rpms/squirrelmail/F-11 squirrelmail-1.4.19-csrf.patch, NONE, 1.1 squirrelmail.spec, 1.69, 1.70
Michal Hlavinka
mhlavink at fedoraproject.org
Mon Aug 17 08:24:14 UTC 2009
Author: mhlavink
Update of /cvs/extras/rpms/squirrelmail/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv24152
Modified Files:
squirrelmail.spec
Added Files:
squirrelmail-1.4.19-csrf.patch
Log Message:
fix #517312 - CSRF issues in all forms (SA34627)
squirrelmail-1.4.19-csrf.patch:
config/conf.pl | 79 ++++++++++++++++-
doc/ChangeLog | 3
functions/auth.php | 49 ++++++++++-
functions/forms.php | 30 ++++++
functions/mailbox_display.php | 1
functions/strings.php | 181 +++++++++++++++++++++++++++++++++++++++++
src/addrbook_search_html.php | 4
src/addressbook.php | 14 ++-
src/compose.php | 34 +++++++
src/folders.php | 8 -
src/folders_create.php | 6 +
src/folders_delete.php | 8 +
src/folders_rename_do.php | 6 +
src/folders_rename_getname.php | 2
src/folders_subscribe.php | 6 +
src/move_messages.php | 6 +
src/options.php | 11 ++
src/options_highlight.php | 14 ++-
src/options_identities.php | 14 ++-
src/options_order.php | 13 ++
src/search.php | 13 ++
src/vcard.php | 3
22 files changed, 472 insertions(+), 33 deletions(-)
--- NEW FILE squirrelmail-1.4.19-csrf.patch ---
diff -up squirrelmail-1.4.19/config/conf.pl.scrf squirrelmail-1.4.19/config/conf.pl
--- squirrelmail-1.4.19/config/conf.pl.scrf 2009-04-13 18:52:57.000000000 +0200
+++ squirrelmail-1.4.19/config/conf.pl 2009-08-17 09:53:22.671454970 +0200
@@ -346,15 +346,19 @@ if ( !$sendmail_args && $sendmail_path =
}
# Added in 1.4.11
-$smtp_sitewide_user = '' if ( !$smtp_sitewide_user );
-$smtp_sitewide_pass = '' if ( !$smtp_sitewide_pass );
+$smtp_sitewide_user = '' if ( !$smtp_sitewide_user );
+$smtp_sitewide_pass = '' if ( !$smtp_sitewide_pass );
# Added in 1.4.9
$abook_global_file_listing = 'true' if ( !$abook_global_file_listing );
$abook_file_line_length = 2048 if ( !$abook_file_line_length );
# Added in 1.4.16
-$only_secure_cookies = 'true' if ( !$only_secure_cookies );
+$only_secure_cookies = 'true' if ( !$only_secure_cookies );
+
+# Added in 1.4.20RC1
+$disable_security_tokens = 'false' if ( !$disable_security_tokens );
+$check_referrer = '' if ( !$check_referrer );
if ( $ARGV[0] eq '--install-plugin' ) {
print "Activating plugin " . $ARGV[1] . "\n";
@@ -549,6 +553,8 @@ while ( ( $command ne "q" ) && ( $comman
print "14. PHP session name : $WHT$session_name$NRM\n";
print "15. Location base : $WHT$config_location_base$NRM\n";
print "16. Only secure cookies if poss. : $WHT$only_secure_cookies$NRM\n";
+ print "17. Disable secure forms : $WHT$disable_security_tokens$NRM\n";
+ print "18. Page referal requirement : $WHT$check_referrer$NRM\n";
print "\n";
print "R Return to Main Menu\n";
} elsif ( $menu == 5 ) {
@@ -766,6 +772,8 @@ while ( ( $command ne "q" ) && ( $comman
elsif ( $command == 14 ) { $session_name = command314(); }
elsif ( $command == 15 ) { $config_location_base = command_config_location_base(); }
elsif ( $command == 16 ) { $only_secure_cookies = command316(); }
+ elsif ( $command == 17 ) { $disable_security_tokens = command317(); }
+ elsif ( $command == 18 ) { $check_referrer = command318(); }
} elsif ( $menu == 5 ) {
if ( $command == 1 ) { command41(); }
elsif ( $command == 2 ) { $theme_css = command42(); }
@@ -2455,6 +2463,63 @@ sub command316 {
+# disable_security_tokens (since 1.4.20RC1)
+sub command317 {
+ print "This option allows you to turn off the security checks in the forms\n";
+ print "that SquirrelMail generates. It is NOT RECOMMENDED that you disable\n";
+ print "this feature - otherwise, your users may be exposed to phishing and\n";
+ print "other attacks.\n";
+ print "Unless you know what you are doing, you should leave this set to \"NO\".\n";
+ print "\n";
+
+ if ( lc($disable_security_tokens) eq 'true' ) {
+ $default_value = "y";
+ } else {
+ $default_value = "n";
+ }
+ print "Disable secure forms? (y/n) [$WHT$default_value$NRM]: $WHT";
+ $disable_security_tokens = <STDIN>;
+ if ( ( $disable_security_tokens =~ /^y\n/i ) || ( ( $disable_security_tokens =~ /^\n/ ) && ( $default_value eq "y" ) ) ) {
+ $disable_security_tokens = 'true';
+ } else {
+ $disable_security_tokens = 'false';
+ }
+ return $disable_security_tokens;
+}
+
+
+
+# check_referrer (since 1.4.20RC1)
+sub command318 {
+ print "This option allows you to enable referal checks for all page requests\n";
+ print "made to SquirrelMail. This can help ensure that page requests came\n";
+ print "from the same server and not from an attacker's site (usually the\n";
+ print "result of a XSS or phishing attack). To enable referal checking,\n";
+ print "this setting can be set to the domain where your SquirrelMail is\n";
+ print "being hosted (usually the same as the Domain setting under Server\n";
+ print "Settings). For example, it could be \"example.com\", or if you\n";
+ print "use a plugin (such as Login Manager) to host SquirrelMail on more\n";
+ print "than one domain, you can set this to \"###DOMAIN###\" to tell it\n";
+ print "to use the current domain.\n";
+ print "\n";
+ print "However, in some cases (where proxy servers are in use, etc.), the\n";
+ print "domain might be different.\n";
+ print "\n";
+ print "NOTE that referal checks are not foolproof - they can be spoofed by\n";
+ print "browsers, and some browsers intentionally don't send referal\n";
+ print "information (in which case, the check is silently bypassed)\n";
+ print "\n";
+
+ print "Referal requirement? [$WHT$check_referrer$NRM]: $WHT";
+ $new_check_referrer = <STDIN>;
+ chomp($new_check_referrer);
+ $check_referrer = $new_check_referrer;
+
+ return $check_referrer;
+}
+
+
+
####################################################################################
#### THEMES ####
sub command41 {
@@ -3502,10 +3567,14 @@ sub save_data {
print CF "\$session_name = '$session_name';\n";
# boolean
- print CF "\$only_secure_cookies = $only_secure_cookies;\n";
+ print CF "\$only_secure_cookies = $only_secure_cookies;\n";
+ print CF "\$disable_security_tokens = $disable_security_tokens;\n";
+
+ # string
+ print CF "\$check_referrer = '$check_referrer';\n";
print CF "\n";
- print CF "\$config_location_base = '$config_location_base';\n";
+ print CF "\$config_location_base = '$config_location_base';\n";
print CF "\n";
print CF "\@include SM_PATH . 'config/config_local.php';\n";
diff -U0 squirrelmail-1.4.19/doc/ChangeLog.scrf squirrelmail-1.4.19/doc/ChangeLog
--- squirrelmail-1.4.19/doc/ChangeLog.scrf 2009-05-21 19:19:09.000000000 +0200
+++ squirrelmail-1.4.19/doc/ChangeLog 2009-08-17 09:53:30.039237290 +0200
@@ -4,0 +5,3 @@
+ - Implemented page referal verification mechanism. (Secunia Advisory SA34627)
+ - Implemented security token system. (Secunia Advisory SA34627)
+
diff -up squirrelmail-1.4.19/functions/auth.php.scrf squirrelmail-1.4.19/functions/auth.php
--- squirrelmail-1.4.19/functions/auth.php.scrf 2009-04-16 00:00:49.000000000 +0200
+++ squirrelmail-1.4.19/functions/auth.php 2009-08-17 09:53:22.673549603 +0200
@@ -33,21 +33,56 @@ if (! isset($use_smtp_tls)) {
* Check if user has previously logged in to the SquirrelMail session. If user
* has not logged in, execution will stop inside this function.
*
+ * This function optionally checks the referrer of this page request. If the
+ * administrator wants to impose a check that the referrer of this page request
+ * is another page on the same domain (otherwise, the page request is likely
+ * the result of a XSS or phishing attack), then they need to specify the
+ * acceptable referrer domain in a variable named $check_referrer in
+ * config/config.php (or the configuration tool) for which the value is
+ * usually the same as the $domain setting (for example:
+ * $check_referrer = 'example.com';
+ * However, in some cases (where proxy servers are in use, etc.), the
+ * acceptable referrer might be different. If $check_referrer is set to
+ * "###DOMAIN###", then the current value of $domain is used (useful in
+ * situations where $domain might change at runtime (when using the Login
+ * Manager plugin to host multiple domains with one SquirrelMail installation,
+ * for example)):
+ * $check_referrer = '###DOMAIN###';
+ * NOTE HOWEVER, that referrer checks are not foolproof - they can be spoofed
+ * by browsers, and some browsers intentionally don't send them, in which
+ * case SquirrelMail silently ignores referrer checks.
+ *
* @return void This function returns ONLY if user has previously logged in
* successfully (otherwise, execution terminates herein).
*/
function is_logged_in() {
- if ( sqsession_is_registered('user_is_logged_in') ) {
+ // check for user login as well as referrer if needed
+ //
+ global $check_referrer, $domain;
+ if ($check_referrer == '###DOMAIN###') $check_referrer = $domain;
+ if (!empty($check_referrer)) {
+ $ssl_check_referrer = 'https://' . $check_referrer;
+ $check_referrer = 'http://' . $check_referrer;
+ }
+ if (!sqgetGlobalVar('HTTP_REFERER', $referrer, SQ_SERVER)) $referrer = '';
+ if (sqsession_is_registered('user_is_logged_in')
+ && (!$check_referrer || empty($referrer)
+ || ($check_referrer && !empty($referrer)
+ && (strpos(strtolower($referrer), strtolower($check_referrer)) === 0
+ || strpos(strtolower($referrer), strtolower($ssl_check_referrer)) === 0)))) {
return;
} else {
+
global $session_expired_post,
$session_expired_location, $squirrelmail_language;
// use $message to indicate what logout text the user
// will see... if 0, typical "You must be logged in"
// if 1, information that the user session was saved
- // and will be resumed after (re)login
+ // and will be resumed after (re)login, if 2, there
+ // seems to have been a XSS or phishing attack (bad
+ // referrer)
//
$message = 0;
@@ -67,6 +102,12 @@ function is_logged_in() {
$message = 1;
}
+ // was bad referrer the reason we were rejected?
+ //
+ if (sqsession_is_registered('user_is_logged_in')
+ && $check_referrer && !empty($referrer))
+ $message = 2;
+
session_write_close();
// signout page will deal with users who aren't logged
@@ -79,8 +120,10 @@ function is_logged_in() {
set_up_language($squirrelmail_language, true);
if (!$message)
logout_error( _("You must be logged in to access this page.") );
- else
+ else if ($message == 1)
logout_error( _("Your session has expired, but will be resumed after logging in again.") );
+ else if ($message == 2)
+ logout_error( _("The current page request appears to have originated from an unrecognized source.") );
exit;
}
}
diff -up squirrelmail-1.4.19/functions/forms.php.scrf squirrelmail-1.4.19/functions/forms.php
--- squirrelmail-1.4.19/functions/forms.php.scrf 2009-04-16 00:00:49.000000000 +0200
+++ squirrelmail-1.4.19/functions/forms.php 2009-08-17 09:53:22.673549603 +0200
@@ -130,8 +130,24 @@ function addTextArea($name, $text = '',
/**
* Make a <form> start-tag.
+ *
+ * @param string $action
+ * @param string $method
+ * @param string $name
+ * @param string $enctype
+ * @param string $charset
+ * @param string $extra Any other attributes can be added with this parameter;
+ * they should use double quotes around attribute values
+ * (OPTIONAL; default empty)
+ * @param mixed $add_token When given as a string or as boolean TRUE, a hidden
+ * input is also added to the form containing a security
+ * token. When given as TRUE, the input name is "smtoken";
+ * otherwise the name is the string that is given for this
+ * parameter. When FALSE, no hidden token input field is
+ * added. (OPTIONAL; default not used)
+ *
*/
-function addForm($action, $method = 'post', $name = '', $enctype = '', $charset = '')
+function addForm($action, $method = 'post', $name = '', $enctype = '', $charset = '', $extra = '', $add_token = FALSE)
{
if($name) {
$name = ' name="'.$name.'"';
@@ -143,7 +159,15 @@ function addForm($action, $method = 'pos
$charset = ' accept-charset="'.htmlspecialchars($charset).'"';
}
- return '<form action="'. $action .'" method="'. $method .'"'.
- $enctype . $name . $charset . ">\n";
+ $form_string = '<form action="'. $action .'" method="'. $method .'"'.
+ $enctype . $name . $charset . ' ' . $extra . " >\n";
+
+ if($add_token) {
+ $form_string .= '<input type="hidden" value="' . sm_generate_security_token()
+ . '" name="' . (is_string($add_token) ? $add_token : 'smtoken')
+ . "\" />\n";
+ }
+
+ return $form_string;
}
diff -up squirrelmail-1.4.19/functions/mailbox_display.php.scrf squirrelmail-1.4.19/functions/mailbox_display.php
--- squirrelmail-1.4.19/functions/mailbox_display.php.scrf 2009-04-16 00:00:49.000000000 +0200
+++ squirrelmail-1.4.19/functions/mailbox_display.php 2009-08-17 09:53:22.673549603 +0200
@@ -513,6 +513,7 @@ function showMessagesForMailbox($imapCon
$safe_name = preg_replace("/[^0-9A-Za-z_]/", '_', $mailbox);
$form_name = "FormMsgs" . $safe_name;
echo '<form name="' . $form_name . '" method="post" action="move_messages.php">' ."\n" .
+ '<input type="hidden" name="smtoken" value="'.sm_generate_security_token().'">' . "\n" .
'<input type="hidden" name="mailbox" value="'.htmlspecialchars($mailbox).'">' . "\n" .
'<input type="hidden" name="startMessage" value="'.htmlspecialchars($start_msg).'">' . "\n";
diff -up squirrelmail-1.4.19/functions/strings.php.scrf squirrelmail-1.4.19/functions/strings.php
--- squirrelmail-1.4.19/functions/strings.php.scrf 2009-05-21 19:19:09.000000000 +0200
+++ squirrelmail-1.4.19/functions/strings.php 2009-08-17 09:53:22.672234055 +0200
@@ -879,5 +879,186 @@ function sq_trim_value ( &$value ) {
$value = trim($value);
}
+/**
+ * Gathers the list of secuirty tokens currently
+ * stored in the user's preferences and optionally
+ * purges old ones from the list.
+ *
+ * @param boolean $purge_old Indicates if old tokens
+ * should be purged from the
+ * list ("old" is 30 days or
+ * older unless the administrator
+ * overrides that value using
+ * $max_security_token_age in
+ * config/config_local.php)
+ * (OPTIONAL; default is to always
+ * purge old tokens)
+ *
+ * @return array The list of tokens
+ *
+ * @since 1.4.19 and 1.5.2
+ *
+ */
+function sm_get_user_security_tokens($purge_old=TRUE)
+{
+
+ global $data_dir, $username, $max_token_age_days;
+
+ $tokens = getPref($data_dir, $username, 'security_tokens', '');
+ if (($tokens = unserialize($tokens)) === FALSE || !is_array($tokens))
+ $tokens = array();
+
+ // purge old tokens if necessary
+ //
+ if ($purge_old)
+ {
+ if (empty($max_token_age_days)) $max_token_age_days = 30;
+ $now = time();
+ $discard_token_date = $now - ($max_token_age_days * 86400);
+ $cleaned_tokens = array();
+ foreach ($tokens as $token => $timestamp)
+ if ($timestamp >= $discard_token_date)
+ $cleaned_tokens[$token] = $timestamp;
+ $tokens = $cleaned_tokens;
+ }
+
+ return $tokens;
+
+}
+
+/**
+ * Generates a security token that is then stored in
+ * the user's preferences with a timestamp for later
+ * verification/use.
+ *
+ * WARNING: If the administrator has turned the token system
+ * off by setting $disable_security_tokens to TRUE in
+ * config/config.php or the configuration tool, this
+ * function will not store tokens in the user
+ * preferences (but it will still generate and return
+ * a random string).
+ *
+ * @return void
+ *
+ * @since 1.4.19 and 1.5.2
+ *
+ */
+function sm_generate_security_token()
+{
+
+ global $data_dir, $username, $disable_security_tokens;
+ $max_generation_tries = 1000;
+
+ $tokens = sm_get_user_security_tokens();
+
+ $new_token = GenerateRandomString(12, '', 7);
+ $count = 0;
+ while (isset($tokens[$new_token]))
+ {
+ $new_token = GenerateRandomString(12, '', 7);
+ if (++$count > $max_generation_tries)
+ {
+ logout_error(_("Fatal token generation error; please contact your system administrator or the SquirrelMail Team"));
+ exit;
+ }
+ }
+
+ // is the token system enabled? CAREFUL!
+ //
+ if (!$disable_security_tokens)
+ {
+ $tokens[$new_token] = time();
+ setPref($data_dir, $username, 'security_tokens', serialize($tokens));
+ }
+
+ return $new_token;
+
+}
+
+/**
+ * Validates a given security token and optionally remove it
+ * from the user's preferences if it was valid. If the token
+ * is too old but otherwise valid, it will still be rejected.
+ *
+ * "Too old" is 30 days or older unless the administrator
+ * overrides that value using $max_security_token_age in
+ * config/config_local.php
+ *
+ * WARNING: If the administrator has turned the token system
+ * off by setting $disable_security_tokens to TRUE in
+ * config/config.php or the configuration tool, this
+ * function will always return TRUE.
+ *
+ * @param string $token The token to validate
+ * @param int $validity_period The number of seconds tokens are valid
+ * for (set to zero to remove valid tokens
+ * after only one use; use 3600 to allow
+ * tokens to be reused for an hour)
+ * (OPTIONAL; default is to only allow tokens
+ * to be used once)
+ * @param boolean $show_error Indicates that if the token is not
+ * valid, this function should display
+ * a generic error, log the user out
+ * and exit - this function will never
+ * return in that case.
+ * (OPTIONAL; default FALSE)
+ *
+ * @return boolean TRUE if the token validated; FALSE otherwise
+ *
+ * @since 1.4.19 and 1.5.2
+ *
+ */
+function sm_validate_security_token($token, $validity_period=0, $show_error=FALSE)
+{
+
+ global $data_dir, $username, $max_token_age_days,
+ $disable_security_tokens;
+
+ // bypass token validation? CAREFUL!
+ //
+ if ($disable_security_tokens) return TRUE;
+
+ // don't purge old tokens here because we already
+ // do it when generating tokens
+ //
+ $tokens = sm_get_user_security_tokens(FALSE);
+
+ // token not found?
+ //
+ if (empty($tokens[$token]))
+ {
+ if (!$show_error) return FALSE;
+ logout_error(_("This page request could not be verified and appears to have expired."));
+ exit;
+ }
+
+ $now = time();
+ $timestamp = $tokens[$token];
+
+ // whether valid or not, we want to remove it from
+ // user prefs if it's old enough
+ //
+ if ($timestamp < $now - $validity_period)
+ {
+ unset($tokens[$token]);
+ setPref($data_dir, $username, 'security_tokens', serialize($tokens));
+ }
+
+ // reject tokens that are too old
+ //
+ if (empty($max_token_age_days)) $max_token_age_days = 30;
+ $old_token_date = $now - ($max_token_age_days * 86400);
+ if ($timestamp < $old_token_date)
+ {
+ if (!$show_error) return FALSE;
+ logout_error(_("The current page request appears to have originated from an untrusted source."));
+ exit;
+ }
+
+ // token OK!
+ //
+ return TRUE;
+
+}
$PHP_SELF = php_self();
diff -up squirrelmail-1.4.19/src/addrbook_search_html.php.scrf squirrelmail-1.4.19/src/addrbook_search_html.php
--- squirrelmail-1.4.19/src/addrbook_search_html.php.scrf 2009-04-16 00:00:49.000000000 +0200
+++ squirrelmail-1.4.19/src/addrbook_search_html.php 2009-08-17 09:53:22.665180003 +0200
@@ -83,7 +83,7 @@ function addr_display_result($res, $incl
if (sizeof($res) <= 0) return;
- echo addForm($PHP_SELF, 'POST', 'addrbook').
+ echo addForm($PHP_SELF, 'POST', 'addrbook', '', '', '', TRUE).
addHidden('html_addr_search_done', 'true');
addr_insert_hidden();
$line = 0;
@@ -308,7 +308,7 @@ else {
if ($addrquery == '' || sizeof($res) == 0) {
/* printf('<center><form method="post" name="k" action="compose.php">'."\n", $PHP_SELF); */
echo '<center>'.
- addForm('compose.php','POST','k');
+ addForm('compose.php','POST','k', '', '', '', TRUE);
addr_insert_hidden();
echo '<input type="submit" value="' . _("Return") . '" name="return" />' . "\n" .
'</form></center></nobr>';
diff -up squirrelmail-1.4.19/src/addressbook.php.scrf squirrelmail-1.4.19/src/addressbook.php
--- squirrelmail-1.4.19/src/addressbook.php.scrf 2009-04-16 00:00:49.000000000 +0200
+++ squirrelmail-1.4.19/src/addressbook.php 2009-08-17 09:53:22.666180572 +0200
@@ -31,6 +31,9 @@ require_once(SM_PATH . 'functions/html.p
require_once(SM_PATH . 'functions/forms.php');
/** lets get the global vars we may need */
+if (!sqgetGlobalVar('smtoken',$submitted_token, SQ_POST)) {
+ $submitted_token = '';
+}
sqgetGlobalVar('key', $key, SQ_COOKIE);
sqgetGlobalVar('username', $username, SQ_SESSION);
@@ -180,6 +183,9 @@ $form_url = 'addressbook.php';
/* Handle user's actions */
if(sqgetGlobalVar('REQUEST_METHOD', $req_method, SQ_SERVER) && $req_method == 'POST') {
+ // first, validate security token
+ sm_validate_security_token($submitted_token, 3600, TRUE);
+
/**************************************************
* Add new address *
**************************************************/
@@ -313,7 +319,7 @@ if(sqgetGlobalVar('REQUEST_METHOD', $req
$olddata = $abook->lookup($enick, $ebackend);
/* Display the "new address" form */
- echo addForm($form_url, 'post').
+ echo addForm($form_url, 'post', '', '', '', '', TRUE).
html_tag( 'table',
html_tag( 'tr',
html_tag( 'td',
@@ -345,7 +351,7 @@ if(sqgetGlobalVar('REQUEST_METHOD', $req
'center', '', 'width="100%"' );
/* Display the "new address" form again */
- echo addForm($form_url, 'post').
+ echo addForm($form_url, 'post', '', '', '', '', TRUE).
html_tag( 'table',
html_tag( 'tr',
html_tag( 'td',
@@ -426,7 +432,7 @@ if ($showaddrlist) {
/* List addresses */
if (count($alist) > 0) {
- echo addForm($form_url, 'post', 'address_book_form');
+ echo addForm($form_url, 'post', 'address_book_form', '', '', '', TRUE);
if ($abook->add_extra_field) {
$abook_fields = 6;
} else {
@@ -573,7 +579,7 @@ if ($showaddrlist) {
/* Display the "new address" form */
echo '<a name="AddAddress"></a>' . "\n" .
- addForm($form_url, 'post', 'f_add').
+ addForm($form_url, 'post', 'f_add', '', '', '', TRUE).
html_tag( 'table',
html_tag( 'tr',
html_tag( 'td', "\n". '<strong>' . sprintf(_("Add to %s"), $abook->localbackendname) . '</strong>' . "\n",
diff -up squirrelmail-1.4.19/src/compose.php.scrf squirrelmail-1.4.19/src/compose.php
--- squirrelmail-1.4.19/src/compose.php.scrf 2009-08-17 09:53:22.577550465 +0200
+++ squirrelmail-1.4.19/src/compose.php 2009-08-17 09:53:22.668549664 +0200
@@ -67,6 +67,9 @@ if (isset($send) && $send) {
$SQ_GLOBAL = SQ_FORM;
}
sqgetGlobalVar('smaction',$action, $SQ_GLOBAL);
+if (!sqgetGlobalVar('smtoken',$submitted_token, $SQ_GLOBAL)) {
+ $submitted_token = '';
+}
sqgetGlobalVar('session',$session, $SQ_GLOBAL);
sqgetGlobalVar('mailbox',$mailbox, $SQ_GLOBAL);
if ( !sqgetGlobalVar('identity',$identity, $SQ_GLOBAL) ) {
@@ -377,6 +380,11 @@ if (!isset($mailbox) || $mailbox == '' |
}
if ($draft) {
+
+ // validate security token
+ //
+ sm_validate_security_token($submitted_token, 3600, TRUE);
+
/*
* Set $default_charset to correspond with the user's selection
* of language interface.
@@ -428,6 +436,11 @@ if ($draft) {
}
if ($send) {
+
+ // validate security token
+ //
+ sm_validate_security_token($submitted_token, 3600, TRUE);
+
if (isset($_FILES['attachfile']) &&
$_FILES['attachfile']['tmp_name'] &&
$_FILES['attachfile']['tmp_name'] != 'none') {
@@ -513,6 +526,11 @@ if ($send) {
/* sqimap_logout($imapConnection); */
}
} elseif (isset($html_addr_search_done)) {
+
+ // validate security token
+ //
+ sm_validate_security_token($submitted_token, 3600, TRUE);
+
if ($compose_new_win == '1') {
compose_Header($color, $mailbox);
}
@@ -557,6 +575,11 @@ if ($send) {
*/
include_once('./addrbook_search_html.php');
} elseif (isset($attach)) {
+
+ // validate security token
+ //
+ sm_validate_security_token($submitted_token, 3600, TRUE);
+
if (saveAttachedFiles($session)) {
plain_error_message(_("Could not move/copy file. File not attached"), $color);
}
@@ -568,6 +591,11 @@ if ($send) {
showInputForm($session);
}
elseif (isset($sigappend)) {
+
+ // validate security token
+ //
+ sm_validate_security_token($submitted_token, 3600, TRUE);
+
$signature = $idents[$identity]['signature'];
$body .= "\n\n".($prefix_sig==true? "-- \n":'').$signature;
@@ -578,6 +606,11 @@ elseif (isset($sigappend)) {
}
showInputForm($session);
} elseif (isset($do_delete)) {
+
+ // validate security token
+ //
+ sm_validate_security_token($submitted_token, 3600, TRUE);
+
if ($compose_new_win == '1') {
compose_Header($color, $mailbox);
} else {
@@ -1032,6 +1065,7 @@ function showInputForm ($session, $value
echo ">\n";
+ echo addHidden('smtoken', sm_generate_security_token());
echo addHidden('startMessage', $startMessage);
if ($action == 'draft') {
diff -up squirrelmail-1.4.19/src/folders_create.php.scrf squirrelmail-1.4.19/src/folders_create.php
--- squirrelmail-1.4.19/src/folders_create.php.scrf 2009-04-16 00:00:49.000000000 +0200
+++ squirrelmail-1.4.19/src/folders_create.php 2009-08-17 09:53:22.669549523 +0200
@@ -37,8 +37,14 @@ sqgetGlobalVar('subfolder', $subfolde
if (! sqgetGlobalVar('contain_subs', $contain_subs, SQ_POST)) {
unset($contain_subs);
}
+if (!sqgetGlobalVar('smtoken',$submitted_token, SQ_POST)) {
+ $submitted_token = '';
+}
/* end of get globals */
+// first, validate security token
+sm_validate_security_token($submitted_token, 3600, TRUE);
+
$folder_name = trim($folder_name);
if (substr_count($folder_name, '"') || substr_count($folder_name, "\\") ||
diff -up squirrelmail-1.4.19/src/folders_delete.php.scrf squirrelmail-1.4.19/src/folders_delete.php
--- squirrelmail-1.4.19/src/folders_delete.php.scrf 2009-04-16 00:00:49.000000000 +0200
+++ squirrelmail-1.4.19/src/folders_delete.php 2009-08-17 09:53:22.669549523 +0200
@@ -41,6 +41,9 @@ sqgetGlobalVar('username', $username,
sqgetGlobalVar('onetimepad',$onetimepad, SQ_SESSION);
sqgetGlobalVar('delimiter', $delimiter, SQ_SESSION);
sqgetGlobalVar('mailbox', $mailbox, SQ_POST);
+if (!sqgetGlobalVar('smtoken',$submitted_token, SQ_POST)) {
+ $submitted_token = '';
+}
/* end globals */
if ($mailbox == '') {
@@ -76,7 +79,7 @@ if( !sqgetGlobalVar('confirmed', $tmp, S
html_tag( 'tr' ) .
html_tag( 'td', '', 'center', $color[4] ) .
sprintf(_("Are you sure you want to delete %s?"), str_replace(array(' ','<','>'),array(' ','<','>'),imap_utf7_decode_local($mailbox_unformatted_disp))).
- addForm('folders_delete.php', 'post')."<p>\n".
+ addForm('folders_delete.php', 'post', '', '', '', '', TRUE)."<p>\n".
addHidden('mailbox', $mailbox).
addSubmit(_("Yes"), 'confirmed').
addSubmit(_("No"), 'backingout').
@@ -85,6 +88,9 @@ if( !sqgetGlobalVar('confirmed', $tmp, S
exit;
}
+// first, validate security token
+sm_validate_security_token($submitted_token, 3600, TRUE);
+
$imap_stream = sqimap_login($username, $key, $imapServerAddress, $imapPort, 0);
$boxes = sqimap_mailbox_list ($imap_stream);
diff -up squirrelmail-1.4.19/src/folders.php.scrf squirrelmail-1.4.19/src/folders.php
--- squirrelmail-1.4.19/src/folders.php.scrf 2009-04-16 00:00:49.000000000 +0200
+++ squirrelmail-1.4.19/src/folders.php 2009-08-17 09:53:22.665180003 +0200
@@ -103,7 +103,7 @@ echo html_tag( 'table', '', 'center', ''
) .
html_tag( 'tr' ) .
html_tag( 'td', '', 'center', $color[0] ) .
- addForm('folders_create.php', 'POST', 'cf').
+ addForm('folders_create.php', 'POST', 'cf', '', '', '', TRUE).
addInput('folder_name', '', 25).
"<br />\n". _("as a subfolder of"). '<br />'.
"<tt><select name=\"subfolder\">\n";
@@ -228,7 +228,7 @@ echo html_tag( 'table', '', 'center', ''
html_tag( 'td', '', 'center', $color[0], 'width="50%"' );
if (count($skip_folders) < count($boxes)) {
- echo addForm('folders_subscribe.php?method=unsub')
+ echo addForm('folders_subscribe.php?method=unsub', 'post', '', '', '', '', TRUE)
. "<tt><select name=\"mailbox[]\" multiple=\"multiple\" size=\"8\">\n";
for ($i = 0; $i < count($boxes); $i++) {
$use_folder = true;
@@ -273,7 +273,7 @@ if(!$no_list_for_subscribe) {
}
if (count($box) > 0) {
- echo addForm('folders_subscribe.php?method=sub')
+ echo addForm('folders_subscribe.php?method=sub', 'post', '', '', '', '', TRUE)
. '<tt><select name="mailbox[]" multiple="multiple" size="8">';
for ($q = 0; $q < count($box); $q++) {
@@ -288,7 +288,7 @@ if(!$no_list_for_subscribe) {
}
} else {
/* don't perform the list action -- this is much faster */
- echo addForm('folders_subscribe.php?method=sub')
+ echo addForm('folders_subscribe.php?method=sub', 'post', '', '', '', '', TRUE)
. _("Subscribe to:") . '<br />'
. '<tt><input type="text" name="mailbox[]" size="35" />'
. '<input type="submit" value="'. _("Subscribe") . "\" />\n"
diff -up squirrelmail-1.4.19/src/folders_rename_do.php.scrf squirrelmail-1.4.19/src/folders_rename_do.php
--- squirrelmail-1.4.19/src/folders_rename_do.php.scrf 2009-04-16 00:00:49.000000000 +0200
+++ squirrelmail-1.4.19/src/folders_rename_do.php 2009-08-17 09:53:22.666180572 +0200
@@ -35,8 +35,14 @@ sqgetGlobalVar('onetimepad',$onetimepad,
sqgetGlobalVar('orig', $orig, SQ_POST);
sqgetGlobalVar('old_name', $old_name, SQ_POST);
sqgetGlobalVar('new_name', $new_name, SQ_POST);
+if (!sqgetGlobalVar('smtoken',$submitted_token, SQ_POST)) {
+ $submitted_token = '';
+}
/* end globals */
+// first, validate security token
+sm_validate_security_token($submitted_token, 3600, TRUE);
+
$new_name = trim($new_name);
if (substr_count($new_name, '"') || substr_count($new_name, "\\") ||
diff -up squirrelmail-1.4.19/src/folders_rename_getname.php.scrf squirrelmail-1.4.19/src/folders_rename_getname.php
--- squirrelmail-1.4.19/src/folders_rename_getname.php.scrf 2009-04-16 00:00:49.000000000 +0200
+++ squirrelmail-1.4.19/src/folders_rename_getname.php 2009-08-17 09:53:22.669549523 +0200
@@ -82,7 +82,7 @@ echo '<br />' .
) .
html_tag( 'tr' ) .
html_tag( 'td', '', 'center', $color[4] ) .
- addForm('folders_rename_do.php').
+ addForm('folders_rename_do.php', 'post', '', '', '', '', TRUE).
_("New name:").
'<br /><b>'. $parent . '</b>'.
addInput('new_name', $old_name, 25) . '<br />' . "\n";
diff -up squirrelmail-1.4.19/src/folders_subscribe.php.scrf squirrelmail-1.4.19/src/folders_subscribe.php
--- squirrelmail-1.4.19/src/folders_subscribe.php.scrf 2009-04-16 00:00:49.000000000 +0200
+++ squirrelmail-1.4.19/src/folders_subscribe.php 2009-08-17 09:53:22.665180003 +0200
@@ -33,8 +33,14 @@ sqgetGlobalVar('username', $username,
sqgetGlobalVar('onetimepad',$onetimepad, SQ_SESSION);
sqgetGlobalVar('method', $method, SQ_GET);
sqgetGlobalVar('mailbox', $mailbox, SQ_POST);
+if (!sqgetGlobalVar('smtoken',$submitted_token, SQ_POST)) {
+ $submitted_token = '';
+}
/* end globals */
+// first, validate security token
+sm_validate_security_token($submitted_token, 3600, TRUE);
+
$location = get_location();
if (!isset($mailbox) || !isset($mailbox[0]) || $mailbox[0] == '') {
diff -up squirrelmail-1.4.19/src/move_messages.php.scrf squirrelmail-1.4.19/src/move_messages.php
--- squirrelmail-1.4.19/src/move_messages.php.scrf 2009-04-16 00:00:49.000000000 +0200
+++ squirrelmail-1.4.19/src/move_messages.php 2009-08-17 09:53:22.667549648 +0200
@@ -138,8 +138,14 @@ sqgetGlobalVar('markUnread', $markU
sqgetGlobalVar('attache', $attache, SQ_POST);
sqgetGlobalVar('location', $location, SQ_POST);
+if (!sqgetGlobalVar('smtoken',$submitted_token, SQ_POST)) {
+ $submitted_token = '';
+}
/* end of get globals */
+// security check
+sm_validate_security_token($submitted_token, 3600, TRUE);
+
$imapConnection = sqimap_login($username, $key, $imapServerAddress, $imapPort, 0);
$mbx_response=sqimap_mailbox_select($imapConnection, $mailbox);
diff -up squirrelmail-1.4.19/src/options_highlight.php.scrf squirrelmail-1.4.19/src/options_highlight.php
--- squirrelmail-1.4.19/src/options_highlight.php.scrf 2009-05-03 14:33:46.000000000 +0200
+++ squirrelmail-1.4.19/src/options_highlight.php 2009-08-17 09:53:22.666180572 +0200
@@ -40,6 +40,9 @@ sqGetGlobalVar('color_type', $color_type
sqGetGlobalVar('match_type', $match_type);
sqGetGlobalVar('value', $value);
+if (!sqgetGlobalVar('smtoken',$submitted_token, SQ_POST)) {
+ $submitted_token = '';
+}
/* end of get globals */
function oh_opt( $val, $sel, $tit ) {
@@ -59,6 +62,10 @@ if (! isset($message_highlight_list)) {
if (isset($theid) && ($action == 'delete') ||
($action == 'up') ||
($action == 'down')) {
+
+ // security check
+ sm_validate_security_token($submitted_token, 3600, TRUE);
+
$new_rules = array();
switch($action) {
case('delete'):
@@ -93,6 +100,9 @@ if (isset($theid) && ($action == 'delete
exit;
} else if ($action == 'save') {
+ // security check
+ sm_validate_security_token($submitted_token, 3600, TRUE);
+
if ($color_type == 1) $newcolor = $newcolor_choose;
elseif ($color_type == 2) $newcolor = $newcolor_input;
else $newcolor = $color_type;
@@ -364,7 +374,7 @@ if ($action == 'edit' || $action == 'add
else if ($selected_choose == '')
$selected_input = TRUE;
- echo addForm('options_highlight.php', 'POST', 'f').
+ echo addForm('options_highlight.php', 'POST', 'f', '', '', '', TRUE).
addHidden('action', 'save');
if($action == 'edit') {
echo addHidden('theid', (isset($theid)?$theid:''));
@@ -469,4 +479,4 @@ if ($action == 'edit' || $action == 'add
}
do_hook('options_highlight_bottom');
?>
-</table></body></html>
\ No newline at end of file
+</table></body></html>
diff -up squirrelmail-1.4.19/src/options_identities.php.scrf squirrelmail-1.4.19/src/options_identities.php
--- squirrelmail-1.4.19/src/options_identities.php.scrf 2009-04-16 00:00:49.000000000 +0200
+++ squirrelmail-1.4.19/src/options_identities.php 2009-08-17 09:53:22.666180572 +0200
@@ -27,6 +27,7 @@ require_once(SM_PATH . 'include/validate
include_once(SM_PATH . 'functions/global.php');
include_once(SM_PATH . 'functions/display_messages.php');
include_once(SM_PATH . 'functions/html.php');
+include_once(SM_PATH . 'functions/forms.php');
include_once(SM_PATH . 'functions/identity.php');
/* make sure that page is not available when $edit_identity is false */
@@ -42,9 +43,16 @@ sqgetGlobalVar('newidentities', $newiden
sqgetGlobalVar('smaction', $smaction, SQ_POST);
sqgetGlobalVar('return', $return, SQ_POST);
+if (!sqgetGlobalVar('smtoken',$submitted_token, SQ_POST)) {
+ $submitted_token = '';
+}
+
// First lets see if there are any actions to perform //
if (!empty($smaction) && is_array($smaction)) {
+ // first do a security check
+ sm_validate_security_token($submitted_token, 3600, TRUE);
+
$doaction = '';
$identid = 0;
@@ -72,9 +80,9 @@ displayPageHeader($color, 'None');
do_hook('options_identities_top');
-$td_str = '';
-$td_str .= '<form name="f" action="options_identities.php" method="post"><br />' . "\n";
-$td_str .= '<table border="0" cellspacing="0" cellpadding="0" width="100%">' . "\n";
+$td_str = '<form name="f" action="options_identities.php" method="post"><br />' . "\n"
+ . addHidden('smtoken', sm_generate_security_token()) . "\n"
+ . '<table border="0" cellspacing="0" cellpadding="0" width="100%">' . "\n";
$cnt = count($identities);
foreach( $identities as $iKey=>$ident ) {
diff -up squirrelmail-1.4.19/src/options_order.php.scrf squirrelmail-1.4.19/src/options_order.php
--- squirrelmail-1.4.19/src/options_order.php.scrf 2009-04-16 00:00:49.000000000 +0200
+++ squirrelmail-1.4.19/src/options_order.php 2009-08-17 09:53:26.573299584 +0200
@@ -28,6 +28,7 @@ require_once(SM_PATH . 'functions/displa
require_once(SM_PATH . 'functions/imap.php');
require_once(SM_PATH . 'functions/plugin.php');
require_once(SM_PATH . 'functions/html.php');
+require_once(SM_PATH . 'functions/forms.php');
/* get globals */
sqgetGlobalVar('num', $num, SQ_GET);
@@ -35,6 +36,9 @@ sqgetGlobalVar('add', $add,
sqgetGlobalVar('submit', $submit);
sqgetGlobalVar('method', $method);
+if (!sqgetGlobalVar('smtoken',$submitted_token, SQ_POST)) {
+ $submitted_token = '';
+}
/* end of get globals */
displayPageHeader($color, 'None');
@@ -83,6 +87,10 @@ displayPageHeader($color, 'None');
include_once(SM_PATH . 'include/load_prefs.php');
}
} else if ($method == 'add' && $add) {
+
+ // first do a security check
+ sm_validate_security_token($submitted_token, 3600, TRUE);
+
/* User should not be able to insert PHP-code here */
$add = str_replace ('<?', '..', $add);
$add = ereg_replace ('<.*script.*language.*php.*>', '..', $add);
@@ -128,8 +136,9 @@ displayPageHeader($color, 'None');
}
if (count($index_order) != count($available)) {
- echo '<form name="f" method="post" action="options_order.php">';
- echo '<select name="add">';
+ echo '<form name="f" method="post" action="options_order.php">' . "\n"
+ . addHidden('smtoken', sm_generate_security_token())
+ . '<select name="add">' . "\n";
for ($i=1; $i <= count($available); $i++) {
$found = false;
for ($j=1; $j <= count($index_order); $j++) {
diff -up squirrelmail-1.4.19/src/options.php.scrf squirrelmail-1.4.19/src/options.php
--- squirrelmail-1.4.19/src/options.php.scrf 2009-05-15 17:09:55.000000000 +0200
+++ squirrelmail-1.4.19/src/options.php 2009-08-17 09:53:22.667549648 +0200
@@ -143,6 +143,9 @@ sqgetGlobalVar('delimiter', $delimiter,
sqgetGlobalVar('optpage', $optpage);
sqgetGlobalVar('optmode', $optmode, SQ_FORM);
sqgetGlobalVar('optpage_data',$optpage_data, SQ_POST);
+if (!sqgetGlobalVar('smtoken',$submitted_token, SQ_POST)) {
+ $submitted_token = '';
+}
/* end of getting globals */
/* Make sure we have an Option Page set. Default to main. */
@@ -226,6 +229,12 @@ if ( !@is_file( $optpage_file ) ) {
/*** Next, process anything that needs to be processed. ***/
/***********************************************************/
+// security check before saving anything...
+//FIXME: what about SMOPT_MODE_LINK??
+if ($optmode == SMOPT_MODE_SUBMIT) {
+ sm_validate_security_token($submitted_token, 3600, TRUE);
+}
+
// set empty error message
$optpage_save_error=array();
@@ -426,7 +435,7 @@ if ($optpage == SMOPT_PAGE_MAIN) {
/* If we are not looking at the main option page, display the page here. */
/*************************************************************************/
} else {
- echo addForm('options.php', 'POST', 'f')
+ echo addForm('options.php', 'POST', 'f', '', '', '', TRUE)
. create_optpage_element($optpage)
. create_optmode_element(SMOPT_MODE_SUBMIT)
. html_tag( 'table', '', '', '', 'width="100%" cellpadding="2" cellspacing="0" border="0"' ) . "\n"
diff -up squirrelmail-1.4.19/src/search.php.scrf squirrelmail-1.4.19/src/search.php
--- squirrelmail-1.4.19/src/search.php.scrf 2009-04-16 00:00:49.000000000 +0200
+++ squirrelmail-1.4.19/src/search.php 2009-08-17 09:53:22.666180572 +0200
@@ -28,6 +28,7 @@ require_once(SM_PATH . 'functions/imap.p
require_once(SM_PATH . 'functions/imap_search.php');
require_once(SM_PATH . 'functions/imap_mailbox.php');
require_once(SM_PATH . 'functions/strings.php');
+require_once(SM_PATH . 'functions/forms.php');
global $allow_thread_sort;
@@ -67,6 +68,9 @@ if (sqgetGlobalVar('count',$count,SQ_GET
} else {
unset($count);
}
+if (!sqgetGlobalVar('smtoken',$submitted_token, SQ_GET)) {
+ $submitted_token = '';
+}
/* end of get globals */
/* here are some functions, could go in imap_search.php
@@ -240,7 +244,8 @@ function printSearchMessages($msgs,$mail
$form_name = "FormMsgs" . $safe_name;
echo '<form name="' . $form_name . '" method="post" action="move_messages.php">' ."\n" .
'<input type="hidden" name="mailbox" value="'.htmlspecialchars($mailbox).'">' . "\n" .
- '<input type="hidden" name="startMessage" value="1">' . "\n";
+ '<input type="hidden" name="startMessage" value="1">' . "\n" .
+ addHidden('smtoken', sm_generate_security_token()) . "\n";
echo '<table border="0" width="100%" cellpadding="0" cellspacing="0">';
echo '<tr><td>';
@@ -301,6 +306,11 @@ if (empty($submit) && !empty($what)) {
$submit = _("Search");
}
+// need to verify security token if user wants to do anything
+if (!empty($submit)) {
+ sm_validate_security_token($submitted_token, 3600, TRUE);
+}
+
if ($submit == _("Search") && !empty($what)) {
if ($recent_count > 0) {
update_recent($what, $where, $mailbox, $username, $data_dir);
@@ -449,6 +459,7 @@ if( substr( phpversion(), 0, 3 ) == '4.1
/* Search Form */
echo html_tag( 'div', '<b>' . _("Current Search") . '</b>', 'left' ) . "\n"
. '<form action="search.php" name="s">'
+ . addHidden('smtoken', sm_generate_security_token())
. html_tag( 'table', '', '', '', 'width="95%" cellpadding="0" cellspacing="0" border="0"' )
. html_tag( 'tr' )
. html_tag( 'td', '', 'left' )
diff -up squirrelmail-1.4.19/src/vcard.php.scrf squirrelmail-1.4.19/src/vcard.php
--- squirrelmail-1.4.19/src/vcard.php.scrf 2009-04-16 00:00:49.000000000 +0200
+++ squirrelmail-1.4.19/src/vcard.php 2009-08-17 09:53:22.668549664 +0200
@@ -155,6 +155,7 @@ echo '</table>' .
'</td></tr>' .
'<tr><td align="center">' .
'<form action="../src/addressbook.php" method="post" name="f_add">' .
+ '<input type="hidden" name="smtoken" value="' . sm_generate_security_token() . '" />' .
'<table border="0" cellpadding="2" cellspacing="0" align="center">' .
'<tr><td align="right"><b>' . _("Nickname") . ':</b></td>' .
'<td>' .
@@ -236,4 +237,4 @@ echo '<a href="../src/download.php?absol
<table border="0" cellspacing="0" cellpadding="2" align="center">
<tr><td bgcolor="<?php echo $color[4]; ?>">
</td></tr></table>
-</body></html>
\ No newline at end of file
+</body></html>
Index: squirrelmail.spec
===================================================================
RCS file: /cvs/extras/rpms/squirrelmail/F-11/squirrelmail.spec,v
retrieving revision 1.69
retrieving revision 1.70
diff -u -p -r1.69 -r1.70
--- squirrelmail.spec 22 May 2009 07:06:56 -0000 1.69
+++ squirrelmail.spec 17 Aug 2009 08:24:13 -0000 1.70
@@ -6,7 +6,7 @@
Summary: SquirrelMail webmail client
Name: squirrelmail
Version: 1.4.19
-Release: 1%{?dist}
+Release: 2%{?dist}
License: GPLv2+
URL: http://www.squirrelmail.org/
Group: Applications/Internet
@@ -33,6 +33,9 @@ Patch4: squirrelmail-1.4.15-tr-fix.patch
# http://sourceforge.net/tracker/index.php?func=detail&aid=1855717&group_id=311&atid=100311
Patch5: squirrelmail-1.4.17-biguid.patch
+#taken from upstream, bug #517312, for squirrelmail < 1.4.20RC1
+Patch6: squirrelmail-1.4.19-csrf.patch
+
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildArch: noarch
BuildRequires: gettext
@@ -59,6 +62,7 @@ tar xfj %SOURCE4
popd
%patch5 -p1
+%patch6 -p1
%build
rm -f plugins/make_archive.pl
@@ -265,6 +269,9 @@ rm -rf $RPM_BUILD_ROOT
%{_sysconfdir}/cron.daily/squirrelmail.cron
%changelog
+* Mon Aug 17 2009 Michal Hlavinka <mhlavink at redhat.com> - 1.4.19-2
+- fix #517312 - CSRF issues in all forms (SA34627)
+
* Fri May 22 2009 Michal Hlavinka <mhlavink at redhat.com> - 1.4.19-1
- updated to 1.4.19
- fixes CVE-2009-1579, CVE-2009-1580, CVE-2009-1581
More information about the scm-commits
mailing list