Mailman-coders January 2016

mailman-coders@python.org

8 participants
49 discussions

[Bug 1517446] [NEW] Please add multipart/signed to DEFAULT_PASS_MIME_TYPES
by carloslp 28 Feb '16

28 Feb '16

Public bug reported: Mailman tarballs contain a Defaults.py file with this configuration: DEFAULT_PASS_MIME_TYPES = ['multipart/mixed','multipart/alternative','text/plain'] NOTE: I don't know how this file is generated, I found it on the tarballs but not on the repository So, when someone enables filtering on a mailing list by mime-type, the default is to filter all emails not matching any of those 3 mime-types. This list of default mime types allowed misses to include "multipart/signed". Therefore, this is unfortunately filtering any "multipart/signed" emails. "multipart/signed" is defined on RFC 3156 <https://tools.ietf.org/html/rfc3156> and is the recommended way of signing mails with GPG. See http://wiki.gnupg.org/SignatureHandling The proposed change is to modify that default configuration to: DEFAULT_PASS_MIME_TYPES = ['multipart/mixed', 'multipart/alternative', 'multipart/signed', 'text/plain', ] This default causes trouble to people that signs their mails with GPG. I already had problems due to this default on the Alioth Debian mailing lists and on the WebKit mailing lists because the admin enabled filtering by mime-type and didn't changed the default. Please, change this default by adding at least 'multipart/signed' to the list of types allowed. ** Affects: mailman Importance: Undecided Status: New -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1517446 Title: Please add multipart/signed to DEFAULT_PASS_MIME_TYPES To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1517446/+subscriptions

3 5

[Bug 1279980] [NEW] Some forms in list admin interfaces use absolute links in form action
by Vitor Choi Feitosa 14 Feb '16

14 Feb '16

Public bug reported: Some forms in admin interface, like the one on list member management -- https://HOSTNAME/mailman/admin/somelist/members -- , use absolute links as the form action url. POST data then gets transmitted in the clear because that absolute link points to http instead of https address. I'm running mailman 2.1.14 ** Affects: mailman Importance: Undecided Status: New -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1279980 Title: Some forms in list admin interfaces use absolute links in form action To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1279980/+subscriptions

3 9

[Merge] lp:~rajeevs1992/mailman.client/mailmancli into lp:mailman.client
by Rajeev S 02 Feb '16

02 Feb '16

Rajeev S has proposed merging lp:~rajeevs1992/mailman.client/mailmancli into lp:mailman.client. Requested reviews: Mailman Coders (mailman-coders) For more details, see: https://code.launchpad.net/~rajeevs1992/mailman.client/mailmancli/+merge/23… GSoC project "Mailman CLI" The branch contains the Mailman CLI shell as well as the command line tools built as a part of the GSoC 2014, Under the mentors Stephen J Turnbull, Abhilash Raj and Barry Warsaw. -- https://code.launchpad.net/~rajeevs1992/mailman.client/mailmancli/+merge/23… Your team Mailman Coders is requested to review the proposed merge of lp:~rajeevs1992/mailman.client/mailmancli into lp:mailman.client.

1 3

[Bug 1491187] [NEW] mailmanctl check_privs should check effective uid, not real uid
by Mark Sapiro 02 Feb '16

02 Feb '16

Public bug reported: Situations can arise where mailmanctl is running with an effective uid of 'mailman' and a real uid of 'root'. Such a situation is if logrotate does 'su mailman mailman' to rotate mailman's logs and then invokes 'mailmanctl reopen' in a postrotate script. In this case, mailmanctl gets its real uid which is 'root' and then tries to do os.setgroups, but the effective uid is 'mailman' which doesn't have permission to set groups. ** Affects: mailman Importance: Medium Assignee: Mark Sapiro (msapiro) Status: In Progress -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1491187 Title: mailmanctl check_privs should check effective uid, not real uid To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1491187/+subscriptions

2 2

[Bug 1526550] [NEW] Posts to a list with regular_exclude_lists can be delivered to excluded list members.
by Mark Sapiro 02 Feb '16

02 Feb '16

Public bug reported: If a post is addressed to multiple lists, say list1 and list2, and list2 is in list1's regular_exclude_lists, and list1's regular_exclude_ignore is Yes, and the poster is not a member of list2 but the post will be accepted by list2 because of list2's equivalent_domains setting, the regular members of list1 and list2 will receive the post from both lists. For a more concrete example, consider a post to list1 and list2 from user(a)mac.com. user(a)mac.com is not a member of list2, but user(a)me.com is a member of list2 and list2's equivalent_domains includes "mac.com,me.com", In this case, if list2 is in list1's regular_exclude_lists, and list1's regular_exclude_ignore is Yes, regular members of both lists will receive the post from both lists and not be excluded from receiving the post from list1 ** Affects: mailman Importance: Low Assignee: Mark Sapiro (msapiro) Status: In Progress -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1526550 Title: Posts to a list with regular_exclude_lists can be delivered to excluded list members. To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1526550/+subscriptions

2 3

[Bug 1523273] [NEW] Posting to the options page for a non-member can throw an uncaught exception
by Mark Sapiro 02 Feb '16

02 Feb '16

Public bug reported: Various post data or query fragments sent to the user options CGI for a non-member can throw NotAMemberError. This can occur for example if a user's options page has been retrieved and the user is asynchronously unsubscribed and then the form is posted. ** Affects: mailman Importance: Low Assignee: Mark Sapiro (msapiro) Status: In Progress -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1523273 Title: Posting to the options page for a non-member can throw an uncaught exception To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1523273/+subscriptions

2 3

[Bug 1507241] [NEW] Bad regexps in *_these_nonmembers, subscribe_auto_approval and ban_list should be logged
by Mark Sapiro 02 Feb '16

02 Feb '16

Public bug reported: The list attributes *_these_nonmembers, subscribe_auto_approval and ban_list accept lists of email addresses and regexps (beginning with '^') matching email addresses. Currently, if the regexp is invalid, it is silently ignored. The GUI does not accept invalid regexp entries, but there are other ways they could be introduced. An invalid regexp should at least be logged. ** Affects: mailman Importance: Low Assignee: Mark Sapiro (msapiro) Status: In Progress -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1507241 Title: Bad regexps in *_these_nonmembers, subscribe_auto_approval and ban_list should be logged To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1507241/+subscriptions

2 3

[Bug 1505878] [NEW] Mailman can cause extraneous tabs to be displayed in Subject: headers
by Mark Sapiro 02 Feb '16

02 Feb '16

Public bug reported: The genesis of this problem is that the header folding and unfolding algorithms specified in RFC822 could introduce extraneous white space in headers which have been folded and unfolded. RFC822 says when folding, "a CRLF immediately followed by AT LEAST one LWSP-char" may be inserted where linear-white-space is allowed, and unfolding "is accomplished by regarding CRLF immediately followed by a LWSP-char as equivalent to the LWSP-char." Thus, one can insert "AT LEAST one LWSP-char" when folding but not remove any when unfolding. The later RFCs 2822 and 5322 clarify the situation by specifying folding as inserting CRLF preceding existing white-space and unfolding as removing any CRLF which is immediately followed by white-space. Various MUAs and supporting libraries including the Python 2 email library used by Mailman still follow the RFC822 method of folding and can fold by inserting CRLF followed by TAB and the TAB then doesn't get removed in unfolding. There is actually control in the Python email library to use TAB or SPACE, and Mailman attempts to determine what character has been used and uses that, but in the case where a Subject: header is not folded but becomes long enough to be folded because of the insertion of a subject_prefix for example, Mailman defaults to a TAB which doesn't get removed in unfolding. The situation will never be perfect as long as there are MUAs that fold per RFC822 and MUAs that attempt to compensate by removing some white- space following CRLF, but it will be improved somewhat by defaulting to folding with SPACE rather than TAB. ** Affects: mailman Importance: Low Assignee: Mark Sapiro (msapiro) Status: In Progress -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1505878 Title: Mailman can cause extraneous tabs to be displayed in Subject: headers To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1505878/+subscriptions

2 3

[Bug 1503422] [NEW] Mailman's provided init.d script may not work with systemctl.
by Mark Sapiro 02 Feb '16

02 Feb '16

Public bug reported: The provided misc/mailman.in script contains the line # pidfile: @prefix@/data/master-qrunner.pid While this is a comment, it may be used by chkconfig, etc. and it's wrong. It should be # pidfile: @VAR_PREFIX@/data/master-qrunner.pid ** Affects: mailman Importance: Low Assignee: Mark Sapiro (msapiro) Status: Fix Committed -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1503422 Title: Mailman's provided init.d script may not work with systemctl. To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1503422/+subscriptions

2 3

[Bug 1496632] [NEW] visiting the user options page with crafted post data or query fragments can produce "we hit a bug"
by Mark Sapiro 02 Feb '16

02 Feb '16

Public bug reported: If one visits the user options page with a hand crafted query fragment or post data containing for example language=en&email=&email=test&password=&login-remind=Remind the fact that the options CGI sees 'email' as a list rather than a string throws an exception in Utils.websafe(). We will defend against this by testing in Utils.websafe() for a sequence argument and if so, returning only websafe of the first element. ** Affects: mailman Importance: Low Assignee: Mark Sapiro (msapiro) Status: New -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1496632 Title: visiting the user options page with crafted post data or query fragments can produce "we hit a bug" To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1496632/+subscriptions

2 3

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

Mailman-coders January 2016