Security update to 2.1.26 (XSS bug), assorted other fixes.
- Fix checksum failures in Defaults.py[c]: No longer patch Defaults.py in postinstall, instead configure --with-mailhost=localhost --with-urlhost=localhost, as Fedora and Arch Linux do.
- Add a related note to FreeBSD-post-install-notes.
- Add a related safeguard to the rcfile, which will refuse to run if the DEFAULT_*_HOSTs are not configured. This can be changed with a new mailman_run_localhost="YES" rc.conf setting, which will then restrict itself to printing the warnings, but still start mailman.
- Update htdig patch to upstream SVN r1734.
- Bump USES, python:2 -> python:2.7
- Regenerated patches.
Changelog:
https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/1743/NEWS#L8
Release/SecuritY announcement:
https://www.mail-archive.com/mailman-users@python.org/msg70478.html
PR: 225767 (related vuxml entry)
Reported by: Vladimir Krstulja
MFH: 2018Q1
Security: CVE-2018-5950
Security: 3d0eeef8-0cf9-11e8-99b0-d017c2987f9a