sudden (?) issue with subscription options CGI
![](https://secure.gravatar.com/avatar/7ab1a8883096c5d0332865b9ef4570f5.jpg?s=120&d=mm&r=g)
Have an older RHEL 7 Mailman2 server that's worked flawlessly for years, but whose time is short... new MM3 server slowly being built.
However, one of my members alerted me today that they were unable to log into the Subscription Options page due to a 500 Server Error. The page itself displays fine, but entering the username and pass results in the server error. Only thing I see in the apache error logs is as follows (listdomain and list name obfuscated):
End of script output before headers: options, referer: https://list.listdomain.com/mailman/options/listname
As far as I know (dangerous), this was working fine post-last upgrade, which was September '23, and everything else is working fine other than the Options cgi.
Running mailman-2.1.39 installed from source. Minimal config options on build - ./configure --with-cgi-gid=apache Apache httpd-2.4.6-99.el7_9.1 Python 2.7.5
Any other hints to try to debug this? Didn't see anything at all in any of the Mailman logs.
Thanks for any suggestions!
![](https://secure.gravatar.com/avatar/56f108518d7ee2544412cc80978e3182.jpg?s=120&d=mm&r=g)
On 11/28/24 11:13 AM, ddewey@cyberthugs.com wrote:
Does this also happen with an invalid email address or an incorrect password?
What about the Unsubscribe or Remind buttons?
Does this just happen for one list or for others, e.g. the mailman
list?
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
![](https://secure.gravatar.com/avatar/7ab1a8883096c5d0332865b9ef4570f5.jpg?s=120&d=mm&r=g)
Thanks for responding Mark. Interesting results below.
Quoting Mark Sapiro (mark@msapiro.net):
Does this also happen with an invalid email address or an incorrect password?
For this list, yes. Any of the three actions on the Subscription Options page results in the same error. Either a legitimate user/pass pair, or an incorrect one; a legitimate member address or a non-subscribed one.
What about the Unsubscribe or Remind buttons?
Same. End of script output errors in Apache logs, 500 page displayed.
Does this just happen for one list or for others, e.g. the
mailman
list?
Interestingly, the only other list this server supports works just fine - the Subscription Options page actions all perform as they should, with legit user/passwords, incorrect ones, unsub and reminder all functioning as expected without error.
So this points to an issue with the one list I assume? It's much, much larger than the one with the subscription options working. Where do I go next?
![](https://secure.gravatar.com/avatar/56f108518d7ee2544412cc80978e3182.jpg?s=120&d=mm&r=g)
On 11/29/24 7:48 AM, ddewey@cyberthugs.com wrote:
I'm surprised nothing is logged in Mailman's error.log.
What happens if you run Mailman's
bin/config_list -o - LISTNAME
Does this throw an exception with a traceback? If not, how about
bin/config_list -i /dev/null LISTNAME
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
![](https://secure.gravatar.com/avatar/7ab1a8883096c5d0332865b9ef4570f5.jpg?s=120&d=mm&r=g)
Quoting Mark Sapiro (mark@msapiro.net):
I'm surprised nothing is logged in Mailman's error.log.
Nothing abnormal or related, just the expected 'no such list' listname typos etc. So logging is working, just not logging anything interesting for this issue.
Both commands return as expected - the first the long list of config values, and the second just returns after updating the timestamp on the list files. I ran both commands against all current lists and a couple of disused/test lists as well. All produced the same output.
Definitely a weird one. Really appreciate the help Mark.
![](https://secure.gravatar.com/avatar/56f108518d7ee2544412cc80978e3182.jpg?s=120&d=mm&r=g)
On November 30, 2024 8:10:10 AM PST, ddewey@cyberthugs.com wrote:
Is there a custom options.html template in Mailman's lists/listname/en (assuming English language) directory?
-- Mark Sapiro <mark@msapiro.net> Sent from my Not_an_iThing with standards compliant, open source software.
![](https://secure.gravatar.com/avatar/7ab1a8883096c5d0332865b9ef4570f5.jpg?s=120&d=mm&r=g)
Quoting Mark Sapiro (mark@msapiro.net):
Is there a custom options.html template in Mailman's lists/listname/en (assuming English language) directory?
There is. It's essentially the standard template, with some font color changes and some removed bits. I tried removing the template, and that didn't seem to have any effect (is this cached somewhere)? I'm happy to share that template if it will help.
However, I did go to another list's options page and tried again to log in, send password reminders etc. It worked, other than trying to send a password reminder to a non-existent email address ALSO resulted in the server error / "End of script output before headers: options" issue. I thought I had tested all of these cases before, and maybe had, but at least this time I can replicate it with another list. This second list does NOT have a custom options.html.
At this point, with a new MM3 server coming online sometime in the next month or two, it might not be worth chasing this - it's certainly perplexing though, and I would like to fix it if possible. I'll have to manually help users through changes they'd like made until I transition which isn't' the end of the world.
![](https://secure.gravatar.com/avatar/56f108518d7ee2544412cc80978e3182.jpg?s=120&d=mm&r=g)
On November 30, 2024 11:27:58 AM PST, ddewey@cyberthugs.com wrote:
My thought was that the post request never got to Mailman because of some issue with the action URL in the form tag, but if a password reminder got sent in spite of the End of script
error, that's not it. Compare your Mailman/Cgi/options.py to <https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/head:/Mailman/...>. Do they match?
-- Mark Sapiro <mark@msapiro.net> Sent from my Not_an_iThing with standards compliant, open source software.
![](https://secure.gravatar.com/avatar/56f108518d7ee2544412cc80978e3182.jpg?s=120&d=mm&r=g)
On November 30, 2024 2:07:54 PM PST, Mark Sapiro <mark@msapiro.net> wrote:
Compare your Mailman/Cgi/options.py to <https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/head:/Mailman/...>. Do they match?
They won't match because there have been changes since 2.1.39, but I think this may be <https://bugs.launchpad.net/mailman/+bug/1961762> the fix for which is one of those.
-- Mark Sapiro <mark@msapiro.net> Sent from my Not_an_iThing with standards compliant, open source software.
![](https://secure.gravatar.com/avatar/56f108518d7ee2544412cc80978e3182.jpg?s=120&d=mm&r=g)
While you could just copy https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/head:/Mailman/... to your installation, if you don't want to do that, this patch against the 2.1.39 base should fix https://bugs.launchpad.net/mailman/+bug/1961762 ``` --- Mailman/Cgi/options.py 2021-11-24 03:38:19 +0000 +++ Mailman/Cgi/options.py 2022-02-22 18:10:03 +0000 @@ -169,8 +169,9 @@ if not mlist.isMember(user): if mlist.private_roster == 0: doc.addError(_('No such member: %(safeuser)s.')) - loginpage(mlist, doc, None, language) - print doc.Format() + user = None + loginpage(mlist, doc, user, language) + print doc.Format() return # Avoid cross-site scripting attacks ``` -- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
![](https://secure.gravatar.com/avatar/56f108518d7ee2544412cc80978e3182.jpg?s=120&d=mm&r=g)
On 11/28/24 11:13 AM, ddewey@cyberthugs.com wrote:
Does this also happen with an invalid email address or an incorrect password?
What about the Unsubscribe or Remind buttons?
Does this just happen for one list or for others, e.g. the mailman
list?
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
![](https://secure.gravatar.com/avatar/7ab1a8883096c5d0332865b9ef4570f5.jpg?s=120&d=mm&r=g)
Thanks for responding Mark. Interesting results below.
Quoting Mark Sapiro (mark@msapiro.net):
Does this also happen with an invalid email address or an incorrect password?
For this list, yes. Any of the three actions on the Subscription Options page results in the same error. Either a legitimate user/pass pair, or an incorrect one; a legitimate member address or a non-subscribed one.
What about the Unsubscribe or Remind buttons?
Same. End of script output errors in Apache logs, 500 page displayed.
Does this just happen for one list or for others, e.g. the
mailman
list?
Interestingly, the only other list this server supports works just fine - the Subscription Options page actions all perform as they should, with legit user/passwords, incorrect ones, unsub and reminder all functioning as expected without error.
So this points to an issue with the one list I assume? It's much, much larger than the one with the subscription options working. Where do I go next?
![](https://secure.gravatar.com/avatar/56f108518d7ee2544412cc80978e3182.jpg?s=120&d=mm&r=g)
On 11/29/24 7:48 AM, ddewey@cyberthugs.com wrote:
I'm surprised nothing is logged in Mailman's error.log.
What happens if you run Mailman's
bin/config_list -o - LISTNAME
Does this throw an exception with a traceback? If not, how about
bin/config_list -i /dev/null LISTNAME
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
![](https://secure.gravatar.com/avatar/7ab1a8883096c5d0332865b9ef4570f5.jpg?s=120&d=mm&r=g)
Quoting Mark Sapiro (mark@msapiro.net):
I'm surprised nothing is logged in Mailman's error.log.
Nothing abnormal or related, just the expected 'no such list' listname typos etc. So logging is working, just not logging anything interesting for this issue.
Both commands return as expected - the first the long list of config values, and the second just returns after updating the timestamp on the list files. I ran both commands against all current lists and a couple of disused/test lists as well. All produced the same output.
Definitely a weird one. Really appreciate the help Mark.
![](https://secure.gravatar.com/avatar/56f108518d7ee2544412cc80978e3182.jpg?s=120&d=mm&r=g)
On November 30, 2024 8:10:10 AM PST, ddewey@cyberthugs.com wrote:
Is there a custom options.html template in Mailman's lists/listname/en (assuming English language) directory?
-- Mark Sapiro <mark@msapiro.net> Sent from my Not_an_iThing with standards compliant, open source software.
![](https://secure.gravatar.com/avatar/7ab1a8883096c5d0332865b9ef4570f5.jpg?s=120&d=mm&r=g)
Quoting Mark Sapiro (mark@msapiro.net):
Is there a custom options.html template in Mailman's lists/listname/en (assuming English language) directory?
There is. It's essentially the standard template, with some font color changes and some removed bits. I tried removing the template, and that didn't seem to have any effect (is this cached somewhere)? I'm happy to share that template if it will help.
However, I did go to another list's options page and tried again to log in, send password reminders etc. It worked, other than trying to send a password reminder to a non-existent email address ALSO resulted in the server error / "End of script output before headers: options" issue. I thought I had tested all of these cases before, and maybe had, but at least this time I can replicate it with another list. This second list does NOT have a custom options.html.
At this point, with a new MM3 server coming online sometime in the next month or two, it might not be worth chasing this - it's certainly perplexing though, and I would like to fix it if possible. I'll have to manually help users through changes they'd like made until I transition which isn't' the end of the world.
![](https://secure.gravatar.com/avatar/56f108518d7ee2544412cc80978e3182.jpg?s=120&d=mm&r=g)
On November 30, 2024 11:27:58 AM PST, ddewey@cyberthugs.com wrote:
My thought was that the post request never got to Mailman because of some issue with the action URL in the form tag, but if a password reminder got sent in spite of the End of script
error, that's not it. Compare your Mailman/Cgi/options.py to <https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/head:/Mailman/...>. Do they match?
-- Mark Sapiro <mark@msapiro.net> Sent from my Not_an_iThing with standards compliant, open source software.
![](https://secure.gravatar.com/avatar/56f108518d7ee2544412cc80978e3182.jpg?s=120&d=mm&r=g)
On November 30, 2024 2:07:54 PM PST, Mark Sapiro <mark@msapiro.net> wrote:
Compare your Mailman/Cgi/options.py to <https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/head:/Mailman/...>. Do they match?
They won't match because there have been changes since 2.1.39, but I think this may be <https://bugs.launchpad.net/mailman/+bug/1961762> the fix for which is one of those.
-- Mark Sapiro <mark@msapiro.net> Sent from my Not_an_iThing with standards compliant, open source software.
![](https://secure.gravatar.com/avatar/56f108518d7ee2544412cc80978e3182.jpg?s=120&d=mm&r=g)
While you could just copy https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/head:/Mailman/... to your installation, if you don't want to do that, this patch against the 2.1.39 base should fix https://bugs.launchpad.net/mailman/+bug/1961762 ``` --- Mailman/Cgi/options.py 2021-11-24 03:38:19 +0000 +++ Mailman/Cgi/options.py 2022-02-22 18:10:03 +0000 @@ -169,8 +169,9 @@ if not mlist.isMember(user): if mlist.private_roster == 0: doc.addError(_('No such member: %(safeuser)s.')) - loginpage(mlist, doc, None, language) - print doc.Format() + user = None + loginpage(mlist, doc, user, language) + print doc.Format() return # Avoid cross-site scripting attacks ``` -- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
participants (2)
-
ddewey@cyberthugs.com
-
Mark Sapiro