Mailman 3 November 2021 - Mailman-coders

[ mailman-Patches-657951 ] Generate RSS summary in archives
by SourceForge.net 19 Aug '22

19 Aug '22

Patches item #657951, was opened at 2002-12-23 14:17 Message generated for change (Comment added) made by bwarsaw You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=300103&aid=657951&group_i… Category: Pipermail Group: Mailman 2.2 / 3.0 Status: Open Resolution: None Priority: 7 Submitted By: A.M. Kuchling (akuchling) Assigned to: Nobody/Anonymous (nobody) Summary: Generate RSS summary in archives Initial Comment: Here's a first-draft patch. Things that need fixing: * The generated RSS feed needs to be validated. (It passed the W3C's RDF validator, but RSS validators still need to be checked.) * The date should be given in YYYY-MM-DD format, which requires parsing the .fromdate attribute. * How do I get the URL for an archived message? The generated RSS currently just uses the filename, which is wrong. How do I get at the PUBLIC_ARCHIVE_URL setting? * Getting the most recent N postings is inefficient; the code loops through all of the archived messages and takes the last N of them. We could add .last() and .prev() methods to the Database class, but that's more ambitious for 2.1beta than I like. (Would be nice to get this into 2.1final...) * The list index page should have a LINK element pointing to the RSS file. Please make any comments you have, and I'll rework the patch accordingly. ---------------------------------------------------------------------- >Comment By: Barry A. Warsaw (bwarsaw) Date: 2003-04-18 18:43 Message: Logged In: YES user_id=12800 Andrew, to get the url for the archived message use mlist.GetBaseArchiveURL(), which knows about private vs. public archives, the host name and the list name. From there you should be able to tack on just the part of the path under "archives/private/listname". See Mailman/Handlers/Scrubber.py for an example. Only other minor comment: NUM_ARTICLES can probably go in Defaults.py.in ---------------------------------------------------------------------- Comment By: Justin Mason (jmason) Date: 2003-03-26 16:49 Message: Logged In: YES user_id=935 big thumbs up from me too. Much better solution than http://taint.org/mmrss/ ;) ---------------------------------------------------------------------- Comment By: Uche Ogbuji (uche) Date: 2003-03-17 20:09 Message: Logged In: YES user_id=38966 I'd like to add my vote to this item. This is a fantastic idea, Andrew. Thanks. --Uche ---------------------------------------------------------------------- Comment By: A.M. Kuchling (akuchling) Date: 2002-12-23 15:42 Message: Logged In: YES user_id=11375 Updated patch: * Dates are now rendered as ISO-8601 (date only, not the time of the message) * By hard-wiring 2002-December, I got the RSS to validate using Mark Pilgrim's validator. ---------------------------------------------------------------------- Comment By: captain larry (captainlarry) Date: 2002-12-23 14:36 Message: Logged In: YES user_id=147905 Just voting for support here. This is *great* thanks for the patch and I hope the maintainers include it as soon as it's appropriate :) Adam. ---------------------------------------------------------------------- Comment By: Barry A. Warsaw (bwarsaw) Date: 2002-12-23 14:27 Message: Logged In: YES user_id=12800 Deferring until post-2.1 ---------------------------------------------------------------------- Comment By: A.M. Kuchling (akuchling) Date: 2002-12-23 14:21 Message: Logged In: YES user_id=11375 Argh; SF choked on the file upload. Attaching the patch again... ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=300103&aid=657951&group_i…

2 1

[Bug 1462755] [NEW] qrunner crashes on invalid unicode sequence
by Thijs Kinkhorst 28 Feb '22

28 Feb '22

Public bug reported: When a message contains an invalud unicode sequence in its header, qrunner flat out crashes on that: May 17 15:32:20 2015 (981) Uncaught runner exception: 'utf8' codec can't decode byte 0xe9 in position 18: invalid continuation byte May 17 15:32:20 2015 (981) Traceback (most recent call last): File "/var/lib/mailman/Mailman/Queue/Runner.py", line 119, in _oneloop self._onefile(msg, msgdata) File "/var/lib/mailman/Mailman/Queue/Runner.py", line 190, in _onefile keepqueued = self._dispose(mlist, msg, msgdata) File "/var/lib/mailman/Mailman/Queue/IncomingRunner.py", line 130, in _dispose more = self._dopipeline(mlist, msg, msgdata, pipeline) File "/var/lib/mailman/Mailman/Queue/IncomingRunner.py", line 153, in _dopipeline sys.modules[modname].process(mlist, msg, msgdata) File "/var/lib/mailman/Mailman/Handlers/CookHeaders.py", line 239, in process i18ndesc = uheader(mlist, mlist.description, 'List-Id', maxlinelen=998) File "/var/lib/mailman/Mailman/Handlers/CookHeaders.py", line 65, in uheader return Header(s, charset, maxlinelen, header_name, continuation_ws) File "/usr/lib/python2.7/email/header.py", line 183, in __init__ self.append(s, charset, errors) File "/usr/lib/python2.7/email/header.py", line 267, in append ustr = unicode(s, incodec, errors) UnicodeDecodeError: 'utf8' codec can't decode byte 0xe9 in position 18: invalid continuation byte May 17 15:32:20 2015 (981) SHUNTING: 1431869540.389822+156779307d54473d0eb732994bb67eee95733285 A solution for this specific case is to have Mailman/Handlers/CookHeaders.py pass the erorrs='replace' parameter. I would say that this is actually a bug in python-email, since I think it doesn't make sense to set errors to "strict" rather than something like "replace" when the intention is to parse stuff so free-formed, under-specd and user-controlled as email. Nonetheless, Mailman already sets errors='replace' in some places so it might aswell add it here. ** Affects: mailman Importance: Undecided Status: New -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1462755 Title: qrunner crashes on invalid unicode sequence To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1462755/+subscriptions

6 12

[Bug 965532] [NEW] Need a script to upgrade from MM2 to MM3
by Barry Warsaw 14 Dec '21

14 Dec '21

Public bug reported: We need a script, documentation, or other procedure to help people migrate from Mailman 2 to Mailman 3. ** Affects: mailman Importance: Undecided Status: New ** Tags: mailman3 -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/965532 Title: Need a script to upgrade from MM2 to MM3 To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/965532/+subscriptions

8 21

[Bug 1952755] [NEW] Permissions checks should be case-insensitive against login email
by Loïc Gomez 03 Dec '21

03 Dec '21

Public bug reported: Hi, One of our users complained being rejected with 403 Unauthorized when moderating a list he's an owner of. We're using Ubuntu SSO for login purposes, and we noticed they had an uppercase letter in their email in both account_emailaddress and auth_user tables. We asked them to add the lowercase version of their email and remove the other one, but mailman complained email address is already attached to their account. We then did some db surgery, updating their email to the lowercase version in both tables, and it resolved their issue. Authentication should probably do a case-insensitive check of login email against auth database. We're using mailman version: 3.1.1-9 Ubuntu package On a sidenote: email address was in both account_emailaddress and auth_user, auth_user could also be updated, so it uses account_emailaddress.id instead of having duplicate data. Could you please let us know if there are other occurrences of email in the schema, and if we should replicate our manual changes in some other tables for our user ? Thank you! Loïc ** Affects: mailman Importance: Undecided Status: New -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1952755 Title: Permissions checks should be case-insensitive against login email To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1952755/+subscriptions

2 2

[Bug 1951769] [NEW] NotAMemberError Exception in user options page
by Mark Sapiro 30 Nov '21

30 Nov '21

Public bug reported: If a user logs in to the options page and unsubscribes or is unsubscribed and then submits the options form again, perhaps by going back to the page in the browser, The CSRF check raises NotAMemberError and the user gets a We hit a bug page. This is related to https://bugs.launchpad.net/mailman/+bug/1523273 but occurs for a different reason. ** Affects: mailman Importance: Low Status: In Progress -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1951769 Title: NotAMemberError Exception in user options page To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1951769/+subscriptions

3 7

[Bug 1952384] [NEW] A CSRF vulnerability could allow a list moderator or list member to access the admin UI
by Mark Sapiro 30 Nov '21

30 Nov '21

*** This bug is a security vulnerability *** Private security bug reported: A list moderator or list member can potentially carry out a CSRF attach by getting a list admin to visit a crafted web page ** Affects: mailman Importance: Medium Assignee: Mark Sapiro (msapiro) Status: In Progress ** Patch added: "Patch to fix this issue." https://bugs.launchpad.net/bugs/1952384/+attachment/5543451/+files/patch.txt -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1952384 Title: A CSRF vulnerability could allow a list moderator or list member to access the admin UI To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1952384/+subscriptions

2 4

[Bug 1949403] [NEW] A vulnerability could allow a list moderator to discover the admin password.
by Mark Sapiro 13 Nov '21

13 Nov '21

*** This bug is a security vulnerability *** Private security bug reported: The CSRF token for the admindb page contains an encrypted version of the list admin password which could potentially be cracked by a moderator via an off-line brute force attack. ** Affects: mailman Importance: Undecided Assignee: Mark Sapiro (msapiro) Status: In Progress -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1949403 Title: A vulnerability could allow a list moderator to discover the admin password. To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1949403/+subscriptions

2 5

[Bug 1950833] [NEW] TypeError in nandling moderator requests.
by Mark Sapiro 12 Nov '21

12 Nov '21

Public bug reported: The fix for https://bugs.launchpad.net/mailman/+bug/1949403 can cause this issue in the admindb interface if a list has no moderator password Traceback (most recent call last): File "/mailman/mailman-${domainslug}/scripts/driver", line 117, in run_main main() File "/mailman/mailman-${domainslug}/Mailman/Cgi/admindb.py", line 342, in main print doc.Format() File "/mailman/mailman-${domainslug}/Mailman/htmlformat.py", line 352, in Format output.append(Container.Format(self, indent)) File "/mailman/mailman-${domainslug}/Mailman/htmlformat.py", line 267, in Format output.append(HTMLFormatObject(item, indent)) File "/mailman/mailman-${domainslug}/Mailman/htmlformat.py", line 53, in HTMLFormatObject return item.Format(indent) File "/mailman/mailman-${domainslug}/Mailman/htmlformat.py", line 445, in Format % csrf_token(self.mlist, self.contexts, self.user) File "/mailman/mailman-${domainslug}/Mailman/CSRFcheck.py", line 53, in csrf_token mac = sha_new(secret + `issued`).hexdigest() TypeError: unsupported operand type(s) for +: 'NoneType' and 'str' ** Affects: mailman Importance: Critical Assignee: Mark Sapiro (msapiro) Status: In Progress -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1950833 Title: TypeError in nandling moderator requests. To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1950833/+subscriptions

2 3

[Bug 1949401] [NEW] Potential XSS attack via the user options page.
by Mark Sapiro 12 Nov '21

12 Nov '21

*** This bug is a security vulnerability *** Private security bug reported: A crafted URL to the user options page can execute arbitrary javascript. ** Affects: mailman Importance: Medium Assignee: Mark Sapiro (msapiro) Status: In Progress -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1949401 Title: Potential XSS attack via the user options page. To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1949401/+subscriptions

2 4

[Bug 1950526] [NEW] Error upgrading on Debian 9 from Installed: 1:2.1.23-1+deb9u6 to Candidate: 1:2.1.23-1+deb9u7
by g 11 Nov '21

11 Nov '21

Public bug reported: Debian 9 Upgrading mailman Installed: 1:2.1.23-1+deb9u6 Candidate: 1:2.1.23-1+deb9u7 apt update apt upgrade errors Fetched 6,748 kB in 0s (12.4 MB/s) Reading changelogs... Done Preconfiguring packages ... File "/var/lib/mailman/bin/list_lists", line 75 except getopt.error, msg: ^ SyntaxError: invalid syntax (Reading database ... 99804 files and directories currently installed.) Preparing to unpack .../00-mailman_1%3a2.1.23-1+deb9u7_amd64.deb ... File "/usr/bin/pyclean", line 63 except (IOError, OSError), e: ^ SyntaxError: invalid syntax dpkg: warning: subprocess old pre-removal script returned error exit status 1 dpkg: trying script from the new package instead ... File "/usr/bin/pyclean", line 63 except (IOError, OSError), e: ^ SyntaxError: invalid syntax dpkg: error processing archive /tmp/apt-dpkg-install-vEhtzR/00-mailman_1%3a2.1.23-1+deb9u7_amd64.deb (--unpack): subprocess new pre-removal script returned error exit status 1 File "/var/lib/mailman/bin/list_lists", line 75 except getopt.error, msg: ^ SyntaxError: invalid syntax File "/usr/lib/mailman/bin/update", line 107 print C_('Fixing language templates: %(listname)s') ^ SyntaxError: invalid syntax dpkg: error while cleaning up: subprocess installed post-installation script returned error exit status 1 Preparing to unpack .../01-python-pil_4.0.0-4+deb9u3_amd64.deb ... File "/usr/bin/pyclean", line 63 except (IOError, OSError), e: ^ SyntaxError: invalid syntax dpkg: warning: subprocess old pre-removal script returned error exit status 1 dpkg: trying script from the new package instead ... File "/usr/bin/pyclean", line 63 except (IOError, OSError), e: ^ SyntaxError: invalid syntax dpkg: error processing archive /tmp/apt-dpkg-install-vEhtzR/01-python-pil_4.0.0-4+deb9u3_amd64.deb (--unpack): subprocess new pre-removal script returned error exit status 1 Traceback (most recent call last): File "/usr/bin/pycompile", line 35, in <module> from debpython.version import SUPPORTED, debsorted, vrepr, \ File "/usr/share/python/debpython/version.py", line 24, in <module> from ConfigParser import SafeConfigParser ModuleNotFoundError: No module named 'ConfigParser' dpkg: error while cleaning up: subprocess installed post-installation script returned error exit status 1 Preparing to unpack .../02-python-imaging_4.0.0-4+deb9u3_all.deb ... File "/usr/bin/pyclean", line 63 except (IOError, OSError), e: ^ SyntaxError: invalid syntax dpkg: warning: subprocess old pre-removal script returned error exit status 1 dpkg: trying script from the new package instead ... File "/usr/bin/pyclean", line 63 except (IOError, OSError), e: ^ SyntaxError: invalid syntax dpkg: error processing archive /tmp/apt-dpkg-install-vEhtzR/02-python-imaging_4.0.0-4+deb9u3_all.deb (--unpack): subprocess new pre-removal script returned error exit status 1 Traceback (most recent call last): File "/usr/bin/pycompile", line 35, in <module> from debpython.version import SUPPORTED, debsorted, vrepr, \ File "/usr/share/python/debpython/version.py", line 24, in <module> from ConfigParser import SafeConfigParser ModuleNotFoundError: No module named 'ConfigParser' dpkg: error while cleaning up: subprocess installed post-installation script returned error exit status 1 Preparing to unpack .../03-python-lxml_3.7.1-1+deb9u4_amd64.deb ... File "/usr/bin/pyclean", line 63 except (IOError, OSError), e: ^ SyntaxError: invalid syntax dpkg: warning: subprocess old pre-removal script returned error exit status 1 dpkg: trying script from the new package instead ... File "/usr/bin/pyclean", line 63 except (IOError, OSError), e: ^ SyntaxError: invalid syntax dpkg: error processing archive /tmp/apt-dpkg-install-vEhtzR/03-python-lxml_3.7.1-1+deb9u4_amd64.deb (--unpack): subprocess new pre-removal script returned error exit status 1 Traceback (most recent call last): File "/usr/bin/pycompile", line 35, in <module> from debpython.version import SUPPORTED, debsorted, vrepr, \ File "/usr/share/python/debpython/version.py", line 24, in <module> from ConfigParser import SafeConfigParser ModuleNotFoundError: No module named 'ConfigParser' dpkg: error while cleaning up: subprocess installed post-installation script returned error exit status 1 Preparing to unpack .../04-python-xdg_0.25-4+deb9u1_all.deb ... File "/usr/bin/pyclean", line 63 except (IOError, OSError), e: ^ SyntaxError: invalid syntax dpkg: warning: subprocess old pre-removal script returned error exit status 1 dpkg: trying script from the new package instead ... File "/usr/bin/pyclean", line 63 except (IOError, OSError), e: ^ SyntaxError: invalid syntax dpkg: error processing archive /tmp/apt-dpkg-install-vEhtzR/04-python-xdg_0.25-4+deb9u1_all.deb (--unpack): subprocess new pre-removal script returned error exit status 1 Traceback (most recent call last): File "/usr/bin/pycompile", line 35, in <module> from debpython.version import SUPPORTED, debsorted, vrepr, \ File "/usr/share/python/debpython/version.py", line 24, in <module> from ConfigParser import SafeConfigParser ModuleNotFoundError: No module named 'ConfigParser' dpkg: error while cleaning up: subprocess installed post-installation script returned error exit status 1 Errors were encountered while processing: /tmp/apt-dpkg-install-vEhtzR/00-mailman_1%3a2.1.23-1+deb9u7_amd64.deb /tmp/apt-dpkg-install-vEhtzR/01-python-pil_4.0.0-4+deb9u3_amd64.deb /tmp/apt-dpkg-install-vEhtzR/02-python-imaging_4.0.0-4+deb9u3_all.deb /tmp/apt-dpkg-install-vEhtzR/03-python-lxml_3.7.1-1+deb9u4_amd64.deb /tmp/apt-dpkg-install-vEhtzR/04-python-xdg_0.25-4+deb9u1_all.deb E: Sub-process /usr/bin/dpkg returned an error code (1) Thanks ** Affects: mailman Importance: Undecided Status: New -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1950526 Title: Error upgrading on Debian 9 from Installed: 1:2.1.23-1+deb9u6 to Candidate: 1:2.1.23-1+deb9u7 To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1950526/+subscriptions

2 1

Mailman-coders November 2021