Subject: CVS commit: [pkgsrc-2005Q4] pkgsrc/mail
To: None <pkgsrc-changes@NetBSD.org>
From: Lubomir Sedlacik <salo@netbsd.org>
List: pkgsrc-changes
Date: 03/15/2006 12:07:55
Module Name: pkgsrc
Committed By: salo
Date: Wed Mar 15 12:07:55 UTC 2006
Modified Files:
pkgsrc/mail/ja-squirrelmail [pkgsrc-2005Q4]: Makefile
pkgsrc/mail/squirrelmail [pkgsrc-2005Q4]: Makefile PLIST buildlink3.mk
distinfo plugin.mk
pkgsrc/mail/squirrelmail-decode [pkgsrc-2005Q4]: Makefile
pkgsrc/mail/squirrelmail-locales [pkgsrc-2005Q4]: Makefile PLIST
distinfo
Removed Files:
pkgsrc/mail/squirrelmail/patches [pkgsrc-2005Q4]: patch-ab patch-ac
patch-ad patch-ae patch-af patch-ag patch-ah
Log Message:
Pullup ticket 1186 - requested by Martti Kuparinen
security update for squirrelmail
Revisions pulled up:
- pkgsrc/mail/squirrelmail/Makefile 1.65, 1.66, 1.68, 1.69
- pkgsrc/mail/squirrelmail/PLIST 1.17
- pkgsrc/mail/squirrelmail/buildlink3.mk 1.6, 1.7
- pkgsrc/mail/squirrelmail/distinfo 1.30
- pkgsrc/mail/squirrelmail/patches/patch-ab removed
- pkgsrc/mail/squirrelmail/patches/patch-ac removed
- pkgsrc/mail/squirrelmail/patches/patch-ad removed
- pkgsrc/mail/squirrelmail/patches/patch-ae removed
- pkgsrc/mail/squirrelmail/patches/patch-af removed
- pkgsrc/mail/squirrelmail/patches/patch-ag removed
- pkgsrc/mail/squirrelmail/patches/patch-ah removed
- pkgsrc/mail/squirrelmail/plugin.mk 1.3
- pkgsrc/mail/squirrelmail-decode/Makefile 1.3
- pkgsrc/mail/squirrelmail-locales/Makefile 1.11, 1.12, 1.13, 1.14
- pkgsrc/mail/squirrelmail-locales/PLIST 1.5, 1.6, 1.7
- pkgsrc/mail/squirrelmail-locales/distinfo 1.4
- pkgsrc/mail/ja-squirrelmail/Makefile 1.23, 1.24, 1.26
Module Name: pkgsrc
Committed By: joerg
Date: Fri Jan 20 23:56:59 UTC 2006
Modified Files:
pkgsrc/mail/squirrelmail: Makefile
Log Message:
Use SUBST framework. Replace some "find foo | xargs bar" with
"find foo -exec bar {} \;" while here, the former is faster, but can't
cope with all quoting issues and is also more likely to hit argument
length limits. CONFLICT to ja-squirrelmail.
---
Module Name: pkgsrc
Committed By: joerg
Date: Fri Jan 20 23:57:26 UTC 2006
Modified Files:
pkgsrc/mail/ja-squirrelmail: Makefile
Log Message:
Use SUBST. Use find foo -exec bar {} \; instead of find foo | xargs bar.
---
Module Name: pkgsrc
Committed By: martti
Date: Fri Feb 3 10:26:17 UTC 2006
Modified Files:
pkgsrc/mail/squirrelmail: Makefile
Log Message:
s/SMDIRDIR/SMDIR/ and bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: martti
Date: Fri Feb 3 10:26:44 UTC 2006
Modified Files:
pkgsrc/mail/ja-squirrelmail: Makefile
Log Message:
s/SMDIRDIR/SMDIR/ and bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: martti
Date: Fri Feb 17 07:04:25 UTC 2006
Modified Files:
pkgsrc/mail/ja-squirrelmail: Makefile
pkgsrc/mail/squirrelmail: Makefile buildlink3.mk plugin.mk
pkgsrc/mail/squirrelmail-locales: Makefile
Log Message:
Fixed warnings found by pkglint -Wall.
---
Module Name: pkgsrc
Committed By: martti
Date: Mon Feb 27 07:12:14 UTC 2006
Modified Files:
pkgsrc/mail/squirrelmail: Makefile PLIST buildlink3.mk distinfo
Removed Files:
pkgsrc/mail/squirrelmail/patches: patch-ab patch-ac patch-ad patch-ae
patch-af patch-ag patch-ah
Log Message:
Updated squirrelmail to 1.4.6
This release is very important, and we strongly advise everybody to
update to the latest release.
Security Update
===============
This version contains a number of security updates that were brought
to our attention via a number of sources.
- In webmail.php, the right_frame parameter was not properly sanitized
to deal with very lenient browsers, which allowed for cross site
scripting or frame replacing. [CVE-2006-0188]
- In the MagicHTML function, some very obscure constructs were
discovered to be exploitable: 'u\rl' was interpreted as 'url' (privacy
concern), and comments could be inside keywords (allows for cross site
scripting). Both only affect Internet Explorer users. Found by Martijn
Brinkers and Scott Hughes. [CVE-2006-0195]
- The function sqimap_mailbox_select did not strip newlines from the
mailbox parameter, and thereby allowed for IMAP command injection.
Found by Vicente Aguilera. [CVE-2006-0377]
---
Module Name: pkgsrc
Committed By: martti
Date: Mon Feb 27 07:13:00 UTC 2006
Modified Files:
pkgsrc/mail/squirrelmail-locales: Makefile PLIST distinfo
Log Message:
Updated squirrelmail-locales to 1.4.6
* sync with squirrelmail 1.4.6
---
Module Name: pkgsrc
Committed By: cube
Date: Wed Mar 1 06:39:52 UTC 2006
Modified Files:
pkgsrc/mail/squirrelmail-locales: Makefile PLIST
Log Message:
Fix PLIST.
---
Module Name: pkgsrc
Committed By: martti
Date: Thu Mar 2 07:41:44 UTC 2006
Modified Files:
pkgsrc/mail/squirrelmail-decode: Makefile
Log Message:
Fix pkglint -Wall warnings.
---
Module Name: pkgsrc
Committed By: salo
Date: Wed Mar 15 11:48:29 UTC 2006
Modified Files:
pkgsrc/mail/squirrelmail-locales: Makefile PLIST
Log Message:
Fix PLIST. (hi cube and martti!)
To generate a diff of this commit:
cvs rdiff -r1.21 -r1.21.2.1 pkgsrc/mail/ja-squirrelmail/Makefile
cvs rdiff -r1.63 -r1.63.2.1 pkgsrc/mail/squirrelmail/Makefile
cvs rdiff -r1.16 -r1.16.4.1 pkgsrc/mail/squirrelmail/PLIST
cvs rdiff -r1.4 -r1.4.4.1 pkgsrc/mail/squirrelmail/buildlink3.mk
cvs rdiff -r1.29 -r1.29.2.1 pkgsrc/mail/squirrelmail/distinfo
cvs rdiff -r1.2 -r1.2.2.1 pkgsrc/mail/squirrelmail/plugin.mk
cvs rdiff -r1.1.1.1 -r1.1.1.1.2.1 pkgsrc/mail/squirrelmail-decode/Makefile
cvs rdiff -r1.9 -r1.9.2.1 pkgsrc/mail/squirrelmail-locales/Makefile
cvs rdiff -r1.4 -r1.4.4.1 pkgsrc/mail/squirrelmail-locales/PLIST
cvs rdiff -r1.3 -r1.3.4.1 pkgsrc/mail/squirrelmail-locales/distinfo
cvs rdiff -r1.10 -r0 pkgsrc/mail/squirrelmail/patches/patch-ab
cvs rdiff -r1.1 -r0 pkgsrc/mail/squirrelmail/patches/patch-ac \
pkgsrc/mail/squirrelmail/patches/patch-ad \
pkgsrc/mail/squirrelmail/patches/patch-ae \
pkgsrc/mail/squirrelmail/patches/patch-af \
pkgsrc/mail/squirrelmail/patches/patch-ag \
pkgsrc/mail/squirrelmail/patches/patch-ah
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.