Bug 93774 - mail/squirrelmail update to 1.4.6 (security update)
Summary: mail/squirrelmail update to 1.4.6 (security update)
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Renato Botelho
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-02-24 00:40 UTC by thomas
Modified: 2006-03-01 20:23 UTC (History)
0 users

See Also:

Attachments
file.diff (584 bytes, patch)
2006-02-24 00:40 UTC, thomas 		no flags Details | Diff
file.diff (1.22 KB, patch)
2006-02-24 00:40 UTC, thomas 		no flags Details | Diff
sq.diff (30.44 KB, patch)
2006-02-24 11:13 UTC, simond 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description thomas 2006-02-24 00:40:07 UTC 
	- This update fixes: IMAP injection in sqimap_mailbox_select mailbox parameter (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0377)
	- Possible XSS in MagicHTML (IE only) (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0195)
	- Possible XSS through right_frame parameter in webmail.php (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0188)
	Please remove local port patches in squirrelmail/files:
	patch-class-deliver-Deliver.class.php
	patch-class-mime-Message.class.php
	patch-functions-imap_general.php
	patch-squirrelmail-stable.diff
	
	 All this patches are included in Squirrelmail 1.4.6
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2006-02-24 00:44:10 UTC 
State Changed
From-To: open->feedback

Awaiting maintainers feedback
Comment 2 thomas 2006-02-24 02:09:52 UTC 
Hi

I forgot to adapt the PATCH_DEBUG section in the Makefile. I hope this
one is correct.

Regards,
Thomas


--- squirrelmail.orig/Makefile  Thu Feb  9 18:18:50 2006
+++ squirrelmail/Makefile       Fri Feb 24 03:05:41 2006
@@ -6,13 +6,12 @@
 #

 PORTNAME=      squirrelmail
-PORTVERSION?=  1.4.5
-PORTREVISION?= 3
+PORTVERSION?=  1.4.6
 CATEGORIES?=   mail www
 MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE}
 MASTER_SITE_SUBDIR=    squirrelmail
 DISTFILES=     ${DISTNAME}${EXTRACT_SUFX} \
-               all_locales-${PORTVERSION}-20050904${EXTRACT_SUFX}
+               all_locales-${PORTVERSION}-20060221${EXTRACT_SUFX}
 DIST_SUBDIR=   squirrelmail

 MAINTAINER?=   simond@irrelevant.org
@@ -64,15 +63,7 @@

 post-patch: slaveport-post-patch
 .ifndef PATCH_DEBUG
-       @${RM} -f ${WRKSRC}/config/config_default.php.orig \
-                 ${WRKSRC}/src/configtest.php.orig \
-                 ${WRKSRC}/src/search.php.orig \
-                 ${WRKSRC}/class/mime/Rfc822Header.class.php.orig \
-                 ${WRKSRC}/functions/imap_messages.php.orig \
-                 ${WRKSRC}/plugins/listcommands/setup.php.orig \
-                 ${WRKSRC}/class/mime/Message.class.php.orig \
-                 ${WRKSRC}/class/deliver/Deliver.class.php.orig \
-                 ${WRKSRC}/functions/imap_general.php.orig
+       @${RM} -f ${WRKSRC}/config/config_default.php.orig
 .endif
        @${SED} -e "s;%%SQUIRRELDIR%%;${SQUIRRELDIR};g" \
                ${MASTERDIR}/pkg-install > ${PKGINSTALL}
Comment 3 simond 2006-02-24 10:28:05 UTC 
Please don't apply this patch, I'll submit a proper one to this pr
shortly (problems with plist in the submitted version)

-- 
Simon Dick <simond@irrelevant.org>
Comment 4 simond 2006-02-24 11:13:46 UTC 
OK, please remove all patches in the files dir except
patch-config-config_default.php and then apply the attached diff

-- 
Simon Dick <simond@irrelevant.org>
Comment 5 Renato Botelho freebsd_committer freebsd_triage 2006-03-01 18:56:02 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->garga

Grabbed
Comment 6 Renato Botelho freebsd_committer freebsd_triage 2006-03-01 18:58:17 UTC 
State Changed
From-To: feedback->open

Maintainer approved it on PR ports/93973
Comment 7 Renato Botelho freebsd_committer freebsd_triage 2006-03-01 20:23:25 UTC 
State Changed
From-To: open->closed

Committed. Thanks!