Mailman 3 November 2021 - Mailman-coders

[Bug 1756009] [NEW] emails are not delivered to all recipients
by Raimonds 02 Aug '23

02 Aug '23

Public bug reported: Mailman often do not send emails to all addressees. Usually a single recipient is lost, but sometimes 2 or 3. there is a fragment from mailmans smtp log file, recipient count randomly changed from 28 to 27. Mar 15 08:57:31 2018 (60449) <20180315065723.E829F124FB4(a)naf.iem.gov.lv> smtp to dml-patch for 28 recips, completed in 0.395 seconds Mar 15 08:58:17 2018 (60449) <20180315065811.D36F512506A(a)naf.iem.gov.lv> smtp to dml-patch for 27 recips, completed in 0.167 seconds Mar 15 09:09:04 2018 (60449) <20180315070859.42309125071(a)naf.iem.gov.lv> smtp to dml-patch for 28 recips, completed in 0.148 seconds Mar 15 09:13:47 2018 (60449) <20180315071331.34C3B12506A(a)naf.iem.gov.lv> smtp to dml-patch for 27 recips, completed in 0.151 seconds Mar 15 09:14:59 2018 (60449) <20180315071453.7FC1412506A(a)naf.iem.gov.lv> smtp to dml-patch for 28 recips, completed in 0.082 seconds Mar 15 09:15:54 2018 (60449) <20180315071548.217D912505D(a)naf.iem.gov.lv> smtp to dml-patch for 28 recips, completed in 0.249 seconds Mar 15 09:16:59 2018 (60449) <20180315071623.0193912506A(a)naf.iem.gov.lv> smtp to dml-patch for 28 recips, completed in 0.131 seconds Mar 15 09:17:05 2018 (60449) <20180315071629.1FD64124FC5(a)naf.iem.gov.lv> smtp to dml-patch for 27 recips, completed in 0.143 seconds Mar 15 09:17:27 2018 (60449) <20180315071645.194B212505A(a)naf.iem.gov.lv> smtp to dml-patch for 28 recips, completed in 0.093 seconds Mar 15 09:17:56 2018 (60449) <20180315071702.004EA12505A(a)naf.iem.gov.lv> smtp to dml-patch for 27 recips, completed in 0.211 seconds Mar 15 09:18:11 2018 (60449) <20180315071706.4F5F112505A(a)naf.iem.gov.lv> smtp to dml-patch for 27 recips, completed in 0.089 seconds Mar 15 09:18:20 2018 (60449) <20180315071711.BDFE412505A(a)naf.iem.gov.lv> smtp to dml-patch for 27 recips, completed in 0.112 seconds Mar 15 09:23:06 2018 (60449) <20180315072058.5882812506A(a)naf.iem.gov.lv> smtp to dml-patch for 28 recips, completed in 0.129 seconds Mar 15 09:23:34 2018 (60449) <20180315072217.AE70D125068(a)naf.iem.gov.lv> smtp to dml-patch for 28 recips, completed in 0.560 seconds Mar 15 09:23:41 2018 (60449) <20180315072244.39896124733(a)naf.iem.gov.lv> smtp to dml-patch for 28 recips, completed in 0.061 seconds list_members command always shows correct members count 28. /usr/lib/mailman/bin/list_members dml-patch | wc -l 28 OS CentOS Linux release 7.4.1708 Using Mailman version: 2.1.15 (standart centos package) The same problem was occur on Red Hat Enterprise Linux Server release 6.9 (Santiago) Mailman version: 2.1.12 ** Affects: mailman Importance: Undecided Status: New -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1756009 Title: emails are not delivered to all recipients To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1756009/+subscriptions

4 6

[ mailman-Patches-657951 ] Generate RSS summary in archives
by SourceForge.net 19 Aug '22

19 Aug '22

Patches item #657951, was opened at 2002-12-23 14:17 Message generated for change (Comment added) made by bwarsaw You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=300103&aid=657951&group_i… Category: Pipermail Group: Mailman 2.2 / 3.0 Status: Open Resolution: None Priority: 7 Submitted By: A.M. Kuchling (akuchling) Assigned to: Nobody/Anonymous (nobody) Summary: Generate RSS summary in archives Initial Comment: Here's a first-draft patch. Things that need fixing: * The generated RSS feed needs to be validated. (It passed the W3C's RDF validator, but RSS validators still need to be checked.) * The date should be given in YYYY-MM-DD format, which requires parsing the .fromdate attribute. * How do I get the URL for an archived message? The generated RSS currently just uses the filename, which is wrong. How do I get at the PUBLIC_ARCHIVE_URL setting? * Getting the most recent N postings is inefficient; the code loops through all of the archived messages and takes the last N of them. We could add .last() and .prev() methods to the Database class, but that's more ambitious for 2.1beta than I like. (Would be nice to get this into 2.1final...) * The list index page should have a LINK element pointing to the RSS file. Please make any comments you have, and I'll rework the patch accordingly. ---------------------------------------------------------------------- >Comment By: Barry A. Warsaw (bwarsaw) Date: 2003-04-18 18:43 Message: Logged In: YES user_id=12800 Andrew, to get the url for the archived message use mlist.GetBaseArchiveURL(), which knows about private vs. public archives, the host name and the list name. From there you should be able to tack on just the part of the path under "archives/private/listname". See Mailman/Handlers/Scrubber.py for an example. Only other minor comment: NUM_ARTICLES can probably go in Defaults.py.in ---------------------------------------------------------------------- Comment By: Justin Mason (jmason) Date: 2003-03-26 16:49 Message: Logged In: YES user_id=935 big thumbs up from me too. Much better solution than http://taint.org/mmrss/ ;) ---------------------------------------------------------------------- Comment By: Uche Ogbuji (uche) Date: 2003-03-17 20:09 Message: Logged In: YES user_id=38966 I'd like to add my vote to this item. This is a fantastic idea, Andrew. Thanks. --Uche ---------------------------------------------------------------------- Comment By: A.M. Kuchling (akuchling) Date: 2002-12-23 15:42 Message: Logged In: YES user_id=11375 Updated patch: * Dates are now rendered as ISO-8601 (date only, not the time of the message) * By hard-wiring 2002-December, I got the RSS to validate using Mark Pilgrim's validator. ---------------------------------------------------------------------- Comment By: captain larry (captainlarry) Date: 2002-12-23 14:36 Message: Logged In: YES user_id=147905 Just voting for support here. This is *great* thanks for the patch and I hope the maintainers include it as soon as it's appropriate :) Adam. ---------------------------------------------------------------------- Comment By: Barry A. Warsaw (bwarsaw) Date: 2002-12-23 14:27 Message: Logged In: YES user_id=12800 Deferring until post-2.1 ---------------------------------------------------------------------- Comment By: A.M. Kuchling (akuchling) Date: 2002-12-23 14:21 Message: Logged In: YES user_id=11375 Argh; SF choked on the file upload. Attaching the patch again... ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=300103&aid=657951&group_i…

2 1

[Bug 1462755] [NEW] qrunner crashes on invalid unicode sequence
by Thijs Kinkhorst 28 Feb '22

28 Feb '22

Public bug reported: When a message contains an invalud unicode sequence in its header, qrunner flat out crashes on that: May 17 15:32:20 2015 (981) Uncaught runner exception: 'utf8' codec can't decode byte 0xe9 in position 18: invalid continuation byte May 17 15:32:20 2015 (981) Traceback (most recent call last): File "/var/lib/mailman/Mailman/Queue/Runner.py", line 119, in _oneloop self._onefile(msg, msgdata) File "/var/lib/mailman/Mailman/Queue/Runner.py", line 190, in _onefile keepqueued = self._dispose(mlist, msg, msgdata) File "/var/lib/mailman/Mailman/Queue/IncomingRunner.py", line 130, in _dispose more = self._dopipeline(mlist, msg, msgdata, pipeline) File "/var/lib/mailman/Mailman/Queue/IncomingRunner.py", line 153, in _dopipeline sys.modules[modname].process(mlist, msg, msgdata) File "/var/lib/mailman/Mailman/Handlers/CookHeaders.py", line 239, in process i18ndesc = uheader(mlist, mlist.description, 'List-Id', maxlinelen=998) File "/var/lib/mailman/Mailman/Handlers/CookHeaders.py", line 65, in uheader return Header(s, charset, maxlinelen, header_name, continuation_ws) File "/usr/lib/python2.7/email/header.py", line 183, in __init__ self.append(s, charset, errors) File "/usr/lib/python2.7/email/header.py", line 267, in append ustr = unicode(s, incodec, errors) UnicodeDecodeError: 'utf8' codec can't decode byte 0xe9 in position 18: invalid continuation byte May 17 15:32:20 2015 (981) SHUNTING: 1431869540.389822+156779307d54473d0eb732994bb67eee95733285 A solution for this specific case is to have Mailman/Handlers/CookHeaders.py pass the erorrs='replace' parameter. I would say that this is actually a bug in python-email, since I think it doesn't make sense to set errors to "strict" rather than something like "replace" when the intention is to parse stuff so free-formed, under-specd and user-controlled as email. Nonetheless, Mailman already sets errors='replace' in some places so it might aswell add it here. ** Affects: mailman Importance: Undecided Status: New -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1462755 Title: qrunner crashes on invalid unicode sequence To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1462755/+subscriptions

6 12

[Bug 965532] [NEW] Need a script to upgrade from MM2 to MM3
by Barry Warsaw 14 Dec '21

14 Dec '21

Public bug reported: We need a script, documentation, or other procedure to help people migrate from Mailman 2 to Mailman 3. ** Affects: mailman Importance: Undecided Status: New ** Tags: mailman3 -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/965532 Title: Need a script to upgrade from MM2 to MM3 To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/965532/+subscriptions

8 21

[Bug 1952755] [NEW] Permissions checks should be case-insensitive against login email
by Loïc Gomez 03 Dec '21

03 Dec '21

Public bug reported: Hi, One of our users complained being rejected with 403 Unauthorized when moderating a list he's an owner of. We're using Ubuntu SSO for login purposes, and we noticed they had an uppercase letter in their email in both account_emailaddress and auth_user tables. We asked them to add the lowercase version of their email and remove the other one, but mailman complained email address is already attached to their account. We then did some db surgery, updating their email to the lowercase version in both tables, and it resolved their issue. Authentication should probably do a case-insensitive check of login email against auth database. We're using mailman version: 3.1.1-9 Ubuntu package On a sidenote: email address was in both account_emailaddress and auth_user, auth_user could also be updated, so it uses account_emailaddress.id instead of having duplicate data. Could you please let us know if there are other occurrences of email in the schema, and if we should replicate our manual changes in some other tables for our user ? Thank you! Loïc ** Affects: mailman Importance: Undecided Status: New -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1952755 Title: Permissions checks should be case-insensitive against login email To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1952755/+subscriptions

2 2

[Bug 1951769] [NEW] NotAMemberError Exception in user options page
by Mark Sapiro 30 Nov '21

30 Nov '21

Public bug reported: If a user logs in to the options page and unsubscribes or is unsubscribed and then submits the options form again, perhaps by going back to the page in the browser, The CSRF check raises NotAMemberError and the user gets a We hit a bug page. This is related to https://bugs.launchpad.net/mailman/+bug/1523273 but occurs for a different reason. ** Affects: mailman Importance: Low Status: In Progress -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1951769 Title: NotAMemberError Exception in user options page To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1951769/+subscriptions

3 7

[Bug 1952384] [NEW] A CSRF vulnerability could allow a list moderator or list member to access the admin UI
by Mark Sapiro 30 Nov '21

30 Nov '21

*** This bug is a security vulnerability *** Private security bug reported: A list moderator or list member can potentially carry out a CSRF attach by getting a list admin to visit a crafted web page ** Affects: mailman Importance: Medium Assignee: Mark Sapiro (msapiro) Status: In Progress ** Patch added: "Patch to fix this issue." https://bugs.launchpad.net/bugs/1952384/+attachment/5543451/+files/patch.txt -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1952384 Title: A CSRF vulnerability could allow a list moderator or list member to access the admin UI To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1952384/+subscriptions

2 4

[Bug 1949403] [NEW] A vulnerability could allow a list moderator to discover the admin password.
by Mark Sapiro 13 Nov '21

13 Nov '21

*** This bug is a security vulnerability *** Private security bug reported: The CSRF token for the admindb page contains an encrypted version of the list admin password which could potentially be cracked by a moderator via an off-line brute force attack. ** Affects: mailman Importance: Undecided Assignee: Mark Sapiro (msapiro) Status: In Progress -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1949403 Title: A vulnerability could allow a list moderator to discover the admin password. To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1949403/+subscriptions

2 5

[Bug 1950833] [NEW] TypeError in nandling moderator requests.
by Mark Sapiro 12 Nov '21

12 Nov '21

Public bug reported: The fix for https://bugs.launchpad.net/mailman/+bug/1949403 can cause this issue in the admindb interface if a list has no moderator password Traceback (most recent call last): File "/mailman/mailman-${domainslug}/scripts/driver", line 117, in run_main main() File "/mailman/mailman-${domainslug}/Mailman/Cgi/admindb.py", line 342, in main print doc.Format() File "/mailman/mailman-${domainslug}/Mailman/htmlformat.py", line 352, in Format output.append(Container.Format(self, indent)) File "/mailman/mailman-${domainslug}/Mailman/htmlformat.py", line 267, in Format output.append(HTMLFormatObject(item, indent)) File "/mailman/mailman-${domainslug}/Mailman/htmlformat.py", line 53, in HTMLFormatObject return item.Format(indent) File "/mailman/mailman-${domainslug}/Mailman/htmlformat.py", line 445, in Format % csrf_token(self.mlist, self.contexts, self.user) File "/mailman/mailman-${domainslug}/Mailman/CSRFcheck.py", line 53, in csrf_token mac = sha_new(secret + `issued`).hexdigest() TypeError: unsupported operand type(s) for +: 'NoneType' and 'str' ** Affects: mailman Importance: Critical Assignee: Mark Sapiro (msapiro) Status: In Progress -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1950833 Title: TypeError in nandling moderator requests. To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1950833/+subscriptions

2 3

[Bug 1949401] [NEW] Potential XSS attack via the user options page.
by Mark Sapiro 12 Nov '21

12 Nov '21

*** This bug is a security vulnerability *** Private security bug reported: A crafted URL to the user options page can execute arbitrary javascript. ** Affects: mailman Importance: Medium Assignee: Mark Sapiro (msapiro) Status: In Progress -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1949401 Title: Potential XSS attack via the user options page. To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1949401/+subscriptions

2 4