diff options
author | adrianp <adrianp@pkgsrc.org> | 2005-09-11 19:58:46 +0000 |
---|---|---|
committer | adrianp <adrianp@pkgsrc.org> | 2005-09-11 19:58:46 +0000 |
commit | 66f2bc5604b13ab7ddc73717fe01b3abae4e53a5 (patch) | |
tree | 01d66db2a8f7b4430e8db062f5b9ebd8bc5ce899 /mail/sqwebmail | |
parent | c55c82964e68b538379047875284f489e19b542f (diff) | |
download | pkgsrc-66f2bc5604b13ab7ddc73717fe01b3abae4e53a5.tar.gz |
Fix for security issue: http://secunia.com/advisories/16704/
Bump to nb2
Diffstat (limited to 'mail/sqwebmail')
-rw-r--r-- | mail/sqwebmail/Makefile | 4 | ||||
-rw-r--r-- | mail/sqwebmail/distinfo | 4 | ||||
-rw-r--r-- | mail/sqwebmail/patches/patch-al | 86 |
3 files changed, 85 insertions, 9 deletions
diff --git a/mail/sqwebmail/Makefile b/mail/sqwebmail/Makefile index d3e96aef528..a0ebff4176d 100644 --- a/mail/sqwebmail/Makefile +++ b/mail/sqwebmail/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.37 2005/08/29 15:53:24 adrianp Exp $ +# $NetBSD: Makefile,v 1.38 2005/09/11 19:58:46 adrianp Exp $ DISTNAME= sqwebmail-5.0.4 -PKGREVISION= 1 +PKGREVISION= 2 PKGBASE= ${DISTNAME:C/-[^-]*$//} CATEGORIES= mail www MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=courier/} diff --git a/mail/sqwebmail/distinfo b/mail/sqwebmail/distinfo index 3e0be0978b2..3afbe83d7a6 100644 --- a/mail/sqwebmail/distinfo +++ b/mail/sqwebmail/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.9 2005/08/29 15:53:24 adrianp Exp $ +$NetBSD: distinfo,v 1.10 2005/09/11 19:58:46 adrianp Exp $ SHA1 (sqwebmail-5.0.4.tar.bz2) = a796d3a72df2acdf5e37ba41db79d376ee4c5f29 RMD160 (sqwebmail-5.0.4.tar.bz2) = 83377afd274f008cae7fb133577d6b2c6ec62ce5 @@ -9,4 +9,4 @@ SHA1 (patch-ah) = 8624f6bc7453ee2544a18e0bd1d7d2e0044c083f SHA1 (patch-ai) = def2f4d30bf5f15ea78f401f3c4ca2f2ec8c0ad2 SHA1 (patch-aj) = d2164d3fad61f63062f88e489f4be7f1ff6bdea2 SHA1 (patch-ak) = 78df6763a16aa9dbed96fbd02ff9ccf95b772a55 -SHA1 (patch-al) = f7fe75105acfb6a2158d9344cb131f536dd573cc +SHA1 (patch-al) = 062bb6c25f4ded2499859969e8ab217540f401a0 diff --git a/mail/sqwebmail/patches/patch-al b/mail/sqwebmail/patches/patch-al index b8bbe072016..e0ebfd31b58 100644 --- a/mail/sqwebmail/patches/patch-al +++ b/mail/sqwebmail/patches/patch-al @@ -1,8 +1,6 @@ -$NetBSD: patch-al,v 1.1 2005/08/29 15:53:24 adrianp Exp $ - --- sqwebmail/html.c.orig 2003-10-06 01:16:13.000000000 +0100 -+++ sqwebmail/html.c -@@ -187,9 +187,16 @@ char *p; ++++ sqwebmail/html.c 2005-09-05 18:05:59.000000000 +0100 +@@ -187,9 +187,16 @@ if (tai) ++tai->tagvaluelen; } if (*p) p++; @@ -19,7 +17,7 @@ $NetBSD: patch-al,v 1.1 2005/08/29 15:53:24 adrianp Exp $ if (tai) { tai->tagvalue=p; -@@ -222,6 +229,31 @@ static void parsetagbuf() +@@ -222,6 +229,31 @@ while ((p=strchr(tagbuf, '<')) != NULL) *p=' '; @@ -51,3 +49,81 @@ $NetBSD: patch-al,v 1.1 2005/08/29 15:53:24 adrianp Exp $ tagattrlen=parseattr(0); if ( tagattrlen > tagattrsize) { +@@ -285,7 +317,9 @@ + incomment, /* <!--, in a comment, have not seen any + dashes */ + incommentseendash, /* In a comment, seen - */ +- incommentseendashdash /* In a comment, seen -- */ ++ incommentseendashdash, /* In a comment, seen -- */ ++ ++ skiptag /* Ignore <!tag> */ + } ; + + static enum htmlstate cur_state; +@@ -385,7 +419,7 @@ + case intag: + /* We're in a tag (not a <!-- comment) + collect the contents in tagbuf, until > is seen */ +-do_intag: ++ + cur_state=intag; + if (p[l] == '>') + { +@@ -397,9 +431,21 @@ + addtagbuf(p[l]); + continue; + ++ case skiptag: ++ if (p[l] == '>') ++ { ++ start=l+1; ++ cur_state=intext; ++ } ++ continue; + case seenltbang: + /* We have <!. If - is not here, this is a SGML tag */ +- if (p[l] != '-') goto do_intag; ++ if (p[l] != '-') ++ { ++ cur_state=skiptag; ++ continue; ++ } ++ + addtagbuf(p[l]); + cur_state=seenltbangdash; + continue; +@@ -410,9 +456,12 @@ + otherweise we're in a comment, which we can pass + along */ + +- if (p[l] != '-') goto do_intag; +- if (!skipping()) +- (*htmlfiltered_func)("<!--", 4); ++ if (p[l] != '-') ++ { ++ cur_state=skiptag; ++ continue; ++ } ++ + start=l+1; + cur_state=incomment; + continue; +@@ -433,8 +482,6 @@ + cur_state=incomment; + continue; + } +- if (!skipping()) +- (*htmlfiltered_func)(p+start, l+1-start); + cur_state=intext; + start=l+1; + continue; +@@ -446,9 +493,6 @@ + + switch (cur_state) { + case intext: +- case incomment: +- case incommentseendash: +- case incommentseendashdash: + if (!skipping()) + (*htmlfiltered_func)(p+start, l-start); + default: |