Mailman 3 July 2001 - Mailman-Developers

Re: [Mailman-Developers] Mailman password and administrative reminders
by Dan Mick Aug. 14, 2003

Aug. 14, 2003

? This very message came to me with the following header: Errors-To: mailman-developers-admin(a)python.org All my bounces come to the list admin address, set in the admin webpage, in the second field of General Options. Do you have that set to something, and bounces still come to root? > 2. Bounces are sent to the poor postmaster instead of a -admin address. > I'm not entirely certain, but I think an Errors-To: header or something > like that in all Mailman messages might allow one to distribute that load > somewhat.

8 11

[ANNOUNCE] Mailman 2.1 alpha 2
by barry＠digicool.com March 25, 2002

March 25, 2002

This the official announcement for Mailman 2.1 alpha 2. Because it's an alpha, this announcement is only going out to the mailman-* mailing lists. I'll make two warnings: you probably should still not use this version for production systems (but TIA for any and all testing you do with it!), and I've already had a couple of bug fixes from early adopters. 2.1a2 should still be useful, but you might want to keep an eye on cvs and the mailman-checkins list for updates. I am only making the tarball available on SourceForge, so you'll need to go to http://sf.net/projects/mailman to grab it. You'll also need to upgrade to mimelib-0.4, so be sure to go to http://sf.net/projects/mimelib to grab and install that tarball first. To view the on-line documentation, see http://www.list.org/MM21/index.html or http://mailman.sf.net/MM21/index.html Below is an excerpt from the NEWS file for all the changes since 2.1alpha1. There are a bunch of new features coming down the pike, and I hope to have an alpha3 out soon. I'm also planning on doing much more stress testing of this version with real list traffic, and I'm hoping we'll start to get more languages integrated into cvs. Enjoy, -Barry -------------------- snip snip -------------------- 2.1 alpha 2 (11-Jul-2001) - Building o mimelib 0.4 is now required. Get it from http://mimelib.sf.net. If you've installed an earlier version of mimelib, you must upgrade. o /usr/local/mailman is now the default installation directory. Use configure's --prefix switch to change it back to the default (/home/mailman) or any other installation directory of your choice. - Security o Better definition of authentication domains. The following roles have been defined: user, list-admin, list-moderator, creator, site-admin. o There is now a separate role of "list moderator", which has access to the pending requests (admindb) page, but not the list configuration pages. o Subscription confirmations can now be performed via email or via URL. When a subscription is received, a unique (sha) confirm URL is generated in the confirmation message. Simply visiting this URL completes the subscription process. o In a similar manner, removal requests (via web or email command) no longer require the password. If the correct password is given, the removal is performed immediately. If no password is given, then a confirmation message is generated. - Internationalization o More I18N patches. The basic infrastructure should now be working correctly. Spanish templates and catalogs are included, and English, French, Hungarian, and Big5 templates are included. o Cascading specializations and internationalization of templates. Templates are now search for in the following order: list-specific location, domain-specific location, site-wide location, global defaults. Each search location is further qualified by the language being displayed. This means that you only need to change the templates that are different from the global defaults. Templates renamed: admlogin.txt => admlogin.html Templates added: private.html - Web UI o Redesigned the user options page. It now sits behind an authentication so user options cannot be viewed without the proper password. The other advantage is that the user's password need not be entered on the options page to unsubscribe or change option values. The login screen also provides for password mail-back, and unsubscription w/ confirmation. Other new features accessible from the user options page include: ability to change email address (with confirmation) both per-list and globally for all list on virtual domain; global membership password changing; global mail delivery disable/enable; ability to suppress password reminders both per-list and globally; logout button. [Note: the handle_opts cgi has gone away] o Color schemes for non-template based web pages can be defined via mm_cfg. o Redesign of the membership management page. The page is now split into three subcategories (Membership List, Mass Subscription, and Mass Removal). The Membership List subcategory now supports searching for member addresses by regular expression, and if necessary, it groups member addresses first alphabetically, and then by chunks. Mass Subscription and Mass Removal now support file upload, with one address per line. o Hyperlinks from the logos in the footers have been removed. The sponsors got too much "unsubscribe me!" spam from desperate user of Mailman at other sites. o New buttons on the digest admin page to send a digest immediately (if it's non-empty), to start a new digest volume with the next digest, and to select the interval with which to automatically start a new digest volume (yearly, monthly, quarterly, weekly, daily). DEFAULT_DIGEST_VOLUME_FREQUENCY is a new configuration variable, initially set to give a new digest volume monthly. o Through-the-web list creation and removal, using a separate site-wide authentication role called the "list creator and destroyer" or simply "list creator". If the configuration variable OWNERS_CAN_DELETE_THEIR_OWN_LISTS is set to 1 (by default, it's 0), then list admins can delete their own lists. This feature requires an adaptor for the particular MTA you're using. An adaptor for Postfix is included, as is a dumb adaptor that just emails mailman@yoursite with the necessary Sendmail style /etc/alias file changes. Some MTAs like Exim can be configured to automatically recognize new lists. The adaptor is selected via the MTA option in mm_cfg.py - Email UI o In email commands, "join" is a synonym for "subscribe". "remove" and "leave" are synonyms for "unsubscribe". New robot addresses are support to make subscribing and unsubscribing much easier: mylist-join@mysite mylist-leave@mysite o Confirmation messages have a shortened Subject: header, containing just the word "confirm" and the confirmation cookie. This should help for MUAs that like to wrap long Subject: lines, messing up confirmation. o Mailman now recognizes an Urgent: header, which, if it contains the list moderator or list administrator password, forces the message to be delivered immediately to all members (i.e. both regular and digest members). The message is also placed in the digest. If the password is incorrect, the message will be bounced back to the sender. - Performance o Refinements to the new qrunner subsystem which preserves FIFO order of messages. o The qrunner is no longer started from cron. It is started by a Un*x init-style script called bin/mailmanctl (see below). cron/qrunner has been removed. - Command line scripts o bin/mailmanctl script added, which is used to start, stop, and restart the qrunner daemon. o bin/qrunner script added which allows a single sub-qrunner to run once through its processing loop. o bin/change_pw script added (eases mass changing of list passwords). o bin/update grows a -f switch to force an update. o bin/newlang renamed to bin/addlang; bin/rmlang removed. o bin/mmsitepass has grown a -c option to set the list creator's password. The site-wide `create' web page is linked to from the admin overview page. o bin/newlist's -o option is removed. This script also grows a way of spelling the creation of a list in a specific virtual domain. o The `auto' script has been removed. o bin/dumpdb has grown -m/--marshal and -p/--pickle options. o bin/list_admins can be used to print the owners of a mailing list. o bin/genaliases regenerates from scratch the aliases and aliases.db file for the Postfix MTA. - Archiver o New archiver date clobbering option, which allows dates to only be clobber if they are outrageously out-of-date (default setting is 15 days on either side of received timestamp). New configuration variables: ARCHIVER_CLOBBER_DATE_POLICY ARCHIVER_ALLOWABLE_SANE_DATE_SKEW The archived copy of messages grows an X-List-Received-Date: header indicating the time the message was received by Mailman. o PRIVATE_ARCHIVE_URL configuration variable is removed (this can be calculated on the fly, and removing it actually makes site configuration easier). - Miscellaneous o Several new README's have been added. o Most syslog entries for the qrunner have been redirected to logs/error. o On SIGHUP, qrunner will re-open all its log files and restart all child processes. See "bin/mailmanctl restart". - Patches and bug fixes o SF patches and bug fixes applied: 420396, 424389, 227694, 426002, 401372 (partial), 401452. o Fixes in 2.0.5 ported forward: Fix a lock stagnation problem that can result when the user hits the `stop' button on their browser during a write operation that can take a long time (e.g. hitting the membership management admin page). o Fixes in 2.0.4 ported forward: Python 2.1 compatibility release. There were a few questionable constructs and uses of deprecated modules that caused annoying warnings when used with Python 2.1. This release quiets those warnings. o Fixes in 2.0.3 ported forward: Bug fix release. There was a small typo in 2.0.2 in ListAdmin.py for approving an already subscribed member (thanks Thomas!). Also, an update to the OpenWall security workaround (contrib/securelinux_fix.py) was included. Thanks to Marc Merlin.

17 38

Internal server error when accessing admin pages
by Marc MERLIN Dec. 4, 2001

Dec. 4, 2001

I've gotten several bug reports on SF for people who can't get to the admin pages The only error apache gives me is: [Thu Jul 12 15:47:17 2001] [error] [client 171.71.41.31] Premature end of script headers: /var/local/mailman/cgi-bin/admin I never had the problem myself and it seems to come and go Is there any debugging I can in mailman to at least give me some error in my apache error log? (or do you think it's an apache problem?) Attached is one of the tickets I've gotten Thanks, Marc ----- Forwarded message from noreply(a)sourceforge.net ----- To: noreply(a)sourceforge.net From: noreply(a)sourceforge.net Subject: [ alexandria-Support Requests-438992 ] Administration interface to mail lists Date: Thu, 26 Jul 2001 02:43:44 -0700 Support Requests item #438992, was opened at 2001-07-06 00:49 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=200001&aid=438992&group_id… Category: Mailing Lists Group: Second Level Support >Status: Open Priority: 9 Submitted By: Richard Leyton (rleyton) Assigned to: Marc Merlin (marcmerlin) Summary: Administration interface to mail lists Initial Comment: A post to a mailing list needs admin attention (it's a moderated list). The URL: http://lists.sourceforge.net/lists/admindb/leap-announce results in: Internal Server Error The server encountered an internal error or misconfiguration and was unable to complete your request. Please contact the server administrator, staff(a)sourceforge.net and inform them of the time the error occurred, and anything you might have done that may have caused the error. More information about this error may be available in the server error log. Could you look into it. ---------------------------------------------------------------------- >Comment By: Richard Leyton (rleyton) Date: 2001-07-26 02:43 Message: Logged In: YES user_id=7704 In a nutshell, this ceased to be a problem the next day, i'd forgotten about this ticket until the status changed. I had given a detailed response to your queries, but mozilla crashed on me before i clicked on the submit, and i was in a hurry, so i didn't get around to reposting it. in a nutshell: - all browsers tried (opera, netscape & mozilla) - had a URL via e-mail to attend to pending admin requests. - yes it gave the same error with netscape - it was the message received on going to the URL contained in the e-mail. ---------------------------------------------------------------------- Comment By: Marc Merlin (marcmerlin) Date: 2001-07-25 11:14 Message: Logged In: YES user_id=6500 We need the information if you want us to help you ---------------------------------------------------------------------- Comment By: Marc Merlin (marcmerlin) Date: 2001-07-17 08:38 Message: Logged In: YES user_id=6500 What browser? Does it fail repeatetly from different places? Does it fail with plain netscape? Does it fail when you access the page, or when you post back a form? ---------------------------------------------------------------------- You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=200001&aid=438992&group_id… ----- End forwarded message ----- -- Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f(a)merlins.org for PGP key

3 3

Re: [Mailman-Users] Upgrading from 2.0b5 to 2.1a2
by barry＠zope.com Nov. 6, 2001

Nov. 6, 2001

[Note: I'm moving this discussion to malman-developers. -baw] >>>>> "JAA" == Jose A Accino <jaccino(a)ieev.uma.es> writes: JAA> Is there any clean way to make a smooth upgrade from 2.0b5 to JAA> lates 2.1a2? (I'm making that just to check the upgrade JAA> process, using a spare machine and a copy of the actual JAA> lists). JAA> Making a 2.1a2 fresh installation (without lists) runs fine. JAA> However, I've been unable to upgrade the old lists. Here are JAA> the main points: There's two ways to upgrade, neither of which has gotten a lot of testing. Based on you're message I tried the first way, and I'm about to check in a bunch of patches to make that go smoother. I'll try the second way soon. 1) Install a fresh virgin MM2.1 in /usr/local/mailman and then move lists from /home/mailman (MM2.0.x) to /usr/local/mailman. This way lets you migrate lists one at a time, gaining confidence in the new system in measured increments. I will probably upgrade {python,zope}.org this way. 2) Install MM2.1 overtop an existing MM2.0.x installation and have everything just magically work. I'll probably upgrade wooz.org's production lists this way. Both ought to work, and ought to be easy. After the checkins, here's a recipe that makes #1 easy: - Do a fresh install of MM2.1 in /usr/local/mailman according to the instructions. - Copy or move `mylist' by first moving /home/mailman/lists/mylist to /usr/local/mailman/lists/mylist and /home/mailman/archives/private/mylist.mbox to /usr/local/mailman/archives/private BTW, I used rsync for this, just cause it's a cool tool and I can actually remember how to invoke it with the right options. :) That's it. Everything else should just work, except for possibly two minor complications. - If your web server is going to support both installations, it's possible you'll have two different base urls, one for your MM2.0.x installation and one for your MM2.1 installation. If so, you'll need to manually change each moved list's web_page_url attribute. Fortunately, I'm about to add a script called `fix_url' which will reset a list's web_page_url to mm_cfg.DEFAULT_URL. So if you configure mm_cfg.py correctly, then run fix_url, you should be golden. I.e. % bin/withlist -l -r fix_url mylist - Same dealie with your MTA, i.e. your wrapper aliases may point to two different directories. Here, because I use Postfix and glued them together as described in README.POSTFIX, all I needed to do was run bin/genaliases and the new list aliases got installed. I'm sure that if you use Exim and glued them together as per README.EXIM, you probably don't need to do anything. (I'm still waiting on contributions for better gluing instructions for Sendmail, qmail, and any others.) -Barry

4 5

Bug in mail->news gateway in 2.0.5 (and *simple* fix)
by "Jürgen A. Erhard" Oct. 20, 2001

Oct. 20, 2001

Bug: in Mailman/Handlers/ToUsenet.py, there are spaces inserted after colons where they are missing ("NNTP is strict about spaces after the colon in headers"). If a colon appears in a continuation line, it is treated as a header colon. Fix: skip lines that start with whitespace. For those interested, the history of the finding of the bug: Problem: my signed emails appeared on Usenet garbled. The multipart boundary had an extra space inserted (which of course the actual boundaries hadn't). After some exchange with Martin Armstrong (who made me aware of this) we concluded it had to be the mail->news gateway (as my direct mail to him, also signed, wasn't garbled). I then investigated ToUsenet.py, and found the error. Why this hasn't hit a lot more often is simple: most MUA seem to use some random gibberish as the boundary string. SEMI doesn't... Of course, if this is fixed in 2.1, you can ignore this (assuming that it comes out soonish ;-) Bye, J -- Jürgen A. Erhard (juergen.erhard(a)gmx.net, jae(a)users.sourceforge.net) MARS: http://members.tripod.com/Juergen_Erhard/mars_index.html Life's Better Without Braces (http://www.python.org) I wish I had more energy -- or less ambition.

2 2

Results from 2.1a2's /mailman/create ... not as expected
by Scott Brown Aug. 21, 2001

Aug. 21, 2001

I dont know if this was by design or not, but I went to my (not externally accessible) test system at http://www.testdomain.com/mailman/create and created a list "justatest" and got the message tacked on the bottom of this message. Things that "JustDontLookRight" to me include: - picked up the server's name, rather than the domain name of the host it was triggered under. Could it not be set up to take the virtual host underwhich it was triggered (ie, testdomain.com), and use that as the prefered name of the list? The next page that comes up is listed as being under that virtual host -- but all the links point back to the machine's name. - Required me to use the sitepassword to create a new list... How can I give that priveledge to someone else (like a virtual host admin)... I've not found any documentation anywhere that describes how to register a valid user under a domain (such that they can only create lists under that domain) - last line in message didnt have proper replacement of "hostname". Just a buglet - but I dont know enough python to fix it.... - The email that is produced with the /etc/alias additions... is it possible to define where that goes, say in the mm_cfg.py? It would be nice to be able to pipe those specific through another email address that triggers a routine that could actually do the append as root... -----Original Message----- From: justatest-admin(a)bubba.localdomain [mailto:justatest-admin@bubba.localdomain]On Behalf Of mailman-owner(a)bubba.localdomain Sent: Saturday, July 28, 2001 10:40 PM To: ----------------------- Subject: Your new mailing list: justatest The mailing list `justatest' has just been created for you. The following is some basic information about your mailing list. Your mailing list password is: justatest You need this password to configure your mailing list. You also need it to handle administrative requests, such as approving mail if you choose to run a moderated list. You can configure your mailing list at the following web page: http://bubba.localdomain/mailman/admin/justatest The web page for users of your mailing list is: http://bubba.localdomain/mailman/listinfo/justatest You can even customize these web pages from the list configuration page. However, you do need to know HTML to be able to do this. There is also an email-based interface for users (not administrators) of your list; you can get info about using it by sending a message with just the word `help' as subject or in the body, to: justatest-request(a)bubba.localdomain To unsubscribe a user: from the mailing list 'listinfo' web page, click on or enter the user's email address as if you were that user. Where that user would put in their password to unsubscribe, put in your admin password. You can also use your password to change member's options, including digestification, delivery disabling, etc. Please address all questions to mailman-owner@%(hostname)s.

2 1

ANNOUNCE Mailman 2.0.6
by barry＠zope.com Aug. 16, 2001

Aug. 16, 2001

Folks, I've just released Mailman 2.0.6 which fixes a potential security problem in Mailman 2.0.x, and includes a few other minor bug fixes. It is possible, although unlikely, that you could have an empty site password, or an empty list password. Because of peculiarities in the Unix crypt() function, such empty passwords could allow unauthorized access to the list administrative pages with an arbitrary password string. This situation does not occur normally, but it is possible to create it by accident (e.g. by touch'ing data/adm.pw). This patch ensures that such empty passwords do not allow unauthorized access, by first checking to make sure that the salt is at least 2 characters in length. Alternatively, you can make sure that either data/adm.pw does not exist or that it is not empty. For the extra paranoid, you'd need to be sure that none of your lists have empty passwords, but that's an even more difficult situation to create by accident. This patch guards against both situations. Please note that Mailman 2.1alpha is not vulnerable to this problem because it does not use crypt(). A few other minor bugs have been fixed; see the NEWS excerpt below for details. As usual, I'm releasing this as both a complete tarball and as a patch against Mailman 2.0.5. You /must/ update your source to 2.0.5 before applying the 2.0.6 patch. Since the patch is small, I'm including it in this message. To apply, cd into your 2.0.5 source tree and apply it like so: % patch -p0 < mailman-2.0.5-2.0.6.txt Then run "config.status; make install". Currently both http://mailman.sf.net and http://www.list.org are updated, and I expect the gnu.org site to be updated soon as well. The release information on SF is at http://sourceforge.net/project/shownotes.php?release_id=45268 See also http://www.gnu.org/software/mailman http://www.list.org http://mailman.sf.net My thanks to Dave Helton, Ray Sanders, and Thomas Wouters for their help with this release. Enjoy, -Barry Index: NEWS =================================================================== RCS file: /cvsroot/mailman/mailman/NEWS,v retrieving revision 1.25.2.6 retrieving revision 1.25.2.9 diff -u -r1.25.2.6 -r1.25.2.9 --- NEWS 2001/05/03 21:06:56 1.25.2.6 +++ NEWS 2001/07/25 18:52:27 1.25.2.9 @@ -4,6 +4,34 @@ Here is a history of user visible changes to Mailman. +2.0.6 (25-Jul-2001) + + Security fix: + + - Fixed a potential security hole which could allow access to list + administrative features by unauthorized users. If there is an + empty data/adm.pw file (the site password file), then any + password will be accepted as the list administrative password. + This exploit is caused by a common "bug" in the crypt() function + suffered by several Unix distributions, including at least + GNU/Linux and Solaris. Given a salt string of length zero, + crypt() always returns the empty string. + + In lieu of applying this patch, sites can run bin/mmsitepass and + ensure that data/adm.pw is of length 2 or greater. + + Bug fixes: + + - Ensure that even if DEFAULT_URL is misconfigured in mm_cfg.py + (i.e. is missing a trailing slash), it is always fixed upon list + creation. + + - Check for administrivia holds before any other tests. + + - SF bugs fixed: 407666, 227694 + + - Other miscellaneous buglets fixed. + 2.0.5 (04-May-2001) Fix a lock stagnation problem that can result when the user hits Index: Mailman/MailList.py =================================================================== RCS file: /cvsroot/mailman/mailman/Mailman/MailList.py,v retrieving revision 1.189 retrieving revision 1.189.2.2 diff -u -r1.189 -r1.189.2.2 --- Mailman/MailList.py 2000/11/16 04:33:27 1.189 +++ Mailman/MailList.py 2001/05/29 14:45:27 1.189.2.2 @@ -1,4 +1,4 @@ -# Copyright (C) 1998,1999,2000 by the Free Software Foundation, Inc. +# Copyright (C) 1998,1999,2000,2001 by the Free Software Foundation, Inc. # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License @@ -712,7 +712,7 @@ " fails, or if the pattern does contain an `@', then the pattern" " is matched against the entire recipient address. " " <p>Matching against the local part is deprecated; in a future" - " release, the patterm will always be matched against the " + " release, the pattern will always be matched against the " " entire recipient address."), ('max_num_recipients', mm_cfg.Number, 5, 0, @@ -787,6 +787,7 @@ self.InitVars(name, admin, crypted_password) self._ready = 1 self.InitTemplates() + self.CheckValues() self.Save() # Touch these files so they have the right dir perms no matter what. # A "just-in-case" thing. This shouldn't have to be here. Index: Mailman/SecurityManager.py =================================================================== RCS file: /cvsroot/mailman/mailman/Mailman/SecurityManager.py,v retrieving revision 1.31 retrieving revision 1.31.2.1 diff -u -r1.31 -r1.31.2.1 --- Mailman/SecurityManager.py 2000/10/02 20:40:41 1.31 +++ Mailman/SecurityManager.py 2001/07/25 18:07:51 1.31.2.1 @@ -1,4 +1,4 @@ -# Copyright (C) 1998,1999,2000 by the Free Software Foundation, Inc. +# Copyright (C) 1998,1999,2000,2001 by the Free Software Foundation, Inc. # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License @@ -44,8 +44,12 @@ def ValidAdminPassword(self, pw): if Utils.CheckSiteAdminPassword(pw): return 1 - return type(pw) == StringType and \ - Crypt.crypt(pw, self.password) == self.password + salt = self.password[:2] + # crypt() has a bug in that if the salt is the empty string, it will + # always return the empty string, regardless of the key. :( + if len(salt) < 2: + return 0 + return Crypt.crypt(pw, salt) == self.password def ConfirmAdminPassword(self, pw): if not self.ValidAdminPassword(pw): Index: Mailman/Utils.py =================================================================== RCS file: /cvsroot/mailman/mailman/Mailman/Utils.py,v retrieving revision 1.104.2.2 retrieving revision 1.104.2.4 diff -u -r1.104.2.2 -r1.104.2.4 --- Mailman/Utils.py 2001/04/18 04:23:07 1.104.2.2 +++ Mailman/Utils.py 2001/07/25 18:06:46 1.104.2.4 @@ -262,7 +262,7 @@ finally: os.umask(ou) if verbose: - print 'made directory: ', madepart + print 'made directory: ', made_part @@ -405,7 +405,12 @@ f = open(mm_cfg.SITE_PW_FILE) pw2 = f.read() f.close() - return Crypt.crypt(pw1, pw2[:2]) == pw2 + salt = pw2[:2] + # crypt() has a bug in that if the salt is the empty string, it will + # always return the empty string, regardless of the key. :( + if len(salt) < 2: + return 0 + return Crypt.crypt(pw1, salt) == pw2 # There probably is no site admin password if there was an exception except IOError: return 0 Index: Mailman/Version.py =================================================================== RCS file: /cvsroot/mailman/mailman/Mailman/Version.py,v retrieving revision 1.20.2.5 retrieving revision 1.20.2.6 diff -u -r1.20.2.5 -r1.20.2.6 --- Mailman/Version.py 2001/05/03 20:58:19 1.20.2.5 +++ Mailman/Version.py 2001/07/25 18:05:30 1.20.2.6 @@ -15,7 +15,7 @@ # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. # Mailman version -VERSION = "2.0.5" +VERSION = "2.0.6" # And as a hex number in the manner of PY_VERSION_HEX ALPHA = 0xa @@ -27,7 +27,7 @@ MAJOR_REV = 2 MINOR_REV = 0 -MICRO_REV = 5 +MICRO_REV = 6 REL_LEVEL = FINAL # at most 15 beta releases! REL_SERIAL = 0 Index: Mailman/versions.py =================================================================== RCS file: /cvsroot/mailman/mailman/Mailman/versions.py,v retrieving revision 1.27 retrieving revision 1.27.2.1 diff -u -r1.27 -r1.27.2.1 --- Mailman/versions.py 2000/06/14 05:09:58 1.27 +++ Mailman/versions.py 2001/07/10 14:58:56 1.27.2.1 @@ -142,7 +142,7 @@ # set admin_notify_mchanges # if not hasattr(l, "admin_notify_mchanges"): - setatrr(l, "admin_notify_mchanges", + setattr(l, "admin_notify_mchanges", mm_cfg.DEFAULT_ADMIN_NOTIFY_MCHANGES) # # Convert the members and digest_members addresses so that the keys of Index: Mailman/Archiver/pipermail.py =================================================================== RCS file: /cvsroot/mailman/mailman/Mailman/Archiver/pipermail.py,v retrieving revision 1.15 retrieving revision 1.15.2.2 diff -u -r1.15 -r1.15.2.2 --- Mailman/Archiver/pipermail.py 2000/10/20 06:18:11 1.15 +++ Mailman/Archiver/pipermail.py 2001/06/01 22:30:16 1.15.2.2 @@ -62,7 +62,7 @@ # Abstract class for databases -class DatabaseInterface: +class DatabaseInterface: def __init__(self): pass def close(self): pass def getArticle(self, archive, msgid): pass @@ -162,13 +162,15 @@ id = strip_separators(message.getheader('Message-Id')) if id == "": self.msgid = str(self.sequence) - else: self.msgid = id + else: + self.msgid = id if message.has_key('Subject'): self.subject = str(message['Subject']) else: + self.subject = 'No subject' + if self.subject == "": self.subject = 'No subject' - if self.subject == "": self.subject = 'No subject' self._set_date(message) @@ -180,7 +182,8 @@ self.email = strip_separators(self.email) self.author = strip_separators(self.author) - if self.author == "": self.author = self.email + if self.author == "": + self.author = self.email # Save the In-Reply-To:, References:, and Message-ID: lines # @@ -197,8 +200,10 @@ self.in_reply_to = '' else: match = msgid_pat.search(i_r_t) - if match is None: self.in_reply_to = '' - else: self.in_reply_to = strip_separators(match.group(1)) + if match is None: + self.in_reply_to = '' + else: + self.in_reply_to = strip_separators(match.group(1)) references = message.getheader('References') if references is None: @@ -352,7 +357,7 @@ refs[0]) for ref in refs[1:]: a = self.database.getArticle(self.archive, ref) - if a.date > maxdate.data: + if a.date > maxdate.date: maxdate = a parentID = maxdate.msgid else: Index: Mailman/Bouncers/BouncerAPI.py =================================================================== RCS file: /cvsroot/mailman/mailman/Mailman/Bouncers/BouncerAPI.py,v retrieving revision 1.11 retrieving revision 1.11.2.1 diff -u -r1.11 -r1.11.2.1 --- Mailman/Bouncers/BouncerAPI.py 2000/09/21 04:50:10 1.11 +++ Mailman/Bouncers/BouncerAPI.py 2001/07/10 15:00:09 1.11.2.1 @@ -82,6 +82,7 @@ # for testing if __name__ == '__main__': + import sys import mimetools from Mailman import MailList Index: Mailman/Bouncers/DSN.py =================================================================== RCS file: /cvsroot/mailman/mailman/Mailman/Bouncers/DSN.py,v retrieving revision 1.7 retrieving revision 1.7.2.1 diff -u -r1.7 -r1.7.2.1 --- Mailman/Bouncers/DSN.py 2000/07/21 05:25:53 1.7 +++ Mailman/Bouncers/DSN.py 2001/07/25 18:04:42 1.7.2.1 @@ -1,4 +1,4 @@ -# Copyright (C) 1998,1999,2000 by the Free Software Foundation, Inc. +# Copyright (C) 1998,1999,2000,2001 by the Free Software Foundation, Inc. # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License @@ -43,8 +43,8 @@ def process(msg): - if msg.gettype() <> 'multipart/report' or \ - msg.getparam('report-type') <> 'delivery-status': + if string.lower(msg.gettype()) <> 'multipart/report' or \ + string.lower(msg.getparam('report-type')) <> 'delivery-status': # then return None boundary = msg.getparam('boundary') Index: Mailman/Cgi/handle_opts.py =================================================================== RCS file: /cvsroot/mailman/mailman/Mailman/Cgi/Attic/handle_opts.py,v retrieving revision 1.30.2.2 retrieving revision 1.30.2.3 diff -u -r1.30.2.2 -r1.30.2.3 --- Mailman/Cgi/handle_opts.py 2001/05/03 21:05:06 1.30.2.2 +++ Mailman/Cgi/handle_opts.py 2001/07/10 14:52:32 1.30.2.3 @@ -266,14 +266,14 @@ except Errors.MMNotAMemberError: PrintResults(mlist, operation, doc, "%s isn't subscribed to this list." - % mail.GetSender(), user) + % user, user) except Errors.MMListNotReadyError: PrintResults(mlist, operation, doc, "List is not functional.", user) except Errors.MMNoSuchUserError: PrintResults(mlist, operation, doc, "%s is not subscribed to this list." - % mail.GetSender(), user) + % user, user) except Errors.MMBadPasswordError: PrintResults(mlist, operation, doc, "You gave the wrong password.", user) Index: Mailman/Handlers/Hold.py =================================================================== RCS file: /cvsroot/mailman/mailman/Mailman/Handlers/Hold.py,v retrieving revision 1.16 retrieving revision 1.16.2.2 diff -u -r1.16 -r1.16.2.2 --- Mailman/Handlers/Hold.py 2000/08/01 23:02:28 1.16 +++ Mailman/Handlers/Hold.py 2001/05/31 21:05:44 1.16.2.2 @@ -1,4 +1,4 @@ -# Copyright (C) 1998,1999,2000 by the Free Software Foundation, Inc. +# Copyright (C) 1998,1999,2000,2001 by the Free Software Foundation, Inc. # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License @@ -118,6 +118,11 @@ if not sender or sender[:len(listname)+6] == adminaddr: sender = msg.GetSender(use_envelope=0) # + # possible administrivia? + if mlist.administrivia and Utils.IsAdministrivia(msg): + hold_for_approval(mlist, msg, msgdata, Administrivia) + # no return + # # is the poster in the list of explicitly forbidden posters? if len(mlist.forbidden_posters): forbiddens = Utils.List2Dict(mlist.forbidden_posters) @@ -175,11 +180,6 @@ not msgdata.get('fromusenet'): # then hold_for_approval(mlist, msg, msgdata, ImplicitDestination) - # no return - # - # possible administrivia? - if mlist.administrivia and Utils.IsAdministrivia(msg): - hold_for_approval(mlist, msg, msgdata, Administrivia) # no return # # suspicious headers? Index: admin/www/download.ht =================================================================== RCS file: /cvsroot/mailman/mailman/admin/www/download.ht,v retrieving revision 1.5.2.6 retrieving revision 1.5.2.7 diff -u -r1.5.2.6 -r1.5.2.7 --- admin/www/download.ht 2001/05/03 21:09:36 1.5.2.6 +++ admin/www/download.ht 2001/07/25 18:08:31 1.5.2.7 @@ -65,9 +65,9 @@ <h3>Downloading</h3> <p>Version -(<!-VERSION--->2.0.5<!-VERSION--->, +(<!-VERSION--->2.0.6<!-VERSION--->, released on -<!-DATE--->May 4 2001<!-DATE--->) +<!-DATE--->Jul 25 2001<!-DATE--->) is the current GNU release. It is available from the following mirror sites: <ul> Index: admin/www/download.html =================================================================== RCS file: /cvsroot/mailman/mailman/admin/www/download.html,v retrieving revision 1.6.2.8 retrieving revision 1.6.2.9 diff -u -r1.6.2.8 -r1.6.2.9 --- admin/www/download.html 2001/05/03 21:09:36 1.6.2.8 +++ admin/www/download.html 2001/07/25 18:08:31 1.6.2.9 @@ -1,6 +1,6 @@ <HTML>  - +   2.0.5<!-VERSION--->, +(<!-VERSION--->2.0.6<!-VERSION--->, released on -<!-DATE--->May 4 2001<!-DATE--->) +<!-DATE--->Jul 25 2001<!-DATE--->) is the current GNU release. It is available from the following mirror sites: <ul> Index: bin/find_member =================================================================== RCS file: /cvsroot/mailman/mailman/bin/find_member,v retrieving revision 1.5 retrieving revision 1.5.2.1 diff -u -r1.5 -r1.5.2.1 --- bin/find_member 2000/09/11 03:58:57 1.5 +++ bin/find_member 2001/07/25 17:38:43 1.5.2.1 @@ -90,7 +90,7 @@ try: mlist = MailList.MailList(listname, lock=0) except Errors.MMListError: - print 'No such list "%s"' % name + print 'No such list "%s"' % listname continue if options.owners: owners = mlist.owner Index: src/cgi-wrapper.c =================================================================== RCS file: /cvsroot/mailman/mailman/src/cgi-wrapper.c,v retrieving revision 1.13 retrieving revision 1.13.2.1 diff -u -r1.13 -r1.13.2.1 --- src/cgi-wrapper.c 2000/03/21 06:26:41 1.13 +++ src/cgi-wrapper.c 2001/05/29 13:20:27 1.13.2.1 @@ -23,7 +23,7 @@ /* passed in by configure */ #define SCRIPTNAME SCRIPT -#define LOG_IDENT "Mailman cgi-wrapper (" ## SCRIPT ## ")" +#define LOG_IDENT "Mailman cgi-wrapper (" SCRIPT ")" /* GID that CGI scripts run as. See your Web server's documentation. */ #define LEGAL_PARENT_GID CGI_GID Index: src/common.c =================================================================== RCS file: /cvsroot/mailman/mailman/src/common.c,v retrieving revision 1.26 retrieving revision 1.26.2.1 diff -u -r1.26 -r1.26.2.1 --- src/common.c 2000/11/09 06:18:02 1.26 +++ src/common.c 2001/05/29 13:20:27 1.26.2.1 @@ -20,7 +20,7 @@ #include "common.h" /* passed in by configure */ -#define SCRIPTDIR PREFIX ## "/scripts/" /* trailing slash */ +#define SCRIPTDIR PREFIX "/scripts/" /* trailing slash */ #define MODULEDIR PREFIX /* no trailing slash */ const char* scriptdir = SCRIPTDIR;

5 4

current snapshot startup woes
by Ron Jarrell Aug. 15, 2001

Aug. 15, 2001

FYI, I built and installed the current snapshot on my test machine (which did have a couple of articles lying around in the queues that were never delivered when I last stopped qrunner...) Doing a mailmanctl start got me page after page of this... Traceback (most recent call last): File "bin/mailmanctl", line 207, in ? main() File "bin/mailmanctl", line 196, in main Control.start(restart) File "/home/mailman/Mailman/Queue/Control.py", line 209, in start master(restart, lock) File "/home/mailman/Mailman/Queue/Control.py", line 163, in master newpid = start_runner(qrclass, slice, count) File "/home/mailman/Mailman/Queue/Control.py", line 111, in start_runner qrunner.run() File "/home/mailman/Mailman/Queue/Runner.py", line 58, in run filecnt = self.__oneloop() File "/home/mailman/Mailman/Queue/Runner.py", line 81, in __oneloop files = self._switchboard.files() File "/home/mailman/Mailman/Queue/Switchboard.py", line 175, in files when, digest = filebase.split('+') ValueError: unpack list of wrong size

2 4

mm-handler
by Ron Jarrell Aug. 14, 2001

Aug. 14, 2001

Hey, Barry, while you're checking things in, how about committing contrib/mm-handler, which isn't actually in the repository, despite what README.SENDMAIL says. BTW, although I haven't tried it yet, I'm still sure you're missing something in those instructions. Just defining a mailer isn't going to do anything unless there's a rule somewhere, like in the mailertab, that defines a particular pattern that causes it to *use* said mail. Sendmail often operates by black magic, but this is blacker than most.

3 9

Looping digest - mailman bug?
by Kaja P. Christiansen Aug. 2, 2001

Aug. 2, 2001

Hi, On Wed, 20 Jun 2001 19:12:00 +0200, I wrote: > Last Monday, one of our mailing lists went mad and sent multiple copies > of the same digest to the list's digest users. > > [...] > > The traceback in the errors log shows: > > Jun 19 00:01:01 2001 (18618) Traceback (innermost last): > File "/usr/local/mailman203/Mailman/Handlers/HandlerAPI.py", line 82, in do_pipeline > func(mlist, msg, msgdata) > File "/usr/local/mailman203/Mailman/Handlers/Sendmail.py", line 86, in process > fp.write(msgtext) > IOError: [Errno 32] Broken pipe > > We run Mailman 2.0.3 with Postfix. I addressed this problem earlier > (March 26th), but there was no reply. Several of our lists suffered from Mailman's mail bombing and we turned the digest option off in hope it'll help. It did, for a while, until the same happened with a non-digest message being send over and over again (once per minute, by qrunner). We were able to locate where and how it happens, and to 'reproduce' the error (in laboratory conditions :-) both under mailman 2.0.3 and 2.0.6. The mail looping occurs when there is a MIME message with a single . (dot) in a line; Mailman sends it to sendmail 'as is'. But since sendmail/postfix interprets a line with single dot as the end of the message, it sends everything before the dot and exits with 'Broken pipe'. Mailman, however, still has the message in it's queue and sends it all over again... When I tried sending non-MIME message with single-dot-line in it to a Mailman list, there was no looping, but the message body after the single dot was missing. Until there is something better, I suggest adding to Sendmail.py a patch which perhaps is not pretty (it adds a space before the infamous dot), but it works: --- ./Mailman/Handlers/Sendmail.py.orig Fri Jul 27 13:40:31 2001 +++ ./Mailman/Handlers/Sendmail.py Fri Jul 27 14:11:46 2001 @@ -31,6 +31,7 @@ import string import os +import re import HandlerAPI from Mailman import mm_cfg @@ -80,6 +81,8 @@ msgtext = str(msg) # cycle through all chunks failedrecips = [] + bar = re.compile('\n\.') + msgtext = re.sub(bar, '\n .', msgtext, 0) for chunk in recipchunks: # TBD: SECURITY ALERT. This invokes the shell! fp = os.popen(cmd + chunk, 'w') Kaja

4 9