Hello community,
here is the log from the commit of package mailman for openSUSE:11.3
checked in at Thu Mar 31 18:06:37 CEST 2011.
--------
--- old-versions/11.3/all/mailman/mailman.changes 2009-11-03 20:20:21.000000000 +0100
+++ 11.3/mailman/mailman.changes 2011-02-23 19:43:22.000000000 +0100
@@ -1,0 +2,20 @@
+Wed Feb 23 19:42:27 CET 2011 - matejcik(a)suse.cz
+
+- fixed a XSS vulnerability in confirm.py (CVE-2011-0707, bnc#671745)
+
+-------------------------------------------------------------------
+Mon Nov 15 10:46:32 CET 2010 - dmueller(a)suse.de
+
+- update to 2.1.14:
+ - Two potential XSS vulnerabilities have been identified and fixed.
+ - Various i18n updates
+ - A new feature for controlling the addition/replacement of the Sender:
+ header in outgoing mail has been implemented. This allows a list owner
+ to set include_sender_header on the list's General Options page in the
+ admin GUI. The default for this setting is Yes which preserves the prior
+ behavior of removing any pre-existing Sender: and setting it to the
+ list's -bounces address. Setting this to No stops Mailman from adding or
+ modifying the Sender: at all.
+ - long list of bug fixes and enhancements, see included NEWS for details
+
+-------------------------------------------------------------------
Package does not exist at destination yet. Using Fallback old-versions/11.3/all/mailman
Destination is old-versions/11.3/UPDATES/all/mailman
calling whatdependson for 11.3-i586
Old:
----
mailman-2.1.11.tgz
mailman-2.1.3-misc-PACKAGES.diff
mailman-2.1.3-python.dif
mailman-2.1.4-avoid-headerfolding-python21.diff
mailman-python-26-deprecation-md5-sha.diff
mailman-python-26-email-fixes.diff
minmem
New:
----
mailman-2.1.14-CVE-2011-0707.patch
mailman-2.1.14-misc-PACKAGES.diff
mailman-2.1.14-python.dif
mailman-2.1.14.tgz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ mailman.spec ++++++
--- /var/tmp/diff_new_pack.lb47su/_old 2011-03-31 18:06:15.000000000 +0200
+++ /var/tmp/diff_new_pack.lb47su/_new 2011-03-31 18:06:15.000000000 +0200
@@ -1,7 +1,7 @@
#
-# spec file for package mailman (Version 2.1.11)
+# spec file for package mailman
#
-# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -30,8 +30,8 @@
PreReq: /usr/sbin/useradd /usr/sbin/groupadd /bin/echo /bin/cp /bin/rm /bin/mkdir /usr/bin/awk /usr/bin/touch /usr/bin/getent openssl
PreReq: permissions
Summary: The GNU Mailing List Manager
-Version: 2.1.11
-Release: 10
+Version: 2.1.14
+Release: 6.<RELEASE2>
Source: %{name}-%{version}.tgz
Source1: README.SuSE
Source2: mailman-2.1-manpages.tgz
@@ -52,13 +52,12 @@
%else
Patch2: mailman-SuSE.patch
%endif
-Patch3: mailman-2.1.3-python.dif
+Patch3: mailman-2.1.14-python.dif
Patch5: mailman-2.1.3-editarch.patch
-Patch6: mailman-2.1.3-misc-PACKAGES.diff
+Patch6: mailman-2.1.14-misc-PACKAGES.diff
Patch7: mailman-2.1.2-list_lists.patch
Patch10: mailman-2.1.4-dirmode.patch
Patch11: mailman-2.1.4-notavaliduser.patch
-Patch15: mailman-2.1.4-avoid-headerfolding-python21.diff
Patch17: mailman-weak-password.diff
Patch18: mailman-2.1.5-no_extra_asian.dif
Patch19: mailman-python24.patch
@@ -66,8 +65,7 @@
%else
Patch20: mailman-SuSE2.patch
%endif
-Patch21: mailman-python-26-deprecation-md5-sha.diff
-Patch22: mailman-python-26-email-fixes.diff
+Patch21: mailman-2.1.14-CVE-2011-0707.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%define m_uid 72
%define m_gid 67
@@ -100,7 +98,6 @@
%patch7
%patch10 -p1
%patch11 -p1
-%patch15 -p1
%patch17 -p1
%patch18
%patch19
@@ -109,7 +106,6 @@
%patch20
%endif
%patch21
-%patch22
cp -av %{S:1} .
# ----------------------------------------------------------------------------
++++++ mailman-2.1.14-CVE-2011-0707.patch ++++++
=== modified file 'Mailman/Cgi/confirm.py'
--- Mailman/Cgi/confirm.py 2010-03-29 20:48:11 +0000
+++ Mailman/Cgi/confirm.py 2011-02-12 02:24:47 +0000
@@ -471,7 +471,7 @@
if fullname is None:
fullname = _('<em>Not available</em>')
else:
- fullname = Utils.uncanonstr(fullname, lang)
+ fullname = Utils.websafe(Utils.uncanonstr(fullname, lang))
table.AddRow([_("""Your confirmation is required in order to complete the
unsubscription request from the mailing list <em>%(listname)s</em>. You
are currently subscribed with
@@ -573,7 +573,7 @@
if fullname is None:
fullname = _('<em>Not available</em>')
else:
- fullname = Utils.uncanonstr(fullname, lang)
+ fullname = Utils.websafe(Utils.uncanonstr(fullname, lang))
if globally:
globallys = _('globally')
else:
@@ -814,7 +814,7 @@
if username is None:
username = _('<em>not available</em>')
else:
- username = Utils.uncanonstr(username, lang)
+ username = Utils.websafe(Utils.uncanonstr(username, lang))
table.AddRow([_("""Your membership in the %(realname)s mailing list is
currently disabled due to excessive bounces. Your confirmation is
++++++ mailman-2.1.3-misc-PACKAGES.diff -> mailman-2.1.14-misc-PACKAGES.diff ++++++
--- old-versions/11.3/all/mailman/mailman-2.1.3-misc-PACKAGES.diff 2009-10-04 14:12:35.000000000 +0200
+++ 11.3/mailman/mailman-2.1.14-misc-PACKAGES.diff 2010-11-15 10:49:14.000000000 +0100
@@ -1,5 +1,3 @@
-Index: mailman-2.1.11/Makefile.in
-===================================================================
--- mailman-2.1.11.orig/Makefile.in
+++ mailman-2.1.11/Makefile.in
@@ -125,6 +125,7 @@ doinstall: $(SUBDIRS)
@@ -10,13 +8,11 @@
# Only run bin/update if we aren't installing in DESTDIR, as this
# means there are probably no lists to deal with, and it wouldn't
-Index: mailman-2.1.11/misc/Makefile.in
-===================================================================
---- mailman-2.1.11.orig/misc/Makefile.in
-+++ mailman-2.1.11/misc/Makefile.in
-@@ -58,7 +58,7 @@ EMAILPKG= email-2.5.8
- JACODECSPKG= JapaneseCodecs-1.4.11
- KOCODECSPKG= KoreanCodecs-2.0.5
+--- mailman-2.1.14/misc/Makefile.in 2010-09-20 20:18:27.000000000 +0200
++++ mailman-2.1.14/misc/Makefile.in 2010-11-15 10:34:50.013318554 +0100
+@@ -57,7 +57,7 @@
+ JACODECSPKG= @JACODECSPKG@
+ KOCODECSPKG= @KOCODECSPKG@
-PACKAGES= $(EMAILPKG) $(JACODECSPKG) $(KOCODECSPKG)
+PACKAGES= $(EMAILPKG)
++++++ mailman-2.1.3-python.dif -> mailman-2.1.14-python.dif ++++++
--- old-versions/11.3/all/mailman/mailman-2.1.3-python.dif 2009-10-04 14:12:36.000000000 +0200
+++ 11.3/mailman/mailman-2.1.14-python.dif 2010-11-15 10:49:14.000000000 +0100
@@ -37,39 +37,18 @@
# Only run bin/update if we aren't installing in DESTDIR, as this
# means there are probably no lists to deal with, and it wouldn't
-Index: bin/mailmanctl
-===================================================================
---- bin/mailmanctl.orig
-+++ bin/mailmanctl
-@@ -417,6 +417,11 @@ def main():
- # won't be opening any terminal devices, don't do the ultra-paranoid
- # suggestion of doing a second fork after the setsid() call.
- os.setsid()
-+ devnull = os.open('/dev/null', 0)
-+ os.dup2(devnull, 0)
-+ os.dup2(devnull, 1)
-+ os.dup2(devnull, 2)
-+
- # Instead of cd'ing to root, cd to the Mailman installation home
- os.chdir(mm_cfg.PREFIX)
- # Set our file mode creation umask
-Index: misc/Makefile.in
-===================================================================
---- misc/Makefile.in.orig
+--- misc/Makefile.in
+++ misc/Makefile.in
-@@ -47,10 +47,11 @@ SCRIPTSDIR= $(prefix)/scripts
+@@ -47,9 +47,9 @@
SHELL= /bin/sh
PYTHONLIBDIR= $(prefix)/pythonlib
-SETUPINSTOPTS= --install-lib $(DESTDIR)$(PYTHONLIBDIR) \
- --install-purelib $(DESTDIR)$(PYTHONLIBDIR) \
- --install-data $(DESTDIR)$(PYTHONLIBDIR)
--SETUPCMD= setup.py --quiet install $(SETUPINSTOPTS)
-+SETUPINSTOPTS= --root=$(DESTDIR) \
-+ --install-lib $(PYTHONLIBDIR) \
++SETUPINSTOPTS= --root=$(DESTDIR) --install-lib $(PYTHONLIBDIR) \
+ --install-purelib $(PYTHONLIBDIR) \
+ --install-data $(PYTHONLIBDIR)
-+SETUPCMD= setup.py install $(SETUPINSTOPTS)
+ SETUPCMD= setup.py --quiet install $(SETUPINSTOPTS)
PKGDIR= $(srcdir)
- EMAILPKG= email-2.5.8
++++++ mailman-2.1.11.tgz -> mailman-2.1.14.tgz ++++++
old-versions/11.3/all/mailman/mailman-2.1.11.tgz 11.3/mailman/mailman-2.1.14.tgz differ: char 5, line 1
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-commit+help(a)opensuse.org