MIME-Version: 1.0
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"
Date: Wed, 13 Jul 2011 19:09:18 +0000
From: "Matthias Scheler" <tron@netbsd.org>
Subject: CVS commit: [pkgsrc-2011Q2] pkgsrc/mail/squirrelmail
To: pkgsrc-changes@NetBSD.org
Reply-To: tron@netbsd.org
Message-Id: <20110713190918.523F9175DD@cvs.netbsd.org>
Sender: pkgsrc-changes-owner@NetBSD.org
Precedence: bulk

Module Name:	pkgsrc
Committed By:	tron
Date:		Wed Jul 13 19:09:17 UTC 2011

Modified Files:
	pkgsrc/mail/squirrelmail [pkgsrc-2011Q2]: MESSAGE Makefile PLIST
	    distinfo

Log Message:
Pullup ticket #3472 - requested by taca
mail/squirrelmail: security update

Revisions pulled up:
- mail/squirrelmail/MESSAGE                                     1.6
- mail/squirrelmail/Makefile                                    1.117-1.118
- mail/squirrelmail/PLIST                                       1.38
- mail/squirrelmail/distinfo                                    1.61

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Wed Jul 13 01:30:34 UTC 2011

   Modified Files:
   	pkgsrc/mail/squirrelmail: Makefile

   Log Message:
   take MAINTAINER.

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Wed Jul 13 12:22:44 UTC 2011

   Modified Files:
   	pkgsrc/mail/squirrelmail: MESSAGE Makefile PLIST distinfo

   Log Message:
   Update squirrelmail package to 1.4.22.

   Version 1.4.22 - 12 July 2011
   -----------------------------
     - Backported default timezone fix from version 1.5.2; helps mitigate
       timezone errors in environments where a default has not been set
       by the administrator.
     - Fixed system lock-ups caused by a combination of certain rare,
       malformed message headers and buggy versions of PHP mbstring
       (#3053349).
     - Now allow multiple plugins to handle (add links for) a single
       attachment MIME type.
     - Now allow administrators to disable all plugins or enable just
       a select few plugins (overriding the active plugins in the normal
       configuration) by setting $temporary_plugins as an empty array
       (all disabled) or an array with one or more plugin directory names
       in config_local.php.
     - Backport fix for call_user_func_array not supporting NULL as empty
       array in PHP 5.3.3
     - Fixed sqauth_read_password() for plugins on the login_verified hook.
     - Added SMTP SASL PLAIN authentication option to configuration tool
       (core support for such is not new).
     - Gmail doens't support standard search commands; removed sort buttons.
     - Forced addition of a file suffix to attachments that lack a filename
       (helps forwarded messages avoid spam filters) (thanks to Petr
       Kletecka) (#3139004).
     - Fixed missing security token in listcommands plugin.
     - Added smtp_auth hook (thanks to Emmanuel Dreyfus).
     - Made speed enhancements to threaded message display (thanks to Siim
       Poder) (#3288123).
     - Allow administrators to configure subfolders of user INBOXes to be
       treated as special folders by adding $subfolders_of_inbox_are_special
       to config_local.php.
     - Fixed incorrect display of INBOX subfolders under some configurations.
       IMPORTANT: You may need to update your configuration so that
       $default_sub_of_inbox is TRUE if it was FALSE (e.g., Courier IMAP users)
       and after updating to this version, your special folders are no longer
       listed at the top of your folder list.  Also, if this change prevents
       users from logging in with an error such as "ERROR: Could not complete
       request.  Query: CREATE "Trash" Reason Given: Invalid mailbox name.",
       you will need to correct the user preference values for the problem
       folders.  You can do so with commands such as the following for file-
       based preferences (adjust the data directory location as needed):
           find /var/lib/squirrelmail/data/ -name *.pref -exec sed --in-place 's/trash_folder=Trash/trash_folder=INBOX.Trash/g' {} \;
           find /var/lib/squirrelmail/data/ -name *.pref -exec sed --in-place 's/trash_folder=Drafts/trash_folder=INBOX.Drafts/g' {} \;
           find /var/lib/squirrelmail/data/ -name *.pref -exec sed --in-place 's/trash_folder=Sent/trash_folder=INBOX.Sent/g' {} \;
       Or, for database-based preferences:
           UPDATE userprefs SET prefval = 'INBOX.Trash' WHERE prefkey = 'trash_folder' AND prefval = 'Trash';
           UPDATE userprefs SET prefval = 'INBOX.Drafts' WHERE prefkey = 'draft_folder' AND prefval = 'Drafts';
           UPDATE userprefs SET prefval = 'INBOX.Sent' WHERE prefkey = 'sent_folder' AND prefval = 'Sent';
       MAKE SURE to back up your user preferences first!
     - Optimized message highlighting rules; faster message list display
       and faster highlight rules management (thanks to C. Bensend for
       extensive effort helping diagnose)
     - New Mail plugin no longer removes normal organization title when
       putting the number of new messages in the browser title
     - Added clickjacking protection (thanks to Asbjorn Thorsen and Geir
       Hansen for bringing this to our attention). [CVE-2010-4554]
     - Fixed XSS holes in generic options inputs, XSS hole in the SquirrelSpell
       plugin, XSS hole in the Index Order page, and added anti-CSRF protection
       to the empty trash feature and the Index Order page (thanks to Nicholas
       Carlini for finding all these issues). [CVE-2010-4555]
     - Fixed XSS problem with unsanitized style tags in messages. [CVE-2011-2023]


To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.5.52.1 pkgsrc/mail/squirrelmail/MESSAGE
cvs rdiff -u -r1.116 -r1.116.8.1 pkgsrc/mail/squirrelmail/Makefile
cvs rdiff -u -r1.37 -r1.37.8.1 pkgsrc/mail/squirrelmail/PLIST
cvs rdiff -u -r1.60 -r1.60.8.1 pkgsrc/mail/squirrelmail/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.