Mailman 3 August 2017 - Mailman-coders

[Bug 1251495] [NEW] Lists with topics enabled can throw unexpected keyword argument 'Delete' exception.
by Mark Sapiro Nov. 29, 2017

Nov. 29, 2017

Public bug reported: Code added to Tagger.py in 2.1.16 to support the from_is_list Wrap Message option contained a misspelling. ** Affects: mailman Importance: High Assignee: Mark Sapiro (msapiro) Status: In Progress -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1251495 Title: Lists with topics enabled can throw unexpected keyword argument 'Delete' exception. To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1251495/+subscriptions

5 16

[Bug 1695610] [NEW] Test missing in lists_lists leading to wrong listing when using -V option
by Laurent Declercq Oct. 27, 2017

Oct. 27, 2017

Public bug reported: Dear project leader, When we list the lists for specific virtualhost, a wrong result can be printed-out in the following condition: Let's say we have somme lists hosted on bbox.nuxwin.com domain and other lists on the lists.bbox.nuxwin.com virtualhost. Then, when running list_lists as follow: list_lists -b -V bbox.nuxwin.com We get also the lists names from the lists.bbox.nuxwin.com virtualhost which is an unexpected behavior. This is due to the fact that you're using find() only. Real use case: # Expected result: root@devuan:~# /usr/lib/mailman/bin/list_lists -b -V lists.bbox.nuxwin.com foobar release # Unexpected result: root@devuan:~# /usr/lib/mailman/bin/list_lists -b -V bbox.nuxwin.com foobar mailman release # Unexpected result: root@devuan:~# /usr/lib/mailman/bin/list_lists -b -V nuxwin.com foobar mailman release # Unexpected result: root@devuan:~# /usr/lib/mailman/bin/list_lists -b -V com foobar mailman release # Unexpected result: root@devuan:~# /usr/lib/mailman/bin/list_lists -b -V m foobar mailman release Thank you. ** Affects: mailman Importance: Undecided Status: New ** Description changed: Dear project leader, When we list the lists for specific virtualhost, a wrong result can be printed-out in the following condition: Let's say we have somme lists hosted on bbox.nuxwin.com domain and other lists on the lists.bbox.nuxwin.com virtualhost. Then, when running list_lists as follow: list_lists -b -V bbox.nuxwin.com We get also the lists names from the lists.bbox.nuxwin.com virtualhost which is an unexpected behavior. This is due to the fact that you're using find() only. Real use case: # Expected result: - root@devuan:/usr/lib/mailman/bin# /usr/lib/mailman/bin/list_lists -b -V lists.bbox.nuxwin.com + root@devuan:~# /usr/lib/mailman/bin/list_lists -b -V lists.bbox.nuxwin.com foobar release # Unexpected result: - root@devuan:/usr/lib/mailman/bin# /usr/lib/mailman/bin/list_lists -b -V bbox.nuxwin.com + root@devuan:~# /usr/lib/mailman/bin/list_lists -b -V bbox.nuxwin.com foobar mailman release # Unexpected result: - root@devuan:/usr/lib/mailman/bin# /usr/lib/mailman/bin/list_lists -b -V nuxwin.com + root@devuan:~# /usr/lib/mailman/bin/list_lists -b -V nuxwin.com foobar mailman release # Unexpected result: - root@devuan:/usr/lib/mailman/bin# /usr/lib/mailman/bin/list_lists -b -V com + root@devuan:~# /usr/lib/mailman/bin/list_lists -b -V com foobar mailman release # Unexpected result: - root@devuan:/usr/lib/mailman/bin# /usr/lib/mailman/bin/list_lists -b -V m + root@devuan:~# /usr/lib/mailman/bin/list_lists -b -V m foobar mailman release Thank you. -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1695610 Title: Test missing in lists_lists leading to wrong listing when using -V option To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1695610/+subscriptions

4 5

[Bug 1707447] [NEW] Roster should not lowercase addresses
by Rick Moen Oct. 26, 2017

Oct. 26, 2017

Public bug reported: Within the WebUI pages, e.g., https://temp.balug.org/cgi- bin/mailman/admin/balug-test/members , the subscriber addresses are shown correctly with preserved letter case, e.g., my fellow list admin Michael Paoli's address is shown as entered, as Michael.Paoli(a)cal.berkeley.edu . By contrast, the roster at https://temp.balug.org/cgi-bin/mailman/roster/balug-test shows his address with lettercase converted to lower, as "michael.paoli at cal.berkeley.edu". This is with a new installation of Mailman 2.1.8, and I've confirmed the same behaviour with several prior 2.1.x installations. Admittedly, mixed lettercase in the local parts of e-mail addresses has no functional importance on _most_ SMTP systems, there is nothing in the RFCs requiring case-insignificance for local parts (only for FQDNs), so this loss of entered data could cause some users difficulties. ** Affects: mailman Importance: Undecided Status: New ** Tags: lettercase lowercase roster -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1707447 Title: Roster should not lowercase addresses To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1707447/+subscriptions

3 3

[Bug 1697097] [NEW] The admindb held (un)subscriptions listing should include date and list newest.
by Mark Sapiro Oct. 26, 2017

Oct. 26, 2017

Public bug reported: Currently, when presenting the list of held (un)subscription requests, the admindb CGI will delete all but one request from the same address. This deletion currently deletes all but the first request. I think it makes more sense to delete all but the last request. Also, the date of a subscription request is not reported in the listing. I think it should be. ** Affects: mailman Importance: Low Assignee: Mark Sapiro (msapiro) Status: New -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1697097 Title: The admindb held (un)subscriptions listing should include date and list newest. To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1697097/+subscriptions

2 4

[Bug 1695667] [NEW] Various web attacks cause CGI modules to throw uncaught exceptions
by Mark Sapiro Oct. 26, 2017

Oct. 26, 2017

Public bug reported: This is merely an annoyance in that it adds error reports to Mailman's error log. The web response is just the "we hit a bug" page, but we may wish to defend against these. We have seen errors like Jun 02 15:47:45 2017 admin(31978): @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ admin(31978): [----- Mailman Version: 2.1.23 -----] admin(31978): [----- Traceback ------] admin(31978): Traceback (most recent call last): admin(31978): File "/srv/mailman/scripts/driver", line 117, in run_main admin(31978): main() admin(31978): File "/srv/mailman/Mailman/Cgi/subscribe.py", line 109, in main admin(31978): process_form(mlist, doc, cgidata, language) admin(31978): File "/srv/mailman/Mailman/Cgi/subscribe.py", line 147, in process_form admin(31978): ftime, fhash = cgidata.getvalue('sub_form_token', '').split(':') admin(31978): AttributeError: 'list' object has no attribute 'split' Jun 02 15:48:05 2017 admin(32270): @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ admin(32270): [----- Mailman Version: 2.1.23 -----] admin(32270): [----- Traceback ------] admin(32270): Traceback (most recent call last): admin(32270): File "/srv/mailman/scripts/driver", line 117, in run_main admin(32270): main() admin(32270): File "/srv/mailman/Mailman/Cgi/listinfo.py", line 74, in main admin(32270): if not Utils.IsLanguage(language): admin(32270): File "/srv/mailman/Mailman/Utils.py", line 751, in IsLanguage admin(32270): return mm_cfg.LC_DESCRIPTIONS.has_key(lang) admin(32270): TypeError: unhashable type: 'list' Jun 02 17:24:06 2017 admin(6887): @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ admin(6887): [----- Mailman Version: 2.1.23 -----] admin(6887): [----- Traceback ------] admin(6887): Traceback (most recent call last): admin(6887): File "/srv/mailman/scripts/driver", line 117, in run_main admin(6887): main() admin(6887): File "/srv/mailman/Mailman/Cgi/admin.py", line 118, in main admin(6887): cgidata.getvalue('adminpw', '')): admin(6887): File "/srv/mailman/Mailman/SecurityManager.py", line 238, in WebAuthenticate admin(6887): ac = self.Authenticate(authcontexts, response, user) admin(6887): File "/srv/mailman/Mailman/SecurityManager.py", line 180, in Authenticate admin(6887): sharesponse = sha_new(response).hexdigest() admin(6887): TypeError: must be string or buffer, not list The above all result from POST data or query fragments containing multiple values for the same parameter resultin in that parameter being passed to the CGI as a list rather than a string. We have also seen Jun 02 17:08:00 2017 admin(27163): @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ admin(27163): [----- Mailman Version: 2.1.23 -----] admin(27163): [----- Traceback ------] admin(27163): Traceback (most recent call last): admin(27163): File "/srv/mailman/scripts/driver", line 117, in run_main admin(27163): main() admin(27163): File "/srv/mailman/Mailman/Cgi/options.py", line 113, in main admin(27163): params = cgidata.keys() admin(27163): File "/usr/lib/python2.7/cgi.py", line 582, in keys admin(27163): raise TypeError, "not indexable" admin(27163): TypeError: not indexable which comes from a POST with no post data. ** Affects: mailman Importance: Low Assignee: Mark Sapiro (msapiro) Status: In Progress -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1695667 Title: Various web attacks cause CGI modules to throw uncaught exceptions To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1695667/+subscriptions

2 4

[Bug 1602608] [NEW] mailman crash for subscription in webinterface
by Sebastian Wagner Oct. 26, 2017

Oct. 26, 2017

Public bug reported: A Traceback from mailman's logs for a subscription. The bug can be triggered with the following post-data: language='' Jul 11 20:29:34 2016 admin(29209): @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ admin(29209): [----- Mailman Version: 2.1.16 -----] admin(29209): [----- Traceback ------] admin(29209): Traceback (most recent call last): admin(29209): File "/var/lib/mailman/scripts/driver", line 117, in run_main admin(29209): main() admin(29209): File "/var/lib/mailman/Mailman/Cgi/subscribe.py", line 73, in main admin(29209): language = cgidata.getvalue('language') admin(29209): File "/usr/lib/python2.7/cgi.py", line 548, in getvalue admin(29209): if key in self: admin(29209): File "/usr/lib/python2.7/cgi.py", line 594, in __contains__ admin(29209): raise TypeError, "not indexable" admin(29209): TypeError: not indexable admin(29209): [----- Python Information -----] admin(29209): sys.version = 2.7.6 (default, Jun 22 2015, 17:58:13) [GCC 4.8.2] admin(29209): sys.executable = /usr/bin/python admin(29209): sys.prefix = /usr admin(29209): sys.exec_prefix = /usr admin(29209): sys.path = ['/var/lib/mailman/pythonlib', '/var/lib/mailman', '/usr/lib/mailman/scripts', '/var/lib/mailman', '/usr/lib/python2.7/', '/usr/lib/python2.7/plat-x86_64-linux-gnu', '/usr/lib/python2.7/lib-tk', '/usr/lib/python2.7/lib-old', '/usr/lib/python2.7/lib-dynload', '/usr/lib/python2.7/site-packages'] admin(29209): sys.platform = linux2 admin(29209): [----- Environment Variables -----] admin(29209): SSL_VERSION_INTERFACE: mod_ssl/2.4.7 admin(29209): HTTP_REFERER: https://mail.example.com/cgi-bin/mailman/subscribe/news admin(29209): SSL_CIPHER_EXPORT: false admin(29209): CONTEXT_DOCUMENT_ROOT: /usr/lib/cgi-bin/ admin(29209): SERVER_SOFTWARE: Apache admin(29209): CONTEXT_PREFIX: /cgi-bin/ admin(29209): SSL_SERVER_A_KEY: rsaEncryption admin(29209): QUERY_STRING: admin(29209): SERVER_SIGNATURE: admin(29209): REQUEST_METHOD: POST admin(29209): PATH_INFO: /news admin(29209): SERVER_PROTOCOL: HTTP/1.1 admin(29209): SSL_SERVER_S_DN: CN=mail.example.com admin(29209): SSL_CIPHER: ECDHE-RSA-AES128-GCM-SHA256 admin(29209): SSL_SERVER_V_START: Apr 17 16:42:00 2016 GMT admin(29209): SSL_TLS_SNI: mail.example.com admin(29209): CONTENT_LENGTH: 106 admin(29209): SSL_CLIENT_VERIFY: NONE admin(29209): HTTP_USER_AGENT: Mozilla/5.0 (X11; Linux x86_64; rv:47.0) Gecko/20100101 Firefox/47.0 admin(29209): HTTP_CONNECTION: keep-alive admin(29209): HTTP_COOKIE: PHPSESSID=... admin(29209): SERVER_NAME: mail.example.com admin(29209): REMOTE_ADDR: 192.0.2.1 admin(29209): SSL_CIPHER_ALGKEYSIZE: 128 admin(29209): SSL_SECURE_RENEG: true admin(29209): PATH_TRANSLATED: /srv/web/mail/news admin(29209): SSL_SERVER_I_DN_C: US admin(29209): SSL_COMPRESS_METHOD: NULL admin(29209): SSL_SERVER_M_VERSION: 3 admin(29209): SSL_SERVER_I_DN_O: Let's Encrypt admin(29209): SERVER_ADDR: 192.0.2.2 admin(29209): DOCUMENT_ROOT: /srv/web/mail admin(29209): SERVER_PORT: 443 admin(29209): SSL_VERSION_LIBRARY: OpenSSL/1.0.1f admin(29209): PYTHONPATH: /var/lib/mailman admin(29209): SCRIPT_FILENAME: /usr/lib/cgi-bin/mailman/subscribe admin(29209): SERVER_ADMIN: webmaster(a)example.com admin(29209): SSL_SESSION_RESUMED: Initial admin(29209): SSL_SERVER_M_SERIAL: ... admin(29209): SSL_SERVER_A_SIG: sha256WithRSAEncryption admin(29209): HTTP_DNT: 1 admin(29209): HTTP_HOST: mail.example.com admin(29209): SCRIPT_NAME: /cgi-bin/mailman/subscribe admin(29209): HTTPS: on admin(29209): HTTP_CACHE_CONTROL: max-age=0 admin(29209): REQUEST_URI: /cgi-bin/mailman/subscribe/news admin(29209): HTTP_ACCEPT: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 admin(29209): SSL_SERVER_S_DN_CN: mail.example.com admin(29209): GATEWAY_INTERFACE: CGI/1.1 admin(29209): SSL_SERVER_I_DN_CN: Let's Encrypt Authority X3 admin(29209): REMOTE_PORT: 40456 admin(29209): HTTP_ACCEPT_LANGUAGE: en-US,en;q=0.5 admin(29209): REQUEST_SCHEME: https admin(29209): SSL_SERVER_V_END: Jul 16 16:42:00 2016 GMT admin(29209): CONTENT_TYPE: text/plain;charset=UTF-8 admin(29209): SSL_PROTOCOL: TLSv1.2 admin(29209): SSL_CIPHER_USEKEYSIZE: 128 admin(29209): HTTP_ACCEPT_ENCODING: gzip, deflate, br admin(29209): SSL_SERVER_I_DN: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US ** Affects: mailman (Ubuntu) Importance: Undecided Status: New ** Project changed: mailman => mailman (Ubuntu) -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1602608 Title: mailman crash for subscription in webinterface To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mailman/+bug/1602608/+subscriptio…

3 8

[Bug 1708016] [NEW] Russian translation grammar fixes
by Sergey Matveev Oct. 26, 2017

Oct. 26, 2017

Public bug reported: Here is patch for 2.1.24 tarball for ru/LC_MESSAGES/mailman.po, containing various grammar and typo fixes. ** Affects: mailman Importance: Undecided Status: New ** Patch added: "mailman-2.1.24-ru-fixed.patch" https://bugs.launchpad.net/bugs/1708016/+attachment/4925492/+files/mailman-… -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1708016 Title: Russian translation grammar fixes To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1708016/+subscriptions

3 3

[Bug 1705736] [NEW] The SETGID wrappers should pass only needed evvironment variables.
by Mark Sapiro Oct. 26, 2017

Oct. 26, 2017

Public bug reported: Currently, the wrappers remove several variables from the environment they pass to the called scripts. They should instead only pass those variables that are needed by the called scripts. ** Affects: mailman Importance: Medium Assignee: Mark Sapiro (msapiro) Status: In Progress -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1705736 Title: The SETGID wrappers should pass only needed evvironment variables. To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1705736/+subscriptions

2 3

[Bug 266860] Re: Need to limit repeated subscribes from bot
by Jonas Öberg Aug. 14, 2017

Aug. 14, 2017

We're having the same problem, repeatedly. We haven't found a way to throttle these requests, but we would seriously love one (and so would the internet at large!) -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/266860 Title: Need to limit repeated subscribes from bot To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/266860/+subscriptions

1 0