Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 1 Dec 2021 19:10:43 GMT
From:      Matthias Andree <mandree@FreeBSD.org>
To:        ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-branches@FreeBSD.org
Subject:   git: 5b7dfe597e15 - 2021Q4 - mail/mailman: 2.1.38 security fixing CSRF vuln
Message-ID:  <202112011910.1B1JAhT7083502@gitrepo.freebsd.org>

next in thread | raw e-mail | index | archive | help
The branch 2021Q4 has been updated by mandree:

URL: https://cgit.FreeBSD.org/ports/commit/?id=5b7dfe597e1526e1b240a8317fb1c2aec3490b6b

commit 5b7dfe597e1526e1b240a8317fb1c2aec3490b6b
Author:     Matthias Andree <mandree@FreeBSD.org>
AuthorDate: 2021-12-01 19:06:35 +0000
Commit:     Matthias Andree <mandree@FreeBSD.org>
CommitDate: 2021-12-01 19:10:33 +0000

    mail/mailman: 2.1.38 security fixing CSRF vuln
    
    While here, fix pkg-message to mention -exim4 and -postfix
    derived ports that override the default MTA.
    
    Security:       0d6efbe3-52d9-11ec-9472-e3667ed6088e
    Security:       CVE-2021-44227
    MFH:            2021Q4
    (cherry picked from commit 87f0f372e4b844f16b8c6e7bd3bc68ecf703c17f)
---
 mail/mailman/Makefile             |  3 ++-
 mail/mailman/distinfo             |  6 +++---
 mail/mailman/files/pkg-message.in | 11 +++++++----
 3 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/mail/mailman/Makefile b/mail/mailman/Makefile
index 8250bc733ec6..f385a3a09d7f 100644
--- a/mail/mailman/Makefile
+++ b/mail/mailman/Makefile
@@ -1,7 +1,8 @@
 # Created by: n_hibma@qubesoft.com
 
 PORTNAME=	mailman
-DISTVERSION=	2.1.37
+DISTVERSION=	2.1.38
+PORTREVISION=	0
 CATEGORIES=	mail
 MASTER_SITES=	GNU \
 		SF/${PORTNAME}/Mailman%202.1%20%28stable%29/${PORTVERSION} \
diff --git a/mail/mailman/distinfo b/mail/mailman/distinfo
index b7eb6f32f810..acd4074ba3bb 100644
--- a/mail/mailman/distinfo
+++ b/mail/mailman/distinfo
@@ -1,5 +1,5 @@
-TIMESTAMP = 1636797368
-SHA256 (mailman/mailman-2.1.37.tgz) = 689ff350857728ccc4ed379ceef54b93f710af8740cabc3bfe0348173b6b3f4f
-SIZE (mailman/mailman-2.1.37.tgz) = 9508379
+TIMESTAMP = 1638384323
+SHA256 (mailman/mailman-2.1.38.tgz) = ac093ec2ed3eb93b41f1e1b19d39cf41e1bdd09587979835fe154dac6777fc68
+SIZE (mailman/mailman-2.1.38.tgz) = 9508426
 SHA256 (mailman/msapiro-htdig-1822.patch.xz) = fa1da6fb7c0946a6723bc2766501c222fa73c8d794566a3b6e5718a7d1840265
 SIZE (mailman/msapiro-htdig-1822.patch.xz) = 50700
diff --git a/mail/mailman/files/pkg-message.in b/mail/mailman/files/pkg-message.in
index ea74d13ee574..7176faa9709b 100644
--- a/mail/mailman/files/pkg-message.in
+++ b/mail/mailman/files/pkg-message.in
@@ -14,10 +14,13 @@ Note (1):
 - ESPECIALLY RELEVANT FOR USERS OF THE BINARY PACKAGE -
 The FreeBSD binary package is built for use with Sendmail, and it will
 not work properly with alternative MTAs such as Exim or Postfix.
-  In order for Mailman to work with an alternative mailer,
-the port must be installed from source, with proper options configured,
-or from a package built in poudriere (which is a separate port in
-ports-mgmt) with adapted options. (poudriere options -cn mail/mailman)
+  In order for Mailman to work with an alternative mailer, please use
+mailman-exim4 or mailman-postfix instead, or
+mailman-exim4-with-htdig or mailman-postfix-with-htdig.
+  For use with other mailers (Courier, OpenSMTPd), the port must be installed
+from source, with proper options configured, or from a package built in
+poudriere (which is a separate port in ports-mgmt) with adapted options.
+(poudriere options -cn mail/mailman)
 
 - FOR USERS OF A PORT BUILT FROM SOURCE -
 If you use an alternate MTA (meaning "not Sendmail"), you MUST



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202112011910.1B1JAhT7083502>