Site Navigation

Date:      Wed, 27 May 2020 16:21:37 +0000 (UTC)
From:      Kurt Jaeger <pi@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org
Subject:   svn commit: r536702 - in branches/2020Q2/mail/sympa: . files
Message-ID:  <202005271621.04RGLbjE085096@repo.freebsd.org>

---

next in thread | raw e-mail | index | archive | help

---

Author: pi
Date: Wed May 27 16:21:37 2020
New Revision: 536702
URL: https://svnweb.freebsd.org/changeset/ports/536702

Log:
  MFH: r536696
  
  mail/sympa: update 6.2.54 -> 6.2.56, fix security issue
  
  - A vulnerability has been discovered in Sympa web interface by
    which attacker can execute arbitrary code with root privileges.
  
  PR:		246701
  Submitted by:	William F. Dudley Jr. <wfdudley@gmail.com>
  Approved by:	dgeo@centrale-marseille.fr (maintainer)
  Relnotes:	https://github.com/sympa-community/sympa/releases/tag/6.2.56
  Security:	CVE-2020-10936
  		https://sympa-community.github.io/security/2020-002.html
  		https://github.com/sympa-community/sympa/issues/943
  Approved by:	portmgr (security blanket)

Modified:
  branches/2020Q2/mail/sympa/Makefile
  branches/2020Q2/mail/sympa/distinfo
  branches/2020Q2/mail/sympa/files/pkg-install.in
  branches/2020Q2/mail/sympa/pkg-plist
Directory Properties:
  branches/2020Q2/   (props changed)

Modified: branches/2020Q2/mail/sympa/Makefile
==============================================================================
--- branches/2020Q2/mail/sympa/Makefile	Wed May 27 16:20:11 2020	(r536701)
+++ branches/2020Q2/mail/sympa/Makefile	Wed May 27 16:21:37 2020	(r536702)
@@ -2,7 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	sympa
-DISTVERSION=	6.2.54
+DISTVERSION=	6.2.56
 CATEGORIES=	mail
 
 MAINTAINER=	dgeo@centrale-marseille.fr

Modified: branches/2020Q2/mail/sympa/distinfo
==============================================================================
--- branches/2020Q2/mail/sympa/distinfo	Wed May 27 16:20:11 2020	(r536701)
+++ branches/2020Q2/mail/sympa/distinfo	Wed May 27 16:21:37 2020	(r536702)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1583604282
-SHA256 (sympa-community-sympa-6.2.54_GH0.tar.gz) = 3322555bf92f1ffee53d8f943b5376b9eaec2d00ee884340543dceee3d59f6a0
-SIZE (sympa-community-sympa-6.2.54_GH0.tar.gz) = 10256308
+TIMESTAMP = 1590500677
+SHA256 (sympa-community-sympa-6.2.56_GH0.tar.gz) = 52c575880992b2e9dd84a68ff066f549b184768de13f115fb053034a4afc1cc2
+SIZE (sympa-community-sympa-6.2.56_GH0.tar.gz) = 10353468

Modified: branches/2020Q2/mail/sympa/files/pkg-install.in
==============================================================================
--- branches/2020Q2/mail/sympa/files/pkg-install.in	Wed May 27 16:20:11 2020	(r536701)
+++ branches/2020Q2/mail/sympa/files/pkg-install.in	Wed May 27 16:21:37 2020	(r536702)
@@ -9,7 +9,7 @@ if [ "$2" = "POST_INSTALL" ]; then
 	else
 		if [ $(tail -1 %%ETCDIR%%/data_structure.version | cut -d. -f3) -lt 2 ]; then
 			echo "It seems you are upgrading from version <6.2 ($(cat %%ETCDIR%%/data_structure.version))"
-			echo "You'll have to read https://www.sympa.org/faq/upgrade-to-v6.2 and (at least) run:"
+			echo "You'll have to read https://sympa-community.github.io/manual/upgrade/notes.html and (at least) run:"
 			echo " # %%PREFIX%%/libexec/sympa/sympa.pl --upgrade_config_location"
 			echo " # %%PREFIX%%/libexec/sympa/sympa.pl --upgrade"
 			echo " # %%PREFIX%%/libexec/sympa/upgrade_bulk_spool.pl"
@@ -18,6 +18,9 @@ if [ "$2" = "POST_INSTALL" ]; then
 		else
 			echo "to upgrade, run:"
 			echo " # %%PREFIX%%/libexec/sympa/sympa.pl --upgrade"
+      echo ""
+      echo "Don't forget to read:"
+      echo "  https://sympa-community.github.io/manual/upgrade/notes.html"
 		fi
 	fi
 fi

Modified: branches/2020Q2/mail/sympa/pkg-plist
==============================================================================
--- branches/2020Q2/mail/sympa/pkg-plist	Wed May 27 16:20:11 2020	(r536701)
+++ branches/2020Q2/mail/sympa/pkg-plist	Wed May 27 16:21:37 2020	(r536702)
@@ -169,6 +169,7 @@ libexec/sympa/Sympa/Tracking.pm
 libexec/sympa/Sympa/Upgrade.pm
 libexec/sympa/Sympa/User.pm
 libexec/sympa/Sympa/WWW/Auth.pm
+libexec/sympa/Sympa/WWW/FastCGI.pm
 libexec/sympa/Sympa/WWW/Marc.pm
 libexec/sympa/Sympa/WWW/Marc/Search.pm
 libexec/sympa/Sympa/WWW/Report.pm
@@ -371,6 +372,7 @@ man/man3/Sympa::Tools::Text.3Sympa.gz
 man/man3/Sympa::Tools::Time.3Sympa.gz
 man/man3/Sympa::Tracking.3Sympa.gz
 man/man3/Sympa::User.3Sympa.gz
+man/man3/Sympa::WWW::FastCGI.3Sympa.gz
 man/man3/Sympa::WWW::Marc::Search.3Sympa.gz
 man/man3/Sympa::WWW::Session.3Sympa.gz
 man/man3/Sympa::WWW::SharedDocument.3Sympa.gz
@@ -427,6 +429,7 @@ share/locale/fr/LC_MESSAGES/sympa.mo
 share/locale/fr/LC_MESSAGES/web_help.mo
 share/locale/gl/LC_MESSAGES/sympa.mo
 share/locale/gl/LC_MESSAGES/web_help.mo
+share/locale/hr/LC_MESSAGES/sympa.mo
 share/locale/hu/LC_MESSAGES/sympa.mo
 share/locale/hu/LC_MESSAGES/web_help.mo
 share/locale/id/LC_MESSAGES/sympa.mo
@@ -901,6 +904,8 @@ share/locale/zh_TW/LC_MESSAGES/sympa.mo
 %%DATADIR%%/static/js/respondjs/respond.min.js
 %%DATADIR%%/static/js/sympa.js
 %%PORTDOCS%%%%DOCSDIR%%/NEWS.md
+@group sympa
+@dir %%ETCDIR%%
 @dir %%ETCDIR%%/create_list_templates
 @dir %%ETCDIR%%/custom_actions
 @dir %%ETCDIR%%/custom_conditions
@@ -913,11 +918,11 @@ share/locale/zh_TW/LC_MESSAGES/sympa.mo
 @dir %%ETCDIR%%/web_tt2
 @dir libexec/sympa/Sympa/Template/Plugin
 @dir libexec/sympa/Sympa/List
+@owner sympa
 @dir %%DATADIR%%/arc
 @dir %%DATADIR%%/bounce
 @dir %%DATADIR%%/list_data
 @dir %%DATADIR%%/static
-@owner sympa
 @dir %%DATADIR%%/static/css
 @dir %%DATADIR%%/static/pictures
 @dir /var/run/sympa

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202005271621.04RGLbjE085096>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact