pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/mail/mailman Update to 2.1.9rc1, fixes security issues.
details: https://anonhg.NetBSD.org/pkgsrc/rev/b3882a6a15fd
branches: trunk
changeset: 518437:b3882a6a15fd
user: bouyer <bouyer%pkgsrc.org@localhost>
date: Sat Sep 09 23:20:11 2006 +0000
description:
Update to 2.1.9rc1, fixes security issues.
Security
- A malicious user could visit a specially crafted URI and inject an
apparent log message into Mailman's error log which might induce an
unsuspecting administrator to visit a phishing site. This has been
blocked. Thanks to Moritz Naumann for its discovery.
- Fixed denial of service attack which can be caused by some
standards-breaking RFC 2231 formatted headers. CVE-2006-2941.
- Several cross-site scripting issues have been fixed. Thanks to Moritz
Naumann for their discovery. CVE-2006-3636
Internationalization
- New languages: Arabic, Vietnamese.
Bug fixes and other patches
- Fixed Decorate.py so that characters in message header/footer which
are not in the character set of the list's language are ignored rather
than causing shunted messages (1507248).
- Switchboard.py - Closed very tiny holes at the upper ends of queue
slices that could result in unprocessable queue entries. Improved FIFO
processing when two queue entries have the same timestamp.
diffstat:
mail/mailman/Makefile | 6 +-
mail/mailman/PLIST | 110 +++++++++++++++++++++++++++++++++++++++++++++++++-
mail/mailman/distinfo | 8 +-
3 files changed, 116 insertions(+), 8 deletions(-)
diffs (231 lines):
diff -r aa56d5831270 -r b3882a6a15fd mail/mailman/Makefile
--- a/mail/mailman/Makefile Sat Sep 09 20:32:40 2006 +0000
+++ b/mail/mailman/Makefile Sat Sep 09 23:20:11 2006 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.44 2006/06/15 22:13:59 jlam Exp $
+# $NetBSD: Makefile,v 1.45 2006/09/09 23:20:11 bouyer Exp $
-DISTNAME= mailman-2.1.8
+DISTNAME= mailman-2.1.9rc1
CATEGORIES= mail www
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=mailman/}
EXTRACT_SUFX= .tgz
@@ -64,9 +64,9 @@
PYTHON_VERSIONS_ACCEPTED= 24 23 22 21
PYTHON_PATCH_SCRIPTS+= Mailman/Archiver/pipermail.py
PYTHON_PATCH_SCRIPTS+= Mailman/Post.py
-PYTHON_PATCH_SCRIPTS+= admin/bin/Release.py
PYTHON_PATCH_SCRIPTS+= admin/bin/faq2ht.py
PYTHON_PATCH_SCRIPTS+= admin/bin/mm2do
+PYTHON_PATCH_SCRIPTS+= admin/www/reset_pw.py
PYTHON_PATCH_SCRIPTS+= bin/msgfmt.py
CONFIGURE_ARGS+= --with-cgi-gid=${MAILMAN_CGIGROUP:Q}
diff -r aa56d5831270 -r b3882a6a15fd mail/mailman/PLIST
--- a/mail/mailman/PLIST Sat Sep 09 20:32:40 2006 +0000
+++ b/mail/mailman/PLIST Sat Sep 09 23:20:11 2006 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.11 2006/05/10 13:18:21 joerg Exp $
+@comment $NetBSD: PLIST,v 1.12 2006/09/09 23:20:11 bouyer Exp $
lib/mailman/Mailman/Archiver/Archiver.py
lib/mailman/Mailman/Archiver/Archiver.pyc
lib/mailman/Mailman/Archiver/HyperArch.py
@@ -359,6 +359,8 @@
lib/mailman/icons/mailman.jpg
lib/mailman/icons/mm-icon.png
lib/mailman/mail/mailman
+lib/mailman/messages/ar/LC_MESSAGES/mailman.po
+lib/mailman/messages/ar/LC_MESSAGES/mailman.mo
lib/mailman/messages/ca/LC_MESSAGES/mailman.mo
lib/mailman/messages/ca/LC_MESSAGES/mailman.po
lib/mailman/messages/cs/LC_MESSAGES/mailman.mo
@@ -427,6 +429,8 @@
lib/mailman/messages/tr/LC_MESSAGES/mailman.po
lib/mailman/messages/uk/LC_MESSAGES/mailman.mo
lib/mailman/messages/uk/LC_MESSAGES/mailman.po
+lib/mailman/messages/vi/LC_MESSAGES/mailman.po
+lib/mailman/messages/vi/LC_MESSAGES/mailman.mo
lib/mailman/messages/zh_CN/LC_MESSAGES/mailman.po
lib/mailman/messages/zh_CN/LC_MESSAGES/mailman.mo
lib/mailman/messages/zh_TW/LC_MESSAGES/mailman.po
@@ -611,6 +615,50 @@
lib/mailman/scripts/subscribe
lib/mailman/scripts/unsubscribe
lib/mailman/support/sitelist.cfg
+lib/mailman/templates/ar/admindbdetails.html
+lib/mailman/templates/ar/admindbpreamble.html
+lib/mailman/templates/ar/admindbsummary.html
+lib/mailman/templates/ar/admlogin.html
+lib/mailman/templates/ar/archidxentry.html
+lib/mailman/templates/ar/archidxfoot.html
+lib/mailman/templates/ar/archidxhead.html
+lib/mailman/templates/ar/archlistend.html
+lib/mailman/templates/ar/archliststart.html
+lib/mailman/templates/ar/archtoc.html
+lib/mailman/templates/ar/archtocentry.html
+lib/mailman/templates/ar/archtocnombox.html
+lib/mailman/templates/ar/article.html
+lib/mailman/templates/ar/emptyarchive.html
+lib/mailman/templates/ar/headfoot.html
+lib/mailman/templates/ar/listinfo.html
+lib/mailman/templates/ar/options.html
+lib/mailman/templates/ar/private.html
+lib/mailman/templates/ar/roster.html
+lib/mailman/templates/ar/subscribe.html
+lib/mailman/templates/ar/adminsubscribeack.txt
+lib/mailman/templates/ar/adminunsubscribeack.txt
+lib/mailman/templates/ar/approve.txt
+lib/mailman/templates/ar/bounce.txt
+lib/mailman/templates/ar/checkdbs.txt
+lib/mailman/templates/ar/convert.txt
+lib/mailman/templates/ar/cronpass.txt
+lib/mailman/templates/ar/disabled.txt
+lib/mailman/templates/ar/help.txt
+lib/mailman/templates/ar/invite.txt
+lib/mailman/templates/ar/masthead.txt
+lib/mailman/templates/ar/newlist.txt
+lib/mailman/templates/ar/nomoretoday.txt
+lib/mailman/templates/ar/postack.txt
+lib/mailman/templates/ar/postauth.txt
+lib/mailman/templates/ar/postheld.txt
+lib/mailman/templates/ar/probe.txt
+lib/mailman/templates/ar/refuse.txt
+lib/mailman/templates/ar/subauth.txt
+lib/mailman/templates/ar/subscribeack.txt
+lib/mailman/templates/ar/unsub.txt
+lib/mailman/templates/ar/unsubauth.txt
+lib/mailman/templates/ar/userpass.txt
+lib/mailman/templates/ar/verify.txt
lib/mailman/templates/ca/admindbdetails.html
lib/mailman/templates/ca/admindbpreamble.html
lib/mailman/templates/ca/admindbsummary.html
@@ -1302,6 +1350,14 @@
lib/mailman/templates/nl/adminunsubscribeack.txt
lib/mailman/templates/nl/admlogin.html
lib/mailman/templates/nl/approve.txt
+lib/mailman/templates/nl/archidxentry.html
+lib/mailman/templates/nl/archidxfoot.html
+lib/mailman/templates/nl/archidxhead.html
+lib/mailman/templates/nl/archlistend.html
+lib/mailman/templates/nl/archliststart.html
+lib/mailman/templates/nl/archtoc.html
+lib/mailman/templates/nl/archtocentry.html
+lib/mailman/templates/nl/archtocnombox.html
lib/mailman/templates/nl/article.html
lib/mailman/templates/nl/bounce.txt
lib/mailman/templates/nl/checkdbs.txt
@@ -1315,11 +1371,13 @@
lib/mailman/templates/nl/listinfo.html
lib/mailman/templates/nl/masthead.txt
lib/mailman/templates/nl/newlist.txt
+lib/mailman/templates/nl/nomoretoday.txt
lib/mailman/templates/nl/options.html
lib/mailman/templates/nl/postack.txt
lib/mailman/templates/nl/postauth.txt
lib/mailman/templates/nl/postheld.txt
lib/mailman/templates/nl/private.html
+lib/mailman/templates/nl/probe.txt
lib/mailman/templates/nl/refuse.txt
lib/mailman/templates/nl/roster.html
lib/mailman/templates/nl/subauth.txt
@@ -1791,6 +1849,50 @@
lib/mailman/templates/uk/unsubauth.txt
lib/mailman/templates/uk/userpass.txt
lib/mailman/templates/uk/verify.txt
+lib/mailman/templates/vi/admindbdetails.html
+lib/mailman/templates/vi/admindbpreamble.html
+lib/mailman/templates/vi/admindbsummary.html
+lib/mailman/templates/vi/admlogin.html
+lib/mailman/templates/vi/archidxentry.html
+lib/mailman/templates/vi/archidxfoot.html
+lib/mailman/templates/vi/archidxhead.html
+lib/mailman/templates/vi/archlistend.html
+lib/mailman/templates/vi/archliststart.html
+lib/mailman/templates/vi/archtoc.html
+lib/mailman/templates/vi/archtocentry.html
+lib/mailman/templates/vi/archtocnombox.html
+lib/mailman/templates/vi/article.html
+lib/mailman/templates/vi/emptyarchive.html
+lib/mailman/templates/vi/headfoot.html
+lib/mailman/templates/vi/listinfo.html
+lib/mailman/templates/vi/options.html
+lib/mailman/templates/vi/private.html
+lib/mailman/templates/vi/roster.html
+lib/mailman/templates/vi/subscribe.html
+lib/mailman/templates/vi/adminsubscribeack.txt
+lib/mailman/templates/vi/adminunsubscribeack.txt
+lib/mailman/templates/vi/approve.txt
+lib/mailman/templates/vi/bounce.txt
+lib/mailman/templates/vi/checkdbs.txt
+lib/mailman/templates/vi/convert.txt
+lib/mailman/templates/vi/cronpass.txt
+lib/mailman/templates/vi/disabled.txt
+lib/mailman/templates/vi/help.txt
+lib/mailman/templates/vi/invite.txt
+lib/mailman/templates/vi/masthead.txt
+lib/mailman/templates/vi/newlist.txt
+lib/mailman/templates/vi/nomoretoday.txt
+lib/mailman/templates/vi/postack.txt
+lib/mailman/templates/vi/postauth.txt
+lib/mailman/templates/vi/postheld.txt
+lib/mailman/templates/vi/probe.txt
+lib/mailman/templates/vi/refuse.txt
+lib/mailman/templates/vi/subauth.txt
+lib/mailman/templates/vi/subscribeack.txt
+lib/mailman/templates/vi/unsub.txt
+lib/mailman/templates/vi/unsubauth.txt
+lib/mailman/templates/vi/userpass.txt
+lib/mailman/templates/vi/verify.txt
lib/mailman/templates/zh_CN/admindbdetails.html
lib/mailman/templates/zh_CN/admindbpreamble.html
lib/mailman/templates/zh_CN/admindbsummary.html
@@ -1979,6 +2081,7 @@
@dirrm lib/mailman/tests
@dirrm lib/mailman/templates/zh_TW
@dirrm lib/mailman/templates/zh_CN
+@dirrm lib/mailman/templates/vi
@dirrm lib/mailman/templates/uk
@dirrm lib/mailman/templates/tr
@dirrm lib/mailman/templates/sv
@@ -2008,6 +2111,7 @@
@dirrm lib/mailman/templates/da
@dirrm lib/mailman/templates/cs
@dirrm lib/mailman/templates/ca
+@dirrm lib/mailman/templates/ar
@dirrm lib/mailman/templates
@dirrm lib/mailman/support
@dirrm lib/mailman/scripts
@@ -2029,6 +2133,8 @@
@dirrm lib/mailman/messages/zh_TW
@dirrm lib/mailman/messages/zh_CN/LC_MESSAGES
@dirrm lib/mailman/messages/zh_CN
+@dirrm lib/mailman/messages/vi/LC_MESSAGES
+@dirrm lib/mailman/messages/vi
@dirrm lib/mailman/messages/uk/LC_MESSAGES
@dirrm lib/mailman/messages/uk
@dirrm lib/mailman/messages/tr/LC_MESSAGES
@@ -2085,6 +2191,8 @@
@dirrm lib/mailman/messages/cs
@dirrm lib/mailman/messages/ca/LC_MESSAGES
@dirrm lib/mailman/messages/ca
+@dirrm lib/mailman/messages/ar/LC_MESSAGES
+@dirrm lib/mailman/messages/ar
@dirrm lib/mailman/messages
@dirrm lib/mailman/mail
@dirrm lib/mailman/icons
diff -r aa56d5831270 -r b3882a6a15fd mail/mailman/distinfo
--- a/mail/mailman/distinfo Sat Sep 09 20:32:40 2006 +0000
+++ b/mail/mailman/distinfo Sat Sep 09 23:20:11 2006 +0000
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.12 2006/06/14 14:31:35 tv Exp $
+$NetBSD: distinfo,v 1.13 2006/09/09 23:20:11 bouyer Exp $
-SHA1 (mailman-2.1.8.tgz) = 4ff71bc2a02f9ac06dada71d4c5b3208c0959aa2
-RMD160 (mailman-2.1.8.tgz) = ee697e25b3c9407fa032d482dc4b597b281367fa
-Size (mailman-2.1.8.tgz) = 6856039 bytes
+SHA1 (mailman-2.1.9rc1.tgz) = 4370a107991d88b497dfa6722b97945274718f7f
+RMD160 (mailman-2.1.9rc1.tgz) = c8f6d61fbb500ec073049c5951d3482ed91cbb44
+Size (mailman-2.1.9rc1.tgz) = 7851444 bytes
SHA1 (patch-aa) = f0bc550b28794008ea840a88a5b0053578f3ae0f
SHA1 (patch-ab) = 39f6294e53110bd1fd09b1e90ab46820f4d48e3f
SHA1 (patch-ad) = 665884b9dd1789e4abd430c762bdbfd707d48d30
Home |
Main Index |
Thread Index |
Old Index