diff options
author | tron <tron@pkgsrc.org> | 2008-12-29 11:33:05 +0000 |
---|---|---|
committer | tron <tron@pkgsrc.org> | 2008-12-29 11:33:05 +0000 |
commit | 81243163cd24bffa61bdad514569ae89ea85e37a (patch) | |
tree | ba33222c1fc90b6fb3d53d1d1041bfcdd85765aa | |
parent | 502dab4a642a00732aa20350f6d1b9f9fb8ead41 (diff) | |
download | pkgsrc-81243163cd24bffa61bdad514569ae89ea85e37a.tar.gz |
Pullup ticket #2617 - requested by bouyer
sympa: security update
Revisions pulled up:
- mail/sympa/Makefile 1.38 (via patch)
- mail/sympa/PLIST 1.7 (via patch)
- mail/sympa/distinfo 1.11 (via patch)
---
Module Name: pkgsrc
Committed By: bouyer
Date: Sat Dec 20 19:02:12 UTC 2008
Modified Files:
pkgsrc/mail/sympa: Makefile PLIST distinfo
Log Message:
Update sympa to 5.4.4. Bug fixes (including SQL injestion and privilege
escalation vulnerabilities) and updated translations:
* Sympa was not fully compliant to the RFC 2616, leading for example
to possible unwanted list deletion by administrators using prefetching
tools. This was fixed by replacing all the threatening GET requests
by POST requests;
* Use of sprint() function for creating SQL queries lead to possible
SQL injection through cookie manipulation;
* The use of files in /tmp lead to vulnerabilities.
-rw-r--r-- | mail/sympa/Makefile | 6 | ||||
-rw-r--r-- | mail/sympa/PLIST | 5 | ||||
-rw-r--r-- | mail/sympa/distinfo | 8 |
3 files changed, 10 insertions, 9 deletions
diff --git a/mail/sympa/Makefile b/mail/sympa/Makefile index 0cfc8d8ced4..cc75a7af5b2 100644 --- a/mail/sympa/Makefile +++ b/mail/sympa/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.32.8.1 2008/12/01 07:53:20 rtr Exp $ +# $NetBSD: Makefile,v 1.32.8.2 2008/12/29 11:33:05 tron Exp $ # -DISTNAME= sympa-5.4.2 +DISTNAME= sympa-5.4.4 CATEGORIES= mail MASTER_SITES= http://www.sympa.org/distribution/ \ http://www.sympa.org/distribution/old/ @@ -37,7 +37,7 @@ DEPENDS.SunOS+= p5-DB_File>=1.75:../../databases/p5-DB_File OPSYSVARS+= DEPENDS -USE_TOOLS+= gmake +USE_TOOLS+= gmake msgfmt GNU_CONFIGURE= YES CONFIGURE_ARGS+= --with-confdir=${PKG_SYSCONFDIR:Q} diff --git a/mail/sympa/PLIST b/mail/sympa/PLIST index f08c17c8db7..db1de27138a 100644 --- a/mail/sympa/PLIST +++ b/mail/sympa/PLIST @@ -1,10 +1,9 @@ -@comment $NetBSD: PLIST,v 1.5 2008/04/27 17:06:40 bouyer Exp $ +@comment $NetBSD: PLIST,v 1.5.8.1 2008/12/29 11:33:05 tron Exp $ man/man8/alias_manager.8 man/man8/archived.8 man/man8/bounced.8 man/man8/sympa.8 share/doc/sympa/NEWS -share/doc/sympa/sympa.pdf share/examples/sympa/README share/examples/sympa/employees.ldap share/examples/sympa/robot.conf @@ -470,3 +469,5 @@ sympa/static_content/icons/unknown.png @dirrm share/doc/sympa @dirrm share/examples/sympa/sample-list @dirrm share/examples/sympa + + diff --git a/mail/sympa/distinfo b/mail/sympa/distinfo index 55e0dcb910d..fdf28f6b8c3 100644 --- a/mail/sympa/distinfo +++ b/mail/sympa/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.9 2008/04/27 17:06:40 bouyer Exp $ +$NetBSD: distinfo,v 1.9.8.1 2008/12/29 11:33:05 tron Exp $ -SHA1 (sympa-5.4.2.tar.gz) = 80b3de57b1809049f9a6772a0ca153c5eafef282 -RMD160 (sympa-5.4.2.tar.gz) = 7e9525e469d2611553418e6664a784067661eeb1 -Size (sympa-5.4.2.tar.gz) = 5513067 bytes +SHA1 (sympa-5.4.4.tar.gz) = 673d3a031ef2718ed234ce0814ad1d0083883919 +RMD160 (sympa-5.4.4.tar.gz) = fb0b61ac3a56981ac7f44a1863504be937e4f4b5 +Size (sympa-5.4.4.tar.gz) = 6523229 bytes SHA1 (patch-aa) = 8db2096214d667d5bada0ffb97994be9e0891547 SHA1 (patch-ab) = 404ce642a733ef7922f58613c56f449f75641a9a SHA1 (patch-ac) = 77802bab188da024c18810c07bf62064b28e3af1 |