[Pkg-mailman-hackers] Pkg-mailman commit - rev 776 - in trunk/debian: . patches
Thijs Kinkhorst
thijs at moszumanska.debian.org
Thu May 14 14:29:28 UTC 2015
Author: thijs
Date: 2015-05-14 14:29:28 +0000 (Thu, 14 May 2015)
New Revision: 776
Removed:
trunk/debian/patches/92_CVE-2015-2775.patch
Modified:
trunk/debian/changelog
trunk/debian/control
trunk/debian/patches/90_gettext_errors.patch
trunk/debian/patches/series
Log:
update patches for new upstream release and check for policy
Modified: trunk/debian/changelog
===================================================================
--- trunk/debian/changelog 2015-05-14 14:21:25 UTC (rev 775)
+++ trunk/debian/changelog 2015-05-14 14:29:28 UTC (rev 776)
@@ -1,3 +1,12 @@
+mailman (1:2.1.20-1) UNRELEASED; urgency=medium
+
+ * New upstream release.
+ - Drop obsolete patches:
+ 92_CVE-2015-2775.patch
+ * Checked for policy 3.9.6, no changes.
+
+ -- Thijs Kinkhorst <thijs at debian.org> Thu, 14 May 2015 14:09:42 +0000
+
mailman (1:2.1.18-2) unstable; urgency=high
* Fix security issue: path traversal through local_part.
Modified: trunk/debian/control
===================================================================
--- trunk/debian/control 2015-05-14 14:21:25 UTC (rev 775)
+++ trunk/debian/control 2015-05-14 14:29:28 UTC (rev 776)
@@ -6,7 +6,7 @@
Thijs Kinkhorst <thijs at debian.org>,
Hector Garcia <hector at debian.org>
Build-Depends: debhelper (>= 7), autoconf, python-dev (>= 2.6.6-3~), gettext, python-dnspython
-Standards-Version: 3.9.5
+Standards-Version: 3.9.6
Homepage: http://www.list.org/
Vcs-Svn: svn://anonscm.debian.org/pkg-mailman/trunk
Vcs-Browser: http://anonscm.debian.org/viewvc/pkg-mailman/trunk/
Modified: trunk/debian/patches/90_gettext_errors.patch
===================================================================
--- trunk/debian/patches/90_gettext_errors.patch 2015-05-14 14:21:25 UTC (rev 775)
+++ trunk/debian/patches/90_gettext_errors.patch 2015-05-14 14:29:28 UTC (rev 776)
@@ -39,37 +39,8 @@
#: bin/sync_members:19
msgid ""
---- a/messages/fr/LC_MESSAGES/mailman.po 2014-07-10 19:27:22.000000000 +0200
-+++ b/messages/fr/LC_MESSAGES/mailman.po 2014-07-10 20:00:53.000000000 +0200
-@@ -7465,7 +7465,7 @@
- " Incomplete filter rules will be ignored."
- msgstr ""
- "Les règles de filtrage d'en têtes requièrent un motif.\n"
--"\t\t Les règles de filtrage incomplètes seront ignorées.\n"
-+"\t\t Les règles de filtrage incomplètes seront ignorées."
-
- #: Mailman/Gui/Privacy.py:563
- msgid ""
--- a/messages/hr/LC_MESSAGES/mailman.po 2014-07-10 19:27:22.000000000 +0200
+++ b/messages/hr/LC_MESSAGES/mailman.po 2014-07-10 20:00:53.000000000 +0200
-@@ -1777,7 +1777,7 @@
- " proces potvrde.\n"
- "\n"
- " <p>Ili stisnite <em>Zanemari odbaci</em> da biste zanemarili ovu "
--"promjenu adrese\n"
-+"promjenu adrese"
-
- #: Mailman/Cgi/confirm.py:603
- msgid "Change address"
-@@ -1813,7 +1813,7 @@
- " <em>%(subject)s</em> u zaglavlju nije pronaðena. Vjerovatno je\n"
- " tome razlog taj ¹to je moderator liste veæ odobrio ili odbacio "
- "poruku.\n"
--" Niste bili u moguænosti zanemariti istu na vrijeme.\n"
-+" Niste bili u moguænosti zanemariti istu na vrijeme."
-
- #: Mailman/Cgi/confirm.py:658
- msgid "Posted message canceled"
@@ -4639,7 +4639,7 @@
msgid ""
"Remove message attachments that have a matching content\n"
@@ -79,85 +50,6 @@
#: Mailman/Gui/ContentFilter.py:82
msgid ""
---- a/messages/ia/LC_MESSAGES/mailman.po 2014-07-10 19:27:22.000000000 +0200
-+++ b/messages/ia/LC_MESSAGES/mailman.po 2014-07-10 20:00:53.000000000 +0200
-@@ -68,7 +68,7 @@
-
- #: Mailman/Archiver/HyperArch.py:913
- msgid "figuring article archives\n"
--msgstr "recerca in le archivo pro iste articulo"
-+msgstr "recerca in le archivo pro iste articulo\n"
-
- #: Mailman/Archiver/HyperArch.py:923
- msgid "April"
-@@ -1540,7 +1540,7 @@
- "lista\n"
- " <em>%(listname)s</em>, ma illo debe esser approbate per le\n"
- " moderator del lista. Tu requesta ha essite reinviate al "
--"moderator, e tu essera notificate super su decision.\n"
-+"moderator, e tu essera notificate super su decision."
-
- #: Mailman/Cgi/confirm.py:372 Mailman/Cgi/confirm.py:437
- #: Mailman/Cgi/confirm.py:526 Mailman/Cgi/confirm.py:763
-@@ -1892,7 +1892,7 @@
- " Tu ha rehabilitate con successo tu abonamento al\n"
- " lista %(listname)s. Tu pote nunc <a\n"
- " href=\"%(optionsurl)s\">visitar tu pagina de optiones de "
--"abonato</a>.\n"
-+"abonato</a>."
-
- #: Mailman/Cgi/confirm.py:785
- msgid "Re-enable mailing list membership"
-@@ -2566,7 +2566,7 @@
- "Tu ha essite disabonate con successo del lista %(fqdn_listname)s.\n"
- " Si tu recipeva summarios, tu forsan va reciper ancora uno.\n"
- " Si tu ha alicun question super tu disabonamento, per favor\n"
--" contacta le proprietarios del lista a %(owneraddr)s.\n"
-+" contacta le proprietarios del lista a %(owneraddr)s."
-
- #: Mailman/Cgi/options.py:676
- msgid ""
-@@ -3217,11 +3217,11 @@
-
- #: Mailman/Commands/cmd_join.py:17
- msgid "The `join' command is synonymous with `subscribe'.\n"
--msgstr "Le commando 'join' (in anglese) es synonyme con 'subscribe'."
-+msgstr "Le commando 'join' (in anglese) es synonyme con 'subscribe'.\n"
-
- #: Mailman/Commands/cmd_leave.py:17
- msgid "The `leave' command is synonymous with `unsubscribe'.\n"
--msgstr "Le commando 'leave' (in anglese) es synonyme a 'unsubscribe'."
-+msgstr "Le commando 'leave' (in anglese) es synonyme a 'unsubscribe'.\n"
-
- #: Mailman/Commands/cmd_lists.py:17
- msgid ""
-@@ -3314,7 +3314,7 @@
-
- #: Mailman/Commands/cmd_remove.py:17
- msgid "The `remove' command is synonymous with `unsubscribe'.\n"
--msgstr "Le commando 'remove' (in anglese) es synonyme con 'unsubscribe'."
-+msgstr "Le commando 'remove' (in anglese) es synonyme con 'unsubscribe'.\n"
-
- #: Mailman/Commands/cmd_set.py:26
- msgid ""
-@@ -3609,7 +3609,7 @@
-
- #: Mailman/Commands/cmd_stop.py:17
- msgid "stop is synonymous with the end command.\n"
--msgstr "'stop' es synonyme con le commando 'end' (fin)."
-+msgstr "'stop' es synonyme con le commando 'end' (fin).\n"
-
- #: Mailman/Commands/cmd_subscribe.py:17
- msgid ""
-@@ -11173,7 +11173,7 @@
- "\n"
- "Optiones:\n"
- " -v / --verbose\n"
--" Imprime lo que le scripto face."
-+" Imprime lo que le scripto face.\n"
-
- #: bin/reset_pw.py:77
- msgid "Changing passwords for list: %(listname)s"
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ b/messages/checkpo.sh 2014-07-10 20:00:53.000000000 +0200
@@ -0,0 +1,6 @@
@@ -196,15 +88,6 @@
#: Mailman/Gui/General.py:560
msgid ""
-@@ -6519,7 +6519,7 @@
- "»Ê²ñ¥×¥í¥»¥¹¤ÏɬÍפȤ·¤Þ¤»¤ó. 1¹Ô¤Ë¤Ä¤1¤Ä¤Î¥¢¥É¥ì¥¹¤ò\n"
- "µÆþ¤·¤Æ¤¯¤À¤µ¤¤; Àµµ¬É½¸½¤ò»È¤¦¤Ë¤Ï¹Ô¤ÎºÇ½é¤ò ^ ¤Ç»Ï¤á¤Æ¤¯¤À¤µ¤¤.\n"
- "¹Ô¤ÎºÇ½é¤ò @ ʸ»ú¤Ë¤·¤Æ, ¸å¤Ë¤³¤Î Mailman ¥·¥¹¥Æ¥à¤Î¥ê¥¹¥È̾¤ò³¤±¤ë¤È,\n"
--"¤½¤Î¥ê¥¹¥È²ñ°÷Á´°÷¤¬¾µÇ§¤µ¤ì¤Þ¤¹.\n"
-+"¤½¤Î¥ê¥¹¥È²ñ°÷Á´°÷¤¬¾µÇ§¤µ¤ì¤Þ¤¹."
-
- #: Mailman/Gui/Privacy.py:315
- msgid ""
@@ -8751,7 +8751,7 @@
"·Ù¹ð: ¸ÂÄê¸ø³«Êݸ½ñ¸Ë¥Ç¥£¥ì¥¯¥È¥ê¤¬ other-executable (o+x) ¤Ë\n"
" ¤Ê¤Ã¤Æ¤¤¤Þ¤¹. ¤¢¤Ê¤¿¤Î¥·¥¹¥Æ¥à¤Î¥·¥§¥ë¥æ¡¼¥¶¤¬¤³¤ÎÊݸ½ñ¸Ë\n"
@@ -241,23 +124,3 @@
#: Mailman/Gui/General.py:560
msgid ""
---- a/messages/pl/LC_MESSAGES/mailman.po 2014-07-10 19:27:22.000000000 +0200
-+++ b/messages/pl/LC_MESSAGES/mailman.po 2014-07-10 20:00:53.000000000 +0200
-@@ -1390,7 +1390,7 @@
- " confirmation step."
- msgstr ""
- "Wprowad¼ kod potwierdzaj±cy,\n"
--" który otrzyma³e¶ w emailu. Nastêpnie naci¶nij <em>OK</em>,\n"
-+" który otrzyma³e¶ w emailu. Nastêpnie naci¶nij <em>OK</em>,"
-
- #: Mailman/Cgi/confirm.py:214
- msgid "Confirmation string:"
-@@ -1630,7 +1630,7 @@
- " Naci¶nij <em>Wypisz</em>, aby potwierdziæ\n"
- " wypisanie siê.\n"
- "\n"
--" <p>Kliknij <em>Anuluj</em>, aby zrezygnowaæ.\n"
-+" <p>Kliknij <em>Anuluj</em>, aby zrezygnowaæ."
-
- #: Mailman/Cgi/confirm.py:492 Mailman/Cgi/options.py:767
- #: Mailman/Cgi/options.py:911 Mailman/Cgi/options.py:921
Deleted: trunk/debian/patches/92_CVE-2015-2775.patch
===================================================================
--- trunk/debian/patches/92_CVE-2015-2775.patch 2015-05-14 14:21:25 UTC (rev 775)
+++ trunk/debian/patches/92_CVE-2015-2775.patch 2015-05-14 14:29:28 UTC (rev 776)
@@ -1,34 +0,0 @@
-From: Mark Sapiro <mark at msapiro.net>
-Subject: Fix path traversal through local_part (CVE-2015-2775)
-Origin: upstream, https://launchpadlibrarian.net/201407944/p
-Bug: https://bugs.launchpad.net/mailman/+bug/1437145
-Bug-Debian: http://bugs.debian.org/781626
-
-diff -ur mailman-2.1.18.orig/Mailman/Defaults.py.in mailman-2.1.18/Mailman/Defaults.py.in
---- mailman-2.1.18.orig/Mailman/Defaults.py.in 2014-05-03 17:37:22.000000000 +0000
-+++ mailman-2.1.18/Mailman/Defaults.py.in 2015-04-06 15:43:20.000000000 +0000
-@@ -138,7 +138,7 @@
-
- # A Python regular expression character class which defines the characters
- # allowed in list names. Lists cannot be created with names containing any
--# character that doesn't match this class.
-+# character that doesn't match this class. Do not include '/' in this list.
- ACCEPTABLE_LISTNAME_CHARACTERS = '[-+_.=a-z0-9]'
-
-
-diff -ur mailman-2.1.18.orig/Mailman/Utils.py mailman-2.1.18/Mailman/Utils.py
---- mailman-2.1.18.orig/Mailman/Utils.py 2014-05-03 17:37:22.000000000 +0000
-+++ mailman-2.1.18/Mailman/Utils.py 2015-04-06 15:43:20.000000000 +0000
-@@ -99,6 +99,12 @@
- #
- # The former two are for 2.1alpha3 and beyond, while the latter two are
- # for all earlier versions.
-+ #
-+ # But first ensure the list name doesn't contain a path traversal
-+ # attack.
-+ if len(re.sub(mm_cfg.ACCEPTABLE_LISTNAME_CHARACTERS, '', listname)) > 0:
-+ syslog('mischief', 'Hostile listname: %s', listname)
-+ return False
- basepath = Site.get_listpath(listname)
- for ext in ('.pck', '.pck.last', '.db', '.db.last'):
- dbfile = os.path.join(basepath, 'config' + ext)
Modified: trunk/debian/patches/series
===================================================================
--- trunk/debian/patches/series 2015-05-14 14:21:25 UTC (rev 775)
+++ trunk/debian/patches/series 2015-05-14 14:29:28 UTC (rev 776)
@@ -10,4 +10,3 @@
79_archiver_slash.patch
90_gettext_errors.patch
91_utf8.patch
-92_CVE-2015-2775.patch
More information about the Pkg-mailman-hackers
mailing list