head	1.3;
access;
symbols
	pkgsrc-2026Q1:1.3.0.64
	pkgsrc-2026Q1-base:1.3
	pkgsrc-2025Q4:1.3.0.62
	pkgsrc-2025Q4-base:1.3
	pkgsrc-2025Q3:1.3.0.60
	pkgsrc-2025Q3-base:1.3
	pkgsrc-2025Q2:1.3.0.58
	pkgsrc-2025Q2-base:1.3
	pkgsrc-2025Q1:1.3.0.56
	pkgsrc-2025Q1-base:1.3
	pkgsrc-2024Q4:1.3.0.54
	pkgsrc-2024Q4-base:1.3
	pkgsrc-2024Q3:1.3.0.52
	pkgsrc-2024Q3-base:1.3
	pkgsrc-2024Q2:1.3.0.50
	pkgsrc-2024Q2-base:1.3
	pkgsrc-2024Q1:1.3.0.48
	pkgsrc-2024Q1-base:1.3
	pkgsrc-2023Q4:1.3.0.46
	pkgsrc-2023Q4-base:1.3
	pkgsrc-2023Q3:1.3.0.44
	pkgsrc-2023Q3-base:1.3
	pkgsrc-2023Q2:1.3.0.42
	pkgsrc-2023Q2-base:1.3
	pkgsrc-2023Q1:1.3.0.40
	pkgsrc-2023Q1-base:1.3
	pkgsrc-2022Q4:1.3.0.38
	pkgsrc-2022Q4-base:1.3
	pkgsrc-2022Q3:1.3.0.36
	pkgsrc-2022Q3-base:1.3
	pkgsrc-2022Q2:1.3.0.34
	pkgsrc-2022Q2-base:1.3
	pkgsrc-2022Q1:1.3.0.32
	pkgsrc-2022Q1-base:1.3
	pkgsrc-2021Q4:1.3.0.30
	pkgsrc-2021Q4-base:1.3
	pkgsrc-2021Q3:1.3.0.28
	pkgsrc-2021Q3-base:1.3
	pkgsrc-2021Q2:1.3.0.26
	pkgsrc-2021Q2-base:1.3
	pkgsrc-2021Q1:1.3.0.24
	pkgsrc-2021Q1-base:1.3
	pkgsrc-2020Q4:1.3.0.22
	pkgsrc-2020Q4-base:1.3
	pkgsrc-2020Q3:1.3.0.20
	pkgsrc-2020Q3-base:1.3
	pkgsrc-2020Q2:1.3.0.18
	pkgsrc-2020Q2-base:1.3
	pkgsrc-2020Q1:1.3.0.14
	pkgsrc-2020Q1-base:1.3
	pkgsrc-2019Q4:1.3.0.16
	pkgsrc-2019Q4-base:1.3
	pkgsrc-2019Q3:1.3.0.12
	pkgsrc-2019Q3-base:1.3
	pkgsrc-2019Q2:1.3.0.10
	pkgsrc-2019Q2-base:1.3
	pkgsrc-2019Q1:1.3.0.8
	pkgsrc-2019Q1-base:1.3
	pkgsrc-2018Q4:1.3.0.6
	pkgsrc-2018Q4-base:1.3
	pkgsrc-2018Q3:1.3.0.4
	pkgsrc-2018Q3-base:1.3
	pkgsrc-2018Q2:1.3.0.2
	pkgsrc-2018Q2-base:1.3
	pkgsrc-2018Q1:1.2.0.68
	pkgsrc-2018Q1-base:1.2
	pkgsrc-2017Q4:1.2.0.66
	pkgsrc-2017Q4-base:1.2
	pkgsrc-2017Q3:1.2.0.64
	pkgsrc-2017Q3-base:1.2
	pkgsrc-2017Q2:1.2.0.60
	pkgsrc-2017Q2-base:1.2
	pkgsrc-2017Q1:1.2.0.58
	pkgsrc-2017Q1-base:1.2
	pkgsrc-2016Q4:1.2.0.56
	pkgsrc-2016Q4-base:1.2
	pkgsrc-2016Q3:1.2.0.54
	pkgsrc-2016Q3-base:1.2
	pkgsrc-2016Q2:1.2.0.52
	pkgsrc-2016Q2-base:1.2
	pkgsrc-2016Q1:1.2.0.50
	pkgsrc-2016Q1-base:1.2
	pkgsrc-2015Q4:1.2.0.48
	pkgsrc-2015Q4-base:1.2
	pkgsrc-2015Q3:1.2.0.46
	pkgsrc-2015Q3-base:1.2
	pkgsrc-2015Q2:1.2.0.44
	pkgsrc-2015Q2-base:1.2
	pkgsrc-2015Q1:1.2.0.42
	pkgsrc-2015Q1-base:1.2
	pkgsrc-2014Q4:1.2.0.40
	pkgsrc-2014Q4-base:1.2
	pkgsrc-2014Q3:1.2.0.38
	pkgsrc-2014Q3-base:1.2
	pkgsrc-2014Q2:1.2.0.36
	pkgsrc-2014Q2-base:1.2
	pkgsrc-2014Q1:1.2.0.34
	pkgsrc-2014Q1-base:1.2
	pkgsrc-2013Q4:1.2.0.32
	pkgsrc-2013Q4-base:1.2
	pkgsrc-2013Q3:1.2.0.30
	pkgsrc-2013Q3-base:1.2
	pkgsrc-2013Q2:1.2.0.28
	pkgsrc-2013Q2-base:1.2
	pkgsrc-2013Q1:1.2.0.26
	pkgsrc-2013Q1-base:1.2
	pkgsrc-2012Q4:1.2.0.24
	pkgsrc-2012Q4-base:1.2
	pkgsrc-2012Q3:1.2.0.22
	pkgsrc-2012Q3-base:1.2
	pkgsrc-2012Q2:1.2.0.20
	pkgsrc-2012Q2-base:1.2
	pkgsrc-2012Q1:1.2.0.18
	pkgsrc-2012Q1-base:1.2
	pkgsrc-2011Q4:1.2.0.16
	pkgsrc-2011Q4-base:1.2
	pkgsrc-2011Q3:1.2.0.14
	pkgsrc-2011Q3-base:1.2
	pkgsrc-2011Q2:1.2.0.12
	pkgsrc-2011Q2-base:1.2
	pkgsrc-2011Q1:1.2.0.10
	pkgsrc-2011Q1-base:1.2
	pkgsrc-2010Q4:1.2.0.8
	pkgsrc-2010Q4-base:1.2
	pkgsrc-2010Q3:1.2.0.6
	pkgsrc-2010Q3-base:1.2
	pkgsrc-2010Q2:1.2.0.4
	pkgsrc-2010Q2-base:1.2
	pkgsrc-2010Q1:1.2.0.2
	pkgsrc-2010Q1-base:1.2
	pkgsrc-2009Q4:1.1.0.4
	pkgsrc-2009Q4-base:1.1
	pkgsrc-2009Q3:1.1.0.2
	pkgsrc-2009Q3-base:1.1;
locks; strict;
comment	@# @;


1.3
date	2018.04.30.07.56.55;	author taca;	state Exp;
branches;
next	1.2;
commitid	poQNEytEKAEHgrAA;

1.2
date	2010.03.07.03.41.49;	author taca;	state Exp;
branches
	1.2.68.1;
next	1.1;

1.1
date	2009.10.04.01.27.15;	author taca;	state Exp;
branches;
next	;

1.2.68.1
date	2018.05.06.11.41.44;	author spz;	state Exp;
branches;
next	;
commitid	PvDlb9HjhlN6keBA;


desc
@@


1.3
log
@mail/squirrelmail: update to 1.4.23pre14764

Fix CVE-2018-8741 and more.

  - Added ability (and user preference) to return to message list
    after moving a message
  - Search enhancement: Added ability to search in more than one
    header without having to search the body
  - Add ability for saved drafts to indicate if they are a reply and
    if so, to which message, and mark that message as replied when
    the draft is finally sent
  - Added option to allow returning to the message one had been
    replying to after sending
  - Sanitize user-supplied attachment filenames (thanks to Florian
    Grunow for reporting this issue) [CVE-2018-8741]
  - Allow users who cannot edit their email address but who have
    multiple identities to edit all their identities
@
text
@$NetBSD: patch-ai,v 1.2 2010/03/07 03:41:49 taca Exp $

* Fix encoding problem of attached filenames; convert to Shift_JIS when
  using Internet Explore in Japanese environment, sigh.

--- functions/mime.php.orig	2018-01-16 23:36:07.000000000 +0000
+++ functions/mime.php
@@@@ -2589,6 +2589,10 @@@@ function SendDownloadHeaders($type0, $ty
     //set all the Cache Control Headers for IE
     if ($isIE) {
         $filename=rawurlencode($filename);
+        if ($squirrelmail_language == 'ja_JP') {
+            $filename = rawurldecode($filename);
+            $filename = mb_convert_encoding($filename, 'SJIS', 'AUTO');
+        }
         header ("Pragma: public");
         header ("Cache-Control: no-store, max-age=0, no-cache, must-revalidate"); // HTTP/1.1
         // does nothing - see: https://blogs.msdn.microsoft.com/ieinternals/2009/07/20/internet-explorers-cache-control-extensions/
@


1.2
log
@Update squirrelmail pacakge to 1.4.20.


Version 1.4.20 - 06 Mar 2010
---------------------------
  - Fixed issue with search not using literals correctly (#2846511).
  - Fixed issue with returning to search results due to new security token
    code.
  - Fixed issue with multi-part related messages not showing all attachments
    (#2830140).
  - Fixed for security token missing in newmail plugin (#2919418).
  - Fixed sort in Sent folder to sort by "To" field instead of "From" field
    (#2907412).
  - Fixed mailto: urls containing + characters.  Thanks to Michael Puls II
    for the patch.
  - Made base URL autodetection more robust; fixes some lighttpd issues
    (probably #1741469).
  - Encoded From headers are now properly quoted (#2830141).
  - Multibyte strings (notably subjects) are now handled correctly (#2824813,
    #2925731).
  - X-DNS-Prefetch-Control: off header is now sent to browsers to prevent
    information leakage when Firefox does DNS prefetching for URLs contained
    in emails.
  - Added unread links in message view.
  - Added the ability to configure Google Mail (Gmail) as the mail server
    behind SquirrelMail.
  - Added option in display preferences that allows the signature to be
    stripped from the original message when replying (#2952876).  Thanks to
    Sven Strickroth.
@
text
@d1 1
a1 1
$NetBSD: patch-ai,v 1.1 2009/10/04 01:27:15 taca Exp $
d6 1
a6 1
--- functions/mime.php.orig	2010-01-30 16:14:53.000000000 +0000
d8 1
a8 1
@@@@ -2564,6 +2564,10 @@@@ function SendDownloadHeaders($type0, $ty
d18 1
a18 1
         header ("Cache-Control: post-check=0, pre-check=0", false);
@


1.2.68.1
log
@Pullup ticket #5751 - requested by taca
mail/squirrelmail: security update

Revisions pulled up:
- mail/squirrelmail/Makefile                                    1.134
- mail/squirrelmail/distinfo                                    1.70
- mail/squirrelmail/patches/patch-ai                            1.3

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Mon Apr 30 07:56:55 UTC 2018

   Modified Files:
   	pkgsrc/mail/squirrelmail: Makefile distinfo
   	pkgsrc/mail/squirrelmail/patches: patch-ai

   Log Message:
   mail/squirrelmail: update to 1.4.23pre14764

   Fix CVE-2018-8741 and more.

     - Added ability (and user preference) to return to message list
       after moving a message
     - Search enhancement: Added ability to search in more than one
       header without having to search the body
     - Add ability for saved drafts to indicate if they are a reply and
       if so, to which message, and mark that message as replied when
       the draft is finally sent
     - Added option to allow returning to the message one had been
       replying to after sending
     - Sanitize user-supplied attachment filenames (thanks to Florian
       Grunow for reporting this issue) [CVE-2018-8741]
     - Allow users who cannot edit their email address but who have
       multiple identities to edit all their identities


   To generate a diff of this commit:
   cvs rdiff -u -r1.133 -r1.134 pkgsrc/mail/squirrelmail/Makefile
   cvs rdiff -u -r1.69 -r1.70 pkgsrc/mail/squirrelmail/distinfo
   cvs rdiff -u -r1.2 -r1.3 pkgsrc/mail/squirrelmail/patches/patch-ai
@
text
@d1 1
a1 1
$NetBSD$
d6 1
a6 1
--- functions/mime.php.orig	2018-01-16 23:36:07.000000000 +0000
d8 1
a8 1
@@@@ -2589,6 +2589,10 @@@@ function SendDownloadHeaders($type0, $ty
d18 1
a18 1
         // does nothing - see: https://blogs.msdn.microsoft.com/ieinternals/2009/07/20/internet-explorers-cache-control-extensions/
@


1.1
log
@Add two small fix:

* Use case ignore match for detecting encoded header.  This is
  language independent problem.
* Improve handling of file name of attachment in Japanese environment.

These fixes make squirrelmail usable after remove of japaneses patch.

Bump PKGREVISION.
@
text
@d1 1
a1 1
$NetBSD$
d6 1
a6 1
--- functions/mime.php.orig	2009-07-31 19:12:46.000000000 +0900
d8 1
a8 1
@@@@ -2563,6 +2563,10 @@@@ function SendDownloadHeaders($type0, $ty
@