pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/mail/squirrelmail Updated squirrelmail to 1.4.6



details:   https://anonhg.NetBSD.org/pkgsrc/rev/ca08e36f2ae1
branches:  trunk
changeset: 508871:ca08e36f2ae1
user:      martti <martti%pkgsrc.org@localhost>
date:      Mon Feb 27 07:12:13 2006 +0000

description:
Updated squirrelmail to 1.4.6

This release is very important, and we strongly advise everybody to
update to the latest release.

Security Update
===============
This version contains a number of security updates that were brought
to our attention via a number of sources.

- In webmail.php, the right_frame parameter was not properly sanitized
  to deal with very lenient browsers, which allowed for cross site
  scripting or frame replacing. [CVE-2006-0188]

- In the MagicHTML function, some very obscure constructs were
  discovered to be exploitable: 'u\rl' was interpreted as 'url' (privacy
  concern), and comments could be inside keywords (allows for cross site
  scripting). Both only affect Internet Explorer users. Found by Martijn
  Brinkers and Scott Hughes. [CVE-2006-0195]

- The function sqimap_mailbox_select did not strip newlines from the
  mailbox parameter, and thereby allowed for IMAP command injection.
  Found by Vicente Aguilera. [CVE-2006-0377]

diffstat:

 mail/squirrelmail/Makefile         |   6 +++---
 mail/squirrelmail/PLIST            |  19 ++++++++++++++++++-
 mail/squirrelmail/buildlink3.mk    |   6 +++---
 mail/squirrelmail/distinfo         |  15 ++++-----------
 mail/squirrelmail/patches/patch-ab |  16 ----------------
 mail/squirrelmail/patches/patch-ac |  23 -----------------------
 mail/squirrelmail/patches/patch-ad |  16 ----------------
 mail/squirrelmail/patches/patch-ae |  32 --------------------------------
 mail/squirrelmail/patches/patch-af |  17 -----------------
 mail/squirrelmail/patches/patch-ag |  13 -------------
 mail/squirrelmail/patches/patch-ah |  13 -------------
 11 files changed, 28 insertions(+), 148 deletions(-)

diffs (truncated from 330 to 300 lines):

diff -r 8321e111816c -r ca08e36f2ae1 mail/squirrelmail/Makefile
--- a/mail/squirrelmail/Makefile        Mon Feb 27 07:10:59 2006 +0000
+++ b/mail/squirrelmail/Makefile        Mon Feb 27 07:12:13 2006 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.68 2006/02/17 07:04:25 martti Exp $
+# $NetBSD: Makefile,v 1.69 2006/02/27 07:12:13 martti Exp $
 
-DISTNAME=      squirrelmail-1.4.5
-PKGREVISION=   5
+DISTNAME=      squirrelmail-1.4.6
+#PKGREVISION=  1
 CATEGORIES=    mail www
 MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE:=squirrelmail/}
 EXTRACT_SUFX=  .tar.bz2
diff -r 8321e111816c -r ca08e36f2ae1 mail/squirrelmail/PLIST
--- a/mail/squirrelmail/PLIST   Mon Feb 27 07:10:59 2006 +0000
+++ b/mail/squirrelmail/PLIST   Mon Feb 27 07:12:13 2006 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.16 2005/07/18 07:04:27 martti Exp $
+@comment $NetBSD: PLIST,v 1.17 2006/02/27 07:12:13 martti Exp $
 share/examples/squirrelmail/squirrelmail.conf
 share/squirrelmail/AUTHORS
 share/squirrelmail/COPYING
@@ -13,6 +13,7 @@
 share/squirrelmail/class/deliver/Deliver_SendMail.class.php
 share/squirrelmail/class/deliver/index.php
 share/squirrelmail/class/helper/VCard.class.php
+share/squirrelmail/class/helper/index.php
 share/squirrelmail/class/html.class.php
 share/squirrelmail/class/index.php
 share/squirrelmail/class/mime.class.php
@@ -63,12 +64,14 @@
 share/squirrelmail/doc/ReleaseNotes/1.4/Notes-1.4.3.txt
 share/squirrelmail/doc/ReleaseNotes/1.4/Notes-1.4.3a.txt
 share/squirrelmail/doc/ReleaseNotes/1.4/Notes-1.4.4.txt
+share/squirrelmail/doc/ReleaseNotes/1.4/Notes-1.4.5.txt
 share/squirrelmail/doc/authentication.txt
 share/squirrelmail/doc/db-backend.txt
 share/squirrelmail/doc/ie_ssl.txt
 share/squirrelmail/doc/index.html
 share/squirrelmail/doc/presets.txt
 share/squirrelmail/doc/russian_apache.txt
+share/squirrelmail/doc/security.txt
 share/squirrelmail/doc/themes.txt
 share/squirrelmail/doc/translating.txt
 share/squirrelmail/doc/translating_help.txt
@@ -92,6 +95,7 @@
 share/squirrelmail/functions/decode/cp1258.php
 share/squirrelmail/functions/decode/cp855.php
 share/squirrelmail/functions/decode/cp866.php
+share/squirrelmail/functions/decode/index.php
 share/squirrelmail/functions/decode/iso_8859_1.php
 share/squirrelmail/functions/decode/iso_8859_10.php
 share/squirrelmail/functions/decode/iso_8859_11.php
@@ -118,6 +122,7 @@
 share/squirrelmail/functions/encode/cp1251.php
 share/squirrelmail/functions/encode/cp1255.php
 share/squirrelmail/functions/encode/cp1256.php
+share/squirrelmail/functions/encode/index.php
 share/squirrelmail/functions/encode/iso_8859_1.php
 share/squirrelmail/functions/encode/iso_8859_15.php
 share/squirrelmail/functions/encode/iso_8859_2.php
@@ -188,6 +193,7 @@
 share/squirrelmail/locale/timezones.cfg
 share/squirrelmail/plugins/README.plugins
 share/squirrelmail/plugins/abook_take/README
+share/squirrelmail/plugins/abook_take/index.php
 share/squirrelmail/plugins/abook_take/setup.php
 share/squirrelmail/plugins/abook_take/take.php
 share/squirrelmail/plugins/administrator/INSTALL
@@ -222,12 +228,14 @@
 share/squirrelmail/plugins/filters/bulkquery/bq.in
 share/squirrelmail/plugins/filters/bulkquery/bq.out
 share/squirrelmail/plugins/filters/bulkquery/bulkquery.c
+share/squirrelmail/plugins/filters/bulkquery/index.php
 share/squirrelmail/plugins/filters/filters.php
 share/squirrelmail/plugins/filters/index.php
 share/squirrelmail/plugins/filters/options.php
 share/squirrelmail/plugins/filters/setup.php
 share/squirrelmail/plugins/filters/spamoptions.php
 share/squirrelmail/plugins/fortune/INSTALL
+share/squirrelmail/plugins/fortune/index.php
 share/squirrelmail/plugins/fortune/setup.php
 share/squirrelmail/plugins/index.php
 share/squirrelmail/plugins/info/README
@@ -247,6 +255,7 @@
 share/squirrelmail/plugins/mail_fetch/options.php
 share/squirrelmail/plugins/mail_fetch/setup.php
 share/squirrelmail/plugins/make_archive.pl
+share/squirrelmail/plugins/message_details/index.php
 share/squirrelmail/plugins/message_details/message_details_bottom.php
 share/squirrelmail/plugins/message_details/message_details_main.php
 share/squirrelmail/plugins/message_details/message_details_top.php
@@ -261,6 +270,7 @@
 share/squirrelmail/plugins/newmail/sounds/Friends.wav
 share/squirrelmail/plugins/newmail/sounds/MontyPython.wav
 share/squirrelmail/plugins/newmail/sounds/Notify.wav
+share/squirrelmail/plugins/newmail/sounds/index.php
 share/squirrelmail/plugins/newmail/testsound.php
 share/squirrelmail/plugins/sent_subfolders/index.php
 share/squirrelmail/plugins/sent_subfolders/setup.php
@@ -357,11 +367,13 @@
 share/squirrelmail/themes/black_bean_burrito_theme.php
 share/squirrelmail/themes/blue_grey_theme.php
 share/squirrelmail/themes/bluesnews_theme.php
+share/squirrelmail/themes/bluesome.php
 share/squirrelmail/themes/bluesteel_theme.php
 share/squirrelmail/themes/christmas.php
 share/squirrelmail/themes/css/comic-sans-08.css
 share/squirrelmail/themes/css/comic-sans-10.css
 share/squirrelmail/themes/css/comic-sans-12.css
+share/squirrelmail/themes/css/index.php
 share/squirrelmail/themes/css/sans-08.css
 share/squirrelmail/themes/css/sans-10.css
 share/squirrelmail/themes/css/sans-12.css
@@ -402,10 +414,15 @@
 share/squirrelmail/themes/seaspray_theme.php
 share/squirrelmail/themes/servery_theme.php
 share/squirrelmail/themes/shades_of_grey.php
+share/squirrelmail/themes/silver_steel_theme.php
+share/squirrelmail/themes/simple_green2.php
+share/squirrelmail/themes/simple_green_theme.php
+share/squirrelmail/themes/simple_purple.php
 share/squirrelmail/themes/slashdot_theme.php
 share/squirrelmail/themes/spice_of_life.php
 share/squirrelmail/themes/spice_of_life_dark.php
 share/squirrelmail/themes/spice_of_life_lite.php
+share/squirrelmail/themes/wood_theme.php
 @dirrm share/squirrelmail/themes/css
 @dirrm share/squirrelmail/themes
 @dirrm share/squirrelmail/src
diff -r 8321e111816c -r ca08e36f2ae1 mail/squirrelmail/buildlink3.mk
--- a/mail/squirrelmail/buildlink3.mk   Mon Feb 27 07:10:59 2006 +0000
+++ b/mail/squirrelmail/buildlink3.mk   Mon Feb 27 07:12:13 2006 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.6 2006/02/17 07:04:25 martti Exp $
+# $NetBSD: buildlink3.mk,v 1.7 2006/02/27 07:12:13 martti Exp $
 
 BUILDLINK_DEPTH:=              ${BUILDLINK_DEPTH}+
 SQUIRRELMAIL_BUILDLINK3_MK:=   ${SQUIRRELMAIL_BUILDLINK3_MK}+
@@ -11,8 +11,8 @@
 BUILDLINK_PACKAGES+=   squirrelmail
 
 .if !empty(SQUIRRELMAIL_BUILDLINK3_MK:M+)
-BUILDLINK_DEPENDS.squirrelmail+=       {ja-,}squirrelmail>=1.4.5
-BUILDLINK_RECOMMENDED.squirrelmail?=   squirrelmail>=1.4.5nb5
+BUILDLINK_DEPENDS.squirrelmail+=       {ja-,}squirrelmail>=1.4.6
+BUILDLINK_RECOMMENDED.squirrelmail?=   squirrelmail>=1.4.6
 BUILDLINK_PKGSRCDIR.squirrelmail?=     ../../mail/squirrelmail
 .endif # SQUIRRELMAIL_BUILDLINK3_MK
 
diff -r 8321e111816c -r ca08e36f2ae1 mail/squirrelmail/distinfo
--- a/mail/squirrelmail/distinfo        Mon Feb 27 07:10:59 2006 +0000
+++ b/mail/squirrelmail/distinfo        Mon Feb 27 07:12:13 2006 +0000
@@ -1,13 +1,6 @@
-$NetBSD: distinfo,v 1.29 2005/12/05 20:13:38 martti Exp $
+$NetBSD: distinfo,v 1.30 2006/02/27 07:12:13 martti Exp $
 
-SHA1 (squirrelmail-1.4.5.tar.bz2) = 48c93dd99b72b73a3ea48311152bcbc40af5cabb
-RMD160 (squirrelmail-1.4.5.tar.bz2) = 6f748e483ea1c3c94eeb849ce11a3afd90c499a0
-Size (squirrelmail-1.4.5.tar.bz2) = 480226 bytes
+SHA1 (squirrelmail-1.4.6.tar.bz2) = b813aa9f736b4b6c41d1afd35bcbd01604e85cf7
+RMD160 (squirrelmail-1.4.6.tar.bz2) = 3cee894b392620af3e35ef1d00e35775559dd4f7
+Size (squirrelmail-1.4.6.tar.bz2) = 484099 bytes
 SHA1 (patch-aa) = cafc171ab1de5e2e1e83caff39f3bfb810fe2ab5
-SHA1 (patch-ab) = c101e77938a3c2c6cf62b62a79a63125d44dda32
-SHA1 (patch-ac) = 7d3c742e8694fb051ada1d11d1624b199d61cf5b
-SHA1 (patch-ad) = 1db2f3d91e059a26ba41e638b7fba134fb7fa1ca
-SHA1 (patch-ae) = 45578c696d9e0ff48928e81228982e5d40c86919
-SHA1 (patch-af) = 96bb58143a83b6bbeb5477fdcd470895ccae202b
-SHA1 (patch-ag) = a9cd5b779468ca7f1361c72207bbb550cd9748e3
-SHA1 (patch-ah) = 073dfa9544b8dd9ec91c4a8cba5e5b6c710e284f
diff -r 8321e111816c -r ca08e36f2ae1 mail/squirrelmail/patches/patch-ab
--- a/mail/squirrelmail/patches/patch-ab        Mon Feb 27 07:10:59 2006 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,16 +0,0 @@
-$NetBSD: patch-ab,v 1.10 2005/09/20 13:19:05 schmonz Exp $
-
---- class/mime/Rfc822Header.class.php.orig     2005-02-06 19:33:29.000000000 -0500
-+++ class/mime/Rfc822Header.class.php
-@@ -505,8 +505,9 @@ class Rfc822Header {
-      * functions/imap_messages. I'm not sure if it's ok here to call
-      * that function?
-      */
--    function parsePriority($value) {
--        $value = strtolower(array_shift(split('/\w/',trim($value))));
-+    function parsePriority($sValue) {
-+      $aValue = split('/\w/',trim($sValue));
-+        $value = strtolower(array_shift($aValue));
-         if ( is_numeric($value) ) {
-             return $value;
-         }
diff -r 8321e111816c -r ca08e36f2ae1 mail/squirrelmail/patches/patch-ac
--- a/mail/squirrelmail/patches/patch-ac        Mon Feb 27 07:10:59 2006 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,23 +0,0 @@
-$NetBSD: patch-ac,v 1.1 2005/09/20 13:19:05 schmonz Exp $
-
---- functions/imap_messages.php.orig   2005-04-16 13:45:38.000000000 -0400
-+++ functions/imap_messages.php
-@@ -476,8 +476,9 @@ function parseArray($read,&$i) {
-  * NOTE: this is actually a duplicate from the function in
-  * class/mime/Rfc822Header.php.
-  */
--function parsePriority($value) {
--    $value = strtolower(array_shift(split('/\w/',trim($value))));
-+function parsePriority($sValue) {
-+    $aValue=split('/\w/',trim($sValue));
-+    $value = strtolower(array_shift($aValue));
-     if ( is_numeric($value) ) {
-         return $value;
-     }
-@@ -915,4 +916,4 @@ function sqimap_get_small_header($imap_s
-     return $res[0];
- }
- 
--?>
-\ No newline at end of file
-+?>
diff -r 8321e111816c -r ca08e36f2ae1 mail/squirrelmail/patches/patch-ad
--- a/mail/squirrelmail/patches/patch-ad        Mon Feb 27 07:10:59 2006 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,16 +0,0 @@
-$NetBSD: patch-ad,v 1.1 2005/09/20 13:19:05 schmonz Exp $
-
---- plugins/listcommands/setup.php.orig        2005-02-28 05:20:12.000000000 -0500
-+++ plugins/listcommands/setup.php
-@@ -51,8 +51,9 @@ function plugin_listcommands_menu() {
-         }
- 
-         /* proto = {mailto,href} */
--      $proto = array_shift(array_keys($actions));
--      $act   = array_shift($actions);
-+      $aActionKeys = array_keys($actions);
-+      $proto = array_shift($aActionKeys);
-+      $act   = array_shift($aActionKeys);
- 
-         if ($proto == 'mailto') {
- 
diff -r 8321e111816c -r ca08e36f2ae1 mail/squirrelmail/patches/patch-ae
--- a/mail/squirrelmail/patches/patch-ae        Mon Feb 27 07:10:59 2006 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,32 +0,0 @@
-$NetBSD: patch-ae,v 1.1 2005/09/20 13:19:05 schmonz Exp $
-
---- src/configtest.php.orig    2005-05-20 14:43:39.000000000 -0400
-+++ src/configtest.php
-@@ -314,7 +314,7 @@ if (function_exists('recode')) {
- echo "$IND iconv - ";
- if (function_exists('iconv')) {
-     echo "Iconv functions are available.<br />\n";
--} elseif ($use_php_iconv) {
-+} elseif (isset($use_php_iconv) && $use_php_iconv) {
-     echo "Iconv functions are unavailable.<br />\n";
-     do_err('Your configuration requires iconv support, but iconv support is missing.');
- } else {
-@@ -365,7 +365,8 @@ if(!empty($addrbook_dsn) || !empty($pref
-         }
- 
-         foreach($dsns as $type => $dsn) {
--            $dbtype = array_shift(explode(':', $dsn));
-+            $aDsn = explode(':', $dsn);
-+            $dbtype = array_shift($aDsn);
-             if(isset($db_functions[$dbtype]) && function_exists($db_functions[$dbtype])) {
-                 echo "$IND$dbtype database support present.<br />\n";
- 
-@@ -380,7 +381,7 @@ if(!empty($addrbook_dsn) || !empty($pref
-                 echo "$IND$type database connect successful.<br />\n";
- 
-             } else {
--                do_err($db.' database support not present!');
-+                do_err($dbtype.' database support not present!');
-             }
-         }
-     } else {
diff -r 8321e111816c -r ca08e36f2ae1 mail/squirrelmail/patches/patch-af
--- a/mail/squirrelmail/patches/patch-af        Mon Feb 27 07:10:59 2006 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,17 +0,0 @@
-$NetBSD: patch-af,v 1.1 2005/09/20 13:19:05 schmonz Exp $
-
---- src/search.php.orig        2005-06-22 03:05:59.000000000 -0400
-+++ src/search.php
-@@ -297,7 +297,11 @@ echo html_tag( 'table',
- /*  update the recent and saved searches from the pref files  */
- $attributes = get_recent($username, $data_dir);
- $saved_attributes = get_saved($username, $data_dir);
--$saved_count = count($saved_attributes['saved_what']);
-+if (isset($saved_attributes['saved_what'])) {
-+    $saved_count = count($saved_attributes['saved_what']);
-+} else {
-+    $saved_count = 0;
-+}
- $count_all = 0;
- 
- /* Saved Search Table */
diff -r 8321e111816c -r ca08e36f2ae1 mail/squirrelmail/patches/patch-ag
--- a/mail/squirrelmail/patches/patch-ag        Mon Feb 27 07:10:59 2006 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,13 +0,0 @@



Home | Main Index | Thread Index | Old Index