diff options
| author | taca <taca> | 2010-09-24 23:24:30 +0000 |
|---|---|---|
| committer | taca <taca> | 2010-09-24 23:24:30 +0000 |
| commit | dc3f7af4af61bc0ac2ee7ee0814cf0e037c9693b (patch) | |
| tree | 66a44400a33e5749ca45856316eac25e3afdc2c4 | |
| parent | 236cc007b9832aea214be8ea08ded80759821a0f (diff) | |
| download | pkgsrc-dc3f7af4af61bc0ac2ee7ee0814cf0e037c9693b.tar.gz | |
Add patches to fix XSS (CVE-2010-3089).
Bump PKGREVISION.
| -rw-r--r-- | mail/mailman/Makefile | 4 | ||||
| -rw-r--r-- | mail/mailman/distinfo | 4 | ||||
| -rw-r--r-- | mail/mailman/patches/patch-ak | 15 | ||||
| -rw-r--r-- | mail/mailman/patches/patch-al | 14 |
4 files changed, 34 insertions, 3 deletions
diff --git a/mail/mailman/Makefile b/mail/mailman/Makefile index 4330e8e2882..68ce16de7bd 100644 --- a/mail/mailman/Makefile +++ b/mail/mailman/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.61 2010/06/28 09:29:40 joerg Exp $ +# $NetBSD: Makefile,v 1.62 2010/09/24 23:24:30 taca Exp $ DISTNAME= mailman-2.1.12 -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= mail www MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=mailman/} EXTRACT_SUFX= .tgz diff --git a/mail/mailman/distinfo b/mail/mailman/distinfo index e26271bf381..d3777f2e6b6 100644 --- a/mail/mailman/distinfo +++ b/mail/mailman/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.18 2010/06/28 09:29:40 joerg Exp $ +$NetBSD: distinfo,v 1.19 2010/09/24 23:24:30 taca Exp $ SHA1 (mailman-2.1.12.tgz) = 6d6281f7ce322e271f0259321f4d8931ff46e6ae RMD160 (mailman-2.1.12.tgz) = 94d8d132bb37180bf4c02ccd2a5fb3862ce13b94 @@ -10,3 +10,5 @@ SHA1 (patch-ae) = 6c17de398014217be8f1c7a3b3a6f8d379fc0fb2 SHA1 (patch-af) = 985a619a055151d998cefd0c1b7280a0d55f889e SHA1 (patch-ag) = 5fda86a90ef17a08c304ae89f0934812601d5dfc SHA1 (patch-ah) = c7cde35f787c003ace550a98d8d5e166ba2d48dc +SHA1 (patch-ak) = d010a4bb1d7468ddf02ff22dbb3662a41045f8a2 +SHA1 (patch-al) = e07e6b77b4fea57683f79807ad9b9b2677e56b9e diff --git a/mail/mailman/patches/patch-ak b/mail/mailman/patches/patch-ak new file mode 100644 index 00000000000..2821e77a31c --- /dev/null +++ b/mail/mailman/patches/patch-ak @@ -0,0 +1,15 @@ +$NetBSD: patch-ak,v 1.1 2010/09/24 23:24:31 taca Exp $ + +* Fix for CVE-2010-3089 (XSS). + +--- Mailman/Cgi/listinfo.py.orig 2009-02-23 21:23:35.000000000 +0000 ++++ Mailman/Cgi/listinfo.py +@@ -93,7 +93,7 @@ def listinfo_overview(msg=''): + else: + advertised.append((mlist.GetScriptURL('listinfo'), + mlist.real_name, +- mlist.description)) ++ Utils.websafe(mlist.description))) + if msg: + greeting = FontAttr(msg, color="ff5060", size="+1") + else: diff --git a/mail/mailman/patches/patch-al b/mail/mailman/patches/patch-al new file mode 100644 index 00000000000..45e9dc10a3f --- /dev/null +++ b/mail/mailman/patches/patch-al @@ -0,0 +1,14 @@ +$NetBSD: patch-al,v 1.1 2010/09/24 23:24:31 taca Exp $ + +* Fix for CVE-2010-3089 (XSS). + +--- Mailman/Utils.py.orig 2009-02-23 21:23:35.000000000 +0000 ++++ Mailman/Utils.py +@@ -908,6 +908,7 @@ _badwords = [ + # Kludge to allow the specific tag that's in the options.html template. + '<link(?! rel="SHORTCUT ICON" href="<mm-favicon>">)', + '<meta', ++ '<object', + '<script', + r'(?:^|\W)j(?:ava)?script(?:\W|$)', + r'(?:^|\W)vbs(?:cript)?(?:\W|$)', |