From nobody Wed Dec 1 19:10:08 2021 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 242A718BB571; Wed, 1 Dec 2021 19:10:09 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4J47vN5pG3z3ntJ; Wed, 1 Dec 2021 19:10:08 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id A865C72E3; Wed, 1 Dec 2021 19:10:08 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 1B1JA8Ou077990; Wed, 1 Dec 2021 19:10:08 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 1B1JA8v9077987; Wed, 1 Dec 2021 19:10:08 GMT (envelope-from git) Date: Wed, 1 Dec 2021 19:10:08 GMT Message-Id: <202112011910.1B1JA8v9077987@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Matthias Andree Subject: git: 87f0f372e4b8 - main - mail/mailman: 2.1.38 security fixing CSRF vuln List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-main@freebsd.org X-BeenThere: dev-commits-ports-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: mandree X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 87f0f372e4b844f16b8c6e7bd3bc68ecf703c17f Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1638385808; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=bW1ZGRdUmGvQJoLUD0ALfiua3SseJL+VLiqi0q492FY=; b=JboHzUQQobPc8z9hXMOahd369p73aSBfMSOStT/KSDaR2cNStcE77ly5iBgESCOWQ3LiqH 6NdZwEYh88RnR5L16DxUJ4MkTtnQIJ5WAC1vsW+YYCcr8BJeOQD0T7nC2bFc4KlXOUlVmW rO9kD1N23p101sa5OoMsZ/xsyODzmG87xJ/tT0ZozwyTw30TzXHGK6QLORbmmWXu2VYWGo w2ztLFfiEKn5A0OLC8NA5udSZ5EvS7aLXJMOWIvp4nRQjk5rAGCx1pVhQcSIN4AqDw+Llu R/PE3e0Y0ytBaNo1zYktLyRfG0XCvzehKro4Tyu22DSpC9Qbq52IiCAX3rJasA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1638385808; a=rsa-sha256; cv=none; b=cDj03YofJ1LdRmAPJgy/nNP6D7A7bdR8CkQ8Kffi9VDjYKXFbH/weu6FhuFu6c8jXy1GiV I++Cm2ejXtruK4DgzpWcb8ekHbbxXGq/e0IO6ZsviwM0TbX0UeDAaGDQdRobyMqdpCDu+/ zTwZAjasYZzqLsH3EBc19I8Fp0Qrcafm+TTPPuYlQVBiE+hUEZ0Mpr5p7etzYb+hN/mTjx 1WVas03GhFfReTYH5VZtIy4YkbcZ6skWGzq64tMQTdMN4Z9zQpoCx7nufQvKz/Y6lhwKwC RMHrFN+/L1vOmh0uUq8cTDaih2jEe1ogyer5gVXfM872QFzShJp1HrdKhPuYIg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by mandree: URL: https://cgit.FreeBSD.org/ports/commit/?id=87f0f372e4b844f16b8c6e7bd3bc68ecf703c17f commit 87f0f372e4b844f16b8c6e7bd3bc68ecf703c17f Author: Matthias Andree AuthorDate: 2021-12-01 19:06:35 +0000 Commit: Matthias Andree CommitDate: 2021-12-01 19:09:46 +0000 mail/mailman: 2.1.38 security fixing CSRF vuln While here, fix pkg-message to mention -exim4 and -postfix derived ports that override the default MTA. Security: 0d6efbe3-52d9-11ec-9472-e3667ed6088e Security: CVE-2021-44227 MFH: 2021Q4 --- mail/mailman/Makefile | 3 ++- mail/mailman/distinfo | 6 +++--- mail/mailman/files/pkg-message.in | 11 +++++++---- 3 files changed, 12 insertions(+), 8 deletions(-) diff --git a/mail/mailman/Makefile b/mail/mailman/Makefile index 8250bc733ec6..f385a3a09d7f 100644 --- a/mail/mailman/Makefile +++ b/mail/mailman/Makefile @@ -1,7 +1,8 @@ # Created by: n_hibma@qubesoft.com PORTNAME= mailman -DISTVERSION= 2.1.37 +DISTVERSION= 2.1.38 +PORTREVISION= 0 CATEGORIES= mail MASTER_SITES= GNU \ SF/${PORTNAME}/Mailman%202.1%20%28stable%29/${PORTVERSION} \ diff --git a/mail/mailman/distinfo b/mail/mailman/distinfo index b7eb6f32f810..acd4074ba3bb 100644 --- a/mail/mailman/distinfo +++ b/mail/mailman/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1636797368 -SHA256 (mailman/mailman-2.1.37.tgz) = 689ff350857728ccc4ed379ceef54b93f710af8740cabc3bfe0348173b6b3f4f -SIZE (mailman/mailman-2.1.37.tgz) = 9508379 +TIMESTAMP = 1638384323 +SHA256 (mailman/mailman-2.1.38.tgz) = ac093ec2ed3eb93b41f1e1b19d39cf41e1bdd09587979835fe154dac6777fc68 +SIZE (mailman/mailman-2.1.38.tgz) = 9508426 SHA256 (mailman/msapiro-htdig-1822.patch.xz) = fa1da6fb7c0946a6723bc2766501c222fa73c8d794566a3b6e5718a7d1840265 SIZE (mailman/msapiro-htdig-1822.patch.xz) = 50700 diff --git a/mail/mailman/files/pkg-message.in b/mail/mailman/files/pkg-message.in index ea74d13ee574..7176faa9709b 100644 --- a/mail/mailman/files/pkg-message.in +++ b/mail/mailman/files/pkg-message.in @@ -14,10 +14,13 @@ Note (1): - ESPECIALLY RELEVANT FOR USERS OF THE BINARY PACKAGE - The FreeBSD binary package is built for use with Sendmail, and it will not work properly with alternative MTAs such as Exim or Postfix. - In order for Mailman to work with an alternative mailer, -the port must be installed from source, with proper options configured, -or from a package built in poudriere (which is a separate port in -ports-mgmt) with adapted options. (poudriere options -cn mail/mailman) + In order for Mailman to work with an alternative mailer, please use +mailman-exim4 or mailman-postfix instead, or +mailman-exim4-with-htdig or mailman-postfix-with-htdig. + For use with other mailers (Courier, OpenSMTPd), the port must be installed +from source, with proper options configured, or from a package built in +poudriere (which is a separate port in ports-mgmt) with adapted options. +(poudriere options -cn mail/mailman) - FOR USERS OF A PORT BUILT FROM SOURCE - If you use an alternate MTA (meaning "not Sendmail"), you MUST