Summary: | mail/roundcube: Update to 1.2.2 | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Ports & Packages | Reporter: | Lukasz Wasikowski <lukasz> | ||||||
Component: | Individual Port(s) | Assignee: | Kurt Jaeger <pi> | ||||||
Status: | Closed FIXED | ||||||||
Severity: | Affects Many People | CC: | ale, brnrd, lukasz, pi, uros | ||||||
Priority: | --- | Flags: | pi:
maintainer-feedback-
|
||||||
Version: | Latest | ||||||||
Hardware: | Any | ||||||||
OS: | Any | ||||||||
Attachments: |
|
Description
Lukasz Wasikowski
2014-12-16 12:41:02 UTC
Auto-assigned to maintainer ale@FreeBSD.org The root .htaccess is just a sample, you are responsible for protecting your web server appropriately. If you use roundcube on other platforms (or install it from sources) then you get this sample which protects you at some basic level. Roundcube's documentation refers to this missing file. User should be at least warned during installation, that default .htaccess file is missing in this port. In my humble opinion deleting this file is lowers security and should be fixed. Why was it removed? (In reply to Lukasz Wasikowski from comment #3) From what I can see, the root .htaccess contains relevant info about how roundcube sees its own protection requirements. It would be useful to install that file, probably as an .htaccess.sample ? Btw, the .htaccess files for the subdirectories are installed, so the reasoning behind not installing the root .htaccess seems a bit inconsistent ? Created attachment 174116 [details] svn diff for mail/roundcube Patch to update roundcube webmail to 1.2.1 mail/roundcube: Update to 1.2.1 - Update to 1.2.1 - Add missing .htaccess file in WWWDIR [1] - Switch WANT_PHP_WEB to USES= php:web - Add description for DB options group - Convert all ${PORT_OPTIONS:Mfoo} to OPTIONS framework - Convert target conditionals to target-OPT-on PR: 196016 [1] Submitted by: Lukasz Wasikowski <lukasz@wasikowski.net> [1] Can this be upgraded to 1.2.2 ? test-building a 1.2.2 patch @work, based on the patch 174116 Created attachment 175388 [details]
patch-to-1.2.2
Testbuilds are fine. TODO: run-tests
Committed for 1.2.2, 1.2.1 was done with r423243. A commit references this bug: Author: pi Date: Fri Oct 7 19:09:56 UTC 2016 New revision: 423479 URL: https://svnweb.freebsd.org/changeset/ports/423479 Log: mail/roundcube: 1.2.1 -> 1.2.2 PR: 196026 Changes: https://github.com/roundcube/roundcubemail/wiki/Changelog#release-122 Submitted by: brnrd Approved by: ale (maintainer timeout) Changes: head/mail/roundcube/Makefile head/mail/roundcube/distinfo A commit references this bug: Author: junovitch Date: Sun Dec 4 21:03:15 UTC 2016 New revision: 427804 URL: https://svnweb.freebsd.org/changeset/ports/427804 Log: MFH: r423243 r423250 r423479 r427802 mail/roundcube: Update to 1.2.1 - Update to 1.2.1 - Add missing .htaccess file in WWWDIR [1] - Switch WANT_PHP_WEB to USES= php:web - Add description for DB options group - Convert all ${PORT_OPTIONS:Mfoo} to OPTIONS framework - Convert target conditionals to target-OPT-on PR: 196016 [1] Submitted by: Lukasz Wasikowski <lukasz@wasikowski.net> [1] Approved by: Maintainer timeout mail/roundcube: fix dependency when using SQLite, bump PORTREVISION mail/roundcube: 1.2.1 -> 1.2.2 PR: 196026 Changes: https://github.com/roundcube/roundcubemail/wiki/Changelog#release-122 Submitted by: brnrd Approved by: ale (maintainer timeout) mail/roundcube: update 1.2.2 -> 1.2.3; add NO_ARCH while here Changes: https://github.com/roundcube/roundcubemail/wiki/Changelog#release-123 PR: 214925 Submitted by: brnrd Security: https://vuxml.FreeBSD.org/freebsd/125f5958-b611-11e6-a9a5-b499baebfeaf.html Approved by: ports-secteam (with hat) Changes: _U branches/2016Q4/ branches/2016Q4/mail/roundcube/Makefile branches/2016Q4/mail/roundcube/distinfo |