non port: mail/mailman/distinfo |
Number of commits found: 64 |
Monday, 13 Dec 2021
|
22:27 Matthias Andree (mandree)
mail/mailman: regression fix update to 2.1.39
Mark Sapiro announced Mailman 2.1.39 "[...] fixes
https://bugs.launchpad.net/mailman/+bug/1954694
[...]
The fix for CVE-2021-42097 was case sensitive and should not be.
The fix for CVE-2021-44227 introduced a potential NameError in logging.
This could cause a user's changes to the option's page to not be
accepted and perhaps cause a 'We hit a bug' response if the user visited
the page with a mixed- or upper-case email address."
URL: https://bugs.launchpad.net/mailman/+bug/1954694
MFH: 2021Q4
9449a10 |
Wednesday, 1 Dec 2021
|
19:09 Matthias Andree (mandree)
mail/mailman: 2.1.38 security fixing CSRF vuln
While here, fix pkg-message to mention -exim4 and -postfix
derived ports that override the default MTA.
Security: 0d6efbe3-52d9-11ec-9472-e3667ed6088e
Security: CVE-2021-44227
MFH: 2021Q4
87f0f37 |
Saturday, 13 Nov 2021
|
10:27 Matthias Andree (mandree)
mail/mailman: security update to 2.1.37
- A potential XSS attack via the user options page has been reported by
Harsh Jaiswal. This is fixed. CVE-2021-43331 (LP: #1949401)
LP: A crafted URL to the user options page can execute arbitrary
javascript.
- A potential for for a list moderator to carry out an off-line brute force
attack to obtain the list admin password has been reported by Andre
Protas, Richard Cloke and Andy Nuttall of Apple. This is fixed.
CVE-2021-43332 (LP: #1949403)
LP: The CSRF token for the admindb page contains an encrypted version of
the list admin password which could potentially be cracked by a
moderator via an off-line brute force attack.
MFH: 2021Q4
Security: 9d7a2b54-4468-11ec-8532-0d24c37c72c8
Security: CVE-2021-43331
Security: CVE-2021-43332
f05ee16 |
Wednesday, 20 Oct 2021
|
18:01 Matthias Andree (mandree)
mail/mailman: security/bugfix update to 2.1.35
Changelog:
https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/1873/NEWS#L8
Security: CVE-2021-42096
Security: CVE-2021-42097
Security: 8d65aa3b-31ce-11ec-8c32-a14e8e520dc7
MFH: 2021Q4
2f936c7 |
Sunday, 28 Jun 2020
|
10:04 mandree
mail/mailman: update to 2.1.34 (bugfixes)
Changelog:
http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/1859/NEWS#L8
(Note the ValueError fix was already in FreeBSD's 2.1.33_1 and
- on quarterly - the 2.1.30_5 port/package versions.)
Follow POLA:
No MFH requested, as 2020Q2 and head/ have diverged too far,
so let 2020Q3 pick up the change instead.
|
Thursday, 7 May 2020
|
20:04 mandree
mail/mailman: security update to 2.1.33
Fixing another content injection vulnerability,
this time via private archive login if the list's roster visibility
(private_roster) setting is 'Anyone'.
https://bugs.launchpad.net/mailman/+bug/1877379
https://launchpadlibrarian.net/478684932/private.diff
https://mail.python.org/archives/list/mailman-developers@python.org/thread/SYBIZ3MNSQZLKN6PVKO7ZKR7QMOBMS45/
Security: 88760f4d-8ef7-11ea-a66d-4b2ef158be83
|
Wednesday, 6 May 2020
|
22:56 mandree
mail/mailman: update to 2.1.32
- fixes the i18n issues in 2.1.31
- drop local patch for Spanish Castilian mailman.po file
- drop local REINPLACE_CMD for translations of the security fixed code
- uses a patch from the upstream merged rev 1814 of the htdig branch
|
Tuesday, 5 May 2020
|
18:00 mandree
mail/mailman: security update to 2.1.31
Over the upstream 2.1.31, additional fixes were needed:
+ fix up quoting in one string of the messages/es/ translation
to unbreak gettext
+ fix up all */LC_MESSAGES/mailman.po to match up with the security fix.
Upstream Changelog for 2.1.31, cited from
<https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/1845/NEWS#L8>:
Security
- A content injection vulnerability via the options login page has been
discovered and reported by Vishal Singh. This is fixed. (LP: #1873722)
i18n
- The Spanish translation has been updated by Omar Walid Llorente.
Bug Fixes and other patches
- Bounce recognition for a non-compliant Yahoo format is added.
- Archiving workaround for non-ascii in string.lowercase in some Python
packages is added.
MFH: 2020Q2
Security: 88760f4d-8ef7-11ea-a66d-4b2ef158be83
|
Tuesday, 14 Apr 2020
|
20:46 mandree
mail/mailman: update to 2.1.30 - bug fix (incl. data loss)
* upstream changelog:
https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/head:/NEWS#L6
Note that upstream means 2.1.30 to be the final 2.x release,
because it relies on Python 2.x which is EOL upstream.
! MAJOR DATA LOSS FIX, rename all templates/* files to .sample,
! and list them as a @sample in pkg-plist, because they can be edited
! through the web server, and an upgrade should not stomp over edited files.
* rearrange makefile a bit (portlint, portfmt)
* update and upload new htdig patch
* expose NLS port option to pkg-install script to avoid failure
* patch upstream bin/check_perms script to not complain about tightened-
up messages/ and mailmanprefix (${PREFIX}/mailman) permissions that we
set to 0755 instead of 02775. Mailman should not need to write outside
designated directories or create new top-level directories in its install.
* fix a typo in the German (mailman.po) translation
* tweak pkg-install to:
- leave ${PREFIX}/mailman permissions alone and not set them to 02775
- fix up non-moved .sample files if pkg-install is run with -I
- create a copy of mm_cfg.py from mm_cfg.py.dist if missing (-I)
- create a newsyslog.conf.d/mailman.conf if missing, from
examples/mailman.newsyslog.sample if installed (-I)
- not attempt to fix messages/ (translations) permissions if the NLS
port option is disabled
* tweak pkg-plist so that the proper permissions and groups are set
by default already
* clean up pkg-message, thanks to bapt@ for pointing out that a missing
type: means "install or upgrade".
MFH: 2020Q2 (@samples is an important fix against data loss on update)
|
Tuesday, 31 Jul 2018
|
09:59 mandree
Security upgrade Mailman to 2.1.29
Changelog:
<https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/head:/NEWS#L8>
Release announcements:
2.1.28:
<https://mail.python.org/pipermail/mailman-announce/2018-July/000241.html>
2.1.29: (a regression fix release over 2.1.28)
<https://mail.python.org/pipermail/mailman-announce/2018-July/000242.html>
MFH: 2018Q3
Security: b4f0ad36-94a5-11e8-9007-080027ac955c
Security: CVE-2018-13796
Security: https://bugs.launchpad.net/mailman/+bug/1780874
|
Monday, 25 Jun 2018
|
21:58 mandree
Security upgrade mail/mailman to v2.1.27
Changelog:
<https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/head:/NEWS#L8>
Release announcement:
<https://www.mail-archive.com/mailman-users@python.org/msg70962.html>
Reported by: portscout@ (release)
MFH: 2018Q2
Security: 739948e3-78bf-11e8-b23c-080027ac955c
Security: CVE-2018-0618
Security: JVN#00846677
Security: JPCERT#97432283
|
Thursday, 8 Feb 2018
|
22:32 mandree
Security update to 2.1.26 (XSS bug), assorted other fixes.
- Fix checksum failures in Defaults.py[c]:
No longer patch Defaults.py in postinstall, instead configure
--with-mailhost=localhost --with-urlhost=localhost, as
Fedora and Arch Linux do.
- Add a related note to FreeBSD-post-install-notes.
- Add a related safeguard to the rcfile, which will refuse to run
if the DEFAULT_*_HOSTs are not configured. This can be changed
with a new mailman_run_localhost="YES" rc.conf setting, which will
then restrict itself to printing the warnings, but still start mailman.
- Update htdig patch to upstream SVN r1734.
- Bump USES, python:2 -> python:2.7
- Regenerated patches.
Changelog:
https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/1743/NEWS#L8
Release/SecuritY announcement:
https://www.mail-archive.com/mailman-users@python.org/msg70478.html
PR: 225767 (related vuxml entry)
Reported by: Vladimir Krstulja
MFH: 2018Q1
Security: CVE-2018-5950
Security: 3d0eeef8-0cf9-11e8-99b0-d017c2987f9a
|
Friday, 27 Oct 2017
|
21:04 mandree
Update to new upstream release 2.1.25.
This is a routine bug fix release with a minor new feature and some
accessibility improvements for screen readers.
Changelog:
<http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/1726/NEWS#L6>
|
Friday, 11 Aug 2017
|
14:24 mandree
Update to new upstream version 2.1.24.
Upstream release notes:
"This release is primarily a bug fix release with a few minor feature additions
and a fix for a probably non-exploitable security issue. See the changelog for
details."
Changelog:
<https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/1708/NEWS>
|
Monday, 29 Aug 2016
|
19:27 mandree
Security update to upstream release 2.1.23.
ChangeLog:
<http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/1668/NEWS#L8>
MFH: 2016Q3
Security: b11ab01b-6e19-11e6-ab24-080027ef73ec
Security: CVE-2016-6893
|
Friday, 22 Apr 2016
|
23:14 mandree
Update to new upstream release 2.1.22.
Changelog:
http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/1643/NEWS#L8
|
Wednesday, 2 Mar 2016
|
08:34 mandree
Preserve some kinds of signatures, reenable HTDIG option.
Pull upstream change 1629 to fix Launchpad Bug #1551075
<https://bugs.launchpad.net/mailman/+bug/1551075>. This fix improves
preservation of OpenPGP MIME multipart signatures, by not collapsing
a multipart with a single sub-part inside multipart/signed parts.
See the Launchpad bug report for details.
EXPERIMENTAL feature: Reenable HTDIG support by rolling the patch on our
own, and laying down instructions to do so in the Makefile. Mark Sapiro
no longer maintains the patch.
Bump PORTREVISION to 3.
Note that the upstream maintainer considers another release in a few
weeks' time, and called for help with updating translations. If you
want to help, see
<http://www.mail-archive.com/mailman-users%40python.org/msg68036.html>
|
Monday, 29 Feb 2016
|
23:33 mandree
Upgrade to new release 2.1.21. Disable HTDIG option.
Disable experimental HTDIG integration option,
the relevant ht://Dig patch no longer fits.
Changelog: https://launchpad.net/mailman/2.1/2.1.21
|
Thursday, 9 Apr 2015
|
20:08 mandree
Update to new upstream release 2.1.20.
Fixes one security bug [1], a few other bugs, and adds a feature so that
list admins can edit list addresses.
Uses newer Mailman-and-HTDig integration patches. [2]
Security: CVE-2015-2775 [1]
Security: a5f160fa-deee-11e4-99f8-080027ef73ec [1]
PR: 199286 [2]
Submitted by: David Sieborger [2]
|
Monday, 2 Mar 2015
|
07:26 mandree
Update to new upstream release 2.1.19.
Changes:
https://mail.python.org/pipermail/mailman-announce/2015-March/000205.html
|
Tuesday, 16 Sep 2014
|
21:18 mandree
Reinstate checksums for optional patches[1], fixing regression from c334818.
Update USE_PYTHON -> USES=python:2.
PR: 193682 [1]
Submitted by: David Sieborger [1]
|
Saturday, 10 May 2014
|
23:21 mandree
Upgrade to new upstream bugfix release 2.1.18-1.
Changes: https://mail.python.org/pipermail/mailman-announce/2014-May/000195.html
|
Sunday, 4 May 2014
|
20:44 mandree
Update to new upstream version 2.1.18.
Bugfixes, DMARC policy support.
New dependency on py-dnspython.
Upstream change log:
https://mail.python.org/pipermail/mailman-announce/2014-May/000193.html
|
Monday, 25 Nov 2013
|
07:56 mandree
- Update to new upstream release 2.1.17, resetting PORTREVISION.
- Remove patch-Makefile.in, which has been integrated by upstream.
- Announcement:
<https://mail.python.org/pipermail/mailman-announce/2013-November/000186.html>
- Poudriere 3.0.13 ticket filed about misreported orphans in testport:
<https://fossil.etoilebsd.net/poudriere/tktview/e8d957a27f8ce8b6255ed655d031e6d05b02492c>
|
Friday, 18 Oct 2013
|
16:42 mandree
Upgrade to new upstream release 2.1.16, release notes:
https://launchpad.net/mailman/2.1/2.1.16/
Support stage directory. (Requires Python 2.7, 2.6 is no longer
sufficient.) This requires us to compile the Python scripts ourselves to
avoid spilling the stagedir name all over the .pyc files, as Mailman's
build would do (causing complaints from make stage-qa).
While there, compile bin/*.py programs, too.
The post-install section of the Makefile is more verbose now.
Run Mailman's bin/update after install.
Fixes to handling the mailman_last_version file to avoid leftover dirs
from an unused Mailman installation and deinstallation.
Scripts are more robust now, and use mktemp -d for temporary directories.
|
Thursday, 29 Aug 2013
|
22:58 mandree
Note that I could not fully test all integrations yet. If integrations are
failing, please add detailed information how you set up your MTA, and
Mailman, what user/group IDs are, how list aliases are managed, and
thereabouts.
- Update to 2.1.15. [2] Changes: click View the full Changelog on
https://launchpad.net/mailman/2.1/2.1.15
- Fix without-NLS install: Install at least English template. [1]
- Drop EXIM3 option, we don't have an Exim 3 port any more.
- Drop INTEGRATION option, which would at best be confusing.
- Reformat COMMENT to fit into common limits.
- Fix typo in COURIER_DESC.
- When Postfix integration is chosen, add BUILD and RUN_DEPENDS on
Postfix because we need the postconf program.
- Use htdig patches for Mailman version 2.1.12 and remove BROKEN tag,
in an experimental attempt to revive htdig support.
- Fix a few minor glitches in FreeBSD-post-install-notes.
- Drop files/patch-Mailman__Cgi__confirm.py, integrated in upstream tarball.
- Add launchpad.net to MASTER_SITES.
- Update files/postfix-verp.diff.
- Install a dummy one-line text file into PYTHON_SITELIBDIR so that
Python's upgrade-site-packages would reinstall Mailman. [1]
- Add "status" support for rc.d script. [3]
- Change pre-fetch: to pre-everything::
- Revise formatting of pre-everything text to make clear it displays
default values, not current values. To avoid ports/170280.
PR: ports/135503 [1]
PR: ports/170280 [2]
PR: ports/170285 [2]
PR: ports/176180 [1]
PR: ports/181298 [3]
Submitted by: Lowell Gilbert [1]
Submitted by: Stefan Lasiewski [2]
Submitted by: Oliver Fromme [3]
|
Thursday, 10 Mar 2011
|
14:35 wxs
Add a patch to fix the XSS vulnerabilities.
PR: ports/155355
Submitted by: Hilko Meyer <hilko.meer@gmx.de>
Obtained from:
http://mail.python.org/pipermail/mailman-announce/attachments/20110218/15500b22/attachment.txt
Security: 64691c49-4b22-11e0-a226-00e0815b8da8
|
Sunday, 17 Oct 2010
|
00:40 wxs
Update to 2.1.14 - note that the HTDIG option is currently broken until
a new patch is released.
|
Friday, 10 Jul 2009
|
16:12 jmelo
- Add indexing and htdig patches.
|
Thursday, 28 May 2009
|
07:07 miwi
- Update to 2.1.12
Changelog:
Mailman 2.1.12 is a minor bug fix and Python 2.6 compatibility release.
The minimum Python for this release is Python 2.4 and it is compatible
with Python through 2.6. The previous Mailman releases are not
compatible with Python 2.6.
PR: 134442
Submitted by: miwi
Approved by: maintainer timeout
|
Wednesday, 3 Sep 2008
|
23:22 jmelo
- Update to 2.1.11.
PR: ports/126109
Submitted by: Yarema <yds@CoolRat.org>
|
Monday, 19 May 2008
|
13:17 jmelo
- Update htdig patch to 2.1.10.
PR: ports/123802
Submitted by: Martin Matuska <mm@FreeBSD.org>
|
Thursday, 24 Apr 2008
|
14:05 jmelo
- Update to 2.1.10.
|
Wednesday, 22 Aug 2007
|
13:45 mm
- Add patch with Slovak translation (OPTIONAL)
- Bump PORTREVISION
PR: ports/114828
Submitted by: mm
Approved by: jmelo (maintainer, private e-mail)
|
Friday, 26 Jan 2007
|
15:25 jmelo
- Unbreak htdig option.
PR: ports/107688
Submitted by: Boris Samorodov <bsam@freebsd.org>
|
Friday, 15 Sep 2006
|
21:35 jmelo
- Update to 2.1.9.
|
Monday, 4 Sep 2006
|
14:12 jmelo
- Update to 2.1.9rc1 to fix security problems.
Security:
http://www.vuxml.org/freebsd/fffa9257-3c17-11db-86ab-00123ffe8333.html
|
Sunday, 16 Apr 2006
|
01:51 mnag
- Update to 2.1.8
- portlint(1)
Security:
http://www.vuxml.org/freebsd/8be2e304-cce6-11da-a3b1-00123ffe8333.html
|
Saturday, 7 Jan 2006
|
20:22 edwin
Update to 2.1.7
|
Friday, 16 Dec 2005
|
09:19 vs
- Update HT/DIG integration with Mailman for those that need it. No need to
bump portrevision since it affects nobody who already is running mailman.
Patches submitted by Brad Kollmyer <bradk AT vitalsoft.com> and
Frank Wancho <fwancho AT WHC.NET>
- Drop maintainership
- Add SHA256 sums (me)
- Pet portlint (rmdir -> ${RMDIR}) (me)
PR: ports/90407
Submitted by: maintainer
|
Saturday, 4 Jun 2005
|
00:56 pav
- Update to 2.1.6
PR: ports/81814
Submitted by: Vivek Khera <vivek@khera.org> (maintainer)
|
Saturday, 29 May 2004
|
16:21 nork
Update to 2.1.5.
PR: ports/67002
Submitted by: Vivek Khera <vivek@khera.org> (maintainer)
Reviewed by: Sunagawa Koji <koj@ofug.net>
Committed at: 10th EBUG Meeting in Tokamachi City, Niigata, Japan
|
Wednesday, 31 Mar 2004
|
03:12 trevor
SIZEify (maintainer timeout)
|
Friday, 9 Jan 2004
|
05:31 petef
Update to 2.1.4.
PR: 61083
Submitted by: maintainer
|
Wednesday, 24 Dec 2003
|
05:44 sergei
- Update htdig patch to 0.5
- Bump PORTREVISION
PR: 60513
Submitted by: Nils Vogels <nivo@yuckfou.org>
Approved by: maintainer
|
Friday, 12 Dec 2003
|
23:50 sergei
- Add WITH_HTDIG knob to enable htdig integration
- Start using DIST_SUBDIR because of the funkyness of the patch names
- Tweak pkg-plist (duplicate @dirrm/@unexec rmdir, use DOCSDIR, etc.)
- Do not bump PORTREVISION: The default built binaries are unchanged
PR: 57877
Submitted by: Scott Lambert <lambert@lambertfam.org>
Approved by: maintainer
|
Monday, 29 Sep 2003
|
19:02 krion
- Update to version 2.1.3
- Correct notes on FreeBSD Postfix integration
PR: 57364
Submitted by: Vivek Khera <vivek@lorax.kciLink.com> (maintainer)
|
Friday, 1 Aug 2003
|
19:30 nork
o Update to 2.1.2.
o Take MAINTAINERship to submitter.
PR: ports/55160
Submitted by: Vivek Khera <khera@kcilink.com>
Approved by: maintainer timeout (a long time)
|
Wednesday, 12 Feb 2003
|
08:10 wjv
- Update to version 2.2.1, which includes a fix to a cross-site scripting
vulnerability.
- Add a file, installed to $DOCSDIR, with more explicit post-installation
instructions.
- Update $PKGMESSAGE to point to this new file.
- Add more explicit warnings in various places that MAIL_GID *must* be set at
build time if Mailman is to be used with an alternate (non-Sendmail) MTA.
- Bring port in line with other similar ports by NOT explicitly depending on
Apache. This is both more maintainable and allows the user greater scope
in setting up a custom configuration, including the use of an alternative
web server. (Also, Mailman _can_ be used without a web server.)
- Clean up which documentation files get installed to $DOCSDIR.
|
Friday, 17 Jan 2003
|
12:58 wjv
- Update to the long-anticipated version 2.1
|
Monday, 21 Oct 2002
|
15:31 wjv
- Overdue update to version 2.0.13, a minor bugfix release
- Refrain from invoking ${PERL}
- Call Mailman's distributed check_perms script post-installation to fix file
permissions instead of doing so manually. This is more modular and will
greatly ease maintenance of the port. It implies a level of trust in
check_perms... but then, installing and running any 3rd party software
implies a level of trust.
|
Monday, 22 Jul 2002
|
14:29 wjv
- Update to version 2.0.12
- Update $PKGDEINSTALL so that running Python processes beloning to mailman
user should be killed correctly upon port/package deinstallation, even when
the version of Python had been updated since the port/package was
installed.
- Fix a small oversight in $PLIST to allow clean package installations (i.e.
where there is not an existing mailman user) to set file permissions
correctly.
|
Tuesday, 4 Jun 2002
|
14:19 wjv
- Update to version 2.0.11 (important security fix)
PR: 38652
Submitted by: Brandon D. Valentine <bugs@geekpunk.net>
|
Tuesday, 23 Apr 2002
|
15:29 wjv
- Update to version 2.0.10
|
Friday, 5 Apr 2002
|
13:37 wjv
- Update to version 2.0.9
- Correctly kill running Mailman processes in $PKGDEINSTALL
|
Thursday, 6 Dec 2001
|
07:45 wjv
- Interim update to version 2.0.8 (which contains important security fixes),
maintaining most of the port's existing structure. A more comprehensive
restructuring of this port is in the works. - Assume maintainership, pending
any objections from -ports.
|
Friday, 11 May 2001
|
12:59 demon
Update to 2.0.5
|
Friday, 4 May 2001
|
12:59 demon
Allow to override cgi-gid.
|
Tuesday, 13 Mar 2001
|
11:19 demon
Update to 2.0.3. Add more MASTER_SITEs.
|
Monday, 12 Mar 2001
|
09:47 demon
Update to version 2.0.2.
|
Monday, 8 Jan 2001
|
10:04 demon
Update to version 2.0.1. Install additional docs. Utilize USE_PYTHON.
|
Wednesday, 22 Nov 2000
|
20:36 demon
Update to version 2.0.
|
Sunday, 19 Nov 2000
|
15:06 demon
Update to 2.0rc3. Set myself as MAINTAINER.
|
Monday, 9 Oct 2000
|
00:54 jedgar
- Update port to 2.0b6 - Allow mailman user/uid/install dir to be overridden
- Add WWW
|
Number of commits found: 64 |