Path to this page:
./
mail/squirrelmail,
PHP webmail package
Branch: pkgsrc-2019Q2,
Version: 1.4.23pre14832,
Package name: squirrelmail-1.4.23pre14832,
Maintainer: tacaSquirrelMail is a standards-based webmail package written in PHP4. It
includes built-in pure PHP support for the IMAP and SMTP protocols, and all
pages render in pure HTML 4.0 (with no Javascript) for maximum compatibility
across browsers. It has very few requirements and is very easy to configure
and install. SquirrelMail has a all the functionality you would want from an
email client, including strong MIME support, address books, and folder
manipulation.
Required to run:[
lang/perl5] [
devel/php-gettext]
Required to build:[
pkgtools/cwrappers]
Master sites: (Expand)
SHA1: 32c38a24766fb5d0364253fdab36501923d7d9cd
RMD160: 689831ce73482384ce90b1ccfc84f81b29ad17eb
Filesize: 506.992 KB
Version history: (Expand)
- (2019-08-09) Updated to version: squirrelmail-1.4.23pre14832
- (2019-07-04) Package added to pkgsrc.se, version squirrelmail-1.4.23pre14764nb1 (created)
CVS history: (Expand)
2019-08-09 14:38:43 by Benny Siegert | Files touched by this commit (3) | |
Log message:
Pullup ticket #6012 - requested by taca
mail/squirrelmail: security fix
Revisions pulled up:
- mail/squirrelmail/Makefile 1.137
- mail/squirrelmail/PLIST 1.42
- mail/squirrelmail/distinfo 1.71
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Jul 24 03:49:35 UTC 2019
Modified Files:
pkgsrc/mail/squirrelmail: Makefile PLIST distinfo
Log message:
mail/squirrelmail: update to 1.4.23pre14832
Update squirrelmail to 1.4.23pre14832.
- Changed anti-CSRF security token lifetime to be session-based.
- Added favicon and ability for admins to use their own by setting
$head_tag_extra in config_local.php (see documented comments in,
for example, src/webmail.php)
- Altered hook types "do_hook_function" and \
"concat_hook_function"
such that the ultimate hook return value (in its current state,
as computed (or not) by the plugins that have executed previously)
is both globalized and passed as an additional argument to each
plugin. This allows plugins to cooperate better and not overwrite
each other's return values.
- Updated SVG handling, closing several related vulnerabilities
(#2831) [CVE-2018-14950] [CVE-2018-14951] [CVE-2018-14952]
[CVE-2018-14953] [CVE-2018-14954] [CVE-2018-14955]
- Added IMAP ID command (RFC2971), sent after every login - use
by setting $imap_id_command_args in config/config_local.php
(see notes in functions/imap_general.php for more details)
- Fixed PHP7 warnings (#2847)
- Added handling for RCDATA and RAWTEXT elements in HTML sanitizer
[CVE-2019-12970]
|