import mailman-2.1.29-11.module+el8.4.0+8277+5e2c6e6e
This commit is contained in:
parent
08ca5de9e1
commit
12132426f3
13
SOURCES/mailman-2.1.29-login_content_injection.patch
Normal file
13
SOURCES/mailman-2.1.29-login_content_injection.patch
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
=== modified file 'Mailman/Cgi/options.py'
|
||||||
|
--- Mailman/Cgi/options.py 2019-03-06 17:48:32 +0000
|
||||||
|
+++ Mailman/Cgi/options.py 2020-04-20 03:10:16 +0000
|
||||||
|
@@ -173,7 +173,7 @@
|
||||||
|
try:
|
||||||
|
Utils.ValidateEmail(user)
|
||||||
|
except Errors.EmailAddressError:
|
||||||
|
- doc.addError(_('Illegal Email Address: %(safeuser)s'))
|
||||||
|
+ doc.addError(_('Illegal Email Address'))
|
||||||
|
loginpage(mlist, doc, None, language)
|
||||||
|
print doc.Format()
|
||||||
|
return
|
||||||
|
|
22
SOURCES/mailman-2.1.29-options_content_njection.patch
Normal file
22
SOURCES/mailman-2.1.29-options_content_njection.patch
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
=== modified file 'Mailman/Cgi/private.py'
|
||||||
|
--- Mailman/Cgi/private.py 2019-03-06 17:48:32 +0000
|
||||||
|
+++ Mailman/Cgi/private.py 2020-05-07 13:53:40 +0000
|
||||||
|
@@ -162,13 +162,9 @@
|
||||||
|
if mlist.isMember(username):
|
||||||
|
mlist.MailUserPassword(username)
|
||||||
|
elif username:
|
||||||
|
- # Not a member
|
||||||
|
- if mlist.private_roster == 0:
|
||||||
|
- # Public rosters
|
||||||
|
- safeuser = Utils.websafe(username)
|
||||||
|
- message = Bold(FontSize('+1',
|
||||||
|
- _('No such member: %(safeuser)s.'))).Format()
|
||||||
|
- else:
|
||||||
|
+ # Not a member. Don't report address in any case. It leads to
|
||||||
|
+ # Content injection. Just log if roster is not public.
|
||||||
|
+ if mlist.private_roster != 0:
|
||||||
|
syslog('mischief',
|
||||||
|
'Reminder attempt of non-member w/ private rosters: %s',
|
||||||
|
username)
|
||||||
|
|
||||||
|
|
@ -3,7 +3,7 @@
|
|||||||
Summary: Mailing list manager with built in Web access
|
Summary: Mailing list manager with built in Web access
|
||||||
Name: mailman
|
Name: mailman
|
||||||
Version: 2.1.29
|
Version: 2.1.29
|
||||||
Release: 10%{?dist}
|
Release: 11%{?dist}
|
||||||
Epoch: 3
|
Epoch: 3
|
||||||
Group: Applications/Internet
|
Group: Applications/Internet
|
||||||
Source0: ftp://ftp.gnu.org/pub/gnu/mailman/mailman-%{version}.tgz
|
Source0: ftp://ftp.gnu.org/pub/gnu/mailman/mailman-%{version}.tgz
|
||||||
@ -31,7 +31,8 @@ Patch22: mailman-2.1.15-check_perms.patch
|
|||||||
Patch24: mailman-specify_python_version.patch
|
Patch24: mailman-specify_python_version.patch
|
||||||
Patch25: mailman-CVE-2020-12137.patch
|
Patch25: mailman-CVE-2020-12137.patch
|
||||||
Patch26: mailman-bouncer_oom_crash.patch
|
Patch26: mailman-bouncer_oom_crash.patch
|
||||||
|
Patch27: mailman-2.1.29-login_content_injection.patch
|
||||||
|
Patch28: mailman-2.1.29-options_content_njection.patch
|
||||||
|
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
URL: http://www.list.org/
|
URL: http://www.list.org/
|
||||||
@ -122,6 +123,8 @@ additional installation steps, these are described in:
|
|||||||
%patch24 -p1 -b .python_version
|
%patch24 -p1 -b .python_version
|
||||||
%patch25 -p0 -b .cve_obj_mime
|
%patch25 -p0 -b .cve_obj_mime
|
||||||
%patch26 -p0 -b .bouncer_match
|
%patch26 -p0 -b .bouncer_match
|
||||||
|
%patch27 -p0 -b .login_injection
|
||||||
|
%patch28 -p0 -b .options_injection
|
||||||
|
|
||||||
#cp $RPM_SOURCE_DIR/mailman.INSTALL.REDHAT.in INSTALL.REDHAT.in
|
#cp $RPM_SOURCE_DIR/mailman.INSTALL.REDHAT.in INSTALL.REDHAT.in
|
||||||
cp %{SOURCE5} INSTALL.REDHAT.in
|
cp %{SOURCE5} INSTALL.REDHAT.in
|
||||||
@ -575,6 +578,9 @@ exit 0
|
|||||||
%dir %attr(775,root,%{mmgroup}) %{lockdir}
|
%dir %attr(775,root,%{mmgroup}) %{lockdir}
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Sep 30 2020 Pavel Zhukov <pzhukov@redhat.com> - 3:2.1.29-11
|
||||||
|
- Fixes for CVE-2020-12108 and CVE-2020-15011
|
||||||
|
|
||||||
* Mon May 25 2020 Pavel Zhukov <pzhukov@redhat.com> - 3:2.1.29-10
|
* Mon May 25 2020 Pavel Zhukov <pzhukov@redhat.com> - 3:2.1.29-10
|
||||||
- Fix match patter to reduce false allocation
|
- Fix match patter to reduce false allocation
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user