./mail/squirrelmail, PHP webmail package

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 1.4.23pre14764, Package name: squirrelmail-1.4.23pre14764, Maintainer: taca

SquirrelMail is a standards-based webmail package written in PHP4. It
includes built-in pure PHP support for the IMAP and SMTP protocols, and all
pages render in pure HTML 4.0 (with no Javascript) for maximum compatibility
across browsers. It has very few requirements and is very easy to configure
and install. SquirrelMail has a all the functionality you would want from an
email client, including strong MIME support, address books, and folder

Required to run:
[lang/perl5] [devel/php-gettext]

Required to build:

Master sites: (Expand)

SHA1: 9fd0ddfd393be97373d5b839143285527c3cb9c4
RMD160: 8b40681f8fa0cc9e25282d1215e6b88c2566c73b
Filesize: 549.596 KB

Version history: (Expand)

CVS history: (Expand)

   2018-04-30 09:56:55 by Takahiro Kambe | Files touched by this commit (3) | Package updated
Log message:
mail/squirrelmail: update to 1.4.23pre14764

Fix CVE-2018-8741 and more.

  - Added ability (and user preference) to return to message list
    after moving a message
  - Search enhancement: Added ability to search in more than one
    header without having to search the body
  - Add ability for saved drafts to indicate if they are a reply and
    if so, to which message, and mark that message as replied when
    the draft is finally sent
  - Added option to allow returning to the message one had been
    replying to after sending
  - Sanitize user-supplied attachment filenames (thanks to Florian
    Grunow for reporting this issue) [CVE-2018-8741]
  - Allow users who cannot edit their email address but who have
    multiple identities to edit all their identities
   2017-06-21 17:07:03 by Takahiro Kambe | Files touched by this commit (4) | Package updated
Log message:
Update squirrelmail to 1.4.23pre14688.

Note: CVE-2017-7692 is already fixed by 1.4.23pre14605nb1.

 - compose_send hook now has $draft flag in hook arguments
 - Fixed insufficient sendmail command argument escaping (thanks
   to Mitchel Sahertian, Beyond Security/Dawid Golunski and Filippo
   Cavallarin for bringing this to our attention). [CVE-2017-7692]
 - Upgraded preferences for the delete_move_next plugin.  Automatic
   user preference updates are included, but note that if your
   installation is new, or all user prefs have been converted from
   "on"/"off" to 0/1 then you can add the following to \ 
   config/config_local.php to avoid convertign legacy values over and over:
      $do_not_convert_delete_move_next_legacy_preferences = TRUE;
 - Added ability to control the display of the "Check Spelling"
   button provided by the squirrelspell plugin, which allows
   administrators to offer this plugin but keep it out of the way
   for users who do not want it. Put sqspell_show_button=0 in
   default preferences if it should be hidden by default
   2017-04-19 19:10:18 by Maya Rashish | Files touched by this commit (3) | Package updated
Log message:
squirrelmail: patch remote code execution (CVE-2017-7692)
separately escape tainted input before feeding it into popen.
https://www.wearesegment.com/research/S … ution.html

patch from Filipo Cavallarin@wearesegment, who also found the vulnerability.
   2016-11-17 16:10:07 by Takahiro Kambe | Files touched by this commit (3) | Package updated
Log message:
Update squirrelmail to 1.4.23pre14605, latest snapshot.
PHP 7.0 support should be improved, too.

  - Added new "smtp_helo_override" hook; allows plugins to override
    the HELO host sent to the SMTP server when sending messages
  - Added STARTTLS support for both IMAP and SMTP connections
  - Added PDO support for database connections, so no external
    database module needs to be installed
   2016-09-30 16:21:23 by Emmanuel Dreyfus | Files touched by this commit (3)
Log message:
Remove patch on a localy installed file that did not belong to the distribution
   2016-09-27 14:11:11 by Emmanuel Dreyfus | Files touched by this commit (4)
Log message:
Syntax error and PHP 5 compatibility fixes in squirrelmail plugins
From Jean-Jacques Puig
   2016-07-09 08:39:18 by Thomas Klausner | Files touched by this commit (1068) | Package updated
Log message:
Bump PKGREVISION for perl-5.24.0 for everything mentioning perl.
   2015-11-04 00:27:24 by Alistair G. Crooks | Files touched by this commit (312)
Log message:
Add SHA512 digests for distfiles for mail category

Problems found locating distfiles:
	Package mutt: missing distfile patch-1.5.24.rr.compressed.gz
	Package p5-Email-Valid: missing distfile Email-Valid-1.198.tar.gz
	Package pine: missing distfile fancy.patch.gz
	Package postgrey: missing distfile targrey-0.31-postgrey-1.34.patch
	Package qmail: missing distfile badrcptto.patch
	Package qmail: missing distfile outgoingip.patch
	Package qmail: missing distfile qmail-1.03-realrcptto-2006.12.10.patch
	Package qmail: missing distfile qmail-smtpd-viruscan-1.3.patch
	Package thunderbird24: missing distfile enigmail-1.7.2.tar.gz
	Package thunderbird31: missing distfile enigmail-1.7.2.tar.gz

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.