' => time(), 'ip' => $this->ip, 'vars' => $newvars)),
@@ -488,8 +477,6 @@
             return $this->destroy(session_id());
         }
 
-        $this->unsets[] = $var;
-
         if (isset($_SESSION[$var])) {
             unset($_SESSION[$var]);
         }

Lines 1-11 Link Here

(-)../../home/pi/myp/mail/roundcube/files/patch-vendor_pear-pear.php.net_Net__Sieve_Net_Sieve.php (-11 lines)
1	--- vendor/pear-pear.php.net/Net_Sieve/Net/Sieve.php.orig 2016-03-01 14:32:07 UTC
2	+++ vendor/pear-pear.php.net/Net_Sieve/Net/Sieve.php
3	@@ -229,7 +229,7 @@ class Net_Sieve
4	$this->_sock = new Net_Socket();
5	$this->_bypassAuth = $bypassAuth;
6	$this->_useTLS = $useTLS;
7	- $this->_options = $options;
8	+ $this->_options = (array)$options;
9	$this->setDebug($debug, $handler);
10
11	/* Try to include the Auth_SASL package. If the package is not

Return to bug 210077

Lines 1-7 Link Here

(-)../../home/pi/myp/mail/roundcube/Makefile (-9 / +4 lines)
1	# $FreeBSD: head/mail/roundcube/Makefile 414979 2016-05-11 08:20:00Z ale $	1	# $FreeBSD: head/mail/roundcube/Makefile 414979 2016-05-11 08:20:00Z ale $
2		2
3	PORTNAME= roundcube	3	PORTNAME= roundcube
4	DISTVERSION= 1.1.5	4	DISTVERSION= 1.2.0
5	PORTEPOCH= 1	5	PORTEPOCH= 1
6	CATEGORIES?= mail www	6	CATEGORIES?= mail www
7	MASTER_SITES= https://github.com/roundcube/roundcubemail/releases/download/${DISTVERSION}/	7	MASTER_SITES= https://github.com/roundcube/roundcubemail/releases/download/${DISTVERSION}/
Lines 23-32 Link Here
23	CPE_VENDOR= roundcube	23	CPE_VENDOR= roundcube
24		24
25	WANT_PHP_WEB= yes	25	WANT_PHP_WEB= yes
26	USE_PHP= pcre mbstring session iconv dom xml json intl zip filter	26	USE_PHP= pcre mbstring session iconv dom xml json intl zip filter openssl
27	IGNORE_WITH_PHP=70	27	#IGNORE_WITH_PHP=70
28		28
29	OPTIONS_DEFINE= SSL LDAP GD PSPELL NSC DOCS	29	OPTIONS_DEFINE= LDAP GD PSPELL NSC DOCS
30	OPTIONS_SINGLE= DB	30	OPTIONS_SINGLE= DB
31	OPTIONS_SINGLE_DB= MYSQL PGSQL SQLITE	31	OPTIONS_SINGLE_DB= MYSQL PGSQL SQLITE
32	OPTIONS_DEFAULT=MYSQL	32	OPTIONS_DEFAULT=MYSQL
Lines 34-40 Link Here
34	MYSQL_DESC= Use MySQL backend	34	MYSQL_DESC= Use MySQL backend
35	PGSQL_DESC= Use PostgreSQL backend	35	PGSQL_DESC= Use PostgreSQL backend
36	SQLITE_DESC= Use SQLite backend	36	SQLITE_DESC= Use SQLite backend
37	SSL_DESC= Enable SSL support (imaps or google spellcheck)
38	LDAP_DESC= Enable LDAP support (address book)	37	LDAP_DESC= Enable LDAP support (address book)
39	GD_DESC= Enable GD support (image conversion)	38	GD_DESC= Enable GD support (image conversion)
40	PSPELL_DESC= Enable PSpell support (internal spellcheck)	39	PSPELL_DESC= Enable PSpell support (internal spellcheck)
Lines 54-63 Link Here
54	USE_PHP+= pdo_sqlite	53	USE_PHP+= pdo_sqlite
55	.endif	54	.endif
56		55
57	.if ${PORT_OPTIONS:MSSL}
58	USE_PHP+= openssl
59	.endif
60
61	.if ${PORT_OPTIONS:MLDAP}	56	.if ${PORT_OPTIONS:MLDAP}
62	USE_PHP+= ldap	57	USE_PHP+= ldap
63	.endif	58	.endif

Lines 1-130 Link Here

(-)../../home/pi/myp/mail/roundcube/files/patch-program_lib_Roundcube_rcube_session.php (-130 lines)
1	--- program/lib/Roundcube/rcube_session.php.orig 2015-09-22 15:24:26.400132239 +0000
2	+++ program/lib/Roundcube/rcube_session.php 2015-09-22 15:24:08.430133455 +0000
3	@@ -35,7 +35,6 @@
4	private $time_diff = 0;
5	private $reloaded = false;
6	private $appends = array();
7	- private $unsets = array();
8	private $gc_handlers = array();
9	private $cookiename = 'roundcube_sessauth';
10	private $vars;
11	@@ -46,6 +45,7 @@
12	private $logging = false;
13	private $storage;
14	private $memcache;
15	+ private $need_base64 = false;
16
17	/**
18	* Blocks session data from being written to database.
19	@@ -95,6 +95,9 @@
20	else if ($this->storage != 'php') {
21	ini_set('session.serialize_handler', 'php');
22
23	+ if (ini_get("suhosin.session.encrypt") !== "1")
24	+ $this->need_base64 = true;
25	+
26	// set custom functions for PHP session management
27	session_set_save_handler(
28	array($this, 'open'),
29	@@ -192,7 +195,7 @@
30	$this->time_diff = time() - strtotime($sql_arr['ts']);
31	$this->changed = strtotime($sql_arr['changed']);
32	$this->ip = $sql_arr['ip'];
33	- $this->vars = base64_decode($sql_arr['vars']);
34	+ $this->vars = $this->_decode($sql_arr['vars']);
35	$this->key = $key;
36
37	return !empty($this->vars) ? (string) $this->vars : '';
38	@@ -232,12 +235,12 @@
39	}
40
41	if ($oldvars !== null) {
42	- $newvars = $this->_fixvars($vars, $oldvars);
43	+ $newvars = $vars;
44
45	if ($newvars !== $oldvars) {
46	$this->db->query("UPDATE {$this->table_name} "
47	. "SET `changed` = $now, `vars` = ? WHERE `sess_id` = ?",
48	- base64_encode($newvars), $key);
49	+ $this->_encode($newvars), $key);
50	}
51	else if ($ts - $this->changed + $this->time_diff > $this->lifetime / 2) {
52	$this->db->query("UPDATE {$this->table_name} SET `changed` = $now"
53	@@ -248,44 +251,30 @@
54	$this->db->query("INSERT INTO {$this->table_name}"
55	. " (`sess_id`, `vars`, `ip`, `created`, `changed`)"
56	. " VALUES (?, ?, ?, $now, $now)",
57	- $key, base64_encode($vars), (string)$this->ip);
58	+ $key, $this->_encode($vars), (string)$this->ip);
59	}
60
61	return true;
62	}
63
64
65	- /**
66	- * Merge vars with old vars and apply unsets
67	- */
68	- private function _fixvars($vars, $oldvars)
69	+ private function _encode($vars)
70	{
71	- if ($oldvars !== null) {
72	- $a_oldvars = $this->unserialize($oldvars);
73	- if (is_array($a_oldvars)) {
74	- // remove unset keys on oldvars
75	- foreach ((array)$this->unsets as $var) {
76	- if (isset($a_oldvars[$var])) {
77	- unset($a_oldvars[$var]);
78	- }
79	- else {
80	- $path = explode('.', $var);
81	- $k = array_pop($path);
82	- $node = &$this->get_node($path, $a_oldvars);
83	- unset($node[$k]);
84	- }
85	- }
86	-
87	- $newvars = $this->serialize(array_merge(
88	- (array)$a_oldvars, (array)$this->unserialize($vars)));
89	- }
90	- else {
91	- $newvars = $vars;
92	- }
93	+ if ($this->need_base64) {
94	+ return base64_encode($vars);
95	+ } else {
96	+ return $vars;
97	}
98	+ }
99
100	- $this->unsets = array();
101	- return $newvars;
102	+
103	+ private function _decode($vars)
104	+ {
105	+ if ($this->need_base64) {
106	+ return base64_decode($vars);
107	+ } else {
108	+ return $vars;
109	+ }
110	}
111
112
113	@@ -350,7 +339,7 @@
114	else // else read data again
115	$oldvars = $this->mc_read($key);
116
117	- $newvars = $oldvars !== null ? $this->_fixvars($vars, $oldvars) : $vars;
118	+ $newvars = $vars;
119
120	if ($newvars !== $oldvars \|\| $ts - $this->changed > $this->lifetime / 3) {
121	return $this->memcache->set($key, serialize(array('changed' => time(), 'ip' => $this->ip, 'vars' => $newvars)),
122	@@ -488,8 +477,6 @@
123	return $this->destroy(session_id());
124	}
125
126	- $this->unsets[] = $var;
127	-
128	if (isset($_SESSION[$var])) {
129	unset($_SESSION[$var]);
130	}