Public bug reported:
When a message contains an invalud unicode sequence in its header,
qrunner flat out crashes on that:
May 17 15:32:20 2015 (981) Uncaught runner exception: 'utf8' codec can't decode byte
0xe9 in position 18: invalid continuation byte
May 17 15:32:20 2015 (981) Traceback (most recent call last):
File "/var/lib/mailman/Mailman/Queue/Runner.py", line 119, in _oneloop
self._onefile(msg, msgdata)
File "/var/lib/mailman/Mailman/Queue/Runner.py", line 190, in _onefile
keepqueued = self._dispose(mlist, msg, msgdata)
File "/var/lib/mailman/Mailman/Queue/IncomingRunner.py", line 130, in _dispose
more = self._dopipeline(mlist, msg, msgdata, pipeline)
File "/var/lib/mailman/Mailman/Queue/IncomingRunner.py", line 153, in _dopipeline
sys.modules[modname].process(mlist, msg, msgdata)
File "/var/lib/mailman/Mailman/Handlers/CookHeaders.py", line 239, in process
i18ndesc = uheader(mlist, mlist.description, 'List-Id', maxlinelen=998)
File "/var/lib/mailman/Mailman/Handlers/CookHeaders.py", line 65, in uheader
return Header(s, charset, maxlinelen, header_name, continuation_ws)
File "/usr/lib/python2.7/email/header.py", line 183, in __init__
self.append(s, charset, errors)
File "/usr/lib/python2.7/email/header.py", line 267, in append
ustr = unicode(s, incodec, errors)
UnicodeDecodeError: 'utf8' codec can't decode byte 0xe9 in position 18: invalid
continuation byte
May 17 15:32:20 2015 (981) SHUNTING:
1431869540.389822+156779307d54473d0eb732994bb67eee95733285
A solution for this specific case is to have Mailman/Handlers/CookHeaders.py pass the erorrs='replace' parameter.
I would say that this is actually a bug in python-email, since I think it doesn't make sense to set errors to "strict" rather than something like "replace" when the intention is to parse stuff so free-formed, under-specd
and user-controlled as email. Nonetheless, Mailman already sets errors='replace' in some places so it might aswell add it here.
** Affects: mailman
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1462755
Title:
qrunner crashes on invalid unicode sequence
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1462755/+subscriptions
Public bug reported:
We need a script, documentation, or other procedure to help people
migrate from Mailman 2 to Mailman 3.
** Affects: mailman
Importance: Undecided
Status: New
** Tags: mailman3
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/965532
Title:
Need a script to upgrade from MM2 to MM3
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/965532/+subscriptions
Public bug reported:
Hi,
One of our users complained being rejected with 403 Unauthorized when
moderating a list he's an owner of.
We're using Ubuntu SSO for login purposes, and we noticed they had an
uppercase letter in their email in both account_emailaddress and
auth_user tables. We asked them to add the lowercase version of their
email and remove the other one, but mailman complained email address is
already attached to their account.
We then did some db surgery, updating their email to the lowercase
version in both tables, and it resolved their issue.
Authentication should probably do a case-insensitive check of login email against auth database.
We're using mailman version: 3.1.1-9 Ubuntu package
On a sidenote: email address was in both account_emailaddress and
auth_user, auth_user could also be updated, so it uses
account_emailaddress.id instead of having duplicate data.
Could you please let us know if there are other occurrences of email in
the schema, and if we should replicate our manual changes in some other
tables for our user ?
Thank you!
Loïc
** Affects: mailman
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1952755
Title:
Permissions checks should be case-insensitive against login email
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1952755/+subscriptions
Public bug reported:
If a user logs in to the options page and unsubscribes or is
unsubscribed and then submits the options form again, perhaps by going
back to the page in the browser, The CSRF check raises NotAMemberError
and the user gets a We hit a bug page. This is related to
https://bugs.launchpad.net/mailman/+bug/1523273 but occurs for a
different reason.
** Affects: mailman
Importance: Low
Status: In Progress
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1951769
Title:
NotAMemberError Exception in user options page
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1951769/+subscriptions
*** This bug is a security vulnerability ***
Private security bug reported:
A list moderator or list member can potentially carry out a CSRF attach
by getting a list admin to visit a crafted web page
** Affects: mailman
Importance: Medium
Assignee: Mark Sapiro (msapiro)
Status: In Progress
** Patch added: "Patch to fix this issue."
https://bugs.launchpad.net/bugs/1952384/+attachment/5543451/+files/patch.txt
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1952384
Title:
A CSRF vulnerability could allow a list moderator or list member to
access the admin UI
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1952384/+subscriptions
*** This bug is a security vulnerability ***
Private security bug reported:
The CSRF token for the admindb page contains an encrypted version of the
list admin password which could potentially be cracked by a moderator
via an off-line brute force attack.
** Affects: mailman
Importance: Undecided
Assignee: Mark Sapiro (msapiro)
Status: In Progress
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1949403
Title:
A vulnerability could allow a list moderator to discover the admin
password.
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1949403/+subscriptions
Public bug reported:
The fix for https://bugs.launchpad.net/mailman/+bug/1949403 can cause
this issue in the admindb interface if a list has no moderator password
Traceback (most recent call last):
File "/mailman/mailman-${domainslug}/scripts/driver", line 117, in run_main
main()
File "/mailman/mailman-${domainslug}/Mailman/Cgi/admindb.py", line 342, in main
print doc.Format()
File "/mailman/mailman-${domainslug}/Mailman/htmlformat.py", line 352, in Format
output.append(Container.Format(self, indent))
File "/mailman/mailman-${domainslug}/Mailman/htmlformat.py", line 267, in Format
output.append(HTMLFormatObject(item, indent))
File "/mailman/mailman-${domainslug}/Mailman/htmlformat.py", line 53, in HTMLFormatObject
return item.Format(indent)
File "/mailman/mailman-${domainslug}/Mailman/htmlformat.py", line 445, in Format
% csrf_token(self.mlist, self.contexts, self.user)
File "/mailman/mailman-${domainslug}/Mailman/CSRFcheck.py", line 53, in csrf_token
mac = sha_new(secret + `issued`).hexdigest()
TypeError: unsupported operand type(s) for +: 'NoneType' and 'str'
** Affects: mailman
Importance: Critical
Assignee: Mark Sapiro (msapiro)
Status: In Progress
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1950833
Title:
TypeError in nandling moderator requests.
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1950833/+subscriptions
*** This bug is a security vulnerability ***
Private security bug reported:
A crafted URL to the user options page can execute arbitrary javascript.
** Affects: mailman
Importance: Medium
Assignee: Mark Sapiro (msapiro)
Status: In Progress
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1949401
Title:
Potential XSS attack via the user options page.
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1949401/+subscriptions
Public bug reported:
Debian 9
Upgrading mailman
Installed: 1:2.1.23-1+deb9u6
Candidate: 1:2.1.23-1+deb9u7
apt update
apt upgrade
errors
Fetched 6,748 kB in 0s (12.4 MB/s)
Reading changelogs... Done
Preconfiguring packages ...
File "/var/lib/mailman/bin/list_lists", line 75
except getopt.error, msg:
^
SyntaxError: invalid syntax
(Reading database ... 99804 files and directories currently installed.)
Preparing to unpack .../00-mailman_1%3a2.1.23-1+deb9u7_amd64.deb ...
File "/usr/bin/pyclean", line 63
except (IOError, OSError), e:
^
SyntaxError: invalid syntax
dpkg: warning: subprocess old pre-removal script returned error exit status 1
dpkg: trying script from the new package instead ...
File "/usr/bin/pyclean", line 63
except (IOError, OSError), e:
^
SyntaxError: invalid syntax
dpkg: error processing archive /tmp/apt-dpkg-install-vEhtzR/00-mailman_1%3a2.1.23-1+deb9u7_amd64.deb (--unpack):
subprocess new pre-removal script returned error exit status 1
File "/var/lib/mailman/bin/list_lists", line 75
except getopt.error, msg:
^
SyntaxError: invalid syntax
File "/usr/lib/mailman/bin/update", line 107
print C_('Fixing language templates: %(listname)s')
^
SyntaxError: invalid syntax
dpkg: error while cleaning up:
subprocess installed post-installation script returned error exit status 1
Preparing to unpack .../01-python-pil_4.0.0-4+deb9u3_amd64.deb ...
File "/usr/bin/pyclean", line 63
except (IOError, OSError), e:
^
SyntaxError: invalid syntax
dpkg: warning: subprocess old pre-removal script returned error exit status 1
dpkg: trying script from the new package instead ...
File "/usr/bin/pyclean", line 63
except (IOError, OSError), e:
^
SyntaxError: invalid syntax
dpkg: error processing archive /tmp/apt-dpkg-install-vEhtzR/01-python-pil_4.0.0-4+deb9u3_amd64.deb (--unpack):
subprocess new pre-removal script returned error exit status 1
Traceback (most recent call last):
File "/usr/bin/pycompile", line 35, in <module>
from debpython.version import SUPPORTED, debsorted, vrepr, \
File "/usr/share/python/debpython/version.py", line 24, in <module>
from ConfigParser import SafeConfigParser
ModuleNotFoundError: No module named 'ConfigParser'
dpkg: error while cleaning up:
subprocess installed post-installation script returned error exit status 1
Preparing to unpack .../02-python-imaging_4.0.0-4+deb9u3_all.deb ...
File "/usr/bin/pyclean", line 63
except (IOError, OSError), e:
^
SyntaxError: invalid syntax
dpkg: warning: subprocess old pre-removal script returned error exit status 1
dpkg: trying script from the new package instead ...
File "/usr/bin/pyclean", line 63
except (IOError, OSError), e:
^
SyntaxError: invalid syntax
dpkg: error processing archive /tmp/apt-dpkg-install-vEhtzR/02-python-imaging_4.0.0-4+deb9u3_all.deb (--unpack):
subprocess new pre-removal script returned error exit status 1
Traceback (most recent call last):
File "/usr/bin/pycompile", line 35, in <module>
from debpython.version import SUPPORTED, debsorted, vrepr, \
File "/usr/share/python/debpython/version.py", line 24, in <module>
from ConfigParser import SafeConfigParser
ModuleNotFoundError: No module named 'ConfigParser'
dpkg: error while cleaning up:
subprocess installed post-installation script returned error exit status 1
Preparing to unpack .../03-python-lxml_3.7.1-1+deb9u4_amd64.deb ...
File "/usr/bin/pyclean", line 63
except (IOError, OSError), e:
^
SyntaxError: invalid syntax
dpkg: warning: subprocess old pre-removal script returned error exit status 1
dpkg: trying script from the new package instead ...
File "/usr/bin/pyclean", line 63
except (IOError, OSError), e:
^
SyntaxError: invalid syntax
dpkg: error processing archive /tmp/apt-dpkg-install-vEhtzR/03-python-lxml_3.7.1-1+deb9u4_amd64.deb (--unpack):
subprocess new pre-removal script returned error exit status 1
Traceback (most recent call last):
File "/usr/bin/pycompile", line 35, in <module>
from debpython.version import SUPPORTED, debsorted, vrepr, \
File "/usr/share/python/debpython/version.py", line 24, in <module>
from ConfigParser import SafeConfigParser
ModuleNotFoundError: No module named 'ConfigParser'
dpkg: error while cleaning up:
subprocess installed post-installation script returned error exit status 1
Preparing to unpack .../04-python-xdg_0.25-4+deb9u1_all.deb ...
File "/usr/bin/pyclean", line 63
except (IOError, OSError), e:
^
SyntaxError: invalid syntax
dpkg: warning: subprocess old pre-removal script returned error exit status 1
dpkg: trying script from the new package instead ...
File "/usr/bin/pyclean", line 63
except (IOError, OSError), e:
^
SyntaxError: invalid syntax
dpkg: error processing archive /tmp/apt-dpkg-install-vEhtzR/04-python-xdg_0.25-4+deb9u1_all.deb (--unpack):
subprocess new pre-removal script returned error exit status 1
Traceback (most recent call last):
File "/usr/bin/pycompile", line 35, in <module>
from debpython.version import SUPPORTED, debsorted, vrepr, \
File "/usr/share/python/debpython/version.py", line 24, in <module>
from ConfigParser import SafeConfigParser
ModuleNotFoundError: No module named 'ConfigParser'
dpkg: error while cleaning up:
subprocess installed post-installation script returned error exit status 1
Errors were encountered while processing:
/tmp/apt-dpkg-install-vEhtzR/00-mailman_1%3a2.1.23-1+deb9u7_amd64.deb
/tmp/apt-dpkg-install-vEhtzR/01-python-pil_4.0.0-4+deb9u3_amd64.deb
/tmp/apt-dpkg-install-vEhtzR/02-python-imaging_4.0.0-4+deb9u3_all.deb
/tmp/apt-dpkg-install-vEhtzR/03-python-lxml_3.7.1-1+deb9u4_amd64.deb
/tmp/apt-dpkg-install-vEhtzR/04-python-xdg_0.25-4+deb9u1_all.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)
Thanks
** Affects: mailman
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1950526
Title:
Error upgrading on Debian 9 from Installed: 1:2.1.23-1+deb9u6 to
Candidate: 1:2.1.23-1+deb9u7
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1950526/+subscriptions