rpms/squirrelmail/F-9 squirrelmail-1.4.15-tr-fix.patch, NONE, 1.1 .cvsignore, 1.21, 1.22 sources, 1.21, 1.22 squirrelmail-1.4.6-japanese-multibyte-view-body.patch, 1.2, 1.3 squirrelmail-1.4.6-japanese-multibyte-view-text.patch, 1.3, 1.4 squirrelmail.spec, 1.56, 1.57
Michal Hlavinka
mhlavink at fedoraproject.org
Wed Oct 1 13:31:27 UTC 2008
Author: mhlavink
Update of /cvs/extras/rpms/squirrelmail/F-9
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv31574
Modified Files:
.cvsignore sources
squirrelmail-1.4.6-japanese-multibyte-view-body.patch
squirrelmail-1.4.6-japanese-multibyte-view-text.patch
squirrelmail.spec
Added Files:
squirrelmail-1.4.15-tr-fix.patch
Log Message:
update to 1.4.16 (resolves: #464185 - CVE-2008-3663 Squirrelmail session hijacking)
squirrelmail-1.4.15-tr-fix.patch:
--- NEW FILE squirrelmail-1.4.15-tr-fix.patch ---
diff -up squirrelmail-1.4.15/locale_tempdir/locale/tr_TR/LC_MESSAGES/squirrelmail.po.BAD squirrelmail-1.4.15/locale_tempdir/locale/tr_TR/LC_MESSAGES/squirrelmail.po
--- squirrelmail-1.4.15/locale_tempdir/locale/tr_TR/LC_MESSAGES/squirrelmail.po.BAD 2008-09-05 13:51:40.000000000 -0400
+++ squirrelmail-1.4.15/locale_tempdir/locale/tr_TR/LC_MESSAGES/squirrelmail.po 2008-09-05 13:53:32.000000000 -0400
@@ -130,6 +130,10 @@ msgstr "Seçili öðeyi düzenle"
msgid "Delete selected"
msgstr "Seçili öðeyi sil"
+#, fuzzy
+msgid "Compose to selected"
+msgstr "Seçili öðeyi sil"
+
msgid "sort by nickname"
msgstr "rumuza göre sýrala"
@@ -705,7 +709,8 @@ msgstr "Okundu:"
msgid "Your message"
msgstr "Sizin mesajýnýz"
-msgid "Sent:"
+#, fuzzy
+msgid "Sent"
msgstr "Gönderildi:"
#, php-format
@@ -907,10 +912,12 @@ msgstr "Veritabaný hatasý: %s"
msgid "Address book is read-only"
msgstr "Adres defteri salt okunur durumda"
+#. i18n: don't use html formating in translation
#, php-format
msgid "User \"%s\" already exists"
msgstr "\"%s\" kullanýcýsý zaten var"
+#. i18n: don't use html formating in translation
#, php-format
msgid "User \"%s\" does not exist"
msgstr "\"%s\" kullanýcýsý yok"
@@ -984,6 +991,9 @@ msgstr "Görüntüle"
msgid "View Business Card"
msgstr "Ýþ Kartýný Görüntüle"
+msgid "Your session has expired, but will be resumed after logging in again."
+msgstr ""
+
msgid "Sunday"
msgstr "Pazar"
@@ -1351,9 +1361,11 @@ msgstr "Tümünü Býrak"
msgid "Select All"
msgstr "Tümünü Seç"
+#, php-format
msgid "Viewing Messages: %s to %s (%s total)"
msgstr "Görüntülenen Mesajlar: %s ile %s arasý (toplam %s)"
+#, php-format
msgid "Viewing Message: %s (%s total)"
msgstr "Görüntülenen Mesaj: %s (toplam %s)"
@@ -1399,15 +1411,25 @@ msgstr "sec_remove_tr_TR.png"
msgid "This external link will open in a new window"
msgstr "Bu dýþ link yeni bir pencerede açýlacaktýr"
+#, php-format
msgid "Option Type '%s' Not Found"
msgstr "'%s' Seçenek Tipi Bulunamadý"
+#, fuzzy
+msgid "Delete Selected"
+msgstr "Seçili öðeyi sil"
+
+#, fuzzy, php-format
+msgid "Edit List Layout Type '%s' Not Found"
+msgstr "'%s' Seçenek Tipi Bulunamadý"
+
msgid "Current Folder"
msgstr "Görüntülenen Klasör"
msgid "Compose"
msgstr "Mesaj Yaz"
+#, php-format
msgid "Error creating directory %s."
msgstr "%s dizini oluþturulurken hata oluþtu."
@@ -1562,7 +1584,8 @@ msgstr "Baþlýklar ve mesaj gövdesi arasý
msgid "After message body"
msgstr "Mesaj gövdesinden sonra"
-msgid "Addressbook Display Format"
+#, fuzzy
+msgid "Address Book Display Format"
msgstr "Adres Defteri Görünüm Biçimi"
msgid "Javascript"
@@ -1571,15 +1594,26 @@ msgstr "Javascript"
msgid "HTML"
msgstr "HTML"
+msgid "Format of Addresses Added From Address Book"
+msgstr ""
+
+msgid "No prefix/Address only"
+msgstr ""
+
+#, fuzzy
+msgid "Nickname and address"
+msgstr "Ýsim ve Adres Seçenekleri"
+
+#, fuzzy
+msgid "Full name and address"
+msgstr "Ýsim ve Adres Seçenekleri"
+
msgid "Show HTML Version by Default"
msgstr "Varsayýlan olarak HTML Göster"
msgid "Enable Forward as Attachment"
msgstr "Eklenti Olarak Ýlet Seçeneðini Etkinleþtir"
-msgid "Include CCs when Forwarding Messages"
-msgstr "Mesajlarý Ýletirken Cc'leri Silme"
-
msgid "Include Me in CC when I Reply All"
msgstr "Herkese Cevap Yazdýðýmda Beni Cc'ye Ekle"
@@ -1982,6 +2016,12 @@ msgstr "SMTP doðrulama yok"
msgid "Login (plain text)"
msgstr "Login (düz yazý)"
+msgid "Custom SMTP AUTH username"
+msgstr ""
+
+msgid "Custom SMTP AUTH password"
+msgstr ""
+
msgid "POP3 Before SMTP?"
msgstr "SMTP'den Önce POP3"
@@ -2231,6 +2271,10 @@ msgid ""
msgstr ""
"Bu modül SquirrelMail'in ana yapýlandýrmasýný uzaktan yönetmenizi saðlar."
+#, fuzzy
+msgid "Plugin is not enabled"
+msgstr "Eklenti devde dýþý."
+
msgid "Submit a Bug Report"
msgstr "Bir Hata Raporu Gönder"
@@ -2314,7 +2358,8 @@ msgstr "Hata Raporu Formuna Baþla"
msgid "Bug"
msgstr "Hata"
-msgid "Bug Reports:"
+#, fuzzy
+msgid "Bug Reports"
msgstr "Hata Raporlarý:"
msgid "Show button in toolbar"
@@ -2756,7 +2801,8 @@ msgstr "%s bulunamadý."
msgid "Today's Fortune"
msgstr "Günün Falý"
-msgid "Fortunes:"
+#, fuzzy
+msgid "Fortunes"
msgstr "Fallar:"
msgid "Show fortunes at top of mailbox"
@@ -2826,33 +2872,21 @@ msgstr "Liste Sahibi Ýle Temas Kur"
msgid "Mailing List"
msgstr "Mesaj Listesi"
-msgid "POP3 connect:"
-msgstr "POP3 baðlantýsý:"
-
msgid "No server specified"
msgstr "Sunucu tanýmlanmadý"
msgid "Error "
msgstr "Hata "
-msgid "POP3 user:"
-msgstr "POP3 kullanýcýsý:"
-
msgid "no login ID submitted"
msgstr "kullanýcý adý verilmedi"
msgid "connection not established"
msgstr "baðlantý kurulmadý"
-msgid "POP3 pass:"
-msgstr "POP3 þifresi:"
-
msgid "No password submitted"
msgstr "Þifre verilmedi"
-msgid "POP3 apop:"
-msgstr "POP3 apop:"
-
msgid "No connection to server"
msgstr "Sunucuya baðlantý yok"
@@ -2868,45 +2902,15 @@ msgstr "durdur"
msgid "apop authentication failed"
msgstr "apop doðrulamasý baþarýsýz oldu"
-msgid "POP3 login:"
-msgstr "POP3 login:"
-
-msgid "POP3 top:"
-msgstr "POP3 top:"
-
-msgid "POP3 pop_list:"
-msgstr "POP3 pop_list:"
-
msgid "Premature end of list"
msgstr "Prematüre liste sonu"
-msgid "POP3 get:"
-msgstr "POP3 al:"
-
-msgid "POP3 last:"
-msgstr "POP3 son:"
-
-msgid "POP3 reset:"
-msgstr "POP3 reset:"
-
-msgid "POP3 send_cmd:"
-msgstr "POP3 send_cmd:"
-
msgid "Empty command string"
msgstr "Boþ komut giriþi"
-msgid "POP3 quit:"
-msgstr "POP3 çýkýþ:"
-
msgid "connection does not exist"
msgstr "baðlantý mevcut deðil"
-msgid "POP3 uidl:"
-msgstr "POP3 uidl:"
-
-msgid "POP3 delete:"
-msgstr "POP3 sil:"
-
msgid "No msg number submitted"
msgstr "Mesaj numarasý girilmedi"
@@ -3164,12 +3168,11 @@ msgstr ""
msgid "Count only messages that are RECENT"
msgstr "Sadece YENÝ mesajlarý say"
-#, php-format
+#, fuzzy, php-format
msgid ""
"Selecting the %s option will change the title in some browsers to let you "
-"know when you have new mail (requires JavaScript, and only works in IE but "
-"you won't see errors with other browsers). This will always tell you if you "
-"have new mail, even if you have %s enabled."
+"know when you have new mail (requires JavaScript). This will always tell you "
+"if you have new mail, even if you have %s enabled."
msgstr ""
"%s seçeneði bazý tarayýcýlarda yeni mesaj aldýðýnýzý belirtmek için baþlýðýn "
"deðiþmesini saðlar (JavaScript gerektirir ve sadece IE ile çalýþýr fakat "
@@ -3210,6 +3213,17 @@ msgstr "(hiçbiri)"
msgid "requires JavaScript to work"
msgstr "çalýþmak için JavaScript gerektirir"
+#, fuzzy
+msgid "Width of popup window:"
+msgstr "Yazým Penceresinin Geniþliði"
+
+msgid "If set to 0, reverts to default value"
+msgstr ""
+
+#, fuzzy
+msgid "Height of popup window:"
+msgstr "Yazým Penceresinin Yüksekliði"
+
msgid "Try"
msgstr "Dene"
@@ -3546,9 +3560,6 @@ msgstr "Bu, kiþisel sözlük dosyanýzý sil
msgid "Error Decrypting Dictionary"
msgstr "Sözlük Þifresi Çözülürken Hata Oldu"
-msgid "Cute."
-msgstr "Sevimli."
-
#, php-format
msgid "Could not run the spellchecker command (%s)."
msgstr "Yazým kontrol komutu çalýþtýrýlamadý (%s)."
@@ -3838,6 +3849,9 @@ msgstr ""
msgid "SquirrelSpell Initiating"
msgstr "SquirrelSpell Baþlýyor"
+msgid ", "
+msgstr ""
+
#, php-format
msgid "Settings adjusted to: %s with %s as default dictionary."
msgstr "Ayarlar þöyle yapýldý: Varsayýlan sözlük olarak %s ile %s."
@@ -4084,3 +4098,51 @@ msgstr "Daðýtýlmayan Mesaj Baþlýklarý"
msgid "This image has been removed for security reasons"
msgstr "Bu resim güvenlik nedenleriyle kaldýrýlmýþtýr"
+
+#~ msgid "Include CCs when Forwarding Messages"
+#~ msgstr "Mesajlarý Ýletirken Cc'leri Silme"
+
+#~ msgid "POP3 connect:"
+#~ msgstr "POP3 baðlantýsý:"
+
+#~ msgid "POP3 user:"
+#~ msgstr "POP3 kullanýcýsý:"
+
+#~ msgid "POP3 pass:"
+#~ msgstr "POP3 þifresi:"
+
+#~ msgid "POP3 apop:"
+#~ msgstr "POP3 apop:"
+
+#~ msgid "POP3 login:"
+#~ msgstr "POP3 login:"
+
+#~ msgid "POP3 top:"
+#~ msgstr "POP3 top:"
+
+#~ msgid "POP3 pop_list:"
+#~ msgstr "POP3 pop_list:"
+
+#~ msgid "POP3 get:"
+#~ msgstr "POP3 al:"
+
+#~ msgid "POP3 last:"
+#~ msgstr "POP3 son:"
+
+#~ msgid "POP3 reset:"
+#~ msgstr "POP3 reset:"
+
+#~ msgid "POP3 send_cmd:"
+#~ msgstr "POP3 send_cmd:"
+
+#~ msgid "POP3 quit:"
+#~ msgstr "POP3 çýkýþ:"
+
+#~ msgid "POP3 uidl:"
+#~ msgstr "POP3 uidl:"
+
+#~ msgid "POP3 delete:"
+#~ msgstr "POP3 sil:"
+
+#~ msgid "Cute."
+#~ msgstr "Sevimli."
Index: .cvsignore
===================================================================
RCS file: /cvs/extras/rpms/squirrelmail/F-9/.cvsignore,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -r1.21 -r1.22
--- .cvsignore 14 Dec 2007 22:02:14 -0000 1.21
+++ .cvsignore 1 Oct 2008 13:30:57 -0000 1.22
@@ -1,2 +1,2 @@
-squirrelmail-1.4.13.tar.bz2
-all_locales-1.4.9-20070106.tar.bz2
+squirrelmail-1.4.16.tar.bz2
+all_locales-1.4.13-20071220.tar.bz2
Index: sources
===================================================================
RCS file: /cvs/extras/rpms/squirrelmail/F-9/sources,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -r1.21 -r1.22
--- sources 14 Dec 2007 22:02:14 -0000 1.21
+++ sources 1 Oct 2008 13:30:57 -0000 1.22
@@ -1,2 +1,2 @@
-1a1bdad6245aaabcdd23d9402acb388e squirrelmail-1.4.13.tar.bz2
-eaa0e8835b8d7d451500aad907c22e24 all_locales-1.4.9-20070106.tar.bz2
+22dcf999941e644edc3ea467ed3b9e24 squirrelmail-1.4.16.tar.bz2
+c6463312afcd602ae60fd8f388dfb8c2 all_locales-1.4.13-20071220.tar.bz2
squirrelmail-1.4.6-japanese-multibyte-view-body.patch:
Index: squirrelmail-1.4.6-japanese-multibyte-view-body.patch
===================================================================
RCS file: /cvs/extras/rpms/squirrelmail/F-9/squirrelmail-1.4.6-japanese-multibyte-view-body.patch,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- squirrelmail-1.4.6-japanese-multibyte-view-body.patch 9 Jul 2006 20:50:24 -0000 1.2
+++ squirrelmail-1.4.6-japanese-multibyte-view-body.patch 1 Oct 2008 13:30:57 -0000 1.3
@@ -1,26 +1,26 @@
-diff -ruNp squirrelmail-1.4.6.org/functions/mime.php squirrelmail-1.4.6/functions/mime.php
---- squirrelmail-1.4.6.org/functions/mime.php 2006-06-29 08:23:58.000000000 +0900
-+++ squirrelmail-1.4.6/functions/mime.php 2006-06-29 08:34:26.000000000 +0900
-@@ -353,8 +353,20 @@ function formatBody($imap_stream, $messa
- $body = charset_decode($body_message->header->getParameter('charset'),$body,false,true);
+diff -up squirrelmail-1.4.13/functions/mime.php.BAD squirrelmail-1.4.13/functions/mime.php
+--- squirrelmail-1.4.13/functions/mime.php.BAD 2008-09-05 12:24:10.000000000 -0400
++++ squirrelmail-1.4.13/functions/mime.php 2008-09-05 12:24:36.000000000 -0400
+@@ -361,8 +361,20 @@ function formatBody($imap_stream, $messa
+ $body = magicHTML($body, $id, $message, $mailbox);
}
} else {
- translateText($body, $wrap_at,
- $body_message->header->getParameter('charset'));
-+ if($squirrelmail_language != 'ja_JP'){
-+ translateText($body, $wrap_at,
-+ $body_message->header->getParameter('charset'));
-+ } else {
-+ if($body_message->header->encoding == 'base64' ||
-+ $body_message->header->encoding == 'quoted-printable' ||
-+ $body_message->header->encoding == 'quoted_printable'){
-+ translateText($body, $wrap_at, $default_charset);
-+ } else {
-+ // it may never call here.
-+ translateText($body, $wrap_at,
-+ $body_message->header->getParameter('charset'));
-+ }
-+ }
++ if($squirrelmail_language != 'ja_JP'){
++ translateText($body, $wrap_at,
++ $body_message->header->getParameter('charset'));
++ } else {
++ if($body_message->header->encoding == 'base64' ||
++ $body_message->header->encoding == 'quoted-printable' ||
++ $body_message->header->encoding == 'quoted_printable'){
++ translateText($body, $wrap_at, $default_charset);
++ } else {
++ // it may never call here.
++ translateText($body, $wrap_at,
++ $body_message->header->getParameter('charset'));
++ }
++ }
}
// if this is the clean display (i.e. printer friendly), stop here.
squirrelmail-1.4.6-japanese-multibyte-view-text.patch:
Index: squirrelmail-1.4.6-japanese-multibyte-view-text.patch
===================================================================
RCS file: /cvs/extras/rpms/squirrelmail/F-9/squirrelmail-1.4.6-japanese-multibyte-view-text.patch,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- squirrelmail-1.4.6-japanese-multibyte-view-text.patch 17 Apr 2007 16:52:44 -0000 1.3
+++ squirrelmail-1.4.6-japanese-multibyte-view-text.patch 1 Oct 2008 13:30:57 -0000 1.4
@@ -1,17 +1,16 @@
-diff -ruNp squirrelmail-1.4.6.org/src/view_text.php squirrelmail-1.4.6/src/view_text.php
---- squirrelmail-1.4.6.org/src/view_text.php 2006-02-04 07:27:55.000000000 +0900
-+++ squirrelmail-1.4.6/src/view_text.php 2006-06-29 08:30:04.000000000 +0900
-@@ -81,7 +81,17 @@ if ($type1 == 'html' || (isset($override
- if (! empty($charset))
- $body = charset_decode($charset,$body,false,true);
+diff -up squirrelmail-1.4.13/src/view_text.php.BAD squirrelmail-1.4.13/src/view_text.php
+--- squirrelmail-1.4.13/src/view_text.php.BAD 2008-09-05 12:22:02.000000000 -0400
++++ squirrelmail-1.4.13/src/view_text.php 2008-09-05 12:23:20.000000000 -0400
+@@ -84,7 +84,17 @@ if ($type1 == 'html' || (isset($override
+ $body = magicHTML( $body, $passed_id, $message, $mailbox);
} else {
$ishtml = FALSE;
- translateText($body, $wrap_at, $charset);
+ if($squirrelmail_language != 'ja_JP'){
+ translateText($body, $wrap_at, $charset);
+ } else {
-+ if($encoding == 'base64' || $encoding == 'quoted-printable' ||
-+ $encoding == 'quoted_printable'){
++ if($encoding == 'base64' || $encoding == 'quoted-printable' ||
++ $encoding == 'quoted_printable'){
+ translateText($body, $wrap_at, $default_charset);
+ } else {
+ // it may never call here.
Index: squirrelmail.spec
===================================================================
RCS file: /cvs/extras/rpms/squirrelmail/F-9/squirrelmail.spec,v
retrieving revision 1.56
retrieving revision 1.57
diff -u -r1.56 -r1.57
--- squirrelmail.spec 14 Dec 2007 22:02:14 -0000 1.56
+++ squirrelmail.spec 1 Oct 2008 13:30:57 -0000 1.57
@@ -5,23 +5,25 @@
Summary: SquirrelMail webmail client
Name: squirrelmail
-Version: 1.4.13
+Version: 1.4.16
Release: 1%{?dist}
-License: GPL
+License: GPLv2+
URL: http://www.squirrelmail.org/
Group: Applications/Internet
Source0: http://prdownloads.sourceforge.net/squirrelmail/%{name}-%{version}.tar.bz2
Source1: squirrelmail.conf
Source2: squirrelmail-splash-fedora.png
Source3: squirrelmail-splash-rhel.png
-Source4: http://prdownloads.sourceforge.net/squirrelmail/all_locales-1.4.9-20070106.tar.bz2
+Source4: http://prdownloads.sourceforge.net/squirrelmail/all_locales-1.4.13-20071220.tar.bz2
Source5: config_local.php
Patch1: squirrelmail-1.4.6-zenkaku-subject-convert.patch
#Patch2: squirrelmail-1.4.8-IE-Japanese-download-ugly-hack.patch
Patch3: squirrelmail-1.4.6-japanese-multibyte-view-text.patch
Patch4: squirrelmail-1.4.6-japanese-multibyte-view-body.patch
#Patch5: squirrelmail-1.4.7-ja-translate.patch
-Patch6: squirrelmail-1.4.9a-id_plural.patch
+#Patch6: squirrelmail-1.4.9a-id_plural.patch
+# Taken from upstream
+Patch7: squirrelmail-1.4.15-tr-fix.patch
# CVE-2006-6142
#Patch100: squirrelmail-1.4.8-CVE-2006-6142-draft_composesess.patch
#Patch101: squirrelmail-1.4.8-CVE-2006-6142-mailto.patch
@@ -57,7 +59,8 @@
mkdir locale_tempdir
cd locale_tempdir
tar xfj %SOURCE4
-%patch6 -p2
+#%patch6 -p2
+%patch7 -p2
%build
rm -f plugins/make_archive.pl
@@ -258,6 +261,10 @@
%{_sysconfdir}/cron.daily/squirrelmail.cron
%changelog
+* Wed Oct 1 2008 Michal Hlavinka <mhlavink at redhat.com> - 1.4.16-1
+- update to 1.4.16
+- resolves: #464185: CVE-2008-3663 Squirrelmail session hijacking
+
* Fri Dec 14 2007 Kevin Fenzi <kevin at tummy.com> - 1.4.13-1
- upgrade to new upstream 1.4.13
- note that this package was never vulnerable to CVE-2007-6348
More information about the fedora-extras-commits
mailing list