security update

Problems fixed: #32080 Specially crafted <base href> can lead to XSS exploit #32032 TextEncode related resource information not saved correctly in db file #32014 CVE-2010-1677: DoS when processing html messages with deep tag nesting #32013 CVE-2010-4524: Improper escaping of certain HTML sequences (XSS) #26577 Changed semantic for unpack breaks UTF-8 #25486 Resource FieldStore causes .mhonarc.db to grow over bounds. #25225 dir_create() fails to make temporary directories (PATCH) #24247 iso2022jp.pl: unneeded ESC ( B remains in message body #23198 Incorrect Setting Installation Directory #20142 strip backslash in rfc822 From: field #20074 extra space in subject #18908 X-Subject data get split in separate lines #18113 inconsistant thread slices w/ poor man's windowing #17904 FieldOrder affects AddressModifyCode #17860 incorrect nested HTML Tags for references #17660 Threaded index resource ordering doesn't allow well formed XML output #15433 relative attachmentdir is relative to current working dir, not outdir #14747 major (10X) memory savings possible in some situations #13853 creation of archive with attachments writes over symlinks
author: spz <spz> 2011-01-09 19:59:48 +0000
committer: spz <spz> 2011-01-09 19:59:48 +0000
commit: 02063880d78af12c9d1f8586fa08a1e248c75e25 (patch)
tree: 9d4d664c49e46331f8c8c612673ad3a103f1894c /mail
parent: 8b66018a2b15fc6848769ff67a8e56502d971323 (diff)
download: pkgsrc-02063880d78af12c9d1f8586fa08a1e248c75e25.tar.gz
4 files changed, 10 insertions, 152 deletions
diff --git a/mail/mhonarc/Makefile b/mail/mhonarc/Makefile
index 98164aeb999..f2adb5bfe5d 100644
--- a/mail/mhonarc/Makefile
+++ b/mail/mhonarc/Makefile
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.30 2011/01/05 09:45:21 spz Exp $
+# $NetBSD: Makefile,v 1.31 2011/01/09 19:59:48 spz Exp $
 
-DISTNAME=	MHonArc-2.6.16
-PKGNAME=	mhonarc-2.6.16
-PKGREVISION=	1
+DISTNAME=	MHonArc-2.6.18
+PKGNAME=	mhonarc-2.6.18
 CATEGORIES=	mail
 MASTER_SITES=	http://www.mhonarc.org/release/MHonArc/tar/
 EXTRACT_SUFX=	.tar.bz2
diff --git a/mail/mhonarc/PLIST b/mail/mhonarc/PLIST
index b6f520f97c7..3a6317ccabb 100644
--- a/mail/mhonarc/PLIST
+++ b/mail/mhonarc/PLIST
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.10 2009/06/14 18:04:37 joerg Exp $
+@comment $NetBSD: PLIST,v 1.11 2011/01/09 19:59:48 spz Exp $
 bin/mha-dbedit
 bin/mha-dbrecover
 bin/mha-decode
@@ -203,6 +203,7 @@ share/doc/mhonarc/rcfileexs/date.mrc.html
 share/doc/mhonarc/rcfileexs/def-mime.mrc.html
 share/doc/mhonarc/rcfileexs/frames.mrc.html
 share/doc/mhonarc/rcfileexs/icons.mrc.html
+share/doc/mhonarc/rcfileexs/secure.mrc.html
 share/doc/mhonarc/rcfileexs/subject.mrc.html
 share/doc/mhonarc/rcfileexs/utf-8-encode.mrc.html
 share/doc/mhonarc/rcfileexs/utf-8.mrc.html
@@ -251,6 +252,7 @@ share/doc/mhonarc/resources/fileperms.html
 share/doc/mhonarc/resources/firstpglink.html
 share/doc/mhonarc/resources/fldbeg.html
 share/doc/mhonarc/resources/fldend.html
+share/doc/mhonarc/resources/followsymlinks.html
 share/doc/mhonarc/resources/folrefs.html
 share/doc/mhonarc/resources/folupbegin.html
 share/doc/mhonarc/resources/folupend.html
diff --git a/mail/mhonarc/distinfo b/mail/mhonarc/distinfo
index b74a98d55b6..dfa0bf5c1b5 100644
--- a/mail/mhonarc/distinfo
+++ b/mail/mhonarc/distinfo
@@ -1,6 +1,5 @@
-$NetBSD: distinfo,v 1.16 2011/01/05 09:45:21 spz Exp $
+$NetBSD: distinfo,v 1.17 2011/01/09 19:59:48 spz Exp $
 
-SHA1 (MHonArc-2.6.16.tar.bz2) = 8b803a610805fe736036c3dcd2596e2e416a886b
-RMD160 (MHonArc-2.6.16.tar.bz2) = 31d6659fabdb00b4d4594eda9f5985bd5f3f33b8
-Size (MHonArc-2.6.16.tar.bz2) = 1562490 bytes
-SHA1 (patch-ab) = 588a697b7fc22a07ec8974cf7ab06bebf223b799
+SHA1 (MHonArc-2.6.18.tar.bz2) = 4990889d13cc3f4a2e1c284c55db5abb64e7072e
+RMD160 (MHonArc-2.6.18.tar.bz2) = 4cf0d8e67050cc573ef81f826938a6c096ff0e93
+Size (MHonArc-2.6.18.tar.bz2) = 1546854 bytes
diff --git a/mail/mhonarc/patches/patch-ab b/mail/mhonarc/patches/patch-ab
deleted file mode 100644
index e2bd1f91061..00000000000
--- a/mail/mhonarc/patches/patch-ab
+++ /dev/null
@@ -1,142 +0,0 @@
-$NetBSD: patch-ab,v 1.1 2011/01/05 09:45:21 spz Exp $
-
-fixes for CVE-2010-4524 and CVE-2010-1677 taken from the MHonArc cvs
-
---- lib/mhtxthtml.pl.orig	2005-05-02 00:04:39.000000000 +0000
-+++ lib/mhtxthtml.pl
-@@ -59,6 +59,11 @@ my %special_to_char = (
- ##	final filtered HTML messages.  Modification is needed so the
- ##	resulting filtered message is valid HTML.
- ##
-+##      CAUTION: Some of these options can open up a site to attacks.
-+##               The MIMEFILTERS reference page provide additional
-+##               information on the risks associated with enabling
-+##               a given option.
-+##
- ##	Arguments:
- ##
- ##	allowcomments	Preserve any comment declarations.  Normally
-@@ -90,6 +95,8 @@ my %special_to_char = (
- ##			and Content-Disposition specifies the data as
- ##			an attachment, the data is saved to a file
- ##			with a link to it from the message page.
-+##                      NOTE: This option can expose your site to
-+##                      XSS attacks.
- ##
- ##	disablerelated	Disable MHTML processing.
- ##
-@@ -100,7 +107,7 @@ my %special_to_char = (
- ##	subdir		Place derived files in a subdirectory
- ##
- 
--# DEVELOPER's NOTE:
-+# CAUTION:
- #   The script stripping code is probably not complete.  Since a
- #   whitelist model is not being used -- because full HTML parsing
- #   would be required (and possible reliance on non-standard modules) --
-@@ -112,6 +119,25 @@ sub filter {
-     my($fields, $data, $isdecode, $args) = @_;
-     $args = ''  unless defined $args;
- 
-+    # Bug-32013 (CVE-2010-4524): Invalid tags cause immediate rejection.
-+    # Bug-32014 (CVE-2010-1677): Prevents DoS if massively nested.
-+    my $allowcom = $args =~ /\ballowcomments\b/i;
-+    strip_comments($fields, $data)  unless $allowcom;
-+    if ($$data =~ /<[^>]*</) {
-+      # XXX: This will reject HTML that includes a '<' char in a
-+      #      comment declaration.  Unsure it is worth the hassle
-+      #      to deal with it.  Such scenarios would normally indicate
-+      #      hand generated HTML vs how most HTML email is generated.
-+      #      Plus, allowcomments should not be enabled, so they get
-+      #      removed above.
-+      warn qq/\n/,
-+           qq/Warning: Invalid HTML detected, rejecting\n/,
-+           qq/         Message-Id: <$mhonarc::MHAmsgid>\n/,
-+           qq/         Message Subject: /, $fields->{'x-mha-subject'}, qq/\n/,
-+           qq/         Message Number: $mhonarc::MHAmsgnum\n/;
-+      return undef;
-+    }
-+
-     ## Check if content-disposition should be checked
-     if ($args =~ /\battachcheck\b/i) {
- 	my($disp, $nameparm, $raw) =
-@@ -134,7 +160,6 @@ sub filter {
-     my $onlycid  = $args !~ /\ballownoncidurls\b/i;
-     my $subdir   = $args =~ /\bsubdir\b/i;
-     my $norelate = $args =~ /\bdisablerelated\b/i;
--    my $allowcom = $args =~ /\ballowcomments\b/i;
-     my $atdir    = $subdir ? $mhonarc::MsgPrefix.$mhonarc::MHAmsgnum : "";
-     my $tmp;
- 
-@@ -149,6 +174,7 @@ sub filter {
- 	warn qq/\n/,
- 	     qq/Warning: Unrecognized character set: $charset\n/,
- 	     qq/         Message-Id: <$mhonarc::MHAmsgid>\n/,
-+             qq/         Message Subject: /, $fields->{'x-mha-subject'}, qq/\n/,
- 	     qq/         Message Number: $mhonarc::MHAmsgnum\n/;
-     }
- 
-@@ -341,12 +367,13 @@ sub filter {
- 	$$data =~ s/\b$ahref_tmp\b/href/g;
-     }
- 
-+    ## NOTE: Comment strip moved to top.
-     ## Check comment declarations: may screw-up mhonarc processing
-     ## and avoids someone sneaking in SSIs.
--    if (!$allowcom) {
--      #$$data =~ s/<!(?:--(?:[^-]|-[^-])*--\s*)+>//go; # can crash perl
--      $$data =~ s/<!--[^-]+[#X%\$\[]*/<!--/g;  # Just mung them (faster)
--    }
-+#   if (!$allowcom) {
-+#     #$$data =~ s/<!(?:--(?:[^-]|-[^-])*--\s*)+>//go; # can crash perl
-+#     $$data =~ s/<!--[^-]+[#X%\$\[]*/<!--/g;  # Just mung them (faster)
-+#   }
- 
-     ## Prevent comment spam
-     ## <http://www.google.com/googleblog/2005/01/preventing-comment-spam.html>
-@@ -448,4 +475,45 @@ sub dehtmlize_ascii {
- 
- ##---------------------------------------------------------------------------
- 
-+sub strip_comments {
-+  my $fields = shift;    # for diagnostics
-+  my $data = shift;      # ref to text to strip
-+
-+  # We avoid using regex since it can lead to performance problems.
-+  # We also do not do full SGML-style comment declarations since it
-+  # increases parsing complexity.  Here, we just remove any
-+  # "<!-- ... -->" strings.  Although whitespace is allowed between
-+  # final "--" and ">", we do not support it.
-+  
-+  my $n = index($$data, '<!--', 0);
-+  if ($n < 0) {
-+    # Nothing to do.  Good.
-+    return $data;
-+  }
-+
-+  my $ret = '';
-+  while ($n >= 0) {
-+    $ret .= substr($$data, 0, $n);
-+    substr($$data, 0, $n) = '';
-+    $n = index($$data, '-->', 0);
-+    if ($n < 0) {
-+      # No end to comment declaration: Warn and strip rest of data.
-+      warn qq/\n/,
-+           qq/Warning: HTML comment declaration not terminated.\n/,
-+           qq/         Message-Id: <$mhonarc::MHAmsgid>\n/,
-+           qq/         Message Subject: /, $fields->{'x-mha-subject'}, qq/\n/,
-+           qq/         Message Number: $mhonarc::MHAmsgnum\n/;
-+      $$data = '';
-+      last;
-+    }
-+    substr($$data, 0, $n+3) = '';
-+    $n = index($$data, '<!--', 0);
-+  }
-+  $ret .= $$data;
-+  $$data = $ret;
-+  $data;
-+}
-+
-+##---------------------------------------------------------------------------
-+
- 1;
author	spz <spz>	2011-01-09 19:59:48 +0000
committer	spz <spz>	2011-01-09 19:59:48 +0000
commit	02063880d78af12c9d1f8586fa08a1e248c75e25 (patch)
tree	9d4d664c49e46331f8c8c612673ad3a103f1894c /mail
parent	8b66018a2b15fc6848769ff67a8e56502d971323 (diff)
download	pkgsrc-02063880d78af12c9d1f8586fa08a1e248c75e25.tar.gz