On 5/5/20 11:09 AM, Matthias Andree wrote:
Greetings,
I am the packager of Mailman 2.x for FreeBSD and am reporting two issues and have two questions:
I1: It would seem the Spanish translation has regressed with 2.1.31, and fails to build on FreeBSD 12.1:
...
File "<string>", line 1 " direcci�n de rebote cuando se usa "responder a todos"), as� que puede ser \n" ^ SyntaxError: invalid syntax *** Error code 1 (ignored)
There should be \" around 'responder a todos', not simple ". Future releases should test build the translations. (Am doing that in FreeBSD.)
Thank you for the report. I actually did compile this message catalog, but with Mailman's bin/msgfmt.py which didn't catch this error.
I2: Then, none of the mailman.po files was updated for the security fix, and in FreeBSD, I am using sed for a machine edit, where WRKSRC is the directory that the code is unpacked into (including the mailman-2.1.* prefix/), and sed -E switches to modern regexps:
sed -E -e '/Illegal Email Address:/,+1s/ *. %\(safeuser\)s//'
${WRKSRC}/messages/*/LC_MESSAGES/mailman.po
My bad for not updating mailman.pot and making the subsequent changes.
I'm going to fix all the above and release 2.1.32 later today.
Q1: how about the htdig patches? 1813 does not seem to be on par with 2.1.31. I am using the 2.1.30 patches (version 1812) for now.
I'll get to it.
Q2: Is the CVE from 2018 going to be used for this vuln or will there be a new CVE number assigned?
The reporter told me he requested a CVE ID, but hasn't given it to me. I searched Mitre, but if there is a placeholder ID, I wouldn't find it anyway.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan