[Pkg-mailman-hackers] Pkg-mailman commit - rev 714 - trunk/debian/patches
Thijs Kinkhorst
thijs at alioth.debian.org
Thu Mar 29 10:54:25 UTC 2012
Author: thijs
Date: 2012-03-29 10:54:24 +0000 (Thu, 29 Mar 2012)
New Revision: 714
Removed:
trunk/debian/patches/70_invalid_utf8_dos.patch
trunk/debian/patches/71_date_overflows.patch
Modified:
trunk/debian/patches/series
Log:
issues are fixed upstream long ago, but differently. patches no longer needed.
Deleted: trunk/debian/patches/70_invalid_utf8_dos.patch
===================================================================
--- trunk/debian/patches/70_invalid_utf8_dos.patch 2012-03-29 10:53:14 UTC (rev 713)
+++ trunk/debian/patches/70_invalid_utf8_dos.patch 2012-03-29 10:54:24 UTC (rev 714)
@@ -1,33 +0,0 @@
-Author: Lionel Elie Mamane <lionel at mamane.lu>
-Description: Avoid DOS if attachement filename is invalid Unicode string (Closes: #327732, CVE-2005-3573)
-Bug-Debian: #327732
-Forwarded: no
-
-Index: b/Mailman/Handlers/Scrubber.py
-===================================================================
---- a/Mailman/Handlers/Scrubber.py 2010-05-24 17:50:44.000000000 +0200
-+++ b/Mailman/Handlers/Scrubber.py 2010-05-24 17:51:12.000000000 +0200
-@@ -300,7 +300,10 @@
- os.umask(omask)
- desc = part.get('content-description', _('not available'))
- desc = Utils.oneline(desc, lcset)
-- filename = part.get_filename(_('not available'))
-+ try:
-+ filename = part.get_filename(_('not available'))
-+ except UnicodeDecodeError:
-+ filename = _('not available')
- filename = Utils.oneline(filename, lcset)
- replace_payload_by_text(part, _("""\
- A non-text attachment was scrubbed...
-@@ -422,7 +425,10 @@
- ctype = msg.get_content_type()
- # i18n file name is encoded
- lcset = Utils.GetCharSet(mlist.preferred_language)
-- filename = Utils.oneline(msg.get_filename(''), lcset)
-+ try:
-+ filename = Utils.oneline(msg.get_filename(''), lcset)
-+ except UnicodeDecodeError:
-+ filename = ''
- filename, fnext = os.path.splitext(filename)
- # For safety, we should confirm this is valid ext for content-type
- # but we can use fnext if we introduce fnext filtering
Deleted: trunk/debian/patches/71_date_overflows.patch
===================================================================
--- trunk/debian/patches/71_date_overflows.patch 2012-03-29 10:53:14 UTC (rev 713)
+++ trunk/debian/patches/71_date_overflows.patch 2012-03-29 10:54:24 UTC (rev 714)
@@ -1,18 +0,0 @@
-Author: Lionel Elie Mamane <lionel at mamane.lu>
-Description: React sensibly on integer overflow in date handling (Closes: #326024, CVE-2005-4153)
-Bug-Debian: #326024
-Forwarded: no
-
-Index: b/Mailman/Handlers/Scrubber.py
-===================================================================
---- a/Mailman/Handlers/Scrubber.py 2010-05-24 17:51:12.000000000 +0200
-+++ b/Mailman/Handlers/Scrubber.py 2010-05-24 17:51:13.000000000 +0200
-@@ -122,7 +122,7 @@
- }.get(parts[3], 0)
- day = int(parts[4])
- year = int(parts[6])
-- except (IndexError, ValueError):
-+ except (OverflowError, IndexError, ValueError):
- # Best we can do I think
- month = day = year = 0
- datedir = '%04d%02d%02d' % (year, month, day)
Modified: trunk/debian/patches/series
===================================================================
--- trunk/debian/patches/series 2012-03-29 10:53:14 UTC (rev 713)
+++ trunk/debian/patches/series 2012-03-29 10:54:24 UTC (rev 714)
@@ -12,8 +12,6 @@
59_fix_missing_language_crash.patch
63_update_default_server_language.patch
66_donot_let_cache_html_pages.patch
-70_invalid_utf8_dos.patch
-71_date_overflows.patch
79_archiver_slash.patch
80_CVE-2011-0707_confirm_xss.patch
99_js_templates.patch
More information about the Pkg-mailman-hackers
mailing list