packages/mailman
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVES

Browse Source 
(cherry picked from commit aa7a1256e2a38decd24fa171a8cf06026d8d7f8f)
This commit is contained in:
programmer12 2021-10-19 15:13:30 +08:00 committed by openeuler-sync-bot
parent 3a652a15f1
commit e50f0eeb83
3 changed files with 57 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
CVE-2020-12108.patch Normal file
View File

@ -0,0 +1,25 @@
From 966f6556766d24eb53055782b74a02d8c5969be2 Mon Sep 17 00:00:00 2001
From: Utkarsh Gupta <utkarsh@debian.org>
Date: Tue, 19 Oct 2021 09:50:58 +0800
Subject: [PATCH] 2
---
Mailman/Cgi/options.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Mailman/Cgi/options.py b/Mailman/Cgi/options.py
index 34a7718..386b308 100644
--- a/Mailman/Cgi/options.py
+++ b/Mailman/Cgi/options.py
@@ -172,7 +172,7 @@ def main():
try:
Utils.ValidateEmail(user)
except Errors.EmailAddressError:
- doc.addError(_('Illegal Email Address: %(safeuser)s'))
+ doc.addError(_('Illegal Email Address'))
loginpage(mlist, doc, None, language)
print doc.Format()
return
--
2.27.0

26
CVE-2020-12137.patch Normal file
View File

@ -0,0 +1,26 @@
From ce32b3a6223efac121fc0df59e5316cfb6b8d3a0 Mon Sep 17 00:00:00 2001
From: Mark Sapiro <mark@debian.org>
Date: Tue, 19 Oct 2021 11:14:11 +0800
Subject: [PATCH] 2
---
Mailman/Handlers/Scrubber.py | 3 +++
1 file changed, 3 insertions(+)
diff --git a/Mailman/Handlers/Scrubber.py b/Mailman/Handlers/Scrubber.py
index 429312b..08ae55a 100644
--- a/Mailman/Handlers/Scrubber.py
+++ b/Mailman/Handlers/Scrubber.py
@@ -87,6 +87,9 @@ def guess_extension(ctype, ext):
all = guess_all_extensions(ctype, strict=False)
if ext in all:
return ext
+ if ctype.lower == 'application/octet-stream':
+ # For this type,all[0] is '.obj'.'.bin' is better.
+ return '.bin'
return all and all[0]
--
2.27.0

7
mailman.spec
View File

@ -3,7 +3,7 @@
Name: mailman Name: mailman
Version: 2.1.29 Version: 2.1.29
Release: 5 Release: 6
Epoch: 3 Epoch: 3
Summary: GNU Mailing List Manager Summary: GNU Mailing List Manager
License: GPLv2+ License: GPLv2+
@ -27,6 +27,8 @@ Patch7: mailman-2.1.13-archive-reply.patch
Patch13: mailman-2.1.9-unicode.patch Patch13: mailman-2.1.9-unicode.patch
Patch21: mailman-2.1.13-env-python.patch Patch21: mailman-2.1.13-env-python.patch
Patch22: mailman-2.1.15-check_perms.patch Patch22: mailman-2.1.15-check_perms.patch
Patch23: CVE-2020-12108.patch
Patch24: CVE-2020-12137.patch
BuildRequires: automake gcc python2-devel systemd python2-dns BuildRequires: automake gcc python2-devel systemd python2-dns
Requires(pre): shadow-utils Requires(pre): shadow-utils
@ -421,5 +423,8 @@ exit 0
%dir %attr(775,root,%{name}) /var/lock/%{name} %dir %attr(775,root,%{name}) /var/lock/%{name}
%changelog %changelog
* Tue Oct 19 2021 liwu <liwu13@huawei.com> - 2.1.29-6
- Fix CVE-2020-12108 CVE-2020-12137
* Fri Feb 14 2020 lihao <lihao129@huawei.com> - 2.1.29-5 * Fri Feb 14 2020 lihao <lihao129@huawei.com> - 2.1.29-5
- Package init - Package init