Mailman 3 July 2014 - Mailman-coders

[Bug 775294] [NEW] Set lifetime for input forms
by Tokio Kikuchi 05 Sep '16

05 Sep '16

*** This bug is a security vulnerability *** Private security bug reported: We may have to set lifetime for input forms because of recent activities on cross-site request forgery (CSRF). The form lifetime is successfully deployed in frameworks like web.py or plone etc. Proposed branch lp:~tkikuchi/mailman/form-lifetime implement lifetime in admin, admindb, options and edithtml interfaces. Other forms like create and rmlist have confirmation by password thus are safe regarding CSRF. The form generation time is set by a hidden parameter whose value is calculated following the mailman cookie algorithm. The default lifetime is set 1 hour in Default.py thus configurable by a site administrator. If a password is set in request, authorization cookie is discarded so the password authentication is forced. Wget tricks to manage list in FAQ can be used as they are now. ** Affects: mailman Importance: Undecided Status: New ** Branch linked: lp:~tkikuchi/mailman/form-lifetime -- You received this bug notification because you are a member of Mailman Coders, which is a direct subscriber. https://bugs.launchpad.net/bugs/775294 Title: Set lifetime for input forms

2 5

[Bug 1104498] [NEW] Member contact requests
by Kẏra 01 Apr '16

01 Apr '16

Public bug reported: When configured to hide email addresses. a mailman user should be able to contact someone else by using a request contact form a profile page representing a user. This form would email the recipient of the request a short message explaining who is trying to get in contact, and the email address of the user requesting contact. ** Affects: mailman Importance: Undecided Status: New ** Tags: wishlist -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1104498 Title: Member contact requests To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1104498/+subscriptions

6 6

[Bug 1279980] [NEW] Some forms in list admin interfaces use absolute links in form action
by Vitor Choi Feitosa 14 Feb '16

14 Feb '16

Public bug reported: Some forms in admin interface, like the one on list member management -- https://HOSTNAME/mailman/admin/somelist/members -- , use absolute links as the form action url. POST data then gets transmitted in the clear because that absolute link points to http instead of https address. I'm running mailman 2.1.14 ** Affects: mailman Importance: Undecided Status: New -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1279980 Title: Some forms in list admin interfaces use absolute links in form action To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1279980/+subscriptions

3 9

[Bug 889829] [NEW] setup takes zope interface 3.5.1, but needs 3.8.0
by Harry Enke 31 Jul '15

31 Jul '15

Public bug reported: separate installation of zope interface 3.8.0 fixes the issue, afterwards mailman 3.0.0.8a OS: Scientific Linux 6.1, Python 2.6.6 ** Affects: mailman Importance: Undecided Status: New -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/889829 Title: setup takes zope interface 3.5.1, but needs 3.8.0 To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/889829/+subscriptions

3 7

[Bug 1196608] [NEW] Better theming
by Kẏra 08 Jun '15

08 Jun '15

Public bug reported: Using Bootstrap ** Affects: mailman Importance: Undecided Status: New -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1196608 Title: Better theming To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1196608/+subscriptions

3 4

[Bug 1104507] [NEW] Web feeds
by Kẏra 08 Jun '15

08 Jun '15

Public bug reported: Mailman should create atom/rss web feeds from lists as well as individual posts (threads) or searches. ** Affects: mailman Importance: Undecided Status: New -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1104507 Title: Web feeds To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1104507/+subscriptions

4 5

[Bug 1036207] [NEW] mailman.client hangs accessing moderation queue
by Stephen Turnbull 08 Jun '15

08 Jun '15

Public bug reported: Here's what I did as recorded in Terminal.app: steve@turnbull:~/src/Mailman3/mailman.client$ python Python 2.7.3rc2 (default, Apr 22 2012, 22:30:17) [GCC 4.6.3] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> import os >>> import time >>> import subprocess >>> from mailman.client import Client >>> c = Client('http://localhost:8001/3.0', 'restadmin', 'restpass') >>> dump(c.system) Traceback (most recent call last): File "<stdin>", line 1, in <module> NameError: name 'dump' is not defined >>> c.lists [<List "mm3-test(a)turnbull.sk.tsukuba.ac.jp">] >>> c.domains [<Domain "turnbull.sk.tsukuba.ac.jp">] >>> print c.domains[0].url_host turnbull.sk.tsukuba.ac.jp >>> print c.domains[0].mail_host turnbull.sk.tsukuba.ac.jp >>> l = c.lists[0] >>> l.fqdn_listname u'mm3-test(a)turnbull.sk.tsukuba.ac.jp' >>> c.get_list('mm3-test(a)turnbull.sk.tsukuba.ac.jp') <List "mm3-test(a)turnbull.sk.tsukuba.ac.jp"> >>> c.get_list(u'mm3-test(a)turnbull.sk.tsukuba.ac.jp') <List "mm3-test(a)turnbull.sk.tsukuba.ac.jp"> >>> c.members [<Member "turnbull(a)sk.tsukuba.ac.jp" on "mm3-test(a)turnbull.sk.tsukuba.ac.jp">] >>> print c.members[0].self_link http://localhost:8001/3.0/members/230487102891977069915270988864921324936 >>> print c.members[0].link Traceback (most recent call last): File "<stdin>", line 1, in <module> AttributeError: '_Member' object has no attribute 'link' >>> print c.users[0] <User "None" (323817100493882819169277267745120573853)> >>> print c.users [<User "None" (323817100493882819169277267745120573853)>] >>> print c.users[0].addresses <mailman.client._client._Addresses object at 0x7f6b849c7a10> >>> print c.users[0].addresses[0] Traceback (most recent call last): File "<stdin>", line 1, in <module> TypeError: '_Addresses' object does not support indexing >>> for a in print c.users[0].addresses: File "<stdin>", line 1 for a in print c.users[0].addresses: ^ SyntaxError: invalid syntax >>> for a in c.users[0].addresses: ... print a ... turnbull(a)sk.tsukuba.ac.jp >>> for a in sorted(l.settings): ... print a + ': ' + string(l.settings[a]) ... Traceback (most recent call last): File "<stdin>", line 2, in <module> NameError: name 'string' is not defined >>> for a in sorted(l.settings): ... print a + ': ' + str(l.settings[a]) ... acceptable_aliases: [] admin_immed_notify: True admin_notify_mchanges: False administrivia: True advertised: True allow_list_posts: True anonymous_list: False autorespond_owner: none autorespond_postings: none autorespond_requests: none autoresponse_grace_period: 90d autoresponse_owner_text: autoresponse_postings_text: autoresponse_request_text: bounces_address: mm3-test-bounces(a)turnbull.sk.tsukuba.ac.jp collapse_alternatives: True convert_html_to_plaintext: False created_at: 2012-08-09T03:16:21.186456 default_member_action: defer default_nonmember_action: hold description: digest_last_sent_at: None digest_size_threshold: 30.0 display_name: Mm3-test filter_content: False fqdn_listname: mm3-test(a)turnbull.sk.tsukuba.ac.jp generic_nonmember_action: 1 http_etag: "b8b4e1df6bc8d8ee33f363927022d0bcc86569bb" include_rfc2369_headers: True join_address: mm3-test-join(a)turnbull.sk.tsukuba.ac.jp last_post_at: None leave_address: mm3-test-leave(a)turnbull.sk.tsukuba.ac.jp list_name: mm3-test mail_host: turnbull.sk.tsukuba.ac.jp next_digest_number: 1 no_reply_address: noreply(a)turnbull.sk.tsukuba.ac.jp owner_address: mm3-test-owner(a)turnbull.sk.tsukuba.ac.jp post_id: 1 posting_address: mm3-test(a)turnbull.sk.tsukuba.ac.jp posting_pipeline: default-posting-pipeline reply_goes_to_list: no_munging request_address: mm3-test-request(a)turnbull.sk.tsukuba.ac.jp scheme: http send_welcome_message: True volume: 1 web_host: turnbull.sk.tsukuba.ac.jp welcome_message_uri: mailman:///welcome.txt >>> dir() ['Client', '__builtins__', '__doc__', '__name__', '__package__', 'a', 'c', 'l', 'os', 'subprocess', 'time'] >>> dir(Client) ['__class__', '__delattr__', '__dict__', '__doc__', '__format__', '__getattribute__', '__hash__', '__init__', '__module__', '__new__', '__reduce__', '__reduce_ex__', '__repr__', '__setattr__', '__sizeof__', '__str__', '__subclasshook__', '__weakref__', 'create_domain', 'delete_domain', 'delete_list', 'domains', 'get_domain', 'get_list', 'get_user', 'lists', 'members', 'preferences', 'system', 'users'] >>> dir(Client.system) ['__class__', '__delattr__', '__delete__', '__doc__', '__format__', '__get__', '__getattribute__', '__hash__', '__init__', '__new__', '__reduce__', '__reduce_ex__', '__repr__', '__set__', '__setattr__', '__sizeof__', '__str__', '__subclasshook__', 'deleter', 'fdel', 'fget', 'fset', 'getter', 'setter'] >>> dir(l) ['__class__', '__delattr__', '__dict__', '__doc__', '__format__', '__getattribute__', '__hash__', '__init__', '__module__', '__new__', '__reduce__', '__reduce_ex__', '__repr__', '__setattr__', '__sizeof__', '__str__', '__subclasshook__', '__weakref__', '_connection', '_get_info', '_info', '_url', 'accept_message', 'defer_message', 'delete', 'discard_message', 'display_name', 'fqdn_listname', 'get_member', 'held', 'list_name', 'mail_host', 'members', 'moderate_message', 'reject_message', 'settings', 'subscribe', 'unsubscribe'] >>> l._connection.__doc__ u'A connection to the REST client.' >>> l.held.__doc__ ^CTraceback (most recent call last): File "<stdin>", line 1, in <module> File "mailman/client/_client.py", line 350, in held 'lists/{0}/held'.format(self.fqdn_listname), None, 'GET') File "mailman/client/_client.py", line 114, in call response, content = Http().request(url, method, data, headers) File "/usr/lib/python2.7/dist-packages/httplib2/__init__.py", line 1543, in request (response, content) = self._request(conn, authority, uri, request_uri, method, body, headers, redirections, cachekey) File "/usr/lib/python2.7/dist-packages/httplib2/__init__.py", line 1293, in _request (response, content) = self._conn_request(conn, request_uri, method, body, headers) File "/usr/lib/python2.7/dist-packages/httplib2/__init__.py", line 1263, in _conn_request response = conn.getresponse() File "/usr/lib/python2.7/httplib.py", line 1030, in getresponse response.begin() File "/usr/lib/python2.7/httplib.py", line 407, in begin version, status, reason = self._read_status() File "/usr/lib/python2.7/httplib.py", line 365, in _read_status line = self.fp.readline() File "/usr/lib/python2.7/socket.py", line 430, in readline data = recv(1) File "/home/steve/src/Mailman3/mailman-trunk/src/mailman/email/message.py", l\ ine 226, in _enqueue virginq.enqueue(self, **str_keywords) File "/home/steve/src/Mailman3/mailman-trunk/src/mailman/core/switchboard.py"\ , line 123, in enqueue msgsave = cPickle.dumps(_msg, protocol) After the above I tried a couple of things, like printing l.held (with no further attribute). These also hung for a few seconds and I interrupted with ^C. Eventually it failed with an error about not being connected to Mailman. I thought Mailman had crashed, but when I tried shutting down Mailman using bin/mailman, it seemed to shut down normally. ** Affects: mailman Importance: Undecided Status: New -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1036207 Title: mailman.client hangs accessing moderation queue To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1036207/+subscriptions

3 4

[Bug 1006345] [NEW] Anonymous subscription via confirmation email
by Robert Niederreiter 08 Jun '15

08 Jun '15

Public bug reported: Currently it is not possible to subscribe as anonymous user. ** Affects: postorius Importance: Undecided Status: New ** Tags: anonymous confirmation subscription ui -- You received this bug notification because you are a member of Mailman Coders, which is the registrant for Postorius. https://bugs.launchpad.net/bugs/1006345 Title: Anonymous subscription via confirmation email To manage notifications about this bug go to: https://bugs.launchpad.net/postorius/+bug/1006345/+subscriptions

7 16

[Bug 1104497] [NEW] User profile pages
by Kẏra 08 Jun '15

08 Jun '15

Public bug reported: Mailman users should have a profile page that is common to all the lists in the instance. The profile should store all the user's personal information (if any), and lists all of the posts by that user. ** Affects: mailman Importance: Undecided Status: New ** Tags: wishlist -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1104497 Title: User profile pages To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1104497/+subscriptions

5 5

[Bug 1333902] [NEW] Mailman 3.0 goes awry when handling messages in an unexpected format
by NotTheEvilOne 23 May '15

23 May '15

Public bug reported: Hi, This bug report is little bit inaccurate. I had the following situation. I sent a message to Mailman 3 from mutt. I think that this message had no unixfrom header in "email.message.Message". The log file showed an exception thrown at "mailman/cure/runner.py". The exception "AttributeError: class MIMEMultipart has no attribute 'sender'" was caused because "_process_one_file()" of "runner.py" accesses "mailman.email.message.Message.sender" without any validation. The loaded, pickled file contained a "MIMEMultipart" object, the other one a "email.message.Message" as far as I can remember. I have attached a patch that ensures that "runner.py" is handling the expected Mailman "Message" instance but I think this was not the root of the problem. Hope it helps anyway. Best regards and keep up the good work on Mailman 3 ** Affects: mailman Importance: Undecided Status: New ** Tags: mailman3 ** Patch added: "Ensure runner.py handles a Mailman "Message" instance" https://bugs.launchpad.net/bugs/1333902/+attachment/4138396/+files/0003-mai… -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1333902 Title: Mailman 3.0 goes awry when handling messages in an unexpected format To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1333902/+subscriptions

2 1