update mailman for xss

Wed, 06 May 2020 05:53:37 -0700 

another recently discovered xss with mailman, again based on a cve from
2018; this one doesn't yet have a cve assigned; upstream fix.

if this does not make 6.7, post-unlock, i'd like to apply to 6.6 and 6.7
-stable if okay.

from changelog:

2.1.32 (05-May-2020)

  i18n

    Fixed a typo in the Spanish translation and uptated mailman.pot and
    the message catalog for 2.1.31 security fix.

2.1.31 (05-May-2020)

  Security

    - A content injection vulnerability via the options login page has been
      discovered and reported by Vishal Singh. This is fixed.  (LP: #1873722)

  i18n

    - The Spanish translation has been updated by Omar Walid Llorente.

  Bug Fixes and other patches

    - Bounce recognition for a non-compliant Yahoo format is added.

    - Archiving workaround for non-ascii in string.lowercase in some Python
      packages is added.

diff for current and -stable.

Index: Makefile
===================================================================
RCS file: /home/open/cvs/ports/mail/mailman/Makefile,v
retrieving revision 1.92.2.1
diff -u -p -r1.92.2.1 Makefile
--- Makefile    27 Apr 2020 12:32:29 -0000      1.92.2.1
+++ Makefile    6 May 2020 12:32:25 -0000
@@ -2,7 +2,7 @@
 
 COMMENT=       mailing list manager with web interface
 
-DISTNAME=      mailman-2.1.30
+DISTNAME=      mailman-2.1.32
 CATEGORIES=    mail www
 
 HOMEPAGE=      https://www.gnu.org/software/mailman/
Index: distinfo
===================================================================
RCS file: /home/open/cvs/ports/mail/mailman/distinfo,v
retrieving revision 1.29.6.1
diff -u -p -r1.29.6.1 distinfo
--- distinfo    27 Apr 2020 12:32:29 -0000      1.29.6.1
+++ distinfo    6 May 2020 12:32:42 -0000
@@ -1,2 +1,2 @@
-SHA256 (mailman-2.1.30.tgz) = 6gKNYQb3dgOM8TXN14brsUtP5wjXc4ZynEoiUySNA2Q=
-SIZE (mailman-2.1.30.tgz) = 9411262
+SHA256 (mailman-2.1.32.tgz) = N1UyKyPLQc1yZAdljcGuDS3MmIfJI5lFSRpVGTNQXl0=
+SIZE (mailman-2.1.32.tgz) = 9413055
Index: pkg/PLIST
===================================================================
RCS file: /home/open/cvs/ports/mail/mailman/pkg/PLIST,v
retrieving revision 1.31.6.1
diff -u -p -r1.31.6.1 PLIST
--- pkg/PLIST   27 Apr 2020 12:32:29 -0000      1.31.6.1
+++ pkg/PLIST   6 May 2020 12:37:48 -0000
@@ -2586,6 +2586,7 @@ lib/mailman/tests/bounces/yahoo_08.txt
 lib/mailman/tests/bounces/yahoo_09.txt
 lib/mailman/tests/bounces/yahoo_10.txt
 lib/mailman/tests/bounces/yahoo_11.txt
+lib/mailman/tests/bounces/yahoo_12.txt
 lib/mailman/tests/bounces/yale_01.txt
 lib/mailman/tests/fblast.py
 @mode 775

Reply via email to