head 1.4; access; symbols pkgsrc-2013Q2:1.4.0.32 pkgsrc-2013Q2-base:1.4 pkgsrc-2012Q4:1.4.0.30 pkgsrc-2012Q4-base:1.4 pkgsrc-2011Q4:1.4.0.28 pkgsrc-2011Q4-base:1.4 pkgsrc-2011Q2:1.4.0.26 pkgsrc-2011Q2-base:1.4 pkgsrc-2009Q4:1.4.0.24 pkgsrc-2009Q4-base:1.4 pkgsrc-2008Q4:1.4.0.22 pkgsrc-2008Q4-base:1.4 pkgsrc-2008Q3:1.4.0.20 pkgsrc-2008Q3-base:1.4 cube-native-xorg:1.4.0.18 cube-native-xorg-base:1.4 pkgsrc-2008Q2:1.4.0.16 pkgsrc-2008Q2-base:1.4 pkgsrc-2008Q1:1.4.0.14 pkgsrc-2008Q1-base:1.4 pkgsrc-2007Q4:1.4.0.12 pkgsrc-2007Q4-base:1.4 pkgsrc-2007Q3:1.4.0.10 pkgsrc-2007Q3-base:1.4 pkgsrc-2007Q2:1.4.0.8 pkgsrc-2007Q2-base:1.4 pkgsrc-2007Q1:1.4.0.6 pkgsrc-2007Q1-base:1.4 pkgsrc-2006Q4:1.4.0.4 pkgsrc-2006Q4-base:1.4 pkgsrc-2006Q3:1.4.0.2 pkgsrc-2006Q3-base:1.4 pkgsrc-2006Q2:1.3.0.2 pkgsrc-2006Q2-base:1.3 pkgsrc-2006Q1:1.1.0.6 pkgsrc-2006Q1-base:1.1 pkgsrc-2005Q4:1.1.0.4 pkgsrc-2005Q4-base:1.1 pkgsrc-2005Q3:1.1.0.2; locks; strict; comment @# @; 1.4 date 2006.08.17.13.24.46; author taca; state dead; branches; next 1.3; 1.3 date 2006.06.04.12.31.31; author tron; state Exp; branches; next 1.2; 1.2 date 2006.05.05.02.46.54; author taca; state dead; branches; next 1.1; 1.1 date 2005.12.05.09.28.44; author martti; state Exp; branches 1.1.2.1 1.1.6.1; next ; 1.1.2.1 date 2005.12.05.09.28.44; author salo; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2005.12.09.16.20.16; author salo; state Exp; branches; next ; 1.1.6.1 date 2006.06.04.13.55.57; author salo; state Exp; branches; next ; desc @@ 1.4 log @Update ja-squirrelmail package to 1.4.8. Changes from 1.4.7: - A security fix for CVE-2006-4019 - A collection of bugfixes Changes from 1.4.6: - Fixed URL for Read Receipts being incorrect in some cases (#1177518). - Fixed endless loop when trying to parse "From: )(" (#1517867). - Using is_file() instead of file_exists() in fortune plugin (#1499134). - Add manual page for conf.pl under contrib. - Don't allow selecting INBOX as Sent, Draft or Trash folder (#1242346). Todo: Make squirrelmail-decode and squirrelmail-locale depend on ja-squirrelmail as well as squirrelmail. @ text @$NetBSD: patch-ac,v 1.3 2006/06/04 12:31:31 tron Exp $ --- functions/global.php.orig 2006-02-03 22:27:47.000000000 +0000 +++ functions/global.php 2006-06-04 13:22:14.000000000 +0100 @@@@ -62,6 +62,47 @@@@ sqstripslashes($_POST); } +/** + * If register_globals are on, unregister globals. + * Code requires PHP 4.1.0 or newer. + * Second test covers boolean set as string (php_value register_globals off). + */ +if ((bool) @@ini_get('register_globals') && + strtolower(ini_get('register_globals'))!='off') { + /** + * Remove all globals from $_GET, $_POST, and $_COOKIE. + */ + foreach ($_REQUEST as $key => $value) { + unset($GLOBALS[$key]); + } + /** + * Remove globalized $_FILES variables + * Before 4.3.0 $_FILES are included in $_REQUEST. + * Unglobalize them in separate call in order to remove dependency + * on PHP version. + */ + foreach ($_FILES as $key => $value) { + unset($GLOBALS[$key]); + // there are three undocumented $_FILES globals. + unset($GLOBALS[$key.'_type']); + unset($GLOBALS[$key.'_name']); + unset($GLOBALS[$key.'_size']); + } + /** + * Remove globalized environment variables. + */ + foreach ($_ENV as $key => $value) { + unset($GLOBALS[$key]); + } + /** + * Remove globalized server variables. + */ + foreach ($_SERVER as $key => $value) { + unset($GLOBALS[$key]); + } +} + + /* strip any tags added to the url from PHP_SELF. This fixes hand crafted url XXS expoits for any page that uses PHP_SELF as the FORM action */ @@@@ -336,4 +377,4 @@@@ } // vim: et ts=4 -?> \ No newline at end of file +?> @ 1.3 log @Add fix for security issue 2006-06-01 from SquirrelMail CVS repository. Bump package revision. @ text @d1 1 a1 1 $NetBSD$ @ 1.2 log @Update ja-squirrelmail package to 1.4.6 after talking with martti@@. Prior to this release, there are security vulnerability the same as squirrelmail 1.4.5. This update made with temporary Japanese patch based on the patch for 1.4.5. @ text @d1 1 a1 1 $NetBSD: patch-ac,v 1.1 2005/12/05 09:28:44 martti Exp $ d3 4 a6 16 --- functions/imap_messages.php.orig 2005-04-16 13:45:38.000000000 -0400 +++ functions/imap_messages.php @@@@ -476,8 +476,9 @@@@ function parseArray($read,&$i) { * NOTE: this is actually a duplicate from the function in * class/mime/Rfc822Header.php. */ -function parsePriority($value) { - $value = strtolower(array_shift(split('/\w/',trim($value)))); +function parsePriority($sValue) { + $aValue=split('/\w/',trim($sValue)); + $value = strtolower(array_shift($aValue)); if ( is_numeric($value) ) { return $value; } @@@@ -915,4 +916,4 @@@@ function sqimap_get_small_header($imap_s return $res[0]; d9 48 @ 1.1 log @Updated mail/ja-squirrelmail to 1.4.5nb2 - sync with pkgsrc/mail/squirrelmail @ text @d1 1 a1 1 $NetBSD$ @ 1.1.2.1 log @file patch-ac was added on branch pkgsrc-2005Q3 on 2005-12-05 09:28:44 +0000 @ text @d1 23 @ 1.1.2.2 log @Pullup tickets 939, 941 - requested by Martti Kuparinen various squirrelmail bug and compatibility fixes Revisions pulled up: - pkgsrc/mail/squirrelmail/Makefile 1.58, 1.59, 1.61, 1.62 - pkgsrc/mail/squirrelmail/distinfo 1.28, 1.29 - pkgsrc/mail/squirrelmail/patches/patch-ag 1.1 - pkgsrc/mail/squirrelmail/patches/patch-ah 1.1 - pkgsrc/mail/ja-squirrelmail/Makefile 1.16, 1.17, 1.19, 1.20 - pkgsrc/mail/ja-squirrelmail/distinfo 1.7, 1.8 - pkgsrc/mail/ja-squirrelmail/patches/patch-aa 1.3 - pkgsrc/mail/ja-squirrelmail/patches/patch-ab 1.1 - pkgsrc/mail/ja-squirrelmail/patches/patch-ac 1.1 - pkgsrc/mail/ja-squirrelmail/patches/patch-ad 1.1 - pkgsrc/mail/ja-squirrelmail/patches/patch-ae 1.1 - pkgsrc/mail/ja-squirrelmail/patches/patch-af 1.1 - pkgsrc/mail/ja-squirrelmail/patches/patch-ag 1.1 - pkgsrc/mail/ja-squirrelmail/patches/patch-ah 1.1 Module Name: pkgsrc Committed By: martti Date: Mon Dec 5 09:18:44 UTC 2005 Modified Files: pkgsrc/mail/squirrelmail: Makefile distinfo Added Files: pkgsrc/mail/squirrelmail/patches: patch-ag Log Message: Updated squirrelmail to 1.4.5nb2 - avoid corrupted attachment downloads (pkg/32175). --- Module Name: pkgsrc Committed By: martti Date: Mon Dec 5 09:28:44 UTC 2005 Modified Files: pkgsrc/mail/ja-squirrelmail: Makefile distinfo pkgsrc/mail/ja-squirrelmail/patches: patch-aa Added Files: pkgsrc/mail/ja-squirrelmail/patches: patch-ab patch-ac patch-ad patch-ae patch-af patch-ag Log Message: Updated mail/ja-squirrelmail to 1.4.5nb2 - sync with pkgsrc/mail/squirrelmail --- Module Name: pkgsrc Committed By: martti Date: Mon Dec 5 20:13:38 UTC 2005 Modified Files: pkgsrc/mail/squirrelmail: Makefile distinfo Added Files: pkgsrc/mail/squirrelmail/patches: patch-ah Log Message: Make this work with PHP 5.1.1 --- Module Name: pkgsrc Committed By: martti Date: Mon Dec 5 20:14:35 UTC 2005 Modified Files: pkgsrc/mail/ja-squirrelmail: Makefile distinfo Added Files: pkgsrc/mail/ja-squirrelmail/patches: patch-ah Log Message: Make this work with PHP 5.1.1 --- Module Name: pkgsrc Committed By: martti Date: Fri Dec 9 06:42:46 UTC 2005 Modified Files: pkgsrc/mail/ja-squirrelmail: Makefile pkgsrc/mail/squirrelmail: Makefile Log Message: - remove all .orig* files. Noted by Lubomir Sedlacik. - use post-patch instead of pre-configure --- Module Name: pkgsrc Committed By: martti Date: Fri Dec 9 10:18:11 UTC 2005 Modified Files: pkgsrc/mail/ja-squirrelmail: Makefile pkgsrc/mail/squirrelmail: Makefile Log Message: Use pre-configure instead of post-patch so it's easier to (re)create patches. @ text @a0 23 $NetBSD: patch-ac,v 1.1.2.1 2005/12/09 16:20:16 salo Exp $ --- functions/imap_messages.php.orig 2005-04-16 13:45:38.000000000 -0400 +++ functions/imap_messages.php @@@@ -476,8 +476,9 @@@@ function parseArray($read,&$i) { * NOTE: this is actually a duplicate from the function in * class/mime/Rfc822Header.php. */ -function parsePriority($value) { - $value = strtolower(array_shift(split('/\w/',trim($value)))); +function parsePriority($sValue) { + $aValue=split('/\w/',trim($sValue)); + $value = strtolower(array_shift($aValue)); if ( is_numeric($value) ) { return $value; } @@@@ -915,4 +916,4 @@@@ function sqimap_get_small_header($imap_s return $res[0]; } -?> \ No newline at end of file +?> @ 1.1.6.1 log @Pullup ticket 1684 - requested by tron security fix for squirrelmail Revisions pulled up: - pkgsrc/mail/squirrelmail/Makefile 1.71, 1.73 - pkgsrc/mail/squirrelmail/distinfo 1.31, 1.32 - pkgsrc/mail/squirrelmail/patches/patch-ab 1.12 - pkgsrc/mail/squirrelmail/patches/patch-ac 1.3 - pkgsrc/mail/ja-squirrelmail/MESSAGE 1.3 - pkgsrc/mail/ja-squirrelmail/Makefile 1.27, 1.28, 1.30 - pkgsrc/mail/ja-squirrelmail/PLIST 1.4 - pkgsrc/mail/ja-squirrelmail/distinfo 1.9, 1.10, 1.11 - pkgsrc/mail/ja-squirrelmail/patches/patch-ab 1.3 - pkgsrc/mail/ja-squirrelmail/patches/patch-ac 1.3 - pkgsrc/mail/ja-squirrelmail/patches/patch-ad removed - pkgsrc/mail/ja-squirrelmail/patches/patch-ae removed - pkgsrc/mail/ja-squirrelmail/patches/patch-af removed - pkgsrc/mail/ja-squirrelmail/patches/patch-ag removed - pkgsrc/mail/ja-squirrelmail/patches/patch-ah removed Module Name: pkgsrc Committed By: martti Date: Tue Apr 11 05:24:20 UTC 2006 Modified Files: pkgsrc/mail/squirrelmail: Makefile distinfo Added Files: pkgsrc/mail/squirrelmail/patches: patch-ab Log Message: Updated mail/squirrelmail to 1.4.6nb1 * added patch for Ukrainian translation (needed by the new * squirrelmail-locales) --- Module Name: pkgsrc Committed By: taca Date: Fri May 5 02:46:54 UTC 2006 Modified Files: pkgsrc/mail/ja-squirrelmail: MESSAGE Makefile distinfo Removed Files: pkgsrc/mail/ja-squirrelmail/patches: patch-ab patch-ac patch-ad patch-ae patch-af patch-ag patch-ah Log Message: Update ja-squirrelmail package to 1.4.6 after talking with martti@@. Prior to this release, there are security vulnerability the same as squirrelmail 1.4.5. This update made with temporary Japanese patch based on the patch for 1.4.5. --- Module Name: pkgsrc Committed By: martti Date: Fri May 5 05:32:36 UTC 2006 Modified Files: pkgsrc/mail/ja-squirrelmail: Makefile PLIST distinfo Added Files: pkgsrc/mail/ja-squirrelmail/patches: patch-ab Log Message: Updated ja-squirrelmail to 1.4.6nb1 * sync with squirrelmail-1.4.6nb1 --- Module Name: pkgsrc Committed By: tron Date: Sun Jun 4 12:31:31 UTC 2006 Modified Files: pkgsrc/mail/ja-squirrelmail: Makefile distinfo pkgsrc/mail/squirrelmail: Makefile distinfo Added Files: pkgsrc/mail/ja-squirrelmail/patches: patch-ac pkgsrc/mail/squirrelmail/patches: patch-ac Log Message: Add fix for security issue 2006-06-01 from SquirrelMail CVS repository. Bump package revision. @ text @d1 1 a1 1 $NetBSD: patch-ac,v 1.3 2006/06/04 12:31:31 tron Exp $ d3 16 a18 4 --- functions/global.php.orig 2006-02-03 22:27:47.000000000 +0000 +++ functions/global.php 2006-06-04 13:22:14.000000000 +0100 @@@@ -62,6 +62,47 @@@@ sqstripslashes($_POST); a20 48 +/** + * If register_globals are on, unregister globals. + * Code requires PHP 4.1.0 or newer. + * Second test covers boolean set as string (php_value register_globals off). + */ +if ((bool) @@ini_get('register_globals') && + strtolower(ini_get('register_globals'))!='off') { + /** + * Remove all globals from $_GET, $_POST, and $_COOKIE. + */ + foreach ($_REQUEST as $key => $value) { + unset($GLOBALS[$key]); + } + /** + * Remove globalized $_FILES variables + * Before 4.3.0 $_FILES are included in $_REQUEST. + * Unglobalize them in separate call in order to remove dependency + * on PHP version. + */ + foreach ($_FILES as $key => $value) { + unset($GLOBALS[$key]); + // there are three undocumented $_FILES globals. + unset($GLOBALS[$key.'_type']); + unset($GLOBALS[$key.'_name']); + unset($GLOBALS[$key.'_size']); + } + /** + * Remove globalized environment variables. + */ + foreach ($_ENV as $key => $value) { + unset($GLOBALS[$key]); + } + /** + * Remove globalized server variables. + */ + foreach ($_SERVER as $key => $value) { + unset($GLOBALS[$key]); + } +} + + /* strip any tags added to the url from PHP_SELF. This fixes hand crafted url XXS expoits for any page that uses PHP_SELF as the FORM action */ @@@@ -336,4 +377,4 @@@@ } // vim: et ts=4 @