From e5018479812ecda95fc25df4f154cc18a26f26f6 Mon Sep 17 00:00:00 2001 From: bouyer Date: Thu, 8 Dec 2005 21:09:04 +0000 Subject: Apply patch (from debian via Kimmo Suominen) to address http://secunia.com/advisories/17511/ (denial of service). --- mail/mailman/Makefile | 3 ++- mail/mailman/distinfo | 3 ++- mail/mailman/patches/patch-ac | 56 +++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 60 insertions(+), 2 deletions(-) create mode 100644 mail/mailman/patches/patch-ac (limited to 'mail') diff --git a/mail/mailman/Makefile b/mail/mailman/Makefile index d45d84e0769..2efae54c40a 100644 --- a/mail/mailman/Makefile +++ b/mail/mailman/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.26 2005/12/05 23:55:11 rillig Exp $ +# $NetBSD: Makefile,v 1.27 2005/12/08 21:09:04 bouyer Exp $ DISTNAME= mailman-2.1.6 +PKGREVISION= 1 CATEGORIES= mail www MASTER_SITES= http://www.list.org/ \ ${MASTER_SITE_GNU:=mailman/} diff --git a/mail/mailman/distinfo b/mail/mailman/distinfo index 0bf55c25ea0..b9b11c6e421 100644 --- a/mail/mailman/distinfo +++ b/mail/mailman/distinfo @@ -1,10 +1,11 @@ -$NetBSD: distinfo,v 1.8 2005/06/01 23:25:07 bouyer Exp $ +$NetBSD: distinfo,v 1.9 2005/12/08 21:09:04 bouyer Exp $ SHA1 (mailman-2.1.6.tgz) = cfabc1629feba109f85e51b85c1f64e4491e7ac4 RMD160 (mailman-2.1.6.tgz) = 37107687d49d2a67e788fd51e11df5cb4b4e7929 Size (mailman-2.1.6.tgz) = 6482726 bytes SHA1 (patch-aa) = f0bc550b28794008ea840a88a5b0053578f3ae0f SHA1 (patch-ab) = 39f6294e53110bd1fd09b1e90ab46820f4d48e3f +SHA1 (patch-ac) = e539f39a747beae22b07694196092c786318698d SHA1 (patch-ad) = 665884b9dd1789e4abd430c762bdbfd707d48d30 SHA1 (patch-ae) = 6c17de398014217be8f1c7a3b3a6f8d379fc0fb2 SHA1 (patch-af) = 985a619a055151d998cefd0c1b7280a0d55f889e diff --git a/mail/mailman/patches/patch-ac b/mail/mailman/patches/patch-ac new file mode 100644 index 00000000000..89e3a81148e --- /dev/null +++ b/mail/mailman/patches/patch-ac @@ -0,0 +1,56 @@ +$NetBSD: patch-ac,v 1.5 2005/12/08 21:09:04 bouyer Exp $ + +Fix for http://secunia.com/advisories/17511/ adapted from +http://ftp.debian.org/debian/pool/main/m/mailman/mailman_2.1.5-10.diff.gz + +--- Mailman/Handlers/Scrubber.py.orig 2005-05-22 22:55:08.000000000 +0300 ++++ Mailman/Handlers/Scrubber.py 2005-12-05 12:58:43.000000000 +0200 +@@ -195,7 +195,10 @@ def process(mlist, msg, msgdata=None): + url = save_attachment(mlist, part, dir) + finally: + os.umask(omask) +- filename = part.get_filename(_('not available')) ++ try: ++ filename = part.get_filename(_('not available')) ++ except UnicodeDecodeError: ++ filename = _('not available') + filename = Utils.oneline(filename, lcset) + del part['content-type'] + del part['content-transfer-encoding'] +@@ -300,7 +303,10 @@ Url: %(url)s + finally: + os.umask(omask) + desc = part.get('content-description', _('not available')) +- filename = part.get_filename(_('not available')) ++ try: ++ filename = part.get_filename(_('not available')) ++ except UnicodeDecodeError: ++ filename = _('not available') + filename = Utils.oneline(filename, lcset) + del part['content-type'] + del part['content-transfer-encoding'] +@@ -408,7 +414,11 @@ def save_attachment(mlist, msg, dir, fil + ctype = msg.get_content_type() + # i18n file name is encoded + lcset = Utils.GetCharSet(mlist.preferred_language) +- filename = Utils.oneline(msg.get_filename(''), lcset) ++ try: ++ filename = msg.get_filename('') ++ except UnicodeDecodeError: ++ filename = '' ++ filename = Utils.oneline(filename, lcset) + fnext = os.path.splitext(filename)[1] + # For safety, we should confirm this is valid ext for content-type + # but we can use fnext if we introduce fnext filtering +@@ -434,7 +444,10 @@ def save_attachment(mlist, msg, dir, fil + try: + # Now base the filename on what's in the attachment, uniquifying it if + # necessary. +- filename = msg.get_filename() ++ try: ++ filename = msg.get_filename() ++ except UnicodeDecodeError: ++ filename = None + if not filename or mm_cfg.SCRUBBER_DONT_USE_ATTACHMENT_FILENAME: + filebase = 'attachment' + else: -- cgit v1.2.3