From 264050991eb5384c06fe4c58905e4c34ecb2c114 Mon Sep 17 00:00:00 2001 From: ghen Date: Mon, 17 Dec 2007 15:38:54 +0000 Subject: Pullup ticket 2246 - requested by martti security update for squirrelmail - pkgsrc/mail/squirrelmail/Makefile 1.96, 1.97 - pkgsrc/mail/squirrelmail/PLIST 1.25 - pkgsrc/mail/squirrelmail/distinfo 1.45, 1.46 - pkgsrc/mail/squirrelmail/options.mk 1.7 Module Name: pkgsrc Committed By: martti Date: Fri Dec 14 20:44:35 UTC 2007 Modified Files: pkgsrc/mail/squirrelmail: Makefile PLIST distinfo Log Message: Updated mail/squirrelmail to 1.4.13 (pkgsrc notice: we were using the original, known-to-be-good 1.4.12 distfile so all your servers should be fine) Due to the package compromise of 1.4.11, and 1.4.12, we are forced to release 1.4.13 to ensure no confusions. While initial review didn't uncover a need for concern, several proof of concepts show that the package alterations introduce a high risk security issue, allowing remote inclusion of files. These changes would allow a remote user the ability to execute exploit code on a victim machine, without any user interaction on the victim's server. This could grant the attacker the ability to deploy further code on the victim's server. We *STRONGLY* advise all users of 1.4.11, and 1.4.12 upgrade immediately. --- Module Name: pkgsrc Committed By: taca Date: Sat Dec 15 13:58:12 UTC 2007 Modified Files: pkgsrc/mail/squirrelmail: Makefile distinfo options.mk Log Message: Catch up squirrelmail-japanese patch to 1.4.12-ja-20071205. Bump PKG_REVISION. --- mail/squirrelmail/Makefile | 6 +++--- mail/squirrelmail/PLIST | 3 ++- mail/squirrelmail/distinfo | 14 +++++++------- mail/squirrelmail/options.mk | 8 ++++---- 4 files changed, 16 insertions(+), 15 deletions(-) diff --git a/mail/squirrelmail/Makefile b/mail/squirrelmail/Makefile index 75f20ebf465..95eadaa76e0 100644 --- a/mail/squirrelmail/Makefile +++ b/mail/squirrelmail/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.92.2.1 2007/12/05 07:31:12 ghen Exp $ +# $NetBSD: Makefile,v 1.92.2.2 2007/12/17 15:38:54 ghen Exp $ -DISTNAME= squirrelmail-1.4.12 -#PKGREVISION= 1 +DISTNAME= squirrelmail-1.4.13 +PKGREVISION= 1 CATEGORIES= mail www MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=squirrelmail/} EXTRACT_SUFX= .tar.bz2 diff --git a/mail/squirrelmail/PLIST b/mail/squirrelmail/PLIST index 7622b1abc6b..ca2d2f227c4 100644 --- a/mail/squirrelmail/PLIST +++ b/mail/squirrelmail/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.23.2.1 2007/12/05 07:31:12 ghen Exp $ +@comment $NetBSD: PLIST,v 1.23.2.2 2007/12/17 15:38:55 ghen Exp $ man/man8/squirrelmail-conf.pl.8 share/examples/squirrelmail/squirrelmail.conf share/squirrelmail/AUTHORS @@ -58,6 +58,7 @@ share/squirrelmail/doc/ReleaseNotes/1.4/Notes-1.4.10.txt share/squirrelmail/doc/ReleaseNotes/1.4/Notes-1.4.10a.txt share/squirrelmail/doc/ReleaseNotes/1.4/Notes-1.4.11.txt share/squirrelmail/doc/ReleaseNotes/1.4/Notes-1.4.12.txt +share/squirrelmail/doc/ReleaseNotes/1.4/Notes-1.4.13.txt share/squirrelmail/doc/ReleaseNotes/1.4/Notes-1.4.2.txt share/squirrelmail/doc/ReleaseNotes/1.4/Notes-1.4.3.txt share/squirrelmail/doc/ReleaseNotes/1.4/Notes-1.4.3a.txt diff --git a/mail/squirrelmail/distinfo b/mail/squirrelmail/distinfo index 436ea8c5c78..551d97f875d 100644 --- a/mail/squirrelmail/distinfo +++ b/mail/squirrelmail/distinfo @@ -1,12 +1,12 @@ -$NetBSD: distinfo,v 1.42.2.2 2007/12/06 10:36:33 ghen Exp $ +$NetBSD: distinfo,v 1.42.2.3 2007/12/17 15:38:55 ghen Exp $ SHA1 (squirrelmail-1.4.11-lite-20071003-patch.bz2) = 8823810ca00ab5510a48db78826112a9482d1895 RMD160 (squirrelmail-1.4.11-lite-20071003-patch.bz2) = 98649a1639567bb6669e9cfc0ca8b0743ebfb46e Size (squirrelmail-1.4.11-lite-20071003-patch.bz2) = 1800 bytes -SHA1 (squirrelmail-1.4.12-ja-20071205-patch.gz) = 16de8fb72ce13cf302279772eb0d3df84e409b3f -RMD160 (squirrelmail-1.4.12-ja-20071205-patch.gz) = fac415d26cfc5d297f927830b1fd8704e0b5b189 -Size (squirrelmail-1.4.12-ja-20071205-patch.gz) = 7739 bytes -SHA1 (squirrelmail-1.4.12.tar.bz2) = cf5c716fe2b356bafa0aa10ebdb9980339c3a0cb -RMD160 (squirrelmail-1.4.12.tar.bz2) = a25130f4eab2a84914f021a7baa432383f7ef551 -Size (squirrelmail-1.4.12.tar.bz2) = 496632 bytes +SHA1 (squirrelmail-1.4.13-ja-20071215-patch.gz) = d25052da58254b6d7132028588fbd4ba5208bf5f +RMD160 (squirrelmail-1.4.13-ja-20071215-patch.gz) = 2ef11134e65a2673027c5b00aef373269c92f6ab +Size (squirrelmail-1.4.13-ja-20071215-patch.gz) = 11925 bytes +SHA1 (squirrelmail-1.4.13.tar.bz2) = cbc101076dfde6f78e871133fc6a17b5d3aa0edb +RMD160 (squirrelmail-1.4.13.tar.bz2) = d2d27c9e2fe6225833da15981b9d6881ce55fc6d +Size (squirrelmail-1.4.13.tar.bz2) = 497103 bytes SHA1 (patch-aa) = 6f48193a3b4ee86e85afcc66e2299ecbfe375796 diff --git a/mail/squirrelmail/options.mk b/mail/squirrelmail/options.mk index 110e294f17c..1bce6931a78 100644 --- a/mail/squirrelmail/options.mk +++ b/mail/squirrelmail/options.mk @@ -1,4 +1,4 @@ -# $NetBSD: options.mk,v 1.5.2.1 2007/12/06 10:36:33 ghen Exp $ +# $NetBSD: options.mk,v 1.5.2.2 2007/12/17 15:38:56 ghen Exp $ PKG_OPTIONS_VAR= PKG_OPTIONS.squirrelmail PKG_SUPPORTED_OPTIONS= squirrelmail-japanese squirrelmail-lite @@ -6,10 +6,10 @@ PKG_SUPPORTED_OPTIONS= squirrelmail-japanese squirrelmail-lite .include "../../mk/bsd.options.mk" .if !empty(PKG_OPTIONS:Msquirrelmail-japanese) -PATCHFILES+= squirrelmail-1.4.12-ja-20071205-patch.gz -SITES.squirrelmail-1.4.12-ja-20071205-patch.gz= \ +PATCHFILES+= squirrelmail-1.4.13-ja-20071215-patch.gz +SITES.squirrelmail-1.4.13-ja-20071215-patch.gz= \ http://www.yamaai-tech.com/~masato/Download/ -PATCH_DIST_STRIP.squirrelmail-1.4.12-ja-20071205-patch.gz= -p1 +PATCH_DIST_STRIP.squirrelmail-1.4.13-ja-20071215-patch.gz= -p1 .endif -- cgit v1.2.3