Up to [cvs.NetBSD.org] / pkgsrc / mail / squirrelmail
Request diff between arbitrary revisions
Keyword substitution: kv
Default branch: MAIN
mail/squirrelmail: update to 1.4.23pre15028 pkgsrc change: remove a pkglint warning in squirrelmail.mk. 1.4.23pre15028 is latest snapshot of squirrelmail 1.4 stable branch. * Reduce warnings especially PHP 8.3.
mail/squirrelmail: update to 1.4.23pre14997 Original changes are better support for PHP 8.2, avoiding deprecated warnings. pkgsrc changes * Prefix PKGNAME with PHP_PKG_PREFIX. * Introduce squirrelmail.mk for common definitions for other squirrelmail related packages. * EGDIR and SMDIR are under PHP_PKG_PREFIX, for example: share/example/squirrelmail => share/example/php81/squirrelmail share/squirrelmail => share/php81/squirrelmail * Use EGDIR and SMDIR in PLIST and add PRINT_PLIST_AWK support.
mail/squirrelmail: update to 1.4.23pre14979 1.4.23 stable revision at 14979 (2022-12-06) * Fix poorly written timezone parsing.
mail/squirrelmail: update to 1.4.23pre14977 Update to latest svn snapshot. It includes various improvements for PHP 8 compatibility. Address to PR pkg/57012. Here are quote from commit log: 1.4.23pre14977 (2022-06-21) * Add cookie SameSite attribute; uses default if "Strict" but can be overridden by $same_site_cookies in config_local.php * Browser seems to respond better when deleting the cookie if you void its value also; helps actually get the cookie to be removed even though this feels more like a browser problem... maybe it does not like a date in 1970? * Make sure drafts are sent with the current date and not that of its previous 'Save Draft' action * Add option to prefix new mail number to the front of the org title (browser title bar) * Fix certain messages with headers in unknown charsets encoded as quoted printable showing up as blank sender/subject in message list * Add ability for plugins to request additional header fields in the message list lookup * Separate DNT and DSN * Add proper RFC 3461 DSN functionality (previously we relied only on the Return-Receipt-To header) * Cause message subject to show in page title when message view is loaded in its own window/tab * Implement SQL identifier quoting in all cases * Add option to folder prefs for marking deleted messages as read * Fix: Login mechanisms other than "login" were broken if server returned untagged data before login response * Greatly fix the plaintext display of messages that do not have a text part. * Add ability to explicitly set prefs DB connection charset * Add ability to explicitly set address book DB connection charset
*: recursive bump for perl 5.36
*: recursive bump for perl 5.34
mail/squirrelmail: update to 1.4.23pre14904 Update squirrelmail to 1.4.23pre14904, latest snapshot. 1.4.23pre revision 14904 (2021-03-13) - Added the ability to modify of the value of the global $PHP_SELF variable used throughout the SquirrelMail code. The administrator may do so by adding the configuration settings $php_self_pattern and $php_self_replacement to config/config_local.php, where the pattern should be a full regular expression including the delimiters. This may be helpful when the web server sees traffic from a proxy so the normal $PHP_SELF does not resolve to what it should be for the real client. - Users can now mouse over the checkbox on the message list to see who a message is from - Show more accurate filesize for uploaded files and base64-encoded attachments (when reading a message) - Migrate away from create_function() as long as we have PHP 5.3+
*: bump PKGREVISION for perl-5.32.
Bump PKGREVISION by changing of default PHP version.
Bump PKGREVISIONs for perl 5.30.0
Pullup ticket #6012 - requested by taca mail/squirrelmail: security fix Revisions pulled up: - mail/squirrelmail/Makefile 1.137 - mail/squirrelmail/PLIST 1.42 - mail/squirrelmail/distinfo 1.71 --- Module Name: pkgsrc Committed By: taca Date: Wed Jul 24 03:49:35 UTC 2019 Modified Files: pkgsrc/mail/squirrelmail: Makefile PLIST distinfo Log Message: mail/squirrelmail: update to 1.4.23pre14832 Update squirrelmail to 1.4.23pre14832. - Changed anti-CSRF security token lifetime to be session-based. - Added favicon and ability for admins to use their own by setting $head_tag_extra in config_local.php (see documented comments in, for example, src/webmail.php) - Altered hook types "do_hook_function" and "concat_hook_function" such that the ultimate hook return value (in its current state, as computed (or not) by the plugins that have executed previously) is both globalized and passed as an additional argument to each plugin. This allows plugins to cooperate better and not overwrite each other's return values. - Updated SVG handling, closing several related vulnerabilities (#2831) [CVE-2018-14950] [CVE-2018-14951] [CVE-2018-14952] [CVE-2018-14953] [CVE-2018-14954] [CVE-2018-14955] - Added IMAP ID command (RFC2971), sent after every login - use by setting $imap_id_command_args in config/config_local.php (see notes in functions/imap_general.php for more details) - Fixed PHP7 warnings (#2847) - Added handling for RCDATA and RAWTEXT elements in HTML sanitizer [CVE-2019-12970]
mail/squirrelmail: update to 1.4.23pre14832 Update squirrelmail to 1.4.23pre14832. - Changed anti-CSRF security token lifetime to be session-based. - Added favicon and ability for admins to use their own by setting $head_tag_extra in config_local.php (see documented comments in, for example, src/webmail.php) - Altered hook types "do_hook_function" and "concat_hook_function" such that the ultimate hook return value (in its current state, as computed (or not) by the plugins that have executed previously) is both globalized and passed as an additional argument to each plugin. This allows plugins to cooperate better and not overwrite each other's return values. - Updated SVG handling, closing several related vulnerabilities (#2831) [CVE-2018-14950] [CVE-2018-14951] [CVE-2018-14952] [CVE-2018-14953] [CVE-2018-14954] [CVE-2018-14955] - Added IMAP ID command (RFC2971), sent after every login - use by setting $imap_id_command_args in config/config_local.php (see notes in functions/imap_general.php for more details) - Fixed PHP7 warnings (#2847) - Added handling for RCDATA and RAWTEXT elements in HTML sanitizer [CVE-2019-12970]
all: replace SUBST_SED with the simpler SUBST_VARS pkglint -Wall -r --only "substitution command" -F With manual review and indentation fixes since pkglint doesn't get that part correct in every case.
Recursive bump for perl5-5.28.0
Pullup ticket #5751 - requested by taca mail/squirrelmail: security update Revisions pulled up: - mail/squirrelmail/Makefile 1.134 - mail/squirrelmail/distinfo 1.70 - mail/squirrelmail/patches/patch-ai 1.3 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Mon Apr 30 07:56:55 UTC 2018 Modified Files: pkgsrc/mail/squirrelmail: Makefile distinfo pkgsrc/mail/squirrelmail/patches: patch-ai Log Message: mail/squirrelmail: update to 1.4.23pre14764 Fix CVE-2018-8741 and more. - Added ability (and user preference) to return to message list after moving a message - Search enhancement: Added ability to search in more than one header without having to search the body - Add ability for saved drafts to indicate if they are a reply and if so, to which message, and mark that message as replied when the draft is finally sent - Added option to allow returning to the message one had been replying to after sending - Sanitize user-supplied attachment filenames (thanks to Florian Grunow for reporting this issue) [CVE-2018-8741] - Allow users who cannot edit their email address but who have multiple identities to edit all their identities To generate a diff of this commit: cvs rdiff -u -r1.133 -r1.134 pkgsrc/mail/squirrelmail/Makefile cvs rdiff -u -r1.69 -r1.70 pkgsrc/mail/squirrelmail/distinfo cvs rdiff -u -r1.2 -r1.3 pkgsrc/mail/squirrelmail/patches/patch-ai
mail/squirrelmail: update to 1.4.23pre14764 Fix CVE-2018-8741 and more. - Added ability (and user preference) to return to message list after moving a message - Search enhancement: Added ability to search in more than one header without having to search the body - Add ability for saved drafts to indicate if they are a reply and if so, to which message, and mark that message as replied when the draft is finally sent - Added option to allow returning to the message one had been replying to after sending - Sanitize user-supplied attachment filenames (thanks to Florian Grunow for reporting this issue) [CVE-2018-8741] - Allow users who cannot edit their email address but who have multiple identities to edit all their identities
Update squirrelmail to 1.4.23pre14688. Note: CVE-2017-7692 is already fixed by 1.4.23pre14605nb1. - compose_send hook now has $draft flag in hook arguments - Fixed insufficient sendmail command argument escaping (thanks to Mitchel Sahertian, Beyond Security/Dawid Golunski and Filippo Cavallarin for bringing this to our attention). [CVE-2017-7692] - Upgraded preferences for the delete_move_next plugin. Automatic user preference updates are included, but note that if your installation is new, or all user prefs have been converted from "on"/"off" to 0/1 then you can add the following to SquirrelMail's config/config_local.php to avoid convertign legacy values over and over: $do_not_convert_delete_move_next_legacy_preferences = TRUE; - Added ability to control the display of the "Check Spelling" button provided by the squirrelspell plugin, which allows administrators to offer this plugin but keep it out of the way for users who do not want it. Put sqspell_show_button=0 in default preferences if it should be hidden by default
Pullup ticket #5333 - requested by maya mail/squirrelmail: security fix Revisions pulled up: - mail/squirrelmail/Makefile 1.132 - mail/squirrelmail/distinfo 1.68 - mail/squirrelmail/patches/patch-class_deliver_Deliver__SendMail.class.php 1.1 --- Module Name: pkgsrc Committed By: maya Date: Wed Apr 19 17:10:18 UTC 2017 Modified Files: pkgsrc/mail/squirrelmail: Makefile distinfo Added Files: pkgsrc/mail/squirrelmail/patches: patch-class_deliver_Deliver__SendMail.class.php Log Message: squirrelmail: patch remote code execution (CVE-2017-7692) separately escape tainted input before feeding it into popen. https://www.wearesegment.com/research/Squirrelmail-Remote-Code-Execution.html patch from Filipo Cavallarin@wearesegment, who also found the vulnerability. bump PKGREVISION
squirrelmail: patch remote code execution (CVE-2017-7692) separately escape tainted input before feeding it into popen. https://www.wearesegment.com/research/Squirrelmail-Remote-Code-Execution.html patch from Filipo Cavallarin@wearesegment, who also found the vulnerability. bump PKGREVISION
Update squirrelmail to 1.4.23pre14605, latest snapshot. PHP 7.0 support should be improved, too. - Added new "smtp_helo_override" hook; allows plugins to override the HELO host sent to the SMTP server when sending messages - Added STARTTLS support for both IMAP and SMTP connections - Added PDO support for database connections, so no external database module needs to be installed
Pullup ticket #5128 - requested by bsiegert mail/squirrelmail: build fix Revisions pulled up: - mail/squirrelmail/Makefile 1.130 - mail/squirrelmail/distinfo 1.66 - mail/squirrelmail/patches/patch-plugins_gpg_gpg_decrypt_attach.php deleted ------------------------------------------------------------------- Module Name: pkgsrc Committed By: manu Date: Fri Sep 30 14:21:23 UTC 2016 Modified Files: pkgsrc/mail/squirrelmail: Makefile distinfo Removed Files: pkgsrc/mail/squirrelmail/patches: patch-plugins_gpg_gpg_decrypt_attach.php Log Message: Remove patch on a localy installed file that did not belong to the = distribution To generate a diff of this commit: cvs rdiff -u -r1.129 -r1.130 pkgsrc/mail/squirrelmail/Makefile cvs rdiff -u -r1.65 -r1.66 pkgsrc/mail/squirrelmail/distinfo cvs rdiff -u -r1.1 -r0 pkgsrc/mail/squirrelmail/patches/patch-plugins_gpg_gpg_decrypt_attach.php
Remove patch on a localy installed file that did not belong to the distribution
Syntax error and PHP 5 compatibility fixes in squirrelmail plugins From Jean-Jacques Puig
Bump PKGREVISION for perl-5.24.0 for everything mentioning perl.
Update squirrelmail to new snapshot, 1.4.23pre14523. Should be fix PR pkg/50197. Here is changes from previous pkgsrc's snapshot. Version 1.4.23 - SVN -------------------- ... - Added Solarized Light and Solarized Dark themes, by Pavneet Arora. - Added associative edit list option widget, with optional folder list selector for values - Added option to use blank spacer instead of security image ("This image has been removed for security reasons.") for replacing unsafe images. - Full date and time is used as "title" (mouseover) text for dates shown on the message list screen - Custom Stylesheets are now sorted on the Display Preferences page - $xtra in the displayHtmlHeader function is now available in the global scope so that plugins can modify it during the generic_header hook - Added some generic client-side (JavaScript) libraries (including an asynchronous server request mechansim). See the new /scripts directory (plugin authors can refer to the plugin documentation for how to use them) - Added optional JavaScript folder list refresh ("check mail") mechanisms that try to avoid refreshing if server is not responding - see the $check_mail_mechanism setting in config/config.php or the "4. General Options ==> "21. Auto check mail mechanism" setting in the configuration tool. (If you do not update your configuration, you will get messages in your logs: "PHP Notice: Undefined variable: check_mail_mechanism in /path/to/squirrelmail/src/left_main.php on line 322...") - Added advanced control over the SSL context used when connecting to the SMTP and IMAP servers over SSL/TLS (thanks to Emmanuel Dreyfus). You can take a look at $imap_stream_options and $smtp_stream_options in config_local.example.php in SquirrelMail version 1.5.2 for more information. These configuration settings should work the same under 1.4.23: http://sourceforge.net/p/squirrelmail/code/HEAD/tree/trunk/squirrelmail/config/config_local.example.php - Added ability to show login error from the IMAP server instead of traditional "Unknown user or password incorrect" (thanks to Alain Williams). See $display_imap_login_error in the configuration file or "4. General Options ==> 22. Display login error from IMAP" in the configuration tool. - Configuration tool now shows the SquirrelMail version - Added new attachments_top hook to src/read_body.php - When resuming a draft, correct (from) identity is now pre-selected - Removed overly-restrictive character limitations on address book nicknames - Prevent session lock-up caused by filters plugin trying to move messages in an account that is over quota - Added MD5 alternative to directory hash calculation - Added ability for administrator to control whether or not users can edit their reply-to address ($edit_reply_to in config.php) - Added new "login_before_page_header" (boolean) hook; allows plugins to have more explicit control over login page header
Recursive PKGREVISION bump for all packages mentioning 'perl', having a PKGNAME of p5-*, or depending such a package, for perl-5.22.0.
Bump for perl-5.20.0. Do it for all packages that * mention perl, or * have a directory name starting with p5-*, or * depend on a package starting with p5- like last time, for 5.18, where this didn't lead to complaints. Let me know if you have any this time.
Bump all packages for perl-5.18, that a) refer 'perl' in their Makefile, or b) have a directory name of p5-*, or c) have any dependency on any p5-* package Like last time, where this caused no complaints.
Bump PKGREVISION from default PHP version change to 5.4.
Update squirrelmail to 1.4.23pre14345, snap shot from squirrelmail's repository. Approved by wiz@. * Now work well with PHP 5.4 and later. Version 1.4.23 - SVN -------------------- - Added capability to issue SEARCH commands in literal format (so that non-ASCII search terms are handled RFC-correctly). - Fixed hook name clash: new "smtp_auth" hook added in version 1.4.22 has been renamed to "smtp_authenticate" - Added SASL PLAIN mechanism for IMAP logins; backported from version 1.5.2. - Prevent syslog warning in call_user_func_array() call when no arguments given. Patch from Jean-Philippe Guerard (#3309935). - Changed the read_body_menu_top hook from concat_hook_function to do_hook_function (plugin authors please note) - Always ensure that the Reply-To header is a full email address in outgoing messages - Fixed issue with Noselect mailboxes being clickable in folder list - Made performance improvements in mailbox listing - Attachment filename extensions changed from ".msg" to ".eml" - Unified address book searches somewhat: file-backed address books now search in each field individually; database-backed address books now search in fields other than first/last name (nickname, email); LDAP- backed address books now search in common name fields as well as by email address (cn, sn, givenname, mail) - You may now enable LDAP-backed address books to be listed (using the "List all" button on the address search screen accessed via the "Addresses" button on the compose screen) by adding "$ldap_abook_allow_listing = TRUE;" (without quotes) to config/config_local.php (previously, this required editing of a file). - Added ability to control browser rendering mode (quirks versus standards) - see the $browser_rendering_mode setting in config/config.php or the "4. General Options ==> 19. Browser rendering mode" setting in the configuration tool (#3240356). - Added "search_index_before" hook (analog of the "mailbox_index_before" hook) - Made performance improvements in security token handling - Improvements for compatibility with PHP 5.4. - Added option that allows users to have replies to their own messages sent to the recipient of the previous message (#3520988).
Drop PKG_DESTDIR_SUPPORT setting, "user-destdir" is default these days.
Bump all packages that use perl, or depend on a p5-* package, or are called p5-*. I hope that's all of them.
Bump PKGREVISION from PHP_VERSION_DEFAULT changes.
Pullup ticket #3472 - requested by taca mail/squirrelmail: security update Revisions pulled up: - mail/squirrelmail/MESSAGE 1.6 - mail/squirrelmail/Makefile 1.117-1.118 - mail/squirrelmail/PLIST 1.38 - mail/squirrelmail/distinfo 1.61 --- Module Name: pkgsrc Committed By: taca Date: Wed Jul 13 01:30:34 UTC 2011 Modified Files: pkgsrc/mail/squirrelmail: Makefile Log Message: take MAINTAINER. --- Module Name: pkgsrc Committed By: taca Date: Wed Jul 13 12:22:44 UTC 2011 Modified Files: pkgsrc/mail/squirrelmail: MESSAGE Makefile PLIST distinfo Log Message: Update squirrelmail package to 1.4.22. Version 1.4.22 - 12 July 2011 ----------------------------- - Backported default timezone fix from version 1.5.2; helps mitigate timezone errors in environments where a default has not been set by the administrator. - Fixed system lock-ups caused by a combination of certain rare, malformed message headers and buggy versions of PHP mbstring (#3053349). - Now allow multiple plugins to handle (add links for) a single attachment MIME type. - Now allow administrators to disable all plugins or enable just a select few plugins (overriding the active plugins in the normal configuration) by setting $temporary_plugins as an empty array (all disabled) or an array with one or more plugin directory names in config_local.php. - Backport fix for call_user_func_array not supporting NULL as empty array in PHP 5.3.3 - Fixed sqauth_read_password() for plugins on the login_verified hook. - Added SMTP SASL PLAIN authentication option to configuration tool (core support for such is not new). - Gmail doens't support standard search commands; removed sort buttons. - Forced addition of a file suffix to attachments that lack a filename (helps forwarded messages avoid spam filters) (thanks to Petr Kletecka) (#3139004). - Fixed missing security token in listcommands plugin. - Added smtp_auth hook (thanks to Emmanuel Dreyfus). - Made speed enhancements to threaded message display (thanks to Siim Poder) (#3288123). - Allow administrators to configure subfolders of user INBOXes to be treated as special folders by adding $subfolders_of_inbox_are_special to config_local.php. - Fixed incorrect display of INBOX subfolders under some configurations. IMPORTANT: You may need to update your configuration so that $default_sub_of_inbox is TRUE if it was FALSE (e.g., Courier IMAP users) and after updating to this version, your special folders are no longer listed at the top of your folder list. Also, if this change prevents users from logging in with an error such as "ERROR: Could not complete request. Query: CREATE "Trash" Reason Given: Invalid mailbox name.", you will need to correct the user preference values for the problem folders. You can do so with commands such as the following for file- based preferences (adjust the data directory location as needed): find /var/lib/squirrelmail/data/ -name *.pref -exec sed --in-place 's/trash_folder=Trash/trash_folder=INBOX.Trash/g' {} \; find /var/lib/squirrelmail/data/ -name *.pref -exec sed --in-place 's/trash_folder=Drafts/trash_folder=INBOX.Drafts/g' {} \; find /var/lib/squirrelmail/data/ -name *.pref -exec sed --in-place 's/trash_folder=Sent/trash_folder=INBOX.Sent/g' {} \; Or, for database-based preferences: UPDATE userprefs SET prefval = 'INBOX.Trash' WHERE prefkey = 'trash_folder' AND prefval = 'Trash'; UPDATE userprefs SET prefval = 'INBOX.Drafts' WHERE prefkey = 'draft_folder' AND prefval = 'Drafts'; UPDATE userprefs SET prefval = 'INBOX.Sent' WHERE prefkey = 'sent_folder' AND prefval = 'Sent'; MAKE SURE to back up your user preferences first! - Optimized message highlighting rules; faster message list display and faster highlight rules management (thanks to C. Bensend for extensive effort helping diagnose) - New Mail plugin no longer removes normal organization title when putting the number of new messages in the browser title - Added clickjacking protection (thanks to Asbjorn Thorsen and Geir Hansen for bringing this to our attention). [CVE-2010-4554] - Fixed XSS holes in generic options inputs, XSS hole in the SquirrelSpell plugin, XSS hole in the Index Order page, and added anti-CSRF protection to the empty trash feature and the Index Order page (thanks to Nicholas Carlini for finding all these issues). [CVE-2010-4555] - Fixed XSS problem with unsanitized style tags in messages. [CVE-2011-2023]
Update squirrelmail package to 1.4.22. Version 1.4.22 - 12 July 2011 ----------------------------- - Backported default timezone fix from version 1.5.2; helps mitigate timezone errors in environments where a default has not been set by the administrator. - Fixed system lock-ups caused by a combination of certain rare, malformed message headers and buggy versions of PHP mbstring (#3053349). - Now allow multiple plugins to handle (add links for) a single attachment MIME type. - Now allow administrators to disable all plugins or enable just a select few plugins (overriding the active plugins in the normal configuration) by setting $temporary_plugins as an empty array (all disabled) or an array with one or more plugin directory names in config_local.php. - Backport fix for call_user_func_array not supporting NULL as empty array in PHP 5.3.3 - Fixed sqauth_read_password() for plugins on the login_verified hook. - Added SMTP SASL PLAIN authentication option to configuration tool (core support for such is not new). - Gmail doens't support standard search commands; removed sort buttons. - Forced addition of a file suffix to attachments that lack a filename (helps forwarded messages avoid spam filters) (thanks to Petr Kletecka) (#3139004). - Fixed missing security token in listcommands plugin. - Added smtp_auth hook (thanks to Emmanuel Dreyfus). - Made speed enhancements to threaded message display (thanks to Siim Poder) (#3288123). - Allow administrators to configure subfolders of user INBOXes to be treated as special folders by adding $subfolders_of_inbox_are_special to config_local.php. - Fixed incorrect display of INBOX subfolders under some configurations. IMPORTANT: You may need to update your configuration so that $default_sub_of_inbox is TRUE if it was FALSE (e.g., Courier IMAP users) and after updating to this version, your special folders are no longer listed at the top of your folder list. Also, if this change prevents users from logging in with an error such as "ERROR: Could not complete request. Query: CREATE "Trash" Reason Given: Invalid mailbox name.", you will need to correct the user preference values for the problem folders. You can do so with commands such as the following for file- based preferences (adjust the data directory location as needed): find /var/lib/squirrelmail/data/ -name *.pref -exec sed --in-place 's/trash_folder=Trash/trash_folder=INBOX.Trash/g' {} \; find /var/lib/squirrelmail/data/ -name *.pref -exec sed --in-place 's/trash_folder=Drafts/trash_folder=INBOX.Drafts/g' {} \; find /var/lib/squirrelmail/data/ -name *.pref -exec sed --in-place 's/trash_folder=Sent/trash_folder=INBOX.Sent/g' {} \; Or, for database-based preferences: UPDATE userprefs SET prefval = 'INBOX.Trash' WHERE prefkey = 'trash_folder' AND prefval = 'Trash'; UPDATE userprefs SET prefval = 'INBOX.Drafts' WHERE prefkey = 'draft_folder' AND prefval = 'Drafts'; UPDATE userprefs SET prefval = 'INBOX.Sent' WHERE prefkey = 'sent_folder' AND prefval = 'Sent'; MAKE SURE to back up your user preferences first! - Optimized message highlighting rules; faster message list display and faster highlight rules management (thanks to C. Bensend for extensive effort helping diagnose) - New Mail plugin no longer removes normal organization title when putting the number of new messages in the browser title - Added clickjacking protection (thanks to Asbjorn Thorsen and Geir Hansen for bringing this to our attention). [CVE-2010-4554] - Fixed XSS holes in generic options inputs, XSS hole in the SquirrelSpell plugin, XSS hole in the Index Order page, and added anti-CSRF protection to the empty trash feature and the Index Order page (thanks to Nicholas Carlini for finding all these issues). [CVE-2010-4555] - Fixed XSS problem with unsanitized style tags in messages. [CVE-2011-2023]
take MAINTAINER.
Reset maintainer.
Pullup ticket 3181 - requested by tron security update Revisions pulled up: - pkgsrc/mail/squirrelmail/Makefile 1.115 - pkgsrc/mail/squirrelmail/PLIST 1.37 - pkgsrc/mail/squirrelmail/distinfo 1.60 ------------------------------------------------------------------------- Module Name: pkgsrc Committed By: tron Date: Sat Jul 24 12:20:34 UTC 2010 Modified Files: pkgsrc/mail/squirrelmail: Makefile PLIST distinfo Log Message: Update "squirremail" package to version 1.4.21. Changes since 1.4.20: - Now allow more than one plugin to control the compose form submit action. - When sorting by received date, the received date is now shown on the message list. - Explicitly disable browser caching for left_main and right_main pages (#2983134). - Fix error with SpamCop reporting plugin not being able to send report as emails (#1795310). - Fix typo in SpamCop plugin. - Reduced default time security tokens stay valid from 30 days to 2 days (reduces chances of session data growing too large) - Several speed enhancements for recent fixes regarding the display of encoded subjects, including a fix for messages with invalid subject encoding (includes #2987016 amongst several other issues reported via mailing list, etc.) (Many thanks to Zdenek Pytela for the untiring help diagnosing and testing.) - Fixed minor vulnerability in Mail Fetch plugin. [CVE-2010-1637/TEHTRI-SA-2010-009] - Now properly quote personal part of encoded addresses when replying. - Now fill in default subject when forwarding as attachment (#2936541). - Implement header folding that doesn't add extraneous spaces so unfolding is less ambiguous (#1951776). - Fixed issues caused by use of PostgreSQL keyword "user" in SquirrelMail's default preferences database schema (#2943483). - Fixed attachment filename decoding problems (#2994865). - Now default search criteria to the TO header when searching the sent fold= er. - Fixed literal processing of 8-bit usernames/passwords during login. [CVE-2010-2813] To generate a diff of this commit: cvs rdiff -u -r1.114 -r1.115 pkgsrc/mail/squirrelmail/Makefile cvs rdiff -u -r1.36 -r1.37 pkgsrc/mail/squirrelmail/PLIST cvs rdiff -u -r1.59 -r1.60 pkgsrc/mail/squirrelmail/distinfo
Update "squirremail" package to version 1.4.21. Changes since 1.4.20: - Now allow more than one plugin to control the compose form submit action. - When sorting by received date, the received date is now shown on the message list. - Explicitly disable browser caching for left_main and right_main pages (#2983134). - Fix error with SpamCop reporting plugin not being able to send report as emails (#1795310). - Fix typo in SpamCop plugin. - Reduced default time security tokens stay valid from 30 days to 2 days (reduces chances of session data growing too large) - Several speed enhancements for recent fixes regarding the display of encoded subjects, including a fix for messages with invalid subject encoding (includes #2987016 amongst several other issues reported via mailing list, etc.) (Many thanks to Zdenek Pytela for the untiring help diagnosing and testing.) - Fixed minor vulnerability in Mail Fetch plugin. [CVE-2010-1637/TEHTRI-SA-2010-009] - Now properly quote personal part of encoded addresses when replying. - Now fill in default subject when forwarding as attachment (#2936541). - Implement header folding that doesn't add extraneous spaces so unfolding is less ambiguous (#1951776). - Fixed issues caused by use of PostgreSQL keyword "user" in SquirrelMail's default preferences database schema (#2943483). - Fixed attachment filename decoding problems (#2994865). - Now default search criteria to the TO header when searching the sent folder. - Fixed literal processing of 8-bit usernames/passwords during login. [CVE-2010-2813]
Update squirrelmail pacakge to 1.4.20. Version 1.4.20 - 06 Mar 2010 --------------------------- - Fixed issue with search not using literals correctly (#2846511). - Fixed issue with returning to search results due to new security token code. - Fixed issue with multi-part related messages not showing all attachments (#2830140). - Fixed for security token missing in newmail plugin (#2919418). - Fixed sort in Sent folder to sort by "To" field instead of "From" field (#2907412). - Fixed mailto: urls containing + characters. Thanks to Michael Puls II for the patch. - Made base URL autodetection more robust; fixes some lighttpd issues (probably #1741469). - Encoded From headers are now properly quoted (#2830141). - Multibyte strings (notably subjects) are now handled correctly (#2824813, #2925731). - X-DNS-Prefetch-Control: off header is now sent to browsers to prevent information leakage when Firefox does DNS prefetching for URLs contained in emails. - Added unread links in message view. - Added the ability to configure Google Mail (Gmail) as the mail server behind SquirrelMail. - Added option in display preferences that allows the signature to be stripped from the original message when replying (#2952876). Thanks to Sven Strickroth.
Fix wrong CONF_FILES handling. Bump PKGREVISION.
Overhaul squirrelmail package: * Add DESTDIR support. * Add more changes from squirrelmail's repositry including secure token support, hoping early release of real 1.4.20. Bump PKGREVISION.
Add a patch from Jonathan Angliss fixing IMAP search problems: http://thread.gmane.org/gmane.mail.squirrelmail.user/36642 Bump PKGREVISION.
Add two small fix: * Use case ignore match for detecting encoded header. This is language independent problem. * Improve handling of file name of attachment in Japanese environment. These fixes make squirrelmail usable after remove of japaneses patch. Bump PKGREVISION.
Obsolete squirrelmail-japanese and squirrelmail-lite package options. * Currently, squirrelmail package is brokwn when enable squirrelmail-japanese option and are/squirrelmail/functions/decode/iso_2022_jp.php was conflicted between squirrelmail and squirrelmail-decode package. * squirrelmail-japanese isn't available for squirrelmail-1.4.20-RC2. Bump PKGREVISION.
Pullup ticket 2875 - requested by tron security update Revisions pulled up: - pkgsrc/mail/squirrelmail/Makefile 1.108 - pkgsrc/mail/squirrelmail/PLIST 1.33 - pkgsrc/mail/squirrelmail/distinfo 1.55 Module Name: pkgsrc Committed By: tron Date: Wed Aug 26 12:47:17 UTC 2009 Modified Files: pkgsrc/mail/squirrelmail: Makefile PLIST distinfo Log Message: Update "squirremail" package to version 1.4.20rc2. Changes since 1.4.19: - Protect message deletion with security token system. (Secunia Advisory SA346) - Removed the shut down DSBL blocklists (#2796734). - Fixed broken RFC1918 reference in contrib/.htaccess and doc/.htaccess (#2798839). - Updated INSTALL doc to remove possible bad system admin typos (#2827153). - PHP 5.3 deprecates ereg functions (#2820952). - Filters plugin uses badly formatted literals request (#2805201). - Provide option for complete removal of usernames and user IP addresses from message headers, and remove personal data from Message ID seed. (#880029/847107) - Implemented page referal verification mechanism. (Secunia Advisory SA34627) - Implemented security token system. (Secunia Advisory SA34627) Approved by Martti Kuparinen. To generate a diff of this commit: cvs rdiff -u -r1.107 -r1.108 pkgsrc/mail/squirrelmail/Makefile cvs rdiff -u -r1.32 -r1.33 pkgsrc/mail/squirrelmail/PLIST cvs rdiff -u -r1.54 -r1.55 pkgsrc/mail/squirrelmail/distinfo
Update "squirremail" package to version 1.4.20rc2. Changes since 1.4.19: - Protect message deletion with security token system. (Secunia Advisory SA346) - Removed the shut down DSBL blocklists (#2796734). - Fixed broken RFC1918 reference in contrib/.htaccess and doc/.htaccess (#2798839). - Updated INSTALL doc to remove possible bad system admin typos (#2827153). - PHP 5.3 deprecates ereg functions (#2820952). - Filters plugin uses badly formatted literals request (#2805201). - Provide option for complete removal of usernames and user IP addresses from message headers, and remove personal data from Message ID seed. (#880029/847107) - Implemented page referal verification mechanism. (Secunia Advisory SA34627) - Implemented security token system. (Secunia Advisory SA34627) Approved by Martti Kuparinen.
Pullup ticket #2777 - requested by martti squirrelmail: security update Revisions pulled up: - mail/squirrelmail/Makefile 1.106 - mail/squirrelmail/PLIST 1.30-1.31 - mail/squirrelmail/buildlink3.mk 1.22 - mail/squirrelmail/distinfo 1.53 - mail/squirrelmail/options.mk 1.12-1.13 --- Module Name: pkgsrc Committed By: martti Date: Fri May 22 07:04:13 UTC 2009 Modified Files: pkgsrc/mail/squirrelmail: Makefile PLIST distinfo Log Message: Updated squirrelmail to 1.4.19 The security fix to map_yp_alias in 1.4.18 turned out to be incomplete. We also expierenced some regressions in the updated filter plugin. Both are addressed in this new release 1.4.19 which contains a few other small fixes aswell. If you do not use map_yp_alias or the filters plugin there's no urgent need to upgrade now if you already installed 1.4.18. If you are still on an older release than 1.4.18 (or use the mentioned functionality) we do urge you to upgrade as soon as possible as 1.4.18 and 1.4.19 combined fix some important security issues. Those using the development branch (1.5.x) should install a recent SVN snapshot. --- Module Name: pkgsrc Committed By: martti Date: Fri May 22 07:05:14 UTC 2009 Modified Files: pkgsrc/mail/squirrelmail: buildlink3.mk Log Message: Updated --- Module Name: pkgsrc Committed By: martti Date: Fri May 22 08:23:02 UTC 2009 Modified Files: pkgsrc/mail/squirrelmail: PLIST options.mk Log Message: Fixed PLIST issues. --- Module Name: pkgsrc Committed By: taca Date: Fri May 22 08:50:19 UTC 2009 Modified Files: pkgsrc/mail/squirrelmail: Makefile distinfo options.mk Log Message: Update Japanese patch. Bump PKGREVISION.
Update Japanese patch. Bump PKGREVISION.
Updated squirrelmail to 1.4.19 The security fix to map_yp_alias in 1.4.18 turned out to be incomplete. We also expierenced some regressions in the updated filter plugin. Both are addressed in this new release 1.4.19 which contains a few other small fixes aswell. If you do not use map_yp_alias or the filters plugin there's no urgent need to upgrade now if you already installed 1.4.18. If you are still on an older release than 1.4.18 (or use the mentioned functionality) we do urge you to upgrade as soon as possible as 1.4.18 and 1.4.19 combined fix some important security issues. Those using the development branch (1.5.x) should install a recent SVN snapshot.
Pullup ticket #2772 - requested by taca squirrelmail: Re-add Japanese language option Revisions pulled up: - mail/squirrelmail/Makefile 1.104-1.105 - mail/squirrelmail/distinfo 1.52 - mail/squirrelmail/options.mk 1.11 --- Module Name: pkgsrc Committed By: taca Date: Thu May 14 14:24:50 UTC 2009 Modified Files: pkgsrc/mail/squirrelmail: Makefile Log Message: Since iso_2022_jp.php isn't included in squirrelmail distribution, remove extra pre-configure processing. --- Module Name: pkgsrc Committed By: taca Date: Fri May 15 13:01:00 UTC 2009 Modified Files: pkgsrc/mail/squirrelmail: Makefile distinfo options.mk Log Message: Enable squirrelmail-japanese option with Japanese patch: squirrelmail-1.4.16-ja-20081013-patch. Bump PKGREVISION.
Enable squirrelmail-japanese option with Japanese patch: squirrelmail-1.4.16-ja-20081013-patch. Bump PKGREVISION.
Since iso_2022_jp.php isn't included in squirrelmail distribution, remove extra pre-configure processing.
Ticket #2765 - requested by martti squirrelmail: security update Revisions pulled up: - mail/squirrelmail/Makefile 1.103 - mail/squirrelmail/PLIST 1.29 - mail/squirrelmail/distinfo 1.51 - mail/squirrelmail/options.mk 1.10 --- Module Name: pkgsrc Committed By: martti Date: Thu May 14 06:54:39 UTC 2009 Modified Files: pkgsrc/mail/squirrelmail: Makefile PLIST distinfo options.mk Log Message: Updated mail/squirrelmail to 1.4.18 The SquirrelMail Team is pleased to announce the release of SquirrelMail version 1.4.18. The most notable changes for this version are several security fixes, including a couple XSS exploits, a session fixation issue, and an obscure but dangerous server-side code execution hole. However, this version also includes three new languages and more than a few enhancements to things such as the filters plugin, the address book system and other things under the hood. For more complete details, see the ReleaseNotes and ChangeLog files included in this release (they have moved to the doc/ directory). We advise all users of SquirrelMail software to upgrade.
Updated mail/squirrelmail to 1.4.18 The SquirrelMail Team is pleased to announce the release of SquirrelMail version 1.4.18. The most notable changes for this version are several security fixes, including a couple XSS exploits, a session fixation issue, and an obscure but dangerous server-side code execution hole. However, this version also includes three new languages and more than a few enhancements to things such as the filters plugin, the address book system and other things under the hood. For more complete details, see the ReleaseNotes and ChangeLog files included in this release (they have moved to the doc/ directory). We advise all users of SquirrelMail software to upgrade.
Activated LICENSE=...
Pullup ticket #2605 - requested by martti squirremal: security update Revisions pulled up: - mail/squirrelmail/Makefile 1.100-1.101 - mail/squirrelmail/PLIST 1.28 - mail/squirrelmail/buildlink3.mk 1.20 - mail/squirrelmail/distinfo 1.49-1.50 - mail/squirrelmail/options.mk 1.9 --- Module Name: pkgsrc Committed By: taca Date: Wed Nov 19 14:47:51 UTC 2008 Modified Files: pkgsrc/mail/squirrelmail: Makefile distinfo options.mk Log Message: Update Japanese patch to squirrelmail-1.4.16-ja-20081013. No functional should be changed though. Bump PKGREVISION. --- Module Name: pkgsrc Committed By: martti Date: Thu Dec 4 07:18:47 UTC 2008 Modified Files: pkgsrc/mail/squirrelmail: Makefile PLIST buildlink3.mk distinfo Log Message: Updated mail/squirrelmail to 1.4.17 The SquirrelMail team is happy to announce the release of version 1.4.17. The most notable change is a security fix that prevents certain specially-crafted hyperlinks within messages from executing cross-site scripting attacks. For other details, see the ReleaseNotes file included in this release. We advise all users of SquirrelMail software to upgrade.
Updated mail/squirrelmail to 1.4.17 The SquirrelMail team is happy to announce the release of version 1.4.17. The most notable change is a security fix that prevents certain specially-crafted hyperlinks within messages from executing cross-site scripting attacks. For other details, see the ReleaseNotes file included in this release. We advise all users of SquirrelMail software to upgrade.
Update Japanese patch to squirrelmail-1.4.16-ja-20081013. No functional should be changed though. Bump PKGREVISION.
Updated mail/squirrelmail to 1.4.16 The SquirrelMail team is happy to announce the release 1.4.16. The most notable change is that cookies are now sent with the secure attribute set for HTTPS-connections, meaning that they cannot leak to an HTTP-connection on the same SquirrelMail installation. For details see the included ReleaseNotes. We advise users that offer their SquirrelMail both over HTTP and HTTPS to upgrade.
Version 1.4.15 - 23 May 2008
Pullup ticket 2246 - requested by martti security update for squirrelmail - pkgsrc/mail/squirrelmail/Makefile 1.96, 1.97 - pkgsrc/mail/squirrelmail/PLIST 1.25 - pkgsrc/mail/squirrelmail/distinfo 1.45, 1.46 - pkgsrc/mail/squirrelmail/options.mk 1.7 Module Name: pkgsrc Committed By: martti Date: Fri Dec 14 20:44:35 UTC 2007 Modified Files: pkgsrc/mail/squirrelmail: Makefile PLIST distinfo Log Message: Updated mail/squirrelmail to 1.4.13 (pkgsrc notice: we were using the original, known-to-be-good 1.4.12 distfile so all your servers should be fine) Due to the package compromise of 1.4.11, and 1.4.12, we are forced to release 1.4.13 to ensure no confusions. While initial review didn't uncover a need for concern, several proof of concepts show that the package alterations introduce a high risk security issue, allowing remote inclusion of files. These changes would allow a remote user the ability to execute exploit code on a victim machine, without any user interaction on the victim's server. This could grant the attacker the ability to deploy further code on the victim's server. We *STRONGLY* advise all users of 1.4.11, and 1.4.12 upgrade immediately. --- Module Name: pkgsrc Committed By: taca Date: Sat Dec 15 13:58:12 UTC 2007 Modified Files: pkgsrc/mail/squirrelmail: Makefile distinfo options.mk Log Message: Catch up squirrelmail-japanese patch to 1.4.12-ja-20071205. Bump PKG_REVISION.
Catch up squirrelmail-japanese patch to 1.4.12-ja-20071205. Bump PKG_REVISION.
Updated mail/squirrelmail to 1.4.13 (pkgsrc notice: we were using the original, known-to-be-good 1.4.12 distfile so all your servers should be fine) Due to the package compromise of 1.4.11, and 1.4.12, we are forced to release 1.4.13 to ensure no confusions. While initial review didn't uncover a need for concern, several proof of concepts show that the package alterations introduce a high risk security issue, allowing remote inclusion of files. These changes would allow a remote user the ability to execute exploit code on a victim machine, without any user interaction on the victim's server. This could grant the attacker the ability to deploy further code on the victim's server. We *STRONGLY* advise all users of 1.4.11, and 1.4.12 upgrade immediately.
Pullup ticket 2238 - requested by martti security update for squirrelmail - pkgsrc/mail/squirrelmail/Makefile 1.95 - pkgsrc/mail/squirrelmail/PLIST 1.24 - pkgsrc/mail/squirrelmail/buildlink3.mk 1.17 - pkgsrc/mail/squirrelmail/distinfo 1.43 - pkgsrc/mail/squirrelmail/patches/patch-aa 1.14 Module Name: pkgsrc Committed By: martti Date: Wed Dec 5 07:11:29 UTC 2007 Modified Files: pkgsrc/mail/squirrelmail: Makefile PLIST buildlink3.mk distinfo pkgsrc/mail/squirrelmail/patches: patch-aa Log Message: Updated mail/squirrelmail to 1.4.12 NOTE: includes a critical bug fix in the attachment handling - Enabled user selection of address format when adding from address book during message composition. - Fixed issue with adding attachments in PHP 4.x environments (#1805471). - Backport size setting on "newmail" popup window. - Added a "short_open_tag" configuration test. - Undefined notice in error message box when no default folder prefix is set. - Undefined index error when downloading. Possibly caused by using tabs and opening multiple mailboxes. - PAGE_NAME might not be defined in all plugins, which might cause a "not defined" error on session timeouts. - Fixed outgoing messages to allow addresses such as "0@..." or "000@...", etc. (#1818398). - Fixed issue with in-reply-to and reference headers not being retained on reply (#1810659). - Revived logout_error hook (#1800015). - Allow custom session handlers to work correctly (and be defined at the application level with SquirrelMail). - Fix off-by-one in bodystructure parsing triggered by servers sending a body location part (e.g. Sun Java System Messaging Server). Thanks John Callahan (#1808382). - Invalid initialization of To: header (#1772893). - Includes cleanup in include/validate.php. - Cleanup in multiple files to remove unneeded includes. - Added sort by size (#812233 and #159997, plus multiple list requests). Patch provided by Christopher E. Brown. - Fix bug in sitewide SMTP settings still using authenticated user, rather than configured settings (#1835942). - Fixed mailto: functionality. - Added mailto: link handling when viewing messages. - Handle PHP's insistence on setting the value to 'deleted' for destroyed sessions
Updated mail/squirrelmail to 1.4.12 NOTE: includes a critical bug fix in the attachment handling - Enabled user selection of address format when adding from address book during message composition. - Fixed issue with adding attachments in PHP 4.x environments (#1805471). - Backport size setting on "newmail" popup window. - Added a "short_open_tag" configuration test. - Undefined notice in error message box when no default folder prefix is set. - Undefined index error when downloading. Possibly caused by using tabs and opening multiple mailboxes. - PAGE_NAME might not be defined in all plugins, which might cause a "not defined" error on session timeouts. - Fixed outgoing messages to allow addresses such as "0@..." or "000@...", etc. (#1818398). - Fixed issue with in-reply-to and reference headers not being retained on reply (#1810659). - Revived logout_error hook (#1800015). - Allow custom session handlers to work correctly (and be defined at the application level with SquirrelMail). - Fix off-by-one in bodystructure parsing triggered by servers sending a body location part (e.g. Sun Java System Messaging Server). Thanks John Callahan (#1808382). - Invalid initialization of To: header (#1772893). - Includes cleanup in include/validate.php. - Cleanup in multiple files to remove unneeded includes. - Added sort by size (#812233 and #159997, plus multiple list requests). Patch provided by Christopher E. Brown. - Fix bug in sitewide SMTP settings still using authenticated user, rather than configured settings (#1835942). - Fixed mailto: functionality. - Added mailto: link handling when viewing messages. - Handle PHP's insistence on setting the value to 'deleted' for destroyed sessions
Based on some feedback, comment out the newly added LICENSE=xxx for now. I'll re-activate this later when the global license stuff is activated.
Added LICENSE=gnu-gpl-v2
Updated mail/squirrelmail to 1.4.11 Version 1.4.11 - 29 September 2007 ---------------------------------- - Minimum PHP requirement raised from 4.0.6 to 4.1.0. SquirrelMail has been broken for a while with 4.0.x without anyone noticing, this move merely reflects reality. - Fix broken set_url_var function in functions/html.php (#1729814). - Fix config.pl not detecting auth support correctly (#1727033). - Fix display of X-Priority in message view. - Work around mailers sending broken Date headers with no space after the first comma. - Let POP3 class properly cope with lines starting with a '.'. - Some HTML validation cleanups. - Invalid year in sent_subfolders plugin (#1607380). - Always treat Content-Type case-insensitively (#1732092). - Fix typo: html/plain should be text/html. - Fix en/decode header swith in MDN (#1694687). - Fix compatibility with Windows path in administrator plugin (#1740469). - Fix disabling password encryption in mail_fetch (#1738001). - Fix busy loop and notice when two literals in IMAP fetch (#1739433). - Backported code for site wide SMTP authentication (#1531889). - Fixed issue with compose session not being cleaned after message is saved or sent. - Added ability to detect HTTP_X_FORWARDED_PROTO in get_location(), thanks to Daniel Watts - Fix test for signout.php in the logged in check in is_logged_in() so it cannot be circumvented by manipulating the URL. External plugins might rely on this function guaranteeing that the user is logged in. - Use attachment_dir only at the point where we're actually reading from / writing to the files, do not carry it around in the object. This makes us safer in the event the object is somehow exposed to the outside world. - Better support mailboxes named 'None' (#1598890). - Sort readdir() output in conf.pl (#1755886). - Fix message cache in printer friendly, thanks Tomas Kuliavas. - Made the webmail_top hook work again for plugins that want to change the URI of the "right" frame; plugins have to change the value of the global variable $right_frame_url - Fix issue in darkness theme with extra closing bracket. - No longer store all message composition sessions in the PHP session, since it was not made use of and in rare cases, made sessions too big. - Composition restoration functionality now correctly restores attachments. - Added smtp_auth hook. - Change default Selection List Style to Indented. - Added "preselected" query argument to mailbox list. - Added mailbox_display_buttons hook. - Removed "Include CCs when Forwarding Messages", which had no functionality whatsoever. - Make the Message Details plugin actually show the correct entity when viewing details of attached messages.
Back out previous. Pointed out by uebayasi@ and martti@.
mv -> ${MV}.
Make it easier to build and install packages "unprivileged", where the owner of all installed files is a non-root user. This change affects most packages that require special users or groups by making them use the specified unprivileged user and group instead. (1) Add two new variables PKG_GROUPS_VARS and PKG_USERS_VARS to unprivileged.mk. These two variables are lists of other bmake variables that define package-specific users and groups. Packages that have user-settable variables for users and groups, e.g. apache and APACHE_{USER,GROUP}, courier-mta and COURIER_{USER,GROUP}, etc., should list these variables in PKG_USERS_VARS and PKG_GROUPS_VARS so that unprivileged.mk can know to set them to ${UNPRIVILEGED_USER} and ${UNPRIVILEGED_GROUP}. (2) Modify packages to use PKG_GROUPS_VARS and PKG_USERS_VARS.
A patch file for squirrelmail-lite option has updated to fix its minor problem. Bump PKGREVISION.
Add squirrelmail-japanese and squirrelmail-lite option. These options supersedes ja-squirrelmail package. Bump PKGREVISION.
Applied fix submitted by Ed Gould in PR pkg/36312 to enable build on Solaris again. On NetBSD, find accepts both "-o" and "-or".
Some pkglint -Wall fixes.
Pullup ticket 2081 - requested by martti bugfix update for squirrelmail - pkgsrc/mail/squirrelmail/Makefile 1.84 - pkgsrc/mail/squirrelmail/PLIST 1.22 - pkgsrc/mail/squirrelmail/distinfo 1.37 Module Name: pkgsrc Committed By: martti Date: Thu May 10 09:24:44 UTC 2007 Modified Files: pkgsrc/mail/squirrelmail: Makefile PLIST distinfo Log Message: Updated mail/squirrelmail to 1.4.10a Shortly after the release of SquirrelMail 1.4.10, a regression in the compose form was discovered. Unfortunately the limited disclosure of security patches does not allow for public testing, so this regression went unnoticed. We're sorry for the inconvenience.
Updated mail/squirrelmail to 1.4.10a Shortly after the release of SquirrelMail 1.4.10, a regression in the compose form was discovered. Unfortunately the limited disclosure of security patches does not allow for public testing, so this regression went unnoticed. We're sorry for the inconvenience.
Pullup ticket 2079 - requested by martti security update for squirrelmail - pkgsrc/mail/squirrelmail/Makefile 1.83 - pkgsrc/mail/squirrelmail/PLIST 1.21 - pkgsrc/mail/squirrelmail/distinfo 1.36 - pkgsrc/mail/squirrelmail/patches/patch-aa 1.13 Module Name: pkgsrc Committed By: martti Date: Thu May 10 06:48:28 UTC 2007 Modified Files: pkgsrc/mail/squirrelmail: Makefile PLIST distinfo pkgsrc/mail/squirrelmail/patches: patch-aa Log Message: Updated mail/squirrelmail to 1.4.10 This version, 1.4.10 is a maintenance release, addressing the following problems since 1.4.9a: - Some security fixes (see below) - Small enhancements - A collection of bugfixes and stability enhancements (see ChangeLog for a full list) Security issues =============== This release addresses security issues found since the release of 1.4.9a: There's an ongoing battle to further secure the HTML filter against malicious HTML mail and the browsers that accept almost any malformed piece of HTML. This release contains fixes for the following: - HTML attachments containing "data:" URLs; - Internet Explorer in various versions accepts many permutations of HTML and JavaScript in many charsets. We now properly canonicalize the incoming HTML to us-ascii before applying further filters. IE only. - Request forgery through images. It was possible to include "images" in HTML mails which were in fact GET requests for the compose.php page sending mail. These images are now properly detected, and the compose form will only send mail through a POST request. Thanks to Mikhail Markin, Tomas Kuliavas and Michael Jordon for reporting (parts of) these issues and working with us to get them resolved. These are known as CVE-2007-1262. Further details on SquirrelMail vulnerabilities can be found at the following address: http://www.squirrelmail.org/security/
Updated mail/squirrelmail to 1.4.10 This version, 1.4.10 is a maintenance release, addressing the following problems since 1.4.9a: - Some security fixes (see below) - Small enhancements - A collection of bugfixes and stability enhancements (see ChangeLog for a full list) Security issues =============== This release addresses security issues found since the release of 1.4.9a: There's an ongoing battle to further secure the HTML filter against malicious HTML mail and the browsers that accept almost any malformed piece of HTML. This release contains fixes for the following: - HTML attachments containing "data:" URLs; - Internet Explorer in various versions accepts many permutations of HTML and JavaScript in many charsets. We now properly canonicalize the incoming HTML to us-ascii before applying further filters. IE only. - Request forgery through images. It was possible to include "images" in HTML mails which were in fact GET requests for the compose.php page sending mail. These images are now properly detected, and the compose form will only send mail through a POST request. Thanks to Mikhail Markin, Tomas Kuliavas and Michael Jordon for reporting (parts of) these issues and working with us to get them resolved. These are known as CVE-2007-1262. Further details on SquirrelMail vulnerabilities can be found at the following address: http://www.squirrelmail.org/security/
Prepare for switching to NO_MTREE=yes.
Fix man page installation.
Oops, revert previous change; wrong usage of PKGMANDIR.
Use PKGMANDIR.
Pullup ticket 1934 - requested by obache security update for squirrelmail - pkgsrc/mail/squirrelmail/Makefile 1.77-1.78 - pkgsrc/mail/squirrelmail/PLIST 1.20 - pkgsrc/mail/squirrelmail/distinfo 1.35 - pkgsrc/mail/squirrelmail/patches/patch-aa 1.12 Module Name: pkgsrc Committed By: tv Date: Fri Nov 10 17:38:47 UTC 2006 Modified Files: pkgsrc/mail/squirrelmail: Makefile Log Message: Use find -print | xargs rather than find -exec. --- Module Name: pkgsrc Committed By: obache Date: Mon Dec 4 13:06:01 UTC 2006 Modified Files: pkgsrc/mail/squirrelmail: Makefile PLIST distinfo pkgsrc/mail/squirrelmail/patches: patch-aa Log Message: Update squirrelmail to 1.4.9a. ChangLog: Version 1.4.9a - 3 December 2006 -------------------------------- - Security: Multiple IE cross site scripting issues related to the widely acceptation of the word expression and url by IE. - Security: Removing @import when sanitizing html mail. Version 1.4.9 - 2 December 2006 ------------------------------- - Drop obsolete script plugins/make_archive.pl. - Fixed Google translate form in translate plugin. Added new language pairs. - Added XMAGICTRASH extension tests in configtest utility. Removed code that handled 'inbox.trash' as special folder in courier (#1354393). - Allowed moving folders to trash in courier. - Fix misspelled constant PREG_SPLIT_NI_EMPTY in sqimap_get_message (#1543573). - Provide View Unsafe Images link on viewing a text/html attachment. - Fix variable typo in folders_create.php (#1545316). - Added Courier IMAP OUTBOX check to configtest utility. - If mailbox name starts with slash or contains ../, error message is generated. Safety check for insecure default UW IMAP setup (#1557078). - Ignore message copy errors when messages are deleted. Allows to delete messages when quota is exceeded (#614887, #646386, #1446026). - Fixed unintended literal fetching (#1562271). - Added global file based address book listing controls. Added line length configuration option for local_file address book backend (#1181561). Added address book data integrity checks in local_file address book backend. Fixed eregi and object notices in local_file and database address book backends. Added additional address book field support. - Fixed variable corruption in configtest utility. - Checked if configuration file is readable in configuration utility (#1568355). - Special mailboxes marked in special_mailbox hook are no longer listed in folder delete, rename and subscription options. - Translate plugin: prevent PHP notice when viewing empty message. - Add CEST and MEST (non-standard) timezone codes for +0200. - Add <label> to From field in message list. - Add support for parsing SpamAssassin's X-Spam-Status header (#1589520). - Fix in bodystructure parser code related to strings ending with an escape character. - Added "attachment */*" hook - Added third parameter $logout_link to logout_error hook that allows plugin control over login page URI displayed on login error page. - Security: close cross site scripting vulnerability in draft, compose and mailto functionality [CVE-2006-6142]. - Security: work around an issue in Internet Explorer that would guess the mime type of a file based on contents, not Content-Type header.
Update squirrelmail to 1.4.9a. ChangLog: Version 1.4.9a - 3 December 2006 -------------------------------- - Security: Multiple IE cross site scripting issues related to the widely acceptation of the word expression and url by IE. - Security: Removing @import when sanitizing html mail. Version 1.4.9 - 2 December 2006 ------------------------------- - Drop obsolete script plugins/make_archive.pl. - Fixed Google translate form in translate plugin. Added new language pairs. - Added XMAGICTRASH extension tests in configtest utility. Removed code that handled 'inbox.trash' as special folder in courier (#1354393). - Allowed moving folders to trash in courier. - Fix misspelled constant PREG_SPLIT_NI_EMPTY in sqimap_get_message (#1543573). - Provide View Unsafe Images link on viewing a text/html attachment. - Fix variable typo in folders_create.php (#1545316). - Added Courier IMAP OUTBOX check to configtest utility. - If mailbox name starts with slash or contains ../, error message is generated. Safety check for insecure default UW IMAP setup (#1557078). - Ignore message copy errors when messages are deleted. Allows to delete messages when quota is exceeded (#614887, #646386, #1446026). - Fixed unintended literal fetching (#1562271). - Added global file based address book listing controls. Added line length configuration option for local_file address book backend (#1181561). Added address book data integrity checks in local_file address book backend. Fixed eregi and object notices in local_file and database address book backends. Added additional address book field support. - Fixed variable corruption in configtest utility. - Checked if configuration file is readable in configuration utility (#1568355). - Special mailboxes marked in special_mailbox hook are no longer listed in folder delete, rename and subscription options. - Translate plugin: prevent PHP notice when viewing empty message. - Add CEST and MEST (non-standard) timezone codes for +0200. - Add <label> to From field in message list. - Add support for parsing SpamAssassin's X-Spam-Status header (#1589520). - Fix in bodystructure parser code related to strings ending with an escape character. - Added "attachment */*" hook - Added third parameter $logout_link to logout_error hook that allows plugin control over login page URI displayed on login error page. - Security: close cross site scripting vulnerability in draft, compose and mailto functionality [CVE-2006-6142]. - Security: work around an issue in Internet Explorer that would guess the mime type of a file based on contents, not Content-Type header.
Use find -print | xargs rather than find -exec.
Added BUILD_DEFS (taken from ja-squirrelmail).
Pullup ticket 1789 - requested by tron security update for squirrelmail Revisions pulled up: - pkgsrc/mail/squirrelmail/Makefile 1.75 - pkgsrc/mail/squirrelmail/PLIST 1.19 - pkgsrc/mail/squirrelmail/buildlink3.mk 1.13 - pkgsrc/mail/squirrelmail/distinfo 1.34 - pkgsrc/mail/squirrelmail-locales/Makefile 1.17 - pkgsrc/mail/squirrelmail-locales/PLIST 1.10 - pkgsrc/mail/squirrelmail-locales/distinfo 1.7 Module Name: pkgsrc Committed By: tron Date: Mon Aug 14 15:57:40 UTC 2006 Modified Files: pkgsrc/mail/squirrelmail: Makefile PLIST buildlink3.mk distinfo pkgsrc/mail/squirrelmail-locales: Makefile PLIST distinfo Log Message: Update "squirrelmail" and "squirrelmail-locales" package to version 1.4.8. Changes since version 1.4.7: - A security fix for CVE-2006-4019 - A collection of bugfixes
Update "squirrelmail" and "squirrelmail-locales" package to version 1.4.8. Changes since version 1.4.7: - A security fix for CVE-2006-4019 - A collection of bugfixes
Pullup ticket 1738 - requested by martti security update for squirrelmail Revisions pulled up: - pkgsrc/mail/squirrelmail/Makefile 1.74 - pkgsrc/mail/squirrelmail/PLIST 1.18 - pkgsrc/mail/squirrelmail/buildlink3.mk 1.12 - pkgsrc/mail/squirrelmail/distinfo 1.33 - pkgsrc/mail/squirrelmail/patches/patch-aa 1.11 - pkgsrc/mail/squirrelmail/patches/patch-ab removed - pkgsrc/mail/squirrelmail/patches/patch-ac removed Module Name: pkgsrc Committed By: martti Date: Thu Jul 13 07:59:34 UTC 2006 Modified Files: pkgsrc/mail/squirrelmail: Makefile PLIST buildlink3.mk distinfo pkgsrc/mail/squirrelmail/patches: patch-aa Removed Files: pkgsrc/mail/squirrelmail/patches: patch-ab patch-ac Log Message: Updated squirrelmail to 1.4.7 - Fixed URL for Read Receipts being incorrect in some cases (#1177518). - Fixed endless loop when trying to parse "From: )(" (#1517867). - Using is_file() instead of file_exists() in fortune plugin (#1499134). - Add manual page for conf.pl under contrib. - Don't allow selecting INBOX as Sent, Draft or Trash folder (#1242346).
Updated squirrelmail to 1.4.7 - Fixed URL for Read Receipts being incorrect in some cases (#1177518). - Fixed endless loop when trying to parse "From: )(" (#1517867). - Using is_file() instead of file_exists() in fortune plugin (#1499134). - Add manual page for conf.pl under contrib. - Don't allow selecting INBOX as Sent, Draft or Trash folder (#1242346).
Pullup ticket 1684 - requested by tron security fix for squirrelmail Revisions pulled up: - pkgsrc/mail/squirrelmail/Makefile 1.71, 1.73 - pkgsrc/mail/squirrelmail/distinfo 1.31, 1.32 - pkgsrc/mail/squirrelmail/patches/patch-ab 1.12 - pkgsrc/mail/squirrelmail/patches/patch-ac 1.3 - pkgsrc/mail/ja-squirrelmail/MESSAGE 1.3 - pkgsrc/mail/ja-squirrelmail/Makefile 1.27, 1.28, 1.30 - pkgsrc/mail/ja-squirrelmail/PLIST 1.4 - pkgsrc/mail/ja-squirrelmail/distinfo 1.9, 1.10, 1.11 - pkgsrc/mail/ja-squirrelmail/patches/patch-ab 1.3 - pkgsrc/mail/ja-squirrelmail/patches/patch-ac 1.3 - pkgsrc/mail/ja-squirrelmail/patches/patch-ad removed - pkgsrc/mail/ja-squirrelmail/patches/patch-ae removed - pkgsrc/mail/ja-squirrelmail/patches/patch-af removed - pkgsrc/mail/ja-squirrelmail/patches/patch-ag removed - pkgsrc/mail/ja-squirrelmail/patches/patch-ah removed Module Name: pkgsrc Committed By: martti Date: Tue Apr 11 05:24:20 UTC 2006 Modified Files: pkgsrc/mail/squirrelmail: Makefile distinfo Added Files: pkgsrc/mail/squirrelmail/patches: patch-ab Log Message: Updated mail/squirrelmail to 1.4.6nb1 * added patch for Ukrainian translation (needed by the new * squirrelmail-locales) --- Module Name: pkgsrc Committed By: taca Date: Fri May 5 02:46:54 UTC 2006 Modified Files: pkgsrc/mail/ja-squirrelmail: MESSAGE Makefile distinfo Removed Files: pkgsrc/mail/ja-squirrelmail/patches: patch-ab patch-ac patch-ad patch-ae patch-af patch-ag patch-ah Log Message: Update ja-squirrelmail package to 1.4.6 after talking with martti@. Prior to this release, there are security vulnerability the same as squirrelmail 1.4.5. This update made with temporary Japanese patch based on the patch for 1.4.5. --- Module Name: pkgsrc Committed By: martti Date: Fri May 5 05:32:36 UTC 2006 Modified Files: pkgsrc/mail/ja-squirrelmail: Makefile PLIST distinfo Added Files: pkgsrc/mail/ja-squirrelmail/patches: patch-ab Log Message: Updated ja-squirrelmail to 1.4.6nb1 * sync with squirrelmail-1.4.6nb1 --- Module Name: pkgsrc Committed By: tron Date: Sun Jun 4 12:31:31 UTC 2006 Modified Files: pkgsrc/mail/ja-squirrelmail: Makefile distinfo pkgsrc/mail/squirrelmail: Makefile distinfo Added Files: pkgsrc/mail/ja-squirrelmail/patches: patch-ac pkgsrc/mail/squirrelmail/patches: patch-ac Log Message: Add fix for security issue 2006-06-01 from SquirrelMail CVS repository. Bump package revision.
Add fix for security issue 2006-06-01 from SquirrelMail CVS repository. Bump package revision.
Rename all PHP 4 packages to php4-*, all PHP 5 packages to php5-*, all PEAR packages to php?-pear-* and all Apache packages to ap13-* or ap2-* respectively. Add new variables to simplify the Makefile handling. Add CONFLICTS on the old names. Reset revisions of bumped packages. ap-php will now depend on the default Apache and PHP version. All programs using it have an implicit option of the Apache version as well. OK from jlam@ and adrianp@.
Updated mail/squirrelmail to 1.4.6nb1 * added patch for Ukrainian translation (needed by the new squirrelmail-locales)
- remove unused file (pkg/33089) - pkglint -Wall fixes
Pullup ticket 1186 - requested by Martti Kuparinen security update for squirrelmail Revisions pulled up: - pkgsrc/mail/squirrelmail/Makefile 1.65, 1.66, 1.68, 1.69 - pkgsrc/mail/squirrelmail/PLIST 1.17 - pkgsrc/mail/squirrelmail/buildlink3.mk 1.6, 1.7 - pkgsrc/mail/squirrelmail/distinfo 1.30 - pkgsrc/mail/squirrelmail/patches/patch-ab removed - pkgsrc/mail/squirrelmail/patches/patch-ac removed - pkgsrc/mail/squirrelmail/patches/patch-ad removed - pkgsrc/mail/squirrelmail/patches/patch-ae removed - pkgsrc/mail/squirrelmail/patches/patch-af removed - pkgsrc/mail/squirrelmail/patches/patch-ag removed - pkgsrc/mail/squirrelmail/patches/patch-ah removed - pkgsrc/mail/squirrelmail/plugin.mk 1.3 - pkgsrc/mail/squirrelmail-decode/Makefile 1.3 - pkgsrc/mail/squirrelmail-locales/Makefile 1.11, 1.12, 1.13, 1.14 - pkgsrc/mail/squirrelmail-locales/PLIST 1.5, 1.6, 1.7 - pkgsrc/mail/squirrelmail-locales/distinfo 1.4 - pkgsrc/mail/ja-squirrelmail/Makefile 1.23, 1.24, 1.26 Module Name: pkgsrc Committed By: joerg Date: Fri Jan 20 23:56:59 UTC 2006 Modified Files: pkgsrc/mail/squirrelmail: Makefile Log Message: Use SUBST framework. Replace some "find foo | xargs bar" with "find foo -exec bar {} \;" while here, the former is faster, but can't cope with all quoting issues and is also more likely to hit argument length limits. CONFLICT to ja-squirrelmail. --- Module Name: pkgsrc Committed By: joerg Date: Fri Jan 20 23:57:26 UTC 2006 Modified Files: pkgsrc/mail/ja-squirrelmail: Makefile Log Message: Use SUBST. Use find foo -exec bar {} \; instead of find foo | xargs bar. --- Module Name: pkgsrc Committed By: martti Date: Fri Feb 3 10:26:17 UTC 2006 Modified Files: pkgsrc/mail/squirrelmail: Makefile Log Message: s/SMDIRDIR/SMDIR/ and bump PKGREVISION. --- Module Name: pkgsrc Committed By: martti Date: Fri Feb 3 10:26:44 UTC 2006 Modified Files: pkgsrc/mail/ja-squirrelmail: Makefile Log Message: s/SMDIRDIR/SMDIR/ and bump PKGREVISION. --- Module Name: pkgsrc Committed By: martti Date: Fri Feb 17 07:04:25 UTC 2006 Modified Files: pkgsrc/mail/ja-squirrelmail: Makefile pkgsrc/mail/squirrelmail: Makefile buildlink3.mk plugin.mk pkgsrc/mail/squirrelmail-locales: Makefile Log Message: Fixed warnings found by pkglint -Wall. --- Module Name: pkgsrc Committed By: martti Date: Mon Feb 27 07:12:14 UTC 2006 Modified Files: pkgsrc/mail/squirrelmail: Makefile PLIST buildlink3.mk distinfo Removed Files: pkgsrc/mail/squirrelmail/patches: patch-ab patch-ac patch-ad patch-ae patch-af patch-ag patch-ah Log Message: Updated squirrelmail to 1.4.6 This release is very important, and we strongly advise everybody to update to the latest release. Security Update =============== This version contains a number of security updates that were brought to our attention via a number of sources. - In webmail.php, the right_frame parameter was not properly sanitized to deal with very lenient browsers, which allowed for cross site scripting or frame replacing. [CVE-2006-0188] - In the MagicHTML function, some very obscure constructs were discovered to be exploitable: 'u\rl' was interpreted as 'url' (privacy concern), and comments could be inside keywords (allows for cross site scripting). Both only affect Internet Explorer users. Found by Martijn Brinkers and Scott Hughes. [CVE-2006-0195] - The function sqimap_mailbox_select did not strip newlines from the mailbox parameter, and thereby allowed for IMAP command injection. Found by Vicente Aguilera. [CVE-2006-0377] --- Module Name: pkgsrc Committed By: martti Date: Mon Feb 27 07:13:00 UTC 2006 Modified Files: pkgsrc/mail/squirrelmail-locales: Makefile PLIST distinfo Log Message: Updated squirrelmail-locales to 1.4.6 * sync with squirrelmail 1.4.6 --- Module Name: pkgsrc Committed By: cube Date: Wed Mar 1 06:39:52 UTC 2006 Modified Files: pkgsrc/mail/squirrelmail-locales: Makefile PLIST Log Message: Fix PLIST. --- Module Name: pkgsrc Committed By: martti Date: Thu Mar 2 07:41:44 UTC 2006 Modified Files: pkgsrc/mail/squirrelmail-decode: Makefile Log Message: Fix pkglint -Wall warnings. --- Module Name: pkgsrc Committed By: salo Date: Wed Mar 15 11:48:29 UTC 2006 Modified Files: pkgsrc/mail/squirrelmail-locales: Makefile PLIST Log Message: Fix PLIST. (hi cube and martti!)
Updated squirrelmail to 1.4.6 This release is very important, and we strongly advise everybody to update to the latest release. Security Update =============== This version contains a number of security updates that were brought to our attention via a number of sources. - In webmail.php, the right_frame parameter was not properly sanitized to deal with very lenient browsers, which allowed for cross site scripting or frame replacing. [CVE-2006-0188] - In the MagicHTML function, some very obscure constructs were discovered to be exploitable: 'u\rl' was interpreted as 'url' (privacy concern), and comments could be inside keywords (allows for cross site scripting). Both only affect Internet Explorer users. Found by Martijn Brinkers and Scott Hughes. [CVE-2006-0195] - The function sqimap_mailbox_select did not strip newlines from the mailbox parameter, and thereby allowed for IMAP command injection. Found by Vicente Aguilera. [CVE-2006-0377]
Fixed warnings found by pkglint -Wall.
Recursive revision bump / recommended bump for gettext ABI change.
s/SMDIRDIR/SMDIR/ and bump PKGREVISION.
Use SUBST framework. Replace some "find foo | xargs bar" with "find foo -exec bar {} \;" while here, the former is faster, but can't cope with all quoting issues and is also more likely to hit argument length limits. CONFLICT to ja-squirrelmail.
Remove USE_PKGINSTALL from pkgsrc now that mk/install/pkginstall.mk automatically detects whether we want the pkginstall machinery to be used by the package Makefile.
Pullup ticket 957 - requested by Martti Kuparinen bulk build fix for mail/ja-squirrelmail and mail/squirrelmail Revisions pulled up: - pkgsrc/mail/ja-squirrelmail/Makefile 1.21 - pkgsrc/mail/squirrelmail/Makefile 1.63 Module Name: pkgsrc Committed By: martti Date: Sat Dec 10 19:23:01 UTC 2005 Modified Files: pkgsrc/mail/ja-squirrelmail: Makefile pkgsrc/mail/squirrelmail: Makefile Log Message: List ${SMDIR} and ${SMDIR}/config in REQD_DIRS instead of OWN_DIRS to avoid problems with bulk builds with CHECK_FILES=yes. Suggested by Johnny Lam on tech-pkg@ list.
List ${SMDIR} and ${SMDIR}/config in REQD_DIRS instead of OWN_DIRS to avoid problems with bulk builds with CHECK_FILES=yes. Suggested by Johnny Lam on tech-pkg@ list.
Pullup tickets 939, 941 - requested by Martti Kuparinen various squirrelmail bug and compatibility fixes Revisions pulled up: - pkgsrc/mail/squirrelmail/Makefile 1.58, 1.59, 1.61, 1.62 - pkgsrc/mail/squirrelmail/distinfo 1.28, 1.29 - pkgsrc/mail/squirrelmail/patches/patch-ag 1.1 - pkgsrc/mail/squirrelmail/patches/patch-ah 1.1 - pkgsrc/mail/ja-squirrelmail/Makefile 1.16, 1.17, 1.19, 1.20 - pkgsrc/mail/ja-squirrelmail/distinfo 1.7, 1.8 - pkgsrc/mail/ja-squirrelmail/patches/patch-aa 1.3 - pkgsrc/mail/ja-squirrelmail/patches/patch-ab 1.1 - pkgsrc/mail/ja-squirrelmail/patches/patch-ac 1.1 - pkgsrc/mail/ja-squirrelmail/patches/patch-ad 1.1 - pkgsrc/mail/ja-squirrelmail/patches/patch-ae 1.1 - pkgsrc/mail/ja-squirrelmail/patches/patch-af 1.1 - pkgsrc/mail/ja-squirrelmail/patches/patch-ag 1.1 - pkgsrc/mail/ja-squirrelmail/patches/patch-ah 1.1 Module Name: pkgsrc Committed By: martti Date: Mon Dec 5 09:18:44 UTC 2005 Modified Files: pkgsrc/mail/squirrelmail: Makefile distinfo Added Files: pkgsrc/mail/squirrelmail/patches: patch-ag Log Message: Updated squirrelmail to 1.4.5nb2 - avoid corrupted attachment downloads (pkg/32175). --- Module Name: pkgsrc Committed By: martti Date: Mon Dec 5 09:28:44 UTC 2005 Modified Files: pkgsrc/mail/ja-squirrelmail: Makefile distinfo pkgsrc/mail/ja-squirrelmail/patches: patch-aa Added Files: pkgsrc/mail/ja-squirrelmail/patches: patch-ab patch-ac patch-ad patch-ae patch-af patch-ag Log Message: Updated mail/ja-squirrelmail to 1.4.5nb2 - sync with pkgsrc/mail/squirrelmail --- Module Name: pkgsrc Committed By: martti Date: Mon Dec 5 20:13:38 UTC 2005 Modified Files: pkgsrc/mail/squirrelmail: Makefile distinfo Added Files: pkgsrc/mail/squirrelmail/patches: patch-ah Log Message: Make this work with PHP 5.1.1 --- Module Name: pkgsrc Committed By: martti Date: Mon Dec 5 20:14:35 UTC 2005 Modified Files: pkgsrc/mail/ja-squirrelmail: Makefile distinfo Added Files: pkgsrc/mail/ja-squirrelmail/patches: patch-ah Log Message: Make this work with PHP 5.1.1 --- Module Name: pkgsrc Committed By: martti Date: Fri Dec 9 06:42:46 UTC 2005 Modified Files: pkgsrc/mail/ja-squirrelmail: Makefile pkgsrc/mail/squirrelmail: Makefile Log Message: - remove all .orig* files. Noted by Lubomir Sedlacik. - use post-patch instead of pre-configure --- Module Name: pkgsrc Committed By: martti Date: Fri Dec 9 10:18:11 UTC 2005 Modified Files: pkgsrc/mail/ja-squirrelmail: Makefile pkgsrc/mail/squirrelmail: Makefile Log Message: Use pre-configure instead of post-patch so it's easier to (re)create patches.
Use pre-configure instead of post-patch so it's easier to (re)create patches.
- remove all .orig* files. Noted by Lubomir Sedlacik. - use post-patch instead of pre-configure
Fixed pkglint warnings. The warnings are mostly quoting issues, for example MAKE_ENV+=FOO=${BAR} is changed to MAKE_ENV+=FOO=${BAR:Q}. Some other changes are outlined in http://mail-index.netbsd.org/tech-pkg/2005/12/02/0034.html
Make this work with PHP 5.1.1
Updated squirrelmail to 1.4.5nb2 - avoid corrupted attachment downloads (pkg/32175).
Fix "Fatal error: Only variables can be passed by reference" in several files that occurs with PHP 5.0.5 by applying the small "squirrelmail-stable.diff" from the SourceForge page about the bug: http://sourceforge.net/tracker/index.php?func=detail&aid=1237160&group_id=311&atid=423679 Problem reported by Nathan Arthur in private mail. Fix OK'd by martti@.
Pullup ticket 664 - requested by Manuel Bouyer security update for squirrelmail Revisions pulled up: - pkgsrc/mail/ja-squirrelmail/Makefile 1.15 - pkgsrc/mail/ja-squirrelmail/PLIST 1.3 - pkgsrc/mail/ja-squirrelmail/distinfo 1.6 - pkgsrc/mail/squirrelmail/Makefile 1.56 - pkgsrc/mail/squirrelmail/PLIST 1.16 - pkgsrc/mail/squirrelmail/buildlink3.mk 1.3 - pkgsrc/mail/squirrelmail/distinfo 1.26 - pkgsrc/mail/squirrelmail/patches/patch-aa 1.10 - pkgsrc/mail/squirrelmail/patches/patch-ab removed - pkgsrc/mail/squirrelmail-locales/Makefile 1.8 - pkgsrc/mail/squirrelmail-locales/PLIST 1.4 - pkgsrc/mail/squirrelmail-locales/distinfo 1.3 Module Name: pkgsrc Committed By: martti Date: Mon Jul 18 07:04:25 UTC 2005 Modified Files: pkgsrc/mail/ja-squirrelmail: Makefile PLIST distinfo Log Message: Updated mail/ja-squirrelmail to 1.4.5 * lots of bug fixes * translation updates --- Module Name: pkgsrc Committed By: martti Date: Mon Jul 18 07:04:27 UTC 2005 Modified Files: pkgsrc/mail/squirrelmail: Makefile PLIST buildlink3.mk distinfo pkgsrc/mail/squirrelmail/patches: patch-aa Removed Files: pkgsrc/mail/squirrelmail/patches: patch-ab Log Message: Updated mail/squirrelmail to 1.4.5 * lots of bug fixes * translation updates -- Module Name: pkgsrc Committed By: martti Date: Mon Jul 18 07:04:29 UTC 2005 Modified Files: pkgsrc/mail/squirrelmail-locales: Makefile PLIST distinfo Log Message: Updated mail/squirrelmail-locales * sync with squirrelmail 1.4.5
Updated mail/squirrelmail to 1.4.5 * lots of bug fixes * translation updates
Remove some unnecessarily strong dependencies on perl that resulted from including perl5/buildlink3.mk. These packages just need the Perl interpreter, and can just add "perl" to USE_TOOLS instead.
CONFLICTS with ja-squirrelspell
Drop trailing space
Updated squirrelmail to 1.4.4nb1 * Fix several cross site scripting vulnerabilities http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0337
Remove USE_BUILDLINK3 and NO_BUILDLINK; these are no longer used.
Make sure to change current directory to ${WRKSRC} before removing files like "*.orig" by find(1).
Updated squirrelmail to 1.4.4 We are pleased to announce the release of SquirrelMail 1.4.4. This release is a strongly recommended upgrade due to a number of security issues that have been resolved since 1.4.3a. About This Release ------------------ This release contains a number of bug fixes, and security updates. The list is very long, as this version has been hiding in the trees for a while. For a full list of the changes, you can see the changelog here: http://www.squirrelmail.org/changelog.php A general summary of updates includes a few cross site scripting issues, and two possible file inclusion issue (one remote, one local). Better IMAP handling introduced for certain IMAP servers that advertise LOGINDISABLED, folder handling, and a number of locales issues. Locales ------- Shortly after the release of 1.4.3, the locales were broken out of the main branch into their own branch. This makes the SquirrelMail package itself a lot smaller, along with allowing administrators to download just the packages they need. Details on this change can be found in the ReleaseNotes and the INSTALL files.
chmod directories and other files
chmod only files
Use ${SHAREMODE} instead of a-w with chmod
Use ${VARBASE} instead of hardcoding /var
s,PHP4,PHP, in COMMENT - this package doesn't specifically require PHP4
Updated squirrelmail to 1.4.3anb1 (pkg/28328 by IYODA Atsushi) There is a cross site scripting issue in the decoding of encoded text in certain headers. SquirrelMail correctly decodes the specially crafted header, but doesn't sanitize the decoded strings. http://article.gmane.org/gmane.mail.squirrelmail.user/21169
update DEPENDS for change of php4-* packages to php-*; be optimistic and leave the DEPENDS in a form which allows PHP 5.x to match, since it should work just as well
Update mail/squirrelmail to 1.4.3a. Version 1.4.3a - 2 June 2004
Add patch from squirrelmail repository: "Fix typo in compose.php reply/reply to all quoting (#963499)." Without this, reply/reply all won't work when quoting a message. Bump PKGREVISION.
Update to 1.4.3, patches from Martti Kuparinen. Main Changes: lots of bug fixes, including some critical XSS (cross site scripting) issues. Some new translations. Added new preference that determines cursor focus when replying. Display total number of new messages in newmail-plugin popup window. Ported charset decoding support functions from SM head. Increases number of readable charsets. Fix SquirrelMail to work with PHP5. Disabled Quick-email-reporting feature in spamcop plugin. (#809452). Admin can enable it by setting variable in plugins/spamcop/setup.php. Replaced obsolete 2mbit.com RBL with ahbl.org RBL (#829887). Added new reply citation to include date and author.
bl3ify, and note that this package doesn't require a compiler.
Pass only one argument to ${INSTALL_DATA_DIR}. This fixes installation problems on Solaris (pkg/24122 by Charlie Allom).
Updated squirrelmail to 1.4.2 * bug fixes * translation updates * new minimal bw theme
Remove redundant dependences on "php" package.
Updated squirrelmail to 1.4.1 (pkg/22652 by Adrian Portelli, so fixes by me) - lots of bug fixes I couldn't make this work without the latest PHP (4.3.3)...
s/netbsd.org/NetBSD.org/
Updated squirrelmail to 1.4.0 * A complete rewrite of the way we send mail (Deliver-class), and of the way we parse mail (MIME-bodystructure parsing). This makes SquirrelMail more reliable and more efficient at the same time! * Support for IMAP UID which makes SquirrelMail more reliable. * Optimizations to code and the number of IMAP calls; SquirrelMail is now a very scalable webmail solution. * Support for a wider range of authentication mechanisms. * Lots of bugfixes, some new features and a couple of UI-tweaks.
Updated squirrelmail to 1.2.11 This release incorporates some security fixes in relation to XSS (cross site scripting) code which could allow malicious extraction of information from the client browser. There is also a fix for the SquirrelMail 1.2.10 "Double login" problem. This was related to a session issue, and has been fixed.
Instead of including bsd.pkg.install.mk directly in a package Makefile, have it be automatically included by bsd.pkg.mk if USE_PKGINSTALL is set to "YES". This enforces the requirement that bsd.pkg.install.mk be included at the end of a package Makefile. Idea suggested by Julio M. Merino Vidal <jmmv at menta.net>.
Updated squirrelmail to 1.2.10 * multiple session issues resolved * many updated translations * a number of other bugs fixed
Use buildlink2.
Pull up pkgsrc/mail/squirrelmail Makefile 1.27 PLIST 1.8 distinfo 1.10 to the netbsd-1-6 pkgsrc branch. Requested by Manuel Bouyer. This updates squirrelmail to version 1.2.9 because of security issues. The files are synced to HEAD, exept for ${APACHE_GROUP} which doesn't exist in the 1.6 branch.
Updated squirrelmail to 1.2.9 * many bugfixes and stability enhancements - register_globals - session handling - preferences * German help texts
Correct directory ownership (PR#18529)
Updated squirrelmail to 1.2.8 * HTML cleanup on search and addressbook pages * Fixes for multiple XXS exploits on the addressbook, search, help, and options pages * more accurate error messages on failed login * HTML table cleanup when viewing attachments * fix for X-MSMail-Priority conflict bug #600369 * fix for multiple email addresses on the same message line * fix for "." on a single line in a text attachment bug #598750 * Core code and plugins converted to work with register_globals Off * fix for reply quoting on resumed drafts * fix for fgets errors in file_prefs bug #578834 * fix for date format on calendar day view bug #582919 * fix for org. logo width/height values bug #572807 * fix for reading/writing ldap prefs with conf.pl bug #57595 * fix for 'fixed' font style in css bug #571463 * fix for attachments in safe mode bug #585340 * fix for forward attachment bug #585836 * fix for php warning when saving drafts bug #585012 * returned generic_header hook to page_header.php bug #554278 * fix for syntax error in darkness theme bug #576066 * fix for some attachments not being displayed bug #577052 * fix for matching uppercase headers on mailbox display bug #584082 * fix for folder names containing regex characters bug #574889, #578156 * fix for endless loop on raw binary data in email bug #547662
Updated squirrelmail to 1.2.7 * fix for 'compose as new' link. bug #554886 * fix charset format in the admin plugin. bug #550725 * fix for errant '.' in default_folder_prefix. bug #551310 * fix for folder names with '?' and '*'. bug # 559257, #552180 * added the ability to search without the charset argument. #552288 * Made /noselect node display optional. bug #554988, patch #452178 * Improved support for macosx IMAP server thanks Brian Haun * Added macosx friendly search, thanks Brian Haun bug #553038 * Fixed word wrap problems when sending mail. bug #552961, #556143 * Added possibility to use multiple compose windows without loss of attachements. * Fixed forward message/rfc822 attachments from a search * Fix SpamCop plugin. * Fixed send MDN link. * Fixed dealing with \r\n and \n in smtp.php. * Fixed to, cc, bcc arrays in message->header * Speed optimizements in generating message-lists. * Fixed loss of attachment with html addressbook. * Fixed saving drafts with attachments
Updated squirrelmail to 1.2.6 - Bug fixes - Added POP3 Before SMTP option - Added a server-side thread sorting option per folder - Added a server-side sorting global option - Compose in new window size can be set in Display prefs - PostgreSQL is now supported for database backed use - Added user option to sort messages by internal date - Added option to auto-append sig before reply/forward text - Filters can be applied to only new mail - Filtering now happens on folder list refresh
It seems this needs php-pcre now.
Update to 1.2.5. Main change is that it has been fully ported to PHP 4.1 (no more warnings that fills in apache error_log). Changes since 1.2.4: - Multiple mailbox list calls cached. - Added 'View unsafe images' link to the bottom of pages which contain unsafe images. - Fixed 'too many close table tags' and various other issues which meant SM output didn't always validate as clean HTML. - Added the ability to add special folders through plugins. - Added an Always compose in a pop-up window option. - Search page update with ability to save searches and search all folders at once. - Made searching on multiple criteria possible, with thanks to Jason Munro - Fixed 'list all' in addressbook (#506624, thanks to Kurt Yoder) - Fixed small bugs in db_prefs - Allowed SquirrelMail to work from within a frame, eg. not using _top this is configureable. (thanks to Simon Dick) - Added options to conf.pl to enable automated plugin installation: ./conf.pl --install-plugin <pluginname>. This allows plugins to be distributed in packages. Conf.pl now also reports when saving fails. - Attachment hooks now also allow specification of generic rules like text/* which will be used when no specific rule is available. - conf.pl can now configure database backed address books and preferences. - Version 0.3.7 of SquirrelSpell. Fixes a potential privacy vulnerability (symlink attack), plus introduces formatting fixes and javadoc-style comments. - Bugfix in mailfetch reported by Mateusz Mazur - Administrator plugin. A web based conf.pl replacement. - Removed GLOBALS from conf.pl - HTML messages optimization. - Added support for requesting read receipts (MDN) and delivery receipts. - Added the ability to stop users changing their names and email addresses. - Added signature into multiple identities (Stefan Meier <Stefan.Meier@cimsource.com>) - Updated user help files to reflect UI chanegs and added functionality.
Update to 1.2.4 (OK'd by Johnny Lam). Changes: Version 1.2.4 -- 25 January 2002 -------------------------------- - Fixes a nasty remote arbitrary command execution vulnerability in the spellchecker plugin. Version 1.2.3 -- 21 January 2002 -------------------------------- - Fixed focus system on pages that contain forms. - Fixed IMAP code to send different command identifiers as per section 2.2.1 of RFC 2060. - Fixed 'sticky priority' so that replies are set to the same priority as the original message. - Fixed Printer Friendly to print HTML messages. - Fixed multiple receivers in Sent mailbox (#500910). - Disabled prefs caching under PHP 4.1 - Added "Search Memory". Enabling to store up to 9 predefined searchs. - Increased security in html message. - Added the possibility to specify system-defined css in order to allow users to change the font family and size of SM. Making possible to make it bigger or smaller depending on their screen size. Sysops may add or remove these system-defined css located in themes/css/ - Fixed a bug appearing on some apache virtual hosts - Fixed javascript error (#505255) - Fixed the db_prefs so they work again (#499609, thanks to Simon Dick)
Update mail/squirrelmail to 1.2.2. Changes from version 1.0.6 include: * Collapsible Folders - The folder list can be collapsed at any parent folder. This makes folder lists with large hierarchical structures much easier to manage and navigate. * The Paginator! - This enables quick access to any page in the message list by simply choosing the page number to view rather than tediously clicking "next" 50 times. * Hundreds of UI tweaks - The user interface has been given a face-lift. The HTML has been largely overhauled, and while it still has the same general feel, it has been made more intuitive. * Drafts - It is now possible to compose a message and save it to be sent at a later date with the drafts option. * New Options Page - The options page has been completely rewritten for several reasons, the main of which was to allow seamless integration of plugin options and to provide uniformity throughout the entire section. * Multiple Identities - It is now possible to create different identities (home, work, school) that can be chosen upon sending. Each identity can have its own email address, full name, and signature. * Reply Citations - Different types of citations are now possible when replying to messages. * Better Attachment Handling - The plugin, attachment_common, has been fully integrated into the core of SquirrelMail. This allows inline viewing of several different types of attachments. * Integration of Several Plugins - The following plugins have been put directly into the core. As a result, be sure not to install these as plugins, as the result may be (at best) unpredictable: attachment_common, paginator, priority, printer_friendly, sqclock, xmailer. * Improved support for newer versions of PHP. Note that you may have trouble if you are running PHP version 4.0.100 (commonly distributed with Debian 3.0). * Ability to mark messages as read and unread from the message listing. * Alternating Colors - The message list now alternates row colors by default. This presents a much cleaner and easier to read interface to the user.
Back out last commit, "squirrelmail" doesn't work with version 4.1.0 of the "php" package yet.
Fix wildcard dependence to accept version 4.1.0 of the "php" package.
Note that this package does _NOT_ work with php-4.1.0. The SquirrelMail folks will be releasing another release in the 1.2.x series in 2-3 weeks to operate with php-4.1.0.
SquirrelMail needs PHP4 session support. Noted in pkg/14906 by John Klos <john@sixgirls.org>.
bsd.pkg.install.mk calls the INSTALL script at the right times automatically, so no need to do it ourselves.
PKG_SYSCONFDIR is where the configuration files for a package may be found. This value may be customized in various ways: PKG_SYSCONFBASE is the main config directory under which all package configuration files are to be found. PKG_SYSCONFSUBDIR is the subdirectory of PKG_SYSCONFBASE under which the configuration files for a particular package may be found. PKG_SYSCONFDIR.${PKGBASE} overrides the value of ${PKG_SYSCONFDIR} for a particular package. Users will typically want to set PKG_SYSCONFBASE to /etc, or accept the default location of ${PREFIX}/etc. This obsoletes the use of CONFDIR, which was active for only 6 days, so no need to have a workaround to still accept old CONFDIR settings.
Adapt to use shared INSTALL/DEINSTALL scripts by using the logic in bsd.pkg.install.mk: * Remove old DEINSTALL/INSTALL scripts. * Move some text printed at POST-INSTALL time into the MESSAGE file. * Adjust rc.d scripts to respect rc.conf settings, so that the script may be directly copied into /etc/rc.d.
In package Makefiles, create FILES_SUBST instead of duplicating sed expression for substituting in DEINSTALL/INSTALL scripts. Use "${CMP} -s" instead of "diff -q" since the former is more portable across OSes.
Install example configuration file without redundant .dist suffix.
Update squirrelmail to 1.0.6. Pkgsrc changes include: - Respect ${APACHE_SYSCONFDIR} setting. - Install example squirrelmail.conf Apache config file fragment into ${PREFIX}/share/examples/squirrelmail. Changes from version 1.0.3 include: - Reworked validation for each page. It's now standardized in validate.php - Fixed login bug that resulted from 1.0.5 security updates - Fixed plugin incompatibilities that were introduced in 1.0.5 - Added more security checking to preference saving/loading - Updated German translation (thanks to Roland Bauerschmidt <rb@debian.org>) - Updated Finnish help files - MAJOR security issues addressed. Please upgrade as soon as possible. - Downloading attachments should work better due to a tip by Ray Black III. - Fixed bug with drop-down folder list not containing INBOX - Added Sweedish help files Teemu Junnila <teejun@vallcom.com> - Added Italian help files Antonetti Roberto <antonr@piceniaweb.com> - Fixed some bugs with folder creation - Security fix for UW IMAP server to disallow folder paths outside of $folder_pr efix - Some problems with header encoding/decoding fixed - Made subject column take up whatever width is available - Added bcc to html addressbook search
Update squirrelmail to 1.0.3. Pkgsrc changes include setting the example Apache URL to http://www.domain.com/squirrelmail/ instead of /mail/ to access squirrelmail. Changes from version 1.0.2: - Many i18n enhancements/fixes - Fixed bug with default theme path being set incorrectly - Fixed problem when sending/forwarding multiple attachments - Made folder drop-down list consistent in look to the other drop-downs - Fixed problem where some attachment filenames would not be displayed - Added Finnish help files by Teemu Junnila <teejun@vallcom.com> - Updated Norwegian translation - Updated Brazillian Portuguise translation
Update to new COMMENT style: COMMENT var in Makefile instead of pkg/COMMENT.
Add a file for easy inclusion into Apache's httpd.conf file. Reword MESSAGE to refer to this new file.
Update squirrelmail to 1.0.2. Changes from version 1.0.1 include: - Added a workaround for RedHat's 4.0.4pl1-3 binary package (It's also the same workaround for Konqueror and other PHP installations?) - Select All works through the search - Better escaped string handling from POST variables - Many more code cleanups and optimizations - Added Hungarian translation by Teemu Junnila <teejun@vallcom.com> - Added Icelandic translation by Karl Heid-ar" <karlh@macho.is> - Updated Taiwan translation - Updated Sweedish translation - Updated Finnish translation
Update squirrelmail to stable release version 1.0.1. Changes from development version 0.9.3: - Improved the way sqimap_read_data() is handled - Sped up "no sorting" even more - Fixed problems with sending messages - Fixed some pass-by-reference calls that caused problems with newer PHP versions - Fixed bug that didn't display last folder subscribed to - Removed requirement of PHP 4.0.1 for array_unique() function - Removed unnecessary echo statements by breaking out of PHP - Changed evaluation method from using " to ' for speed improvements - If no plugin array set in config.php, now handled correctly - If subject is > 55 chars, trims it and puts "..." in message list - Hundreds of minor changes to remove all verbose PHP warning messages - Updated config_default.php to include attachment_common plugin (now in distribution) - A few minor speed improvements - Fixed problems in sqimap_read_body(), made it more reliable - Added French translation of help files by gore K <gore_k@ymca-cepiere.org> - Added Finnish translation by Teemu Junnila <teejun@vallcom.com> - Updated Sweedish translation - Updated Russian translation
Add automatic ${VARIABLE} handling for MESSAGE files. Convert most MESSAGE files to new syntax (${VARIABLE} gets replaced, not @VARIABLE@, nor @@VARIABLE@@). By default, substitutions are done for LOCALBASE, PKGNAME, PREFIX, X11BASE, X11PREFIX; additional patterns can be added via MESSAGE_SUBST. Clean up some packages while I'm there; add RCS tags to most MESSAGEs. Remove some uninteresting MESSAGEs.
Update dependency on php4 to 4.0.4.1nb1 since SquirrelMail requires gettext support.
SquirrelMail - PHP4 webmail package. We've been lacking a pkgsrc webmail package for a while. I still haven't figured out how to package IMP and make PHP4 work with the shared IMAP module. But in the meantime, here's SquirrelMail, a straightforward implementation of a webmail gateway to IMAP server implemented completely in PHP4.
Initial revision