[Mailman-Developers] Re: Mailman 2.1.31 security release - issues and questions
Am 05.05.20 um 20:54 schrieb Mark Sapiro: > On 5/5/20 11:09 AM, Matthias Andree wrote: >> Greetings, >> >> I am the packager of Mailman 2.x for FreeBSD and am reporting two issues >> and have two questions: >> >> I1: It would seem the Spanish translation has regressed with 2.1.31, >> and fails to build on FreeBSD 12.1: >> > ... > >>> File "", line 1 >>> " direcci�n de rebote cuando se usa "responder a >>> todos"), as� que puede ser \n" >>> ^ >>> SyntaxError: invalid syntax >>> *** Error code 1 (ignored) >> There should be \" around 'responder a todos', not simple ". >> Future releases should test build the translations. (Am doing that in >> FreeBSD.) > > Thank you for the report. I actually did compile this message catalog, > but with Mailman's bin/msgfmt.py which didn't catch this error. Mark, My build was also using Mailman's bin/msgfmt.py - it was using relative paths, I am pasting its failing command line again for your convenience: > /usr/local/bin/python2.7 ../build/bin/msgfmt.py -o > es/LC_MESSAGES/mailman.mo es/LC_MESSAGES/mailman.po > I'm going to fix all the above and release 2.1.32 later today. (which I see is out) > The reporter told me he requested a CVE ID, but hasn't given it to me. I > searched Mitre, but if there is a placeholder ID, I wouldn't find it anyway. Thank you. Found revision 1814. Regards, Matthias ___ Mailman-Developers mailing list -- mailman-developers@python.org To unsubscribe send an email to mailman-developers-le...@python.org https://mail.python.org/mailman3/lists/mailman-developers.python.org/ Mailman FAQ: https://wiki.list.org/x/AgA3 Security Policy: https://wiki.list.org/x/QIA9
[Mailman-Developers] Re: Mailman 2.1.31 security release - issues and questions
Greetings,
I am the packager of Mailman 2.x for FreeBSD and am reporting two issues
and have two questions:
I1: It would seem the Spanish translation has regressed with 2.1.31,
and fails to build on FreeBSD 12.1:
> /usr/local/bin/python2.7 ../build/bin/msgfmt.py -o es/LC_MESSAGES/mailman.mo
> es/LC_MESSAGES/mailman.po
> Traceback (most recent call last):
> File "../build/bin/msgfmt.py", line 203, in
> main()
> File "../build/bin/msgfmt.py", line 199, in main
> make(filename, outfile)
> File "../build/bin/msgfmt.py", line 151, in make
> l = eval(l)
> File "", line 1
> " direcci�n de rebote cuando se usa "responder a todos"),
> as� que puede ser \n"
> ^
> SyntaxError: invalid syntax
> *** Error code 1 (ignored)
There should be \" around 'responder a todos', not simple ".
Future releases should test build the translations. (Am doing that in
FreeBSD.)
I2: Then, none of the mailman.po files was updated for the security fix,
and in FreeBSD, I am using sed for a machine edit, where WRKSRC is the
directory that the code is unpacked into (including the mailman-2.1.*
prefix/), and sed -E switches to modern regexps:
> sed -E -e '/Illegal Email Address:/,+1s/ *. %\(safeuser\)s//' \
> ${WRKSRC}/messages/*/LC_MESSAGES/mailman.po
Q1: how about the htdig patches? 1813 does not seem to be on par with
2.1.31. I am using the 2.1.30 patches (version 1812) for now.
Q2: Is the CVE from 2018 going to be used for this vuln or will there be
a new CVE number assigned?
Thanks.
Regards,
Matthias
___
Mailman-Developers mailing list -- mailman-developers@python.org
To unsubscribe send an email to mailman-developers-le...@python.org
https://mail.python.org/mailman3/lists/mailman-developers.python.org/
Mailman FAQ: https://wiki.list.org/x/AgA3
Security Policy: https://wiki.list.org/x/QIA9
