? This very message came to me with the following header:
Errors-To: mailman-developers-admin(a)python.org
All my bounces come to the list admin address, set in
the admin webpage, in the second field of General Options.
Do you have that set to something, and bounces still come to root?
> 2. Bounces are sent to the poor postmaster instead of a -admin address.
> I'm not entirely certain, but I think an Errors-To: header or something
> like that in all Mailman messages might allow one to distribute that load
> somewhat.
This the official announcement for Mailman 2.1 alpha 2. Because it's
an alpha, this announcement is only going out to the mailman-* mailing
lists. I'll make two warnings: you probably should still not use this
version for production systems (but TIA for any and all testing you do
with it!), and I've already had a couple of bug fixes from early
adopters. 2.1a2 should still be useful, but you might want to keep an
eye on cvs and the mailman-checkins list for updates.
I am only making the tarball available on SourceForge, so you'll need
to go to http://sf.net/projects/mailman to grab it. You'll also need
to upgrade to mimelib-0.4, so be sure to go to
http://sf.net/projects/mimelib to grab and install that tarball first.
To view the on-line documentation, see
http://www.list.org/MM21/index.html
or
http://mailman.sf.net/MM21/index.html
Below is an excerpt from the NEWS file for all the changes since
2.1alpha1. There are a bunch of new features coming down the pike,
and I hope to have an alpha3 out soon. I'm also planning on doing
much more stress testing of this version with real list traffic, and
I'm hoping we'll start to get more languages integrated into cvs.
Enjoy,
-Barry
-------------------- snip snip --------------------
2.1 alpha 2 (11-Jul-2001)
- Building
o mimelib 0.4 is now required. Get it from
http://mimelib.sf.net. If you've installed an earlier
version of mimelib, you must upgrade.
o /usr/local/mailman is now the default installation
directory. Use configure's --prefix switch to change it
back to the default (/home/mailman) or any other
installation directory of your choice.
- Security
o Better definition of authentication domains. The following
roles have been defined: user, list-admin, list-moderator,
creator, site-admin.
o There is now a separate role of "list moderator", which has
access to the pending requests (admindb) page, but not the
list configuration pages.
o Subscription confirmations can now be performed via email or
via URL. When a subscription is received, a unique (sha)
confirm URL is generated in the confirmation message.
Simply visiting this URL completes the subscription process.
o In a similar manner, removal requests (via web or email
command) no longer require the password. If the correct
password is given, the removal is performed immediately. If
no password is given, then a confirmation message is
generated.
- Internationalization
o More I18N patches. The basic infrastructure should now be
working correctly. Spanish templates and catalogs are
included, and English, French, Hungarian, and Big5 templates
are included.
o Cascading specializations and internationalization of
templates. Templates are now search for in the following
order: list-specific location, domain-specific location,
site-wide location, global defaults. Each search location
is further qualified by the language being displayed. This
means that you only need to change the templates that are
different from the global defaults.
Templates renamed: admlogin.txt => admlogin.html
Templates added: private.html
- Web UI
o Redesigned the user options page. It now sits behind an
authentication so user options cannot be viewed without the
proper password. The other advantage is that the user's
password need not be entered on the options page to
unsubscribe or change option values. The login screen also
provides for password mail-back, and unsubscription w/
confirmation.
Other new features accessible from the user options page
include: ability to change email address (with confirmation)
both per-list and globally for all list on virtual domain;
global membership password changing; global mail delivery
disable/enable; ability to suppress password reminders both
per-list and globally; logout button.
[Note: the handle_opts cgi has gone away]
o Color schemes for non-template based web pages can be defined
via mm_cfg.
o Redesign of the membership management page. The page is now
split into three subcategories (Membership List, Mass
Subscription, and Mass Removal). The Membership List
subcategory now supports searching for member addresses by
regular expression, and if necessary, it groups member
addresses first alphabetically, and then by chunks.
Mass Subscription and Mass Removal now support file upload,
with one address per line.
o Hyperlinks from the logos in the footers have been removed.
The sponsors got too much "unsubscribe me!" spam from
desperate user of Mailman at other sites.
o New buttons on the digest admin page to send a digest
immediately (if it's non-empty), to start a new digest
volume with the next digest, and to select the interval with
which to automatically start a new digest volume (yearly,
monthly, quarterly, weekly, daily).
DEFAULT_DIGEST_VOLUME_FREQUENCY is a new configuration
variable, initially set to give a new digest volume monthly.
o Through-the-web list creation and removal, using a separate
site-wide authentication role called the "list creator and
destroyer" or simply "list creator". If the configuration
variable OWNERS_CAN_DELETE_THEIR_OWN_LISTS is set to 1 (by
default, it's 0), then list admins can delete their own
lists.
This feature requires an adaptor for the particular MTA
you're using. An adaptor for Postfix is included, as is a
dumb adaptor that just emails mailman@yoursite with the
necessary Sendmail style /etc/alias file changes. Some MTAs
like Exim can be configured to automatically recognize new
lists. The adaptor is selected via the MTA option in
mm_cfg.py
- Email UI
o In email commands, "join" is a synonym for
"subscribe". "remove" and "leave" are synonyms for
"unsubscribe". New robot addresses are support to make
subscribing and unsubscribing much easier:
mylist-join@mysite
mylist-leave@mysite
o Confirmation messages have a shortened Subject: header,
containing just the word "confirm" and the confirmation
cookie. This should help for MUAs that like to wrap long
Subject: lines, messing up confirmation.
o Mailman now recognizes an Urgent: header, which, if it
contains the list moderator or list administrator password,
forces the message to be delivered immediately to all
members (i.e. both regular and digest members). The message
is also placed in the digest. If the password is incorrect,
the message will be bounced back to the sender.
- Performance
o Refinements to the new qrunner subsystem which preserves
FIFO order of messages.
o The qrunner is no longer started from cron. It is started
by a Un*x init-style script called bin/mailmanctl (see
below). cron/qrunner has been removed.
- Command line scripts
o bin/mailmanctl script added, which is used to start, stop,
and restart the qrunner daemon.
o bin/qrunner script added which allows a single sub-qrunner
to run once through its processing loop.
o bin/change_pw script added (eases mass changing of list
passwords).
o bin/update grows a -f switch to force an update.
o bin/newlang renamed to bin/addlang; bin/rmlang removed.
o bin/mmsitepass has grown a -c option to set the list
creator's password. The site-wide `create' web page is
linked to from the admin overview page.
o bin/newlist's -o option is removed. This script also grows
a way of spelling the creation of a list in a specific
virtual domain.
o The `auto' script has been removed.
o bin/dumpdb has grown -m/--marshal and -p/--pickle options.
o bin/list_admins can be used to print the owners of a mailing list.
o bin/genaliases regenerates from scratch the aliases and
aliases.db file for the Postfix MTA.
- Archiver
o New archiver date clobbering option, which allows dates to
only be clobber if they are outrageously out-of-date
(default setting is 15 days on either side of received
timestamp). New configuration variables:
ARCHIVER_CLOBBER_DATE_POLICY
ARCHIVER_ALLOWABLE_SANE_DATE_SKEW
The archived copy of messages grows an X-List-Received-Date:
header indicating the time the message was received by
Mailman.
o PRIVATE_ARCHIVE_URL configuration variable is removed (this
can be calculated on the fly, and removing it actually makes
site configuration easier).
- Miscellaneous
o Several new README's have been added.
o Most syslog entries for the qrunner have been redirected to
logs/error.
o On SIGHUP, qrunner will re-open all its log files and
restart all child processes. See "bin/mailmanctl restart".
- Patches and bug fixes
o SF patches and bug fixes applied: 420396, 424389, 227694,
426002, 401372 (partial), 401452.
o Fixes in 2.0.5 ported forward:
Fix a lock stagnation problem that can result when the
user hits the `stop' button on their browser during a
write operation that can take a long time (e.g. hitting
the membership management admin page).
o Fixes in 2.0.4 ported forward:
Python 2.1 compatibility release. There were a few
questionable constructs and uses of deprecated modules
that caused annoying warnings when used with Python 2.1.
This release quiets those warnings.
o Fixes in 2.0.3 ported forward:
Bug fix release. There was a small typo in 2.0.2 in
ListAdmin.py for approving an already subscribed member
(thanks Thomas!). Also, an update to the OpenWall
security workaround (contrib/securelinux_fix.py) was
included. Thanks to Marc Merlin.
I've gotten several bug reports on SF for people who can't get to the admin
pages
The only error apache gives me is:
[Thu Jul 12 15:47:17 2001] [error] [client 171.71.41.31] Premature end of
script headers: /var/local/mailman/cgi-bin/admin
I never had the problem myself and it seems to come and go
Is there any debugging I can in mailman to at least give me some error in my
apache error log? (or do you think it's an apache problem?)
Attached is one of the tickets I've gotten
Thanks,
Marc
----- Forwarded message from noreply(a)sourceforge.net -----
To: noreply(a)sourceforge.net
From: noreply(a)sourceforge.net
Subject: [ alexandria-Support Requests-438992 ] Administration interface to mail lists
Date: Thu, 26 Jul 2001 02:43:44 -0700
Support Requests item #438992, was opened at 2001-07-06 00:49
You can respond by visiting:
http://sourceforge.net/tracker/?func=detail&atid=200001&aid=438992&group_id…
Category: Mailing Lists
Group: Second Level Support
>Status: Open
Priority: 9
Submitted By: Richard Leyton (rleyton)
Assigned to: Marc Merlin (marcmerlin)
Summary: Administration interface to mail lists
Initial Comment:
A post to a mailing list needs admin attention (it's a
moderated list). The URL:
http://lists.sourceforge.net/lists/admindb/leap-announce
results in:
Internal Server Error
The server encountered an internal error or
misconfiguration and was unable to complete your request.
Please contact the server administrator,
staff(a)sourceforge.net and inform them of the time the
error occurred, and anything you might have done that
may have caused the error.
More information about this error may be available in
the server error log.
Could you look into it.
----------------------------------------------------------------------
>Comment By: Richard Leyton (rleyton)
Date: 2001-07-26 02:43
Message:
Logged In: YES
user_id=7704
In a nutshell, this ceased to be a problem the next day, i'd
forgotten about this ticket until the status changed.
I had given a detailed response to your queries, but mozilla
crashed on me before i clicked on the submit, and i was in a
hurry, so i didn't get around to reposting it.
in a nutshell:
- all browsers tried (opera, netscape & mozilla)
- had a URL via e-mail to attend to pending admin requests.
- yes it gave the same error with netscape
- it was the message received on going to the URL contained
in the e-mail.
----------------------------------------------------------------------
Comment By: Marc Merlin (marcmerlin)
Date: 2001-07-25 11:14
Message:
Logged In: YES
user_id=6500
We need the information if you want us to help you
----------------------------------------------------------------------
Comment By: Marc Merlin (marcmerlin)
Date: 2001-07-17 08:38
Message:
Logged In: YES
user_id=6500
What browser? Does it fail repeatetly from different places?
Does it fail with plain netscape?
Does it fail when you access the page, or when you post back
a form?
----------------------------------------------------------------------
You can respond by visiting:
http://sourceforge.net/tracker/?func=detail&atid=200001&aid=438992&group_id…
----- End forwarded message -----
--
Microsoft is to operating systems & security ....
.... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/ | Finger marc_f(a)merlins.org for PGP key
[Note: I'm moving this discussion to malman-developers. -baw]
>>>>> "JAA" == Jose A Accino <jaccino(a)ieev.uma.es> writes:
JAA> Is there any clean way to make a smooth upgrade from 2.0b5 to
JAA> lates 2.1a2? (I'm making that just to check the upgrade
JAA> process, using a spare machine and a copy of the actual
JAA> lists).
JAA> Making a 2.1a2 fresh installation (without lists) runs fine.
JAA> However, I've been unable to upgrade the old lists. Here are
JAA> the main points:
There's two ways to upgrade, neither of which has gotten a lot of
testing. Based on you're message I tried the first way, and I'm about
to check in a bunch of patches to make that go smoother. I'll try the
second way soon.
1) Install a fresh virgin MM2.1 in /usr/local/mailman and then move
lists from /home/mailman (MM2.0.x) to /usr/local/mailman. This way
lets you migrate lists one at a time, gaining confidence in the new
system in measured increments. I will probably upgrade
{python,zope}.org this way.
2) Install MM2.1 overtop an existing MM2.0.x installation and have
everything just magically work. I'll probably upgrade wooz.org's
production lists this way.
Both ought to work, and ought to be easy. After the checkins, here's
a recipe that makes #1 easy:
- Do a fresh install of MM2.1 in /usr/local/mailman according to the
instructions.
- Copy or move `mylist' by first moving /home/mailman/lists/mylist
to /usr/local/mailman/lists/mylist and
/home/mailman/archives/private/mylist.mbox to
/usr/local/mailman/archives/private
BTW, I used rsync for this, just cause it's a cool tool and I can
actually remember how to invoke it with the right options. :)
That's it. Everything else should just work, except for possibly two
minor complications.
- If your web server is going to support both installations, it's
possible you'll have two different base urls, one for your MM2.0.x
installation and one for your MM2.1 installation. If so, you'll
need to manually change each moved list's web_page_url attribute.
Fortunately, I'm about to add a script called `fix_url' which will
reset a list's web_page_url to mm_cfg.DEFAULT_URL. So if you
configure mm_cfg.py correctly, then run fix_url, you should be
golden. I.e.
% bin/withlist -l -r fix_url mylist
- Same dealie with your MTA, i.e. your wrapper aliases may point to
two different directories. Here, because I use Postfix and glued
them together as described in README.POSTFIX, all I needed to do was
run bin/genaliases and the new list aliases got installed.
I'm sure that if you use Exim and glued them together as per
README.EXIM, you probably don't need to do anything. (I'm still
waiting on contributions for better gluing instructions for
Sendmail, qmail, and any others.)
-Barry
Bug: in Mailman/Handlers/ToUsenet.py, there are spaces inserted after
colons where they are missing ("NNTP is strict about spaces after the
colon in headers").
If a colon appears in a continuation line, it is treated as a header
colon.
Fix: skip lines that start with whitespace.
For those interested, the history of the finding of the bug:
Problem: my signed emails appeared on Usenet garbled. The multipart
boundary had an extra space inserted (which of course the actual
boundaries hadn't).
After some exchange with Martin Armstrong (who made me aware of this)
we concluded it had to be the mail->news gateway (as my direct mail to
him, also signed, wasn't garbled).
I then investigated ToUsenet.py, and found the error.
Why this hasn't hit a lot more often is simple: most MUA seem to use
some random gibberish as the boundary string. SEMI doesn't...
Of course, if this is fixed in 2.1, you can ignore this (assuming that
it comes out soonish ;-)
Bye, J
--
Jürgen A. Erhard (juergen.erhard(a)gmx.net, jae(a)users.sourceforge.net)
MARS: http://members.tripod.com/Juergen_Erhard/mars_index.html
Life's Better Without Braces (http://www.python.org)
I wish I had more energy -- or less ambition.
I dont know if this was by design or not, but I went to my (not externally
accessible) test system at http://www.testdomain.com/mailman/create and
created a list "justatest" and got the message tacked on the bottom of this
message.
Things that "JustDontLookRight" to me include:
- picked up the server's name, rather than the domain name of the host it
was triggered under.
Could it not be set up to take the virtual host underwhich it was triggered
(ie, testdomain.com), and use that as the prefered name of the list? The
next page that comes up is listed as being under that virtual host -- but
all the links point back to the machine's name.
- Required me to use the sitepassword to create a new list...
How can I give that priveledge to someone else (like a virtual host
admin)... I've not found any documentation anywhere that describes how to
register a valid user under a domain (such that they can only create lists
under that domain)
- last line in message didnt have proper replacement of "hostname".
Just a buglet - but I dont know enough python to fix it....
- The email that is produced with the /etc/alias additions... is it possible
to define where that goes, say in the mm_cfg.py?
It would be nice to be able to pipe those specific through another email
address that triggers a routine that could actually do the append as root...
-----Original Message-----
From: justatest-admin(a)bubba.localdomain
[mailto:justatest-admin@bubba.localdomain]On Behalf Of
mailman-owner(a)bubba.localdomain
Sent: Saturday, July 28, 2001 10:40 PM
To: -----------------------
Subject: Your new mailing list: justatest
The mailing list `justatest' has just been created for you. The
following is some basic information about your mailing list.
Your mailing list password is:
justatest
You need this password to configure your mailing list. You also need
it to handle administrative requests, such as approving mail if you
choose to run a moderated list.
You can configure your mailing list at the following web page:
http://bubba.localdomain/mailman/admin/justatest
The web page for users of your mailing list is:
http://bubba.localdomain/mailman/listinfo/justatest
You can even customize these web pages from the list configuration
page. However, you do need to know HTML to be able to do this.
There is also an email-based interface for users (not administrators)
of your list; you can get info about using it by sending a message
with just the word `help' as subject or in the body, to:
justatest-request(a)bubba.localdomain
To unsubscribe a user: from the mailing list 'listinfo' web page,
click on or enter the user's email address as if you were that user.
Where that user would put in their password to unsubscribe, put in
your admin password. You can also use your password to change
member's options, including digestification, delivery disabling, etc.
Please address all questions to mailman-owner@%(hostname)s.
Folks,
I've just released Mailman 2.0.6 which fixes a potential security
problem in Mailman 2.0.x, and includes a few other minor bug fixes.
It is possible, although unlikely, that you could have an empty site
password, or an empty list password. Because of peculiarities in the
Unix crypt() function, such empty passwords could allow unauthorized
access to the list administrative pages with an arbitrary password
string. This situation does not occur normally, but it is possible to
create it by accident (e.g. by touch'ing data/adm.pw).
This patch ensures that such empty passwords do not allow unauthorized
access, by first checking to make sure that the salt is at least 2
characters in length. Alternatively, you can make sure that either
data/adm.pw does not exist or that it is not empty. For the extra
paranoid, you'd need to be sure that none of your lists have empty
passwords, but that's an even more difficult situation to create by
accident.
This patch guards against both situations. Please note that Mailman
2.1alpha is not vulnerable to this problem because it does not use
crypt().
A few other minor bugs have been fixed; see the NEWS excerpt below for
details.
As usual, I'm releasing this as both a complete tarball and as a patch
against Mailman 2.0.5. You /must/ update your source to 2.0.5 before
applying the 2.0.6 patch. Since the patch is small, I'm including it
in this message. To apply, cd into your 2.0.5 source tree and apply
it like so:
% patch -p0 < mailman-2.0.5-2.0.6.txt
Then run "config.status; make install".
Currently both http://mailman.sf.net and http://www.list.org are
updated, and I expect the gnu.org site to be updated soon as well.
The release information on SF is at
http://sourceforge.net/project/shownotes.php?release_id=45268
See also
http://www.gnu.org/software/mailmanhttp://www.list.orghttp://mailman.sf.net
My thanks to Dave Helton, Ray Sanders, and Thomas Wouters for their
help with this release.
Enjoy,
-Barry
Index: NEWS
===================================================================
RCS file: /cvsroot/mailman/mailman/NEWS,v
retrieving revision 1.25.2.6
retrieving revision 1.25.2.9
diff -u -r1.25.2.6 -r1.25.2.9
--- NEWS 2001/05/03 21:06:56 1.25.2.6
+++ NEWS 2001/07/25 18:52:27 1.25.2.9
@@ -4,6 +4,34 @@
Here is a history of user visible changes to Mailman.
+2.0.6 (25-Jul-2001)
+
+ Security fix:
+
+ - Fixed a potential security hole which could allow access to list
+ administrative features by unauthorized users. If there is an
+ empty data/adm.pw file (the site password file), then any
+ password will be accepted as the list administrative password.
+ This exploit is caused by a common "bug" in the crypt() function
+ suffered by several Unix distributions, including at least
+ GNU/Linux and Solaris. Given a salt string of length zero,
+ crypt() always returns the empty string.
+
+ In lieu of applying this patch, sites can run bin/mmsitepass and
+ ensure that data/adm.pw is of length 2 or greater.
+
+ Bug fixes:
+
+ - Ensure that even if DEFAULT_URL is misconfigured in mm_cfg.py
+ (i.e. is missing a trailing slash), it is always fixed upon list
+ creation.
+
+ - Check for administrivia holds before any other tests.
+
+ - SF bugs fixed: 407666, 227694
+
+ - Other miscellaneous buglets fixed.
+
2.0.5 (04-May-2001)
Fix a lock stagnation problem that can result when the user hits
Index: Mailman/MailList.py
===================================================================
RCS file: /cvsroot/mailman/mailman/Mailman/MailList.py,v
retrieving revision 1.189
retrieving revision 1.189.2.2
diff -u -r1.189 -r1.189.2.2
--- Mailman/MailList.py 2000/11/16 04:33:27 1.189
+++ Mailman/MailList.py 2001/05/29 14:45:27 1.189.2.2
@@ -1,4 +1,4 @@
-# Copyright (C) 1998,1999,2000 by the Free Software Foundation, Inc.
+# Copyright (C) 1998,1999,2000,2001 by the Free Software Foundation, Inc.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
@@ -712,7 +712,7 @@
" fails, or if the pattern does contain an `@', then the pattern"
" is matched against the entire recipient address. "
" <p>Matching against the local part is deprecated; in a future"
- " release, the patterm will always be matched against the "
+ " release, the pattern will always be matched against the "
" entire recipient address."),
('max_num_recipients', mm_cfg.Number, 5, 0,
@@ -787,6 +787,7 @@
self.InitVars(name, admin, crypted_password)
self._ready = 1
self.InitTemplates()
+ self.CheckValues()
self.Save()
# Touch these files so they have the right dir perms no matter what.
# A "just-in-case" thing. This shouldn't have to be here.
Index: Mailman/SecurityManager.py
===================================================================
RCS file: /cvsroot/mailman/mailman/Mailman/SecurityManager.py,v
retrieving revision 1.31
retrieving revision 1.31.2.1
diff -u -r1.31 -r1.31.2.1
--- Mailman/SecurityManager.py 2000/10/02 20:40:41 1.31
+++ Mailman/SecurityManager.py 2001/07/25 18:07:51 1.31.2.1
@@ -1,4 +1,4 @@
-# Copyright (C) 1998,1999,2000 by the Free Software Foundation, Inc.
+# Copyright (C) 1998,1999,2000,2001 by the Free Software Foundation, Inc.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
@@ -44,8 +44,12 @@
def ValidAdminPassword(self, pw):
if Utils.CheckSiteAdminPassword(pw):
return 1
- return type(pw) == StringType and \
- Crypt.crypt(pw, self.password) == self.password
+ salt = self.password[:2]
+ # crypt() has a bug in that if the salt is the empty string, it will
+ # always return the empty string, regardless of the key. :(
+ if len(salt) < 2:
+ return 0
+ return Crypt.crypt(pw, salt) == self.password
def ConfirmAdminPassword(self, pw):
if not self.ValidAdminPassword(pw):
Index: Mailman/Utils.py
===================================================================
RCS file: /cvsroot/mailman/mailman/Mailman/Utils.py,v
retrieving revision 1.104.2.2
retrieving revision 1.104.2.4
diff -u -r1.104.2.2 -r1.104.2.4
--- Mailman/Utils.py 2001/04/18 04:23:07 1.104.2.2
+++ Mailman/Utils.py 2001/07/25 18:06:46 1.104.2.4
@@ -262,7 +262,7 @@
finally:
os.umask(ou)
if verbose:
- print 'made directory: ', madepart
+ print 'made directory: ', made_part
@@ -405,7 +405,12 @@
f = open(mm_cfg.SITE_PW_FILE)
pw2 = f.read()
f.close()
- return Crypt.crypt(pw1, pw2[:2]) == pw2
+ salt = pw2[:2]
+ # crypt() has a bug in that if the salt is the empty string, it will
+ # always return the empty string, regardless of the key. :(
+ if len(salt) < 2:
+ return 0
+ return Crypt.crypt(pw1, salt) == pw2
# There probably is no site admin password if there was an exception
except IOError:
return 0
Index: Mailman/Version.py
===================================================================
RCS file: /cvsroot/mailman/mailman/Mailman/Version.py,v
retrieving revision 1.20.2.5
retrieving revision 1.20.2.6
diff -u -r1.20.2.5 -r1.20.2.6
--- Mailman/Version.py 2001/05/03 20:58:19 1.20.2.5
+++ Mailman/Version.py 2001/07/25 18:05:30 1.20.2.6
@@ -15,7 +15,7 @@
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
# Mailman version
-VERSION = "2.0.5"
+VERSION = "2.0.6"
# And as a hex number in the manner of PY_VERSION_HEX
ALPHA = 0xa
@@ -27,7 +27,7 @@
MAJOR_REV = 2
MINOR_REV = 0
-MICRO_REV = 5
+MICRO_REV = 6
REL_LEVEL = FINAL
# at most 15 beta releases!
REL_SERIAL = 0
Index: Mailman/versions.py
===================================================================
RCS file: /cvsroot/mailman/mailman/Mailman/versions.py,v
retrieving revision 1.27
retrieving revision 1.27.2.1
diff -u -r1.27 -r1.27.2.1
--- Mailman/versions.py 2000/06/14 05:09:58 1.27
+++ Mailman/versions.py 2001/07/10 14:58:56 1.27.2.1
@@ -142,7 +142,7 @@
# set admin_notify_mchanges
#
if not hasattr(l, "admin_notify_mchanges"):
- setatrr(l, "admin_notify_mchanges",
+ setattr(l, "admin_notify_mchanges",
mm_cfg.DEFAULT_ADMIN_NOTIFY_MCHANGES)
#
# Convert the members and digest_members addresses so that the keys of
Index: Mailman/Archiver/pipermail.py
===================================================================
RCS file: /cvsroot/mailman/mailman/Mailman/Archiver/pipermail.py,v
retrieving revision 1.15
retrieving revision 1.15.2.2
diff -u -r1.15 -r1.15.2.2
--- Mailman/Archiver/pipermail.py 2000/10/20 06:18:11 1.15
+++ Mailman/Archiver/pipermail.py 2001/06/01 22:30:16 1.15.2.2
@@ -62,7 +62,7 @@
# Abstract class for databases
-class DatabaseInterface:
+class DatabaseInterface:
def __init__(self): pass
def close(self): pass
def getArticle(self, archive, msgid): pass
@@ -162,13 +162,15 @@
id = strip_separators(message.getheader('Message-Id'))
if id == "":
self.msgid = str(self.sequence)
- else: self.msgid = id
+ else:
+ self.msgid = id
if message.has_key('Subject'):
self.subject = str(message['Subject'])
else:
+ self.subject = 'No subject'
+ if self.subject == "":
self.subject = 'No subject'
- if self.subject == "": self.subject = 'No subject'
self._set_date(message)
@@ -180,7 +182,8 @@
self.email = strip_separators(self.email)
self.author = strip_separators(self.author)
- if self.author == "": self.author = self.email
+ if self.author == "":
+ self.author = self.email
# Save the In-Reply-To:, References:, and Message-ID: lines
#
@@ -197,8 +200,10 @@
self.in_reply_to = ''
else:
match = msgid_pat.search(i_r_t)
- if match is None: self.in_reply_to = ''
- else: self.in_reply_to = strip_separators(match.group(1))
+ if match is None:
+ self.in_reply_to = ''
+ else:
+ self.in_reply_to = strip_separators(match.group(1))
references = message.getheader('References')
if references is None:
@@ -352,7 +357,7 @@
refs[0])
for ref in refs[1:]:
a = self.database.getArticle(self.archive, ref)
- if a.date > maxdate.data:
+ if a.date > maxdate.date:
maxdate = a
parentID = maxdate.msgid
else:
Index: Mailman/Bouncers/BouncerAPI.py
===================================================================
RCS file: /cvsroot/mailman/mailman/Mailman/Bouncers/BouncerAPI.py,v
retrieving revision 1.11
retrieving revision 1.11.2.1
diff -u -r1.11 -r1.11.2.1
--- Mailman/Bouncers/BouncerAPI.py 2000/09/21 04:50:10 1.11
+++ Mailman/Bouncers/BouncerAPI.py 2001/07/10 15:00:09 1.11.2.1
@@ -82,6 +82,7 @@
# for testing
if __name__ == '__main__':
+ import sys
import mimetools
from Mailman import MailList
Index: Mailman/Bouncers/DSN.py
===================================================================
RCS file: /cvsroot/mailman/mailman/Mailman/Bouncers/DSN.py,v
retrieving revision 1.7
retrieving revision 1.7.2.1
diff -u -r1.7 -r1.7.2.1
--- Mailman/Bouncers/DSN.py 2000/07/21 05:25:53 1.7
+++ Mailman/Bouncers/DSN.py 2001/07/25 18:04:42 1.7.2.1
@@ -1,4 +1,4 @@
-# Copyright (C) 1998,1999,2000 by the Free Software Foundation, Inc.
+# Copyright (C) 1998,1999,2000,2001 by the Free Software Foundation, Inc.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
@@ -43,8 +43,8 @@
def process(msg):
- if msg.gettype() <> 'multipart/report' or \
- msg.getparam('report-type') <> 'delivery-status':
+ if string.lower(msg.gettype()) <> 'multipart/report' or \
+ string.lower(msg.getparam('report-type')) <> 'delivery-status':
# then
return None
boundary = msg.getparam('boundary')
Index: Mailman/Cgi/handle_opts.py
===================================================================
RCS file: /cvsroot/mailman/mailman/Mailman/Cgi/Attic/handle_opts.py,v
retrieving revision 1.30.2.2
retrieving revision 1.30.2.3
diff -u -r1.30.2.2 -r1.30.2.3
--- Mailman/Cgi/handle_opts.py 2001/05/03 21:05:06 1.30.2.2
+++ Mailman/Cgi/handle_opts.py 2001/07/10 14:52:32 1.30.2.3
@@ -266,14 +266,14 @@
except Errors.MMNotAMemberError:
PrintResults(mlist, operation, doc,
"%s isn't subscribed to this list."
- % mail.GetSender(), user)
+ % user, user)
except Errors.MMListNotReadyError:
PrintResults(mlist, operation, doc, "List is not functional.",
user)
except Errors.MMNoSuchUserError:
PrintResults(mlist, operation, doc,
"%s is not subscribed to this list."
- % mail.GetSender(), user)
+ % user, user)
except Errors.MMBadPasswordError:
PrintResults(mlist, operation, doc,
"You gave the wrong password.", user)
Index: Mailman/Handlers/Hold.py
===================================================================
RCS file: /cvsroot/mailman/mailman/Mailman/Handlers/Hold.py,v
retrieving revision 1.16
retrieving revision 1.16.2.2
diff -u -r1.16 -r1.16.2.2
--- Mailman/Handlers/Hold.py 2000/08/01 23:02:28 1.16
+++ Mailman/Handlers/Hold.py 2001/05/31 21:05:44 1.16.2.2
@@ -1,4 +1,4 @@
-# Copyright (C) 1998,1999,2000 by the Free Software Foundation, Inc.
+# Copyright (C) 1998,1999,2000,2001 by the Free Software Foundation, Inc.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
@@ -118,6 +118,11 @@
if not sender or sender[:len(listname)+6] == adminaddr:
sender = msg.GetSender(use_envelope=0)
#
+ # possible administrivia?
+ if mlist.administrivia and Utils.IsAdministrivia(msg):
+ hold_for_approval(mlist, msg, msgdata, Administrivia)
+ # no return
+ #
# is the poster in the list of explicitly forbidden posters?
if len(mlist.forbidden_posters):
forbiddens = Utils.List2Dict(mlist.forbidden_posters)
@@ -175,11 +180,6 @@
not msgdata.get('fromusenet'):
# then
hold_for_approval(mlist, msg, msgdata, ImplicitDestination)
- # no return
- #
- # possible administrivia?
- if mlist.administrivia and Utils.IsAdministrivia(msg):
- hold_for_approval(mlist, msg, msgdata, Administrivia)
# no return
#
# suspicious headers?
Index: admin/www/download.ht
===================================================================
RCS file: /cvsroot/mailman/mailman/admin/www/download.ht,v
retrieving revision 1.5.2.6
retrieving revision 1.5.2.7
diff -u -r1.5.2.6 -r1.5.2.7
--- admin/www/download.ht 2001/05/03 21:09:36 1.5.2.6
+++ admin/www/download.ht 2001/07/25 18:08:31 1.5.2.7
@@ -65,9 +65,9 @@
<h3>Downloading</h3>
<p>Version
-(<!-VERSION--->2.0.5<!-VERSION--->,
+(<!-VERSION--->2.0.6<!-VERSION--->,
released on
-<!-DATE--->May 4 2001<!-DATE--->)
+<!-DATE--->Jul 25 2001<!-DATE--->)
is the current GNU release. It is available from the following mirror sites:
<ul>
Index: admin/www/download.html
===================================================================
RCS file: /cvsroot/mailman/mailman/admin/www/download.html,v
retrieving revision 1.6.2.8
retrieving revision 1.6.2.9
diff -u -r1.6.2.8 -r1.6.2.9
--- admin/www/download.html 2001/05/03 21:09:36 1.6.2.8
+++ admin/www/download.html 2001/07/25 18:08:31 1.6.2.9
@@ -1,6 +1,6 @@
<HTML>
<!-- THIS PAGE IS AUTOMATICALLY GENERATED. DO NOT EDIT. -->
-<!-- Thu May 3 17:09:03 2001 -->
+<!-- Wed Jul 25 14:08:14 2001 -->
<!-- USING HT2HTML 1.1 -->
<!-- SEE http://www.wooz.org/barry/software/pyware.html -->
<!-- User-specified headers:
@@ -237,9 +237,9 @@
<h3>Downloading</h3>
<p>Version
-(<!-VERSION--->2.0.5<!-VERSION--->,
+(<!-VERSION--->2.0.6<!-VERSION--->,
released on
-<!-DATE--->May 4 2001<!-DATE--->)
+<!-DATE--->Jul 25 2001<!-DATE--->)
is the current GNU release. It is available from the following mirror sites:
<ul>
Index: bin/find_member
===================================================================
RCS file: /cvsroot/mailman/mailman/bin/find_member,v
retrieving revision 1.5
retrieving revision 1.5.2.1
diff -u -r1.5 -r1.5.2.1
--- bin/find_member 2000/09/11 03:58:57 1.5
+++ bin/find_member 2001/07/25 17:38:43 1.5.2.1
@@ -90,7 +90,7 @@
try:
mlist = MailList.MailList(listname, lock=0)
except Errors.MMListError:
- print 'No such list "%s"' % name
+ print 'No such list "%s"' % listname
continue
if options.owners:
owners = mlist.owner
Index: src/cgi-wrapper.c
===================================================================
RCS file: /cvsroot/mailman/mailman/src/cgi-wrapper.c,v
retrieving revision 1.13
retrieving revision 1.13.2.1
diff -u -r1.13 -r1.13.2.1
--- src/cgi-wrapper.c 2000/03/21 06:26:41 1.13
+++ src/cgi-wrapper.c 2001/05/29 13:20:27 1.13.2.1
@@ -23,7 +23,7 @@
/* passed in by configure */
#define SCRIPTNAME SCRIPT
-#define LOG_IDENT "Mailman cgi-wrapper (" ## SCRIPT ## ")"
+#define LOG_IDENT "Mailman cgi-wrapper (" SCRIPT ")"
/* GID that CGI scripts run as. See your Web server's documentation. */
#define LEGAL_PARENT_GID CGI_GID
Index: src/common.c
===================================================================
RCS file: /cvsroot/mailman/mailman/src/common.c,v
retrieving revision 1.26
retrieving revision 1.26.2.1
diff -u -r1.26 -r1.26.2.1
--- src/common.c 2000/11/09 06:18:02 1.26
+++ src/common.c 2001/05/29 13:20:27 1.26.2.1
@@ -20,7 +20,7 @@
#include "common.h"
/* passed in by configure */
-#define SCRIPTDIR PREFIX ## "/scripts/" /* trailing slash */
+#define SCRIPTDIR PREFIX "/scripts/" /* trailing slash */
#define MODULEDIR PREFIX /* no trailing slash */
const char* scriptdir = SCRIPTDIR;
FYI, I built and installed the current snapshot on my test
machine (which did have a couple of articles lying around in
the queues that were never delivered when I last stopped
qrunner...)
Doing a mailmanctl start got me page after page of this...
Traceback (most recent call last):
File "bin/mailmanctl", line 207, in ?
main()
File "bin/mailmanctl", line 196, in main
Control.start(restart)
File "/home/mailman/Mailman/Queue/Control.py", line 209, in start
master(restart, lock)
File "/home/mailman/Mailman/Queue/Control.py", line 163, in master
newpid = start_runner(qrclass, slice, count)
File "/home/mailman/Mailman/Queue/Control.py", line 111, in start_runner
qrunner.run()
File "/home/mailman/Mailman/Queue/Runner.py", line 58, in run
filecnt = self.__oneloop()
File "/home/mailman/Mailman/Queue/Runner.py", line 81, in __oneloop
files = self._switchboard.files()
File "/home/mailman/Mailman/Queue/Switchboard.py", line 175, in files
when, digest = filebase.split('+')
ValueError: unpack list of wrong size
Hey, Barry, while you're checking things in, how about committing contrib/mm-handler, which isn't actually in the repository, despite what README.SENDMAIL says.
BTW, although I haven't tried it yet, I'm still sure you're missing something in those instructions. Just defining a mailer isn't going to do anything unless there's a rule somewhere, like in the mailertab, that defines a particular pattern that causes it to *use* said mail. Sendmail often operates by black magic, but this is blacker than most.
Hi,
On Wed, 20 Jun 2001 19:12:00 +0200, I wrote:
> Last Monday, one of our mailing lists went mad and sent multiple copies
> of the same digest to the list's digest users.
>
> [...]
>
> The traceback in the errors log shows:
>
> Jun 19 00:01:01 2001 (18618) Traceback (innermost last):
> File "/usr/local/mailman203/Mailman/Handlers/HandlerAPI.py", line 82, in do_pipeline
> func(mlist, msg, msgdata)
> File "/usr/local/mailman203/Mailman/Handlers/Sendmail.py", line 86, in process
> fp.write(msgtext)
> IOError: [Errno 32] Broken pipe
>
> We run Mailman 2.0.3 with Postfix. I addressed this problem earlier
> (March 26th), but there was no reply.
Several of our lists suffered from Mailman's mail bombing and we turned
the digest option off in hope it'll help. It did, for a while, until
the same happened with a non-digest message being send over and over again
(once per minute, by qrunner).
We were able to locate where and how it happens, and to 'reproduce' the
error (in laboratory conditions :-) both under mailman 2.0.3 and 2.0.6.
The mail looping occurs when there is a MIME message with a single . (dot)
in a line; Mailman sends it to sendmail 'as is'. But since sendmail/postfix
interprets a line with single dot as the end of the message, it sends
everything before the dot and exits with 'Broken pipe'. Mailman, however,
still has the message in it's queue and sends it all over again...
When I tried sending non-MIME message with single-dot-line in it to a Mailman
list, there was no looping, but the message body after the single dot was
missing.
Until there is something better, I suggest adding to Sendmail.py a patch
which perhaps is not pretty (it adds a space before the infamous dot),
but it works:
--- ./Mailman/Handlers/Sendmail.py.orig Fri Jul 27 13:40:31 2001
+++ ./Mailman/Handlers/Sendmail.py Fri Jul 27 14:11:46 2001
@@ -31,6 +31,7 @@
import string
import os
+import re
import HandlerAPI
from Mailman import mm_cfg
@@ -80,6 +81,8 @@
msgtext = str(msg)
# cycle through all chunks
failedrecips = []
+ bar = re.compile('\n\.')
+ msgtext = re.sub(bar, '\n .', msgtext, 0)
for chunk in recipchunks:
# TBD: SECURITY ALERT. This invokes the shell!
fp = os.popen(cmd + chunk, 'w')
Kaja
