From owner-svn-ports-all@freebsd.org  Wed May 27 16:02:33 2020
Return-Path: <owner-svn-ports-all@freebsd.org>
Delivered-To: svn-ports-all@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 89E48336919;
 Wed, 27 May 2020 16:02:33 +0000 (UTC) (envelope-from pi@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 49XFw93DKFz4c5q;
 Wed, 27 May 2020 16:02:33 +0000 (UTC) (envelope-from pi@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 69F57174CB;
 Wed, 27 May 2020 16:02:33 +0000 (UTC) (envelope-from pi@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 04RG2XN9073395;
 Wed, 27 May 2020 16:02:33 GMT (envelope-from pi@FreeBSD.org)
Received: (from pi@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id 04RG2Wld073391;
 Wed, 27 May 2020 16:02:32 GMT (envelope-from pi@FreeBSD.org)
Message-Id: <202005271602.04RG2Wld073391@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: pi set sender to pi@FreeBSD.org
 using -f
From: Kurt Jaeger <pi@FreeBSD.org>
Date: Wed, 27 May 2020 16:02:32 +0000 (UTC)
To: ports-committers@freebsd.org, svn-ports-all@freebsd.org,
 svn-ports-head@freebsd.org
Subject: svn commit: r536696 - in head/mail/sympa: . files
X-SVN-Group: ports-head
X-SVN-Commit-Author: pi
X-SVN-Commit-Paths: in head/mail/sympa: . files
X-SVN-Commit-Revision: 536696
X-SVN-Commit-Repository: ports
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-ports-all@freebsd.org
X-Mailman-Version: 2.1.33
Precedence: list
List-Id: SVN commit messages for the ports tree <svn-ports-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-all/>
List-Post: <mailto:svn-ports-all@freebsd.org>
List-Help: <mailto:svn-ports-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 27 May 2020 16:02:33 -0000

Author: pi
Date: Wed May 27 16:02:32 2020
New Revision: 536696
URL: https://svnweb.freebsd.org/changeset/ports/536696

Log:
  mail/sympa: update 6.2.54 -> 6.2.56, fix security issue
  
  - A vulnerability has been discovered in Sympa web interface by
    which attacker can execute arbitrary code with root privileges.
  
  PR:		246701
  Submitted by:	William F. Dudley Jr. <wfdudley@gmail.com>
  Approved by:	dgeo@centrale-marseille.fr (maintainer)
  MFH:		2020Q2
  Relnotes:	https://github.com/sympa-community/sympa/releases/tag/6.2.56
  Security:	CVE-2020-10936
  		https://sympa-community.github.io/security/2020-002.html
  		https://github.com/sympa-community/sympa/issues/943

Modified:
  head/mail/sympa/Makefile
  head/mail/sympa/distinfo
  head/mail/sympa/files/pkg-install.in
  head/mail/sympa/pkg-plist

Modified: head/mail/sympa/Makefile
==============================================================================
--- head/mail/sympa/Makefile	Wed May 27 15:31:55 2020	(r536695)
+++ head/mail/sympa/Makefile	Wed May 27 16:02:32 2020	(r536696)
@@ -2,7 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	sympa
-DISTVERSION=	6.2.54
+DISTVERSION=	6.2.56
 CATEGORIES=	mail
 
 MAINTAINER=	dgeo@centrale-marseille.fr

Modified: head/mail/sympa/distinfo
==============================================================================
--- head/mail/sympa/distinfo	Wed May 27 15:31:55 2020	(r536695)
+++ head/mail/sympa/distinfo	Wed May 27 16:02:32 2020	(r536696)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1583604282
-SHA256 (sympa-community-sympa-6.2.54_GH0.tar.gz) = 3322555bf92f1ffee53d8f943b5376b9eaec2d00ee884340543dceee3d59f6a0
-SIZE (sympa-community-sympa-6.2.54_GH0.tar.gz) = 10256308
+TIMESTAMP = 1590500677
+SHA256 (sympa-community-sympa-6.2.56_GH0.tar.gz) = 52c575880992b2e9dd84a68ff066f549b184768de13f115fb053034a4afc1cc2
+SIZE (sympa-community-sympa-6.2.56_GH0.tar.gz) = 10353468

Modified: head/mail/sympa/files/pkg-install.in
==============================================================================
--- head/mail/sympa/files/pkg-install.in	Wed May 27 15:31:55 2020	(r536695)
+++ head/mail/sympa/files/pkg-install.in	Wed May 27 16:02:32 2020	(r536696)
@@ -9,7 +9,7 @@ if [ "$2" = "POST_INSTALL" ]; then
 	else
 		if [ $(tail -1 %%ETCDIR%%/data_structure.version | cut -d. -f3) -lt 2 ]; then
 			echo "It seems you are upgrading from version <6.2 ($(cat %%ETCDIR%%/data_structure.version))"
-			echo "You'll have to read https://www.sympa.org/faq/upgrade-to-v6.2 and (at least) run:"
+			echo "You'll have to read https://sympa-community.github.io/manual/upgrade/notes.html and (at least) run:"
 			echo " # %%PREFIX%%/libexec/sympa/sympa.pl --upgrade_config_location"
 			echo " # %%PREFIX%%/libexec/sympa/sympa.pl --upgrade"
 			echo " # %%PREFIX%%/libexec/sympa/upgrade_bulk_spool.pl"
@@ -18,6 +18,9 @@ if [ "$2" = "POST_INSTALL" ]; then
 		else
 			echo "to upgrade, run:"
 			echo " # %%PREFIX%%/libexec/sympa/sympa.pl --upgrade"
+      echo ""
+      echo "Don't forget to read:"
+      echo "  https://sympa-community.github.io/manual/upgrade/notes.html"
 		fi
 	fi
 fi

Modified: head/mail/sympa/pkg-plist
==============================================================================
--- head/mail/sympa/pkg-plist	Wed May 27 15:31:55 2020	(r536695)
+++ head/mail/sympa/pkg-plist	Wed May 27 16:02:32 2020	(r536696)
@@ -169,6 +169,7 @@ libexec/sympa/Sympa/Tracking.pm
 libexec/sympa/Sympa/Upgrade.pm
 libexec/sympa/Sympa/User.pm
 libexec/sympa/Sympa/WWW/Auth.pm
+libexec/sympa/Sympa/WWW/FastCGI.pm
 libexec/sympa/Sympa/WWW/Marc.pm
 libexec/sympa/Sympa/WWW/Marc/Search.pm
 libexec/sympa/Sympa/WWW/Report.pm
@@ -371,6 +372,7 @@ man/man3/Sympa::Tools::Text.3Sympa.gz
 man/man3/Sympa::Tools::Time.3Sympa.gz
 man/man3/Sympa::Tracking.3Sympa.gz
 man/man3/Sympa::User.3Sympa.gz
+man/man3/Sympa::WWW::FastCGI.3Sympa.gz
 man/man3/Sympa::WWW::Marc::Search.3Sympa.gz
 man/man3/Sympa::WWW::Session.3Sympa.gz
 man/man3/Sympa::WWW::SharedDocument.3Sympa.gz
@@ -427,6 +429,7 @@ share/locale/fr/LC_MESSAGES/sympa.mo
 share/locale/fr/LC_MESSAGES/web_help.mo
 share/locale/gl/LC_MESSAGES/sympa.mo
 share/locale/gl/LC_MESSAGES/web_help.mo
+share/locale/hr/LC_MESSAGES/sympa.mo
 share/locale/hu/LC_MESSAGES/sympa.mo
 share/locale/hu/LC_MESSAGES/web_help.mo
 share/locale/id/LC_MESSAGES/sympa.mo
@@ -901,6 +904,8 @@ share/locale/zh_TW/LC_MESSAGES/sympa.mo
 %%DATADIR%%/static/js/respondjs/respond.min.js
 %%DATADIR%%/static/js/sympa.js
 %%PORTDOCS%%%%DOCSDIR%%/NEWS.md
+@group sympa
+@dir %%ETCDIR%%
 @dir %%ETCDIR%%/create_list_templates
 @dir %%ETCDIR%%/custom_actions
 @dir %%ETCDIR%%/custom_conditions
@@ -913,11 +918,11 @@ share/locale/zh_TW/LC_MESSAGES/sympa.mo
 @dir %%ETCDIR%%/web_tt2
 @dir libexec/sympa/Sympa/Template/Plugin
 @dir libexec/sympa/Sympa/List
+@owner sympa
 @dir %%DATADIR%%/arc
 @dir %%DATADIR%%/bounce
 @dir %%DATADIR%%/list_data
 @dir %%DATADIR%%/static
-@owner sympa
 @dir %%DATADIR%%/static/css
 @dir %%DATADIR%%/static/pictures
 @dir /var/run/sympa