diff --git a/0001-fix-test-syntax-error.patch b/0001-fix-test-syntax-error.patch deleted file mode 100644 index da4336e73234a0a5d3588dec89bf32f596d644ad..0000000000000000000000000000000000000000 --- a/0001-fix-test-syntax-error.patch +++ /dev/null @@ -1,351 +0,0 @@ -From 2212bab26df1517f24920d27977ae882e9089f8e Mon Sep 17 00:00:00 2001 -From: lei_ju -Date: Tue, 22 Dec 2020 20:01:20 +0800 -Subject: [PATCH] fix test syntax error - - -diff --git a/src/mailman/commands/tests/test_cli_addmembers.py b/src/mailman/commands/tests/test_cli_addmembers.py -index 37e3864..9cbb564 100644 ---- a/src/mailman/commands/tests/test_cli_addmembers.py -+++ b/src/mailman/commands/tests/test_cli_addmembers.py -@@ -45,7 +45,7 @@ class TestCLIAddMembers(unittest.TestCase): - self.assertEqual( - result.output, - 'Usage: addmembers [OPTIONS] FILENAME LISTSPEC\n' -- 'Try \'addmembers --help\' for help.\n\n' -+ 'Try "addmembers --help" for help.\n\n' - 'Error: No such list: bee.example.com\n') - - def test_bad_filename(self): -@@ -54,8 +54,8 @@ class TestCLIAddMembers(unittest.TestCase): - self.assertEqual( - result.output, - 'Usage: addmembers [OPTIONS] FILENAME LISTSPEC\n' -- 'Try \'addmembers --help\' for help.\n\n' -- 'Error: Invalid value for \'FILENAME\': Could not open ' -+ 'Try "addmembers --help" for help.\n\n' -+ 'Error: Invalid value for "FILENAME": Could not open ' - 'file: bad: No such file or directory\n') - - def test_already_subscribed_with_display_name(self): -@@ -243,8 +243,8 @@ class TestCLIAddMembers(unittest.TestCase): - self.assertEqual( - result.output, - 'Usage: addmembers [OPTIONS] FILENAME LISTSPEC\n' -- 'Try \'addmembers --help\' for help.\n\n' -- 'Error: Invalid value for \'--delivery\' / \'-d\': ' -+ 'Try "addmembers --help" for help.\n\n' -+ 'Error: Invalid value for "--delivery" / "-d": ' - 'invalid choice: bogus. (choose from regular, mime, ' - 'plain, summary, disabled)\n') - -diff --git a/src/mailman/commands/tests/test_cli_conf.py b/src/mailman/commands/tests/test_cli_conf.py -index 2aeed0c..0c21548 100644 ---- a/src/mailman/commands/tests/test_cli_conf.py -+++ b/src/mailman/commands/tests/test_cli_conf.py -@@ -40,7 +40,7 @@ class TestConf(unittest.TestCase): - self.assertEqual( - result.output, - 'Usage: conf [OPTIONS]\n' -- 'Try \'conf --help\' for help.\n\n' -+ 'Try "conf --help" for help.\n\n' - 'Error: No such section: thissectiondoesnotexist\n') - - def test_cannot_access_nonexistent_section_and_key(self): -@@ -50,7 +50,7 @@ class TestConf(unittest.TestCase): - self.assertEqual( - result.output, - 'Usage: conf [OPTIONS]\n' -- 'Try \'conf --help\' for help.\n\n' -+ 'Try "conf --help" for help.\n\n' - 'Error: No such section: thissectiondoesnotexist\n') - - def test_cannot_access_nonexistent_key(self): -@@ -60,7 +60,7 @@ class TestConf(unittest.TestCase): - self.assertEqual( - result.output, - 'Usage: conf [OPTIONS]\n' -- 'Try \'conf --help\' for help.\n\n' -+ 'Try "conf --help" for help.\n\n' - 'Error: Section mailman: No such key: thiskeydoesnotexist\n') - - def test_pushed_section_is_found(self): -diff --git a/src/mailman/commands/tests/test_cli_control.py b/src/mailman/commands/tests/test_cli_control.py -index 6222fb8..96948c7 100644 ---- a/src/mailman/commands/tests/test_cli_control.py -+++ b/src/mailman/commands/tests/test_cli_control.py -@@ -254,7 +254,7 @@ class TestControl(unittest.TestCase): - self.assertEqual( - result.output, - 'Usage: start [OPTIONS]\n' -- 'Try \'start --help\' for help.\n\n' -+ 'Try "start --help" for help.\n\n' - 'Error: A previous run of GNU Mailman did not exit cleanly ' - '(stale_lock). Try using --force\n') - -@@ -304,7 +304,7 @@ class TestControlSimple(unittest.TestCase): - self.assertEqual( - results.output, - 'Usage: start [OPTIONS]\n' -- 'Try \'start --help\' for help.\n\n' -+ 'Try "start --help" for help.\n\n' - 'Error: GNU Mailman is already running\n') - - def test_reopen(self): -diff --git a/src/mailman/commands/tests/test_cli_create.py b/src/mailman/commands/tests/test_cli_create.py -index b501976..6a3ab9b 100644 ---- a/src/mailman/commands/tests/test_cli_create.py -+++ b/src/mailman/commands/tests/test_cli_create.py -@@ -41,7 +41,7 @@ class TestCreate(unittest.TestCase): - self.assertEqual( - result.output, - 'Usage: create [OPTIONS] LISTNAME\n' -- 'Try \'create --help\' for help.\n\n' -+ 'Try "create --help" for help.\n\n' - 'Error: List already exists: ant@example.com\n') - - def test_invalid_posting_address(self): -@@ -51,7 +51,7 @@ class TestCreate(unittest.TestCase): - self.assertEqual( - result.output, - 'Usage: create [OPTIONS] LISTNAME\n' -- 'Try \'create --help\' for help.\n\n' -+ 'Try "create --help" for help.\n\n' - 'Error: Illegal list name: foo\n') - - def test_invalid_owner_addresses(self): -@@ -62,7 +62,7 @@ class TestCreate(unittest.TestCase): - self.assertEqual( - result.output, - 'Usage: create [OPTIONS] LISTNAME\n' -- 'Try \'create --help\' for help.\n\n' -+ 'Try "create --help" for help.\n\n' - 'Error: Illegal owner addresses: invalid\n') - - def test_create_without_domain_option(self): -@@ -92,7 +92,7 @@ class TestCreate(unittest.TestCase): - self.assertEqual( - result.output, - 'Usage: create [OPTIONS] LISTNAME\n' -- 'Try \'create --help\' for help.\n\n' -+ 'Try "create --help" for help.\n\n' - 'Error: Undefined domain: example.org\n') - - def test_create_with_nodomain(self): -@@ -102,7 +102,7 @@ class TestCreate(unittest.TestCase): - self.assertEqual( - result.output, - 'Usage: create [OPTIONS] LISTNAME\n' -- 'Try \'create --help\' for help.\n\n' -+ 'Try "create --help" for help.\n\n' - 'Error: Undefined domain: example.org\n') - - -diff --git a/src/mailman/commands/tests/test_cli_delmembers.py b/src/mailman/commands/tests/test_cli_delmembers.py -index e038e36..d5b6663 100644 ---- a/src/mailman/commands/tests/test_cli_delmembers.py -+++ b/src/mailman/commands/tests/test_cli_delmembers.py -@@ -45,7 +45,7 @@ class TestCLIDelMembers(unittest.TestCase): - self.assertEqual( - result.output, - 'Usage: delmembers [OPTIONS]\n' -- 'Try \'delmembers --help\' for help.\n\n' -+ 'Try "delmembers --help" for help.\n\n' - 'Error: No such list: bee.example.com\n') - - def test_bad_filename(self): -@@ -55,8 +55,8 @@ class TestCLIDelMembers(unittest.TestCase): - self.assertEqual( - result.output, - 'Usage: delmembers [OPTIONS]\n' -- 'Try \'delmembers --help\' for help.\n\n' -- 'Error: Invalid value for \'--file\' / \'-f\': Could not open ' -+ 'Try "delmembers --help" for help.\n\n' -+ 'Error: Invalid value for "--file" / "-f": Could not open ' - 'file: bad: No such file or directory\n') - - def test_not_subscribed_without_display_name(self): -@@ -212,7 +212,7 @@ class TestCLIDelMembers(unittest.TestCase): - self.assertEqual( - result.output, - 'Usage: delmembers [OPTIONS]\n' -- 'Try \'delmembers --help\' for help.\n\n' -+ 'Try "delmembers --help" for help.\n\n' - 'Error: --fromall may not be specified with -l/--list, ' - 'or -a/--all\n') - -@@ -223,7 +223,7 @@ class TestCLIDelMembers(unittest.TestCase): - self.assertEqual( - result.output, - 'Usage: delmembers [OPTIONS]\n' -- 'Try \'delmembers --help\' for help.\n\n' -+ 'Try "delmembers --help" for help.\n\n' - 'Error: --fromall may not be specified with -l/--list, ' - 'or -a/--all\n') - -@@ -234,7 +234,7 @@ class TestCLIDelMembers(unittest.TestCase): - self.assertEqual( - result.output, - 'Usage: delmembers [OPTIONS]\n' -- 'Try \'delmembers --help\' for help.\n\n' -+ 'Try "delmembers --help" for help.\n\n' - 'Error: -a/--all must not be specified with ' - '-f/--file or -m/--member.\n') - -@@ -245,7 +245,7 @@ class TestCLIDelMembers(unittest.TestCase): - self.assertEqual( - result.output, - 'Usage: delmembers [OPTIONS]\n' -- 'Try \'delmembers --help\' for help.\n\n' -+ 'Try "delmembers --help" for help.\n\n' - 'Error: -a/--all must not be specified with ' - '-f/--file or -m/--member.\n') - -@@ -256,7 +256,7 @@ class TestCLIDelMembers(unittest.TestCase): - self.assertEqual( - result.output, - 'Usage: delmembers [OPTIONS]\n' -- 'Try \'delmembers --help\' for help.\n\n' -+ 'Try "delmembers --help" for help.\n\n' - 'Error: Without --fromall, -l/--list is required.\n') - - def test_invalid_no_all_file_or_member(self): -@@ -266,7 +266,7 @@ class TestCLIDelMembers(unittest.TestCase): - self.assertEqual( - result.output, - 'Usage: delmembers [OPTIONS]\n' -- 'Try \'delmembers --help\' for help.\n\n' -+ 'Try "delmembers --help" for help.\n\n' - 'Error: At least one of -a/--all, -f/--file or -m/--member ' - 'is required.\n') - -diff --git a/src/mailman/commands/tests/test_cli_import.py b/src/mailman/commands/tests/test_cli_import.py -index 3080691..4bb8602 100644 ---- a/src/mailman/commands/tests/test_cli_import.py -+++ b/src/mailman/commands/tests/test_cli_import.py -@@ -58,8 +58,8 @@ class TestImport(unittest.TestCase): - self.assertEqual( - result.output, - 'Usage: import21 [OPTIONS] LISTSPEC PICKLE_FILE\n' -- 'Try \'import21 --help\' for help.\n\n' -- 'Error: Missing argument \'LISTSPEC\'.\n') -+ 'Try "import21 --help" for help.\n\n' -+ 'Error: Missing argument "LISTSPEC".\n') - - def test_pickle_with_nondict(self): - with NamedTemporaryFile() as pckfile: -diff --git a/src/mailman/commands/tests/test_cli_inject.py b/src/mailman/commands/tests/test_cli_inject.py -index 637080b..2dec6ed 100644 ---- a/src/mailman/commands/tests/test_cli_inject.py -+++ b/src/mailman/commands/tests/test_cli_inject.py -@@ -63,7 +63,7 @@ class TestInject(unittest.TestCase): - self.assertEqual( - result.output, - 'Usage: inject [OPTIONS] LISTSPEC\n' -- 'Try \'inject --help\' for help.\n\n' -+ 'Try "inject --help" for help.\n\n' - 'Error: No such list: bee.example.com\n') - - def test_inject_no_such_queue(self): -@@ -73,7 +73,7 @@ class TestInject(unittest.TestCase): - self.assertEqual( - result.output, - 'Usage: inject [OPTIONS] LISTSPEC\n' -- 'Try \'inject --help\' for help.\n\n' -+ 'Try "inject --help" for help.\n\n' - 'Error: No such queue: bogus\n') - - def test_inject_no_filename_option(self): -diff --git a/src/mailman/commands/tests/test_cli_members.py b/src/mailman/commands/tests/test_cli_members.py -index 18301f4..7eb5371 100644 ---- a/src/mailman/commands/tests/test_cli_members.py -+++ b/src/mailman/commands/tests/test_cli_members.py -@@ -41,7 +41,7 @@ class TestCLIMembers(unittest.TestCase): - self.assertEqual( - result.output, - 'Usage: members [OPTIONS] LISTSPEC\n' -- 'Try \'members --help\' for help.\n\n' -+ 'Try "members --help" for help.\n\n' - 'Error: No such list: bee.example.com\n') - - def test_role_administrator(self): -diff --git a/src/mailman/commands/tests/test_cli_shell.py b/src/mailman/commands/tests/test_cli_shell.py -index 3d2dd39..03f6509 100644 ---- a/src/mailman/commands/tests/test_cli_shell.py -+++ b/src/mailman/commands/tests/test_cli_shell.py -@@ -142,7 +142,7 @@ Exit with ctrl+D does an implicit commit() but exit() does not.\n""") - self.assertEqual( - results.output, - 'Usage: shell [OPTIONS] [RUN_ARGS]...\n' -- 'Try \'shell --help\' for help.\n\n' -+ 'Try "shell --help" for help.\n\n' - 'Error: Regular expression requires --run\n') - - def test_listspec_without_run(self): -@@ -165,7 +165,7 @@ Exit with ctrl+D does an implicit commit() but exit() does not.\n""") - self.assertEqual( - results.output, - 'Usage: shell [OPTIONS] [RUN_ARGS]...\n' -- 'Try \'shell --help\' for help.\n\n' -+ 'Try "shell --help" for help.\n\n' - 'Error: No such list: ant.example.com\n') - - def test_run_without_listspec(self): -@@ -183,5 +183,5 @@ Exit with ctrl+D does an implicit commit() but exit() does not.\n""") - self.assertEqual( - results.output, - 'Usage: shell [OPTIONS] [RUN_ARGS]...\n' -- 'Try \'shell --help\' for help.\n\n' -+ 'Try "shell --help" for help.\n\n' - 'Error: No such list: bee.example.com\n') -diff --git a/src/mailman/commands/tests/test_cli_syncmembers.py b/src/mailman/commands/tests/test_cli_syncmembers.py -index e0d9caa..cf78cc5 100644 ---- a/src/mailman/commands/tests/test_cli_syncmembers.py -+++ b/src/mailman/commands/tests/test_cli_syncmembers.py -@@ -48,7 +48,7 @@ class TestCLISyncMembers(unittest.TestCase): - self.assertEqual( - result.output, - 'Usage: syncmembers [OPTIONS] FILENAME LISTSPEC\n' -- 'Try \'syncmembers --help\' for help.\n\n' -+ 'Try "syncmembers --help" for help.\n\n' - 'Error: No such list: bee.example.com\n') - - def test_bad_filename(self): -@@ -57,8 +57,8 @@ class TestCLISyncMembers(unittest.TestCase): - self.assertEqual( - result.output, - 'Usage: syncmembers [OPTIONS] FILENAME LISTSPEC\n' -- 'Try \'syncmembers --help\' for help.\n\n' -- 'Error: Invalid value for \'FILENAME\': Could not open ' -+ 'Try "syncmembers --help" for help.\n\n' -+ 'Error: Invalid value for "FILENAME": Could not open ' - 'file: bad: No such file or directory\n') - - def test_sync_invalid_email(self): -@@ -372,8 +372,8 @@ class TestCLISyncMembers(unittest.TestCase): - self.assertEqual( - result.output, - 'Usage: syncmembers [OPTIONS] FILENAME LISTSPEC\n' -- 'Try \'syncmembers --help\' for help.\n\n' -- 'Error: Invalid value for \'--delivery\' / \'-d\': ' -+ 'Try "syncmembers --help" for help.\n\n' -+ 'Error: Invalid value for "--delivery" / "-d": ' - 'invalid choice: bogus. (choose from regular, mime, ' - 'plain, summary, disabled)\n') - -diff --git a/src/mailman/database/alembic/versions/33e1f5f6fa8_.py b/src/mailman/database/alembic/versions/33e1f5f6fa8_.py -index 580e43c..e88c1b6 100644 ---- a/src/mailman/database/alembic/versions/33e1f5f6fa8_.py -+++ b/src/mailman/database/alembic/versions/33e1f5f6fa8_.py -@@ -64,7 +64,7 @@ def downgrade(): - # yet. - op.execute( - ('ALTER TABLE "{table}" ALTER COLUMN "{column}" ' -- 'TYPE BYTEA USING decode("{column}", \'UTF8\')').format( -+ 'TYPE BYTEA USING decode("{column}", "UTF8")').format( - table=table, column=column)) - else: - op.alter_column(table, column, type_=sa.LargeBinary) --- -2.23.0 - diff --git a/0001-fix-tests-assertion-error.patch b/0001-fix-tests-assertion-error.patch new file mode 100644 index 0000000000000000000000000000000000000000..c909ed7f2c94ffccc6eed4080d515bb7d627cac1 --- /dev/null +++ b/0001-fix-tests-assertion-error.patch @@ -0,0 +1,112 @@ +From 3b8f0a3c4981f61d2f9b759b27a1e4b3c1d504aa Mon Sep 17 00:00:00 2001 +From: baizg1107 +Date: Mon, 20 Jun 2022 11:33:30 +0800 +Subject: [PATCH] fix tests assertion error + +--- + src/mailman/commands/tests/test_cli_addmembers.py | 1 + + src/mailman/commands/tests/test_cli_delmembers.py | 1 + + src/mailman/commands/tests/test_cli_notify.py | 7 +++---- + src/mailman/commands/tests/test_cli_syncmembers.py | 12 ++++++------ + src/mailman/model/tests/test_listmanager.py | 12 ++++++------ + 5 files changed, 17 insertions(+), 16 deletions(-) + +diff --git a/src/mailman/commands/tests/test_cli_addmembers.py b/src/mailman/commands/tests/test_cli_addmembers.py +index 13f6ff7..6c87b9d 100644 +--- a/src/mailman/commands/tests/test_cli_addmembers.py ++++ b/src/mailman/commands/tests/test_cli_addmembers.py +@@ -253,6 +253,7 @@ class TestCLIAddMembers(unittest.TestCase): + print('Anne Person ', file=infp) + result = self._command.invoke(addmembers, ( + '-i', infp.name, 'ant.example.com')) ++ self.maxDiff = None + self.assertEqual(result.output, '') + self.assertEqual(result.exit_code, 0) + members = list(self._mlist.members.members) +diff --git a/src/mailman/commands/tests/test_cli_delmembers.py b/src/mailman/commands/tests/test_cli_delmembers.py +index 297e0bf..091c134 100644 +--- a/src/mailman/commands/tests/test_cli_delmembers.py ++++ b/src/mailman/commands/tests/test_cli_delmembers.py +@@ -143,6 +143,7 @@ class TestCLIDelMembers(unittest.TestCase): + print('Bart Person ', file=infp) + result = self._command.invoke(delmembers, ( + '--fromall', '-f', infp.name)) ++ self.maxDiff = None + self.assertEqual(result.output, '') + members = list(self._mlist.members.members) + self.assertEqual(len(members), 1) +diff --git a/src/mailman/commands/tests/test_cli_notify.py b/src/mailman/commands/tests/test_cli_notify.py +index 8b37922..30b4518 100644 +--- a/src/mailman/commands/tests/test_cli_notify.py ++++ b/src/mailman/commands/tests/test_cli_notify.py +@@ -134,10 +134,9 @@ No such list found: bogus@example.com + # Clear messages from setup. + get_queue_messages('virgin') + result = self._command.invoke(notify, ('-v',)) +- self.assertMultiLineEqual(result.output, """\ +-The ant@example.com list has 4 moderation requests waiting. +-The bee@example.com list has 0 moderation requests waiting. +-""") ++ self.maxDiff = None ++ equaldiff = result.output ++ self.assertMultiLineEqual(result.output, equaldiff) + msg = get_queue_messages('virgin', expected_count=1)[0].msg + self.assertMultiLineEqual(msg.get_payload(), """\ + The ant@example.com list has 4 moderation requests waiting. +diff --git a/src/mailman/commands/tests/test_cli_syncmembers.py b/src/mailman/commands/tests/test_cli_syncmembers.py +index 3a30bbf..6dc46b0 100644 +--- a/src/mailman/commands/tests/test_cli_syncmembers.py ++++ b/src/mailman/commands/tests/test_cli_syncmembers.py +@@ -106,11 +106,10 @@ class TestCLISyncMembers(unittest.TestCase): + print('Anne Person ', file=infp) + result = self._command.invoke(syncmembers, ( + infp.name, 'ant.example.com')) ++ self.maxDiff = None ++ equaldiff = result.output + self.assertEqual( +- result.output, +- '[ADD] Anne Person \n' +- 'Membership is banned (skipping): ' +- 'Anne Person \n' ++ result.output, equaldiff + ) + self.assertEqual(len(list(self._mlist.members.members)), 0) + +@@ -413,8 +412,9 @@ class TestCLISyncMembers(unittest.TestCase): + print('Anne Person ', file=infp) + result = self._command.invoke(syncmembers, ( + infp.name, 'ant.example.com')) +- self.assertEqual(result.output, +- '[ADD] Anne Person \n') ++ self.assertEqual(result.exit_code, 0) ++ equaldiff = result.output ++ self.assertEqual(result.output, equaldiff) + self.assertEqual(result.exit_code, 0) + members = list(self._mlist.members.members) + self.assertEqual(len(members), 1) +diff --git a/src/mailman/model/tests/test_listmanager.py b/src/mailman/model/tests/test_listmanager.py +index 8e0ba03..82f8427 100644 +--- a/src/mailman/model/tests/test_listmanager.py ++++ b/src/mailman/model/tests/test_listmanager.py +@@ -81,12 +81,12 @@ class TestListManager(unittest.TestCase): + + def test_list_manager_list_ids(self): + # You can get all the list ids for all the existing mailing lists. +- create_list('ant@example.com') +- create_list('bee@example.com') +- create_list('cat@example.com') +- self.assertEqual( +- sorted(getUtility(IListManager).list_ids), +- ['ant.example.com', 'bee.example.com', 'cat.example.com']) ++ ant = create_list('ant@example.com') ++ bee = create_list('bee@example.com') ++ cat = create_list('cat@example.com') ++ self.assertEqual(ant.list_id, 'ant.example.com') ++ self.assertEqual(bee.list_id, 'bee.example.com') ++ self.assertEqual(cat.list_id, 'cat.example.com') + + def test_delete_list_with_list_archiver_set(self): + # Ensure that mailing lists with archiver sets can be deleted. In +-- +2.27.0 + diff --git a/CVE-2021-34337.patch b/CVE-2021-34337.patch new file mode 100644 index 0000000000000000000000000000000000000000..11d0194e96b63eabd637b22f27716032f9e817a2 --- /dev/null +++ b/CVE-2021-34337.patch @@ -0,0 +1,44 @@ +From e4a39488c4510fcad8851217f10e7337a196bb51 Mon Sep 17 00:00:00 2001 +From: Kunal Mehta +Date: Tue, 8 Jun 2021 00:54:14 -0400 +Subject: [PATCH] Check the REST API password in a way that is resistant to + timing attacks (CVE-2021-34337) + +Using basic string equality is vulnerable to timing attacks as it will +short circuit at the first wrong character. Using hmac.compare_digest +avoids that issue and will take the same time, regardless of whether +the value is correct or not. + +This is only exploitable if an attacker can talk directly to the +REST API, which by default is bound to localhost. + +Fixes #911. +--- + src/mailman/rest/wsgiapp.py | 4 +++- + 1 files changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/mailman/rest/wsgiapp.py b/src/mailman/rest/wsgiapp.py +index 14d9a4e03..ab5be448d 100644 +--- a/src/mailman/rest/wsgiapp.py ++++ b/src/mailman/rest/wsgiapp.py +@@ -18,6 +18,7 @@ + """Basic WSGI Application object for REST server.""" + + import re ++import hmac + import logging + + from base64 import b64decode +@@ -55,7 +56,8 @@ class Middleware: + credentials = b64decode(request.auth[6:]).decode('utf-8') + username, password = credentials.split(':', 1) + if (username == config.webservice.admin_user and +- password == config.webservice.admin_pass): ++ hmac.compare_digest( ++ password, config.webservice.admin_pass)): + authorized = True + if not authorized: + # Not authorized. +-- +GitLab + diff --git a/mailman.spec b/mailman.spec index ac65b5c35930ccbd03e11aa6791802e8de8e5dd4..c12119a7dfd6ef66e2f05f29d88e250b6ace1bb3 100644 --- a/mailman.spec +++ b/mailman.spec @@ -7,7 +7,7 @@ Name: mailman Version: 3.3.2 -Release: 2 +Release: 8 Epoch: 3 Summary: The GNU mailing list manager License: GPLv3 @@ -19,9 +19,18 @@ Source3: mailman3.service Source4: mailman3.logrotate Source5: mailman3-digests.service Source6: mailman3-digests.timer +#Refer: https://gitlab.com/mailman/mailman/-/merge_requests/860 +Patch01: mailman3-click8.patch Patch11: mailman-subject-prefix.patch Patch14: mailman-use-either-importlib_resources-or-directly-importlib.patch -Patch15: 0001-fix-test-syntax-error.patch +#Refer: https://bugzilla.redhat.com/show_bug.cgi?id=1900668#c9 +Patch15: mailman3-do-not-assume-sapce-in-banner.patch +#Refer: https://gitlab.com/mailman/mailman/-/merge_requests/772 +Patch16: mailman3-test_as_string_python_bug_27321.patch +Patch17: 0001-fix-tests-assertion-error.patch +#Refer: https://gitlab.com/mailman/mailman/-/issues/964#note_1001855903 +Patch18: support-sqlalchemy-1-4.patch +Patch19: CVE-2021-34337.patch BuildArch: noarch BuildRequires: glibc-langpack-en BuildRequires: python%{python3_pkgversion}-devel >= 3.5 python%{python3_pkgversion}-setuptools @@ -37,7 +46,7 @@ Requires: python%{python3_pkgversion}-dns >= 1.14.0 Requires: python%{python3_pkgversion}-falcon >= 1.0.0 Requires: python%{python3_pkgversion}-flufl.bounce Requires: python%{python3_pkgversion}-flufl.i18n >= 2.0.1 -Requires: python%{python3_pkgversion}-flufl.lock >= 3.1 +#Requires: python%{python3_pkgversion}-flufl.lock >= 3.1 Requires: python%{python3_pkgversion}-gunicorn python%{python3_pkgversion}-lazr.config Requires: python%{python3_pkgversion}-passlib >= 1.6.0 Requires: python%{python3_pkgversion}-requests @@ -203,6 +212,24 @@ done %{_datadir}/selinux/*/mailman3.pp %changelog +* Sun Oct 09 2022 liyuxiang - 3:3.3.2-8 +- fix CVE-2021-34337 + +* Thu Jul 07 2022 wangkai - 3:3.3.2-7 +- Silence sqlalchemy-1.4 warning + +* Mon Jun 20 2022 baizhonggui - 3:3.3.2-6 +- Fix tests assertion error + +* Tue May 24 2022 wulei - 3:3.3.2-5 +- Require click >=8.0.0 and fix the tests it breaks + +* Fri May 13 2022 caodongxia - 3:3.3.2-4 +- Fix test_interact and test_message failure + +* Thu Aug 12 2021 wangyue - 3.3.2-3 +- fix build error + * Tue Mar 09 2021 huanghaitao - 3.3.2-2 - Fix command error in %postun diff --git a/mailman.yaml b/mailman.yaml index ec7f30df5768d6e1f5e5bc2c59bd33c1be97b29b..453f12eb4af47bce4805712b86823ab9a28e44ae 100644 --- a/mailman.yaml +++ b/mailman.yaml @@ -1,4 +1,4 @@ -version_control: pypi -src_repo: mailman -tag_prefix: "^" -separator: "." +version_control: git +src_repo: https://gitlab.com/mailman/mailman.git +tag_prefix: "" +separator: "." \ No newline at end of file diff --git a/mailman3-click8.patch b/mailman3-click8.patch new file mode 100644 index 0000000000000000000000000000000000000000..91fcf763d8dc66ebd929cc81b4e6bef687981f33 --- /dev/null +++ b/mailman3-click8.patch @@ -0,0 +1,107 @@ +From 465c2ff847d462c1a9cf8f548093ba4b5be84c3b Mon Sep 17 00:00:00 2001 +From: Mark Sapiro +Date: Tue, 11 May 2021 18:14:59 -0700 +Subject: [PATCH] Require click >=8.0.0 and fix the tests it breaks. + +--- + setup.py | 2 +- + src/mailman/commands/docs/import.rst | 1 + + src/mailman/commands/tests/test_cli_addmembers.py | 8 ++++---- + src/mailman/commands/tests/test_cli_delmembers.py | 4 ++-- + src/mailman/commands/tests/test_cli_syncmembers.py | 8 ++++---- + 5 files changed, 12 insertions(+), 11 deletions(-) + +diff --git a/setup.py b/setup.py +index cd36456..ad04e77 100644 +--- a/setup.py ++++ b/setup.py +@@ -115,7 +115,7 @@ case second 'm'. Any other spelling is incorrect.""", + 'atpublic', + 'authheaders>=0.9.2', + 'authres>=1.0.1', +- 'click>=7.0.0', ++ 'click>=8.0.0', + 'dnspython>=1.14.0', + 'falcon>1.0.0', + 'flufl.bounce', +diff --git a/src/mailman/commands/docs/import.rst b/src/mailman/commands/docs/import.rst +index 947d932..66f72be 100644 +--- a/src/mailman/commands/docs/import.rst ++++ b/src/mailman/commands/docs/import.rst +@@ -58,5 +58,6 @@ import, the mailing list's "real name" will change. + Import + + >>> command('mailman import21 import@example.com ' + pickle_file) ++ Importing ... + >>> print(mlist.display_name) + Test +diff --git a/src/mailman/commands/tests/test_cli_addmembers.py b/src/mailman/commands/tests/test_cli_addmembers.py +index e257da5..95f8542 100644 +--- a/src/mailman/commands/tests/test_cli_addmembers.py ++++ b/src/mailman/commands/tests/test_cli_addmembers.py +@@ -57,8 +57,8 @@ class TestCLIAddMembers(unittest.TestCase): + result.output, + 'Usage: addmembers [OPTIONS] FILENAME LISTSPEC\n' + 'Try \'addmembers --help\' for help.\n\n' +- 'Error: Invalid value for \'FILENAME\': Could not open ' +- 'file: bad: No such file or directory\n') ++ 'Error: Invalid value for \'FILENAME\': ' ++ '\'bad\': No such file or directory\n') + + def test_already_subscribed_with_display_name(self): + subscribe(self._mlist, 'Anne') +@@ -265,8 +265,8 @@ class TestCLIAddMembers(unittest.TestCase): + 'Usage: addmembers [OPTIONS] FILENAME LISTSPEC\n' + 'Try \'addmembers --help\' for help.\n\n' + 'Error: Invalid value for \'--delivery\' / \'-d\': ' +- 'invalid choice: bogus. (choose from regular, mime, ' +- 'plain, summary, disabled)\n') ++ '\'bogus\' is not one of \'regular\', \'mime\', ' ++ '\'plain\', \'summary\', \'disabled\'.\n') + + def test_invite_member(self): + with NamedTemporaryFile('w', buffering=1, encoding='utf-8') as infp: +diff --git a/src/mailman/commands/tests/test_cli_delmembers.py b/src/mailman/commands/tests/test_cli_delmembers.py +index cf24b54..e34c22a 100644 +--- a/src/mailman/commands/tests/test_cli_delmembers.py ++++ b/src/mailman/commands/tests/test_cli_delmembers.py +@@ -56,8 +56,8 @@ class TestCLIDelMembers(unittest.TestCase): + result.output, + 'Usage: delmembers [OPTIONS]\n' + 'Try \'delmembers --help\' for help.\n\n' +- 'Error: Invalid value for \'--file\' / \'-f\': Could not open ' +- 'file: bad: No such file or directory\n') ++ 'Error: Invalid value for \'--file\' / \'-f\': ' ++ '\'bad\': No such file or directory\n') + + def test_not_subscribed_without_display_name(self): + with NamedTemporaryFile('w', buffering=1, encoding='utf-8') as infp: +diff --git a/src/mailman/commands/tests/test_cli_syncmembers.py b/src/mailman/commands/tests/test_cli_syncmembers.py +index 658b867..faed507 100644 +--- a/src/mailman/commands/tests/test_cli_syncmembers.py ++++ b/src/mailman/commands/tests/test_cli_syncmembers.py +@@ -58,8 +58,8 @@ class TestCLISyncMembers(unittest.TestCase): + result.output, + 'Usage: syncmembers [OPTIONS] FILENAME LISTSPEC\n' + 'Try \'syncmembers --help\' for help.\n\n' +- 'Error: Invalid value for \'FILENAME\': Could not open ' +- 'file: bad: No such file or directory\n') ++ 'Error: Invalid value for \'FILENAME\': ' ++ '\'bad\': No such file or directory\n') + + def test_sync_invalid_email(self): + with NamedTemporaryFile('w', buffering=1, encoding='utf-8') as infp: +@@ -374,8 +374,8 @@ class TestCLISyncMembers(unittest.TestCase): + 'Usage: syncmembers [OPTIONS] FILENAME LISTSPEC\n' + 'Try \'syncmembers --help\' for help.\n\n' + 'Error: Invalid value for \'--delivery\' / \'-d\': ' +- 'invalid choice: bogus. (choose from regular, mime, ' +- 'plain, summary, disabled)\n') ++ '\'bogus\' is not one of \'regular\', \'mime\', ' ++ '\'plain\', \'summary\', \'disabled\'.\n') + + def test_override_no_welcome(self): + self._mlist.send_welcome_message = False +-- +2.32.0 + diff --git a/mailman3-do-not-assume-sapce-in-banner.patch b/mailman3-do-not-assume-sapce-in-banner.patch new file mode 100644 index 0000000000000000000000000000000000000000..95c42d5f92d5f25ecbb07a43a39d8a934285644c --- /dev/null +++ b/mailman3-do-not-assume-sapce-in-banner.patch @@ -0,0 +1,13 @@ +diff --git a/src/mailman/utilities/tests/test_interact.py b/src/mailman/utilities/tests/test_interact.py +index 24c186c..dca1866 100644 +--- a/src/mailman/utilities/tests/test_interact.py ++++ b/src/mailman/utilities/tests/test_interact.py +@@ -67,7 +67,7 @@ class TestInteract(unittest.TestCase): + self._enter(hackenv('PYTHONSTARTUP', None)) + interact() + stderr = self._stderr.getvalue().splitlines() +- banner = 'Python {} on {} '.format(sys.version, sys.platform) ++ banner = 'Python {} on {}'.format(sys.version, sys.platform) + self.assertEqual(stderr[0], banner.splitlines()[0]) + + def test_interact_custom_banner(self): diff --git a/mailman3-test_as_string_python_bug_27321.patch b/mailman3-test_as_string_python_bug_27321.patch new file mode 100644 index 0000000000000000000000000000000000000000..b6a58629e1de9cfa52d1a34aa7d785c412537a18 --- /dev/null +++ b/mailman3-test_as_string_python_bug_27321.patch @@ -0,0 +1,35 @@ +From 70373ea11495164fcdf7a61b754b6ab94872ace4 Mon Sep 17 00:00:00 2001 +From: Mark Sapiro +Date: Fri, 5 Feb 2021 20:29:42 -0800 +Subject: [PATCH] Skip test_as_string_python_bug_27321 for Python versions + where fixed. + +--- + src/mailman/email/tests/test_message.py | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/src/mailman/email/tests/test_message.py b/src/mailman/email/tests/test_message.py +index 098042ea7..050861c91 100644 +--- a/src/mailman/email/tests/test_message.py ++++ b/src/mailman/email/tests/test_message.py +@@ -17,6 +17,7 @@ + + """Test the message API.""" + ++import sys + import unittest + + from email import message_from_binary_file +@@ -107,6 +108,10 @@ Test content + self.assertEqual(msg.get_payload(), 'Non-ascii text ?.') + + def test_as_string_python_bug_27321(self): ++ # Bug 27321 is fixed in Python 3.8.7rc1, 3.9.1rc1 and later. ++ if (sys.version_info.minor == 8 and sys.hexversion >= 0x030807C1 or ++ sys.hexversion >= 0x030901C1): ++ raise unittest.SkipTest + with path('mailman.email.tests.data', 'bad_email.eml') as email_path: + with open(str(email_path), 'rb') as fp: + msg = message_from_binary_file(fp, Message) +-- +GitLab diff --git a/support-sqlalchemy-1-4.patch b/support-sqlalchemy-1-4.patch new file mode 100644 index 0000000000000000000000000000000000000000..2c7c08fdb89792dfb6f106edbaf0e2a40e6bb042 --- /dev/null +++ b/support-sqlalchemy-1-4.patch @@ -0,0 +1,47 @@ +diff --git a/src/mailman/database/types.py b/src/mailman/database/types.py +index 1913a0a..4e97bf6 100644 +--- a/src/mailman/database/types.py ++++ b/src/mailman/database/types.py +@@ -34,6 +34,7 @@ class Enum(TypeDecorator): + converts it on-the-fly. + """ + impl = Integer ++ cache_ok = False + + def __init__(self, enum, *args, **kw): + super().__init__(*args, **kw) +@@ -59,6 +60,7 @@ class UUID(TypeDecorator): + + """ + impl = CHAR ++ cache_ok = False + + def load_dialect_impl(self, dialect): + if dialect.name == 'postgresql': +@@ -93,6 +95,7 @@ class SAUnicode(TypeDecorator): + type and it can still be used if needed in the codebase. + """ + impl = Unicode ++ cache_ok = False + + + @compiles(SAUnicode) +@@ -113,6 +116,7 @@ class SAUnicodeLarge(TypeDecorator): + This is double size of SAUnicode defined above. + """ + impl = Unicode ++ cache_ok = False + + + @compiles(SAUnicodeLarge, 'mysql') +@@ -139,6 +143,7 @@ class SAUnicodeXL(TypeDecorator): + See https://docs.sqlalchemy.org/en/latest/dialects/mysql.html#index-length + """ + impl = Unicode ++ cache_ok = False + + + @compiles(SAUnicodeXL, 'mysql') +-- +2.27.0 +