From 5e5744f96faf378ab9ff524d6cc526a9c58abc38 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Mar 31 2020 09:33:33 +0000
Subject: import mailman-2.1.15-30.el7


---

diff --git a/SOURCES/mailman-2.1.15-rh1351939.patch b/SOURCES/mailman-2.1.15-rh1351939.patch
index a89bfc5..f1cd291 100644
--- a/SOURCES/mailman-2.1.15-rh1351939.patch
+++ b/SOURCES/mailman-2.1.15-rh1351939.patch
@@ -1,6 +1,5 @@
-=== modified file 'Mailman/Handlers/SpamDetect.py'
---- Mailman/Handlers/SpamDetect.py	2012-02-05 21:37:29 +0000
-+++ Mailman/Handlers/SpamDetect.py	2013-10-08 04:57:09 +0000
+--- a/Mailman/Handlers/SpamDetect.py	2012-02-05 21:37:29 +0000
++++ b/Mailman/Handlers/SpamDetect.py	2013-10-08 04:57:09 +0000
 @@ -27,6 +27,7 @@
  
  import re
diff --git a/SOURCES/mailman-cve_2018_0618.patch b/SOURCES/mailman-cve_2018_0618.patch
new file mode 100644
index 0000000..5d2f1bd
--- /dev/null
+++ b/SOURCES/mailman-cve_2018_0618.patch
@@ -0,0 +1,131 @@
+diff --git a/Mailman/Gui/General.py b/Mailman/Gui/General.py
+index 980e5f2..dfde630 100644
+--- a/Mailman/Gui/General.py
++++ b/Mailman/Gui/General.py
+@@ -559,6 +559,14 @@ mlist.info.
+                                           or not isinstance(val, IntType)):
+             doc.addError(_("""<b>admin_member_chunksize</b> attribute not
+             changed!  It must be an integer > 0."""))
++        elif property == 'host_name':
++            try:
++                Utils.ValidateEmail('user@' + val)
++            except Errors.EmailAddressError:
++                doc.addError(_("""<b>host_name</b> attribute not changed!
++                It must be a valid domain name."""))
++            else:
++                GUIBase._setValue(self, mlist, property, val, doc)
+         else:
+             GUIBase._setValue(self, mlist, property, val, doc)
+ 
+diff --git a/Mailman/Utils.py b/Mailman/Utils.py
+index 9dbd0b5..fd6ac79 100644
+--- a/Mailman/Utils.py
++++ b/Mailman/Utils.py
+@@ -1019,6 +1019,7 @@ _badwords = [
+     '<meta',
+     '<object',
+     '<script',
++    '@keyframes',
+     r'\bj(?:ava)?script\b',
+     r'\bvbs(?:cript)?\b',
+     r'\bdomactivate\b',
+@@ -1035,12 +1036,14 @@ _badwords = [
+     r'\bon(?:de)?activate\b',
+     r'\bon(?:after|before)print\b',
+     r'\bon(?:after|before)update\b',
++    r'\b(?:on)?animation(?:end|iteration|start)\b',
+     r'\bonbefore(?:(?:de)?activate|copy|cut|editfocus|paste)\b',
+     r'\bonbeforeunload\b',
+     r'\bonbegin\b',
+     r'\bonblur\b',
+     r'\bonbounce\b',
+     r'\bonbroadcast\b',
++    r'\boncanplay(?:through)?\b',
+     r'\bon(?:cell)?change\b',
+     r'\boncheckboxstatechange\b',
+     r'\bon(?:dbl)?click\b',
+@@ -1056,7 +1059,9 @@ _badwords = [
+     r'\bondrag(?:drop|end|enter|exit|gesture|leave|over)?\b',
+     r'\bondragstart\b',
+     r'\bondrop\b',
+-    r'\bonend\b',
++    r'\bondurationchange\b',
++    r'\bonemptied\b',
++    r'\bonend(?:ed)?\b',
+     r'\bonerror(?:update)?\b',
+     r'\bonfilterchange\b',
+     r'\bonfinish\b',
+@@ -1066,21 +1071,28 @@ _badwords = [
+     r'\bonkey(?:up|down|press)\b',
+     r'\bonlayoutcomplete\b',
+     r'\bon(?:un)?load\b',
++    r'\bonloaded(?:meta)?data\b',
++    r'\bonloadstart\b',
+     r'\bonlosecapture\b',
+     r'\bonmedia(?:complete|error)\b',
++    r'\bonmessage\b',
+     r'\bonmouse(?:down|enter|leave|move|out|over|up|wheel)\b',
+     r'\bonmove(?:end|start)?\b',
+     r'\bon(?:off|on)line\b',
++    r'\bonopen\b',
+     r'\bonoutofsync\b',
+     r'\bonoverflow(?:changed)?\b',
+     r'\bonpage(?:hide|show)\b',
+     r'\bonpaint\b',
+     r'\bonpaste\b',
+     r'\bonpause\b',
++    r'\bonplay(?:ing)?\b',
++    r'\bonpopstate\b',
+     r'\bonpopup(?:hidden|hiding|showing|shown)\b',
+     r'\bonprogress\b',
+     r'\bonpropertychange\b',
+     r'\bonradiostatechange\b',
++    r'\bonratechange\b',
+     r'\bonreadystatechange\b',
+     r'\bonrepeat\b',
+     r'\bonreset\b',
+@@ -1090,19 +1102,30 @@ _badwords = [
+     r'\bonrow(?:delete|enter|exit|inserted)\b',
+     r'\bonrows(?:delete|enter|inserted)\b',
+     r'\bonscroll\b',
+-    r'\bonseek\b',
++    r'\bonsearch\b',
++    r'\bonseek(?:ed|ing)?\b',
+     r'\bonselect(?:start)?\b',
+     r'\bonselectionchange\b',
++    r'\bonshow\b',
+     r'\bonstart\b',
++    r'\bonstalled\b',
+     r'\bonstop\b',
++    r'\bonstorage\b',
+     r'\bonsubmit\b',
++    r'\bonsuspend\b',
+     r'\bonsync(?:from|to)preference\b',
+     r'\bonsyncrestored\b',
+     r'\bontext\b',
+-    r'\bontimeerror\b',
++    r'\bontime(?:error|update)\b',
++    r'\bontoggle\b',
++    r'\bontouch(?:cancel|end|move|start)\b',
+     r'\bontrackchange\b',
++    r'\b(?:on)?transitionend\b',
+     r'\bonunderflow\b',
+     r'\bonurlflip\b',
++    r'\bonvolumechange\b',
++    r'\bonwaiting\b',
++    r'\bonwheel\b',
+     r'\bseeksegmenttime\b',
+     r'\bsvgabort\b',
+     r'\bsvgerror\b',
+diff --git a/Mailman/Gui/GUIBase.py b/Mailman/Gui/GUIBase.py
+index a365aca..290f614 100644
+--- a/Mailman/Gui/GUIBase.py
++++ b/Mailman/Gui/GUIBase.py
+@@ -169,6 +169,7 @@ class GUIBase:
+                 doc.addError(_('Invalid value for variable: %(property)s'))
+             # This is the parent of MMBadEmailError and MMHostileAddress
+             except Errors.EmailAddressError:
++                error = Utils.websafe(str(error))
+                 doc.addError(
+                     _('Bad email address for option %(property)s: %(val)s'))
+             else:
diff --git a/SOURCES/mailman-findmember_decode.patch b/SOURCES/mailman-findmember_decode.patch
new file mode 100644
index 0000000..f90ddc5
--- /dev/null
+++ b/SOURCES/mailman-findmember_decode.patch
@@ -0,0 +1,19 @@
+--- a/Mailman/Cgi/admin.py	2015-03-09 20:37:28 +0000
++++ b/Mailman/Cgi/admin.py	2015-04-13 22:17:02 +0000
+@@ -911,6 +911,15 @@
+     all.sort(lambda x, y: cmp(x.lower(), y.lower()))
+     # See if the query has a regular expression
+     regexp = cgidata.getvalue('findmember', '').strip()
++    try:
++        regexp = regexp.decode(Utils.GetCharSet(mlist.preferred_language))
++    except UnicodeDecodeError:
++        # This is probably a non-ascii character and an English language
++        # (ascii) list.  Even if we didn't throw the UnicodeDecodeError,
++        # the input may have contained mnemonic or numeric HTML entites mixed
++        # with other characters.  Trying to grok the real meaning out of that
++        # is complex and error prone, so we don't try.
++        pass
+     if regexp:
+         try:
+             cre = re.compile(regexp, re.IGNORECASE)
+
diff --git a/SOURCES/mailman-long_text_description.patch b/SOURCES/mailman-long_text_description.patch
new file mode 100644
index 0000000..5d40bf9
--- /dev/null
+++ b/SOURCES/mailman-long_text_description.patch
@@ -0,0 +1,31 @@
+diff --git a/Mailman/Utils.py b/Mailman/Utils.py
+index 7cd7f9b..aebc1c9 100644
+--- a/Mailman/Utils.py
++++ b/Mailman/Utils.py
+@@ -259,10 +259,25 @@ CRNLpat = re.compile(r'[^\x21-\x7e]')
+ def GetPathPieces(envar='PATH_INFO'):
+     path = os.environ.get(envar)
+     if path:
++        remote = os.environ.get('HTTP_FORWARDED_FOR',
++                 os.environ.get('HTTP_X_FORWARDED_FOR',
++                 os.environ.get('REMOTE_ADDR',
++                                'unidentified origin')))
+         if CRNLpat.search(path):
+             path = CRNLpat.split(path)[0]
+             syslog('error', 'Warning: Possible malformed path attack.')
+-        return [p for p in path.split('/') if p]
++        # Check for listname injections that won't be websafed.
++        pieces = [p for p in path.split('/') if p]
++        # Get the longest listname or 20 if none.
++        if list_names():
++            longest = max([len(x) for x in list_names()])
++        else:
++            longest = 20
++        if pieces and len(pieces[0]) > longest:
++            syslog('mischief',
++               'Hostile listname: listname=%s: remote=%s', pieces[0], remote)
++            pieces[0] = pieces[0][:longest] + '...'
++        return pieces
+     return None
+ 
+ 
diff --git a/SPECS/mailman.spec b/SPECS/mailman.spec
index e9f4066..6f09ba5 100644
--- a/SPECS/mailman.spec
+++ b/SPECS/mailman.spec
@@ -4,7 +4,7 @@
 Summary: Mailing list manager with built in Web access
 Name: mailman
 Version: 2.1.15
-Release: 26%{?dist}.1
+Release: 30%{?dist}
 Epoch: 3
 Group: Applications/Internet
 Source0: ftp://ftp.gnu.org/pub/gnu/mailman/mailman-%{version}.tgz
@@ -45,6 +45,9 @@ Patch24: mailman-2.1.15-CVE-2015-2775.patch
 Patch25: mailman-2.1.15-rh1351939.patch
 Patch26: mailman-2.1.12-newlist-ja.patch
 Patch27: mailman-2_1-xss_vulnerability.patch
+Patch28: mailman-findmember_decode.patch
+Patch29: mailman-long_text_description.patch
+Patch30: mailman-cve_2018_0618.patch
 
 
 License: GPLv2+
@@ -122,29 +125,7 @@ additional installation steps, these are described in:
 %{docdir}/INSTALL.REDHAT
 
 %prep
-%setup -q
-%patch1 -p1 -b .multimail
-%patch2 -p1 -b .permissions
-%patch3 -p1 -b .status
-%patch4 -p1 -b .cron
-%patch5 -p1 -b .FHS
-%patch6 -p1 -b .python-compile
-%patch7 -p1 -b .archive-in-reply-to
-%patch8 -p1 -b .lctype
-%patch9 -p1 -b .ctypo
-%patch10 -p1 -b .ctypefix
-%patch12 -p1 -b .selinux
-%patch13 -p1 -b .unicode
-%patch14 -p1 -b .fhsinit
-%patch17 -p1 -b .mmcfg
-%patch18 -p1 -b .initcleanup
-%patch20 -p1
-%patch22 -p1
-%patch23 -p1
-%patch24 -p1
-%patch25 -p0
-%patch26 -p1
-%patch27 -p1 -b .xss
+%autosetup -p1 
 
 # Change `#!/usr/bin/env python` shebang to `#!/usr/bin/python`
 sed -i '1s|^#! */usr/bin/env python$|#!/usr/bin/python|' `find -iname '*.py'`
@@ -600,17 +581,23 @@ exit 0
 %dir %attr(775,root,%{mmgroup}) %{lockdir}
 
 %changelog
-* Fri Mar 02 2018 Pavel Zhukov <pzhukov@redhat.com> - 3:2.1.15-26.1
-- Related: #1545974 - Add import regular expression module
+* Wed Jul 31 2019 Pavel Zhukov <pzhukov@redhat.com> - 3:2.1.15-30
+- Resolves: #1599692 - Sanitize input on listinfo page (CVE-2018-0618)
 
-* Fri Mar 02 2018 Pavel Zhukov <pzhukov@redhat.com> - 3:2.1.15-26
-- Related: #1545974 - Bump release to make it higher than 7.5
+* Wed Jul 31 2019 Pavel Zhukov <pzhukov@redhat.com> - 3:2.1.15-29
+- Resolves: #1611689 -  Trim long text in "no such list" messages
+
+* Mon Jul 22 2019 Pavel Zhukov <pzhukov@redhat.com> - 3:2.1.15-28
+- Resolves: #1718180 - Try to decode member name first
 
-* Fri Mar 02 2018 Pavel Zhukov <pzhukov@redhat.com> - 3:2.1.15-24.2
-- Resolves: #1545974 -  Add sanitizer to mitigate XSS injection
+* Tue Mar 20 2018 Pavel Zhukov <pzhukov@redhat.com> - 3:2.1.15-27
+- Related : #1545973 -  Bump release to override rhel-7.4.z version
+
+* Fri Mar 02 2018 Pavel Zhukov <pzhukov@redhat.com> - 3:2.1.15-26
+- Resolves: #1545973 -  Add sanitizer for XSS mitigation
 
-* Fri Feb 16 2018 Pavel Zhukov <pzhukov@redhat.com> - 3:2.1.15-24.1
-- Resolves: #1545974 -  Fix XSS vulnerability in web UI
+* Fri Feb 16 2018 Pavel Zhukov <pzhukov@redhat.com> - 3:2.1.15-25
+- Resolves: #1545973 -  Fix XSS vulnerability in web UI
 
 * Wed Feb 22 2017 Pavel Šimerda <psimerda@redhat.com> - 3:2.1.15-24
 - Resolves: #1232737 - Fix instances of #!/usr/bin/env python in mailman