diff options
| author | tron <tron> | 2010-09-25 10:02:51 +0000 |
|---|---|---|
| committer | tron <tron> | 2010-09-25 10:02:51 +0000 |
| commit | 420fff3b88caaa7b982d283193b84ef1a4fd1490 (patch) | |
| tree | ea9478ce5ac6d993af235d62fae377bfe126e95e | |
| parent | bf292cda75d129fdb182ad8843ef562bba7e85a8 (diff) | |
| download | pkgsrc-420fff3b88caaa7b982d283193b84ef1a4fd1490.tar.gz | |
Pullup ticket #3229 - requested by taca
mail/mailman: security patch
Revisions pulled up:
- mail/mailman/Makefile 1.62
- mail/mailman/distinfo 1.19
- mail/mailman/patches/patch-ak 1.1
- mail/mailman/patches/patch-al 1.1
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Sep 24 23:24:31 UTC 2010
Modified Files:
pkgsrc/mail/mailman: Makefile distinfo
Added Files:
pkgsrc/mail/mailman/patches: patch-ak patch-al
Log Message:
Add patches to fix XSS (CVE-2010-3089).
Bump PKGREVISION.
| -rw-r--r-- | mail/mailman/Makefile | 4 | ||||
| -rw-r--r-- | mail/mailman/distinfo | 4 | ||||
| -rw-r--r-- | mail/mailman/patches/patch-ak | 15 | ||||
| -rw-r--r-- | mail/mailman/patches/patch-al | 14 |
4 files changed, 34 insertions, 3 deletions
diff --git a/mail/mailman/Makefile b/mail/mailman/Makefile index fdaf3a8d0e5..8a3343b780e 100644 --- a/mail/mailman/Makefile +++ b/mail/mailman/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.60.4.1 2010/07/04 07:20:40 agc Exp $ +# $NetBSD: Makefile,v 1.60.4.2 2010/09/25 10:02:51 tron Exp $ DISTNAME= mailman-2.1.12 -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= mail www MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=mailman/} EXTRACT_SUFX= .tgz diff --git a/mail/mailman/distinfo b/mail/mailman/distinfo index e5d162158b9..2185610b905 100644 --- a/mail/mailman/distinfo +++ b/mail/mailman/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.17.10.1 2010/07/04 07:20:40 agc Exp $ +$NetBSD: distinfo,v 1.17.10.2 2010/09/25 10:02:51 tron Exp $ SHA1 (mailman-2.1.12.tgz) = 6d6281f7ce322e271f0259321f4d8931ff46e6ae RMD160 (mailman-2.1.12.tgz) = 94d8d132bb37180bf4c02ccd2a5fb3862ce13b94 @@ -10,3 +10,5 @@ SHA1 (patch-ae) = 6c17de398014217be8f1c7a3b3a6f8d379fc0fb2 SHA1 (patch-af) = 985a619a055151d998cefd0c1b7280a0d55f889e SHA1 (patch-ag) = 5fda86a90ef17a08c304ae89f0934812601d5dfc SHA1 (patch-ah) = c7cde35f787c003ace550a98d8d5e166ba2d48dc +SHA1 (patch-ak) = d010a4bb1d7468ddf02ff22dbb3662a41045f8a2 +SHA1 (patch-al) = e07e6b77b4fea57683f79807ad9b9b2677e56b9e diff --git a/mail/mailman/patches/patch-ak b/mail/mailman/patches/patch-ak new file mode 100644 index 00000000000..d777e85b8ff --- /dev/null +++ b/mail/mailman/patches/patch-ak @@ -0,0 +1,15 @@ +$NetBSD: patch-ak,v 1.1.2.2 2010/09/25 10:02:52 tron Exp $ + +* Fix for CVE-2010-3089 (XSS). + +--- Mailman/Cgi/listinfo.py.orig 2009-02-23 21:23:35.000000000 +0000 ++++ Mailman/Cgi/listinfo.py +@@ -93,7 +93,7 @@ def listinfo_overview(msg=''): + else: + advertised.append((mlist.GetScriptURL('listinfo'), + mlist.real_name, +- mlist.description)) ++ Utils.websafe(mlist.description))) + if msg: + greeting = FontAttr(msg, color="ff5060", size="+1") + else: diff --git a/mail/mailman/patches/patch-al b/mail/mailman/patches/patch-al new file mode 100644 index 00000000000..13f1e610127 --- /dev/null +++ b/mail/mailman/patches/patch-al @@ -0,0 +1,14 @@ +$NetBSD: patch-al,v 1.1.2.2 2010/09/25 10:02:52 tron Exp $ + +* Fix for CVE-2010-3089 (XSS). + +--- Mailman/Utils.py.orig 2009-02-23 21:23:35.000000000 +0000 ++++ Mailman/Utils.py +@@ -908,6 +908,7 @@ _badwords = [ + # Kludge to allow the specific tag that's in the options.html template. + '<link(?! rel="SHORTCUT ICON" href="<mm-favicon>">)', + '<meta', ++ '<object', + '<script', + r'(?:^|\W)j(?:ava)?script(?:\W|$)', + r'(?:^|\W)vbs(?:cript)?(?:\W|$)', |