pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/mail/squirrelmail Updated squirrelmail to 1.4.6
details: https://anonhg.NetBSD.org/pkgsrc/rev/ca08e36f2ae1
branches: trunk
changeset: 508871:ca08e36f2ae1
user: martti <martti%pkgsrc.org@localhost>
date: Mon Feb 27 07:12:13 2006 +0000
description:
Updated squirrelmail to 1.4.6
This release is very important, and we strongly advise everybody to
update to the latest release.
Security Update
===============
This version contains a number of security updates that were brought
to our attention via a number of sources.
- In webmail.php, the right_frame parameter was not properly sanitized
to deal with very lenient browsers, which allowed for cross site
scripting or frame replacing. [CVE-2006-0188]
- In the MagicHTML function, some very obscure constructs were
discovered to be exploitable: 'u\rl' was interpreted as 'url' (privacy
concern), and comments could be inside keywords (allows for cross site
scripting). Both only affect Internet Explorer users. Found by Martijn
Brinkers and Scott Hughes. [CVE-2006-0195]
- The function sqimap_mailbox_select did not strip newlines from the
mailbox parameter, and thereby allowed for IMAP command injection.
Found by Vicente Aguilera. [CVE-2006-0377]
diffstat:
mail/squirrelmail/Makefile | 6 +++---
mail/squirrelmail/PLIST | 19 ++++++++++++++++++-
mail/squirrelmail/buildlink3.mk | 6 +++---
mail/squirrelmail/distinfo | 15 ++++-----------
mail/squirrelmail/patches/patch-ab | 16 ----------------
mail/squirrelmail/patches/patch-ac | 23 -----------------------
mail/squirrelmail/patches/patch-ad | 16 ----------------
mail/squirrelmail/patches/patch-ae | 32 --------------------------------
mail/squirrelmail/patches/patch-af | 17 -----------------
mail/squirrelmail/patches/patch-ag | 13 -------------
mail/squirrelmail/patches/patch-ah | 13 -------------
11 files changed, 28 insertions(+), 148 deletions(-)
diffs (truncated from 330 to 300 lines):
diff -r 8321e111816c -r ca08e36f2ae1 mail/squirrelmail/Makefile
--- a/mail/squirrelmail/Makefile Mon Feb 27 07:10:59 2006 +0000
+++ b/mail/squirrelmail/Makefile Mon Feb 27 07:12:13 2006 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.68 2006/02/17 07:04:25 martti Exp $
+# $NetBSD: Makefile,v 1.69 2006/02/27 07:12:13 martti Exp $
-DISTNAME= squirrelmail-1.4.5
-PKGREVISION= 5
+DISTNAME= squirrelmail-1.4.6
+#PKGREVISION= 1
CATEGORIES= mail www
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=squirrelmail/}
EXTRACT_SUFX= .tar.bz2
diff -r 8321e111816c -r ca08e36f2ae1 mail/squirrelmail/PLIST
--- a/mail/squirrelmail/PLIST Mon Feb 27 07:10:59 2006 +0000
+++ b/mail/squirrelmail/PLIST Mon Feb 27 07:12:13 2006 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.16 2005/07/18 07:04:27 martti Exp $
+@comment $NetBSD: PLIST,v 1.17 2006/02/27 07:12:13 martti Exp $
share/examples/squirrelmail/squirrelmail.conf
share/squirrelmail/AUTHORS
share/squirrelmail/COPYING
@@ -13,6 +13,7 @@
share/squirrelmail/class/deliver/Deliver_SendMail.class.php
share/squirrelmail/class/deliver/index.php
share/squirrelmail/class/helper/VCard.class.php
+share/squirrelmail/class/helper/index.php
share/squirrelmail/class/html.class.php
share/squirrelmail/class/index.php
share/squirrelmail/class/mime.class.php
@@ -63,12 +64,14 @@
share/squirrelmail/doc/ReleaseNotes/1.4/Notes-1.4.3.txt
share/squirrelmail/doc/ReleaseNotes/1.4/Notes-1.4.3a.txt
share/squirrelmail/doc/ReleaseNotes/1.4/Notes-1.4.4.txt
+share/squirrelmail/doc/ReleaseNotes/1.4/Notes-1.4.5.txt
share/squirrelmail/doc/authentication.txt
share/squirrelmail/doc/db-backend.txt
share/squirrelmail/doc/ie_ssl.txt
share/squirrelmail/doc/index.html
share/squirrelmail/doc/presets.txt
share/squirrelmail/doc/russian_apache.txt
+share/squirrelmail/doc/security.txt
share/squirrelmail/doc/themes.txt
share/squirrelmail/doc/translating.txt
share/squirrelmail/doc/translating_help.txt
@@ -92,6 +95,7 @@
share/squirrelmail/functions/decode/cp1258.php
share/squirrelmail/functions/decode/cp855.php
share/squirrelmail/functions/decode/cp866.php
+share/squirrelmail/functions/decode/index.php
share/squirrelmail/functions/decode/iso_8859_1.php
share/squirrelmail/functions/decode/iso_8859_10.php
share/squirrelmail/functions/decode/iso_8859_11.php
@@ -118,6 +122,7 @@
share/squirrelmail/functions/encode/cp1251.php
share/squirrelmail/functions/encode/cp1255.php
share/squirrelmail/functions/encode/cp1256.php
+share/squirrelmail/functions/encode/index.php
share/squirrelmail/functions/encode/iso_8859_1.php
share/squirrelmail/functions/encode/iso_8859_15.php
share/squirrelmail/functions/encode/iso_8859_2.php
@@ -188,6 +193,7 @@
share/squirrelmail/locale/timezones.cfg
share/squirrelmail/plugins/README.plugins
share/squirrelmail/plugins/abook_take/README
+share/squirrelmail/plugins/abook_take/index.php
share/squirrelmail/plugins/abook_take/setup.php
share/squirrelmail/plugins/abook_take/take.php
share/squirrelmail/plugins/administrator/INSTALL
@@ -222,12 +228,14 @@
share/squirrelmail/plugins/filters/bulkquery/bq.in
share/squirrelmail/plugins/filters/bulkquery/bq.out
share/squirrelmail/plugins/filters/bulkquery/bulkquery.c
+share/squirrelmail/plugins/filters/bulkquery/index.php
share/squirrelmail/plugins/filters/filters.php
share/squirrelmail/plugins/filters/index.php
share/squirrelmail/plugins/filters/options.php
share/squirrelmail/plugins/filters/setup.php
share/squirrelmail/plugins/filters/spamoptions.php
share/squirrelmail/plugins/fortune/INSTALL
+share/squirrelmail/plugins/fortune/index.php
share/squirrelmail/plugins/fortune/setup.php
share/squirrelmail/plugins/index.php
share/squirrelmail/plugins/info/README
@@ -247,6 +255,7 @@
share/squirrelmail/plugins/mail_fetch/options.php
share/squirrelmail/plugins/mail_fetch/setup.php
share/squirrelmail/plugins/make_archive.pl
+share/squirrelmail/plugins/message_details/index.php
share/squirrelmail/plugins/message_details/message_details_bottom.php
share/squirrelmail/plugins/message_details/message_details_main.php
share/squirrelmail/plugins/message_details/message_details_top.php
@@ -261,6 +270,7 @@
share/squirrelmail/plugins/newmail/sounds/Friends.wav
share/squirrelmail/plugins/newmail/sounds/MontyPython.wav
share/squirrelmail/plugins/newmail/sounds/Notify.wav
+share/squirrelmail/plugins/newmail/sounds/index.php
share/squirrelmail/plugins/newmail/testsound.php
share/squirrelmail/plugins/sent_subfolders/index.php
share/squirrelmail/plugins/sent_subfolders/setup.php
@@ -357,11 +367,13 @@
share/squirrelmail/themes/black_bean_burrito_theme.php
share/squirrelmail/themes/blue_grey_theme.php
share/squirrelmail/themes/bluesnews_theme.php
+share/squirrelmail/themes/bluesome.php
share/squirrelmail/themes/bluesteel_theme.php
share/squirrelmail/themes/christmas.php
share/squirrelmail/themes/css/comic-sans-08.css
share/squirrelmail/themes/css/comic-sans-10.css
share/squirrelmail/themes/css/comic-sans-12.css
+share/squirrelmail/themes/css/index.php
share/squirrelmail/themes/css/sans-08.css
share/squirrelmail/themes/css/sans-10.css
share/squirrelmail/themes/css/sans-12.css
@@ -402,10 +414,15 @@
share/squirrelmail/themes/seaspray_theme.php
share/squirrelmail/themes/servery_theme.php
share/squirrelmail/themes/shades_of_grey.php
+share/squirrelmail/themes/silver_steel_theme.php
+share/squirrelmail/themes/simple_green2.php
+share/squirrelmail/themes/simple_green_theme.php
+share/squirrelmail/themes/simple_purple.php
share/squirrelmail/themes/slashdot_theme.php
share/squirrelmail/themes/spice_of_life.php
share/squirrelmail/themes/spice_of_life_dark.php
share/squirrelmail/themes/spice_of_life_lite.php
+share/squirrelmail/themes/wood_theme.php
@dirrm share/squirrelmail/themes/css
@dirrm share/squirrelmail/themes
@dirrm share/squirrelmail/src
diff -r 8321e111816c -r ca08e36f2ae1 mail/squirrelmail/buildlink3.mk
--- a/mail/squirrelmail/buildlink3.mk Mon Feb 27 07:10:59 2006 +0000
+++ b/mail/squirrelmail/buildlink3.mk Mon Feb 27 07:12:13 2006 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.6 2006/02/17 07:04:25 martti Exp $
+# $NetBSD: buildlink3.mk,v 1.7 2006/02/27 07:12:13 martti Exp $
BUILDLINK_DEPTH:= ${BUILDLINK_DEPTH}+
SQUIRRELMAIL_BUILDLINK3_MK:= ${SQUIRRELMAIL_BUILDLINK3_MK}+
@@ -11,8 +11,8 @@
BUILDLINK_PACKAGES+= squirrelmail
.if !empty(SQUIRRELMAIL_BUILDLINK3_MK:M+)
-BUILDLINK_DEPENDS.squirrelmail+= {ja-,}squirrelmail>=1.4.5
-BUILDLINK_RECOMMENDED.squirrelmail?= squirrelmail>=1.4.5nb5
+BUILDLINK_DEPENDS.squirrelmail+= {ja-,}squirrelmail>=1.4.6
+BUILDLINK_RECOMMENDED.squirrelmail?= squirrelmail>=1.4.6
BUILDLINK_PKGSRCDIR.squirrelmail?= ../../mail/squirrelmail
.endif # SQUIRRELMAIL_BUILDLINK3_MK
diff -r 8321e111816c -r ca08e36f2ae1 mail/squirrelmail/distinfo
--- a/mail/squirrelmail/distinfo Mon Feb 27 07:10:59 2006 +0000
+++ b/mail/squirrelmail/distinfo Mon Feb 27 07:12:13 2006 +0000
@@ -1,13 +1,6 @@
-$NetBSD: distinfo,v 1.29 2005/12/05 20:13:38 martti Exp $
+$NetBSD: distinfo,v 1.30 2006/02/27 07:12:13 martti Exp $
-SHA1 (squirrelmail-1.4.5.tar.bz2) = 48c93dd99b72b73a3ea48311152bcbc40af5cabb
-RMD160 (squirrelmail-1.4.5.tar.bz2) = 6f748e483ea1c3c94eeb849ce11a3afd90c499a0
-Size (squirrelmail-1.4.5.tar.bz2) = 480226 bytes
+SHA1 (squirrelmail-1.4.6.tar.bz2) = b813aa9f736b4b6c41d1afd35bcbd01604e85cf7
+RMD160 (squirrelmail-1.4.6.tar.bz2) = 3cee894b392620af3e35ef1d00e35775559dd4f7
+Size (squirrelmail-1.4.6.tar.bz2) = 484099 bytes
SHA1 (patch-aa) = cafc171ab1de5e2e1e83caff39f3bfb810fe2ab5
-SHA1 (patch-ab) = c101e77938a3c2c6cf62b62a79a63125d44dda32
-SHA1 (patch-ac) = 7d3c742e8694fb051ada1d11d1624b199d61cf5b
-SHA1 (patch-ad) = 1db2f3d91e059a26ba41e638b7fba134fb7fa1ca
-SHA1 (patch-ae) = 45578c696d9e0ff48928e81228982e5d40c86919
-SHA1 (patch-af) = 96bb58143a83b6bbeb5477fdcd470895ccae202b
-SHA1 (patch-ag) = a9cd5b779468ca7f1361c72207bbb550cd9748e3
-SHA1 (patch-ah) = 073dfa9544b8dd9ec91c4a8cba5e5b6c710e284f
diff -r 8321e111816c -r ca08e36f2ae1 mail/squirrelmail/patches/patch-ab
--- a/mail/squirrelmail/patches/patch-ab Mon Feb 27 07:10:59 2006 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,16 +0,0 @@
-$NetBSD: patch-ab,v 1.10 2005/09/20 13:19:05 schmonz Exp $
-
---- class/mime/Rfc822Header.class.php.orig 2005-02-06 19:33:29.000000000 -0500
-+++ class/mime/Rfc822Header.class.php
-@@ -505,8 +505,9 @@ class Rfc822Header {
- * functions/imap_messages. I'm not sure if it's ok here to call
- * that function?
- */
-- function parsePriority($value) {
-- $value = strtolower(array_shift(split('/\w/',trim($value))));
-+ function parsePriority($sValue) {
-+ $aValue = split('/\w/',trim($sValue));
-+ $value = strtolower(array_shift($aValue));
- if ( is_numeric($value) ) {
- return $value;
- }
diff -r 8321e111816c -r ca08e36f2ae1 mail/squirrelmail/patches/patch-ac
--- a/mail/squirrelmail/patches/patch-ac Mon Feb 27 07:10:59 2006 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,23 +0,0 @@
-$NetBSD: patch-ac,v 1.1 2005/09/20 13:19:05 schmonz Exp $
-
---- functions/imap_messages.php.orig 2005-04-16 13:45:38.000000000 -0400
-+++ functions/imap_messages.php
-@@ -476,8 +476,9 @@ function parseArray($read,&$i) {
- * NOTE: this is actually a duplicate from the function in
- * class/mime/Rfc822Header.php.
- */
--function parsePriority($value) {
-- $value = strtolower(array_shift(split('/\w/',trim($value))));
-+function parsePriority($sValue) {
-+ $aValue=split('/\w/',trim($sValue));
-+ $value = strtolower(array_shift($aValue));
- if ( is_numeric($value) ) {
- return $value;
- }
-@@ -915,4 +916,4 @@ function sqimap_get_small_header($imap_s
- return $res[0];
- }
-
--?>
-\ No newline at end of file
-+?>
diff -r 8321e111816c -r ca08e36f2ae1 mail/squirrelmail/patches/patch-ad
--- a/mail/squirrelmail/patches/patch-ad Mon Feb 27 07:10:59 2006 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,16 +0,0 @@
-$NetBSD: patch-ad,v 1.1 2005/09/20 13:19:05 schmonz Exp $
-
---- plugins/listcommands/setup.php.orig 2005-02-28 05:20:12.000000000 -0500
-+++ plugins/listcommands/setup.php
-@@ -51,8 +51,9 @@ function plugin_listcommands_menu() {
- }
-
- /* proto = {mailto,href} */
-- $proto = array_shift(array_keys($actions));
-- $act = array_shift($actions);
-+ $aActionKeys = array_keys($actions);
-+ $proto = array_shift($aActionKeys);
-+ $act = array_shift($aActionKeys);
-
- if ($proto == 'mailto') {
-
diff -r 8321e111816c -r ca08e36f2ae1 mail/squirrelmail/patches/patch-ae
--- a/mail/squirrelmail/patches/patch-ae Mon Feb 27 07:10:59 2006 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,32 +0,0 @@
-$NetBSD: patch-ae,v 1.1 2005/09/20 13:19:05 schmonz Exp $
-
---- src/configtest.php.orig 2005-05-20 14:43:39.000000000 -0400
-+++ src/configtest.php
-@@ -314,7 +314,7 @@ if (function_exists('recode')) {
- echo "$IND iconv - ";
- if (function_exists('iconv')) {
- echo "Iconv functions are available.<br />\n";
--} elseif ($use_php_iconv) {
-+} elseif (isset($use_php_iconv) && $use_php_iconv) {
- echo "Iconv functions are unavailable.<br />\n";
- do_err('Your configuration requires iconv support, but iconv support is missing.');
- } else {
-@@ -365,7 +365,8 @@ if(!empty($addrbook_dsn) || !empty($pref
- }
-
- foreach($dsns as $type => $dsn) {
-- $dbtype = array_shift(explode(':', $dsn));
-+ $aDsn = explode(':', $dsn);
-+ $dbtype = array_shift($aDsn);
- if(isset($db_functions[$dbtype]) && function_exists($db_functions[$dbtype])) {
- echo "$IND$dbtype database support present.<br />\n";
-
-@@ -380,7 +381,7 @@ if(!empty($addrbook_dsn) || !empty($pref
- echo "$IND$type database connect successful.<br />\n";
-
- } else {
-- do_err($db.' database support not present!');
-+ do_err($dbtype.' database support not present!');
- }
- }
- } else {
diff -r 8321e111816c -r ca08e36f2ae1 mail/squirrelmail/patches/patch-af
--- a/mail/squirrelmail/patches/patch-af Mon Feb 27 07:10:59 2006 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,17 +0,0 @@
-$NetBSD: patch-af,v 1.1 2005/09/20 13:19:05 schmonz Exp $
-
---- src/search.php.orig 2005-06-22 03:05:59.000000000 -0400
-+++ src/search.php
-@@ -297,7 +297,11 @@ echo html_tag( 'table',
- /* update the recent and saved searches from the pref files */
- $attributes = get_recent($username, $data_dir);
- $saved_attributes = get_saved($username, $data_dir);
--$saved_count = count($saved_attributes['saved_what']);
-+if (isset($saved_attributes['saved_what'])) {
-+ $saved_count = count($saved_attributes['saved_what']);
-+} else {
-+ $saved_count = 0;
-+}
- $count_all = 0;
-
- /* Saved Search Table */
diff -r 8321e111816c -r ca08e36f2ae1 mail/squirrelmail/patches/patch-ag
--- a/mail/squirrelmail/patches/patch-ag Mon Feb 27 07:10:59 2006 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,13 +0,0 @@
Home |
Main Index |
Thread Index |
Old Index