Navigation:
Browse pkgsrc
(this page)| 2024-08-27 18:56:57 by Greg Troxel | Files touched by this commit (3) |
Log message:
mail/mailman: Update to 2.1.39
Welcome to December, 2021.
packaging changes: Adapt to excessively complicated and hard-to-deal
with upstream URLs.
Upstream NEWS:
2.1.39 (13-Dec-2021)
Bug Fixes and other patches
- User matching for CSRF tokens is no longer case sensitive., and a
potential NamerError in logging is fixed. (LP: #1954694)
2.1.38 (30-Nov-2021)
Security
- A potential CSRF attack against a list admin from a list member or
moderator has been blocked. CVE-2021-44227 (LP: #1952384)
Bug Fixes and other patches
- NotAMemberError exception from the user options page when the user has
been asynchronously unsubscribed is fixed. (LP: #1951769)
2.1.37 (12-Nov-2021)
Bug Fixes and other patches
- A bug in the fix for CVE-2021-43332 has neen fixed. (LP: #1950833)
2.1.36 (12-Nov-2021)
Security
- A potential XSS attack via the user options page has been reported by
Harsh Jaiswal. This is fixed. CVE-2021-43331 (LP: #1949401)
- A potential for for a list moderator to carry out an off-line brute force
attack to obtain the list admin password has been reported by Andre
Protas, Richard Cloke and Andy Nuttall of Apple. This is fixed.
CVE-2021-43332 (LP: #1949403)
|
| 2024-08-27 18:46:21 by Greg Troxel | Files touched by this commit (4) |
Log message: mail/mailman: MESSAGE exorcism |
| 2024-05-08 17:15:37 by Greg Troxel | Files touched by this commit (1) |
Log message: mail/mailman: Note that this is mailman 2. By vague about this being EOL because that's not clear from lists.org, even if it is clear that 3 is current. |
| 2023-08-14 07:25:36 by Thomas Klausner | Files touched by this commit (1247) |
Log message: *: recursive bump for Python 3.11 as new default |
| 2022-08-23 23:49:56 by Thomas Klausner | Files touched by this commit (7) |
Log message: *: switch to appropriate py-dns version |
| 2022-06-30 13:19:02 by Nia Alarie | Files touched by this commit (524) |
Log message: *: Revbump packages that use Python at runtime without a PKGNAME prefix |
| 2021-10-26 20:42:55 by Thomas Merkel | Files touched by this commit (3) |
Log message:
mail/mailman: Update to 2.1.35
2.1.35 (19-Oct-2021)
Security
- A potential for for a list member to carry out an off-line brute force
attack to obtain the list admin password has been reported by Andre
Protas, Richard Cloke and Andy Nuttall of Apple. This is fixed.
CVE-2021-42096 (LP:#1947639)
- A CSRF attack via the user options page could allow takeover of a users
account. This is fixed. CVE-2021-42097 (LP:#1947640)
Bug Fixes and other patches
- Fixed an issue where sometimes the wrapper message for DMARC mitigation
Wrap Message has no Subject:. (LP: #1915655)
- Plain text message bodies with Content-Disposition: and no declared
charset are no longer scrubbed. (LP: #1917968)
- CommandRunner now recodes message bodies in the charset of the user's
or list's language to avoid a possible UnicodeError when including the
message body in the reply. (LP: #1921682)
- Delivery disabled by bounce notices to admins now have 'disabled'
properly translated. (LP: #1922843)
- DMARC policy discovery ignores domains with multiple DMARC records per
RFC 7849, (LP: 1931029)
|
| 2021-10-26 12:54:34 by Nia Alarie | Files touched by this commit (356) |
Log message: mail: Replace RMD160 checksums with BLAKE2s checksums All checksums have been double-checked against existing RMD160 and SHA512 hashes The following distfiles were unfetchable (possibly fetched conditionally?): ./mail/qmail/distinfo netqmail-1.05-TAI-leapsecs.patch |
| 2021-10-07 16:25:52 by Nia Alarie | Files touched by this commit (357) |
Log message: mail: Remove SHA1 hashes for distfiles |
| 2020-12-04 21:45:51 by Nia Alarie | Files touched by this commit (456) |
Log message: Revbump packages with a runtime Python dep but no version prefix. For the Python 3.8 default switch. |
New packages: