[Mailman-Developers] Re: Mailman 2.1.31 security release - issues and questions
Am 05.05.20 um 20:54 schrieb Mark Sapiro: > On 5/5/20 11:09 AM, Matthias Andree wrote: >> Greetings, >> >> I am the packager of Mailman 2.x for FreeBSD and am reporting two issues >> and have two questions: >> >> I1: It would seem the Spanish translation has regressed with 2.1.31, >> and fails to build on FreeBSD 12.1: >> > ... > >>> File "", line 1 >>> " direcci�n de rebote cuando se usa "responder a >>> todos"), as� que puede ser \n" >>> ^ >>> SyntaxError: invalid syntax >>> *** Error code 1 (ignored) >> There should be \" around 'responder a todos', not simple ". >> Future releases should test build the translations. (Am doing that in >> FreeBSD.) > > Thank you for the report. I actually did compile this message catalog, > but with Mailman's bin/msgfmt.py which didn't catch this error. Mark, My build was also using Mailman's bin/msgfmt.py - it was using relative paths, I am pasting its failing command line again for your convenience: > /usr/local/bin/python2.7 ../build/bin/msgfmt.py -o > es/LC_MESSAGES/mailman.mo es/LC_MESSAGES/mailman.po > I'm going to fix all the above and release 2.1.32 later today. (which I see is out) > The reporter told me he requested a CVE ID, but hasn't given it to me. I > searched Mitre, but if there is a placeholder ID, I wouldn't find it anyway. Thank you. Found revision 1814. Regards, Matthias ___ Mailman-Developers mailing list -- mailman-developers@python.org To unsubscribe send an email to mailman-developers-le...@python.org https://mail.python.org/mailman3/lists/mailman-developers.python.org/ Mailman FAQ: https://wiki.list.org/x/AgA3 Security Policy: https://wiki.list.org/x/QIA9
[Mailman-Developers] Re: Mailman 2.1.31 security release - issues and questions
Greetings, I am the packager of Mailman 2.x for FreeBSD and am reporting two issues and have two questions: I1: It would seem the Spanish translation has regressed with 2.1.31, and fails to build on FreeBSD 12.1: > /usr/local/bin/python2.7 ../build/bin/msgfmt.py -o es/LC_MESSAGES/mailman.mo > es/LC_MESSAGES/mailman.po > Traceback (most recent call last): > File "../build/bin/msgfmt.py", line 203, in > main() > File "../build/bin/msgfmt.py", line 199, in main > make(filename, outfile) > File "../build/bin/msgfmt.py", line 151, in make > l = eval(l) > File "", line 1 > " direcci�n de rebote cuando se usa "responder a todos"), > as� que puede ser \n" > ^ > SyntaxError: invalid syntax > *** Error code 1 (ignored) There should be \" around 'responder a todos', not simple ". Future releases should test build the translations. (Am doing that in FreeBSD.) I2: Then, none of the mailman.po files was updated for the security fix, and in FreeBSD, I am using sed for a machine edit, where WRKSRC is the directory that the code is unpacked into (including the mailman-2.1.* prefix/), and sed -E switches to modern regexps: > sed -E -e '/Illegal Email Address:/,+1s/ *. %\(safeuser\)s//' \ > ${WRKSRC}/messages/*/LC_MESSAGES/mailman.po Q1: how about the htdig patches? 1813 does not seem to be on par with 2.1.31. I am using the 2.1.30 patches (version 1812) for now. Q2: Is the CVE from 2018 going to be used for this vuln or will there be a new CVE number assigned? Thanks. Regards, Matthias ___ Mailman-Developers mailing list -- mailman-developers@python.org To unsubscribe send an email to mailman-developers-le...@python.org https://mail.python.org/mailman3/lists/mailman-developers.python.org/ Mailman FAQ: https://wiki.list.org/x/AgA3 Security Policy: https://wiki.list.org/x/QIA9