![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.NetBSD.org] / pkgsrc / mail / squirrelmail
Request diff between arbitrary revisions
Keyword substitution: kv
Default branch: MAIN
*: recursive bump for perl 5.36
Pullup ticket #2777 - requested by martti squirrelmail: security update Revisions pulled up: - mail/squirrelmail/Makefile 1.106 - mail/squirrelmail/PLIST 1.30-1.31 - mail/squirrelmail/buildlink3.mk 1.22 - mail/squirrelmail/distinfo 1.53 - mail/squirrelmail/options.mk 1.12-1.13 --- Module Name: pkgsrc Committed By: martti Date: Fri May 22 07:04:13 UTC 2009 Modified Files: pkgsrc/mail/squirrelmail: Makefile PLIST distinfo Log Message: Updated squirrelmail to 1.4.19 The security fix to map_yp_alias in 1.4.18 turned out to be incomplete. We also expierenced some regressions in the updated filter plugin. Both are addressed in this new release 1.4.19 which contains a few other small fixes aswell. If you do not use map_yp_alias or the filters plugin there's no urgent need to upgrade now if you already installed 1.4.18. If you are still on an older release than 1.4.18 (or use the mentioned functionality) we do urge you to upgrade as soon as possible as 1.4.18 and 1.4.19 combined fix some important security issues. Those using the development branch (1.5.x) should install a recent SVN snapshot. --- Module Name: pkgsrc Committed By: martti Date: Fri May 22 07:05:14 UTC 2009 Modified Files: pkgsrc/mail/squirrelmail: buildlink3.mk Log Message: Updated --- Module Name: pkgsrc Committed By: martti Date: Fri May 22 08:23:02 UTC 2009 Modified Files: pkgsrc/mail/squirrelmail: PLIST options.mk Log Message: Fixed PLIST issues. --- Module Name: pkgsrc Committed By: taca Date: Fri May 22 08:50:19 UTC 2009 Modified Files: pkgsrc/mail/squirrelmail: Makefile distinfo options.mk Log Message: Update Japanese patch. Bump PKGREVISION.
Updated
Simply and speed up buildlink3.mk files and processing. This changes the buildlink3.mk files to use an include guard for the recursive include. The use of BUILDLINK_DEPTH, BUILDLINK_DEPENDS, BUILDLINK_PACKAGES and BUILDLINK_ORDER is handled by a single new variable BUILDLINK_TREE. Each buildlink3.mk file adds a pair of enter/exit marker, which can be used to reconstruct the tree and to determine first level includes. Avoiding := for large variables (BUILDLINK_ORDER) speeds up parse time as += has linear complexity. The include guard reduces system time by avoiding reading files over and over again. For complex packages this reduces both %user and %sys time to half of the former time.
Pullup ticket #2605 - requested by martti
squirremal: security update
Revisions pulled up:
- mail/squirrelmail/Makefile 1.100-1.101
- mail/squirrelmail/PLIST 1.28
- mail/squirrelmail/buildlink3.mk 1.20
- mail/squirrelmail/distinfo 1.49-1.50
- mail/squirrelmail/options.mk 1.9
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Nov 19 14:47:51 UTC 2008
Modified Files:
pkgsrc/mail/squirrelmail: Makefile distinfo options.mk
Log Message:
Update Japanese patch to squirrelmail-1.4.16-ja-20081013.
No functional should be changed though.
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: martti
Date: Thu Dec 4 07:18:47 UTC 2008
Modified Files:
pkgsrc/mail/squirrelmail: Makefile PLIST buildlink3.mk distinfo
Log Message:
Updated mail/squirrelmail to 1.4.17
The SquirrelMail team is happy to announce the release of version 1.4.17. The
most notable change is a security fix that prevents certain specially-crafted
hyperlinks within messages from executing cross-site scripting attacks. For
other details, see the ReleaseNotes file included in this release. We advise
all users of SquirrelMail software to upgrade.
Updated mail/squirrelmail to 1.4.17 The SquirrelMail team is happy to announce the release of version 1.4.17. The most notable change is a security fix that prevents certain specially-crafted hyperlinks within messages from executing cross-site scripting attacks. For other details, see the ReleaseNotes file included in this release. We advise all users of SquirrelMail software to upgrade.
Updated mail/squirrelmail to 1.4.16 The SquirrelMail team is happy to announce the release 1.4.16. The most notable change is that cookies are now sent with the secure attribute set for HTTPS-connections, meaning that they cannot leak to an HTTP-connection on the same SquirrelMail installation. For details see the included ReleaseNotes. We advise users that offer their SquirrelMail both over HTTP and HTTPS to upgrade.
Version 1.4.15 - 23 May 2008
Pullup ticket 2238 - requested by martti
security update for squirrelmail
- pkgsrc/mail/squirrelmail/Makefile 1.95
- pkgsrc/mail/squirrelmail/PLIST 1.24
- pkgsrc/mail/squirrelmail/buildlink3.mk 1.17
- pkgsrc/mail/squirrelmail/distinfo 1.43
- pkgsrc/mail/squirrelmail/patches/patch-aa 1.14
Module Name: pkgsrc
Committed By: martti
Date: Wed Dec 5 07:11:29 UTC 2007
Modified Files:
pkgsrc/mail/squirrelmail: Makefile PLIST buildlink3.mk distinfo
pkgsrc/mail/squirrelmail/patches: patch-aa
Log Message:
Updated mail/squirrelmail to 1.4.12
NOTE: includes a critical bug fix in the attachment handling
- Enabled user selection of address format when adding from address
book during message composition.
- Fixed issue with adding attachments in PHP 4.x environments (#1805471).
- Backport size setting on "newmail" popup window.
- Added a "short_open_tag" configuration test.
- Undefined notice in error message box when no default folder prefix is set.
- Undefined index error when downloading. Possibly caused by using tabs and
opening multiple mailboxes.
- PAGE_NAME might not be defined in all plugins, which might cause a
"not defined" error on session timeouts.
- Fixed outgoing messages to allow addresses such as "0@..." or "000@...",
etc. (#1818398).
- Fixed issue with in-reply-to and reference headers not being retained on
reply (#1810659).
- Revived logout_error hook (#1800015).
- Allow custom session handlers to work correctly (and be defined at the
application level with SquirrelMail).
- Fix off-by-one in bodystructure parsing triggered by servers sending
a body location part (e.g. Sun Java System Messaging Server). Thanks
John Callahan (#1808382).
- Invalid initialization of To: header (#1772893).
- Includes cleanup in include/validate.php.
- Cleanup in multiple files to remove unneeded includes.
- Added sort by size (#812233 and #159997, plus multiple list requests).
Patch provided by Christopher E. Brown.
- Fix bug in sitewide SMTP settings still using authenticated user, rather
than configured settings (#1835942).
- Fixed mailto: functionality.
- Added mailto: link handling when viewing messages.
- Handle PHP's insistence on setting the value to 'deleted' for destroyed
sessions
Updated mail/squirrelmail to 1.4.12
NOTE: includes a critical bug fix in the attachment handling
- Enabled user selection of address format when adding from address
book during message composition.
- Fixed issue with adding attachments in PHP 4.x environments (#1805471).
- Backport size setting on "newmail" popup window.
- Added a "short_open_tag" configuration test.
- Undefined notice in error message box when no default folder prefix is set.
- Undefined index error when downloading. Possibly caused by using tabs and
opening multiple mailboxes.
- PAGE_NAME might not be defined in all plugins, which might cause a
"not defined" error on session timeouts.
- Fixed outgoing messages to allow addresses such as "0@..." or "000@...",
etc. (#1818398).
- Fixed issue with in-reply-to and reference headers not being retained on
reply (#1810659).
- Revived logout_error hook (#1800015).
- Allow custom session handlers to work correctly (and be defined at the
application level with SquirrelMail).
- Fix off-by-one in bodystructure parsing triggered by servers sending
a body location part (e.g. Sun Java System Messaging Server). Thanks
John Callahan (#1808382).
- Invalid initialization of To: header (#1772893).
- Includes cleanup in include/validate.php.
- Cleanup in multiple files to remove unneeded includes.
- Added sort by size (#812233 and #159997, plus multiple list requests).
Patch provided by Christopher E. Brown.
- Fix bug in sitewide SMTP settings still using authenticated user, rather
than configured settings (#1835942).
- Fixed mailto: functionality.
- Added mailto: link handling when viewing messages.
- Handle PHP's insistence on setting the value to 'deleted' for destroyed
sessions
Updated mail/squirrelmail to 1.4.11
Version 1.4.11 - 29 September 2007
----------------------------------
- Minimum PHP requirement raised from 4.0.6 to 4.1.0.
SquirrelMail has been broken for a while with 4.0.x without anyone
noticing, this move merely reflects reality.
- Fix broken set_url_var function in functions/html.php (#1729814).
- Fix config.pl not detecting auth support correctly (#1727033).
- Fix display of X-Priority in message view.
- Work around mailers sending broken Date headers with no space after the
first comma.
- Let POP3 class properly cope with lines starting with a '.'.
- Some HTML validation cleanups.
- Invalid year in sent_subfolders plugin (#1607380).
- Always treat Content-Type case-insensitively (#1732092).
- Fix typo: html/plain should be text/html.
- Fix en/decode header swith in MDN (#1694687).
- Fix compatibility with Windows path in administrator plugin (#1740469).
- Fix disabling password encryption in mail_fetch (#1738001).
- Fix busy loop and notice when two literals in IMAP fetch (#1739433).
- Backported code for site wide SMTP authentication (#1531889).
- Fixed issue with compose session not being cleaned after message is
saved or sent.
- Added ability to detect HTTP_X_FORWARDED_PROTO in get_location(),
thanks to Daniel Watts
- Fix test for signout.php in the logged in check in is_logged_in() so it
cannot be circumvented by manipulating the URL. External plugins might
rely on this function guaranteeing that the user is logged in.
- Use attachment_dir only at the point where we're actually
reading from / writing to the files, do not carry it around
in the object. This makes us safer in the event the object
is somehow exposed to the outside world.
- Better support mailboxes named 'None' (#1598890).
- Sort readdir() output in conf.pl (#1755886).
- Fix message cache in printer friendly, thanks Tomas Kuliavas.
- Made the webmail_top hook work again for plugins that want to change
the URI of the "right" frame; plugins have to change the value of the
global variable $right_frame_url
- Fix issue in darkness theme with extra closing bracket.
- No longer store all message composition sessions in the PHP session,
since it was not made use of and in rare cases, made sessions too big.
- Composition restoration functionality now correctly restores attachments.
- Added smtp_auth hook.
- Change default Selection List Style to Indented.
- Added "preselected" query argument to mailbox list.
- Added mailbox_display_buttons hook.
- Removed "Include CCs when Forwarding Messages", which had no functionality
whatsoever.
- Make the Message Details plugin actually show the correct entity when
viewing details of attached messages.
Require at least 1.4.10a
Depend on the latest version.
Pullup ticket 1789 - requested by tron security update for squirrelmail Revisions pulled up: - pkgsrc/mail/squirrelmail/Makefile 1.75 - pkgsrc/mail/squirrelmail/PLIST 1.19 - pkgsrc/mail/squirrelmail/buildlink3.mk 1.13 - pkgsrc/mail/squirrelmail/distinfo 1.34 - pkgsrc/mail/squirrelmail-locales/Makefile 1.17 - pkgsrc/mail/squirrelmail-locales/PLIST 1.10 - pkgsrc/mail/squirrelmail-locales/distinfo 1.7 Module Name: pkgsrc Committed By: tron Date: Mon Aug 14 15:57:40 UTC 2006 Modified Files: pkgsrc/mail/squirrelmail: Makefile PLIST buildlink3.mk distinfo pkgsrc/mail/squirrelmail-locales: Makefile PLIST distinfo Log Message: Update "squirrelmail" and "squirrelmail-locales" package to version 1.4.8. Changes since version 1.4.7: - A security fix for CVE-2006-4019 - A collection of bugfixes
Update "squirrelmail" and "squirrelmail-locales" package to version 1.4.8. Changes since version 1.4.7: - A security fix for CVE-2006-4019 - A collection of bugfixes
Pullup ticket 1738 - requested by martti
security update for squirrelmail
Revisions pulled up:
- pkgsrc/mail/squirrelmail/Makefile 1.74
- pkgsrc/mail/squirrelmail/PLIST 1.18
- pkgsrc/mail/squirrelmail/buildlink3.mk 1.12
- pkgsrc/mail/squirrelmail/distinfo 1.33
- pkgsrc/mail/squirrelmail/patches/patch-aa 1.11
- pkgsrc/mail/squirrelmail/patches/patch-ab removed
- pkgsrc/mail/squirrelmail/patches/patch-ac removed
Module Name: pkgsrc
Committed By: martti
Date: Thu Jul 13 07:59:34 UTC 2006
Modified Files:
pkgsrc/mail/squirrelmail: Makefile PLIST buildlink3.mk distinfo
pkgsrc/mail/squirrelmail/patches: patch-aa
Removed Files:
pkgsrc/mail/squirrelmail/patches: patch-ab patch-ac
Log Message:
Updated squirrelmail to 1.4.7
- Fixed URL for Read Receipts being incorrect in some cases (#1177518).
- Fixed endless loop when trying to parse "From: )(" (#1517867).
- Using is_file() instead of file_exists() in fortune plugin (#1499134).
- Add manual page for conf.pl under contrib.
- Don't allow selecting INBOX as Sent, Draft or Trash folder (#1242346).
Updated squirrelmail to 1.4.7
- Fixed URL for Read Receipts being incorrect in some cases (#1177518).
- Fixed endless loop when trying to parse "From: )(" (#1517867).
- Using is_file() instead of file_exists() in fortune plugin (#1499134).
- Add manual page for conf.pl under contrib.
- Don't allow selecting INBOX as Sent, Draft or Trash folder (#1242346).
Change the format of BUILDLINK_ORDER to contain depth information as well, and add a new helper target and script, "show-buildlink3", that outputs a listing of the buildlink3.mk files included as well as the depth at which they are included. For example, "make show-buildlink3" in fonts/Xft2 displays: zlib fontconfig iconv zlib freetype2 expat freetype2 Xrender renderproto
Track information in a new variable BUILDLINK_ORDER that informs us of the order in which buildlink3.mk files are (recursively) included by a package Makefile.
Aligned the last line of the buildlink3.mk files with the first line, so that they look nicer.
Over 1200 files touched but no revisions bumped :) RECOMMENDED is removed. It becomes ABI_DEPENDS. BUILDLINK_RECOMMENDED.foo becomes BUILDLINK_ABI_DEPENDS.foo. BUILDLINK_DEPENDS.foo becomes BUILDLINK_API_DEPENDS.foo. BUILDLINK_DEPENDS does not change. IGNORE_RECOMMENDED (which defaulted to "no") becomes USE_ABI_DEPENDS which defaults to "yes". Added to obsolete.mk checking for IGNORE_RECOMMENDED. I did not manually go through and fix any aesthetic tab/spacing issues. I have tested the above patch on DragonFly building and packaging subversion and pkglint and their many dependencies. I have also tested USE_ABI_DEPENDS=no on my NetBSD workstation (where I have used IGNORE_RECOMMENDED for a long time). I have been an active user of IGNORE_RECOMMENDED since it was available. As suggested, I removed the documentation sentences suggesting bumping for "security" issues. As discussed on tech-pkg. I will commit to revbump, pkglint, pkg_install, createbuildlink separately. Note that if you use wip, it will fail! I will commit to pkgsrc-wip later (within day).
Pullup ticket 1186 - requested by Martti Kuparinen
security update for squirrelmail
Revisions pulled up:
- pkgsrc/mail/squirrelmail/Makefile 1.65, 1.66, 1.68, 1.69
- pkgsrc/mail/squirrelmail/PLIST 1.17
- pkgsrc/mail/squirrelmail/buildlink3.mk 1.6, 1.7
- pkgsrc/mail/squirrelmail/distinfo 1.30
- pkgsrc/mail/squirrelmail/patches/patch-ab removed
- pkgsrc/mail/squirrelmail/patches/patch-ac removed
- pkgsrc/mail/squirrelmail/patches/patch-ad removed
- pkgsrc/mail/squirrelmail/patches/patch-ae removed
- pkgsrc/mail/squirrelmail/patches/patch-af removed
- pkgsrc/mail/squirrelmail/patches/patch-ag removed
- pkgsrc/mail/squirrelmail/patches/patch-ah removed
- pkgsrc/mail/squirrelmail/plugin.mk 1.3
- pkgsrc/mail/squirrelmail-decode/Makefile 1.3
- pkgsrc/mail/squirrelmail-locales/Makefile 1.11, 1.12, 1.13, 1.14
- pkgsrc/mail/squirrelmail-locales/PLIST 1.5, 1.6, 1.7
- pkgsrc/mail/squirrelmail-locales/distinfo 1.4
- pkgsrc/mail/ja-squirrelmail/Makefile 1.23, 1.24, 1.26
Module Name: pkgsrc
Committed By: joerg
Date: Fri Jan 20 23:56:59 UTC 2006
Modified Files:
pkgsrc/mail/squirrelmail: Makefile
Log Message:
Use SUBST framework. Replace some "find foo | xargs bar" with
"find foo -exec bar {} \;" while here, the former is faster, but can't
cope with all quoting issues and is also more likely to hit argument
length limits. CONFLICT to ja-squirrelmail.
---
Module Name: pkgsrc
Committed By: joerg
Date: Fri Jan 20 23:57:26 UTC 2006
Modified Files:
pkgsrc/mail/ja-squirrelmail: Makefile
Log Message:
Use SUBST. Use find foo -exec bar {} \; instead of find foo | xargs bar.
---
Module Name: pkgsrc
Committed By: martti
Date: Fri Feb 3 10:26:17 UTC 2006
Modified Files:
pkgsrc/mail/squirrelmail: Makefile
Log Message:
s/SMDIRDIR/SMDIR/ and bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: martti
Date: Fri Feb 3 10:26:44 UTC 2006
Modified Files:
pkgsrc/mail/ja-squirrelmail: Makefile
Log Message:
s/SMDIRDIR/SMDIR/ and bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: martti
Date: Fri Feb 17 07:04:25 UTC 2006
Modified Files:
pkgsrc/mail/ja-squirrelmail: Makefile
pkgsrc/mail/squirrelmail: Makefile buildlink3.mk plugin.mk
pkgsrc/mail/squirrelmail-locales: Makefile
Log Message:
Fixed warnings found by pkglint -Wall.
---
Module Name: pkgsrc
Committed By: martti
Date: Mon Feb 27 07:12:14 UTC 2006
Modified Files:
pkgsrc/mail/squirrelmail: Makefile PLIST buildlink3.mk distinfo
Removed Files:
pkgsrc/mail/squirrelmail/patches: patch-ab patch-ac patch-ad patch-ae
patch-af patch-ag patch-ah
Log Message:
Updated squirrelmail to 1.4.6
This release is very important, and we strongly advise everybody to
update to the latest release.
Security Update
===============
This version contains a number of security updates that were brought
to our attention via a number of sources.
- In webmail.php, the right_frame parameter was not properly sanitized
to deal with very lenient browsers, which allowed for cross site
scripting or frame replacing. [CVE-2006-0188]
- In the MagicHTML function, some very obscure constructs were
discovered to be exploitable: 'u\rl' was interpreted as 'url' (privacy
concern), and comments could be inside keywords (allows for cross site
scripting). Both only affect Internet Explorer users. Found by Martijn
Brinkers and Scott Hughes. [CVE-2006-0195]
- The function sqimap_mailbox_select did not strip newlines from the
mailbox parameter, and thereby allowed for IMAP command injection.
Found by Vicente Aguilera. [CVE-2006-0377]
---
Module Name: pkgsrc
Committed By: martti
Date: Mon Feb 27 07:13:00 UTC 2006
Modified Files:
pkgsrc/mail/squirrelmail-locales: Makefile PLIST distinfo
Log Message:
Updated squirrelmail-locales to 1.4.6
* sync with squirrelmail 1.4.6
---
Module Name: pkgsrc
Committed By: cube
Date: Wed Mar 1 06:39:52 UTC 2006
Modified Files:
pkgsrc/mail/squirrelmail-locales: Makefile PLIST
Log Message:
Fix PLIST.
---
Module Name: pkgsrc
Committed By: martti
Date: Thu Mar 2 07:41:44 UTC 2006
Modified Files:
pkgsrc/mail/squirrelmail-decode: Makefile
Log Message:
Fix pkglint -Wall warnings.
---
Module Name: pkgsrc
Committed By: salo
Date: Wed Mar 15 11:48:29 UTC 2006
Modified Files:
pkgsrc/mail/squirrelmail-locales: Makefile PLIST
Log Message:
Fix PLIST. (hi cube and martti!)
Updated squirrelmail to 1.4.6 This release is very important, and we strongly advise everybody to update to the latest release. Security Update =============== This version contains a number of security updates that were brought to our attention via a number of sources. - In webmail.php, the right_frame parameter was not properly sanitized to deal with very lenient browsers, which allowed for cross site scripting or frame replacing. [CVE-2006-0188] - In the MagicHTML function, some very obscure constructs were discovered to be exploitable: 'u\rl' was interpreted as 'url' (privacy concern), and comments could be inside keywords (allows for cross site scripting). Both only affect Internet Explorer users. Found by Martijn Brinkers and Scott Hughes. [CVE-2006-0195] - The function sqimap_mailbox_select did not strip newlines from the mailbox parameter, and thereby allowed for IMAP command injection. Found by Vicente Aguilera. [CVE-2006-0377]
Fixed warnings found by pkglint -Wall.
Recursive revision bump / recommended bump for gettext ABI change.
Pullup ticket 664 - requested by Manuel Bouyer security update for squirrelmail Revisions pulled up: - pkgsrc/mail/ja-squirrelmail/Makefile 1.15 - pkgsrc/mail/ja-squirrelmail/PLIST 1.3 - pkgsrc/mail/ja-squirrelmail/distinfo 1.6 - pkgsrc/mail/squirrelmail/Makefile 1.56 - pkgsrc/mail/squirrelmail/PLIST 1.16 - pkgsrc/mail/squirrelmail/buildlink3.mk 1.3 - pkgsrc/mail/squirrelmail/distinfo 1.26 - pkgsrc/mail/squirrelmail/patches/patch-aa 1.10 - pkgsrc/mail/squirrelmail/patches/patch-ab removed - pkgsrc/mail/squirrelmail-locales/Makefile 1.8 - pkgsrc/mail/squirrelmail-locales/PLIST 1.4 - pkgsrc/mail/squirrelmail-locales/distinfo 1.3 Module Name: pkgsrc Committed By: martti Date: Mon Jul 18 07:04:25 UTC 2005 Modified Files: pkgsrc/mail/ja-squirrelmail: Makefile PLIST distinfo Log Message: Updated mail/ja-squirrelmail to 1.4.5 * lots of bug fixes * translation updates --- Module Name: pkgsrc Committed By: martti Date: Mon Jul 18 07:04:27 UTC 2005 Modified Files: pkgsrc/mail/squirrelmail: Makefile PLIST buildlink3.mk distinfo pkgsrc/mail/squirrelmail/patches: patch-aa Removed Files: pkgsrc/mail/squirrelmail/patches: patch-ab Log Message: Updated mail/squirrelmail to 1.4.5 * lots of bug fixes * translation updates -- Module Name: pkgsrc Committed By: martti Date: Mon Jul 18 07:04:29 UTC 2005 Modified Files: pkgsrc/mail/squirrelmail-locales: Makefile PLIST distinfo Log Message: Updated mail/squirrelmail-locales * sync with squirrelmail 1.4.5
- Allow depends on ja-squirrelmail package in buildlink3.mk. - Some modification to MESSAGES: * remove trailing white space. * use www.example.com as example URL.
Updated mail/squirrelmail to 1.4.5 * lots of bug fixes * translation updates
Updated squirrelmail to 1.4.4nb1 * Fix several cross site scripting vulnerabilities http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0337
Initial version. This will be used by squirrelmail-locales.