[SM-ANNOUNCE] RELEASE: SquirrelMail 1.4.12

[CoolZero]

Hello All,

It's my pleasure to announce the release of SquirrelMail 1.4.12. This
release is a bug fix release, including a critical bug in the handling
of attachments.

The latest release can be downloaded from the SquirrelMail website at
http://www.squirrelmail.org/download.php

Package md5sums
===============
ea5e750797628c9f0f247009f8ae0e14 squirrelmail-1.4.12.tar.bz2
d17c1d9f1ee3dde2c1c21a22fc4f9d0e squirrelmail-1.4.12.tar.gz
3f6514939ea1ebf69f6f8c92781886ab squirrelmail-1.4.12.zip

- --
Happy SquirrelMailing!
The SquirrelMail development team

 

[@how@]

Thanks, updated.

Wael

 

[blackmetal]

Hello
How can i update my sm from 1.4.11 to 1.4.12 ?
special tanx
bye

 

[walleed222]

you can go to /usr/local/directadmin/ and then edit thefile build and search for the line : SQUIRRELMAIL_VER=1.4.11 to SQUIRRELMAIL_VER=1.4.12
and save and then run : ./build squirrelmail

 

[blackmetal]

how can i edit thefile build ? what is it name?

 

[walleed222]

its name is build , and you can edit it using any editor like vi or nano

 

[blackmetal]

there is not any file with name build in /usr/local/directadmin/ !
can i upgrade it with custombuild ?or any other way?

 

[walleed222]

Sorry the bath is /usr/local/directadmin/custombuild/

 

[chatwizrd]

Sorry the bath is /usr/local/directadmin/custombuild/

Is it a bubble bath

 

[jlandes]

If you are running customapache rather than custombuild, you can find the build script for installing/updating SquirrelMail in the file /usr/local/directadmin/scripts/squirrelmail.sh. Change the version number in the file and then run the command ./squirrelmail.sh to update SquirrelMail.

 

[tristan]

If you are running customapache rather than custombuild, you can find the build script for installing/updating SquirrelMail in the file /usr/local/directadmin/scripts/squirrelmail.sh. Change the version number in the file and then run the command ./squirrelmail.sh to update SquirrelMail.

Yes this method works fine on our servers as well!

 

[tristan]

Maybe interesting for people who don't use the version at the DA server but from SquirrelMail directly after the 8th of December:

SECURITY: 1.4.12 Package Compromise
Dec 13, 2007 by Jonathan Angliss It has been brought to our attention that the MD5 sums for the 1.4.12 package were not matching the actual package. We've been investigating this issue, and uncovered that the package was modified post release. This was believed to have been caused by a compromised account from one of our release maintainers.

Further investigations show that the modifications to the code should have little to no impact at this time. Modifications seemed to be based around a PHP global variable which we cannot track down. The changes made will most likely generate an error, rather than a compromise of a system in the event the code does get executed.

Original packages, stored on secure media, have been restored to the Sourceforge download servers, and additional signatures for the packages are now available on the SquirrelMail download page at http://www.squirrelmail.org/download.php

While we believe the changes made should have little impact, we strongly recommend everybody that has downloaded the 1.4.12 package after the 8th December, to redownload the package.

The code modifications did not made it into our source control, just the final package. We are currently investigating older packages to see if they were also compromised.

Once again, the original package MD5s are:
ea5e750797628c9f0f247009f8ae0e14 squirrelmail-1.4.12.tar.bz2
d17c1d9f1ee3dde2c1c21a22fc4f9d0e squirrelmail-1.4.12.tar.gz
3f6514939ea1ebf69f6f8c92781886ab squirrelmail-1.4.12.zip