Public bug reported:
Dear project leader,
When we list the lists for specific virtualhost, a wrong result can be
printed-out in the following condition:
Let's say we have somme lists hosted on bbox.nuxwin.com domain and other
lists on the lists.bbox.nuxwin.com virtualhost. Then, when running
list_lists as follow:
list_lists -b -V bbox.nuxwin.com
We get also the lists names from the lists.bbox.nuxwin.com virtualhost
which is an unexpected behavior.
This is due to the fact that you're using find() only.
Real use case:
# Expected result:
root@devuan:~# /usr/lib/mailman/bin/list_lists -b -V lists.bbox.nuxwin.com
foobar
release
# Unexpected result:
root@devuan:~# /usr/lib/mailman/bin/list_lists -b -V bbox.nuxwin.com
foobar
mailman
release
# Unexpected result:
root@devuan:~# /usr/lib/mailman/bin/list_lists -b -V nuxwin.com
foobar
mailman
release
# Unexpected result:
root@devuan:~# /usr/lib/mailman/bin/list_lists -b -V com
foobar
mailman
release
# Unexpected result:
root@devuan:~# /usr/lib/mailman/bin/list_lists -b -V m
foobar
mailman
release
Thank you.
** Affects: mailman
Importance: Undecided
Status: New
** Description changed:
Dear project leader,
When we list the lists for specific virtualhost, a wrong result can be
printed-out in the following condition:
Let's say we have somme lists hosted on bbox.nuxwin.com domain and other
lists on the lists.bbox.nuxwin.com virtualhost. Then, when running
list_lists as follow:
list_lists -b -V bbox.nuxwin.com
We get also the lists names from the lists.bbox.nuxwin.com virtualhost
which is an unexpected behavior.
This is due to the fact that you're using find() only.
Real use case:
# Expected result:
- root@devuan:/usr/lib/mailman/bin# /usr/lib/mailman/bin/list_lists -b -V lists.bbox.nuxwin.com
+ root@devuan:~# /usr/lib/mailman/bin/list_lists -b -V lists.bbox.nuxwin.com
foobar
release
# Unexpected result:
- root@devuan:/usr/lib/mailman/bin# /usr/lib/mailman/bin/list_lists -b -V bbox.nuxwin.com
+ root@devuan:~# /usr/lib/mailman/bin/list_lists -b -V bbox.nuxwin.com
foobar
mailman
release
# Unexpected result:
- root@devuan:/usr/lib/mailman/bin# /usr/lib/mailman/bin/list_lists -b -V nuxwin.com
+ root@devuan:~# /usr/lib/mailman/bin/list_lists -b -V nuxwin.com
foobar
mailman
release
# Unexpected result:
- root@devuan:/usr/lib/mailman/bin# /usr/lib/mailman/bin/list_lists -b -V com
+ root@devuan:~# /usr/lib/mailman/bin/list_lists -b -V com
foobar
mailman
release
# Unexpected result:
- root@devuan:/usr/lib/mailman/bin# /usr/lib/mailman/bin/list_lists -b -V m
+ root@devuan:~# /usr/lib/mailman/bin/list_lists -b -V m
foobar
mailman
release
Thank you.
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1695610
Title:
Test missing in lists_lists leading to wrong listing when using -V
option
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1695610/+subscriptions
Public bug reported:
Within the WebUI pages, e.g., https://temp.balug.org/cgi-
bin/mailman/admin/balug-test/members , the subscriber addresses are
shown correctly with preserved letter case, e.g., my fellow list admin
Michael Paoli's address is shown as entered, as
Michael.Paoli(a)cal.berkeley.edu . By contrast, the roster at
https://temp.balug.org/cgi-bin/mailman/roster/balug-test shows his
address with lettercase converted to lower, as "michael.paoli at
cal.berkeley.edu".
This is with a new installation of Mailman 2.1.8, and I've confirmed the
same behaviour with several prior 2.1.x installations.
Admittedly, mixed lettercase in the local parts of e-mail addresses has
no functional importance on _most_ SMTP systems, there is nothing in the
RFCs requiring case-insignificance for local parts (only for FQDNs), so
this loss of entered data could cause some users difficulties.
** Affects: mailman
Importance: Undecided
Status: New
** Tags: lettercase lowercase roster
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1707447
Title:
Roster should not lowercase addresses
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1707447/+subscriptions
Public bug reported:
Currently, when presenting the list of held (un)subscription requests,
the admindb CGI will delete all but one request from the same address.
This deletion currently deletes all but the first request. I think it
makes more sense to delete all but the last request. Also, the date of a
subscription request is not reported in the listing. I think it should
be.
** Affects: mailman
Importance: Low
Assignee: Mark Sapiro (msapiro)
Status: New
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1697097
Title:
The admindb held (un)subscriptions listing should include date and
list newest.
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1697097/+subscriptions
Public bug reported:
This is merely an annoyance in that it adds error reports to Mailman's
error log. The web response is just the "we hit a bug" page, but we may
wish to defend against these. We have seen errors like
Jun 02 15:47:45 2017 admin(31978): @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
admin(31978): [----- Mailman Version: 2.1.23 -----]
admin(31978): [----- Traceback ------]
admin(31978): Traceback (most recent call last):
admin(31978): File "/srv/mailman/scripts/driver", line 117, in run_main
admin(31978): main()
admin(31978): File "/srv/mailman/Mailman/Cgi/subscribe.py", line 109, in main
admin(31978): process_form(mlist, doc, cgidata, language)
admin(31978): File "/srv/mailman/Mailman/Cgi/subscribe.py", line 147, in process_form
admin(31978): ftime, fhash = cgidata.getvalue('sub_form_token', '').split(':')
admin(31978): AttributeError: 'list' object has no attribute 'split'
Jun 02 15:48:05 2017 admin(32270): @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
admin(32270): [----- Mailman Version: 2.1.23 -----]
admin(32270): [----- Traceback ------]
admin(32270): Traceback (most recent call last):
admin(32270): File "/srv/mailman/scripts/driver", line 117, in run_main
admin(32270): main()
admin(32270): File "/srv/mailman/Mailman/Cgi/listinfo.py", line 74, in main
admin(32270): if not Utils.IsLanguage(language):
admin(32270): File "/srv/mailman/Mailman/Utils.py", line 751, in IsLanguage
admin(32270): return mm_cfg.LC_DESCRIPTIONS.has_key(lang)
admin(32270): TypeError: unhashable type: 'list'
Jun 02 17:24:06 2017 admin(6887): @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
admin(6887): [----- Mailman Version: 2.1.23 -----]
admin(6887): [----- Traceback ------]
admin(6887): Traceback (most recent call last):
admin(6887): File "/srv/mailman/scripts/driver", line 117, in run_main
admin(6887): main()
admin(6887): File "/srv/mailman/Mailman/Cgi/admin.py", line 118, in main
admin(6887): cgidata.getvalue('adminpw', '')):
admin(6887): File "/srv/mailman/Mailman/SecurityManager.py", line 238, in WebAuthenticate
admin(6887): ac = self.Authenticate(authcontexts, response, user)
admin(6887): File "/srv/mailman/Mailman/SecurityManager.py", line 180, in Authenticate
admin(6887): sharesponse = sha_new(response).hexdigest()
admin(6887): TypeError: must be string or buffer, not list
The above all result from POST data or query fragments containing multiple values for the same parameter resultin in that parameter being passed to the CGI as a list rather than a string.
We have also seen
Jun 02 17:08:00 2017 admin(27163): @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
admin(27163): [----- Mailman Version: 2.1.23 -----]
admin(27163): [----- Traceback ------]
admin(27163): Traceback (most recent call last):
admin(27163): File "/srv/mailman/scripts/driver", line 117, in run_main
admin(27163): main()
admin(27163): File "/srv/mailman/Mailman/Cgi/options.py", line 113, in main
admin(27163): params = cgidata.keys()
admin(27163): File "/usr/lib/python2.7/cgi.py", line 582, in keys
admin(27163): raise TypeError, "not indexable"
admin(27163): TypeError: not indexable
which comes from a POST with no post data.
** Affects: mailman
Importance: Low
Assignee: Mark Sapiro (msapiro)
Status: In Progress
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1695667
Title:
Various web attacks cause CGI modules to throw uncaught exceptions
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1695667/+subscriptions
Public bug reported:
Currently, the wrappers remove several variables from the environment
they pass to the called scripts. They should instead only pass those
variables that are needed by the called scripts.
** Affects: mailman
Importance: Medium
Assignee: Mark Sapiro (msapiro)
Status: In Progress
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1705736
Title:
The SETGID wrappers should pass only needed evvironment variables.
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1705736/+subscriptions
We're having the same problem, repeatedly. We haven't found a way to
throttle these requests, but we would seriously love one (and so would
the internet at large!)
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/266860
Title:
Need to limit repeated subscribes from bot
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/266860/+subscriptions