From nobody Wed Dec 01 19:10:43 2021
X-Original-To: dev-commits-ports-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 68DC718BB8AA;
	Wed,  1 Dec 2021 19:10:44 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4J47w41DFLz3p5v;
	Wed,  1 Dec 2021 19:10:44 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 0A0516FEE;
	Wed,  1 Dec 2021 19:10:44 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 1B1JAhJ0083503;
	Wed, 1 Dec 2021 19:10:43 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 1B1JAhT7083502;
	Wed, 1 Dec 2021 19:10:43 GMT
	(envelope-from git)
Date: Wed, 1 Dec 2021 19:10:43 GMT
Message-Id: <202112011910.1B1JAhT7083502@gitrepo.freebsd.org>
To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org,
        dev-commits-ports-branches@FreeBSD.org
From: Matthias Andree <mandree@FreeBSD.org>
Subject: git: 5b7dfe597e15 - 2021Q4 - mail/mailman: 2.1.38 security fixing CSRF vuln
List-Id: Commits to the quarterly branches of the FreeBSD ports repository <dev-commits-ports-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-branches
List-Help: <mailto:dev-commits-ports-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-ports-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-ports-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-ports-branches+unsubscribe@freebsd.org>
Sender: owner-dev-commits-ports-branches@freebsd.org
X-BeenThere: dev-commits-ports-branches@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: mandree
X-Git-Repository: ports
X-Git-Refname: refs/heads/2021Q4
X-Git-Reftype: branch
X-Git-Commit: 5b7dfe597e1526e1b240a8317fb1c2aec3490b6b
Auto-Submitted: auto-generated
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1638385844;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=kvGFi273LSw30YHk1GUiDuJX1yh9hn7NZkpuP19sCV8=;
	b=rZuQpAaPjupX8/iKMamWnlTv9kBW26r2xz1ZXr7EySZraIlQyIqkAhXnE+xfVSai1XFyO7
	VGdLxeh0RW+4aqfwLq/n9653Wphx1dsV4kbyv2WM8V7IELa/hgTPt9mK0zqb3iUMAmv5tu
	705v2y92tNR4aERnir2hRLit+5nyJh4I9Pwfm9b10fH1Nz649NRfsSSfFbfpNaj+UNr03+
	NGiDbTqGTkUeqlgOWaOnsgKRbptIUcsEHLCxrZ5EjvLGSWLMXyD9iQ0uPFcwEimJR1Pvtw
	h5gsF5KB4iy7kVfZPPKc3ADfeiEwo8H746FbPUK18MFqrWwxGWlhLU3A/kFc7Q==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1638385844; a=rsa-sha256; cv=none;
	b=JsFo4azchSbbzD9WXBtDkBjaLb4D7VXllyKlUz/WjHJFz8I13GeHfLE9Y1p+Tvf4Ceahcd
	c8mJlTy1bW81aZl/+fk+0AfhomOd+s+5cDMaKtnHiUD2Cowq+BExppIlNyga5e7H2xKihj
	iqb/JFaalLa8cQ9BeRIroZYhfcSeP/mIHe5gUq78+NsutJTxYqclj60zxhGohfjp0FFieO
	9lEr2NhXgKzrxneZu6kqkYS6v2RVbO/IIDGaW55+m8f8xyaDUJCPhorajEYkQLI1WJpYO0
	kC/BFQjbN+ZGjWdrUdFtcgltUqzMqaj4T+EZBlYeCRgnUq6fTyfWBSaDZACctw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
X-ThisMailContainsUnwantedMimeParts: N

The branch 2021Q4 has been updated by mandree:

URL: https://cgit.FreeBSD.org/ports/commit/?id=5b7dfe597e1526e1b240a8317fb1c2aec3490b6b

commit 5b7dfe597e1526e1b240a8317fb1c2aec3490b6b
Author:     Matthias Andree <mandree@FreeBSD.org>
AuthorDate: 2021-12-01 19:06:35 +0000
Commit:     Matthias Andree <mandree@FreeBSD.org>
CommitDate: 2021-12-01 19:10:33 +0000

    mail/mailman: 2.1.38 security fixing CSRF vuln
    
    While here, fix pkg-message to mention -exim4 and -postfix
    derived ports that override the default MTA.
    
    Security:       0d6efbe3-52d9-11ec-9472-e3667ed6088e
    Security:       CVE-2021-44227
    MFH:            2021Q4
    (cherry picked from commit 87f0f372e4b844f16b8c6e7bd3bc68ecf703c17f)
---
 mail/mailman/Makefile             |  3 ++-
 mail/mailman/distinfo             |  6 +++---
 mail/mailman/files/pkg-message.in | 11 +++++++----
 3 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/mail/mailman/Makefile b/mail/mailman/Makefile
index 8250bc733ec6..f385a3a09d7f 100644
--- a/mail/mailman/Makefile
+++ b/mail/mailman/Makefile
@@ -1,7 +1,8 @@
 # Created by: n_hibma@qubesoft.com
 
 PORTNAME=	mailman
-DISTVERSION=	2.1.37
+DISTVERSION=	2.1.38
+PORTREVISION=	0
 CATEGORIES=	mail
 MASTER_SITES=	GNU \
 		SF/${PORTNAME}/Mailman%202.1%20%28stable%29/${PORTVERSION} \
diff --git a/mail/mailman/distinfo b/mail/mailman/distinfo
index b7eb6f32f810..acd4074ba3bb 100644
--- a/mail/mailman/distinfo
+++ b/mail/mailman/distinfo
@@ -1,5 +1,5 @@
-TIMESTAMP = 1636797368
-SHA256 (mailman/mailman-2.1.37.tgz) = 689ff350857728ccc4ed379ceef54b93f710af8740cabc3bfe0348173b6b3f4f
-SIZE (mailman/mailman-2.1.37.tgz) = 9508379
+TIMESTAMP = 1638384323
+SHA256 (mailman/mailman-2.1.38.tgz) = ac093ec2ed3eb93b41f1e1b19d39cf41e1bdd09587979835fe154dac6777fc68
+SIZE (mailman/mailman-2.1.38.tgz) = 9508426
 SHA256 (mailman/msapiro-htdig-1822.patch.xz) = fa1da6fb7c0946a6723bc2766501c222fa73c8d794566a3b6e5718a7d1840265
 SIZE (mailman/msapiro-htdig-1822.patch.xz) = 50700
diff --git a/mail/mailman/files/pkg-message.in b/mail/mailman/files/pkg-message.in
index ea74d13ee574..7176faa9709b 100644
--- a/mail/mailman/files/pkg-message.in
+++ b/mail/mailman/files/pkg-message.in
@@ -14,10 +14,13 @@ Note (1):
 - ESPECIALLY RELEVANT FOR USERS OF THE BINARY PACKAGE -
 The FreeBSD binary package is built for use with Sendmail, and it will
 not work properly with alternative MTAs such as Exim or Postfix.
-  In order for Mailman to work with an alternative mailer,
-the port must be installed from source, with proper options configured,
-or from a package built in poudriere (which is a separate port in
-ports-mgmt) with adapted options. (poudriere options -cn mail/mailman)
+  In order for Mailman to work with an alternative mailer, please use
+mailman-exim4 or mailman-postfix instead, or
+mailman-exim4-with-htdig or mailman-postfix-with-htdig.
+  For use with other mailers (Courier, OpenSMTPd), the port must be installed
+from source, with proper options configured, or from a package built in
+poudriere (which is a separate port in ports-mgmt) with adapted options.
+(poudriere options -cn mail/mailman)
 
 - FOR USERS OF A PORT BUILT FROM SOURCE -
 If you use an alternate MTA (meaning "not Sendmail"), you MUST