[pkgsrc/trunk]: pkgsrc/mail/sqwebmail Fix for security issue: http://secunia....

[adrianp <adrianp%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/f5882bc49603
branches:  trunk
changeset: 499160:f5882bc49603
user:      adrianp <adrianp%pkgsrc.org@localhost>
date:      Sun Sep 11 19:58:46 2005 +0000

description:
Fix for security issue: http://secunia.com/advisories/16704/
Bump to nb2

diffstat:

 mail/sqwebmail/Makefile         |   4 +-
 mail/sqwebmail/distinfo         |   4 +-
 mail/sqwebmail/patches/patch-al |  86 ++++++++++++++++++++++++++++++++++++++--
 3 files changed, 85 insertions(+), 9 deletions(-)

diffs (133 lines):

diff -r 696774baf00d -r f5882bc49603 mail/sqwebmail/Makefile
--- a/mail/sqwebmail/Makefile   Sun Sep 11 18:08:02 2005 +0000
+++ b/mail/sqwebmail/Makefile   Sun Sep 11 19:58:46 2005 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.37 2005/08/29 15:53:24 adrianp Exp $
+# $NetBSD: Makefile,v 1.38 2005/09/11 19:58:46 adrianp Exp $
 
 DISTNAME=      sqwebmail-5.0.4
-PKGREVISION=   1
+PKGREVISION=   2
 PKGBASE=       ${DISTNAME:C/-[^-]*$//}
 CATEGORIES=    mail www
 MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE:=courier/}
diff -r 696774baf00d -r f5882bc49603 mail/sqwebmail/distinfo
--- a/mail/sqwebmail/distinfo   Sun Sep 11 18:08:02 2005 +0000
+++ b/mail/sqwebmail/distinfo   Sun Sep 11 19:58:46 2005 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.9 2005/08/29 15:53:24 adrianp Exp $
+$NetBSD: distinfo,v 1.10 2005/09/11 19:58:46 adrianp Exp $
 
 SHA1 (sqwebmail-5.0.4.tar.bz2) = a796d3a72df2acdf5e37ba41db79d376ee4c5f29
 RMD160 (sqwebmail-5.0.4.tar.bz2) = 83377afd274f008cae7fb133577d6b2c6ec62ce5
@@ -9,4 +9,4 @@
 SHA1 (patch-ai) = def2f4d30bf5f15ea78f401f3c4ca2f2ec8c0ad2
 SHA1 (patch-aj) = d2164d3fad61f63062f88e489f4be7f1ff6bdea2
 SHA1 (patch-ak) = 78df6763a16aa9dbed96fbd02ff9ccf95b772a55
-SHA1 (patch-al) = f7fe75105acfb6a2158d9344cb131f536dd573cc
+SHA1 (patch-al) = 062bb6c25f4ded2499859969e8ab217540f401a0
diff -r 696774baf00d -r f5882bc49603 mail/sqwebmail/patches/patch-al
--- a/mail/sqwebmail/patches/patch-al   Sun Sep 11 18:08:02 2005 +0000
+++ b/mail/sqwebmail/patches/patch-al   Sun Sep 11 19:58:46 2005 +0000
@@ -1,8 +1,6 @@
-$NetBSD: patch-al,v 1.1 2005/08/29 15:53:24 adrianp Exp $
-
 --- sqwebmail/html.c.orig      2003-10-06 01:16:13.000000000 +0100
-+++ sqwebmail/html.c
-@@ -187,9 +187,16 @@ char *p;
++++ sqwebmail/html.c   2005-09-05 18:05:59.000000000 +0100
+@@ -187,9 +187,16 @@
                                        if (tai)        ++tai->tagvaluelen;
                                }
                                if (*p) p++;
@@ -19,7 +17,7 @@
                                if (tai)
                                {
                                        tai->tagvalue=p;
-@@ -222,6 +229,31 @@ static void parsetagbuf()
+@@ -222,6 +229,31 @@
        while ((p=strchr(tagbuf, '<')) != NULL)
                *p=' ';
  
@@ -51,3 +49,81 @@
          tagattrlen=parseattr(0);
          if ( tagattrlen > tagattrsize)
          {
+@@ -285,7 +317,9 @@
+       incomment,              /* <!--, in a comment, have not seen any
+                               dashes */
+       incommentseendash,      /* In a comment, seen - */
+-      incommentseendashdash   /* In a comment, seen -- */
++      incommentseendashdash,  /* In a comment, seen -- */
++
++      skiptag                 /* Ignore <!tag> */
+       } ;
+ 
+ static enum htmlstate cur_state;
+@@ -385,7 +419,7 @@
+               case intag:
+                       /* We're in a tag (not a <!-- comment)
+                       collect the contents in tagbuf, until > is seen */
+-do_intag:
++
+                       cur_state=intag;
+                       if (p[l] == '>')
+                       {
+@@ -397,9 +431,21 @@
+                       addtagbuf(p[l]);
+                       continue;
+ 
++              case skiptag:
++                      if (p[l] == '>')
++                      {
++                              start=l+1;
++                              cur_state=intext;
++                      }
++                      continue;
+               case seenltbang:
+                       /* We have <!.  If - is not here, this is a SGML tag */
+-                      if (p[l] != '-')        goto do_intag;
++                      if (p[l] != '-')
++                      {
++                              cur_state=skiptag;
++                              continue;
++                      }
++
+                       addtagbuf(p[l]);
+                       cur_state=seenltbangdash;
+                       continue;
+@@ -410,9 +456,12 @@
+                       otherweise we're in a comment, which we can pass
+                       along */
+ 
+-                      if (p[l] != '-')        goto do_intag;
+-                      if (!skipping())
+-                              (*htmlfiltered_func)("<!--", 4);
++                      if (p[l] != '-')
++                      {
++                              cur_state=skiptag;
++                              continue;
++                      }
++
+                       start=l+1;
+                       cur_state=incomment;
+                       continue;
+@@ -433,8 +482,6 @@
+                               cur_state=incomment;
+                               continue;
+                       }
+-                      if (!skipping())
+-                              (*htmlfiltered_func)(p+start, l+1-start);
+                       cur_state=intext;
+                       start=l+1;
+                       continue;
+@@ -446,9 +493,6 @@
+ 
+       switch (cur_state)      {
+       case intext:
+-      case incomment:
+-      case incommentseendash:
+-      case incommentseendashdash:
+               if (!skipping())
+                       (*htmlfiltered_func)(p+start, l-start);
+       default: