Next | Query returned 141 messages, browsing 1 to 10 | Previous

History of commit frequency

CVS Commit History:

   2018-04-30 09:56:55 by Takahiro Kambe | Files touched by this commit (3) | Package updated
Log message:
mail/squirrelmail: update to 1.4.23pre14764

Fix CVE-2018-8741 and more.

  - Added ability (and user preference) to return to message list
    after moving a message
  - Search enhancement: Added ability to search in more than one
    header without having to search the body
  - Add ability for saved drafts to indicate if they are a reply and
    if so, to which message, and mark that message as replied when
    the draft is finally sent
  - Added option to allow returning to the message one had been
    replying to after sending
  - Sanitize user-supplied attachment filenames (thanks to Florian
    Grunow for reporting this issue) [CVE-2018-8741]
  - Allow users who cannot edit their email address but who have
    multiple identities to edit all their identities
   2017-06-21 17:07:03 by Takahiro Kambe | Files touched by this commit (4) | Package updated
Log message:
Update squirrelmail to 1.4.23pre14688.

Note: CVE-2017-7692 is already fixed by 1.4.23pre14605nb1.

 - compose_send hook now has $draft flag in hook arguments
 - Fixed insufficient sendmail command argument escaping (thanks
   to Mitchel Sahertian, Beyond Security/Dawid Golunski and Filippo
   Cavallarin for bringing this to our attention). [CVE-2017-7692]
 - Upgraded preferences for the delete_move_next plugin.  Automatic
   user preference updates are included, but note that if your
   installation is new, or all user prefs have been converted from
   "on"/"off" to 0/1 then you can add the following to \ 
   config/config_local.php to avoid convertign legacy values over and over:
      $do_not_convert_delete_move_next_legacy_preferences = TRUE;
 - Added ability to control the display of the "Check Spelling"
   button provided by the squirrelspell plugin, which allows
   administrators to offer this plugin but keep it out of the way
   for users who do not want it. Put sqspell_show_button=0 in
   default preferences if it should be hidden by default
   2017-04-19 19:10:18 by Maya Rashish | Files touched by this commit (3) | Package updated
Log message:
squirrelmail: patch remote code execution (CVE-2017-7692)
separately escape tainted input before feeding it into popen. … ution.html

patch from Filipo Cavallarin@wearesegment, who also found the vulnerability.
   2016-11-17 16:10:07 by Takahiro Kambe | Files touched by this commit (3) | Package updated
Log message:
Update squirrelmail to 1.4.23pre14605, latest snapshot.
PHP 7.0 support should be improved, too.

  - Added new "smtp_helo_override" hook; allows plugins to override
    the HELO host sent to the SMTP server when sending messages
  - Added STARTTLS support for both IMAP and SMTP connections
  - Added PDO support for database connections, so no external
    database module needs to be installed
   2016-09-30 16:21:23 by Emmanuel Dreyfus | Files touched by this commit (3)
Log message:
Remove patch on a localy installed file that did not belong to the distribution
   2016-09-27 14:11:11 by Emmanuel Dreyfus | Files touched by this commit (4)
Log message:
Syntax error and PHP 5 compatibility fixes in squirrelmail plugins
From Jean-Jacques Puig
   2016-07-09 08:39:18 by Thomas Klausner | Files touched by this commit (1068) | Package updated
Log message:
Bump PKGREVISION for perl-5.24.0 for everything mentioning perl.
   2015-11-04 00:27:24 by Alistair G. Crooks | Files touched by this commit (312)
Log message:
Add SHA512 digests for distfiles for mail category

Problems found locating distfiles:
	Package mutt: missing distfile patch-1.5.24.rr.compressed.gz
	Package p5-Email-Valid: missing distfile Email-Valid-1.198.tar.gz
	Package pine: missing distfile fancy.patch.gz
	Package postgrey: missing distfile targrey-0.31-postgrey-1.34.patch
	Package qmail: missing distfile badrcptto.patch
	Package qmail: missing distfile outgoingip.patch
	Package qmail: missing distfile qmail-1.03-realrcptto-2006.12.10.patch
	Package qmail: missing distfile qmail-smtpd-viruscan-1.3.patch
	Package thunderbird24: missing distfile enigmail-1.7.2.tar.gz
	Package thunderbird31: missing distfile enigmail-1.7.2.tar.gz

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
   2015-09-06 14:04:12 by Takahiro Kambe | Files touched by this commit (3) | Package updated
Log message:
Update squirrelmail to new snapshot, 1.4.23pre14523.
Should be fix PR pkg/50197.

Here is changes from previous pkgsrc's snapshot.

Version 1.4.23 - SVN
  - Added Solarized Light and Solarized Dark themes, by Pavneet Arora.
  - Added associative edit list option widget, with optional folder
    list selector for values
  - Added option to use blank spacer instead of security image ("This
    image has been removed for security reasons.") for replacing
    unsafe images.
  - Full date and time is used as "title" (mouseover) text for dates
    shown on the message list screen
  - Custom Stylesheets are now sorted on the Display Preferences page
  - $xtra in the displayHtmlHeader function is now available in the
    global scope so that plugins can modify it during the generic_header
  - Added some generic client-side (JavaScript) libraries (including
    an asynchronous server request mechansim). See the new /scripts
    directory (plugin authors can refer to the plugin documentation
    for how to use them)
  - Added optional JavaScript folder list refresh ("check mail")
    mechanisms that try to avoid refreshing if server is not responding -
    see the $check_mail_mechanism setting in config/config.php or the
    "4. General Options ==> "21. Auto check mail mechanism" \ 
setting in
    the configuration tool.  (If you do not update your configuration,
    you will get messages in your logs:  "PHP Notice:  Undefined variable:
    check_mail_mechanism in /path/to/squirrelmail/src/left_main.php on
    line 322...")
  - Added advanced control over the SSL context used when connecting
    to the SMTP and IMAP servers over SSL/TLS (thanks to Emmanuel
    Dreyfus).  You can take a look at $imap_stream_options and
    $smtp_stream_options in config_local.example.php in SquirrelMail
    version 1.5.2 for more information.  These configuration settings
    should work the same under 1.4.23:
    \ … xample.php
  - Added ability to show login error from the IMAP server instead of
    traditional "Unknown user or password incorrect" (thanks to Alain
    Williams).  See $display_imap_login_error in the configuration
    file or "4.  General Options ==> 22. Display login error from IMAP"
    in the configuration tool.
  - Configuration tool now shows the SquirrelMail version
  - Added new attachments_top hook to src/read_body.php
  - When resuming a draft, correct (from) identity is now pre-selected
  - Removed overly-restrictive character limitations on address book
  - Prevent session lock-up caused by filters plugin trying to move
    messages in an account that is over quota
  - Added MD5 alternative to directory hash calculation
  - Added ability for administrator to control whether or not users
    can edit their reply-to address ($edit_reply_to in config.php)
  - Added new "login_before_page_header" (boolean) hook; allows
    plugins to have more explicit control over login page header
   2015-06-12 12:52:19 by Thomas Klausner | Files touched by this commit (3152)
Log message:
Recursive PKGREVISION bump for all packages mentioning 'perl',
having a PKGNAME of p5-*, or depending such a package,
for perl-5.22.0.

Next | Query returned 141 messages, browsing 1 to 10 | Previous