mail/mailman: security update to 2.1.33

Fixing another content injection vulnerability, this time via private archive login if the list's roster visibility (private_roster) setting is 'Anyone'. https://bugs.launchpad.net/mailman/+bug/1877379 https://launchpadlibrarian.net/478684932/private.diff https://mail.python.org/archives/list/mailman-developers@python.org/thread/SYBIZ3MNSQZLKN6PVKO7ZKR7QMOBMS45/ Security: 88760f4d-8ef7-11ea-a66d-4b2ef158be83
svn path=/head/; revision=534286
2020-05-07 20:04:23 +00:00 · 2020-05-07 20:04:23 +00:00 · 717726c568 · 2021-03-31 03:12:20 +00:00
commit 717726c568
parent 49a38bef41
2 changed files with 9 additions and 9 deletions
--- a/mail/mailman/Makefile
+++ b/mail/mailman/Makefile
@ -2,7 +2,7 @@
 # $FreeBSD$

 PORTNAME=	mailman
-DISTVERSION=	2.1.32
+DISTVERSION=	2.1.33
 PORTREVISION=	0
 CATEGORIES=	mail
 MASTER_SITES=	GNU \
@ -128,11 +128,11 @@ MAIL_GID?=	_smtpd
 PKGNAMESUFFIX+=	-with-htdig
 # how to create PATCHFILES:
 #X identify what is the version of msapiro's patches corresponding to the release.
-#X fetch http://bazaar.launchpad.net/~msapiro/mailman/htdig/tarball/1814
+#X fetch http://bazaar.launchpad.net/~msapiro/mailman/htdig/tarball/1815
 #X unpack this tarball, and the original distfile
-#X diff -NEur original-unpack bazaar-unpack | xz --best -c >msapiro-htdig-1814.patch.xz
+#X diff -NEur original-unpack bazaar-unpack | xz --best -c >msapiro-htdig-1815.patch.xz
 #X upload the latter with mode 0644 or similar to freefall's public_distfiles/ directory
-_HTDIGREV=	1814
+_HTDIGREV=	1815
 PATCHFILES+=	msapiro-htdig-${_HTDIGREV}.patch.xz
 RUN_DEPENDS+=	htdig:textproc/htdig
 PLIST_SUB+=	SUB_HTDIG=""
--- a/mail/mailman/distinfo
+++ b/mail/mailman/distinfo
@ -1,5 +1,5 @@
-TIMESTAMP = 1588720179
-SHA256 (mailman/mailman-2.1.32.tgz) = 3755322b23cb41cd726407658dc1ae0d2dcc9887c9239945491a551933505e5d
-SIZE (mailman/mailman-2.1.32.tgz) = 9413055
-SHA256 (mailman/msapiro-htdig-1814.patch.xz) = 91c69185f06e2d581d5a4429e678b740074016511557dae4aa5ee7ded0be349c
-SIZE (mailman/msapiro-htdig-1814.patch.xz) = 50400
+TIMESTAMP = 1588881655
+SHA256 (mailman/mailman-2.1.33.tgz) = 6d7e81753c78120f479a275ea623194cac188a3daf301eb76aa9d39a942d5234
+SIZE (mailman/mailman-2.1.33.tgz) = 9412979
+SHA256 (mailman/msapiro-htdig-1815.patch.xz) = 740aeb99b1e25706ad32bd73ac2035f758b5ec566856d6816aed76496931563b
+SIZE (mailman/msapiro-htdig-1815.patch.xz) = 50408