aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Fix an unexploitable format string vulnerability. Even though unexploitable,bwarsaw2006-09-112-1/+5
| | | | | it's still crappy coding that should be fixed. CVE-2006-2191. Thanks go to Karl Chen, Martin 'Joey' Schulze, and Elie Mamane.
* 2006-09-07 Committed updated Dutch translations of the messages mailman.po ↵clytie2006-09-072-1885/+1675
| | | | | file and the template admindbdetails.html by Jan Veuger <info@janveuger.com> Clytie Siddall <clytie@riverland.net.au>
* vi.po Updated Vietnamese translation, Clytie Siddall <clytie@riverland.net.au>clytie2006-09-071-1254/+1356
|
* Updates for 2.1.9 and beyond. Remove the inthenews.ht files and insteadbwarsaw2006-09-0525-1556/+75
| | | | | include a new 'Community' link in the topbar that points to the COM space in the wiki.
* minors corrections from P.GEORGEp_george2006-09-043-16/+36
|
* Several fixes done in the last months.pheinlein2006-09-031-149/+101
|
* 2.1.9 final will be released this monthbwarsaw2006-09-021-1/+1
|
* Update web pages and version numbers for 2.1.9rc1.bwarsaw2006-09-0226-39/+35
|
* Message template and catalogs update.tkikuchi2006-09-0135-7113/+7287
|
* Revised translation by IKEDA Soji.tkikuchi2006-09-012-20/+39
|
* A much improved release script, which now knows about Subversion (though isn'tbwarsaw2006-09-0123-290/+236
| | | | | | | yet ready to work from the trunk). Also, get rid of all the obsolete .cvsignore directories, they're no longer needed. Almost ready for 2.1.9rc1!
* Catalog updates.bwarsaw2006-08-302-3316/+3347
|
* Make a sweep through the web pages to update various bits of information.bwarsaw2006-08-3031-750/+476
| | | | This is in prep for the 2.1.9 release.
* CVE-2006-3636. Fixes for various cross-site scripting issues. Discovery bybwarsaw2006-08-3010-33/+67
| | | | | Moritz Naumann and most of the repair work done by Mark Sapiro (with some additional work by Barry).
* Update copyright years.bwarsaw2006-08-071-1/+1
|
* svn:ignore .mo files.bwarsaw2006-08-070-0/+0
|
* Bump version number to 2.1.9a0bwarsaw2006-08-071-4/+5
|
* New language -> languages. Sorry we don't have plurals in japanese.tkikuchi2006-08-051-1/+1
|
* Add new language: Arabic.tkikuchi2006-08-051-539/+3340
|
* Arabic templates.tkikuchi2006-08-0444-0/+1267
|
* Arabic directory and file.tkikuchi2006-08-041-0/+10112
|
* Language files update. New languages: Arabic, Vietnamese.tkikuchi2006-08-0436-14148/+16524
|
* Back port Python 2.5 compatibility changes to Mailman 2.1. Specifically,bwarsaw2006-07-303-15/+25
| | | | | | | | | | | | | | | | | | - In SecurityManager.py, fix the parsecookie() code to work with Python 2.5 generated cookie text. The latter was changed to be more RFC compliant so it does not output trailing semicolons for each line of cookie text. This broke the splitting rules, so now first split on newlines, then on ';\s*'. This should work across all Python versions. - In Python 2.5, exceptions are new-style, and thus are no longer of ClassType. The instantiation type test in hold_for_approval() was too naive. This one is fixed differently here than in the MM trunk because in Python 2.1, 'type' isn't a type, it's a function and so can't be used as the second argument to isinstance() directly. - Raising strings generates deprecation warnings in Python 2.5. Switch the one weird use of this in Utils.py to use a class exception. Don't call it "quick exit" though because it's probably not.
* Update to email 2.5.8bwarsaw2006-07-263-1/+1
|
* SendSubscribeAck() - Removed test of self.send_welcome_message.msapiro2006-07-241-3/+1
| | | The caller may want to override the list setting.
* - Switchboard.py Changed "while key in times.keys():" tomsapiro2006-07-231-1/+1
| | | | "while times.has_key(key):" for execution efficiency while maintaining Python 2.1 compatibility.
* - Switchboard.py Added missing newline at EOF.msapiro2006-07-221-1/+1
|
* - bin/unshuntmsapiro2006-07-223-14/+47
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Queue/Runner.py - Queue/Switchboard.py Backported the gfiles backup changes from the trunk. The following comments are from the trunk checkin. Note that the test cases are not added. Added robustness to Switchboards and Runners so that if a runner crashes uncleanly (e.g. segfaults the Python interpreter), messages being processed will not be lost. The vulnerability, ideas, and patches are credited to Richard Barrett and Mark Sapiro. Their original work was modified by Barry for this commit and any bugs are his fault. The basic idea is that instead of unlinking a .pck file in dequeue(), the file is renamed to a .bak file. The Switchboard grows a finish() method which then unlinks the .bak file. That class's constructor also grows a 'restore' argument (defaulting to false), which when true moves all .bak files it finds in its hash space to .pck, thereby restoring a file lost while "in flight". This relies on the fact that even with multiple qrunners, exactly one process will be responsible for one hash space slice, so it's never possible (under normal operation) for a .bak file to be renamed to .pck by some other process. Test cases for both the new Switchboard behavior and the use of that by Runner subclasses has been added. There are two things to watch out for, either of which may require some additional changes. There is some small potential to duplicate messages in various queues, if say 'mailmanctl' were improperly started more than once by a site admin. This usually won't happen unless an admin is overly eager with the mailmanctl -s switch, so we can chalk this one up to operator error. I'm not sure what more we can do about that. There's also a possibility that if we're processing a message that continually causes the Python interpreter to crash, we could end up duplicating messages endlessly. This is especially troublesome for the Outgoing runner which could conceivably cause a mail flood. I consider this the more critical issue to defend against, probably by adding a numbering scheme to the .bak file names and refusing to restore a .bak file more than say 3 times without human intervention.
* Committed messages mailman.po and a stack of added and updated templates for ↵clytie2006-07-2146-3720/+3394
| | | | | Dutch. Clytie Siddall <clytie@riverland.net.au>
* - Switchboard.py - Closed very tiny holes at the upper ends of queuemsapiro2006-07-092-5/+17
| | | | | slices that could result in unprocessable queue entries. Improved FIFO processing when two queue entries have the same timestamp.
* - Decorate.py Fixed bug 1507248 by ignoring header/footer charactersmsapiro2006-06-233-4/+25
| | | | | | | | outside the character set of the list's language. - Utils.py Fixed a security hole which allowed a crafted URI to inject bogus apparent messages into the error log, possibly inducing an admin to visit a phishing site.
* 2006-04-27 Clytie Siddall <clytie@riverland.net.au>clytie2006-04-271-0/+1
| | | | | | * Defaults.py.in: Added Vietnamese to add_languages.
* 2006-04-23 Added and committed all the Vietnamese translated template files ↵clytie2006-04-2344-0/+1037
| | | | | | | from the stable version. Clytie Siddall <clytie@riverland.net.au>
* 2006-04-23 Clytie Siddall <clytie@riverland.net.au>clytie2006-04-231-0/+11607
| | | | | | * mailman.po: Added Vietnamese translation.
* 2006-04-23 Added further units of the paths for Vietnamese translation files.clytie2006-04-230-0/+0
| | | Clytie Siddall <clytie@riverland.net.au>
* 2006-04-23 Added vi directory in /messages.clytie2006-04-230-0/+0
| | | Clytie Siddall <clytie@riverland.net.au>
* Bump version to 2.1.8 final.tkikuchi2006-04-156-31/+21
|
* Bumping 2.1.8rc1.tkikuchi2006-04-066-15/+20
|
* Fix XSS bug: Thanks Moritz Naumann. (CVE-2006-1512)tkikuchi2006-04-041-2/+3
|
* Recognize more bounces - DSN.py, Qmail.py and SimpleMatch.pymsapiro2006-04-047-4/+497
|
* file simple_16.txt was added on branch Release_2_1-maint on 2006-04-04 ↵msapiro2006-04-041-78/+0
| | | | 23:23:17 +0000
* file qmail_03.txt was added on branch Release_2_1-maint on 2006-04-04 ↵msapiro2006-04-041-245/+0
| | | | 23:23:17 +0000
* file dsn_14.txt was added on branch Release_2_1-maint on 2006-04-04 23:23:17 ↵msapiro2006-04-041-149/+0
| | | | +0000
* This commit was manufactured by cvs2svn to create branch2006-04-044-0/+505
| | | 'Release_2_1-maint'.
* Added bounce tests. Updated bounce recognizers to pick up a few more.msapiro2006-03-245-0/+833
|
* Added bounce tests. Updated bounce recognizers to pick up a few more.msapiro2006-03-243-1/+27
|
* Bump version number to 2.1.8b1.tkikuchi2006-03-236-15/+15
|
* SF Bug ID 1453049 from Clytie. Only easiest fixes are done because we shouldtkikuchi2006-03-2334-17181/+17312
| | | | | care all the .po files in language directories. More fixes should be done in mailman-2.2.
* Added missing import of Errors module.msapiro2006-03-201-0/+1
|
* Fixed long standing bug (1275856) - get_domain() returned DEFAULT_EMAIL_HOSTmsapiro2006-03-181-2/+3
| | | | instead of DEFAULT_URL_HOST if VIRTUAL_HOST_OVERVIEW was off.