summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Huddleston <eradicator@gentoo.org>2007-05-21 17:11:33 +0000
committerJeremy Huddleston <eradicator@gentoo.org>2007-05-21 17:11:33 +0000
commit551ab111491f711a527637bd6137a23357f6daa9 (patch)
tree756715a14465715b488813f1a660b40430072a2b /mail-client/squirrelmail
parentStable for HPPA (bug #178510). (diff)
downloadhistorical-551ab111491f711a527637bd6137a23357f6daa9.tar.gz
historical-551ab111491f711a527637bd6137a23357f6daa9.tar.bz2
historical-551ab111491f711a527637bd6137a23357f6daa9.zip
Added patches to fix CVE-2006-4019, and CVE-2006-6142 in 1.5.1. Removed unused patches.
Package-Manager: portage-2.1.2.7
Diffstat (limited to 'mail-client/squirrelmail')
-rw-r--r--mail-client/squirrelmail/ChangeLog16
-rw-r--r--mail-client/squirrelmail/Manifest66
-rw-r--r--mail-client/squirrelmail/files/digest-squirrelmail-1.5.1-r4 (renamed from mail-client/squirrelmail/files/digest-squirrelmail-1.5.1-r3)0
-rw-r--r--mail-client/squirrelmail/files/sec-135921.patch75
-rw-r--r--mail-client/squirrelmail/files/squirrelmail-1.5.1-CVE-2006-4019.patch133
-rw-r--r--mail-client/squirrelmail/files/squirrelmail-1.5.1-CVE-2006-6142-draft_composesess.patch25
-rw-r--r--mail-client/squirrelmail/files/squirrelmail-1.5.1-CVE-2006-6142-mailto.patch157
-rw-r--r--mail-client/squirrelmail/files/squirrelmail-1.5.1-CVE-2006-6142-mime.patch145
-rw-r--r--mail-client/squirrelmail/files/squirrelmail-1.5.1-CVE-2007-1262.patch339
-rw-r--r--mail-client/squirrelmail/files/squirrelmail-1.5.1-ie-mime.patch33
-rw-r--r--mail-client/squirrelmail/files/squirrelmail-fortune.patch12
-rw-r--r--mail-client/squirrelmail/squirrelmail-1.5.1-r4.ebuild (renamed from mail-client/squirrelmail/squirrelmail-1.5.1-r3.ebuild)7
12 files changed, 762 insertions, 246 deletions
diff --git a/mail-client/squirrelmail/ChangeLog b/mail-client/squirrelmail/ChangeLog
index 35a64675270f..c10a8ce68e70 100644
--- a/mail-client/squirrelmail/ChangeLog
+++ b/mail-client/squirrelmail/ChangeLog
@@ -1,6 +1,20 @@
# ChangeLog for mail-client/squirrelmail
# Copyright 2002-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/mail-client/squirrelmail/ChangeLog,v 1.90 2007/05/21 14:20:25 gustavoz Exp $
+# $Header: /var/cvsroot/gentoo-x86/mail-client/squirrelmail/ChangeLog,v 1.91 2007/05/21 17:11:33 eradicator Exp $
+
+*squirrelmail-1.5.1-r4 (21 May 2007)
+
+ 21 May 2007; Jeremy Huddleston <eradicator@gentoo.org>
+ +files/squirrelmail-1.5.1-CVE-2006-4019.patch,
+ +files/squirrelmail-1.5.1-CVE-2006-6142-draft_composesess.patch,
+ +files/squirrelmail-1.5.1-CVE-2006-6142-mailto.patch,
+ +files/squirrelmail-1.5.1-CVE-2006-6142-mime.patch,
+ files/squirrelmail-1.5.1-CVE-2007-1262.patch,
+ +files/squirrelmail-1.5.1-ie-mime.patch, -files/sec-135921.patch,
+ -files/squirrelmail-fortune.patch, -squirrelmail-1.5.1-r3.ebuild,
+ +squirrelmail-1.5.1-r4.ebuild:
+ Added patches to fix CVE-2006-4019, and CVE-2006-6142 in 1.5.1. Removed
+ unused patches.
21 May 2007; Gustavo Zacarias <gustavoz@gentoo.org>
squirrelmail-1.4.10a.ebuild:
diff --git a/mail-client/squirrelmail/Manifest b/mail-client/squirrelmail/Manifest
index bdd3d5399c0d..b7eafd566448 100644
--- a/mail-client/squirrelmail/Manifest
+++ b/mail-client/squirrelmail/Manifest
@@ -9,18 +9,30 @@ AUX postinstall-en.txt 698 RMD160 7f3b2cfad0cb7c0eef53ecd7ecb49553217d55e7 SHA1
MD5 a34a9335bafb3173bb60b373caae8c4e files/postinstall-en.txt 698
RMD160 7f3b2cfad0cb7c0eef53ecd7ecb49553217d55e7 files/postinstall-en.txt 698
SHA256 4e3702651bb5cce4cc517a2b2bed3e71b137167645138bc72c0cedab4ba98da3 files/postinstall-en.txt 698
-AUX sec-135921.patch 2287 RMD160 b90ebe24d3b8f77d1ab244ebf14d12004dd5ed0e SHA1 cd60530a02c0578cc754fdb07249f9ceed4b106f SHA256 baa4e5cfd98a3f8fdca004bf8047a74683d7ad82633ec5db9286ad70618c0495
-MD5 e01e8ed3e8c082d60cdd150113f18c18 files/sec-135921.patch 2287
-RMD160 b90ebe24d3b8f77d1ab244ebf14d12004dd5ed0e files/sec-135921.patch 2287
-SHA256 baa4e5cfd98a3f8fdca004bf8047a74683d7ad82633ec5db9286ad70618c0495 files/sec-135921.patch 2287
-AUX squirrelmail-1.5.1-CVE-2007-1262.patch 14709 RMD160 ead4b3905731383df96f6ae5e9eb3e649bd92437 SHA1 8ee95430f7b68c6735a80d846ecaeb80fd7bf3a6 SHA256 f48e5ee81a4b79e83fd5e64c7fff960dc8f857e1fc34eb80b12eb0b1856e3c56
-MD5 a92526aa129e71344696cc5763a00d54 files/squirrelmail-1.5.1-CVE-2007-1262.patch 14709
-RMD160 ead4b3905731383df96f6ae5e9eb3e649bd92437 files/squirrelmail-1.5.1-CVE-2007-1262.patch 14709
-SHA256 f48e5ee81a4b79e83fd5e64c7fff960dc8f857e1fc34eb80b12eb0b1856e3c56 files/squirrelmail-1.5.1-CVE-2007-1262.patch 14709
-AUX squirrelmail-fortune.patch 603 RMD160 4460fc314974b4c4691b69231ccfb51d8fbfe896 SHA1 5e1280b2b991c4a7107409104af646883dde742b SHA256 4346a850d4972a54d642c8a91e331110b063eb3eb363cd904a6573c2f6e9b16e
-MD5 ebb6924dba63e16023a37f0f4f5563e8 files/squirrelmail-fortune.patch 603
-RMD160 4460fc314974b4c4691b69231ccfb51d8fbfe896 files/squirrelmail-fortune.patch 603
-SHA256 4346a850d4972a54d642c8a91e331110b063eb3eb363cd904a6573c2f6e9b16e files/squirrelmail-fortune.patch 603
+AUX squirrelmail-1.5.1-CVE-2006-4019.patch 5700 RMD160 df10659c55104f8fe55cd95bcd8abd23dac35975 SHA1 c7690f5d73e9ae09eb2d6318fe592f09ee1c305d SHA256 aac26b5776eeca4b51145d77457846c868d6a1c7fabdea911c2644e04f0be764
+MD5 044493f5f2a050a50fbc6ee80c584014 files/squirrelmail-1.5.1-CVE-2006-4019.patch 5700
+RMD160 df10659c55104f8fe55cd95bcd8abd23dac35975 files/squirrelmail-1.5.1-CVE-2006-4019.patch 5700
+SHA256 aac26b5776eeca4b51145d77457846c868d6a1c7fabdea911c2644e04f0be764 files/squirrelmail-1.5.1-CVE-2006-4019.patch 5700
+AUX squirrelmail-1.5.1-CVE-2006-6142-draft_composesess.patch 958 RMD160 6288a1d80179dbdac203d1124ab250b1734d4442 SHA1 740114fd509c286a128696fd36a6e418030a9bc5 SHA256 c68d8ca47259b1a50bf5a3a07949e87141412026f74f7e1d27ca1665efc45b88
+MD5 97f613d61fd5c729357461dd9d99cef5 files/squirrelmail-1.5.1-CVE-2006-6142-draft_composesess.patch 958
+RMD160 6288a1d80179dbdac203d1124ab250b1734d4442 files/squirrelmail-1.5.1-CVE-2006-6142-draft_composesess.patch 958
+SHA256 c68d8ca47259b1a50bf5a3a07949e87141412026f74f7e1d27ca1665efc45b88 files/squirrelmail-1.5.1-CVE-2006-6142-draft_composesess.patch 958
+AUX squirrelmail-1.5.1-CVE-2006-6142-mailto.patch 5995 RMD160 a09d7c2e4f7e1f39902dbc940a485de2f39dc628 SHA1 8384078f17a17a86319205b7b1a183a4858ef810 SHA256 699277c6940c416a00ee0c8842ea48511d09ef5f6cb1186212d9655c44022045
+MD5 6e922db2727ea8d8a572a28fc5a960ce files/squirrelmail-1.5.1-CVE-2006-6142-mailto.patch 5995
+RMD160 a09d7c2e4f7e1f39902dbc940a485de2f39dc628 files/squirrelmail-1.5.1-CVE-2006-6142-mailto.patch 5995
+SHA256 699277c6940c416a00ee0c8842ea48511d09ef5f6cb1186212d9655c44022045 files/squirrelmail-1.5.1-CVE-2006-6142-mailto.patch 5995
+AUX squirrelmail-1.5.1-CVE-2006-6142-mime.patch 8303 RMD160 148329799b4bd20c06cf6fcd00003b3a107c1991 SHA1 d3a2f94ee20ea52ed3063af496adb7db7d04ce70 SHA256 c63f8efc2da9877f8140e9aef71417b76207678b04152bd85bf41400aeb37700
+MD5 6943020b95f363f0133e23b34cc626e7 files/squirrelmail-1.5.1-CVE-2006-6142-mime.patch 8303
+RMD160 148329799b4bd20c06cf6fcd00003b3a107c1991 files/squirrelmail-1.5.1-CVE-2006-6142-mime.patch 8303
+SHA256 c63f8efc2da9877f8140e9aef71417b76207678b04152bd85bf41400aeb37700 files/squirrelmail-1.5.1-CVE-2006-6142-mime.patch 8303
+AUX squirrelmail-1.5.1-CVE-2007-1262.patch 22044 RMD160 8928a6a3e6faa94c221c660667a31a5af15e4191 SHA1 4ac6c5bdeea499c141f3affd1a38987d244b3252 SHA256 cb5982199e420960504d20625cdbb569ca7877c8aabe61e3334b3d19ccc90ccb
+MD5 7df015f12263bbcb4f613a283a0e082b files/squirrelmail-1.5.1-CVE-2007-1262.patch 22044
+RMD160 8928a6a3e6faa94c221c660667a31a5af15e4191 files/squirrelmail-1.5.1-CVE-2007-1262.patch 22044
+SHA256 cb5982199e420960504d20625cdbb569ca7877c8aabe61e3334b3d19ccc90ccb files/squirrelmail-1.5.1-CVE-2007-1262.patch 22044
+AUX squirrelmail-1.5.1-ie-mime.patch 1832 RMD160 01ecbf3469c85704c4a6ea97eb938515b73d419e SHA1 f8d46fa43280b421521fde1e29108211a1eb2bd4 SHA256 cca4c684692dbf64f38afcfaabb0568a557f773eb7f52fc5f06a59d17722fa11
+MD5 e405abf322f5d038f26517f00b7e9d9d files/squirrelmail-1.5.1-ie-mime.patch 1832
+RMD160 01ecbf3469c85704c4a6ea97eb938515b73d419e files/squirrelmail-1.5.1-ie-mime.patch 1832
+SHA256 cca4c684692dbf64f38afcfaabb0568a557f773eb7f52fc5f06a59d17722fa11 files/squirrelmail-1.5.1-ie-mime.patch 1832
DIST admin_add.0.1-1.4.0.tar.gz 2388 RMD160 6847934c59ae73119a796c6fef251de26a2ea531 SHA1 9265289ac5b67549590e82d10560d05295a8a5e6 SHA256 25ec999eea098a509f7d49cfe368b0557b64c698f86b2a2c951617f67735dabc
DIST all_locales-1.4.6-20060221.tar.bz2 2448102 RMD160 c108485b090ffc8ea96b1384c9cf588adade7ed2 SHA1 110dbcd216005138fd8415b569b5b93fb929977e SHA256 e29b017deb84e7a3656ed846b2387911e4c7275e88fd3d6761528dbaa7510ac4
DIST all_locales-1.4.9-20070106.tar.bz2 2699569 RMD160 9da0e3df1bc5a89b861f7dd9ac244a3885a45417 SHA1 d187a9b77384b398a0945f51aaaf248379fdfa15 SHA256 04ad3e37042deb8c5668946c3364cd53d9c30b2486f24deee4d71c05fa584423
@@ -48,18 +60,18 @@ EBUILD squirrelmail-1.4.9a.ebuild 5657 RMD160 9524cfd50003a5a8188dd1621f6c5df900
MD5 60ef86523471f440ba97a9d75ec30ca8 squirrelmail-1.4.9a.ebuild 5657
RMD160 9524cfd50003a5a8188dd1621f6c5df9009d436a squirrelmail-1.4.9a.ebuild 5657
SHA256 a13a9a4a0fe36f7abe3dba5f978deecbbe48994aee31c18ae35e20d692b98938 squirrelmail-1.4.9a.ebuild 5657
-EBUILD squirrelmail-1.5.1-r3.ebuild 4999 RMD160 e5f23f37efd3fcb4564866e28405f5b0cadcaa40 SHA1 efa418bbcc179acb009241bffdadcef08b9405c6 SHA256 7f08c2c0823cdcdc8d21aa7693a3e868af7613c25732c0d360a1d28af46a3a68
-MD5 d564fe156e8d84c90d3c3a54e6941771 squirrelmail-1.5.1-r3.ebuild 4999
-RMD160 e5f23f37efd3fcb4564866e28405f5b0cadcaa40 squirrelmail-1.5.1-r3.ebuild 4999
-SHA256 7f08c2c0823cdcdc8d21aa7693a3e868af7613c25732c0d360a1d28af46a3a68 squirrelmail-1.5.1-r3.ebuild 4999
+EBUILD squirrelmail-1.5.1-r4.ebuild 5318 RMD160 a3ce2676038546f8eb8cab812206970bf6b0af4d SHA1 f7d1f80fec4218223da1488cd11dce50835f3531 SHA256 7f5783d42dc9ca0240777163cba6cf2ba0f1db145c525043e558146341609b48
+MD5 bdd263330f503464fabd22d3e9589493 squirrelmail-1.5.1-r4.ebuild 5318
+RMD160 a3ce2676038546f8eb8cab812206970bf6b0af4d squirrelmail-1.5.1-r4.ebuild 5318
+SHA256 7f5783d42dc9ca0240777163cba6cf2ba0f1db145c525043e558146341609b48 squirrelmail-1.5.1-r4.ebuild 5318
EBUILD squirrelmail-1.5.2_pre20070519.ebuild 5178 RMD160 e132f0e97825d9cd30db7b0e5287474f4026a5ef SHA1 c1318c71c6f96d4f19572cd3af13eecc21d9edab SHA256 008acc03014204b32391f2bc6dec43a7d98652af03640a0282751080499af223
MD5 e27cd885e1082dac053e91f78d16d944 squirrelmail-1.5.2_pre20070519.ebuild 5178
RMD160 e132f0e97825d9cd30db7b0e5287474f4026a5ef squirrelmail-1.5.2_pre20070519.ebuild 5178
SHA256 008acc03014204b32391f2bc6dec43a7d98652af03640a0282751080499af223 squirrelmail-1.5.2_pre20070519.ebuild 5178
-MISC ChangeLog 21564 RMD160 0e1025c1f1db1664e4bc4cac2102a40b7696b5fb SHA1 7999f0f7ed32c3123c7c13d67027298681589213 SHA256 378402899a93f733fe36ff463e9f25b48ec89176a24268893f8901fbb879bbcb
-MD5 7aaa11dc96993e04a366c552cde0c708 ChangeLog 21564
-RMD160 0e1025c1f1db1664e4bc4cac2102a40b7696b5fb ChangeLog 21564
-SHA256 378402899a93f733fe36ff463e9f25b48ec89176a24268893f8901fbb879bbcb ChangeLog 21564
+MISC ChangeLog 22197 RMD160 2afe82b50c53816450fcc0892167c5947073d8b4 SHA1 1428c53036555b113ea5184c6949d6438c89c9f5 SHA256 9450545251adea221ed73d3d5751d359e491fe0faa7e66e51f09703bfcb8661b
+MD5 e12ef43205b6affb1a76907ba4db4ce1 ChangeLog 22197
+RMD160 2afe82b50c53816450fcc0892167c5947073d8b4 ChangeLog 22197
+SHA256 9450545251adea221ed73d3d5751d359e491fe0faa7e66e51f09703bfcb8661b ChangeLog 22197
MISC metadata.xml 258 RMD160 d2eb817fc980ecb7e48b90373e39e38538ddc060 SHA1 f969f9d21f42c6347a0509bacb7382b390c10ce8 SHA256 0c209e720f028e6e9b098d29eab884753668aea3f47b56e44f3271ae60750680
MD5 08cd5d6f4b8f101029a526ea0a1ea4b1 metadata.xml 258
RMD160 d2eb817fc980ecb7e48b90373e39e38538ddc060 metadata.xml 258
@@ -70,16 +82,16 @@ SHA256 8903858a6e5dc2522f4bd4d9769dac4412a5938fed66610240c4461574922928 files/di
MD5 0a245d03153b9d61f17427139850a3b7 files/digest-squirrelmail-1.4.9a 2623
RMD160 457b92c1498043a6e5078d5b8d43476165d7ba38 files/digest-squirrelmail-1.4.9a 2623
SHA256 4f1c5e04d586f00a6cc29774d36a9e32071ad517bebf58fe056d36a45642be98 files/digest-squirrelmail-1.4.9a 2623
-MD5 df34174cb0da3049a1a8f4097e868a97 files/digest-squirrelmail-1.5.1-r3 2638
-RMD160 54e2603d572f3edbe6cf18c6dfea5d5227e17474 files/digest-squirrelmail-1.5.1-r3 2638
-SHA256 674d0cca4250cd9f2ebe3f41e6627010dbe15ff8bf309edbf8bd10a743795a98 files/digest-squirrelmail-1.5.1-r3 2638
+MD5 df34174cb0da3049a1a8f4097e868a97 files/digest-squirrelmail-1.5.1-r4 2638
+RMD160 54e2603d572f3edbe6cf18c6dfea5d5227e17474 files/digest-squirrelmail-1.5.1-r4 2638
+SHA256 674d0cca4250cd9f2ebe3f41e6627010dbe15ff8bf309edbf8bd10a743795a98 files/digest-squirrelmail-1.5.1-r4 2638
MD5 613231a5d2addd48fd1b86ba60276459 files/digest-squirrelmail-1.5.2_pre20070519 2695
RMD160 ae0bff506433b0da556e6f088731fea2344ec619 files/digest-squirrelmail-1.5.2_pre20070519 2695
SHA256 00865bdc288e761087da4ddff9866eef86a0118538987b96799da79c7386bc7f files/digest-squirrelmail-1.5.2_pre20070519 2695
-----BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.7-ecc0.1.6 (GNU/Linux)
+Version: GnuPG v2.0.4 (GNU/Linux)
-iD8DBQFGUaquKRy60XGEcJIRAvXUAJ0QKRvgapiNU38zKeAU89s8KJD6jgCdG22t
-q0QAzaCVlUnkX16X9eXuj8Q=
-=K+W7
+iD8DBQFGUdLWjC1Anjf1NmMRAkgpAJ9Hla/n44xuRGUJxdS96+R8c4rIpQCeOPct
+JzbAnUq5vxDdzZpbk0HaEXo=
+=VcWD
-----END PGP SIGNATURE-----
diff --git a/mail-client/squirrelmail/files/digest-squirrelmail-1.5.1-r3 b/mail-client/squirrelmail/files/digest-squirrelmail-1.5.1-r4
index a508701ccbf1..a508701ccbf1 100644
--- a/mail-client/squirrelmail/files/digest-squirrelmail-1.5.1-r3
+++ b/mail-client/squirrelmail/files/digest-squirrelmail-1.5.1-r4
diff --git a/mail-client/squirrelmail/files/sec-135921.patch b/mail-client/squirrelmail/files/sec-135921.patch
deleted file mode 100644
index 88c4387c28b8..000000000000
--- a/mail-client/squirrelmail/files/sec-135921.patch
+++ /dev/null
@@ -1,75 +0,0 @@
---- functions/global.php 2006-02-03 14:27:47.000000000 -0800
-+++ functions/global.php.new 2006-06-13 12:28:12.000000000 -0700
-@@ -3,14 +3,13 @@
- /**
- * global.php
- *
-- * Copyright (c) 1999-2006 The SquirrelMail Project Team
-- * Licensed under the GNU GPL. For full terms see the file COPYING.
-- *
- * This includes code to update < 4.1.0 globals to the newer format
- * It also has some session register functions that work across various
- * php versions.
- *
-- * @version $Id: global.php,v 1.27.2.15 2006/02/03 22:27:47 jervfors Exp $
-+ * @copyright &copy; 1999-2006 The SquirrelMail Project Team
-+ * @license http://opensource.org/licenses/gpl-license.php GNU Public License
-+ * @version $Id: global.php,v 1.27.2.17 2006/06/02 02:52:15 jangliss Exp $
- * @package squirrelmail
- */
-
-@@ -62,6 +61,47 @@
- sqstripslashes($_POST);
- }
-
-+/**
-+ * If register_globals are on, unregister globals.
-+ * Code requires PHP 4.1.0 or newer.
-+ * Second test covers boolean set as string (php_value register_globals off).
-+ */
-+if ((bool) @ini_get('register_globals') &&
-+ strtolower(ini_get('register_globals'))!='off') {
-+ /**
-+ * Remove all globals from $_GET, $_POST, and $_COOKIE.
-+ */
-+ foreach ($_REQUEST as $key => $value) {
-+ unset($GLOBALS[$key]);
-+ }
-+ /**
-+ * Remove globalized $_FILES variables
-+ * Before 4.3.0 $_FILES are included in $_REQUEST.
-+ * Unglobalize them in separate call in order to remove dependency
-+ * on PHP version.
-+ */
-+ foreach ($_FILES as $key => $value) {
-+ unset($GLOBALS[$key]);
-+ // there are three undocumented $_FILES globals.
-+ unset($GLOBALS[$key.'_type']);
-+ unset($GLOBALS[$key.'_name']);
-+ unset($GLOBALS[$key.'_size']);
-+ }
-+ /**
-+ * Remove globalized environment variables.
-+ */
-+ foreach ($_ENV as $key => $value) {
-+ unset($GLOBALS[$key]);
-+ }
-+ /**
-+ * Remove globalized server variables.
-+ */
-+ foreach ($_SERVER as $key => $value) {
-+ unset($GLOBALS[$key]);
-+ }
-+}
-+
-+
- /* strip any tags added to the url from PHP_SELF.
- This fixes hand crafted url XXS expoits for any
- page that uses PHP_SELF as the FORM action */
-@@ -336,4 +376,4 @@
- }
-
- // vim: et ts=4
--?>
-\ No newline at end of file
-+?>
diff --git a/mail-client/squirrelmail/files/squirrelmail-1.5.1-CVE-2006-4019.patch b/mail-client/squirrelmail/files/squirrelmail-1.5.1-CVE-2006-4019.patch
new file mode 100644
index 000000000000..c944bf30a1a0
--- /dev/null
+++ b/mail-client/squirrelmail/files/squirrelmail-1.5.1-CVE-2006-4019.patch
@@ -0,0 +1,133 @@
+diff -Naurp squirrelmail-1.5.1.orig/functions/auth.php squirrelmail-1.5.1/functions/auth.php
+--- squirrelmail-1.5.1.orig/functions/auth.php 2006-01-23 10:39:32.000000000 -0800
++++ squirrelmail-1.5.1/functions/auth.php 2007-05-21 09:09:30.000000000 -0700
+@@ -59,6 +59,8 @@ function is_logged_in() {
+ sqsession_register($session_expired_location,'session_expired_location');
+ }
+
++ session_write_close();
++
+ // signout page will deal with users who aren't logged
+ // in on its own; don't show error here
+ //
+@@ -330,4 +332,4 @@ function get_smtp_user(&$user, &$pass) {
+ }
+ }
+
+-?>
+\ No newline at end of file
++?>
+diff -Naurp squirrelmail-1.5.1.orig/src/compose.php squirrelmail-1.5.1/src/compose.php
+--- squirrelmail-1.5.1.orig/src/compose.php 2006-02-11 07:14:31.000000000 -0800
++++ squirrelmail-1.5.1/src/compose.php 2007-05-21 09:02:11.000000000 -0700
+@@ -299,13 +299,19 @@ if (sqsession_is_registered('session_exp
+ sqsession_unregister('session_expired_post');
+ session_write_close();
+ } else {
+- foreach ($session_expired_post as $postvar => $val) {
+- if (isset($val)) {
+- $$postvar = $val;
+- } else {
+- $$postvar = '';
++ // these are the vars that we can set from the expired composed session
++ $compo_var_list = array ( 'send_to', 'send_to_cc','body','startMessage',
++ 'passed_body','use_signature','signature','attachments','subject','newmail',
++ 'send_to_bcc', 'passed_id', 'mailbox', 'from_htmladdr_search', 'identity',
++ 'draft_id', 'delete_draft', 'mailprio', 'edit_as_new', 'compose_messsages',
++ 'composesession', 'request_mdn', 'request_dr');
++
++ foreach ($compo_var_list as $var) {
++ if ( isset($session_expired_post[$var]) && !isset($$var) ) {
++ $$var = $session_expired_post[$var];
+ }
+ }
++
+ $compose_messages = unserialize(urldecode($restoremessages));
+ sqsession_register($compose_messages,'compose_messages');
+ sqsession_register($composesession,'composesession');
+diff -Naurp squirrelmail-1.5.1.orig/src/login.php squirrelmail-1.5.1/src/login.php
+--- squirrelmail-1.5.1.orig/src/login.php 2006-02-12 01:03:11.000000000 -0800
++++ squirrelmail-1.5.1/src/login.php 2007-05-21 09:11:11.000000000 -0700
+@@ -44,12 +44,24 @@ if (!function_exists('sqm_baseuri')){
+ }
+ $base_uri = sqm_baseuri();
+
+-/*
++/**
+ * In case the last session was not terminated properly, make sure
+- * we get a new one.
++ * we get a new one, but make sure we preserve session_expired_*
+ */
+
+-sqsession_destroy();
++if ( !empty($_SESSION['session_expired_post']) && !empty($_SESSION['session_expired_location']) ) {
++ $sep = $_SESSION['session_expired_post'];
++ $sel = $_SESSION['session_expired_location'];
++
++ sqsession_destroy();
++
++ sqsession_is_active();
++ sqsession_register($sep, 'session_expired_post');
++ sqsession_register($sel, 'session_expired_location');
++} else {
++ sqsession_destroy();
++}
++
+ /**
+ * PHP bug. http://bugs.php.net/11643 (warning, spammed bug tracker) and
+ * http://bugs.php.net/13834
+@@ -195,4 +207,4 @@ $oTemplate->assign('password_field', $pa
+ $oTemplate->assign('submit_field', addSubmit(_("Login")));
+
+ $oTemplate->display('login.tpl');
+-?>
+\ No newline at end of file
++?>
+diff -Naurp squirrelmail-1.5.1.orig/src/redirect.php squirrelmail-1.5.1/src/redirect.php
+--- squirrelmail-1.5.1.orig/src/redirect.php 2006-02-07 23:58:18.000000000 -0800
++++ squirrelmail-1.5.1/src/redirect.php 2007-05-21 09:12:45.000000000 -0700
+@@ -140,13 +140,17 @@ $redirect_url = $location . '/webmail.ph
+
+ if ( sqgetGlobalVar('session_expired_location', $session_expired_location, SQ_SESSION) ) {
+ sqsession_unregister('session_expired_location');
+- $compose_new_win = getPref($data_dir, $username, 'compose_new_win', 0);
+- if ($compose_new_win) {
+- // do not prefix $location here because $session_expired_location is set to PHP_SELF
+- // of the last page
+- $redirect_url = $session_expired_location;
+- } elseif ( strpos($session_expired_location, 'webmail.php') === FALSE ) {
+- $redirect_url = $location.'/webmail.php?right_frame='.urldecode($session_expired_location);
++ if ( strpos($session_expired_location, 'compose.php') !== FALSE ) {
++ $compose_new_win = getPref($data_dir, $username, 'compose_new_win', 0);
++ if ($compose_new_win) {
++ // do not prefix $location here because $session_expired_location is set to PHP_SELF
++ // of the last page
++ $redirect_url = $session_expired_location;
++ } elseif ( strpos($session_expired_location, 'webmail.php') === FALSE ) {
++ $redirect_url = 'webmail.php?right_frame=compose.php';
++ }
++ } else {
++ $redirect_url = 'webmail.php?right_frame=' . urldecode($session_expired_location);
+ }
+ unset($session_expired_location);
+ }
+@@ -187,4 +191,4 @@ function attachment_common_parse($str, $
+ sqsession_register($attachment_common_types, 'attachment_common_types');
+ }
+
+-?>
+\ No newline at end of file
++?>
+diff -Naurp squirrelmail-1.5.1.orig/src/webmail.php squirrelmail-1.5.1/src/webmail.php
+--- squirrelmail-1.5.1.orig/src/webmail.php 2006-02-13 10:20:06.000000000 -0800
++++ squirrelmail-1.5.1/src/webmail.php 2007-05-21 09:13:29.000000000 -0700
+@@ -54,9 +54,6 @@ if (!sqgetGlobalVar('mailbox', $mailbox)
+
+ sqgetGlobalVar('right_frame', $right_frame, SQ_GET);
+
+-if ( isset($_SESSION['session_expired_post']) ) {
+- sqsession_unregister('session_expired_post');
+-}
+ if(!sqgetGlobalVar('mailto', $mailto)) {
+ $mailto = '';
+ }
diff --git a/mail-client/squirrelmail/files/squirrelmail-1.5.1-CVE-2006-6142-draft_composesess.patch b/mail-client/squirrelmail/files/squirrelmail-1.5.1-CVE-2006-6142-draft_composesess.patch
new file mode 100644
index 000000000000..096aa202f251
--- /dev/null
+++ b/mail-client/squirrelmail/files/squirrelmail-1.5.1-CVE-2006-6142-draft_composesess.patch
@@ -0,0 +1,25 @@
+diff -Naurp squirrelmail-1.5.1.orig/src/compose.php squirrelmail-1.5.1/src/compose.php
+--- squirrelmail-1.5.1.orig/src/compose.php 2007-05-21 09:54:44.000000000 -0700
++++ squirrelmail-1.5.1/src/compose.php 2007-05-21 09:55:35.000000000 -0700
+@@ -80,7 +80,11 @@ sqgetGlobalVar('draft',$draft);
+ sqgetGlobalVar('draft_id',$draft_id);
+ sqgetGlobalVar('ent_num',$ent_num);
+ sqgetGlobalVar('saved_draft',$saved_draft);
+-sqgetGlobalVar('delete_draft',$delete_draft);
++
++if ( sqgetGlobalVar('delete_draft',$delete_draft) ) {
++ $delete_draft = (int)$delete_draft;
++}
++
+ if ( sqgetGlobalVar('startMessage',$startMessage) ) {
+ $startMessage = (int)$startMessage;
+ } else {
+@@ -343,6 +347,8 @@ if (sqsession_is_registered('session_exp
+ if (!isset($composesession)) {
+ $composesession = 0;
+ sqsession_register(0,'composesession');
++} else {
++ $composesession = (int)$composesession;
+ }
+
+ if (!isset($session) || (isset($newmessage) && $newmessage)) {
diff --git a/mail-client/squirrelmail/files/squirrelmail-1.5.1-CVE-2006-6142-mailto.patch b/mail-client/squirrelmail/files/squirrelmail-1.5.1-CVE-2006-6142-mailto.patch
new file mode 100644
index 000000000000..a9ff6dced42c
--- /dev/null
+++ b/mail-client/squirrelmail/files/squirrelmail-1.5.1-CVE-2006-6142-mailto.patch
@@ -0,0 +1,157 @@
+diff -Naurp squirrelmail-1.5.1.orig/src/compose.php squirrelmail-1.5.1/src/compose.php
+--- squirrelmail-1.5.1.orig/src/compose.php 2007-05-21 09:14:13.000000000 -0700
++++ squirrelmail-1.5.1/src/compose.php 2007-05-21 09:20:16.000000000 -0700
+@@ -120,6 +120,25 @@ if ( !sqgetGlobalVar('smaction',$action)
+ if ( sqgetGlobalVar('smaction_edit_new',$tmp) ) $action = 'edit_as_new';
+ }
+
++/**
++ * Here we decode the data passed in from mailto.php.
++ */
++if ( sqgetGlobalVar('mailtodata', $mailtodata, SQ_GET) ) {
++ $trtable = array('to' => 'send_to',
++ 'cc' => 'send_to_cc',
++ 'bcc' => 'send_to_bcc',
++ 'body' => 'body',
++ 'subject' => 'subject');
++ $mtdata = unserialize($mailtodata);
++
++ foreach ($trtable as $f => $t) {
++ if ( !empty($mtdata[$f]) ) {
++ $$t = $mtdata[$f];
++ }
++ }
++ unset($mailtodata,$mtdata, $trtable);
++}
++
+ /* Location (For HTTP 1.1 Header("Location: ...") redirects) */
+ $location = get_location();
+ /* Identities (fetch only once) */
+diff -Naurp squirrelmail-1.5.1.orig/src/login.php squirrelmail-1.5.1/src/login.php
+--- squirrelmail-1.5.1.orig/src/login.php 2007-05-21 09:14:13.000000000 -0700
++++ squirrelmail-1.5.1/src/login.php 2007-05-21 09:21:42.000000000 -0700
+@@ -187,15 +187,15 @@ if (isset($hide_sm_attributions) && !$hi
+ $username_form_name = 'login_username';
+ $password_form_name = 'secretkey';
+
+-if(sqgetGlobalVar('mailto', $mailto)) {
+- $rcptaddress = addHidden('mailto', $mailto);
++if(sqgetGlobalVar('mailtodata', $mailtodata)) {
++ $mailtofield = addHidden('mailtodata', $mailtodata);
+ } else {
+- $rcptaddress = '';
++ $mailtofield = '';
+ }
+
+ $password_field = addPwField($password_form_name).
+ addHidden('js_autodetect_results', SMPREF_JS_OFF).
+- $rcptaddress .
++ $mailtofield .
+ addHidden('just_logged_in', '1');
+
+ $oTemplate->assign('color', $color);
+diff -Naurp squirrelmail-1.5.1.orig/src/mailto.php squirrelmail-1.5.1/src/mailto.php
+--- squirrelmail-1.5.1.orig/src/mailto.php 2006-01-23 10:43:28.000000000 -0800
++++ squirrelmail-1.5.1/src/mailto.php 2007-05-21 09:24:07.000000000 -0700
+@@ -41,6 +41,8 @@ $trtable = array('cc' => 'send
+ 'subject' => 'subject');
+ $url = '';
+
++$data = array();
++
+ if(sqgetGlobalVar('emailaddress', $emailaddress)) {
+ $emailaddress = trim($emailaddress);
+ if(stristr($emailaddress, 'mailto:')) {
+@@ -50,34 +52,33 @@ if(sqgetGlobalVar('emailaddress', $email
+ list($emailaddress, $a) = explode('?', $emailaddress, 2);
+ if(strlen(trim($a)) > 0) {
+ $a = explode('=', $a, 2);
+- $url .= $trtable[strtolower($a[0])] . '=' . urlencode($a[1]) . '&';
++ $data[strtolower($a[0])] = $a[1];
+ }
+ }
+- $url = 'send_to=' . urlencode($emailaddress) . '&' . $url;
++ $data['to'] = $emailaddress;
+
+ /* CC, BCC, etc could be any case, so we'll fix them here */
+ foreach($_GET as $k=>$g) {
+ $k = strtolower($k);
+ if(isset($trtable[$k])) {
+ $k = $trtable[$k];
+- $url .= $k . '=' . urlencode($g) . '&';
++ $data[$k] = $g;
+ }
+ }
+- $url = substr($url, 0, -1);
+ }
+ sqsession_is_active();
+
+ if($force_login == false && sqsession_is_registered('user_is_logged_in')) {
+ if($compose_only == true) {
+- $redirect = 'compose.php?' . $url;
++ $redirect = 'compose.php?mailtodata=' . urlencode(serialize($data));
+ } else {
+- $redirect = 'webmail.php?right_frame=compose.php?' . urlencode($url);
++ $redirect = 'webmail.php?mailtodata=' . urlencode(serialize($data));
+ }
+ } else {
+- $redirect = 'login.php?mailto=' . urlencode($url);
++ $redirect = 'login.php?mailtodata=' . urlencode(serialize($data));
+ }
+
+ session_write_close();
+ header('Location: ' . get_location() . '/' . $redirect);
+
+-?>
+\ No newline at end of file
++?>
+diff -Naurp squirrelmail-1.5.1.orig/src/redirect.php squirrelmail-1.5.1/src/redirect.php
+--- squirrelmail-1.5.1.orig/src/redirect.php 2007-05-21 09:14:13.000000000 -0700
++++ squirrelmail-1.5.1/src/redirect.php 2007-05-21 09:25:34.000000000 -0700
+@@ -50,7 +50,7 @@ sqGetGlobalVar('secretkey', $secretkey);
+ if(!sqGetGlobalVar('squirrelmail_language', $squirrelmail_language) || $squirrelmail_language == '') {
+ $squirrelmail_language = $squirrelmail_default_language;
+ }
+-if (!sqgetGlobalVar('mailto', $mailto)) {
++if (!sqgetGlobalVar('mailtodata', $mailtodata)) {
+ $mailto = '';
+ }
+
+@@ -154,9 +154,9 @@ if ( sqgetGlobalVar('session_expired_loc
+ }
+ unset($session_expired_location);
+ }
+-if($mailto != '') {
+- $redirect_url = $location . '/webmail.php?right_frame=compose.php&mailto=';
+- $redirect_url .= urlencode($mailto);
++if($mailtodata != '') {
++ $redirect_url = $location . '/webmail.php?right_frame=compose.php&mailtodata=';
++ $redirect_url .= urlencode($mailtodata);
+ }
+
+ /* Write session data and send them off to the appropriate page. */
+diff -Naurp squirrelmail-1.5.1.orig/src/webmail.php squirrelmail-1.5.1/src/webmail.php
+--- squirrelmail-1.5.1.orig/src/webmail.php 2007-05-21 09:14:13.000000000 -0700
++++ squirrelmail-1.5.1/src/webmail.php 2007-05-21 09:26:37.000000000 -0700
+@@ -54,8 +54,10 @@ if (!sqgetGlobalVar('mailbox', $mailbox)
+
+ sqgetGlobalVar('right_frame', $right_frame, SQ_GET);
+
+-if(!sqgetGlobalVar('mailto', $mailto)) {
+- $mailto = '';
++if(sqgetGlobalVar('mailtodata', $mailtodata)) {
++ $mailtourl = 'mailtodata='.urlencode($mailtodata);
++} else {
++ $mailtourl = '';
+ }
+
+ is_logged_in();
+@@ -166,7 +168,7 @@ switch($right_frame) {
+ $right_frame_url = 'folders.php';
+ break;
+ case 'compose.php':
+- $right_frame_url = 'compose.php?' . $mailto;
++ $right_frame_url = 'compose.php?' . $mailtourl;
+ break;
+ case '':
+ $right_frame_url = 'right_main.php';
diff --git a/mail-client/squirrelmail/files/squirrelmail-1.5.1-CVE-2006-6142-mime.patch b/mail-client/squirrelmail/files/squirrelmail-1.5.1-CVE-2006-6142-mime.patch
new file mode 100644
index 000000000000..ff1aa74a1020
--- /dev/null
+++ b/mail-client/squirrelmail/files/squirrelmail-1.5.1-CVE-2006-6142-mime.patch
@@ -0,0 +1,145 @@
+diff -Naurp squirrelmail-1.5.1.orig/functions/mime.php squirrelmail-1.5.1/functions/mime.php
+--- squirrelmail-1.5.1.orig/functions/mime.php 2006-02-11 03:13:05.000000000 -0800
++++ squirrelmail-1.5.1/functions/mime.php 2007-05-21 09:32:19.000000000 -0700
+@@ -1132,6 +1132,75 @@ function sq_unspace(&$attvalue){
+ }
+
+ /**
++ * Translate all dangerous Unicode or Shift_JIS characters which are acepted by
++ * IE as regular characters.
++ *
++ * @param attvalue The attribute value before dangerous characters are translated.
++ * @return attvalue Nothing, modifies a reference value.
++ * @author Marc Groot Koerkamp.
++ */
++function sq_fixIE_idiocy(&$attvalue) {
++ // remove NUL
++ $attvalue = str_replace("\0", "", $attvalue);
++ // remove comments
++ $attvalue = preg_replace("/(\/\*.*?\*\/)/","",$attvalue);
++
++ // IE has the evil habit of excepting every possible value for the attribute expression
++ // The table below contain characters which are valid in IE if they are used in the "expression"
++ // attribute value.
++ $aDangerousCharsReplacementTable = array(
++ array('&#x029F;', '&#0671;' ,/* L UNICODE IPA Extension */
++ '&#x0280;', '&#0640;' ,/* R UNICODE IPA Extension */
++ '&#x0274;', '&#0628;' ,/* N UNICODE IPA Extension */
++ '&#xFF25;', '&#65317' ,/* Unicode FULLWIDTH LATIN CAPITAL LETTER E */
++ '&#xFF45;', '&#65349' ,/* Unicode FULLWIDTH LATIN SMALL LETTER E */
++ '&#xFF38;', '&#65336;',/* Unicode FULLWIDTH LATIN CAPITAL LETTER X */
++ '&#xFF58;', '&#65368;',/* Unicode FULLWIDTH LATIN SMALL LETTER X */
++ '&#xFF30;', '&#65328;',/* Unicode FULLWIDTH LATIN CAPITAL LETTER P */
++ '&#xFF50;', '&#65360;',/* Unicode FULLWIDTH LATIN SMALL LETTER P */
++ '&#xFF32;', '&#65330;',/* Unicode FULLWIDTH LATIN CAPITAL LETTER R */
++ '&#xFF52;', '&#65362;',/* Unicode FULLWIDTH LATIN SMALL LETTER R */
++ '&#xFF33;', '&#65331;',/* Unicode FULLWIDTH LATIN CAPITAL LETTER S */
++ '&#xFF53;', '&#65363;',/* Unicode FULLWIDTH LATIN SMALL LETTER S */
++ '&#xFF29;', '&#65321;',/* Unicode FULLWIDTH LATIN CAPITAL LETTER I */
++ '&#xFF49;', '&#65353;',/* Unicode FULLWIDTH LATIN SMALL LETTER I */
++ '&#xFF2F;', '&#65327;',/* Unicode FULLWIDTH LATIN CAPITAL LETTER O */
++ '&#xFF4F;', '&#65359;',/* Unicode FULLWIDTH LATIN SMALL LETTER O */
++ '&#xFF2E;', '&#65326;',/* Unicode FULLWIDTH LATIN CAPITAL LETTER N */
++ '&#xFF4E;', '&#65358;',/* Unicode FULLWIDTH LATIN SMALL LETTER N */
++ '&#xFF2C;', '&#65324;',/* Unicode FULLWIDTH LATIN CAPITAL LETTER L */
++ '&#xFF4C;', '&#65356;',/* Unicode FULLWIDTH LATIN SMALL LETTER L */
++ '&#xFF35;', '&#65333;',/* Unicode FULLWIDTH LATIN CAPITAL LETTER U */
++ '&#xFF55;', '&#65365;',/* Unicode FULLWIDTH LATIN SMALL LETTER U */
++ '&#x207F;', '&#8319;' ,/* Unicode SUPERSCRIPT LATIN SMALL LETTER N */
++ '&#x8264;', /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER E */ // in unicode this is some chinese char range
++ '&#x8285;', /* Shift JIS FULLWIDTH LATIN SMALL LETTER E */
++ '&#x8277;', /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER X */
++ '&#x8298;', /* Shift JIS FULLWIDTH LATIN SMALL LETTER X */
++ '&#x826F;', /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER P */
++ '&#x8290;', /* Shift JIS FULLWIDTH LATIN SMALL LETTER P */
++ '&#x8271;', /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER R */
++ '&#x8292;', /* Shift JIS FULLWIDTH LATIN SMALL LETTER R */
++ '&#x8272;', /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER S */
++ '&#x8293;', /* Shift JIS FULLWIDTH LATIN SMALL LETTER S */
++ '&#x8268;', /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER I */
++ '&#x8289;', /* Shift JIS FULLWIDTH LATIN SMALL LETTER I */
++ '&#x826E;', /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER O */
++ '&#x828F;', /* Shift JIS FULLWIDTH LATIN SMALL LETTER O */
++ '&#x826D;', /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER N */
++ '&#x828E;'), /* Shift JIS FULLWIDTH LATIN SMALL LETTER N */
++ array('l', 'l', 'r','r','n','n',
++ 'E','E','e','e','X','X','x','x','P','P','p','p','S','S','s','s','I','I',
++ 'i','i','O','O','o','o','N','N','n','n','L','L','l','l','U','U','u','u','n',
++ 'E','e','X','x','P','p','S','s','I','i','O','o','N','n'));
++ $attvalue = str_replace($aDangerousCharsReplacementTable[0],$aDangerousCharsReplacementTable[1],$attvalue);
++
++ // Escapes are usefull for special characters like "{}[]()'&. In other cases they are
++ // used for XSS
++ $attvalue = preg_replace("/(\\\\)([a-zA-Z]{1})/",'$2',$attvalue);
++}
++
++/**
+ * This function returns the final tag out of the tag name, an array
+ * of attributes, and the type of the tag. This function is called by
+ * sq_sanitize internally.
+@@ -1597,10 +1666,23 @@ function sq_fixatts($tagname,
+ }
+ }
+ }
++
++ /**
++ * Workaround for IE quirks
++ */
++ sq_fixIE_idiocy($attvalue);
++
+ /**
+ * Remove any backslashes, entities, and extraneous whitespace.
+ */
++ $oldattvalue = $attvalue;
+ sq_defang($attvalue);
++ if ($attname == 'style' && $attvalue !== $oldattvalue) {
++ // entities are used in the attribute value. In 99% of the cases it's there as XSS
++ // i.e.<div style="{ left:exp&#x0280;essio&#x0274;( alert('XSS') ) }">
++ $attvalue = "idiocy";
++ $attary{$attname} = $attvalue;
++ }
+ sq_unspace($attvalue);
+
+ /**
+@@ -1694,14 +1776,18 @@ function sq_fixstyle($body, $pos, $messa
+ */
+ $content = preg_replace("|body(\s*\{.*?\})|si", ".bodyclass\\1", $content);
+ $secremoveimg = '../images/' . _("sec_remove_eng.png");
++
++ // IE Sucks hard. We have a special function for it.
++ sq_fixIE_idiocy($content);
++
++ // remove @import line
++ $content = preg_replace("/^\s*(@import.*)$/mi","\n<!-- @import rules forbidden -->\n",$content);
++
+ /**
+ * Fix url('blah') declarations.
+ */
+ // $content = preg_replace("|url\s*\(\s*([\'\"])\s*\S+script\s*:.*?([\'\"])\s*\)|si",
+ // "url(\\1$secremoveimg\\2)", $content);
+- // remove NUL
+- $content = str_replace("\0", "", $content);
+-
+ // NB I insert NUL characters to keep to avoid an infinite loop. They are removed after the loop.
+ while (preg_match("/url\s*\(\s*[\'\"]?([^:]+):(.*)?[\'\"]?\s*\)/si", $content, $matches)) {
+ $sProto = strtolower($matches[1]);
+@@ -1759,8 +1845,10 @@ function sq_fixstyle($body, $pos, $messa
+ '/expression/i',
+ '/behaviou*r/i',
+ '/binding/i',
+- '/include-source/i');
+- $replace = Array('','idiocy', 'idiocy', 'idiocy', 'idiocy');
++ '/include-source/i',
++ '/javascript/i',
++ '/script/i');
++ $replace = Array('','idiocy', 'idiocy', 'idiocy', 'idiocy', 'idiocy', 'idiocy');
+ $contentNew = preg_replace($match, $replace, $contentTemp);
+ if ($contentNew !== $contentTemp) {
+ // insecure css declarations are used. From now on we don't care
+@@ -2387,4 +2475,4 @@ function SendDownloadHeaders($type0, $ty
+
+ } // end fn SendDownloadHeaders
+
+-?>
+\ No newline at end of file
++?>
diff --git a/mail-client/squirrelmail/files/squirrelmail-1.5.1-CVE-2007-1262.patch b/mail-client/squirrelmail/files/squirrelmail-1.5.1-CVE-2007-1262.patch
index 36f0680eeb3a..d5accd6c8eb2 100644
--- a/mail-client/squirrelmail/files/squirrelmail-1.5.1-CVE-2007-1262.patch
+++ b/mail-client/squirrelmail/files/squirrelmail-1.5.1-CVE-2007-1262.patch
@@ -1,93 +1,7 @@
-Index: src/view_text.php
-===================================================================
---- src/view_text.php (revision 12419)
-+++ src/view_text.php (working copy)
-@@ -70,10 +70,10 @@
- }
-
- if ($type1 == 'html' || (isset($override_type1) && $override_type1 == 'html')) {
-- $body = MagicHTML( $body, $passed_id, $message, $mailbox);
- // html attachment with character set information
- if (! empty($charset))
- $body = charset_decode($charset,$body,false,true);
-+ $body = MagicHTML( $body, $passed_id, $message, $mailbox);
- } else {
- translateText($body, $wrap_at, $charset);
- }
-Index: src/compose.php
-===================================================================
---- src/compose.php (revision 12419)
-+++ src/compose.php (working copy)
-@@ -55,32 +55,42 @@
- }
-
- /** SESSION/POST/GET VARS */
--sqgetGlobalVar('session',$session);
--sqgetGlobalVar('mailbox',$mailbox);
--if(!sqgetGlobalVar('identity',$identity)) {
-+sqgetGlobalVar('send', $send, SQ_POST);
-+// Send can only be achieved by setting $_POST var. If Send = true then
-+// retrieve other form fields from $_POST
-+if (isset($send) && $send) {
-+ $SQ_GLOBAL = SQ_POST;
-+} else {
-+ $SQ_GLOBAL = SQ_FORM;
-+}
-+sqgetGlobalVar('session',$session, $SQ_GLOBAL);
-+sqgetGlobalVar('mailbox',$mailbox, $SQ_GLOBAL);
-+if(!sqgetGlobalVar('identity',$identity, $SQ_GLOBAL)) {
- $identity=0;
- }
--sqgetGlobalVar('send_to',$send_to);
--sqgetGlobalVar('send_to_cc',$send_to_cc);
--sqgetGlobalVar('send_to_bcc',$send_to_bcc);
--sqgetGlobalVar('subject',$subject);
--sqgetGlobalVar('body',$body);
--sqgetGlobalVar('mailprio',$mailprio);
--sqgetGlobalVar('request_mdn',$request_mdn);
--sqgetGlobalVar('request_dr',$request_dr);
--sqgetGlobalVar('html_addr_search',$html_addr_search);
--sqgetGlobalVar('mail_sent',$mail_sent);
--sqgetGlobalVar('passed_id',$passed_id);
--sqgetGlobalVar('passed_ent_id',$passed_ent_id);
--sqgetGlobalVar('send',$send);
-+sqgetGlobalVar('send_to',$send_to, $SQ_GLOBAL);
-+sqgetGlobalVar('send_to_cc',$send_to_cc, $SQ_GLOBAL);
-+sqgetGlobalVar('send_to_bcc',$send_to_bcc, $SQ_GLOBAL);
-+sqgetGlobalVar('subject',$subject, $SQ_GLOBAL);
-+sqgetGlobalVar('body',$body, $SQ_GLOBAL);
-+sqgetGlobalVar('mailprio',$mailprio, $SQ_GLOBAL);
-+sqgetGlobalVar('request_mdn',$request_mdn, $SQ_GLOBAL);
-+sqgetGlobalVar('request_dr',$request_dr, $SQ_GLOBAL);
-+sqgetGlobalVar('html_addr_search',$html_addr_search, $SQ_GLOBAL);
-+sqgetGlobalVar('mail_sent',$mail_sent, $SQ_GLOBAL);
-+sqgetGlobalVar('passed_id',$passed_id, $SQ_GLOBAL);
-+sqgetGlobalVar('passed_ent_id',$passed_ent_id, $SQ_GLOBAL);
-
--sqgetGlobalVar('attach',$attach);
-+sqgetGlobalVar('attach',$attach, SQ_POST);
-+sqgetGlobalVar('draft',$draft, SQ_POST);
-+sqgetGlobalVar('draft_id',$draft_id, $SQ_GLOBAL);
-+sqgetGlobalVar('ent_num',$ent_num, $SQ_GLOBAL);
-+sqgetGlobalVar('saved_draft',$saved_draft, SQ_FORM);
-
--sqgetGlobalVar('draft',$draft);
--sqgetGlobalVar('draft_id',$draft_id);
--sqgetGlobalVar('ent_num',$ent_num);
--sqgetGlobalVar('saved_draft',$saved_draft);
--sqgetGlobalVar('delete_draft',$delete_draft);
-+if ( sqgetGlobalVar('delete_draft',$delete_draft) ) {
-+ $delete_draft = (int)$delete_draft;
-+}
-+
- if ( sqgetGlobalVar('startMessage',$startMessage) ) {
- $startMessage = (int)$startMessage;
- } else {
-Index: functions/mime.php
-===================================================================
---- functions/mime.php (revision 12419)
-+++ functions/mime.php (working copy)
-@@ -428,13 +428,16 @@
+diff -Naurp squirrelmail-1.5.1.orig/functions/mime.php squirrelmail-1.5.1/functions/mime.php
+--- squirrelmail-1.5.1.orig/functions/mime.php 2007-05-21 09:57:36.000000000 -0700
++++ squirrelmail-1.5.1/functions/mime.php 2007-05-21 09:58:36.000000000 -0700
+@@ -428,13 +428,16 @@ function formatBody($imap_stream, $messa
$body.="</iframe></div>\n";
} else {
// old way of html rendering
@@ -106,7 +20,72 @@ Index: functions/mime.php
}
} else {
translateText($body, $wrap_at,
-@@ -1623,38 +1626,34 @@
+@@ -1156,8 +1159,8 @@ function sq_fixIE_idiocy(&$attvalue) {
+ array('&#x029F;', '&#0671;' ,/* L UNICODE IPA Extension */
+ '&#x0280;', '&#0640;' ,/* R UNICODE IPA Extension */
+ '&#x0274;', '&#0628;' ,/* N UNICODE IPA Extension */
+- '&#xFF25;', '&#65317' ,/* Unicode FULLWIDTH LATIN CAPITAL LETTER E */
+- '&#xFF45;', '&#65349' ,/* Unicode FULLWIDTH LATIN SMALL LETTER E */
++ '&#xFF25;', '&#65317;' ,/* Unicode FULLWIDTH LATIN CAPITAL LETTER E */
++ '&#xFF45;', '&#65349;' ,/* Unicode FULLWIDTH LATIN SMALL LETTER E */
+ '&#xFF38;', '&#65336;',/* Unicode FULLWIDTH LATIN CAPITAL LETTER X */
+ '&#xFF58;', '&#65368;',/* Unicode FULLWIDTH LATIN SMALL LETTER X */
+ '&#xFF30;', '&#65328;',/* Unicode FULLWIDTH LATIN CAPITAL LETTER P */
+@@ -1177,26 +1180,34 @@ function sq_fixIE_idiocy(&$attvalue) {
+ '&#xFF35;', '&#65333;',/* Unicode FULLWIDTH LATIN CAPITAL LETTER U */
+ '&#xFF55;', '&#65365;',/* Unicode FULLWIDTH LATIN SMALL LETTER U */
+ '&#x207F;', '&#8319;' ,/* Unicode SUPERSCRIPT LATIN SMALL LETTER N */
+- '&#x8264;', /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER E */ // in unicode this is some chinese char range
+- '&#x8285;', /* Shift JIS FULLWIDTH LATIN SMALL LETTER E */
+- '&#x8277;', /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER X */
+- '&#x8298;', /* Shift JIS FULLWIDTH LATIN SMALL LETTER X */
+- '&#x826F;', /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER P */
+- '&#x8290;', /* Shift JIS FULLWIDTH LATIN SMALL LETTER P */
+- '&#x8271;', /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER R */
+- '&#x8292;', /* Shift JIS FULLWIDTH LATIN SMALL LETTER R */
+- '&#x8272;', /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER S */
+- '&#x8293;', /* Shift JIS FULLWIDTH LATIN SMALL LETTER S */
+- '&#x8268;', /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER I */
+- '&#x8289;', /* Shift JIS FULLWIDTH LATIN SMALL LETTER I */
+- '&#x826E;', /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER O */
+- '&#x828F;', /* Shift JIS FULLWIDTH LATIN SMALL LETTER O */
+- '&#x826D;', /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER N */
+- '&#x828E;'), /* Shift JIS FULLWIDTH LATIN SMALL LETTER N */
++ "\xEF\xBC\xA5", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER E */ // in unicode this is some Chinese char range
++ "\xEF\xBD\x85", /* Shift JIS FULLWIDTH LATIN SMALL LETTER E */
++ "\xEF\xBC\xB8", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER X */
++ "\xEF\xBD\x98", /* Shift JIS FULLWIDTH LATIN SMALL LETTER X */
++ "\xEF\xBC\xB0", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER P */
++ "\xEF\xBD\x90", /* Shift JIS FULLWIDTH LATIN SMALL LETTER P */
++ "\xEF\xBC\xB2", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER R */
++ "\xEF\xBD\x92", /* Shift JIS FULLWIDTH LATIN SMALL LETTER R */
++ "\xEF\xBC\xB3", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER S */
++ "\xEF\xBD\x93", /* Shift JIS FULLWIDTH LATIN SMALL LETTER S */
++ "\xEF\xBC\xA9", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER I */
++ "\xEF\xBD\x89", /* Shift JIS FULLWIDTH LATIN SMALL LETTER I */
++ "\xEF\xBC\xAF", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER O */
++ "\xEF\xBD\x8F", /* Shift JIS FULLWIDTH LATIN SMALL LETTER O */
++ "\xEF\xBC\xAE", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER N */
++ "\xEF\xBD\x8E", /* Shift JIS FULLWIDTH LATIN SMALL LETTER N */
++ "\xEF\xBC\xAC", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER L */
++ "\xEF\xBD\x8C", /* Shift JIS FULLWIDTH LATIN SMALL LETTER L */
++ "\xEF\xBC\xB5", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER U */
++ "\xEF\xBD\x95", /* Shift JIS FULLWIDTH LATIN SMALL LETTER U */
++ "\xE2\x81\xBF", /* Shift JIS FULLWIDTH SUPERSCRIPT N */
++ "\xCA\x9F", /* L UNICODE IPA Extension */
++ "\xCA\x80", /* R UNICODE IPA Extension */
++ "\xC9\xB4"), /* N UNICODE IPA Extension */
+ array('l', 'l', 'r','r','n','n',
+- 'E','E','e','e','X','X','x','x','P','P','p','p','S','S','s','s','I','I',
+- 'i','i','O','O','o','o','N','N','n','n','L','L','l','l','U','U','u','u','n',
+- 'E','e','X','x','P','p','S','s','I','i','O','o','N','n'));
++ 'E','E','e','e','X','X','x','x','P','P','p','p','R','R','r','r','S','S','s','s','I','I',
++ 'i','i','O','O','o','o','N','N','n','n','L','L','l','l','U','U','u','u','n','n',
++ 'E','e','X','x','P','p','R','r','S','s','I','i','O','o','N','n','L','l','U','u','n','l','r','n'));
+ $attvalue = str_replace($aDangerousCharsReplacementTable[0],$aDangerousCharsReplacementTable[1],$attvalue);
+
+ // Escapes are usefull for special characters like "{}[]()'&. In other cases they are
+@@ -1709,38 +1720,34 @@ function sq_fixatts($tagname,
preg_replace($valmatch, $valrepl, $attvalue);
if ($newvalue != $attvalue){
$attary{$attname} = $newvalue;
@@ -125,6 +104,13 @@ Index: functions/mime.php
- */
- if (($attname == 'src') && ($attvalue == '""')) {
- $attary{$attname} = '"' . SM_PATH . 'images/blank.png"';
+- }
+-
+- /**
+- * Turn cid: urls into http-friendly ones.
+- */
+- if (preg_match("/^[\'\"]\s*cid:/si", $attvalue)){
+- $attary{$attname} = sq_cid2http($message, $id, $attvalue, $mailbox);
+ if ($attname == 'style') {
+ if (preg_match('/[\0-\37\200-\377]+/',$attvalue)) {
+ // 8bit and control characters in style attribute values can be used for XSS, remove them
@@ -142,29 +128,22 @@ Index: functions/mime.php
}
-
/**
-- * Turn cid: urls into http-friendly ones.
+- * "Hack" fix for Outlook using propriatary outbind:// protocol in img tags.
+- * One day MS might actually make it match something useful, for now, falling
+- * back to using cid2http, so we can grab the blank.png.
+ * Use white list based filtering on attributes which can contain url's
*/
-- if (preg_match("/^[\'\"]\s*cid:/si", $attvalue)){
+- if (preg_match("/^[\'\"]\s*outbind:\/\//si", $attvalue)) {
- $attary{$attname} = sq_cid2http($message, $id, $attvalue, $mailbox);
+ else if ($attname == 'href' || $attname == 'src' || $attname == 'background') {
+ sq_fix_url($attname, $attvalue, $message, $id, $mailbox);
+ $attary{$attname} = $attvalue;
}
-
-- /**
-- * "Hack" fix for Outlook using propriatary outbind:// protocol in img tags.
-- * One day MS might actually make it match something useful, for now, falling
-- * back to using cid2http, so we can grab the blank.png.
-- */
-- if (preg_match("/^[\'\"]\s*outbind:\/\//si", $attvalue)) {
-- $attary{$attname} = sq_cid2http($message, $id, $attvalue, $mailbox);
-- }
--
}
/**
* See if we need to append any attributes to this tag.
-@@ -1668,6 +1667,98 @@
+@@ -1754,6 +1761,98 @@ function sq_fixatts($tagname,
}
/**
@@ -263,20 +242,21 @@ Index: functions/mime.php
* This function edits the style definition to make them friendly and
* usable in SquirrelMail.
*
-@@ -1699,51 +1790,30 @@
+@@ -1781,59 +1880,40 @@ function sq_fixstyle($body, $pos, $messa
+ $content = preg_replace("|body(\s*\{.*?\})|si", ".bodyclass\\1", $content);
+ $secremoveimg = '../images/' . _("sec_remove_eng.png");
+
+- // IE Sucks hard. We have a special function for it.
+- sq_fixIE_idiocy($content);
+-
+- // remove @import line
+- $content = preg_replace("/^\s*(@import.*)$/mi","\n<!-- @import rules forbidden -->\n",$content);
+-
+ /**
+ * Fix url('blah') declarations.
*/
// $content = preg_replace("|url\s*\(\s*([\'\"])\s*\S+script\s*:.*?([\'\"])\s*\)|si",
// "url(\\1$secremoveimg\\2)", $content);
-+
-+ // first check for 8bit sequences and disallowed control characters
-+ if (preg_match('/[\16-\37\200-\377]+/',$content)) {
-+ $content = '<!-- style block removed by html filter due to presence of 8bit characters -->';
-+ return array($content, $newpos);
-+ }
-+
- // remove NUL
- $content = str_replace("\0", "", $content);
-
- // NB I insert NUL characters to keep to avoid an infinite loop. They are removed after the loop.
- while (preg_match("/url\s*\(\s*[\'\"]?([^:]+):(.*)?[\'\"]?\s*\)/si", $content, $matches)) {
- $sProto = strtolower($matches[1]);
@@ -288,21 +268,14 @@ Index: functions/mime.php
- case 'https':
- case 'http':
- if (!$view_unsafe_images){
-+ preg_match_all("/url\s*\((.+)\)/si",$content,$aMatch);
-+ if (count($aMatch)) {
-+ $aValue = $aReplace = array();
-+ foreach($aMatch[1] as $sMatch) {
-+ // url value
-+ $urlvalue = $sMatch;
-+ sq_fix_url('style',$urlvalue, $message, $id, $mailbox,"'");
-+ $aValue[] = $sMatch;
-+ $aReplace[] = $urlvalue;
-+ }
-+ $content = str_replace($aValue,$aReplace,$content);
-+ }
++ // first check for 8bit sequences and disallowed control characters
++ if (preg_match('/[\16-\37\200-\377]+/',$content)) {
++ $content = '<!-- style block removed by html filter due to presence of 8bit characters -->';
- $sExpr = "/url\s*\(\s*[\'\"]?\s*$sProto*:.*[\'\"]?\s*\)/si";
- $content = preg_replace($sExpr, "u\0r\0l(\\1$secremoveimg\\2)", $content);
++ return array($content, $newpos);
++ }
- } else {
- $content = preg_replace('/url/i',"u\0r\0l",$content);
@@ -327,14 +300,34 @@ Index: functions/mime.php
- $content = preg_replace("/url\s*\(\s*[\'\"]?([^:]+):(.*)?[\'\"]?\s*\)/si",
- "", $content);
- break;
-- }
-- }
++ // IE Sucks hard. We have a special function for it.
++ sq_fixIE_idiocy($content);
++
++ // remove @import line
++ $content = preg_replace("/^\s*(@import.*)$/mi","\n<!-- @import rules forbidden -->\n",$content);
++
++ // translate ur\l and variations (IE parses that)
++ // TODO check if the sq_fixIE_idiocy function already handles this.
++ $content = preg_replace("/(\\\\)?u(\\\\)?r(\\\\)?l(\\\\)?/i", 'url', $content);
++ preg_match_all("/url\s*\((.+)\)/si",$content,$aMatch);
++ if (count($aMatch)) {
++ $aValue = $aReplace = array();
++ foreach($aMatch[1] as $sMatch) {
++ // url value
++ $urlvalue = $sMatch;
++ sq_fix_url('style',$urlvalue, $message, $id, $mailbox,"'");
++ $aValue[] = $sMatch;
++ $aReplace[] = $urlvalue;
+ }
++ $content = str_replace($aValue,$aReplace,$content);
+ }
- // remove NUL
- $content = str_replace("\0", "", $content);
++
/**
* Remove any backslashes, entities, and extraneous whitespace.
*/
-@@ -2175,7 +2245,7 @@
+@@ -2267,7 +2347,7 @@ function magicHTML($body, $id, $message,
"idiocy",
"idiocy",
"idiocy",
@@ -343,7 +336,7 @@ Index: functions/mime.php
"url(\\1#\\1)",
"url(\\1#\\1)",
"url(\\1#\\1)",
-@@ -2220,7 +2290,7 @@
+@@ -2312,7 +2392,7 @@ function magicHTML($body, $id, $message,
$id,
$mailbox
);
@@ -352,3 +345,89 @@ Index: functions/mime.php
$has_unsafe_images = true;
}
+diff -Naurp squirrelmail-1.5.1.orig/src/compose.php squirrelmail-1.5.1/src/compose.php
+--- squirrelmail-1.5.1.orig/src/compose.php 2007-05-21 09:57:36.000000000 -0700
++++ squirrelmail-1.5.1/src/compose.php 2007-05-21 10:00:07.000000000 -0700
+@@ -55,31 +55,37 @@ if (is_array($delayed_errors)) {
+ }
+
+ /** SESSION/POST/GET VARS */
+-sqgetGlobalVar('session',$session);
+-sqgetGlobalVar('mailbox',$mailbox);
+-if(!sqgetGlobalVar('identity',$identity)) {
++sqgetGlobalVar('send', $send, SQ_POST);
++// Send can only be achieved by setting $_POST var. If Send = true then
++// retrieve other form fields from $_POST
++if (isset($send) && $send) {
++ $SQ_GLOBAL = SQ_POST;
++} else {
++ $SQ_GLOBAL = SQ_FORM;
++}
++sqgetGlobalVar('session',$session, $SQ_GLOBAL);
++sqgetGlobalVar('mailbox',$mailbox, $SQ_GLOBAL);
++if(!sqgetGlobalVar('identity',$identity, $SQ_GLOBAL)) {
+ $identity=0;
+ }
+-sqgetGlobalVar('send_to',$send_to);
+-sqgetGlobalVar('send_to_cc',$send_to_cc);
+-sqgetGlobalVar('send_to_bcc',$send_to_bcc);
+-sqgetGlobalVar('subject',$subject);
+-sqgetGlobalVar('body',$body);
+-sqgetGlobalVar('mailprio',$mailprio);
+-sqgetGlobalVar('request_mdn',$request_mdn);
+-sqgetGlobalVar('request_dr',$request_dr);
+-sqgetGlobalVar('html_addr_search',$html_addr_search);
+-sqgetGlobalVar('mail_sent',$mail_sent);
+-sqgetGlobalVar('passed_id',$passed_id);
+-sqgetGlobalVar('passed_ent_id',$passed_ent_id);
+-sqgetGlobalVar('send',$send);
+-
+-sqgetGlobalVar('attach',$attach);
+-
+-sqgetGlobalVar('draft',$draft);
+-sqgetGlobalVar('draft_id',$draft_id);
+-sqgetGlobalVar('ent_num',$ent_num);
+-sqgetGlobalVar('saved_draft',$saved_draft);
++sqgetGlobalVar('send_to',$send_to, $SQ_GLOBAL);
++sqgetGlobalVar('send_to_cc',$send_to_cc, $SQ_GLOBAL);
++sqgetGlobalVar('send_to_bcc',$send_to_bcc, $SQ_GLOBAL);
++sqgetGlobalVar('subject',$subject, $SQ_GLOBAL);
++sqgetGlobalVar('body',$body, $SQ_GLOBAL);
++sqgetGlobalVar('mailprio',$mailprio, $SQ_GLOBAL);
++sqgetGlobalVar('request_mdn',$request_mdn, $SQ_GLOBAL);
++sqgetGlobalVar('request_dr',$request_dr, $SQ_GLOBAL);
++sqgetGlobalVar('html_addr_search',$html_addr_search, $SQ_GLOBAL);
++sqgetGlobalVar('mail_sent',$mail_sent, $SQ_GLOBAL);
++sqgetGlobalVar('passed_id',$passed_id, $SQ_GLOBAL);
++sqgetGlobalVar('passed_ent_id',$passed_ent_id, $SQ_GLOBAL);
++
++sqgetGlobalVar('attach',$attach, SQ_POST);
++sqgetGlobalVar('draft',$draft, SQ_POST);
++sqgetGlobalVar('draft_id',$draft_id, $SQ_GLOBAL);
++sqgetGlobalVar('ent_num',$ent_num, $SQ_GLOBAL);
++sqgetGlobalVar('saved_draft',$saved_draft, SQ_FORM);
+
+ if ( sqgetGlobalVar('delete_draft',$delete_draft) ) {
+ $delete_draft = (int)$delete_draft;
+@@ -1765,4 +1771,4 @@ function deliverMessage($composeMessage,
+ return $success;
+ }
+
+-?>
+\ No newline at end of file
++?>
+diff -Naurp squirrelmail-1.5.1.orig/src/view_text.php squirrelmail-1.5.1/src/view_text.php
+--- squirrelmail-1.5.1.orig/src/view_text.php 2006-02-05 03:18:50.000000000 -0800
++++ squirrelmail-1.5.1/src/view_text.php 2007-05-21 09:58:36.000000000 -0700
+@@ -70,10 +70,10 @@ if (isset($languages[$squirrelmail_langu
+ }
+
+ if ($type1 == 'html' || (isset($override_type1) && $override_type1 == 'html')) {
+- $body = MagicHTML( $body, $passed_id, $message, $mailbox);
+ // html attachment with character set information
+ if (! empty($charset))
+ $body = charset_decode($charset,$body,false,true);
++ $body = MagicHTML( $body, $passed_id, $message, $mailbox);
+ } else {
+ translateText($body, $wrap_at, $charset);
+ }
diff --git a/mail-client/squirrelmail/files/squirrelmail-1.5.1-ie-mime.patch b/mail-client/squirrelmail/files/squirrelmail-1.5.1-ie-mime.patch
new file mode 100644
index 000000000000..1b7eac318f06
--- /dev/null
+++ b/mail-client/squirrelmail/files/squirrelmail-1.5.1-ie-mime.patch
@@ -0,0 +1,33 @@
+diff -u -r1.265.2.69 mime.php
+--- functions/mime.php 2 Dec 2006 09:57:21 -0000 1.265.2.69
++++ functions/mime.php 2 Dec 2006 14:30:29 -0000
+@@ -477,7 +477,11 @@
+ if ($where && $what) {
+ $defaultlink .= '&amp;where='. urlencode($where).'&amp;what='.urlencode($what);
+ }
+-
++ // IE does make use of mime content sniffing. Forcing a download
++ // prohibit execution of XSS inside an application/octet-stream attachment
++ if ($type0 == 'application' && $type1 == 'octet-stream') {
++ $defaultlink .= '&amp;absolute_dl=true';
++ }
+ /* This executes the attachment hook with a specific MIME-type.
+ * If that doesn't have results, it tries if there's a rule
+ * for a more generic type. Finally, a hook for ALL attachment
+@@ -2195,11 +2253,15 @@
+
+ // This works for most types, but doesn't work with Word files
+ header ("Content-Type: application/download; name=\"$filename\"");
+-
++ // This is to prevent IE for MIME sniffing and auto open a file in IE
++ header ("Content-Type: application/force-download; name=\"$filename\"");
+ // These are spares, just in case. :-)
+ //header("Content-Type: $type0/$type1; name=\"$filename\"");
+ //header("Content-Type: application/x-msdownload; name=\"$filename\"");
+ //header("Content-Type: application/octet-stream; name=\"$filename\"");
++ } else if ($isIE) {
++ // This is to prevent IE for MIME sniffing and auto open a file in IE
++ header ("Content-Type: application/force-download; name=\"$filename\"");
+ } else {
+ // another application/octet-stream forces download for Netscape
+ header ("Content-Type: application/octet-stream; name=\"$filename\"");
diff --git a/mail-client/squirrelmail/files/squirrelmail-fortune.patch b/mail-client/squirrelmail/files/squirrelmail-fortune.patch
deleted file mode 100644
index 49932d9ac481..000000000000
--- a/mail-client/squirrelmail/files/squirrelmail-fortune.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -ru plugins/fortune/setup.php.org plugins/fortune/setup.php
---- plugins/fortune/setup.php.org 2004-04-26 15:20:10.000000000 -0700
-+++ plugins/fortune/setup.php 2004-05-11 11:00:43.910401166 -0700
-@@ -30,7 +30,7 @@
- return;
- }
-
-- $fortune_location = '/usr/games/fortune';
-+ $fortune_location = '/usr/bin/fortune';
- $exist = file_exists($fortune_location);
- echo "<center><table cellpadding=0 cellspacing=0 border=0 bgcolor=$color[10]><tr><td><table width=100% cellpadding=2 cellspacing=1 border=0 bgcolor=\"$color[5]\"><tr><td align=center>";
- echo '<table><tr><td>';
diff --git a/mail-client/squirrelmail/squirrelmail-1.5.1-r3.ebuild b/mail-client/squirrelmail/squirrelmail-1.5.1-r4.ebuild
index dda25d107c32..383b619c0d18 100644
--- a/mail-client/squirrelmail/squirrelmail-1.5.1-r3.ebuild
+++ b/mail-client/squirrelmail/squirrelmail-1.5.1-r4.ebuild
@@ -1,6 +1,6 @@
# Copyright 1999-2007 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/mail-client/squirrelmail/squirrelmail-1.5.1-r3.ebuild,v 1.1 2007/05/19 14:26:22 eradicator Exp $
+# $Header: /var/cvsroot/gentoo-x86/mail-client/squirrelmail/squirrelmail-1.5.1-r4.ebuild,v 1.1 2007/05/21 17:11:33 eradicator Exp $
IUSE="crypt ldap spell ssl filter mysql postgres nls"
@@ -54,6 +54,11 @@ src_unpack() {
unpack ${MY_P}.tar.bz2
cd ${S}
+ epatch ${FILESDIR}/squirrelmail-1.5.1-CVE-2006-4019.patch
+ epatch ${FILESDIR}/squirrelmail-1.5.1-CVE-2006-6142-draft_composesess.patch
+ epatch ${FILESDIR}/squirrelmail-1.5.1-CVE-2006-6142-mailto.patch
+ epatch ${FILESDIR}/squirrelmail-1.5.1-CVE-2006-6142-mime.patch
+ epatch ${FILESDIR}/squirrelmail-1.5.1-ie-mime.patch
epatch ${FILESDIR}/squirrelmail-1.5.1-CVE-2007-1262.patch
mv config/config_default.php config/config.php