dbp/linamh
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Bump

Browse Source 
Package-Manager: portage-2.2.0_alpha142
RepoMan-Options: --force
This commit is contained in:
Mario Fetka
2013-02-14 20:06:01 +01:00
parent af760e7ca1
commit 1eada66277
12 changed files with 227 additions and 560 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
net-mail/mailman/files/50_mailman.conf
View File

@@ -1,18 +0,0 @@
<IfDefine MAILMAN>
ScriptAlias /mailman/ "/usr/local/mailman/cgi-bin/"
<Directory "/usr/local/mailman/cgi-bin/">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
Alias /pipermail/ "/usr/local/mailman/archives/public/"
<Directory "/usr/local/mailman/archives/public/">
AllowOverride None
Options ExecCGI FollowSymLinks
Order allow,deny
Allow from all
</Directory>
</IfDefine>

149
net-mail/mailman/files/README.gentoo-r2
View File

@@ -1,149 +0,0 @@
# Copyright 1999-2012 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-mail/mailman/files/README.gentoo-r2,v 1.1 2008/01/22 15:47:37 hanno Exp $
Follow these instructions to finish setting up mailman. This file and the
original ebuild were tweaked by me <lamer@gentoo.org> but were graciously
submitted by Joby Walker (YOU RULE!)
2003 Jul 09: updated by Jesus Perez and re-tweaked by me <raker@gentoo.org>
for 2.1.x.
Please view the documentation on Mailman at: http://www.list.org/
This documentation assumes you're using the default gentoo path
(/usr/lib/mailman/), if you've changed it with MAILMAN_PREFIX, adjust them
accordingly.
1) If this is your first time installing mailman, after your "emerge mailman",
you need to add -D MAILMAN to /etc/conf.d/apache or /etc/conf.d/apache2 and restart
apache.
2) In your /etc/conf.d/apache (for apache 1.x)
or /etc/conf.d/apache2 (for apache 2.x)
file add the additional option to the
APACHE_OPTS or APACHE2_OPTS variable:
-D MAILMAN
3) Make sure mailman is a part of the cron group
4) This must be done as user mailman:
su - mailman
Add the cron jobs:
cd cron
crontab crontab.in
cd ..
Create the site password:
bin/mmsitepass
and main list:
bin/newlist mailman
5) Change back to root:
exit
(Postfix users: read the notes at the end of this file before you continue)
Add this to /etc/mail/aliases (and see point 9 for notes):
mailman: "|/usr/lib/mailman/mail/mailman post mailman"
mailman-admin: "|/usr/lib/mailman/mail/mailman admin mailman"
mailman-bounces: "|/usr/lib/mailman/mail/mailman bounces mailman"
mailman-confirm: "|/usr/lib/mailman/mail/mailman confirm mailman"
mailman-join: "|/usr/lib/mailman/mail/mailman join mailman"
mailman-leave: "|/usr/lib/mailman/mail/mailman leave mailman"
mailman-owner: "|/usr/lib/mailman/mail/mailman owner mailman"
mailman-request: "|/usr/lib/mailman/mail/mailman request mailman"
mailman-subscribe: "|/usr/lib/mailman/mail/mailman subscribe mailman"
mailman-unsubscribe: "|/usr/lib/mailman/mail/mailman unsubscribe mailman"
For courier, the aliases have to go to /etc/courier/aliases and you have to skip
the quotes.
Run newaliases (only if you use sendmail).
newaliases
Copy the web icons:
cp /usr/lib/mailman/icons/* /var/www/localhost/icons
6) Start the mailman daemon:
/etc/init.d/mailman start
and add it to default runlevel (optional but recommended):
rc-update add mailman default
7) For each list created (either with web interface or with bin/newlist)
this must be added to /etc/mail/aliases (see smrsh notes below)
replace <list-name> with the name of the list:
<list-name>: "|/usr/lib/mailman/mail/mailman post <list-name>"
<list-name>-admin: "|/usr/lib/mailman/mail/mailman admin <list-name>"
<list-name>-bounces: "|/usr/lib/mailman/mail/mailman bounces <list-name>"
<list-name>-confirm: "|/usr/lib/mailman/mail/mailman confirm <list-name>"
<list-name>-join: "|/usr/lib/mailman/mail/mailman join <list-name>"
<list-name>-leave: "|/usr/lib/mailman/mail/mailman leave <list-name>"
<list-name>-owner: "|/usr/lib/mailman/mail/mailman owner <list-name>"
<list-name>-request: "|/usr/lib/mailman/mail/mailman request <list-name>"
<list-name>-subscribe: "|/usr/lib/mailman/mail/mailman subscribe <list-name>"
<list-name>-unsubscribe: "|/usr/lib/mailman/mail/mailman unsubscribe <list-name>"
For courier, the aliases have to go to /etc/courier/aliases and you have to skip
the quotes.
Run newaliases:
newaliases
smrsh notes
-----------
(if you use sendmail, you are surely using srmsh) you must note that
sendmail won't run any program outside of EBINDIR. I tried to change
EBINDIR using,define(`confEBINDIR', `/usr/lib/mailman/mail')dnl in
sendmail.mc but it didn't work, so mailman must be placed in EBINDIR,
which in Gentoo is /usr/adm/sm.bin, so you must run as root:
ln -s /usr/lib/mailman/mail/mailman /usr/adm/sm.bin/mailman
And the lines in /etc/mail/aliases which refer to
/usr/lib/mailman/mail/mailman must be changed to mailman:
<list-name>: "|mailman post <list-name>"
<list-name>-admin: "|mailman admin <list-name>"
<list-name>-bounces: "|mailman bounces <list-name>"
<list-name>-confirm: "|mailman confirm <list-name>"
<list-name>-join: "|mailman join <list-name>"
<list-name>-leave: "|mailman leave <list-name>"
<list-name>-owner: "|mailman owner <list-name>"
<list-name>-request: "|mailman request <list-name>"
<list-name>-subscribe: "|mailman subscribe <list-name>"
<list-name>-unsubscribe: "|mailman unsubscribe <list-name>"
Other Helpful things to know...
-------------------------------
run "bin/check_perms -f" from the root mailman directory
(/usr/lib/mailman) to check and fix permission problems.
The INSTALL file is located in /usr/share/doc/mailman-$VERSION/
Postfix notes
-------------
If you're using Postfix, don't manually change your /etc/mail/aliases
file, as described above. Instead, follow these instructions:
http://list.org/mailman-install/node13.html
This will set up Mailman and Postfix to automatically generate the new
aliases when you create new lists. It will also make sure that Postfix
uses the correct group ID when it's talking to Mailman, otherwise you
will get security errors from Mailman.

2
net-mail/mailman/files/README.gentoo-r3
View File

@@ -1,4 +1,4 @@
# Copyright 1999-2012 Gentoo Foundation
# Copyright 1999-2013 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-mail/mailman/files/README.gentoo-r3,v 1.2 2008/11/14 11:07:55 hanno Exp $

11
net-mail/mailman/files/mailman-2.1.12-add-destdir.patch
View File

@@ -1,11 +0,0 @@
--- mailman-2.1.12/misc/Makefile.in.1 2009-08-01 11:47:54.000000000 +0200
+++ mailman-2.1.12/misc/Makefile.in 2009-08-01 11:48:02.000000000 +0200
@@ -93,7 +93,7 @@
install-packages:
if [ -z "$(EMAILPKG)" -a -d $(PYTHONLIBDIR)/email ] ; \
then \
- rm -rf $(PYTHONLIBDIR)/email* ; \
+ rm -rf $(DESTDIR)/$(PYTHONLIBDIR)/email* ; \
fi
for p in $(PACKAGES); \
do \

32
net-mail/mailman/files/mailman-2.1.12-directory-check.patch
View File

@@ -1,32 +0,0 @@
diff -Naur mailman-2.1.12/bin/check_perms mailman-2.1.12-1/bin/check_perms
--- mailman-2.1.12/bin/check_perms 2009-02-23 22:23:35.000000000 +0100
+++ mailman-2.1.12-1/bin/check_perms 2009-08-01 11:28:56.000000000 +0200
@@ -340,6 +340,8 @@
print _('checking permissions on list data')
# BAW: This needs to be converted to the Site module abstraction
for dir in os.listdir(mm_cfg.LIST_DATA_DIR):
+ if not S_ISDIR(statmode(os.path.join(mm_cfg.LIST_DATA_DIR,dir))):
+ continue
for file in checkfiles:
path = os.path.join(mm_cfg.LIST_DATA_DIR, dir, file)
if STATE.VERBOSE:
diff -Naur mailman-2.1.12/bin/update mailman-2.1.12-1/bin/update
--- mailman-2.1.12/bin/update 2009-02-23 22:23:35.000000000 +0100
+++ mailman-2.1.12-1/bin/update 2009-08-01 11:29:19.000000000 +0200
@@ -34,6 +34,7 @@
"""
import os
+import stat
import sys
import time
import errno
@@ -431,7 +432,7 @@
# Now update for the Mailman 2.1.5 qfile format. For every filebase in
# the qfiles/* directories that has both a .pck and a .db file, pull the
# data out and re-queue them.
- for dirname in os.listdir(mm_cfg.QUEUE_DIR):
+ for dirname in [x for x in os.listdir(mm_cfg.QUEUE_DIR) if stat.S_ISDIR(os.stat(os.path.join(mm_cfg.QUEUE_DIR,x)).st_mode)]:
dirpath = os.path.join(mm_cfg.QUEUE_DIR, dirname)
if dirpath == mm_cfg.BADQUEUE_DIR:
# The files in qfiles/bad can't possibly be pickles

30
net-mail/mailman/files/mailman-2.1.8_rc1-directory-check.patch
View File

@@ -1,30 +0,0 @@
--- bin/check_perms.org 2005-05-25 00:04:15.000000000 +0200
+++ bin/check_perms 2005-05-25 00:04:35.000000000 +0200
@@ -331,6 +331,8 @@
print _('checking permissions on list data')
# BAW: This needs to be converted to the Site module abstraction
for dir in os.listdir(mm_cfg.LIST_DATA_DIR):
+ if not S_ISDIR(statmode(os.path.join(mm_cfg.LIST_DATA_DIR,dir))):
+ continue
for file in checkfiles:
path = os.path.join(mm_cfg.LIST_DATA_DIR, dir, file)
if STATE.VERBOSE:
--- bin/update.org 2005-05-25 00:04:30.000000000 +0200
+++ bin/update 2005-05-25 00:04:35.000000000 +0200
@@ -34,6 +34,7 @@
"""
import os
+import stat
import md5
import sys
import time
@@ -425,7 +426,7 @@
# Now update for the Mailman 2.1.5 qfile format. For every filebase in
# the qfiles/* directories that has both a .pck and a .db file, pull the
# data out and re-queue them.
- for dirname in os.listdir(mm_cfg.QUEUE_DIR):
+ for dirname in [x for x in os.listdir(mm_cfg.QUEUE_DIR) if stat.S_ISDIR(os.stat(os.path.join(mm_cfg.QUEUE_DIR,x)).st_mode)]:
dirpath = os.path.join(mm_cfg.QUEUE_DIR, dirname)
if dirpath == mm_cfg.BADQUEUE_DIR:
# The files in qfiles/bad can't possibly be pickles

275
net-mail/mailman/files/mailman-2.1.9-fix-XSS.patch
View File

@@ -1,275 +0,0 @@
=== modified file 'Mailman/Cgi/edithtml.py'
--- Mailman/Cgi/edithtml.py 2006-08-30 14:54:22 +0000
+++ Mailman/Cgi/edithtml.py 2007-12-04 19:52:18 +0000
@@ -1,4 +1,4 @@
-# Copyright (C) 1998-2006 by the Free Software Foundation, Inc.
+# Copyright (C) 1998-2007 by the Free Software Foundation, Inc.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
@@ -159,7 +159,20 @@
doc.AddItem('<hr>')
return
code = cgi_info['html_code'].value
- code = re.sub(r'<([/]?script.*?)>', r'&lt;\1&gt;', code)
+ if Utils.suspiciousHTML(code):
+ doc.AddItem(Header(3,
+ _("""The page you saved contains suspicious HTML that could
+potentially expose your users to cross-site scripting attacks. This change
+has therefore been rejected. If you still want to make these changes, you
+must have shell access to your Mailman server.
+ """)))
+ doc.AddItem(_('See '))
+ doc.AddItem(Link(
+'http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq04.048.htp',
+ _('FAQ 4.48.')))
+ doc.AddItem(Header(3,_("Page Unchanged.")))
+ doc.AddItem('<hr>')
+ return
langdir = os.path.join(mlist.fullpath(), mlist.preferred_language)
# Make sure the directory exists
omask = os.umask(0)
=== modified file 'Mailman/Gui/General.py'
--- Mailman/Gui/General.py 2006-08-30 14:54:22 +0000
+++ Mailman/Gui/General.py 2007-12-04 19:52:18 +0000
@@ -1,4 +1,4 @@
-# Copyright (C) 2001-2006 by the Free Software Foundation, Inc.
+# Copyright (C) 2001-2007 by the Free Software Foundation, Inc.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
@@ -436,17 +442,21 @@
# Convert any html entities to Unicode
mlist.subject_prefix = Utils.canonstr(
val, mlist.preferred_language)
+ elif property == 'info':
+ if val <> mlist.info:
+ if Utils.suspiciousHTML(val):
+ doc.addError(_("""The <b>info</b> attribute you saved
+contains suspicious HTML that could potentially expose your users to cross-site
+scripting attacks. This change has therefore been rejected. If you still want
+to make these changes, you must have shell access to your Mailman server.
+This change can be made with bin/withlist or with bin/config_list by setting
+mlist.info.
+ """))
+ else:
+ mlist.info = val
else:
GUIBase._setValue(self, mlist, property, val, doc)
- def _escape(self, property, value):
- # The 'info' property allows HTML, but let's sanitize it to avoid XSS
- # exploits. Everything else should be fully escaped.
- if property <> 'info':
- return GUIBase._escape(self, property, value)
- # Sanitize <script> and </script> tags but nothing else. Not the best
- # solution, but expedient.
- return re.sub(r'(?i)<([/]?script.*?)>', r'&lt;\1&gt;', value)
def _postValidate(self, mlist, doc):
if not mlist.reply_to_address.strip() and \
=== modified file 'Mailman/Gui/GUIBase.py'
--- Mailman/Gui/GUIBase.py 2005-08-27 01:40:17 +0000
+++ Mailman/Gui/GUIBase.py 2007-11-18 20:01:26 +0000
@@ -1,4 +1,4 @@
-# Copyright (C) 2002-2004 by the Free Software Foundation, Inc.
+# Copyright (C) 2002-2007 by the Free Software Foundation, Inc.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
@@ -12,7 +12,8 @@
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+# USA.
"""Base class for all web GUI components."""
@@ -122,10 +127,6 @@
# Validate all the attributes for this category
pass
- def _escape(self, property, value):
- value = value.replace('<', '&lt;')
- return value
-
def handleForm(self, mlist, category, subcat, cgidata, doc):
for item in self.GetConfigInfo(mlist, category, subcat):
# Skip descriptions and legacy non-attributes
@@ -144,10 +145,9 @@
elif not cgidata.has_key(property):
continue
elif isinstance(cgidata[property], ListType):
- val = [self._escape(property, x.value)
- for x in cgidata[property]]
+ val = [x.value for x in cgidata[property]]
else:
- val = self._escape(property, cgidata[property].value)
+ val = cgidata[property].value
# Coerce the value to the expected type, raising exceptions if the
# value is invalid.
try:
=== modified file 'Mailman/Utils.py'
--- Mailman/Utils.py 2007-11-25 08:04:30 +0000
+++ Mailman/Utils.py 2007-12-04 19:52:18 +0000
@@ -876,3 +876,154 @@
except (LookupError, UnicodeError, ValueError, HeaderParseError):
# possibly charset problem. return with undecoded string in one line.
return EMPTYSTRING.join(s.splitlines())
+
+
+# Patterns and functions to flag possible XSS attacks in HTML.
+# This list is compiled from information at http://ha.ckers.org/xss.html,
+# http://www.quirksmode.org/js/events_compinfo.html,
+# http://www.htmlref.com/reference/appa/events1.htm,
+# http://lxr.mozilla.org/mozilla/source/content/events/src/nsDOMEvent.cpp#59,
+# http://www.w3.org/TR/DOM-Level-2-Events/events.html and
+# http://www.xulplanet.com/references/elemref/ref_EventHandlers.html
+# Many thanks are due to Moritz Naumann for his assistance with this.
+_badwords = [
+ '<i?frame',
+ '<link',
+ '<meta',
+ '<script',
+ r'(?:^|\W)j(?:ava)?script(?:\W|$)',
+ r'(?:^|\W)vbs(?:cript)?(?:\W|$)',
+ r'(?:^|\W)domactivate(?:\W|$)',
+ r'(?:^|\W)domattrmodified(?:\W|$)',
+ r'(?:^|\W)domcharacterdatamodified(?:\W|$)',
+ r'(?:^|\W)domfocus(?:in|out)(?:\W|$)',
+ r'(?:^|\W)dommenuitem(?:in)?active(?:\W|$)',
+ r'(?:^|\W)dommousescroll(?:\W|$)',
+ r'(?:^|\W)domnodeinserted(?:intodocument)?(?:\W|$)',
+ r'(?:^|\W)domnoderemoved(?:fromdocument)?(?:\W|$)',
+ r'(?:^|\W)domsubtreemodified(?:\W|$)',
+ r'(?:^|\W)fscommand(?:\W|$)',
+ r'(?:^|\W)onabort(?:\W|$)',
+ r'(?:^|\W)on(?:de)?activate(?:\W|$)',
+ r'(?:^|\W)on(?:after|before)print(?:\W|$)',
+ r'(?:^|\W)on(?:after|before)update(?:\W|$)',
+ r'(?:^|\W)onbefore(?:(?:de)?activate|copy|cut|editfocus|paste)(?:\W|$)',
+ r'(?:^|\W)onbeforeunload(?:\W|$)',
+ r'(?:^|\W)onbegin(?:\W|$)',
+ r'(?:^|\W)onblur(?:\W|$)',
+ r'(?:^|\W)onbounce(?:\W|$)',
+ r'(?:^|\W)onbroadcast(?:\W|$)',
+ r'(?:^|\W)on(?:cell)?change(?:\W|$)',
+ r'(?:^|\W)oncheckboxstatechange(?:\W|$)',
+ r'(?:^|\W)on(?:dbl)?click(?:\W|$)',
+ r'(?:^|\W)onclose(?:\W|$)',
+ r'(?:^|\W)oncommand(?:update)?(?:\W|$)',
+ r'(?:^|\W)oncomposition(?:end|start)(?:\W|$)',
+ r'(?:^|\W)oncontextmenu(?:\W|$)',
+ r'(?:^|\W)oncontrolselect(?:\W|$)',
+ r'(?:^|\W)oncopy(?:\W|$)',
+ r'(?:^|\W)oncut(?:\W|$)',
+ r'(?:^|\W)ondataavailable(?:\W|$)',
+ r'(?:^|\W)ondataset(?:changed|complete)(?:\W|$)',
+ r'(?:^|\W)ondrag(?:drop|end|enter|exit|gesture|leave|over)?(?:\W|$)',
+ r'(?:^|\W)ondragstart(?:\W|$)',
+ r'(?:^|\W)ondrop(?:\W|$)',
+ r'(?:^|\W)onend(?:\W|$)',
+ r'(?:^|\W)onerror(?:update)?(?:\W|$)',
+ r'(?:^|\W)onfilterchange(?:\W|$)',
+ r'(?:^|\W)onfinish(?:\W|$)',
+ r'(?:^|\W)onfocus(?:in|out)?(?:\W|$)',
+ r'(?:^|\W)onhelp(?:\W|$)',
+ r'(?:^|\W)oninput(?:\W|$)',
+ r'(?:^|\W)onkey(?:up|down|press)(?:\W|$)',
+ r'(?:^|\W)onlayoutcomplete(?:\W|$)',
+ r'(?:^|\W)on(?:un)?load(?:\W|$)',
+ r'(?:^|\W)onlosecapture(?:\W|$)',
+ r'(?:^|\W)onmedia(?:complete|error)(?:\W|$)',
+ r'(?:^|\W)onmouse(?:down|enter|leave|move|out|over|up|wheel)(?:\W|$)',
+ r'(?:^|\W)onmove(?:end|start)?(?:\W|$)',
+ r'(?:^|\W)on(?:off|on)line(?:\W|$)',
+ r'(?:^|\W)onoutofsync(?:\W|$)',
+ r'(?:^|\W)onoverflow(?:changed)?(?:\W|$)',
+ r'(?:^|\W)onpage(?:hide|show)(?:\W|$)',
+ r'(?:^|\W)onpaint(?:\W|$)',
+ r'(?:^|\W)onpaste(?:\W|$)',
+ r'(?:^|\W)onpause(?:\W|$)',
+ r'(?:^|\W)onpopup(?:hidden|hiding|showing|shown)(?:\W|$)',
+ r'(?:^|\W)onprogress(?:\W|$)',
+ r'(?:^|\W)onpropertychange(?:\W|$)',
+ r'(?:^|\W)onradiostatechange(?:\W|$)',
+ r'(?:^|\W)onreadystatechange(?:\W|$)',
+ r'(?:^|\W)onrepeat(?:\W|$)',
+ r'(?:^|\W)onreset(?:\W|$)',
+ r'(?:^|\W)onresize(?:end|start)?(?:\W|$)',
+ r'(?:^|\W)onresume(?:\W|$)',
+ r'(?:^|\W)onreverse(?:\W|$)',
+ r'(?:^|\W)onrow(?:delete|enter|exit|inserted)(?:\W|$)',
+ r'(?:^|\W)onrows(?:delete|enter|inserted)(?:\W|$)',
+ r'(?:^|\W)onscroll(?:\W|$)',
+ r'(?:^|\W)onseek(?:\W|$)',
+ r'(?:^|\W)onselect(?:start)?(?:\W|$)',
+ r'(?:^|\W)onselectionchange(?:\W|$)',
+ r'(?:^|\W)onstart(?:\W|$)',
+ r'(?:^|\W)onstop(?:\W|$)',
+ r'(?:^|\W)onsubmit(?:\W|$)',
+ r'(?:^|\W)onsync(?:from|to)preference(?:\W|$)',
+ r'(?:^|\W)onsyncrestored(?:\W|$)',
+ r'(?:^|\W)ontext(?:\W|$)',
+ r'(?:^|\W)ontimeerror(?:\W|$)',
+ r'(?:^|\W)ontrackchange(?:\W|$)',
+ r'(?:^|\W)onunderflow(?:\W|$)',
+ r'(?:^|\W)onurlflip(?:\W|$)',
+ r'(?:^|\W)seeksegmenttime(?:\W|$)',
+ r'(?:^|\W)svgabort(?:\W|$)',
+ r'(?:^|\W)svgerror(?:\W|$)',
+ r'(?:^|\W)svgload(?:\W|$)',
+ r'(?:^|\W)svgresize(?:\W|$)',
+ r'(?:^|\W)svgscroll(?:\W|$)',
+ r'(?:^|\W)svgunload(?:\W|$)',
+ r'(?:^|\W)svgzoom(?:\W|$)',
+ ]
+
+
+# This is the actual re to look for the above patterns
+_badhtml = re.compile('|'.join(_badwords), re.IGNORECASE)
+# This is used to filter non-printable us-ascii characters, some of which
+# can be used to break words to avoid recognition.
+_filterchars = re.compile('[\000-\011\013\014\016-\037\177-\237]')
+# This is used to recognize '&#' and '%xx' strings for _translate which
+# translates them to characters
+_encodedchars = re.compile('(&#[0-9]+;?)|(&#x[0-9a-f]+;?)|(%[0-9a-f]{2})',
+ re.IGNORECASE)
+
+
+def _translate(mo):
+ """Translate &#... and %xx encodings into the encoded character."""
+ match = mo.group().lower().strip('&#;')
+ try:
+ if match.startswith('x') or match.startswith('%'):
+ val = int(match[1:], 16)
+ else:
+ val = int(match, 10)
+ except ValueError:
+ return ''
+ if val < 256:
+ return chr(val)
+ else:
+ return ''
+
+
+def suspiciousHTML(html):
+ """Check HTML string for various tags, script language names and
+ 'onxxx' actions that can be used in XSS attacks.
+ Currently, this a very simple minded test. It just looks for
+ patterns without analyzing context. Thus, it potentially flags lots
+ of benign stuff.
+ Returns True if anything suspicious found, False otherwise.
+ """
+
+ if _badhtml.search(_filterchars.sub(
+ '', _encodedchars.sub(_translate, html))):
+ return True
+ else:
+ return False

17
net-mail/mailman/files/mailman.conf
View File

@@ -1,17 +0,0 @@
ScriptAlias /mailman/ "/usr/local/mailman/cgi-bin/"
<Directory "/usr/local/mailman/cgi-bin/">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
Alias /pipermail/ "/usr/local/mailman/archives/public/"
<Directory "/usr/local/mailman/archives/public/">
AllowOverride None
Options ExecCGI FollowSymLinks
Order allow,deny
Allow from all
</Directory>

2
net-mail/mailman/files/mailman.rc
View File

@@ -1,5 +1,5 @@
#!/sbin/runscript
# Copyright 1999-2012 Gentoo Foundation
# Copyright 1999-2013 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-mail/mailman/files/mailman.rc,v 1.5 2004/07/14 23:50:52 agriffis Exp $