summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--mail/squirrelmail/Makefile5
-rw-r--r--mail/squirrelmail/PLIST3
-rw-r--r--mail/squirrelmail/distinfo10
-rw-r--r--mail/squirrelmail/patches/patch-class_deliver_Deliver__SendMail.class.php23
4 files changed, 9 insertions, 32 deletions
diff --git a/mail/squirrelmail/Makefile b/mail/squirrelmail/Makefile
index bcf13f75d3a..00ee2445863 100644
--- a/mail/squirrelmail/Makefile
+++ b/mail/squirrelmail/Makefile
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.132 2017/04/19 17:10:18 maya Exp $
+# $NetBSD: Makefile,v 1.133 2017/06/21 15:07:03 taca Exp $
-DISTNAME= squirrelmail-webmail-1.4.23pre14605
-PKGREVISION= 1
+DISTNAME= squirrelmail-webmail-1.4.23pre14688
PKGNAME= ${DISTNAME:S/-webmail//}
CATEGORIES= mail www
MASTER_SITES= ${MASTER_SITE_LOCAL}
diff --git a/mail/squirrelmail/PLIST b/mail/squirrelmail/PLIST
index 911b5acb118..dfa584a8dd4 100644
--- a/mail/squirrelmail/PLIST
+++ b/mail/squirrelmail/PLIST
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.40 2015/09/06 12:04:12 taca Exp $
+@comment $NetBSD: PLIST,v 1.41 2017/06/21 15:07:03 taca Exp $
man/man8/squirrelmail-conf.pl.8
share/examples/squirrelmail/data/.htaccess
share/examples/squirrelmail/data/index.php
@@ -325,6 +325,7 @@ share/squirrelmail/plugins/squirrelspell/js/index.php
share/squirrelmail/plugins/squirrelspell/js/init.js
share/squirrelmail/plugins/squirrelspell/modules/.htaccess
share/squirrelmail/plugins/squirrelspell/modules/WHATISTHIS
+share/squirrelmail/plugins/squirrelspell/modules/change_main_options.mod
share/squirrelmail/plugins/squirrelspell/modules/check_me.mod
share/squirrelmail/plugins/squirrelspell/modules/crypto.mod
share/squirrelmail/plugins/squirrelspell/modules/crypto_badkey.mod
diff --git a/mail/squirrelmail/distinfo b/mail/squirrelmail/distinfo
index 633ee866f3c..30b593c643c 100644
--- a/mail/squirrelmail/distinfo
+++ b/mail/squirrelmail/distinfo
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.68 2017/04/19 17:10:18 maya Exp $
+$NetBSD: distinfo,v 1.69 2017/06/21 15:07:03 taca Exp $
-SHA1 (squirrelmail-webmail-1.4.23pre14605.tar.bz2) = b0301f777ac5e71b08cd8d718358ce0f3417a21d
-RMD160 (squirrelmail-webmail-1.4.23pre14605.tar.bz2) = ee9c4d6bd6975f0134797cfc383821368a140542
-SHA512 (squirrelmail-webmail-1.4.23pre14605.tar.bz2) = f884e324c4f89469ef92e0edb16e83930bdcb73d17df659425972a786cd1449531ab40bf4ea5a17fdc97bcfd8a4c26fc80ca68bad2ae54502236dc5b0456967b
-Size (squirrelmail-webmail-1.4.23pre14605.tar.bz2) = 558045 bytes
+SHA1 (squirrelmail-webmail-1.4.23pre14688.tar.bz2) = 0b094c86464f0a67948191f8daeb62b35024350b
+RMD160 (squirrelmail-webmail-1.4.23pre14688.tar.bz2) = 3b3d19bcbd0e3c32983707423d91263e3649f26b
+SHA512 (squirrelmail-webmail-1.4.23pre14688.tar.bz2) = ec428f5a77757d29dd0a8f905210e7f9b527e75a549162d9d2ad2ad2fdfed1c9fa4e399433e656065f24a593d76e14c043a34c0c7fffb03943de94505599a1e0
+Size (squirrelmail-webmail-1.4.23pre14688.tar.bz2) = 560901 bytes
SHA1 (patch-aa) = 4ba7ea0a85308816b9dc77c0af3c927359ed1275
SHA1 (patch-ab) = 30bf68c730f20e817fbe81d18bc2a95899ee3fd0
SHA1 (patch-ai) = 1c08904ecf074ff3ba7e6042becc0f0771388b9f
diff --git a/mail/squirrelmail/patches/patch-class_deliver_Deliver__SendMail.class.php b/mail/squirrelmail/patches/patch-class_deliver_Deliver__SendMail.class.php
deleted file mode 100644
index eceb722cbc7..00000000000
--- a/mail/squirrelmail/patches/patch-class_deliver_Deliver__SendMail.class.php
+++ /dev/null
@@ -1,23 +0,0 @@
-$NetBSD: patch-class_deliver_Deliver__SendMail.class.php,v 1.1 2017/04/19 17:10:18 maya Exp $
-
-Patch CVE-2017-7692 by separately escaping $envelopefrom
-concatenating it with a space before escaping allows for injecting command
-parameters.
-
-From Filippo Cavallarin
-https://www.wearesegment.com/research/Squirrelmail-Remote-Code-Execution.html
-
---- class/deliver/Deliver_SendMail.class.php.orig 2016-01-01 20:04:30.000000000 +0000
-+++ class/deliver/Deliver_SendMail.class.php
-@@ -95,9 +95,9 @@ class Deliver_SendMail extends Deliver {
- $envelopefrom = trim($from->mailbox.'@'.$from->host);
- $envelopefrom = str_replace(array("\0","\n"),array('',''),$envelopefrom);
- // save executed command for future reference
-- $this->sendmail_command = "$sendmail_path $this->sendmail_args -f$envelopefrom";
-+ $this->sendmail_command = escapeshellcmd("$sendmail_path $this->sendmail_args -f") . escapeshellarg($envelopefrom);
- // open process handle for writing
-- $stream = popen(escapeshellcmd($this->sendmail_command), "w");
-+ $stream = popen($this->sendmail_command, "w");
- return $stream;
- }
-
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-26 03:52:02 +0000