![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.NetBSD.org] / pkgsrc / mail / squirrelmail
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.77 / (download) - annotate - [select for diffs], Mon Nov 13 15:59:03 2023 UTC (2 weeks, 4 days ago) by taca
Branch: MAIN
CVS Tags: HEAD
Changes since 1.76: +4 -4
lines
Diff to previous 1.76 (colored)
mail/squirrelmail: update to 1.4.23pre14997
Original changes are better support for PHP 8.2, avoiding deprecated
warnings.
pkgsrc changes
* Prefix PKGNAME with PHP_PKG_PREFIX.
* Introduce squirrelmail.mk for common definitions for other
squirrelmail related packages.
* EGDIR and SMDIR are under PHP_PKG_PREFIX, for example:
share/example/squirrelmail => share/example/php81/squirrelmail
share/squirrelmail => share/php81/squirrelmail
* Use EGDIR and SMDIR in PLIST and add PRINT_PLIST_AWK support.
Revision 1.76 / (download) - annotate - [select for diffs], Mon Dec 19 14:35:35 2022 UTC (11 months, 1 week ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2023Q3-base,
pkgsrc-2023Q3,
pkgsrc-2023Q2-base,
pkgsrc-2023Q2,
pkgsrc-2023Q1-base,
pkgsrc-2023Q1,
pkgsrc-2022Q4-base,
pkgsrc-2022Q4
Changes since 1.75: +4 -4
lines
Diff to previous 1.75 (colored)
mail/squirrelmail: update to 1.4.23pre14979 1.4.23 stable revision at 14979 (2022-12-06) * Fix poorly written timezone parsing.
Revision 1.75 / (download) - annotate - [select for diffs], Fri Sep 16 05:49:08 2022 UTC (14 months, 2 weeks ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2022Q3-base,
pkgsrc-2022Q3
Changes since 1.74: +4 -4
lines
Diff to previous 1.74 (colored)
mail/squirrelmail: update to 1.4.23pre14977 Update to latest svn snapshot. It includes various improvements for PHP 8 compatibility. Address to PR pkg/57012. Here are quote from commit log: 1.4.23pre14977 (2022-06-21) * Add cookie SameSite attribute; uses default if "Strict" but can be overridden by $same_site_cookies in config_local.php * Browser seems to respond better when deleting the cookie if you void its value also; helps actually get the cookie to be removed even though this feels more like a browser problem... maybe it does not like a date in 1970? * Make sure drafts are sent with the current date and not that of its previous 'Save Draft' action * Add option to prefix new mail number to the front of the org title (browser title bar) * Fix certain messages with headers in unknown charsets encoded as quoted printable showing up as blank sender/subject in message list * Add ability for plugins to request additional header fields in the message list lookup * Separate DNT and DSN * Add proper RFC 3461 DSN functionality (previously we relied only on the Return-Receipt-To header) * Cause message subject to show in page title when message view is loaded in its own window/tab * Implement SQL identifier quoting in all cases * Add option to folder prefs for marking deleted messages as read * Fix: Login mechanisms other than "login" were broken if server returned untagged data before login response * Greatly fix the plaintext display of messages that do not have a text part. * Add ability to explicitly set prefs DB connection charset * Add ability to explicitly set address book DB connection charset
Revision 1.74 / (download) - annotate - [select for diffs], Tue Oct 26 10:54:31 2021 UTC (2 years, 1 month ago) by nia
Branch: MAIN
CVS Tags: pkgsrc-2022Q2-base,
pkgsrc-2022Q2,
pkgsrc-2022Q1-base,
pkgsrc-2022Q1,
pkgsrc-2021Q4-base,
pkgsrc-2021Q4
Changes since 1.73: +2 -2
lines
Diff to previous 1.73 (colored)
mail: Replace RMD160 checksums with BLAKE2s checksums All checksums have been double-checked against existing RMD160 and SHA512 hashes The following distfiles were unfetchable (possibly fetched conditionally?): ./mail/qmail/distinfo netqmail-1.05-TAI-leapsecs.patch
Revision 1.73 / (download) - annotate - [select for diffs], Thu Oct 7 14:25:48 2021 UTC (2 years, 1 month ago) by nia
Branch: MAIN
Changes since 1.72: +1 -2
lines
Diff to previous 1.72 (colored)
mail: Remove SHA1 hashes for distfiles
Revision 1.72 / (download) - annotate - [select for diffs], Sun Mar 21 15:02:47 2021 UTC (2 years, 8 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2021Q3-base,
pkgsrc-2021Q3,
pkgsrc-2021Q2-base,
pkgsrc-2021Q2,
pkgsrc-2021Q1-base,
pkgsrc-2021Q1
Changes since 1.71: +5 -5
lines
Diff to previous 1.71 (colored)
mail/squirrelmail: update to 1.4.23pre14904 Update squirrelmail to 1.4.23pre14904, latest snapshot. 1.4.23pre revision 14904 (2021-03-13) - Added the ability to modify of the value of the global $PHP_SELF variable used throughout the SquirrelMail code. The administrator may do so by adding the configuration settings $php_self_pattern and $php_self_replacement to config/config_local.php, where the pattern should be a full regular expression including the delimiters. This may be helpful when the web server sees traffic from a proxy so the normal $PHP_SELF does not resolve to what it should be for the real client. - Users can now mouse over the checkbox on the message list to see who a message is from - Show more accurate filesize for uploaded files and base64-encoded attachments (when reading a message) - Migrate away from create_function() as long as we have PHP 5.3+
Revision 1.70.10.1 / (download) - annotate - [select for diffs], Fri Aug 9 12:38:43 2019 UTC (4 years, 3 months ago) by bsiegert
Branch: pkgsrc-2019Q2
Changes since 1.70: +5 -5
lines
Diff to previous 1.70 (colored) next main 1.71 (colored)
Pullup ticket #6012 - requested by taca
mail/squirrelmail: security fix
Revisions pulled up:
- mail/squirrelmail/Makefile 1.137
- mail/squirrelmail/PLIST 1.42
- mail/squirrelmail/distinfo 1.71
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Jul 24 03:49:35 UTC 2019
Modified Files:
pkgsrc/mail/squirrelmail: Makefile PLIST distinfo
Log Message:
mail/squirrelmail: update to 1.4.23pre14832
Update squirrelmail to 1.4.23pre14832.
- Changed anti-CSRF security token lifetime to be session-based.
- Added favicon and ability for admins to use their own by setting
$head_tag_extra in config_local.php (see documented comments in,
for example, src/webmail.php)
- Altered hook types "do_hook_function" and "concat_hook_function"
such that the ultimate hook return value (in its current state,
as computed (or not) by the plugins that have executed previously)
is both globalized and passed as an additional argument to each
plugin. This allows plugins to cooperate better and not overwrite
each other's return values.
- Updated SVG handling, closing several related vulnerabilities
(#2831) [CVE-2018-14950] [CVE-2018-14951] [CVE-2018-14952]
[CVE-2018-14953] [CVE-2018-14954] [CVE-2018-14955]
- Added IMAP ID command (RFC2971), sent after every login - use
by setting $imap_id_command_args in config/config_local.php
(see notes in functions/imap_general.php for more details)
- Fixed PHP7 warnings (#2847)
- Added handling for RCDATA and RAWTEXT elements in HTML sanitizer
[CVE-2019-12970]
Revision 1.71 / (download) - annotate - [select for diffs], Wed Jul 24 03:49:35 2019 UTC (4 years, 4 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2020Q4-base,
pkgsrc-2020Q4,
pkgsrc-2020Q3-base,
pkgsrc-2020Q3,
pkgsrc-2020Q2-base,
pkgsrc-2020Q2,
pkgsrc-2020Q1-base,
pkgsrc-2020Q1,
pkgsrc-2019Q4-base,
pkgsrc-2019Q4,
pkgsrc-2019Q3-base,
pkgsrc-2019Q3
Changes since 1.70: +5 -5
lines
Diff to previous 1.70 (colored)
mail/squirrelmail: update to 1.4.23pre14832 Update squirrelmail to 1.4.23pre14832. - Changed anti-CSRF security token lifetime to be session-based. - Added favicon and ability for admins to use their own by setting $head_tag_extra in config_local.php (see documented comments in, for example, src/webmail.php) - Altered hook types "do_hook_function" and "concat_hook_function" such that the ultimate hook return value (in its current state, as computed (or not) by the plugins that have executed previously) is both globalized and passed as an additional argument to each plugin. This allows plugins to cooperate better and not overwrite each other's return values. - Updated SVG handling, closing several related vulnerabilities (#2831) [CVE-2018-14950] [CVE-2018-14951] [CVE-2018-14952] [CVE-2018-14953] [CVE-2018-14954] [CVE-2018-14955] - Added IMAP ID command (RFC2971), sent after every login - use by setting $imap_id_command_args in config/config_local.php (see notes in functions/imap_general.php for more details) - Fixed PHP7 warnings (#2847) - Added handling for RCDATA and RAWTEXT elements in HTML sanitizer [CVE-2019-12970]
Revision 1.69.10.1 / (download) - annotate - [select for diffs], Sun May 6 11:41:44 2018 UTC (5 years, 6 months ago) by spz
Branch: pkgsrc-2018Q1
Changes since 1.69: +6 -7
lines
Diff to previous 1.69 (colored) next main 1.70 (colored)
Pullup ticket #5751 - requested by taca
mail/squirrelmail: security update
Revisions pulled up:
- mail/squirrelmail/Makefile 1.134
- mail/squirrelmail/distinfo 1.70
- mail/squirrelmail/patches/patch-ai 1.3
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Mon Apr 30 07:56:55 UTC 2018
Modified Files:
pkgsrc/mail/squirrelmail: Makefile distinfo
pkgsrc/mail/squirrelmail/patches: patch-ai
Log Message:
mail/squirrelmail: update to 1.4.23pre14764
Fix CVE-2018-8741 and more.
- Added ability (and user preference) to return to message list
after moving a message
- Search enhancement: Added ability to search in more than one
header without having to search the body
- Add ability for saved drafts to indicate if they are a reply and
if so, to which message, and mark that message as replied when
the draft is finally sent
- Added option to allow returning to the message one had been
replying to after sending
- Sanitize user-supplied attachment filenames (thanks to Florian
Grunow for reporting this issue) [CVE-2018-8741]
- Allow users who cannot edit their email address but who have
multiple identities to edit all their identities
To generate a diff of this commit:
cvs rdiff -u -r1.133 -r1.134 pkgsrc/mail/squirrelmail/Makefile
cvs rdiff -u -r1.69 -r1.70 pkgsrc/mail/squirrelmail/distinfo
cvs rdiff -u -r1.2 -r1.3 pkgsrc/mail/squirrelmail/patches/patch-ai
Revision 1.70 / (download) - annotate - [select for diffs], Mon Apr 30 07:56:55 2018 UTC (5 years, 7 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2019Q2-base,
pkgsrc-2019Q1-base,
pkgsrc-2019Q1,
pkgsrc-2018Q4-base,
pkgsrc-2018Q4,
pkgsrc-2018Q3-base,
pkgsrc-2018Q3,
pkgsrc-2018Q2-base,
pkgsrc-2018Q2
Branch point for: pkgsrc-2019Q2
Changes since 1.69: +6 -7
lines
Diff to previous 1.69 (colored)
mail/squirrelmail: update to 1.4.23pre14764
Fix CVE-2018-8741 and more.
- Added ability (and user preference) to return to message list
after moving a message
- Search enhancement: Added ability to search in more than one
header without having to search the body
- Add ability for saved drafts to indicate if they are a reply and
if so, to which message, and mark that message as replied when
the draft is finally sent
- Added option to allow returning to the message one had been
replying to after sending
- Sanitize user-supplied attachment filenames (thanks to Florian
Grunow for reporting this issue) [CVE-2018-8741]
- Allow users who cannot edit their email address but who have
multiple identities to edit all their identities
Revision 1.69 / (download) - annotate - [select for diffs], Wed Jun 21 15:07:03 2017 UTC (6 years, 5 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2018Q1-base,
pkgsrc-2017Q4-base,
pkgsrc-2017Q4,
pkgsrc-2017Q3-base,
pkgsrc-2017Q3,
pkgsrc-2017Q2-base,
pkgsrc-2017Q2
Branch point for: pkgsrc-2018Q1
Changes since 1.68: +5 -5
lines
Diff to previous 1.68 (colored)
Update squirrelmail to 1.4.23pre14688.
Note: CVE-2017-7692 is already fixed by 1.4.23pre14605nb1.
- compose_send hook now has $draft flag in hook arguments
- Fixed insufficient sendmail command argument escaping (thanks
to Mitchel Sahertian, Beyond Security/Dawid Golunski and Filippo
Cavallarin for bringing this to our attention). [CVE-2017-7692]
- Upgraded preferences for the delete_move_next plugin. Automatic
user preference updates are included, but note that if your
installation is new, or all user prefs have been converted from
"on"/"off" to 0/1 then you can add the following to SquirrelMail's
config/config_local.php to avoid convertign legacy values over and over:
$do_not_convert_delete_move_next_legacy_preferences = TRUE;
- Added ability to control the display of the "Check Spelling"
button provided by the squirrelspell plugin, which allows
administrators to offer this plugin but keep it out of the way
for users who do not want it. Put sqspell_show_button=0 in
default preferences if it should be hidden by default
Revision 1.67.4.1 / (download) - annotate - [select for diffs], Thu Apr 20 18:27:26 2017 UTC (6 years, 7 months ago) by bsiegert
Branch: pkgsrc-2017Q1
Changes since 1.67: +2 -1
lines
Diff to previous 1.67 (colored) next main 1.68 (colored)
Pullup ticket #5333 - requested by maya
mail/squirrelmail: security fix
Revisions pulled up:
- mail/squirrelmail/Makefile 1.132
- mail/squirrelmail/distinfo 1.68
- mail/squirrelmail/patches/patch-class_deliver_Deliver__SendMail.class.php 1.1
---
Module Name: pkgsrc
Committed By: maya
Date: Wed Apr 19 17:10:18 UTC 2017
Modified Files:
pkgsrc/mail/squirrelmail: Makefile distinfo
Added Files:
pkgsrc/mail/squirrelmail/patches:
patch-class_deliver_Deliver__SendMail.class.php
Log Message:
squirrelmail: patch remote code execution (CVE-2017-7692)
separately escape tainted input before feeding it into popen.
https://www.wearesegment.com/research/Squirrelmail-Remote-Code-Execution.html
patch from Filipo Cavallarin@wearesegment, who also found the vulnerability.
bump PKGREVISION
Revision 1.68 / (download) - annotate - [select for diffs], Wed Apr 19 17:10:18 2017 UTC (6 years, 7 months ago) by maya
Branch: MAIN
Changes since 1.67: +2 -1
lines
Diff to previous 1.67 (colored)
squirrelmail: patch remote code execution (CVE-2017-7692) separately escape tainted input before feeding it into popen. https://www.wearesegment.com/research/Squirrelmail-Remote-Code-Execution.html patch from Filipo Cavallarin@wearesegment, who also found the vulnerability. bump PKGREVISION
Revision 1.67 / (download) - annotate - [select for diffs], Thu Nov 17 15:10:07 2016 UTC (7 years ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2017Q1-base,
pkgsrc-2016Q4-base,
pkgsrc-2016Q4
Branch point for: pkgsrc-2017Q1
Changes since 1.66: +5 -6
lines
Diff to previous 1.66 (colored)
Update squirrelmail to 1.4.23pre14605, latest snapshot.
PHP 7.0 support should be improved, too.
- Added new "smtp_helo_override" hook; allows plugins to override
the HELO host sent to the SMTP server when sending messages
- Added STARTTLS support for both IMAP and SMTP connections
- Added PDO support for database connections, so no external
database module needs to be installed
Revision 1.65.2.1 / (download) - annotate - [select for diffs], Sun Oct 16 11:44:45 2016 UTC (7 years, 1 month ago) by spz
Branch: pkgsrc-2016Q3
Changes since 1.65: +1 -2
lines
Diff to previous 1.65 (colored) next main 1.66 (colored)
Pullup ticket #5128 - requested by bsiegert
mail/squirrelmail: build fix
Revisions pulled up:
- mail/squirrelmail/Makefile 1.130
- mail/squirrelmail/distinfo 1.66
- mail/squirrelmail/patches/patch-plugins_gpg_gpg_decrypt_attach.php deleted
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: manu
Date: Fri Sep 30 14:21:23 UTC 2016
Modified Files:
pkgsrc/mail/squirrelmail: Makefile distinfo
Removed Files:
pkgsrc/mail/squirrelmail/patches:
patch-plugins_gpg_gpg_decrypt_attach.php
Log Message:
Remove patch on a localy installed file that did not belong to the =
distribution
To generate a diff of this commit:
cvs rdiff -u -r1.129 -r1.130 pkgsrc/mail/squirrelmail/Makefile
cvs rdiff -u -r1.65 -r1.66 pkgsrc/mail/squirrelmail/distinfo
cvs rdiff -u -r1.1 -r0 pkgsrc/mail/squirrelmail/patches/patch-plugins_gpg_gpg_decrypt_attach.php
Revision 1.66 / (download) - annotate - [select for diffs], Fri Sep 30 14:21:23 2016 UTC (7 years, 2 months ago) by manu
Branch: MAIN
Changes since 1.65: +1 -2
lines
Diff to previous 1.65 (colored)
Remove patch on a localy installed file that did not belong to the distribution
Revision 1.65 / (download) - annotate - [select for diffs], Tue Sep 27 12:11:11 2016 UTC (7 years, 2 months ago) by manu
Branch: MAIN
CVS Tags: pkgsrc-2016Q3-base
Branch point for: pkgsrc-2016Q3
Changes since 1.64: +3 -1
lines
Diff to previous 1.64 (colored)
Syntax error and PHP 5 compatibility fixes in squirrelmail plugins From Jean-Jacques Puig
Revision 1.64 / (download) - annotate - [select for diffs], Tue Nov 3 23:27:22 2015 UTC (8 years ago) by agc
Branch: MAIN
CVS Tags: pkgsrc-2016Q2-base,
pkgsrc-2016Q2,
pkgsrc-2016Q1-base,
pkgsrc-2016Q1,
pkgsrc-2015Q4-base,
pkgsrc-2015Q4
Changes since 1.63: +2 -1
lines
Diff to previous 1.63 (colored)
Add SHA512 digests for distfiles for mail category Problems found locating distfiles: Package mutt: missing distfile patch-1.5.24.rr.compressed.gz Package p5-Email-Valid: missing distfile Email-Valid-1.198.tar.gz Package pine: missing distfile fancy.patch.gz Package postgrey: missing distfile targrey-0.31-postgrey-1.34.patch Package qmail: missing distfile badrcptto.patch Package qmail: missing distfile outgoingip.patch Package qmail: missing distfile qmail-1.03-realrcptto-2006.12.10.patch Package qmail: missing distfile qmail-smtpd-viruscan-1.3.patch Package thunderbird24: missing distfile enigmail-1.7.2.tar.gz Package thunderbird31: missing distfile enigmail-1.7.2.tar.gz Otherwise, existing SHA1 digests verified and found to be the same on the machine holding the existing distfiles (morden). All existing SHA1 digests retained for now as an audit trail.
Revision 1.63 / (download) - annotate - [select for diffs], Sun Sep 6 12:04:12 2015 UTC (8 years, 2 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2015Q3-base,
pkgsrc-2015Q3
Changes since 1.62: +4 -4
lines
Diff to previous 1.62 (colored)
Update squirrelmail to new snapshot, 1.4.23pre14523.
Should be fix PR pkg/50197.
Here is changes from previous pkgsrc's snapshot.
Version 1.4.23 - SVN
--------------------
...
- Added Solarized Light and Solarized Dark themes, by Pavneet Arora.
- Added associative edit list option widget, with optional folder
list selector for values
- Added option to use blank spacer instead of security image ("This
image has been removed for security reasons.") for replacing
unsafe images.
- Full date and time is used as "title" (mouseover) text for dates
shown on the message list screen
- Custom Stylesheets are now sorted on the Display Preferences page
- $xtra in the displayHtmlHeader function is now available in the
global scope so that plugins can modify it during the generic_header
hook
- Added some generic client-side (JavaScript) libraries (including
an asynchronous server request mechansim). See the new /scripts
directory (plugin authors can refer to the plugin documentation
for how to use them)
- Added optional JavaScript folder list refresh ("check mail")
mechanisms that try to avoid refreshing if server is not responding -
see the $check_mail_mechanism setting in config/config.php or the
"4. General Options ==> "21. Auto check mail mechanism" setting in
the configuration tool. (If you do not update your configuration,
you will get messages in your logs: "PHP Notice: Undefined variable:
check_mail_mechanism in /path/to/squirrelmail/src/left_main.php on
line 322...")
- Added advanced control over the SSL context used when connecting
to the SMTP and IMAP servers over SSL/TLS (thanks to Emmanuel
Dreyfus). You can take a look at $imap_stream_options and
$smtp_stream_options in config_local.example.php in SquirrelMail
version 1.5.2 for more information. These configuration settings
should work the same under 1.4.23:
http://sourceforge.net/p/squirrelmail/code/HEAD/tree/trunk/squirrelmail/config/config_local.example.php
- Added ability to show login error from the IMAP server instead of
traditional "Unknown user or password incorrect" (thanks to Alain
Williams). See $display_imap_login_error in the configuration
file or "4. General Options ==> 22. Display login error from IMAP"
in the configuration tool.
- Configuration tool now shows the SquirrelMail version
- Added new attachments_top hook to src/read_body.php
- When resuming a draft, correct (from) identity is now pre-selected
- Removed overly-restrictive character limitations on address book
nicknames
- Prevent session lock-up caused by filters plugin trying to move
messages in an account that is over quota
- Added MD5 alternative to directory hash calculation
- Added ability for administrator to control whether or not users
can edit their reply-to address ($edit_reply_to in config.php)
- Added new "login_before_page_header" (boolean) hook; allows
plugins to have more explicit control over login page header
Revision 1.62 / (download) - annotate - [select for diffs], Fri Dec 28 04:03:34 2012 UTC (10 years, 11 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2015Q2-base,
pkgsrc-2015Q2,
pkgsrc-2015Q1-base,
pkgsrc-2015Q1,
pkgsrc-2014Q4-base,
pkgsrc-2014Q4,
pkgsrc-2014Q3-base,
pkgsrc-2014Q3,
pkgsrc-2014Q2-base,
pkgsrc-2014Q2,
pkgsrc-2014Q1-base,
pkgsrc-2014Q1,
pkgsrc-2013Q4-base,
pkgsrc-2013Q4,
pkgsrc-2013Q3-base,
pkgsrc-2013Q3,
pkgsrc-2013Q2-base,
pkgsrc-2013Q2,
pkgsrc-2013Q1-base,
pkgsrc-2013Q1,
pkgsrc-2012Q4-base,
pkgsrc-2012Q4
Changes since 1.61: +6 -6
lines
Diff to previous 1.61 (colored)
Update squirrelmail to 1.4.23pre14345, snap shot from squirrelmail's
repository. Approved by wiz@.
* Now work well with PHP 5.4 and later.
Version 1.4.23 - SVN
--------------------
- Added capability to issue SEARCH commands in literal format (so that
non-ASCII search terms are handled RFC-correctly).
- Fixed hook name clash: new "smtp_auth" hook added in version 1.4.22
has been renamed to "smtp_authenticate"
- Added SASL PLAIN mechanism for IMAP logins; backported from version
1.5.2.
- Prevent syslog warning in call_user_func_array() call when no
arguments given. Patch from Jean-Philippe Guerard (#3309935).
- Changed the read_body_menu_top hook from concat_hook_function to
do_hook_function (plugin authors please note)
- Always ensure that the Reply-To header is a full email address in
outgoing messages
- Fixed issue with Noselect mailboxes being clickable in folder list
- Made performance improvements in mailbox listing
- Attachment filename extensions changed from ".msg" to ".eml"
- Unified address book searches somewhat: file-backed address books now
search in each field individually; database-backed address books now
search in fields other than first/last name (nickname, email); LDAP-
backed address books now search in common name fields as well as by
email address (cn, sn, givenname, mail)
- You may now enable LDAP-backed address books to be listed (using
the "List all" button on the address search screen accessed via
the "Addresses" button on the compose screen) by adding
"$ldap_abook_allow_listing = TRUE;" (without quotes) to
config/config_local.php (previously, this required editing of a
file).
- Added ability to control browser rendering mode (quirks versus
standards) - see the $browser_rendering_mode setting in
config/config.php or the "4. General Options ==> 19. Browser
rendering mode" setting in the configuration tool (#3240356).
- Added "search_index_before" hook (analog of the "mailbox_index_before"
hook)
- Made performance improvements in security token handling
- Improvements for compatibility with PHP 5.4.
- Added option that allows users to have replies to their own
messages sent to the recipient of the previous message (#3520988).
Revision 1.60.8.1 / (download) - annotate - [select for diffs], Wed Jul 13 19:09:16 2011 UTC (12 years, 4 months ago) by tron
Branch: pkgsrc-2011Q2
Changes since 1.60: +4 -4
lines
Diff to previous 1.60 (colored) next main 1.61 (colored)
Pullup ticket #3472 - requested by taca
mail/squirrelmail: security update
Revisions pulled up:
- mail/squirrelmail/MESSAGE 1.6
- mail/squirrelmail/Makefile 1.117-1.118
- mail/squirrelmail/PLIST 1.38
- mail/squirrelmail/distinfo 1.61
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Jul 13 01:30:34 UTC 2011
Modified Files:
pkgsrc/mail/squirrelmail: Makefile
Log Message:
take MAINTAINER.
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Jul 13 12:22:44 UTC 2011
Modified Files:
pkgsrc/mail/squirrelmail: MESSAGE Makefile PLIST distinfo
Log Message:
Update squirrelmail package to 1.4.22.
Version 1.4.22 - 12 July 2011
-----------------------------
- Backported default timezone fix from version 1.5.2; helps mitigate
timezone errors in environments where a default has not been set
by the administrator.
- Fixed system lock-ups caused by a combination of certain rare,
malformed message headers and buggy versions of PHP mbstring
(#3053349).
- Now allow multiple plugins to handle (add links for) a single
attachment MIME type.
- Now allow administrators to disable all plugins or enable just
a select few plugins (overriding the active plugins in the normal
configuration) by setting $temporary_plugins as an empty array
(all disabled) or an array with one or more plugin directory names
in config_local.php.
- Backport fix for call_user_func_array not supporting NULL as empty
array in PHP 5.3.3
- Fixed sqauth_read_password() for plugins on the login_verified hook.
- Added SMTP SASL PLAIN authentication option to configuration tool
(core support for such is not new).
- Gmail doens't support standard search commands; removed sort buttons.
- Forced addition of a file suffix to attachments that lack a filename
(helps forwarded messages avoid spam filters) (thanks to Petr
Kletecka) (#3139004).
- Fixed missing security token in listcommands plugin.
- Added smtp_auth hook (thanks to Emmanuel Dreyfus).
- Made speed enhancements to threaded message display (thanks to Siim
Poder) (#3288123).
- Allow administrators to configure subfolders of user INBOXes to be
treated as special folders by adding $subfolders_of_inbox_are_special
to config_local.php.
- Fixed incorrect display of INBOX subfolders under some configurations.
IMPORTANT: You may need to update your configuration so that
$default_sub_of_inbox is TRUE if it was FALSE (e.g., Courier IMAP users)
and after updating to this version, your special folders are no longer
listed at the top of your folder list. Also, if this change prevents
users from logging in with an error such as "ERROR: Could not complete
request. Query: CREATE "Trash" Reason Given: Invalid mailbox name.",
you will need to correct the user preference values for the problem
folders. You can do so with commands such as the following for file-
based preferences (adjust the data directory location as needed):
find /var/lib/squirrelmail/data/ -name *.pref -exec sed --in-place 's/trash_folder=Trash/trash_folder=INBOX.Trash/g' {} \;
find /var/lib/squirrelmail/data/ -name *.pref -exec sed --in-place 's/trash_folder=Drafts/trash_folder=INBOX.Drafts/g' {} \;
find /var/lib/squirrelmail/data/ -name *.pref -exec sed --in-place 's/trash_folder=Sent/trash_folder=INBOX.Sent/g' {} \;
Or, for database-based preferences:
UPDATE userprefs SET prefval = 'INBOX.Trash' WHERE prefkey = 'trash_folder' AND prefval = 'Trash';
UPDATE userprefs SET prefval = 'INBOX.Drafts' WHERE prefkey = 'draft_folder' AND prefval = 'Drafts';
UPDATE userprefs SET prefval = 'INBOX.Sent' WHERE prefkey = 'sent_folder' AND prefval = 'Sent';
MAKE SURE to back up your user preferences first!
- Optimized message highlighting rules; faster message list display
and faster highlight rules management (thanks to C. Bensend for
extensive effort helping diagnose)
- New Mail plugin no longer removes normal organization title when
putting the number of new messages in the browser title
- Added clickjacking protection (thanks to Asbjorn Thorsen and Geir
Hansen for bringing this to our attention). [CVE-2010-4554]
- Fixed XSS holes in generic options inputs, XSS hole in the SquirrelSpell
plugin, XSS hole in the Index Order page, and added anti-CSRF protection
to the empty trash feature and the Index Order page (thanks to Nicholas
Carlini for finding all these issues). [CVE-2010-4555]
- Fixed XSS problem with unsanitized style tags in messages. [CVE-2011-2023]
Revision 1.61 / (download) - annotate - [select for diffs], Wed Jul 13 12:22:44 2011 UTC (12 years, 4 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2012Q3-base,
pkgsrc-2012Q3,
pkgsrc-2012Q2-base,
pkgsrc-2012Q2,
pkgsrc-2012Q1-base,
pkgsrc-2012Q1,
pkgsrc-2011Q4-base,
pkgsrc-2011Q4,
pkgsrc-2011Q3-base,
pkgsrc-2011Q3
Changes since 1.60: +4 -4
lines
Diff to previous 1.60 (colored)
Update squirrelmail package to 1.4.22.
Version 1.4.22 - 12 July 2011
-----------------------------
- Backported default timezone fix from version 1.5.2; helps mitigate
timezone errors in environments where a default has not been set
by the administrator.
- Fixed system lock-ups caused by a combination of certain rare,
malformed message headers and buggy versions of PHP mbstring
(#3053349).
- Now allow multiple plugins to handle (add links for) a single
attachment MIME type.
- Now allow administrators to disable all plugins or enable just
a select few plugins (overriding the active plugins in the normal
configuration) by setting $temporary_plugins as an empty array
(all disabled) or an array with one or more plugin directory names
in config_local.php.
- Backport fix for call_user_func_array not supporting NULL as empty
array in PHP 5.3.3
- Fixed sqauth_read_password() for plugins on the login_verified hook.
- Added SMTP SASL PLAIN authentication option to configuration tool
(core support for such is not new).
- Gmail doens't support standard search commands; removed sort buttons.
- Forced addition of a file suffix to attachments that lack a filename
(helps forwarded messages avoid spam filters) (thanks to Petr
Kletecka) (#3139004).
- Fixed missing security token in listcommands plugin.
- Added smtp_auth hook (thanks to Emmanuel Dreyfus).
- Made speed enhancements to threaded message display (thanks to Siim
Poder) (#3288123).
- Allow administrators to configure subfolders of user INBOXes to be
treated as special folders by adding $subfolders_of_inbox_are_special
to config_local.php.
- Fixed incorrect display of INBOX subfolders under some configurations.
IMPORTANT: You may need to update your configuration so that
$default_sub_of_inbox is TRUE if it was FALSE (e.g., Courier IMAP users)
and after updating to this version, your special folders are no longer
listed at the top of your folder list. Also, if this change prevents
users from logging in with an error such as "ERROR: Could not complete
request. Query: CREATE "Trash" Reason Given: Invalid mailbox name.",
you will need to correct the user preference values for the problem
folders. You can do so with commands such as the following for file-
based preferences (adjust the data directory location as needed):
find /var/lib/squirrelmail/data/ -name *.pref -exec sed --in-place 's/trash_folder=Trash/trash_folder=INBOX.Trash/g' {} \;
find /var/lib/squirrelmail/data/ -name *.pref -exec sed --in-place 's/trash_folder=Drafts/trash_folder=INBOX.Drafts/g' {} \;
find /var/lib/squirrelmail/data/ -name *.pref -exec sed --in-place 's/trash_folder=Sent/trash_folder=INBOX.Sent/g' {} \;
Or, for database-based preferences:
UPDATE userprefs SET prefval = 'INBOX.Trash' WHERE prefkey = 'trash_folder' AND prefval = 'Trash';
UPDATE userprefs SET prefval = 'INBOX.Drafts' WHERE prefkey = 'draft_folder' AND prefval = 'Drafts';
UPDATE userprefs SET prefval = 'INBOX.Sent' WHERE prefkey = 'sent_folder' AND prefval = 'Sent';
MAKE SURE to back up your user preferences first!
- Optimized message highlighting rules; faster message list display
and faster highlight rules management (thanks to C. Bensend for
extensive effort helping diagnose)
- New Mail plugin no longer removes normal organization title when
putting the number of new messages in the browser title
- Added clickjacking protection (thanks to Asbjorn Thorsen and Geir
Hansen for bringing this to our attention). [CVE-2010-4554]
- Fixed XSS holes in generic options inputs, XSS hole in the SquirrelSpell
plugin, XSS hole in the Index Order page, and added anti-CSRF protection
to the empty trash feature and the Index Order page (thanks to Nicholas
Carlini for finding all these issues). [CVE-2010-4555]
- Fixed XSS problem with unsanitized style tags in messages. [CVE-2011-2023]
Revision 1.59.4.1 / (download) - annotate - [select for diffs], Sun Jul 25 11:41:03 2010 UTC (13 years, 4 months ago) by spz
Branch: pkgsrc-2010Q2
Changes since 1.59: +4 -4
lines
Diff to previous 1.59 (colored) next main 1.60 (colored)
Pullup ticket 3181 - requested by tron
security update
Revisions pulled up:
- pkgsrc/mail/squirrelmail/Makefile 1.115
- pkgsrc/mail/squirrelmail/PLIST 1.37
- pkgsrc/mail/squirrelmail/distinfo 1.60
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tron
Date: Sat Jul 24 12:20:34 UTC 2010
Modified Files:
pkgsrc/mail/squirrelmail: Makefile PLIST distinfo
Log Message:
Update "squirremail" package to version 1.4.21. Changes since 1.4.20:
- Now allow more than one plugin to control the compose form submit action.
- When sorting by received date, the received date is now shown on the
message list.
- Explicitly disable browser caching for left_main and right_main pages
(#2983134).
- Fix error with SpamCop reporting plugin not being able to send report as
emails (#1795310).
- Fix typo in SpamCop plugin.
- Reduced default time security tokens stay valid from 30 days to 2 days
(reduces chances of session data growing too large)
- Several speed enhancements for recent fixes regarding the display of
encoded subjects, including a fix for messages with invalid subject
encoding (includes #2987016 amongst several other issues reported via
mailing list, etc.) (Many thanks to Zdenek Pytela for the untiring help
diagnosing and testing.)
- Fixed minor vulnerability in Mail Fetch plugin.
[CVE-2010-1637/TEHTRI-SA-2010-009]
- Now properly quote personal part of encoded addresses when replying.
- Now fill in default subject when forwarding as attachment (#2936541).
- Implement header folding that doesn't add extraneous spaces so unfolding
is less ambiguous (#1951776).
- Fixed issues caused by use of PostgreSQL keyword "user" in SquirrelMail's
default preferences database schema (#2943483).
- Fixed attachment filename decoding problems (#2994865).
- Now default search criteria to the TO header when searching the sent fold=
er.
- Fixed literal processing of 8-bit usernames/passwords during login.
[CVE-2010-2813]
To generate a diff of this commit:
cvs rdiff -u -r1.114 -r1.115 pkgsrc/mail/squirrelmail/Makefile
cvs rdiff -u -r1.36 -r1.37 pkgsrc/mail/squirrelmail/PLIST
cvs rdiff -u -r1.59 -r1.60 pkgsrc/mail/squirrelmail/distinfo
Revision 1.60 / (download) - annotate - [select for diffs], Sat Jul 24 12:20:33 2010 UTC (13 years, 4 months ago) by tron
Branch: MAIN
CVS Tags: pkgsrc-2011Q2-base,
pkgsrc-2011Q1-base,
pkgsrc-2011Q1,
pkgsrc-2010Q4-base,
pkgsrc-2010Q4,
pkgsrc-2010Q3-base,
pkgsrc-2010Q3
Branch point for: pkgsrc-2011Q2
Changes since 1.59: +4 -4
lines
Diff to previous 1.59 (colored)
Update "squirremail" package to version 1.4.21. Changes since 1.4.20: - Now allow more than one plugin to control the compose form submit action. - When sorting by received date, the received date is now shown on the message list. - Explicitly disable browser caching for left_main and right_main pages (#2983134). - Fix error with SpamCop reporting plugin not being able to send report as emails (#1795310). - Fix typo in SpamCop plugin. - Reduced default time security tokens stay valid from 30 days to 2 days (reduces chances of session data growing too large) - Several speed enhancements for recent fixes regarding the display of encoded subjects, including a fix for messages with invalid subject encoding (includes #2987016 amongst several other issues reported via mailing list, etc.) (Many thanks to Zdenek Pytela for the untiring help diagnosing and testing.) - Fixed minor vulnerability in Mail Fetch plugin. [CVE-2010-1637/TEHTRI-SA-2010-009] - Now properly quote personal part of encoded addresses when replying. - Now fill in default subject when forwarding as attachment (#2936541). - Implement header folding that doesn't add extraneous spaces so unfolding is less ambiguous (#1951776). - Fixed issues caused by use of PostgreSQL keyword "user" in SquirrelMail's default preferences database schema (#2943483). - Fixed attachment filename decoding problems (#2994865). - Now default search criteria to the TO header when searching the sent folder. - Fixed literal processing of 8-bit usernames/passwords during login. [CVE-2010-2813]
Revision 1.59 / (download) - annotate - [select for diffs], Sun Mar 7 03:41:49 2010 UTC (13 years, 8 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2010Q2-base,
pkgsrc-2010Q1-base,
pkgsrc-2010Q1
Branch point for: pkgsrc-2010Q2
Changes since 1.58: +6 -27
lines
Diff to previous 1.58 (colored)
Update squirrelmail pacakge to 1.4.20.
Version 1.4.20 - 06 Mar 2010
---------------------------
- Fixed issue with search not using literals correctly (#2846511).
- Fixed issue with returning to search results due to new security token
code.
- Fixed issue with multi-part related messages not showing all attachments
(#2830140).
- Fixed for security token missing in newmail plugin (#2919418).
- Fixed sort in Sent folder to sort by "To" field instead of "From" field
(#2907412).
- Fixed mailto: urls containing + characters. Thanks to Michael Puls II
for the patch.
- Made base URL autodetection more robust; fixes some lighttpd issues
(probably #1741469).
- Encoded From headers are now properly quoted (#2830141).
- Multibyte strings (notably subjects) are now handled correctly (#2824813,
#2925731).
- X-DNS-Prefetch-Control: off header is now sent to browsers to prevent
information leakage when Firefox does DNS prefetching for URLs contained
in emails.
- Added unread links in message view.
- Added the ability to configure Google Mail (Gmail) as the mail server
behind SquirrelMail.
- Added option in display preferences that allows the signature to be
stripped from the original message when replying (#2952876). Thanks to
Sven Strickroth.
Revision 1.58 / (download) - annotate - [select for diffs], Thu Mar 4 16:00:37 2010 UTC (13 years, 9 months ago) by taca
Branch: MAIN
Changes since 1.57: +24 -3
lines
Diff to previous 1.57 (colored)
Overhaul squirrelmail package: * Add DESTDIR support. * Add more changes from squirrelmail's repositry including secure token support, hoping early release of real 1.4.20. Bump PKGREVISION.
Revision 1.57 / (download) - annotate - [select for diffs], Fri Feb 5 17:40:51 2010 UTC (13 years, 9 months ago) by wiz
Branch: MAIN
Changes since 1.56: +2 -1
lines
Diff to previous 1.56 (colored)
Add a patch from Jonathan Angliss fixing IMAP search problems: http://thread.gmane.org/gmane.mail.squirrelmail.user/36642 Bump PKGREVISION.
Revision 1.56 / (download) - annotate - [select for diffs], Sun Oct 4 01:27:15 2009 UTC (14 years, 2 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2009Q4-base,
pkgsrc-2009Q4,
pkgsrc-2009Q3-base,
pkgsrc-2009Q3
Changes since 1.55: +3 -1
lines
Diff to previous 1.55 (colored)
Add two small fix: * Use case ignore match for detecting encoded header. This is language independent problem. * Improve handling of file name of attachment in Japanese environment. These fixes make squirrelmail usable after remove of japaneses patch. Bump PKGREVISION.
Revision 1.54.2.1 / (download) - annotate - [select for diffs], Sat Aug 29 13:02:45 2009 UTC (14 years, 3 months ago) by spz
Branch: pkgsrc-2009Q2
Changes since 1.54: +4 -10
lines
Diff to previous 1.54 (colored) next main 1.55 (colored)
Pullup ticket 2875 - requested by tron
security update
Revisions pulled up:
- pkgsrc/mail/squirrelmail/Makefile 1.108
- pkgsrc/mail/squirrelmail/PLIST 1.33
- pkgsrc/mail/squirrelmail/distinfo 1.55
Module Name: pkgsrc
Committed By: tron
Date: Wed Aug 26 12:47:17 UTC 2009
Modified Files:
pkgsrc/mail/squirrelmail: Makefile PLIST distinfo
Log Message:
Update "squirremail" package to version 1.4.20rc2. Changes since 1.4.19:
- Protect message deletion with security token system.
(Secunia Advisory SA346)
- Removed the shut down DSBL blocklists (#2796734).
- Fixed broken RFC1918 reference in contrib/.htaccess and doc/.htaccess
(#2798839).
- Updated INSTALL doc to remove possible bad system admin typos (#2827153).
- PHP 5.3 deprecates ereg functions (#2820952).
- Filters plugin uses badly formatted literals request (#2805201).
- Provide option for complete removal of usernames and user IP addresses
from message headers, and remove personal data from Message ID seed.
(#880029/847107)
- Implemented page referal verification mechanism.
(Secunia Advisory SA34627)
- Implemented security token system. (Secunia Advisory SA34627)
Approved by Martti Kuparinen.
To generate a diff of this commit:
cvs rdiff -u -r1.107 -r1.108 pkgsrc/mail/squirrelmail/Makefile
cvs rdiff -u -r1.32 -r1.33 pkgsrc/mail/squirrelmail/PLIST
cvs rdiff -u -r1.54 -r1.55 pkgsrc/mail/squirrelmail/distinfo
Revision 1.55 / (download) - annotate - [select for diffs], Wed Aug 26 12:47:17 2009 UTC (14 years, 3 months ago) by tron
Branch: MAIN
Changes since 1.54: +4 -10
lines
Diff to previous 1.54 (colored)
Update "squirremail" package to version 1.4.20rc2. Changes since 1.4.19: - Protect message deletion with security token system. (Secunia Advisory SA346) - Removed the shut down DSBL blocklists (#2796734). - Fixed broken RFC1918 reference in contrib/.htaccess and doc/.htaccess (#2798839). - Updated INSTALL doc to remove possible bad system admin typos (#2827153). - PHP 5.3 deprecates ereg functions (#2820952). - Filters plugin uses badly formatted literals request (#2805201). - Provide option for complete removal of usernames and user IP addresses from message headers, and remove personal data from Message ID seed. (#880029/847107) - Implemented page referal verification mechanism. (Secunia Advisory SA34627) - Implemented security token system. (Secunia Advisory SA34627) Approved by Martti Kuparinen.
Revision 1.50.4.3 / (download) - annotate - [select for diffs], Fri May 22 10:18:40 2009 UTC (14 years, 6 months ago) by tron
Branch: pkgsrc-2009Q1
Changes since 1.50.4.2: +6 -6
lines
Diff to previous 1.50.4.2 (colored) to branchpoint 1.50 (colored) next main 1.51 (colored)
Pullup ticket #2777 - requested by martti squirrelmail: security update Revisions pulled up: - mail/squirrelmail/Makefile 1.106 - mail/squirrelmail/PLIST 1.30-1.31 - mail/squirrelmail/buildlink3.mk 1.22 - mail/squirrelmail/distinfo 1.53 - mail/squirrelmail/options.mk 1.12-1.13 --- Module Name: pkgsrc Committed By: martti Date: Fri May 22 07:04:13 UTC 2009 Modified Files: pkgsrc/mail/squirrelmail: Makefile PLIST distinfo Log Message: Updated squirrelmail to 1.4.19 The security fix to map_yp_alias in 1.4.18 turned out to be incomplete. We also expierenced some regressions in the updated filter plugin. Both are addressed in this new release 1.4.19 which contains a few other small fixes aswell. If you do not use map_yp_alias or the filters plugin there's no urgent need to upgrade now if you already installed 1.4.18. If you are still on an older release than 1.4.18 (or use the mentioned functionality) we do urge you to upgrade as soon as possible as 1.4.18 and 1.4.19 combined fix some important security issues. Those using the development branch (1.5.x) should install a recent SVN snapshot. --- Module Name: pkgsrc Committed By: martti Date: Fri May 22 07:05:14 UTC 2009 Modified Files: pkgsrc/mail/squirrelmail: buildlink3.mk Log Message: Updated --- Module Name: pkgsrc Committed By: martti Date: Fri May 22 08:23:02 UTC 2009 Modified Files: pkgsrc/mail/squirrelmail: PLIST options.mk Log Message: Fixed PLIST issues. --- Module Name: pkgsrc Committed By: taca Date: Fri May 22 08:50:19 UTC 2009 Modified Files: pkgsrc/mail/squirrelmail: Makefile distinfo options.mk Log Message: Update Japanese patch. Bump PKGREVISION.
Revision 1.54 / (download) - annotate - [select for diffs], Fri May 22 08:50:19 2009 UTC (14 years, 6 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2009Q2-base
Branch point for: pkgsrc-2009Q2
Changes since 1.53: +4 -4
lines
Diff to previous 1.53 (colored)
Update Japanese patch. Bump PKGREVISION.
Revision 1.53 / (download) - annotate - [select for diffs], Fri May 22 07:04:12 2009 UTC (14 years, 6 months ago) by martti
Branch: MAIN
Changes since 1.52: +4 -4
lines
Diff to previous 1.52 (colored)
Updated squirrelmail to 1.4.19 The security fix to map_yp_alias in 1.4.18 turned out to be incomplete. We also expierenced some regressions in the updated filter plugin. Both are addressed in this new release 1.4.19 which contains a few other small fixes aswell. If you do not use map_yp_alias or the filters plugin there's no urgent need to upgrade now if you already installed 1.4.18. If you are still on an older release than 1.4.18 (or use the mentioned functionality) we do urge you to upgrade as soon as possible as 1.4.18 and 1.4.19 combined fix some important security issues. Those using the development branch (1.5.x) should install a recent SVN snapshot.
Revision 1.50.4.2 / (download) - annotate - [select for diffs], Sun May 17 14:33:22 2009 UTC (14 years, 6 months ago) by tron
Branch: pkgsrc-2009Q1
Changes since 1.50.4.1: +3 -0
lines
Diff to previous 1.50.4.1 (colored) to branchpoint 1.50 (colored)
Pullup ticket #2772 - requested by taca squirrelmail: Re-add Japanese language option Revisions pulled up: - mail/squirrelmail/Makefile 1.104-1.105 - mail/squirrelmail/distinfo 1.52 - mail/squirrelmail/options.mk 1.11 --- Module Name: pkgsrc Committed By: taca Date: Thu May 14 14:24:50 UTC 2009 Modified Files: pkgsrc/mail/squirrelmail: Makefile Log Message: Since iso_2022_jp.php isn't included in squirrelmail distribution, remove extra pre-configure processing. --- Module Name: pkgsrc Committed By: taca Date: Fri May 15 13:01:00 UTC 2009 Modified Files: pkgsrc/mail/squirrelmail: Makefile distinfo options.mk Log Message: Enable squirrelmail-japanese option with Japanese patch: squirrelmail-1.4.16-ja-20081013-patch. Bump PKGREVISION.
Revision 1.52 / (download) - annotate - [select for diffs], Fri May 15 13:01:00 2009 UTC (14 years, 6 months ago) by taca
Branch: MAIN
Changes since 1.51: +4 -1
lines
Diff to previous 1.51 (colored)
Enable squirrelmail-japanese option with Japanese patch: squirrelmail-1.4.16-ja-20081013-patch. Bump PKGREVISION.
Revision 1.50.4.1 / (download) - annotate - [select for diffs], Thu May 14 09:08:59 2009 UTC (14 years, 6 months ago) by tron
Branch: pkgsrc-2009Q1
Changes since 1.50: +7 -10
lines
Diff to previous 1.50 (colored)
Ticket #2765 - requested by martti squirrelmail: security update Revisions pulled up: - mail/squirrelmail/Makefile 1.103 - mail/squirrelmail/PLIST 1.29 - mail/squirrelmail/distinfo 1.51 - mail/squirrelmail/options.mk 1.10 --- Module Name: pkgsrc Committed By: martti Date: Thu May 14 06:54:39 UTC 2009 Modified Files: pkgsrc/mail/squirrelmail: Makefile PLIST distinfo options.mk Log Message: Updated mail/squirrelmail to 1.4.18 The SquirrelMail Team is pleased to announce the release of SquirrelMail version 1.4.18. The most notable changes for this version are several security fixes, including a couple XSS exploits, a session fixation issue, and an obscure but dangerous server-side code execution hole. However, this version also includes three new languages and more than a few enhancements to things such as the filters plugin, the address book system and other things under the hood. For more complete details, see the ReleaseNotes and ChangeLog files included in this release (they have moved to the doc/ directory). We advise all users of SquirrelMail software to upgrade.
Revision 1.51 / (download) - annotate - [select for diffs], Thu May 14 06:54:39 2009 UTC (14 years, 6 months ago) by martti
Branch: MAIN
Changes since 1.50: +7 -10
lines
Diff to previous 1.50 (colored)
Updated mail/squirrelmail to 1.4.18 The SquirrelMail Team is pleased to announce the release of SquirrelMail version 1.4.18. The most notable changes for this version are several security fixes, including a couple XSS exploits, a session fixation issue, and an obscure but dangerous server-side code execution hole. However, this version also includes three new languages and more than a few enhancements to things such as the filters plugin, the address book system and other things under the hood. For more complete details, see the ReleaseNotes and ChangeLog files included in this release (they have moved to the doc/ directory). We advise all users of SquirrelMail software to upgrade.
Revision 1.48.2.1 / (download) - annotate - [select for diffs], Thu Dec 4 10:24:38 2008 UTC (15 years ago) by tron
Branch: pkgsrc-2008Q3
Changes since 1.48: +7 -7
lines
Diff to previous 1.48 (colored) next main 1.49 (colored)
Pullup ticket #2605 - requested by martti
squirremal: security update
Revisions pulled up:
- mail/squirrelmail/Makefile 1.100-1.101
- mail/squirrelmail/PLIST 1.28
- mail/squirrelmail/buildlink3.mk 1.20
- mail/squirrelmail/distinfo 1.49-1.50
- mail/squirrelmail/options.mk 1.9
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Nov 19 14:47:51 UTC 2008
Modified Files:
pkgsrc/mail/squirrelmail: Makefile distinfo options.mk
Log Message:
Update Japanese patch to squirrelmail-1.4.16-ja-20081013.
No functional should be changed though.
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: martti
Date: Thu Dec 4 07:18:47 UTC 2008
Modified Files:
pkgsrc/mail/squirrelmail: Makefile PLIST buildlink3.mk distinfo
Log Message:
Updated mail/squirrelmail to 1.4.17
The SquirrelMail team is happy to announce the release of version 1.4.17. The
most notable change is a security fix that prevents certain specially-crafted
hyperlinks within messages from executing cross-site scripting attacks. For
other details, see the ReleaseNotes file included in this release. We advise
all users of SquirrelMail software to upgrade.
Revision 1.50 / (download) - annotate - [select for diffs], Thu Dec 4 07:18:46 2008 UTC (15 years ago) by martti
Branch: MAIN
CVS Tags: pkgsrc-2009Q1-base,
pkgsrc-2008Q4-base,
pkgsrc-2008Q4
Branch point for: pkgsrc-2009Q1
Changes since 1.49: +4 -4
lines
Diff to previous 1.49 (colored)
Updated mail/squirrelmail to 1.4.17 The SquirrelMail team is happy to announce the release of version 1.4.17. The most notable change is a security fix that prevents certain specially-crafted hyperlinks within messages from executing cross-site scripting attacks. For other details, see the ReleaseNotes file included in this release. We advise all users of SquirrelMail software to upgrade.
Revision 1.49 / (download) - annotate - [select for diffs], Wed Nov 19 14:47:51 2008 UTC (15 years ago) by taca
Branch: MAIN
Changes since 1.48: +4 -4
lines
Diff to previous 1.48 (colored)
Update Japanese patch to squirrelmail-1.4.16-ja-20081013. No functional should be changed though. Bump PKGREVISION.
Revision 1.48 / (download) - annotate - [select for diffs], Sun Sep 28 17:32:26 2008 UTC (15 years, 2 months ago) by martti
Branch: MAIN
CVS Tags: pkgsrc-2008Q3-base
Branch point for: pkgsrc-2008Q3
Changes since 1.47: +5 -5
lines
Diff to previous 1.47 (colored)
Updated mail/squirrelmail to 1.4.16 The SquirrelMail team is happy to announce the release 1.4.16. The most notable change is that cookies are now sent with the secure attribute set for HTTPS-connections, meaning that they cannot leak to an HTTP-connection on the same SquirrelMail installation. For details see the included ReleaseNotes. We advise users that offer their SquirrelMail both over HTTP and HTTPS to upgrade.
Revision 1.47 / (download) - annotate - [select for diffs], Tue May 27 12:40:37 2008 UTC (15 years, 6 months ago) by martti
Branch: MAIN
CVS Tags: pkgsrc-2008Q2-base,
pkgsrc-2008Q2,
cwrapper,
cube-native-xorg-base,
cube-native-xorg
Changes since 1.46: +8 -8
lines
Diff to previous 1.46 (colored)
Version 1.4.15 - 23 May 2008
Revision 1.42.2.3 / (download) - annotate - [select for diffs], Mon Dec 17 15:38:55 2007 UTC (15 years, 11 months ago) by ghen
Branch: pkgsrc-2007Q3
Changes since 1.42.2.2: +7 -7
lines
Diff to previous 1.42.2.2 (colored) to branchpoint 1.42 (colored) next main 1.43 (colored)
Pullup ticket 2246 - requested by martti security update for squirrelmail - pkgsrc/mail/squirrelmail/Makefile 1.96, 1.97 - pkgsrc/mail/squirrelmail/PLIST 1.25 - pkgsrc/mail/squirrelmail/distinfo 1.45, 1.46 - pkgsrc/mail/squirrelmail/options.mk 1.7 Module Name: pkgsrc Committed By: martti Date: Fri Dec 14 20:44:35 UTC 2007 Modified Files: pkgsrc/mail/squirrelmail: Makefile PLIST distinfo Log Message: Updated mail/squirrelmail to 1.4.13 (pkgsrc notice: we were using the original, known-to-be-good 1.4.12 distfile so all your servers should be fine) Due to the package compromise of 1.4.11, and 1.4.12, we are forced to release 1.4.13 to ensure no confusions. While initial review didn't uncover a need for concern, several proof of concepts show that the package alterations introduce a high risk security issue, allowing remote inclusion of files. These changes would allow a remote user the ability to execute exploit code on a victim machine, without any user interaction on the victim's server. This could grant the attacker the ability to deploy further code on the victim's server. We *STRONGLY* advise all users of 1.4.11, and 1.4.12 upgrade immediately. --- Module Name: pkgsrc Committed By: taca Date: Sat Dec 15 13:58:12 UTC 2007 Modified Files: pkgsrc/mail/squirrelmail: Makefile distinfo options.mk Log Message: Catch up squirrelmail-japanese patch to 1.4.12-ja-20071205. Bump PKG_REVISION.
Revision 1.46 / (download) - annotate - [select for diffs], Sat Dec 15 13:58:11 2007 UTC (15 years, 11 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2008Q1-base,
pkgsrc-2008Q1,
pkgsrc-2007Q4-base,
pkgsrc-2007Q4
Changes since 1.45: +4 -4
lines
Diff to previous 1.45 (colored)
Catch up squirrelmail-japanese patch to 1.4.12-ja-20071205. Bump PKG_REVISION.
Revision 1.45 / (download) - annotate - [select for diffs], Fri Dec 14 20:44:35 2007 UTC (15 years, 11 months ago) by martti
Branch: MAIN
Changes since 1.44: +4 -4
lines
Diff to previous 1.44 (colored)
Updated mail/squirrelmail to 1.4.13 (pkgsrc notice: we were using the original, known-to-be-good 1.4.12 distfile so all your servers should be fine) Due to the package compromise of 1.4.11, and 1.4.12, we are forced to release 1.4.13 to ensure no confusions. While initial review didn't uncover a need for concern, several proof of concepts show that the package alterations introduce a high risk security issue, allowing remote inclusion of files. These changes would allow a remote user the ability to execute exploit code on a victim machine, without any user interaction on the victim's server. This could grant the attacker the ability to deploy further code on the victim's server. We *STRONGLY* advise all users of 1.4.11, and 1.4.12 upgrade immediately.
Revision 1.42.2.2 / (download) - annotate - [select for diffs], Thu Dec 6 10:36:33 2007 UTC (15 years, 11 months ago) by ghen
Branch: pkgsrc-2007Q3
Changes since 1.42.2.1: +7 -1
lines
Diff to previous 1.42.2.1 (colored) to branchpoint 1.42 (colored)
Pullup ticket 2243 - requested by taca bugfix update for squirrelmail (squirrelmail-japanese option) - pkgsrc/mail/squirrelmail/distinfo 1.44 - pkgsrc/mail/squirrelmail/options.mk 1.6 Module Name: pkgsrc Committed By: taca Date: Wed Dec 5 11:25:57 UTC 2007 Modified Files: pkgsrc/mail/squirrelmail: distinfo options.mk Log Message: Catch up squirrelmail-japanese patch to 1.4.12-ja-20071205.
Revision 1.44 / (download) - annotate - [select for diffs], Wed Dec 5 11:25:57 2007 UTC (16 years ago) by taca
Branch: MAIN
Changes since 1.43: +7 -1
lines
Diff to previous 1.43 (colored)
Catch up squirrelmail-japanese patch to 1.4.12-ja-20071205.
Revision 1.42.2.1 / (download) - annotate - [select for diffs], Wed Dec 5 07:31:13 2007 UTC (16 years ago) by ghen
Branch: pkgsrc-2007Q3
Changes since 1.42: +5 -11
lines
Diff to previous 1.42 (colored)
Pullup ticket 2238 - requested by martti
security update for squirrelmail
- pkgsrc/mail/squirrelmail/Makefile 1.95
- pkgsrc/mail/squirrelmail/PLIST 1.24
- pkgsrc/mail/squirrelmail/buildlink3.mk 1.17
- pkgsrc/mail/squirrelmail/distinfo 1.43
- pkgsrc/mail/squirrelmail/patches/patch-aa 1.14
Module Name: pkgsrc
Committed By: martti
Date: Wed Dec 5 07:11:29 UTC 2007
Modified Files:
pkgsrc/mail/squirrelmail: Makefile PLIST buildlink3.mk distinfo
pkgsrc/mail/squirrelmail/patches: patch-aa
Log Message:
Updated mail/squirrelmail to 1.4.12
NOTE: includes a critical bug fix in the attachment handling
- Enabled user selection of address format when adding from address
book during message composition.
- Fixed issue with adding attachments in PHP 4.x environments (#1805471).
- Backport size setting on "newmail" popup window.
- Added a "short_open_tag" configuration test.
- Undefined notice in error message box when no default folder prefix is set.
- Undefined index error when downloading. Possibly caused by using tabs and
opening multiple mailboxes.
- PAGE_NAME might not be defined in all plugins, which might cause a
"not defined" error on session timeouts.
- Fixed outgoing messages to allow addresses such as "0@..." or "000@...",
etc. (#1818398).
- Fixed issue with in-reply-to and reference headers not being retained on
reply (#1810659).
- Revived logout_error hook (#1800015).
- Allow custom session handlers to work correctly (and be defined at the
application level with SquirrelMail).
- Fix off-by-one in bodystructure parsing triggered by servers sending
a body location part (e.g. Sun Java System Messaging Server). Thanks
John Callahan (#1808382).
- Invalid initialization of To: header (#1772893).
- Includes cleanup in include/validate.php.
- Cleanup in multiple files to remove unneeded includes.
- Added sort by size (#812233 and #159997, plus multiple list requests).
Patch provided by Christopher E. Brown.
- Fix bug in sitewide SMTP settings still using authenticated user, rather
than configured settings (#1835942).
- Fixed mailto: functionality.
- Added mailto: link handling when viewing messages.
- Handle PHP's insistence on setting the value to 'deleted' for destroyed
sessions
Revision 1.43 / (download) - annotate - [select for diffs], Wed Dec 5 07:11:28 2007 UTC (16 years ago) by martti
Branch: MAIN
Changes since 1.42: +5 -11
lines
Diff to previous 1.42 (colored)
Updated mail/squirrelmail to 1.4.12
NOTE: includes a critical bug fix in the attachment handling
- Enabled user selection of address format when adding from address
book during message composition.
- Fixed issue with adding attachments in PHP 4.x environments (#1805471).
- Backport size setting on "newmail" popup window.
- Added a "short_open_tag" configuration test.
- Undefined notice in error message box when no default folder prefix is set.
- Undefined index error when downloading. Possibly caused by using tabs and
opening multiple mailboxes.
- PAGE_NAME might not be defined in all plugins, which might cause a
"not defined" error on session timeouts.
- Fixed outgoing messages to allow addresses such as "0@..." or "000@...",
etc. (#1818398).
- Fixed issue with in-reply-to and reference headers not being retained on
reply (#1810659).
- Revived logout_error hook (#1800015).
- Allow custom session handlers to work correctly (and be defined at the
application level with SquirrelMail).
- Fix off-by-one in bodystructure parsing triggered by servers sending
a body location part (e.g. Sun Java System Messaging Server). Thanks
John Callahan (#1808382).
- Invalid initialization of To: header (#1772893).
- Includes cleanup in include/validate.php.
- Cleanup in multiple files to remove unneeded includes.
- Added sort by size (#812233 and #159997, plus multiple list requests).
Patch provided by Christopher E. Brown.
- Fix bug in sitewide SMTP settings still using authenticated user, rather
than configured settings (#1835942).
- Fixed mailto: functionality.
- Added mailto: link handling when viewing messages.
- Handle PHP's insistence on setting the value to 'deleted' for destroyed
sessions
Revision 1.42 / (download) - annotate - [select for diffs], Wed Oct 3 10:11:23 2007 UTC (16 years, 2 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2007Q3-base
Branch point for: pkgsrc-2007Q3
Changes since 1.41: +7 -1
lines
Diff to previous 1.41 (colored)
Update optional patch to support squirrelmail-1.4.11. Since this commmit fixes broken options, I don't bump PKGREVISION now.
Revision 1.41 / (download) - annotate - [select for diffs], Tue Oct 2 05:28:19 2007 UTC (16 years, 2 months ago) by martti
Branch: MAIN
Changes since 1.40: +4 -10
lines
Diff to previous 1.40 (colored)
Updated mail/squirrelmail to 1.4.11
Version 1.4.11 - 29 September 2007
----------------------------------
- Minimum PHP requirement raised from 4.0.6 to 4.1.0.
SquirrelMail has been broken for a while with 4.0.x without anyone
noticing, this move merely reflects reality.
- Fix broken set_url_var function in functions/html.php (#1729814).
- Fix config.pl not detecting auth support correctly (#1727033).
- Fix display of X-Priority in message view.
- Work around mailers sending broken Date headers with no space after the
first comma.
- Let POP3 class properly cope with lines starting with a '.'.
- Some HTML validation cleanups.
- Invalid year in sent_subfolders plugin (#1607380).
- Always treat Content-Type case-insensitively (#1732092).
- Fix typo: html/plain should be text/html.
- Fix en/decode header swith in MDN (#1694687).
- Fix compatibility with Windows path in administrator plugin (#1740469).
- Fix disabling password encryption in mail_fetch (#1738001).
- Fix busy loop and notice when two literals in IMAP fetch (#1739433).
- Backported code for site wide SMTP authentication (#1531889).
- Fixed issue with compose session not being cleaned after message is
saved or sent.
- Added ability to detect HTTP_X_FORWARDED_PROTO in get_location(),
thanks to Daniel Watts
- Fix test for signout.php in the logged in check in is_logged_in() so it
cannot be circumvented by manipulating the URL. External plugins might
rely on this function guaranteeing that the user is logged in.
- Use attachment_dir only at the point where we're actually
reading from / writing to the files, do not carry it around
in the object. This makes us safer in the event the object
is somehow exposed to the outside world.
- Better support mailboxes named 'None' (#1598890).
- Sort readdir() output in conf.pl (#1755886).
- Fix message cache in printer friendly, thanks Tomas Kuliavas.
- Made the webmail_top hook work again for plugins that want to change
the URI of the "right" frame; plugins have to change the value of the
global variable $right_frame_url
- Fix issue in darkness theme with extra closing bracket.
- No longer store all message composition sessions in the PHP session,
since it was not made use of and in rare cases, made sessions too big.
- Composition restoration functionality now correctly restores attachments.
- Added smtp_auth hook.
- Change default Selection List Style to Indented.
- Added "preselected" query argument to mailbox list.
- Added mailbox_display_buttons hook.
- Removed "Include CCs when Forwarding Messages", which had no functionality
whatsoever.
- Make the Message Details plugin actually show the correct entity when
viewing details of attached messages.
Revision 1.40 / (download) - annotate - [select for diffs], Tue May 22 11:13:27 2007 UTC (16 years, 6 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2007Q2-base,
pkgsrc-2007Q2
Changes since 1.39: +4 -4
lines
Diff to previous 1.39 (colored)
A patch file for squirrelmail-lite option has updated to fix its minor problem. Bump PKGREVISION.
Revision 1.39 / (download) - annotate - [select for diffs], Tue May 22 01:47:53 2007 UTC (16 years, 6 months ago) by taca
Branch: MAIN
Changes since 1.38: +4 -1
lines
Diff to previous 1.38 (colored)
Add SHA1/RMD160 of squirrelmail-1.4.10a-lite-20070511-patch.
Revision 1.38 / (download) - annotate - [select for diffs], Sun May 20 17:02:17 2007 UTC (16 years, 6 months ago) by taca
Branch: MAIN
Changes since 1.37: +4 -1
lines
Diff to previous 1.37 (colored)
Add squirrelmail-japanese and squirrelmail-lite option. These options supersedes ja-squirrelmail package. Bump PKGREVISION.
Revision 1.35.4.2 / (download) - annotate - [select for diffs], Thu May 10 09:45:29 2007 UTC (16 years, 6 months ago) by ghen
Branch: pkgsrc-2007Q1
Changes since 1.35.4.1: +4 -4
lines
Diff to previous 1.35.4.1 (colored) to branchpoint 1.35 (colored) next main 1.36 (colored)
Pullup ticket 2081 - requested by martti bugfix update for squirrelmail - pkgsrc/mail/squirrelmail/Makefile 1.84 - pkgsrc/mail/squirrelmail/PLIST 1.22 - pkgsrc/mail/squirrelmail/distinfo 1.37 Module Name: pkgsrc Committed By: martti Date: Thu May 10 09:24:44 UTC 2007 Modified Files: pkgsrc/mail/squirrelmail: Makefile PLIST distinfo Log Message: Updated mail/squirrelmail to 1.4.10a Shortly after the release of SquirrelMail 1.4.10, a regression in the compose form was discovered. Unfortunately the limited disclosure of security patches does not allow for public testing, so this regression went unnoticed. We're sorry for the inconvenience.
Revision 1.37 / (download) - annotate - [select for diffs], Thu May 10 09:24:44 2007 UTC (16 years, 6 months ago) by martti
Branch: MAIN
Changes since 1.36: +4 -4
lines
Diff to previous 1.36 (colored)
Updated mail/squirrelmail to 1.4.10a Shortly after the release of SquirrelMail 1.4.10, a regression in the compose form was discovered. Unfortunately the limited disclosure of security patches does not allow for public testing, so this regression went unnoticed. We're sorry for the inconvenience.
Revision 1.35.4.1 / (download) - annotate - [select for diffs], Thu May 10 08:02:30 2007 UTC (16 years, 6 months ago) by ghen
Branch: pkgsrc-2007Q1
Changes since 1.35: +5 -5
lines
Diff to previous 1.35 (colored)
Pullup ticket 2079 - requested by martti
security update for squirrelmail
- pkgsrc/mail/squirrelmail/Makefile 1.83
- pkgsrc/mail/squirrelmail/PLIST 1.21
- pkgsrc/mail/squirrelmail/distinfo 1.36
- pkgsrc/mail/squirrelmail/patches/patch-aa 1.13
Module Name: pkgsrc
Committed By: martti
Date: Thu May 10 06:48:28 UTC 2007
Modified Files:
pkgsrc/mail/squirrelmail: Makefile PLIST distinfo
pkgsrc/mail/squirrelmail/patches: patch-aa
Log Message:
Updated mail/squirrelmail to 1.4.10
This version, 1.4.10 is a maintenance release, addressing
the following problems since 1.4.9a:
- Some security fixes (see below)
- Small enhancements
- A collection of bugfixes and stability enhancements
(see ChangeLog for a full list)
Security issues
===============
This release addresses security issues found since the release of 1.4.9a:
There's an ongoing battle to further secure the HTML filter against malicious
HTML mail and the browsers that accept almost any malformed piece of HTML.
This release contains fixes for the following:
- HTML attachments containing "data:" URLs;
- Internet Explorer in various versions accepts many permutations of HTML
and JavaScript in many charsets. We now properly canonicalize the incoming
HTML to us-ascii before applying further filters. IE only.
- Request forgery through images. It was possible to include "images" in
HTML mails which were in fact GET requests for the compose.php page sending
mail. These images are now properly detected, and the compose form will only
send mail through a POST request.
Thanks to Mikhail Markin, Tomas Kuliavas and Michael Jordon for reporting
(parts of) these issues and working with us to get them resolved.
These are known as CVE-2007-1262. Further details on SquirrelMail
vulnerabilities can be found at the following address:
http://www.squirrelmail.org/security/
Revision 1.36 / (download) - annotate - [select for diffs], Thu May 10 06:48:28 2007 UTC (16 years, 6 months ago) by martti
Branch: MAIN
Changes since 1.35: +5 -5
lines
Diff to previous 1.35 (colored)
Updated mail/squirrelmail to 1.4.10 This version, 1.4.10 is a maintenance release, addressing the following problems since 1.4.9a: - Some security fixes (see below) - Small enhancements - A collection of bugfixes and stability enhancements (see ChangeLog for a full list) Security issues =============== This release addresses security issues found since the release of 1.4.9a: There's an ongoing battle to further secure the HTML filter against malicious HTML mail and the browsers that accept almost any malformed piece of HTML. This release contains fixes for the following: - HTML attachments containing "data:" URLs; - Internet Explorer in various versions accepts many permutations of HTML and JavaScript in many charsets. We now properly canonicalize the incoming HTML to us-ascii before applying further filters. IE only. - Request forgery through images. It was possible to include "images" in HTML mails which were in fact GET requests for the compose.php page sending mail. These images are now properly detected, and the compose form will only send mail through a POST request. Thanks to Mikhail Markin, Tomas Kuliavas and Michael Jordon for reporting (parts of) these issues and working with us to get them resolved. These are known as CVE-2007-1262. Further details on SquirrelMail vulnerabilities can be found at the following address: http://www.squirrelmail.org/security/
Revision 1.34.2.1 / (download) - annotate - [select for diffs], Tue Dec 5 08:21:34 2006 UTC (17 years ago) by ghen
Branch: pkgsrc-2006Q3
Changes since 1.34: +5 -5
lines
Diff to previous 1.34 (colored) next main 1.35 (colored)
Pullup ticket 1934 - requested by obache
security update for squirrelmail
- pkgsrc/mail/squirrelmail/Makefile 1.77-1.78
- pkgsrc/mail/squirrelmail/PLIST 1.20
- pkgsrc/mail/squirrelmail/distinfo 1.35
- pkgsrc/mail/squirrelmail/patches/patch-aa 1.12
Module Name: pkgsrc
Committed By: tv
Date: Fri Nov 10 17:38:47 UTC 2006
Modified Files:
pkgsrc/mail/squirrelmail: Makefile
Log Message:
Use find -print | xargs rather than find -exec.
---
Module Name: pkgsrc
Committed By: obache
Date: Mon Dec 4 13:06:01 UTC 2006
Modified Files:
pkgsrc/mail/squirrelmail: Makefile PLIST distinfo
pkgsrc/mail/squirrelmail/patches: patch-aa
Log Message:
Update squirrelmail to 1.4.9a.
ChangLog:
Version 1.4.9a - 3 December 2006
--------------------------------
- Security: Multiple IE cross site scripting issues related to the
widely acceptation of the word expression and url by IE.
- Security: Removing @import when sanitizing html mail.
Version 1.4.9 - 2 December 2006
-------------------------------
- Drop obsolete script plugins/make_archive.pl.
- Fixed Google translate form in translate plugin. Added new language
pairs.
- Added XMAGICTRASH extension tests in configtest utility. Removed code
that handled 'inbox.trash' as special folder in courier (#1354393).
- Allowed moving folders to trash in courier.
- Fix misspelled constant PREG_SPLIT_NI_EMPTY in sqimap_get_message
(#1543573).
- Provide View Unsafe Images link on viewing a text/html attachment.
- Fix variable typo in folders_create.php (#1545316).
- Added Courier IMAP OUTBOX check to configtest utility.
- If mailbox name starts with slash or contains ../, error message is
generated. Safety check for insecure default UW IMAP setup (#1557078).
- Ignore message copy errors when messages are deleted. Allows to delete
messages when quota is exceeded (#614887, #646386, #1446026).
- Fixed unintended literal fetching (#1562271).
- Added global file based address book listing controls. Added line
length configuration option for local_file address book backend
(#1181561). Added address book data integrity checks in local_file
address book backend. Fixed eregi and object notices in local_file
and database address book backends. Added additional address book
field support.
- Fixed variable corruption in configtest utility.
- Checked if configuration file is readable in configuration utility
(#1568355).
- Special mailboxes marked in special_mailbox hook are no longer listed
in folder delete, rename and subscription options.
- Translate plugin: prevent PHP notice when viewing empty message.
- Add CEST and MEST (non-standard) timezone codes for +0200.
- Add <label> to From field in message list.
- Add support for parsing SpamAssassin's X-Spam-Status header (#1589520).
- Fix in bodystructure parser code related to strings ending with an
escape character.
- Added "attachment */*" hook
- Added third parameter $logout_link to logout_error hook that allows
plugin control over login page URI displayed on login error page.
- Security: close cross site scripting vulnerability in draft, compose
and mailto functionality [CVE-2006-6142].
- Security: work around an issue in Internet Explorer that would guess
the mime type of a file based on contents, not Content-Type header.
Revision 1.35 / (download) - annotate - [select for diffs], Mon Dec 4 13:06:01 2006 UTC (17 years ago) by obache
Branch: MAIN
CVS Tags: pkgsrc-2007Q1-base,
pkgsrc-2006Q4-base,
pkgsrc-2006Q4
Branch point for: pkgsrc-2007Q1
Changes since 1.34: +5 -5
lines
Diff to previous 1.34 (colored)
Update squirrelmail to 1.4.9a.
ChangLog:
Version 1.4.9a - 3 December 2006
--------------------------------
- Security: Multiple IE cross site scripting issues related to the
widely acceptation of the word expression and url by IE.
- Security: Removing @import when sanitizing html mail.
Version 1.4.9 - 2 December 2006
-------------------------------
- Drop obsolete script plugins/make_archive.pl.
- Fixed Google translate form in translate plugin. Added new language
pairs.
- Added XMAGICTRASH extension tests in configtest utility. Removed code
that handled 'inbox.trash' as special folder in courier (#1354393).
- Allowed moving folders to trash in courier.
- Fix misspelled constant PREG_SPLIT_NI_EMPTY in sqimap_get_message
(#1543573).
- Provide View Unsafe Images link on viewing a text/html attachment.
- Fix variable typo in folders_create.php (#1545316).
- Added Courier IMAP OUTBOX check to configtest utility.
- If mailbox name starts with slash or contains ../, error message is
generated. Safety check for insecure default UW IMAP setup (#1557078).
- Ignore message copy errors when messages are deleted. Allows to delete
messages when quota is exceeded (#614887, #646386, #1446026).
- Fixed unintended literal fetching (#1562271).
- Added global file based address book listing controls. Added line
length configuration option for local_file address book backend
(#1181561). Added address book data integrity checks in local_file
address book backend. Fixed eregi and object notices in local_file
and database address book backends. Added additional address book
field support.
- Fixed variable corruption in configtest utility.
- Checked if configuration file is readable in configuration utility
(#1568355).
- Special mailboxes marked in special_mailbox hook are no longer listed
in folder delete, rename and subscription options.
- Translate plugin: prevent PHP notice when viewing empty message.
- Add CEST and MEST (non-standard) timezone codes for +0200.
- Add <label> to From field in message list.
- Add support for parsing SpamAssassin's X-Spam-Status header (#1589520).
- Fix in bodystructure parser code related to strings ending with an
escape character.
- Added "attachment */*" hook
- Added third parameter $logout_link to logout_error hook that allows
plugin control over login page URI displayed on login error page.
- Security: close cross site scripting vulnerability in draft, compose
and mailto functionality [CVE-2006-6142].
- Security: work around an issue in Internet Explorer that would guess
the mime type of a file based on contents, not Content-Type header.
Revision 1.32.2.2 / (download) - annotate - [select for diffs], Mon Aug 14 17:14:12 2006 UTC (17 years, 3 months ago) by ghen
Branch: pkgsrc-2006Q2
Changes since 1.32.2.1: +4 -4
lines
Diff to previous 1.32.2.1 (colored) to branchpoint 1.32 (colored) next main 1.33 (colored)
Pullup ticket 1789 - requested by tron security update for squirrelmail Revisions pulled up: - pkgsrc/mail/squirrelmail/Makefile 1.75 - pkgsrc/mail/squirrelmail/PLIST 1.19 - pkgsrc/mail/squirrelmail/buildlink3.mk 1.13 - pkgsrc/mail/squirrelmail/distinfo 1.34 - pkgsrc/mail/squirrelmail-locales/Makefile 1.17 - pkgsrc/mail/squirrelmail-locales/PLIST 1.10 - pkgsrc/mail/squirrelmail-locales/distinfo 1.7 Module Name: pkgsrc Committed By: tron Date: Mon Aug 14 15:57:40 UTC 2006 Modified Files: pkgsrc/mail/squirrelmail: Makefile PLIST buildlink3.mk distinfo pkgsrc/mail/squirrelmail-locales: Makefile PLIST distinfo Log Message: Update "squirrelmail" and "squirrelmail-locales" package to version 1.4.8. Changes since version 1.4.7: - A security fix for CVE-2006-4019 - A collection of bugfixes
Revision 1.34 / (download) - annotate - [select for diffs], Mon Aug 14 15:57:40 2006 UTC (17 years, 3 months ago) by tron
Branch: MAIN
CVS Tags: pkgsrc-2006Q3-base
Branch point for: pkgsrc-2006Q3
Changes since 1.33: +4 -4
lines
Diff to previous 1.33 (colored)
Update "squirrelmail" and "squirrelmail-locales" package to version 1.4.8. Changes since version 1.4.7: - A security fix for CVE-2006-4019 - A collection of bugfixes
Revision 1.32.2.1 / (download) - annotate - [select for diffs], Thu Jul 13 12:30:41 2006 UTC (17 years, 4 months ago) by salo
Branch: pkgsrc-2006Q2
Changes since 1.32: +5 -7
lines
Diff to previous 1.32 (colored)
Pullup ticket 1738 - requested by martti
security update for squirrelmail
Revisions pulled up:
- pkgsrc/mail/squirrelmail/Makefile 1.74
- pkgsrc/mail/squirrelmail/PLIST 1.18
- pkgsrc/mail/squirrelmail/buildlink3.mk 1.12
- pkgsrc/mail/squirrelmail/distinfo 1.33
- pkgsrc/mail/squirrelmail/patches/patch-aa 1.11
- pkgsrc/mail/squirrelmail/patches/patch-ab removed
- pkgsrc/mail/squirrelmail/patches/patch-ac removed
Module Name: pkgsrc
Committed By: martti
Date: Thu Jul 13 07:59:34 UTC 2006
Modified Files:
pkgsrc/mail/squirrelmail: Makefile PLIST buildlink3.mk distinfo
pkgsrc/mail/squirrelmail/patches: patch-aa
Removed Files:
pkgsrc/mail/squirrelmail/patches: patch-ab patch-ac
Log Message:
Updated squirrelmail to 1.4.7
- Fixed URL for Read Receipts being incorrect in some cases (#1177518).
- Fixed endless loop when trying to parse "From: )(" (#1517867).
- Using is_file() instead of file_exists() in fortune plugin (#1499134).
- Add manual page for conf.pl under contrib.
- Don't allow selecting INBOX as Sent, Draft or Trash folder (#1242346).
Revision 1.33 / (download) - annotate - [select for diffs], Thu Jul 13 07:59:34 2006 UTC (17 years, 4 months ago) by martti
Branch: MAIN
Changes since 1.32: +5 -7
lines
Diff to previous 1.32 (colored)
Updated squirrelmail to 1.4.7
- Fixed URL for Read Receipts being incorrect in some cases (#1177518).
- Fixed endless loop when trying to parse "From: )(" (#1517867).
- Using is_file() instead of file_exists() in fortune plugin (#1499134).
- Add manual page for conf.pl under contrib.
- Don't allow selecting INBOX as Sent, Draft or Trash folder (#1242346).
Revision 1.30.2.1 / (download) - annotate - [select for diffs], Sun Jun 4 13:55:57 2006 UTC (17 years, 6 months ago) by salo
Branch: pkgsrc-2006Q1
Changes since 1.30: +3 -1
lines
Diff to previous 1.30 (colored) next main 1.31 (colored)
Pullup ticket 1684 - requested by tron security fix for squirrelmail Revisions pulled up: - pkgsrc/mail/squirrelmail/Makefile 1.71, 1.73 - pkgsrc/mail/squirrelmail/distinfo 1.31, 1.32 - pkgsrc/mail/squirrelmail/patches/patch-ab 1.12 - pkgsrc/mail/squirrelmail/patches/patch-ac 1.3 - pkgsrc/mail/ja-squirrelmail/MESSAGE 1.3 - pkgsrc/mail/ja-squirrelmail/Makefile 1.27, 1.28, 1.30 - pkgsrc/mail/ja-squirrelmail/PLIST 1.4 - pkgsrc/mail/ja-squirrelmail/distinfo 1.9, 1.10, 1.11 - pkgsrc/mail/ja-squirrelmail/patches/patch-ab 1.3 - pkgsrc/mail/ja-squirrelmail/patches/patch-ac 1.3 - pkgsrc/mail/ja-squirrelmail/patches/patch-ad removed - pkgsrc/mail/ja-squirrelmail/patches/patch-ae removed - pkgsrc/mail/ja-squirrelmail/patches/patch-af removed - pkgsrc/mail/ja-squirrelmail/patches/patch-ag removed - pkgsrc/mail/ja-squirrelmail/patches/patch-ah removed Module Name: pkgsrc Committed By: martti Date: Tue Apr 11 05:24:20 UTC 2006 Modified Files: pkgsrc/mail/squirrelmail: Makefile distinfo Added Files: pkgsrc/mail/squirrelmail/patches: patch-ab Log Message: Updated mail/squirrelmail to 1.4.6nb1 * added patch for Ukrainian translation (needed by the new * squirrelmail-locales) --- Module Name: pkgsrc Committed By: taca Date: Fri May 5 02:46:54 UTC 2006 Modified Files: pkgsrc/mail/ja-squirrelmail: MESSAGE Makefile distinfo Removed Files: pkgsrc/mail/ja-squirrelmail/patches: patch-ab patch-ac patch-ad patch-ae patch-af patch-ag patch-ah Log Message: Update ja-squirrelmail package to 1.4.6 after talking with martti@. Prior to this release, there are security vulnerability the same as squirrelmail 1.4.5. This update made with temporary Japanese patch based on the patch for 1.4.5. --- Module Name: pkgsrc Committed By: martti Date: Fri May 5 05:32:36 UTC 2006 Modified Files: pkgsrc/mail/ja-squirrelmail: Makefile PLIST distinfo Added Files: pkgsrc/mail/ja-squirrelmail/patches: patch-ab Log Message: Updated ja-squirrelmail to 1.4.6nb1 * sync with squirrelmail-1.4.6nb1 --- Module Name: pkgsrc Committed By: tron Date: Sun Jun 4 12:31:31 UTC 2006 Modified Files: pkgsrc/mail/ja-squirrelmail: Makefile distinfo pkgsrc/mail/squirrelmail: Makefile distinfo Added Files: pkgsrc/mail/ja-squirrelmail/patches: patch-ac pkgsrc/mail/squirrelmail/patches: patch-ac Log Message: Add fix for security issue 2006-06-01 from SquirrelMail CVS repository. Bump package revision.
Revision 1.32 / (download) - annotate - [select for diffs], Sun Jun 4 12:31:31 2006 UTC (17 years, 6 months ago) by tron
Branch: MAIN
CVS Tags: pkgsrc-2006Q2-base
Branch point for: pkgsrc-2006Q2
Changes since 1.31: +2 -1
lines
Diff to previous 1.31 (colored)
Add fix for security issue 2006-06-01 from SquirrelMail CVS repository. Bump package revision.
Revision 1.31 / (download) - annotate - [select for diffs], Tue Apr 11 05:24:20 2006 UTC (17 years, 7 months ago) by martti
Branch: MAIN
Changes since 1.30: +2 -1
lines
Diff to previous 1.30 (colored)
Updated mail/squirrelmail to 1.4.6nb1 * added patch for Ukrainian translation (needed by the new squirrelmail-locales)
Revision 1.29.2.1 / (download) - annotate - [select for diffs], Wed Mar 15 12:07:54 2006 UTC (17 years, 8 months ago) by salo
Branch: pkgsrc-2005Q4
Changes since 1.29: +4 -11
lines
Diff to previous 1.29 (colored) next main 1.30 (colored)
Pullup ticket 1186 - requested by Martti Kuparinen
security update for squirrelmail
Revisions pulled up:
- pkgsrc/mail/squirrelmail/Makefile 1.65, 1.66, 1.68, 1.69
- pkgsrc/mail/squirrelmail/PLIST 1.17
- pkgsrc/mail/squirrelmail/buildlink3.mk 1.6, 1.7
- pkgsrc/mail/squirrelmail/distinfo 1.30
- pkgsrc/mail/squirrelmail/patches/patch-ab removed
- pkgsrc/mail/squirrelmail/patches/patch-ac removed
- pkgsrc/mail/squirrelmail/patches/patch-ad removed
- pkgsrc/mail/squirrelmail/patches/patch-ae removed
- pkgsrc/mail/squirrelmail/patches/patch-af removed
- pkgsrc/mail/squirrelmail/patches/patch-ag removed
- pkgsrc/mail/squirrelmail/patches/patch-ah removed
- pkgsrc/mail/squirrelmail/plugin.mk 1.3
- pkgsrc/mail/squirrelmail-decode/Makefile 1.3
- pkgsrc/mail/squirrelmail-locales/Makefile 1.11, 1.12, 1.13, 1.14
- pkgsrc/mail/squirrelmail-locales/PLIST 1.5, 1.6, 1.7
- pkgsrc/mail/squirrelmail-locales/distinfo 1.4
- pkgsrc/mail/ja-squirrelmail/Makefile 1.23, 1.24, 1.26
Module Name: pkgsrc
Committed By: joerg
Date: Fri Jan 20 23:56:59 UTC 2006
Modified Files:
pkgsrc/mail/squirrelmail: Makefile
Log Message:
Use SUBST framework. Replace some "find foo | xargs bar" with
"find foo -exec bar {} \;" while here, the former is faster, but can't
cope with all quoting issues and is also more likely to hit argument
length limits. CONFLICT to ja-squirrelmail.
---
Module Name: pkgsrc
Committed By: joerg
Date: Fri Jan 20 23:57:26 UTC 2006
Modified Files:
pkgsrc/mail/ja-squirrelmail: Makefile
Log Message:
Use SUBST. Use find foo -exec bar {} \; instead of find foo | xargs bar.
---
Module Name: pkgsrc
Committed By: martti
Date: Fri Feb 3 10:26:17 UTC 2006
Modified Files:
pkgsrc/mail/squirrelmail: Makefile
Log Message:
s/SMDIRDIR/SMDIR/ and bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: martti
Date: Fri Feb 3 10:26:44 UTC 2006
Modified Files:
pkgsrc/mail/ja-squirrelmail: Makefile
Log Message:
s/SMDIRDIR/SMDIR/ and bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: martti
Date: Fri Feb 17 07:04:25 UTC 2006
Modified Files:
pkgsrc/mail/ja-squirrelmail: Makefile
pkgsrc/mail/squirrelmail: Makefile buildlink3.mk plugin.mk
pkgsrc/mail/squirrelmail-locales: Makefile
Log Message:
Fixed warnings found by pkglint -Wall.
---
Module Name: pkgsrc
Committed By: martti
Date: Mon Feb 27 07:12:14 UTC 2006
Modified Files:
pkgsrc/mail/squirrelmail: Makefile PLIST buildlink3.mk distinfo
Removed Files:
pkgsrc/mail/squirrelmail/patches: patch-ab patch-ac patch-ad patch-ae
patch-af patch-ag patch-ah
Log Message:
Updated squirrelmail to 1.4.6
This release is very important, and we strongly advise everybody to
update to the latest release.
Security Update
===============
This version contains a number of security updates that were brought
to our attention via a number of sources.
- In webmail.php, the right_frame parameter was not properly sanitized
to deal with very lenient browsers, which allowed for cross site
scripting or frame replacing. [CVE-2006-0188]
- In the MagicHTML function, some very obscure constructs were
discovered to be exploitable: 'u\rl' was interpreted as 'url' (privacy
concern), and comments could be inside keywords (allows for cross site
scripting). Both only affect Internet Explorer users. Found by Martijn
Brinkers and Scott Hughes. [CVE-2006-0195]
- The function sqimap_mailbox_select did not strip newlines from the
mailbox parameter, and thereby allowed for IMAP command injection.
Found by Vicente Aguilera. [CVE-2006-0377]
---
Module Name: pkgsrc
Committed By: martti
Date: Mon Feb 27 07:13:00 UTC 2006
Modified Files:
pkgsrc/mail/squirrelmail-locales: Makefile PLIST distinfo
Log Message:
Updated squirrelmail-locales to 1.4.6
* sync with squirrelmail 1.4.6
---
Module Name: pkgsrc
Committed By: cube
Date: Wed Mar 1 06:39:52 UTC 2006
Modified Files:
pkgsrc/mail/squirrelmail-locales: Makefile PLIST
Log Message:
Fix PLIST.
---
Module Name: pkgsrc
Committed By: martti
Date: Thu Mar 2 07:41:44 UTC 2006
Modified Files:
pkgsrc/mail/squirrelmail-decode: Makefile
Log Message:
Fix pkglint -Wall warnings.
---
Module Name: pkgsrc
Committed By: salo
Date: Wed Mar 15 11:48:29 UTC 2006
Modified Files:
pkgsrc/mail/squirrelmail-locales: Makefile PLIST
Log Message:
Fix PLIST. (hi cube and martti!)
Revision 1.30 / (download) - annotate - [select for diffs], Mon Feb 27 07:12:13 2006 UTC (17 years, 9 months ago) by martti
Branch: MAIN
CVS Tags: pkgsrc-2006Q1-base
Branch point for: pkgsrc-2006Q1
Changes since 1.29: +4 -11
lines
Diff to previous 1.29 (colored)
Updated squirrelmail to 1.4.6 This release is very important, and we strongly advise everybody to update to the latest release. Security Update =============== This version contains a number of security updates that were brought to our attention via a number of sources. - In webmail.php, the right_frame parameter was not properly sanitized to deal with very lenient browsers, which allowed for cross site scripting or frame replacing. [CVE-2006-0188] - In the MagicHTML function, some very obscure constructs were discovered to be exploitable: 'u\rl' was interpreted as 'url' (privacy concern), and comments could be inside keywords (allows for cross site scripting). Both only affect Internet Explorer users. Found by Martijn Brinkers and Scott Hughes. [CVE-2006-0195] - The function sqimap_mailbox_select did not strip newlines from the mailbox parameter, and thereby allowed for IMAP command injection. Found by Vicente Aguilera. [CVE-2006-0377]
Revision 1.27.2.1 / (download) - annotate - [select for diffs], Fri Dec 9 16:20:16 2005 UTC (17 years, 11 months ago) by salo
Branch: pkgsrc-2005Q3
Changes since 1.27: +3 -1
lines
Diff to previous 1.27 (colored) next main 1.28 (colored)
Pullup tickets 939, 941 - requested by Martti Kuparinen
various squirrelmail bug and compatibility fixes
Revisions pulled up:
- pkgsrc/mail/squirrelmail/Makefile 1.58, 1.59, 1.61, 1.62
- pkgsrc/mail/squirrelmail/distinfo 1.28, 1.29
- pkgsrc/mail/squirrelmail/patches/patch-ag 1.1
- pkgsrc/mail/squirrelmail/patches/patch-ah 1.1
- pkgsrc/mail/ja-squirrelmail/Makefile 1.16, 1.17, 1.19, 1.20
- pkgsrc/mail/ja-squirrelmail/distinfo 1.7, 1.8
- pkgsrc/mail/ja-squirrelmail/patches/patch-aa 1.3
- pkgsrc/mail/ja-squirrelmail/patches/patch-ab 1.1
- pkgsrc/mail/ja-squirrelmail/patches/patch-ac 1.1
- pkgsrc/mail/ja-squirrelmail/patches/patch-ad 1.1
- pkgsrc/mail/ja-squirrelmail/patches/patch-ae 1.1
- pkgsrc/mail/ja-squirrelmail/patches/patch-af 1.1
- pkgsrc/mail/ja-squirrelmail/patches/patch-ag 1.1
- pkgsrc/mail/ja-squirrelmail/patches/patch-ah 1.1
Module Name: pkgsrc
Committed By: martti
Date: Mon Dec 5 09:18:44 UTC 2005
Modified Files:
pkgsrc/mail/squirrelmail: Makefile distinfo
Added Files:
pkgsrc/mail/squirrelmail/patches: patch-ag
Log Message:
Updated squirrelmail to 1.4.5nb2
- avoid corrupted attachment downloads (pkg/32175).
---
Module Name: pkgsrc
Committed By: martti
Date: Mon Dec 5 09:28:44 UTC 2005
Modified Files:
pkgsrc/mail/ja-squirrelmail: Makefile distinfo
pkgsrc/mail/ja-squirrelmail/patches: patch-aa
Added Files:
pkgsrc/mail/ja-squirrelmail/patches: patch-ab patch-ac patch-ad
patch-ae patch-af patch-ag
Log Message:
Updated mail/ja-squirrelmail to 1.4.5nb2
- sync with pkgsrc/mail/squirrelmail
---
Module Name: pkgsrc
Committed By: martti
Date: Mon Dec 5 20:13:38 UTC 2005
Modified Files:
pkgsrc/mail/squirrelmail: Makefile distinfo
Added Files:
pkgsrc/mail/squirrelmail/patches: patch-ah
Log Message:
Make this work with PHP 5.1.1
---
Module Name: pkgsrc
Committed By: martti
Date: Mon Dec 5 20:14:35 UTC 2005
Modified Files:
pkgsrc/mail/ja-squirrelmail: Makefile distinfo
Added Files:
pkgsrc/mail/ja-squirrelmail/patches: patch-ah
Log Message:
Make this work with PHP 5.1.1
---
Module Name: pkgsrc
Committed By: martti
Date: Fri Dec 9 06:42:46 UTC 2005
Modified Files:
pkgsrc/mail/ja-squirrelmail: Makefile
pkgsrc/mail/squirrelmail: Makefile
Log Message:
- remove all .orig* files. Noted by Lubomir Sedlacik.
- use post-patch instead of pre-configure
---
Module Name: pkgsrc
Committed By: martti
Date: Fri Dec 9 10:18:11 UTC 2005
Modified Files:
pkgsrc/mail/ja-squirrelmail: Makefile
pkgsrc/mail/squirrelmail: Makefile
Log Message:
Use pre-configure instead of post-patch so it's easier to (re)create
patches.
Revision 1.29 / (download) - annotate - [select for diffs], Mon Dec 5 20:13:38 2005 UTC (18 years ago) by martti
Branch: MAIN
CVS Tags: pkgsrc-2005Q4-base
Branch point for: pkgsrc-2005Q4
Changes since 1.28: +2 -1
lines
Diff to previous 1.28 (colored)
Make this work with PHP 5.1.1
Revision 1.28 / (download) - annotate - [select for diffs], Mon Dec 5 09:18:44 2005 UTC (18 years ago) by martti
Branch: MAIN
Changes since 1.27: +2 -1
lines
Diff to previous 1.27 (colored)
Updated squirrelmail to 1.4.5nb2 - avoid corrupted attachment downloads (pkg/32175).
Revision 1.27 / (download) - annotate - [select for diffs], Tue Sep 20 13:19:05 2005 UTC (18 years, 2 months ago) by schmonz
Branch: MAIN
CVS Tags: pkgsrc-2005Q3-base
Branch point for: pkgsrc-2005Q3
Changes since 1.26: +6 -1
lines
Diff to previous 1.26 (colored)
Fix "Fatal error: Only variables can be passed by reference" in several files that occurs with PHP 5.0.5 by applying the small "squirrelmail-stable.diff" from the SourceForge page about the bug: http://sourceforge.net/tracker/index.php?func=detail&aid=1237160&group_id=311&atid=423679 Problem reported by Nathan Arthur in private mail. Fix OK'd by martti@.
Revision 1.25.2.1 / (download) - annotate - [select for diffs], Wed Aug 24 13:06:03 2005 UTC (18 years, 3 months ago) by salo
Branch: pkgsrc-2005Q2
Changes since 1.25: +5 -6
lines
Diff to previous 1.25 (colored) next main 1.26 (colored)
Pullup ticket 664 - requested by Manuel Bouyer security update for squirrelmail Revisions pulled up: - pkgsrc/mail/ja-squirrelmail/Makefile 1.15 - pkgsrc/mail/ja-squirrelmail/PLIST 1.3 - pkgsrc/mail/ja-squirrelmail/distinfo 1.6 - pkgsrc/mail/squirrelmail/Makefile 1.56 - pkgsrc/mail/squirrelmail/PLIST 1.16 - pkgsrc/mail/squirrelmail/buildlink3.mk 1.3 - pkgsrc/mail/squirrelmail/distinfo 1.26 - pkgsrc/mail/squirrelmail/patches/patch-aa 1.10 - pkgsrc/mail/squirrelmail/patches/patch-ab removed - pkgsrc/mail/squirrelmail-locales/Makefile 1.8 - pkgsrc/mail/squirrelmail-locales/PLIST 1.4 - pkgsrc/mail/squirrelmail-locales/distinfo 1.3 Module Name: pkgsrc Committed By: martti Date: Mon Jul 18 07:04:25 UTC 2005 Modified Files: pkgsrc/mail/ja-squirrelmail: Makefile PLIST distinfo Log Message: Updated mail/ja-squirrelmail to 1.4.5 * lots of bug fixes * translation updates --- Module Name: pkgsrc Committed By: martti Date: Mon Jul 18 07:04:27 UTC 2005 Modified Files: pkgsrc/mail/squirrelmail: Makefile PLIST buildlink3.mk distinfo pkgsrc/mail/squirrelmail/patches: patch-aa Removed Files: pkgsrc/mail/squirrelmail/patches: patch-ab Log Message: Updated mail/squirrelmail to 1.4.5 * lots of bug fixes * translation updates -- Module Name: pkgsrc Committed By: martti Date: Mon Jul 18 07:04:29 UTC 2005 Modified Files: pkgsrc/mail/squirrelmail-locales: Makefile PLIST distinfo Log Message: Updated mail/squirrelmail-locales * sync with squirrelmail 1.4.5
Revision 1.26 / (download) - annotate - [select for diffs], Mon Jul 18 07:04:27 2005 UTC (18 years, 4 months ago) by martti
Branch: MAIN
Changes since 1.25: +5 -6
lines
Diff to previous 1.25 (colored)
Updated mail/squirrelmail to 1.4.5 * lots of bug fixes * translation updates
Revision 1.25 / (download) - annotate - [select for diffs], Thu Jun 16 07:30:40 2005 UTC (18 years, 5 months ago) by martti
Branch: MAIN
CVS Tags: pkgsrc-2005Q2-base
Branch point for: pkgsrc-2005Q2
Changes since 1.24: +2 -1
lines
Diff to previous 1.24 (colored)
Updated squirrelmail to 1.4.4nb1 * Fix several cross site scripting vulnerabilities http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0337
Revision 1.24 / (download) - annotate - [select for diffs], Thu Feb 24 09:59:29 2005 UTC (18 years, 9 months ago) by agc
Branch: MAIN
CVS Tags: pkgsrc-2005Q1-base,
pkgsrc-2005Q1
Changes since 1.23: +2 -1
lines
Diff to previous 1.23 (colored)
Add RMD160 digests.
Revision 1.23 / (download) - annotate - [select for diffs], Sun Feb 20 01:52:36 2005 UTC (18 years, 9 months ago) by minskim
Branch: MAIN
Changes since 1.22: +2 -2
lines
Diff to previous 1.22 (colored)
Regen to make GNU patch happy.
Revision 1.22 / (download) - annotate - [select for diffs], Sun Jan 23 07:02:04 2005 UTC (18 years, 10 months ago) by martti
Branch: MAIN
Changes since 1.21: +3 -4
lines
Diff to previous 1.21 (colored)
Updated squirrelmail to 1.4.4 We are pleased to announce the release of SquirrelMail 1.4.4. This release is a strongly recommended upgrade due to a number of security issues that have been resolved since 1.4.3a. About This Release ------------------ This release contains a number of bug fixes, and security updates. The list is very long, as this version has been hiding in the trees for a while. For a full list of the changes, you can see the changelog here: http://www.squirrelmail.org/changelog.php A general summary of updates includes a few cross site scripting issues, and two possible file inclusion issue (one remote, one local). Better IMAP handling introduced for certain IMAP servers that advertise LOGINDISABLED, folder handling, and a number of locales issues. Locales ------- Shortly after the release of 1.4.3, the locales were broken out of the main branch into their own branch. This makes the SquirrelMail package itself a lot smaller, along with allowing administrators to download just the packages they need. Details on this change can be found in the ReleaseNotes and the INSTALL files.
Revision 1.21 / (download) - annotate - [select for diffs], Tue Nov 16 14:18:01 2004 UTC (19 years ago) by martti
Branch: MAIN
CVS Tags: pkgsrc-2004Q4-base,
pkgsrc-2004Q4
Changes since 1.20: +3 -2
lines
Diff to previous 1.20 (colored)
Updated squirrelmail to 1.4.3anb1 (pkg/28328 by IYODA Atsushi) There is a cross site scripting issue in the decoding of encoded text in certain headers. SquirrelMail correctly decodes the specially crafted header, but doesn't sanitize the decoded strings. http://article.gmane.org/gmane.mail.squirrelmail.user/21169
Revision 1.20 / (download) - annotate - [select for diffs], Fri Jun 4 14:05:53 2004 UTC (19 years, 6 months ago) by xtraeme
Branch: MAIN
CVS Tags: pkgsrc-2004Q3-base,
pkgsrc-2004Q3,
pkgsrc-2004Q2-base,
pkgsrc-2004Q2
Changes since 1.19: +3 -4
lines
Diff to previous 1.19 (colored)
Update mail/squirrelmail to 1.4.3a. Version 1.4.3a - 2 June 2004
Revision 1.19 / (download) - annotate - [select for diffs], Wed Jun 2 20:02:18 2004 UTC (19 years, 6 months ago) by bouyer
Branch: MAIN
Changes since 1.18: +2 -2
lines
Diff to previous 1.18 (colored)
Ok, I know why the distinfo entry was wrong. Remove $Id: $ from the patch, and regen distinfo.
Revision 1.18 / (download) - annotate - [select for diffs], Wed Jun 2 20:01:07 2004 UTC (19 years, 6 months ago) by bouyer
Branch: MAIN
Changes since 1.17: +2 -2
lines
Diff to previous 1.17 (colored)
Hum, not sure why but the patch-ab entry was wrong. Regen.
Revision 1.17 / (download) - annotate - [select for diffs], Wed Jun 2 18:50:26 2004 UTC (19 years, 6 months ago) by bouyer
Branch: MAIN
Changes since 1.16: +2 -1
lines
Diff to previous 1.16 (colored)
Add patch from squirrelmail repository: "Fix typo in compose.php reply/reply to all quoting (#963499)." Without this, reply/reply all won't work when quoting a message. Bump PKGREVISION.
Revision 1.16 / (download) - annotate - [select for diffs], Mon May 31 20:14:39 2004 UTC (19 years, 6 months ago) by bouyer
Branch: MAIN
Changes since 1.15: +4 -4
lines
Diff to previous 1.15 (colored)
Update to 1.4.3, patches from Martti Kuparinen.
Main Changes:
lots of bug fixes, including some critical XSS (cross site scripting) issues.
Some new translations.
Added new preference that determines cursor focus when replying.
Display total number of new messages in newmail-plugin popup window.
Ported charset decoding support functions from SM head. Increases
number of readable charsets.
Fix SquirrelMail to work with PHP5.
Disabled Quick-email-reporting feature in spamcop plugin. (#809452). Admin
can enable it by setting variable in plugins/spamcop/setup.php.
Replaced obsolete 2mbit.com RBL with ahbl.org RBL (#829887).
Added new reply citation to include date and author.
Revision 1.15 / (download) - annotate - [select for diffs], Wed Oct 8 05:12:08 2003 UTC (20 years, 1 month ago) by martti
Branch: MAIN
CVS Tags: pkgsrc-2004Q1-base,
pkgsrc-2004Q1,
pkgsrc-2003Q4-base,
pkgsrc-2003Q4
Changes since 1.14: +3 -3
lines
Diff to previous 1.14 (colored)
Updated squirrelmail to 1.4.2 * bug fixes * translation updates * new minimal bw theme
Revision 1.14 / (download) - annotate - [select for diffs], Mon Sep 1 11:51:26 2003 UTC (20 years, 3 months ago) by martti
Branch: MAIN
Changes since 1.13: +4 -4
lines
Diff to previous 1.13 (colored)
Updated squirrelmail to 1.4.1 (pkg/22652 by Adrian Portelli, so fixes by me) - lots of bug fixes I couldn't make this work without the latest PHP (4.3.3)...
Revision 1.13 / (download) - annotate - [select for diffs], Tue Apr 15 09:25:08 2003 UTC (20 years, 7 months ago) by martti
Branch: MAIN
Changes since 1.12: +4 -4
lines
Diff to previous 1.12 (colored)
Updated squirrelmail to 1.4.0 * A complete rewrite of the way we send mail (Deliver-class), and of the way we parse mail (MIME-bodystructure parsing). This makes SquirrelMail more reliable and more efficient at the same time! * Support for IMAP UID which makes SquirrelMail more reliable. * Optimizations to code and the number of IMAP calls; SquirrelMail is now a very scalable webmail solution. * Support for a wider range of authentication mechanisms. * Lots of bugfixes, some new features and a couple of UI-tweaks.
Revision 1.12 / (download) - annotate - [select for diffs], Wed Feb 12 07:23:40 2003 UTC (20 years, 9 months ago) by martti
Branch: MAIN
CVS Tags: netbsd-1-6-1-base,
netbsd-1-6-1
Changes since 1.11: +3 -3
lines
Diff to previous 1.11 (colored)
Updated squirrelmail to 1.2.11 This release incorporates some security fixes in relation to XSS (cross site scripting) code which could allow malicious extraction of information from the client browser. There is also a fix for the SquirrelMail 1.2.10 "Double login" problem. This was related to a session issue, and has been fixed.
Revision 1.11 / (download) - annotate - [select for diffs], Tue Dec 3 06:37:15 2002 UTC (21 years ago) by martti
Branch: MAIN
Changes since 1.10: +3 -3
lines
Diff to previous 1.10 (colored)
Updated squirrelmail to 1.2.10 * multiple session issues resolved * many updated translations * a number of other bugs fixed
Revision 1.8.6.1 / (download) - annotate - [select for diffs], Tue Nov 12 10:52:29 2002 UTC (21 years ago) by agc
Branch: netbsd-1-6
Changes since 1.8: +3 -3
lines
Diff to previous 1.8 (colored) next main 1.9 (colored)
Pull up pkgsrc/mail/squirrelmail
Makefile 1.27
PLIST 1.8
distinfo 1.10
to the netbsd-1-6 pkgsrc branch.
Requested by Manuel Bouyer.
This updates squirrelmail to version 1.2.9 because of security issues.
The files are synced to HEAD, exept for ${APACHE_GROUP} which
doesn't exist in the 1.6 branch.
Revision 1.10 / (download) - annotate - [select for diffs], Wed Oct 30 07:45:17 2002 UTC (21 years, 1 month ago) by martti
Branch: MAIN
Changes since 1.9: +3 -3
lines
Diff to previous 1.9 (colored)
Updated squirrelmail to 1.2.9 * many bugfixes and stability enhancements - register_globals - session handling - preferences * German help texts
Revision 1.9 / (download) - annotate - [select for diffs], Mon Sep 16 10:07:39 2002 UTC (21 years, 2 months ago) by martti
Branch: MAIN
Changes since 1.8: +2 -2
lines
Diff to previous 1.8 (colored)
Updated squirrelmail to 1.2.8 * HTML cleanup on search and addressbook pages * Fixes for multiple XXS exploits on the addressbook, search, help, and options pages * more accurate error messages on failed login * HTML table cleanup when viewing attachments * fix for X-MSMail-Priority conflict bug #600369 * fix for multiple email addresses on the same message line * fix for "." on a single line in a text attachment bug #598750 * Core code and plugins converted to work with register_globals Off * fix for reply quoting on resumed drafts * fix for fgets errors in file_prefs bug #578834 * fix for date format on calendar day view bug #582919 * fix for org. logo width/height values bug #572807 * fix for reading/writing ldap prefs with conf.pl bug #57595 * fix for 'fixed' font style in css bug #571463 * fix for attachments in safe mode bug #585340 * fix for forward attachment bug #585836 * fix for php warning when saving drafts bug #585012 * returned generic_header hook to page_header.php bug #554278 * fix for syntax error in darkness theme bug #576066 * fix for some attachments not being displayed bug #577052 * fix for matching uppercase headers on mailbox display bug #584082 * fix for folder names containing regex characters bug #574889, #578156 * fix for endless loop on raw binary data in email bug #547662
Revision 1.8 / (download) - annotate - [select for diffs], Tue Jul 16 13:14:49 2002 UTC (21 years, 4 months ago) by martti
Branch: MAIN
CVS Tags: pkgviews-base,
pkgviews,
netbsd-1-6-RELEASE-base
Branch point for: netbsd-1-6
Changes since 1.7: +3 -3
lines
Diff to previous 1.7 (colored)
Updated squirrelmail to 1.2.7 * fix for 'compose as new' link. bug #554886 * fix charset format in the admin plugin. bug #550725 * fix for errant '.' in default_folder_prefix. bug #551310 * fix for folder names with '?' and '*'. bug # 559257, #552180 * added the ability to search without the charset argument. #552288 * Made /noselect node display optional. bug #554988, patch #452178 * Improved support for macosx IMAP server thanks Brian Haun * Added macosx friendly search, thanks Brian Haun bug #553038 * Fixed word wrap problems when sending mail. bug #552961, #556143 * Added possibility to use multiple compose windows without loss of attachements. * Fixed forward message/rfc822 attachments from a search * Fix SpamCop plugin. * Fixed send MDN link. * Fixed dealing with \r\n and \n in smtp.php. * Fixed to, cc, bcc arrays in message->header * Speed optimizements in generating message-lists. * Fixed loss of attachment with html addressbook. * Fixed saving drafts with attachments
Revision 1.7 / (download) - annotate - [select for diffs], Thu May 2 16:18:48 2002 UTC (21 years, 7 months ago) by martti
Branch: MAIN
CVS Tags: buildlink2-base,
buildlink2
Changes since 1.6: +4 -4
lines
Diff to previous 1.6 (colored)
Updated squirrelmail to 1.2.6 - Bug fixes - Added POP3 Before SMTP option - Added a server-side thread sorting option per folder - Added a server-side sorting global option - Compose in new window size can be set in Display prefs - PostgreSQL is now supported for database backed use - Added user option to sort messages by internal date - Added option to auto-append sig before reply/forward text - Filters can be applied to only new mail - Filtering now happens on folder list refresh
Revision 1.6 / (download) - annotate - [select for diffs], Mon Mar 18 22:11:52 2002 UTC (21 years, 8 months ago) by bouyer
Branch: MAIN
CVS Tags: netbsd-1-5-PATCH003
Changes since 1.5: +3 -3
lines
Diff to previous 1.5 (colored)
Update to 1.2.5. Main change is that it has been fully ported to PHP 4.1
(no more warnings that fills in apache error_log).
Changes since 1.2.4:
- Multiple mailbox list calls cached.
- Added 'View unsafe images' link to the bottom of pages which contain
unsafe images.
- Fixed 'too many close table tags' and various other issues
which meant SM output didn't always validate as clean HTML.
- Added the ability to add special folders through plugins.
- Added an Always compose in a pop-up window option.
- Search page update with ability to save searches and search
all folders at once.
- Made searching on multiple criteria possible, with thanks to Jason Munro
- Fixed 'list all' in addressbook (#506624, thanks to Kurt Yoder)
- Fixed small bugs in db_prefs
- Allowed SquirrelMail to work from within a frame, eg. not using _top
this is configureable. (thanks to Simon Dick)
- Added options to conf.pl to enable automated plugin installation:
./conf.pl --install-plugin <pluginname>. This allows plugins to be
distributed in packages. Conf.pl now also reports when saving fails.
- Attachment hooks now also allow specification of generic rules like
text/* which will be used when no specific rule is available.
- conf.pl can now configure database backed address books and
preferences.
- Version 0.3.7 of SquirrelSpell. Fixes a potential privacy
vulnerability (symlink attack), plus introduces formatting fixes
and javadoc-style comments.
- Bugfix in mailfetch reported by Mateusz Mazur
- Administrator plugin. A web based conf.pl replacement.
- Removed GLOBALS from conf.pl
- HTML messages optimization.
- Added support for requesting read receipts (MDN) and delivery receipts.
- Added the ability to stop users changing their names and email addresses.
- Added signature into multiple identities (Stefan Meier <Stefan.Meier@cimsource.com>)
- Updated user help files to reflect UI chanegs and added functionality.
Revision 1.5 / (download) - annotate - [select for diffs], Mon Jan 28 15:34:58 2002 UTC (21 years, 10 months ago) by bouyer
Branch: MAIN
Changes since 1.4: +3 -3
lines
Diff to previous 1.4 (colored)
Update to 1.2.4 (OK'd by Johnny Lam).
Changes:
Version 1.2.4 -- 25 January 2002
--------------------------------
- Fixes a nasty remote arbitrary command execution vulnerability
in the spellchecker plugin.
Version 1.2.3 -- 21 January 2002
--------------------------------
- Fixed focus system on pages that contain forms.
- Fixed IMAP code to send different command identifiers as per
section 2.2.1 of RFC 2060.
- Fixed 'sticky priority' so that replies are set to the same
priority as the original message.
- Fixed Printer Friendly to print HTML messages.
- Fixed multiple receivers in Sent mailbox (#500910).
- Disabled prefs caching under PHP 4.1
- Added "Search Memory". Enabling to store up to
9 predefined searchs.
- Increased security in html message.
- Added the possibility to specify system-defined css in order to
allow users to change the font family and size of SM. Making possible to
make it bigger or smaller depending on their screen size. Sysops may add
or remove these system-defined css located in themes/css/
- Fixed a bug appearing on some apache virtual hosts
- Fixed javascript error (#505255)
- Fixed the db_prefs so they work again (#499609, thanks to Simon Dick)
Revision 1.4 / (download) - annotate - [select for diffs], Mon Jan 7 11:49:45 2002 UTC (21 years, 10 months ago) by jlam
Branch: MAIN
Changes since 1.3: +4 -4
lines
Diff to previous 1.3 (colored)
Update mail/squirrelmail to 1.2.2. Changes from version 1.0.6 include:
* Collapsible Folders - The folder list can be collapsed at any
parent folder. This makes folder lists with large
hierarchical structures much easier to manage and navigate.
* The Paginator! - This enables quick access to any page in the
message list by simply choosing the page number to view
rather than tediously clicking "next" 50 times.
* Hundreds of UI tweaks - The user interface has been given a
face-lift. The HTML has been largely overhauled, and while
it still has the same general feel, it has been made more
intuitive.
* Drafts - It is now possible to compose a message and save it to
be sent at a later date with the drafts option.
* New Options Page - The options page has been completely
rewritten for several reasons, the main of which was to
allow seamless integration of plugin options and to
provide uniformity throughout the entire section.
* Multiple Identities - It is now possible to create different
identities (home, work, school) that can be chosen upon
sending. Each identity can have its own email address,
full name, and signature.
* Reply Citations - Different types of citations are now possible
when replying to messages.
* Better Attachment Handling - The plugin, attachment_common, has
been fully integrated into the core of SquirrelMail. This
allows inline viewing of several different types of
attachments.
* Integration of Several Plugins - The following plugins have been
put directly into the core. As a result, be sure not to
install these as plugins, as the result may be (at best)
unpredictable: attachment_common, paginator, priority,
printer_friendly, sqclock, xmailer.
* Improved support for newer versions of PHP. Note that you may
have trouble if you are running PHP version 4.0.100
(commonly distributed with Debian 3.0).
* Ability to mark messages as read and unread from the message listing.
* Alternating Colors - The message list now alternates row colors
by default. This presents a much cleaner and easier to
read interface to the user.
Revision 1.3 / (download) - annotate - [select for diffs], Mon Apr 30 05:03:24 2001 UTC (22 years, 7 months ago) by jlam
Branch: MAIN
CVS Tags: netbsd-1-5-PATCH001
Changes since 1.2: +3 -4
lines
Diff to previous 1.2 (colored)
Update squirrelmail to 1.0.6. Pkgsrc changes include:
- Respect ${APACHE_SYSCONFDIR} setting.
- Install example squirrelmail.conf Apache config file fragment into
${PREFIX}/share/examples/squirrelmail.
Changes from version 1.0.3 include:
- Reworked validation for each page. It's now standardized in validate.php
- Fixed login bug that resulted from 1.0.5 security updates
- Fixed plugin incompatibilities that were introduced in 1.0.5
- Added more security checking to preference saving/loading
- Updated German translation (thanks to Roland Bauerschmidt <rb@debian.org>)
- Updated Finnish help files
- MAJOR security issues addressed. Please upgrade as soon as possible.
- Downloading attachments should work better due to a tip by Ray Black III.
- Fixed bug with drop-down folder list not containing INBOX
- Added Sweedish help files Teemu Junnila <teejun@vallcom.com>
- Added Italian help files Antonetti Roberto <antonr@piceniaweb.com>
- Fixed some bugs with folder creation
- Security fix for UW IMAP server to disallow folder paths outside of $folder_pr
efix
- Some problems with header encoding/decoding fixed
- Made subject column take up whatever width is available
- Added bcc to html addressbook search
Revision 1.2 / (download) - annotate - [select for diffs], Fri Apr 20 13:10:04 2001 UTC (22 years, 7 months ago) by agc
Branch: MAIN
Changes since 1.1: +2 -1
lines
Diff to previous 1.1 (colored)
Move to sha1 digests, and add distfile sizes.
Revision 1.1 / (download) - annotate - [select for diffs], Tue Apr 17 11:35:14 2001 UTC (22 years, 7 months ago) by agc
Branch: MAIN
+ move the distfile digest/checksum value from files/md5 to distinfo + move the patch digest/checksum values from files/patch-sum to distinfo