pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/mail/mailman Update to 2.1.9rc1, fixes security issues.



details:   https://anonhg.NetBSD.org/pkgsrc/rev/b3882a6a15fd
branches:  trunk
changeset: 518437:b3882a6a15fd
user:      bouyer <bouyer%pkgsrc.org@localhost>
date:      Sat Sep 09 23:20:11 2006 +0000

description:
Update to 2.1.9rc1, fixes security issues.

  Security

    - A malicious user could visit a specially crafted URI and inject an
      apparent log message into Mailman's error log which might induce an
      unsuspecting administrator to visit a phishing site.  This has been
      blocked.  Thanks to Moritz Naumann for its discovery.

    - Fixed denial of service attack which can be caused by some
      standards-breaking RFC 2231 formatted headers.  CVE-2006-2941.

    - Several cross-site scripting issues have been fixed.  Thanks to Moritz
      Naumann for their discovery.  CVE-2006-3636

  Internationalization

    - New languages: Arabic, Vietnamese.

  Bug fixes and other patches

    - Fixed Decorate.py so that characters in message header/footer which
      are not in the character set of the list's language are ignored rather
      than causing shunted messages (1507248).

    - Switchboard.py - Closed very tiny holes at the upper ends of queue
      slices that could result in unprocessable queue entries.  Improved FIFO
      processing when two queue entries have the same timestamp.

diffstat:

 mail/mailman/Makefile |    6 +-
 mail/mailman/PLIST    |  110 +++++++++++++++++++++++++++++++++++++++++++++++++-
 mail/mailman/distinfo |    8 +-
 3 files changed, 116 insertions(+), 8 deletions(-)

diffs (231 lines):

diff -r aa56d5831270 -r b3882a6a15fd mail/mailman/Makefile
--- a/mail/mailman/Makefile     Sat Sep 09 20:32:40 2006 +0000
+++ b/mail/mailman/Makefile     Sat Sep 09 23:20:11 2006 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.44 2006/06/15 22:13:59 jlam Exp $
+# $NetBSD: Makefile,v 1.45 2006/09/09 23:20:11 bouyer Exp $
 
-DISTNAME=      mailman-2.1.8
+DISTNAME=      mailman-2.1.9rc1
 CATEGORIES=    mail www
 MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE:=mailman/}
 EXTRACT_SUFX=  .tgz
@@ -64,9 +64,9 @@
 PYTHON_VERSIONS_ACCEPTED= 24 23 22 21
 PYTHON_PATCH_SCRIPTS+= Mailman/Archiver/pipermail.py
 PYTHON_PATCH_SCRIPTS+= Mailman/Post.py
-PYTHON_PATCH_SCRIPTS+= admin/bin/Release.py
 PYTHON_PATCH_SCRIPTS+= admin/bin/faq2ht.py
 PYTHON_PATCH_SCRIPTS+= admin/bin/mm2do
+PYTHON_PATCH_SCRIPTS+= admin/www/reset_pw.py
 PYTHON_PATCH_SCRIPTS+= bin/msgfmt.py
 
 CONFIGURE_ARGS+=       --with-cgi-gid=${MAILMAN_CGIGROUP:Q}
diff -r aa56d5831270 -r b3882a6a15fd mail/mailman/PLIST
--- a/mail/mailman/PLIST        Sat Sep 09 20:32:40 2006 +0000
+++ b/mail/mailman/PLIST        Sat Sep 09 23:20:11 2006 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.11 2006/05/10 13:18:21 joerg Exp $
+@comment $NetBSD: PLIST,v 1.12 2006/09/09 23:20:11 bouyer Exp $
 lib/mailman/Mailman/Archiver/Archiver.py
 lib/mailman/Mailman/Archiver/Archiver.pyc
 lib/mailman/Mailman/Archiver/HyperArch.py
@@ -359,6 +359,8 @@
 lib/mailman/icons/mailman.jpg
 lib/mailman/icons/mm-icon.png
 lib/mailman/mail/mailman
+lib/mailman/messages/ar/LC_MESSAGES/mailman.po
+lib/mailman/messages/ar/LC_MESSAGES/mailman.mo
 lib/mailman/messages/ca/LC_MESSAGES/mailman.mo
 lib/mailman/messages/ca/LC_MESSAGES/mailman.po
 lib/mailman/messages/cs/LC_MESSAGES/mailman.mo
@@ -427,6 +429,8 @@
 lib/mailman/messages/tr/LC_MESSAGES/mailman.po
 lib/mailman/messages/uk/LC_MESSAGES/mailman.mo
 lib/mailman/messages/uk/LC_MESSAGES/mailman.po
+lib/mailman/messages/vi/LC_MESSAGES/mailman.po
+lib/mailman/messages/vi/LC_MESSAGES/mailman.mo
 lib/mailman/messages/zh_CN/LC_MESSAGES/mailman.po
 lib/mailman/messages/zh_CN/LC_MESSAGES/mailman.mo
 lib/mailman/messages/zh_TW/LC_MESSAGES/mailman.po
@@ -611,6 +615,50 @@
 lib/mailman/scripts/subscribe
 lib/mailman/scripts/unsubscribe
 lib/mailman/support/sitelist.cfg
+lib/mailman/templates/ar/admindbdetails.html
+lib/mailman/templates/ar/admindbpreamble.html
+lib/mailman/templates/ar/admindbsummary.html
+lib/mailman/templates/ar/admlogin.html
+lib/mailman/templates/ar/archidxentry.html
+lib/mailman/templates/ar/archidxfoot.html
+lib/mailman/templates/ar/archidxhead.html
+lib/mailman/templates/ar/archlistend.html
+lib/mailman/templates/ar/archliststart.html
+lib/mailman/templates/ar/archtoc.html
+lib/mailman/templates/ar/archtocentry.html
+lib/mailman/templates/ar/archtocnombox.html
+lib/mailman/templates/ar/article.html
+lib/mailman/templates/ar/emptyarchive.html
+lib/mailman/templates/ar/headfoot.html
+lib/mailman/templates/ar/listinfo.html
+lib/mailman/templates/ar/options.html
+lib/mailman/templates/ar/private.html
+lib/mailman/templates/ar/roster.html
+lib/mailman/templates/ar/subscribe.html
+lib/mailman/templates/ar/adminsubscribeack.txt
+lib/mailman/templates/ar/adminunsubscribeack.txt
+lib/mailman/templates/ar/approve.txt
+lib/mailman/templates/ar/bounce.txt
+lib/mailman/templates/ar/checkdbs.txt
+lib/mailman/templates/ar/convert.txt
+lib/mailman/templates/ar/cronpass.txt
+lib/mailman/templates/ar/disabled.txt
+lib/mailman/templates/ar/help.txt
+lib/mailman/templates/ar/invite.txt
+lib/mailman/templates/ar/masthead.txt
+lib/mailman/templates/ar/newlist.txt
+lib/mailman/templates/ar/nomoretoday.txt
+lib/mailman/templates/ar/postack.txt
+lib/mailman/templates/ar/postauth.txt
+lib/mailman/templates/ar/postheld.txt
+lib/mailman/templates/ar/probe.txt
+lib/mailman/templates/ar/refuse.txt
+lib/mailman/templates/ar/subauth.txt
+lib/mailman/templates/ar/subscribeack.txt
+lib/mailman/templates/ar/unsub.txt
+lib/mailman/templates/ar/unsubauth.txt
+lib/mailman/templates/ar/userpass.txt
+lib/mailman/templates/ar/verify.txt
 lib/mailman/templates/ca/admindbdetails.html
 lib/mailman/templates/ca/admindbpreamble.html
 lib/mailman/templates/ca/admindbsummary.html
@@ -1302,6 +1350,14 @@
 lib/mailman/templates/nl/adminunsubscribeack.txt
 lib/mailman/templates/nl/admlogin.html
 lib/mailman/templates/nl/approve.txt
+lib/mailman/templates/nl/archidxentry.html
+lib/mailman/templates/nl/archidxfoot.html
+lib/mailman/templates/nl/archidxhead.html
+lib/mailman/templates/nl/archlistend.html
+lib/mailman/templates/nl/archliststart.html
+lib/mailman/templates/nl/archtoc.html
+lib/mailman/templates/nl/archtocentry.html
+lib/mailman/templates/nl/archtocnombox.html
 lib/mailman/templates/nl/article.html
 lib/mailman/templates/nl/bounce.txt
 lib/mailman/templates/nl/checkdbs.txt
@@ -1315,11 +1371,13 @@
 lib/mailman/templates/nl/listinfo.html
 lib/mailman/templates/nl/masthead.txt
 lib/mailman/templates/nl/newlist.txt
+lib/mailman/templates/nl/nomoretoday.txt
 lib/mailman/templates/nl/options.html
 lib/mailman/templates/nl/postack.txt
 lib/mailman/templates/nl/postauth.txt
 lib/mailman/templates/nl/postheld.txt
 lib/mailman/templates/nl/private.html
+lib/mailman/templates/nl/probe.txt
 lib/mailman/templates/nl/refuse.txt
 lib/mailman/templates/nl/roster.html
 lib/mailman/templates/nl/subauth.txt
@@ -1791,6 +1849,50 @@
 lib/mailman/templates/uk/unsubauth.txt
 lib/mailman/templates/uk/userpass.txt
 lib/mailman/templates/uk/verify.txt
+lib/mailman/templates/vi/admindbdetails.html
+lib/mailman/templates/vi/admindbpreamble.html
+lib/mailman/templates/vi/admindbsummary.html
+lib/mailman/templates/vi/admlogin.html
+lib/mailman/templates/vi/archidxentry.html
+lib/mailman/templates/vi/archidxfoot.html
+lib/mailman/templates/vi/archidxhead.html
+lib/mailman/templates/vi/archlistend.html
+lib/mailman/templates/vi/archliststart.html
+lib/mailman/templates/vi/archtoc.html
+lib/mailman/templates/vi/archtocentry.html
+lib/mailman/templates/vi/archtocnombox.html
+lib/mailman/templates/vi/article.html
+lib/mailman/templates/vi/emptyarchive.html
+lib/mailman/templates/vi/headfoot.html
+lib/mailman/templates/vi/listinfo.html
+lib/mailman/templates/vi/options.html
+lib/mailman/templates/vi/private.html
+lib/mailman/templates/vi/roster.html
+lib/mailman/templates/vi/subscribe.html
+lib/mailman/templates/vi/adminsubscribeack.txt
+lib/mailman/templates/vi/adminunsubscribeack.txt
+lib/mailman/templates/vi/approve.txt
+lib/mailman/templates/vi/bounce.txt
+lib/mailman/templates/vi/checkdbs.txt
+lib/mailman/templates/vi/convert.txt
+lib/mailman/templates/vi/cronpass.txt
+lib/mailman/templates/vi/disabled.txt
+lib/mailman/templates/vi/help.txt
+lib/mailman/templates/vi/invite.txt
+lib/mailman/templates/vi/masthead.txt
+lib/mailman/templates/vi/newlist.txt
+lib/mailman/templates/vi/nomoretoday.txt
+lib/mailman/templates/vi/postack.txt
+lib/mailman/templates/vi/postauth.txt
+lib/mailman/templates/vi/postheld.txt
+lib/mailman/templates/vi/probe.txt
+lib/mailman/templates/vi/refuse.txt
+lib/mailman/templates/vi/subauth.txt
+lib/mailman/templates/vi/subscribeack.txt
+lib/mailman/templates/vi/unsub.txt
+lib/mailman/templates/vi/unsubauth.txt
+lib/mailman/templates/vi/userpass.txt
+lib/mailman/templates/vi/verify.txt
 lib/mailman/templates/zh_CN/admindbdetails.html
 lib/mailman/templates/zh_CN/admindbpreamble.html
 lib/mailman/templates/zh_CN/admindbsummary.html
@@ -1979,6 +2081,7 @@
 @dirrm lib/mailman/tests
 @dirrm lib/mailman/templates/zh_TW
 @dirrm lib/mailman/templates/zh_CN
+@dirrm lib/mailman/templates/vi
 @dirrm lib/mailman/templates/uk
 @dirrm lib/mailman/templates/tr
 @dirrm lib/mailman/templates/sv
@@ -2008,6 +2111,7 @@
 @dirrm lib/mailman/templates/da
 @dirrm lib/mailman/templates/cs
 @dirrm lib/mailman/templates/ca
+@dirrm lib/mailman/templates/ar
 @dirrm lib/mailman/templates
 @dirrm lib/mailman/support
 @dirrm lib/mailman/scripts
@@ -2029,6 +2133,8 @@
 @dirrm lib/mailman/messages/zh_TW
 @dirrm lib/mailman/messages/zh_CN/LC_MESSAGES
 @dirrm lib/mailman/messages/zh_CN
+@dirrm lib/mailman/messages/vi/LC_MESSAGES
+@dirrm lib/mailman/messages/vi
 @dirrm lib/mailman/messages/uk/LC_MESSAGES
 @dirrm lib/mailman/messages/uk
 @dirrm lib/mailman/messages/tr/LC_MESSAGES
@@ -2085,6 +2191,8 @@
 @dirrm lib/mailman/messages/cs
 @dirrm lib/mailman/messages/ca/LC_MESSAGES
 @dirrm lib/mailman/messages/ca
+@dirrm lib/mailman/messages/ar/LC_MESSAGES
+@dirrm lib/mailman/messages/ar
 @dirrm lib/mailman/messages
 @dirrm lib/mailman/mail
 @dirrm lib/mailman/icons
diff -r aa56d5831270 -r b3882a6a15fd mail/mailman/distinfo
--- a/mail/mailman/distinfo     Sat Sep 09 20:32:40 2006 +0000
+++ b/mail/mailman/distinfo     Sat Sep 09 23:20:11 2006 +0000
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.12 2006/06/14 14:31:35 tv Exp $
+$NetBSD: distinfo,v 1.13 2006/09/09 23:20:11 bouyer Exp $
 
-SHA1 (mailman-2.1.8.tgz) = 4ff71bc2a02f9ac06dada71d4c5b3208c0959aa2
-RMD160 (mailman-2.1.8.tgz) = ee697e25b3c9407fa032d482dc4b597b281367fa
-Size (mailman-2.1.8.tgz) = 6856039 bytes
+SHA1 (mailman-2.1.9rc1.tgz) = 4370a107991d88b497dfa6722b97945274718f7f
+RMD160 (mailman-2.1.9rc1.tgz) = c8f6d61fbb500ec073049c5951d3482ed91cbb44
+Size (mailman-2.1.9rc1.tgz) = 7851444 bytes
 SHA1 (patch-aa) = f0bc550b28794008ea840a88a5b0053578f3ae0f
 SHA1 (patch-ab) = 39f6294e53110bd1fd09b1e90ab46820f4d48e3f
 SHA1 (patch-ad) = 665884b9dd1789e4abd430c762bdbfd707d48d30



Home | Main Index | Thread Index | Old Index