svn commit: r389895 - in head/japanese/mailman: . files
Xin LI
delphij at FreeBSD.org
Wed Jun 17 00:44:49 UTC 2015
Author: delphij
Date: Wed Jun 17 00:44:48 2015
New Revision: 389895
URL: https://svnweb.freebsd.org/changeset/ports/389895
Log:
Apply patch for CVE-2015-2775.
PR: ports/200562
Submitted by: Yasuhito FUTATSUKI <freebsd-bug-report-yf yf bsdclub org>
Approved by: maintainer timeout
Added:
head/japanese/mailman/files/patch-CVE-2015-2775 (contents, props changed)
Modified:
head/japanese/mailman/Makefile
Modified: head/japanese/mailman/Makefile
==============================================================================
--- head/japanese/mailman/Makefile Wed Jun 17 00:24:46 2015 (r389894)
+++ head/japanese/mailman/Makefile Wed Jun 17 00:44:48 2015 (r389895)
@@ -3,7 +3,7 @@
PORTNAME= mailman
PORTVERSION= 2.1.14.j7
-PORTREVISION= 1
+PORTREVISION= 2
PORTEPOCH= 1
CATEGORIES= japanese mail
MASTER_SITES= http://www.python.jp/doc/contrib/mailman/_static/ \
Added: head/japanese/mailman/files/patch-CVE-2015-2775
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/japanese/mailman/files/patch-CVE-2015-2775 Wed Jun 17 00:44:48 2015 (r389895)
@@ -0,0 +1,15 @@
+--- Mailman/Utils.py.orig 2011-12-11 16:56:23.000000000 +0900
++++ Mailman/Utils.py 2015-06-01 13:25:26.000000000 +0900
+@@ -93,6 +93,12 @@
+ #
+ # The former two are for 2.1alpha3 and beyond, while the latter two are
+ # for all earlier versions.
++ #
++ # But first ensure the list name doesn't contain a path traversal
++ # attack.
++ if len(re.sub(mm_cfg.ACCEPTABLE_LISTNAME_CHARACTERS, '', listname)) > 0:
++ syslog('mischief', 'Hostile listname: %s', listname)
++ return False
+ basepath = Site.get_listpath(listname)
+ for ext in ('.pck', '.pck.last', '.db', '.db.last'):
+ dbfile = os.path.join(basepath, 'config' + ext)
More information about the svn-ports-all
mailing list