--- squirrelmail-1.4.20.orig/README.locales +++ squirrelmail-1.4.20/README.locales @@ -0,0 +1,28 @@ +The locales (translations) for the SquirrelMail package are provided in +the package "squirrelmail-locales" on which the "squirrelmail" package +recommends. You need to install that package as well if you want to use +SquirrelMail in languages other than English. + +You may need to reconfigure locales with: + dpkg-reconfigure locales +to make alternative languages work. + +In some cases it might also be needed to restart Apache after you've +upgraded or added locales, because of some internal caching of locale +information by Apache. + +=== Locale with correct charset needs to be configured === + +The locale of the language file you want to use has to be configured +on the server. +E.g., to make the "French" translation work, you need to setup the +fr_FR.ISO-8859-1 locale. Currently it will not work if you only have +the fr_FR.UTF-8 locale enabled, you need the ISO-8859-1 one as well. + +You can generate locales using: + locale-gen LOCALE +You can see which locale names get used for a given language in the +setup.php file of the translations, +e.g. /usr/share/squirrelmail/locale/fr_FR/setup.php for fr_FR. +See the "locale" program to display installed locales, e.g. "locale -a -v". + --- squirrelmail-1.4.20.orig/include/load_prefs.php +++ squirrelmail-1.4.20/include/load_prefs.php @@ -33,6 +33,11 @@ /* need to adjust $chosen_theme path with SM_PATH */ $chosen_theme = preg_replace("/(\.\.\/){1,}/", SM_PATH, $chosen_theme); +/* need to prepend path where none exists */ +if ( !preg_match("/\//", $chosen_theme) ) { + $chosen_theme = SM_PATH . "themes/" . $chosen_theme; +} + for ($i = 0; $i < count($theme); ++$i){ if ($theme[$i]['PATH'] == $chosen_theme) { $found_theme = true; --- squirrelmail-1.4.20.orig/include/options/display.php +++ squirrelmail-1.4.20/include/options/display.php @@ -88,23 +88,29 @@ $language_values = array(); foreach ($languages as $lang_key => $lang_attributes) { + # Debian: cope with squirrelmail-locales not being installed: do not offer + # non-existant languages for selection. This has been fixed in 1.5.x upstream. + if ( isset($lang_attributes['NAME']) && ($lang_key != 'en_US') && ($lang_key != 'custom') && + !file_exists ( SM_PATH . 'locale/'. $lang_key ) ) continue; if (isset($lang_attributes['NAME'])) { $language_values[$lang_key] = $lang_attributes['NAME']; } } - - asort($language_values); - $language_values = - array_merge(array('' => _("Default")), $language_values); - $language = $squirrelmail_language; - $optvals[SMOPT_GRP_GENERAL][] = array( - 'name' => 'language', - 'caption' => _("Language"), - 'type' => SMOPT_TYPE_STRLIST, - 'refresh' => SMOPT_REFRESH_ALL, - 'posvals' => $language_values, - 'htmlencoded' => true - ); + # Debian: only display this option if there's actually a choice. + if ( count($language_values) > 1) { + asort($language_values); + $language_values = + array_merge(array('' => _("Default")), $language_values); + $language = $squirrelmail_language; + $optvals[SMOPT_GRP_GENERAL][] = array( + 'name' => 'language', + 'caption' => _("Language"), + 'type' => SMOPT_TYPE_STRLIST, + 'refresh' => SMOPT_REFRESH_ALL, + 'posvals' => $language_values, + 'htmlencoded' => true + ); + } /* Set values for the "use javascript" option. */ $optvals[SMOPT_GRP_GENERAL][] = array( --- squirrelmail-1.4.20.orig/debian/changelog +++ squirrelmail-1.4.20/debian/changelog @@ -0,0 +1,713 @@ +squirrelmail (2:1.4.20-1) unstable; urgency=low + + * New upstream release. + + Addresses search bug (closes: #550763). + * Update to policy 3.8.4, no changes necessary. + + -- Thijs Kinkhorst Sun, 07 Mar 2010 16:26:58 +0100 + +squirrelmail (2:1.4.20~rc2-1) unstable; urgency=medium + + * New upstream release candidate. + + Addresses cross site request forgery (CVE-2009-2964, + closes: #543818). + * Update to policy 3.8.3, no changes necessary. + + -- Thijs Kinkhorst Sun, 27 Sep 2009 16:46:03 +0200 + +squirrelmail (2:1.4.19-1) unstable; urgency=high + + * New upstream release. + + Corrects incomplete fix for CVE-2009-1579 [CVE-2009-1381] + + Fixes filter plugin regression (closes: #529328) + + -- Thijs Kinkhorst Thu, 21 May 2009 20:16:48 +0200 + +squirrelmail (2:1.4.18-1) unstable; urgency=high + + * New upstream release. + + Addresses several security issues (closes: #528528): + CVE-2009-1578, CVE-2009-1579, CVE-2009-1580, CVE-2009-1581. + * Update to debhelper 7 and policy 3.8.1. + * Make squirrelmail.cron.daily cope with the administrator + enabling the hashed dir feature, thanks Marcello Nuccio + (closes: #508287). + * Update Recommends and Suggests: + + Remove all php4-related relations. + + Add recommends for php5-mcode which speeds up crypto. + + Suggest php5-recode for some character sets. + + Recommend plugins: squirrelmail-viewashtml for HTML mail, + squirrelmail-logger to provide logging. + (closes: #523966, #527964) + + -- Thijs Kinkhorst Wed, 13 May 2009 19:42:57 +0200 + +squirrelmail (2:1.4.15-4) unstable; urgency=high + + * Address cross site scripting issue in the HTML filter + (CVE-2008-2379). + + -- Thijs Kinkhorst Sun, 07 Dec 2008 16:18:03 +0100 + +squirrelmail (2:1.4.15-3) unstable; urgency=high + + * Cookies sent over HTTPS will now be confined to HTTPS only + (cookie secure flag) and more support for the HTTPOnly cookie + attribute. Patch taken from upstream release. + (CVE-2008-3663, closes: #499942) + + -- Thijs Kinkhorst Sun, 28 Sep 2008 16:33:48 +0200 + +squirrelmail (2:1.4.15-2) unstable; urgency=low + + * Update fortune location to Debian's default, thanks + Richard Nelson, closes: #484835. + * Conforms to Debian policy 3.8.0, no changes required. + + -- Thijs Kinkhorst Sun, 13 Jul 2008 15:31:17 +0200 + +squirrelmail (2:1.4.15-1) unstable; urgency=low + + * New upstream bugfix release. + * Remove Sam Johnston from Uploaders. + * Update README.locales to be more verbose about which locales + need to be enabled on the system, thanks Daniel Hahler. + (closes: #473861) + * Do not install index.html under /usr/share/doc, it doesn't add + much value but requires Debian-specific patching which still + doesn't work well with gzipped files (closes: #457524). + + -- Thijs Kinkhorst Sat, 24 May 2008 09:53:35 +0200 + +squirrelmail (2:1.4.13-2) unstable; urgency=low + + * Apply Debian-specific changes that somehow got lost in the + previous upload (Closes: #457597, #457524). + + -- Thijs Kinkhorst Sun, 23 Dec 2007 22:36:27 +0100 + +squirrelmail (2:1.4.13-1) unstable; urgency=low + + * New upstream release. + + -- Thijs Kinkhorst Sat, 15 Dec 2007 13:57:31 +0100 + +squirrelmail (2:1.4.12-1) unstable; urgency=low + + * New upstream release. + * Minor packaging cleanups. + + -- Thijs Kinkhorst Thu, 06 Dec 2007 17:27:56 +0100 + +squirrelmail (2:1.4.11-2) unstable; urgency=low + + * Fix broken attachment handling in PHP4 by applying patch + from upstream. + NOTE: this is only a courtesy to PHP4 users, it must be noted + that Debian does not support PHP4 in current unstable anymore. + (Closes: #444970) + + -- Thijs Kinkhorst Wed, 10 Oct 2007 09:56:53 +0200 + +squirrelmail (2:1.4.11-1) unstable; urgency=low + + * New upstream release. + * Remove workaround for buglet in dictionaries-common SquirrelMail interface. + + -- Thijs Kinkhorst Sat, 29 Sep 2007 10:41:21 +0200 + +squirrelmail (2:1.4.10a-2) unstable; urgency=low + + * Make use of new dictionaries-common SquirrelMail interface to + detect the installed squirrelspell dictionaries (Closes: #420877). + * Remove obsolete upgrading code. + * Make sure config files are not closed with '?>' since it's then + too easy to get stray whitespace at the end of the file. + + -- Thijs Kinkhorst Thu, 31 May 2007 19:34:29 +0200 + +squirrelmail (2:1.4.10a-1) unstable; urgency=high + + * New upstream security release. + - Fixes cross site scripting in the HTML filter + [CVE-2007-1262, CVE-2007-2589]. + - Tweaks SMTP error message display (Closes: #403705). + - Fixes address duplication on reply-all (Closes: #408242). + + -- Thijs Kinkhorst Thu, 10 May 2007 12:04:48 +0200 + +squirrelmail (2:1.4.9a-1) unstable; urgency=high + + * New upstream security release. + - Additionally tightens HTML filter for IE <= 5 parsing + absolutely everything and its horse. + + -- Thijs Kinkhorst Mon, 4 Dec 2006 09:18:09 +0100 + +squirrelmail (2:1.4.9-1) unstable; urgency=high + + * New upstream bugfix release. + - Includes cross site scripting security fix [CVE-2006-6142]. + - Includes Internet Explorer security issue workaround. + - Fixes misspelled constant (Closes: #401022) + + -- Thijs Kinkhorst Sat, 2 Dec 2006 17:35:43 +0100 + +squirrelmail (2:1.4.8-3) unstable; urgency=low + + * Add note to README.Debian about server side sorting (Closes: #394286) + and regular_globals not being supported. + * Add IfModule conditionals for register_globals setting in + apache.conf (Closes: #398173). + + -- Thijs Kinkhorst Mon, 13 Nov 2006 16:29:33 +0100 + +squirrelmail (2:1.4.8-2) unstable; urgency=low + + * Update Debian patch to display options to cope with the custom + charset plugin. Thanks Tomas Kuliavas, Closes: #385300. + * Suggest php[45]-ldap, Closes: #392306. + * Improve package description. + + -- Thijs Kinkhorst Fri, 20 Oct 2006 16:36:36 +0200 + +squirrelmail (2:1.4.8-1) unstable; urgency=high + + * New upstream release + - Includes security fix: variable overwriting in compose.php + by logged-in user [CVE-2006-4019] + - Does not ship SquirrelMail developer's documentation anymore. + + * Remove duplicate content from README.locales. + + + -- Thijs Kinkhorst Fri, 11 Aug 2006 13:53:20 +0200 + +squirrelmail (2:1.4.7-1) unstable; urgency=low + + * New upstream bugfix release. + + Addresses some low-impact, theoretical or disputed security bugs, + for which the code is tightened just-in-case: + - Possible local file inclusion (Closes: #373731, CVE-2006-2842) + - XSS in search.php (Closes: #375782, CVE-2006-3174) + + Adds note to db-backend.txt about postgreSQL (Closes: #376605). + + * Checked for standards version to 3.7.2, no changes necessary. + * Update maintainer address. + + -- Thijs Kinkhorst Tue, 4 Jul 2006 14:49:23 +0200 + +squirrelmail (2:1.4.6-1) unstable; urgency=high + + * New upstream release. + * Includes the following security fixes: + - Fix IMAP command injection in sqimap_mailbox_select + with upstream patch. [CVE-2006-0377] (Closes: #354063) + - Fix possible XSS in MagicHTML, concerning the parsing + of u\rl and comments in styles. Internet Explorer + specific. [CVE-2006-0195] (Closes: #354062) + - Fix possible cross site scripting through the right_main + parameter of webmail.php. This now uses a whitelist of + acceptable values. [CVE-2006-0188] (Closes: #354064, #355424) + + + -- Thijs Kinkhorst Tue, 7 Mar 2006 14:56:06 +0100 + +squirrelmail (2:1.4.5+1.4.6rc1-1) experimental; urgency=low + + * Experimental package + * New upstream version: 1.4.6 Release Candidate 1 + Many bugfixes, amongst which the following Debian bugs: + + Works with newest PHP versions (Closes: #321565, #338649). + + Fixes line wrapping for unicode characters (Closes: #330372). + + Add support for limiting the length of the From address display + (Closes: #279682). + * Add Depends alternatives for PHP5. + * Add Suggests for squirrelmail-decode, the library with charset decoding + functions for complex and rare character sets. + * Upgrade debhelper compatibility to the recommended level 5. + * Add Homepage to package description. + * Move package building from the binary-arch to the binary-indep target + in debian/rules. + + -- Thijs Kinkhorst Sat, 10 Dec 2005 18:13:43 +0100 + +squirrelmail (2:1.4.5-2) unstable; urgency=low + + [ Jeroen van Wolffelaar ] + * Restore squirrelmail-configure manpage, accidently dropped in -1 + * Use debhelper compat level 4 + + [ Thijs Kinkhorst ] + * Drop obsolete symlink for attachment dir. + * Do not ship upstream README, which contains hardly any information + relevant to Debian. Extend README.Debian a bit. Thanks W. Borgert. + * Add years to copyright statement. + + -- Thijs Kinkhorst Mon, 15 Aug 2005 21:06:00 +0200 + +squirrelmail (2:1.4.5-1) unstable; urgency=low + + * New upstream release. (Closes: #319531) + Many bugfixes, including the following Debian bugs: + + Allows to use squirrelspell with PHP safe_mode (Closes: #220156). + + Has multiple alternatives for locale names (Closes: #269790). + + Option to set citation marker (Closes: #274595). + * Dropped a lot of patches incorporated upstream + * Add debian/watch file. + * If default_pref file does not exist under var, do not attempt to move it + to /etc (Closes: #309628). + * Fix squirrelspell to read UTF8-encoded dictionary names correctly. + (Closes: #311338) + * Change Depends on squirrelmail-locales into Recommends; the depends + was created to ease woody -> sarge upgrades, now a recommendation is + sufficient (Closes: #319382). + * Update Standards-Version to 3.6.2, no changes necessary. + * Clean up rusty packaging. + * Add depends-alternative for libapache-mod-php4, to prevent installs that + have apache1 and libapache-mod-php4 but not the php4 meta package from + dragging in apache2 (Closes: #320993). + + -- Thijs Kinkhorst Wed, 3 Aug 2005 20:00:16 +0200 + +squirrelmail (2:1.4.4-6sarge1) stable-security; urgency=high + + * Non-maintainer upload by the Security Team + * Corrected the patch based on upstream input + [src/options_identities.php, CAN-2005-2095] + + -- Martin Schulze Mon, 11 Jul 2005 15:21:59 +0000 + +squirrelmail (2:1.4.4-6) stable-security; urgency=high + + * Security fix, hence high urgency. + * Apply patch provided by upstream to fix several cross site scripting + flaws [CAN-2005-1769] (Closes: #314374) + * Work around arbitrary variable injection via extract() [CAN-2005-2095] + (Closes: #317094) + + -- Thijs Kinkhorst Sat, 09 Jul 2005 11:57:20 +0200 + +squirrelmail (2:1.4.4-5) unstable; urgency=low + + * Add Suggests for imapproxy. + * Update README.Debian with documentation about the Recommends and + Suggests of this package. + * Add advice about setting default options for your specific IMAP server. + * Move fix for reloading signout.php from there to auth.php, because it + broke plug-ins. Patch from upstream CVS. (Closes: #304422) + * Correct spelling errors in Debian documentation. + * Change "no JavaScript" to "no JavaScript required" in the package + description because JavaScript can be used if available but is not + depended on. + + -- Thijs Kinkhorst Sat, 9 Apr 2005 13:35:19 +0200 + +squirrelmail (2:1.4.4-4) unstable; urgency=low + + * Make use of dictionaries-common (when available) to auto-detect + spell checker settings (Closes: #283948) + * Change default recommended spell checker to ispell. + + -- Thijs Kinkhorst Sat, 26 Mar 2005 15:28:48 +0100 + +squirrelmail (2:1.4.4-3) unstable; urgency=low + + * Move default_pref config file from /var to /etc, as per Debian policy + (Closes: #293281) + * [JvW] (finally) override two lintian warnings about nonstandard + permissions that are intentional (Closes: #293366) + + -- Thijs Kinkhorst Sun, 6 Feb 2005 21:41:51 +0100 + +squirrelmail (2:1.4.4-2) unstable; urgency=low + + * Fix configtest.php to accept a non-readable data_dir, which is the + default Debian configuration + * [JvW] Depend on squirrelmail-locales, to ease upgrades woody->sarge + (Closes: #292490) + * Extend README.locales with information about the squirrelmail-locales + package and add hint that a restart of Apache might be needed + * Limit access to configtest.php to just localhost, to prevent + information leakage (Closes: #293133) + + -- Thijs Kinkhorst Tue, 1 Feb 2005 14:26:41 +0100 + +squirrelmail (2:1.4.4-1) unstable; urgency=high + + * New upstream version: 1.4.4 + + Security: Added hook for Preferences Backend to resolve potential + local file inclusion resulting in arbitrary code execution, warranting + high urgency [CAN-2005-0075] + + Security: Fix potential file inclusion issues in src/webmail.php. + [CAN-2005-0103] + + Security: Fix possible XSS issues in src/webmail.php. [CAN-2005-0104] + * Thijs Kinkhorst: Add missing docs to squirrelmail.docs file (Closes: + #289088) + + Thanks a lot to Thijs Kinkhorst who worked hard to get 1.4.4 released, and + helped tremendously with the packaging for Debian + + -- Jeroen van Wolffelaar Sat, 22 Jan 2005 23:33:16 +0100 + +squirrelmail (2:1.4.3a+1.4.4rc1-0exp1) experimental; urgency=low + + * Experimental package + * New upstream version: 1.4.4 Release Candidate 1 + + Fixes broken theme select box (Closes: #286374) + + Fixes wrong German translation (Closes: #282829) + + Fixes broken Unicode encoding (Closes: #270626) + + Fixes signout error when timed out (Closes: #275941) + + Removed several backported patches that are in 1.4.4 now + * Locales are not in the squirrelmail package anymore, but a separate + package, start to recommend it (squirrelmail-locales) + + -- Jeroen van Wolffelaar Mon, 3 Jan 2005 00:28:32 +0100 + +squirrelmail (2:1.4.3a-3) unstable; urgency=high + + * Fix security issue: a remote attacker can compromise an account by + sending a specially-crafted email containing JavaScript in a RFC2047 + encoded header [CAN-2004-1036] (Closes: #280591) + * Fix spelling mistake in the name of Thijs Kinkhorst in Uploaders + + -- Jeroen van Wolffelaar Tue, 16 Nov 2004 12:26:43 +0100 + +squirrelmail (2:1.4.3a-2) unstable; urgency=medium + + * Put myself as maintainer, and Sam Johnston as co-maintainer. Thijs + Kinkhorst will also keep assisting in this package, he's co-maintainer too + now. Thanks Sam, for the work you're putting into squirrelmail. + * Checked for policy compliance with 3.6.1, no changes were needed, updated + Standards-Version + * Fix conf.pl detection of magic $domain contents (Closes: #271374) + * Default to use /etc/mailname if it exists as default domain, use + /etc/hostname only as fallback, as indicated by policy 11.6 (Mail + transport, delivery and user agents) + * cron.daily now checks whether the to-be-cleaned directory actually exists, + and exits gracefully if not (Closes: #272046) + * Now really fix the default apache.conf ssl-redirection example, also noted + that it's just that, an example, and might not always work (Closes: #267777) + + -- Jeroen van Wolffelaar Wed, 22 Sep 2004 00:59:48 +0200 + +squirrelmail (2:1.4.3a-1) unstable; urgency=low + + * Signed and incremented by maintainer on vacation. Closes: #255752. + * Updated SSL RewriteCond directive to resolve loop. Closes: #267777. + + -- Sam Johnston Tue, 24 Aug 2004 23:27:24 +1000 + +squirrelmail (2:1.4.3a-0.3) unstable; urgency=low + + * Non-Maintainer Upload in cooperation with Thijs Kinkhorst + * Applied patch from stable CVS that refuses to LOGIN (plaintext + IMAP-authentication) if the server advertises that is not supported, and + gives an appropriate error message (Closes: #266099) + * Don't put a newline in $domain in the default config + + -- Jeroen van Wolffelaar Thu, 19 Aug 2004 01:08:01 +0200 + +squirrelmail (2:1.4.3a-0.2) unstable; urgency=medium + + * Non-Maintainer Upload in cooperation with Thijs Kinkhorst + * [TK] Apply simple patch from upstream stable CVS fixing sending of + RFC-violating Message-ID's (class/deliver/Deliver.class.php + r1.18.2.11 & r1.18.2.12) + * Remove symlink in /var/www/ that kept being recreated, updated + README.Debian accordingly (Closes: #261102) + * Prevent dh_fixperms from resetting special permission of + /var/lib/squirrelmail/data/ and /var/spool/squirrelmail/attach/, so that + the buggy workaround in postinst can be removed (Closes: #263936) + * Suggests php4-pear now (useful for database-backed preferences and + addressbooks) + + -- Jeroen van Wolffelaar Fri, 13 Aug 2004 14:46:25 +0200 + +squirrelmail (2:1.4.3a-0.1) unstable; urgency=low + + * Non-Maintainer Upload in cooperation with Thijs Kinkhorst + , upstream SquirrelMail developer + * Reverted away from the development branch to the stable branch + (Closes: #232995) + - This re-introduces the translations (Closes: #232944) + - Experimental mailbox-tree code is 1.5.x only (Closes: #231687, #233550, + also closes: #250411) + - imap_general experimental code was buggy in 1.5.0 only (Closes: #246097) + - A buggy CRAM-MD5 check was 1.5.0 only too (Closes: #239566) + * New upstream + * Backport fix that was already in the 1.5.0 package fixing RFC3501 + compliance for mailbox naming, keeping #176590 and #215183 closed + (by Thijs, he committed it in upstream CVS on the 1.4 branch as + functions/imap_mailbox.php 1.172.2.11) + * Prefer apache2 and its php4 module in the Depends + (Closes: #250303, #251656) + * Dropped dependency on php4-pear, and added a proper error when using the + preferences/addressbook-in-database feature suggesting to install it + * Turn register_globals off for SquirrelMail, rather than on, since this is + supported (even recommended) for nowaday's SquirrelMail + * Add debhelper tokens to the postinst and postrm, this removes the now + needless debconf purge on package purge, and the debconf dependency + * On purge, remove user data in /var/{lib,spool}/squirrelmail too + * Stop distributing UPGRADE and a duplicate copy of the upstream changelog + * In README, tell about README.Debian instead of referring to 'INSTALL' + * The README.Debian is more clear about configuring with Apache + * Update 'copyright' file with general download location and correct the + copyright holder to "The SquirrelMail Project Team". + * In index.html, have proper (though still not complete) references to + available documents in /usr/share/doc/squirrelmail (Closes: #246722) + * Removed bogus 'Closes' line in last changelog entry + + -- Jeroen van Wolffelaar Tue, 22 Jun 2004 19:37:36 +0200 + +squirrelmail (1:1.5.0-1) unstable; urgency=low + + * New upstream release. + * RFC3501 compliance for mailbox naming (eg trailing spaces). + Closes: #176590, #215183. + * Adds a squirrelmail symlink in /var/www/. Closes: #229282. + * Adds PHP safe_mode workaround to README.Debian. Closes: #222071. + * Adds daily cron job to clean attachments directory. Closes: #228400. + * Checks for config_default.php before copying in postinst. + Closes: #229737. + + -- Sam Johnston Wed, 4 Feb 2004 01:42:12 +1100 + +squirrelmail (1:1.4.2-1) unstable; urgency=medium + + * New upstream release. Closes: #204058. + * Significant improvements over (broken) 1.4.0-1 package. + * PHP compatability fixes. Closes: #202368. + * conf.pl corrupts theme paths issue resolved. + Closes: #175773, #180108, #188441, #190315, #190923, #191028. + * Backwards compatible with stripped path themes (previous debs). + * Highlighting issue (1.4.0) resolved. Closes: #188631. + * Rendering issues with problem emails resolved. Closes: #205572. + * Resource utilisation improvements. Closes: #191856, #189602. + * README reference to upstream INSTALL document updated. + Closes: #173367, 178951. + * All known XSS exploits resolved. Closes: #167471. + * Folder list refreshes on login. Closes: #165753. + * $domain variable set to contents of /etc/hostname. Closes: #198747. + * Trims of HTTP_HOST port number for use in SMTP HELO. Closes: #200108. + * Fails gracefully when IMAP server unavailable. Closes: #192239. + * Recommends rather than depends on spell checker. Closes: #193680. + * DirectoryIndex directive added to apache.conf. Closes: #201022. + * Plugin config(s) moved to /etc. Closes: #146416. + * Properly handles accents and tildes in To:, Subject: etc headers. + Closes: #150338, #179166. + * No (broken) 'Save' button in printable version. Closes: #185602. + * Removes /usr/share/squirrelmail/data iff is is a symbolic link. + Closes: #188143. + * Resolves policy violation by replacing conf.pl (executable in /etc) + with a symlink to /usr/sbin/squirrelmail-configure. Closes: #163995. + + -- Sam Johnston Mon, 6 Oct 2003 07:44:12 +1000 + +squirrelmail (1:1.4.0-1) unstable; urgency=low + + * New upstream release. Closes: #179864, 134237. + * Resolves XSS security issues. Closes: #182008. + * Resolves default theme login problem. Closes: #174262. + * conf.pl cwd calls hardwired. Closes: #173516. + * conf.pl no longer breaks existing configs. Closes: #175773. + * blank lines no longer removed by compose.php. Closes: #175842. + * proto checking more robust. Closes: #178130. + * uses /etc/mailname instead of mydomain.com. Closes: #181619, 176777. + * added https redirect to example apache.conf. Closes: #172938. + * depends on php4-pear. Closes: #173256. + * indent problem resolved. Closes: #186506. + * no longer creates data symlink, removes existing. Closes: #181537. + * default_pref is a conffile - no longer written over. Closes: #178815. + + -- Sam Johnston Tue, 8 Apr 2003 02:06:40 +1000 + +squirrelmail (1:1.3.2+1.4.0rc1-1) unstable; urgency=low + + * New upstream release candidate + + -- Sam Johnston Thu, 2 Jan 2003 09:03:47 +1100 + +squirrelmail (1:1.3.2-2) unstable; urgency=high + + * Fixed cross site scripting problem in read_body.php (BugTraq ID 6302, + CAN-2002-1341) + + -- Sam Johnston Sun, 22 Dec 2002 03:56:23 +1100 + +squirrelmail (1:1.3.2-1) unstable; urgency=low + + * New upstream release - tracking development + * Removed debconf/wwwconfig scripts. Closes: #164605, #136612, #137165. + * Fixed dependencies (php4-cgi httpd). Closes: #152062, #152882. + * Japanese patch included upstream. Closes: #159454. + * Folder rename issue resolved upstream. Closes: #166297. + * display_messages doc root issue resolved upstream. Closes: #165103. + + -- Sam Johnston Thu, 7 Nov 2002 12:02:23 +1100 + +squirrelmail (1:1.2.8-1) unstable; urgency=low + + * New upstream release + + -- Sam Johnston Mon, 7 Oct 2002 23:37:40 +1000 + +squirrelmail (1:1.2.7-1) unstable; urgency=low + + * New upstream release + + -- Sam Johnston Mon, 24 Jun 2002 01:08:23 +1000 + +squirrelmail (1:1.2.6-1) unstable; urgency=high + + * New upstream *SECURITY* release + * Resolves local unprivileged exploit. Closes: #144496. + * Adds README.locales with information about languages. Closes #143277. + * Resolves typo in conf.pl (Save data repeated). Closes: #140506. + * Adds russian templates for debconf. Closes #136612, #137165. + + -- Sam Johnston Tue, 30 Apr 2002 18:53:46 +1000 + +squirrelmail (1:1.2.5-1) unstable; urgency=low + + * New upstream release. Closes: #138181. + * Fixed typo in debconf template. Closes: #131755. + * Installs default config_default.php file on new installations. + Closes: #136776. + + -- Sam Johnston Tue, 19 Mar 2002 01:51:08 +1100 + +squirrelmail (1:1.2.4-1) unstable; urgency=high + + * New upstream *SECURITY* release + * Fixes remote exploit in squirrelspell plugin. Closes: #130754. + + -- Sam Johnston Sat, 26 Jan 2002 06:22:30 +1100 + +squirrelmail (1:1.2.3-2) unstable; urgency=low + + * Resolves theme path issue (themes work again). Closes: #129406. + + -- Sam Johnston Thu, 24 Jan 2002 03:46:14 +1100 + +squirrelmail (1:1.2.3-1) unstable; urgency=medium + + * New upstream release + + -- Sam Johnston Wed, 23 Jan 2002 03:12:34 +1100 + +squirrelmail (1:1.2.2.20020116-1) unstable; urgency=low + + * New upstream release (tracking CVS due to problems with releases, PHP + 4.1 migration, etc.) Closes: #128228. + * Fixes typo in the control file (description). Closes: #129350. + * Uses php_flags syntax for register_globals workaround. + Closes: #128226. + * Resolves conf.pl hanging problem by calling db_stop from maintainer + scripts when debconf is finished with. Closes: #128142. + * Various fixes to keep lintian happy + + -- Sam Johnston Thu, 17 Jan 2002 02:49:05 +1100 + +squirrelmail (1:1.2.2-2) unstable; urgency=medium + + * Added support for apache-ssl. SSL (not necessarily apache-ssl) is + recommended for all installations which involve sessions over untrusted + networks as passwords are sent in clear text, and message contents + may be confidential. Closes: #114545, #115140. + * Added preliminary debconf support for selecting webserver type for + autoconfiguration (we can set up PHP, and #include the SquirrelMail + apache.conf file in most cases, avoiding the need for any manual + changes). Closes: #125590. + + -- Sam Johnston Wed, 2 Jan 2002 17:23:56 +1100 + +squirrelmail (1:1.2.2-1) unstable; urgency=medium + + * New upstream release + * Resolved problem finding plugins by replacing relative plugin dir + references with absolute references. Closes: #115163. + * Resolved problem finding themes by removing relative themes dir + (unnecessarily included in each theme definition), instead hardcoding + it in the php script(s) which reference themes. Closes: #116285. + * Resolved conf.pl problems preventing it from being executed from + outside the squirrelmail dir by referencing /etc/squirrelmail. + Closes: #119859. + * Suggests imap-server. Does not depend as many (most?) sites will/ + should be running SM on a separate machine. Feedback about this + decision welcome. Closes: #114543. + * Suggests ispell | aspell as SquirrelSpell is now included in the + main distribution. The sqspell config file is now a conffile to + prevent overwrites. + + -- Sam Johnston Wed, 2 Jan 2002 15:20:07 +1100 + +squirrelmail (1:1.2.0-1) unstable; urgency=low + + * New upstream release + * Plugin detection/symlink problem in conf.pl fixed + * Merry Christmas + + -- Sam Johnston Tue, 25 Dec 2001 18:31:05 +1100 + +squirrelmail (1.2.0-rc3-2) unstable; urgency=low + + * Edited apache configuration to resolve 404 errors. There is some + discussion upstream about incompatibilities between SM and PHP + 4.1.0, including a discussion about get_location returning null + so I expect these issues will be resolved by the (christmas day) + release of 1.2.0. Closes #125866. + + -- Sam Johnston Thu, 20 Dec 2001 11:37:00 +1100 + +squirrelmail (1.2.0-rc3-1) unstable; urgency=low + + * New upstream release + * Fixed up description formatting problem. Closes: #114871 + * Removed require_once patches applied in rc2-2. Fixed upstream. + * Fixed password parsing problem. Closes: #115225 + * Speed improvements and optimisations + * Several plugins integrated into the core or added as 'official' + * New paginator, rewrite of option pages code, etc. + + -- Sam Johnston Sun, 16 Dec 2001 23:53:36 +1100 + +squirrelmail (1.2.0-rc2-3) unstable; urgency=low + + * Created a fairly intelligent script for packaging up plugins. + It goes by the name of smpackage and it lives in the examples + directory, for want of a better home. + * Uploaded 40-something libsquirrelmail-* plugin packages. Enjoy. + + -- Sam Johnston Mon, 8 Oct 2001 03:16:24 +1000 + +squirrelmail (1.2.0-rc2-2) unstable; urgency=low + + * Resolved problems with redeclaring functions by replacing include()s + with require_once()s + * Closes: 114531 + + -- Sam Johnston Fri, 5 Oct 2001 18:18:53 +1000 + +squirrelmail (1.2.0-rc2-1) unstable; urgency=low + + * New upstream release + + -- Sam Johnston Wed, 3 Oct 2001 00:08:20 +1000 + +squirrelmail (1.0.6-2) unstable; urgency=low + + * Added support to conf.pl for automated plugin installation and removal + + -- Sam Johnston Tue, 2 Oct 2001 22:15:25 +1000 + +squirrelmail (1.0.6-1) unstable; urgency=low + + * Initial Release + * Kudos to Bart Bunting for his initial work on packaging + squirrelmail + * Closes #86125 + + -- Sam Johnston Tue, 2 Oct 2001 21:39:10 +1000 + +vim: et --- squirrelmail-1.4.20.orig/debian/compat +++ squirrelmail-1.4.20/debian/compat @@ -0,0 +1 @@ +7 --- squirrelmail-1.4.20.orig/debian/squirrelmail.manpages +++ squirrelmail-1.4.20/debian/squirrelmail.manpages @@ -0,0 +1 @@ +debian/squirrelmail-configure.8 --- squirrelmail-1.4.20.orig/debian/squirrelmail.postrm +++ squirrelmail-1.4.20/debian/squirrelmail.postrm @@ -0,0 +1,36 @@ +#! /bin/sh +# postrm script for squirrelmail +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `remove' +# * `purge' +# * `upgrade' +# * `failed-upgrade' +# * `abort-install' +# * `abort-install' +# * `abort-upgrade' +# * `disappear' overwrit>r> +# for details, see /usr/share/doc/packaging-manual/ + +case "$1" in + remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) + ;; + purge) + # remove squirrelmail config and user data + rm -rf /etc/squirrelmail /var/lib/squirrelmail \ + /var/spool/squirrelmail + ;; + *) + echo "postrm called with unknown argument \`$1'" >&2 + exit 1 + +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. +#DEBHELPER# + --- squirrelmail-1.4.20.orig/debian/squirrelmail.links +++ squirrelmail-1.4.20/debian/squirrelmail.links @@ -0,0 +1,4 @@ +/etc/squirrelmail usr/share/squirrelmail/config +/usr/sbin/squirrelmail-configure etc/squirrelmail/conf.pl +/etc/squirrelmail/sqspell_config.php usr/share/squirrelmail/plugins/squirrelspell/sqspell_config.php +/etc/squirrelmail/filters_setup.php usr/share/squirrelmail/plugins/filters/setup.php --- squirrelmail-1.4.20.orig/debian/squirrelmail.cron.daily +++ squirrelmail-1.4.20/debian/squirrelmail.cron.daily @@ -0,0 +1,20 @@ +#!/bin/sh +set -e + +test -d /var/spool/squirrelmail/attach || exit 0 + +cd /var/spool/squirrelmail/attach + +find \ + -maxdepth 2 \ + -xdev \ + -type f \ + \! -name '*.*' \ + \! -name '*_*' \ + -atime +2 \ + -print0 \ +| xargs \ + -0 \ + --no-run-if-empty \ + rm -- + --- squirrelmail-1.4.20.orig/debian/control +++ squirrelmail-1.4.20/debian/control @@ -0,0 +1,25 @@ +Source: squirrelmail +Section: web +Priority: optional +Maintainer: Jeroen van Wolffelaar +Uploaders: Thijs Kinkhorst +Build-Depends: debhelper (>= 7) +Standards-Version: 3.8.4 +Homepage: http://www.squirrelmail.org/ +Vcs-Svn: http://svn.wolffelaar.nl/squirrelmail/trunk +Vcs-Browser: http://svn.wolffelaar.nl/wsvn/squirrelmail/trunk + +Package: squirrelmail +Architecture: all +Depends: apache2 | httpd, libapache2-mod-php5 | php5 | php5-cgi, perl, ${misc:Depends} +Recommends: squirrelmail-locales, squirrelmail-viewashtml, php5-mhash, ispell | aspell | aspell-bin +Suggests: squirrelmail-decode, php5-recode, imap-server, imapproxy, php-pear, php5-ldap +Description: Webmail for nuts + SquirrelMail is a standards-based webmail package written in PHP. It + includes built-in pure PHP support for the IMAP and SMTP protocols, and + is designed for maximum compatibility across browsers. SquirrelMail has + few requirements and is easy to configure and install. It runs on top of + any IMAP server. + . + SquirrelMail has all the functionality you would want from an email client, + including strong MIME support, address books and folder manipulation. --- squirrelmail-1.4.20.orig/debian/squirrelmail.dirs +++ squirrelmail-1.4.20/debian/squirrelmail.dirs @@ -0,0 +1,5 @@ +etc/squirrelmail +usr/share/squirrelmail +usr/sbin +var/spool/squirrelmail/attach +var/lib/squirrelmail/data --- squirrelmail-1.4.20.orig/debian/squirrelmail.docs +++ squirrelmail-1.4.20/debian/squirrelmail.docs @@ -0,0 +1,10 @@ +doc/README.locales +doc/AUTHORS +doc/ReleaseNotes +doc/russian_apache.txt +doc/authentication.txt +doc/ie_ssl.txt +doc/presets.txt +doc/security.txt +doc/translating.txt +doc/translating_help.txt --- squirrelmail-1.4.20.orig/debian/rules +++ squirrelmail-1.4.20/debian/rules @@ -0,0 +1,63 @@ +#!/usr/bin/make -f +# debian/rules makefile for squirrelmail + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +build: build-stamp +build-stamp: + dh_testdir + touch build-stamp + +clean: + dh_testdir + dh_testroot + rm -f build-stamp + dh_clean + +install: build + dh_testdir + dh_testroot + dh_prep + dh_installdirs + dh_install + mv $(CURDIR)/debian/squirrelmail/etc/squirrelmail/conf.pl \ + $(CURDIR)/debian/squirrelmail/usr/sbin/squirrelmail-configure + mv $(CURDIR)/debian/squirrelmail/usr/share/squirrelmail/plugins/squirrelspell/sqspell_config.php \ + $(CURDIR)/debian/squirrelmail/etc/squirrelmail/ + mv $(CURDIR)/debian/squirrelmail/usr/share/squirrelmail/plugins/filters/setup.php \ + $(CURDIR)/debian/squirrelmail/etc/squirrelmail/filters_setup.php + find debian/squirrelmail -name .svn | xargs -r rm -r + rm -f debian/squirrelmail/usr/share/squirrelmail/plugins/demo/COPYING \ + debian/squirrelmail/usr/share/squirrelmail/plugins/test/COPYING + chmod +x debian/squirrelmail/usr/share/squirrelmail/plugins/demo/getpot + +# Build architecture-independent files here. +binary-indep: build install + dh_testdir + dh_testroot + dh_installdebconf + dh_installdocs -X.svn + dh_installexamples + dh_installman + dh_installcron + mv $(CURDIR)/debian/squirrelmail/usr/share/lintian/overrides/squirrelmail.lintian \ + $(CURDIR)/debian/squirrelmail/usr/share/lintian/overrides/squirrelmail + dh_installchangelogs doc/ChangeLog + chgrp www-data $(CURDIR)/debian/squirrelmail/var/spool/squirrelmail/attach \ + $(CURDIR)/debian/squirrelmail/var/lib/squirrelmail/data + chmod u=rwx,g=wx,o= $(CURDIR)/debian/squirrelmail/var/spool/squirrelmail/attach \ + $(CURDIR)/debian/squirrelmail/var/lib/squirrelmail/data + dh_link + dh_compress + dh_fixperms -X/var + dh_installdeb + dh_gencontrol + dh_md5sums + dh_builddeb + +# Build architecture-dependent files here. +binary-arch: + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install --- squirrelmail-1.4.20.orig/debian/watch +++ squirrelmail-1.4.20/debian/watch @@ -0,0 +1,3 @@ +# Site Directory Pattern Version Script +version=3 +http://sf.net/squirrelmail/squirrelmail-(\d+\.\d*[02468]\.[^-]+)\.tar\.gz --- squirrelmail-1.4.20.orig/debian/squirrelmail.install +++ squirrelmail-1.4.20/debian/squirrelmail.install @@ -0,0 +1,15 @@ +index.php /usr/share/squirrelmail +class /usr/share/squirrelmail +include /usr/share/squirrelmail +functions /usr/share/squirrelmail +help /usr/share/squirrelmail +images /usr/share/squirrelmail +locale /usr/share/squirrelmail +plugins /usr/share/squirrelmail +po /usr/share/squirrelmail +src /usr/share/squirrelmail +themes /usr/share/squirrelmail +config/* /etc/squirrelmail +data/default_pref /etc/squirrelmail + +debian/squirrelmail.lintian /usr/share/lintian/overrides --- squirrelmail-1.4.20.orig/debian/copyright +++ squirrelmail-1.4.20/debian/copyright @@ -0,0 +1,32 @@ +This package was debianized by Sam Johnston on +Fri, 14 Sep 2001 18:28:01 +1000. Current maintainer is Jeroen van +Wolffelaar with co-maintainers Thijs +Kinkhorst and Sam Johnston . + +It was downloaded from http://www.squirrelmail.org/download.php + +Upstream Authors: The SquirrelMail Project Team + +Copyright: + + Copyright (C) 1999-2009 The SquirrelMail Project Team + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + +On Debian GNU/Linux systems, the complete text of the GNU General Public +License can be found in the `/usr/share/common-licenses' directory. + +The Debian packaging of SquirrelMail is licenced under the same terms +as SquirrelMail itself. --- squirrelmail-1.4.20.orig/debian/squirrelmail.lintian +++ squirrelmail-1.4.20/debian/squirrelmail.lintian @@ -0,0 +1,2 @@ +non-standard-dir-perm var/spool/squirrelmail/attach/ 0730 != 0755 +non-standard-dir-perm var/lib/squirrelmail/data/ 0730 != 0755 --- squirrelmail-1.4.20.orig/debian/squirrelmail-configure.8 +++ squirrelmail-1.4.20/debian/squirrelmail-configure.8 @@ -0,0 +1,32 @@ +.\" Hey, EMACS: -*- nroff -*- +.\" First parameter, NAME, should be all caps +.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection +.\" other parameters are allowed: see man(7), man(1) +.TH SQUIRRELMAIL-CONFIGURE 8 "October 8, 2003" +.\" Please adjust this date whenever revising the manpage. +.\" +.\" Some roff macros, for reference: +.\" .nh disable hyphenation +.\" .hy enable hyphenation +.\" .ad l left justify +.\" .ad b justify to both left and right margins +.\" .nf disable filling +.\" .fi enable filling +.\" .br insert line break +.\" .sp insert n+1 empty lines +.\" for manpage-specific macros, see man(7) +.SH NAME +squirrelmail-configure \- Interactively configure SquirrelMail +.SH SYNOPSIS +.B squirrelmail-configure +.SH DESCRIPTION +Use this interactive command to create or modify your +/etc/squirrelmail/config.php file. The program contains online help. +Alternatively, you can edit this file by hand. For that, you can use +config_default.php as a reference. +.SH AUTHOR +The SquirrelMail Project Team + +This manual page was written by Sam Johnston , +for the Debian GNU/Linux system (but may be used by others) + --- squirrelmail-1.4.20.orig/debian/squirrelmail.postinst +++ squirrelmail-1.4.20/debian/squirrelmail.postinst @@ -0,0 +1,44 @@ +#!/bin/sh +# postinst script for squirrelmail +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `configure' +# * `abort-upgrade' +# * `abort-remove' `in-favour' +# +# * `abort-deconfigure' `in-favour' +# `removing' +# +# for details, see /usr/share/doc/packaging-manual/ + +case "$1" in + configure) + if [ ! -f /etc/squirrelmail/config.php ]; then + if [ -f /etc/squirrelmail/config_default.php ]; then + echo "Installing default squirrelmail config." + cp /etc/squirrelmail/config_default.php /etc/squirrelmail/config.php + else + echo "Default squirrelmail config (config_default.php) not found." + fi + fi + echo "Run /usr/sbin/squirrelmail-configure as root to configure/upgrade config." + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 0 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. +#DEBHELPER# + --- squirrelmail-1.4.20.orig/debian/README.Debian +++ squirrelmail-1.4.20/debian/README.Debian @@ -0,0 +1,137 @@ +SquirrelMail for Debian +======================= + +Contents of this file: +0. IMAP Server SquirrelMail runs on top of almost any IMAP server +1. Apache Configuring Apache with SquirrelMail +2. Virtual Hosts How to make a virtual host like webmail.example.com +3. Other Webservers Configuring other webservers with SquirrelMail +4. Security Some security considerations +5. Default Preferences New location for default user preferences file +6. Recommended packages Other packages that can be useful with SquirrelMail +7. Getting help Still having trouble? Here's where to go. + +IMAP Server +=========== + +SquirrelMail needs an IMAP server to authorise users and access their +mailboxes. It does not run on a POP3 server. Almost any server supporting +IMAP4 will do (see the imap-server virtual package for references to +IMAP servers packaged for Debian). For optimal behaviour of SquirrelMail +it is important that you set the predefined setting for your IMAP server +in squirrelmail-configure through the "D" option in the main menu. + +For performance reasons it's wise to have 'server side sorting' set to on +in your SquirrelMail configuration if your IMAP server supports it (almost +all modern do). This can also prevent users with very large mailboxes getting +a timeout or an empty page when viewing it. + + +Apache +====== + +If you want to use squirrelmail with apache, it is recommended to modify +/etc/squirrelmail/apache.conf to your own wishes, and then add a symlink to +that file from /etc/apache2/conf.d, like: + + $ ln -s /etc/squirrelmail/apache.conf /etc/apache2/conf.d/squirrelmail.conf + +Alternatively, you could also 'Include' the configuration file in the relevant +apache configuration file(s). + + +Virtual Hosts +============= + +Note that users will prefer a simple URL like http://webmail.example.com +I recommend you set this functionality up even if only so if you ever +choose to use another webmail package you don't have to change the URL. +There are some example Apache directives in /etc/squirrelmail/apache.conf + + +Other webservers +================ + +You need to create an alias in your web server pointing: + +http://localhost/squirrelmail/ + +at /usr/share/squirrelmail/, then log in using your IMAP credentials. +Adding a symlink in your webroot may be all you need. + + +Security +======== + +Register Globals: Debian does not provide security support for installations +with the PHP register_globals setting turned On. It's also not required for +SquirrelMail to operate. Make sure it's off. It's trivial to turn it on just for +specific legacy sites that may need it. + +HTTPS is recommended, to prevent passwords and other sensitive information being +sent over the Internet in the clear. Most modern web servers support SSL, but +configuring it is left as an exercise for the reader (and depends on the webserver +used). + +STARTTLS is neither supported nor recommended as SM creates many IMAP +sessions. You should use a persistent tunnel (e.g. SSH port forwarding) and/or +an IMAP proxy. + +PHP safe_mode is not supported out of the box due to root:root ownerships. +You may be able to work around this limitation by changing the group of +the files in /usr/share/squirrelmail to the web server group (www-data). i.e.: + + chgrp -R www-data /usr/share/squirrelmail/ + + +Recommended and Suggested Packages +================================== + +The SquirrelMail Debian package recommends or suggests the following other +Debian packages. Here's a summary of what value they might add to your +installation: + +- squirrelmail-locales: Translations of SquirrelMail. + If you only want the English language you don't need this, but if you + want your users to select a different translation, install this package. + +- squirrelmail-decode: Extra decoding routines for complex character sets. + This extra decoding library provides support for some complex Eastern + character sets and some rarely used Apple character sets. Only needed if + your users actually receive messages encoded with these charsets. + +- ispell | aspell: This is needed for the SquirrelSpell spell checking + plug-in to work. If you have the choice, choose ispell since that's + automatically configured using dictionaries-common. + +- imap-server: this is of course needed for SquirrelMail to access mailboxes, + but is not a hard depend since the IMAP server can be on a different host. + +- php-pear: you need this package only if you want to store user preferences + or address books in an SQL database. + +- imapproxy: since SquirrelMail is a web application, it needs to reconnect + to the IMAP server on each page load. On heavily loaded sites, this can be + a problem; use the excellent imapproxy package to cache connections between + page requests and reduce the load on your IMAP server. + + +Where to get help +================= + +The first stop would be the SquirrelMail website: http://www.squirrelmail.org +It has frequently asked questions, tutorials for specific setups and other +troubleshooting hints. + +Still need help? You could check out the +squirrelmail-users@lists.sourceforge.net mailinglist, or the #squirrelmail IRC +channel on irc.freenode.net. Seasoned users and developers regularly hang out +there. + +Found a bug or have a wishlist item? In Debian, you can check existing reports +at http://bugs.debian.org/squirrelmail and report new issues through the +"reportbug" utility. + + + +$Id: README.Debian 375 2009-05-13 17:24:13Z kink $ --- squirrelmail-1.4.20.orig/doc/README.locales +++ squirrelmail-1.4.20/doc/README.locales @@ -0,0 +1,28 @@ +The locales (translations) for the SquirrelMail package are provided in +the package "squirrelmail-locales" on which the "squirrelmail" package +recommends. You need to install that package as well if you want to use +SquirrelMail in languages other than English. + +You may need to reconfigure locales with: + dpkg-reconfigure locales +to make alternative languages work. + +In some cases it might also be needed to restart Apache after you've +upgraded or added locales, because of some internal caching of locale +information by Apache. + +=== Locale with correct charset needs to be configured === + +The locale of the language file you want to use has to be configured +on the server. +E.g., to make the "French" translation work, you need to setup the +fr_FR.ISO-8859-1 locale. Currently it will not work if you only have +the fr_FR.UTF-8 locale enabled, you need the ISO-8859-1 one as well. + +You can generate locales using: + locale-gen LOCALE +You can see which locale names get used for a given language in the +setup.php file of the translations, +e.g. /usr/share/squirrelmail/locale/fr_FR/setup.php for fr_FR. +See the "locale" program to display installed locales, e.g. "locale -a -v". + --- squirrelmail-1.4.20.orig/doc/index.html +++ squirrelmail-1.4.20/doc/index.html @@ -7,8 +7,9 @@ SquirrelMail Documentation +

SquirrelMail Documentation

Below is a list of all the documentation that comes in the SquirrelMail --- squirrelmail-1.4.20.orig/functions/file_prefs.php +++ squirrelmail-1.4.20/functions/file_prefs.php @@ -185,17 +185,26 @@ /* Then, check if the file exists. */ if (!@file_exists($filename) ) { - /* First, check the $data_dir for the default preference file. */ + + /* If it does not exist, check for default_prefs */ + + /* First, check legacy locations: data dir */ if(substr($data_dir,-1) != '/') { $data_dir .= '/'; } $default_pref = $data_dir . 'default_pref'; - /* If it is not there, check the internal data directory. */ + /* or legacy location: internal data dir */ if (!@file_exists($default_pref)) { $default_pref = SM_PATH . 'data/default_pref'; } + /* If no legacies, check where we'd expect it to be located: + * under config/ */ + if (!@file_exists($default_pref)) { + $default_pref = SM_PATH . 'config/default_pref'; + } + /* Otherwise, report an error. */ $errTitle = sprintf( _("Error opening %s"), $default_pref ); if (!is_readable($default_pref)) { --- squirrelmail-1.4.20.orig/config/conf.pl +++ squirrelmail-1.4.20/config/conf.pl @@ -38,16 +38,17 @@ # (the Basename stuff above will sometimes return '.' as # the base directory, which is not helpful here). ############################################################ -use Cwd; -$dir = cwd(); +#use Cwd; +#$dir = cwd(); +$dir = '/usr/share/squirrelmail/config'; ############################################################ # First, lets read in the data already in there... ############################################################ -if ( -e "config.php" ) { +if ( -e "/etc/squirrelmail/config.php" ) { # Make sure that file is readable - if (! -r "config.php") { + if (! -r "/etc/squirrelmail/config.php") { clear_screen(); print "WARNING:\n"; print "The file \"config/config.php\" was found, but you don't\n"; @@ -57,7 +58,7 @@ $ctu = ; exit; } - open( FILE, "config.php" ); + open( FILE, "/etc/squirrelmail/config.php" ); while ( $line = ) { $line =~ s/^\s+//; $line =~ s/^\$//; @@ -108,9 +109,9 @@ } $config = 1; - open( FILE, "config.php" ); -} elsif ( -e "config_default.php" ) { - open( FILE, "config_default.php" ); + open( FILE, "/etc/squirrelmail/config.php" ); +} elsif ( -e "/etc/squirrelmail/config_default.php" ) { + open( FILE, "/etc/squirrelmail/config_default.php" ); while ( $line = ) { $line =~ s/^\s+//; $line =~ s/^\$//; @@ -160,7 +161,7 @@ $print_config_version = $config_version; } $config = 2; - open( FILE, "config_default.php" ); + open( FILE, "/etc/squirrelmail/config_default.php" ); } else { print "No configuration file found. Please get config_default.php\n"; print "or config.php before running this again. This program needs\n"; @@ -190,8 +191,13 @@ $sub = $options[0]; $sub =~ s/\]\[['|"]PATH['|"]\]//; $sub =~ s/.*\[//; - if ( -e "../themes" ) { + if ( -e "/usr/share/squirrelmail/themes" ) { $options[1] =~ s/^\.\.\/config/\.\.\/themes/; + $options[1] =~ s/^SM_PATH \. \'config/\.\.\/themes/; + if ( $options[1] !~ /\// ) { + # no path information courtesy early debs + $options[1] = '../themes/' . $options[1]; + } } $theme_path[$sub] = &change_to_rel_path($options[1]); } elsif ( $options[0] =~ /^theme\[[0-9]+\]\[['|"]NAME['|"]\]/ ) { @@ -362,7 +368,7 @@ if ( $ARGV[0] eq '--install-plugin' ) { print "Activating plugin " . $ARGV[1] . "\n"; - if ( -d "../plugins/" . $ARGV[1]) { + if ( -d "/usr/share/squirrelmail/plugins/" . $ARGV[1]) { push @plugins, $ARGV[1]; save_data(); exit(0); @@ -599,12 +605,12 @@ print " $num. $plugins[$count]\n"; } print "\n Available Plugins:\n"; - opendir( DIR, "../plugins" ); + opendir( DIR, "/usr/share/squirrelmail/plugins" ); @files = sort(readdir(DIR)); $pos = 0; @unused_plugins = (); for ( $i = 0 ; $i <= $#files ; $i++ ) { - if ( -d "../plugins/" . $files[$i] && $files[$i] !~ /^\./ && $files[$i] ne "CVS" ) { + if ( -d "/usr/share/squirrelmail/plugins/" . $files[$i] && $files[$i] !~ /^\./ && $files[$i] ne "CVS" ) { $match = 0; for ( $k = 0 ; $k <= $#plugins ; $k++ ) { if ( $plugins[$k] eq $files[$i] ) { @@ -2566,8 +2572,6 @@ $name = ; $name =~ s/[\r|\n]//g; $theme_name[ $#theme_name + 1 ] = $name; - print "Be sure to put ../themes/ before the filename.\n"; - print "What file is this stored in (ex: ../themes/default_theme.php): "; $name = ; $name =~ s/[\r|\n]//g; $theme_path[ $#theme_path + 1 ] = $name; @@ -2601,7 +2605,7 @@ } elsif ( $input =~ /^\s*t\s*/i ) { print "\nStarting detection...\n\n"; - opendir( DIR, "../themes" ); + opendir( DIR, "/usr/share/squirrelmail/themes" ); @files = grep { /\.php$/i } sort(readdir(DIR)); $cnt = 0; while ( $cnt <= $#files ) { @@ -2635,7 +2639,7 @@ print "\n"; for ( $cnt = 0 ; $cnt <= $#theme_path ; $cnt++ ) { $filename = $theme_path[$cnt]; - if ( !( -e $filename ) ) { + if ( !( -e '/usr/share/squirrelmail/themes/' . $filename ) ) { print " Removing $filename (file not found)\n"; $offset = 0; @new_theme_name = (); @@ -3290,7 +3294,7 @@ sub save_data { $tab = " "; - if ( open( CF, ">config.php" ) ) { + if ( open( CF, ">/etc/squirrelmail/config.php" ) ) { print CF " + Options Indexes FollowSymLinks + + php_flag register_globals off + + + DirectoryIndex index.php + + + # access to configtest is limited by default to prevent information leak + + order deny,allow + deny from all + allow from 127.0.0.1 + + + +# users will prefer a simple URL like http://webmail.example.com +# +# DocumentRoot /usr/share/squirrelmail +# ServerName webmail.example.com +# + +# redirect to https when available (thanks omen@descolada.dartmouth.edu) +# +# Note: There are multiple ways to do this, and which one is suitable for +# your site's configuration depends. Consult the apache documentation if +# you're unsure, as this example might not work everywhere. +# +# +# +# +# RewriteEngine on +# RewriteCond %{HTTPS} !^on$ [NC] +# RewriteRule . https://%{HTTP_HOST}%{REQUEST_URI} [L] +# +# +# + --- squirrelmail-1.4.20.orig/config/config_default.php +++ squirrelmail-1.4.20/config/config_default.php @@ -115,7 +115,7 @@ * Example: In bob@example.com, example.com is the domain. * @global string $domain */ -$domain = 'example.com'; +$domain = trim(implode('', file('/etc/'.(file_exists('/etc/mailname')?'mail':'host').'name'))); /** * Time offset inversion @@ -487,7 +487,7 @@ * Here are two examples: * * Absolute: - * $data_dir = '/var/local/squirrelmail/data/'; + * $data_dir = '/var/lib/squirrelmail/data/'; * * Relative (to main SM directory): * $data_dir = SM_PATH . 'data/'; @@ -496,7 +496,7 @@ * * @global string $data_dir */ -$data_dir = '/var/local/squirrelmail/data/'; +$data_dir = '/var/lib/squirrelmail/data/'; /** * Attachments directory @@ -514,7 +514,7 @@ * + It should probably be another directory than data_dir. * @global string $attachment_dir */ -$attachment_dir = '/var/local/squirrelmail/attach/'; +$attachment_dir = '/var/spool/squirrelmail/attach/'; /** * Hash level used for data directory. --- squirrelmail-1.4.20.orig/plugins/squirrelspell/sqspell_config.php +++ squirrelmail-1.4.20/plugins/squirrelspell/sqspell_config.php @@ -20,18 +20,30 @@ /** * Example: * - * $SQSPELL_APP = array( 'English' => 'ispell -a', - * 'Spanish' => 'ispell -d spanish -a' ); + * $SQSPELL_APP = array( 'american (American English)' => 'ispell -a', + * 'spanish (Spanish)' => 'ispell -d spanish -a' ); * You can replace ispell with aspell keeping the same commandline: - * $SQSPELL_APP = array( 'English' => 'aspell -a', - * 'Spanish' => 'aspell -d spanish -a' ); + * $SQSPELL_APP = array( 'american (American English)' => 'aspell -a', + * 'spanish (Spanish)' => 'aspell -d spanish -a' ); */ -$SQSPELL_APP = array('English' => 'ispell -a', - 'Spanish' => 'ispell -d spanish -a'); -$SQSPELL_APP_DEFAULT = 'English'; + +# Debian: if dictionaries-common >= 2.81.1 is available, detect the +# installed dictionaries automatically, else use the list below. +if ( ! @include('/var/cache/dictionaries-common/sqspell.php') ) { + $SQSPELL_APP = array('american (American English)' => 'ispell -a', + 'spanish (Spanish)' => 'ispell -d spanish -a'); +} + +# Debian: if dictionaries-common >= 2.50 is available, detect the +# default dictionary automatically. +if ( is_readable ( '/etc/dictionaries-common/ispell-default' ) ) { + $SQSPELL_APP_DEFAULT = file_get_contents ( '/etc/dictionaries-common/ispell-default' ); +} else { + $SQSPELL_APP_DEFAULT = 'american (American English)'; +} + $SQSPELL_WORDS_FILE = getHashedFile($username, $data_dir, "$username.words"); $SQSPELL_EREG = 'ereg'; -?> \ No newline at end of file --- squirrelmail-1.4.20.orig/plugins/fortune/fortune_functions.php +++ squirrelmail-1.4.20/plugins/fortune/fortune_functions.php @@ -24,7 +24,7 @@ global $color; - $fortune_location = '/usr/bin/fortune'; + $fortune_location = '/usr/games/fortune'; $exist = is_executable($fortune_location); if (!$exist) {