9 files changed, 116 insertions, 51 deletions

diff --git a/Mailman/Cgi/subscribe.py b/Mailman/Cgi/subscribe.py
index 3977268c..aefce493 100755
--- a/Mailman/Cgi/subscribe.py
+++ b/Mailman/Cgi/subscribe.py
@@ -151,7 +151,7 @@ def process_form(mlist, doc, cgidata, lang):
             if not captcha_response['success']:
                 e_codes = COMMASPACE.join(captcha_response['error-codes'])
                 results.append(_('reCAPTCHA validation failed: %(e_codes)s'))
-        except urllib2.URLError as e:
+        except urllib2.URLError, e:
             e_reason = e.reason
             results.append(_('reCAPTCHA could not be validated: %(e_reason)s'))
 
diff --git a/Mailman/Gui/General.py b/Mailman/Gui/General.py
index 980e5f2b..dfde6309 100644
--- a/Mailman/Gui/General.py
+++ b/Mailman/Gui/General.py
@@ -1,4 +1,4 @@
-# Copyright (C) 2001-2014 by the Free Software Foundation, Inc.
+# Copyright (C) 2001-2018 by the Free Software Foundation, Inc.
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -559,6 +559,14 @@ mlist.info.
                                           or not isinstance(val, IntType)):
             doc.addError(_("""<b>admin_member_chunksize</b> attribute not
             changed!  It must be an integer > 0."""))
+        elif property == 'host_name':
+            try:
+                Utils.ValidateEmail('user@' + val)
+            except Errors.EmailAddressError:
+                doc.addError(_("""<b>host_name</b> attribute not changed!
+                It must be a valid domain name."""))
+            else:
+                GUIBase._setValue(self, mlist, property, val, doc)
         else:
             GUIBase._setValue(self, mlist, property, val, doc)
 
diff --git a/Mailman/Handlers/ToDigest.py b/Mailman/Handlers/ToDigest.py
index 046cbaba..15042075 100644
--- a/Mailman/Handlers/ToDigest.py
+++ b/Mailman/Handlers/ToDigest.py
@@ -72,10 +72,9 @@ def to_cset_out(text, lcset):
     # Convert text from unicode or lcset to output cset.
     ocset = Charset(lcset).get_output_charset() or lcset
     if isinstance(text, unicode):
-        return text.encode(ocset, errors='replace')
+        return text.encode(ocset, 'replace')
     else:
-        return text.decode(lcset, errors='replace').encode(ocset,
-                                                           errors='replace')
+        return text.decode(lcset, 'replace').encode(ocset, 'replace')
 
 
 
diff --git a/Mailman/MailList.py b/Mailman/MailList.py
index d1dc17a4..619c3206 100755
--- a/Mailman/MailList.py
+++ b/Mailman/MailList.py
@@ -1,4 +1,4 @@
-# Copyright (C) 1998-2016 by the Free Software Foundation, Inc.
+# Copyright (C) 1998-2018 by the Free Software Foundation, Inc.
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -784,8 +784,16 @@ class MailList(HTMLFormatter, Deliverer, ListAdmin,
             self.reply_to_address = ''
             self.reply_goes_to_list = 0
         # Legacy topics may have bad regular expressions in their patterns
+        # Also, someone may have broken topics with, e.g., config_list.
         goodtopics = []
-        for name, pattern, desc, emptyflag in self.topics:
+        for value in self.topics:
+            try:
+                name, pattern, desc, emptyflag = value
+            except ValueError:
+                # This value is not a 4-tuple. Just log and drop it.
+                syslog('error', 'Bad topic "%s" for list: %s',
+                       value, self.internal_name())
+                continue
             try:
                 orpattern = OR.join(pattern.splitlines())
                 re.compile(orpattern)
diff --git a/Mailman/Queue/OutgoingRunner.py b/Mailman/Queue/OutgoingRunner.py
index 0a204e66..86d26808 100755
--- a/Mailman/Queue/OutgoingRunner.py
+++ b/Mailman/Queue/OutgoingRunner.py
@@ -1,4 +1,4 @@
-# Copyright (C) 2000-2017 by the Free Software Foundation, Inc.
+# Copyright (C) 2000-2018 by the Free Software Foundation, Inc.
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -122,12 +122,12 @@ class OutgoingRunner(Runner, BounceMixin):
                         # disposition?
                         if now > deliver_until:
                             return False
-                        # We're going to retry, but not too soon.
-                        deliver_after = now + mm_cfg.DELIVERY_RETRY_WAIT
-                        msgdata['deliver_after'] = deliver_after
                     else:
                         # Keep trying to delivery this message for a while
                         deliver_until = now + mm_cfg.DELIVERY_RETRY_PERIOD
+                    # Don't retry delivery too soon.
+                    deliver_after = now + mm_cfg.DELIVERY_RETRY_WAIT
+                    msgdata['deliver_after'] = deliver_after
                     msgdata['last_recip_count'] = len(recips)
                     msgdata['deliver_until'] = deliver_until
                     msgdata['recips'] = recips
diff --git a/Mailman/Queue/RetryRunner.py b/Mailman/Queue/RetryRunner.py
index 66244253..49aa484d 100644
--- a/Mailman/Queue/RetryRunner.py
+++ b/Mailman/Queue/RetryRunner.py
@@ -1,4 +1,4 @@
-# Copyright (C) 2003 by the Free Software Foundation, Inc.
+# Copyright (C) 2003-2018 by the Free Software Foundation, Inc.
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -37,7 +37,10 @@ class RetryRunner(Runner):
         self.__outq = Switchboard(mm_cfg.OUTQUEUE_DIR)
 
     def _dispose(self, mlist, msg, msgdata):
-        # Move it to the out queue for another retry
+        # Move it to the out queue for another retry if it's time.
+        deliver_after = msgdata.get('deliver_after', 0)
+        if time.time() < deliver_after:
+            return True
         self.__outq.enqueue(msg, msgdata)
         return False
 
diff --git a/Mailman/Utils.py b/Mailman/Utils.py
index 9dbd0b55..fd6ac796 100644
--- a/Mailman/Utils.py
+++ b/Mailman/Utils.py
@@ -1,4 +1,4 @@
-# Copyright (C) 1998-2017 by the Free Software Foundation, Inc.
+# Copyright (C) 1998-2018 by the Free Software Foundation, Inc.
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -1019,6 +1019,7 @@ _badwords = [
     '<meta',
     '<object',
     '<script',
+    '@keyframes',
     r'\bj(?:ava)?script\b',
     r'\bvbs(?:cript)?\b',
     r'\bdomactivate\b',
@@ -1035,12 +1036,14 @@ _badwords = [
     r'\bon(?:de)?activate\b',
     r'\bon(?:after|before)print\b',
     r'\bon(?:after|before)update\b',
+    r'\b(?:on)?animation(?:end|iteration|start)\b',
     r'\bonbefore(?:(?:de)?activate|copy|cut|editfocus|paste)\b',
     r'\bonbeforeunload\b',
     r'\bonbegin\b',
     r'\bonblur\b',
     r'\bonbounce\b',
     r'\bonbroadcast\b',
+    r'\boncanplay(?:through)?\b',
     r'\bon(?:cell)?change\b',
     r'\boncheckboxstatechange\b',
     r'\bon(?:dbl)?click\b',
@@ -1056,7 +1059,9 @@ _badwords = [
     r'\bondrag(?:drop|end|enter|exit|gesture|leave|over)?\b',
     r'\bondragstart\b',
     r'\bondrop\b',
-    r'\bonend\b',
+    r'\bondurationchange\b',
+    r'\bonemptied\b',
+    r'\bonend(?:ed)?\b',
     r'\bonerror(?:update)?\b',
     r'\bonfilterchange\b',
     r'\bonfinish\b',
@@ -1066,21 +1071,28 @@ _badwords = [
     r'\bonkey(?:up|down|press)\b',
     r'\bonlayoutcomplete\b',
     r'\bon(?:un)?load\b',
+    r'\bonloaded(?:meta)?data\b',
+    r'\bonloadstart\b',
     r'\bonlosecapture\b',
     r'\bonmedia(?:complete|error)\b',
+    r'\bonmessage\b',
     r'\bonmouse(?:down|enter|leave|move|out|over|up|wheel)\b',
     r'\bonmove(?:end|start)?\b',
     r'\bon(?:off|on)line\b',
+    r'\bonopen\b',
     r'\bonoutofsync\b',
     r'\bonoverflow(?:changed)?\b',
     r'\bonpage(?:hide|show)\b',
     r'\bonpaint\b',
     r'\bonpaste\b',
     r'\bonpause\b',
+    r'\bonplay(?:ing)?\b',
+    r'\bonpopstate\b',
     r'\bonpopup(?:hidden|hiding|showing|shown)\b',
     r'\bonprogress\b',
     r'\bonpropertychange\b',
     r'\bonradiostatechange\b',
+    r'\bonratechange\b',
     r'\bonreadystatechange\b',
     r'\bonrepeat\b',
     r'\bonreset\b',
@@ -1090,19 +1102,30 @@ _badwords = [
     r'\bonrow(?:delete|enter|exit|inserted)\b',
     r'\bonrows(?:delete|enter|inserted)\b',
     r'\bonscroll\b',
-    r'\bonseek\b',
+    r'\bonsearch\b',
+    r'\bonseek(?:ed|ing)?\b',
     r'\bonselect(?:start)?\b',
     r'\bonselectionchange\b',
+    r'\bonshow\b',
     r'\bonstart\b',
+    r'\bonstalled\b',
     r'\bonstop\b',
+    r'\bonstorage\b',
     r'\bonsubmit\b',
+    r'\bonsuspend\b',
     r'\bonsync(?:from|to)preference\b',
     r'\bonsyncrestored\b',
     r'\bontext\b',
-    r'\bontimeerror\b',
+    r'\bontime(?:error|update)\b',
+    r'\bontoggle\b',
+    r'\bontouch(?:cancel|end|move|start)\b',
     r'\bontrackchange\b',
+    r'\b(?:on)?transitionend\b',
     r'\bonunderflow\b',
     r'\bonurlflip\b',
+    r'\bonvolumechange\b',
+    r'\bonwaiting\b',
+    r'\bonwheel\b',
     r'\bseeksegmenttime\b',
     r'\bsvgabort\b',
     r'\bsvgerror\b',
diff --git a/NEWS b/NEWS
index 5f66485c..e2f64e12 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,32 @@ Copyright (C) 1998-2018 by the Free Software Foundation, Inc.
 
 Here is a history of user visible changes to Mailman.
 
+2.1.27 (xx-xxx-xxxx)
+
+  Security
+
+    - Existing protections against malicious listowners injecting evil
+      scripts into listinfo pages have had a few more checks added.
+
+  i18n
+
+    - The Russian translation has been updated by Danil Smirnov.
+
+  Bug fixes and other patches
+
+    - The reimplementation of DELIVERY_RETRY_WAIT in 2.1.26 could cause extra
+      dequeueing and requeueing in the out queue by OutgoingRunner.  This is
+      fixed.  (LP: #1762871)
+
+    - A Python 2.7 dependency introduced in the ToDigests handler in Mailman
+      2.1.24 has been removed.  (LP: #1755317)
+
+    - Bad values in a list's topics will no longer break everything that
+      might instantiate the list.  (LP: #1754516)
+
+    - A Python 2.7 dependency introduced with the reCAPTCHA feature in 2.1.26
+      has been removed.  (LP: #1752658)
+
 2.1.26 (04-Feb-2018)
 
   Security
diff --git a/messages/ru/LC_MESSAGES/mailman.po b/messages/ru/LC_MESSAGES/mailman.po
index c01435da..bad82882 100644
--- a/messages/ru/LC_MESSAGES/mailman.po
+++ b/messages/ru/LC_MESSAGES/mailman.po
@@ -4,12 +4,12 @@
 # Dmitri I GOULIAEV <dmitri.gouliaev@telkel.net>, 2002-2005
 # Valia V. Vaneeva <fattie@altlinux.ru>, 2004
 # Andrew Martynov <andrewm@inventa.ru> 2004
-# Danil Smirnov <danil@smirnov.la>, 2015, 2016.
+# Danil Smirnov <danil@smirnov.la>, 2015-2018.
 msgid ""
 msgstr ""
 "Project-Id-Version: mailman v2.1\n"
 "POT-Creation-Date: Tue Jan 30 08:13:26 2018\n"
-"PO-Revision-Date: 2016-02-08 16:09+0300\n"
+"PO-Revision-Date: 2018-03-18 13:49+0200\n"
 "Last-Translator: Danil Smirnov <danil@smirnov.la>\n"
 "Language-Team: Russian <danil@smirnov.la>\n"
 "Language: ru\n"
@@ -18,7 +18,7 @@ msgstr ""
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n"
 "%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n"
-"X-Generator: Virtaal 0.7.1\n"
+"X-Generator: Poedit 2.0.6\n"
 
 #: Mailman/Archiver/HyperArch.py:123
 msgid "size not available"
@@ -1197,7 +1197,7 @@ msgid ""
 "%(list_name)s list has been changed to %(change_to)s.\n"
 msgstr ""
 "Адрес подписчика списка рассылки %(list_name)s\n"
-"был изменен с %(change_from)s на %(change_to)s."
+"был изменен с %(change_from)s на %(change_to)s.\n"
 
 #: Mailman/Cgi/admin.py:1595
 msgid "%(list_name)s address change notice."
@@ -2348,55 +2348,49 @@ msgstr "Шапка дайджеста"
 
 #: Mailman/Cgi/edithtml.py:53
 msgid "User notice of held post"
-msgstr ""
+msgstr "Уведомление пользователя о задержанном сообщении"
 
 #: Mailman/Cgi/edithtml.py:54
-#, fuzzy
 msgid "User notice of held subscription"
-msgstr "Список моих подписок"
+msgstr "Уведомление пользователя о подписке на рассмотрении модератора"
 
 #: Mailman/Cgi/edithtml.py:55
 msgid "Notice of post refused by moderator"
-msgstr ""
+msgstr "Уведомление пользователя о сообщении, отклоненном модератором"
 
 #: Mailman/Cgi/edithtml.py:56
 msgid "Invitation to join list"
-msgstr ""
+msgstr "Приглашение к подписке на лист рассылки"
 
 #: Mailman/Cgi/edithtml.py:57
-#, fuzzy
 msgid "Request to confirm subscription"
-msgstr "Список моих подписок"
+msgstr "Запрос о подтверждении подписки"
 
 #: Mailman/Cgi/edithtml.py:58
-#, fuzzy
 msgid "Request to confirm unsubscription"
-msgstr "Подтвердите запрос на удаление подписки"
+msgstr "Звпрос о подтверждении отписки"
 
 #: Mailman/Cgi/edithtml.py:59
 msgid "User notice of autoresponse limit"
-msgstr ""
+msgstr "Уведомление пользователя о достижении лимита сообщений автоответчику"
 
 #: Mailman/Cgi/edithtml.py:60
-#, fuzzy
 msgid "User post acknowledgement"
-msgstr "Подтверждение доставки в список рассылки %(realname)s"
+msgstr "Уведомление о доставке сообщения в список рассылки"
 
 #: Mailman/Cgi/edithtml.py:61
 msgid "Subscription disabled by bounce warning"
-msgstr ""
+msgstr "Подписка приостановлена из-за ошибок доставки "
 
 #: Mailman/Cgi/edithtml.py:62
 msgid "Admin/moderator login page"
-msgstr ""
+msgstr "Страница входа администратора/модератора"
 
 #: Mailman/Cgi/edithtml.py:63
-#, fuzzy
 msgid "Private archive login page"
-msgstr "Ошибка доступа к закрытому архиву"
+msgstr "Страница входа в приватный архив сообщений"
 
 #: Mailman/Cgi/edithtml.py:64
-#, fuzzy
 msgid "On demand password reminder"
 msgstr "Отправлять ежемесячные напоминания паролей?"
 
@@ -3110,11 +3104,11 @@ msgstr "Укажите корректный адрес электронной п
 
 #: Mailman/Cgi/subscribe.py:153
 msgid "reCAPTCHA validation failed: %(e_codes)s"
-msgstr ""
+msgstr "Ошибка проверки reCAPTCHA: %(e_codes)s"
 
 #: Mailman/Cgi/subscribe.py:156
 msgid "reCAPTCHA could not be validated: %(e_reason)s"
-msgstr ""
+msgstr "Проверка reCAPTCHA не удалась: %(e_reason)s"
 
 #: Mailman/Cgi/subscribe.py:181
 msgid "The form is too old.  Please GET it again."
@@ -8779,9 +8773,8 @@ msgid "-------------- next part --------------\n"
 msgstr "----------- следующая часть -----------\n"
 
 #: Mailman/Handlers/SpamDetect.py:64
-#, fuzzy
 msgid "Header matched regexp: %(pattern)s"
-msgstr "Заблокированный адрес (подходит под шаблон %(pattern)s)"
+msgstr "Заголовок подходит под шаблон: %(pattern)s"
 
 #: Mailman/Handlers/SpamDetect.py:126
 msgid ""
@@ -11018,6 +11011,8 @@ msgid ""
 "Show basic statistics about, and build options for this\n"
 "installation of Mailman. Requires python 2."
 msgstr ""
+"Вывод общей статистики и параметров сборки\n"
+"для этой установки Mailman. Требуется python 2."
 
 #: bin/mailmanctl:20
 msgid ""
@@ -13390,7 +13385,6 @@ msgstr ""
 "        указанные списки рассылки.\n"
 
 #: cron/senddigests:20
-#, fuzzy
 msgid ""
 "Dispatch digests for lists w/pending messages and digest_send_periodic set.\n"
 "\n"
@@ -13411,23 +13405,27 @@ msgid ""
 "        Don't send the digest for the given list.  May be repeated to skip\n"
 "        multiple lists.\n"
 msgstr ""
-"Разослать дайджесты для списков рассылки, у которых есть сообщения в очереди "
-"и\n"
-"установлен параметр digest_send_periodic.\n"
+"Разослать дайджесты для списков рассылки, у которых есть сообщения в "
+"очереди\n"
+"и установлен параметр digest_send_periodic.\n"
 "\n"
 "Запуск: %(PROGRAM)s [параметры]\n"
 "\n"
 "Параметры:\n"
-"\n"
-"    --help\n"
-"    -h\n"
+"    -h / --help\n"
 "        Вывести подсказку и завершить работу.\n"
-"    -l listname\n"
+"\n"
+"    -l имя_списка_рассылки\n"
 "    --listname=имя_списка_рассылки\n"
 "        Разослать дайджесты только для указанного списка рассылки, если ни\n"
 "        одного списка рассылки не указано, разослать дайджесты для всех "
 "списков\n"
-"        рассылки на сервере.\n"
+"        рассылки на сервере. Параметр можно указывать несколько раз.\n"
+"\n"
+"    -e имя_списка_рассылки\n"
+"    --exceptlist имя_списка_рассылки\n"
+"        Не отправлять дайджесты в указанный список рассылки.\n"
+"        Параметр можно указывать несколько раз.\n"
 
 #~ msgid "The message headers matched a filter rule"
 #~ msgstr "Заголовки сообщения совпали с правилами фильтра"