Once more, now without the filterdiff(1) NEWS cruft that were left there.
diffstat for mailman-2.1.13 mailman-2.1.13
changelog | 9 + patches/83-CVE-2010-3089--bug599833.patch | 262 ++++++++++++++++++++++++++++++ patches/series | 1 3 files changed, 272 insertions(+) diff -Nru mailman-2.1.13/debian/changelog mailman-2.1.13/debian/changelog --- mailman-2.1.13/debian/changelog 2010-07-27 23:59:52.000000000 +0300 +++ mailman-2.1.13/debian/changelog 2010-10-16 09:01:27.000000000 +0300 @@ -1,3 +1,12 @@ +mailman (1:2.1.13-4.1) unstable; urgency=high + + * Non-maintainer upload. + * debian/patches + - (83): New. CVE-2010-3089 security fix from mailman 2.14. Patch + thanks to <d+...@vdr.jp> (grave, security; Closes: #599833). + + -- Jari Aalto <jari.aa...@cante.net> Sat, 16 Oct 2010 08:46:55 +0300 + mailman (1:2.1.13-4) unstable; urgency=medium * Fix permissions on /var/lib/mailman/archives/private, so diff -Nru mailman-2.1.13/debian/patches/83-CVE-2010-3089--bug599833.patch mailman-2.1.13/debian/patches/83-CVE-2010-3089--bug599833.patch --- mailman-2.1.13/debian/patches/83-CVE-2010-3089--bug599833.patch 1970-01-01 02:00:00.000000000 +0200 +++ mailman-2.1.13/debian/patches/83-CVE-2010-3089--bug599833.patch 2010-10-16 09:02:19.000000000 +0300 @@ -0,0 +1,262 @@ +From a745670e2c3325fa49b222a533c4ed4bf3f4368e Mon Sep 17 00:00:00 2001 +From: Jari Aalto <jari.aa...@cante.net> +Date: Fri, 15 Oct 2010 12:23:47 +0300 +Subject: [PATCH] CVE-2010-3089 Fixes from mailman 2.14 by <d+...@vdr.jp> +Organization: Private +Content-Type: text/plain; charset="utf-8" +Content-Transfer-Encoding: 8bit + +Signed-off-by: Jari Aalto <jari.aa...@cante.net> +--- + Mailman/Cgi/listinfo.py | 4 +- + Mailman/HTMLFormatter.py | 7 +- + Mailman/Utils.py | 187 +++++++++++++++++++++++----------------------- + 3 files changed, 100 insertions(+), 98 deletions(-) + +diff --git a/Mailman/Cgi/listinfo.py b/Mailman/Cgi/listinfo.py +index 5b96590..4a54517 100644 +--- a/Mailman/Cgi/listinfo.py ++++ b/Mailman/Cgi/listinfo.py +@@ -1,4 +1,4 @@ +-# Copyright (C) 1998-2009 by the Free Software Foundation, Inc. ++# Copyright (C) 1998-2010 by the Free Software Foundation, Inc. + # + # This program is free software; you can redistribute it and/or + # modify it under the terms of the GNU General Public License +@@ -94,7 +94,7 @@ def listinfo_overview(msg=''): + else: + advertised.append((mlist.GetScriptURL('listinfo'), + mlist.real_name, +- mlist.description)) ++ Utils.websafe(mlist.description))) + if msg: + greeting = FontAttr(msg, color="ff5060", size="+1") + else: +diff --git a/Mailman/HTMLFormatter.py b/Mailman/HTMLFormatter.py +index 3a21d96..dad51e7 100644 +--- a/Mailman/HTMLFormatter.py ++++ b/Mailman/HTMLFormatter.py +@@ -1,4 +1,4 @@ +-# Copyright (C) 1998-2008 by the Free Software Foundation, Inc. ++# Copyright (C) 1998-2010 by the Free Software Foundation, Inc. + # + # This program is free software; you can redistribute it and/or + # modify it under the terms of the GNU General Public License +@@ -383,8 +383,9 @@ class HTMLFormatter: + '<mm-mailman-footer>' : self.GetMailmanFooter(), + '<mm-list-name>' : self.real_name, + '<mm-email-user>' : self._internal_name, +- '<mm-list-description>' : self.description, +- '<mm-list-info>' : BR.join(self.info.split(NL)), ++ '<mm-list-description>' : Utils.websafe(self.description), ++ '<mm-list-info>' : ++ '<!---->' + BR.join(self.info.split(NL)) + '<!---->', + '<mm-form-end>' : self.FormatFormEnd(), + '<mm-archive>' : self.FormatArchiveAnchor(), + '</mm-archive>' : '</a>', +diff --git a/Mailman/Utils.py b/Mailman/Utils.py +index 5cba077..d5babc1 100644 +--- a/Mailman/Utils.py ++++ b/Mailman/Utils.py +@@ -1,4 +1,4 @@ +-# Copyright (C) 1998-2009 by the Free Software Foundation, Inc. ++# Copyright (C) 1998-2010 by the Free Software Foundation, Inc. + # + # This program is free software; you can redistribute it and/or + # modify it under the terms of the GNU General Public License +@@ -911,99 +911,100 @@ _badwords = [ + # Kludge to allow the specific tag that's in the options.html template. + '<link(?! rel="SHORTCUT ICON" href="<mm-favicon>">)', + '<meta', ++ '<object', + '<script', +- r'(?:^|\W)j(?:ava)?script(?:\W|$)', +- r'(?:^|\W)vbs(?:cript)?(?:\W|$)', +- r'(?:^|\W)domactivate(?:\W|$)', +- r'(?:^|\W)domattrmodified(?:\W|$)', +- r'(?:^|\W)domcharacterdatamodified(?:\W|$)', +- r'(?:^|\W)domfocus(?:in|out)(?:\W|$)', +- r'(?:^|\W)dommenuitem(?:in)?active(?:\W|$)', +- r'(?:^|\W)dommousescroll(?:\W|$)', +- r'(?:^|\W)domnodeinserted(?:intodocument)?(?:\W|$)', +- r'(?:^|\W)domnoderemoved(?:fromdocument)?(?:\W|$)', +- r'(?:^|\W)domsubtreemodified(?:\W|$)', +- r'(?:^|\W)fscommand(?:\W|$)', +- r'(?:^|\W)onabort(?:\W|$)', +- r'(?:^|\W)on(?:de)?activate(?:\W|$)', +- r'(?:^|\W)on(?:after|before)print(?:\W|$)', +- r'(?:^|\W)on(?:after|before)update(?:\W|$)', +- r'(?:^|\W)onbefore(?:(?:de)?activate|copy|cut|editfocus|paste)(?:\W|$)', +- r'(?:^|\W)onbeforeunload(?:\W|$)', +- r'(?:^|\W)onbegin(?:\W|$)', +- r'(?:^|\W)onblur(?:\W|$)', +- r'(?:^|\W)onbounce(?:\W|$)', +- r'(?:^|\W)onbroadcast(?:\W|$)', +- r'(?:^|\W)on(?:cell)?change(?:\W|$)', +- r'(?:^|\W)oncheckboxstatechange(?:\W|$)', +- r'(?:^|\W)on(?:dbl)?click(?:\W|$)', +- r'(?:^|\W)onclose(?:\W|$)', +- r'(?:^|\W)oncommand(?:update)?(?:\W|$)', +- r'(?:^|\W)oncomposition(?:end|start)(?:\W|$)', +- r'(?:^|\W)oncontextmenu(?:\W|$)', +- r'(?:^|\W)oncontrolselect(?:\W|$)', +- r'(?:^|\W)oncopy(?:\W|$)', +- r'(?:^|\W)oncut(?:\W|$)', +- r'(?:^|\W)ondataavailable(?:\W|$)', +- r'(?:^|\W)ondataset(?:changed|complete)(?:\W|$)', +- r'(?:^|\W)ondrag(?:drop|end|enter|exit|gesture|leave|over)?(?:\W|$)', +- r'(?:^|\W)ondragstart(?:\W|$)', +- r'(?:^|\W)ondrop(?:\W|$)', +- r'(?:^|\W)onend(?:\W|$)', +- r'(?:^|\W)onerror(?:update)?(?:\W|$)', +- r'(?:^|\W)onfilterchange(?:\W|$)', +- r'(?:^|\W)onfinish(?:\W|$)', +- r'(?:^|\W)onfocus(?:in|out)?(?:\W|$)', +- r'(?:^|\W)onhelp(?:\W|$)', +- r'(?:^|\W)oninput(?:\W|$)', +- r'(?:^|\W)onkey(?:up|down|press)(?:\W|$)', +- r'(?:^|\W)onlayoutcomplete(?:\W|$)', +- r'(?:^|\W)on(?:un)?load(?:\W|$)', +- r'(?:^|\W)onlosecapture(?:\W|$)', +- r'(?:^|\W)onmedia(?:complete|error)(?:\W|$)', +- r'(?:^|\W)onmouse(?:down|enter|leave|move|out|over|up|wheel)(?:\W|$)', +- r'(?:^|\W)onmove(?:end|start)?(?:\W|$)', +- r'(?:^|\W)on(?:off|on)line(?:\W|$)', +- r'(?:^|\W)onoutofsync(?:\W|$)', +- r'(?:^|\W)onoverflow(?:changed)?(?:\W|$)', +- r'(?:^|\W)onpage(?:hide|show)(?:\W|$)', +- r'(?:^|\W)onpaint(?:\W|$)', +- r'(?:^|\W)onpaste(?:\W|$)', +- r'(?:^|\W)onpause(?:\W|$)', +- r'(?:^|\W)onpopup(?:hidden|hiding|showing|shown)(?:\W|$)', +- r'(?:^|\W)onprogress(?:\W|$)', +- r'(?:^|\W)onpropertychange(?:\W|$)', +- r'(?:^|\W)onradiostatechange(?:\W|$)', +- r'(?:^|\W)onreadystatechange(?:\W|$)', +- r'(?:^|\W)onrepeat(?:\W|$)', +- r'(?:^|\W)onreset(?:\W|$)', +- r'(?:^|\W)onresize(?:end|start)?(?:\W|$)', +- r'(?:^|\W)onresume(?:\W|$)', +- r'(?:^|\W)onreverse(?:\W|$)', +- r'(?:^|\W)onrow(?:delete|enter|exit|inserted)(?:\W|$)', +- r'(?:^|\W)onrows(?:delete|enter|inserted)(?:\W|$)', +- r'(?:^|\W)onscroll(?:\W|$)', +- r'(?:^|\W)onseek(?:\W|$)', +- r'(?:^|\W)onselect(?:start)?(?:\W|$)', +- r'(?:^|\W)onselectionchange(?:\W|$)', +- r'(?:^|\W)onstart(?:\W|$)', +- r'(?:^|\W)onstop(?:\W|$)', +- r'(?:^|\W)onsubmit(?:\W|$)', +- r'(?:^|\W)onsync(?:from|to)preference(?:\W|$)', +- r'(?:^|\W)onsyncrestored(?:\W|$)', +- r'(?:^|\W)ontext(?:\W|$)', +- r'(?:^|\W)ontimeerror(?:\W|$)', +- r'(?:^|\W)ontrackchange(?:\W|$)', +- r'(?:^|\W)onunderflow(?:\W|$)', +- r'(?:^|\W)onurlflip(?:\W|$)', +- r'(?:^|\W)seeksegmenttime(?:\W|$)', +- r'(?:^|\W)svgabort(?:\W|$)', +- r'(?:^|\W)svgerror(?:\W|$)', +- r'(?:^|\W)svgload(?:\W|$)', +- r'(?:^|\W)svgresize(?:\W|$)', +- r'(?:^|\W)svgscroll(?:\W|$)', +- r'(?:^|\W)svgunload(?:\W|$)', +- r'(?:^|\W)svgzoom(?:\W|$)', ++ r'\bj(?:ava)?script\b', ++ r'\bvbs(?:cript)?\b', ++ r'\bdomactivate\b', ++ r'\bdomattrmodified\b', ++ r'\bdomcharacterdatamodified\b', ++ r'\bdomfocus(?:in|out)\b', ++ r'\bdommenuitem(?:in)?active\b', ++ r'\bdommousescroll\b', ++ r'\bdomnodeinserted(?:intodocument)?\b', ++ r'\bdomnoderemoved(?:fromdocument)?\b', ++ r'\bdomsubtreemodified\b', ++ r'\bfscommand\b', ++ r'\bonabort\b', ++ r'\bon(?:de)?activate\b', ++ r'\bon(?:after|before)print\b', ++ r'\bon(?:after|before)update\b', ++ r'\bonbefore(?:(?:de)?activate|copy|cut|editfocus|paste)\b', ++ r'\bonbeforeunload\b', ++ r'\bonbegin\b', ++ r'\bonblur\b', ++ r'\bonbounce\b', ++ r'\bonbroadcast\b', ++ r'\bon(?:cell)?change\b', ++ r'\boncheckboxstatechange\b', ++ r'\bon(?:dbl)?click\b', ++ r'\bonclose\b', ++ r'\boncommand(?:update)?\b', ++ r'\boncomposition(?:end|start)\b', ++ r'\boncontextmenu\b', ++ r'\boncontrolselect\b', ++ r'\boncopy\b', ++ r'\boncut\b', ++ r'\bondataavailable\b', ++ r'\bondataset(?:changed|complete)\b', ++ r'\bondrag(?:drop|end|enter|exit|gesture|leave|over)?\b', ++ r'\bondragstart\b', ++ r'\bondrop\b', ++ r'\bonend\b', ++ r'\bonerror(?:update)?\b', ++ r'\bonfilterchange\b', ++ r'\bonfinish\b', ++ r'\bonfocus(?:in|out)?\b', ++ r'\bonhelp\b', ++ r'\boninput\b', ++ r'\bonkey(?:up|down|press)\b', ++ r'\bonlayoutcomplete\b', ++ r'\bon(?:un)?load\b', ++ r'\bonlosecapture\b', ++ r'\bonmedia(?:complete|error)\b', ++ r'\bonmouse(?:down|enter|leave|move|out|over|up|wheel)\b', ++ r'\bonmove(?:end|start)?\b', ++ r'\bon(?:off|on)line\b', ++ r'\bonoutofsync\b', ++ r'\bonoverflow(?:changed)?\b', ++ r'\bonpage(?:hide|show)\b', ++ r'\bonpaint\b', ++ r'\bonpaste\b', ++ r'\bonpause\b', ++ r'\bonpopup(?:hidden|hiding|showing|shown)\b', ++ r'\bonprogress\b', ++ r'\bonpropertychange\b', ++ r'\bonradiostatechange\b', ++ r'\bonreadystatechange\b', ++ r'\bonrepeat\b', ++ r'\bonreset\b', ++ r'\bonresize(?:end|start)?\b', ++ r'\bonresume\b', ++ r'\bonreverse\b', ++ r'\bonrow(?:delete|enter|exit|inserted)\b', ++ r'\bonrows(?:delete|enter|inserted)\b', ++ r'\bonscroll\b', ++ r'\bonseek\b', ++ r'\bonselect(?:start)?\b', ++ r'\bonselectionchange\b', ++ r'\bonstart\b', ++ r'\bonstop\b', ++ r'\bonsubmit\b', ++ r'\bonsync(?:from|to)preference\b', ++ r'\bonsyncrestored\b', ++ r'\bontext\b', ++ r'\bontimeerror\b', ++ r'\bontrackchange\b', ++ r'\bonunderflow\b', ++ r'\bonurlflip\b', ++ r'\bseeksegmenttime\b', ++ r'\bsvgabort\b', ++ r'\bsvgerror\b', ++ r'\bsvgload\b', ++ r'\bsvgresize\b', ++ r'\bsvgscroll\b', ++ r'\bsvgunload\b', ++ r'\bsvgzoom\b', + ] + + +-- +1.7.1 + diff -Nru mailman-2.1.13/debian/patches/series mailman-2.1.13/debian/patches/series --- mailman-2.1.13/debian/patches/series 2010-07-28 00:10:31.000000000 +0300 +++ mailman-2.1.13/debian/patches/series 2010-10-16 09:01:28.000000000 +0300 @@ -18,4 +18,5 @@ 71_date_overflows.patch 74_admin_non-ascii_emails.patch 79_archiver_slash.patch +83-CVE-2010-3089--bug599833.patch 99_js_templates.patch