...and drop files/patch-configure-in, which is no longer needed;
neither is autoreconf needed to be reinstated.
We can cheat the test -z "$VAR" inside the MM_FIND_{GROUP,USER}...
configure[.in] macros by putting the proper contents into the
proper environment variables.
To fix the regression in...
PR: 274991
Reported by: leres@
by diffing revisions 1885 (2.1.39) against 1893 in the upstream repo
While here, drop USES=autoreconf, which we no longer need, and
which triggers warnings from autoconf because the configure.in was
developed for an older autoconf version.
Bump PORTREVISION to 2.
Commit b7f05445c0 has added WWW entries to port Makefiles based on
WWW: lines in pkg-descr files.
This commit removes the WWW: lines of moved-over URLs from these
pkg-descr files.
Approved by: portmgr (tcberner)
It has been common practice to have one or more URLs at the end of the
ports' pkg-descr files, one per line and prefixed with "WWW:". These
URLs should point at a project website or other relevant resources.
Access to these URLs required processing of the pkg-descr files, and
they have often become stale over time. If more than one such URL was
present in a pkg-descr file, only the first one was tarnsfered into
the port INDEX, but for many ports only the last line did contain the
port specific URL to further information.
There have been several proposals to make a project URL available as
a macro in the ports' Makefiles, over time.
This commit implements such a proposal and moves one of the WWW: entries
of each pkg-descr file into the respective port's Makefile. A heuristic
attempts to identify the most relevant URL in case there is more than
one WWW: entry in some pkg-descr file. URLs that are not moved into the
Makefile are prefixed with "See also:" instead of "WWW:" in the pkg-descr
files in order to preserve them.
There are 1256 ports that had no WWW: entries in pkg-descr files. These
ports will not be touched in this commit.
The portlint port has been adjusted to expect a WWW entry in each port
Makefile, and to flag any remaining "WWW:" lines in pkg-descr files as
deprecated.
Approved by: portmgr (tcberner)
Mark Sapiro announced Mailman 2.1.39 "[...] fixes
https://bugs.launchpad.net/mailman/+bug/1954694
[...]
The fix for CVE-2021-42097 was case sensitive and should not be.
The fix for CVE-2021-44227 introduced a potential NameError in logging.
This could cause a user's changes to the option's page to not be
accepted and perhaps cause a 'We hit a bug' response if the user visited
the page with a mixed- or upper-case email address."
URL: https://bugs.launchpad.net/mailman/+bug/1954694
MFH: 2021Q4
While here, fix pkg-message to mention -exim4 and -postfix
derived ports that override the default MTA.
Security: 0d6efbe3-52d9-11ec-9472-e3667ed6088e
Security: CVE-2021-44227
MFH: 2021Q4
- A potential XSS attack via the user options page has been reported by
Harsh Jaiswal. This is fixed. CVE-2021-43331 (LP: #1949401)
LP: A crafted URL to the user options page can execute arbitrary
javascript.
- A potential for for a list moderator to carry out an off-line brute force
attack to obtain the list admin password has been reported by Andre
Protas, Richard Cloke and Andy Nuttall of Apple. This is fixed.
CVE-2021-43332 (LP: #1949403)
LP: The CSRF token for the admindb page contains an encrypted version of
the list admin password which could potentially be cracked by a
moderator via an off-line brute force attack.
MFH: 2021Q4
Security: 9d7a2b54-4468-11ec-8532-0d24c37c72c8
Security: CVE-2021-43331
Security: CVE-2021-43332
Changelog:
http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/1859/NEWS#L8
(Note the ValueError fix was already in FreeBSD's 2.1.33_1 and
- on quarterly - the 2.1.30_5 port/package versions.)
Follow POLA:
No MFH requested, as 2020Q2 and head/ have diverged too far,
so let 2020Q3 pick up the change instead.
- fixes the i18n issues in 2.1.31
- drop local patch for Spanish Castilian mailman.po file
- drop local REINPLACE_CMD for translations of the security fixed code
- uses a patch from the upstream merged rev 1814 of the htdig branch
Over the upstream 2.1.31, additional fixes were needed:
+ fix up quoting in one string of the messages/es/ translation
to unbreak gettext
+ fix up all */LC_MESSAGES/mailman.po to match up with the security fix.
Upstream Changelog for 2.1.31, cited from
<https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/1845/NEWS#L8>:
Security
- A content injection vulnerability via the options login page has been
discovered and reported by Vishal Singh. This is fixed. (LP: #1873722)
i18n
- The Spanish translation has been updated by Omar Walid Llorente.
Bug Fixes and other patches
- Bounce recognition for a non-compliant Yahoo format is added.
- Archiving workaround for non-ascii in string.lowercase in some Python
packages is added.
MFH: 2020Q2
Security: 88760f4d-8ef7-11ea-a66d-4b2ef158be83
Limit the install message about pkg install -I to installs (not upgrades).
Convert the required_dirs of the rcfile into a coded prereq check,
so that we can print the proper error message, and point the user to
the right place.
Bump PORTREVISION.
- tighten up permissions on install dirs even more, patching
bin/check_perms to not complain - fewer directories or files belong
in mailman's hand or need group write permissions.
- revert 2.1.30's "make templates samples" because the upstream has
always instead provided a templates/site dir here and warned users that
default templates will be overwritten on updates or reinstallation
https://wiki.list.org/DOC/4.48%20How%20can%20I%20change%20the%20HTML%20or%20.txt%20templates%20used%20by%20my%20mailing%20lists%3F
changed templates will be written to different directories, the site,
domain-specific or list-specific directory
- adjust pkg-plist such that a no-script install, a regular install
with post-install script run, and check_perms agree on permissions,
however with tighter write permissions than the default install,
as a security-in-depth safety precaution. [1]
- revise files/pkg-install.in accordingly
- boil down files/pkg-message.in texts a little bit
- bump PORTREVISION
PR: 245853
Reported by: manu@ (IRC) [1]
* upstream changelog:
https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/head:/NEWS#L6
Note that upstream means 2.1.30 to be the final 2.x release,
because it relies on Python 2.x which is EOL upstream.
! MAJOR DATA LOSS FIX, rename all templates/* files to .sample,
! and list them as a @sample in pkg-plist, because they can be edited
! through the web server, and an upgrade should not stomp over edited files.
* rearrange makefile a bit (portlint, portfmt)
* update and upload new htdig patch
* expose NLS port option to pkg-install script to avoid failure
* patch upstream bin/check_perms script to not complain about tightened-
up messages/ and mailmanprefix (${PREFIX}/mailman) permissions that we
set to 0755 instead of 02775. Mailman should not need to write outside
designated directories or create new top-level directories in its install.
* fix a typo in the German (mailman.po) translation
* tweak pkg-install to:
- leave ${PREFIX}/mailman permissions alone and not set them to 02775
- fix up non-moved .sample files if pkg-install is run with -I
- create a copy of mm_cfg.py from mm_cfg.py.dist if missing (-I)
- create a newsyslog.conf.d/mailman.conf if missing, from
examples/mailman.newsyslog.sample if installed (-I)
- not attempt to fix messages/ (translations) permissions if the NLS
port option is disabled
* tweak pkg-plist so that the proper permissions and groups are set
by default already
* clean up pkg-message, thanks to bapt@ for pointing out that a missing
type: means "install or upgrade".
MFH: 2020Q2 (@samples is an important fix against data loss on update)
There are parts of the install message that are also relevant on
updates, but were missed. Add them, and bump PORTREVISION.
Failure-inducing commit:
------------------------------------------------------------------------
r508882 | mat | 2019-08-14 00:29:42 +0200 (Wed, 14 Aug 2019) | 2 lines
onvert to UCL & cleanup pkg-message (categories l-m)
------------------------------------------------------------------------
- Rename the files installed to /usr/local/etc/newsyslog.conf.d/ to end
with a '.conf' suffix.
- Add pkg-install script to automatically move any copies of the old
newsyslog file to the new location if the new file is unmodified from the default,
or print a warning if it the new file has been modified.
- Add a note to UPDATING and pkg-message to warn users of this, in case
they are using provisioning/configuration management tools which need
to be modified. Note the UPDATING entry was committed in r485721.
Recent changes to /etc/newsyslog.conf (r340318) will only include files
from the /usr/local/etc/newsyslog.conf.d/ directory which end with
'.conf' and do not beginning with a '.' character.
Reviewed by: mat
Approved by: mandree (maintainer)
Differential Revision: https://reviews.freebsd.org/D17088
Rename the files installed to /usr/local/etc/newsyslog.conf.d/ to end
with a '.conf' suffix.
Proposed changes to /etc/newsyslog.conf will only include files from the
/usr/local/etc/newsyslog.conf.d/ directory which end with '.conf' and do
not beginning with a '.' character. https://reviews.freebsd.org/D17086
Approved by: mandree (maintainer)
Differential Revision: https://reviews.freebsd.org/D17088
- When no virtualhosts are defined, and the default localhost/localhost is
effective, the post-install script now adds DEFAULT_EMAIL_HOST,
DEFAULT_URL_HOST, and add_virtualhost() lines to mm_cfg.py.
Add corresponding support to remove unchanged configurations to the
deinstall script.
- While here, overhaul crontab configuration to only request a merge if the
crontab had been modified, and unify progress reports.
- Merge pkg-deinstall into pkg-install, to avoid duplication of code
that might be missed in later maintenance.
PR: 225961
Reported by: Terry Kennedy
When the upstream initscript grew a "reopen" mode with 2.1.17 in late 2013,
our patch stuffed the usage information into the wrong place, so that we
inadvertently disabled the new reopen mode, thus never supported it
through the init script in FreeBSD.
Bump PORTREVISION.
PR: 225800
Submitted by: Yasuhito FUTATSUKI
MFH: 2018Q1
- Fix checksum failures in Defaults.py[c]:
No longer patch Defaults.py in postinstall, instead configure
--with-mailhost=localhost --with-urlhost=localhost, as
Fedora and Arch Linux do.
- Add a related note to FreeBSD-post-install-notes.
- Add a related safeguard to the rcfile, which will refuse to run
if the DEFAULT_*_HOSTs are not configured. This can be changed
with a new mailman_run_localhost="YES" rc.conf setting, which will
then restrict itself to printing the warnings, but still start mailman.
- Update htdig patch to upstream SVN r1734.
- Bump USES, python:2 -> python:2.7
- Regenerated patches.
Changelog:
https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/1743/NEWS#L8
Release/SecuritY announcement:
https://www.mail-archive.com/mailman-users@python.org/msg70478.html
PR: 225767 (related vuxml entry)
Reported by: Vladimir Krstulja
MFH: 2018Q1
Security: CVE-2018-5950
Security: 3d0eeef8-0cf9-11e8-99b0-d017c2987f9a
Ports using USE_PYTHON=distutils are now flavored. They will
automatically get flavors (py27, py34, py35, py36) depending on what
versions they support.
There is also a USE_PYTHON=flavors for ports that do not use distutils
but need FLAVORS to be set. A USE_PYTHON=noflavors can be set if
using distutils but flavors are not wanted.
A new USE_PYTHON=optsuffix that will add PYTHON_PKGNAMESUFFIX has been
added to cope with Python ports that did not have the Python
PKGNAMEPREFIX but are flavored.
USES=python now also exports a PY_FLAVOR variable that contains the
current python flavor. It can be used in dependency lines when the
port itself is not python flavored. For example, deskutils/calibre.
By default, all the flavors are generated. To only generate flavors
for the versions in PYTHON2_DEFAULT and PYTHON3_DEFAULT, define
BUILD_DEFAULT_PYTHON_FLAVORS in your make.conf.
In all the ports with Python dependencies, the *_DEPENDS entries MUST
end with the flavor so that the framework knows which to build/use.
This is done by appending '@${PY_FLAVOR}' after the origin (or
@${FLAVOR} if in a Python module with Python flavors, as the content
will be the same). For example:
RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}six>0:devel/py-six@${PY_FLAVOR}
PR: 223071
Reviewed by: portmgr, python
Sponsored by: Absolight
Differential Revision: https://reviews.freebsd.org/D12464
This enforces the EXAMPLES option because we can't keep
the .sample file in etc/newsyslog.conf.d/* - it would be processed
as the actual file, so we use %%EXAMPLESDIR%% for the distributed version.
If the package is built in, for instance, poudriere, or on a computer other
than the one it is later installed on, the DEFAULT_MAIL_HOST and
DEFAULT_URL_HOST variables in the Mailman/Defaults.py file were unsuitable.
Leverage pkg-install to fix these up to be the same as hostname -f at
install time.
[The MFH would require the intermediate update to 2.1.24 to be included.]
MFH: 2017Q3
