Pullup ticket 1819 - requested by bouyer

security update for mailman Revisions pulled up: - pkgsrc/mail/mailman/Makefile 1.45 - pkgsrc/mail/mailman/PLIST 1.12 - pkgsrc/mail/mailman/distinfo 1.13 Module Name: pkgsrc Committed By: bouyer Date: Sat Sep 9 23:20:11 UTC 2006 Modified Files: pkgsrc/mail/mailman: Makefile PLIST distinfo Log Message: Update to 2.1.9rc1, fixes security issues. Security - A malicious user could visit a specially crafted URI and inject an apparent log message into Mailman's error log which might induce an unsuspecting administrator to visit a phishing site. This has been blocked. Thanks to Moritz Naumann for its discovery. - Fixed denial of service attack which can be caused by some standards-breaking RFC 2231 formatted headers. CVE-2006-2941. - Several cross-site scripting issues have been fixed. Thanks to Moritz Naumann for their discovery. CVE-2006-3636 Internationalization - New languages: Arabic, Vietnamese. Bug fixes and other patches - Fixed Decorate.py so that characters in message header/footer which are not in the character set of the list's language are ignored rather than causing shunted messages (1507248). - Switchboard.py - Closed very tiny holes at the upper ends of queue slices that could result in unprocessable queue entries. Improved FIFO processing when two queue entries have the same timestamp.
author: ghen <ghen@pkgsrc.org> 2006-09-11 09:26:08 +0000
committer: ghen <ghen@pkgsrc.org> 2006-09-11 09:26:08 +0000
commit: 57f734bda55da80af5e99e88571b1a3b6dae569f (patch)
tree: 148e2cc8bafd4a7e4bf1b593ad6094a83a2c4366
parent: 097f00bfdbd3abca1ba7858944ecd4dc489ee3d8 (diff)
download: pkgsrc-57f734bda55da80af5e99e88571b1a3b6dae569f.tar.gz
3 files changed, 116 insertions, 8 deletions
diff --git a/mail/mailman/Makefile b/mail/mailman/Makefile
index 541d27e6800..537f2641628 100644
--- a/mail/mailman/Makefile
+++ b/mail/mailman/Makefile
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.44 2006/06/15 22:13:59 jlam Exp $
+# $NetBSD: Makefile,v 1.44.2.1 2006/09/11 09:26:08 ghen Exp $
 
-DISTNAME=	mailman-2.1.8
+DISTNAME=	mailman-2.1.9rc1
 CATEGORIES=	mail www
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE:=mailman/}
 EXTRACT_SUFX=	.tgz
@@ -64,9 +64,9 @@ DEINSTALL_TEMPLATES+=	${FILESDIR}/DEINSTALL
 PYTHON_VERSIONS_ACCEPTED= 24 23 22 21
 PYTHON_PATCH_SCRIPTS+=	Mailman/Archiver/pipermail.py
 PYTHON_PATCH_SCRIPTS+=	Mailman/Post.py
-PYTHON_PATCH_SCRIPTS+=	admin/bin/Release.py
 PYTHON_PATCH_SCRIPTS+=	admin/bin/faq2ht.py
 PYTHON_PATCH_SCRIPTS+=	admin/bin/mm2do
+PYTHON_PATCH_SCRIPTS+=	admin/www/reset_pw.py
 PYTHON_PATCH_SCRIPTS+=	bin/msgfmt.py
 
 CONFIGURE_ARGS+=	--with-cgi-gid=${MAILMAN_CGIGROUP:Q}
diff --git a/mail/mailman/PLIST b/mail/mailman/PLIST
index ea8977f1e78..c6a9c38fbfd 100644
--- a/mail/mailman/PLIST
+++ b/mail/mailman/PLIST
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.11 2006/05/10 13:18:21 joerg Exp $
+@comment $NetBSD: PLIST,v 1.11.2.1 2006/09/11 09:26:08 ghen Exp $
 lib/mailman/Mailman/Archiver/Archiver.py
 lib/mailman/Mailman/Archiver/Archiver.pyc
 lib/mailman/Mailman/Archiver/HyperArch.py
@@ -359,6 +359,8 @@ lib/mailman/icons/mailman-large.jpg
 lib/mailman/icons/mailman.jpg
 lib/mailman/icons/mm-icon.png
 lib/mailman/mail/mailman
+lib/mailman/messages/ar/LC_MESSAGES/mailman.po
+lib/mailman/messages/ar/LC_MESSAGES/mailman.mo
 lib/mailman/messages/ca/LC_MESSAGES/mailman.mo
 lib/mailman/messages/ca/LC_MESSAGES/mailman.po
 lib/mailman/messages/cs/LC_MESSAGES/mailman.mo
@@ -427,6 +429,8 @@ lib/mailman/messages/tr/LC_MESSAGES/mailman.mo
 lib/mailman/messages/tr/LC_MESSAGES/mailman.po
 lib/mailman/messages/uk/LC_MESSAGES/mailman.mo
 lib/mailman/messages/uk/LC_MESSAGES/mailman.po
+lib/mailman/messages/vi/LC_MESSAGES/mailman.po
+lib/mailman/messages/vi/LC_MESSAGES/mailman.mo
 lib/mailman/messages/zh_CN/LC_MESSAGES/mailman.po
 lib/mailman/messages/zh_CN/LC_MESSAGES/mailman.mo
 lib/mailman/messages/zh_TW/LC_MESSAGES/mailman.po
@@ -611,6 +615,50 @@ lib/mailman/scripts/request
 lib/mailman/scripts/subscribe
 lib/mailman/scripts/unsubscribe
 lib/mailman/support/sitelist.cfg
+lib/mailman/templates/ar/admindbdetails.html
+lib/mailman/templates/ar/admindbpreamble.html
+lib/mailman/templates/ar/admindbsummary.html
+lib/mailman/templates/ar/admlogin.html
+lib/mailman/templates/ar/archidxentry.html
+lib/mailman/templates/ar/archidxfoot.html
+lib/mailman/templates/ar/archidxhead.html
+lib/mailman/templates/ar/archlistend.html
+lib/mailman/templates/ar/archliststart.html
+lib/mailman/templates/ar/archtoc.html
+lib/mailman/templates/ar/archtocentry.html
+lib/mailman/templates/ar/archtocnombox.html
+lib/mailman/templates/ar/article.html
+lib/mailman/templates/ar/emptyarchive.html
+lib/mailman/templates/ar/headfoot.html
+lib/mailman/templates/ar/listinfo.html
+lib/mailman/templates/ar/options.html
+lib/mailman/templates/ar/private.html
+lib/mailman/templates/ar/roster.html
+lib/mailman/templates/ar/subscribe.html
+lib/mailman/templates/ar/adminsubscribeack.txt
+lib/mailman/templates/ar/adminunsubscribeack.txt
+lib/mailman/templates/ar/approve.txt
+lib/mailman/templates/ar/bounce.txt
+lib/mailman/templates/ar/checkdbs.txt
+lib/mailman/templates/ar/convert.txt
+lib/mailman/templates/ar/cronpass.txt
+lib/mailman/templates/ar/disabled.txt
+lib/mailman/templates/ar/help.txt
+lib/mailman/templates/ar/invite.txt
+lib/mailman/templates/ar/masthead.txt
+lib/mailman/templates/ar/newlist.txt
+lib/mailman/templates/ar/nomoretoday.txt
+lib/mailman/templates/ar/postack.txt
+lib/mailman/templates/ar/postauth.txt
+lib/mailman/templates/ar/postheld.txt
+lib/mailman/templates/ar/probe.txt
+lib/mailman/templates/ar/refuse.txt
+lib/mailman/templates/ar/subauth.txt
+lib/mailman/templates/ar/subscribeack.txt
+lib/mailman/templates/ar/unsub.txt
+lib/mailman/templates/ar/unsubauth.txt
+lib/mailman/templates/ar/userpass.txt
+lib/mailman/templates/ar/verify.txt
 lib/mailman/templates/ca/admindbdetails.html
 lib/mailman/templates/ca/admindbpreamble.html
 lib/mailman/templates/ca/admindbsummary.html
@@ -1302,6 +1350,14 @@ lib/mailman/templates/nl/adminsubscribeack.txt
 lib/mailman/templates/nl/adminunsubscribeack.txt
 lib/mailman/templates/nl/admlogin.html
 lib/mailman/templates/nl/approve.txt
+lib/mailman/templates/nl/archidxentry.html
+lib/mailman/templates/nl/archidxfoot.html
+lib/mailman/templates/nl/archidxhead.html
+lib/mailman/templates/nl/archlistend.html
+lib/mailman/templates/nl/archliststart.html
+lib/mailman/templates/nl/archtoc.html
+lib/mailman/templates/nl/archtocentry.html
+lib/mailman/templates/nl/archtocnombox.html
 lib/mailman/templates/nl/article.html
 lib/mailman/templates/nl/bounce.txt
 lib/mailman/templates/nl/checkdbs.txt
@@ -1315,11 +1371,13 @@ lib/mailman/templates/nl/invite.txt
 lib/mailman/templates/nl/listinfo.html
 lib/mailman/templates/nl/masthead.txt
 lib/mailman/templates/nl/newlist.txt
+lib/mailman/templates/nl/nomoretoday.txt
 lib/mailman/templates/nl/options.html
 lib/mailman/templates/nl/postack.txt
 lib/mailman/templates/nl/postauth.txt
 lib/mailman/templates/nl/postheld.txt
 lib/mailman/templates/nl/private.html
+lib/mailman/templates/nl/probe.txt
 lib/mailman/templates/nl/refuse.txt
 lib/mailman/templates/nl/roster.html
 lib/mailman/templates/nl/subauth.txt
@@ -1791,6 +1849,50 @@ lib/mailman/templates/uk/unsub.txt
 lib/mailman/templates/uk/unsubauth.txt
 lib/mailman/templates/uk/userpass.txt
 lib/mailman/templates/uk/verify.txt
+lib/mailman/templates/vi/admindbdetails.html
+lib/mailman/templates/vi/admindbpreamble.html
+lib/mailman/templates/vi/admindbsummary.html
+lib/mailman/templates/vi/admlogin.html
+lib/mailman/templates/vi/archidxentry.html
+lib/mailman/templates/vi/archidxfoot.html
+lib/mailman/templates/vi/archidxhead.html
+lib/mailman/templates/vi/archlistend.html
+lib/mailman/templates/vi/archliststart.html
+lib/mailman/templates/vi/archtoc.html
+lib/mailman/templates/vi/archtocentry.html
+lib/mailman/templates/vi/archtocnombox.html
+lib/mailman/templates/vi/article.html
+lib/mailman/templates/vi/emptyarchive.html
+lib/mailman/templates/vi/headfoot.html
+lib/mailman/templates/vi/listinfo.html
+lib/mailman/templates/vi/options.html
+lib/mailman/templates/vi/private.html
+lib/mailman/templates/vi/roster.html
+lib/mailman/templates/vi/subscribe.html
+lib/mailman/templates/vi/adminsubscribeack.txt
+lib/mailman/templates/vi/adminunsubscribeack.txt
+lib/mailman/templates/vi/approve.txt
+lib/mailman/templates/vi/bounce.txt
+lib/mailman/templates/vi/checkdbs.txt
+lib/mailman/templates/vi/convert.txt
+lib/mailman/templates/vi/cronpass.txt
+lib/mailman/templates/vi/disabled.txt
+lib/mailman/templates/vi/help.txt
+lib/mailman/templates/vi/invite.txt
+lib/mailman/templates/vi/masthead.txt
+lib/mailman/templates/vi/newlist.txt
+lib/mailman/templates/vi/nomoretoday.txt
+lib/mailman/templates/vi/postack.txt
+lib/mailman/templates/vi/postauth.txt
+lib/mailman/templates/vi/postheld.txt
+lib/mailman/templates/vi/probe.txt
+lib/mailman/templates/vi/refuse.txt
+lib/mailman/templates/vi/subauth.txt
+lib/mailman/templates/vi/subscribeack.txt
+lib/mailman/templates/vi/unsub.txt
+lib/mailman/templates/vi/unsubauth.txt
+lib/mailman/templates/vi/userpass.txt
+lib/mailman/templates/vi/verify.txt
 lib/mailman/templates/zh_CN/admindbdetails.html
 lib/mailman/templates/zh_CN/admindbpreamble.html
 lib/mailman/templates/zh_CN/admindbsummary.html
@@ -1979,6 +2081,7 @@ share/examples/rc.d/mailman
 @dirrm lib/mailman/tests
 @dirrm lib/mailman/templates/zh_TW
 @dirrm lib/mailman/templates/zh_CN
+@dirrm lib/mailman/templates/vi
 @dirrm lib/mailman/templates/uk
 @dirrm lib/mailman/templates/tr
 @dirrm lib/mailman/templates/sv
@@ -2008,6 +2111,7 @@ share/examples/rc.d/mailman
 @dirrm lib/mailman/templates/da
 @dirrm lib/mailman/templates/cs
 @dirrm lib/mailman/templates/ca
+@dirrm lib/mailman/templates/ar
 @dirrm lib/mailman/templates
 @dirrm lib/mailman/support
 @dirrm lib/mailman/scripts
@@ -2029,6 +2133,8 @@ share/examples/rc.d/mailman
 @dirrm lib/mailman/messages/zh_TW
 @dirrm lib/mailman/messages/zh_CN/LC_MESSAGES
 @dirrm lib/mailman/messages/zh_CN
+@dirrm lib/mailman/messages/vi/LC_MESSAGES
+@dirrm lib/mailman/messages/vi
 @dirrm lib/mailman/messages/uk/LC_MESSAGES
 @dirrm lib/mailman/messages/uk
 @dirrm lib/mailman/messages/tr/LC_MESSAGES
@@ -2085,6 +2191,8 @@ share/examples/rc.d/mailman
 @dirrm lib/mailman/messages/cs
 @dirrm lib/mailman/messages/ca/LC_MESSAGES
 @dirrm lib/mailman/messages/ca
+@dirrm lib/mailman/messages/ar/LC_MESSAGES
+@dirrm lib/mailman/messages/ar
 @dirrm lib/mailman/messages
 @dirrm lib/mailman/mail
 @dirrm lib/mailman/icons
diff --git a/mail/mailman/distinfo b/mail/mailman/distinfo
index 8e3a5339417..b1ede2c4f46 100644
--- a/mail/mailman/distinfo
+++ b/mail/mailman/distinfo
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.12 2006/06/14 14:31:35 tv Exp $
+$NetBSD: distinfo,v 1.12.2.1 2006/09/11 09:26:09 ghen Exp $
 
-SHA1 (mailman-2.1.8.tgz) = 4ff71bc2a02f9ac06dada71d4c5b3208c0959aa2
-RMD160 (mailman-2.1.8.tgz) = ee697e25b3c9407fa032d482dc4b597b281367fa
-Size (mailman-2.1.8.tgz) = 6856039 bytes
+SHA1 (mailman-2.1.9rc1.tgz) = 4370a107991d88b497dfa6722b97945274718f7f
+RMD160 (mailman-2.1.9rc1.tgz) = c8f6d61fbb500ec073049c5951d3482ed91cbb44
+Size (mailman-2.1.9rc1.tgz) = 7851444 bytes
 SHA1 (patch-aa) = f0bc550b28794008ea840a88a5b0053578f3ae0f
 SHA1 (patch-ab) = 39f6294e53110bd1fd09b1e90ab46820f4d48e3f
 SHA1 (patch-ad) = 665884b9dd1789e4abd430c762bdbfd707d48d30
author	ghen <ghen@pkgsrc.org>	2006-09-11 09:26:08 +0000
committer	ghen <ghen@pkgsrc.org>	2006-09-11 09:26:08 +0000
commit	57f734bda55da80af5e99e88571b1a3b6dae569f (patch)
tree	148e2cc8bafd4a7e4bf1b593ad6094a83a2c4366
parent	097f00bfdbd3abca1ba7858944ecd4dc489ee3d8 (diff)
download	pkgsrc-57f734bda55da80af5e99e88571b1a3b6dae569f.tar.gz