2008-12-20 20:02:12 by Manuel Bouyer | Files touched by this commit (3) | |
Log message:
Update sympa to 5.4.4. Bug fixes (including SQL injestion and privilege
escalation vulnerabilities) and updated translations:
* Sympa was not fully compliant to the RFC 2616, leading for example
to possible unwanted list deletion by administrators using prefetching
tools. This was fixed by replacing all the threatening GET requests
by POST requests;
* Use of sprint() function for creating SQL queries lead to possible
SQL injection through cookie manipulation;
* The use of files in /tmp lead to vulnerabilities.
|
2008-12-14 20:06:38 by Hasso Tepper | Files touched by this commit (1) |
Log message:
Needs msgfmt.
|
2008-11-30 19:13:30 by Manuel Bouyer | Files touched by this commit (1) |
Log message:
Add missing trailing / to one of the MASTER_SITES
|
2008-11-10 06:03:15 by Takahiro Kambe | Files touched by this commit (1) | |
Log message:
DISTNAME should be updated, too. :-)
|
2008-11-09 17:15:47 by Manuel Bouyer | Files touched by this commit (3) | |
Log message:
Update to 5.4.3. Changes since 5.4.2:
Features:
po/ja.po, po/web_help_ja.po: update Japanese translation of the user
interface, add Japanese translation of online help
po/ru.po: Updated Russian translation.
src/Commands.pm: [#3990][Submitted by A. Berstein, electricembers.net] The
quiet option has been reactivated for the "reject" mail command.
Bug fixes:
wwsympa/archived.pl: [Reported by M. Kretchner, INRIA] It was impossible
to remove a message from web archives or rebuild these archives.
check_perl_modules.pl: [Reported by M. Gorecka-Wolniewicz,
Nicolaus Copernicus univ., Torun] In some cases, CAS logout didn't work.
src/task_manager.pl, wwsympa/archived.pl, wwsympa/bounced.pl: [#3957]
[Reported by O. Berger, Telecom & Management SudParis] When launching
Sympa daemons (other than sympa.pl) with an unknown option, the daemon
was still launched instead of failing to launch.
|
2008-10-19 21:19:25 by Havard Eidnes | Files touched by this commit (1179) |
Log message:
Bump the PKGREVISION for all packages which depend directly on perl,
to trigger/signal a rebuild for the transition 5.8.8 -> 5.10.0.
The list of packages is computed by finding all packages which end
up having either of PERL5_USE_PACKLIST, BUILDLINK_API_DEPENDS.perl,
or PERL5_PACKLIST defined in their make setup (tested via
"make show-vars VARNAMES=...").
|
2008-04-27 19:06:41 by Manuel Bouyer | Files touched by this commit (12) |
Log message:
Upgrade to sympa version 5.4.2. Changes since version 5.2.4:
Fix CVE-2008-1648 (denial of service)
Several new translations (some of them disabled, because of missing locale
support on NetBSD-3).
Introduction of HTTP session in order to replace a lot of cookies, for better
usability and security. This also allows some new features, from
listing active session in admin page to crawler detection.
per list custom user attributes (defined by the list owner)
per list custom list parameters for use in authorization scenarios and
mail templates
LDAP alias manager can now be LDAPS
XSS protection
Session hijacking protection
The performances mainly regarding the web interface have been
significantly improved.
new SOAP features allow remote list creation, ADD and DEL of list members
Automatic list creation when a message is sent for the list.
each operations that changes the status of messages/subscriptions/list config
is now logged in a structured DB entry.
Generalization of UTF-8
and more ... See http://www.sympa.org/ for complete list.
|
2008-03-17 12:23:30 by OBATA Akio | Files touched by this commit (1) |
Log message:
5.2.4 in old.
|
2008-01-18 06:08:56 by Tobias Nygren | Files touched by this commit (214) |
Log message:
Per the process outlined in revbump(1), perform a recursive revbump
on packages that are affected by the switch from the openssl 0.9.7
branch to the 0.9.8 branch. ok jlam@
|
2007-07-04 22:55:07 by Johnny C. Lam | Files touched by this commit (136) |
Log message:
Make it easier to build and install packages "unprivileged", where
the owner of all installed files is a non-root user. This change
affects most packages that require special users or groups by making
them use the specified unprivileged user and group instead.
(1) Add two new variables PKG_GROUPS_VARS and PKG_USERS_VARS to
unprivileged.mk. These two variables are lists of other bmake
variables that define package-specific users and groups. Packages
that have user-settable variables for users and groups, e.g. apache
and APACHE_{USER,GROUP}, courier-mta and COURIER_{USER,GROUP},
etc., should list these variables in PKG_USERS_VARS and PKG_GROUPS_VARS
so that unprivileged.mk can know to set them to ${UNPRIVILEGED_USER}
and ${UNPRIVILEGED_GROUP}.
(2) Modify packages to use PKG_GROUPS_VARS and PKG_USERS_VARS.
|