Mailman-announce
Threads by month
- ----- 2024 -----
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
July 2001
- 2 participants
- 2 discussions
Folks,
I've just released Mailman 2.0.6 which fixes a potential security
problem in Mailman 2.0.x, and includes a few other minor bug fixes.
It is possible, although unlikely, that you could have an empty site
password, or an empty list password. Because of peculiarities in the
Unix crypt() function, such empty passwords could allow unauthorized
access to the list administrative pages with an arbitrary password
string. This situation does not occur normally, but it is possible to
create it by accident (e.g. by touch'ing data/adm.pw).
This patch ensures that such empty passwords do not allow unauthorized
access, by first checking to make sure that the salt is at least 2
characters in length. Alternatively, you can make sure that either
data/adm.pw does not exist or that it is not empty. For the extra
paranoid, you'd need to be sure that none of your lists have empty
passwords, but that's an even more difficult situation to create by
accident.
This patch guards against both situations. Please note that Mailman
2.1alpha is not vulnerable to this problem because it does not use
crypt().
A few other minor bugs have been fixed; see the NEWS excerpt below for
details.
As usual, I'm releasing this as both a complete tarball and as a patch
against Mailman 2.0.5. You /must/ update your source to 2.0.5 before
applying the 2.0.6 patch. Since the patch is small, I'm including it
in this message. To apply, cd into your 2.0.5 source tree and apply
it like so:
% patch -p0 < mailman-2.0.5-2.0.6.txt
Then run "config.status; make install".
Currently both http://mailman.sf.net and http://www.list.org are
updated, and I expect the gnu.org site to be updated soon as well.
The release information on SF is at
http://sourceforge.net/project/shownotes.php?release_id=45268
See also
http://www.gnu.org/software/mailman
http://www.list.org
http://mailman.sf.net
My thanks to Dave Helton, Ray Sanders, and Thomas Wouters for their
help with this release.
Enjoy,
-Barry
Index: NEWS
===================================================================
RCS file: /cvsroot/mailman/mailman/NEWS,v
retrieving revision 1.25.2.6
retrieving revision 1.25.2.9
diff -u -r1.25.2.6 -r1.25.2.9
--- NEWS 2001/05/03 21:06:56 1.25.2.6
+++ NEWS 2001/07/25 18:52:27 1.25.2.9
@@ -4,6 +4,34 @@
Here is a history of user visible changes to Mailman.
+2.0.6 (25-Jul-2001)
+
+ Security fix:
+
+ - Fixed a potential security hole which could allow access to list
+ administrative features by unauthorized users. If there is an
+ empty data/adm.pw file (the site password file), then any
+ password will be accepted as the list administrative password.
+ This exploit is caused by a common "bug" in the crypt() function
+ suffered by several Unix distributions, including at least
+ GNU/Linux and Solaris. Given a salt string of length zero,
+ crypt() always returns the empty string.
+
+ In lieu of applying this patch, sites can run bin/mmsitepass and
+ ensure that data/adm.pw is of length 2 or greater.
+
+ Bug fixes:
+
+ - Ensure that even if DEFAULT_URL is misconfigured in mm_cfg.py
+ (i.e. is missing a trailing slash), it is always fixed upon list
+ creation.
+
+ - Check for administrivia holds before any other tests.
+
+ - SF bugs fixed: 407666, 227694
+
+ - Other miscellaneous buglets fixed.
+
2.0.5 (04-May-2001)
Fix a lock stagnation problem that can result when the user hits
Index: Mailman/MailList.py
===================================================================
RCS file: /cvsroot/mailman/mailman/Mailman/MailList.py,v
retrieving revision 1.189
retrieving revision 1.189.2.2
diff -u -r1.189 -r1.189.2.2
--- Mailman/MailList.py 2000/11/16 04:33:27 1.189
+++ Mailman/MailList.py 2001/05/29 14:45:27 1.189.2.2
@@ -1,4 +1,4 @@
-# Copyright (C) 1998,1999,2000 by the Free Software Foundation, Inc.
+# Copyright (C) 1998,1999,2000,2001 by the Free Software Foundation, Inc.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
@@ -712,7 +712,7 @@
" fails, or if the pattern does contain an `@', then the pattern"
" is matched against the entire recipient address. "
" <p>Matching against the local part is deprecated; in a future"
- " release, the patterm will always be matched against the "
+ " release, the pattern will always be matched against the "
" entire recipient address."),
('max_num_recipients', mm_cfg.Number, 5, 0,
@@ -787,6 +787,7 @@
self.InitVars(name, admin, crypted_password)
self._ready = 1
self.InitTemplates()
+ self.CheckValues()
self.Save()
# Touch these files so they have the right dir perms no matter what.
# A "just-in-case" thing. This shouldn't have to be here.
Index: Mailman/SecurityManager.py
===================================================================
RCS file: /cvsroot/mailman/mailman/Mailman/SecurityManager.py,v
retrieving revision 1.31
retrieving revision 1.31.2.1
diff -u -r1.31 -r1.31.2.1
--- Mailman/SecurityManager.py 2000/10/02 20:40:41 1.31
+++ Mailman/SecurityManager.py 2001/07/25 18:07:51 1.31.2.1
@@ -1,4 +1,4 @@
-# Copyright (C) 1998,1999,2000 by the Free Software Foundation, Inc.
+# Copyright (C) 1998,1999,2000,2001 by the Free Software Foundation, Inc.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
@@ -44,8 +44,12 @@
def ValidAdminPassword(self, pw):
if Utils.CheckSiteAdminPassword(pw):
return 1
- return type(pw) == StringType and \
- Crypt.crypt(pw, self.password) == self.password
+ salt = self.password[:2]
+ # crypt() has a bug in that if the salt is the empty string, it will
+ # always return the empty string, regardless of the key. :(
+ if len(salt) < 2:
+ return 0
+ return Crypt.crypt(pw, salt) == self.password
def ConfirmAdminPassword(self, pw):
if not self.ValidAdminPassword(pw):
Index: Mailman/Utils.py
===================================================================
RCS file: /cvsroot/mailman/mailman/Mailman/Utils.py,v
retrieving revision 1.104.2.2
retrieving revision 1.104.2.4
diff -u -r1.104.2.2 -r1.104.2.4
--- Mailman/Utils.py 2001/04/18 04:23:07 1.104.2.2
+++ Mailman/Utils.py 2001/07/25 18:06:46 1.104.2.4
@@ -262,7 +262,7 @@
finally:
os.umask(ou)
if verbose:
- print 'made directory: ', madepart
+ print 'made directory: ', made_part
@@ -405,7 +405,12 @@
f = open(mm_cfg.SITE_PW_FILE)
pw2 = f.read()
f.close()
- return Crypt.crypt(pw1, pw2[:2]) == pw2
+ salt = pw2[:2]
+ # crypt() has a bug in that if the salt is the empty string, it will
+ # always return the empty string, regardless of the key. :(
+ if len(salt) < 2:
+ return 0
+ return Crypt.crypt(pw1, salt) == pw2
# There probably is no site admin password if there was an exception
except IOError:
return 0
Index: Mailman/Version.py
===================================================================
RCS file: /cvsroot/mailman/mailman/Mailman/Version.py,v
retrieving revision 1.20.2.5
retrieving revision 1.20.2.6
diff -u -r1.20.2.5 -r1.20.2.6
--- Mailman/Version.py 2001/05/03 20:58:19 1.20.2.5
+++ Mailman/Version.py 2001/07/25 18:05:30 1.20.2.6
@@ -15,7 +15,7 @@
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
# Mailman version
-VERSION = "2.0.5"
+VERSION = "2.0.6"
# And as a hex number in the manner of PY_VERSION_HEX
ALPHA = 0xa
@@ -27,7 +27,7 @@
MAJOR_REV = 2
MINOR_REV = 0
-MICRO_REV = 5
+MICRO_REV = 6
REL_LEVEL = FINAL
# at most 15 beta releases!
REL_SERIAL = 0
Index: Mailman/versions.py
===================================================================
RCS file: /cvsroot/mailman/mailman/Mailman/versions.py,v
retrieving revision 1.27
retrieving revision 1.27.2.1
diff -u -r1.27 -r1.27.2.1
--- Mailman/versions.py 2000/06/14 05:09:58 1.27
+++ Mailman/versions.py 2001/07/10 14:58:56 1.27.2.1
@@ -142,7 +142,7 @@
# set admin_notify_mchanges
#
if not hasattr(l, "admin_notify_mchanges"):
- setatrr(l, "admin_notify_mchanges",
+ setattr(l, "admin_notify_mchanges",
mm_cfg.DEFAULT_ADMIN_NOTIFY_MCHANGES)
#
# Convert the members and digest_members addresses so that the keys of
Index: Mailman/Archiver/pipermail.py
===================================================================
RCS file: /cvsroot/mailman/mailman/Mailman/Archiver/pipermail.py,v
retrieving revision 1.15
retrieving revision 1.15.2.2
diff -u -r1.15 -r1.15.2.2
--- Mailman/Archiver/pipermail.py 2000/10/20 06:18:11 1.15
+++ Mailman/Archiver/pipermail.py 2001/06/01 22:30:16 1.15.2.2
@@ -62,7 +62,7 @@
# Abstract class for databases
-class DatabaseInterface:
+class DatabaseInterface:
def __init__(self): pass
def close(self): pass
def getArticle(self, archive, msgid): pass
@@ -162,13 +162,15 @@
id = strip_separators(message.getheader('Message-Id'))
if id == "":
self.msgid = str(self.sequence)
- else: self.msgid = id
+ else:
+ self.msgid = id
if message.has_key('Subject'):
self.subject = str(message['Subject'])
else:
+ self.subject = 'No subject'
+ if self.subject == "":
self.subject = 'No subject'
- if self.subject == "": self.subject = 'No subject'
self._set_date(message)
@@ -180,7 +182,8 @@
self.email = strip_separators(self.email)
self.author = strip_separators(self.author)
- if self.author == "": self.author = self.email
+ if self.author == "":
+ self.author = self.email
# Save the In-Reply-To:, References:, and Message-ID: lines
#
@@ -197,8 +200,10 @@
self.in_reply_to = ''
else:
match = msgid_pat.search(i_r_t)
- if match is None: self.in_reply_to = ''
- else: self.in_reply_to = strip_separators(match.group(1))
+ if match is None:
+ self.in_reply_to = ''
+ else:
+ self.in_reply_to = strip_separators(match.group(1))
references = message.getheader('References')
if references is None:
@@ -352,7 +357,7 @@
refs[0])
for ref in refs[1:]:
a = self.database.getArticle(self.archive, ref)
- if a.date > maxdate.data:
+ if a.date > maxdate.date:
maxdate = a
parentID = maxdate.msgid
else:
Index: Mailman/Bouncers/BouncerAPI.py
===================================================================
RCS file: /cvsroot/mailman/mailman/Mailman/Bouncers/BouncerAPI.py,v
retrieving revision 1.11
retrieving revision 1.11.2.1
diff -u -r1.11 -r1.11.2.1
--- Mailman/Bouncers/BouncerAPI.py 2000/09/21 04:50:10 1.11
+++ Mailman/Bouncers/BouncerAPI.py 2001/07/10 15:00:09 1.11.2.1
@@ -82,6 +82,7 @@
# for testing
if __name__ == '__main__':
+ import sys
import mimetools
from Mailman import MailList
Index: Mailman/Bouncers/DSN.py
===================================================================
RCS file: /cvsroot/mailman/mailman/Mailman/Bouncers/DSN.py,v
retrieving revision 1.7
retrieving revision 1.7.2.1
diff -u -r1.7 -r1.7.2.1
--- Mailman/Bouncers/DSN.py 2000/07/21 05:25:53 1.7
+++ Mailman/Bouncers/DSN.py 2001/07/25 18:04:42 1.7.2.1
@@ -1,4 +1,4 @@
-# Copyright (C) 1998,1999,2000 by the Free Software Foundation, Inc.
+# Copyright (C) 1998,1999,2000,2001 by the Free Software Foundation, Inc.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
@@ -43,8 +43,8 @@
def process(msg):
- if msg.gettype() <> 'multipart/report' or \
- msg.getparam('report-type') <> 'delivery-status':
+ if string.lower(msg.gettype()) <> 'multipart/report' or \
+ string.lower(msg.getparam('report-type')) <> 'delivery-status':
# then
return None
boundary = msg.getparam('boundary')
Index: Mailman/Cgi/handle_opts.py
===================================================================
RCS file: /cvsroot/mailman/mailman/Mailman/Cgi/Attic/handle_opts.py,v
retrieving revision 1.30.2.2
retrieving revision 1.30.2.3
diff -u -r1.30.2.2 -r1.30.2.3
--- Mailman/Cgi/handle_opts.py 2001/05/03 21:05:06 1.30.2.2
+++ Mailman/Cgi/handle_opts.py 2001/07/10 14:52:32 1.30.2.3
@@ -266,14 +266,14 @@
except Errors.MMNotAMemberError:
PrintResults(mlist, operation, doc,
"%s isn't subscribed to this list."
- % mail.GetSender(), user)
+ % user, user)
except Errors.MMListNotReadyError:
PrintResults(mlist, operation, doc, "List is not functional.",
user)
except Errors.MMNoSuchUserError:
PrintResults(mlist, operation, doc,
"%s is not subscribed to this list."
- % mail.GetSender(), user)
+ % user, user)
except Errors.MMBadPasswordError:
PrintResults(mlist, operation, doc,
"You gave the wrong password.", user)
Index: Mailman/Handlers/Hold.py
===================================================================
RCS file: /cvsroot/mailman/mailman/Mailman/Handlers/Hold.py,v
retrieving revision 1.16
retrieving revision 1.16.2.2
diff -u -r1.16 -r1.16.2.2
--- Mailman/Handlers/Hold.py 2000/08/01 23:02:28 1.16
+++ Mailman/Handlers/Hold.py 2001/05/31 21:05:44 1.16.2.2
@@ -1,4 +1,4 @@
-# Copyright (C) 1998,1999,2000 by the Free Software Foundation, Inc.
+# Copyright (C) 1998,1999,2000,2001 by the Free Software Foundation, Inc.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
@@ -118,6 +118,11 @@
if not sender or sender[:len(listname)+6] == adminaddr:
sender = msg.GetSender(use_envelope=0)
#
+ # possible administrivia?
+ if mlist.administrivia and Utils.IsAdministrivia(msg):
+ hold_for_approval(mlist, msg, msgdata, Administrivia)
+ # no return
+ #
# is the poster in the list of explicitly forbidden posters?
if len(mlist.forbidden_posters):
forbiddens = Utils.List2Dict(mlist.forbidden_posters)
@@ -175,11 +180,6 @@
not msgdata.get('fromusenet'):
# then
hold_for_approval(mlist, msg, msgdata, ImplicitDestination)
- # no return
- #
- # possible administrivia?
- if mlist.administrivia and Utils.IsAdministrivia(msg):
- hold_for_approval(mlist, msg, msgdata, Administrivia)
# no return
#
# suspicious headers?
Index: admin/www/download.ht
===================================================================
RCS file: /cvsroot/mailman/mailman/admin/www/download.ht,v
retrieving revision 1.5.2.6
retrieving revision 1.5.2.7
diff -u -r1.5.2.6 -r1.5.2.7
--- admin/www/download.ht 2001/05/03 21:09:36 1.5.2.6
+++ admin/www/download.ht 2001/07/25 18:08:31 1.5.2.7
@@ -65,9 +65,9 @@
<h3>Downloading</h3>
<p>Version
-(<!-VERSION--->2.0.5<!-VERSION--->,
+(<!-VERSION--->2.0.6<!-VERSION--->,
released on
-<!-DATE--->May 4 2001<!-DATE--->)
+<!-DATE--->Jul 25 2001<!-DATE--->)
is the current GNU release. It is available from the following mirror sites:
<ul>
Index: admin/www/download.html
===================================================================
RCS file: /cvsroot/mailman/mailman/admin/www/download.html,v
retrieving revision 1.6.2.8
retrieving revision 1.6.2.9
diff -u -r1.6.2.8 -r1.6.2.9
--- admin/www/download.html 2001/05/03 21:09:36 1.6.2.8
+++ admin/www/download.html 2001/07/25 18:08:31 1.6.2.9
@@ -1,6 +1,6 @@
<HTML>
<!-- THIS PAGE IS AUTOMATICALLY GENERATED. DO NOT EDIT. -->
-<!-- Thu May 3 17:09:03 2001 -->
+<!-- Wed Jul 25 14:08:14 2001 -->
<!-- USING HT2HTML 1.1 -->
<!-- SEE http://www.wooz.org/barry/software/pyware.html -->
<!-- User-specified headers:
@@ -237,9 +237,9 @@
<h3>Downloading</h3>
<p>Version
-(<!-VERSION--->2.0.5<!-VERSION--->,
+(<!-VERSION--->2.0.6<!-VERSION--->,
released on
-<!-DATE--->May 4 2001<!-DATE--->)
+<!-DATE--->Jul 25 2001<!-DATE--->)
is the current GNU release. It is available from the following mirror sites:
<ul>
Index: bin/find_member
===================================================================
RCS file: /cvsroot/mailman/mailman/bin/find_member,v
retrieving revision 1.5
retrieving revision 1.5.2.1
diff -u -r1.5 -r1.5.2.1
--- bin/find_member 2000/09/11 03:58:57 1.5
+++ bin/find_member 2001/07/25 17:38:43 1.5.2.1
@@ -90,7 +90,7 @@
try:
mlist = MailList.MailList(listname, lock=0)
except Errors.MMListError:
- print 'No such list "%s"' % name
+ print 'No such list "%s"' % listname
continue
if options.owners:
owners = mlist.owner
Index: src/cgi-wrapper.c
===================================================================
RCS file: /cvsroot/mailman/mailman/src/cgi-wrapper.c,v
retrieving revision 1.13
retrieving revision 1.13.2.1
diff -u -r1.13 -r1.13.2.1
--- src/cgi-wrapper.c 2000/03/21 06:26:41 1.13
+++ src/cgi-wrapper.c 2001/05/29 13:20:27 1.13.2.1
@@ -23,7 +23,7 @@
/* passed in by configure */
#define SCRIPTNAME SCRIPT
-#define LOG_IDENT "Mailman cgi-wrapper (" ## SCRIPT ## ")"
+#define LOG_IDENT "Mailman cgi-wrapper (" SCRIPT ")"
/* GID that CGI scripts run as. See your Web server's documentation. */
#define LEGAL_PARENT_GID CGI_GID
Index: src/common.c
===================================================================
RCS file: /cvsroot/mailman/mailman/src/common.c,v
retrieving revision 1.26
retrieving revision 1.26.2.1
diff -u -r1.26 -r1.26.2.1
--- src/common.c 2000/11/09 06:18:02 1.26
+++ src/common.c 2001/05/29 13:20:27 1.26.2.1
@@ -20,7 +20,7 @@
#include "common.h"
/* passed in by configure */
-#define SCRIPTDIR PREFIX ## "/scripts/" /* trailing slash */
+#define SCRIPTDIR PREFIX "/scripts/" /* trailing slash */
#define MODULEDIR PREFIX /* no trailing slash */
const char* scriptdir = SCRIPTDIR;
1
0
This the official announcement for Mailman 2.1 alpha 2. Because it's
an alpha, this announcement is only going out to the mailman-* mailing
lists. I'll make two warnings: you probably should still not use this
version for production systems (but TIA for any and all testing you do
with it!), and I've already had a couple of bug fixes from early
adopters. 2.1a2 should still be useful, but you might want to keep an
eye on cvs and the mailman-checkins list for updates.
I am only making the tarball available on SourceForge, so you'll need
to go to http://sf.net/projects/mailman to grab it. You'll also need
to upgrade to mimelib-0.4, so be sure to go to
http://sf.net/projects/mimelib to grab and install that tarball first.
To view the on-line documentation, see
http://www.list.org/MM21/index.html
or
http://mailman.sf.net/MM21/index.html
Below is an excerpt from the NEWS file for all the changes since
2.1alpha1. There are a bunch of new features coming down the pike,
and I hope to have an alpha3 out soon. I'm also planning on doing
much more stress testing of this version with real list traffic, and
I'm hoping we'll start to get more languages integrated into cvs.
Enjoy,
-Barry
-------------------- snip snip --------------------
2.1 alpha 2 (11-Jul-2001)
- Building
o mimelib 0.4 is now required. Get it from
http://mimelib.sf.net. If you've installed an earlier
version of mimelib, you must upgrade.
o /usr/local/mailman is now the default installation
directory. Use configure's --prefix switch to change it
back to the default (/home/mailman) or any other
installation directory of your choice.
- Security
o Better definition of authentication domains. The following
roles have been defined: user, list-admin, list-moderator,
creator, site-admin.
o There is now a separate role of "list moderator", which has
access to the pending requests (admindb) page, but not the
list configuration pages.
o Subscription confirmations can now be performed via email or
via URL. When a subscription is received, a unique (sha)
confirm URL is generated in the confirmation message.
Simply visiting this URL completes the subscription process.
o In a similar manner, removal requests (via web or email
command) no longer require the password. If the correct
password is given, the removal is performed immediately. If
no password is given, then a confirmation message is
generated.
- Internationalization
o More I18N patches. The basic infrastructure should now be
working correctly. Spanish templates and catalogs are
included, and English, French, Hungarian, and Big5 templates
are included.
o Cascading specializations and internationalization of
templates. Templates are now search for in the following
order: list-specific location, domain-specific location,
site-wide location, global defaults. Each search location
is further qualified by the language being displayed. This
means that you only need to change the templates that are
different from the global defaults.
Templates renamed: admlogin.txt => admlogin.html
Templates added: private.html
- Web UI
o Redesigned the user options page. It now sits behind an
authentication so user options cannot be viewed without the
proper password. The other advantage is that the user's
password need not be entered on the options page to
unsubscribe or change option values. The login screen also
provides for password mail-back, and unsubscription w/
confirmation.
Other new features accessible from the user options page
include: ability to change email address (with confirmation)
both per-list and globally for all list on virtual domain;
global membership password changing; global mail delivery
disable/enable; ability to suppress password reminders both
per-list and globally; logout button.
[Note: the handle_opts cgi has gone away]
o Color schemes for non-template based web pages can be defined
via mm_cfg.
o Redesign of the membership management page. The page is now
split into three subcategories (Membership List, Mass
Subscription, and Mass Removal). The Membership List
subcategory now supports searching for member addresses by
regular expression, and if necessary, it groups member
addresses first alphabetically, and then by chunks.
Mass Subscription and Mass Removal now support file upload,
with one address per line.
o Hyperlinks from the logos in the footers have been removed.
The sponsors got too much "unsubscribe me!" spam from
desperate user of Mailman at other sites.
o New buttons on the digest admin page to send a digest
immediately (if it's non-empty), to start a new digest
volume with the next digest, and to select the interval with
which to automatically start a new digest volume (yearly,
monthly, quarterly, weekly, daily).
DEFAULT_DIGEST_VOLUME_FREQUENCY is a new configuration
variable, initially set to give a new digest volume monthly.
o Through-the-web list creation and removal, using a separate
site-wide authentication role called the "list creator and
destroyer" or simply "list creator". If the configuration
variable OWNERS_CAN_DELETE_THEIR_OWN_LISTS is set to 1 (by
default, it's 0), then list admins can delete their own
lists.
This feature requires an adaptor for the particular MTA
you're using. An adaptor for Postfix is included, as is a
dumb adaptor that just emails mailman@yoursite with the
necessary Sendmail style /etc/alias file changes. Some MTAs
like Exim can be configured to automatically recognize new
lists. The adaptor is selected via the MTA option in
mm_cfg.py
- Email UI
o In email commands, "join" is a synonym for
"subscribe". "remove" and "leave" are synonyms for
"unsubscribe". New robot addresses are support to make
subscribing and unsubscribing much easier:
mylist-join@mysite
mylist-leave@mysite
o Confirmation messages have a shortened Subject: header,
containing just the word "confirm" and the confirmation
cookie. This should help for MUAs that like to wrap long
Subject: lines, messing up confirmation.
o Mailman now recognizes an Urgent: header, which, if it
contains the list moderator or list administrator password,
forces the message to be delivered immediately to all
members (i.e. both regular and digest members). The message
is also placed in the digest. If the password is incorrect,
the message will be bounced back to the sender.
- Performance
o Refinements to the new qrunner subsystem which preserves
FIFO order of messages.
o The qrunner is no longer started from cron. It is started
by a Un*x init-style script called bin/mailmanctl (see
below). cron/qrunner has been removed.
- Command line scripts
o bin/mailmanctl script added, which is used to start, stop,
and restart the qrunner daemon.
o bin/qrunner script added which allows a single sub-qrunner
to run once through its processing loop.
o bin/change_pw script added (eases mass changing of list
passwords).
o bin/update grows a -f switch to force an update.
o bin/newlang renamed to bin/addlang; bin/rmlang removed.
o bin/mmsitepass has grown a -c option to set the list
creator's password. The site-wide `create' web page is
linked to from the admin overview page.
o bin/newlist's -o option is removed. This script also grows
a way of spelling the creation of a list in a specific
virtual domain.
o The `auto' script has been removed.
o bin/dumpdb has grown -m/--marshal and -p/--pickle options.
o bin/list_admins can be used to print the owners of a mailing list.
o bin/genaliases regenerates from scratch the aliases and
aliases.db file for the Postfix MTA.
- Archiver
o New archiver date clobbering option, which allows dates to
only be clobber if they are outrageously out-of-date
(default setting is 15 days on either side of received
timestamp). New configuration variables:
ARCHIVER_CLOBBER_DATE_POLICY
ARCHIVER_ALLOWABLE_SANE_DATE_SKEW
The archived copy of messages grows an X-List-Received-Date:
header indicating the time the message was received by
Mailman.
o PRIVATE_ARCHIVE_URL configuration variable is removed (this
can be calculated on the fly, and removing it actually makes
site configuration easier).
- Miscellaneous
o Several new README's have been added.
o Most syslog entries for the qrunner have been redirected to
logs/error.
o On SIGHUP, qrunner will re-open all its log files and
restart all child processes. See "bin/mailmanctl restart".
- Patches and bug fixes
o SF patches and bug fixes applied: 420396, 424389, 227694,
426002, 401372 (partial), 401452.
o Fixes in 2.0.5 ported forward:
Fix a lock stagnation problem that can result when the
user hits the `stop' button on their browser during a
write operation that can take a long time (e.g. hitting
the membership management admin page).
o Fixes in 2.0.4 ported forward:
Python 2.1 compatibility release. There were a few
questionable constructs and uses of deprecated modules
that caused annoying warnings when used with Python 2.1.
This release quiets those warnings.
o Fixes in 2.0.3 ported forward:
Bug fix release. There was a small typo in 2.0.2 in
ListAdmin.py for approving an already subscribed member
(thanks Thomas!). Also, an update to the OpenWall
security workaround (contrib/securelinux_fix.py) was
included. Thanks to Marc Merlin.
1
0