ALT Linux repositórios
Group :: Sistema/Servidores
RPM: mailman
Main Changelog Spec Patches Sources Download Gear Bugs e FR Repocop
14 dezembro 2021 L.A. Kostis <lakostis at altlinux.ru> 5:2.1.39-alt1
- 2.1.38 -> 2.1.39 (fixes for CVE-2021-42097 and CVE-2021-44227).
- 2.1.37 -> 2.1.38 (fixes for CVE-2021-44227).
- Updated to 2.1.36.
- Security fixes:
+ CVE-2021-43331: A potential XSS attack via the user options.
+ CVE-2021-43332: A potential for for a list moderator to carry out an
off-line brute force attack to obtain the list
admin password.
- 2.1.36 -> 2.1.37 (fixes bug in the fix for CVE-2021-43332).
- Updated to 2.1.35:
- Security fixes:
+ CVE-2021-42096: Attack to obtain the list admin password.
+ CVE-2021-42097: A CSRF attack via the user options page
could allow takeover of a users
- Fixed FTBFS: removed %post scripts for apache2 due to changes
in rpm-build-apache2 and apache2 with migration post-scripts to filetriggers.
- 2.1.33-4-g0f97bcba -> 2.1.34-3-g1d42a8b8.
- 2.1.29-9-ge227cb9f -> 2.1.33-4-g0f97bcba.
- mm_config.py: reset MAILMAN_SITE_LIST to default (closes: #36460).
- Fixed python shebangs.
- 2.1.29 -> 2.1.29-9-ge227cb9f.
- 2.1.26 -> 2.1.29 (fixes: CVE-2018-0618, CVE-2018-13796).
- Enhanced init script.
- Added tmpfiles.d(5) rules and a systemd unit file for mailman.
- Updated to 2.1.26.
- Relocated %_libdir/mailman to %_libexecdir/mailman.
- Rewritten logrotate configuration.
- Fixed nginx subpackage.
- removed apache-1 support
- LP shapshot 20160916.
- Security fixes:
+ CVE-2016-6893: Extend CSRF protection to user options page.
- Updated to 2.1.22.
- Updated to 2.1.21.
- Added patch from 2.1.22-dev:
+ Don't collapse multipart with a single sub-part
inside multipart/signed parts.
- Updated README.ALT (small style fixes).
- Updated README.ALT (add upgrade notes).
- Added trigger to show a warning after upgrade from 2.1.12.
- .spec cleanup:
+ use existing rpm-macros instead hardcoded values;
+ update buildreq (added MTA);
+ split out web configuration to separate packages
(apache/apache2/nginx);
+ fix access rights for logdir to make logrotate happy.
- Updated to 2.1.21rc2.
- Security fixes:
+ CVE-2015-2775 (path traversal vulnerability);
+ DMARC support. - Sync debian patches up to 1:2.1.20-1.
- New upstream release (2.1.15).
- Security fixes:
+ CVE-2011-0707,
+ many fixes in web interface against XSS attacks,
+ web admin interface has been hardened against CSRF attacks. - Re-merge debian patches.
- Rebuild with Python-2.7
- Rebuilt with python 2.6
- Fix message translations building.
- Typo in Russian template corrected.
- New upstream release (2.1.12).
- New upstream release (2.1.10 final).
- README.ALT updated by vvk@ .
- Update broken translation list.
- Don't depend on python version.
- New upstream release (2.1.10 beta 3).
- Contains CVE-2008-0564 fix.
- Make _exec_prefix arch-dependent.
- Be silent on the very first install.
- Switch to mailman user while updating database as root.
- Make last_mailman_version file group writable.
- Move lockfiles and pidfile during package upgrade.
- Check lockfile before service stop.
- Update and fix fuzzy Russian translations.
- Move configs and passwords to %_sysconfdir/%name.
- Store allowed groups in %_sysconfdir/%name/cgi.groups
and %_sysconfdir/%name/mail.groups. - Check Postfix config with 'postconf' during alias update.
- Update alias maps on upgrade/install.
- Custom fix_bounce.py script.
- Import a lot of Debian patches from mailman_2.1.9-5.diff.
- Add Debian manpages.
- Extra public/private option for list_lists utility.
- Japanese and Korean codecs disabled.
- Remove pidfile on 'maimanctl stop'.
- Check master-qrunner lockfile in crontab.
- Update python requires/provides.
- Compile .pyo files.
- Filter out some python warnings.
- Workaround for several Russian charsets.
- Update Russian translation.
- New packager.
- nev version
- fix for #10226 (thanks to Slava Dubrovskiy)
- patches cleanup
- various patches from debian
- Security fix
- Email package updated to email-2.5.8
- New version with bug fix CVE-2006-1712
- Email package updated to email-2.5.7
- Fix provides (thanks to Vitaly Lipatov)
- Fix for missed files
- New version
- Fix for file permissions
- Patches for CVE-2005-3573
- New version release
- New version
- Fix for #6569 bug
- Rebuilt with python-2.4.
- NMU by ALT Security Team:
+ applied fixes for CAN-2004-1177 and CAN-2005-0202.
- Fixed a bug #2821 for restart method
- Fix dependencies
- Spec cleanup
- New version
- Rebuild with python23
- Spec cleanup
- Start/stop mailman with wrapper script
- mm_cfg.py file moved to /var/lib/mailman/etc/mm_config.py
- fix permissions for /usr/share/mailman/*
- fix permissions for /var/lib/mailman
- fix permissions for /var/lib/mailman/etc/*
- fix initscript
- remove dependency to himself
- remove dependency to kernel headers
- remove old post- and pre- scripts
- remove alias_database at postfix config
- remove old patches
- add patch12
- add patch13
- add README.ALT
- Fixed a XSS error in the admin script
- Fixed a bug 818752 Changing option via email not work
- Fixed a bug 826775 Change URL for submit buttons
- Translation to russian language by fattie
- Fix illegal links in admin web-interface
- Fix crash when illegal charset in header detected
- Fix crash when illegal coding in header detected
- New version
- Removed patch for defaults
- Removed patch for absolute url fix
- Added Scrubber patch 670167
- spec cleanup
- add condstart/condstop to init
- new version
- spec cleanup
- patch to fix absolute url
- base64 patch replaced by email patch
- patch 667026 - HyperArch.py unicode substitution
- patch 755045 - Discard_All button for pending posts administration
- update mm_cfg.py file
- fix mailman site list defaults at mm_cfg.py
- fix comment at %post script
- build new version
- Closed a cross-site scripting vulnerability in the user options page.
- Restore the ability to control which headers show up in messages
included in plaintext and MIME digests. See the variables
PLAIN_DIGEST_KEEP_HEADERS and MIME_DIGEST_KEEP_HEADERS in
Defaults.py. - Messages included in the plaintext digests are now sent through
the scrubber to remove (and archive) attachments. Otherwise,
attachments would screw up plaintext digests. MIME digests
include the attachments inline.
- build new version
- Added initscript
- Added symlink to logs
- Added symlink to spool
- Moved httpd addon config to /etc/httpd/conf/addon-modules/
- Moved crontab to /etc/cron.d
- Removed symlink /etc/smrsh/wrapper
- Patch for postfix virtual maps
- Patch for email library
- rebuild
- 2.0.13
- Relocated log directory from /var/lib/mailman/logs to /var/log/mailman.
- Relocated queue directory from /var/lib/mailman/qfiles to /var/spool/mailman/qfiles.
- Added logrotate script.
- Added %httpdconfdir/%name.conf, updated INSTALL instructions.
- Added more READMEs.
- Rebuilt to fix perms.
- 2.0.12
- 2.0.11
- 2.0.10
- Added one more check for postman user.
- Updated code to 2.0.9
- Set explicit versioned provides on setup which defines group "postman".
- Added special check for postman group at %pre stage.
- Changed mail_group from nobody to postman (#0000607).
- Set explicit versioned dependence on postfix.
- Set more strict permissions on /usr/share/mailman and /usr/lib/mailman subdirectories.
- rebuilt with new python
- 2.0.8 (security fix release to prevent cross-site scripting exploits.)
- 2.0.7
- Rebuilt with python-2.1
- Fixed broken symlink /etc/smrsh/wrapper (#27).
- 2.0.5
- 2.0.4
- Updated install hints.
- 2.0.3
- 2.0.2
- Enhanced FHSification.
- Fixed %post script.
- 2.0.1
- Updated description (MDK).
- Patched Defaults.py.
- Rebuild with new brp-python policy.
- 2.0 release.
- 2.0beta6.
- RE adaptions
- add note about adding FollowSymlinks so that archives work
- make the default owner root again so that root owns the docs
- update to 2.0beta5, which fixes a possible security vulnerability
- add smrsh symlink
- rebuilt
- update to beta4
- change uid/gid to apache.apache to match apache (#13593)
- properly recompile byte-compiled versions of the scripts (#13619)
- change mailman alias from root to postmaster
- update to beta3
- drop bugs and arch patches (integrated into beta3)
- move web files to reside under %contentdir
- move files from /usr/share to %_datadir
- integrate spot-fixes from mailman lists via gnome.org
- rebuild for Power Tools
- Update to 2.0beta2 to pick up security fixes.
- Change Requires: python to list >= 1.5.2
- 1.1
- 1.0 final.
- security fix for cookies
- moved to /usr/share/mailman
- fix up default values.
- modifications to install scripts
- initial RPM for SWS 3.0