FreeBSD Bugzilla – Attachment 184070 Details for
Bug 219801
mail/squirrelmail, mail/squirrelmail-translations: Update to 20170705 (Also fixes CVE-2017-7692)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
mail/squirrelmail update to 20170705
squirrelmail-20170705.diff (text/plain), 7.43 KB, created by
Zsolt Udvari
on 2017-07-05 11:52:02 UTC
(
hide
)
Description:
mail/squirrelmail update to 20170705
Filename:
MIME Type:
Creator:
Zsolt Udvari
Created:
2017-07-05 11:52:02 UTC
Size:
7.43 KB
patch
obsolete
>Index: Makefile >=================================================================== >--- Makefile (revision 445040) >+++ Makefile (working copy) >@@ -2,13 +2,14 @@ > # $FreeBSD$ > > PORTNAME= squirrelmail >-PORTVERSION= 20161030 >+PORTVERSION= 20170705 > CATEGORIES= mail www >-MASTER_SITES= LOCAL/adamw/squirrelmail >+MASTER_SITES= http://snapshots.squirrelmail.org/ \ >+ http://freebsd.uzsolt.hu/src/ > DISTNAME= ${PORTNAME}-${PORTVERSION}_0200-SVN.stable > DIST_SUBDIR= ${PORTNAME} > >-MAINTAINER= ports@FreeBSD.org >+MAINTAINER= uzsolt@uzsolt.hu > COMMENT= Webmail system which accesses mail over IMAP > > LICENSE= GPLv2+ >Index: distinfo >=================================================================== >--- distinfo (revision 445040) >+++ distinfo (working copy) >@@ -1,3 +1,3 @@ >-TIMESTAMP = 1477843339 >-SHA256 (squirrelmail/squirrelmail-20161030_0200-SVN.stable.tar.bz2) = 5a187955b048e557276b73c74bc38dfa78e2f63e4d3273163ef1e5283f2874e6 >-SIZE (squirrelmail/squirrelmail-20161030_0200-SVN.stable.tar.bz2) = 560672 >+TIMESTAMP = 1499253804 >+SHA256 (squirrelmail/squirrelmail-20170705_0200-SVN.stable.tar.bz2) = 53ff6540eb46f737bb631f6d5e0fb80c19b42ab33b1e28a38b4bc469e26a63a8 >+SIZE (squirrelmail/squirrelmail-20170705_0200-SVN.stable.tar.bz2) = 563043 >Index: files/patch-functions__i18n.php >=================================================================== >--- files/patch-functions__i18n.php (revision 445040) >+++ files/patch-functions__i18n.php (working copy) >@@ -1,12 +1,32 @@ >---- functions/i18n.php.orig 2015-01-03 03:56:32 UTC >+--- functions/i18n.php.orig 2017-07-05 11:28:23 UTC > +++ functions/i18n.php >-@@ -683,7 +683,8 @@ function japanese_charset_xtra() { >- $useragent = func_get_arg(2); >- if (strstr($useragent, 'Windows') !== false || >- strstr($useragent, 'Mac_') !== false) { >-- $ret = mb_convert_encoding($ret, 'SJIS', 'AUTO'); >-+ $ret = mb_convert_encoding($ret, 'UTF-8', 'AUTO'); >-+ >- } else { >- $ret = mb_convert_encoding($ret, 'EUC-JP', 'AUTO'); >+@@ -159,15 +159,17 @@ function sq_setlocale($category,$locale) > } >+ >+ /** >+- * Converts string from given charset to charset, that can be displayed by user translation. >++ * Converts a string from the given $charset to a character set that >++ * can be displayed by the current user interface language (translation) >+ * >+- * Function by default returns html encoded strings, if translation uses different encoding. >++ * Function by default returns html encoded strings if translation uses >++ * different encoding. >+ * If Japanese translation is used - function returns string converted to euc-jp >+ * If $charset is not supported - function returns unconverted string. >+ * >+ * sanitizing of html tags is also done by this function. >+ * >+- * @param string $charset >++ * @param string $charset The charset of the incoming string >+ * @param string $string Text to be decoded >+ * @param boolean $force_decode converts string to html without $charset!=$default_charset check. >+ * Argument is available since 1.4.5 and 1.5.1. >+@@ -184,7 +186,7 @@ function charset_decode ($charset, $stri >+ } >+ >+ /* All HTML special characters are 7 bit and can be replaced first */ >+- if (! $save_html) $string = sm_encode_html_special_chars ($string); >++ if (! $save_html) $string = sm_encode_html_special_chars($string, ENT_COMPAT, $charset); >+ $charset = strtolower($charset); >+ >+ set_my_charset(); >Index: files/patch-functions_strings.php >=================================================================== >--- files/patch-functions_strings.php (nonexistent) >+++ files/patch-functions_strings.php (working copy) >@@ -0,0 +1,71 @@ >+--- functions/strings.php.orig 2017-01-27 20:31:33 UTC >++++ functions/strings.php >+@@ -1489,7 +1489,13 @@ function sm_validate_security_token($tok >+ * (See http://php.net/manual/function.htmlspecialchars.php ) >+ * (OPTIONAL; default ENT_COMPAT, ENT_COMPAT | ENT_SUBSTITUTE for PHP >=5.4) >+ * @param string $encoding The character encoding to use in the conversion >+- * (OPTIONAL; default automatic detection) >++ * (if not one of the character sets supported >++ * by PHP's htmlspecialchars(), then $encoding >++ * will be ignored and iso-8859-1 will be used, >++ * unless a default has been specified in >++ * $default_htmlspecialchars_encoding in >++ * config_local.php) (OPTIONAL; default automatic >++ * detection) >+ * @param boolean $double_encode Whether or not to convert entities that are >+ * already in the string (only supported in >+ * PHP 5.2.3+) (OPTIONAL; default TRUE) >+@@ -1500,6 +1506,31 @@ function sm_validate_security_token($tok >+ function sm_encode_html_special_chars($string, $flags=ENT_COMPAT, >+ $encoding=NULL, $double_encode=TRUE) >+ { >++ >++ // charsets supported by PHP's htmlspecialchars >++ // (move this elsewhere if needed) >++ // >++ static $htmlspecialchars_charsets = array( >++ 'iso-8859-1', 'iso8859-1', >++ 'iso-8859-5', 'iso8859-5', >++ 'iso-8859-15', 'iso8859-15', >++ 'utf-8', >++ 'cp866', 'ibm866', '866', >++ 'cp1251', 'windows-1251', 'win-1251', '1251', >++ 'cp1252', 'windows-1252', '1252', >++ 'koi8-R', 'koi8-ru', 'koi8r', >++ 'big5', '950', >++ 'gb2312', '936', >++ 'big5-hkscs', >++ 'shift_jis', 'sjis', 'sjis-win', 'cp932', '932', >++ 'euc-jp', 'eucjp', 'eucjp-win', >++ 'macroman', >++ ); >++ >++ >++ // if not given, set encoding to the charset being >++ // used by the current user interface language >++ // >+ if (!$encoding) >+ { >+ global $default_charset; >+@@ -1508,6 +1539,21 @@ function sm_encode_html_special_chars($s >+ $encoding = $default_charset; >+ } >+ >++ >++ // make sure htmlspecialchars() supports the needed encoding >++ // >++ if (!in_array(strtolower($encoding), $htmlspecialchars_charsets)) >++ { >++ // use default from configuration if provided or hard-coded fallback >++ // >++ global $default_htmlspecialchars_encoding; >++ if (!empty($default_htmlspecialchars_encoding)) >++ $encoding = $default_htmlspecialchars_encoding; >++ else >++ $encoding = 'iso-8859-1'; >++ } >++ >++ >+ if (check_php_version(5, 2, 3)) { >+ // Replace invalid characters with a symbol instead of returning >+ // empty string for the entire to be encoded string. > >Property changes on: files/patch-functions_strings.php >___________________________________________________________________ >Added: fbsd:nokeywords >## -0,0 +1 ## >+yes >\ No newline at end of property >Added: svn:eol-style >## -0,0 +1 ## >+native >\ No newline at end of property >Added: svn:mime-type >## -0,0 +1 ## >+text/plain >\ No newline at end of property >Index: pkg-plist >=================================================================== >--- pkg-plist (revision 445040) >+++ pkg-plist (working copy) >@@ -235,6 +235,7 @@ > %%SQUIRRELDIR%%/plugins/squirrelspell/js/init.js > %%SQUIRRELDIR%%/plugins/squirrelspell/modules/.htaccess > %%SQUIRRELDIR%%/plugins/squirrelspell/modules/WHATISTHIS >+%%SQUIRRELDIR%%/plugins/squirrelspell/modules/change_main_options.mod > %%SQUIRRELDIR%%/plugins/squirrelspell/modules/check_me.mod > %%SQUIRRELDIR%%/plugins/squirrelspell/modules/crypto.mod > %%SQUIRRELDIR%%/plugins/squirrelspell/modules/crypto_badkey.mod
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=184070">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 219801
:
183240
|
183241
| 184070 |
184072