Partly addresses pkg/25165.
From the package's NEWS file:
2.1.14 (20-Sep-2010)
Security
- Two potential XSS vulnerabilities have been identified and fixed.
New Features
- A new feature for controlling the addition/replacement of the Sender:
header in outgoing mail has been implemented. This allows a list owner
to set include_sender_header on the list's General Options page in the
admin GUI. The default for this setting is Yes which preserves the prior
behavior of removing any pre-existing Sender: and setting it to the
list's -bounces address. Setting this to No stops Mailman from adding or
modifying the Sender: at all.
Additionally, there is a new Defaults.py/mm_cfg.py setting
ALLOW_SENDER_OVERRIDES which defaults to Yes but which can be set to No
to remove the include_sender_header setting from General Options, and
thus preserve the prior behavior completely.
- Bounce processing has been enhanced so that if a bounce is returned to a
list from a non-member who is a member of a regular_include_list, the
bounce will be processed as a bounce for the included list.
i18n
- Fixed a missing format character in the German bin/mailmanctl docstring.
- Updated Dutch translation from Jan Veuger.
- Updated Japanese Translation from Tokio Kikuchi.
- Updated Finnish translation from Joni Töyrylä.
- Made a few corrections to some Polish templates. Bug #566731.
- Made a minor change to the Chinese (China) message catalog. Bug #545772.
- Changed a few DOCTYPE directives in templates for compliance.
Bug #500952 and Bug #500955.
Bug Fixes and other patches
- Made minor wording improvements and typo corrections in some messages.
Bug #426979.
- Fixed i18n._() to catch exceptions due to bad formats. Bug #632660.
- Fixed admindb interface to decode base64 and quoted-printable encoded
message body excerpts for display. Bug #629738.
- Fixed web CGI tracebacks to properly report sys.path. Bug #615114.
- Changed the member options login page unsubscribe request to include the
requesters IP address in the confirmation request. Bug #610527.
- Changed fix_url to lock the list if not locked. Bug #610364.
- Made a minor change to the English subscribeack.txt (welcome message)
template to emphasize that a password is only required to unsubscribe
*without confirmation*.
- Fixed an issue in admindb that could result in a KeyError and "we hit a
bug" response when a moderator acts on a post that had been handled by
someone else after the first moderator had retrieved it. Bug #598671.
- Fixed a bug which would fail to show a list on the admin and listinfo
overview pages if its web_page_url contained a :port. Bug # 597741.
- Fixed bin/genaliases to not throw TypeError when MTA = None.
Bug #587657.
- Provided the ability to specify in mm_cfg.py a local domain (e.g.
'localhost') for the local addresses in the generated virtual-mailman
when MTA = 'Postfix'. See VIRTUAL_MAILMAN_LOCAL_DOMAIN in Defaults.py.
Bug #328907.
- Made a minor change to the removal of an Approved: pseudo-header from
a text/html alternative to allow for an inserted '\xA0' before the
password.
- Fixed Content Filtering collapse_alternatives to work on deeply nested
multipart/alternative parts. Bug #576675.
- We now accept/remove X-Approved: and X-Approve: headers in addition to
Approved: and Approve: for pre-approving posts. Bug #557750.
- Reordered the 'cancel' and 'subscribe' buttons on the subscription
confirmation web page so the default action upon 'enter' will be the
subscribe button in browsers that pick the first button. Bug #530654.
- Fixed a bug in the admindb interface that could apply a moderator
action to a message not displayed. Bug #533468.
- Added a traceback to the log message produced when processing the
digest.mbox throws an exception.
- Added a urlhost argument to the MailList.MailList.Create() method to
allow bin/newlist and the the create CGI to pass urlhost so the host
will be correct in the listinfo link on the emptyarchive page.
Bug #529100.
- Added the List-Post header to the default list of headers retained in
messages in the MIME digest. Bug #526143.
- When daemonizing mailmanctl, we now ensure terminal files are closed.
- Fixed a bug in pipermail archiving that caused fallback threading by
subject to fail. Bug #266572.
- We now give an HTTP 401 status for authentication failures from admin,
admindb, private, options and roster CGIs, and an HTTP 404 status from
all the CGIs for an invalid list name.
- Backported the listinfo template change from the 2.2 branch to fix
Bug #514050.
- Fixed a bug where going to an archives/private/list.mbox/list.mbox URL
would result in a munged URL if authentication was required. Bug #266164.
- Fixed a bug where check_perms would throw an OSError if an entry in
Mailman's lists/ directory was not a directory. Bug #265613.
- Fixed a bug where a message with an Approved: header held by a handler
that precedes Approve (SpamDetect by default) would not have the
Approved: header removed if the held message was approved. Bug #501739.
2.1.13 (22-Dec-2009)
i18n
- Updated Dutch message catalog from Jan Veuger.
- Added Asturian translation from Marcos Costales and the Asturian
Language Team.
Bug Fixes and other patches
- Added "white-space: pre-wrap" style for <pre> tag in archives.
Bug #266467.
- Added vette logging for rejected and discarded (un)subscribe requests.
- Fixed a bug in admindb.py that could erroneously discard an unsubscribe
request as a duplicate.
- Decoded RFC 2047 encoded message subjects for a few reports.
Bug #266428.
- Fixed the French, Spanish and Hebrew translations which improperly
translated the 'coding:' line in bin/config_list output.
- Fixed the auto-responder to treat messages to -confirm, -join, -leave,
-subscribe and -unsubscribe as requests rather than posts. Bug #427962.
- Configure/make no longer builds Japanese and Korean codecs in
pythonlib if Python already has them.
- Inadvertently setting a null site or list password allowed access
to a list's web admin interface without authentication. Fixed by
not accepting null passwords.
- Changed VERP_CONFIRM_REGEXP in Defaults.py to work if the replying
MUA folds the To: header and in cases where the list name includes '+'.
- Fixed some paths in contrib/check_perms_grsecurity.py. Bug #411192.
- Replies to commands sent to list-request now come From: list-owner
instead of list-bounces.
- Mailman no longer folds long sub-part headers in multipart messages.
In addition, Mailman no longer escapes From_ lines in the body of
messages sent to regular list members, although MTA's may do it anyway.
This is to avoid breaking signatures per Bug #265967.
- XSS protection in the web interface went too far in escaping HTML
entities. Fixed.
- Removed or anonymized additional headers in posts to anonymous lists.
- Fixed a bug that could cause incorrect threading of replies to archived
messages that arrive with timestamps in the same second.
- Scrubbed HTML attachments containing tab characters would get the tabs
replaced by a string of ' ' without a semicolon. Fixed.
- Caught a TypeError in content filtering, collapse alternatives that
occurred with a malformed message if a multipart/alternative part
wasn't multi-part. Reported in comments to bug #266230.
- Fixed a few things in bin/update:
- Changed some old messages for more current meaning.
- Fixed qfiles update to not lose metadata from 2.1.5+ format entries.
- Fixed 2.0.x template migration to not die if the templates/ tree
contains subdirectories from a version control system.
- Fixed a bug that would show a list on the admin and listinfo overview
pages if its web_page_url host contained the current host as a
substring. Bug #342162.
- Fixed a bug in Utils.canonstr() that would throw a UnicodeDecodeError
if the string contained an HTML entity > 255 and also characters in the
128-255 range. Bug #341594.
- Added recognition for more bounces.
- Updated contrib/mmdsr to report preserved messages and to use mktemp to
create temp files.
* Fix compatibility with Python 2.6.
* Fixed a bug in admin.py which would result in chunked pages of the
membership list for members whose address begins with a non-alphanumeric
character to not be visible or retrievable.
* Changed ListAdmin.py to make rejected post messages From: the -owner
address instead of the -bounces address.
* With MTA = 'Postfix', if the STANZA END for a list being removed is
missing or munged, the remainder of the aliases and/or virtual-mailman
file is lost. Fixed.
* Since Mailman 2.1.1, 2.0.x outstanding subscription and held message
requests have not been migrated properly. This is fixed.
* Changed cron/gate_news to continue processing the remaining lists on
certain errors that can be caused by configuration of a particular list.
* Fixed a bug in AvoidDuplicates.py that caused it to fail if the address
in the To: or Cc: header differed in case from the case-preserved member
address.
* Fixed a problem in SecurityManager that caused it to not find the
cookie when CheckCookie was not given a user and the user in the cookie
had a %xx encoded character.
* Fixed a minor fromusenet reporting issue in the contributed mmdsr
script.
* Fixed a minor issue in cron/gate_news that could cause a list's
watermark to not be completely updated.
* Fixed an issue that prevented editing the options.html template from
the web admin interface.
* Fixed a problem in Decorate which could throw a TypeError on conversion
to unicode of a header/footer that was already unicode because of
interpolating a unicode value.
* Fixed an issue where list creation would report bad owner email
instead of bad listname when the list name had non-ascii characters.
* Updated Dutch, Catalan and Polish translations.
* Fix compatibility with Python 2.6.
* Fixed a bug in admin.py which would result in chunked pages of the
membership list for members whose address begins with a non-alphanumeric
character to not be visible or retrievable.
* Changed ListAdmin.py to make rejected post messages From: the -owner
address instead of the -bounces address.
* With MTA = 'Postfix', if the STANZA END for a list being removed is
missing or munged, the remainder of the aliases and/or virtual-mailman
file is lost. Fixed.
* Since Mailman 2.1.1, 2.0.x outstanding subscription and held message
requests have not been migrated properly. This is fixed.
* Changed cron/gate_news to continue processing the remaining lists on
certain errors that can be caused by configuration of a particular list.
* Fixed a bug in AvoidDuplicates.py that caused it to fail if the address
in the To: or Cc: header differed in case from the case-preserved member
address.
* Fixed a problem in SecurityManager that caused it to not find the
cookie when CheckCookie was not given a user and the user in the cookie
had a %xx encoded character.
* Fixed a minor fromusenet reporting issue in the contributed mmdsr
script.
* Fixed a minor issue in cron/gate_news that could cause a list's
watermark to not be completely updated.
* Fixed an issue that prevented editing the options.html template from
the web admin interface.
* Fixed a problem in Decorate which could throw a TypeError on conversion
to unicode of a header/footer that was already unicode because of
interpolating a unicode value.
* Fixed an issue where list creation would report bad owner email
instead of bad listname when the list name had non-ascii characters.
* Updated Dutch, Catalan and Polish translations.
pkgsrc changes:
- install the admin/www/mailman-*.{pdf,ps,txt} documentation file, and
change MESSAGES to point to mailman-install.txt
changes between 2.1.7 and 2.1.8rc1:
- A cross-site scripting hole in the private archive script of 2.1.7
has been closed. Thanks to Moritz Naumann for its discovery.
- Bouncers support added: 'unknown user', Microsoft SMTPSVC, Prodigy.net
and several others.
- Updated email library to 2.5.7 which will encode payload into qp/base64
upon setting. This enabled backing out the scrubber related patches
including 'X-Mailman-Scrubbed' header in 2.1.7.
- Fix SpamDetect.py potential hold/reject loop problem.
- A warning message from email package to the stderr can cause error
in Logging because stderr may be detached from the process during
the qrunner run. We chose not to output errors to stderr but to
the logs/error if the process is running under mailmanctl subprocess.
- DKIM header cleansing was separated from Cleanse.py and added to
-owner messages too.
- Fixes: Lose Topics when go directly to topics URL (1194419).
UnicodeError running bin/arch (1395683). edithtml.py missing import
(1400128). Bad escape in cleanarch. Wrong timezone in list archive
index pages (1433673). bin/arch fails with TypeError (1430236).
Subscription fails with some Language combinations (1435722).
Postfix delayed notification not recognized (863989). 2.1.7 (VERP)
mistakes delay notice for bounce (1421285). show_qfiles: 'str'
object has no attribute 'as_string' (1444447). Utils.get_domain()
wrong if VIRTUAL_HOST_OVERVIEW off (1275856).
Local change (which is why we have PKGREVISION=1)
Fix http://secunia.com/advisories/18449/ (CVE-2005-4153) based on debian
patches.
Changes between 2.1.6 and 2.1.7:
Security
- The fix for CAN-2005-0202 has been enhanced to issue an appropriate
message instead of just quietly dropping ./ and ../ from URLs.
- A note on CVE-2005-3573: Although the RFC2231 bug example in the CVE has
been solved in Mailman 2.1.6, there may be more cases where
ToDigest.send_digests() can block regular delivery. We put the
send_digests() calling part in a try/except clause and leave a message
in the error log if something happened in send_digests(). Daily call of
cron/senddigests will provide more detail to the site administrator.
- List administrators can no longer change the user's option/subscription
globally. Site admin can change these only if
mm_cfg.ALLOW_SITE_ADMIN_COOKIES is set to Yes.
- <script> tags are HTML-escaped in the edithtml CGI script.
- Since the probe message for disabled users may reach unintended
recipients, the password is excluded from sendProbe() and probe.txt.
Note that the default value of VERP_PROBE has been set to `No' from
2.1.6., thus this change doesn't affect the default behavior.
New Features
- Always remove DomainKey (and similar) headers from messages sent to the
list. (1287546)
- List owners can control the content filter behavior when collapsing
multipart/alternative parts to its first subpart. This allows the
option of letting the HTML part pass through after other content
filtering is done.
Internationalization
- New language: Interlingua.
Bug fixes and other patches
- Defaults.py.in: SCRUBBER_DONT_USE_ATTACHMENT_FILENAME is set to True for
safer operation.
- Fixed the bug where Scrubber.py munges quoted-printable by introducing
the 'X-Mailman-Scrubbed' header which marks that the payload is
scrubber-munged. The flag is referenced in ToDigest.py, ToArchive.py,
Decorate.py and Archiver. A similar problem in ToDigest.py where the
plain digest is generated is also fixed.
- Fixed Syslog.py to write quopri encoded messages when it fail to write
8-bit characters.
- Fixed MTA/Postfix.py to check aliases group permission in check_perms
and fixed mailman-install document on this matter (1378270).
- Fixed private.py to go to the original URL after authorization
(1080943).
- Fixed bounce log score messages to be more consistent.
- Fixed bin/remove_members to accept no arguments when both --fromall and
--file= options are specified.
- Changed cgi-bin and mail wrapper "group not found" error message to be
more descriptive of the actual problem.
- The list's ban_list now applies to address changes, admin mass
subscribes and invites, and to confirmations/approvals of address
changes, subscriptions and invitations.
- quoted-printable and base64 encoded parts are decoded before passing to
HTML_TO_PLAIN_TEXT_COMMAND (1367783).
- Approve: header is removed from posts, and treated the same as the
Approved: header. (1355707)
- Fixed the removal of the line following Approve[d]: line in body of
post. (1318883)
- The Approve[d]: <password> header is removed from all text/* parts in
addition the initial text/plain part. It must still be the first
non-blank line in the first text/plain part or it won't be found or
removed at all. (1181161)
- Posts are now logged in post log file with the true sender, not
listname-bounces. (1287921)
- Correctly initialize and remember the list's default_member_moderation
attribute in the web list creation page. (1263213)
- PEP263 charset is added to the config_list output. (1343100)
- Fixed header_filter_rules getting lost if accessed directly and
authentication was needed by login page. (1230865)
- Obscure email when the poster doesn't set full name in 'From:' header.
- Preambles and epilogues are taken into account when calculating message
sizes for holding purposes. (Mark Sapiro)
- Logging/Logger.py unicode transform option. (1235567)
- bin/update crashes with bogus files. (949117)
- Bugs and patches: 1212066/1301983 (Date header in create/remove notice)
pkgsrc as patches/patch-ai):
Security
- Added the ability for Mailman generated passwords (both member and list
admin) to be more cryptographically secure. See new configuration
variables USER_FRIENDLY_PASSWORDS, MEMBER_PASSWORD_LENGTH, and
ADMIN_PASSWORD_LENGTH. Also added a new bin/withlist script called
reset_pw.py which can be used to reset all member passwords. Passwords
generated by Mailman are now 8 characters by default for members, and 10
characters for list administrators.
- A potential cross-site scripting hole in the driver script has been
closed. Thanks to Florian Weimer for its discovery. Also, turn
STEALTH_MODE on by default.
Internationalization
- Chinese languages are now supported. They have been moved from 'big5'
and 'gb' to 'zh_TW' and 'zh_CN' respectively for compliance to the IANA
spec. Note, however, that the character sets were changed from 'Big5'
or 'GB2312' to 'UTF-8' to cope with the insufficient codecs support in
Python 2.3 and earlier. You may have to install Chinese capable codecs
(like CJKCodecs) separately to handle the incoming messages which are in
local charsets, or upgrade your Python to 2.4 or newer.
Behavior or defaults changes
- VERP_PROBES is disabled by default.
- bin/withlist can be run without a list name, but only if -i is given.
Also, withlist puts the directory it's found in at the end of sys.path,
making it easier to run withlist scripts that live in $prefix/bin.
- bin/newlist grew two new options: -u/--urlhost and -e/--emailhost which
lets the user provide the web and email hostnames for the new mailing
list. This is a better way to specify the domain for the list, rather
than the old 'mylist@hostname' syntax (which is still supported for
backward compatibility, but deprecated).
Compatibility
- Python 2.4 compatibility issue: time.strftime() became strict about the
'day of year' range. (1078482)
New Features
- New feature: automatic discards of held messages. List owners can now
set how many days to hold the messages in the moderator request queue.
cron/checkdb will automatically discard old messages. See the
max_days_to_hold variable in the General Options and
DEFAULT_MAX_DAYS_TO_HOLD in Defaults.py. This defaults to 0
(i.e. disabled). (790494)
- New feature: subject_prefix can be configured to include a sequence
number which is taken from the post_id variable. Also, the prefix is
always put at the start of the subject, i.e. "[list-name] Re: original
subject", if mm_cfg.OLD_STYLE_PREFIXING is set No. The default style
is "Re: [list-name]" if numbering is not set, for backward compatibility.
If the list owner is using numbering feature by "%d" directive, the new
style, "[list-name 123] Re:", is always used.
- List owners can now cusomize the non-member rejection notice from
admin/<listname>/privacy/sender page. (1107169)
- Allow editing of the welcome message from the admin page (1085501).
- List owners can now use Scrubber to get the attachments scrubbed (held
in the web archive), if the site admin permits it in mm_cfg.py. New
variables introduced are SCRUBBER_DONT_USE_ATTACHMENT_FILENAME and
SCRUBBER_USE_ATTACHMENT_FILENAME_EXTENSION in Defaults.py for scrubber
behavior. (904850)
Documentation
- Most of the installation instructions have been moved to a latex
document. See admin/www/mailman-install/index.html for details.
Bug fixes and other patches
- Mail-to-news gateway now strips subject prefix off from a response
by a mail user if news_prefix_subject_too is not set.
- Date and Message-Id headers are added for digests. (1116952)
- Improved mail address sanity check. (1030228)
- SpamDetect.py now checks attachment header. (1026977)
- Filter attachments by filename extensions. (1027882)
- Bugs and patches: 955381 (older Python compatibility), 1020102/1013079/
1020013 (fix spam filter removed), 665569 (newer Postfix bounce
detection), 970383 (moderator -1 admin requests pending), 873035
(subject handling in -request mail), 799166/946554 (makefile
compatibility), 872068 (add header/footer via unicode), 1032434
(KNOWN_SPAMMERS check for multi-header), 1025372 (empty Cc:), 789015
(fix pipermail URL), 948152 (Out of date link on Docs), 1099138
(Scrubber.py breaks on None part), 1099840/1099840 (deprecated %
insertion), 880073/933762 (List-ID RFC compliance), 1090439 (passwd
reminder shunted), 1112349 (case insensitivity in acceptable_aliases),
1117618 (Don't Cc for personalized anonymous list), 1190404 (wrong
permission after editing html)
Changes:
- Close some cross-site scripting vulnerabilities in the admin pages
(CAN-2003-0965).
- New languages: Catalan, Croatian, Romanian, Slovenian.
- New mm_cfg.py/Defaults.py variable PUBLIC_MBOX which allows the site
administrator to disable public access to all the raw list mbox files
(this is not a per-list configuration).
- Expanded header filter rules under Privacy -> Spam Filters. Now you can
specify regular expression matches against any header, with specific
actions tied to those matches.
- Rework the SMTP error handling in SMTPDirect.py to avoid scoring bounces
for all recipients when a permanent error code is returned by the mail
server (e.g. because of content restrictions).
- Promoted SYNC_AFTER_WRITE to a Default.py/mm_cfg.py variable and
make it control syncing on the config.pck file. Also, we always flush
and sync message files.
- Reduce archive bloat by not storing the HTML body of Article objects in
the Pipermail database. A new script bin/rb-archfix was added to clean
up older archives.
- Proper RFC quoting for List-ID descriptions.
- PKGDIR can be passed to the make command in order to specify a different
directory to unpack the distutils packages in misc. (SF bug 784700).
- Improved logging of the origin of subscription requests.
- Misc bugfixes.
PR pkg/22820.
Changes:
- Closed a cross-site scripting exploit in the create cgi script.
- Improvements in the performance of the bounce processor.
Now, instead of processing each bounce immediately (which
can cause severe lock contention), bounce events are queued.
Every 15 minutes by default, the queued bounce events are
processed en masse, on a list-per-list basis, so that each
list only needs to be locked once.
- When some or all of a message's recipients have temporary
delivery failures, the message is moved to a "retry" queue.
This queue wakes up occasionally and moves the file back to
the outgoing queue for attempted redelivery. This should
fix most observed OutgoingRunner 100% cpu consumption,
especially for bounces to local recipients when using the
Postfix MTA.
- Optional support for fsync()'ing qfile data after writing.
Under some catastrophic system failures (e.g. power lose),
it would be possible to lose messages because the data
wasn't sync'd to disk. By setting SYNC_AFTER_WRITE to True
in Mailman/Queue/Switchboard.py, you can force Mailman to
fsync() queue files after flushing them. The benefits are
debatable for most operating environments, and you must
ensure that your Python has the os.fsync() function defined
before enabling this feature (it isn't, even on all
Unix-like operating systems).
And more... please review Changelog to see a complete list of changes.
Maiman is a e-mail list manager. It includes a web interface for
management from a user (subscribe/unsuscribe) and administrator point
of view, as well as the traditionnal command-though-emails management.
It also offers web-browsable mailing-list archives.
