[arch-commits] Commit in mailman/trunk (02-fix-CVE-2015-2775.patch PKGBUILD)

Sébastien Luttringer seblu at archlinux.org
Wed Apr 1 09:47:14 UTC 2015 

    Date: Wednesday, April 1, 2015 @ 11:47:14
  Author: seblu
Revision: 130482

upgpkg: mailman 2.1.20-1

Modified:
  mailman/trunk/PKGBUILD
Deleted:
  mailman/trunk/02-fix-CVE-2015-2775.patch

----------------------------+
 02-fix-CVE-2015-2775.patch |   17 -----------------
 PKGBUILD                   |   12 +++++-------
 2 files changed, 5 insertions(+), 24 deletions(-)

Deleted: 02-fix-CVE-2015-2775.patch
===================================================================
--- 02-fix-CVE-2015-2775.patch	2015-04-01 09:25:08 UTC (rev 130481)
+++ 02-fix-CVE-2015-2775.patch	2015-04-01 09:47:14 UTC (rev 130482)
@@ -1,17 +0,0 @@
---- a/Mailman/Utils.py	2015-01-23 23:50:47 +0000
-+++ b/Mailman/Utils.py	2015-03-27 18:14:06 +0000
-@@ -100,6 +100,12 @@
-     #
-     # The former two are for 2.1alpha3 and beyond, while the latter two are
-     # for all earlier versions.
-+    #
-+    # But first ensure the list name doesn't contain a path traversal
-+    # attack.
-+    if len(re.sub(mm_cfg.ACCEPTABLE_LISTNAME_CHARACTERS, '', listname)) > 0:
-+        syslog('mischief', 'Hostile listname: %s', listname)
-+        return False
-     basepath = Site.get_listpath(listname)
-     for ext in ('.pck', '.pck.last', '.db', '.db.last'):
-         dbfile = os.path.join(basepath, 'config' + ext)
-
-

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2015-04-01 09:25:08 UTC (rev 130481)
+++ PKGBUILD	2015-04-01 09:47:14 UTC (rev 130482)
@@ -3,9 +3,9 @@
 # Contributor: Paul Mattal <paul at archlinux.org>
 
 pkgname=mailman
-_pkgver=2.1.19
+_pkgver=2.1.20
 pkgver=${_pkgver//-/.}
-pkgrel=2
+pkgrel=1
 pkgdesc='The GNU Mailing List Manager'
 arch=(i686 x86_64)
 license=('GPL')
@@ -35,9 +35,8 @@
         'mailman-nightlygzip.timer'
         'mailman-senddigests.service'
         'mailman-senddigests.timer'
-        '01-mailman-2.1-build.patch'
-        '02-fix-CVE-2015-2775.patch')
-md5sums=('13a33d758f8a6308c91dd267fc3ba123'
+        '01-mailman-2.1-build.patch')
+md5sums=('96819640406f90a12bc28edd3dc09d4a'
          'a9c71ec940c56173415fbd49087d10b0'
          '85a8c30ffc444e677b286f54df530482'
          '5ced9364c38ee40046007ee9587b1228'
@@ -56,8 +55,7 @@
          '3af65082d3cd4d5746944890c7a72962'
          '350dac1e350691e3d9cb8f99fd4b669a'
          '52917f62441ac5d950789e8f8af28f09'
-         'ed04d062379eb21e39ce1e70e6b1ade2'
-         'c80ee5b3e14df0a0c6a499b81e0726b4')
+         'ed04d062379eb21e39ce1e70e6b1ade2')
 
 prepare() {
   # some files in mailman doesn't use configure parameter

More information about the arch-commits mailing list