roundcubemail-1.5.1-bp154.1.30

- update to 1.5.1
  * Fix importing contacts with no email address (#8227)
  * Fix so session's search scope is not used if search is not active (#8199)
  * Fix some PHP8 warnings (#8239)
  * Fix so dark mode state is retained after closing the browser (#8237)
  * Fix bug where new messages were not added to the list on refresh if skip_deleted=true (#8234)
  * Fix colors on "Show source" page in dark mode (#8246)
  * Fix handling of dark_mode_support:false setting in skins meta.json - also when devel_mode=false (#8249)
  * Fix database initialization if db_prefix is a schema prefix (#8221)
  * Fix undefined constant error in Installer on Windows (#8258)
  * Fix installation/upgrade on MySQL 5.5 - Index column size too large (#8231)
  * Fix regression in setting of contact listing name (#8260)
  * Fix bug in Larry skin where headers toggle state was reset on full page preview (#8203)
  * Fix bug where \u200b characters were added into the recipient input preventing mail delivery (#8269)
  * Fix charset conversion errors on PHP < 8 for charsets not supported by mbstring (#8252)
  * Fix bug where adding a contact to trusted senders via "Always allow from..." button didn't work (#8264, #8268)
  * Fix bug with show_images setting where option 1 and 3 were swapped (#8268)
  * Fix PHP fatal error on an undefined constant in contacts import action (#8277)
  * Fix fetching headers of multiple message parts at once in rcube_imap_generic::fetchMIMEHeaders() (#8282)
  * Fix bug where attachment download could sometimes fail with a CSRF check error (#8283)
  * Fix an infinite loop when parsing environment variables with float/integer values (#8293)
  * Fix so 'small-dark' logo has more priority than the 'small' logo (#8298)

- update to 1.5.0
  + full PHP8 support
  + Dark mode for Elastic skin
  + OAuth2/XOauth support (with plugin hooks)
  + Collected recipients and trusted senders
  + Moving recipients between inputs with drag & drop
  + Full unicode support with MySQL database
  + Support of IMAP LITERAL- extension RFC 7888
    <https://datatracker.ietf.org/doc/html/rfc7888>
  + Support of RFC 2231 <https://datatracker.ietf.org/doc/html/rfc2231>
    encoded names
  + Cache refactoring
  More at https://github.com/roundcube/roundcubemail/releases/tag/1.5.0
- adjusted some file names to new release
  (_styles.less -> styles.less; _variables.less -> variables.less;
  CHANGELOG -> CHANGELOG.md)
- vendor/roundcube/plugin-installer/src/bin/rcubeinitdb.sh does not exist
  any longer
- added SECURITY.md to documentation
- mark the whole documentation directory as documentation instead of
  listing some files and others not (avoid duplicate entries in RPM-DB)
- adjust requirements: php-intl is now required

- update to 1.4.11 with security fix:
  Fix cross-site scripting (XSS) via HTML messages with malicious CSS content

- add PHP version to Requires: and Recommends: to make sure the same
  version is installed as used during packaging
- drop Requires: http_daemon (fixes boo#1180132) and Suggests: apache2
  (which is already required though mod_php_any)

- use system apache rpm macros

- update to 1.4.9:
  * Fix HTML editor in latest Chrome 85.0.4183.102, update to TinyMCE 4.9.11 (#7615)
  * Add missing localization for some label/legend elements in userinfo plugin (#7478)
  * Fix importing birthday dates from Gmail vCards (BDAY:YYYYMMDD)
  * Fix restoring Cc/Bcc fields from local storage (#7554)
  * Fix jstz.min.js installation, bump version to 1.0.7
  * Fix incorrect PDO::lastInsertId() use in sqlsrv driver (#7564)
  * Fix link to closure compiler in bin/jsshrink.sh script (#7567)
  * Fix bug where some parts of a message could have been missing in a reply/forward body (#7568)
  * Fix empty space on mail printouts in Chrome (#7604)
  * Fix empty output from HTML5 parser when content contains XML tag (#7624)
  * Fix scroll jump on key press in plain text mode of the HTML editor (#7622)
  * Fix so autocompletion list does not hide on scroll inside it (#7592)

- update to 1.4.8 with security fixes:
  * Fix cross-site scripting (XSS) via HTML messages with malicious svg content (CVE-2020-16145)
  * Fix cross-site scripting (XSS) via HTML messages with malicious math content

- update to 1.4.7 with security fix:
  * Security: Fix cross-site scripting (XSS) via HTML messages with malicious svg/namespace
  * Fix bug where subfolders of special folders could have been duplicated on folder list
  * Increase maximum size of contact jobtitle and department fields to 128 characters
  * Fix missing newline after the logged line when writing to stdout (#7418)
  * Elastic: Fix context menu (paste) on the recipient input (#7431)
  * Fix problem with forwarding inline images attached to messages with no HTML part (#7414)
  * Fix problem with handling attached images with same name when using
    database_attachments/redundant_attachments (#7455)
- renamed roundcubemail-1.4.6-config_dir.patch to
  roundcubemail-1.4.7-config_dir.patch

- add http.inc file
  * include one file for php5/php7 admin flags/values

- update to 1.4.6
  * Installer: Fix regression in SMTP test section (#7417)
- renamed roundcubemail-1.4.5-config_dir.patch to
  roundcubemail-1.4.6-config_dir.patch

- update to 1.4.5
  Security fixes
  * Fix XSS issue in template object 'username' (#7406)
  * Fix cross-site scripting (XSS) via malicious XML attachment
  * Fix a couple of XSS issues in Installer (#7406)
  * Better fix for CVE-2020-12641
  Other changes
  * Fix bug in extracting required plugins from composer.json that led
    to spurious error in log (#7364)
  * Fix so the database setup description is compatible with MySQL 8 (#7340)
  * Markasjunk: Fix regression in jsevent driver (#7361)
  * Fix missing flag indication on collapsed thread in Larry and Elastic (#7366)
  * Fix default keyservers (use keys.openpgp.org), add note about CORS (#7373, #7367)
  * Password: Fix issue with Modoboa driver (#7372)
  * Mailvelope: Use sender's address to find pubkeys to check signatures (#7348)
  * Mailvelope: Fix Encrypt button hidden in Elastic (#7353)
  * Fix PHP warning: count(): Parameter must be an array or an object...
    in ID command handler (#7392)
  * Fix error when user-configured skin does not exist anymore (#7271)
  * Elastic: Fix aspect ratio of a contact photo in mail preview (#7339)
  * Fix bug where PDF attachments marked as inline could have not been
    attached on mail forward (#7382)
  * Security: Fix a couple of XSS issues in Installer (#7406)
  * Security: Fix XSS issue in template object 'username' (#7406)
  * Security: Fix cross-site scripting (XSS) via malicious XML attachment
  * Security: Better fix for CVE-2020-12641
- renamed roundcubemail-1.4.4-config_dir.patch to
  roundcubemail-1.4.5-config_dir.patch

- update to 1.4.4
  * Fix bug where attachments with Content-Id were attached to the message on reply (#7122)
  * Fix identity selection on reply when both sender and recipient addresses are included in identities (#7211)
  * Elastic: Fix text selection with Shift+PageUp and Shift+PageDown in plain text editor when using Chrome (#7230)
  * Elastic: Fix recipient input bug when using click to select a contact from autocomplete list (#7231)
  * Elastic: Fix color of a folder with recent messages (#7281)
  * Elastic: Restrict logo size in print view (#7275)
  * Fix invalid Content-Type for messages with only html part and inline images   * Mail_Mime-1.10.7 (#7261)
  * Fix missing contact display name in QR Code data (#7257)
  * Fix so button label in Select image/media dialogs is "Close" not "Cancel" (#7246)
  * Fix regression in testing database schema on MSSQL (#7227)
  * Fix cursor position after inserting a group to a recipient input using autocompletion (#7267)
  * Fix string literals handling in IMAP STATUS (and various other) responses (#7290)
  * Fix bug where multiple images in a message were replaced by the first one on forward/reply/edit (#7293)
  * Fix handling keyservers configured with protocol prefix (#7295)
  * Markasjunk: Fix marking as spam/ham on moving messages with Move menu (#7189)
  * Markasjunk: Fix bug where moving to Junk was failing on messages selected with Select > All (#7206)
  * Fix so imap error message is displayed to the user on folder create/update (#7245)
  * Fix bug where a special folder couldn't be created if a special-use flag is not supported (#7147)
  * Mailvelope: Fix bug where recipients with name were not handled properly in mail compose (#7312)
  * Fix characters encoding in group rename input after group creation/rename (#7330)
  * Fix bug where some message/rfc822 parts could not be attached on forward (#7323)
  * Make install-jsdeps.sh script working without the 'file' program installed (#7325)
  * Fix performance issue of parsing big HTML messages by disabling HTML5 parser for these (#7331)
  * Fix so Print button for PDF attachments works on Firefox >= 75 (#5125)
  * Security: Fix XSS issue in handling of CDATA in HTML messages
  * Security: Fix remote code execution via crafted 'im_convert_path' or 'im_identify_path' settings
  * Security: Fix local file inclusion (and code execution) via crafted 'plugins' option
  * Security: Fix CSRF bypass that could be used to log out an authenticated user (#7302)
- adjusted/renamed roundcubemail-1.4.3-config_dir.patch to
  roundcubemail-1.4.4-config_dir.patch

- update to 1.4.3
  * Enigma: Fix so key list selection is reset when opening key creation form (#7154)
  * Enigma: Fix so using list checkbox selection does not load the key preview frame
  * Enigma: Fix generation of key pairs for identities with IDN domains (#7181)
  * Enigma: Display IDN domains of key users and identities in UTF8
  * Enigma: Fix bug where "Send unencrypted" button didn't work in Elastic skin (#7205)
  * Managesieve: Fix bug where it wasn't possible to save flag actions (#7188)
  * Markasjunk: Fix bug where marking as spam/ham didn't work on moving messages with drag-and-drop (#7137)
  * Password: Make chpass-wrapper.py Python 3 compatible (#7135)
  * Elastic: Fix disappearing sidebar in mail compose after clicking Mail button
  * Elastic: Fix incorrect aria-disabled attribute on Mail taskmenu button in mail compose
  * Elastic: Fix bug where it was possible to switch editor mode when 'htmleditor' was in 'dont_override' (#7143)
  * Elastic: Fix text selection in recipient inputs (#7129)
  * Elastic: Fix missing Close button in "more recipients" dialog
  * Elastic: Fix non-working folder subscription checkbox for newly added folders (#7174)
  * Fix regression where "Open in new window" action didn't work (#7155)
  * Fix PHP Warning: array_filter() expects parameter 1 to be array, null given in subscriptions_option plugin (#7165)
  * Fix unexpected error message when mail refresh involves folder auto-unsubscribe (#6923)
  * Fix recipient duplicates in print-view when the recipient list has been expanded (#7169)
  * Fix bug where files in skins/ directory were listed on skins list (#7180)
  * Fix bug where message parts with no Content-Disposition header and no name were not listed on attachments list (#7117)
  * Fix display issues with mail subject that contains line-breaks (#7191)
  * Fix invalid Content-Transfer-Encoding on multipart messages - Mail_Mime fix (#7170)
  * Fix regression where using an absolute path to SQLite database file on Windows didn't work (#7196)
  * Fix using unix:///path/to/socket.file in memcached driver (#7210)
- adjusted/renamed roundcubemail-1.4.2-config_dir.patch to
  roundcubemail-1.4.3-config_dir.patch

- prefer brotli over gzip if brotli is available:
  + enable mod_brotli in roundcubemail-httpd.conf (after deflate)
  + enable brotli via a2enmod for new installations

- update to 1.4.2:
  * Plugin API: Make actionbefore, before, actionafter and after
    events working with plugin actions (#7106)
  * Managesieve: Replace "Filter disabled" with "Filter enabled" (#7028)
  * Managesieve: Fix so modifier type select wasn't hidden after hiding
    modifier select on header change
  * Managesieve: Fix filter selection after removing a first filter (#7079)
  * Markasjunk: Fix marking more than one message as spam/ham with
    email_learn driver (#7121)
  * Password: Fix kpasswd and smb drivers' double-escaping bug (#7092)
  * Enigma: Add script to import keys from filesystem to the db
    storage (for multihost)
  * Installer: Fix DB Write test on SQLite database
    ("database is locked" error) (#7064)
  * Installer: Fix so SQLite DSN with a relative path to the database
    file works in Installer
  * Elastic: Fix contrast of warning toasts (#7058)
  * Elastic: Simple search in pretty selects (#7072)
  * Elastic: Fix hidden list widget on mobile/tablet when selecting
    folder while search menu is open (#7120)
  * Fix so type attribute on script tags is not used on HTML5 pages (#6975)
  * Fix unread count after purge on a folder that is not currently selected (#7051)
  * Fix bug where Enter key didn't work on messages list in "List" layout (#7052)
  * Fix bug where deleting a saved search in addressbook caused
    display issue on sources/groups list (#7061)
  * Fix bug where a new saved search added after removing all searches
    wasn't added to the list (#7061)
  * Fix bug where a new contact group added after removing all groups
    from addressbook wasn't added to the list
  * Fix so install-jsdeps.sh removes Bootstrap's sourceMappingURL (#7035)
  * Fix so use of Ctrl+A does not scroll the list (#7020)
  * Fix/remove useless keyup event handler on username input in logon form (#6970)
  * Fix bug where cancelling switching from HTML to plain text didn't
    set the flag properly (#7077)
  * Fix bug where HTML reply could add an empty line with extra indentation
    above the original message (#7088)
  * Fix matching multiple X-Forwarded-For addresses with 'proxy_whitelist' (#7107)
  * Fix so displayed maximum attachment size depends also on 'max_message_size' (#7105)
  * Fix bug where 'skins_allowed' option didn't enforce user skin
    preference (#7080)
  * Fix so contact's organization field accepts up to 128 characters
    (it was 50)
  * Fix bug where listing tables in PostgreSQL database with db_prefix
    didn't work (#7093)
  * Fix bug where 'text' attribute on body tag was ignored when
    displaying HTML message (#7109)
  * Fix bug where next message wasn't displayed after delete in List mode (#7096)
  * Fix so number of contacts in a group is not limited to 200 when
    redirecting to mail composer from Contacts (#6972)
  * Fix malformed characters in HTML message with charset meta tag
  not in head (#7116)
- renamed patches:
  - roundcubemail-1.1-beta-config_dir.patch
  + roundcubemail-1.4.2-config_dir.patch

- remove more cruft from the source (like .tavis or .gitignore)
- php documentor is not needed on a productive system -> remove
- also fix /usr/bin/env calls for two vendor scripts
- skins now have some configurable files in their directories:
  move those files over to /etc/roundcubemail/skins/
- move other text files (incl. vendor ones) out of the root
  directory (and handle the LICENSE file a bit different)
- enable mod_filter and add AddOutputFilterByType for common media
  types like html, javascript or xml
- enable php7 on newer openSUSE versions
- enable deflate, expires, filter, headers and setenvif on a new
  installation - do not enable any module in case of an update
- recommend php-imagick for additional features

- Updated dependencies
- Moved LICENCE file to proper directory
- removed travis files
- fixed most of the shell scripts to contain /usr/bin/php

- Upgrade to version 1.4.1:
  * new defaults for smtp_* config options
  * changed default password_charset to UTF-8
  * login page returning 401 Unauthorized status

- Upgrade to version 1.3.6
  * Fix parsing date strings (e.g. from a Date: mail header) with comments
  * Fix PHP 7.2: count(): Parameter must be an array in enchant-based spellchecker
  * Fix possible IMAP command injection and type juggling vulnerabilities
  * Enigma: Fix key selection for signing
  * Enigma: Enable keypair generation on Internet Explorer 11
  * Fix check_request() bypass in places using get_uids() (CVE-2018-9846 boo#1067574)
  * Fix bug where usernames without domain part could be malformed or converted to lower-case on logon

- Upgrade to version 1.3.5
  * Added new skin with mobile support - the Elastic
  * Support Redis cache
  * Improved Mailvelope integration
  - Added private key listing and generating to identity settings
  - Enable encrypt & sign option if Mailvelope supports it
  * Update to jQuery-3.3.1
  * vcard_attachments: Add possibility to send contact vCard from Contacts toolbar (#6080)
  * Add More actions button in Contacts toolbar with Copy/Move actions (#6081)
  * Display an error when clicking disabled link to register protocol handler (#6079)
  * Add option trusted_host_patterns (#6009, #5752)
  * Support SMTPUTF8 and relax email address validation to support unicode in local part (#5120)
  * Support additional connect parameters in PostgreSQL database wrapper
  * Use UI dialogs instead of confirm() and alert() where possible
  * Display value of the SMTP message size limit in the error message (#6032)
  * Skip redundant INSERT query on successful logon when using PHP7
  * Replace display_version with display_product_version (#5904)
  * Extend disabled_actions config so it accepts also button names (#5903)
  * Handle remote stylesheets the same as remote images, ask the user to allow them (#5994)
  * Add Message-ID to the sendmail log (#5871)
  * Managesieve: Add ability to disable filter sets and other actions (#5496, #5898)
  * Managesieve: Add option managesieve_forward to enable settings dialog for simple forwarding (#6021)
  * Managesieve: Support filter action with custom IMAP flags (#6011)
  * Managesieve: Support 'mime' extension tests - RFC5703 (#5832)
  * Managesieve: Support GSSAPI authentication with krb_authentication plugin (#5779)
  * Changed defaults for smtp_user (%u), smtp_pass (%p) and smtp_port (587)
  * Composer: Fix certificate validation errors by using packagist only (#5148)
  * Enigma: Add button to send mail unencrypted if no key was found (#5913)
  * Enigma: Add options to set PGP cipher/digest algorithms (#5645)
  * Enigma: Multi-host support
  * Add --get and --extract arguments and CACHEDIR env-variable support to install-jsdeps.sh (#5882)
  * Update to jquery-minicolors 2.2.6
  * Support _filter and _scope as GET arguments for opening mail UI (#5825)
  * Support for IMAP folders that cannot contain both folders and messages (#5057)
  * Added .user.ini file for php-fpm (#5846)
  * Email Resent (Bounce) feature (#4985)
  * Various improvements for templating engine and skin behaviours
  - Support conditional include
  - Support for 'link' objects
  - Support including files with path relative to templates directory
  - Use <button> instead of <input> for submit button on logon screen
  * Reset onerror on images if placeholder does not exist to prevent from requests storm
  * Unified and simplified code for loading content frame for responses and identities
  * Display contact import and advanced search in popup dialogs
  * Make possible to set (some) config options from a skin
  * Added optional checkbox selection for the list widget
  * Make 'compose' command always enabled
  * Add .log suffix to all log file names, add option log_file_ext to control this (#313)
  * Archive: Fix archiving by sender address on cyrus-imap
  * Archive: Style Archive folder also on folder selector and folder manager lists
  * Archive: Add Thunderbird compatible Month option (#5623)
  * Return "401 Unauthorized" status when login fails (#5663)
  * Support both comma and semicolon as recipient separator, drop recipients_separator option (#5092)
  * Plugin API: Added 'show_bytes' hook (#5001)
  * subscriptions_option: show \\Noselect folders greyed out (#5621)
  * Add option to not indent quoted text on top-posting reply (#5105)
  * Removed global $CONFIG variable
  * Password: Support host variables in password_db_dsn option (#5955)
  * Password: Automatic virtualmin domain setting, removed password_virtualmin_format option (#5759)
  * Support AUTHENTICATE LOGIN for IMAP connections (#5563)
  * Support LDAP GSSAPI authentication (#5703)
  * Allow contacts without an email address (#5079)
  * Localized timezone selector (#4983)
  * Use 7bit encoding for ISO-2022-* charsets in sent mail (#5640)
  * Handle inline images also inside multipart/mixed messages (#5905)
  * Fix bug where attachment size wasn't visible when the filename was too long (#6033)
  * Fix checking table columns when there's more schemas/databases in postgres/mysql (#6047)
  * Fix css conflicts in user interface and e-mail content (#5891)
  * Fix duplicated signature when using Back button in Chrome (#5809)
  * Fix touch event issue on messages list in IE/Edge (#5781)
  * Fix so links over images are not removed in plain text signatures converted from HTML (#4473)
  * Fix various issues when downloading files with names containing non-ascii chars, use RFC 2231 (#5772)
  * Managesieve: Fix bug where text: syntax was forced for strings longer than 1024 characters (#6143)
  * Managesieve: Fix missing Save button in Edit Filter Set page of Classic skin (#6154)
  * Fix duplicated labels in Test SMTP Config section (#6166)
  * Fix PHP Warning: exif_read_data(...): Illegal IFD size (#6169)
  * Enigma: Fix key generation in Safari by upgrade to OpenPGP 2.6.2 (#6149)
  * Fix security issue in remote content blocking on HTML image and style tags (#6178)
  * Added 9pt and 11pt to the list of font sizes in HTML editor
  * Fix handling encoding of HTML tags in "inline" JSON output (#6207)
  * Fix bug where some unix timestamps were not handled correctly by rcube_utils::anytodatetime() (#6212)

- fix rights for enigma plugin

- Trim bias from description.
- Replace %__-type macro indirections.
- Avoid bashisms in build logic.

- Upgrade to version 1.3.4
- RELEASE 1.3.4
  * Fix bug where contacts search could skip some records (#6130)
  * Fix possible information leak - add more strict sql error check on user creation (#6125)
  * Fix a couple of warnings on PHP 7.2 (#6098)
  * Fix broken long filenames when using imap4d server - workaround server bug (#6048)
  * Fix so temp_dir misconfiguration prints an error to the log (#6045)
  * Fix untagged COPYUID responses handling - again (#5982)
  * Fix PHP warning "idn_to_utf8(): INTL_IDNA_VARIANT_2003 is deprecated" with PHP 7.2 (#6075)
  * Fix bug where Archive folder wasn't auto-created on login with create_default_folders=true
  * Fix performance issue when parsing malformed and long Date header (#6087)
  * Fix syntax error in mssql.initial.sql (#6097)
  * Fix bug where contacts export by selection returned no more than 10 entries (#6103)
  * Fix searching contacts by address in LDAP source (#6084)
  * Fix X-Frame-Options:ALLOW-FROM support, remove custom click-jacking protection (#6057)
- RELEASE 1.3.3
  * Fix decoding of mailto: links with + character in HTML messages (#6020)
  * Fix false reporting of failed upgrade in installto.sh (#6019)
  * Fix file disclosure vulnerability caused by insufficient input validation [CVE-2017-16651] (#6026)
  * Fix mangled non-ASCII characters in links in HTML messages (#6028)
- RELEASE 1.3.2
  * Fix bug where pink image was used instead of a thumbnail when image resize fails (#5933)
  * Fix so files size/count limit is verified (client-side) also on drag-n-drop uploads (#5940)
  * Fix invalid template loading on a message error in preview frame (#5941)
  * Fix bug where HTML messages could have been rendered empty on some systems (#5957)
  * Fix wording of "Mark previewed messages as read" to "Mark messages as read" (#5952)
  * Enigma: Fix decryption of messages encoded with non-ascii charset (#5962)
  * Fix missing cursor in HTML editor on mail reply (#5969)
  * Fix (again) bug where image data URIs in css style were treated as evil/remote in mail preview (#5580)
  * Fix bug where mail search could return empty result on servers without SORT capability (#5973)
  * Fix bug where assets_path wasn't added to some watermark frames
  * Fix so untagged COPYUID responses are also supported according to RFC6851 (#5982)
  * Fix issue caused by non-default session.cookie_lifetime setting (#5961)
  * Fix Edge encoding bug when pasting text into the HTML editor, update to TinyMCE 4.5.8 (#5885)
  * Fix handling of unknown Content-Disposition type (#6002)
  * Fix truncated folder name on messages list in multi-folder mode, for folders with non-ascii characters (#6004)
  * Fix bug where removing the last subfolder did not hide toggle button on its parent record (#6007)
  * Fix bug where ghost messages could be added to the list after fast delete (#5941)
- RELEASE 1.3.1
  * Add Preferences > Mailbox View > Main Options > Layout (#5829)
  * Password: Fix compatibility with PHP 7+ in cpanel_webmail driver (#5820)
  * Managesieve: Fix parsing dot-staffed lines in multiline text (#5838)
  * Managesieve: Fix AM/PM suffix in vacation time selectors
  * Managesieve: Fix bug where 'exists' operator was reset to 'contains' (#5899)
  * Remove non-printable characters from filenames on download/display (#5880)
  * Fix decoding non-ascii attachment names from TNEF attachments (#5646, #5799)
  * Fix uninitialized string offset in rcube_utils::bin2ascii() and make sure rcube_utils::random_bytes() result has always requested length (#5788)
  * Fix bug where HTML messages with @media styles could moddify style of page body (#5811)
  * Fix style issue on selected and unfocused message that is part of a thread (#5798)
  * Fix bug where a.button style from managesieve plugin could impact other elements (#5800)
  * Fix position of selected icon for (Mailvelope) Encrypt button
  * Fix fatal error when using DMY- or MDY-based date format in PostgreSQL (#5808)
  * Fix bug where errors were not printed when using bin/update.sh (#5834)
  * Fix PHP 7.2 warnings on count() use (#5845)
  * Fix bug where Chrome could not upload the same file that was selected before (#5854)
  * Fix duplicate messages on the list after deleting messages on the next to the last page (#5862)
  * Fix bug where messages count was not updated after delete when imap_cache is set (#5872)
  * Fix potential XSS vulnerability with malformed HTML message markup
  * Fix sending message with "Too many public recipients" dialog buttons (#5924)
  * Bring back double-click behavior on the message list which was removed in 1.3.0 (#5823)
  * Enigma: Fix decrypting an encrypted+signed message when signature verification fails (#5914)
- RELEASE 1.3.0
  * Update to TinyMCE 4.5.7
  * Fix bug where invalid recipients could be silently discarded (#5739)
  * Fix conflict with _gid cookie of Google Analytics (#5748)
  * Print error from CLI scripts when system/exec function is disabled (#5744)
  * Fix bug where comment notation within style tag would cause the whole style to be ignored (#5747)
  * Fix bug where it wasn't possible to scroll folders list in Edge (#5750)
  * Fix folders list sorting on Windows - if php-intl is available (#5732)
  * Fix addressbook searching by gender (#5757)
  * Fix prevention from using % and * characters in folder name (#5762)
  * Fix POST parameter reflection in default_charset selector (#5768)
  * Enigma: Fix compatibility with assets_dir
  * Managesieve: Skip redundant LISTSCRIPTS command
  * Fix SQL syntax error on MariaDB 10.2 (#5774)
  * Fix bug where zipdownload ignored files with the same name (#5777)
  * Fix bug where it wasn't possible to set timezone to auto-detected value (#5782)
- Build roundcube correcty for both php5 and php7

- Update to 1.2.7:
  + Fix file disclosure vulnerability caused by insufficient
    input validation (CVE-2017-16651; boo#1067574)

- Update to 1.2.6
  * Don't ignore (global) userlogins/sendmail logging in per_user_logging mode
  * Enigma: Fix compatibility with assets_dir
  * Managesieve: Fix AM/PM suffix in vacation time selectors
  * Fix bug where comment notation within style tag would cause the whole style to be ignored (#5747)
  * Fix bug where it wasn't possible to scroll folders list in Edge (#5750)
  * Fix addressbook searching by gender (#5757)
  * Fix SQL syntax error on MariaDB 10.2 (#5774)
  * Fix bug where it wasn't possible to set timezone to auto-detected value (#5782)
  * Fix uninitialized string offset in rcube_utils::bin2ascii() and make sure rcube_utils::random_bytes() result has always requested length (#5788)
  * Fix potential XSS vulnerability with malformed HTML message markup

- fix for boo#1050980
  * php-mcrypt will be removed with php >= 7.2
  * anyway not a dependency anymore since roundcube version 1.2

- Update to 1.2.5 which fixes vulnerability in the virtualmin and
  sasl drivers of the password plugin (CVE-2017-8114, bsc#1036955)

- Update to 1.2.4 [boo#1029035]
  - Managesieve: Fix handling of scripts with nested rules (#5540)
  - Managesieve: Fix parser issue with empty lines between comments (#5657)
  - Managesieve: Fix possible defect in handling \r\n in scripts (#5685)
  - Enigma: Fix handling of messages with nested PGP encrypted parts (#5634)
  - Enigma: Fix PHP fatal error when decrypting a message with invalid signature (#5555)
  - Enigma: Fix missing require statement for Crypt_GPG_KeyGenerator (#5641)
  - Fix variable substitution in ldap host for some use-cases, e.g. new_user_identity (#5544)
  - Fix adding images to new identity signatures
  - Fix rsync error handling in installto.sh script (#5562)
  - Fix some advanced search issues with multiple addressbooks (#5572)
  - Fix so group/addressbook selection is retained on page refresh
  - Fix bug where image data URIs in css style were treated as evil/remote in mail preview (#5580)
  - Fix bug where external content in src attribute of input/video tags was not secured (#5583)
  - Fix PHP error on update of a contact with multiple email addresses when using PHP 7.1 (#5587)
  - Fix bug where mail content frame couldn't be reset in some corner cases (#5608)
  - Fix bug where some classic skin images were not displayed in IE/Edge (#5614)
  - Fix bug where signature couldn't be added above the quote in Firefox 51 (#5628)
  - Fix regression where groups with email address were resolved to its members' addresses
  - Fix update of group name in the contacts list header on group rename (#5648)
  - Add rewrite rule to disable access to /vendor/bin folder in .htaccess (#5630)
  - Fix bug where it was too easy accidentally move a folder when using the subscription checkbox (#5655)
  - Fix XSS issue in handling of a style tag inside of an svg element [CVE-2017-6820]

- Update to 1.2.3 [boo#1012493]
  - Searching in both contacts and groups when LDAP addressbook with group_filters option is used
  - Fix vulnerability in handling of mail()'s 5th argument [boo#1012493]
  - Fix To: header encoding in mail sent with mail() method (#5475)
  - Fix flickering of header topline in min-mode (#5426)
  - Fix bug where folders list would scroll to top when clicking on subscription checkbox (#5447)
  - Fix decoding of GB2312/GBK text when iconv is not installed (#5448)
  - Fix regression where creation of default folders wasn't functioning without prefix (#5460)
  - Enigma: Fix bug where last records on keys list were hidden (#5461)
  - Enigma: Fix key search with keyword containing non-ascii characters (#5459)
  - Fix bug where deleting folders with subfolders could fail in some cases (#5466)
  - Fix bug where IMAP password could be exposed via error message (#5472)
  - Fix bug where it wasn't possible to store more that 2MB objects in memcache/apc, Added memcache_max_allowed_packet and apc_max_allowed_packet settings (#5452)
  - Fix "Illegal string offset" warning in rcube::log_bug() on PHP 7.1 (#5508)
  - Fix storing "empty" values in rcube_cache/rcube_cache_shared (#5519)
  - Fix missing content check when image resize fails on attachment thumbnail generation (#5485)
  - Fix displaying attached images with wrong Content-Type specified (#5527)

- verify source signature

- Update to 1.2.2 [boo#1001856]
  - Enigma: Add possibility to configure gpg-agent binary location (enigma_pgp_agent)
  - Enigma: Fix signature verification with some IMAP servers, e.g. Gmail, DBMail (#5371)
  - Enigma: Make recipient key searches case-insensitive (#5434)
  - Fix regression in resizing JPEG images with Imagick (#5376)
  - Managesieve: Fix parsing of vacation date-time with non-default date_format (#5372)
  - Use SymLinksIfOwnerMatch in .htaccess instead of FollowSymLinks disabled on some hosts for security reasons (#5370)
  - Wash position:fixed style in HTML mail for better security (#5264) [boo#1001856]
  - Fix bug where memcache_debug didn't work for session operations
  - Fix bug where Message-ID domain part was tied to username instead of current identity (#5385)
  - Fix bug where blocked.gif couldn't be attached to reply/forward with insecure content
  - Fix E_DEPRECATED warning when using Auth_SASL::factory() (#5401)
  - Fix bug where names of downloaded files could be malformed when derived from the message subject (#5404)
  - Fix so "All" messages selection is resetted on search reset (#5413)
  - Fix bug where folder creation could fail if personal namespace contained more than one entry (#5403)
  - Fix error causing empty INBOX listing in Firefox when using an URL with user:password specified (#5400)
  - Fix PHP warning when handling shared namespace with empty prefix (#5420)
  - Fix so folders list is scrolled to the selected folder on page load (#5424)
  - Fix so when moving to Trash we make sure the folder exists (#5192)
  - Fix displaying size of attachments with zero size
  - Fix so "Action disabled" error uses more appropriate 404 code (#5440)

- Update to 1.2.1
  - Update TinyMCE to version 4.3.13 (#5309)
  - Fix bug where errors could have been not logged when per_user_logging=true
  - Fix bug where message list columns could be in wrong order after column drag-n-drop and list sorting
  - Fix so minified publickey.js (with cache-buster) is used when available (#5254)
  - Fix (replace) application/x-tar file extension test as it might not exist in nginx config (#5253)
  - Fix PHP warning when password_hosts is set, but is not an array (#5260)
  - Fix redundant keep-alive requests when session_lifetime is greater than ~20000 (#5273)
  - Fix so subfolders of INBOX can be set as Archive (#5274)
  - Fix bug where multi-folder search could choose a wrong folder in "this and subfolders" scope (#5282)
  - Fix bug where multi-folder search didn't work for unsubscribed INBOX (#5259)
  - Fix bug where "no body" alert could be displayed when sending mailvelope email
  - Enigma: Fix keys import from inside of an encrypted message (#5285)
  - Enigma: Fix malformed signed messages with force_7bit=true (#5292)
  - Enigma: Add possibility to configure gpg binary location (enigma_pgp_binary)
  - Enigma: Add possibility to export private keys (#5321)
  - Fix searching by email address in contacts with multiple addresses (#5291)
  - Fix handling of --delete argument in moduserprefs.sh script (#5296)
  - Workaround PHP issue by calling closelog() on script shutdown when using log_driver=syslog (#5289)
  - Fix so upgrade script makes sure program/lib directory does not contain old libraries (#5287)
  - Fix subscription checkbox state on error in folder subscribe/unsubscribe action (#5243)
  - Fix bug where microsecond format in logged date didn't work in some cases
  - Fix conflict in new_user_dialog and password_force_new_user settings (#5275)
  - Don't create multipart/alternative messages with empty text/plain part (#5283)
  - Use contact_search_name format in popup on results in compose contacts search
  - Fix handling of 'mailto' and 'error' arguments in message_before_send hook (#5347)
  - Fix missing localization of HTML editor when assets_dir != INSTALL_PATH
  - Fix handling of blockquote tags with mixed case on html2text conversion (#5363)
  - Fix javascript errors in IE on page with iframe that points to another domain

- update to version 1.2.0 [boo#982003] [CVE-2016-5103]
    PHP7 compatibility
    PGP encryption
    Drag-n-drop attachments from mail preview to compose window
    Mail messages searching with predefined date interval
    Improved security measures to protect from brute-force attacks
    And of course plenty of small improvements and bug fixes.

- Update to 1.1.5
    Plugin API: Add html2text hook
    Plugin API: Added addressbook_export hook
    Fix missing emoticons on html-to-text conversion
    Fix random "access to this resource is secured against CSRF" message at logout (#4956)
    Fix missing language name in "Add to Dictionary" request in HTML mode (#4951)
    Enable use of TLSv1.1 and TLSv1.2 for IMAP (#4955)
    Fix XSS issue in SVG images handling (#4949)
    Fix (again) security issue in DBMail driver of password plugin CVE-2015-2181
    Fix bug where Archive/Junk buttons were not active after page jump with select=all mode (#4961)
    Fix bug in long recipients list parsing for cases where recipient name contained @-char (#4964)
    Fix additional_message_headers plugin compatibility with Mail_Mime >= 1.9 (#4966)
    Hide DSN option in Preferences when smtp_server is not used (#4967)
    Protect download urls against CSRF using unique request tokens (#4957)
    newmail_notifier: Refactor desktop notifications
    Fix so contactlist_fields option can be set via config file
    Fix so SPECIAL-USE assignments are forced only until user sets special folders (#4782)
    Fix performance in reverting order of THREAD result
    Fix converting mail addresses with @www. into mailto links (#5197)

- Added "Suggests:" for apache2

- Changed apache2 config

- Update to 1.1.4
    Add workaround for ?https://bugs.php.net/bug.php?id=70757 (#1490582)
    Fix duplicate messages in list and wrong count after delete (#1490572)
    Fix so Installer requires PHP5
    Make brute force attacks harder by re-generating security token on every failed login (#1490549)
    Slow down brute-force attacks by waiting for a second after failed login (#1490549)
    Fix .htaccess rewrite rules to not block .well-known URIs (#1490615)
    Fix mail view scaling on iOS (#1490551)
    Fix so database_attachments::cleanup() does not remove attachments from other sessions (#1490542)
    Fix responses list update issue after response name change (#1490555)
    Fix bug where message preview was unintentionally reset on check-recent action (#1490563)
    Fix bug where HTML messages with invalid/excessive css styles couldn't be displayed (#1490539)
    Fix redundant blank lines when using HTML and top posting (#1490576)
    Fix redundant blank lines on start of text after html to text conversion (#1490577)
    Fix HTML sanitizer to skip <!-- node type X --> in output (#1490583)
    Fix invalid LDAP query in ACL user autocompletion (#1490591)
    Fix regression in displaying contents of message/rfc822 parts (#1490606)
    Fix handling of message/rfc822 attachments on replies and forwards (#1490607)
    Fix PDF support detection in Firefox > 19 (#1490610)
    Fix path traversal vulnerability (CWE-22) in setting a skin (#1490620) [CVE-2015-8770] [bnc#962067]
    Fix so drag-n-drop of text (e.g. recipient addresses) on compose page actually works (#1490619)
- explicitely add required PHP packages (according to INSTALL):
  + php-dom, php-json, php-sockets
- also recommend additional PHP packages:
  + php-zip, php-pear-Crypt_GPG
- use generic php- prefix also for recommended packages (no explicit php5-)
- no Dockerfile readme any more

- Changed roundcubemail-httpd.conf
- Enable mod_version.c per default [boo#938840]

- Upgrade to version 1.3.16
  This is a security update to the LTS version 1.3.
  It fixes a recently reported stored cross-site scripting (XSS)
  vulnerability via HTML or plain text messages with malicious content.
  References:
  [CVE-2020-18670]: boo#1187707
  [CVE-2020-18671]: boo#1187706
  [CVE-2020-35730]: boo#1180399

- update to 1.4.10:
  * Stored cross-site scripting (XSS) via HTML or plain text messages
    with malicious content ( CVE-2020-35730 boo#1180399 )
  * Fix extra angle brackets in In-Reply-To header derived from mailto: params (#7655)
  * Fix folder list issue when special folder is a subfolder (#7647)
  * Fix Elastic's folder subscription toggle in search result (#7653)
  * Fix state of subscription toggle on folders list after changing
    folder state from the search result (#7653)
  * Security: Fix cross-site scripting (XSS) via HTML or plain text
    messages with malicious content

- finally renamed roundcubemail-1.4.8-config_dir.patch to
  roundcubemail-config_dir.patch to avoid additional roundtrip
  times with each submission:
  + removed roundcubemail-1.4.7-config_dir.patch
  + added  roundcubemail-config_dir.patch