Removed PKG_DESTDIR_SUPPORT=destdir, no longer needed since 2011.
2.1.20 (31-Mar-2015)
- A path traversal vulnerability has been discovered and fixed (CVE-2015-2775)
- There is a new Address Change sub-section in the web admin
Membership Management section
- The Russian translation has been updated by Danil Smirnov.
- The Polish translation has been updated by Stefan Plewako.
- A LookupError in SpamDetect on a message with RFC 2047 encoded headers
in an unknown character set is fixed.
- Fixed a bug in CommandRunner that could process the second word of a
body line as a command word and a case sensitivity in commands in
Subject: with an Re: prefix.
- Fixed a bug in CommandRunner that threw an uncaught KeyError if
the input to the list-request address contained a command word
terminated by a period.
- Changed the response to an invalid confirmation to be more generic.
Not all confirmations are subscription requests.
- Changed the default nonmember_rejection_notice to be more user friendly.
- Added "If you are a list member" qualification to some messages from the
options login page.
- Changed the 'Approve' wording in the admindbdetails.html template to
'Accept/Approve' for better agreement with the button labels.
- Added '(by thread)' to the previous and next message links in the
archive to emphasize that even if you got to the message from a
subject, date or author index, previous and next are still by thread.
2.1.19 (28-Feb-2015)
- The subscribe_auto_approval feature backported from the 2.2 branch and
described above has been enhanced to accept entries of the form
@listname to auto approve members of another list.
- There is a new list attribute dmarc_wrapped_message_text and a
DEFAULT_DMARC_WRAPPED_MESSAGE_TEXT setting to set the default for new
lists. This text is added to a message which is wrapped because of
dmarc_moderation_action in a separate text/plain part that precedes the
message/rfc822 part containing the original message. It can be used to
provide an explanation of why the message was wrapped or similar info.
- There is a new list attribute equivalent_domains and a
DEFAULT_EQUIVALENT_DOMAINS setting to set the default for new lists which
in turn defaults to the empty string. This provides a way to specify one
or more groups of domains, e.g., mac.com, me.com, icloud.com, which are
considered equivalent for validating list membership for posting and
moderation purposes.
- There is a new WEB_HEAD_ADD setting to specify text to be added to the
<HEAD> section of Mailman's internally generated web pages. This doesn't
apply to pages built from templates, but in those cases, custom templates
can be created.
- There is a new DEFAULT_SUBSCRIBE_OR_INVITE setting. Set this to Yes
to make the default selection on the admin Mass Subscriptions page
Invite rather than Subscribe.
- There is a new list attribute in the Bounce processing section.
bounce_notify_owner_on_bounce_increment if set to Yes will cause
Mailman to notify the list owner on every bounce that increments a
list member's score but doesn't result in a probe or disable. There
is a new configuration setting setting
DEFAULT_BOUNCE_NOTIFY_OWNER_ON_BOUNCE_INCREMENT to set the default
for new lists. This in turn defaults to No.
- Mailman's log files, request.pck files and heldmsg-* files are no
longer created world readable to protect against access by untrusted
local users. Note that permissions on existing log files won't be
changed so if you are concerned about this and don't rotate logs or
have a logrotate process that creates new log files instead of letting
Mailman create them, you will need to address that.
- The Python Powered logo image has been replaced in the misc/ directory
in the source distribution. Depending on how you've installed these
images, you may need to copy PythonPowered.png from the misc/ directory
in the source or from the $prefix/icons/ installed directory to another
location for your web server.
- The Polish translation has been updated by Stefan Plewako.
- The Interlingua translation has been updated by Martijn Dekker.
- The Japanese message catalog has been updated by SATOH Fumiyasu.
- Mailman's character set for Romanian has been changed from iso-8859-2
to utf-8 and the templates and messages recoded. This change will
require running 'bin/arch --wipe' on any existing Romanian language
lists in order to recode the list's archives, and will require recoding
any edited templates in lists/LISTNAME/ro/*, templates/DOMAIN/ro/* and
templates/site/ro/*. It may also require recoding any existing
iso-8859-2 text in list attributes.
- Mailman's character set for Russian has been changed from koi8-r to
utf-8 and the templates and messages recoded. This change will
require running 'bin/arch --wipe' on any existing Russian language
lists in order to recode the list's archives, and will require recoding
any edited templates in lists/LISTNAME/ru/*, templates/DOMAIN/ru/* and
templates/site/ru/*. It may also require recoding any existing koi8-r
text in list attributes.
- Mailman's versions.py has been augmented to help with the above two
character set changes. The first time a list with preferred_language
of Romanian or Russian is accessed or upon upgrade to this release,
any list attributes which have string values such as description, info,
welcome_msg, etc. that appear to be in the old character set will be
converted to utf-8. This is done recursively for the values (but not
the keys) of dictionary attributes and the elements of list and tuple
attributes.
- The Russian message catalog and templates have been further updated by
Danil Smirnov.
- The Romanian message catalog has been updated.
- The Russian templates have been updated by Danil Smirnov.
- The Japanese translation has been updated by SATOH Fumiyasu.
- A minor change in the French translation of a listinfo subscribe form
message has been made.
- Because of privacy concerns with the 2.2 backport adding real name to
list rosters, this is controlled by a new ROSTER_DISPLAY_REALNAME
setting that defaults to No. You may wish to set this to Yes in
mm_cfg.py.
- Organization: headers are now unconditionally removed from posts to
anonymous lists. Regexps in ANONYMOUS_LIST_KEEP_HEADERS weren't kept
if the regexp included the trailing ':'. This is fixed too.
- The admindb interface has been fixed so the the detail message body
display doesn't lose part of a multi-byte character, and characters which
are invalid in the message's charset are replaced rather than the whole
body not being converted to the display charset.
- Fixed a bug in bin/rmlist that would throw an exception or just fail to
remove held message files for a list with regexp special characters in
its name.
- When applying DMARC mitigations, CookHeaders now adds the original From:
to Cc: rather than Reply-To: in some cases to make MUA 'reply' and
'reply all' more consistent with the non-DMARC cases.
- The Subject: of the list welcome message wasn't always in the user's
preferred language. Fixed.
- Accept email command in Subject: prefixed with Re: or similar with no
intervening space.
- Fixed a UnicodeDecodeError that could occur in the web admin interface
if 'text' valued attributes have unicode values.
- We now catch the NotAMemberError exception thrown if an authenticated
unsubscribe is submitted from the user options page for a nonmember.
- Fixed an archiving bug that would cause messages with 'Subject: Re:'
only to be indexed in the archives without a link to the message.
- The vette log entry for a message discarded by a handler now includes
the list name and the name of the handler.
- The options CGI now rejects all but HTTP GET and POST requests.
- A list's poster password will now be accepted on an Urgent: header.
- Fixed a bug which caused a setting of 2 for REMOVE_DKIM_HEADERS to be
ignored.
- Renamed messages/sr/readme.sr to README.sr.
- Moved the dmarc_moderation_action checks from the Moderate handler to
the SpamDetect handler so that the Reject and Discard actions will be
done before the message might be held by header_filter_rules, and the
Wrap Message and Munge From actions will be done on messages held by
header_filter_rules if the message is approved.
- <label> tags have been added around most check boxes and radio buttons
and their text labels in the admin and admindb web GUI so they can be
(de)selected by clicking the text.
- If checking DNS for dmarc_moderation_action and DNS lookup is not
available, log it.
- Handle missing From: header addresses for DMARC mitigation actions.
Hope this works on case-insensitive file systems. If not, let's
just rm this thing.
Bump PKGREVISION.
XXX: Why is this package "destdir" and not "user-destdir"?
Changelog
---------
2.1.18-1 (06-May-2014)
Bug fixes and other patches
- A critical incompatibility between the DMARC Wrap Message action and
Python versions older than 2.6.x for some x <= 5 existed and caused
Wrapped message to be shunted. This is fixed. (LP: #1316682)
- Sender: headers are no longer removed in from_is_list Munge From
actions. (LP: #1315970)
2.1.18 (03-May-2014)
Acknowledgements
- Thanks to Jim Popovitch and Phil Pennock for the branch that formed the
basis of the dmarc_moderation_action feature.
- Thanks to Franck Martin et al for the branch that formed the basis of
the from_is_list feature.
Dependencies
- There is a new dependency associated with the new Privacy options ->
Sender filters -> dmarc_moderation_action feature discussed below.
This requires that the dnspython <http://www.dnspython.org/> package
be available in Python. This package can be downloaded from the above
site or from the CheeseShop <https://pypi.python.org/pypi/dnspython/>
or installed with pip.
New Features
- The from_is_list feature introduced in 2.1.16 is now unconditionally
available to list owners. There is also, a new Privacy options ->
Sender filters -> dmarc_moderation_action feature which applies to list
messages where the From: address is in a domain which publishes a DMARC
policy of reject or possibly quarantine. This is a list setting with
values of Accept, Wrap Message, Munge From, Reject or Discard. There is
a new DEFAULT_DMARC_MODERATION_ACTION configuration setting to set the
default for this, and the list admin UI is not able to set an action
which is 'less' than the default. The prior ALLOW_FROM_IS_LIST setting
has been removed and is effectively always Yes. There is a new
dmarc_quarantine_moderation_action list setting with default set by a
new DEFAULT_DMARC_QUARANTINE_MODERATION_ACTION configuration setting
which in turn defaults to Yes. The list setting can be set to No to
exclude domains with DMARC policy of quarantine from
dmarc_moderation_action.
dmarc_moderation_action and from_is_list interact in the following way.
If the message is From: a domain to which dmarc_moderation_action applies
and if dmarc_moderation_action is other than Accept,
dmarc_moderation_action applies to that message. Otherwise the
from_is_list action applies.
Also associated with dmarc_moderation_action are configuration settings
DMARC_RESOLVER_TIMEOUT and DMARC_RESOLVER_LIFETIME. These are described
in more detail in Defaults.py. There are also new vette log entries
written when dmarc_moderation_action is found to apply to a post.
i18n
- Added missing <mm-digest-question-start> tag to French listinfo template.
(LP: #1275964)
Bug Fixes and other patches
- Removed HTML tags from the title of a couple of rmlist.py pages because
browsers don't render tags in the title. (LP: #265848)
- Most Mailman generated notices to list owners and moderators are now
sent as Precedence: list instead of bulk. (LP: #1313146)
- The Reply-To: munging options weren't honored if there was no
from_is_list action. (LP: #1313010)
- Changed from_is_list actions to insert the list address in Cc: if the
list is fully personalized. Otherwise, the list address is only in
From: and Reply-To: overrides it. (LP: #1312970)
- Fixed the Munge From action to only Munge the From: and/or Reply-To: in
the outgoing message and not in archives, digests and messages sent via
the usenet gateway. (LP: #1311431)
- Fixed a long standing issue in which a notice sent to a user whose
language is other than that of the list can cause subsequent things
which should be in the list's language to be in the user's language
instead. (LP: #1308655)
- Fixed the admin Membership List so a search string if any is not lost
when visiting subsequent fragments of a chunked list. (LP: #1307454)
- For from_is_list feature, use email address from original From: if
original From: has no display name and strip domain part from resultant
names that look like email addresses. (LP: #1304511)
- Added the list name to the vette log "held message approved" entry.
(LP: 1295875)
- Added the CGI module name to various "No such list" error log entries.
(LP: 1295875)
- Modified contrib/mmdsr to report module name if present in "No such list
error log entries.
- Fixed a NameError exception in cron/nightly_gzip when it tries to print
the usage message. (LP: #1291038)
- Fixed a bug in ListAdmin._handlepost that would crash when trying to
preserve a held message for the site admin if HOLD_MESSAGES_AS_PICKLES
is False. (LP: #1282365)
- The from_is_list header munging feature introduced in Mailman 2.1.16 is
no longer erroneously applied to Mailman generated notices.
(LP: #1279667)
- Changed the message from the confirm CGI to not indicate approval is
required for an acceptance of an invitation. (LP: #1277744)
- Fixed POSTFIX_STYLE_VIRTUAL_DOMAINS to be case-insensitiive.
(LP: #1267003)
- Added recognition for another simple warning to bounce processing.
(LP: #1263247)
- Fixed a few failing tests in tests/test_handlers.py. (LP: #1262950)
- Fixed bin/arch to not create scrubbed attachments for messages skipped
when processing the --start= option. (LP: #1260883)
- Fixed email address validation to do a bit better in obscure cases.
(LP: #1258703)
- Fixed a bug which caused some authentication cookies to expire too soon
if AUTHENTICATION_COOKIE_LIFETIME is non-zero. (LP: #1257112)
- Fixed a possible TypeError in bin/sync_members introduced in 2.1.17.
(LP: #1243343)
Miscellaneous
- Added to the contrib directory, a script from Alain Williams to count
posts in a list's archive.
2.1.17 (23-Nov-2013)
New Features
- Handling of posts gated from usenet to a list via the Mail <-> News
gateway is changed. Formerly, no list membership, moderation or
*_these_nonmembers checks were done. Now, if the sender of the usenet
post is a moderated member or a nonmember matching a *_these_nonmembers
filter, those checks will be done and actions applied. Nonmember posts
from senders not matching a *_these_nonmembers filter are still accepted
as before. (LP: #1252575)
- There is a new mm_cfg.py setting ANONYMOUS_LIST_KEEP_HEADERS. Since it
is not possible to know which non-standard headers in a message might
reveal sender information, we now remove all headers from incoming posts
to anonymous lists except those which match regular expressions in this
list. The default setting keeps non X- headers except those known to
reveal sender information, Mailman added X- headers and x-Spam- headers.
See the description in Defaults.py for more information. (LP: #1246039)
i18n
- The Japanese message catalog has been updated by SATOH Fumiyasu.
(LP: #1248855)
Bug Fixes and other patches
- Added a reopen command to the sample init.d script in misc/mailman.in.
(LP: #1251917)
- Fixed a misspelling in Tagger.py causing an "unexpected keyword argument
'Delete'" exception. (LP: #1251495)
- Fixed contrib/qmail-to-mailman.py to work with a user other than
'mailman' and to recognize more listname-* addresses. (LP: #412293)
- Fixed a possible UnicodeDecodeError in bin/sync_members. (LP: #1243343)
- Fixed Makefile to not include $DESTDIR in paths compiled into .pyc
files for traceback purposes. (LP: #1241770)
2.1.16 (16-Oct-2013)
New Features
- There is a new list attribute from_is_list to either rewrite the From:
header of posts replacing the posters address with that of the list or
wrap the message in an outer message From: the list for compatability
with DMARC and or ADSP. There is a new mm_cfg.py setting
DEFAULT_FROM_IS_LIST to control the default for new lists, and the
existing REMOVE_DKIM_HEADERS setting has been extended to allow removing
those headers only for certain from_is_list lists. This feature must
be enabled by setting ALLOW_FROM_IS_LIST to Yes in mm_cfg.py. See the
description of these settings in Defaults.py for more detail. This
feature is experimental in 2.1.16, and it is subject to change or to
become just one of the two methods in a subsequent release. People
interested in this feature are encouraged to try it and report their
experiences to the mailman-users@python.org list.
- There is a new DISPLAY_HELD_SUMMARY_SORT_BUTTONS setting which if set
in mm_cfg.py will display a set of radio buttons in the admindb held
message summary to select how the held messages are sorted and grouped
for display. The exact setting determines the default grouping and
sorting. See the description in Defaults.py for details.
- Setting digest_size_threshhold to zero now means no digests will be
sent based on size instead of a digest being sent with every post.
(LP: #558274)
- There is a new mm_cfg.py setting SUBSCRIBE_FORM_SECRET which will put
a dynamically generated, hidden hash in the listinfo subscribe form and
check it upon submission. Setting this will prevent automated processes
(bots) from successfully POSTing web subscribes without first retrieving
and parsing the form from the listinfo page. The form must also be
submitted no later than FORM_LIFETIME nor no earlier than
SUBSCRIBE_FORM_MIN_TIME after retrieval. Note that enabling this will
break any static subscribe forms on your site. See the description in
Defaults.py for more info. (LP: #1082746)
- add_members now has an option to add members with mail delivery disabled
by admin. (LP: #1070574)
- IncomingRunner now logs rejected messages to the vette log.
(LP: #1068837)
- The name of the mailmanctl master lock file is now congigurable via the
mm_cfg.py setting MASTER_LOCK_FILE. (LP: #1082308)
- list_lists now has an option to list only lists with public archives.
(LP: #1082711)
Contributed programs
- A new import_majordomo_into_mailman.pl script has been contributed by
Geoff Mayes. (LP: #1129742)
- A new "sitemap" bash script has been contributed by Tomasz Chmielewski
<mangoo@wpkg.org> to generate a sitemap.xml file of an installation's
public archives for submission to search engines.
i18n
- The Danish translation has been updated thanks to Tom Christensen.
- Fixed a string in the Czech message catalog. (LP: #1234567)
- A Farsi (Persian) translation has been added thanks to Javad Hoseini and
Mahyar Moghimi.
- Fixed several misspelled or garbled string replacements in the Spanish
message catalog. (LP: #1160138)
- pt_BR message catalog has two new and an updated message per Hugo Koji
Kobayashi. (LP: #1138578)
- German message catalog has been updated per Ralf Hildebrandt.
- Corrected typo in templates/it/private.html.
Bug Fixes and other patches
- Fixed a crash in SpamDetect.py which caused messages with unparseable
RFC 2047 encoded headers to be shunted. (LP: #1235101)
- Fixed cron/disabled to send a fresh cookie when notifying disabled
members. (LP: #1203200)
- Added "message_id" to the interpolation dictionary for the Article.html
template. (LP: #725498)
- Changed the admin GUI to report only the bad entries in a list of email
addresses if any are bad. (LP: #558253)
- Added logging for template errors in HyperArch.py. (LP: #558254)
- Added more explanation to the bad owner address message from
bin/newlist. (LP: #1200763)
- Fixed a bug causing the admin web interface to fail CSRF checking if
the list name contains a '+' character. (LP: #1190802)
- Fixed bin/mailmanctl -s to not remove the master lock if it can't be
determined to be truly stale. (LP: #1189558)
- It is no longer possible to add 'invalid' addresses to the ban_list
and the *_these_nonmembers filters from the check boxes on the admindb
interface. (LP: #1187201)
- Backported recognition for mail.ru DSNs and minor bug fixes from
lp:flufl.bounce. (LP: #1074592, LP: #1079249 and #1079254)
- Defended against buggy web servers that don't include an empty
QUERY_STRING in the CGI environment. (LP: #1160647)
- The Switchboard.finish() method now logs the text of the exception when
it fails to unlink/preserve a .bak file. (LP: #1165589)
- The pending (un)subscriptions waiting approval are now sorted by email
address in the admindb interface as intended. (LP: #1164160)
- The subscribe log entry for a bin/add_members subscribe now identifies
bin/add_members as the source. (LP: #1161642)
- Fixed a bug where the Subject: of the user notification of a
bin/remove_members unsubscribe was not in the user's language.
(LP: #1161445)
- Fixed a bug where BounceRunner could create and leave behind zero length
bounce-events files. (LP: #1161610)
- Added recognition for another Yahoo bounce format. (LP: #1157961)
- Changed configure's method for getting Python's include directory from
distutils.sysconfig.get_config_var('CONFINCLUDEPY') to
distutils.sysconfig.get_python_inc(). (LP: #1098162)
- Added an Auto-Generated: header to password reminders. (LP: #558240)
- Fixed a bug where non-ascii characters in the real name in a subscription
request could throw a UnicodeEncodeError upon subscription approval and
perhaps in other situations too. (LP: #1047100)
- The query fragments send_unsub_notifications_to_list_owner and
send_unsub_ack_to_this_batch will now assume default values if not set
in mass unsubscribe URLs. (LP: #1032378)
- Replaced utf-8 encoded characters in newly added German templates with
HTML entities. (LP: #1018208)
2.1.15 (13-Jun-2012)
Security
- Strengthened the validation of email addresses.
- An XSS vulnerability, CVE-2011-0707, has been fixed.
- The web admin interface has been hardened against CSRF attacks by adding
a hidden, encrypted token with a time stamp to form submissions and not
accepting authentication by cookie if the token is missing, invalid or
older than the new mm_cfg.py setting FORM_LIFETIME which defaults to one
hour. Posthumous thanks go to Tokio Kikuchi for this implementation
which is only one of his many contributions to Mailman prior to his
death from cancer on 14 January 2012.
New Features
- Added a password reminder button to the private archive login page.
Backported from the 2.2 branch.
- There is a new list attribute regular_exclude_ignore set from mm_cfg.py
DEFAULT_REGULAR_EXCLUDE_IGNORE. This defaults to True even though the
prior behavior is equivalent to False. A True setting will ignore an
exclude list if the poster is not a member of that list. The False
setting can result in list members not receiving posts if the nonmember
post is not accepted by the exclude list. Backported from 2.2 branch.
- Eliminated the list cache from the qrunners. Indirect self-references
caused lists to never be dropped from the cache which in turn caused
the qrunners to grow very large in installations with many lists or
multiple large lists. Bug #862683.
- The user options 'list my other subscriptions' page now indicates for
each list if the subscription is 'nomail' or 'digest'. Bug #793669.
- A new list poster password has been implemented. This password may only
be used in Approved: or X-Approved: headers for pre-approving posts.
Using this password for that purpose precludes compromise of a more
valuable password sent in plain text email. Bug #770581.
- A new mm_cfg.py setting AUTHENTICATION_COOKIE_LIFETIME has been added.
If this is set to a non-zero value, web authentication cookies will
expire that many seconds following their last use. Its default value is
zero to preserve current behavior.
- A new mm_cfg.py setting RESPONSE_INCLUDE_LEVEL has been added to control
how much of the original message is included in automatic responses to
email commands. The default is 2 to preserve the prior behavior of
including the full message. Setting this to 1 in mm_cfg.py will include
only the original headers, and 0 will include none of the original. It
is recommended to set this to 0 in mm_cfg.py to minimize the effects of
backscatter. Bug #265835.
- A new mm_cfg.py setting DEFAULT_RESPOND_TO_POST_REQUESTS has been added
to control the default for respond_to_post_requests for new lists. It is
set to Yes for backwards compatibility, but it is recommended that
serious consideration be given to setting it to No. Bug #266051.
- A new mm_cfg.py setting DISCARD_MESSAGE_WITH_NO_COMMAND has been added to
control whether a message to the -request address without any commands or
a message to -confirm whose To: address doesn't match VERP_CONFIRM_REGEXP
is responded to or just logged. It defaults to Yes which is different
from prior behavior. Bug #410236.
- Two new mm_cfg.py settings, BROKEN_BROWSER_WORKAROUND and
BROKEN_BROWSER_REPLACEMENTS, have been added to control escaping of
additional characters beyond the standard <, >, &, and " in the web UI.
See the documentation of these settings in Defaults.py. The default
values for these settings result in no change from the prior release.
Bug #774588.
i18n
- Added some missing German templates from Egon Frerich.
- Added Greek translation from Antonis Limperis.
- A few errors in the Basque translation are fixed. Bug #836861.
- Fixed a misspelling in the German invite.txt template. Bug #815444.
- Fixed a missing format character in the Spanish translation.
Bug #670988.
- Thanks go to the following for updating translations for the changes in
this release.
Thijs Kinkhorst
Stefan Foerster
Fabian Wenk
Bug Fixes and other patches
- Fixed a bug that could send an admin notice of a held subscription with
the subject in the user's preferred language instead of the list's
preferred language and possibly not properly RFC 2047 encoded.
(LP: #998949)
- Fixed a possible CPU bound loop in OutgoingRunner if the attempt to
Connect to the SMTP server throws a socket.error. (LP: #966531)
- Fixed a potential crash in the web UI if a language is removed from the
LC_DESCRIPTIONS dictionary. (LP: #966565)
- Added an Auto-Submitted: header to invitations and (un)subscription
confirmation requests to reduce the possibility of an autoresponder
confirming the request. (LP: #265831)
- Added javascript to the private.html and admlogin.html templates to
focus the cursor on the entry field. (LP: #266054)
- Added CPPFLAGS and LDFLAGS to src/Makefile to support their use.
(LP: #637652)
- Stopped removing the trailing slash from the List-Archive: header URL.
(LP: #964190)
- A configured version of contrib/courier-to-mailman.py is now created in
build/contrib/courier-to-mailman.py. (LP: #999250)
- Subscription disabled warnings are now sent without a Precedence:
header. Bug #808821.
- Backported 2.2 branch fix for a problem in SpamDetect.py that could
cause header_filter_rules to fail to match RFC 2047 encoded headers.
- Fix for bug #629738 could cause a crash in the admindb details display
if the decoded message body contained characters not in the character
set of the list's preferred language. Fixed. Bug #910440.
- Added recognition for another Qmail bounce format.
- Fixed an erroneous seek in the Mailman.Mailbox.Mailbox.AppendMessage
method that could cause a corrupt mailbox for files opened 'w+'.
Bug #901957.
- A held message with a null sender caused a crash in the admindb
interface. This is fixed by changing the sender to <missing>.
Bug #897103.
- Changed subject prefixing to allow for possible whitespace between an
'Re' and the following colon when determining how to add the prefix.
Bug #893290.
- Fixed a problem where topics regexps would not match RFC 2047 encoded
Keywords: and/or Subject: headers. Bug #891676.
- Fixed misleading response to an email approval of a held message.
Bug #889968.
- Added masthead.txt to the list of templates that can be edited via the
web admin interface. Bug #266805.
- Changed the way digest_footer is added to the RFC 1153 (plain) format
digest for RFC compliance. Bug #887610.
- Fixed cron/checkdbs to report unsubscriptions waiting approval.
Bug #873821.
- The fix for BUG #266220 (sf1181161) has been enhanced so that if there
is a pathological HTML part such that the Approved: password text isn't
found, but it is found after stripping out HTML tags, the post is
rejected with an informative message.
- A bug that would cause reset of any new_member_options bits other than
the four displayed as checkboxes on the list admin General Options page
whenever the page was updated or bin/config_list attempted to update
new_member_options has been fixed. Bug #865825.
- A problem with the logic avoiding unnecessarily reloading a current list
object from the config.pck arises if the list is updated by another
process within the same second that it was last read/written. That can
cause the reading of latest version of the list to be skipped. This has
been fixed. Bug #862675.
- Fixed bin/export.py to accept case insensitive password schemes.
Bug #833134.
- Added Tokio Kikuchi's icons to the misc/ and installed icons/
directories. Bug #782474.
- Fixed a problem which could result in raw, undecoded message bodies
appearing in plain digests and archives. Bug #787790.
- Fixed a problem in admindb.py where the character set for the display of
the message body excerpt was not correctly determined. Bug #779751.
- Prevented setting user passwords with leading/trailing whitespace.
Bug #778088.
- Mailman now sets the 'secure' flag in cookies set via https URLs.
Bug #770377.
- Added a logout link to the admindb interface and made both admin and
admindb logout effective for a site admin cookie if allowed.
Bug #769318.
- Replaced the old Mailman logos and icon that install to Mailman's icons
directory with the new ones. If you copy these elsewhere on your
server, please copy these new ones.
- Changed bin/genaliases to only call the POSTFIX_*_CMD commands once when
MTA = 'Postfix'. Bug #266408.
- Added a report of the affected members to the warnings issued when
setting a list with digest members digestable=No and when setting a list
with non-digest members nondigestable=no. Bug #761232.
- Fixed a problem where content filtering could remove the headers from
an attached message/rfc822 part if the message in that part is
multipart/alternative and collapse_alternatives is Yes. Bug #757062.
- Changed the subscribe CGI to strip leading and trailing whitespace from
the supplied email address. Bug #745432.
- Changed the maximum number of arguments for the who command to be
considered administrivia from 2 to 1 to help avoid false positives.
Bug #739524.
- Added the list name as 'display-name' in added Sender: headers to help
mitigate Outlook et al 'on behalf of' displays. Bug #736849.
- Fixed a typo in the usage() definition cron/gate_news. Bug #721015.
- Fixed an uncaught KeyError when poster tries to cancel a post which was
already handled. Bug #266224.
- Held message user notifications now come From: list-owner instead of
list-bounces. Bug #714424.
- Issue an HTTP 404 status for private archive file not found.
- @listname entries in *_these_nonmembers are no longer case sensitive.
Bug #705715.
- Changed bin/rmlist to also remove heldmsg files for the removed list and
fixed a problem with removal of stale locks for the list. Bug #700528.
- Fixed a bug where content filtering could leave a multipart message or
part with just one sub-part. These should be recast to just the sub-part.
Bug #701558.
- Fixed a bug that could erroneously handle posts from addresses in
*_these_nonmembers and send held/rejected notices to bogus addresses when
The From or other sender header is RFC 2047 encoded. Bug #702516.
- Updated contrib/mm-handler-2.1.10 to better handle lists with names that
look like admin addresses. Bug #697161.
- Added bounce recognition for a bogus Dovecot MDN. Bug #693134.
- Fixed a problem where an emailed command in the Subject: header with a
non-ascii l10n of an 'Re:' prefix is ignored. Bug #685261.
- Fixed a problem with approving a post by email when the body of the
approval mail is base64 encoded. Bug #677115.
- Fixed the host name in the From: address of the owner notification from
bin/add_members. Bug #666181.
either because they themselves are not ready or because a
dependency isn't. This is annotated by
PYTHON_VERSIONS_INCOMPATIBLE= 33 # not yet ported as of x.y.z
or
PYTHON_VERSIONS_INCOMPATIBLE= 33 # py-foo, py-bar
respectively, please use the same style for other packages,
and check during updates.
Use versioned_dependencies.mk where applicable.
Use REPLACE_PYTHON instead of handcoded alternatives, where applicable.
Reorder Makefile sections into standard order, where applicable.
Remove PYTHON_VERSIONS_INCLUDE_3X lines since that will be default
with the next commit.
Whitespace cleanups and other nits corrected, where necessary.
Partly addresses pkg/25165.
From the package's NEWS file:
2.1.14 (20-Sep-2010)
Security
- Two potential XSS vulnerabilities have been identified and fixed.
New Features
- A new feature for controlling the addition/replacement of the Sender:
header in outgoing mail has been implemented. This allows a list owner
to set include_sender_header on the list's General Options page in the
admin GUI. The default for this setting is Yes which preserves the prior
behavior of removing any pre-existing Sender: and setting it to the
list's -bounces address. Setting this to No stops Mailman from adding or
modifying the Sender: at all.
Additionally, there is a new Defaults.py/mm_cfg.py setting
ALLOW_SENDER_OVERRIDES which defaults to Yes but which can be set to No
to remove the include_sender_header setting from General Options, and
thus preserve the prior behavior completely.
- Bounce processing has been enhanced so that if a bounce is returned to a
list from a non-member who is a member of a regular_include_list, the
bounce will be processed as a bounce for the included list.
i18n
- Fixed a missing format character in the German bin/mailmanctl docstring.
- Updated Dutch translation from Jan Veuger.
- Updated Japanese Translation from Tokio Kikuchi.
- Updated Finnish translation from Joni Töyrylä.
- Made a few corrections to some Polish templates. Bug #566731.
- Made a minor change to the Chinese (China) message catalog. Bug #545772.
- Changed a few DOCTYPE directives in templates for compliance.
Bug #500952 and Bug #500955.
Bug Fixes and other patches
- Made minor wording improvements and typo corrections in some messages.
Bug #426979.
- Fixed i18n._() to catch exceptions due to bad formats. Bug #632660.
- Fixed admindb interface to decode base64 and quoted-printable encoded
message body excerpts for display. Bug #629738.
- Fixed web CGI tracebacks to properly report sys.path. Bug #615114.
- Changed the member options login page unsubscribe request to include the
requesters IP address in the confirmation request. Bug #610527.
- Changed fix_url to lock the list if not locked. Bug #610364.
- Made a minor change to the English subscribeack.txt (welcome message)
template to emphasize that a password is only required to unsubscribe
*without confirmation*.
- Fixed an issue in admindb that could result in a KeyError and "we hit a
bug" response when a moderator acts on a post that had been handled by
someone else after the first moderator had retrieved it. Bug #598671.
- Fixed a bug which would fail to show a list on the admin and listinfo
overview pages if its web_page_url contained a :port. Bug # 597741.
- Fixed bin/genaliases to not throw TypeError when MTA = None.
Bug #587657.
- Provided the ability to specify in mm_cfg.py a local domain (e.g.
'localhost') for the local addresses in the generated virtual-mailman
when MTA = 'Postfix'. See VIRTUAL_MAILMAN_LOCAL_DOMAIN in Defaults.py.
Bug #328907.
- Made a minor change to the removal of an Approved: pseudo-header from
a text/html alternative to allow for an inserted '\xA0' before the
password.
- Fixed Content Filtering collapse_alternatives to work on deeply nested
multipart/alternative parts. Bug #576675.
- We now accept/remove X-Approved: and X-Approve: headers in addition to
Approved: and Approve: for pre-approving posts. Bug #557750.
- Reordered the 'cancel' and 'subscribe' buttons on the subscription
confirmation web page so the default action upon 'enter' will be the
subscribe button in browsers that pick the first button. Bug #530654.
- Fixed a bug in the admindb interface that could apply a moderator
action to a message not displayed. Bug #533468.
- Added a traceback to the log message produced when processing the
digest.mbox throws an exception.
- Added a urlhost argument to the MailList.MailList.Create() method to
allow bin/newlist and the the create CGI to pass urlhost so the host
will be correct in the listinfo link on the emptyarchive page.
Bug #529100.
- Added the List-Post header to the default list of headers retained in
messages in the MIME digest. Bug #526143.
- When daemonizing mailmanctl, we now ensure terminal files are closed.
- Fixed a bug in pipermail archiving that caused fallback threading by
subject to fail. Bug #266572.
- We now give an HTTP 401 status for authentication failures from admin,
admindb, private, options and roster CGIs, and an HTTP 404 status from
all the CGIs for an invalid list name.
- Backported the listinfo template change from the 2.2 branch to fix
Bug #514050.
- Fixed a bug where going to an archives/private/list.mbox/list.mbox URL
would result in a munged URL if authentication was required. Bug #266164.
- Fixed a bug where check_perms would throw an OSError if an entry in
Mailman's lists/ directory was not a directory. Bug #265613.
- Fixed a bug where a message with an Approved: header held by a handler
that precedes Approve (SpamDetect by default) would not have the
Approved: header removed if the held message was approved. Bug #501739.
2.1.13 (22-Dec-2009)
i18n
- Updated Dutch message catalog from Jan Veuger.
- Added Asturian translation from Marcos Costales and the Asturian
Language Team.
Bug Fixes and other patches
- Added "white-space: pre-wrap" style for <pre> tag in archives.
Bug #266467.
- Added vette logging for rejected and discarded (un)subscribe requests.
- Fixed a bug in admindb.py that could erroneously discard an unsubscribe
request as a duplicate.
- Decoded RFC 2047 encoded message subjects for a few reports.
Bug #266428.
- Fixed the French, Spanish and Hebrew translations which improperly
translated the 'coding:' line in bin/config_list output.
- Fixed the auto-responder to treat messages to -confirm, -join, -leave,
-subscribe and -unsubscribe as requests rather than posts. Bug #427962.
- Configure/make no longer builds Japanese and Korean codecs in
pythonlib if Python already has them.
- Inadvertently setting a null site or list password allowed access
to a list's web admin interface without authentication. Fixed by
not accepting null passwords.
- Changed VERP_CONFIRM_REGEXP in Defaults.py to work if the replying
MUA folds the To: header and in cases where the list name includes '+'.
- Fixed some paths in contrib/check_perms_grsecurity.py. Bug #411192.
- Replies to commands sent to list-request now come From: list-owner
instead of list-bounces.
- Mailman no longer folds long sub-part headers in multipart messages.
In addition, Mailman no longer escapes From_ lines in the body of
messages sent to regular list members, although MTA's may do it anyway.
This is to avoid breaking signatures per Bug #265967.
- XSS protection in the web interface went too far in escaping HTML
entities. Fixed.
- Removed or anonymized additional headers in posts to anonymous lists.
- Fixed a bug that could cause incorrect threading of replies to archived
messages that arrive with timestamps in the same second.
- Scrubbed HTML attachments containing tab characters would get the tabs
replaced by a string of ' ' without a semicolon. Fixed.
- Caught a TypeError in content filtering, collapse alternatives that
occurred with a malformed message if a multipart/alternative part
wasn't multi-part. Reported in comments to bug #266230.
- Fixed a few things in bin/update:
- Changed some old messages for more current meaning.
- Fixed qfiles update to not lose metadata from 2.1.5+ format entries.
- Fixed 2.0.x template migration to not die if the templates/ tree
contains subdirectories from a version control system.
- Fixed a bug that would show a list on the admin and listinfo overview
pages if its web_page_url host contained the current host as a
substring. Bug #342162.
- Fixed a bug in Utils.canonstr() that would throw a UnicodeDecodeError
if the string contained an HTML entity > 255 and also characters in the
128-255 range. Bug #341594.
- Added recognition for more bounces.
- Updated contrib/mmdsr to report preserved messages and to use mktemp to
create temp files.
* Fix compatibility with Python 2.6.
* Fixed a bug in admin.py which would result in chunked pages of the
membership list for members whose address begins with a non-alphanumeric
character to not be visible or retrievable.
* Changed ListAdmin.py to make rejected post messages From: the -owner
address instead of the -bounces address.
* With MTA = 'Postfix', if the STANZA END for a list being removed is
missing or munged, the remainder of the aliases and/or virtual-mailman
file is lost. Fixed.
* Since Mailman 2.1.1, 2.0.x outstanding subscription and held message
requests have not been migrated properly. This is fixed.
* Changed cron/gate_news to continue processing the remaining lists on
certain errors that can be caused by configuration of a particular list.
* Fixed a bug in AvoidDuplicates.py that caused it to fail if the address
in the To: or Cc: header differed in case from the case-preserved member
address.
* Fixed a problem in SecurityManager that caused it to not find the
cookie when CheckCookie was not given a user and the user in the cookie
had a %xx encoded character.
* Fixed a minor fromusenet reporting issue in the contributed mmdsr
script.
* Fixed a minor issue in cron/gate_news that could cause a list's
watermark to not be completely updated.
* Fixed an issue that prevented editing the options.html template from
the web admin interface.
* Fixed a problem in Decorate which could throw a TypeError on conversion
to unicode of a header/footer that was already unicode because of
interpolating a unicode value.
* Fixed an issue where list creation would report bad owner email
instead of bad listname when the list name had non-ascii characters.
* Updated Dutch, Catalan and Polish translations.
* Fix compatibility with Python 2.6.
* Fixed a bug in admin.py which would result in chunked pages of the
membership list for members whose address begins with a non-alphanumeric
character to not be visible or retrievable.
* Changed ListAdmin.py to make rejected post messages From: the -owner
address instead of the -bounces address.
* With MTA = 'Postfix', if the STANZA END for a list being removed is
missing or munged, the remainder of the aliases and/or virtual-mailman
file is lost. Fixed.
* Since Mailman 2.1.1, 2.0.x outstanding subscription and held message
requests have not been migrated properly. This is fixed.
* Changed cron/gate_news to continue processing the remaining lists on
certain errors that can be caused by configuration of a particular list.
* Fixed a bug in AvoidDuplicates.py that caused it to fail if the address
in the To: or Cc: header differed in case from the case-preserved member
address.
* Fixed a problem in SecurityManager that caused it to not find the
cookie when CheckCookie was not given a user and the user in the cookie
had a %xx encoded character.
* Fixed a minor fromusenet reporting issue in the contributed mmdsr
script.
* Fixed a minor issue in cron/gate_news that could cause a list's
watermark to not be completely updated.
* Fixed an issue that prevented editing the options.html template from
the web admin interface.
* Fixed a problem in Decorate which could throw a TypeError on conversion
to unicode of a header/footer that was already unicode because of
interpolating a unicode value.
* Fixed an issue where list creation would report bad owner email
instead of bad listname when the list name had non-ascii characters.
* Updated Dutch, Catalan and Polish translations.
New Features
- Added a new cron/cull_bad_shunt script to cull and optionally
archive old entries from the bad and shunt queues. This is controlled
by new Defaults.py/mm_cfg.py settings BAD_SHUNT_STALE_AFTER (default
7 days) and BAD_SHUNT_ARCHIVE_DIRECTORY (default None) which determine
how long to keep bad and shunt queue entries and optionally, where to
archive removed entries.
- Prepended list name to bounce log unrecognized bounce messages.
- Added a new Defaults.py|mm_cfg.py setting ACCEPTABLE_LISTNAME_CHARACTERS
with default value '[-+_.=a-z0-9]'. This Python regular expression
character class specifies the characters allowed in list names. The
motivation for this is the fact that previously, a list named, e.g.,
xxx&yyy could be created and MTA aliases generated that would cause
The MTA to execute yyy as a command. There is a possible security issue
here, but it is not believed to be exploitable in any meaningful way.
Bug fixes and other patches
- Changed the preservation of unparseable messages to be conditional on
the Defaults.py/mm_cfg.py setting of QRUNNER_SAVE_BAD_MESSAGES and
changed the queue directory in which messages are preserved from 'shunt'
to 'bad'.
- Fixed a bug introduced in 2.1.10 that caused some email subscribe
requests to be shunted (1966837).
- Fixed a problem with bin/update erroneously moving templates from
templates/xx to lists/xx if a list has the same name as a language
code. Also fixed the absolute path to lists/ (1418670 ).
- Changed Utils.ValidateEmail to not allow specials (particularly ':')
in unquoted local parts (1956393).
- Changed bin/update to remove .bak files erroneously left behind in
qfiles/*/ by a 2.1.9 bug.
- Added 's' to %(listname) in templates/ia/admlogin.html and
templates/sl/help.txt (1682990).
- Use newer template variable for site-owner address in
templates/ko/newlist.txt and templates/ru/newlist.txt (1578766).
- Corrections to Spanish translation submitted by Wikimedia Foundation
(1433262) and Debian.
- Corrections to German translation submitted by Ralf Doeblitz (916196).
- Correction to French translation submitted by Maxime Carron (1588617).
- Correction to Portuguese translation submitted by Gabriel P. Silva
(1733057).
- Add #! line to fblast.py test script (1578740).
- Fixed unescaped '%' in templates/nl/newlist.txt (1719017).
- Changed non-ascii characters in some templates/*/*.html files to HTML
entities.
- Fixed a problem in Decorate.py that could result in a multipart
message with no part headers for the original body part (1991348).
- Improved recognition of some bounce messages.
- Rearranged calls to the list setBounceInfo() method in Bouncer.py
to accommodate MemberAdaptors that store bounce info outside the
list instance.
- Fixed CookHeaders.py which in some cases with new style prefixing
would insert an extra space between the prefix and the subject.
- Changed OldStyleMemberships.py to remove the member from one_last_digest
when changing from regular to digest delivery to avoid the possibility
of a duplicate digest in some circumstances.
- Patched Danish message catalog for proper use of HTML entities per
Jonas Smedegaard (1999966).
- Improved bounce loop detection and handling in BounceRunner.py.
- Merged the Catalan i18n from the Mailman Catalan Translation Team.
- German translation updated by Peer Heinlein.
- Added check for gateway_to_news before holding for ModeratedNewsgroup.
- At some point, cron/senddigests and bin/update were inadvertently
'preconfigured'. This has been fixed.
- Brazilian Portuguese translation updated by Diego Francisco
de Gastal Morales.
- Added 'listname' to the replacements for the archidxfoot.html template.
Miscellaneous
- Brad Knowles' mailman daily status report script updated to 0.0.18.
- assume that Python 2.4 and 2.5 are compatible and allow checking for
fallout.
- remove PYTHON_VERSIONS_COMPATIBLE that are obsoleted by the 2.3+
default. Modify the others to deal with the removals.
the owner of all installed files is a non-root user. This change
affects most packages that require special users or groups by making
them use the specified unprivileged user and group instead.
(1) Add two new variables PKG_GROUPS_VARS and PKG_USERS_VARS to
unprivileged.mk. These two variables are lists of other bmake
variables that define package-specific users and groups. Packages
that have user-settable variables for users and groups, e.g. apache
and APACHE_{USER,GROUP}, courier-mta and COURIER_{USER,GROUP},
etc., should list these variables in PKG_USERS_VARS and PKG_GROUPS_VARS
so that unprivileged.mk can know to set them to ${UNPRIVILEGED_USER}
and ${UNPRIVILEGED_GROUP}.
(2) Modify packages to use PKG_GROUPS_VARS and PKG_USERS_VARS.
Chnages since 2.1.9rc1:
- Fixed an unexploitable format string vulnerability. Discovery and fix
by Karl Chen. Analysis of non-exploitability by Martin 'Joey' Schulze.
Also thanks go to Lionel Elie Mamane. CVE-2006-2191.
Also running a diff -r shows that there has been small updates to various
translations.
Security
- A malicious user could visit a specially crafted URI and inject an
apparent log message into Mailman's error log which might induce an
unsuspecting administrator to visit a phishing site. This has been
blocked. Thanks to Moritz Naumann for its discovery.
- Fixed denial of service attack which can be caused by some
standards-breaking RFC 2231 formatted headers. CVE-2006-2941.
- Several cross-site scripting issues have been fixed. Thanks to Moritz
Naumann for their discovery. CVE-2006-3636
Internationalization
- New languages: Arabic, Vietnamese.
Bug fixes and other patches
- Fixed Decorate.py so that characters in message header/footer which
are not in the character set of the list's language are ignored rather
than causing shunted messages (1507248).
- Switchboard.py - Closed very tiny holes at the upper ends of queue
slices that could result in unprocessable queue entries. Improved FIFO
processing when two queue entries have the same timestamp.
the pkglint warning:
As {INSTALL,DEINSTALL}_TEMPLATE is modified using "+=", its name
should indicate plural.
This does make the variables a bit more suggestive of the fact that they
hold lists of values.
