From owner-freebsd-ports-bugs@FreeBSD.ORG  Mon Dec  4 10:50:30 2006
Return-Path: <owner-freebsd-ports-bugs@FreeBSD.ORG>
X-Original-To: freebsd-ports-bugs@hub.freebsd.org
Delivered-To: freebsd-ports-bugs@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 9C8B516A417
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Mon,  4 Dec 2006 10:50:30 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 574B743CBA
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Mon,  4 Dec 2006 10:49:47 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id kB4AoJUO042901
	for <freebsd-ports-bugs@freefall.freebsd.org>;
	Mon, 4 Dec 2006 10:50:19 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.13.4/8.13.4/Submit) id kB4AoJlZ042900;
	Mon, 4 Dec 2006 10:50:19 GMT (envelope-from gnats)
Resent-Date: Mon, 4 Dec 2006 10:50:19 GMT
Resent-Message-Id: <200612041050.kB4AoJlZ042900@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-ports-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	Neil Darlow <neil@darlow.co.uk>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id A647716A47B
	for <FreeBSD-gnats-submit@freebsd.org>;
	Mon,  4 Dec 2006 10:44:31 +0000 (UTC)
	(envelope-from neil@darlow.co.uk)
Received: from router.darlow.co.uk (cpc1-bigg1-0-0-cust731.lutn.cable.ntl.com
	[80.6.42.220]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2360A43CB3
	for <FreeBSD-gnats-submit@freebsd.org>;
	Mon,  4 Dec 2006 10:43:53 +0000 (GMT)
	(envelope-from neil@darlow.co.uk)
Received: from router.darlow.co.uk (localhost [127.0.0.1])
	by router.darlow.co.uk (Postfix) with ESMTP id 186E3103256
	for <FreeBSD-gnats-submit@freebsd.org>;
	Mon,  4 Dec 2006 10:44:24 +0000 (GMT)
Received: by router.darlow.co.uk (Postfix, from userid 1001)
	id C99F0102D8B; Mon,  4 Dec 2006 10:44:23 +0000 (GMT)
Message-Id: <20061204104423.C99F0102D8B@router.darlow.co.uk>
Date: Mon,  4 Dec 2006 10:44:23 +0000 (GMT)
From: Neil Darlow <neil@darlow.co.uk>
To: FreeBSD-gnats-submit@FreeBSD.org
X-Send-Pr-Version: 3.113
Cc: 
Subject: ports/106306: mail/squirrelmail security update
X-BeenThere: freebsd-ports-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Neil Darlow <neil@darlow.co.uk>
List-Id: Ports bug reports <freebsd-ports-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports-bugs>
List-Post: <mailto:freebsd-ports-bugs@freebsd.org>
List-Help: <mailto:freebsd-ports-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Dec 2006 10:50:30 -0000


>Number:         106306
>Category:       ports
>Synopsis:       mail/squirrelmail security update
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Mon Dec 04 10:50:14 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     Neil Darlow
>Release:        FreeBSD 6.1-RELEASE-p10 i386
>Organization:
>Environment:
System: FreeBSD router.darlow.co.uk 6.1-RELEASE-p10 FreeBSD 6.1-RELEASE-p10 #0: Sun Oct 1 16:54:02 BST 2006 root@router.darlow.co.uk:/usr/obj/usr/src/sys/ROUTER i386
>Description:
mail/squirrelmail has multiple XSS vulnerabilities prior to version 1.4.9a
		This update also fixes an Internet Explorer MIME handling issue
		The locales file has been updated to 1.4.8-20060903, hence some changes to pkg-plist
>How-To-Repeat:
N/A
>Fix:
diff -ur squirrelmail.orig/Makefile squirrelmail/Makefile
--- squirrelmail.orig/Makefile  Sun Aug 13 14:18:50 2006
+++ squirrelmail/Makefile       Mon Dec  4 09:35:39 2006
@@ -6,12 +6,12 @@
 #
 
 PORTNAME=      squirrelmail
-PORTVERSION=   1.4.8
+PORTVERSION=   1.4.9a
 CATEGORIES=    mail www
 MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE}
 MASTER_SITE_SUBDIR=    ${PORTNAME}
 DISTFILES=     ${DISTNAME}${EXTRACT_SUFX} \
-               all_locales-1.4.7-20060702${EXTRACT_SUFX}
+               all_locales-1.4.8-20060903${EXTRACT_SUFX}
 DIST_SUBDIR=   ${PORTNAME}
 
 MAINTAINER=    simond@irrelevant.org
diff -ur squirrelmail.orig/distinfo squirrelmail/distinfo
--- squirrelmail.orig/distinfo  Sun Aug 13 14:18:50 2006
+++ squirrelmail/distinfo       Mon Dec  4 09:42:00 2006
@@ -1,6 +1,6 @@
-MD5 (squirrelmail/squirrelmail-1.4.8.tar.bz2) = ba3306e4790bbdb10eaccb00195f5107
-SHA256 (squirrelmail/squirrelmail-1.4.8.tar.bz2) = 120459b92a804deaf7aaa064ee12e986adc0289af506bb4b296a45a7aba4456d
-SIZE (squirrelmail/squirrelmail-1.4.8.tar.bz2) = 474528
-MD5 (squirrelmail/all_locales-1.4.7-20060702.tar.bz2) = 4b78f4612ef0a68e5a81a818a113497c
-SHA256 (squirrelmail/all_locales-1.4.7-20060702.tar.bz2) = 7d60b79397f7d55dc5fc06e421e923e0cecdeb115f3d64e85d49a2a89f3b353a
-SIZE (squirrelmail/all_locales-1.4.7-20060702.tar.bz2) = 2614000
+MD5 (squirrelmail/squirrelmail-1.4.9a.tar.bz2) = 3adf66bfe2e816ba8375cf811d8ef3f6
+SHA256 (squirrelmail/squirrelmail-1.4.9a.tar.bz2) = 0a33ef186ff898017f788f5a6783d3303a879ea4e20ccfc6e124ad38d9954f95
+SIZE (squirrelmail/squirrelmail-1.4.9a.tar.bz2) = 481601
+MD5 (squirrelmail/all_locales-1.4.8-20060903.tar.bz2) = f8a042fd6b3ea68a3da49c3398224205
+SHA256 (squirrelmail/all_locales-1.4.8-20060903.tar.bz2) = 24fd4af596eb20fe0b0c1e42e45142ed048cea98b141e4e2c98b367fdc5d76e7
+SIZE (squirrelmail/all_locales-1.4.8-20060903.tar.bz2) = 2668940
diff -ur squirrelmail.orig/pkg-plist squirrelmail/pkg-plist
--- squirrelmail.orig/pkg-plist Sun Aug 13 14:18:50 2006
+++ squirrelmail/pkg-plist      Mon Dec  4 10:21:27 2006
@@ -333,15 +333,6 @@
 %%SQUIRRELDIR%%/help/sv_SE/options.hlp
 %%SQUIRRELDIR%%/help/sv_SE/read_mail.hlp
 %%SQUIRRELDIR%%/help/sv_SE/search.hlp
-%%SQUIRRELDIR%%/help/th_TH/addresses.hlp
-%%SQUIRRELDIR%%/help/th_TH/basic.hlp
-%%SQUIRRELDIR%%/help/th_TH/compose.hlp
-%%SQUIRRELDIR%%/help/th_TH/FAQ.hlp
-%%SQUIRRELDIR%%/help/th_TH/folders.hlp
-%%SQUIRRELDIR%%/help/th_TH/main_folder.hlp
-%%SQUIRRELDIR%%/help/th_TH/options.hlp
-%%SQUIRRELDIR%%/help/th_TH/read_mail.hlp
-%%SQUIRRELDIR%%/help/th_TH/search.hlp
 %%SQUIRRELDIR%%/help/uk_UA/addresses.hlp
 %%SQUIRRELDIR%%/help/uk_UA/basic.hlp
 %%SQUIRRELDIR%%/help/uk_UA/compose.hlp
@@ -455,6 +446,8 @@
 %%SQUIRRELDIR%%/locale/de_DE/LC_MESSAGES/calendar.po
 %%SQUIRRELDIR%%/locale/de_DE/LC_MESSAGES/change_sqlpass.mo
 %%SQUIRRELDIR%%/locale/de_DE/LC_MESSAGES/change_sqlpass.po
+%%SQUIRRELDIR%%/locale/de_DE/LC_MESSAGES/compatibility.mo
+%%SQUIRRELDIR%%/locale/de_DE/LC_MESSAGES/compatibility.po
 %%SQUIRRELDIR%%/locale/de_DE/LC_MESSAGES/empty_folders.mo
 %%SQUIRRELDIR%%/locale/de_DE/LC_MESSAGES/empty_folders.po
 %%SQUIRRELDIR%%/locale/de_DE/LC_MESSAGES/expire.mo
@@ -572,8 +565,12 @@
 %%SQUIRRELDIR%%/locale/id_ID/LC_MESSAGES/askuserinfo.po
 %%SQUIRRELDIR%%/locale/id_ID/LC_MESSAGES/compatibility.mo
 %%SQUIRRELDIR%%/locale/id_ID/LC_MESSAGES/compatibility.po
+%%SQUIRRELDIR%%/locale/id_ID/LC_MESSAGES/cookie_warning.mo
+%%SQUIRRELDIR%%/locale/id_ID/LC_MESSAGES/cookie_warning.po
 %%SQUIRRELDIR%%/locale/id_ID/LC_MESSAGES/folder_sizes.mo
 %%SQUIRRELDIR%%/locale/id_ID/LC_MESSAGES/folder_sizes.po
+%%SQUIRRELDIR%%/locale/id_ID/LC_MESSAGES/select_language.mo
+%%SQUIRRELDIR%%/locale/id_ID/LC_MESSAGES/select_language.po
 %%SQUIRRELDIR%%/locale/id_ID/LC_MESSAGES/squirrelmail.mo
 %%SQUIRRELDIR%%/locale/id_ID/LC_MESSAGES/squirrelmail.po
 %%SQUIRRELDIR%%/locale/id_ID/setup.php
@@ -737,6 +734,8 @@
 %%SQUIRRELDIR%%/locale/nl_NL/setup.php
 %%SQUIRRELDIR%%/locale/nn_NO/LC_MESSAGES/abook_import_export.mo
 %%SQUIRRELDIR%%/locale/nn_NO/LC_MESSAGES/abook_import_export.po
+%%SQUIRRELDIR%%/locale/nn_NO/LC_MESSAGES/advanced_settings.mo
+%%SQUIRRELDIR%%/locale/nn_NO/LC_MESSAGES/advanced_settings.po
 %%SQUIRRELDIR%%/locale/nn_NO/LC_MESSAGES/archive_mail.mo
 %%SQUIRRELDIR%%/locale/nn_NO/LC_MESSAGES/archive_mail.po
 %%SQUIRRELDIR%%/locale/nn_NO/LC_MESSAGES/askuserinfo.mo
@@ -777,6 +776,8 @@
 %%SQUIRRELDIR%%/locale/nn_NO/LC_MESSAGES/multilogin.po
 %%SQUIRRELDIR%%/locale/nn_NO/LC_MESSAGES/naguser.mo
 %%SQUIRRELDIR%%/locale/nn_NO/LC_MESSAGES/naguser.po
+%%SQUIRRELDIR%%/locale/nn_NO/LC_MESSAGES/newuser_wiz.mo
+%%SQUIRRELDIR%%/locale/nn_NO/LC_MESSAGES/newuser_wiz.po
 %%SQUIRRELDIR%%/locale/nn_NO/LC_MESSAGES/proon.mo
 %%SQUIRRELDIR%%/locale/nn_NO/LC_MESSAGES/proon.po
 %%SQUIRRELDIR%%/locale/nn_NO/LC_MESSAGES/qmailadmin_login.mo
@@ -1027,7 +1028,6 @@
 %%SQUIRRELDIR%%/plugins/mail_fetch/index.php
 %%SQUIRRELDIR%%/plugins/mail_fetch/options.php
 %%SQUIRRELDIR%%/plugins/mail_fetch/setup.php
-%%SQUIRRELDIR%%/plugins/make_archive.pl
 %%SQUIRRELDIR%%/plugins/message_details/index.php
 %%SQUIRRELDIR%%/plugins/message_details/message_details_bottom.php
 %%SQUIRRELDIR%%/plugins/message_details/message_details_main.php
@@ -1313,7 +1313,6 @@
 @dirrm %%SQUIRRELDIR%%/images
 @dirrm %%SQUIRRELDIR%%/help/zh_CN
 @dirrm %%SQUIRRELDIR%%/help/uk_UA
-@dirrm %%SQUIRRELDIR%%/help/th_TH
 @dirrm %%SQUIRRELDIR%%/help/sv_SE
 @dirrm %%SQUIRRELDIR%%/help/sr_YU
 @dirrm %%SQUIRRELDIR%%/help/sl_SI

>Release-Note:
>Audit-Trail:
>Unformatted: