[pkgsrc/trunk]: pkgsrc/mail/mailman Apply patch (from debian via Kimmo Suomin...

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc/mail/mailman Apply patch (from debian via Kimmo Suomin...
From: bouyer <bouyer%pkgsrc.org@localhost>
Date: Thu, 14 Oct 2021 02:43:48 +0000

details:   https://anonhg.NetBSD.org/pkgsrc/rev/ea97000e1433
branches:  trunk
changeset: 504311:ea97000e1433
user:      bouyer <bouyer%pkgsrc.org@localhost>
date:      Thu Dec 08 21:09:04 2005 +0000

description:
Apply patch (from debian via Kimmo Suominen) to address
http://secunia.com/advisories/17511/ (denial of service).

diffstat:

 mail/mailman/Makefile         |   3 +-
 mail/mailman/distinfo         |   3 +-
 mail/mailman/patches/patch-ac |  56 +++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 60 insertions(+), 2 deletions(-)

diffs (88 lines):

diff -r 2a622447055e -r ea97000e1433 mail/mailman/Makefile
--- a/mail/mailman/Makefile     Thu Dec 08 19:41:04 2005 +0000
+++ b/mail/mailman/Makefile     Thu Dec 08 21:09:04 2005 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.26 2005/12/05 23:55:11 rillig Exp $
+# $NetBSD: Makefile,v 1.27 2005/12/08 21:09:04 bouyer Exp $
 
 DISTNAME=      mailman-2.1.6
+PKGREVISION=   1
 CATEGORIES=    mail www
 MASTER_SITES=  http://www.list.org/ \
                ${MASTER_SITE_GNU:=mailman/}
diff -r 2a622447055e -r ea97000e1433 mail/mailman/distinfo
--- a/mail/mailman/distinfo     Thu Dec 08 19:41:04 2005 +0000
+++ b/mail/mailman/distinfo     Thu Dec 08 21:09:04 2005 +0000
@@ -1,10 +1,11 @@
-$NetBSD: distinfo,v 1.8 2005/06/01 23:25:07 bouyer Exp $
+$NetBSD: distinfo,v 1.9 2005/12/08 21:09:04 bouyer Exp $
 
 SHA1 (mailman-2.1.6.tgz) = cfabc1629feba109f85e51b85c1f64e4491e7ac4
 RMD160 (mailman-2.1.6.tgz) = 37107687d49d2a67e788fd51e11df5cb4b4e7929
 Size (mailman-2.1.6.tgz) = 6482726 bytes
 SHA1 (patch-aa) = f0bc550b28794008ea840a88a5b0053578f3ae0f
 SHA1 (patch-ab) = 39f6294e53110bd1fd09b1e90ab46820f4d48e3f
+SHA1 (patch-ac) = e539f39a747beae22b07694196092c786318698d
 SHA1 (patch-ad) = 665884b9dd1789e4abd430c762bdbfd707d48d30
 SHA1 (patch-ae) = 6c17de398014217be8f1c7a3b3a6f8d379fc0fb2
 SHA1 (patch-af) = 985a619a055151d998cefd0c1b7280a0d55f889e
diff -r 2a622447055e -r ea97000e1433 mail/mailman/patches/patch-ac
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/mail/mailman/patches/patch-ac     Thu Dec 08 21:09:04 2005 +0000
@@ -0,0 +1,56 @@
+$NetBSD: patch-ac,v 1.5 2005/12/08 21:09:04 bouyer Exp $
+
+Fix for http://secunia.com/advisories/17511/ adapted from
+http://ftp.debian.org/debian/pool/main/m/mailman/mailman_2.1.5-10.diff.gz
+
+--- Mailman/Handlers/Scrubber.py.orig  2005-05-22 22:55:08.000000000 +0300
++++ Mailman/Handlers/Scrubber.py       2005-12-05 12:58:43.000000000 +0200
+@@ -195,7 +195,10 @@ def process(mlist, msg, msgdata=None):
+                     url = save_attachment(mlist, part, dir)
+                 finally:
+                     os.umask(omask)
+-                filename = part.get_filename(_('not available'))
++                try:
++                    filename = part.get_filename(_('not available'))
++                except UnicodeDecodeError:
++                    filename = _('not available')
+                 filename = Utils.oneline(filename, lcset)
+                 del part['content-type']
+                 del part['content-transfer-encoding']
+@@ -300,7 +303,10 @@ Url: %(url)s
+             finally:
+                 os.umask(omask)
+             desc = part.get('content-description', _('not available'))
+-            filename = part.get_filename(_('not available'))
++            try:
++                filename = part.get_filename(_('not available'))
++            except UnicodeDecodeError:
++                filename = _('not available')
+             filename = Utils.oneline(filename, lcset)
+             del part['content-type']
+             del part['content-transfer-encoding']
+@@ -408,7 +414,11 @@ def save_attachment(mlist, msg, dir, fil
+     ctype = msg.get_content_type()
+     # i18n file name is encoded
+     lcset = Utils.GetCharSet(mlist.preferred_language)
+-    filename = Utils.oneline(msg.get_filename(''), lcset)
++    try:
++        filename = msg.get_filename('')
++    except UnicodeDecodeError:
++        filename = ''
++    filename = Utils.oneline(filename, lcset)
+     fnext = os.path.splitext(filename)[1]
+     # For safety, we should confirm this is valid ext for content-type
+     # but we can use fnext if we introduce fnext filtering
+@@ -434,7 +444,10 @@ def save_attachment(mlist, msg, dir, fil
+     try:
+         # Now base the filename on what's in the attachment, uniquifying it if
+         # necessary.
+-        filename = msg.get_filename()
++        try:
++            filename = msg.get_filename()
++        except UnicodeDecodeError:
++            filename = None
+         if not filename or mm_cfg.SCRUBBER_DONT_USE_ATTACHMENT_FILENAME:
+             filebase = 'attachment'
+         else:

Prev by Date: [pkgsrc/trunk]: pkgsrc More xpdf buffer overflows.
Next by Date: [pkgsrc/trunk]: pkgsrc/editors/mg2a Remove malloc prototype, add ereply proto...
Previous by Thread: [pkgsrc/trunk]: pkgsrc More xpdf buffer overflows.
Next by Thread: [pkgsrc/trunk]: pkgsrc/editors/mg2a Remove malloc prototype, add ereply proto...
Indexes:

Home | Main Index | Thread Index | Old Index