This is update mail/postfixadmin to 2.3.7 version. ChangeLog: Version 2.3.7 - 2014/02/20 - SVN r1651 (postfixadmin-2.3 branch) ---------------------------------------------------------------- - SECURITY: fix SQL injection in show_gen_status() - lt.lang, da.lang translation update - when enabling/disabling a mailbox, also update the corresponding alias - fix creating superadmin in setup.php with MariaDB (more strict SQL) - don't trim() mail address to avoid that aliases starting with a space are allowed. This fixes http://sourceforge.net/p/postfixadmin/bugs/210/ and https://sourceforge.net/p/postfixadmin/feature-requests/113/ - update regex in check_domain() to support new, longer TLDs like .international - mark vacation_notification.notified field as latin1 to avoid overlong index - vacation.pl: encode subject - vacation.pl: disable use of TLS by default due to a bug in Mail::Sender 0.8.22 (you can re-enable it with $smtp_tls_allowed) It also adds staging support. Fix: Patch attached with submission follows:
State Changed From-To: open->feedback Awaiting maintainers feedback (via the GNATS Auto Assign Tool)
Maintainer of mail/postfixadmin, Please note that PR ports/189248 has just been submitted. If it contains a patch for an upgrade, an enhancement or a bug fix you agree on, reply to this email stating that you approve the patch and a committer will take care of it. The full text of the PR can be found at: http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/189248 -- Edwin Groothuis via the GNATS Auto Assign Tool edwin@FreeBSD.org
Little fix in patch was needed (fixing too strict permissions). New diff is attached. -- best regards, Lukasz Wasikowski
I'd like to call maintainer timeout on that. It's kind of important as current postfixadmin version in ports is vulnerable to sql injection and lacks stage support. Could anyone commit postfixadmin-2.3.7.diff.txt patch?
(In reply to Lukasz Wasikowski from comment #4) > I'd like to call maintainer timeout on that. It's kind of important as > current postfixadmin version in ports is vulnerable to sql injection and > lacks stage support. Could anyone commit postfixadmin-2.3.7.diff.txt patch? Bumping that as this version is a security fix.
Thank you for the patch; this is definitely a maintainer timeout. I've tried your patch locally, and get stage_fs_violations because you've removed the %%PORTDOCS%% entries from the plist. Is there a reason for that?
No, it's probably my mistake. I'll make another patch tomorrow, thank you for testing.
I had OPTIONS_UNSET=DOCS in my make.conf before, I've started with an empty make.conf and tested this port under poudriere and portlint. It should be ok now.
Created attachment 144630 [details] New patch for postfixadmin 2.3.7
A commit references this bug: Author: rakuco Date: Sun Jul 13 13:29:22 UTC 2014 New revision: 361678 URL: http://svnweb.freebsd.org/changeset/ports/361678 Log: Add entry for mail/postfixadmin. PR: 189248 MFH: 2014Q3 Changes: head/security/vuxml/vuln.xml
A commit references this bug: Author: rakuco Date: Sun Jul 13 13:31:02 UTC 2014 New revision: 361679 URL: http://svnweb.freebsd.org/changeset/ports/361679 Log: - Update to 2.3.7, which contains a security fix. - Support staging. PR: 189248 Submitted by: Lukasz Wasikowski <lukasz@wasikowski.net> Approved by: maintainer timeout (72 days) MFH: 2014Q3 Security: ff98087f-0a8f-11e4-b00b-5453ed2e2b49 Changes: head/mail/postfixadmin/Makefile head/mail/postfixadmin/distinfo head/mail/postfixadmin/files/pkg-message.in head/mail/postfixadmin/pkg-descr
Committed, thank you very much for working on this, and sorry nobody acted on it earlier.
A commit references this bug: Author: rakuco Date: Sun Jul 13 18:12:02 UTC 2014 New revision: 361701 URL: http://svnweb.freebsd.org/changeset/ports/361701 Log: MFH: r361678 Add entry for mail/postfixadmin. PR: 189248 Approved by: portmgr (miwi) Changes: _U branches/2014Q3/ branches/2014Q3/security/vuxml/vuln.xml
A commit references this bug: Author: rakuco Date: Sun Jul 13 18:13:58 UTC 2014 New revision: 361702 URL: http://svnweb.freebsd.org/changeset/ports/361702 Log: MFH: r361679 - Update to 2.3.7, which contains a security fix. - Support staging. PR: 189248 Submitted by: Lukasz Wasikowski <lukasz@wasikowski.net> Approved by: maintainer timeout (72 days) Security: ff98087f-0a8f-11e4-b00b-5453ed2e2b49 Approved by: portmgr (miwi) Changes: _U branches/2014Q3/ branches/2014Q3/mail/postfixadmin/Makefile branches/2014Q3/mail/postfixadmin/distinfo branches/2014Q3/mail/postfixadmin/files/pkg-message.in branches/2014Q3/mail/postfixadmin/pkg-descr