Subject: CVS commit: pkgsrc/mail/squirrelmail
To: None <pkgsrc-changes@NetBSD.org>
From: OBATA Akio <obache@netbsd.org>
List: pkgsrc-changes
Date: 12/04/2006 13:06:01
Module Name: pkgsrc
Committed By: obache
Date: Mon Dec 4 13:06:01 UTC 2006
Modified Files:
pkgsrc/mail/squirrelmail: Makefile PLIST distinfo
pkgsrc/mail/squirrelmail/patches: patch-aa
Log Message:
Update squirrelmail to 1.4.9a.
ChangLog:
Version 1.4.9a - 3 December 2006
--------------------------------
- Security: Multiple IE cross site scripting issues related to the
widely acceptation of the word expression and url by IE.
- Security: Removing @import when sanitizing html mail.
Version 1.4.9 - 2 December 2006
-------------------------------
- Drop obsolete script plugins/make_archive.pl.
- Fixed Google translate form in translate plugin. Added new language
pairs.
- Added XMAGICTRASH extension tests in configtest utility. Removed code
that handled 'inbox.trash' as special folder in courier (#1354393).
- Allowed moving folders to trash in courier.
- Fix misspelled constant PREG_SPLIT_NI_EMPTY in sqimap_get_message
(#1543573).
- Provide View Unsafe Images link on viewing a text/html attachment.
- Fix variable typo in folders_create.php (#1545316).
- Added Courier IMAP OUTBOX check to configtest utility.
- If mailbox name starts with slash or contains ../, error message is
generated. Safety check for insecure default UW IMAP setup (#1557078).
- Ignore message copy errors when messages are deleted. Allows to delete
messages when quota is exceeded (#614887, #646386, #1446026).
- Fixed unintended literal fetching (#1562271).
- Added global file based address book listing controls. Added line
length configuration option for local_file address book backend
(#1181561). Added address book data integrity checks in local_file
address book backend. Fixed eregi and object notices in local_file
and database address book backends. Added additional address book
field support.
- Fixed variable corruption in configtest utility.
- Checked if configuration file is readable in configuration utility
(#1568355).
- Special mailboxes marked in special_mailbox hook are no longer listed
in folder delete, rename and subscription options.
- Translate plugin: prevent PHP notice when viewing empty message.
- Add CEST and MEST (non-standard) timezone codes for +0200.
- Add <label> to From field in message list.
- Add support for parsing SpamAssassin's X-Spam-Status header (#1589520).
- Fix in bodystructure parser code related to strings ending with an
escape character.
- Added "attachment */*" hook
- Added third parameter $logout_link to logout_error hook that allows
plugin control over login page URI displayed on login error page.
- Security: close cross site scripting vulnerability in draft, compose
and mailto functionality [CVE-2006-6142].
- Security: work around an issue in Internet Explorer that would guess
the mime type of a file based on contents, not Content-Type header.
To generate a diff of this commit:
cvs rdiff -r1.77 -r1.78 pkgsrc/mail/squirrelmail/Makefile
cvs rdiff -r1.19 -r1.20 pkgsrc/mail/squirrelmail/PLIST
cvs rdiff -r1.34 -r1.35 pkgsrc/mail/squirrelmail/distinfo
cvs rdiff -r1.11 -r1.12 pkgsrc/mail/squirrelmail/patches/patch-aa
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.