From 6d874e8dce69da7c14befd19167ce97498d7210b Mon Sep 17 00:00:00 2001
From: Vincent Bernat <bernat@debian.org>
Date: Sat, 14 Mar 2009 17:42:07 +0100
Subject: [PATCH] Imported Debian patch 0.2.1-1

---
 debian/changelog                          |  8 ++++
 debian/patches/cve-2009-0413.patch        | 45 -----------------------
 debian/patches/series                     |  1 -
 debian/patches/use_packaged_tinymce.patch | 12 +++---
 4 files changed, 14 insertions(+), 52 deletions(-)
 delete mode 100644 debian/patches/cve-2009-0413.patch

diff --git a/debian/changelog b/debian/changelog
index 5cc61b2..741708e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+roundcube (0.2.1-1) unstable; urgency=low
+
+  * New upstream release:
+      + Fix use_packaged_tinymce.patch to apply to this new version
+      + Remove cve-2009-0413.patch which has been applied upstream
+
+ -- Vincent Bernat <bernat@debian.org>  Sat, 14 Mar 2009 17:42:07 +0100
+
 roundcube (0.2~stable-2) unstable; urgency=low
 
   * Update debconf translations:
diff --git a/debian/patches/cve-2009-0413.patch b/debian/patches/cve-2009-0413.patch
deleted file mode 100644
index 8b4349b..0000000
--- a/debian/patches/cve-2009-0413.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-Fix CVE-2009-0413 by handling carefully background attribute.
---- roundcubemail/CHANGELOG (revision 2242)
-+++ roundcubemail/CHANGELOG (revision 2245)
-@@ -1,4 +1,8 @@
- CHANGELOG RoundCube Webmail
- ---------------------------
-+
-+2009/01/20 (thomasb)
-+----------
-+- Fix XSS vulnerability through background attributes as reported by Julien Cayssol
- 
- 2009/01/18 (alec)
---- roundcubemail/program/lib/washtml.php (revision 1811)
-+++ roundcubemail/program/lib/washtml.php (revision 2245)
-@@ -81,5 +81,5 @@
-   
-   /* Allowed HTML attributes */
--  static $html_attribs = array('name', 'class', 'title', 'alt', 'width', 'height', 'align', 'nowrap', 'col', 'row', 'id', 'rowspan', 'colspan', 'cellspacing', 'cellpadding', 'valign', 'bgcolor', 'color', 'border', 'bordercolorlight', 'bordercolordark', 'face', 'marginwidth', 'marginheight', 'axis', 'border', 'abbr', 'char', 'charoff', 'clear', 'compact', 'coords', 'vspace', 'hspace', 'cellborder', 'size', 'lang', 'dir', 'background');  
-+  static $html_attribs = array('name', 'class', 'title', 'alt', 'width', 'height', 'align', 'nowrap', 'col', 'row', 'id', 'rowspan', 'colspan', 'cellspacing', 'cellpadding', 'valign', 'bgcolor', 'color', 'border', 'bordercolorlight', 'bordercolordark', 'face', 'marginwidth', 'marginheight', 'axis', 'border', 'abbr', 'char', 'charoff', 'clear', 'compact', 'coords', 'vspace', 'hspace', 'cellborder', 'size', 'lang', 'dir');  
-   
-   /* State for linked objects in HTML */
-@@ -161,13 +161,13 @@
-       $value = $node->getAttribute($key);
-       if(isset($this->_html_attribs[$key]) ||
--         ($key == 'href' && preg_match('/^(http|https|ftp|mailto):.*/i', $value)))
-+         ($key == 'href' && preg_match('/^(http|https|ftp|mailto):.+/i', $value)))
-         $t .= ' ' . $key . '="' . htmlspecialchars($value, ENT_QUOTES) . '"';
-       else if($key == 'style' && ($style = $this->wash_style($value)))
-         $t .= ' style="' . $style . '"';
--      else if($key == 'src' && strtolower($node->tagName) == 'img') { //check tagName anyway
-+      else if($key == 'background' || ($key == 'src' && strtolower($node->tagName) == 'img')) { //check tagName anyway
-         if($src = $this->config['cid_map'][$value]) {
-           $t .= ' ' . $key . '="' . htmlspecialchars($src, ENT_QUOTES) . '"';
-         }
--        else if(preg_match('/^(http|https|ftp):.*/i', $value)) {
-+        else if(preg_match('/^(http|https|ftp):.+/i', $value)) {
-           if($this->config['allow_remote'])
-             $t .= ' ' . $key . '="' . htmlspecialchars($value, ENT_QUOTES) . '"';
-@@ -175,5 +175,5 @@
-             $this->extlinks = true;
-             if ($this->config['blocked_src'])
--              $t .= ' src="' . htmlspecialchars($this->config['blocked_src'], ENT_QUOTES) . '"';
-+              $t .= ' ' . $key . '="' . htmlspecialchars($this->config['blocked_src'], ENT_QUOTES) . '"';
-           }
-         }
diff --git a/debian/patches/series b/debian/patches/series
index 8e2bd18..e148aed 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,5 +2,4 @@ dbconfig-common_support.patch
 correct_install_path.patch
 use_packaged_tinymce.patch
 correct-magic-path.patch
-cve-2009-0413.patch
 too-old-mdb2.patch
diff --git a/debian/patches/use_packaged_tinymce.patch b/debian/patches/use_packaged_tinymce.patch
index 7b3a1ff..f2a7a91 100644
--- a/debian/patches/use_packaged_tinymce.patch
+++ b/debian/patches/use_packaged_tinymce.patch
@@ -4,10 +4,10 @@ Use tinymce from tinycme package instead of the shipped one.
 +++ roundcube-0.1~rc2/program/steps/mail/sendmail.inc	2007-11-26 11:44:04.000000000 +0100
 @@ -123,7 +123,7 @@
  
-     // sanitize image name so resulting attachment doesn't leave images dir
-     $image_name = preg_replace('/[^a-zA-Z0-9_\.\-]/i','',$image_name);
--    $img_file = INSTALL_PATH . '/' . $searchstr . $image_name;
-+    $img_file = '/usr/share/tinymce/www/plugins/emotions/img/' . $image_name;
+         // sanitize image name so resulting attachment doesn't leave images dir
+         $image_name = preg_replace('/[^a-zA-Z0-9_\.\-]/i', '', $image_name);
+-        $img_file = INSTALL_PATH . '/' . $searchstr . $image_name;
++        $img_file = '/usr/share/tinymce/www/plugins/emotions/img/' . $image_name;
  
-     if (! in_array($image_name, $included_images))
-       {
+         if (! in_array($image_name, $included_images)) {
+           // add the image to the MIME message
-- 
2.39.2