Site Navigation

Date:      Wed, 09 May 2007 16:59:41 +0100
From:      Simon Dick <simond@irrelevant.org>
To:        FreeBSD-gnats-submit@FreeBSD.org
Cc:        sec-team@FreeBSD.org
Subject:   ports/112548: [security] Maintainer port update: mail/squirrelmail
Message-ID:  <E1HloZp-000LhQ-4D@amd64.irrelevant.org>
Resent-Message-ID: <200705091630.l49GU6qE044017@freefall.freebsd.org>

---

next in thread | raw e-mail | index | archive | help

---

>Number:         112548
>Category:       ports
>Synopsis:       [security] Maintainer port update: mail/squirrelmail
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Wed May 09 16:30:05 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator:     Simon Dick
>Release:        FreeBSD 6.2-RELEASE amd64
>Organization:
>Environment:
System: FreeBSD amd64.irrelevant.org 6.2-RELEASE FreeBSD 6.2-RELEASE #1: Mon Jan 15 14:08:24 GMT 2007 root@amd64.irrelevant.org:/usr/obj/usr/src/sys/GENERIC amd64


	
>Description:

Update port to 1.4.10:
- Some security fixes (see below)
- Small enhancements
- A collection of bugfixes and stability enhancements

The security issues are described in CVE-2007-1262

>How-To-Repeat:
	
>Fix:

diff -ruN /usr/ports/mail/squirrelmail/Makefile squirrelmail/Makefile
--- /usr/ports/mail/squirrelmail/Makefile	Tue Dec  5 18:29:03 2006
+++ squirrelmail/Makefile	Wed May  9 16:46:43 2007
@@ -6,12 +6,12 @@
 #
 
 PORTNAME=	squirrelmail
-PORTVERSION=	1.4.9a
+PORTVERSION=	1.4.10
 CATEGORIES=	mail www
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
 MASTER_SITE_SUBDIR=	${PORTNAME}
 DISTFILES=	${DISTNAME}${EXTRACT_SUFX} \
-		all_locales-1.4.8-20060903${EXTRACT_SUFX}
+		all_locales-1.4.9-20070106${EXTRACT_SUFX}
 DIST_SUBDIR=	${PORTNAME}
 
 MAINTAINER=	simond@irrelevant.org
diff -ruN /usr/ports/mail/squirrelmail/distinfo squirrelmail/distinfo
--- /usr/ports/mail/squirrelmail/distinfo	Tue Dec  5 18:29:03 2006
+++ squirrelmail/distinfo	Wed May  9 16:47:11 2007
@@ -1,6 +1,6 @@
-MD5 (squirrelmail/squirrelmail-1.4.9a.tar.bz2) = 3adf66bfe2e816ba8375cf811d8ef3f6
-SHA256 (squirrelmail/squirrelmail-1.4.9a.tar.bz2) = 0a33ef186ff898017f788f5a6783d3303a879ea4e20ccfc6e124ad38d9954f95
-SIZE (squirrelmail/squirrelmail-1.4.9a.tar.bz2) = 481601
-MD5 (squirrelmail/all_locales-1.4.8-20060903.tar.bz2) = f8a042fd6b3ea68a3da49c3398224205
-SHA256 (squirrelmail/all_locales-1.4.8-20060903.tar.bz2) = 24fd4af596eb20fe0b0c1e42e45142ed048cea98b141e4e2c98b367fdc5d76e7
-SIZE (squirrelmail/all_locales-1.4.8-20060903.tar.bz2) = 2668940
+MD5 (squirrelmail/squirrelmail-1.4.10.tar.bz2) = 6e3ab93e8c3854ba84a03df256ed0f7d
+SHA256 (squirrelmail/squirrelmail-1.4.10.tar.bz2) = d2328bebb3e863025d61222cbc40f4263dfdefcb22e500ed501462a05d7df4be
+SIZE (squirrelmail/squirrelmail-1.4.10.tar.bz2) = 484389
+MD5 (squirrelmail/all_locales-1.4.9-20070106.tar.bz2) = eaa0e8835b8d7d451500aad907c22e24
+SHA256 (squirrelmail/all_locales-1.4.9-20070106.tar.bz2) = 04ad3e37042deb8c5668946c3364cd53d9c30b2486f24deee4d71c05fa584423
+SIZE (squirrelmail/all_locales-1.4.9-20070106.tar.bz2) = 2699569
diff -ruN /usr/ports/mail/squirrelmail/files/patch-config-config_default.php squirrelmail/files/patch-config-config_default.php
--- /usr/ports/mail/squirrelmail/files/patch-config-config_default.php	Wed Jun  2 20:37:29 2004
+++ squirrelmail/files/patch-config-config_default.php	Wed May  9 16:50:11 2007
@@ -1,19 +1,19 @@
---- config/config_default.php.orig	Wed Jun  2 10:49:41 2004
-+++ config/config_default.php	Wed Jun  2 10:50:21 2004
-@@ -442,7 +442,7 @@
-  *   $data_dir = SM_PATH . 'data/';
+--- config/config_default.php.orig	Wed May  9 16:48:26 2007
++++ config/config_default.php	Wed May  9 16:49:20 2007
+@@ -464,7 +464,7 @@
+  *
   * @global string $data_dir
   */
--$data_dir = SM_PATH . 'data/';
+-$data_dir = '/var/local/squirrelmail/data/';
 +$data_dir = '/var/spool/squirrelmail/pref/';
  
  /**
   * Attachments directory
-@@ -460,7 +460,7 @@
+@@ -482,7 +482,7 @@
   *    + It should probably be another directory than data_dir.
   * @global string $attachment_dir
   */
--$attachment_dir = $data_dir;
+-$attachment_dir = '/var/local/squirrelmail/attach/';
 +$attachment_dir = '/var/spool/squirrelmail/attach/';
  
  /**
diff -ruN /usr/ports/mail/squirrelmail/pkg-plist squirrelmail/pkg-plist
--- /usr/ports/mail/squirrelmail/pkg-plist	Tue Dec  5 18:29:03 2006
+++ squirrelmail/pkg-plist	Wed May  9 16:55:41 2007
@@ -427,6 +427,8 @@
 %%SQUIRRELDIR%%/locale/cs_CZ/LC_MESSAGES/squirrelmail.po
 %%SQUIRRELDIR%%/locale/cs_CZ/LC_MESSAGES/vacation_local.mo
 %%SQUIRRELDIR%%/locale/cs_CZ/LC_MESSAGES/vacation_local.po
+%%SQUIRRELDIR%%/locale/cs_CZ/LC_MESSAGES/vkeyboard.po
+%%SQUIRRELDIR%%/locale/cs_CZ/LC_MESSAGES/vkeyboard.mo
 %%SQUIRRELDIR%%/locale/cs_CZ/LC_MESSAGES/yelp.mo
 %%SQUIRRELDIR%%/locale/cs_CZ/LC_MESSAGES/yelp.po
 %%SQUIRRELDIR%%/locale/cs_CZ/setup.php
@@ -505,6 +507,8 @@
 %%SQUIRRELDIR%%/locale/es_ES/LC_MESSAGES/squirrelmail.po
 %%SQUIRRELDIR%%/locale/es_ES/LC_MESSAGES/unsafe_image_rules.mo
 %%SQUIRRELDIR%%/locale/es_ES/LC_MESSAGES/unsafe_image_rules.po
+%%SQUIRRELDIR%%/locale/es_ES/LC_MESSAGES/vkeyboard.po
+%%SQUIRRELDIR%%/locale/es_ES/LC_MESSAGES/vkeyboard.mo
 %%SQUIRRELDIR%%/locale/es_ES/setup.php
 %%SQUIRRELDIR%%/locale/et_EE/LC_MESSAGES/squirrelmail.mo
 %%SQUIRRELDIR%%/locale/et_EE/LC_MESSAGES/squirrelmail.po
@@ -549,6 +553,8 @@
 %%SQUIRRELDIR%%/locale/fr_FR/LC_MESSAGES/squirrelmail.po
 %%SQUIRRELDIR%%/locale/fr_FR/LC_MESSAGES/vacation_local.mo
 %%SQUIRRELDIR%%/locale/fr_FR/LC_MESSAGES/vacation_local.po
+%%SQUIRRELDIR%%/locale/fr_FR/LC_MESSAGES/vkeyboard.po
+%%SQUIRRELDIR%%/locale/fr_FR/LC_MESSAGES/vkeyboard.mo
 %%SQUIRRELDIR%%/locale/fr_FR/LC_MESSAGES/yelp.mo
 %%SQUIRRELDIR%%/locale/fr_FR/LC_MESSAGES/yelp.po
 %%SQUIRRELDIR%%/locale/fr_FR/setup.php
@@ -680,6 +686,8 @@
 %%SQUIRRELDIR%%/locale/lt_LT/LC_MESSAGES/naguser.po
 %%SQUIRRELDIR%%/locale/lt_LT/LC_MESSAGES/newuser_wiz.mo
 %%SQUIRRELDIR%%/locale/lt_LT/LC_MESSAGES/newuser_wiz.po
+%%SQUIRRELDIR%%/locale/lt_LT/LC_MESSAGES/proon.mo
+%%SQUIRRELDIR%%/locale/lt_LT/LC_MESSAGES/proon.po
 %%SQUIRRELDIR%%/locale/lt_LT/LC_MESSAGES/qmailadmin_login.mo
 %%SQUIRRELDIR%%/locale/lt_LT/LC_MESSAGES/qmailadmin_login.po
 %%SQUIRRELDIR%%/locale/lt_LT/LC_MESSAGES/reply_buttons.mo
@@ -710,6 +718,8 @@
 %%SQUIRRELDIR%%/locale/lt_LT/LC_MESSAGES/vacation_local.po
 %%SQUIRRELDIR%%/locale/lt_LT/LC_MESSAGES/verify_reply_to.mo
 %%SQUIRRELDIR%%/locale/lt_LT/LC_MESSAGES/verify_reply_to.po
+%%SQUIRRELDIR%%/locale/lt_LT/LC_MESSAGES/vkeyboard.mo
+%%SQUIRRELDIR%%/locale/lt_LT/LC_MESSAGES/vkeyboard.po
 %%SQUIRRELDIR%%/locale/lt_LT/LC_MESSAGES/web_search.mo
 %%SQUIRRELDIR%%/locale/lt_LT/LC_MESSAGES/web_search.po
 %%SQUIRRELDIR%%/locale/lt_LT/LC_MESSAGES/yelp.mo
@@ -731,6 +741,8 @@
 %%SQUIRRELDIR%%/locale/nl_NL/LC_MESSAGES/squirrelmail.po
 %%SQUIRRELDIR%%/locale/nl_NL/LC_MESSAGES/vacation_local.mo
 %%SQUIRRELDIR%%/locale/nl_NL/LC_MESSAGES/vacation_local.po
+%%SQUIRRELDIR%%/locale/nl_NL/LC_MESSAGES/vkeyboard.po
+%%SQUIRRELDIR%%/locale/nl_NL/LC_MESSAGES/vkeyboard.mo
 %%SQUIRRELDIR%%/locale/nl_NL/setup.php
 %%SQUIRRELDIR%%/locale/nn_NO/LC_MESSAGES/abook_import_export.mo
 %%SQUIRRELDIR%%/locale/nn_NO/LC_MESSAGES/abook_import_export.po
@@ -810,6 +822,8 @@
 %%SQUIRRELDIR%%/locale/nn_NO/LC_MESSAGES/vacation_local.po
 %%SQUIRRELDIR%%/locale/nn_NO/LC_MESSAGES/verify_reply_to.mo
 %%SQUIRRELDIR%%/locale/nn_NO/LC_MESSAGES/verify_reply_to.po
+%%SQUIRRELDIR%%/locale/nn_NO/LC_MESSAGES/vkeyboard.po
+%%SQUIRRELDIR%%/locale/nn_NO/LC_MESSAGES/vkeyboard.mo
 %%SQUIRRELDIR%%/locale/nn_NO/LC_MESSAGES/web_search.mo
 %%SQUIRRELDIR%%/locale/nn_NO/LC_MESSAGES/web_search.po
 %%SQUIRRELDIR%%/locale/nn_NO/LC_MESSAGES/yelp.mo
@@ -826,6 +840,8 @@
 %%SQUIRRELDIR%%/locale/pt_BR/LC_MESSAGES/squirrelmail.po
 %%SQUIRRELDIR%%/locale/pt_BR/LC_MESSAGES/unsafe_image_rules.mo
 %%SQUIRRELDIR%%/locale/pt_BR/LC_MESSAGES/unsafe_image_rules.po
+%%SQUIRRELDIR%%/locale/pt_BR/LC_MESSAGES/vkeyboard.po
+%%SQUIRRELDIR%%/locale/pt_BR/LC_MESSAGES/vkeyboard.mo
 %%SQUIRRELDIR%%/locale/pt_BR/setup.php
 %%SQUIRRELDIR%%/locale/pt_PT/LC_MESSAGES/askuserinfo.mo
 %%SQUIRRELDIR%%/locale/pt_PT/LC_MESSAGES/askuserinfo.po
@@ -969,6 +985,8 @@
 %%SQUIRRELDIR%%/locale/uk_UA/LC_MESSAGES/templates.po
 %%SQUIRRELDIR%%/locale/uk_UA/LC_MESSAGES/vacation_local.mo
 %%SQUIRRELDIR%%/locale/uk_UA/LC_MESSAGES/vacation_local.po
+%%SQUIRRELDIR%%/locale/uk_UA/LC_MESSAGES/vkeyboard.po
+%%SQUIRRELDIR%%/locale/uk_UA/LC_MESSAGES/vkeyboard.mo
 %%SQUIRRELDIR%%/locale/uk_UA/LC_MESSAGES/web_search.mo
 %%SQUIRRELDIR%%/locale/uk_UA/LC_MESSAGES/web_search.po
 %%SQUIRRELDIR%%/locale/uk_UA/LC_MESSAGES/yelp.mo
>Release-Note:
>Audit-Trail:
>Unformatted:

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E1HloZp-000LhQ-4D>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact