aboutsummaryrefslogtreecommitdiffstats
path: root/Mailman (follow)
Commit message (Collapse)AuthorAgeFilesLines
* - bin/unshuntmsapiro2006-07-222-12/+40
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Queue/Runner.py - Queue/Switchboard.py Backported the gfiles backup changes from the trunk. The following comments are from the trunk checkin. Note that the test cases are not added. Added robustness to Switchboards and Runners so that if a runner crashes uncleanly (e.g. segfaults the Python interpreter), messages being processed will not be lost. The vulnerability, ideas, and patches are credited to Richard Barrett and Mark Sapiro. Their original work was modified by Barry for this commit and any bugs are his fault. The basic idea is that instead of unlinking a .pck file in dequeue(), the file is renamed to a .bak file. The Switchboard grows a finish() method which then unlinks the .bak file. That class's constructor also grows a 'restore' argument (defaulting to false), which when true moves all .bak files it finds in its hash space to .pck, thereby restoring a file lost while "in flight". This relies on the fact that even with multiple qrunners, exactly one process will be responsible for one hash space slice, so it's never possible (under normal operation) for a .bak file to be renamed to .pck by some other process. Test cases for both the new Switchboard behavior and the use of that by Runner subclasses has been added. There are two things to watch out for, either of which may require some additional changes. There is some small potential to duplicate messages in various queues, if say 'mailmanctl' were improperly started more than once by a site admin. This usually won't happen unless an admin is overly eager with the mailmanctl -s switch, so we can chalk this one up to operator error. I'm not sure what more we can do about that. There's also a possibility that if we're processing a message that continually causes the Python interpreter to crash, we could end up duplicating messages endlessly. This is especially troublesome for the Outgoing runner which could conceivably cause a mail flood. I consider this the more critical issue to defend against, probably by adding a numbering scheme to the .bak file names and refusing to restore a .bak file more than say 3 times without human intervention.
* - Switchboard.py - Closed very tiny holes at the upper ends of queuemsapiro2006-07-091-5/+13
| | | | | slices that could result in unprocessable queue entries. Improved FIFO processing when two queue entries have the same timestamp.
* - Decorate.py Fixed bug 1507248 by ignoring header/footer charactersmsapiro2006-06-232-4/+10
| | | | | | | | outside the character set of the list's language. - Utils.py Fixed a security hole which allowed a crafted URI to inject bogus apparent messages into the error log, possibly inducing an admin to visit a phishing site.
* 2006-04-27 Clytie Siddall <clytie@riverland.net.au>clytie2006-04-271-0/+1
| | | | | | * Defaults.py.in: Added Vietnamese to add_languages.
* Bump version to 2.1.8 final.tkikuchi2006-04-151-3/+3
|
* Bumping 2.1.8rc1.tkikuchi2006-04-061-2/+2
|
* Fix XSS bug: Thanks Moritz Naumann. (CVE-2006-1512)tkikuchi2006-04-041-2/+3
|
* Recognize more bounces - DSN.py, Qmail.py and SimpleMatch.pymsapiro2006-04-043-4/+20
|
* Added bounce tests. Updated bounce recognizers to pick up a few more.msapiro2006-03-242-1/+21
|
* Bump version number to 2.1.8b1.tkikuchi2006-03-231-2/+2
|
* SF Bug ID 1453049 from Clytie. Only easiest fixes are done because we shouldtkikuchi2006-03-232-3/+3
| | | | | care all the .po files in language directories. More fixes should be done in mailman-2.2.
* Added missing import of Errors module.msapiro2006-03-201-0/+1
|
* Fixed VERP_CONFIRM_REGEXP to accommodate 'broken' MUAs that add themsapiro2006-03-181-2/+6
| | | | local_part of the From: address as a 'real name' in the To: header when replying.
* Improved fix for bug 1275856 to return host part of DEFAULT_URL if any frommsapiro2006-03-181-7/+5
| | | | get_domain() if VIRTUAL_HOST_OVERVIEW off.
* Fixed long standing bug (1275856) - get_domain() returned DEFAULT_EMAIL_HOSTmsapiro2006-03-121-3/+8
| | | | instead of DEFAULT_URL_HOST is VIRTUAL_HOST_OVERVIEW was off.
* Fixed long standing error - subscribe log 'new' entry reversed name and email.msapiro2006-03-121-1/+1
|
* Bumping version number to 2.1.8a1tkikuchi2006-03-101-3/+3
|
* Add test in BounceRunner for non-fatal, VERPed bounce. Bug 1421285.msapiro2006-03-091-1/+5
|
* Changed email package to 2.5.7. Backed out workaround set_payload() methodmsapiro2006-03-061-12/+1
| | | | from Message.py
* Updated SimpleWarning to return Stop. Updated SimpleMatch to catch a few moremsapiro2006-03-062-3/+17
| | | | Added some more test cases.
* Added some more bounce recognition to SimpleMatch and changed the logicmsapiro2006-03-031-12/+28
| | | | | | | so one all pattern sets are tried until a match is found so one start pattern whose address doesn't match won't preempt a later patern set that will match. Added more test cases.
* Changed BouncerAPI.py to return Stop from a Bouncer and changedmsapiro2006-03-014-16/+27
| | | | | | BounceRunner.py to discard the bounce when Stop returned. Changed DSN.py to recognize Action: headers with comments. Changed Qmail.py to recognize an observed different starting string.
* Improved fix for bug 1433673. When time.strptime returns tm_isdst = -1, usemsapiro2006-02-231-0/+4
| | | | time.localtime(time.mktime()) to try again.
* Fixed bug 1435722 by encoding the i18n subject in the character set of themsapiro2006-02-221-3/+5
| | | | | translation rather that that of the list language. (The subscribers language may be different.)
* Fixed bug 1433673 by fixing ctime() to not use time.tzname[1] when tm_isdst ↵msapiro2006-02-191-4/+7
| | | | is -1.
* Fixed bug 1430236 by catching TypeError when trying to get a decoded payloadmsapiro2006-02-191-1/+6
| | | | when payload is None.
* ch_oneline(): Input string variable is overwritten. Also use listtkikuchi2006-02-171-8/+4
| | | | comprehension where appropriate.
* Fixed 'undeliverable to' pattern. It can have multiple spaces 'undeliverable ↵msapiro2006-02-051-1/+1
| | | | to'.
* Set umask for creation of bounce-events queue file.msapiro2006-02-051-3/+8
|
* variable name: it is not a floating number. (time tuple)tkikuchi2006-02-031-2/+2
|
* add OverflowError in exceptions. (CVE-2005-4153 related but not DoS)tkikuchi2006-02-031-1/+1
|
* Added bounces from yahoo.com on behalf of other domains like sbcglobal.net.msapiro2006-02-021-0/+4
|
* Back out Revision 2.18.2.19 patch for email.Message.set_payload() bugtkikuchi2006-01-296-53/+15
| | | | because it is overwrapped in Mailman.Message.
* Wrapping set_payload() to encode contents into qp/base64 upon setting.tkikuchi2006-01-291-0/+11
| | | | | | This incorporates Python email patch: http://sourceforge.net/tracker/?func=detail&aid=1409455&group_id=5470&atid=105470 and eventually be backed out if email package is updated.
* Prevent loop in hold/reject if addressed to '-owner'.tkikuchi2006-01-291-9/+10
|
* Added another observed prefix 'unknown user:'msapiro2006-01-251-2/+4
|
* Added Microsoft SMTPSVC. 'Improved' pattern for prodigy.net.msapiro2006-01-231-1/+5
|
* Moving deletion of Domainkey-Signature: and DKIM-Signature: headers to amsapiro2006-01-153-11/+37
| | | | new handler to be included in both GLOBAL_PIPELINE and OWNER_PIPELINE.
* Copyright years.bwarsaw2006-01-141-2/+3
|
* Fix: [ 1194419 ] Lose Topics when go directly to topics URLtkikuchi2006-01-141-0/+3
|
* SpamDetect.py: Fix loop. As a side effect, spam message may pass thetkikuchi2006-01-141-13/+15
| | | | filter if X-List-Administrivia header is forged.
* Add 'full mailbox' from Prodigy.netmsapiro2006-01-091-2/+7
|
* Text file '@' obfuscation bug (unicode) fix. Thanks Mark.tkikuchi2006-01-091-3/+8
|
* Bug fix: import re module.tkikuchi2006-01-091-1/+2
|
* process(): Fix a comment.bwarsaw2006-01-011-4/+3
|
* Bumping version to 2.1.7 final.tkikuchi2005-12-311-2/+2
|
* Don't use 'X-List-Administrivia', second part.tkikuchi2005-12-311-1/+1
|
* On my second thought, I use msgdata for internally crafted message checking.tkikuchi2005-12-311-4/+2
| | | | | The keyword 'reduced_list_headers' is taken from CookHeaders.py and looks like it is, reviewing Message.py.
* Back out Revison 2.3.2.4 change. Check outermost message headertkikuchi2005-12-311-6/+6
| | | | even if it has X-List-Administrivia header ( mostly -owner notification ).
* A cleansing pass, almost entirely cosmetic. Such things as whitespacebwarsaw2005-12-3029-122/+140
| | | | | | | | | | | | | normalization, removal of tabs, copyright year updates to changed files, docstring and comment fixes, and usage of True/False. I also made a pass through the NEWS file. One import was reordered, and after this commit I will move the mmdsr.readme file to README.mmdsr. From my perspective, after that we're ready to go. I will port these changes forward to the trunk.
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-29 05:02:10 +0000