pkgsrc/mail/squirrelmail/patches
obache c356f22de8 Update squirrelmail to 1.4.9a.
ChangLog:
Version 1.4.9a - 3 December 2006
--------------------------------
  - Security: Multiple IE cross site scripting issues related to the
    widely acceptation of the word expression and url by IE.
  - Security: Removing @import when sanitizing html mail.

Version 1.4.9 - 2 December 2006
-------------------------------
  - Drop obsolete script plugins/make_archive.pl.
  - Fixed Google translate form in translate plugin. Added new language
    pairs.
  - Added XMAGICTRASH extension tests in configtest utility. Removed code
    that handled 'inbox.trash' as special folder in courier (#1354393).
  - Allowed moving folders to trash in courier.
  - Fix misspelled constant PREG_SPLIT_NI_EMPTY in sqimap_get_message
    (#1543573).
  - Provide View Unsafe Images link on viewing a text/html attachment.
  - Fix variable typo in folders_create.php (#1545316).
  - Added Courier IMAP OUTBOX check to configtest utility.
  - If mailbox name starts with slash or contains ../, error message is
    generated. Safety check for insecure default UW IMAP setup (#1557078).
  - Ignore message copy errors when messages are deleted. Allows to delete
    messages when quota is exceeded (#614887, #646386, #1446026).
  - Fixed unintended literal fetching (#1562271).
  - Added global file based address book listing controls. Added line
    length configuration option for local_file address book backend
    (#1181561). Added address book data integrity checks in local_file
    address book backend. Fixed eregi and object notices in local_file
    and database address book backends. Added additional address book
    field support.
  - Fixed variable corruption in configtest utility.
  - Checked if configuration file is readable in configuration utility
    (#1568355).
  - Special mailboxes marked in special_mailbox hook are no longer listed
    in folder delete, rename and subscription options.
  - Translate plugin: prevent PHP notice when viewing empty message.
  - Add CEST and MEST (non-standard) timezone codes for +0200.
  - Add <label> to From field in message list.
  - Add support for parsing SpamAssassin's X-Spam-Status header (#1589520).
  - Fix in bodystructure parser code related to strings ending with an
    escape character.
  - Added "attachment */*" hook
  - Added third parameter $logout_link to logout_error hook that allows
    plugin control over login page URI displayed on login error page.
  - Security: close cross site scripting vulnerability in draft, compose
    and mailto functionality [CVE-2006-6142].
  - Security: work around an issue in Internet Explorer that would guess
    the mime type of a file based on contents, not Content-Type header.
2006-12-04 13:06:01 +00:00
..
patch-aa Update squirrelmail to 1.4.9a. 2006-12-04 13:06:01 +00:00