ports/106306: mail/squirrelmail security update

Neil Darlow neil at darlow.co.uk
Mon Dec 4 10:50:30 UTC 2006 

>Number:         106306
>Category:       ports
>Synopsis:       mail/squirrelmail security update
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Mon Dec 04 10:50:14 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     Neil Darlow
>Release:        FreeBSD 6.1-RELEASE-p10 i386
>Organization:
>Environment:
System: FreeBSD router.darlow.co.uk 6.1-RELEASE-p10 FreeBSD 6.1-RELEASE-p10 #0: Sun Oct 1 16:54:02 BST 2006 root at router.darlow.co.uk:/usr/obj/usr/src/sys/ROUTER i386
>Description:
mail/squirrelmail has multiple XSS vulnerabilities prior to version 1.4.9a
		This update also fixes an Internet Explorer MIME handling issue
		The locales file has been updated to 1.4.8-20060903, hence some changes to pkg-plist
>How-To-Repeat:
N/A
>Fix:
diff -ur squirrelmail.orig/Makefile squirrelmail/Makefile
--- squirrelmail.orig/Makefile  Sun Aug 13 14:18:50 2006
+++ squirrelmail/Makefile       Mon Dec  4 09:35:39 2006
@@ -6,12 +6,12 @@
 #
 
 PORTNAME=      squirrelmail
-PORTVERSION=   1.4.8
+PORTVERSION=   1.4.9a
 CATEGORIES=    mail www
 MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE}
 MASTER_SITE_SUBDIR=    ${PORTNAME}
 DISTFILES=     ${DISTNAME}${EXTRACT_SUFX} \
-               all_locales-1.4.7-20060702${EXTRACT_SUFX}
+               all_locales-1.4.8-20060903${EXTRACT_SUFX}
 DIST_SUBDIR=   ${PORTNAME}
 
 MAINTAINER=    simond at irrelevant.org
diff -ur squirrelmail.orig/distinfo squirrelmail/distinfo
--- squirrelmail.orig/distinfo  Sun Aug 13 14:18:50 2006
+++ squirrelmail/distinfo       Mon Dec  4 09:42:00 2006
@@ -1,6 +1,6 @@
-MD5 (squirrelmail/squirrelmail-1.4.8.tar.bz2) = ba3306e4790bbdb10eaccb00195f5107
-SHA256 (squirrelmail/squirrelmail-1.4.8.tar.bz2) = 120459b92a804deaf7aaa064ee12e986adc0289af506bb4b296a45a7aba4456d
-SIZE (squirrelmail/squirrelmail-1.4.8.tar.bz2) = 474528
-MD5 (squirrelmail/all_locales-1.4.7-20060702.tar.bz2) = 4b78f4612ef0a68e5a81a818a113497c
-SHA256 (squirrelmail/all_locales-1.4.7-20060702.tar.bz2) = 7d60b79397f7d55dc5fc06e421e923e0cecdeb115f3d64e85d49a2a89f3b353a
-SIZE (squirrelmail/all_locales-1.4.7-20060702.tar.bz2) = 2614000
+MD5 (squirrelmail/squirrelmail-1.4.9a.tar.bz2) = 3adf66bfe2e816ba8375cf811d8ef3f6
+SHA256 (squirrelmail/squirrelmail-1.4.9a.tar.bz2) = 0a33ef186ff898017f788f5a6783d3303a879ea4e20ccfc6e124ad38d9954f95
+SIZE (squirrelmail/squirrelmail-1.4.9a.tar.bz2) = 481601
+MD5 (squirrelmail/all_locales-1.4.8-20060903.tar.bz2) = f8a042fd6b3ea68a3da49c3398224205
+SHA256 (squirrelmail/all_locales-1.4.8-20060903.tar.bz2) = 24fd4af596eb20fe0b0c1e42e45142ed048cea98b141e4e2c98b367fdc5d76e7
+SIZE (squirrelmail/all_locales-1.4.8-20060903.tar.bz2) = 2668940
diff -ur squirrelmail.orig/pkg-plist squirrelmail/pkg-plist
--- squirrelmail.orig/pkg-plist Sun Aug 13 14:18:50 2006
+++ squirrelmail/pkg-plist      Mon Dec  4 10:21:27 2006
@@ -333,15 +333,6 @@
 %%SQUIRRELDIR%%/help/sv_SE/options.hlp
 %%SQUIRRELDIR%%/help/sv_SE/read_mail.hlp
 %%SQUIRRELDIR%%/help/sv_SE/search.hlp
-%%SQUIRRELDIR%%/help/th_TH/addresses.hlp
-%%SQUIRRELDIR%%/help/th_TH/basic.hlp
-%%SQUIRRELDIR%%/help/th_TH/compose.hlp
-%%SQUIRRELDIR%%/help/th_TH/FAQ.hlp
-%%SQUIRRELDIR%%/help/th_TH/folders.hlp
-%%SQUIRRELDIR%%/help/th_TH/main_folder.hlp
-%%SQUIRRELDIR%%/help/th_TH/options.hlp
-%%SQUIRRELDIR%%/help/th_TH/read_mail.hlp
-%%SQUIRRELDIR%%/help/th_TH/search.hlp
 %%SQUIRRELDIR%%/help/uk_UA/addresses.hlp
 %%SQUIRRELDIR%%/help/uk_UA/basic.hlp
 %%SQUIRRELDIR%%/help/uk_UA/compose.hlp
@@ -455,6 +446,8 @@
 %%SQUIRRELDIR%%/locale/de_DE/LC_MESSAGES/calendar.po
 %%SQUIRRELDIR%%/locale/de_DE/LC_MESSAGES/change_sqlpass.mo
 %%SQUIRRELDIR%%/locale/de_DE/LC_MESSAGES/change_sqlpass.po
+%%SQUIRRELDIR%%/locale/de_DE/LC_MESSAGES/compatibility.mo
+%%SQUIRRELDIR%%/locale/de_DE/LC_MESSAGES/compatibility.po
 %%SQUIRRELDIR%%/locale/de_DE/LC_MESSAGES/empty_folders.mo
 %%SQUIRRELDIR%%/locale/de_DE/LC_MESSAGES/empty_folders.po
 %%SQUIRRELDIR%%/locale/de_DE/LC_MESSAGES/expire.mo
@@ -572,8 +565,12 @@
 %%SQUIRRELDIR%%/locale/id_ID/LC_MESSAGES/askuserinfo.po
 %%SQUIRRELDIR%%/locale/id_ID/LC_MESSAGES/compatibility.mo
 %%SQUIRRELDIR%%/locale/id_ID/LC_MESSAGES/compatibility.po
+%%SQUIRRELDIR%%/locale/id_ID/LC_MESSAGES/cookie_warning.mo
+%%SQUIRRELDIR%%/locale/id_ID/LC_MESSAGES/cookie_warning.po
 %%SQUIRRELDIR%%/locale/id_ID/LC_MESSAGES/folder_sizes.mo
 %%SQUIRRELDIR%%/locale/id_ID/LC_MESSAGES/folder_sizes.po
+%%SQUIRRELDIR%%/locale/id_ID/LC_MESSAGES/select_language.mo
+%%SQUIRRELDIR%%/locale/id_ID/LC_MESSAGES/select_language.po
 %%SQUIRRELDIR%%/locale/id_ID/LC_MESSAGES/squirrelmail.mo
 %%SQUIRRELDIR%%/locale/id_ID/LC_MESSAGES/squirrelmail.po
 %%SQUIRRELDIR%%/locale/id_ID/setup.php
@@ -737,6 +734,8 @@
 %%SQUIRRELDIR%%/locale/nl_NL/setup.php
 %%SQUIRRELDIR%%/locale/nn_NO/LC_MESSAGES/abook_import_export.mo
 %%SQUIRRELDIR%%/locale/nn_NO/LC_MESSAGES/abook_import_export.po
+%%SQUIRRELDIR%%/locale/nn_NO/LC_MESSAGES/advanced_settings.mo
+%%SQUIRRELDIR%%/locale/nn_NO/LC_MESSAGES/advanced_settings.po
 %%SQUIRRELDIR%%/locale/nn_NO/LC_MESSAGES/archive_mail.mo
 %%SQUIRRELDIR%%/locale/nn_NO/LC_MESSAGES/archive_mail.po
 %%SQUIRRELDIR%%/locale/nn_NO/LC_MESSAGES/askuserinfo.mo
@@ -777,6 +776,8 @@
 %%SQUIRRELDIR%%/locale/nn_NO/LC_MESSAGES/multilogin.po
 %%SQUIRRELDIR%%/locale/nn_NO/LC_MESSAGES/naguser.mo
 %%SQUIRRELDIR%%/locale/nn_NO/LC_MESSAGES/naguser.po
+%%SQUIRRELDIR%%/locale/nn_NO/LC_MESSAGES/newuser_wiz.mo
+%%SQUIRRELDIR%%/locale/nn_NO/LC_MESSAGES/newuser_wiz.po
 %%SQUIRRELDIR%%/locale/nn_NO/LC_MESSAGES/proon.mo
 %%SQUIRRELDIR%%/locale/nn_NO/LC_MESSAGES/proon.po
 %%SQUIRRELDIR%%/locale/nn_NO/LC_MESSAGES/qmailadmin_login.mo
@@ -1027,7 +1028,6 @@
 %%SQUIRRELDIR%%/plugins/mail_fetch/index.php
 %%SQUIRRELDIR%%/plugins/mail_fetch/options.php
 %%SQUIRRELDIR%%/plugins/mail_fetch/setup.php
-%%SQUIRRELDIR%%/plugins/make_archive.pl
 %%SQUIRRELDIR%%/plugins/message_details/index.php
 %%SQUIRRELDIR%%/plugins/message_details/message_details_bottom.php
 %%SQUIRRELDIR%%/plugins/message_details/message_details_main.php
@@ -1313,7 +1313,6 @@
 @dirrm %%SQUIRRELDIR%%/images
 @dirrm %%SQUIRRELDIR%%/help/zh_CN
 @dirrm %%SQUIRRELDIR%%/help/uk_UA
- at dirrm %%SQUIRRELDIR%%/help/th_TH
 @dirrm %%SQUIRRELDIR%%/help/sv_SE
 @dirrm %%SQUIRRELDIR%%/help/sr_YU
 @dirrm %%SQUIRRELDIR%%/help/sl_SI

>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list