Subject: CVS commit: pkgsrc/mail/squirrelmail
From: Takahiro Kambe
Date: 2019-07-24 05:49:35
Message id: 20190724034935.3BBFAFBF4@cvs.NetBSD.org

Log Message:
mail/squirrelmail: update to 1.4.23pre14832

Update squirrelmail to 1.4.23pre14832.

- Changed anti-CSRF security token lifetime to be session-based.
- Added favicon and ability for admins to use their own by setting
  $head_tag_extra in config_local.php (see documented comments in,
  for example, src/webmail.php)
- Altered hook types "do_hook_function" and \ 
"concat_hook_function"
  such that the ultimate hook return value (in its current state,
  as computed (or not) by the plugins that have executed previously)
  is both globalized and passed as an additional argument to each
  plugin.  This allows plugins to cooperate better and not overwrite
  each other's return values.
- Updated SVG handling, closing several related vulnerabilities
  (#2831) [CVE-2018-14950] [CVE-2018-14951] [CVE-2018-14952]
  [CVE-2018-14953] [CVE-2018-14954] [CVE-2018-14955]
- Added IMAP ID command (RFC2971), sent after every login - use
  by setting $imap_id_command_args in config/config_local.php
  (see notes in functions/imap_general.php for more details)
- Fixed PHP7 warnings (#2847)
- Added handling for RCDATA and RAWTEXT elements in HTML sanitizer
  [CVE-2019-12970]

Files:
RevisionActionfile
1.137modifypkgsrc/mail/squirrelmail/Makefile
1.42modifypkgsrc/mail/squirrelmail/PLIST
1.71modifypkgsrc/mail/squirrelmail/distinfo