CVS commit: [pkgsrc-2019Q2] pkgsrc/mail/squirrelmail

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: [pkgsrc-2019Q2] pkgsrc/mail/squirrelmail
From: "Benny Siegert" <bsiegert%netbsd.org@localhost>
Date: Fri, 9 Aug 2019 12:38:43 +0000

Module Name:    pkgsrc
Committed By:   bsiegert
Date:           Fri Aug  9 12:38:43 UTC 2019

Modified Files:
        pkgsrc/mail/squirrelmail [pkgsrc-2019Q2]: Makefile PLIST distinfo

Log Message:
Pullup ticket #6012 - requested by taca
mail/squirrelmail: security fix

Revisions pulled up:
- mail/squirrelmail/Makefile                                    1.137
- mail/squirrelmail/PLIST                                       1.42
- mail/squirrelmail/distinfo                                    1.71

---
   Module Name: pkgsrc
   Committed By:        taca
   Date:                Wed Jul 24 03:49:35 UTC 2019

   Modified Files:
        pkgsrc/mail/squirrelmail: Makefile PLIST distinfo

   Log Message:
   mail/squirrelmail: update to 1.4.23pre14832

   Update squirrelmail to 1.4.23pre14832.

   - Changed anti-CSRF security token lifetime to be session-based.
   - Added favicon and ability for admins to use their own by setting
     $head_tag_extra in config_local.php (see documented comments in,
     for example, src/webmail.php)
   - Altered hook types "do_hook_function" and "concat_hook_function"
     such that the ultimate hook return value (in its current state,
     as computed (or not) by the plugins that have executed previously)
     is both globalized and passed as an additional argument to each
     plugin.  This allows plugins to cooperate better and not overwrite
     each other's return values.
   - Updated SVG handling, closing several related vulnerabilities
     (#2831) [CVE-2018-14950] [CVE-2018-14951] [CVE-2018-14952]
     [CVE-2018-14953] [CVE-2018-14954] [CVE-2018-14955]
   - Added IMAP ID command (RFC2971), sent after every login - use
     by setting $imap_id_command_args in config/config_local.php
     (see notes in functions/imap_general.php for more details)
   - Fixed PHP7 warnings (#2847)
   - Added handling for RCDATA and RAWTEXT elements in HTML sanitizer
     [CVE-2019-12970]


To generate a diff of this commit:
cvs rdiff -u -r1.136 -r1.136.2.1 pkgsrc/mail/squirrelmail/Makefile
cvs rdiff -u -r1.41 -r1.41.20.1 pkgsrc/mail/squirrelmail/PLIST
cvs rdiff -u -r1.70 -r1.70.10.1 pkgsrc/mail/squirrelmail/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/mail/squirrelmail/Makefile
diff -u pkgsrc/mail/squirrelmail/Makefile:1.136 pkgsrc/mail/squirrelmail/Makefile:1.136.2.1
--- pkgsrc/mail/squirrelmail/Makefile:1.136     Thu May 23 19:23:08 2019
+++ pkgsrc/mail/squirrelmail/Makefile   Fri Aug  9 12:38:43 2019
@@ -1,11 +1,10 @@
-# $NetBSD: Makefile,v 1.136 2019/05/23 19:23:08 rillig Exp $
+# $NetBSD: Makefile,v 1.136.2.1 2019/08/09 12:38:43 bsiegert Exp $
 
-DISTNAME=      squirrelmail-webmail-1.4.23pre14764
+DISTNAME=      squirrelmail-webmail-1.4.23pre14832
 PKGNAME=       ${DISTNAME:S/-webmail//}
-PKGREVISION=   1
 CATEGORIES=    mail www
 MASTER_SITES=  ${MASTER_SITE_LOCAL}
-EXTRACT_SUFX=  .tar.bz2
+EXTRACT_SUFX=  .tar.xz
 
 MAINTAINER=    taca%NetBSD.org@localhost
 HOMEPAGE=      http://www.squirrelmail.org/

Index: pkgsrc/mail/squirrelmail/PLIST
diff -u pkgsrc/mail/squirrelmail/PLIST:1.41 pkgsrc/mail/squirrelmail/PLIST:1.41.20.1
--- pkgsrc/mail/squirrelmail/PLIST:1.41 Wed Jun 21 15:07:03 2017
+++ pkgsrc/mail/squirrelmail/PLIST      Fri Aug  9 12:38:43 2019
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.41 2017/06/21 15:07:03 taca Exp $
+@comment $NetBSD: PLIST,v 1.41.20.1 2019/08/09 12:38:43 bsiegert Exp $
 man/man8/squirrelmail-conf.pl.8
 share/examples/squirrelmail/data/.htaccess
 share/examples/squirrelmail/data/index.php
@@ -95,6 +95,7 @@ share/squirrelmail/doc/russian_apache.tx
 share/squirrelmail/doc/security.txt
 share/squirrelmail/doc/translating.txt
 share/squirrelmail/doc/translating_help.txt
+share/squirrelmail/favicon.ico
 share/squirrelmail/functions/.htaccess
 share/squirrelmail/functions/abook_database.php
 share/squirrelmail/functions/abook_ldap_server.php

Index: pkgsrc/mail/squirrelmail/distinfo
diff -u pkgsrc/mail/squirrelmail/distinfo:1.70 pkgsrc/mail/squirrelmail/distinfo:1.70.10.1
--- pkgsrc/mail/squirrelmail/distinfo:1.70      Mon Apr 30 07:56:55 2018
+++ pkgsrc/mail/squirrelmail/distinfo   Fri Aug  9 12:38:43 2019
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.70 2018/04/30 07:56:55 taca Exp $
+$NetBSD: distinfo,v 1.70.10.1 2019/08/09 12:38:43 bsiegert Exp $
 
-SHA1 (squirrelmail-webmail-1.4.23pre14764.tar.bz2) = 9fd0ddfd393be97373d5b839143285527c3cb9c4
-RMD160 (squirrelmail-webmail-1.4.23pre14764.tar.bz2) = 8b40681f8fa0cc9e25282d1215e6b88c2566c73b
-SHA512 (squirrelmail-webmail-1.4.23pre14764.tar.bz2) = 391d305184d88f4797ffb2203134bebfcd9327de063510155bc295f8edb1609dc2ea6e0f5e6d6f75e92e7fbfd938804aa0f155857c3c82c6a9f72f21b7ebf5a3
-Size (squirrelmail-webmail-1.4.23pre14764.tar.bz2) = 562786 bytes
+SHA1 (squirrelmail-webmail-1.4.23pre14832.tar.xz) = 32c38a24766fb5d0364253fdab36501923d7d9cd
+RMD160 (squirrelmail-webmail-1.4.23pre14832.tar.xz) = 689831ce73482384ce90b1ccfc84f81b29ad17eb
+SHA512 (squirrelmail-webmail-1.4.23pre14832.tar.xz) = b8a380f5bb72d2fdb2793edaf10410f3a3cdd8e3f7a44a4d3775be22cb202f29b2ee7c574f33986cfcb2d066dc6085b9b8092340f526e2c3dc8be1b39ccd8d12
+Size (squirrelmail-webmail-1.4.23pre14832.tar.xz) = 519160 bytes
 SHA1 (patch-aa) = 4ba7ea0a85308816b9dc77c0af3c927359ed1275
 SHA1 (patch-ab) = 30bf68c730f20e817fbe81d18bc2a95899ee3fd0
 SHA1 (patch-ai) = e1a23673bf19bbbd88b00fb6bab3d6d1c8c11575

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/graphics
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/graphics
Indexes:

Home | Main Index | Thread Index | Old Index