*** This bug is a security vulnerability ***
Private security bug reported:
We may have to set lifetime for input forms because of recent activities
on cross-site request forgery (CSRF). The form lifetime is successfully
deployed in frameworks like web.py or plone etc. Proposed branch
lp:~tkikuchi/mailman/form-lifetime implement lifetime in admin, admindb,
options and edithtml interfaces. Other forms like create and rmlist
have confirmation by password thus are safe regarding CSRF. The form
generation time is set by a hidden parameter whose value is calculated
following the mailman cookie algorithm. The default lifetime is set 1
hour in Default.py thus configurable by a site administrator. If a
password is set in request, authorization cookie is discarded so the
password authentication is forced. Wget tricks to manage list in FAQ
can be used as they are now.
** Affects: mailman
Importance: Undecided
Status: New
** Branch linked: lp:~tkikuchi/mailman/form-lifetime
--
You received this bug notification because you are a member of Mailman
Coders, which is a direct subscriber.
https://bugs.launchpad.net/bugs/775294
Title:
Set lifetime for input forms
Public bug reported:
When configured to hide email addresses. a mailman user should be able
to contact someone else by using a request contact form a profile page
representing a user. This form would email the recipient of the request
a short message explaining who is trying to get in contact, and the
email address of the user requesting contact.
** Affects: mailman
Importance: Undecided
Status: New
** Tags: wishlist
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1104498
Title:
Member contact requests
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1104498/+subscriptions
Public bug reported:
separate installation of zope interface 3.8.0 fixes the issue, afterwards mailman 3.0.0.8a
OS: Scientific Linux 6.1, Python 2.6.6
** Affects: mailman
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/889829
Title:
setup takes zope interface 3.5.1, but needs 3.8.0
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/889829/+subscriptions
Public bug reported:
Mailman should create atom/rss web feeds from lists as well as
individual posts (threads) or searches.
** Affects: mailman
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1104507
Title:
Web feeds
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1104507/+subscriptions
Public bug reported:
Here's what I did as recorded in Terminal.app:
steve@turnbull:~/src/Mailman3/mailman.client$ python
Python 2.7.3rc2 (default, Apr 22 2012, 22:30:17)
[GCC 4.6.3] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import os
>>> import time
>>> import subprocess
>>> from mailman.client import Client
>>> c = Client('http://localhost:8001/3.0', 'restadmin', 'restpass')
>>> dump(c.system)
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
NameError: name 'dump' is not defined
>>> c.lists
[<List "mm3-test(a)turnbull.sk.tsukuba.ac.jp">]
>>> c.domains
[<Domain "turnbull.sk.tsukuba.ac.jp">]
>>> print c.domains[0].url_host
turnbull.sk.tsukuba.ac.jp
>>> print c.domains[0].mail_host
turnbull.sk.tsukuba.ac.jp
>>> l = c.lists[0]
>>> l.fqdn_listname
u'mm3-test(a)turnbull.sk.tsukuba.ac.jp'
>>> c.get_list('mm3-test(a)turnbull.sk.tsukuba.ac.jp')
<List "mm3-test(a)turnbull.sk.tsukuba.ac.jp">
>>> c.get_list(u'mm3-test(a)turnbull.sk.tsukuba.ac.jp')
<List "mm3-test(a)turnbull.sk.tsukuba.ac.jp">
>>> c.members
[<Member "turnbull(a)sk.tsukuba.ac.jp" on "mm3-test(a)turnbull.sk.tsukuba.ac.jp">]
>>> print c.members[0].self_link
http://localhost:8001/3.0/members/230487102891977069915270988864921324936
>>> print c.members[0].link
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
AttributeError: '_Member' object has no attribute 'link'
>>> print c.users[0]
<User "None" (323817100493882819169277267745120573853)>
>>> print c.users
[<User "None" (323817100493882819169277267745120573853)>]
>>> print c.users[0].addresses
<mailman.client._client._Addresses object at 0x7f6b849c7a10>
>>> print c.users[0].addresses[0]
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
TypeError: '_Addresses' object does not support indexing
>>> for a in print c.users[0].addresses:
File "<stdin>", line 1
for a in print c.users[0].addresses:
^
SyntaxError: invalid syntax
>>> for a in c.users[0].addresses:
... print a
...
turnbull(a)sk.tsukuba.ac.jp
>>> for a in sorted(l.settings):
... print a + ': ' + string(l.settings[a])
...
Traceback (most recent call last):
File "<stdin>", line 2, in <module>
NameError: name 'string' is not defined
>>> for a in sorted(l.settings):
... print a + ': ' + str(l.settings[a])
...
acceptable_aliases: []
admin_immed_notify: True
admin_notify_mchanges: False
administrivia: True
advertised: True
allow_list_posts: True
anonymous_list: False
autorespond_owner: none
autorespond_postings: none
autorespond_requests: none
autoresponse_grace_period: 90d
autoresponse_owner_text:
autoresponse_postings_text:
autoresponse_request_text:
bounces_address: mm3-test-bounces(a)turnbull.sk.tsukuba.ac.jp
collapse_alternatives: True
convert_html_to_plaintext: False
created_at: 2012-08-09T03:16:21.186456
default_member_action: defer
default_nonmember_action: hold
description:
digest_last_sent_at: None
digest_size_threshold: 30.0
display_name: Mm3-test
filter_content: False
fqdn_listname: mm3-test(a)turnbull.sk.tsukuba.ac.jp
generic_nonmember_action: 1
http_etag: "b8b4e1df6bc8d8ee33f363927022d0bcc86569bb"
include_rfc2369_headers: True
join_address: mm3-test-join(a)turnbull.sk.tsukuba.ac.jp
last_post_at: None
leave_address: mm3-test-leave(a)turnbull.sk.tsukuba.ac.jp
list_name: mm3-test
mail_host: turnbull.sk.tsukuba.ac.jp
next_digest_number: 1
no_reply_address: noreply(a)turnbull.sk.tsukuba.ac.jp
owner_address: mm3-test-owner(a)turnbull.sk.tsukuba.ac.jp
post_id: 1
posting_address: mm3-test(a)turnbull.sk.tsukuba.ac.jp
posting_pipeline: default-posting-pipeline
reply_goes_to_list: no_munging
request_address: mm3-test-request(a)turnbull.sk.tsukuba.ac.jp
scheme: http
send_welcome_message: True
volume: 1
web_host: turnbull.sk.tsukuba.ac.jp
welcome_message_uri: mailman:///welcome.txt
>>> dir()
['Client', '__builtins__', '__doc__', '__name__', '__package__', 'a', 'c', 'l', 'os', 'subprocess', 'time']
>>> dir(Client)
['__class__', '__delattr__', '__dict__', '__doc__', '__format__', '__getattribute__', '__hash__', '__init__', '__module__', '__new__', '__reduce__', '__reduce_ex__', '__repr__', '__setattr__', '__sizeof__', '__str__', '__subclasshook__', '__weakref__', 'create_domain', 'delete_domain', 'delete_list', 'domains', 'get_domain', 'get_list', 'get_user', 'lists', 'members', 'preferences', 'system', 'users']
>>> dir(Client.system)
['__class__', '__delattr__', '__delete__', '__doc__', '__format__', '__get__', '__getattribute__', '__hash__', '__init__', '__new__', '__reduce__', '__reduce_ex__', '__repr__', '__set__', '__setattr__', '__sizeof__', '__str__', '__subclasshook__', 'deleter', 'fdel', 'fget', 'fset', 'getter', 'setter']
>>> dir(l)
['__class__', '__delattr__', '__dict__', '__doc__', '__format__', '__getattribute__', '__hash__', '__init__', '__module__', '__new__', '__reduce__', '__reduce_ex__', '__repr__', '__setattr__', '__sizeof__', '__str__', '__subclasshook__', '__weakref__', '_connection', '_get_info', '_info', '_url', 'accept_message', 'defer_message', 'delete', 'discard_message', 'display_name', 'fqdn_listname', 'get_member', 'held', 'list_name', 'mail_host', 'members', 'moderate_message', 'reject_message', 'settings', 'subscribe', 'unsubscribe']
>>> l._connection.__doc__
u'A connection to the REST client.'
>>> l.held.__doc__
^CTraceback (most recent call last):
File "<stdin>", line 1, in <module>
File "mailman/client/_client.py", line 350, in held
'lists/{0}/held'.format(self.fqdn_listname), None, 'GET')
File "mailman/client/_client.py", line 114, in call
response, content = Http().request(url, method, data, headers)
File "/usr/lib/python2.7/dist-packages/httplib2/__init__.py", line 1543, in request
(response, content) = self._request(conn, authority, uri, request_uri, method, body, headers, redirections, cachekey)
File "/usr/lib/python2.7/dist-packages/httplib2/__init__.py", line 1293, in _request
(response, content) = self._conn_request(conn, request_uri, method, body, headers)
File "/usr/lib/python2.7/dist-packages/httplib2/__init__.py", line 1263, in _conn_request
response = conn.getresponse()
File "/usr/lib/python2.7/httplib.py", line 1030, in getresponse
response.begin()
File "/usr/lib/python2.7/httplib.py", line 407, in begin
version, status, reason = self._read_status()
File "/usr/lib/python2.7/httplib.py", line 365, in _read_status
line = self.fp.readline()
File "/usr/lib/python2.7/socket.py", line 430, in readline
data = recv(1)
File "/home/steve/src/Mailman3/mailman-trunk/src/mailman/email/message.py", l\
ine 226, in _enqueue
virginq.enqueue(self, **str_keywords)
File "/home/steve/src/Mailman3/mailman-trunk/src/mailman/core/switchboard.py"\
, line 123, in enqueue
msgsave = cPickle.dumps(_msg, protocol)
After the above I tried a couple of things, like printing l.held (with
no further attribute). These also hung for a few seconds and I
interrupted with ^C.
Eventually it failed with an error about not being connected to Mailman.
I thought Mailman had crashed, but when I tried shutting down Mailman
using bin/mailman, it seemed to shut down normally.
** Affects: mailman
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1036207
Title:
mailman.client hangs accessing moderation queue
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1036207/+subscriptions
Public bug reported:
Currently it is not possible to subscribe as anonymous user.
** Affects: postorius
Importance: Undecided
Status: New
** Tags: anonymous confirmation subscription ui
--
You received this bug notification because you are a member of Mailman
Coders, which is the registrant for Postorius.
https://bugs.launchpad.net/bugs/1006345
Title:
Anonymous subscription via confirmation email
To manage notifications about this bug go to:
https://bugs.launchpad.net/postorius/+bug/1006345/+subscriptions
Public bug reported:
Mailman users should have a profile page that is common to all the lists
in the instance. The profile should store all the user's personal
information (if any), and lists all of the posts by that user.
** Affects: mailman
Importance: Undecided
Status: New
** Tags: wishlist
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1104497
Title:
User profile pages
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1104497/+subscriptions
Public bug reported:
Messages gated to a list from usenet bypass all the checks in
Moderate.py. It is appropriate to bypass generic_nonmember_action
because many usenet posts will be from nonmembers of the list, but if
the sender is a moderated member or a nonmember matching one of the
*_these_nonmembers filters, those things should be honored.
** Affects: mailman
Importance: Medium
Assignee: Mark Sapiro (msapiro)
Status: In Progress
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1252575
Title:
The Mail<->News gateway doesn't honor moderation or *_these_nonmembers
for messages gated from usnet.
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1252575/+subscriptions
Public bug reported:
In http://www.mail-archive.com/mailman-users%40python.org/msg62889.html,
I explained the (very strong) desirability of having posts made from
Usenet to Mailman be subject to normal moderation rules instead of
automatically and unconditionally approved. (In short, to not let
Usenet spam through to the mailing lists without any checking.)
In his reply, http://www.mail-archive.com/mailman-users%40python.org/msg62890.html, Mark gave a simple one-line change
(that is working fine so far as we can tell).
When I asked, Mark told me that the change couldn't be made for mailman
2.1, since it would need to be a user option and thus have i18n impact,
so suggested that I post it here, tagged mailman3, which I hope I've
done here.
Happy hacking,
Karl
** Affects: mailman
Importance: Undecided
Status: New
** Tags: mailman3
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1197473
Title:
moderating usenet->mailman posts
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1197473/+subscriptions