pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/mail/mailman Upgrade to 2.1.7nb1.
details: https://anonhg.NetBSD.org/pkgsrc/rev/1ce96ab3df58
branches: trunk
changeset: 506755:1ce96ab3df58
user: bouyer <bouyer%pkgsrc.org@localhost>
date: Sat Jan 21 16:14:24 2006 +0000
description:
Upgrade to 2.1.7nb1.
Local change (which is why we have PKGREVISION=1)
Fix http://secunia.com/advisories/18449/ (CVE-2005-4153) based on debian
patches.
Changes between 2.1.6 and 2.1.7:
Security
- The fix for CAN-2005-0202 has been enhanced to issue an appropriate
message instead of just quietly dropping ./ and ../ from URLs.
- A note on CVE-2005-3573: Although the RFC2231 bug example in the CVE has
been solved in Mailman 2.1.6, there may be more cases where
ToDigest.send_digests() can block regular delivery. We put the
send_digests() calling part in a try/except clause and leave a message
in the error log if something happened in send_digests(). Daily call of
cron/senddigests will provide more detail to the site administrator.
- List administrators can no longer change the user's option/subscription
globally. Site admin can change these only if
mm_cfg.ALLOW_SITE_ADMIN_COOKIES is set to Yes.
- <script> tags are HTML-escaped in the edithtml CGI script.
- Since the probe message for disabled users may reach unintended
recipients, the password is excluded from sendProbe() and probe.txt.
Note that the default value of VERP_PROBE has been set to `No' from
2.1.6., thus this change doesn't affect the default behavior.
New Features
- Always remove DomainKey (and similar) headers from messages sent to the
list. (1287546)
- List owners can control the content filter behavior when collapsing
multipart/alternative parts to its first subpart. This allows the
option of letting the HTML part pass through after other content
filtering is done.
Internationalization
- New language: Interlingua.
Bug fixes and other patches
- Defaults.py.in: SCRUBBER_DONT_USE_ATTACHMENT_FILENAME is set to True for
safer operation.
- Fixed the bug where Scrubber.py munges quoted-printable by introducing
the 'X-Mailman-Scrubbed' header which marks that the payload is
scrubber-munged. The flag is referenced in ToDigest.py, ToArchive.py,
Decorate.py and Archiver. A similar problem in ToDigest.py where the
plain digest is generated is also fixed.
- Fixed Syslog.py to write quopri encoded messages when it fail to write
8-bit characters.
- Fixed MTA/Postfix.py to check aliases group permission in check_perms
and fixed mailman-install document on this matter (1378270).
- Fixed private.py to go to the original URL after authorization
(1080943).
- Fixed bounce log score messages to be more consistent.
- Fixed bin/remove_members to accept no arguments when both --fromall and
--file= options are specified.
- Changed cgi-bin and mail wrapper "group not found" error message to be
more descriptive of the actual problem.
- The list's ban_list now applies to address changes, admin mass
subscribes and invites, and to confirmations/approvals of address
changes, subscriptions and invitations.
- quoted-printable and base64 encoded parts are decoded before passing to
HTML_TO_PLAIN_TEXT_COMMAND (1367783).
- Approve: header is removed from posts, and treated the same as the
Approved: header. (1355707)
- Fixed the removal of the line following Approve[d]: line in body of
post. (1318883)
- The Approve[d]: <password> header is removed from all text/* parts in
addition the initial text/plain part. It must still be the first
non-blank line in the first text/plain part or it won't be found or
removed at all. (1181161)
- Posts are now logged in post log file with the true sender, not
listname-bounces. (1287921)
- Correctly initialize and remember the list's default_member_moderation
attribute in the web list creation page. (1263213)
- PEP263 charset is added to the config_list output. (1343100)
- Fixed header_filter_rules getting lost if accessed directly and
authentication was needed by login page. (1230865)
- Obscure email when the poster doesn't set full name in 'From:' header.
- Preambles and epilogues are taken into account when calculating message
sizes for holding purposes. (Mark Sapiro)
- Logging/Logger.py unicode transform option. (1235567)
- bin/update crashes with bogus files. (949117)
- Bugs and patches: 1212066/1301983 (Date header in create/remove notice)
diffstat:
mail/mailman/Makefile | 7 ++---
mail/mailman/PLIST | 51 ++++++++++++++++++++++++++++++++++++++-
mail/mailman/distinfo | 11 ++++---
mail/mailman/patches/patch-ac | 56 -------------------------------------------
mail/mailman/patches/patch-ai | 17 +++++++++++++
mail/mailman/patches/patch-aj | 17 +++++++++++++
6 files changed, 93 insertions(+), 66 deletions(-)
diffs (228 lines):
diff -r 3deddfd427d1 -r 1ce96ab3df58 mail/mailman/Makefile
--- a/mail/mailman/Makefile Sat Jan 21 16:10:54 2006 +0000
+++ b/mail/mailman/Makefile Sat Jan 21 16:14:24 2006 +0000
@@ -1,10 +1,9 @@
-# $NetBSD: Makefile,v 1.29 2006/01/20 23:33:24 joerg Exp $
+# $NetBSD: Makefile,v 1.30 2006/01/21 16:14:24 bouyer Exp $
-DISTNAME= mailman-2.1.6
+DISTNAME= mailman-2.1.7
PKGREVISION= 1
CATEGORIES= mail www
-MASTER_SITES= http://www.list.org/ \
- ${MASTER_SITE_GNU:=mailman/}
+MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=mailman/}
EXTRACT_SUFX= .tgz
MAINTAINER= bouyer%NetBSD.org@localhost
diff -r 3deddfd427d1 -r 1ce96ab3df58 mail/mailman/PLIST
--- a/mail/mailman/PLIST Sat Jan 21 16:10:54 2006 +0000
+++ b/mail/mailman/PLIST Sat Jan 21 16:14:24 2006 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.8 2005/06/01 23:25:07 bouyer Exp $
+@comment $NetBSD: PLIST,v 1.9 2006/01/21 16:14:24 bouyer Exp $
lib/mailman/Mailman/Archiver/Archiver.py
lib/mailman/Mailman/Archiver/Archiver.pyc
lib/mailman/Mailman/Archiver/HyperArch.py
@@ -380,6 +380,8 @@
lib/mailman/messages/hu/LC_MESSAGES/mailman.mo
lib/mailman/messages/hu/LC_MESSAGES/mailman.po
lib/mailman/messages/hu/README.hu
+lib/mailman/messages/ia/LC_MESSAGES/mailman.mo
+lib/mailman/messages/ia/LC_MESSAGES/mailman.po
lib/mailman/messages/it/LC_MESSAGES/mailman.mo
lib/mailman/messages/it/LC_MESSAGES/mailman.po
lib/mailman/messages/it/README.it
@@ -1077,6 +1079,50 @@
lib/mailman/templates/hu/unsubauth.txt
lib/mailman/templates/hu/userpass.txt
lib/mailman/templates/hu/verify.txt
+lib/mailman/templates/ia/admindbdetails.html
+lib/mailman/templates/ia/admindbpreamble.html
+lib/mailman/templates/ia/admindbsummary.html
+lib/mailman/templates/ia/admlogin.html
+lib/mailman/templates/ia/archidxentry.html
+lib/mailman/templates/ia/archidxfoot.html
+lib/mailman/templates/ia/archidxhead.html
+lib/mailman/templates/ia/archlistend.html
+lib/mailman/templates/ia/archliststart.html
+lib/mailman/templates/ia/archtoc.html
+lib/mailman/templates/ia/archtocentry.html
+lib/mailman/templates/ia/archtocnombox.html
+lib/mailman/templates/ia/article.html
+lib/mailman/templates/ia/emptyarchive.html
+lib/mailman/templates/ia/headfoot.html
+lib/mailman/templates/ia/listinfo.html
+lib/mailman/templates/ia/options.html
+lib/mailman/templates/ia/private.html
+lib/mailman/templates/ia/roster.html
+lib/mailman/templates/ia/subscribe.html
+lib/mailman/templates/ia/adminsubscribeack.txt
+lib/mailman/templates/ia/adminunsubscribeack.txt
+lib/mailman/templates/ia/approve.txt
+lib/mailman/templates/ia/bounce.txt
+lib/mailman/templates/ia/checkdbs.txt
+lib/mailman/templates/ia/convert.txt
+lib/mailman/templates/ia/cronpass.txt
+lib/mailman/templates/ia/disabled.txt
+lib/mailman/templates/ia/help.txt
+lib/mailman/templates/ia/invite.txt
+lib/mailman/templates/ia/masthead.txt
+lib/mailman/templates/ia/newlist.txt
+lib/mailman/templates/ia/nomoretoday.txt
+lib/mailman/templates/ia/postack.txt
+lib/mailman/templates/ia/postauth.txt
+lib/mailman/templates/ia/postheld.txt
+lib/mailman/templates/ia/probe.txt
+lib/mailman/templates/ia/refuse.txt
+lib/mailman/templates/ia/subauth.txt
+lib/mailman/templates/ia/subscribeack.txt
+lib/mailman/templates/ia/unsub.txt
+lib/mailman/templates/ia/unsubauth.txt
+lib/mailman/templates/ia/userpass.txt
+lib/mailman/templates/ia/verify.txt
lib/mailman/templates/it/admindbdetails.html
lib/mailman/templates/it/admindbpreamble.html
lib/mailman/templates/it/admindbsummary.html
@@ -1910,6 +1956,7 @@
@dirrm lib/mailman/templates/ko
@dirrm lib/mailman/templates/ja
@dirrm lib/mailman/templates/it
+@dirrm lib/mailman/templates/ia
@dirrm lib/mailman/templates/hu
@dirrm lib/mailman/templates/hr
@dirrm lib/mailman/templates/fr
@@ -1975,6 +2022,8 @@
@dirrm lib/mailman/messages/ja
@dirrm lib/mailman/messages/it/LC_MESSAGES
@dirrm lib/mailman/messages/it
+@dirrm lib/mailman/messages/ia/LC_MESSAGES
+@dirrm lib/mailman/messages/ia
@dirrm lib/mailman/messages/hu/LC_MESSAGES
@dirrm lib/mailman/messages/hu
@dirrm lib/mailman/messages/hr/LC_MESSAGES
diff -r 3deddfd427d1 -r 1ce96ab3df58 mail/mailman/distinfo
--- a/mail/mailman/distinfo Sat Jan 21 16:10:54 2006 +0000
+++ b/mail/mailman/distinfo Sat Jan 21 16:14:24 2006 +0000
@@ -1,13 +1,14 @@
-$NetBSD: distinfo,v 1.9 2005/12/08 21:09:04 bouyer Exp $
+$NetBSD: distinfo,v 1.10 2006/01/21 16:14:24 bouyer Exp $
-SHA1 (mailman-2.1.6.tgz) = cfabc1629feba109f85e51b85c1f64e4491e7ac4
-RMD160 (mailman-2.1.6.tgz) = 37107687d49d2a67e788fd51e11df5cb4b4e7929
-Size (mailman-2.1.6.tgz) = 6482726 bytes
+SHA1 (mailman-2.1.7.tgz) = f84b465dc03227f384ea902fca3d8396035bd9e2
+RMD160 (mailman-2.1.7.tgz) = 05eb4119c7fd4d1a3af00dc5b60601f4ee2896df
+Size (mailman-2.1.7.tgz) = 6736536 bytes
SHA1 (patch-aa) = f0bc550b28794008ea840a88a5b0053578f3ae0f
SHA1 (patch-ab) = 39f6294e53110bd1fd09b1e90ab46820f4d48e3f
-SHA1 (patch-ac) = e539f39a747beae22b07694196092c786318698d
SHA1 (patch-ad) = 665884b9dd1789e4abd430c762bdbfd707d48d30
SHA1 (patch-ae) = 6c17de398014217be8f1c7a3b3a6f8d379fc0fb2
SHA1 (patch-af) = 985a619a055151d998cefd0c1b7280a0d55f889e
SHA1 (patch-ag) = f94f190e69ce892841b88574ec8e9f100b182ed9
SHA1 (patch-ah) = 42296c52e30b1fcc1d42ef0f1b89c83414ca85df
+SHA1 (patch-ai) = 9b54bd2326bd9e0bbce588fda2bf287a4c480295
+SHA1 (patch-aj) = eb4e78f817f6d2ddab9e60b4b1cf902e28391689
diff -r 3deddfd427d1 -r 1ce96ab3df58 mail/mailman/patches/patch-ac
--- a/mail/mailman/patches/patch-ac Sat Jan 21 16:10:54 2006 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,56 +0,0 @@
-$NetBSD: patch-ac,v 1.5 2005/12/08 21:09:04 bouyer Exp $
-
-Fix for http://secunia.com/advisories/17511/ adapted from
-http://ftp.debian.org/debian/pool/main/m/mailman/mailman_2.1.5-10.diff.gz
-
---- Mailman/Handlers/Scrubber.py.orig 2005-05-22 22:55:08.000000000 +0300
-+++ Mailman/Handlers/Scrubber.py 2005-12-05 12:58:43.000000000 +0200
-@@ -195,7 +195,10 @@ def process(mlist, msg, msgdata=None):
- url = save_attachment(mlist, part, dir)
- finally:
- os.umask(omask)
-- filename = part.get_filename(_('not available'))
-+ try:
-+ filename = part.get_filename(_('not available'))
-+ except UnicodeDecodeError:
-+ filename = _('not available')
- filename = Utils.oneline(filename, lcset)
- del part['content-type']
- del part['content-transfer-encoding']
-@@ -300,7 +303,10 @@ Url: %(url)s
- finally:
- os.umask(omask)
- desc = part.get('content-description', _('not available'))
-- filename = part.get_filename(_('not available'))
-+ try:
-+ filename = part.get_filename(_('not available'))
-+ except UnicodeDecodeError:
-+ filename = _('not available')
- filename = Utils.oneline(filename, lcset)
- del part['content-type']
- del part['content-transfer-encoding']
-@@ -408,7 +414,11 @@ def save_attachment(mlist, msg, dir, fil
- ctype = msg.get_content_type()
- # i18n file name is encoded
- lcset = Utils.GetCharSet(mlist.preferred_language)
-- filename = Utils.oneline(msg.get_filename(''), lcset)
-+ try:
-+ filename = msg.get_filename('')
-+ except UnicodeDecodeError:
-+ filename = ''
-+ filename = Utils.oneline(filename, lcset)
- fnext = os.path.splitext(filename)[1]
- # For safety, we should confirm this is valid ext for content-type
- # but we can use fnext if we introduce fnext filtering
-@@ -434,7 +444,10 @@ def save_attachment(mlist, msg, dir, fil
- try:
- # Now base the filename on what's in the attachment, uniquifying it if
- # necessary.
-- filename = msg.get_filename()
-+ try:
-+ filename = msg.get_filename()
-+ except UnicodeDecodeError:
-+ filename = None
- if not filename or mm_cfg.SCRUBBER_DONT_USE_ATTACHMENT_FILENAME:
- filebase = 'attachment'
- else:
diff -r 3deddfd427d1 -r 1ce96ab3df58 mail/mailman/patches/patch-ai
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/mail/mailman/patches/patch-ai Sat Jan 21 16:14:24 2006 +0000
@@ -0,0 +1,17 @@
+$NetBSD: patch-ai,v 1.3 2006/01/21 16:14:24 bouyer Exp $
+
+Fix for http://secunia.com/advisories/18449/. Adapted from
+Adapted from
+http://security.ubuntu.com/ubunt...mailman_2.1.5-8ubuntu2.1.diff.gz
+
+--- Mailman/Queue/ArchRunner.py.orig Sat Jan 21 15:51:14 2006
++++ Mailman/Queue/ArchRunner.py Sat Jan 21 15:51:50 2006
+@@ -49,7 +49,7 @@
+ elif abs(now - mktime_tz(tup)) > \
+ mm_cfg.ARCHIVER_ALLOWABLE_SANE_DATE_SKEW:
+ clobber = 1
+- except ValueError:
++ except (OverflowError, ValueError):
+ # The likely cause of this is that the year in the Date: field
+ # is horribly incorrect, e.g. (from SF bug # 571634):
+ # Date: Tue, 18 Jun 0102 05:12:09 +0500
diff -r 3deddfd427d1 -r 1ce96ab3df58 mail/mailman/patches/patch-aj
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/mail/mailman/patches/patch-aj Sat Jan 21 16:14:24 2006 +0000
@@ -0,0 +1,17 @@
+$NetBSD: patch-aj,v 1.1 2006/01/21 16:14:24 bouyer Exp $
+
+Fix for http://secunia.com/advisories/18449/. Adapted from
+Adapted from
+http://security.ubuntu.com/ubunt...mailman_2.1.5-8ubuntu2.1.diff.gz
+
+--- Mailman/Handlers/Scrubber.py.orig Sat Jan 21 15:49:01 2006
++++ Mailman/Handlers/Scrubber.py Sat Jan 21 15:50:36 2006
+@@ -143,7 +143,7 @@
+ }.get(parts[3], 0)
+ day = int(parts[4])
+ year = int(parts[6])
+- except (IndexError, ValueError):
++ except (OverflowError, IndexError, ValueError):
+ # Best we can do I think
+ month = day = year = 0
+ datedir = '%04d%02d%02d' % (year, month, day)
Home |
Main Index |
Thread Index |
Old Index