Subject: CVS commit: [pkgsrc-2006Q3] pkgsrc/mail/squirrelmail
To: None <>
From: Geert Hendrickx <>
List: pkgsrc-changes
Date: 12/05/2006 08:21:34
Module Name:	pkgsrc
Committed By:	ghen
Date:		Tue Dec  5 08:21:34 UTC 2006

Modified Files:
	pkgsrc/mail/squirrelmail [pkgsrc-2006Q3]: Makefile PLIST distinfo
	pkgsrc/mail/squirrelmail/patches [pkgsrc-2006Q3]: patch-aa

Log Message:
Pullup ticket 1934 - requested by obache
security update for squirrelmail

- pkgsrc/mail/squirrelmail/Makefile		1.77-1.78
- pkgsrc/mail/squirrelmail/PLIST		1.20
- pkgsrc/mail/squirrelmail/distinfo		1.35
- pkgsrc/mail/squirrelmail/patches/patch-aa	1.12

   Module Name:	pkgsrc
   Committed By:	tv
   Date:		Fri Nov 10 17:38:47 UTC 2006

   Modified Files:
	pkgsrc/mail/squirrelmail: Makefile

   Log Message:
   Use find -print | xargs rather than find -exec.
   Module Name:	pkgsrc
   Committed By:	obache
   Date:		Mon Dec  4 13:06:01 UTC 2006

   Modified Files:
	pkgsrc/mail/squirrelmail: Makefile PLIST distinfo
	pkgsrc/mail/squirrelmail/patches: patch-aa

   Log Message:
   Update squirrelmail to 1.4.9a.

   Version 1.4.9a - 3 December 2006
     - Security: Multiple IE cross site scripting issues related to the
       widely acceptation of the word expression and url by IE.
     - Security: Removing @import when sanitizing html mail.

   Version 1.4.9 - 2 December 2006
     - Drop obsolete script plugins/
     - Fixed Google translate form in translate plugin. Added new language
     - Added XMAGICTRASH extension tests in configtest utility. Removed code
       that handled 'inbox.trash' as special folder in courier (#1354393).
     - Allowed moving folders to trash in courier.
     - Fix misspelled constant PREG_SPLIT_NI_EMPTY in sqimap_get_message
     - Provide View Unsafe Images link on viewing a text/html attachment.
     - Fix variable typo in folders_create.php (#1545316).
     - Added Courier IMAP OUTBOX check to configtest utility.
     - If mailbox name starts with slash or contains ../, error message is
       generated. Safety check for insecure default UW IMAP setup (#1557078).
     - Ignore message copy errors when messages are deleted. Allows to delete
       messages when quota is exceeded (#614887, #646386, #1446026).
     - Fixed unintended literal fetching (#1562271).
     - Added global file based address book listing controls. Added line
       length configuration option for local_file address book backend
       (#1181561). Added address book data integrity checks in local_file
       address book backend. Fixed eregi and object notices in local_file
       and database address book backends. Added additional address book
       field support.
     - Fixed variable corruption in configtest utility.
     - Checked if configuration file is readable in configuration utility
     - Special mailboxes marked in special_mailbox hook are no longer listed
       in folder delete, rename and subscription options.
     - Translate plugin: prevent PHP notice when viewing empty message.
     - Add CEST and MEST (non-standard) timezone codes for +0200.
     - Add <label> to From field in message list.
     - Add support for parsing SpamAssassin's X-Spam-Status header (#1589520).
     - Fix in bodystructure parser code related to strings ending with an
       escape character.
     - Added "attachment */*" hook
     - Added third parameter $logout_link to logout_error hook that allows
       plugin control over login page URI displayed on login error page.
     - Security: close cross site scripting vulnerability in draft, compose
       and mailto functionality [CVE-2006-6142].
     - Security: work around an issue in Internet Explorer that would guess
       the mime type of a file based on contents, not Content-Type header.

To generate a diff of this commit:
cvs rdiff -r1.76 -r1.76.2.1 pkgsrc/mail/squirrelmail/Makefile
cvs rdiff -r1.19 -r1.19.2.1 pkgsrc/mail/squirrelmail/PLIST
cvs rdiff -r1.34 -r1.34.2.1 pkgsrc/mail/squirrelmail/distinfo
cvs rdiff -r1.11 -r1.11.2.1 pkgsrc/mail/squirrelmail/patches/patch-aa

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.