From tkikuchi at is.kochi-u.ac.jp Sun May 1 04:38:42 2011 From: tkikuchi at is.kochi-u.ac.jp (Tokio Kikuchi) Date: Sun, 01 May 2011 02:38:42 -0000 Subject: [Bug 774588] [NEW] recent change in Utils.websafe() breaks Japanese (and other double-byte language) texts References: <20110501023842.27543.2010.malonedeb@wampee.canonical.com> Message-ID: <20110501023842.27543.2010.malonedeb@wampee.canonical.com> Public bug reported: Utils.websafe() escapes characters like < and >. Recent change in this function added 8bit characters like \xbc and \xbe as 'dangerous' characters. This breaks Japanese text display because they appear as a part of double-byte characters. Because these characters are only 'dangerous' for old browsers, I suggest reverting the change or at least making configurable whether the site administrator apply changes or not. ** Affects: mailman Importance: Undecided Status: New -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/774588 Title: recent change in Utils.websafe() breaks Japanese (and other double- byte language) texts From mark at msapiro.net Sun May 1 06:01:07 2011 From: mark at msapiro.net (Mark Sapiro) Date: Sun, 01 May 2011 04:01:07 -0000 Subject: [Bug 774588] Re: recent change in Utils.websafe() breaks Japanese (and other double-byte language) texts References: <20110501023842.27543.2010.malonedeb@wampee.canonical.com> Message-ID: <20110501040107.30624.52124.malone@chaenomeles.canonical.com> Thank you for the report. I will make this conditional with the default to not do it. ** Changed in: mailman Importance: Undecided => Medium ** Changed in: mailman Status: New => Triaged ** Changed in: mailman Milestone: None => 2.1.15 ** Changed in: mailman Assignee: (unassigned) => Mark Sapiro (msapiro) -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/774588 Title: recent change in Utils.websafe() breaks Japanese (and other double- byte language) texts From mark at msapiro.net Sun May 1 18:24:37 2011 From: mark at msapiro.net (Mark Sapiro) Date: Sun, 01 May 2011 16:24:37 -0000 Subject: [Bug 774588] Re: recent change in Utils.websafe() breaks Japanese (and other double-byte language) texts References: <20110501023842.27543.2010.malonedeb@wampee.canonical.com> Message-ID: <20110501162437.29908.21658.launchpad@chaenomeles.canonical.com> ** Changed in: mailman Status: Triaged => Fix Committed -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/774588 Title: recent change in Utils.websafe() breaks Japanese (and other double- byte language) texts From tkikuchi at is.kochi-u.ac.jp Mon May 2 04:40:59 2011 From: tkikuchi at is.kochi-u.ac.jp (Tokio Kikuchi) Date: Mon, 02 May 2011 02:40:59 -0000 Subject: [Bug 775294] [NEW] Set lifetime for input forms References: <20110502024059.28344.3483.malonedeb@wampee.canonical.com> Message-ID: <20110502024059.28344.3483.malonedeb@wampee.canonical.com> *** This bug is a security vulnerability *** Private security bug reported: We may have to set lifetime for input forms because of recent activities on cross-site request forgery (CSRF). The form lifetime is successfully deployed in frameworks like web.py or plone etc. Proposed branch lp:~tkikuchi/mailman/form-lifetime implement lifetime in admin, admindb, options and edithtml interfaces. Other forms like create and rmlist have confirmation by password thus are safe regarding CSRF. The form generation time is set by a hidden parameter whose value is calculated following the mailman cookie algorithm. The default lifetime is set 1 hour in Default.py thus configurable by a site administrator. If a password is set in request, authorization cookie is discarded so the password authentication is forced. Wget tricks to manage list in FAQ can be used as they are now. ** Affects: mailman Importance: Undecided Status: New ** Branch linked: lp:~tkikuchi/mailman/form-lifetime -- You received this bug notification because you are a member of Mailman Coders, which is a direct subscriber. https://bugs.launchpad.net/bugs/775294 Title: Set lifetime for input forms From 776122 at bugs.launchpad.net Tue May 3 07:30:25 2011 From: 776122 at bugs.launchpad.net (Richard Wackerbarth) Date: Tue, 03 May 2011 05:30:25 -0000 Subject: [Bug 776122] [NEW] Bootstrap phase of setup fails References: <20110503053025.22971.40792.malonedeb@wampee.canonical.com> Message-ID: <20110503053025.22971.40792.malonedeb@wampee.canonical.com> Public bug reported: When attempting to build MM3 from source, the buildout phase of the bootstrap fails. The code cannot recognize the version number of the MM source. This is because the regular expression in setup.py is looking for the version to be enclosed by ", but the version.py file uses '. ** Affects: mailman Importance: Undecided Status: New ** Tags: mm3 -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/776122 Title: Bootstrap phase of setup fails From mark at msapiro.net Thu May 5 21:55:21 2011 From: mark at msapiro.net (Mark Sapiro) Date: Thu, 05 May 2011 19:55:21 -0000 Subject: [Bug 778088] [NEW] User can set a password with trailing whitespace which prevents login. References: <20110505195521.20266.58367.malonedeb@soybean.canonical.com> Message-ID: <20110505195521.20266.58367.malonedeb@soybean.canonical.com> Public bug reported: Both the subscribe CGI and the user options CGI allow setting a password with trailing whitespace, but options login strips the trailing whitespace before validating. Thus, the user can't log in to the options page. ** Affects: mailman Importance: Medium Assignee: Mark Sapiro (msapiro) Status: Triaged -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/778088 Title: User can set a password with trailing whitespace which prevents login. From 778687 at bugs.launchpad.net Fri May 6 20:51:52 2011 From: 778687 at bugs.launchpad.net (Richard Wackerbarth) Date: Fri, 06 May 2011 18:51:52 -0000 Subject: [Bug 778687] [NEW] Invalid roster upon initial list creation References: <20110506185152.19505.36492.malonedeb@wampee.canonical.com> Message-ID: <20110506185152.19505.36492.malonedeb@wampee.canonical.com> Public bug reported: GNU Mailman 3.0.0a7+ (Where's My Thing?) -- bzr=7005 When executing bin/mailman create -domain=True example at throwaway.domain, the example-owner get populated with an entry INSERT INTO "address" VALUES(1,'main=true','main=True','',NULL,'2005-08-01 07:49:23',1,2); The roster should be empty. ** Affects: mailman Importance: Undecided Status: New ** Tags: mailman3 -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/778687 Title: Invalid roster upon initial list creation From 778688 at bugs.launchpad.net Fri May 6 20:56:24 2011 From: 778688 at bugs.launchpad.net (Richard Wackerbarth) Date: Fri, 06 May 2011 18:56:24 -0000 Subject: [Bug 778688] [NEW] Invalid entry in owner roster causes infinite loop References: <20110506185624.8614.23716.malonedeb@chaenomeles.canonical.com> Message-ID: <20110506185624.8614.23716.malonedeb@chaenomeles.canonical.com> Public bug reported: If there is an error in the owners roster, a message sent to that roster bounces to the same list generating another (longer) bounce message which also bounces to the same roster, ad nausium. ** Affects: mailman Importance: Undecided Status: New ** Tags: mailman3 -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/778688 Title: Invalid entry in owner roster causes infinite loop From 778687 at bugs.launchpad.net Sat May 7 15:23:06 2011 From: 778687 at bugs.launchpad.net (Richard Wackerbarth) Date: Sat, 07 May 2011 13:23:06 -0000 Subject: [Bug 778687] Re: Invalid roster upon initial list creation References: <20110506185152.19505.36492.malonedeb@wampee.canonical.com> Message-ID: <20110507132306.18232.56367.malone@gac.canonical.com> This is caused by my bad command line. However, it does bring up the issue that we should not accept invalid email addresses into the database. Also, the creation date is wrong. -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/778687 Title: Invalid roster upon initial list creation From tkikuchi at is.kochi-u.ac.jp Mon May 9 08:51:57 2011 From: tkikuchi at is.kochi-u.ac.jp (Tokio Kikuchi) Date: Mon, 09 May 2011 06:51:57 -0000 Subject: [Bug 779751] [NEW] admindb fail to find message charset References: <20110509065157.18232.19189.malonedeb@gac.canonical.com> Message-ID: <20110509065157.18232.19189.malonedeb@gac.canonical.com> Public bug reported: admindb.py displays held message excerpt but fails to get proper message charset, leading unreadable text excerpts especially for languages using multi-byte code. Attached patch solves this problem by finding the first charset in multipart message, which is used in Decorate.py etc. ** Affects: mailman Importance: Undecided Status: New -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/779751 Title: admindb fail to find message charset From tkikuchi at is.kochi-u.ac.jp Mon May 9 08:51:57 2011 From: tkikuchi at is.kochi-u.ac.jp (Tokio Kikuchi) Date: Mon, 09 May 2011 06:51:57 -0000 Subject: [Bug 779751] Re: admindb fail to find message charset References: <20110509065157.18232.19189.malonedeb@gac.canonical.com> Message-ID: <20110509065158.18232.30795.malone@gac.canonical.com> ** Patch added: "admindb.py.msgcset-patch.txt" https://bugs.launchpad.net/bugs/779751/+attachment/2120743/+files/admindb.py.msgcset-patch.txt -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/779751 Title: admindb fail to find message charset From mark at msapiro.net Tue May 10 09:04:55 2011 From: mark at msapiro.net (Mark Sapiro) Date: Tue, 10 May 2011 07:04:55 -0000 Subject: [Bug 779751] Re: admindb fail to find message charset References: <20110509065157.18232.19189.malonedeb@gac.canonical.com> Message-ID: <20110510070455.18354.23316.malone@gac.canonical.com> Tokio, I'm glad you are having time to work on Mailman again. Welcome back. Your help is valuable, especially with non-western character sets. Regarding this issue, I see the problem and I see what your patch does, but I wonder if it would be better if rather than looking at the first part with a charset, if we looked at the first main type text part. If it has a charset, the result will be the same either way, but if not, maybe we should use us-ascii rather than the charset of some later part. I.e. + # We get it from the first text part + for part in msg.walk(): + if part.get_content_maintype() == 'text': + mcset = part.get_content_charset('us-ascii') + break + else: + mcset = 'us-ascii' I am thinking of the possibility of a message with an undeclared us-ascii body and an attachment encoded in some other character set. Of course, if the other character set is a superset of us-ascii, it would still be OK to use it, and even in a, hopefully rare, case where it didn't, the moderator could always forward the message to himself to see it, so maybe it doesn't matter much. What do you think? -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/779751 Title: admindb fail to find message charset From mark at msapiro.net Tue May 10 09:07:21 2011 From: mark at msapiro.net (Mark Sapiro) Date: Tue, 10 May 2011 07:07:21 -0000 Subject: [Bug 779751] Re: admindb fail to find message charset References: <20110509065157.18232.19189.malonedeb@gac.canonical.com> Message-ID: <20110510070721.19376.93437.malone@gac.canonical.com> Indentation is lost in comment 2. It should be +....# We get it from the first text part +....for part in msg.walk(): +........if part.get_content_maintype() == 'text': +............mcset = part.get_content_charset('us-ascii') +............break +....else: +........mcset = 'us-ascii' -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/779751 Title: admindb fail to find message charset From tkikuchi at is.kochi-u.ac.jp Wed May 11 02:53:19 2011 From: tkikuchi at is.kochi-u.ac.jp (Tokio Kikuchi) Date: Wed, 11 May 2011 00:53:19 -0000 Subject: [Bug 779751] Re: admindb fail to find message charset References: <20110509065157.18232.19189.malonedeb@gac.canonical.com> Message-ID: <20110511005319.18742.6886.malone@gac.canonical.com> Hi, Mark. Your modification to the patch looks reasonable. I should have used get_content_charset() instead of get_param(), at the least. -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/779751 Title: admindb fail to find message charset From mark at msapiro.net Wed May 11 04:15:53 2011 From: mark at msapiro.net (Mark Sapiro) Date: Wed, 11 May 2011 02:15:53 -0000 Subject: [Bug 779751] Re: admindb fail to find message charset References: <20110509065157.18232.19189.malonedeb@gac.canonical.com> Message-ID: <20110511021554.25852.30711.malone@soybean.canonical.com> I made one additional change to the patch. Instead of "mcset = part.get_content_charset('us-ascii')", I do "mcset = part.get_content_charset() or 'us-ascii'" as in Decorate.py to allow for charset= with no value. ** Changed in: mailman Importance: Undecided => Medium ** Changed in: mailman Status: New => Fix Committed ** Changed in: mailman Milestone: None => 2.1.15 ** Changed in: mailman Assignee: (unassigned) => Mark Sapiro (msapiro) -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/779751 Title: admindb fail to find message charset From question157154 at answers.launchpad.net Thu May 12 07:31:00 2011 From: question157154 at answers.launchpad.net (arky) Date: Thu, 12 May 2011 05:31:00 -0000 Subject: [Question #157154]: How to disable a list temporarily ? Message-ID: <20110512053100.21085.25006.launchpad@loganberry.canonical.com> New question #157154 on mailman in Ubuntu: https://answers.launchpad.net/ubuntu/+source/mailman/+question/157154 How do I disable a list temporarily. I don't want to delete it but disallow access to it (via email or HTTP) -- You received this question notification because you are a member of Mailman Coders, which is an answer contact for mailman in Ubuntu. From hitmanarky at gmail.com Thu May 12 07:26:43 2011 From: hitmanarky at gmail.com (arky) Date: Thu, 12 May 2011 05:26:43 -0000 Subject: [Bug 781487] [NEW] Fails to process Vietnamese Characters in email links References: <20110512052643.29624.71860.malonedeb@wampee.canonical.com> Message-ID: <20110512052643.29624.71860.malonedeb@wampee.canonical.com> Public bug reported: Mailman (2.1.9) fails to process emails with Vietnamese charasets. Testcase: 1) http://ngocentre.org.vn/mailman/listinfo/wildtrade 2) Copy T?@gmail.com in Unsubscribe and edit Options and press submit. 3) You will get the following error Error: Illegal Email Address: Tú@gmail.com If the email address have words such then mailman spews out 'We've hit a bug' page. Sample Vietname names for testing purpose: Tr?n ?? Huy?n V? Ph??ng T? ** Affects: mailman Importance: Undecided Status: New -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/781487 Title: Fails to process Vietnamese Characters in email links From question157154 at answers.launchpad.net Thu May 12 20:01:36 2011 From: question157154 at answers.launchpad.net (Mark Sapiro) Date: Thu, 12 May 2011 18:01:36 -0000 Subject: [Question #157154]: How to disable a list temporarily ? Message-ID: <20110512180136.21704.13457.launchpad@loganberry.canonical.com> Question #157154 on mailman in Ubuntu changed: https://answers.launchpad.net/ubuntu/+source/mailman/+question/157154 Status: Open => Answered Mark Sapiro proposed the following answer: Just 'chmod 000 lists/LISTNAME', and when you want to re-enable the list, 'chmod 2775 lists/LISTNAME'. If the list has public archives and you want to disable access to them, 'rm archives/public/LISTNAME*'. When you re-enable the list, these symlinks will be automatically recreated when you access the list. Depending on your MTA, you may want to remove the list's aliases. -- You received this question notification because you are a member of Mailman Coders, which is an answer contact for mailman in Ubuntu. From mark at msapiro.net Thu May 12 20:43:43 2011 From: mark at msapiro.net (Mark Sapiro) Date: Thu, 12 May 2011 18:43:43 -0000 Subject: [Bug 781487] Re: Fails to process Vietnamese Characters in email links References: <20110512052643.29624.71860.malonedeb@wampee.canonical.com> Message-ID: <20110512184343.11698.1148.malone@chaenomeles.canonical.com> T?@gmail.com is not a valid email address, at least for SMTP. The various SMTP and message format RFCs (821, 822, 2821, 2822, 5321 and 5322) all require that email addresses contain only us-ascii characters. There are extensions such as RFC 2047 and RFC 2231 that specify encoding for non-ascii characters in email message headers, but RFC 2047 at least is clear that email addresses can't be encoded, and in any case, these apply only to headers in message text, not to email addresses in SMTP MAIL FROM and RCPT TO commands. The fact that the invalid email address is reported as "Error: Illegal Email Address: Tú@gmail.com" and not "Error: Illegal Email Address: T?@gmail.com" is due to overprotecting against XSS attacks resulting of double-escaping of the & character. This is fixed in 2.1.13. I am unable to duplicate "If the email address have words such then mailman spews out 'We've hit a bug' page." even at . Please be more specific as to exactly what is entered where to produce this, and if possible provide the traceback from Mailman's error log. -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/781487 Title: Fails to process Vietnamese Characters in email links From tkikuchi at is.kochi-u.ac.jp Sat May 14 03:24:57 2011 From: tkikuchi at is.kochi-u.ac.jp (Tokio Kikuchi) Date: Sat, 14 May 2011 01:24:57 -0000 Subject: [Bug 782474] [NEW] Re-design the mailman favicon References: <20110514012457.16559.55138.malonedeb@chaenomeles.canonical.com> Message-ID: <20110514012457.16559.55138.malonedeb@chaenomeles.canonical.com> Public bug reported: The new mailman logo is very nice and cool. But, the reduced favicon (mm-icon.png) looks rather shabby because of its limited size and resolution. I redesigned the favicon by emphasizing the feature of crescent like lines. I also make it a 'true' windows icon format so you can put it on your desk top and make a link to your mailman site. ** Affects: mailman Importance: Undecided Status: New -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/782474 Title: Re-design the mailman favicon From tkikuchi at is.kochi-u.ac.jp Sat May 14 03:24:57 2011 From: tkikuchi at is.kochi-u.ac.jp (Tokio Kikuchi) Date: Sat, 14 May 2011 01:24:57 -0000 Subject: [Bug 782474] Re: Re-design the mailman favicon References: <20110514012457.16559.55138.malonedeb@chaenomeles.canonical.com> Message-ID: <20110514012458.16559.37521.malone@chaenomeles.canonical.com> ** Attachment added: "Windows Icon format mailman favicon" https://bugs.launchpad.net/bugs/782474/+attachment/2127688/+files/mm-icon.ico -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/782474 Title: Re-design the mailman favicon From david.c.sterratt at ed.ac.uk Mon May 16 12:33:56 2011 From: david.c.sterratt at ed.ac.uk (David Sterratt) Date: Mon, 16 May 2011 10:33:56 -0000 Subject: [Bug 266727] Re: Export list members References: <20080905194230.1806.50794.launchpad@forster.canonical.com> Message-ID: <20110516103357.5461.29736.launchpad@wampee.canonical.com> *** This bug is a duplicate of bug 266867 *** https://bugs.launchpad.net/bugs/266867 ** This bug has been marked a duplicate of bug 266867 Membership List for Web Interface * You can subscribe to bug 266867 by following this link: https://bugs.launchpad.net/mailman/+bug/266867/+subscribe -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/266727 Title: Export list members From mark at msapiro.net Mon May 16 18:48:28 2011 From: mark at msapiro.net (Mark Sapiro) Date: Mon, 16 May 2011 16:48:28 -0000 Subject: [Bug 266841] Re: export member list in web interface References: <20080905194302.1806.97735.launchpad@forster.canonical.com> Message-ID: <20110516164829.13707.71648.launchpad@chaenomeles.canonical.com> *** This bug is a duplicate of bug 266867 *** https://bugs.launchpad.net/bugs/266867 ** This bug has been marked a duplicate of bug 266867 Membership List for Web Interface * You can subscribe to bug 266867 by following this link: https://bugs.launchpad.net/mailman/+bug/266867/+subscribe -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/266841 Title: export member list in web interface From tkikuchi at is.kochi-u.ac.jp Sat May 21 03:21:23 2011 From: tkikuchi at is.kochi-u.ac.jp (Tokio Kikuchi) Date: Sat, 21 May 2011 01:21:23 -0000 Subject: [Bug 782474] Re: Re-design the mailman favicon References: <20110514012457.16559.55138.malonedeb@chaenomeles.canonical.com> Message-ID: <20110521012123.21949.46606.malone@wampee.canonical.com> I made (yet) another icon in larger format suitable for Windows desktop. :-) ** Attachment added: "Mailman Windows icon" https://bugs.launchpad.net/mailman/+bug/782474/+attachment/2137007/+files/mm-icon-large.ico -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/782474 Title: Re-design the mailman favicon From 786932 at bugs.launchpad.net Mon May 23 12:55:28 2011 From: 786932 at bugs.launchpad.net (Cedders) Date: Mon, 23 May 2011 10:55:28 -0000 Subject: [Bug 786932] [NEW] Feature request: Option to trust list owners' HTML References: <20110523105528.826.82930.malonedeb@wampee.canonical.com> Message-ID: <20110523105528.826.82930.malonedeb@wampee.canonical.com> Public bug reported: List owners may want to edit the list information or subscribe pages to link to CSS or JS on a main site, to use a standard style or do form validation, for example. The checks against cross-site scripting prevent this, and the text suggesting shell access may be inappropriate. The site admin may trust the list owners, but it may not be desirable for privacy or firewall reasons to give them SSH access to the Mailman server. (previously suggested on bug 266273) It would therefore be very useful to have a global option to turn off the XSS checking as needed. A simple patch is attached to provide this option. I didn't find existing translations for the relevant error messages (in French or Spanish at least). ** Affects: mailman Importance: Undecided Status: New -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/786932 Title: Feature request: Option to trust list owners' HTML From 786932 at bugs.launchpad.net Mon May 23 12:55:28 2011 From: 786932 at bugs.launchpad.net (Cedders) Date: Mon, 23 May 2011 10:55:28 -0000 Subject: [Bug 786932] Re: Feature request: Option to trust list owners' HTML References: <20110523105528.826.82930.malonedeb@wampee.canonical.com> Message-ID: <20110523105529.826.79900.malone@wampee.canonical.com> ** Patch added: "patch to add option to allow owner's HTML and scripts" https://bugs.launchpad.net/bugs/786932/+attachment/2139514/+files/mailman-tolerant-edit-setting.patch -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/786932 Title: Feature request: Option to trust list owners' HTML From amedee-launchpad at amedee.be Mon May 23 15:29:52 2011 From: amedee-launchpad at amedee.be (Amedee Van Gasse) Date: Mon, 23 May 2011 13:29:52 -0000 Subject: [Bug 266821] Re: privacy hole in password reminder References: <20080905194256.1806.8914.launchpad@forster.canonical.com> Message-ID: <20110523132952.3340.89821.malone@soybean.canonical.com> The problem isn't plain text emailed passwords. The *real* problem is storing plain text passwords on the server that runs mailman. If that server gets compromised, the attacker has a list of email addresses and passwords. I guess you all heard about the recent problems with Sony's Playstation Network (PSN). One of the biggest problems there was that Sony stored plain text passwords. If you Google for "plain text passwords", you will see thousands of articles that advise against it, and none that recommend it. Storing plain text passwords in a database is a security antipattern. Passwords should always be one-way encrypted (hashed), and preferably well salted. This is a website that shames Plain Text Offenders: http://plaintextoffenders.com/ Mailman should be added to that website, and Ubuntu should add a very clear security warning to Mailman. Other (more secure) mailing list software should be advised, or a more secure (patched) version (MM 2.1, 3.0, whatever) should be used. Canonical/Ubuntu itself currently uses Mailman for it's community mailing lists (ubuntu-users etc...). This should be seriously evaluated. -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/266821 Title: privacy hole in password reminder From amedee-launchpad at amedee.be Mon May 23 15:37:21 2011 From: amedee-launchpad at amedee.be (Amedee Van Gasse) Date: Mon, 23 May 2011 13:37:21 -0000 Subject: [Bug 266821] Re: privacy hole in password reminder References: <20080905194256.1806.8914.launchpad@forster.canonical.com> Message-ID: <20110523133721.32075.32935.malone@chaenomeles.canonical.com> I am sorry, this appears to be the general Launchpad page for Mailman, not just Ubuntu's version of it. I got confused because a lot of Ubuntu happens on Launchpad, but there are other projects hosted here too. -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/266821 Title: privacy hole in password reminder From 787599 at bugs.launchpad.net Tue May 24 16:54:25 2011 From: 787599 at bugs.launchpad.net (benste) Date: Tue, 24 May 2011 14:54:25 -0000 Subject: [Bug 787599] [NEW] host_name ancient name for mail_host References: <20110524145425.22626.24657.malonedeb@wampee.canonical.com> Message-ID: <20110524145425.22626.24657.malonedeb@wampee.canonical.com> Public bug reported: please update the settings and core to support "mail_host" instead of "host_name" which is confusing in comparision to "web_host" The same thing needs to be done in the REST Api to support this change ** Affects: mailman Importance: Medium Assignee: Barry Warsaw (barry) Status: Confirmed ** Affects: mailmanweb Importance: Medium Status: Confirmed ** Also affects: mailmanweb Importance: Undecided Status: New ** Changed in: mailman Status: New => Opinion ** Changed in: mailmanweb Status: New => Opinion -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/787599 Title: host_name ancient name for mail_host From 787599 at bugs.launchpad.net Tue May 24 16:56:02 2011 From: 787599 at bugs.launchpad.net (Barry Warsaw) Date: Tue, 24 May 2011 14:56:02 -0000 Subject: [Bug 787599] Re: host_name ancient name for mail_host References: <20110524145425.22626.24657.malonedeb@wampee.canonical.com> Message-ID: <20110524145602.20760.82135.launchpad@gac.canonical.com> ** Changed in: mailmanweb Status: Opinion => Confirmed ** Changed in: mailmanweb Importance: Undecided => Medium ** Changed in: mailman Milestone: None => 3.0.0a8 ** Changed in: mailman Assignee: (unassigned) => Barry Warsaw (barry) ** Changed in: mailman Importance: Undecided => Medium ** Changed in: mailman Status: Opinion => Confirmed -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/787599 Title: host_name ancient name for mail_host From 787599 at bugs.launchpad.net Tue May 24 20:59:09 2011 From: 787599 at bugs.launchpad.net (benste) Date: Tue, 24 May 2011 18:59:09 -0000 Subject: [Bug 787599] Re: host_name ancient name for mail_host References: <20110524145425.22626.24657.malonedeb@wampee.canonical.com> Message-ID: <20110524185910.31884.18573.launchpad@chaenomeles.canonical.com> ** Tags added: mailman3 -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/787599 Title: host_name ancient name for mail_host From mark at msapiro.net Tue May 24 22:41:02 2011 From: mark at msapiro.net (Mark Sapiro) Date: Tue, 24 May 2011 20:41:02 -0000 Subject: [Bug 787790] [NEW] Scrubber can return raw message body for multipart message References: <20110524204102.22289.35363.malonedeb@wampee.canonical.com> Message-ID: <20110524204102.22289.35363.malonedeb@wampee.canonical.com> Public bug reported: If ARCHIVE_HTML_SANITIZER = 2 in mm_cfg.py, messages which are multipart after content filtering will appear as the raw (undecoded) message body in the plain format digest and in the archive. ** Affects: mailman Importance: Medium Assignee: Mark Sapiro (msapiro) Status: In Progress -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/787790 Title: Scrubber can return raw message body for multipart message From mark at msapiro.net Tue May 24 22:41:02 2011 From: mark at msapiro.net (Mark Sapiro) Date: Tue, 24 May 2011 20:41:02 -0000 Subject: [Bug 787790] Re: Scrubber can return raw message body for multipart message References: <20110524204102.22289.35363.malonedeb@wampee.canonical.com> Message-ID: <20110524204103.22289.68444.malone@wampee.canonical.com> ** Patch added: "Tentative fix" https://bugs.launchpad.net/bugs/787790/+attachment/2141484/+files/Scrubber.patch.txt -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/787790 Title: Scrubber can return raw message body for multipart message From 788309 at bugs.launchpad.net Wed May 25 22:00:17 2011 From: 788309 at bugs.launchpad.net (Richard Wackerbarth) Date: Wed, 25 May 2011 20:00:17 -0000 Subject: [Bug 788309] Re: Site configuration customization unnecessarily stored in tree References: <20110525200017.22488.6781.malonedeb@wampee.canonical.com> Message-ID: <20110525200018.22488.41275.malone@wampee.canonical.com> ** Patch added: "Patch i18n.py to move site template location." https://bugs.launchpad.net/bugs/788309/+attachment/2142692/+files/i18n_patch.txt -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/788309 Title: Site configuration customization unnecessarily stored in tree From 788309 at bugs.launchpad.net Wed May 25 22:00:17 2011 From: 788309 at bugs.launchpad.net (Richard Wackerbarth) Date: Wed, 25 May 2011 20:00:17 -0000 Subject: [Bug 788309] [NEW] Site configuration customization unnecessarily stored in tree References: <20110525200017.22488.6781.malonedeb@wampee.canonical.com> Message-ID: <20110525200017.22488.6781.malonedeb@wampee.canonical.com> Public bug reported: The i18n templates for site customization are specified to be in /site/ etc., a part of the tree, rather than being placed in (outside the tree) Solution, move them to /templates/site/ ** Affects: mailman Importance: Undecided Status: New ** Tags: mailman3 -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/788309 Title: Site configuration customization unnecessarily stored in tree From 788309 at bugs.launchpad.net Wed May 25 22:27:23 2011 From: 788309 at bugs.launchpad.net (Barry Warsaw) Date: Wed, 25 May 2011 20:27:23 -0000 Subject: [Bug 788309] Re: Site template search should look in var_dir References: <20110525200017.22488.6781.malonedeb@wampee.canonical.com> Message-ID: <20110525202723.4037.59662.malone@soybean.canonical.com> I changed the subject of this bug because actually I think it's fine for the in-tree site templates to still be searched, just that if the template exists in $var_dir, it should override. And this should be true of the domain templates as well. Thanks for the patch, and the bug report. Perhaps you'd like to refine the patch to match the new description? Also, if you could include unittests that would be great. ** Summary changed: - Site configuration customization unnecessarily stored in tree + Site template search should look in var_dir ** Summary changed: - Site template search should look in var_dir + Allow $var_dir templates to override in-tree templates ** Description changed: - The i18n templates for site customization are specified to be in - /site/ etc., a part of the tree, rather than being placed - in (outside the tree) - - Solution, move them to /templates/site/ + mailman.utilities.i18n.find()'s search algorithm only allows for list- + specific templates in $var_dir. The search algorithm should be extended + so that any of the domain, site, and language templates may be + overridden by $var_dir templates. It can still fallback to in-tree + templates if the $var_dir version is missing. ** Changed in: mailman Status: New => Confirmed ** Changed in: mailman Importance: Undecided => Medium ** Changed in: mailman Importance: Medium => Wishlist -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/788309 Title: Allow $var_dir templates to override in-tree templates From mark at msapiro.net Fri May 27 20:23:33 2011 From: mark at msapiro.net (Mark Sapiro) Date: Fri, 27 May 2011 18:23:33 -0000 Subject: [Bug 558123] Re: fix for [815297] signatures break References: <20100408090624.1687.79801.launchpad@loganberry.canonical.com> Message-ID: <20110527182333.28085.50207.launchpad@wampee.canonical.com> *** This bug is a duplicate of bug 265967 *** https://bugs.launchpad.net/bugs/265967 ** This bug has been marked a duplicate of bug 265967 Breaking signatures in message/rfc822 attachement! -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/558123 Title: fix for [815297] signatures break From 266263 at bugs.launchpad.net Mon May 30 23:33:00 2011 From: 266263 at bugs.launchpad.net (Joshua Cranmer) Date: Mon, 30 May 2011 21:33:00 -0000 Subject: [Bug 266263] Re: NNTP gatewaying trashes Message-IDs References: <20080905193013.27052.88735.launchpad@forster.canonical.com> Message-ID: <20110530213300.30577.6436.malone@chaenomeles.canonical.com> Here is my proposal for what to do: 1. Find all known mailing lists in the to/cc headers, and simultaneously crosspost to those newsgroups 2. Only rewrite a message ID if the news server has one on the server that does not represent this message. This means that all of the problems with message IDs should be limited to people who put the mailing lists in BCCs, or people who are sending to mailing lists on multiple servers that inject into NNTP in different places. I do not yet have a patch for either yet. -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/266263 Title: NNTP gatewaying trashes Message-IDs From 266263 at bugs.launchpad.net Mon May 30 23:13:05 2011 From: 266263 at bugs.launchpad.net (Joshua Cranmer) Date: Mon, 30 May 2011 21:13:05 -0000 Subject: [Bug 266263] Re: NNTP gatewaying trashes Message-IDs References: <20080905193013.27052.88735.launchpad@forster.canonical.com> Message-ID: <20110530211305.28013.79928.launchpad@wampee.canonical.com> ** Tags added: mailman3 -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/266263 Title: NNTP gatewaying trashes Message-IDs From 266263 at bugs.launchpad.net Tue May 31 00:35:50 2011 From: 266263 at bugs.launchpad.net (Ike) Date: Mon, 30 May 2011 22:35:50 -0000 Subject: [Bug 266263] Re: NNTP gatewaying trashes Message-IDs References: <20080905193013.27052.88735.launchpad@forster.canonical.com> Message-ID: <20110530223550.30945.92188.malone@chaenomeles.canonical.com> I solved this problem in another way. Someone wrote for me the SynFU- script: https://github.com/Shirk/SynFU It is a very good script for synchronizing mails between mailing lists and a newsserver. I'm using it on a system with more than 200 mailing lists and up to 1000 postings a day. -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/266263 Title: NNTP gatewaying trashes Message-IDs From flo.fuchs at gmail.com Tue May 31 18:23:25 2011 From: flo.fuchs at gmail.com (Florian Fuchs) Date: Tue, 31 May 2011 16:23:25 -0000 Subject: [Merge] lp:~flo-fuchs/mailman.client/settings into lp:mailman.client In-Reply-To: <20110403205827.21436.60592.launchpad@loganberry.canonical.com> Message-ID: <20110531162300.2521.79648.codereview@wampee.canonical.com> Review: Resubmit Hi, I've added a few changes to make the client compatible with the current Mailman3 alpha7. Member resources now use IDs instead of email adresses (on the API side). The client doesn't know this ID when provided with an email adress (for example to get membership information or to unsubscribe an email address from a list). In order to find the right ID, the client needs to iterate over the existing member roster. This probably isn't ideal, especially when lists have a large number of members. But it's probably not an issue that the client lib can solve differently... Thanks! Florian -- https://code.launchpad.net/~flo-fuchs/mailman.client/settings/+merge/56088 Your team Mailman Coders is subscribed to branch lp:mailman.client. From barry at canonical.com Tue May 31 20:19:23 2011 From: barry at canonical.com (Barry Warsaw) Date: Tue, 31 May 2011 18:19:23 -0000 Subject: [Merge] lp:~flo-fuchs/mailman.client/settings into lp:mailman.client In-Reply-To: <20110403205827.21436.60592.launchpad@loganberry.canonical.com> Message-ID: <20110531181854.18699.33737.codereview@chaenomeles.canonical.com> Review: Approve This looks great; a couple of comments: * See above for recommendations against u'' strings and for using print instead of returning strings directly in doctests. * Could you please open a bug (tagged with 'mailman3') on the need to expose an API call to look up a member-id given an email address? I'll make sure to expose that in a8. With the above consideration, I'll approve this change. Thanks! And feel free to land it. -- https://code.launchpad.net/~flo-fuchs/mailman.client/settings/+merge/56088 Your team Mailman Coders is subscribed to branch lp:mailman.client.