From be748fff6a6b044ba3f9e9264defbe13572d3747 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: May 21 2021 08:30:03 +0000 Subject: import mailman-2.1.29-12.module+el8.5.0+10790+91ddbebd --- diff --git a/SOURCES/mailman-2.1.29-cmd_reply_encoding.patch b/SOURCES/mailman-2.1.29-cmd_reply_encoding.patch new file mode 100644 index 0000000..3c8da87 --- /dev/null +++ b/SOURCES/mailman-2.1.29-cmd_reply_encoding.patch @@ -0,0 +1,16 @@ +=== modified file 'Mailman/Queue/CommandRunner.py' +--- Mailman/Queue/CommandRunner.py 2018-06-17 23:47:34 +0000 ++++ Mailman/Queue/CommandRunner.py 2021-03-31 21:53:20 +0000 +@@ -100,6 +100,11 @@ + # E.g the outer Content-Type: was text/html + return + body = part.get_payload(decode=True) ++ if (part.get_content_charset(None)): ++ body = unicode(body, part.get_content_charset(), ++ errors='replace').encode( ++ Utils.GetCharSet(self.msgdata['lang']), ++ errors='replace') + # text/plain parts better have string payloads + assert isinstance(body, StringType) or isinstance(body, UnicodeType) + lines = body.splitlines() + diff --git a/SPECS/mailman.spec b/SPECS/mailman.spec index aa77178..566010f 100644 --- a/SPECS/mailman.spec +++ b/SPECS/mailman.spec @@ -3,7 +3,7 @@ Summary: Mailing list manager with built in Web access Name: mailman Version: 2.1.29 -Release: 11%{?dist} +Release: 12%{?dist} Epoch: 3 Group: Applications/Internet Source0: ftp://ftp.gnu.org/pub/gnu/mailman/mailman-%{version}.tgz @@ -33,6 +33,7 @@ Patch25: mailman-CVE-2020-12137.patch Patch26: mailman-bouncer_oom_crash.patch Patch27: mailman-2.1.29-login_content_injection.patch Patch28: mailman-2.1.29-options_content_njection.patch +Patch29: mailman-2.1.29-cmd_reply_encoding.patch License: GPLv2+ URL: http://www.list.org/ @@ -125,6 +126,7 @@ additional installation steps, these are described in: %patch26 -p0 -b .bouncer_match %patch27 -p0 -b .login_injection %patch28 -p0 -b .options_injection +%patch29 -p0 -b .cmd_reply_encoding #cp $RPM_SOURCE_DIR/mailman.INSTALL.REDHAT.in INSTALL.REDHAT.in cp %{SOURCE5} INSTALL.REDHAT.in @@ -578,6 +580,10 @@ exit 0 %dir %attr(775,root,%{mmgroup}) %{lockdir} %changelog +* Mon Apr 12 2021 Tomas Korbar - 3:2.1.29-12 +- Fix encoding handling of command replies +- Resolves: rhzb#1907323 + * Wed Sep 30 2020 Pavel Zhukov - 3:2.1.29-11 - Fixes for CVE-2020-12108 and CVE-2020-15011