Mailman-coders June 2020

mailman-coders@python.org

9 participants
13 discussions

[Bug 1462755] [NEW] qrunner crashes on invalid unicode sequence
by Thijs Kinkhorst 28 Feb '22

28 Feb '22

Public bug reported: When a message contains an invalud unicode sequence in its header, qrunner flat out crashes on that: May 17 15:32:20 2015 (981) Uncaught runner exception: 'utf8' codec can't decode byte 0xe9 in position 18: invalid continuation byte May 17 15:32:20 2015 (981) Traceback (most recent call last): File "/var/lib/mailman/Mailman/Queue/Runner.py", line 119, in _oneloop self._onefile(msg, msgdata) File "/var/lib/mailman/Mailman/Queue/Runner.py", line 190, in _onefile keepqueued = self._dispose(mlist, msg, msgdata) File "/var/lib/mailman/Mailman/Queue/IncomingRunner.py", line 130, in _dispose more = self._dopipeline(mlist, msg, msgdata, pipeline) File "/var/lib/mailman/Mailman/Queue/IncomingRunner.py", line 153, in _dopipeline sys.modules[modname].process(mlist, msg, msgdata) File "/var/lib/mailman/Mailman/Handlers/CookHeaders.py", line 239, in process i18ndesc = uheader(mlist, mlist.description, 'List-Id', maxlinelen=998) File "/var/lib/mailman/Mailman/Handlers/CookHeaders.py", line 65, in uheader return Header(s, charset, maxlinelen, header_name, continuation_ws) File "/usr/lib/python2.7/email/header.py", line 183, in __init__ self.append(s, charset, errors) File "/usr/lib/python2.7/email/header.py", line 267, in append ustr = unicode(s, incodec, errors) UnicodeDecodeError: 'utf8' codec can't decode byte 0xe9 in position 18: invalid continuation byte May 17 15:32:20 2015 (981) SHUNTING: 1431869540.389822+156779307d54473d0eb732994bb67eee95733285 A solution for this specific case is to have Mailman/Handlers/CookHeaders.py pass the erorrs='replace' parameter. I would say that this is actually a bug in python-email, since I think it doesn't make sense to set errors to "strict" rather than something like "replace" when the intention is to parse stuff so free-formed, under-specd and user-controlled as email. Nonetheless, Mailman already sets errors='replace' in some places so it might aswell add it here. ** Affects: mailman Importance: Undecided Status: New -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1462755 Title: qrunner crashes on invalid unicode sequence To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1462755/+subscriptions

6 12

[Bug 965532] [NEW] Need a script to upgrade from MM2 to MM3
by Barry Warsaw 13 Dec '21

13 Dec '21

Public bug reported: We need a script, documentation, or other procedure to help people migrate from Mailman 2 to Mailman 3. ** Affects: mailman Importance: Undecided Status: New ** Tags: mailman3 -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/965532 Title: Need a script to upgrade from MM2 to MM3 To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/965532/+subscriptions

8 21

[Bug 1609516] [NEW] [needs-packaging] GNU Mailman v3
by Kẏra 13 May '21

13 May '21

Public bug reported: Mailman 3 is essentially five projects: Mailman Core Postorius - The Web UI for Mailman Mailman Client - The REST API Client HyperKitty - The Archiver for Mailman Mailman Bundler - Installer for Mailman Suite including all above projects URL: https://www.gnu.org/software/mailman/ ** Affects: mailman Importance: Undecided Status: New ** Affects: ubuntu Importance: Undecided Status: New ** Affects: debian Importance: Unknown Status: Unknown ** Tags: needs-packaging ** Bug watch added: Debian Bug tracker #799292 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799292 ** Also affects: debian via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799292 Importance: Unknown Status: Unknown ** Also affects: mailman Importance: Undecided Status: New -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1609516 Title: [needs-packaging] GNU Mailman v3 To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1609516/+subscriptions

3 7

[Bug 544477] [NEW] setting localhost in postfix_lmtp breaks delivery
by Patrick Ben Koetter 26 Sep '20

26 Sep '20

Public bug reported: Setting localhost in postfix_lmtp works against Postfix defaults and breaks delivery. Reason: The Postfix lmtp client only uses dns queries by default to search for hostnames. If the DNS server does not provide an answer for "localhost" delivery from the lmtp client to mailman fails. Solution: Provide "127.0.0.1" instead of "localhost". This does not require DNS and is even faster because it saves DNS lookups. Example: hey2(a)mailman.state-of-mind.de lmtp:[localhost.localdomain]:8024 ** Affects: mailman Importance: Undecided Status: New ** Tags: 3.0 mailman -- setting localhost in postfix_lmtp breaks delivery https://bugs.launchpad.net/bugs/544477 You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman.

4 7

[Bug 1878458] [NEW] Attempting to subscribe to a list can throw a ValueError exception.
by Mark Sapiro 26 Jun '20

26 Jun '20

Public bug reported: The fix for https://bugs.launchpad.net/mailman/+bug/1859104 assumes that every entry in pending.pck is a 2-tuple, but this is wrong. The attached patch will fix this. ** Affects: mailman Importance: Medium Assignee: Mark Sapiro (msapiro) Status: In Progress ** Patch added: "Patch to fix this issue" https://bugs.launchpad.net/bugs/1878458/+attachment/5371019/+files/MailList… -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1878458 Title: Attempting to subscribe to a list can throw a ValueError exception. To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1878458/+subscriptions

4 7

[Bug 1881035] [NEW] DMARC mitigation fails if TXT record name contains uppercase
by Robert Mathews 26 Jun '20

26 Jun '20

Public bug reported: Using Mailman 2.1.33. I noticed that occasionally, DMARC mitigations for aol.com "From" addresses were not being applied. I tracked us down to the fact that DNS records can in rare cases return "AOL" in uppercase in the answer of the TXT record lookup. Here's an example where I caught it happening: $ dig _dmarc.aol.com TXT [...] ;; QUESTION SECTION: ;_dmarc.aol.com. IN TXT ;; ANSWER SECTION: _dmarc.AOL.com. 492 IN TXT "v=DMARC1; p=reject; pct=100; rua=mailto:d@rua.agari.com; ruf=mailto:d@ruf.agari.com;" Note that we requested "_dmarc.aol.com" in the question section, but got back "_dmarc.AOL.com" in the answer section. That case mismatch makes this code in Mailman/Utils.py skip the record: for name in want_names: if name not in results_by_name: continue I believe the solution is to lowercase the result after the lookup. Patch attached. ** Affects: mailman Importance: Undecided Status: New ** Tags: dmarc ** Patch added: "Lowercase DMARC TXT record label in answer section" https://bugs.launchpad.net/bugs/1881035/+attachment/5377571/+files/mailman-… -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1881035 Title: DMARC mitigation fails if TXT record name contains uppercase To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1881035/+subscriptions

3 5

[Bug 1883017] [NEW] It is possible to mailbomb a member of a list with a private roster by repeatedly posting the subscribe form.
by Mark Sapiro 26 Jun '20

26 Jun '20

Public bug reported: On a list with a private roster, an attempt to subscribe an address which is already a member results in a warning notice sent to the target address. To prevent wsing this to mailbomb a list member, there is a new WARN_MEMBER_OF_SUBSCRIBE setting that can be set to No to suppress the warning. ** Affects: mailman Importance: Low Assignee: Mark Sapiro (msapiro) Status: Fix Committed -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1883017 Title: It is possible to mailbomb a member of a list with a private roster by repeatedly posting the subscribe form. To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1883017/+subscriptions

2 3

[Bug 1884456] [NEW] When SCRUBBER_DONT_USE_ATTACHMENT_FILENAME is False, Scrubber can create names too long.
by Mark Sapiro 26 Jun '20

26 Jun '20

Public bug reported: There is a report of this at https://mail.python.org/archives/list /mailman-users(a)python.org/message/CMQGFVJ26IPKJPFHMFIW36ZEB6QMETY7/ While it is unusual, and only occurs with a non-default setting, there should be no harm in truncating the name to < 255 characters. ** Affects: mailman Importance: Low Assignee: Mark Sapiro (msapiro) Status: Fix Committed -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1884456 Title: When SCRUBBER_DONT_USE_ATTACHMENT_FILENAME is False, Scrubber can create names too long. To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1884456/+subscriptions

2 2

[Bug 1885172] [NEW] Administrator email not delivered
by Cristina Hanson 25 Jun '20

25 Jun '20

Public bug reported: We are using GNU Mailman version 2.1.18-1. This morning one of our administrators posted to our listserve as normal, but it was not received. In the archives, it is showing as delivered. We have not had any issues like this before. Suggestions on how to ensure that our emails are being posted? ** Affects: mailman Importance: Undecided Status: New -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1885172 Title: Administrator email not delivered To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1885172/+subscriptions

2 4

[Bug 1877379] [NEW] Arbitrary Content Injection via the private archive login page.
by Mark Sapiro 24 Jun '20

24 Jun '20

Public bug reported: This is essentially the same as https://bugs.launchpad.net/mailman/+bug/1873722 except the vector is the private archive login page and the attack only succeeds if the list's roster visibility (private_roster) setting is 'Anyone'. This is fixed by the attached patch. ** Affects: mailman Importance: Low Assignee: Mark Sapiro (msapiro) Status: In Progress ** Patch added: "Patch to fix this issue" https://bugs.launchpad.net/bugs/1877379/+attachment/5367829/+files/private.… -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1877379 Title: Arbitrary Content Injection via the private archive login page. To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1877379/+subscriptions

3 3

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

Mailman-coders June 2020