areguera / rpms / mailman

Forked from rpms/mailman 4 years ago
Clone
Source Code
GIT

Blame SOURCES/mailman-cve_2018_0618.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-2.1 c8-stream-2.1
  1.   7812c94a16460af30357207786c259bc4486bd1c
  2.   SOURCES
  3.   mailman-cve_2018_0618.patch
Blob History Raw
7812c9 
diff --git a/Mailman/Gui/General.py b/Mailman/Gui/General.py
7812c9 
index 980e5f2..dfde630 100644
7812c9 
--- a/Mailman/Gui/General.py
7812c9 
+++ b/Mailman/Gui/General.py
7812c9 
@@ -559,6 +559,14 @@ mlist.info.
7812c9 
                                           or not isinstance(val, IntType)):
7812c9 
             doc.addError(_("""admin_member_chunksize attribute not
7812c9 
             changed!  It must be an integer > 0."""))
7812c9 
+        elif property == 'host_name':
7812c9 
+            try:
7812c9 
+                Utils.ValidateEmail('user@' + val)
7812c9 
+            except Errors.EmailAddressError:
7812c9 
+                doc.addError(_("""host_name attribute not changed!
7812c9 
+                It must be a valid domain name."""))
7812c9 
+            else:
7812c9 
+                GUIBase._setValue(self, mlist, property, val, doc)
7812c9 
         else:
7812c9 
             GUIBase._setValue(self, mlist, property, val, doc)
7812c9
7812c9 
diff --git a/Mailman/Utils.py b/Mailman/Utils.py
7812c9 
index 9dbd0b5..fd6ac79 100644
7812c9 
--- a/Mailman/Utils.py
7812c9 
+++ b/Mailman/Utils.py
7812c9 
@@ -1019,6 +1019,7 @@ _badwords = [
7812c9 
     '
7812c9 
     '
7812c9 
     '
7812c9 
+    '@keyframes',
7812c9 
     r'\bj(?:ava)?script\b',
7812c9 
     r'\bvbs(?:cript)?\b',
7812c9 
     r'\bdomactivate\b',
7812c9 
@@ -1035,12 +1036,14 @@ _badwords = [
7812c9 
     r'\bon(?:de)?activate\b',
7812c9 
     r'\bon(?:after|before)print\b',
7812c9 
     r'\bon(?:after|before)update\b',
7812c9 
+    r'\b(?:on)?animation(?:end|iteration|start)\b',
7812c9 
     r'\bonbefore(?:(?:de)?activate|copy|cut|editfocus|paste)\b',
7812c9 
     r'\bonbeforeunload\b',
7812c9 
     r'\bonbegin\b',
7812c9 
     r'\bonblur\b',
7812c9 
     r'\bonbounce\b',
7812c9 
     r'\bonbroadcast\b',
7812c9 
+    r'\boncanplay(?:through)?\b',
7812c9 
     r'\bon(?:cell)?change\b',
7812c9 
     r'\boncheckboxstatechange\b',
7812c9 
     r'\bon(?:dbl)?click\b',
7812c9 
@@ -1056,7 +1059,9 @@ _badwords = [
7812c9 
     r'\bondrag(?:drop|end|enter|exit|gesture|leave|over)?\b',
7812c9 
     r'\bondragstart\b',
7812c9 
     r'\bondrop\b',
7812c9 
-    r'\bonend\b',
7812c9 
+    r'\bondurationchange\b',
7812c9 
+    r'\bonemptied\b',
7812c9 
+    r'\bonend(?:ed)?\b',
7812c9 
     r'\bonerror(?:update)?\b',
7812c9 
     r'\bonfilterchange\b',
7812c9 
     r'\bonfinish\b',
7812c9 
@@ -1066,21 +1071,28 @@ _badwords = [
7812c9 
     r'\bonkey(?:up|down|press)\b',
7812c9 
     r'\bonlayoutcomplete\b',
7812c9 
     r'\bon(?:un)?load\b',
7812c9 
+    r'\bonloaded(?:meta)?data\b',
7812c9 
+    r'\bonloadstart\b',
7812c9 
     r'\bonlosecapture\b',
7812c9 
     r'\bonmedia(?:complete|error)\b',
7812c9 
+    r'\bonmessage\b',
7812c9 
     r'\bonmouse(?:down|enter|leave|move|out|over|up|wheel)\b',
7812c9 
     r'\bonmove(?:end|start)?\b',
7812c9 
     r'\bon(?:off|on)line\b',
7812c9 
+    r'\bonopen\b',
7812c9 
     r'\bonoutofsync\b',
7812c9 
     r'\bonoverflow(?:changed)?\b',
7812c9 
     r'\bonpage(?:hide|show)\b',
7812c9 
     r'\bonpaint\b',
7812c9 
     r'\bonpaste\b',
7812c9 
     r'\bonpause\b',
7812c9 
+    r'\bonplay(?:ing)?\b',
7812c9 
+    r'\bonpopstate\b',
7812c9 
     r'\bonpopup(?:hidden|hiding|showing|shown)\b',
7812c9 
     r'\bonprogress\b',
7812c9 
     r'\bonpropertychange\b',
7812c9 
     r'\bonradiostatechange\b',
7812c9 
+    r'\bonratechange\b',
7812c9 
     r'\bonreadystatechange\b',
7812c9 
     r'\bonrepeat\b',
7812c9 
     r'\bonreset\b',
7812c9 
@@ -1090,19 +1102,30 @@ _badwords = [
7812c9 
     r'\bonrow(?:delete|enter|exit|inserted)\b',
7812c9 
     r'\bonrows(?:delete|enter|inserted)\b',
7812c9 
     r'\bonscroll\b',
7812c9 
-    r'\bonseek\b',
7812c9 
+    r'\bonsearch\b',
7812c9 
+    r'\bonseek(?:ed|ing)?\b',
7812c9 
     r'\bonselect(?:start)?\b',
7812c9 
     r'\bonselectionchange\b',
7812c9 
+    r'\bonshow\b',
7812c9 
     r'\bonstart\b',
7812c9 
+    r'\bonstalled\b',
7812c9 
     r'\bonstop\b',
7812c9 
+    r'\bonstorage\b',
7812c9 
     r'\bonsubmit\b',
7812c9 
+    r'\bonsuspend\b',
7812c9 
     r'\bonsync(?:from|to)preference\b',
7812c9 
     r'\bonsyncrestored\b',
7812c9 
     r'\bontext\b',
7812c9 
-    r'\bontimeerror\b',
7812c9 
+    r'\bontime(?:error|update)\b',
7812c9 
+    r'\bontoggle\b',
7812c9 
+    r'\bontouch(?:cancel|end|move|start)\b',
7812c9 
     r'\bontrackchange\b',
7812c9 
+    r'\b(?:on)?transitionend\b',
7812c9 
     r'\bonunderflow\b',
7812c9 
     r'\bonurlflip\b',
7812c9 
+    r'\bonvolumechange\b',
7812c9 
+    r'\bonwaiting\b',
7812c9 
+    r'\bonwheel\b',
7812c9 
     r'\bseeksegmenttime\b',
7812c9 
     r'\bsvgabort\b',
7812c9 
     r'\bsvgerror\b',
7812c9 
diff --git a/Mailman/Gui/GUIBase.py b/Mailman/Gui/GUIBase.py
7812c9 
index a365aca..290f614 100644
7812c9 
--- a/Mailman/Gui/GUIBase.py
7812c9 
+++ b/Mailman/Gui/GUIBase.py
7812c9 
@@ -169,6 +169,7 @@ class GUIBase:
7812c9 
                 doc.addError(_('Invalid value for variable: %(property)s'))
7812c9 
             # This is the parent of MMBadEmailError and MMHostileAddress
7812c9 
             except Errors.EmailAddressError:
7812c9 
+                error = Utils.websafe(str(error))
7812c9 
                 doc.addError(
7812c9 
                     _('Bad email address for option %(property)s: %(val)s'))
7812c9 
             else:

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation