summaryrefslogtreecommitdiff
path: root/mail/sqwebmail
diff options
context:
space:
mode:
authoradrianp <adrianp@pkgsrc.org>2005-09-11 19:58:46 +0000
committeradrianp <adrianp@pkgsrc.org>2005-09-11 19:58:46 +0000
commit66f2bc5604b13ab7ddc73717fe01b3abae4e53a5 (patch)
tree01d66db2a8f7b4430e8db062f5b9ebd8bc5ce899 /mail/sqwebmail
parentc55c82964e68b538379047875284f489e19b542f (diff)
downloadpkgsrc-66f2bc5604b13ab7ddc73717fe01b3abae4e53a5.tar.gz
Fix for security issue: http://secunia.com/advisories/16704/
Bump to nb2
Diffstat (limited to 'mail/sqwebmail')
-rw-r--r--mail/sqwebmail/Makefile4
-rw-r--r--mail/sqwebmail/distinfo4
-rw-r--r--mail/sqwebmail/patches/patch-al86
3 files changed, 85 insertions, 9 deletions
diff --git a/mail/sqwebmail/Makefile b/mail/sqwebmail/Makefile
index d3e96aef528..a0ebff4176d 100644
--- a/mail/sqwebmail/Makefile
+++ b/mail/sqwebmail/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.37 2005/08/29 15:53:24 adrianp Exp $
+# $NetBSD: Makefile,v 1.38 2005/09/11 19:58:46 adrianp Exp $
DISTNAME= sqwebmail-5.0.4
-PKGREVISION= 1
+PKGREVISION= 2
PKGBASE= ${DISTNAME:C/-[^-]*$//}
CATEGORIES= mail www
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=courier/}
diff --git a/mail/sqwebmail/distinfo b/mail/sqwebmail/distinfo
index 3e0be0978b2..3afbe83d7a6 100644
--- a/mail/sqwebmail/distinfo
+++ b/mail/sqwebmail/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.9 2005/08/29 15:53:24 adrianp Exp $
+$NetBSD: distinfo,v 1.10 2005/09/11 19:58:46 adrianp Exp $
SHA1 (sqwebmail-5.0.4.tar.bz2) = a796d3a72df2acdf5e37ba41db79d376ee4c5f29
RMD160 (sqwebmail-5.0.4.tar.bz2) = 83377afd274f008cae7fb133577d6b2c6ec62ce5
@@ -9,4 +9,4 @@ SHA1 (patch-ah) = 8624f6bc7453ee2544a18e0bd1d7d2e0044c083f
SHA1 (patch-ai) = def2f4d30bf5f15ea78f401f3c4ca2f2ec8c0ad2
SHA1 (patch-aj) = d2164d3fad61f63062f88e489f4be7f1ff6bdea2
SHA1 (patch-ak) = 78df6763a16aa9dbed96fbd02ff9ccf95b772a55
-SHA1 (patch-al) = f7fe75105acfb6a2158d9344cb131f536dd573cc
+SHA1 (patch-al) = 062bb6c25f4ded2499859969e8ab217540f401a0
diff --git a/mail/sqwebmail/patches/patch-al b/mail/sqwebmail/patches/patch-al
index b8bbe072016..e0ebfd31b58 100644
--- a/mail/sqwebmail/patches/patch-al
+++ b/mail/sqwebmail/patches/patch-al
@@ -1,8 +1,6 @@
-$NetBSD: patch-al,v 1.1 2005/08/29 15:53:24 adrianp Exp $
-
--- sqwebmail/html.c.orig 2003-10-06 01:16:13.000000000 +0100
-+++ sqwebmail/html.c
-@@ -187,9 +187,16 @@ char *p;
++++ sqwebmail/html.c 2005-09-05 18:05:59.000000000 +0100
+@@ -187,9 +187,16 @@
if (tai) ++tai->tagvaluelen;
}
if (*p) p++;
@@ -19,7 +17,7 @@ $NetBSD: patch-al,v 1.1 2005/08/29 15:53:24 adrianp Exp $
if (tai)
{
tai->tagvalue=p;
-@@ -222,6 +229,31 @@ static void parsetagbuf()
+@@ -222,6 +229,31 @@
while ((p=strchr(tagbuf, '<')) != NULL)
*p=' ';
@@ -51,3 +49,81 @@ $NetBSD: patch-al,v 1.1 2005/08/29 15:53:24 adrianp Exp $
tagattrlen=parseattr(0);
if ( tagattrlen > tagattrsize)
{
+@@ -285,7 +317,9 @@
+ incomment, /* <!--, in a comment, have not seen any
+ dashes */
+ incommentseendash, /* In a comment, seen - */
+- incommentseendashdash /* In a comment, seen -- */
++ incommentseendashdash, /* In a comment, seen -- */
++
++ skiptag /* Ignore <!tag> */
+ } ;
+
+ static enum htmlstate cur_state;
+@@ -385,7 +419,7 @@
+ case intag:
+ /* We're in a tag (not a <!-- comment)
+ collect the contents in tagbuf, until > is seen */
+-do_intag:
++
+ cur_state=intag;
+ if (p[l] == '>')
+ {
+@@ -397,9 +431,21 @@
+ addtagbuf(p[l]);
+ continue;
+
++ case skiptag:
++ if (p[l] == '>')
++ {
++ start=l+1;
++ cur_state=intext;
++ }
++ continue;
+ case seenltbang:
+ /* We have <!. If - is not here, this is a SGML tag */
+- if (p[l] != '-') goto do_intag;
++ if (p[l] != '-')
++ {
++ cur_state=skiptag;
++ continue;
++ }
++
+ addtagbuf(p[l]);
+ cur_state=seenltbangdash;
+ continue;
+@@ -410,9 +456,12 @@
+ otherweise we're in a comment, which we can pass
+ along */
+
+- if (p[l] != '-') goto do_intag;
+- if (!skipping())
+- (*htmlfiltered_func)("<!--", 4);
++ if (p[l] != '-')
++ {
++ cur_state=skiptag;
++ continue;
++ }
++
+ start=l+1;
+ cur_state=incomment;
+ continue;
+@@ -433,8 +482,6 @@
+ cur_state=incomment;
+ continue;
+ }
+- if (!skipping())
+- (*htmlfiltered_func)(p+start, l+1-start);
+ cur_state=intext;
+ start=l+1;
+ continue;
+@@ -446,9 +493,6 @@
+
+ switch (cur_state) {
+ case intext:
+- case incomment:
+- case incommentseendash:
+- case incommentseendashdash:
+ if (!skipping())
+ (*htmlfiltered_func)(p+start, l-start);
+ default: