[Mailman-Users] mailman upgrade -> bug
Olivier Nibart
olivier at naya-tec.com
Fri Feb 18 11:46:16 CET 2005
Hi,
I've sent a mail to the package maintener 3 days ago, with no answer for
the moment.
As Brad said, they mis-applied the patch.
Ax the system saiys, the problem comes from the SLASH variable that is
not set :
admin(20327): parts = [x for x in path.split(SLASH) if x not in
('.', '..')]admin(20327): NameError: global name 'SLASH' is not defined
To correct it, do as follows :
- edit the file /usr/lib/mailman/Mailman/Cgi/private.py and replace
(SLASH) by ('/')
You should now see :
[..]
# Set up i18n. Until we know which list is being requested, we use the
# server's default.
_ = i18n._
i18n.set_language(mm_cfg.DEFAULT_SERVER_LANGUAGE)
def true_path(path):
"Ensure that the path is safe by removing .."
parts = [x for x in path.split('/') if x not in ('.', '..')]
return '/'.join(parts)[1:]
[..]
- run dpkg-reconfigure mailman : this will force python to 'recompile'
the file (there is probably a more elegant way to do it, but this one
works).
That should do the trick.
Note that re-applying the patch should not work because the private.py
had already been modified. It's only a guess.
Brad Knowles wrote:
> At 12:26 AM +0100 2005-02-15, denis wrote:
>
>> I have made the security upgrade on debian to mailman version 2.1.5-6.
>>
>> And now, i have a bug in all the archives.
>>
>> Is it possible to fix that ?
>
>
> Looks like someone mis-applied the patch at
> <http://www.list.org/CAN-2005-0202.txt>. Try re-applying it correctly.
>
--
olivier
--=ooOoo=--
olivier at naya-tec.com (Olivier Nibart)
http://www.naya-tec.com
gsm: +32 472 514 103
More information about the Mailman-Users
mailing list