aboutsummaryrefslogtreecommitdiffstats
path: root/Mailman (unfollow)
Commit message (Collapse)AuthorFilesLines
2007-11-04Added removal of Authentication-Results: header.Mark Sapiro1-4/+4
2007-11-04Changed the descriptions of the ARCHIVE_TO_MBOX settings to moreMark Sapiro1-5/+7
accurately represent their current meaning.
2007-10-18MailList.Create() - added an assertion that the listname is lower case.Mark Sapiro1-0/+1
2007-10-04MimeDel.py neglected to lower case file extensions for comparison withMark Sapiro1-1/+1
lower cased *_filename_extensions. Fixed.
2007-10-04In rare cases, versions.py can encounter a very old list with held posts inMark Sapiro1-1/+1
its requests dictionary. It then tries to create a Message.OutgoingMessage object from the message text, but that class no longer exists. Fixed by using email.message_from_string() instead.
2007-10-04/cygdrive/c/MM_bzr/log.txtMark Sapiro1-1/+1
2007-10-04/cygdrive/c/MM_bzr/log.txtMark Sapiro1-4/+16
2007-10-04/cygdrive/c/MM_bzr/log.txtMark Sapiro1-1/+2
2007-07-17Detect 'who' with 1 or 2 arguments as administrivia.Mark Sapiro1-2/+2
2007-06-29There is a bug in email 2.5.8 and possibly others, but not in 4.0.1 orMark Sapiro1-1/+9
4.0.2 that causes email.Utils.getaddresses() to return a spurious (name, address) tuple if the supplied argument is multi-line. The actual bug is in email.Utils.parseaddr(), but the manifestation in Message.py is in the use of getaddresses() in get_sender() and get_senders(). This fix works around the bug by passing the header field values through Mailman.Utils.oneline().
2007-06-22Scrubber.py - Cleaned up a few loose ends and incomplete things left after theMark Sapiro2-21/+26
previous commit. - Normalized a couple more 'URL:'. - Improved handling of None payloads. - Cleaned up a few charset coercions. OutgoingRunner.py - Made probe bounce processing and queuing of bounces conditional on having some permanent failure(s).
2007-06-15Scrubber.py - If a malformed message has Content-Type: with amsapiro1-4/+7
charset="quoted-printable" parameter, quopri_encode can be called at t = t.encode(charset, 'replace') which throws an AssertionError. See log message for r. 8213. Caught this. - Malformed RFC 2047 encoded filename= parameter can have a null byte or other garbage in the extension. Cleaned this. - A message with a message/delivery-status part returns None for the part's payload. Checked for a payload before attempting unicode/encode.
2007-06-12admindb.py - Changed to not show the "Discard all messages marked Defer" ↵msapiro1-2/+5
checkbox when there are only (un)subscribes and no held messages. - Added a separator and heading for "Held Messages" like the ones for "Subscribe Requests" and "Unsubscribe Requests".
2007-06-09Improved processing of an Approve(d): body line by decoding the body payloadmsapiro1-6/+22
before looking for/deleting the Approve(d): line.
2007-05-09base64 codec raises 'AssertionError'. This should not occur in normal casetkikuchi1-1/+1
but it looks like thare is a buggy MUA or spammer who declairs like so: Content-Type: text/plain; charset=base64 :-(
2007-05-08- CGI/admin.pymsapiro10-54/+135
The email address which forms a part of the various CGI data keys in the admin membership list is now urllib.quote()ed. This allows changing options for and unsubbing an address which contains a double-quote character. - CGI/admindb.py Added additional test to not display "Database Updated ..." when coming from the login page. - CGI/roster.py, HTMLFormatter.py Changed to show hidden members when authorization is site or list's admin or moterator password. Patch 1587651. - Defaults.py.in, Handlers/Cleanse_DKIM.py Added a new REMOVE_DKIM_HEADERS Defaults.py/mm_cfg.py setting (default = No) to control removing dkim/domainkey signatures from posts and mail to -owner. - Handlers/Decorate.py, Handlers/Scrubber.py Changed to preserve format=flowed and delsp=yes in the Content-Type: of the body when adding header/footer and when scrubbing attachments and to remove trailing spaces from the header/footer lines so they won't be flowed. Bug 1495122. Fixed a scrubber issue where the i18n translated 'next part' separator can be garbled if the list charset is different from the message. - Queue/Runner.py. Queue/Switchboard.py Now that we have .bak queue entries for recovery, it is no longer the case that an unparseable message is lost. In this case, and in case of other exceptions when dequeueing, I added a preservation feature to move the .bak file to qfiles/shunt as a .psv file and write an appropriate log entry. It is also possible for an attempt to shunt a message to fail. One example that occurred in practice (bug 1656289) was caused by a huge message that threw a MemoryError in processing and then threw another MemoryError in the attempt to pickle the message for the shunt queue. In this case as well, I log and attempt to preserve the original queue entry by renaming.
2007-05-04Fix comment typo (also, test my commit privileges)akuchling1-1/+1
2007-03-20- Fixed a bug in OldStyleMemberships.addNewMember that allowed adding an addressmsapiro1-3/+11
with upper case in the domain if the local part was all lower case. - Changed the semantics of OldStyleMemberships.changeMemberAddress os that in the case of a straightforward address change, i.e. nodelete = 0, delivery status and time are preserved if BYUSER or BYADMIN.
2007-02-07- Changed cmd_who.py to show hidden members when authorization is by list ↵msapiro1-18/+37
admin or moderator password. - Changed cmd_who.py public roster syntax to accept optional list admin or moderator password.
2007-01-20Changed header_filter_rules processing to ignore blank patterns.msapiro1-1/+4
2007-01-07Fixed documentation for POSTFIX_STYLE_VIRTUAL_DOMAINS to clarify that themsapiro1-7/+8
empty list is the appropriate value if Postfix virtual domains aren't used.
2006-11-17Delete the .bak file from the queue for an unparseable message.msapiro1-0/+1
2006-10-11Fixed admin.py so null VARHELP category is handled (1573393).msapiro1-4/+5
2006-09-21Removed the "Discard all messages marked Defer" checkbox from themsapiro1-2/+2
details=all page.
2006-09-13Set things up for 2.1.10a0bwarsaw1-3/+3
2006-09-13Tag as 2.1.9 (final). Also, remove version.ht* since it's redundant.bwarsaw1-3/+3
2006-09-02Update web pages and version numbers for 2.1.9rc1.bwarsaw1-3/+3
2006-09-01A much improved release script, which now knows about Subversion (though isn'tbwarsaw10-12/+0
yet ready to work from the trunk). Also, get rid of all the obsolete .cvsignore directories, they're no longer needed. Almost ready for 2.1.9rc1!
2006-08-30CVE-2006-3636. Fixes for various cross-site scripting issues. Discovery bybwarsaw9-32/+60
Moritz Naumann and most of the repair work done by Mark Sapiro (with some additional work by Barry).
2006-08-07Update copyright years.bwarsaw1-1/+1
2006-08-07Bump version number to 2.1.9a0bwarsaw1-4/+5
2006-08-04Language files update. New languages: Arabic, Vietnamese.tkikuchi1-1/+2
2006-07-30Back port Python 2.5 compatibility changes to Mailman 2.1. Specifically,bwarsaw3-15/+25
- In SecurityManager.py, fix the parsecookie() code to work with Python 2.5 generated cookie text. The latter was changed to be more RFC compliant so it does not output trailing semicolons for each line of cookie text. This broke the splitting rules, so now first split on newlines, then on ';\s*'. This should work across all Python versions. - In Python 2.5, exceptions are new-style, and thus are no longer of ClassType. The instantiation type test in hold_for_approval() was too naive. This one is fixed differently here than in the MM trunk because in Python 2.1, 'type' isn't a type, it's a function and so can't be used as the second argument to isinstance() directly. - Raising strings generates deprecation warnings in Python 2.5. Switch the one weird use of this in Utils.py to use a class exception. Don't call it "quick exit" though because it's probably not.
2006-07-24SendSubscribeAck() - Removed test of self.send_welcome_message.msapiro1-3/+1
The caller may want to override the list setting.
2006-07-23- Switchboard.py Changed "while key in times.keys():" tomsapiro1-1/+1
"while times.has_key(key):" for execution efficiency while maintaining Python 2.1 compatibility.
2006-07-22- Switchboard.py Added missing newline at EOF.msapiro1-1/+1
2006-07-22- bin/unshuntmsapiro2-12/+40
- Queue/Runner.py - Queue/Switchboard.py Backported the gfiles backup changes from the trunk. The following comments are from the trunk checkin. Note that the test cases are not added. Added robustness to Switchboards and Runners so that if a runner crashes uncleanly (e.g. segfaults the Python interpreter), messages being processed will not be lost. The vulnerability, ideas, and patches are credited to Richard Barrett and Mark Sapiro. Their original work was modified by Barry for this commit and any bugs are his fault. The basic idea is that instead of unlinking a .pck file in dequeue(), the file is renamed to a .bak file. The Switchboard grows a finish() method which then unlinks the .bak file. That class's constructor also grows a 'restore' argument (defaulting to false), which when true moves all .bak files it finds in its hash space to .pck, thereby restoring a file lost while "in flight". This relies on the fact that even with multiple qrunners, exactly one process will be responsible for one hash space slice, so it's never possible (under normal operation) for a .bak file to be renamed to .pck by some other process. Test cases for both the new Switchboard behavior and the use of that by Runner subclasses has been added. There are two things to watch out for, either of which may require some additional changes. There is some small potential to duplicate messages in various queues, if say 'mailmanctl' were improperly started more than once by a site admin. This usually won't happen unless an admin is overly eager with the mailmanctl -s switch, so we can chalk this one up to operator error. I'm not sure what more we can do about that. There's also a possibility that if we're processing a message that continually causes the Python interpreter to crash, we could end up duplicating messages endlessly. This is especially troublesome for the Outgoing runner which could conceivably cause a mail flood. I consider this the more critical issue to defend against, probably by adding a numbering scheme to the .bak file names and refusing to restore a .bak file more than say 3 times without human intervention.
2006-07-09 - Switchboard.py - Closed very tiny holes at the upper ends of queuemsapiro1-5/+13
slices that could result in unprocessable queue entries. Improved FIFO processing when two queue entries have the same timestamp.
2006-06-23- Decorate.py Fixed bug 1507248 by ignoring header/footer charactersmsapiro2-4/+10
outside the character set of the list's language. - Utils.py Fixed a security hole which allowed a crafted URI to inject bogus apparent messages into the error log, possibly inducing an admin to visit a phishing site.
2006-04-272006-04-27 Clytie Siddall <clytie@riverland.net.au>clytie1-0/+1
* Defaults.py.in: Added Vietnamese to add_languages.
2006-04-15Bump version to 2.1.8 final.tkikuchi1-3/+3
2006-04-06Bumping 2.1.8rc1.tkikuchi1-2/+2
2006-04-04Fix XSS bug: Thanks Moritz Naumann. (CVE-2006-1512)tkikuchi1-2/+3
2006-04-04Recognize more bounces - DSN.py, Qmail.py and SimpleMatch.pymsapiro3-4/+20
2006-03-24Added bounce tests. Updated bounce recognizers to pick up a few more.msapiro2-1/+21
2006-03-23Bump version number to 2.1.8b1.tkikuchi1-2/+2
2006-03-23SF Bug ID 1453049 from Clytie. Only easiest fixes are done because we shouldtkikuchi2-3/+3
care all the .po files in language directories. More fixes should be done in mailman-2.2.
2006-03-20Added missing import of Errors module.msapiro1-0/+1
2006-03-18Fixed VERP_CONFIRM_REGEXP to accommodate 'broken' MUAs that add themsapiro1-2/+6
local_part of the From: address as a 'real name' in the To: header when replying.
2006-03-18Improved fix for bug 1275856 to return host part of DEFAULT_URL if any frommsapiro1-7/+5
get_domain() if VIRTUAL_HOST_OVERVIEW off.