diff options
| author | Matthias Andree <mandree@FreeBSD.org> | 2020-05-05 22:57:42 +0000 |
|---|---|---|
| committer | Matthias Andree <mandree@FreeBSD.org> | 2020-05-05 22:57:42 +0000 |
| commit | 9e0d62bd3f0ceeab16cef6119cba8f9a5a5fa7d4 (patch) | |
| tree | 51178caa42ef74955aee03a655fc56a0c812184c /mail | |
| parent | e5a4d372daf1af7f128646c718b1b93c2b7eb810 (diff) | |
| download | ports-9e0d62bd3f0ceeab16cef6119cba8f9a5a5fa7d4.tar.gz ports-9e0d62bd3f0ceeab16cef6119cba8f9a5a5fa7d4.zip | |
2020Q2 specific mail/mailman minimal security fix
Backporting 2.1.31 needs more consideration and more than just MFH r534101,
so forgo that and for the nonce, plug this information leak quickly with the
one-line fix by upstream, and hack additional translations to match into the
.po files with REINPLACE_CMD.
Approved by: ports-secteam@ (blanket, trivial security fix)
Security: 88760f4d-8ef7-11ea-a66d-4b2ef158be83
Notes
Notes:
svn path=/branches/2020Q2/; revision=534109
Diffstat (limited to 'mail')
| -rw-r--r-- | mail/mailman/Makefile | 7 | ||||
| -rw-r--r-- | mail/mailman/files/patch-0-security-88760f4d-8ef7-11ea-a66d-4b2ef158be83 | 17 |
2 files changed, 23 insertions, 1 deletions
diff --git a/mail/mailman/Makefile b/mail/mailman/Makefile index cb5b52039fd4..f0dcaf3bcb6d 100644 --- a/mail/mailman/Makefile +++ b/mail/mailman/Makefile @@ -3,7 +3,7 @@ PORTNAME= mailman DISTVERSION= 2.1.30 -PORTREVISION= 0 +PORTREVISION= 3 CATEGORIES= mail MASTER_SITES= GNU \ SF/${PORTNAME}/Mailman%202.1%20%28stable%29/${PORTVERSION} \ @@ -178,6 +178,11 @@ post-patch: ${REINPLACE_CMD} -e 's/messages//' ${WRKSRC}/Makefile.in .endif ${MV} ${WRKSRC}/configure.in ${WRKSRC}/configure.ac # suppress warning + # Fix up translations for patch-0-security-88760f4d-8ef7-11ea-a66d-4b2ef158be83. + # Note it's not just search & replace, the pattern needs to be unedited for + # admin.py and edited for options.py. + ${REINPLACE_CMD} -Ee '/Illegal Email Address: %\(safeuser\)/,+1H;$${p;x;s/ *. %\(safeuser\)s//g;}' \ + ${WRKSRC}/messages/*/LC_MESSAGES/mailman.po # post-patch-HTDIG-on is to fix https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=238508 post-patch-HTDIG-on: diff --git a/mail/mailman/files/patch-0-security-88760f4d-8ef7-11ea-a66d-4b2ef158be83 b/mail/mailman/files/patch-0-security-88760f4d-8ef7-11ea-a66d-4b2ef158be83 new file mode 100644 index 000000000000..c061d67bb765 --- /dev/null +++ b/mail/mailman/files/patch-0-security-88760f4d-8ef7-11ea-a66d-4b2ef158be83 @@ -0,0 +1,17 @@ +This is to fix vulnerability 88760f4d-8ef7-11ea-a66d-4b2ef158be83, +and was provided by Mark Sapiro, the upstream maintainer. + +Source: https://bugs.launchpad.net/mailman/+bug/1873722 + +--- Mailman/Cgi/options.py 2019-03-06 17:48:32 +0000 ++++ Mailman/Cgi/options.py 2020-04-20 03:10:16 +0000 +@@ -173,7 +173,7 @@ + try: + Utils.ValidateEmail(user) + except Errors.EmailAddressError: +- doc.addError(_('Illegal Email Address: %(safeuser)s')) ++ doc.addError(_('Illegal Email Address')) + loginpage(mlist, doc, None, language) + print doc.Format() + return + |