Fix for security issue: http://secunia.com/advisories/16704/

Bump to nb2
author: adrianp <adrianp> 2005-09-11 19:58:46 +0000
committer: adrianp <adrianp> 2005-09-11 19:58:46 +0000
commit: b405a71043102f98ad353d0c98777def6170a9f5 (patch)
tree: 01d66db2a8f7b4430e8db062f5b9ebd8bc5ce899 /mail
parent: cd53464b5b780ce18eee80df5b73a34f05a8b24b (diff)
download: pkgsrc-b405a71043102f98ad353d0c98777def6170a9f5.tar.gz
3 files changed, 85 insertions, 9 deletions
diff --git a/mail/sqwebmail/Makefile b/mail/sqwebmail/Makefile
index d3e96aef528..a0ebff4176d 100644
--- a/mail/sqwebmail/Makefile
+++ b/mail/sqwebmail/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.37 2005/08/29 15:53:24 adrianp Exp $
+# $NetBSD: Makefile,v 1.38 2005/09/11 19:58:46 adrianp Exp $
 
 DISTNAME=	sqwebmail-5.0.4
-PKGREVISION=	1
+PKGREVISION=	2
 PKGBASE=	${DISTNAME:C/-[^-]*$//}
 CATEGORIES=	mail www
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE:=courier/}
diff --git a/mail/sqwebmail/distinfo b/mail/sqwebmail/distinfo
index 3e0be0978b2..3afbe83d7a6 100644
--- a/mail/sqwebmail/distinfo
+++ b/mail/sqwebmail/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.9 2005/08/29 15:53:24 adrianp Exp $
+$NetBSD: distinfo,v 1.10 2005/09/11 19:58:46 adrianp Exp $
 
 SHA1 (sqwebmail-5.0.4.tar.bz2) = a796d3a72df2acdf5e37ba41db79d376ee4c5f29
 RMD160 (sqwebmail-5.0.4.tar.bz2) = 83377afd274f008cae7fb133577d6b2c6ec62ce5
@@ -9,4 +9,4 @@ SHA1 (patch-ah) = 8624f6bc7453ee2544a18e0bd1d7d2e0044c083f
 SHA1 (patch-ai) = def2f4d30bf5f15ea78f401f3c4ca2f2ec8c0ad2
 SHA1 (patch-aj) = d2164d3fad61f63062f88e489f4be7f1ff6bdea2
 SHA1 (patch-ak) = 78df6763a16aa9dbed96fbd02ff9ccf95b772a55
-SHA1 (patch-al) = f7fe75105acfb6a2158d9344cb131f536dd573cc
+SHA1 (patch-al) = 062bb6c25f4ded2499859969e8ab217540f401a0
diff --git a/mail/sqwebmail/patches/patch-al b/mail/sqwebmail/patches/patch-al
index b8bbe072016..e0ebfd31b58 100644
--- a/mail/sqwebmail/patches/patch-al
+++ b/mail/sqwebmail/patches/patch-al
@@ -1,8 +1,6 @@
-$NetBSD: patch-al,v 1.1 2005/08/29 15:53:24 adrianp Exp $
-
 --- sqwebmail/html.c.orig	2003-10-06 01:16:13.000000000 +0100
-+++ sqwebmail/html.c
-@@ -187,9 +187,16 @@ char *p;
++++ sqwebmail/html.c	2005-09-05 18:05:59.000000000 +0100
+@@ -187,9 +187,16 @@
  					if (tai)	++tai->tagvaluelen;
  				}
  				if (*p)	p++;
@@ -19,7 +17,7 @@ $NetBSD: patch-al,v 1.1 2005/08/29 15:53:24 adrianp Exp $
  				if (tai)
  				{
  					tai->tagvalue=p;
-@@ -222,6 +229,31 @@ static void parsetagbuf()
+@@ -222,6 +229,31 @@
  	while ((p=strchr(tagbuf, '<')) != NULL)
  		*p=' ';
  
@@ -51,3 +49,81 @@ $NetBSD: patch-al,v 1.1 2005/08/29 15:53:24 adrianp Exp $
          tagattrlen=parseattr(0);
          if ( tagattrlen > tagattrsize)
          {
+@@ -285,7 +317,9 @@
+ 	incomment,		/* <!--, in a comment, have not seen any
+ 				dashes */
+ 	incommentseendash,	/* In a comment, seen - */
+-	incommentseendashdash	/* In a comment, seen -- */
++	incommentseendashdash,	/* In a comment, seen -- */
++
++	skiptag			/* Ignore <!tag> */
+ 	} ;
+ 
+ static enum htmlstate cur_state;
+@@ -385,7 +419,7 @@
+ 		case intag:
+ 			/* We're in a tag (not a <!-- comment)
+ 			collect the contents in tagbuf, until > is seen */
+-do_intag:
++
+ 			cur_state=intag;
+ 			if (p[l] == '>')
+ 			{
+@@ -397,9 +431,21 @@
+ 			addtagbuf(p[l]);
+ 			continue;
+ 
++		case skiptag:
++			if (p[l] == '>')
++			{
++				start=l+1;
++				cur_state=intext;
++			}
++			continue;
+ 		case seenltbang:
+ 			/* We have <!.  If - is not here, this is a SGML tag */
+-			if (p[l] != '-')	goto do_intag;
++			if (p[l] != '-')
++			{
++				cur_state=skiptag;
++				continue;
++			}
++
+ 			addtagbuf(p[l]);
+ 			cur_state=seenltbangdash;
+ 			continue;
+@@ -410,9 +456,12 @@
+ 			otherweise we're in a comment, which we can pass
+ 			along */
+ 
+-			if (p[l] != '-')	goto do_intag;
+-			if (!skipping())
+-				(*htmlfiltered_func)("<!--", 4);
++			if (p[l] != '-')
++			{
++				cur_state=skiptag;
++				continue;
++			}
++
+ 			start=l+1;
+ 			cur_state=incomment;
+ 			continue;
+@@ -433,8 +482,6 @@
+ 				cur_state=incomment;
+ 				continue;
+ 			}
+-			if (!skipping())
+-				(*htmlfiltered_func)(p+start, l+1-start);
+ 			cur_state=intext;
+ 			start=l+1;
+ 			continue;
+@@ -446,9 +493,6 @@
+ 
+ 	switch (cur_state)	{
+ 	case intext:
+-	case incomment:
+-	case incommentseendash:
+-	case incommentseendashdash:
+ 		if (!skipping())
+ 			(*htmlfiltered_func)(p+start, l-start);
+ 	default:
author	adrianp <adrianp>	2005-09-11 19:58:46 +0000
committer	adrianp <adrianp>	2005-09-11 19:58:46 +0000
commit	b405a71043102f98ad353d0c98777def6170a9f5 (patch)
tree	01d66db2a8f7b4430e8db062f5b9ebd8bc5ce899 /mail
parent	cd53464b5b780ce18eee80df5b73a34f05a8b24b (diff)
download	pkgsrc-b405a71043102f98ad353d0c98777def6170a9f5.tar.gz