Mailman 3 January 2021 - Mailman-coders

[ mailman-Patches-657951 ] Generate RSS summary in archives
by SourceForge.net 19 Aug '22

19 Aug '22

Patches item #657951, was opened at 2002-12-23 14:17 Message generated for change (Comment added) made by bwarsaw You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=300103&aid=657951&group_i… Category: Pipermail Group: Mailman 2.2 / 3.0 Status: Open Resolution: None Priority: 7 Submitted By: A.M. Kuchling (akuchling) Assigned to: Nobody/Anonymous (nobody) Summary: Generate RSS summary in archives Initial Comment: Here's a first-draft patch. Things that need fixing: * The generated RSS feed needs to be validated. (It passed the W3C's RDF validator, but RSS validators still need to be checked.) * The date should be given in YYYY-MM-DD format, which requires parsing the .fromdate attribute. * How do I get the URL for an archived message? The generated RSS currently just uses the filename, which is wrong. How do I get at the PUBLIC_ARCHIVE_URL setting? * Getting the most recent N postings is inefficient; the code loops through all of the archived messages and takes the last N of them. We could add .last() and .prev() methods to the Database class, but that's more ambitious for 2.1beta than I like. (Would be nice to get this into 2.1final...) * The list index page should have a LINK element pointing to the RSS file. Please make any comments you have, and I'll rework the patch accordingly. ---------------------------------------------------------------------- >Comment By: Barry A. Warsaw (bwarsaw) Date: 2003-04-18 18:43 Message: Logged In: YES user_id=12800 Andrew, to get the url for the archived message use mlist.GetBaseArchiveURL(), which knows about private vs. public archives, the host name and the list name. From there you should be able to tack on just the part of the path under "archives/private/listname". See Mailman/Handlers/Scrubber.py for an example. Only other minor comment: NUM_ARTICLES can probably go in Defaults.py.in ---------------------------------------------------------------------- Comment By: Justin Mason (jmason) Date: 2003-03-26 16:49 Message: Logged In: YES user_id=935 big thumbs up from me too. Much better solution than http://taint.org/mmrss/ ;) ---------------------------------------------------------------------- Comment By: Uche Ogbuji (uche) Date: 2003-03-17 20:09 Message: Logged In: YES user_id=38966 I'd like to add my vote to this item. This is a fantastic idea, Andrew. Thanks. --Uche ---------------------------------------------------------------------- Comment By: A.M. Kuchling (akuchling) Date: 2002-12-23 15:42 Message: Logged In: YES user_id=11375 Updated patch: * Dates are now rendered as ISO-8601 (date only, not the time of the message) * By hard-wiring 2002-December, I got the RSS to validate using Mark Pilgrim's validator. ---------------------------------------------------------------------- Comment By: captain larry (captainlarry) Date: 2002-12-23 14:36 Message: Logged In: YES user_id=147905 Just voting for support here. This is *great* thanks for the patch and I hope the maintainers include it as soon as it's appropriate :) Adam. ---------------------------------------------------------------------- Comment By: Barry A. Warsaw (bwarsaw) Date: 2002-12-23 14:27 Message: Logged In: YES user_id=12800 Deferring until post-2.1 ---------------------------------------------------------------------- Comment By: A.M. Kuchling (akuchling) Date: 2002-12-23 14:21 Message: Logged In: YES user_id=11375 Argh; SF choked on the file upload. Attaching the patch again... ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=300103&aid=657951&group_i…

2 1

[Bug 1462755] [NEW] qrunner crashes on invalid unicode sequence
by Thijs Kinkhorst 28 Feb '22

28 Feb '22

Public bug reported: When a message contains an invalud unicode sequence in its header, qrunner flat out crashes on that: May 17 15:32:20 2015 (981) Uncaught runner exception: 'utf8' codec can't decode byte 0xe9 in position 18: invalid continuation byte May 17 15:32:20 2015 (981) Traceback (most recent call last): File "/var/lib/mailman/Mailman/Queue/Runner.py", line 119, in _oneloop self._onefile(msg, msgdata) File "/var/lib/mailman/Mailman/Queue/Runner.py", line 190, in _onefile keepqueued = self._dispose(mlist, msg, msgdata) File "/var/lib/mailman/Mailman/Queue/IncomingRunner.py", line 130, in _dispose more = self._dopipeline(mlist, msg, msgdata, pipeline) File "/var/lib/mailman/Mailman/Queue/IncomingRunner.py", line 153, in _dopipeline sys.modules[modname].process(mlist, msg, msgdata) File "/var/lib/mailman/Mailman/Handlers/CookHeaders.py", line 239, in process i18ndesc = uheader(mlist, mlist.description, 'List-Id', maxlinelen=998) File "/var/lib/mailman/Mailman/Handlers/CookHeaders.py", line 65, in uheader return Header(s, charset, maxlinelen, header_name, continuation_ws) File "/usr/lib/python2.7/email/header.py", line 183, in __init__ self.append(s, charset, errors) File "/usr/lib/python2.7/email/header.py", line 267, in append ustr = unicode(s, incodec, errors) UnicodeDecodeError: 'utf8' codec can't decode byte 0xe9 in position 18: invalid continuation byte May 17 15:32:20 2015 (981) SHUNTING: 1431869540.389822+156779307d54473d0eb732994bb67eee95733285 A solution for this specific case is to have Mailman/Handlers/CookHeaders.py pass the erorrs='replace' parameter. I would say that this is actually a bug in python-email, since I think it doesn't make sense to set errors to "strict" rather than something like "replace" when the intention is to parse stuff so free-formed, under-specd and user-controlled as email. Nonetheless, Mailman already sets errors='replace' in some places so it might aswell add it here. ** Affects: mailman Importance: Undecided Status: New -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1462755 Title: qrunner crashes on invalid unicode sequence To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1462755/+subscriptions

6 12

[Bug 965532] [NEW] Need a script to upgrade from MM2 to MM3
by Barry Warsaw 13 Dec '21

13 Dec '21

Public bug reported: We need a script, documentation, or other procedure to help people migrate from Mailman 2 to Mailman 3. ** Affects: mailman Importance: Undecided Status: New ** Tags: mailman3 -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/965532 Title: Need a script to upgrade from MM2 to MM3 To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/965532/+subscriptions

8 21

[Bug 1895451] [NEW] Mailman 2.1 does not support dnspython >=2.0
by Mark Sapiro 19 Oct '21

19 Oct '21

Public bug reported: dnspython >=2.0 requires Python >=3.6 and won't work with Mailman 2.1. ./configure should check for dnspython <2.0 and mention this requirement of not found. ** Affects: mailman Importance: Medium Assignee: Mark Sapiro (msapiro) Status: New -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1895451 Title: Mailman 2.1 does not support dnspython >=2.0 To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1895451/+subscriptions

2 3

[Bug 1609516] [NEW] [needs-packaging] GNU Mailman v3
by Kẏra 12 May '21

12 May '21

Public bug reported: Mailman 3 is essentially five projects: Mailman Core Postorius - The Web UI for Mailman Mailman Client - The REST API Client HyperKitty - The Archiver for Mailman Mailman Bundler - Installer for Mailman Suite including all above projects URL: https://www.gnu.org/software/mailman/ ** Affects: mailman Importance: Undecided Status: New ** Affects: ubuntu Importance: Undecided Status: New ** Affects: debian Importance: Unknown Status: Unknown ** Tags: needs-packaging ** Bug watch added: Debian Bug tracker #799292 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799292 ** Also affects: debian via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799292 Importance: Unknown Status: Unknown ** Also affects: mailman Importance: Undecided Status: New -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1609516 Title: [needs-packaging] GNU Mailman v3 To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1609516/+subscriptions

3 7

[Bug 1913241] [NEW] A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site.
by Abderrahmane Sahnoun 25 Jan '21

25 Jan '21

*** This bug is a security vulnerability *** Private security bug reported: A URL with a very long text listname such as https://homewalkers.net/mailman/roster/This_is_a_long_string_with_some_phis… will echo the text in the "No such list" error response. This can be used to make a potential victim think the phishing text comes from a trusted site. This issue was discovered by Abderrahmane Sahnoun <x.virusdz0(a)gmail.com>. same as CVE-2018-13796 ** Affects: mailman Importance: Undecided Assignee: Abderrahmane Sahnoun (xvirusdz) Status: New ** Changed in: mailman Assignee: (unassigned) => Abderrahmane Sahnoun (xvirusdz) ** Description changed: hi team, im Abderrahmane Sahnoun Algerian Security Researcher when i was exploring your website i have found a bug witch done the possibility to A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site in GNU Mailman 2.1.33. it's the same like CVE-2018-13796 here a example of it: - https://homewalkers.net/mailman/roster/wassim + https://homewalkers.net/mailman/roster/type_any_thing_here I await your reply at the earliest time Sincerely; ** Description changed: - hi team, - im Abderrahmane Sahnoun Algerian Security Researcher when i was exploring your website i have found a bug witch done the possibility to A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site in GNU Mailman 2.1.33. - it's the same like CVE-2018-13796 - here a example of it: - https://homewalkers.net/mailman/roster/type_any_thing_here - I await your reply at the earliest time - Sincerely; + A URL with a very long text listname such as + https://homewalkers.net/mailman/roster/This_is_a_long_string_with_some_phis… + will echo the text in the "No such list" error response. This can be used to make a potential victim think the phishing text comes from a trusted site. + + This issue was discovered by Abderrahmane Sahnoun + <x.virusdz0(a)gmail.com>. ** Changed in: mailman Assignee: Abderrahmane Sahnoun (xvirusdz) => (unassigned) ** Description changed: A URL with a very long text listname such as https://homewalkers.net/mailman/roster/This_is_a_long_string_with_some_phis… will echo the text in the "No such list" error response. This can be used to make a potential victim think the phishing text comes from a trusted site. - This issue was discovered by Abderrahmane Sahnoun - <x.virusdz0(a)gmail.com>. + This issue was discovered by Abderrahmane Sahnoun <x.virusdz0(a)gmail.com>. + same as CVE-2018-13796 ** Changed in: mailman Assignee: (unassigned) => Abderrahmane Sahnoun (xvirusdz) -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1913241 Title: A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site. To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1913241/+subscriptions

2 1

Mailman-coders January 2021