Date: Sun, 25 Feb 2018 10:44:59 +0000 (UTC) From: TAKATSU Tomonari <tota@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r462947 - in head/japanese/mailman: . files Message-ID: <201802251044.w1PAix6B023790@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: tota Date: Sun Feb 25 10:44:59 2018 New Revision: 462947 URL: https://svnweb.freebsd.org/changeset/ports/462947 Log: - Add CVE-2018-5950 patch [1] - Update MASTER_SITES [1] - USES shebangfix - Regenerate patches with makepatch - Fix pkg-plist to make portlint happy PR: 225703 [1] Submitted by: Yasuhito FUTATSUKI MFH: 2018Q1 Security: CVE-2018-5950 Added: head/japanese/mailman/files/patch-CVE-2018-5950 (contents, props changed) Modified: head/japanese/mailman/Makefile (contents, props changed) head/japanese/mailman/files/patch-CVE-2015-2775 (contents, props changed) head/japanese/mailman/files/patch-Mailman-Defaults.py.in (contents, props changed) head/japanese/mailman/files/patch-Mailman-htmlformat.py (contents, props changed) head/japanese/mailman/files/patch-configure.in (contents, props changed) head/japanese/mailman/files/patch-misc-mailman.in (contents, props changed) head/japanese/mailman/pkg-plist (contents, props changed) Modified: head/japanese/mailman/Makefile ============================================================================== --- head/japanese/mailman/Makefile Sun Feb 25 10:44:31 2018 (r462946) +++ head/japanese/mailman/Makefile Sun Feb 25 10:44:59 2018 (r462947) @@ -3,10 +3,10 @@ PORTNAME= mailman PORTVERSION= 2.1.14.j7 -PORTREVISION= 3 +PORTREVISION= 4 PORTEPOCH= 1 CATEGORIES= japanese mail -MASTER_SITES= http://www.python.jp/doc/contrib/mailman/_static/ \ +MASTER_SITES= https://docs.python.jp/contrib/mailman/_static/ \ LOCAL/tota/${PORTNAME} DISTNAME= ${PORTNAME}-${PORTVERSION:S/.j/+j/} DIST_SUBDIR= mailman @@ -21,7 +21,7 @@ CONFLICTS= mailman-2.1.* PORTSCOUT= limit:.*\.j\d+$$ -USES= autoreconf gettext python:2.7 tar:tgz +USES= autoreconf gettext python:2.7 shebangfix tar:tgz USE_RC_SUBR= mailman GNU_CONFIGURE= yes @@ -52,6 +52,10 @@ MAILMANDIR= ${PREFIX}/${MM_DIR} PLIST_SUB= MMDIR=${MM_DIR} IMGDIR=${IMGDIR} SUB_FILES= pkg-message pkg-install pkg-deinstall SUB_LIST= MAILMANDIR=${MAILMANDIR} USER=${MM_USERNAME} GROUP=${MM_GROUPNAME} + +SHEBANG_FILES= bin/msgfmt.py \ + tests/onebounce.py \ + tests/fblast.py IMGFILES= PythonPowered.png mailman.jpg mm-icon.png Modified: head/japanese/mailman/files/patch-CVE-2015-2775 ============================================================================== --- head/japanese/mailman/files/patch-CVE-2015-2775 Sun Feb 25 10:44:31 2018 (r462946) +++ head/japanese/mailman/files/patch-CVE-2015-2775 Sun Feb 25 10:44:59 2018 (r462947) @@ -1,6 +1,6 @@ ---- Mailman/Utils.py.orig 2011-12-11 16:56:23.000000000 +0900 -+++ Mailman/Utils.py 2015-06-01 13:25:26.000000000 +0900 -@@ -93,6 +93,12 @@ +--- Mailman/Utils.py.orig 2011-12-11 07:56:23 UTC ++++ Mailman/Utils.py +@@ -93,6 +93,12 @@ def list_exists(listname): # # The former two are for 2.1alpha3 and beyond, while the latter two are # for all earlier versions. Added: head/japanese/mailman/files/patch-CVE-2018-5950 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/japanese/mailman/files/patch-CVE-2018-5950 Sun Feb 25 10:44:59 2018 (r462947) @@ -0,0 +1,52 @@ +--- Mailman/Cgi/options.py.orig 2011-12-11 07:56:23 UTC ++++ Mailman/Cgi/options.py +@@ -1,4 +1,4 @@ +-# Copyright (C) 1998-2011 by the Free Software Foundation, Inc. ++# Copyright (C) 1998-2018 by the Free Software Foundation, Inc. + # + # This program is free software; you can redistribute it and/or + # modify it under the terms of the GNU General Public License +@@ -165,20 +165,6 @@ def main(): + doc.set_language(userlang) + i18n.set_language(userlang) + +- # See if this is VARHELP on topics. +- varhelp = None +- if cgidata.has_key('VARHELP'): +- varhelp = cgidata['VARHELP'].value +- elif os.environ.get('QUERY_STRING'): +- # POST methods, even if their actions have a query string, don't get +- # put into FieldStorage's keys :-( +- qs = cgi.parse_qs(os.environ['QUERY_STRING']).get('VARHELP') +- if qs and type(qs) == types.ListType: +- varhelp = qs[0] +- if varhelp: +- topic_details(mlist, doc, user, cpuser, userlang, varhelp) +- return +- + # Are we processing an unsubscription request from the login screen? + if cgidata.has_key('login-unsub'): + # Because they can't supply a password for unsubscribing, we'll need +@@ -290,6 +276,22 @@ def main(): + print doc.Format() + return + ++ # See if this is VARHELP on topics. ++ varhelp = None ++ if cgidata.has_key('VARHELP'): ++ varhelp = cgidata['VARHELP'].value ++ elif os.environ.get('QUERY_STRING'): ++ # POST methods, even if their actions have a query string, don't get ++ # put into FieldStorage's keys :-( ++ qs = cgi.parse_qs(os.environ['QUERY_STRING']).get('VARHELP') ++ if qs and type(qs) == types.ListType: ++ varhelp = qs[0] ++ if varhelp: ++ # Sanitize the topic name. ++ varhelp = re.sub('<.*', '', varhelp) ++ topic_details(mlist, doc, user, cpuser, userlang, varhelp) ++ return ++ + if cgidata.has_key('logout'): + print mlist.ZapCookie(mm_cfg.AuthUser, user) + loginpage(mlist, doc, user, language) Modified: head/japanese/mailman/files/patch-Mailman-Defaults.py.in ============================================================================== --- head/japanese/mailman/files/patch-Mailman-Defaults.py.in Sun Feb 25 10:44:31 2018 (r462946) +++ head/japanese/mailman/files/patch-Mailman-Defaults.py.in Sun Feb 25 10:44:59 2018 (r462947) @@ -1,6 +1,6 @@ ---- Mailman/Defaults.py.in.orig 2011-12-11 16:56:23.000000000 +0900 -+++ Mailman/Defaults.py.in 2012-02-15 05:39:56.000000000 +0900 -@@ -62,7 +62,7 @@ +--- Mailman/Defaults.py.in.orig 2011-12-11 07:56:23 UTC ++++ Mailman/Defaults.py.in +@@ -62,7 +62,7 @@ SHORTCUT_ICON = 'mm-icon.png' # Banner images DELIVERED_BY = 'mailman.jpg' PYTHON_POWERED = 'PythonPowered.png' @@ -9,7 +9,7 @@ # Don't change MAILMAN_URL, unless you want to point it at one of the mirrors. MAILMAN_URL = 'http://www.gnu.org/software/mailman/index.html' -@@ -119,7 +119,7 @@ +@@ -119,7 +119,7 @@ FORM_LIFETIME = hours(1) # Command that is used to convert text/html parts into plain text. This # should output results to standard output. %(filename)s will contain the # name of the temporary file that the program should operate on. @@ -18,7 +18,7 @@ # A Python regular expression character class which defines the characters # allowed in list names. Lists cannot be created with names containing any -@@ -460,8 +460,8 @@ +@@ -460,8 +460,8 @@ VIRTUAL_MAILMAN_LOCAL_DOMAIN = None # and virtual-mailman.db files, respectively, from the associated plain text # files. The file being updated will be appended to this string (with a # separating space), so it must be appropriate for os.system(). @@ -29,7 +29,7 @@ # Ceiling on the number of recipients that can be specified in a single SMTP # transaction. Set to 0 to submit the entire recipient list in one -@@ -495,7 +495,7 @@ +@@ -495,7 +495,7 @@ SMTPPORT = 0 # Command for direct command pipe delivery to sendmail compatible program, # when DELIVERY_MODULE is 'Sendmail'. @@ -38,7 +38,7 @@ # Set these variables if you need to authenticate to your NNTP server for # Usenet posting or reading. If no authentication is necessary, specify None -@@ -747,6 +747,13 @@ +@@ -747,6 +747,13 @@ VERP_CONFIRMATIONS = No # debugging). MAX_AUTORESPONSES_PER_DAY = 10 Modified: head/japanese/mailman/files/patch-Mailman-htmlformat.py ============================================================================== --- head/japanese/mailman/files/patch-Mailman-htmlformat.py Sun Feb 25 10:44:31 2018 (r462946) +++ head/japanese/mailman/files/patch-Mailman-htmlformat.py Sun Feb 25 10:44:59 2018 (r462947) @@ -1,6 +1,6 @@ ---- Mailman/htmlformat.py.orig 2011-12-11 16:56:23.000000000 +0900 -+++ Mailman/htmlformat.py 2012-02-15 16:46:34.000000000 +0900 -@@ -621,13 +621,13 @@ +--- Mailman/htmlformat.py.orig 2011-12-11 07:56:23 UTC ++++ Mailman/htmlformat.py +@@ -621,13 +621,13 @@ class DefinitionList(Container): # from mm_cfg import MAILMAN_URL PYTHON_URL = 'http://www.python.org/' @@ -16,7 +16,7 @@ def MailmanLogo(): -@@ -641,18 +641,18 @@ +@@ -641,18 +641,18 @@ def MailmanLogo(): pylink = '<img src="%s" alt="Python Powered" ' \ 'title="Python Powered" border=0>' % \ logo(PYTHON_POWERED) Modified: head/japanese/mailman/files/patch-configure.in ============================================================================== --- head/japanese/mailman/files/patch-configure.in Sun Feb 25 10:44:31 2018 (r462946) +++ head/japanese/mailman/files/patch-configure.in Sun Feb 25 10:44:59 2018 (r462947) @@ -3,9 +3,9 @@ this creates a problem; we create the users just befor We remove the testing part. ---- configure.in.orig 2011-12-11 16:56:23.000000000 +0900 -+++ configure.in 2012-02-15 06:11:05.000000000 +0900 -@@ -341,28 +341,7 @@ +--- configure.in.orig 2011-12-11 07:56:23 UTC ++++ configure.in +@@ -341,28 +341,7 @@ AC_DEFUN([MM_FIND_GROUP_NAME], [ # $2 == user id to check for AC_SUBST($1) changequote(,) @@ -35,7 +35,7 @@ We remove the testing part. changequote([, ]) rm -f conftest.out conftest.py]) -@@ -373,28 +352,7 @@ +@@ -373,28 +352,7 @@ AC_DEFUN([MM_FIND_USER_NAME], [ # $2 == user id to check for AC_SUBST($1) changequote(,) Modified: head/japanese/mailman/files/patch-misc-mailman.in ============================================================================== --- head/japanese/mailman/files/patch-misc-mailman.in Sun Feb 25 10:44:31 2018 (r462946) +++ head/japanese/mailman/files/patch-misc-mailman.in Sun Feb 25 10:44:59 2018 (r462947) @@ -1,6 +1,6 @@ ---- misc/mailman.in.orig 2011-12-11 16:56:23.000000000 +0900 -+++ misc/mailman.in 2012-02-15 06:27:15.000000000 +0900 -@@ -39,16 +39,20 @@ +--- misc/mailman.in.orig 2011-12-11 07:56:23 UTC ++++ misc/mailman.in +@@ -39,16 +39,20 @@ MAILMANCTL=$MAILMANHOME/bin/mailmanctl case "$1" in 'start') #rm -f $MAILMANHOME/locks/* Modified: head/japanese/mailman/pkg-plist ============================================================================== --- head/japanese/mailman/pkg-plist Sun Feb 25 10:44:31 2018 (r462946) +++ head/japanese/mailman/pkg-plist Sun Feb 25 10:44:59 2018 (r462947) @@ -1,12 +1,5 @@ -@stopdaemon mailman -@exec mkdir -p %D/%%MMDIR%%/archives -@exec mkdir -p %D/%%MMDIR%%/archives/private -@exec mkdir -p %D/%%MMDIR%%/archives/public -@exec mkdir -p %D/%%MMDIR%%/lists -@exec mkdir -p %D/%%MMDIR%%/locks -@exec mkdir -p %D/%%MMDIR%%/logs -@exec mkdir -p %D/%%MMDIR%%/qfiles -@exec mkdir -p %D/%%MMDIR%%/spam +@postunexec if cmp -s %D/%%MMDIR%%/Mailman/mm_cfg.py %D/%%MMDIR%%/Mailman/mm_cfg.py.dist; then rm -f %D/%%MMDIR%%/Mailman/mm_cfg.py; fi +@postunexec rm -f %D/%%MMDIR%%/Mailman/mm_cfg.pyc %%IMGDIR%%/PythonPowered.png %%IMGDIR%%/mailman.jpg %%IMGDIR%%/mm-icon.png @@ -305,10 +298,7 @@ %%MMDIR%%/Mailman/htmlformat.pyc %%MMDIR%%/Mailman/i18n.py %%MMDIR%%/Mailman/i18n.pyc -@unexec if cmp -s %D/%%MMDIR%%/Mailman/mm_cfg.py.dist %D/%%MMDIR%%/Mailman/mm_cfg.py; then rm -f %D/%%MMDIR%%/Mailman/mm_cfg.py; fi -%%MMDIR%%/Mailman/mm_cfg.py.dist -@exec if [ ! -f %B/mm_cfg.py ] ; then cp -p %D/%F %B/mm_cfg.py; fi -@unexec rm -f %D/%%MMDIR%%/Mailman/mm_cfg.pyc +@sample %%MMDIR%%/Mailman/mm_cfg.py.dist %%MMDIR%%/Mailman/mm_cfg.py %%MMDIR%%/Mailman/versions.py %%MMDIR%%/Mailman/versions.pyc %%MMDIR%%/bin/add_members @@ -375,7 +365,7 @@ %%MMDIR%%/cron/mailpasswds %%MMDIR%%/cron/nightly_gzip %%MMDIR%%/cron/paths.py -@unexec rm -f %%MMDIR%%/cron/paths.pyc +@postunexec rm -f %%MMDIR%%/cron/paths.pyc %%MMDIR%%/cron/senddigests %%MMDIR%%/data/sitelist.cfg %%MMDIR%%/icons/PythonPowered.png @@ -2249,10 +2239,11 @@ %%MMDIR%%/tests/test_smtp.py %%MMDIR%%/tests/testall.py %%PYTHON_SITELIBDIR%%/mailman-info.txt -@dir %%MMDIR%%/archives/private -@dir %%MMDIR%%/archives/public -@dir %%MMDIR%%/lists -@dir %%MMDIR%%/locks -@dir %%MMDIR%%/logs -@dir %%MMDIR%%/qfiles @dir %%MMDIR%%/spam +@dir %%MMDIR%%/qfiles +@dir %%MMDIR%%/logs +@dir %%MMDIR%%/locks +@dir %%MMDIR%%/lists +@dir %%MMDIR%%/archives/public +@dir %%MMDIR%%/archives/private +@dir %%MMDIR%%/archives
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201802251044.w1PAix6B023790>