[pkgsrc/pkgsrc-2008Q3]: pkgsrc/mail/sympa Pullup ticket #2617 - requested by ...

[tron <tron%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/5e2cdeb6885b
branches:  pkgsrc-2008Q3
changeset: 547941:5e2cdeb6885b
user:      tron <tron%pkgsrc.org@localhost>
date:      Mon Dec 29 11:33:05 2008 +0000

description:
Pullup ticket #2617 - requested by bouyer
sympa: security update

Revisions pulled up:
- mail/sympa/Makefile                   1.38 (via patch)
- mail/sympa/PLIST                      1.7 (via patch)
- mail/sympa/distinfo                   1.11 (via patch)
---
Module Name:    pkgsrc
Committed By:   bouyer
Date:           Sat Dec 20 19:02:12 UTC 2008

Modified Files:
        pkgsrc/mail/sympa: Makefile PLIST distinfo

Log Message:
Update sympa to 5.4.4. Bug fixes (including SQL injestion and privilege
escalation vulnerabilities) and updated translations:
    * Sympa was not fully compliant to the RFC 2616, leading for example
      to possible unwanted list deletion by administrators using prefetching
      tools. This was fixed by replacing all the threatening GET requests
      by POST requests;
    * Use of sprint() function for creating SQL queries lead to possible
      SQL injection through cookie manipulation;
    * The use of files in /tmp lead to vulnerabilities.

diffstat:

 mail/sympa/Makefile |  6 +++---
 mail/sympa/PLIST    |  5 +++--
 mail/sympa/distinfo |  8 ++++----
 3 files changed, 10 insertions(+), 9 deletions(-)

diffs (59 lines):

diff -r ef699b657721 -r 5e2cdeb6885b mail/sympa/Makefile
--- a/mail/sympa/Makefile       Wed Dec 17 21:07:10 2008 +0000
+++ b/mail/sympa/Makefile       Mon Dec 29 11:33:05 2008 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.32.8.1 2008/12/01 07:53:20 rtr Exp $
+# $NetBSD: Makefile,v 1.32.8.2 2008/12/29 11:33:05 tron Exp $
 #
 
-DISTNAME=      sympa-5.4.2
+DISTNAME=      sympa-5.4.4
 CATEGORIES=    mail
 MASTER_SITES=  http://www.sympa.org/distribution/ \
                http://www.sympa.org/distribution/old/
@@ -37,7 +37,7 @@
 
 OPSYSVARS+=    DEPENDS
 
-USE_TOOLS+=            gmake
+USE_TOOLS+=            gmake msgfmt
 
 GNU_CONFIGURE=         YES
 CONFIGURE_ARGS+=       --with-confdir=${PKG_SYSCONFDIR:Q}
diff -r ef699b657721 -r 5e2cdeb6885b mail/sympa/PLIST
--- a/mail/sympa/PLIST  Wed Dec 17 21:07:10 2008 +0000
+++ b/mail/sympa/PLIST  Mon Dec 29 11:33:05 2008 +0000
@@ -1,10 +1,9 @@
-@comment $NetBSD: PLIST,v 1.5 2008/04/27 17:06:40 bouyer Exp $
+@comment $NetBSD: PLIST,v 1.5.8.1 2008/12/29 11:33:05 tron Exp $
 man/man8/alias_manager.8
 man/man8/archived.8
 man/man8/bounced.8
 man/man8/sympa.8
 share/doc/sympa/NEWS
-share/doc/sympa/sympa.pdf
 share/examples/sympa/README
 share/examples/sympa/employees.ldap
 share/examples/sympa/robot.conf
@@ -470,3 +469,5 @@
 @dirrm share/doc/sympa
 @dirrm share/examples/sympa/sample-list
 @dirrm share/examples/sympa
+
+
diff -r ef699b657721 -r 5e2cdeb6885b mail/sympa/distinfo
--- a/mail/sympa/distinfo       Wed Dec 17 21:07:10 2008 +0000
+++ b/mail/sympa/distinfo       Mon Dec 29 11:33:05 2008 +0000
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.9 2008/04/27 17:06:40 bouyer Exp $
+$NetBSD: distinfo,v 1.9.8.1 2008/12/29 11:33:05 tron Exp $
 
-SHA1 (sympa-5.4.2.tar.gz) = 80b3de57b1809049f9a6772a0ca153c5eafef282
-RMD160 (sympa-5.4.2.tar.gz) = 7e9525e469d2611553418e6664a784067661eeb1
-Size (sympa-5.4.2.tar.gz) = 5513067 bytes
+SHA1 (sympa-5.4.4.tar.gz) = 673d3a031ef2718ed234ce0814ad1d0083883919
+RMD160 (sympa-5.4.4.tar.gz) = fb0b61ac3a56981ac7f44a1863504be937e4f4b5
+Size (sympa-5.4.4.tar.gz) = 6523229 bytes
 SHA1 (patch-aa) = 8db2096214d667d5bada0ffb97994be9e0891547
 SHA1 (patch-ab) = 404ce642a733ef7922f58613c56f449f75641a9a
 SHA1 (patch-ac) = 77802bab188da024c18810c07bf62064b28e3af1