Mailman-coders August 2017

mailman-coders@python.org

3 participants
17 discussions

[Bug 1707447] [NEW] Roster should not lowercase addresses

by Rick Moen

Public bug reported: Within the WebUI pages, e.g., https://temp.balug.org/cgi- bin/mailman/admin/balug-test/members , the subscriber addresses are shown correctly with preserved letter case, e.g., my fellow list admin Michael Paoli's address is shown as entered, as Michael.Paoli(a)cal.berkeley.edu . By contrast, the roster at https://temp.balug.org/cgi-bin/mailman/roster/balug-test shows his address with lettercase converted to lower, as "michael.paoli at cal.berkeley.edu". This is with a new installation of Mailman 2.1.8, and I've confirmed the same behaviour with several prior 2.1.x installations. Admittedly, mixed lettercase in the local parts of e-mail addresses has no functional importance on _most_ SMTP systems, there is nothing in the RFCs requiring case-insignificance for local parts (only for FQDNs), so this loss of entered data could cause some users difficulties. ** Affects: mailman Importance: Undecided Status: New ** Tags: lettercase lowercase roster -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1707447 Title: Roster should not lowercase addresses To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1707447/+subscriptions

3 years, 10 months

[Bug 1697097] [NEW] The admindb held (un)subscriptions listing should include date and list newest.

by Mark Sapiro

Public bug reported: Currently, when presenting the list of held (un)subscription requests, the admindb CGI will delete all but one request from the same address. This deletion currently deletes all but the first request. I think it makes more sense to delete all but the last request. Also, the date of a subscription request is not reported in the listing. I think it should be. ** Affects: mailman Importance: Low Assignee: Mark Sapiro (msapiro) Status: New -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1697097 Title: The admindb held (un)subscriptions listing should include date and list newest. To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1697097/+subscriptions

3 years, 10 months

[Bug 1695667] [NEW] Various web attacks cause CGI modules to throw uncaught exceptions

by Mark Sapiro

Public bug reported: This is merely an annoyance in that it adds error reports to Mailman's error log. The web response is just the "we hit a bug" page, but we may wish to defend against these. We have seen errors like Jun 02 15:47:45 2017 admin(31978): @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ admin(31978): [----- Mailman Version: 2.1.23 -----] admin(31978): [----- Traceback ------] admin(31978): Traceback (most recent call last): admin(31978): File "/srv/mailman/scripts/driver", line 117, in run_main admin(31978): main() admin(31978): File "/srv/mailman/Mailman/Cgi/subscribe.py", line 109, in main admin(31978): process_form(mlist, doc, cgidata, language) admin(31978): File "/srv/mailman/Mailman/Cgi/subscribe.py", line 147, in process_form admin(31978): ftime, fhash = cgidata.getvalue('sub_form_token', '').split(':') admin(31978): AttributeError: 'list' object has no attribute 'split' Jun 02 15:48:05 2017 admin(32270): @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ admin(32270): [----- Mailman Version: 2.1.23 -----] admin(32270): [----- Traceback ------] admin(32270): Traceback (most recent call last): admin(32270): File "/srv/mailman/scripts/driver", line 117, in run_main admin(32270): main() admin(32270): File "/srv/mailman/Mailman/Cgi/listinfo.py", line 74, in main admin(32270): if not Utils.IsLanguage(language): admin(32270): File "/srv/mailman/Mailman/Utils.py", line 751, in IsLanguage admin(32270): return mm_cfg.LC_DESCRIPTIONS.has_key(lang) admin(32270): TypeError: unhashable type: 'list' Jun 02 17:24:06 2017 admin(6887): @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ admin(6887): [----- Mailman Version: 2.1.23 -----] admin(6887): [----- Traceback ------] admin(6887): Traceback (most recent call last): admin(6887): File "/srv/mailman/scripts/driver", line 117, in run_main admin(6887): main() admin(6887): File "/srv/mailman/Mailman/Cgi/admin.py", line 118, in main admin(6887): cgidata.getvalue('adminpw', '')): admin(6887): File "/srv/mailman/Mailman/SecurityManager.py", line 238, in WebAuthenticate admin(6887): ac = self.Authenticate(authcontexts, response, user) admin(6887): File "/srv/mailman/Mailman/SecurityManager.py", line 180, in Authenticate admin(6887): sharesponse = sha_new(response).hexdigest() admin(6887): TypeError: must be string or buffer, not list The above all result from POST data or query fragments containing multiple values for the same parameter resultin in that parameter being passed to the CGI as a list rather than a string. We have also seen Jun 02 17:08:00 2017 admin(27163): @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ admin(27163): [----- Mailman Version: 2.1.23 -----] admin(27163): [----- Traceback ------] admin(27163): Traceback (most recent call last): admin(27163): File "/srv/mailman/scripts/driver", line 117, in run_main admin(27163): main() admin(27163): File "/srv/mailman/Mailman/Cgi/options.py", line 113, in main admin(27163): params = cgidata.keys() admin(27163): File "/usr/lib/python2.7/cgi.py", line 582, in keys admin(27163): raise TypeError, "not indexable" admin(27163): TypeError: not indexable which comes from a POST with no post data. ** Affects: mailman Importance: Low Assignee: Mark Sapiro (msapiro) Status: In Progress -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1695667 Title: Various web attacks cause CGI modules to throw uncaught exceptions To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1695667/+subscriptions

3 years, 10 months

[Bug 1602608] [NEW] mailman crash for subscription in webinterface

by Sebastian Wagner

Public bug reported: A Traceback from mailman's logs for a subscription. The bug can be triggered with the following post-data: language='' Jul 11 20:29:34 2016 admin(29209): @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ admin(29209): [----- Mailman Version: 2.1.16 -----] admin(29209): [----- Traceback ------] admin(29209): Traceback (most recent call last): admin(29209): File "/var/lib/mailman/scripts/driver", line 117, in run_main admin(29209): main() admin(29209): File "/var/lib/mailman/Mailman/Cgi/subscribe.py", line 73, in main admin(29209): language = cgidata.getvalue('language') admin(29209): File "/usr/lib/python2.7/cgi.py", line 548, in getvalue admin(29209): if key in self: admin(29209): File "/usr/lib/python2.7/cgi.py", line 594, in __contains__ admin(29209): raise TypeError, "not indexable" admin(29209): TypeError: not indexable admin(29209): [----- Python Information -----] admin(29209): sys.version = 2.7.6 (default, Jun 22 2015, 17:58:13) [GCC 4.8.2] admin(29209): sys.executable = /usr/bin/python admin(29209): sys.prefix = /usr admin(29209): sys.exec_prefix = /usr admin(29209): sys.path = ['/var/lib/mailman/pythonlib', '/var/lib/mailman', '/usr/lib/mailman/scripts', '/var/lib/mailman', '/usr/lib/python2.7/', '/usr/lib/python2.7/plat-x86_64-linux-gnu', '/usr/lib/python2.7/lib-tk', '/usr/lib/python2.7/lib-old', '/usr/lib/python2.7/lib-dynload', '/usr/lib/python2.7/site-packages'] admin(29209): sys.platform = linux2 admin(29209): [----- Environment Variables -----] admin(29209): SSL_VERSION_INTERFACE: mod_ssl/2.4.7 admin(29209): HTTP_REFERER: https://mail.example.com/cgi-bin/mailman/subscribe/news admin(29209): SSL_CIPHER_EXPORT: false admin(29209): CONTEXT_DOCUMENT_ROOT: /usr/lib/cgi-bin/ admin(29209): SERVER_SOFTWARE: Apache admin(29209): CONTEXT_PREFIX: /cgi-bin/ admin(29209): SSL_SERVER_A_KEY: rsaEncryption admin(29209): QUERY_STRING: admin(29209): SERVER_SIGNATURE: admin(29209): REQUEST_METHOD: POST admin(29209): PATH_INFO: /news admin(29209): SERVER_PROTOCOL: HTTP/1.1 admin(29209): SSL_SERVER_S_DN: CN=mail.example.com admin(29209): SSL_CIPHER: ECDHE-RSA-AES128-GCM-SHA256 admin(29209): SSL_SERVER_V_START: Apr 17 16:42:00 2016 GMT admin(29209): SSL_TLS_SNI: mail.example.com admin(29209): CONTENT_LENGTH: 106 admin(29209): SSL_CLIENT_VERIFY: NONE admin(29209): HTTP_USER_AGENT: Mozilla/5.0 (X11; Linux x86_64; rv:47.0) Gecko/20100101 Firefox/47.0 admin(29209): HTTP_CONNECTION: keep-alive admin(29209): HTTP_COOKIE: PHPSESSID=... admin(29209): SERVER_NAME: mail.example.com admin(29209): REMOTE_ADDR: 192.0.2.1 admin(29209): SSL_CIPHER_ALGKEYSIZE: 128 admin(29209): SSL_SECURE_RENEG: true admin(29209): PATH_TRANSLATED: /srv/web/mail/news admin(29209): SSL_SERVER_I_DN_C: US admin(29209): SSL_COMPRESS_METHOD: NULL admin(29209): SSL_SERVER_M_VERSION: 3 admin(29209): SSL_SERVER_I_DN_O: Let's Encrypt admin(29209): SERVER_ADDR: 192.0.2.2 admin(29209): DOCUMENT_ROOT: /srv/web/mail admin(29209): SERVER_PORT: 443 admin(29209): SSL_VERSION_LIBRARY: OpenSSL/1.0.1f admin(29209): PYTHONPATH: /var/lib/mailman admin(29209): SCRIPT_FILENAME: /usr/lib/cgi-bin/mailman/subscribe admin(29209): SERVER_ADMIN: webmaster(a)example.com admin(29209): SSL_SESSION_RESUMED: Initial admin(29209): SSL_SERVER_M_SERIAL: ... admin(29209): SSL_SERVER_A_SIG: sha256WithRSAEncryption admin(29209): HTTP_DNT: 1 admin(29209): HTTP_HOST: mail.example.com admin(29209): SCRIPT_NAME: /cgi-bin/mailman/subscribe admin(29209): HTTPS: on admin(29209): HTTP_CACHE_CONTROL: max-age=0 admin(29209): REQUEST_URI: /cgi-bin/mailman/subscribe/news admin(29209): HTTP_ACCEPT: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 admin(29209): SSL_SERVER_S_DN_CN: mail.example.com admin(29209): GATEWAY_INTERFACE: CGI/1.1 admin(29209): SSL_SERVER_I_DN_CN: Let's Encrypt Authority X3 admin(29209): REMOTE_PORT: 40456 admin(29209): HTTP_ACCEPT_LANGUAGE: en-US,en;q=0.5 admin(29209): REQUEST_SCHEME: https admin(29209): SSL_SERVER_V_END: Jul 16 16:42:00 2016 GMT admin(29209): CONTENT_TYPE: text/plain;charset=UTF-8 admin(29209): SSL_PROTOCOL: TLSv1.2 admin(29209): SSL_CIPHER_USEKEYSIZE: 128 admin(29209): HTTP_ACCEPT_ENCODING: gzip, deflate, br admin(29209): SSL_SERVER_I_DN: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US ** Affects: mailman (Ubuntu) Importance: Undecided Status: New ** Project changed: mailman => mailman (Ubuntu) -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1602608 Title: mailman crash for subscription in webinterface To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mailman/+bug/1602608/+subscriptio…

3 years, 10 months

[Bug 1708016] [NEW] Russian translation grammar fixes

by Sergey Matveev

Public bug reported: Here is patch for 2.1.24 tarball for ru/LC_MESSAGES/mailman.po, containing various grammar and typo fixes. ** Affects: mailman Importance: Undecided Status: New ** Patch added: "mailman-2.1.24-ru-fixed.patch" https://bugs.launchpad.net/bugs/1708016/+attachment/4925492/+files/mailman-… -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1708016 Title: Russian translation grammar fixes To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1708016/+subscriptions

3 years, 10 months

[Bug 1705736] [NEW] The SETGID wrappers should pass only needed evvironment variables.

by Mark Sapiro

Public bug reported: Currently, the wrappers remove several variables from the environment they pass to the called scripts. They should instead only pass those variables that are needed by the called scripts. ** Affects: mailman Importance: Medium Assignee: Mark Sapiro (msapiro) Status: In Progress -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1705736 Title: The SETGID wrappers should pass only needed evvironment variables. To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1705736/+subscriptions

3 years, 10 months

[Bug 266860] Re: Need to limit repeated subscribes from bot

by Jonas Öberg

We're having the same problem, repeatedly. We haven't found a way to throttle these requests, but we would seriously love one (and so would the internet at large!) -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/266860 Title: Need to limit repeated subscribes from bot To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/266860/+subscriptions

4 years, 1 month

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

Mailman-coders August 2017