[Pkg-mailman-hackers] Pkg-mailman commit - rev 776 - in trunk/debian: . patches

Thijs Kinkhorst thijs at moszumanska.debian.org
Thu May 14 14:29:28 UTC 2015


Author: thijs
Date: 2015-05-14 14:29:28 +0000 (Thu, 14 May 2015)
New Revision: 776

Removed:
   trunk/debian/patches/92_CVE-2015-2775.patch
Modified:
   trunk/debian/changelog
   trunk/debian/control
   trunk/debian/patches/90_gettext_errors.patch
   trunk/debian/patches/series
Log:
update patches for new upstream release and check for policy


Modified: trunk/debian/changelog
===================================================================
--- trunk/debian/changelog	2015-05-14 14:21:25 UTC (rev 775)
+++ trunk/debian/changelog	2015-05-14 14:29:28 UTC (rev 776)
@@ -1,3 +1,12 @@
+mailman (1:2.1.20-1) UNRELEASED; urgency=medium
+
+  * New upstream release.
+    - Drop obsolete patches:
+      92_CVE-2015-2775.patch
+  * Checked for policy 3.9.6, no changes.
+
+ -- Thijs Kinkhorst <thijs at debian.org>  Thu, 14 May 2015 14:09:42 +0000
+
 mailman (1:2.1.18-2) unstable; urgency=high
 
   * Fix security issue: path traversal through local_part.

Modified: trunk/debian/control
===================================================================
--- trunk/debian/control	2015-05-14 14:21:25 UTC (rev 775)
+++ trunk/debian/control	2015-05-14 14:29:28 UTC (rev 776)
@@ -6,7 +6,7 @@
  Thijs Kinkhorst <thijs at debian.org>,
  Hector Garcia <hector at debian.org>
 Build-Depends: debhelper (>= 7), autoconf, python-dev (>= 2.6.6-3~), gettext, python-dnspython
-Standards-Version: 3.9.5
+Standards-Version: 3.9.6
 Homepage: http://www.list.org/
 Vcs-Svn: svn://anonscm.debian.org/pkg-mailman/trunk
 Vcs-Browser: http://anonscm.debian.org/viewvc/pkg-mailman/trunk/

Modified: trunk/debian/patches/90_gettext_errors.patch
===================================================================
--- trunk/debian/patches/90_gettext_errors.patch	2015-05-14 14:21:25 UTC (rev 775)
+++ trunk/debian/patches/90_gettext_errors.patch	2015-05-14 14:29:28 UTC (rev 776)
@@ -39,37 +39,8 @@
  
  #: bin/sync_members:19
  msgid ""
---- a/messages/fr/LC_MESSAGES/mailman.po	2014-07-10 19:27:22.000000000 +0200
-+++ b/messages/fr/LC_MESSAGES/mailman.po	2014-07-10 20:00:53.000000000 +0200
-@@ -7465,7 +7465,7 @@
- "                Incomplete filter rules will be ignored."
- msgstr ""
- "Les règles de filtrage d'en têtes requièrent un motif.\n"
--"\t\t Les règles de filtrage incomplètes seront ignorées.\n"
-+"\t\t Les règles de filtrage incomplètes seront ignorées."
- 
- #: Mailman/Gui/Privacy.py:563
- msgid ""
 --- a/messages/hr/LC_MESSAGES/mailman.po	2014-07-10 19:27:22.000000000 +0200
 +++ b/messages/hr/LC_MESSAGES/mailman.po	2014-07-10 20:00:53.000000000 +0200
-@@ -1777,7 +1777,7 @@
- "    proces potvrde.\n"
- "\n"
- "    <p>Ili stisnite <em>Zanemari odbaci</em> da biste zanemarili ovu "
--"promjenu adrese\n"
-+"promjenu adrese"
- 
- #: Mailman/Cgi/confirm.py:603
- msgid "Change address"
-@@ -1813,7 +1813,7 @@
- "            <em>%(subject)s</em> u zaglavlju nije pronaðena.  Vjerovatno je\n"
- "            tome razlog taj ¹to je moderator liste veæ odobrio ili odbacio "
- "poruku.\n"
--"            Niste bili u moguænosti zanemariti istu na vrijeme.\n"
-+"            Niste bili u moguænosti zanemariti istu na vrijeme."
- 
- #: Mailman/Cgi/confirm.py:658
- msgid "Posted message canceled"
 @@ -4639,7 +4639,7 @@
  msgid ""
  "Remove message attachments that have a matching content\n"
@@ -79,85 +50,6 @@
  
  #: Mailman/Gui/ContentFilter.py:82
  msgid ""
---- a/messages/ia/LC_MESSAGES/mailman.po	2014-07-10 19:27:22.000000000 +0200
-+++ b/messages/ia/LC_MESSAGES/mailman.po	2014-07-10 20:00:53.000000000 +0200
-@@ -68,7 +68,7 @@
- 
- #: Mailman/Archiver/HyperArch.py:913
- msgid "figuring article archives\n"
--msgstr "recerca in le archivo pro iste articulo"
-+msgstr "recerca in le archivo pro iste articulo\n"
- 
- #: Mailman/Archiver/HyperArch.py:923
- msgid "April"
-@@ -1540,7 +1540,7 @@
- "lista\n"
- "            <em>%(listname)s</em>, ma illo debe esser approbate per le\n"
- "            moderator del lista. Tu requesta ha essite reinviate al "
--"moderator,            e tu essera notificate super su decision.\n"
-+"moderator,            e tu essera notificate super su decision."
- 
- #: Mailman/Cgi/confirm.py:372 Mailman/Cgi/confirm.py:437
- #: Mailman/Cgi/confirm.py:526 Mailman/Cgi/confirm.py:763
-@@ -1892,7 +1892,7 @@
- "            Tu ha rehabilitate con successo tu abonamento al\n"
- "            lista %(listname)s.  Tu pote nunc <a\n"
- "            href=\"%(optionsurl)s\">visitar tu pagina de optiones de "
--"abonato</a>.\n"
-+"abonato</a>."
- 
- #: Mailman/Cgi/confirm.py:785
- msgid "Re-enable mailing list membership"
-@@ -2566,7 +2566,7 @@
- "Tu ha essite disabonate con successo del lista %(fqdn_listname)s.\n"
- "            Si tu recipeva summarios, tu forsan va reciper ancora uno.\n"
- "            Si tu ha alicun question super tu disabonamento, per favor\n"
--"            contacta le proprietarios del lista a %(owneraddr)s.\n"
-+"            contacta le proprietarios del lista a %(owneraddr)s."
- 
- #: Mailman/Cgi/options.py:676
- msgid ""
-@@ -3217,11 +3217,11 @@
- 
- #: Mailman/Commands/cmd_join.py:17
- msgid "The `join' command is synonymous with `subscribe'.\n"
--msgstr "Le commando 'join' (in anglese) es synonyme con 'subscribe'."
-+msgstr "Le commando 'join' (in anglese) es synonyme con 'subscribe'.\n"
- 
- #: Mailman/Commands/cmd_leave.py:17
- msgid "The `leave' command is synonymous with `unsubscribe'.\n"
--msgstr "Le commando 'leave' (in anglese) es synonyme a 'unsubscribe'."
-+msgstr "Le commando 'leave' (in anglese) es synonyme a 'unsubscribe'.\n"
- 
- #: Mailman/Commands/cmd_lists.py:17
- msgid ""
-@@ -3314,7 +3314,7 @@
- 
- #: Mailman/Commands/cmd_remove.py:17
- msgid "The `remove' command is synonymous with `unsubscribe'.\n"
--msgstr "Le commando 'remove' (in anglese) es synonyme con 'unsubscribe'."
-+msgstr "Le commando 'remove' (in anglese) es synonyme con 'unsubscribe'.\n"
- 
- #: Mailman/Commands/cmd_set.py:26
- msgid ""
-@@ -3609,7 +3609,7 @@
- 
- #: Mailman/Commands/cmd_stop.py:17
- msgid "stop is synonymous with the end command.\n"
--msgstr "'stop' es synonyme con le commando 'end' (fin)."
-+msgstr "'stop' es synonyme con le commando 'end' (fin).\n"
- 
- #: Mailman/Commands/cmd_subscribe.py:17
- msgid ""
-@@ -11173,7 +11173,7 @@
- "\n"
- "Optiones:\n"
- "    -v / --verbose\n"
--"        Imprime lo que le scripto face."
-+"        Imprime lo que le scripto face.\n"
- 
- #: bin/reset_pw.py:77
- msgid "Changing passwords for list: %(listname)s"
 --- /dev/null	1970-01-01 00:00:00.000000000 +0000
 +++ b/messages/checkpo.sh	2014-07-10 20:00:53.000000000 +0200
 @@ -0,0 +1,6 @@
@@ -196,15 +88,6 @@
  
  #: Mailman/Gui/General.py:560
  msgid ""
-@@ -6519,7 +6519,7 @@
- "»Ê²ñ¥×¥í¥»¥¹¤ÏɬÍפȤ·¤Þ¤»¤ó. 1¹Ô¤Ë¤Ä¤­1¤Ä¤Î¥¢¥É¥ì¥¹¤ò\n"
- "µ­Æþ¤·¤Æ¤¯¤À¤µ¤¤; Àµµ¬É½¸½¤ò»È¤¦¤Ë¤Ï¹Ô¤ÎºÇ½é¤ò ^ ¤Ç»Ï¤á¤Æ¤¯¤À¤µ¤¤.\n"
- "¹Ô¤ÎºÇ½é¤ò @ ʸ»ú¤Ë¤·¤Æ, ¸å¤Ë¤³¤Î Mailman ¥·¥¹¥Æ¥à¤Î¥ê¥¹¥È̾¤ò³¤±¤ë¤È,\n"
--"¤½¤Î¥ê¥¹¥È²ñ°÷Á´°÷¤¬¾µÇ§¤µ¤ì¤Þ¤¹.\n"
-+"¤½¤Î¥ê¥¹¥È²ñ°÷Á´°÷¤¬¾µÇ§¤µ¤ì¤Þ¤¹."
- 
- #: Mailman/Gui/Privacy.py:315
- msgid ""
 @@ -8751,7 +8751,7 @@
  "·Ù¹ð: ¸ÂÄê¸ø³«Êݸ½ñ¸Ë¥Ç¥£¥ì¥¯¥È¥ê¤¬ other-executable (o+x) ¤Ë\n"
  "      ¤Ê¤Ã¤Æ¤¤¤Þ¤¹. ¤¢¤Ê¤¿¤Î¥·¥¹¥Æ¥à¤Î¥·¥§¥ë¥æ¡¼¥¶¤¬¤³¤ÎÊݸ½ñ¸Ë\n"
@@ -241,23 +124,3 @@
  
  #: Mailman/Gui/General.py:560
  msgid ""
---- a/messages/pl/LC_MESSAGES/mailman.po	2014-07-10 19:27:22.000000000 +0200
-+++ b/messages/pl/LC_MESSAGES/mailman.po	2014-07-10 20:00:53.000000000 +0200
-@@ -1390,7 +1390,7 @@
- "    confirmation step."
- msgstr ""
- "Wprowad¼ kod potwierdzaj±cy,\n"
--"    który otrzyma³e¶ w emailu. Nastêpnie naci¶nij <em>OK</em>,\n"
-+"    który otrzyma³e¶ w emailu. Nastêpnie naci¶nij <em>OK</em>,"
- 
- #: Mailman/Cgi/confirm.py:214
- msgid "Confirmation string:"
-@@ -1630,7 +1630,7 @@
- "    Naci¶nij <em>Wypisz</em>, aby potwierdziæ\n"
- "    wypisanie siê.\n"
- "\n"
--"    <p>Kliknij <em>Anuluj</em>, aby zrezygnowaæ.\n"
-+"    <p>Kliknij <em>Anuluj</em>, aby zrezygnowaæ."
- 
- #: Mailman/Cgi/confirm.py:492 Mailman/Cgi/options.py:767
- #: Mailman/Cgi/options.py:911 Mailman/Cgi/options.py:921

Deleted: trunk/debian/patches/92_CVE-2015-2775.patch
===================================================================
--- trunk/debian/patches/92_CVE-2015-2775.patch	2015-05-14 14:21:25 UTC (rev 775)
+++ trunk/debian/patches/92_CVE-2015-2775.patch	2015-05-14 14:29:28 UTC (rev 776)
@@ -1,34 +0,0 @@
-From: Mark Sapiro <mark at msapiro.net>
-Subject: Fix path traversal through local_part (CVE-2015-2775)
-Origin: upstream, https://launchpadlibrarian.net/201407944/p
-Bug: https://bugs.launchpad.net/mailman/+bug/1437145
-Bug-Debian: http://bugs.debian.org/781626
-
-diff -ur mailman-2.1.18.orig/Mailman/Defaults.py.in mailman-2.1.18/Mailman/Defaults.py.in
---- mailman-2.1.18.orig/Mailman/Defaults.py.in	2014-05-03 17:37:22.000000000 +0000
-+++ mailman-2.1.18/Mailman/Defaults.py.in	2015-04-06 15:43:20.000000000 +0000
-@@ -138,7 +138,7 @@
- 
- # A Python regular expression character class which defines the characters
- # allowed in list names.  Lists cannot be created with names containing any
--# character that doesn't match this class.
-+# character that doesn't match this class.  Do not include '/' in this list.
- ACCEPTABLE_LISTNAME_CHARACTERS = '[-+_.=a-z0-9]'
- 
- 
-diff -ur mailman-2.1.18.orig/Mailman/Utils.py mailman-2.1.18/Mailman/Utils.py
---- mailman-2.1.18.orig/Mailman/Utils.py	2014-05-03 17:37:22.000000000 +0000
-+++ mailman-2.1.18/Mailman/Utils.py	2015-04-06 15:43:20.000000000 +0000
-@@ -99,6 +99,12 @@
-     #
-     # The former two are for 2.1alpha3 and beyond, while the latter two are
-     # for all earlier versions.
-+    #
-+    # But first ensure the list name doesn't contain a path traversal
-+    # attack.
-+    if len(re.sub(mm_cfg.ACCEPTABLE_LISTNAME_CHARACTERS, '', listname)) > 0:
-+        syslog('mischief', 'Hostile listname: %s', listname)
-+        return False
-     basepath = Site.get_listpath(listname)
-     for ext in ('.pck', '.pck.last', '.db', '.db.last'):
-         dbfile = os.path.join(basepath, 'config' + ext)

Modified: trunk/debian/patches/series
===================================================================
--- trunk/debian/patches/series	2015-05-14 14:21:25 UTC (rev 775)
+++ trunk/debian/patches/series	2015-05-14 14:29:28 UTC (rev 776)
@@ -10,4 +10,3 @@
 79_archiver_slash.patch
 90_gettext_errors.patch
 91_utf8.patch
-92_CVE-2015-2775.patch




More information about the Pkg-mailman-hackers mailing list