diff options
| author | tron <tron> | 2006-06-04 12:31:31 +0000 |
|---|---|---|
| committer | tron <tron> | 2006-06-04 12:31:31 +0000 |
| commit | 4b659cfe32ebc7d3e9b66ca08fcf0a58679119b2 (patch) | |
| tree | 4882851b5c60126e6daacda1802b8a570928f2ab /mail/ja-squirrelmail | |
| parent | 38a98d9e92a125d192e01ea3a2e9910074218383 (diff) | |
| download | pkgsrc-4b659cfe32ebc7d3e9b66ca08fcf0a58679119b2.tar.gz | |
Add fix for security issue 2006-06-01 from SquirrelMail CVS repository.
Bump package revision.
Diffstat (limited to 'mail/ja-squirrelmail')
| -rw-r--r-- | mail/ja-squirrelmail/Makefile | 4 | ||||
| -rw-r--r-- | mail/ja-squirrelmail/distinfo | 3 | ||||
| -rw-r--r-- | mail/ja-squirrelmail/patches/patch-ac | 59 |
3 files changed, 63 insertions, 3 deletions
diff --git a/mail/ja-squirrelmail/Makefile b/mail/ja-squirrelmail/Makefile index 1edd25d23a7..6ae9dcac5b7 100644 --- a/mail/ja-squirrelmail/Makefile +++ b/mail/ja-squirrelmail/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.29 2006/06/02 18:27:56 joerg Exp $ +# $NetBSD: Makefile,v 1.30 2006/06/04 12:31:31 tron Exp $ DISTNAME= squirrelmail-1.4.6 PKGNAME= ja-${DISTNAME} -PKGREVISION= 2 +PKGREVISION= 3 CATEGORIES= mail www MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=squirrelmail/} EXTRACT_SUFX= .tar.bz2 diff --git a/mail/ja-squirrelmail/distinfo b/mail/ja-squirrelmail/distinfo index 6d4e4f2b5cb..aa2fe9cc254 100644 --- a/mail/ja-squirrelmail/distinfo +++ b/mail/ja-squirrelmail/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.10 2006/05/05 05:32:36 martti Exp $ +$NetBSD: distinfo,v 1.11 2006/06/04 12:31:31 tron Exp $ SHA1 (squirrelmail-1.4.6.tar.bz2) = b813aa9f736b4b6c41d1afd35bcbd01604e85cf7 RMD160 (squirrelmail-1.4.6.tar.bz2) = 3cee894b392620af3e35ef1d00e35775559dd4f7 @@ -8,3 +8,4 @@ RMD160 (squirrelmail-1.4.6-ja-20060504-patch) = 7cb0a584afaffe73176edd75886fe753 Size (squirrelmail-1.4.6-ja-20060504-patch) = 29808 bytes SHA1 (patch-aa) = c96e85a28464c414bef744f9d1398fc9dd49549a SHA1 (patch-ab) = a7648438c9764e432e5d040e8e3aebb0ab48730e +SHA1 (patch-ac) = 393579f9276169d2c765726fb1249160a270e983 diff --git a/mail/ja-squirrelmail/patches/patch-ac b/mail/ja-squirrelmail/patches/patch-ac new file mode 100644 index 00000000000..d02c29b17d7 --- /dev/null +++ b/mail/ja-squirrelmail/patches/patch-ac @@ -0,0 +1,59 @@ +$NetBSD: patch-ac,v 1.3 2006/06/04 12:31:31 tron Exp $ + +--- functions/global.php.orig 2006-02-03 22:27:47.000000000 +0000 ++++ functions/global.php 2006-06-04 13:22:14.000000000 +0100 +@@ -62,6 +62,47 @@ + sqstripslashes($_POST); + } + ++/** ++ * If register_globals are on, unregister globals. ++ * Code requires PHP 4.1.0 or newer. ++ * Second test covers boolean set as string (php_value register_globals off). ++ */ ++if ((bool) @ini_get('register_globals') && ++ strtolower(ini_get('register_globals'))!='off') { ++ /** ++ * Remove all globals from $_GET, $_POST, and $_COOKIE. ++ */ ++ foreach ($_REQUEST as $key => $value) { ++ unset($GLOBALS[$key]); ++ } ++ /** ++ * Remove globalized $_FILES variables ++ * Before 4.3.0 $_FILES are included in $_REQUEST. ++ * Unglobalize them in separate call in order to remove dependency ++ * on PHP version. ++ */ ++ foreach ($_FILES as $key => $value) { ++ unset($GLOBALS[$key]); ++ // there are three undocumented $_FILES globals. ++ unset($GLOBALS[$key.'_type']); ++ unset($GLOBALS[$key.'_name']); ++ unset($GLOBALS[$key.'_size']); ++ } ++ /** ++ * Remove globalized environment variables. ++ */ ++ foreach ($_ENV as $key => $value) { ++ unset($GLOBALS[$key]); ++ } ++ /** ++ * Remove globalized server variables. ++ */ ++ foreach ($_SERVER as $key => $value) { ++ unset($GLOBALS[$key]); ++ } ++} ++ ++ + /* strip any tags added to the url from PHP_SELF. + This fixes hand crafted url XXS expoits for any + page that uses PHP_SELF as the FORM action */ +@@ -336,4 +377,4 @@ + } + + // vim: et ts=4 +-?> +\ No newline at end of file ++?> |