diff options
| author |   Tim Harder <radhermit@gentoo.org> | 2010-10-11 00:55:50 +0000 |
|---|---|---|
| committer | Tim Harder <radhermit@gentoo.org> | 2010-10-11 00:55:50 +0000 |
| commit | a85d54ab949934ac1313debb0136130982cbe04e (patch) | |
| tree | 5b5512e76217bf876717d9deccac1e783fd07843 /mail-client/roundcube/files | |
| parent | 2.2_rc92 version bump. This fixes a regression since 2.2_rc90 which can (diff) | |
| download | gentoo-2-a85d54ab949934ac1313debb0136130982cbe04e.tar.gz gentoo-2-a85d54ab949934ac1313debb0136130982cbe04e.tar.bz2 gentoo-2-a85d54ab949934ac1313debb0136130982cbe04e.zip | |
Remove old versions with security issues (bug #308065).
(Portage version: 2.2_rc90/cvs/Linux x86_64)
Diffstat (limited to 'mail-client/roundcube/files')
| -rw-r--r-- | mail-client/roundcube/files/roundcube-0.3.1-disable-dns-prefetching.patch | 40 |
1 files changed, 0 insertions, 40 deletions
diff --git a/mail-client/roundcube/files/roundcube-0.3.1-disable-dns-prefetching.patch b/mail-client/roundcube/files/roundcube-0.3.1-disable-dns-prefetching.patch deleted file mode 100644 index 0ec3c77b706e..000000000000 --- a/mail-client/roundcube/files/roundcube-0.3.1-disable-dns-prefetching.patch +++ /dev/null @@ -1,40 +0,0 @@ ---- roundcubemail-0.3.1.orig/CHANGELOG 2009-10-31 08:20:02.000000000 -0500 -+++ roundcubemail-0.3.1/CHANGELOG 2010-09-27 23:58:39.540056153 -0500 -@@ -1,6 +1,7 @@ - CHANGELOG RoundCube Webmail - =========================== - -+- Fix CVE-2010-0464: Disable DNS prefetching (#1486449)
- - Specify toolbar container in compose template (#1486247) - - Fix $_SERVER['HTTPS'] check for SSL forcing on IIS (#1486243) - - Avoid unnecessary page loads for selected tab (#1486032) ---- roundcubemail-0.3.1.orig/program/include/rcube_shared.inc 2009-10-27 04:43:39.000000000 -0500 -+++ roundcubemail-0.3.1/program/include/rcube_shared.inc 2010-09-27 23:58:39.541053001 -0500 -@@ -39,6 +39,8 @@ - header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT"); - header("Cache-Control: private, must-revalidate, post-check=0, pre-check=0"); - header("Pragma: no-cache"); -+ // Request browser to disable DNS prefetching (CVE-2010-0464)
-+ header("X-DNS-Prefetch-Control: off");
- - // We need to set the following headers to make downloads work using IE in HTTPS mode. - if (rcube_https_check()) { ---- roundcubemail-0.3.1.orig/program/steps/mail/get.inc 2009-09-22 02:50:32.000000000 -0500 -+++ roundcubemail-0.3.1/program/steps/mail/get.inc 2010-09-28 00:00:16.001053823 -0500 -@@ -41,6 +41,7 @@ - $MESSAGE = new rcube_message(get_input_value('_uid', RCUBE_INPUT_GET)); - } - -+send_nocacheing_headers();
- - // show part page - if (!empty($_GET['_frame'])) { -@@ -66,8 +67,6 @@ - - $browser = new rcube_browser; - -- send_nocacheing_headers(); -- - // send download headers - if ($_GET['_download']) { - header("Content-Type: application/octet-stream"); |