aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Mailman/Defaults.py.in5
-rw-r--r--Mailman/MTA/Utils.py11
-rw-r--r--Mailman/MailList.py6
-rw-r--r--Mailman/Version.py6
-rw-r--r--NEWS10
5 files changed, 31 insertions, 7 deletions
diff --git a/Mailman/Defaults.py.in b/Mailman/Defaults.py.in
index 545eb6fe..fcf474a5 100644
--- a/Mailman/Defaults.py.in
+++ b/Mailman/Defaults.py.in
@@ -109,6 +109,11 @@ ALLOW_SITE_ADMIN_COOKIES = No
# name of the temporary file that the program should operate on.
HTML_TO_PLAIN_TEXT_COMMAND = '/usr/bin/lynx -dump %(filename)s'
+# A Python regular expression character class which defines the characters
+# allowed in list names. Lists cannot be created with names containing any
+# character that doesn't match this class.
+ACCEPTABLE_LISTNAME_CHARACTERS = '[-+_.=a-z0-9]'
+
#####
diff --git a/Mailman/MTA/Utils.py b/Mailman/MTA/Utils.py
index 14562de6..07d8bcad 100644
--- a/Mailman/MTA/Utils.py
+++ b/Mailman/MTA/Utils.py
@@ -1,4 +1,4 @@
-# Copyright (C) 2001,2002 by the Free Software Foundation, Inc.
+# Copyright (C) 2001-2008 by the Free Software Foundation, Inc.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
@@ -17,6 +17,7 @@
"""Utilities for list creation/deletion hooks."""
import os
+import re
import pwd
from Mailman import mm_cfg
@@ -45,13 +46,17 @@ def _makealiases_mailprog(listname):
# backwards compatibility and may eventually go away (we really have no
# need for the -admin address anymore).
#
+ # We escape a few special characters in the list name in the pipe command
+ # to avoid characters that might split the pipe into two commands.
+ safename = re.sub('([;|&`$])', r'\\\1', listname)
+ #
# Seed this with the special cases.
- aliases = [(listname, '"|%s post %s"' % (wrapper, listname)),
+ aliases = [(listname, '"|%s post %s"' % (wrapper, safename)),
]
for ext in ('admin', 'bounces', 'confirm', 'join', 'leave', 'owner',
'request', 'subscribe', 'unsubscribe'):
aliases.append(('%s-%s' % (listname, ext),
- '"|%s %s %s"' % (wrapper, ext, listname)))
+ '"|%s %s %s"' % (wrapper, ext, safename)))
return aliases
diff --git a/Mailman/MailList.py b/Mailman/MailList.py
index 7cd2c5cb..ac2d1baf 100644
--- a/Mailman/MailList.py
+++ b/Mailman/MailList.py
@@ -475,6 +475,12 @@ class MailList(HTMLFormatter, Deliverer, ListAdmin,
assert name == name.lower(), 'List name must be all lower case.'
if Utils.list_exists(name):
raise Errors.MMListAlreadyExistsError, name
+ # Problems and potential attacks can occur if the list name in the
+ # pipe to the wrapper in an MTA alias or other delivery process
+ # contains shell special characters so allow only defined characters
+ # (default = '[-+_.=a-z0-9]').
+ if len(re.sub(mm_cfg.ACCEPTABLE_LISTNAME_CHARACTERS, '', name)) > 0:
+ raise Errors.BadListNameError, name
# Validate what will be the list's posting address. If that's
# invalid, we don't want to create the mailing list. The hostname
# part doesn't really matter, since that better already be valid.
diff --git a/Mailman/Version.py b/Mailman/Version.py
index 65738b6b..4a559213 100644
--- a/Mailman/Version.py
+++ b/Mailman/Version.py
@@ -16,7 +16,7 @@
# USA.
# Mailman version
-VERSION = '2.1.11rc2'
+VERSION = '2.1.11'
# And as a hex number in the manner of PY_VERSION_HEX
ALPHA = 0xa
@@ -29,9 +29,9 @@ FINAL = 0xf
MAJOR_REV = 2
MINOR_REV = 1
MICRO_REV = 11
-REL_LEVEL = GAMMA
+REL_LEVEL = FINAL
# at most 15 beta releases!
-REL_SERIAL = 2
+REL_SERIAL = 0
HEX_VERSION = ((MAJOR_REV << 24) | (MINOR_REV << 16) | (MICRO_REV << 8) |
(REL_LEVEL << 4) | (REL_SERIAL << 0))
diff --git a/NEWS b/NEWS
index 704f14f2..ddc79973 100644
--- a/NEWS
+++ b/NEWS
@@ -4,7 +4,7 @@ Copyright (C) 1998-2008 by the Free Software Foundation, Inc.
Here is a history of user visible changes to Mailman.
-2.1.11rc2 (23-Jun-2008)
+2.1.11 (30-Jun-2008)
New Features
@@ -17,6 +17,14 @@ Here is a history of user visible changes to Mailman.
- Prepended list name to bounce log unrecognized bounce messages.
+ - Added a new Defaults.py|mm_cfg.py setting ACCEPTABLE_LISTNAME_CHARACTERS
+ with default value '[-+_.=a-z0-9]'. This Python regular expression
+ character class specifies the characters allowed in list names. The
+ motivation for this is the fact that previously, a list named, e.g.,
+ xxx&yyy could be created and MTA aliases generated that would cause
+ The MTA to execute yyy as a command. There is a possible security issue
+ here, but it is not believed to be exploitable in any meaningful way.
+
Bug fixes and other patches
- Changed the preservation of unparseable messages to be conditional on