rpms/roundcubemail/F-12 roundcubemail-0.3.1-CVE-2010-0464.patch, NONE, 1.1 roundcubemail.spec, 1.27, 1.28 sources, 1.14, 1.15

Jon Ciesla limb at fedoraproject.org
Mon Feb 1 18:40:48 UTC 2010 

Author: limb

Update of /cvs/pkgs/rpms/roundcubemail/F-12
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv12257/F-12

Modified Files:
	roundcubemail.spec sources 
Added Files:
	roundcubemail-0.3.1-CVE-2010-0464.patch 
Log Message:
CVE-2010-0464.


roundcubemail-0.3.1-CVE-2010-0464.patch:
 rcube_html_page.php |    8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

--- NEW FILE roundcubemail-0.3.1-CVE-2010-0464.patch ---
--- program/include/rcube_html_page.php~	2009-06-22 11:20:34.000000000 -0500
+++ program/include/rcube_html_page.php	2010-02-01 12:21:44.000000000 -0600
@@ -164,7 +164,13 @@
             $__page_header.= ' content="text/html; charset=';
             $__page_header.= $this->charset . '" />'."\n";
         }
-
+        // add hint to disable DNS prefetching 
+        if (!headers_sent()) { 
+            header('X-DNS-Prefetch-Control: off'); 
+        } else { 
+            $__page_header.= '<meta http-equiv="x-dns-prefetch-control" content="off" />'."\n"; 
+        }
+        
         // definition of the code to be placed in the document header and footer
         if (is_array($this->script_files['head'])) {
             foreach ($this->script_files['head'] as $file) {


Index: roundcubemail.spec
===================================================================
RCS file: /cvs/pkgs/rpms/roundcubemail/F-12/roundcubemail.spec,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -p -r1.27 -r1.28
--- roundcubemail.spec	22 Oct 2009 15:25:54 -0000	1.27
+++ roundcubemail.spec	1 Feb 2010 18:40:48 -0000	1.28
@@ -1,14 +1,14 @@
 %define roundcubedir %{_datadir}/roundcubemail
 %global _logdir /var/log  
 Name: roundcubemail
-Version:  0.3
+Version:  0.3.1
 Release:  2%{?dist}
 Summary: Round Cube Webmail is a browser-based multilingual IMAP client
 
 Group: Applications/System         
 License: GPLv2
 URL: http://www.roundcube.net
-Source0: roundcubemail-%{version}-stable-dep.tar.gz
+Source0: roundcubemail-%{version}-dep.tar.gz
 Source1: roundcubemail.conf
 Source2: roundcubemail.logrotate
 Source4: roundcubemail-README.fedora
@@ -19,6 +19,7 @@ Patch0: roundcubemail-0.2-beta-confpath.
 #Patch2: roundcubemail-0.2-beta-CVE-2008-5620.patch
 #Patch3: roundcubemail-0.2-CVE-2009-0413.patch
 Patch4: roundcubemail-0.2-stable-pg-mdb2.patch
+Patch5: roundcubemail-0.3.1-CVE-2010-0464.patch
 
 BuildArch: noarch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root%(%{__id_u} -n)
@@ -46,13 +47,14 @@ requires the MySQL database or the Postg
 interface is fully skinnable using XHTML and CSS 2.
 
 %prep
-%setup -q -n roundcubemail-0.3-stable-dep
+%setup -q -n roundcubemail-%{version}-dep
 
 %patch0 -p0
 #%patch1 -p0
 #%patch2 -p0
 #%patch3 -p0
 %patch4 -p0
+%patch5 -p0
 
 # fix permissions and remove any .htaccess files
 find . -type f -print | xargs chmod a-x
@@ -144,6 +146,12 @@ exit 0
 %config(noreplace) %{_sysconfdir}/logrotate.d/roundcubemail
 
 %changelog
+* Mon Feb 01 2010 Jon Ciesla <limb at jcomserv.net> = 0.3.1-2
+- Patch to fix CVE-2010-0464, BZ 560143.
+
+* Mon Nov 30 2009 Jon Ciesla <limb at jcomserv.net> = 0.3.1-1
+- New upstream.
+
 * Thu Oct 22 2009 Jon Ciesla <limb at jcomserv.net> = 0.3-2
 - Macro fix, BZ530037.
 


Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/roundcubemail/F-12/sources,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -p -r1.14 -r1.15
--- sources	23 Sep 2009 15:15:34 -0000	1.14
+++ sources	1 Feb 2010 18:40:48 -0000	1.15
@@ -1 +1 @@
-f574e0c1f22194c752f5ae415a90d6cc  roundcubemail-0.3-stable-dep.tar.gz
+ad8e3ba04b53e488547f643076722aa5  roundcubemail-0.3.1-dep.tar.gz

More information about the scm-commits mailing list