Mailman - The GNU Mailing List Management System Copyright (C) 1998-2008 by the Free Software Foundation, Inc. 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA Here is a history of user visible changes to Mailman. 2.1.11 (30-Jun-2008) New Features - Added a new cron/cull_bad_shunt script to cull and optionally archive old entries from the bad and shunt queues. This is controlled by new Defaults.py/mm_cfg.py settings BAD_SHUNT_STALE_AFTER (default 7 days) and BAD_SHUNT_ARCHIVE_DIRECTORY (default None) which determine how long to keep bad and shunt queue entries and optionally, where to archive removed entries. - Prepended list name to bounce log unrecognized bounce messages. - Added a new Defaults.py|mm_cfg.py setting ACCEPTABLE_LISTNAME_CHARACTERS with default value '[-+_.=a-z0-9]'. This Python regular expression character class specifies the characters allowed in list names. The motivation for this is the fact that previously, a list named, e.g., xxx&yyy could be created and MTA aliases generated that would cause The MTA to execute yyy as a command. There is a possible security issue here, but it is not believed to be exploitable in any meaningful way. Bug fixes and other patches - Changed the preservation of unparseable messages to be conditional on the Defaults.py/mm_cfg.py setting of QRUNNER_SAVE_BAD_MESSAGES and changed the queue directory in which messages are preserved from 'shunt' to 'bad'. - Fixed a bug introduced in 2.1.10 that caused some email subscribe requests to be shunted (1966837). - Fixed a problem with bin/update erroneously moving templates from templates/xx to lists/xx if a list has the same name as a language code. Also fixed the absolute path to lists/ (1418670 ). - Changed Utils.ValidateEmail to not allow specials (particularly ':') in unquoted local parts (1956393). - Changed bin/update to remove .bak files erroneously left behind in qfiles/*/ by a 2.1.9 bug. - Added 's' to %(listname) in templates/ia/admlogin.html and templates/sl/help.txt (1682990). - Use newer template variable for site-owner address in templates/ko/newlist.txt and templates/ru/newlist.txt (1578766). - Corrections to Spanish translation submitted by Wikimedia Foundation (1433262) and Debian. - Corrections to German translation submitted by Ralf Doeblitz (916196). - Correction to French translation submitted by Maxime Carron (1588617). - Correction to Portuguese translation submitted by Gabriel P. Silva (1733057). - Add #! line to fblast.py test script (1578740). - Fixed unescaped '%' in templates/nl/newlist.txt (1719017). - Changed non-ascii characters in some templates/*/*.html files to HTML entities. - Fixed a problem in Decorate.py that could result in a multipart message with no part headers for the original body part (1991348). - Improved recognition of some bounce messages. - Rearranged calls to the list setBounceInfo() method in Bouncer.py to accommodate MemberAdaptors that store bounce info outside the list instance. - Fixed CookHeaders.py which in some cases with new style prefixing would insert an extra space between the prefix and the subject. - Changed OldStyleMemberships.py to remove the member from one_last_digest when changing from regular to digest delivery to avoid the possibility of a duplicate digest in some circumstances. - Patched Danish message catalog for proper use of HTML entities per Jonas Smedegaard (1999966). - Improved bounce loop detection and handling in BounceRunner.py. - Merged the Catalan i18n from the Mailman Catalan Translation Team. - German translation updated by Peer Heinlein. - Added check for gateway_to_news before holding for ModeratedNewsgroup. - At some point, cron/senddigests and bin/update were inadvertently 'preconfigured'. This has been fixed. - Brazilian Portuguese translation updated by Diego Francisco de Gastal Morales. - Added 'listname' to the replacements for the archidxfoot.html template. Miscellaneous - Brad Knowles' mailman daily status report script updated to 0.0.18. 2.1.10 (21-Apr-2008) Security - The 2.1.9 fixes for CVE-2006-3636 were not complete. In particular, some potential cross-site scripting attacks were not detected in editing templates and updating the list's info attribute via the web admin interface. This has been assigned CVE-2008-0564 and has been fixed. Thanks again to Moritz Naumann for assistance with this. - There is a new mm_cfg.py/Defaults.py variable OWNERS_CAN_CHANGE_MEMBER_PASSWORDS which controls whether the list owner can change a member's password from the member's options page. This defaults to No and should be changed to Yes only if list owners are trusted to not change a member's password, log in as the member and make global membership changes. New Features - Changed cmd_who.py to list all members if authorization is with the list's admin or moderator password and to accept the password if the roster is public. Also changed the web roster to show hidden members when authorization is by site or list's admin or moderator password (1587651). - Added the ability to put a list name in accept_these_nonmembers to accept posts from members of that list (1220144). - Added a new 'sibling list' feature to exclude members of another list from receiving a post from this list if the other list is in the To: or Cc: of the post or to include members of the other list if that list is not in the To: or Cc: of the post (Patch ID 1347962). - Added the admin_member_chunksize attribute to the admin General Options interface (Bug 1072002, Partial RFE 782436). Internationalization - Added the Hebrew translation from Dov Zamir. This includes addition of a direction ('ltr', 'rtl') to the LC_DESCRIPTIONS table. The add_language() function defaults direction to 'ltr' to not break existing mm_cfg.py files. - Added the Slovak translation from Martin Matuska. - Added the Galician translation from Frco. Javier Rial Rodríguez. Bug fixes and other patches - Added bounce recognition for several additional bounce formats. - Fixed CommandRunner.py to decode a quoted-printable or base64 encoded message part (1829061). - Fixed Scrubber.py to avoid loss of an implicit text/plain message part with no Content-* headers in a MIME multipart message (759841). Fixed several other minor scrubber issues (1242450). - Added Date and Message-ID headers to the confirm reply message that Mailman adds to the admin notification (1471318). - Fixed Cgi/options.py to not present the "empty" topic to user. - Fixed Handlers/CalcRecips.py to not process topics if topics are disabled for the list. This caused users who had previously subscribed to topics and elected to not receive non-matching posts to receive no messages after topics were disabled for the list. - Fixed MaildirRunner.py to handle hyphenated list names. - Fixed a bug in MimeDel.py (content filtering) which caused *_filename_extensions to not match if the extension in the message was not all lower case. - Fixed versions.py to not call a non-existant method when converting held posts from Mailman 1.0.x lists. - Added a test to configure to detect a missing python-devel package on some RedHat systems. - Fixed bin/dumpdb to once again be able to dump marshals (broken since 2.1.5) (963137). - Worked around a bug in the Python email library that could cause Mailman to not get the correct value for the sender of a message from an RFC 2231 encoded header causing spurious held messages. - Fixed bin/check_perms to detect certain missing permissions on the archives/private/ and archives/private//database/ directories. - Improved exception handling in cron/senddigests. - Changed the admindb page to not show the "Discard all messages marked Defer" checkbox when there are only (un)subscribes and no held messages. Also added a separator and heading for "Held Messages" like the ones for "Subscribe Requests" and "Unsubscribe Requests". Suppressed the "Database Updated" message when coming from the login page. Also removed the "Discard all messages marked Defer" checkbox from the details page where it didn't work (1562922, 1000699). - Fixed admin.py so null VARHELP category is handled (1573393). - Fixed OldStyleMemberships.py to preserve delivery statuses BYADMIN and BYUSER on a straight change of address (1642388). Also fixed a bug that could result in a member key with uppercase in the domain. - Fixed bin/withlist so that -r can take a full package path to a callable. - Removal of DomainKey/DKIM signatures is now controlled by Defaults.py mm_cfg.py variable REMOVE_DKIM_HEADERS (default = No). Also, if REMOVE_DKIM_HEADERS = Yes, an Authentication-Results: header will be removed if present. - The DeprecationWarning issued by Python 2.5 regarding string exceptions is supressed. - format=flowed and delsp=yes are now preserved for message bodies when message headers/footers are added and attachments are scrubbed (1495122). - Queue runner processing is improved to log and preserve for analysis in the shunt queue certain bad queue entries that were previously logged but lost. Also, entries are preserved when an attempt to shunt throws an exception (1656289). - The admin Membership List pages have been changed in that the email address which forms a part of the various CGI data keys is now urllib.quote()ed. This allows changing options for and unsubbing an address which contains a double-quote character, but it may require changes to scripts that screen-scrape the web admin interface to produce a membership list so they will report an unquoted address. - The fix for bug 1181161 in 2.1.7 was incomplete. The Approve(d): line wasn't always found in quoted-printable encoded parts and was never found in base64 encoded parts. This is now fixed. - Fixed a mail loop if a list owner puts the list's -bounces or -admin address in the list's owner attribute (1834569). - Fixed the mailto: link in archived messages to prefix the subject with Re: and to put the correct message-id in In-Reply-To (1621278, 1834281). - Coerced list name arguments to lower case in the change_pw, inject, list_admins and list_owners command line tools (patch 1842412). - Fixed cron/disabled to test if bounce info is stale before disabling a member when the threshold has been reduced. - It wasn't noted here, but in 2.1.9, queue runner processing was made more robust by making backups of queue entries when they were dequeued so they could be recovered in the event of a system failure. This opened the possibility that if a message itself caused a runner to crash, a loop could result that would endlessly reprocess the message. This has now been fixed by adding a dequeue count to the entry and moving the entry aside and logging the fact after the third dequeue of the same entry. - Fixed the command line scripts add_members, sync_members and clone_member to properly handle banned addresses (1904737). - Fixed bin/newlist to add the list's preferred language to the list's available_languages if it is other than the server's default language (1906368). - Changed the first URL in the RFC 2369 List-Unsubscribe: header to go to the options login page instead of the listinfo page. - Changed the options login page to not issue the "No address given" error when coming from the List-Unsubscribe and other direct links. Also changed to remember the user's language selection when redisplaying the page following an error. - Changed cmd_subscribe.py to properly accept (no)digest without a password and to recognize (no)digest and address= case insensitively. - Fixed a problem where GuiBase._getValidValue() would truncate a floating point Number type to an int if the value was a float instead of a numeric string. This affected setting floating point values with config_list. Miscellaneous - Brad Knowles' mailman daily status report script updated to 0.0.17. - An updated mm-handler (mm-handler-2.1.10) that can help reduce backscatter has been added to the contrib directory. 2.1.9 (12-Sep-2006) Security - A malicious user could visit a specially crafted URI and inject an apparent log message into Mailman's error log which might induce an unsuspecting administrator to visit a phishing site. This has been blocked. Thanks to Moritz Naumann for its discovery. - Fixed denial of service attack which can be caused by some standards-breaking RFC 2231 formatted headers. CVE-2006-2941. - Several cross-site scripting issues have been fixed. Thanks to Moritz Naumann for their discovery. CVE-2006-3636 - Fixed an unexploitable format string vulnerability. Discovery and fix by Karl Chen. Analysis of non-exploitability by Martin 'Joey' Schulze. Also thanks go to Lionel Elie Mamane. CVE-2006-2191. Internationalization - New languages: Arabic, Vietnamese. Bug fixes and other patches - Fixed Decorate.py so that characters in message header/footer which are not in the character set of the list's language are ignored rather than causing shunted messages (1507248). - Switchboard.py - Closed very tiny holes at the upper ends of queue slices that could result in unprocessable queue entries. Improved FIFO processing when two queue entries have the same timestamp. 2.1.8 (15-Apr-2006) Security - A cross-site scripting hole in the private archive script of 2.1.7 has been closed. Thanks to Moritz Naumann for its discovery. Bug fixes and other patches - Bouncers support added: 'unknown user', Microsoft SMTPSVC, Prodigy.net and several others. - Updated email library to 2.5.7 which will encode payload into qp/base64 upon setting. This enabled backing out the scrubber related patches including 'X-Mailman-Scrubbed' header in 2.1.7. - Fix SpamDetect.py potential hold/reject loop problem. - A warning message from email package to the stderr can cause error in Logging because stderr may be detached from the process during the qrunner run. We chose not to output errors to stderr but to the logs/error if the process is running under mailmanctl subprocess. - DKIM header cleansing was separated from Cleanse.py and added to -owner messages too. - Fixes: Lose Topics when go directly to topics URL (1194419). UnicodeError running bin/arch (1395683). edithtml.py missing import (1400128). Bad escape in cleanarch. Wrong timezone in list archive index pages (1433673). bin/arch fails with TypeError (1430236). Subscription fails with some Language combinations (1435722). Postfix delayed notification not recognized (863989). 2.1.7 (VERP) mistakes delay notice for bounce (1421285). show_qfiles: 'str' object has no attribute 'as_string' (1444447). Utils.get_domain() wrong if VIRTUAL_HOST_OVERVIEW off (1275856). Miscellaneous - Brad Knowles' mailman daily status report script updated to 0.0.16. 2.1.7 (31-Dec-2005) Security - The fix for CAN-2005-0202 has been enhanced to issue an appropriate message instead of just quietly dropping ./ and ../ from URLs. - A note on CVE-2005-3573: Although the RFC2231 bug example in the CVE has been solved in Mailman 2.1.6, there may be more cases where ToDigest.send_digests() can block regular delivery. We put the send_digests() calling part in a try/except clause and leave a message in the error log if something happened in send_digests(). Daily call of cron/senddigests will provide more detail to the site administrator. - List administrators can no longer change the user's option/subscription globally. Site admin can change these only if mm_cfg.ALLOW_SITE_ADMIN_COOKIES is set to Yes. -