[pkgsrc/trunk]: pkgsrc/mail/squirrelmail Updated mail/squirrelmail to 1.4.13

[martti <martti%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/20740d040d12
branches:  trunk
changeset: 536461:20740d040d12
user:      martti <martti%pkgsrc.org@localhost>
date:      Fri Dec 14 20:44:35 2007 +0000

description:
Updated mail/squirrelmail to 1.4.13

(pkgsrc notice: we were using the original, known-to-be-good 1.4.12
distfile so all your servers should be fine)

Due to the package compromise of 1.4.11, and 1.4.12, we are forced to
release 1.4.13 to ensure no confusions. While initial review didn't
uncover a need for concern, several proof of concepts show that the
package alterations introduce a high risk security issue, allowing
remote inclusion of files. These changes would allow a remote user the
ability to execute exploit code on a victim machine, without any user
interaction on the victim's server. This could grant the attacker the
ability to deploy further code on the victim's server.

We *STRONGLY* advise all users of 1.4.11, and 1.4.12 upgrade
immediately.

diffstat:

 mail/squirrelmail/Makefile |  4 ++--
 mail/squirrelmail/PLIST    |  3 ++-
 mail/squirrelmail/distinfo |  8 ++++----
 3 files changed, 8 insertions(+), 7 deletions(-)

diffs (49 lines):

diff -r c90fdd4aa030 -r 20740d040d12 mail/squirrelmail/Makefile
--- a/mail/squirrelmail/Makefile        Fri Dec 14 19:07:44 2007 +0000
+++ b/mail/squirrelmail/Makefile        Fri Dec 14 20:44:35 2007 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.95 2007/12/05 07:11:28 martti Exp $
+# $NetBSD: Makefile,v 1.96 2007/12/14 20:44:35 martti Exp $
 
-DISTNAME=      squirrelmail-1.4.12
+DISTNAME=      squirrelmail-1.4.13
 #PKGREVISION=  1
 CATEGORIES=    mail www
 MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE:=squirrelmail/}
diff -r c90fdd4aa030 -r 20740d040d12 mail/squirrelmail/PLIST
--- a/mail/squirrelmail/PLIST   Fri Dec 14 19:07:44 2007 +0000
+++ b/mail/squirrelmail/PLIST   Fri Dec 14 20:44:35 2007 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.24 2007/12/05 07:11:28 martti Exp $
+@comment $NetBSD: PLIST,v 1.25 2007/12/14 20:44:35 martti Exp $
 man/man8/squirrelmail-conf.pl.8
 share/examples/squirrelmail/squirrelmail.conf
 share/squirrelmail/AUTHORS
@@ -58,6 +58,7 @@
 share/squirrelmail/doc/ReleaseNotes/1.4/Notes-1.4.10a.txt
 share/squirrelmail/doc/ReleaseNotes/1.4/Notes-1.4.11.txt
 share/squirrelmail/doc/ReleaseNotes/1.4/Notes-1.4.12.txt
+share/squirrelmail/doc/ReleaseNotes/1.4/Notes-1.4.13.txt
 share/squirrelmail/doc/ReleaseNotes/1.4/Notes-1.4.2.txt
 share/squirrelmail/doc/ReleaseNotes/1.4/Notes-1.4.3.txt
 share/squirrelmail/doc/ReleaseNotes/1.4/Notes-1.4.3a.txt
diff -r c90fdd4aa030 -r 20740d040d12 mail/squirrelmail/distinfo
--- a/mail/squirrelmail/distinfo        Fri Dec 14 19:07:44 2007 +0000
+++ b/mail/squirrelmail/distinfo        Fri Dec 14 20:44:35 2007 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.44 2007/12/05 11:25:57 taca Exp $
+$NetBSD: distinfo,v 1.45 2007/12/14 20:44:35 martti Exp $
 
 SHA1 (squirrelmail-1.4.11-lite-20071003-patch.bz2) = 8823810ca00ab5510a48db78826112a9482d1895
 RMD160 (squirrelmail-1.4.11-lite-20071003-patch.bz2) = 98649a1639567bb6669e9cfc0ca8b0743ebfb46e
@@ -6,7 +6,7 @@
 SHA1 (squirrelmail-1.4.12-ja-20071205-patch.gz) = 16de8fb72ce13cf302279772eb0d3df84e409b3f
 RMD160 (squirrelmail-1.4.12-ja-20071205-patch.gz) = fac415d26cfc5d297f927830b1fd8704e0b5b189
 Size (squirrelmail-1.4.12-ja-20071205-patch.gz) = 7739 bytes
-SHA1 (squirrelmail-1.4.12.tar.bz2) = cf5c716fe2b356bafa0aa10ebdb9980339c3a0cb
-RMD160 (squirrelmail-1.4.12.tar.bz2) = a25130f4eab2a84914f021a7baa432383f7ef551
-Size (squirrelmail-1.4.12.tar.bz2) = 496632 bytes
+SHA1 (squirrelmail-1.4.13.tar.bz2) = cbc101076dfde6f78e871133fc6a17b5d3aa0edb
+RMD160 (squirrelmail-1.4.13.tar.bz2) = d2d27c9e2fe6225833da15981b9d6881ce55fc6d
+Size (squirrelmail-1.4.13.tar.bz2) = 497103 bytes
 SHA1 (patch-aa) = 6f48193a3b4ee86e85afcc66e2299ecbfe375796