[pkgsrc/pkgsrc-2020Q1]: pkgsrc/mail/mailman Pullup ticket #6201 - requested b...

To: source-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/pkgsrc-2020Q1]: pkgsrc/mail/mailman Pullup ticket #6201 - requested b...
From: bsiegert <bsiegert%pkgsrc.org@localhost>
Date: Fri, 15 May 2020 17:58:57 +0000
details:   https://anonhg.NetBSD.org/pkgsrc/rev/511600a5b8fc
branches:  pkgsrc-2020Q1
changeset: 431667:511600a5b8fc
user:      bsiegert <bsiegert%pkgsrc.org@localhost>
date:      Fri May 15 16:57:56 2020 +0000

description:
Pullup ticket #6201 - requested by nia
mail/mailman: security fix

Revisions pulled up:
- mail/mailman/Makefile                                         1.91
- mail/mailman/PLIST                                            1.29
- mail/mailman/distinfo                                         1.27

---
   Module Name: pkgsrc
   Committed By:        nia
   Date:                Fri May 15 09:40:46 UTC 2020

   Modified Files:
        pkgsrc/mail/mailman: Makefile PLIST distinfo

   Log Message:
   mailman: Update to 2.1.33

   >From jcea via pkgsrc-wip

   2.1.33 (07-May-2020)

     Security

       - A content injection vulnerability via the private login page has been
         fixed.  (LP: #1877379)

   2.1.32 (05-May-2020)

     i18n

       Fixed a typo in the Spanish translation and uptated mailman.pot and
       the message catalog for 2.1.31 security fix.

   2.1.31 (05-May-2020)

     Security

       - A content injection vulnerability via the options login page has been
         discovered and reported by Vishal Singh. This is fixed.  (LP: #1873722)

     i18n

       - The Spanish translation has been updated by Omar Walid Llorente.

     Bug Fixes and other patches

       - Bounce recognition for a non-compliant Yahoo format is added.

       - Archiving workaround for non-ascii in string.lowercase in some Python
         packages is added.

   2.1.30 (13-Apr-2020)

     New Features

       - Thanks to Jim Popovitch, there is now a dmarc_moderation_addresses
         list setting that can be used to apply dmarc_moderation_action to mail
         From: addresses listed or matching listed regexps.  This can be used
         to modify mail to addresses that don't accept external mail From:
         themselves.

       - There is a new MAX_LISTNAME_LENGTH setting.  The fix for LP: #1780874
         obtains a list of the names of all the all the lists in the installation
         in order to determine the maximum length of a legitimate list name.  It
         does this on every web access and on sites with a very large number of
         lists, this can have performance implications.  See the description in
         Defaults.py for more information.

       - Thanks to Ralf Jung there is now the ability to add text based captchas
         (aka textchas) to the listinfo subscribe form.  See the documentation
         for the new CAPTCHA setting in Defaults.py for how to enable this.  Also
         note that if you have custom listinfo.html templates, you will have to
         add a <mm-captcha-ui> tag to those templates to make this work.  This
         feature can be used in combination with or instead of the Google
         reCAPTCHA feature added in 2.1.26.

       - Thanks to Ralf Hildebrandt the web admin Membership Management section
         now has a feature to sync the list's membership with a list of email
         addresses as with the bin/sync_members command.

       - There is a new drop_cc list attribute set from DEFAULT_DROP_CC.  This
         controls the dropping of addresses from the Cc: header in delivered
         messages by the duplicate avoidance process.  (LP: #1845751)

       - There is a new REFUSE_SECOND_PENDING mm_cfg.py setting that will cause
         a second request to subscribe to a list when there is already a pending
         confirmation for that user.  This can be set to Yes to prevent
         mailbombing of a third party by repeatedly posting the subscribe form.
         (LP: #1859104)

     i18n

       - The Japanese translation has been updated by Yasuhito FUTATSUKI.

       - The German translation has been updated by Ludwig Reiter.

       - The Spanish translation has been updated by Omar Walid Llorente.

       - The Brazilian Portugese translation has been updated by Emerson de Mello.

     Bug Fixes and other patches

       - Fixed the confirm CGI to catch a rare TypeError on simultaneous
         confirmations of the same token.  (LP: #1785854)

       - Scrubbed application/octet-stream MIME parts will now be given a
         .bin extension instead of .obj.

       - Added bounce recognition for a non-compliant opensmtpd DSN with
         Action: error.  (LP: #1805137)

       - Corrected and augmented some security log messages.  (LP: #1810098)

       - Implemented use of QRUNNER_SLEEP_TIME for bin/qrunner --runner=All.
         (LP: #1818205)

       - Leading/trailing spaces in provided email addresses for login to private
         archives and the user options page are now ignored.  (LP: #1818872)

       - Fixed the spelling of the --no-restart option for mailmanctl.

       - Fixed an issue where certain combinations of charset and invalid
         characters in a list's description could produce a List-ID header
         without angle brackets.  (LP: #1831321)

       - With the Postfix MTA and virtual domains, mappings for the site list
         -bounces and -request addresses in each virtual domain are now added
         to data/virtual-mailman (-owner was done in 2.1.24).  (LP: #1831777)

       - The paths.py module now extends sys.path with the result of
         site.getsitepackages() if available.  (LP: #1838866)

       - A bug causing a UnicodeDecodeError in preparing to send the confirmation
         request message to a new subscriber has been fixed.  (LP: #1851442)

       - The SimpleMatch heuristic bounce recognizer has been improved to not
         return most invalid email addresses.  (LP: #1859011)

diffstat:

 mail/mailman/Makefile |  11 +++++------
 mail/mailman/PLIST    |   4 +++-
 mail/mailman/distinfo |  10 +++++-----
 3 files changed, 13 insertions(+), 12 deletions(-)

diffs (66 lines):

diff -r f14e9c476068 -r 511600a5b8fc mail/mailman/Makefile
--- a/mail/mailman/Makefile     Fri May 15 16:57:50 2020 +0000
+++ b/mail/mailman/Makefile     Fri May 15 16:57:56 2020 +0000
@@ -1,14 +1,13 @@
-# $NetBSD: Makefile,v 1.90 2020/01/26 17:31:35 rillig Exp $
+# $NetBSD: Makefile,v 1.90.2.1 2020/05/15 16:57:56 bsiegert Exp $
 
-DISTNAME=      mailman-2.1.29
-PKGNAME=       mailman-2.1.29
-PKGREVISION=   1
+DISTNAME=      mailman-2.1.33
+PKGNAME=       mailman-2.1.33
 CATEGORIES=    mail www
-MASTER_SITES=  https://launchpad.net/mailman/2.1/2.1.29/+download/
+MASTER_SITES=  https://launchpad.net/mailman/2.1/2.1.33/+download/
 EXTRACT_SUFX=  .tgz
 
 MAINTAINER=    pkgsrc-users%NetBSD.org@localhost
-HOMEPAGE=      https://www.list.org/
+HOMEPAGE=      http://www.list.org/
 COMMENT=       The GNU Mailing List Manager
 LICENSE=       gnu-gpl-v2
 
diff -r f14e9c476068 -r 511600a5b8fc mail/mailman/PLIST
--- a/mail/mailman/PLIST        Fri May 15 16:57:50 2020 +0000
+++ b/mail/mailman/PLIST        Fri May 15 16:57:56 2020 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.28 2019/03/25 01:52:02 jklos Exp $
+@comment $NetBSD: PLIST,v 1.28.8.1 2020/05/15 16:57:56 bsiegert Exp $
 lib/mailman/Mailman/Archiver/Archiver.py
 lib/mailman/Mailman/Archiver/Archiver.pyc
 lib/mailman/Mailman/Archiver/HyperArch.py
@@ -2164,6 +2164,7 @@
 lib/mailman/tests/bounces/dsn_15.txt
 lib/mailman/tests/bounces/dsn_16.txt
 lib/mailman/tests/bounces/dsn_17.txt
+lib/mailman/tests/bounces/dsn_18.txt
 lib/mailman/tests/bounces/dumbass_01.txt
 lib/mailman/tests/bounces/exim_01.txt
 lib/mailman/tests/bounces/groupwise_01.txt
@@ -2250,6 +2251,7 @@
 lib/mailman/tests/bounces/yahoo_09.txt
 lib/mailman/tests/bounces/yahoo_10.txt
 lib/mailman/tests/bounces/yahoo_11.txt
+lib/mailman/tests/bounces/yahoo_12.txt
 lib/mailman/tests/bounces/yale_01.txt
 lib/mailman/tests/fblast.py
 lib/mailman/tests/msgs/bad_01.txt
diff -r f14e9c476068 -r 511600a5b8fc mail/mailman/distinfo
--- a/mail/mailman/distinfo     Fri May 15 16:57:50 2020 +0000
+++ b/mail/mailman/distinfo     Fri May 15 16:57:56 2020 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.26 2019/03/25 01:52:02 jklos Exp $
+$NetBSD: distinfo,v 1.26.8.1 2020/05/15 16:57:56 bsiegert Exp $
 
-SHA1 (mailman-2.1.29.tgz) = 40fe97974a6f0805a01d55c6944565f238778238
-RMD160 (mailman-2.1.29.tgz) = d3ea74a88214a81563a1b5f52166f7352136777d
-SHA512 (mailman-2.1.29.tgz) = ed25179a4580092629890664c5502908b20e326c2ed06ad4e597fb4e8de84076c369ecd7a272be5ed8a1cb4479413d0e004d87804de763ee850e4d04d9a83376
-Size (mailman-2.1.29.tgz) = 9376258 bytes
+SHA1 (mailman-2.1.33.tgz) = a60a2b422653d07ad6306dd10081c491b82b9616
+RMD160 (mailman-2.1.33.tgz) = b1c68bd67f99987cb276ff201ae982ebc48878ab
+SHA512 (mailman-2.1.33.tgz) = 1e7bb58a9d38e5171f682563abb0b23fcb0a7423e0e7fa883326815ada37ffa8074845ea70fad4ea29fa098a6e7203e259caf57532e09a0f7c05120f89dd83a9
+Size (mailman-2.1.33.tgz) = 9412979 bytes
 SHA1 (patch-aa) = 9684b1caeb52f31ee6967eae3f9a464de214879e
 SHA1 (patch-ab) = 39f6294e53110bd1fd09b1e90ab46820f4d48e3f
 SHA1 (patch-ad) = 665884b9dd1789e4abd430c762bdbfd707d48d30
Prev by Date: [pkgsrc/pkgsrc-2020Q1]: pkgsrc/lang Pullup ticket #6200 - requested by taca
Next by Date: [pkgsrc/pkgsrc-2020Q1]: pkgsrc/doc Pullup tickets up to #6201
Previous by Thread: [pkgsrc/pkgsrc-2020Q1]: pkgsrc/lang Pullup ticket #6200 - requested by taca
Next by Thread: [pkgsrc/pkgsrc-2020Q1]: pkgsrc/doc Pullup tickets up to #6201
Indexes:
Home | Main Index | Thread Index | Old Index