From owner-freebsd-ports-bugs@FreeBSD.ORG  Wed May  9 16:30:06 2007
Return-Path: <owner-freebsd-ports-bugs@FreeBSD.ORG>
X-Original-To: freebsd-ports-bugs@hub.freebsd.org
Delivered-To: freebsd-ports-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 89B4216A406
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Wed,  9 May 2007 16:30:06 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40])
	by mx1.freebsd.org (Postfix) with ESMTP id 66AA213C468
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Wed,  9 May 2007 16:30:06 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id l49GU6fc044024
	for <freebsd-ports-bugs@freefall.freebsd.org>;
	Wed, 9 May 2007 16:30:06 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.13.4/8.13.4/Submit) id l49GU6qE044017;
	Wed, 9 May 2007 16:30:06 GMT (envelope-from gnats)
Resent-Date: Wed, 9 May 2007 16:30:06 GMT
Resent-Message-Id: <200705091630.l49GU6qE044017@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-ports-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	Simon Dick <simond@irrelevant.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 915C116A404
	for <FreeBSD-gnats-submit@freebsd.org>;
	Wed,  9 May 2007 16:29:23 +0000 (UTC)
	(envelope-from simond@amd64.irrelevant.org)
Received: from smtp1.bethere.co.uk (smtp1.betherenow.co.uk [87.194.0.68])
	by mx1.freebsd.org (Postfix) with ESMTP id 1C7BD13C43E;
	Wed,  9 May 2007 16:29:23 +0000 (UTC)
	(envelope-from simond@amd64.irrelevant.org)
Received: from amd64.irrelevant.org (home.irrelevant.org [87.194.2.108])
	by smtp1.bethere.co.uk (Postfix) with SMTP id BBEEA42B3B3;
	Wed,  9 May 2007 17:02:40 +0100 (BST)
Received: from simond by amd64.irrelevant.org with local (Exim 4.67 (FreeBSD))
	(envelope-from <simond@amd64.irrelevant.org>)
	id 1HloZp-000LhQ-4D; Wed, 09 May 2007 16:59:41 +0100
Message-Id: <E1HloZp-000LhQ-4D@amd64.irrelevant.org>
Date: Wed, 09 May 2007 16:59:41 +0100
From: Simon Dick <simond@irrelevant.org>
Sender: Simon Dick <simond@home.irrelevant.org>
To: FreeBSD-gnats-submit@FreeBSD.org
X-Send-Pr-Version: 3.113
Cc: sec-team@FreeBSD.org
Subject: ports/112548: [security] Maintainer port update: mail/squirrelmail
X-BeenThere: freebsd-ports-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Simon Dick <simond@irrelevant.org>
List-Id: Ports bug reports <freebsd-ports-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports-bugs>
List-Post: <mailto:freebsd-ports-bugs@freebsd.org>
List-Help: <mailto:freebsd-ports-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 09 May 2007 16:30:06 -0000


>Number:         112548
>Category:       ports
>Synopsis:       [security] Maintainer port update: mail/squirrelmail
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Wed May 09 16:30:05 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator:     Simon Dick
>Release:        FreeBSD 6.2-RELEASE amd64
>Organization:
>Environment:
System: FreeBSD amd64.irrelevant.org 6.2-RELEASE FreeBSD 6.2-RELEASE #1: Mon Jan 15 14:08:24 GMT 2007 root@amd64.irrelevant.org:/usr/obj/usr/src/sys/GENERIC amd64


	
>Description:

Update port to 1.4.10:
- Some security fixes (see below)
- Small enhancements
- A collection of bugfixes and stability enhancements

The security issues are described in CVE-2007-1262

>How-To-Repeat:
	
>Fix:

diff -ruN /usr/ports/mail/squirrelmail/Makefile squirrelmail/Makefile
--- /usr/ports/mail/squirrelmail/Makefile	Tue Dec  5 18:29:03 2006
+++ squirrelmail/Makefile	Wed May  9 16:46:43 2007
@@ -6,12 +6,12 @@
 #
 
 PORTNAME=	squirrelmail
-PORTVERSION=	1.4.9a
+PORTVERSION=	1.4.10
 CATEGORIES=	mail www
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
 MASTER_SITE_SUBDIR=	${PORTNAME}
 DISTFILES=	${DISTNAME}${EXTRACT_SUFX} \
-		all_locales-1.4.8-20060903${EXTRACT_SUFX}
+		all_locales-1.4.9-20070106${EXTRACT_SUFX}
 DIST_SUBDIR=	${PORTNAME}
 
 MAINTAINER=	simond@irrelevant.org
diff -ruN /usr/ports/mail/squirrelmail/distinfo squirrelmail/distinfo
--- /usr/ports/mail/squirrelmail/distinfo	Tue Dec  5 18:29:03 2006
+++ squirrelmail/distinfo	Wed May  9 16:47:11 2007
@@ -1,6 +1,6 @@
-MD5 (squirrelmail/squirrelmail-1.4.9a.tar.bz2) = 3adf66bfe2e816ba8375cf811d8ef3f6
-SHA256 (squirrelmail/squirrelmail-1.4.9a.tar.bz2) = 0a33ef186ff898017f788f5a6783d3303a879ea4e20ccfc6e124ad38d9954f95
-SIZE (squirrelmail/squirrelmail-1.4.9a.tar.bz2) = 481601
-MD5 (squirrelmail/all_locales-1.4.8-20060903.tar.bz2) = f8a042fd6b3ea68a3da49c3398224205
-SHA256 (squirrelmail/all_locales-1.4.8-20060903.tar.bz2) = 24fd4af596eb20fe0b0c1e42e45142ed048cea98b141e4e2c98b367fdc5d76e7
-SIZE (squirrelmail/all_locales-1.4.8-20060903.tar.bz2) = 2668940
+MD5 (squirrelmail/squirrelmail-1.4.10.tar.bz2) = 6e3ab93e8c3854ba84a03df256ed0f7d
+SHA256 (squirrelmail/squirrelmail-1.4.10.tar.bz2) = d2328bebb3e863025d61222cbc40f4263dfdefcb22e500ed501462a05d7df4be
+SIZE (squirrelmail/squirrelmail-1.4.10.tar.bz2) = 484389
+MD5 (squirrelmail/all_locales-1.4.9-20070106.tar.bz2) = eaa0e8835b8d7d451500aad907c22e24
+SHA256 (squirrelmail/all_locales-1.4.9-20070106.tar.bz2) = 04ad3e37042deb8c5668946c3364cd53d9c30b2486f24deee4d71c05fa584423
+SIZE (squirrelmail/all_locales-1.4.9-20070106.tar.bz2) = 2699569
diff -ruN /usr/ports/mail/squirrelmail/files/patch-config-config_default.php squirrelmail/files/patch-config-config_default.php
--- /usr/ports/mail/squirrelmail/files/patch-config-config_default.php	Wed Jun  2 20:37:29 2004
+++ squirrelmail/files/patch-config-config_default.php	Wed May  9 16:50:11 2007
@@ -1,19 +1,19 @@
---- config/config_default.php.orig	Wed Jun  2 10:49:41 2004
-+++ config/config_default.php	Wed Jun  2 10:50:21 2004
-@@ -442,7 +442,7 @@
-  *   $data_dir = SM_PATH . 'data/';
+--- config/config_default.php.orig	Wed May  9 16:48:26 2007
++++ config/config_default.php	Wed May  9 16:49:20 2007
+@@ -464,7 +464,7 @@
+  *
   * @global string $data_dir
   */
--$data_dir = SM_PATH . 'data/';
+-$data_dir = '/var/local/squirrelmail/data/';
 +$data_dir = '/var/spool/squirrelmail/pref/';
  
  /**
   * Attachments directory
-@@ -460,7 +460,7 @@
+@@ -482,7 +482,7 @@
   *    + It should probably be another directory than data_dir.
   * @global string $attachment_dir
   */
--$attachment_dir = $data_dir;
+-$attachment_dir = '/var/local/squirrelmail/attach/';
 +$attachment_dir = '/var/spool/squirrelmail/attach/';
  
  /**
diff -ruN /usr/ports/mail/squirrelmail/pkg-plist squirrelmail/pkg-plist
--- /usr/ports/mail/squirrelmail/pkg-plist	Tue Dec  5 18:29:03 2006
+++ squirrelmail/pkg-plist	Wed May  9 16:55:41 2007
@@ -427,6 +427,8 @@
 %%SQUIRRELDIR%%/locale/cs_CZ/LC_MESSAGES/squirrelmail.po
 %%SQUIRRELDIR%%/locale/cs_CZ/LC_MESSAGES/vacation_local.mo
 %%SQUIRRELDIR%%/locale/cs_CZ/LC_MESSAGES/vacation_local.po
+%%SQUIRRELDIR%%/locale/cs_CZ/LC_MESSAGES/vkeyboard.po
+%%SQUIRRELDIR%%/locale/cs_CZ/LC_MESSAGES/vkeyboard.mo
 %%SQUIRRELDIR%%/locale/cs_CZ/LC_MESSAGES/yelp.mo
 %%SQUIRRELDIR%%/locale/cs_CZ/LC_MESSAGES/yelp.po
 %%SQUIRRELDIR%%/locale/cs_CZ/setup.php
@@ -505,6 +507,8 @@
 %%SQUIRRELDIR%%/locale/es_ES/LC_MESSAGES/squirrelmail.po
 %%SQUIRRELDIR%%/locale/es_ES/LC_MESSAGES/unsafe_image_rules.mo
 %%SQUIRRELDIR%%/locale/es_ES/LC_MESSAGES/unsafe_image_rules.po
+%%SQUIRRELDIR%%/locale/es_ES/LC_MESSAGES/vkeyboard.po
+%%SQUIRRELDIR%%/locale/es_ES/LC_MESSAGES/vkeyboard.mo
 %%SQUIRRELDIR%%/locale/es_ES/setup.php
 %%SQUIRRELDIR%%/locale/et_EE/LC_MESSAGES/squirrelmail.mo
 %%SQUIRRELDIR%%/locale/et_EE/LC_MESSAGES/squirrelmail.po
@@ -549,6 +553,8 @@
 %%SQUIRRELDIR%%/locale/fr_FR/LC_MESSAGES/squirrelmail.po
 %%SQUIRRELDIR%%/locale/fr_FR/LC_MESSAGES/vacation_local.mo
 %%SQUIRRELDIR%%/locale/fr_FR/LC_MESSAGES/vacation_local.po
+%%SQUIRRELDIR%%/locale/fr_FR/LC_MESSAGES/vkeyboard.po
+%%SQUIRRELDIR%%/locale/fr_FR/LC_MESSAGES/vkeyboard.mo
 %%SQUIRRELDIR%%/locale/fr_FR/LC_MESSAGES/yelp.mo
 %%SQUIRRELDIR%%/locale/fr_FR/LC_MESSAGES/yelp.po
 %%SQUIRRELDIR%%/locale/fr_FR/setup.php
@@ -680,6 +686,8 @@
 %%SQUIRRELDIR%%/locale/lt_LT/LC_MESSAGES/naguser.po
 %%SQUIRRELDIR%%/locale/lt_LT/LC_MESSAGES/newuser_wiz.mo
 %%SQUIRRELDIR%%/locale/lt_LT/LC_MESSAGES/newuser_wiz.po
+%%SQUIRRELDIR%%/locale/lt_LT/LC_MESSAGES/proon.mo
+%%SQUIRRELDIR%%/locale/lt_LT/LC_MESSAGES/proon.po
 %%SQUIRRELDIR%%/locale/lt_LT/LC_MESSAGES/qmailadmin_login.mo
 %%SQUIRRELDIR%%/locale/lt_LT/LC_MESSAGES/qmailadmin_login.po
 %%SQUIRRELDIR%%/locale/lt_LT/LC_MESSAGES/reply_buttons.mo
@@ -710,6 +718,8 @@
 %%SQUIRRELDIR%%/locale/lt_LT/LC_MESSAGES/vacation_local.po
 %%SQUIRRELDIR%%/locale/lt_LT/LC_MESSAGES/verify_reply_to.mo
 %%SQUIRRELDIR%%/locale/lt_LT/LC_MESSAGES/verify_reply_to.po
+%%SQUIRRELDIR%%/locale/lt_LT/LC_MESSAGES/vkeyboard.mo
+%%SQUIRRELDIR%%/locale/lt_LT/LC_MESSAGES/vkeyboard.po
 %%SQUIRRELDIR%%/locale/lt_LT/LC_MESSAGES/web_search.mo
 %%SQUIRRELDIR%%/locale/lt_LT/LC_MESSAGES/web_search.po
 %%SQUIRRELDIR%%/locale/lt_LT/LC_MESSAGES/yelp.mo
@@ -731,6 +741,8 @@
 %%SQUIRRELDIR%%/locale/nl_NL/LC_MESSAGES/squirrelmail.po
 %%SQUIRRELDIR%%/locale/nl_NL/LC_MESSAGES/vacation_local.mo
 %%SQUIRRELDIR%%/locale/nl_NL/LC_MESSAGES/vacation_local.po
+%%SQUIRRELDIR%%/locale/nl_NL/LC_MESSAGES/vkeyboard.po
+%%SQUIRRELDIR%%/locale/nl_NL/LC_MESSAGES/vkeyboard.mo
 %%SQUIRRELDIR%%/locale/nl_NL/setup.php
 %%SQUIRRELDIR%%/locale/nn_NO/LC_MESSAGES/abook_import_export.mo
 %%SQUIRRELDIR%%/locale/nn_NO/LC_MESSAGES/abook_import_export.po
@@ -810,6 +822,8 @@
 %%SQUIRRELDIR%%/locale/nn_NO/LC_MESSAGES/vacation_local.po
 %%SQUIRRELDIR%%/locale/nn_NO/LC_MESSAGES/verify_reply_to.mo
 %%SQUIRRELDIR%%/locale/nn_NO/LC_MESSAGES/verify_reply_to.po
+%%SQUIRRELDIR%%/locale/nn_NO/LC_MESSAGES/vkeyboard.po
+%%SQUIRRELDIR%%/locale/nn_NO/LC_MESSAGES/vkeyboard.mo
 %%SQUIRRELDIR%%/locale/nn_NO/LC_MESSAGES/web_search.mo
 %%SQUIRRELDIR%%/locale/nn_NO/LC_MESSAGES/web_search.po
 %%SQUIRRELDIR%%/locale/nn_NO/LC_MESSAGES/yelp.mo
@@ -826,6 +840,8 @@
 %%SQUIRRELDIR%%/locale/pt_BR/LC_MESSAGES/squirrelmail.po
 %%SQUIRRELDIR%%/locale/pt_BR/LC_MESSAGES/unsafe_image_rules.mo
 %%SQUIRRELDIR%%/locale/pt_BR/LC_MESSAGES/unsafe_image_rules.po
+%%SQUIRRELDIR%%/locale/pt_BR/LC_MESSAGES/vkeyboard.po
+%%SQUIRRELDIR%%/locale/pt_BR/LC_MESSAGES/vkeyboard.mo
 %%SQUIRRELDIR%%/locale/pt_BR/setup.php
 %%SQUIRRELDIR%%/locale/pt_PT/LC_MESSAGES/askuserinfo.mo
 %%SQUIRRELDIR%%/locale/pt_PT/LC_MESSAGES/askuserinfo.po
@@ -969,6 +985,8 @@
 %%SQUIRRELDIR%%/locale/uk_UA/LC_MESSAGES/templates.po
 %%SQUIRRELDIR%%/locale/uk_UA/LC_MESSAGES/vacation_local.mo
 %%SQUIRRELDIR%%/locale/uk_UA/LC_MESSAGES/vacation_local.po
+%%SQUIRRELDIR%%/locale/uk_UA/LC_MESSAGES/vkeyboard.po
+%%SQUIRRELDIR%%/locale/uk_UA/LC_MESSAGES/vkeyboard.mo
 %%SQUIRRELDIR%%/locale/uk_UA/LC_MESSAGES/web_search.mo
 %%SQUIRRELDIR%%/locale/uk_UA/LC_MESSAGES/web_search.po
 %%SQUIRRELDIR%%/locale/uk_UA/LC_MESSAGES/yelp.mo
>Release-Note:
>Audit-Trail:
>Unformatted: