It introduces new features since version 1.1.x covering security and PGP encryption topics: PHP7 compatibility PGP encryption Drag-n-drop attachments from mail preview to compose window Mail messages searching with predefined date interval Improved security measures to protect from brute-force attacks And of course plenty of small improvements and bug fixes.
Kim: I opened a separate bug for the 1.2.0 upgrade. Can you attach your patch to this one? Also: is there a reason you're patching the 1.1.4 ebuild instead of 1.2_beta? (I think your patch will apply to either, actually, but I figured I'd check to make sure.)
Created attachment 435356 [details, diff] 1.1.4 -> 1.2.0.patch Patch for Roundcube 1.2.0 Basically a rename of the stable 1.1.4; changed EAPI to 6, changed SRC_URI to GitHub. Haven't tested new features - just that it still compiles *for me* with my USE-flags (ssl mysql) And no real reason I used the 1.1.4.ebuild as base - just chose the latest stable :)
Thank you for working on this, Kim Sindalsen and Philippe Chaintreuil. I also have to beg your forgiveness as I forgot to thank you in the commit. I stared at it for several minutes thinking I was forgetting something, and not being able to remember, pushed it. commit 4d31c895c86b85f0fec9effbaf37b55c8a2229fb Author: Aaron W. Swenson <titanofold@gentoo.org> Date: Sun May 29 13:35:04 2016 -0400 mail-client/roundcube: Fix Multiple Vulnerabilities Many security issues/enhancements are resolved with this release. The most significant being: * Fix (again) security issue in DBMail driver of password plugin (CVE-2015-2181) * Fix path traversal vulnerability in setting a skin (CVE-2015-8770) * Fix XSS issue in SVG images handling * Fix XSS issue in href attribute on area tag You can find the complete list of changes in the included CHANGELOG or at: https://github.com/roundcube/roundcubemail/wiki/Changelog Bug: 580746, 584200, 584098 Package-Manager: portage-2.2.26