head	1.2;
access;
symbols
	pkgsrc-2013Q2:1.2.0.34
	pkgsrc-2013Q2-base:1.2
	pkgsrc-2012Q4:1.2.0.32
	pkgsrc-2012Q4-base:1.2
	pkgsrc-2011Q4:1.2.0.30
	pkgsrc-2011Q4-base:1.2
	pkgsrc-2011Q2:1.2.0.28
	pkgsrc-2011Q2-base:1.2
	pkgsrc-2009Q4:1.2.0.26
	pkgsrc-2009Q4-base:1.2
	pkgsrc-2008Q4:1.2.0.24
	pkgsrc-2008Q4-base:1.2
	pkgsrc-2008Q3:1.2.0.22
	pkgsrc-2008Q3-base:1.2
	cube-native-xorg:1.2.0.20
	cube-native-xorg-base:1.2
	pkgsrc-2008Q2:1.2.0.18
	pkgsrc-2008Q2-base:1.2
	pkgsrc-2008Q1:1.2.0.16
	pkgsrc-2008Q1-base:1.2
	pkgsrc-2007Q4:1.2.0.14
	pkgsrc-2007Q4-base:1.2
	pkgsrc-2007Q3:1.2.0.12
	pkgsrc-2007Q3-base:1.2
	pkgsrc-2007Q2:1.2.0.10
	pkgsrc-2007Q2-base:1.2
	pkgsrc-2007Q1:1.2.0.8
	pkgsrc-2007Q1-base:1.2
	pkgsrc-2006Q4:1.2.0.6
	pkgsrc-2006Q4-base:1.2
	pkgsrc-2006Q3:1.2.0.4
	pkgsrc-2006Q3-base:1.2
	pkgsrc-2006Q2:1.2.0.2
	pkgsrc-2006Q2-base:1.2
	pkgsrc-2006Q1:1.1.0.6
	pkgsrc-2006Q1-base:1.1
	pkgsrc-2005Q4:1.1.0.4
	pkgsrc-2005Q4-base:1.1
	pkgsrc-2005Q3:1.1.0.2;
locks; strict;
comment	@# @;


1.2
date	2006.06.16.09.28.23;	author adrianp;	state dead;
branches;
next	1.1;

1.1
date	2005.10.12.16.32.26;	author ben;	state Exp;
branches
	1.1.2.1;
next	;

1.1.2.1
date	2005.10.12.16.32.26;	author salo;	state dead;
branches;
next	1.1.2.2;

1.1.2.2
date	2005.11.26.15.33.00;	author salo;	state Exp;
branches;
next	;


desc
@@


1.2
log
@Move www/horde3 to www/horde
@
text
@$NetBSD: patch-aa,v 1.1 2005/10/12 16:32:26 ben Exp $

--- lib/Horde/Auth/login.php.orig	2005-03-29 02:59:56.000000000 -0800
+++ lib/Horde/Auth/login.php
@@@@ -88,7 +88,7 @@@@ class Auth_login extends Auth {
             Horde::fatal(_("No password provided for Login authentication."), __FILE__, __LINE__);
         }
 
-        $proc = popen($this->_location . ' -c /bin/true ' . $userId, 'w');
+        $proc = popen($this->_location . ' ' . $userId . ' -c exit 0', 'w');
         if (!is_resource($proc)) {
             return false;
         }
@


1.1
log
@su-based authentication was OS-specific and broken on NetBSD.
Fix su-based authentication.  This addresses PR#31260.
@
text
@d1 1
a1 1
$NetBSD$
@


1.1.2.1
log
@file patch-aa was added on branch pkgsrc-2005Q3 on 2005-10-12 16:32:26 +0000
@
text
@d1 13
@


1.1.2.2
log
@Pullup ticket 930 - requested by Adrian Portelli
security fix for horde3

Revisions pulled up:
- pkgsrc/www/horde3/Makefile		1.11, 1.12
- pkgsrc/www/horde3/PLIST		1.5, 1.6
- pkgsrc/www/horde3/distinfo		1.5, 1.6, 1.7
- pkgsrc/www/horde3/patches/patch-aa	1.1

   Module Name:		pkgsrc
   Committed By:	ben
   Date:		Wed Oct 12 16:32:26 UTC 2005

   Modified Files:
   	pkgsrc/www/horde3: distinfo
   Added Files:
   	pkgsrc/www/horde3/patches: patch-aa

   Log Message:
   su-based authentication was OS-specific and broken on NetBSD.
   Fix su-based authentication.  This addresses PR#31260.
---
   Module Name:		pkgsrc
   Committed By:	adrianp
   Date:		Thu Oct 13 18:13:22 UTC 2005

   Modified Files:
   	pkgsrc/www/horde3: Makefile PLIST distinfo

   Log Message:
   Update to horde 3.0.5
   From the CHANGELOG:
   >  	------
   >   	v3.0.5
   >   	------
   >
   >   	[mms] Fix VFS's autocreatePath() for directory paths containing
   >          the root directory.
   >   	[jan] Fix cyrsql authentication driver with unixhierarchysep enabled
   >   	      (sgrondin@@csbf.qc.ca, Bug 2367).
   >   	[mms] Fix nested IMAP AND searches.
   >   	[mms] In sql VFS driver, allow the use of '/' at the beginning of
   >          a path to indicate the base directory.
   >   	[jan] Fix returning to last page after sending problem report (Bug
   >   	      2350).
   >   	[mms] Fix a bug that caused hook code to be run unnecessarily after
   >   	      a user is already logged in.
   >
   >
   >   	----------
   >   	v3.0.5-RC2
   >   	----------
   >
   >   	[cjh] Fix a far-reaching DataTree bug in loading parent ids (Bug
   >   	      2203).
   >
   >
   >   	----------
   >   	v3.0.5-RC1
   >   	----------
   >
   >   	[jan] Add Bosnian translation (Vedran Ljubovic
   >   	      <vljubovic@@smartnet.ba>).
   >   	[cjh] Let Horde_Tree handle all indent calculation based on
   >   	      parent/child relationships (Bug 2198).
   >   	[cjh] Add initial LDAP SessionHandler driver.
   >   	[cjh] Use row-level locking or transactions where possible to avoid
   >   	      session corruption in SessionHandler (Bug 1580).
   >   	[mms] Add the memcached SessionHandler:: driver (Rong-En Fan
   >   	      <rafan@@csie.org>).
   >   	[mms] Fix verification of MIME strings with escaped quotes (Bug 2168).
   >   	[jan] Fix generation of free periods in free/busy code with
   >   	      overlapping events.
   >   	[jan] Don't show Options button in problem reporting page.
   >   	[jan] Add Util::realPath() method.
   >   	[mas] Include version numbers for applications on Admin Setup screen.
   >   	      (Bug 1420)
   >   	[mas] Change IMAP Auth driver to use imap/notls by default in non-DSN
   >   	      mode to match DSN mode.
   >   	[mas] Add tls and self-signed certificate configuration options to
   >   	      IMAP Auth driver. (Bug 1357)
   >   	[cjh] Recognize Opera 8+ as providing advanced features (Bug 2066).
   >   	[cjh] Fix reading of binary files on Windows in VC_svn (Bug 2036).
   >   	[mas] Fix SQL 'LIKE' case-insensitive comparison. (Bug 2030)
   >   	[jan] Allow charset aware IMAP searches.
   >   	[jan] Fix Google search block for non-ascii characters (Bug 1329).
   >   	[jan] Add quick-install instructions.
   >   	[jan] Improve performance of several framework packages.
   >   	[mms] Fix MIME_Contents:: caching in PHP 5 (Bug 1410).
   >   	[jan] Fix VC SVN backend to support user names with spaces
   >   	      (shimmanning@@gmail.com, Bug 1919).
   >   	[cjh] Escape HTML in identity names (Bug 1910).
   >   	[mas] Use updated PostgreSQL function names.
   >   	[ben] Update application list in horde's LDAP schema
   >   	[cjh] Enforce maxlength restrictions in Horde_Form validation (Bug
   >   	      1895).
   >   	[jan] Disable weather.com Block if not configured.
   >   	[cjh] Include sourceroot in VC cache keys (Bug 1783).
   >   	[jan] Add SQL script and instructions for MSDE databases (Bugs 1862,
   >   	      1870, jeff@@image-src.com).
   >   	[jan] Allow portal blocks to be larger than two column/rows (Bugs
   >   	      1189, 1632).
   >   	[jan] Add SMTP authentication to problem reporting (Bug 1128).
   >   	[jan] Support help files in admin directory with translations.php
   >          (Bug 1344).
   >   	[jan] Fixed SQL binding for ODBC and MSSQL drivers (Bug 1816).
   >   	[jan] Add configuration option to set location of MIME magic database.
   >   	[mms] Make sure headers in a MIME_Part are encoded with the same
   >   	      character set used in that MIME_Part (Bug 1591).
   >   	[mms] Add List-Headers listed in RFC 2369 to the list of MIME Headers
   >   	      that can only appear once in a single header (Bug 1766).
   >   	[cjh] Fix typo in parsing of FREEBUSY data (Bug 1590).
   >   	[jan] Support SQLite and Oracle in all SQL backend configurations.
   >   	[cjh] Use bind variables in the Auth, VFS, and SessionHandler SQL
   >   	      drivers, and in scripts/remove_prefs.php (selsky@@columbia.edu,
   >          Bugs 1665, 1666, 1667, 1668, 1677).
   >   	[cjh] session_set_cookie_params() expects a relative timeout;
   >   	      setcookie wants absolute. Go back to a configinteger for
   >   	      $conf['session']['timeout'] and add time() to that value in
   >          setcookie() calls (Bugs 1302, 1658).
   >   	      THIS MAY BREAK CONFIGURATIONS SET TO USE PHP CODE. MAKE SURE TO
   >   	      UPDATE YOUR $conf['session']['timeout'] SETTING AFTER UPGRADING.
   >   	[cjh] Use bind variables in the Prefs and Token SQL drivers
   >   	      (selsky@@columbia.edu, Bugs 1652, 1653).
   >   	[mms] Prune expanded folders that no longer exist in IMAP_Tree
   >          (Bug 1517).
   >   	[cjh] Don't try to compress output if ZPS compression is on (Bug
   >   	      1626).
   >   	[cjh] If an app only has one prefGroup, always show that prefGroup
   >   	      instead of showing an overview screen with only one entry.
---
   Module Name:		pkgsrc
   Committed By:	adrianp
   Date:		Fri Nov 25 20:59:16 UTC 2005

   Modified Files:
   	pkgsrc/www/horde3: Makefile PLIST distinfo

   Log Message:
   Update to horde 3.0.7
   From the CHANGES:
   > Major changes compared to the Horde version 3.0.5 are:
   >     * Fixed sidebar menu layout with Opera browsers.
   >     * Fixed calendar popup with Safari browsers.
   >     * Fixed blank screens with Internet Explorer browsers after logins.
   >     * Fixed warnings with PHP 4.4.0 and 5.0.5.
   >     * Added ability to enable and disable IMSP globally.
   >     * Fixed URL generation with some PHP CGI setups.
   >     * Fixed sharing with groups if using group hooks.
   >     * Updated Finnish, French, German, Hungarian, Korean, Polish, Slovak,
   >       Turkish, and Traditional Chinese translations.
   >     * Minor improvements and bug fixes.
   >
   > Major changes compared to the Horde version 3.0.6 are:
   >     * Fixed cross site scripting vulnerabilities in the gzip/tar and css
   >     MIME
   >       viewers.
   >     * Fixed MySQL session handler.
@
text
@a0 13
$NetBSD: patch-aa,v 1.1.2.1 2005/11/26 15:33:00 salo Exp $

--- lib/Horde/Auth/login.php.orig	2005-03-29 02:59:56.000000000 -0800
+++ lib/Horde/Auth/login.php
@@@@ -88,7 +88,7 @@@@ class Auth_login extends Auth {
             Horde::fatal(_("No password provided for Login authentication."), __FILE__, __LINE__);
         }
 
-        $proc = popen($this->_location . ' -c /bin/true ' . $userId, 'w');
+        $proc = popen($this->_location . ' ' . $userId . ' -c exit 0', 'w');
         if (!is_resource($proc)) {
             return false;
         }
@