Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-1.0.git;a=commitdiff;h=c4720ab81beb785d3d0aabc73e9c09c607ab72f0
commit c4720ab81beb785d3d0aabc73e9c09c607ab72f0 Author: Miklos Vajna <vmik...@frugalware.org> Date: Sat May 30 13:22:35 2009 +0200 squirrelmail-1.4.17-3anacreon1-i686 - backport 41a7638 - closes #3779 diff --git a/source/network-extra/squirrelmail/CVE-2009-1579.patch b/source/network-extra/squirrelmail/CVE-2009-1579.patch new file mode 100644 index 0000000..94caafc --- /dev/null +++ b/source/network-extra/squirrelmail/CVE-2009-1579.patch @@ -0,0 +1,12 @@ +--- squirrelmail/functions/imap_general.php 2009/05/11 22:08:25 13673 ++++ squirrelmail/functions/imap_general.php 2009/05/11 22:17:35 13674 +@@ -973,7 +973,8 @@ + * LDAP whatever way to find the users IMAP server. + */ + function map_yp_alias($username) { ++ $escusername = escapeshellarg($username); ++ $yp = `ypmatch $escusername aliases`; +- $yp = `ypmatch $username aliases`; + return chop(substr($yp, strlen($username)+1)); + } + diff --git a/source/network-extra/squirrelmail/FrugalBuild b/source/network-extra/squirrelmail/FrugalBuild index 83902a6..7f3d8c7 100644 --- a/source/network-extra/squirrelmail/FrugalBuild +++ b/source/network-extra/squirrelmail/FrugalBuild @@ -6,7 +6,7 @@ pkgname=squirrelmail pkgver=1.4.17 pkgextraver= compatpluginver=2.0.9-1.0 -pkgrel=2anacreon1 +pkgrel=3anacreon1 pkgdesc="SquirrelMail is a standards-based webmail package written in PHP" rodepends=('php' 'php-pear-db') backup=(var/www/squirrelmail/config/config.php \ @@ -20,14 +20,16 @@ if [ "x$pkgextraver" == "x" ]; then else up2date="lynx -dump http://www.squirrelmail.org/download.php|grep 'squirrelmail-'|sed -n 's/.*squirrelmail-\(.*\)\.t.*/\1/; 1 p' |sed s/$pkgextraver//" fi -source=($source http://www.$pkgname.org/plugins/compatibility-$compatpluginver.tar.gz README.Frugalware) +source=($source http://www.$pkgname.org/plugins/compatibility-$compatpluginver.tar.gz README.Frugalware CVE-2009-1579.patch) sha1sums=('ac2ed4ac009405b3ab256b3b6724d7368082bee1' \ '25779cf0d97b10b9dfe41c2580b723eb6bcb5f9e' \ - '1bfe33f98b235076efc97764d8b0224fb1141f65') + '1bfe33f98b235076efc97764d8b0224fb1141f65' \ + '5ec737e80c9c1837fcbff07698b6cd292b4da768') build() { Fcd ${pkgname}-${pkgver}${pkgextraver} + Fpatchall Fmkdir /var/www/ /usr/share/$pkgname Fcpr ${pkgname}-${pkgver}${pkgextraver}/* usr/share/${pkgname}/ Fln /usr/share/${pkgname} /var/www/squirrelmail _______________________________________________ Frugalware-git mailing list Frugalware-git@frugalware.org http://frugalware.org/mailman/listinfo/frugalware-git