Mailman-coders

mailman-coders@python.org

4831 discussions

[Bug 1922843] [NEW] bounce action notice message never use the translation for 'disabled'

by Yasuhito FUTATSUKI at POEM

Public bug reported: In Bouncer.Bouncer.__sendAdminBounceNotice(), default value of "did" argment is evaluated only once on method definition and not evaluated at runtime. This causes that the translation of 'disabled' is never used other than default one. A fix will be like a patch below (but not checked). --- a/Mailman/Bouncer.py +++ b/Mailman/Bouncer.py @@ -226,12 +226,14 @@ class Bouncer: if self.bounce_notify_owner_on_disable: self.__sendAdminBounceNotice(member, msg) - def __sendAdminBounceNotice(self, member, msg, did=_('disabled')): + def __sendAdminBounceNotice(self, member, msg, did=None): # BAW: This is a bit kludgey, but we're not providing as much # information in the new admin bounce notices as we used to (some of # it was of dubious value). However, we'll provide empty, strange, or # meaningless strings for the unused %()s fields so that the language # translators don't have to provide new templates. + if did = None: + did = _('disabled') siteowner = Utils.get_site_email(self.host_name) text = Utils.maketext( 'bounce.txt', ** Affects: mailman Importance: Undecided Status: New ** Branch linked: lp:mailman/2.1 -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1922843 Title: bounce action notice message never use the translation for 'disabled' To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1922843/+subscriptions

1 month

[Bug 1921682] [NEW] Japanese language prevents user from unsubscribing

by Tomas Korbar

Public bug reported: Hi, When mailing list is configured with: preferred_language = 'ja' available_languages = ['en', 'ja'] send_goodbye_msg = 0 And mailman receives confirmation email for unsubscription with multipart message encoded in different encoding than euc-jp, then mailmans command runner crashes with traceback: Feb 10 18:08:00 2021 (1270) Uncaught runner exception: 'euc_jp' codec can't decode bytes in position 280-281: illegal multibyte sequence Feb 10 18:08:00 2021 (1270) Traceback (most recent call last): File "/usr/lib/mailman/Mailman/Queue/Runner.py", line 119, in _oneloop self._onefile(msg, msgdata) File "/usr/lib/mailman/Mailman/Queue/Runner.py", line 190, in _onefile keepqueued = self._dispose(mlist, msg, msgdata) File "/usr/lib/mailman/Mailman/Queue/CommandRunner.py", line 291, in _dispose res.send_response() File "/usr/lib/mailman/Mailman/Queue/CommandRunner.py", line 208, in send_response results = MIMEText(NL.join(encoded_resp), _charset=charset) File "/usr/lib64/python2.7/email/mime/text.py", line 30, in __init__ self.set_payload(_text, _charset) File "/usr/lib64/python2.7/email/message.py", line 226, in set_payload self.set_charset(charset) File "/usr/lib64/python2.7/email/message.py", line 264, in set_charset self._payload = charset.body_encode(self._payload) File "/usr/lib64/python2.7/email/charset.py", line 390, in body_encode s = self.convert(s) File "/usr/lib64/python2.7/email/charset.py", line 273, in convert return unicode(s, self.input_codec).encode(self.output_codec) UnicodeDecodeError: 'euc_jp' codec can't decode bytes in position 280-281: illegal multibyte sequence Here is an example of a mail which triggers this: Date: Wed, 11 Nov 2020 14:13:16 +0900 Subject: Re: ###CONFIRM### From: <testuser2@###SERVER###> To: userlist-request(a)###SERVER###.com MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="000000000000663b1c05b3cdda78" --000000000000663b1c05b3cdda78 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: base64 44GT44KT44Gr44Gh44Gv5LiW55WM --000000000000663b1c05b3cdda78 Also its maybe worth pointing out that setting RESPONSE_INCLUDE_LEVEL to <=1 mitigates this. I've managed to fix this issue by decoding the message part with its original charset and then encoding it to preferred encoding of mailing list. I'm attaching my patch. Could you please consider merging it? Thanks for any help you can provide. ** Affects: mailman Importance: Undecided Status: New ** Attachment added: "mailman-cmd-replies.patch" https://bugs.launchpad.net/bugs/1921682/+attachment/5481811/+files/mailman-… -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1921682 Title: Japanese language prevents user from unsubscribing To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1921682/+subscriptions

1 month, 1 week

Re: [Question #695864]: Change moderator or admin password (random) different for each list they were an admin or moderator for

by Mark Sapiro

Question #695864 on mailman in Ubuntu changed: https://answers.launchpad.net/ubuntu/+source/mailman/+question/695864 Status: Open => Answered Mark Sapiro proposed the following answer: Please keep this discussion on the mailman-users(a)python.org list where it belongs. If you still have a question after reading the reply at https://mail.python.org/archives/list/mailman- users(a)python.org/message/4LHQOFAE4GM264SYQSUSHJQXHZFPOZZZ/ post your question in that thread. -- You received this question notification because your team Mailman Coders is an answer contact for mailman in Ubuntu.

2 months

Re: [Question #695864]: Change moderator or admin password (random) different for each list they were an admin or moderator for

by Daniel Botting

Question #695864 on mailman in Ubuntu changed: https://answers.launchpad.net/ubuntu/+source/mailman/+question/695864 Status: Answered => Open Daniel Botting is still having a problem: Hi Manfred, Thank you for your quick response the other day, appreciated. I posted the same question as well on the mailman lists and they also assisting me. Thanks Daniel On 04/03/2021 16:11, Manfred Hampl wrote: > Your question #695864 on mailman in Ubuntu changed: > https://answers.launchpad.net/ubuntu/+source/mailman/+question/695864 > > Status: Open => Answered > > Manfred Hampl proposed the following answer: > What the script above does is: create a single password, and then start > the command to go through all lists with this one password. > > If you want to have a different password for each list, then you have to > do the password generation inside the script, either by calling some > "random" or "secrets" functions or by opening a shell (e.g. with > subprocess.run) for the "pwgen -sB 15 1" command from inside python. > -- Daniel Botting Systems Administrator Codethink Ltd. 3rd Floor Dale House, 35 Dale Street, Manchester, M1 2HF United Kingdom http://www.codethink.co.uk/ We respect your privacy. See https://www.codethink.co.uk/privacy.html You received this question notification because your team Mailman Coders is an answer contact for mailman in Ubuntu.

2 months

[Bug 1917968] [NEW] A text/plain message body is scrubbed with a .ksh extension

by Mark Sapiro

Public bug reported: If a simple text/plain message has a Content-Disposition: header and does not have a Content-Type: header with a charset parameter, the body will be scrubbed to a file with a .ksh extension. It is only text/plain attachments that should be scrubbed in this way and they should be given a .txt extension. ** Affects: mailman Importance: Low Assignee: Mark Sapiro (msapiro) Status: Fix Committed -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1917968 Title: A text/plain message body is scrubbed with a .ksh extension To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1917968/+subscriptions

2 months

Re: [Question #695864]: Change moderator or admin password (random) different for each list they were an admin or moderator for

by Manfred Hampl

Question #695864 on mailman in Ubuntu changed: https://answers.launchpad.net/ubuntu/+source/mailman/+question/695864 Status: Open => Answered Manfred Hampl proposed the following answer: What the script above does is: create a single password, and then start the command to go through all lists with this one password. If you want to have a different password for each list, then you have to do the password generation inside the script, either by calling some "random" or "secrets" functions or by opening a shell (e.g. with subprocess.run) for the "pwgen -sB 15 1" command from inside python. -- You received this question notification because your team Mailman Coders is an answer contact for mailman in Ubuntu.

2 months, 1 week

[Question #695864]: Change moderator or admin password (random) different for each list they were an admin or moderator for

by Daniel Botting

New question #695864 on mailman in Ubuntu: https://answers.launchpad.net/ubuntu/+source/mailman/+question/695864 Hi, I have been using the withlist command to delete a given administrator or moderator from all mailman 2.1 lists. I also require to change the moderator or admin password for all lists that they have been removed from, but have it so that it is a different randomly generated password for each list they are removed from and then have this emailed to the other moderators or admins who are then left or a default address if none are left (I have managed so far that it is changed to the same password for each list they have been removed from). I am currently at the beginning of my Python learning so this is why I'm asking for help. My script and usage so far can be found below: Usage: withlist --all --run script_name.change_administrator_password firstname.lastname(a)domain.co.uk `pwgen -sB 15 1` The script is saved at: /usr/sbin/ Function defined in the script: import sha def change_administrator_password(mlist, owner, newpasswd): mlist.Lock() try: if mlist.owner[mlist.owner.index(owner)]: mlist.password = sha.new(newpasswd).hexdigest() print (newpasswd) except: print("password not changed for", (mlist.real_name, owner)) mlist.Save() mlist.Unlock() This will go through all lists and change the administrator password to a randomly generated one, but as advised above it will set the same password (not what I want) I've put a print in for debugging so I can see what it was. Thanks Daniel -- You received this question notification because your team Mailman Coders is an answer contact for mailman in Ubuntu.

2 months, 1 week

[Bug 1915655] [NEW] DMARC Wrap Message doesn't include Subject: in the wrapper.

by Mark Sapiro

Public bug reported: If the list has no subject_prefix, DMARC Wrap Message will not include the Subject: in the wrapped message. ** Affects: mailman Importance: High Assignee: Mark Sapiro (msapiro) Status: In Progress -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1915655 Title: DMARC Wrap Message doesn't include Subject: in the wrapper. To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1915655/+subscriptions

2 months, 3 weeks

[Bug 1913241] [NEW] A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site.

by Abderrahmane Sahnoun

*** This bug is a security vulnerability *** Private security bug reported: A URL with a very long text listname such as https://homewalkers.net/mailman/roster/This_is_a_long_string_with_some_phis… will echo the text in the "No such list" error response. This can be used to make a potential victim think the phishing text comes from a trusted site. This issue was discovered by Abderrahmane Sahnoun <x.virusdz0(a)gmail.com>. same as CVE-2018-13796 ** Affects: mailman Importance: Undecided Assignee: Abderrahmane Sahnoun (xvirusdz) Status: New ** Changed in: mailman Assignee: (unassigned) => Abderrahmane Sahnoun (xvirusdz) ** Description changed: hi team, im Abderrahmane Sahnoun Algerian Security Researcher when i was exploring your website i have found a bug witch done the possibility to A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site in GNU Mailman 2.1.33. it's the same like CVE-2018-13796 here a example of it: - https://homewalkers.net/mailman/roster/wassim + https://homewalkers.net/mailman/roster/type_any_thing_here I await your reply at the earliest time Sincerely; ** Description changed: - hi team, - im Abderrahmane Sahnoun Algerian Security Researcher when i was exploring your website i have found a bug witch done the possibility to A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site in GNU Mailman 2.1.33. - it's the same like CVE-2018-13796 - here a example of it: - https://homewalkers.net/mailman/roster/type_any_thing_here - I await your reply at the earliest time - Sincerely; + A URL with a very long text listname such as + https://homewalkers.net/mailman/roster/This_is_a_long_string_with_some_phis… + will echo the text in the "No such list" error response. This can be used to make a potential victim think the phishing text comes from a trusted site. + + This issue was discovered by Abderrahmane Sahnoun + <x.virusdz0(a)gmail.com>. ** Changed in: mailman Assignee: Abderrahmane Sahnoun (xvirusdz) => (unassigned) ** Description changed: A URL with a very long text listname such as https://homewalkers.net/mailman/roster/This_is_a_long_string_with_some_phis… will echo the text in the "No such list" error response. This can be used to make a potential victim think the phishing text comes from a trusted site. - This issue was discovered by Abderrahmane Sahnoun - <x.virusdz0(a)gmail.com>. + This issue was discovered by Abderrahmane Sahnoun <x.virusdz0(a)gmail.com>. + same as CVE-2018-13796 ** Changed in: mailman Assignee: (unassigned) => Abderrahmane Sahnoun (xvirusdz) -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1913241 Title: A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site. To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1913241/+subscriptions

3 months, 2 weeks

[Bug 1905962] [NEW] local-part of VERP sender may exceed 64 octet

by Yasuhito FUTATSUKI at POEM

Public bug reported: If the recipient mail address is too long, local part of VERP sender may exceed 64 octet, the maximum total length of local-part provided by RFC 5321. I think it should be checked in Mailman/Hander/SMTPDirect.py and fall back to original envsender. e.g. (not tested yet) --- Mailman/Handlers/SMTPDirect.py.org 2018-06-27 17:19:15.000000000 +0900 +++ Mailman/Handlers/SMTPDirect.py 2020-11-27 22:06:44.047857879 +0900 @@ -338,7 +338,14 @@ def verpdeliver(mlist, msg, msgdata, env 'mailbox': rmailbox, 'host' : DOT.join(rdomain), } - envsender = '%s@%s' % ((mm_cfg.VERP_FORMAT % d), DOT.join(bdomain)) + envlocal = (mm_cfg.VERP_FORMAT % d) + if len(envlocal) > 64: + syslog('smtp', + 'local part of VERP address exceeds 64 octet.' + 'fall back to original envsender: %s', + envlocal) + else: + envsender = '%s@%s' % (envlocal, DOT.join(bdomain)) if mlist.personalize == 2: # When fully personalizing, we want the To address to point to the # recipient, not to the mailing list ** Affects: mailman Importance: Undecided Status: New ** Branch linked: lp:mailman/2.1 -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1905962 Title: local-part of VERP sender may exceed 64 octet To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1905962/+subscriptions

5 months, 1 week

Jump to page:

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

Mailman-coders