From mailman-developers@python.org Fri Jul 13 21:15:20 2001 From: mailman-developers@python.org (Barry A. Warsaw) Date: Fri, 13 Jul 2001 16:15:20 -0400 Subject: [Mailman-Announce] [ANNOUNCE] Mailman 2.1 alpha 2 Message-ID: <15183.22232.119442.302021@anthem.wooz.org> This the official announcement for Mailman 2.1 alpha 2. Because it's an alpha, this announcement is only going out to the mailman-* mailing lists. I'll make two warnings: you probably should still not use this version for production systems (but TIA for any and all testing you do with it!), and I've already had a couple of bug fixes from early adopters. 2.1a2 should still be useful, but you might want to keep an eye on cvs and the mailman-checkins list for updates. I am only making the tarball available on SourceForge, so you'll need to go to http://sf.net/projects/mailman to grab it. You'll also need to upgrade to mimelib-0.4, so be sure to go to http://sf.net/projects/mimelib to grab and install that tarball first. To view the on-line documentation, see http://www.list.org/MM21/index.html or http://mailman.sf.net/MM21/index.html Below is an excerpt from the NEWS file for all the changes since 2.1alpha1. There are a bunch of new features coming down the pike, and I hope to have an alpha3 out soon. I'm also planning on doing much more stress testing of this version with real list traffic, and I'm hoping we'll start to get more languages integrated into cvs. Enjoy, -Barry -------------------- snip snip -------------------- 2.1 alpha 2 (11-Jul-2001) - Building o mimelib 0.4 is now required. Get it from http://mimelib.sf.net. If you've installed an earlier version of mimelib, you must upgrade. o /usr/local/mailman is now the default installation directory. Use configure's --prefix switch to change it back to the default (/home/mailman) or any other installation directory of your choice. - Security o Better definition of authentication domains. The following roles have been defined: user, list-admin, list-moderator, creator, site-admin. o There is now a separate role of "list moderator", which has access to the pending requests (admindb) page, but not the list configuration pages. o Subscription confirmations can now be performed via email or via URL. When a subscription is received, a unique (sha) confirm URL is generated in the confirmation message. Simply visiting this URL completes the subscription process. o In a similar manner, removal requests (via web or email command) no longer require the password. If the correct password is given, the removal is performed immediately. If no password is given, then a confirmation message is generated. - Internationalization o More I18N patches. The basic infrastructure should now be working correctly. Spanish templates and catalogs are included, and English, French, Hungarian, and Big5 templates are included. o Cascading specializations and internationalization of templates. Templates are now search for in the following order: list-specific location, domain-specific location, site-wide location, global defaults. Each search location is further qualified by the language being displayed. This means that you only need to change the templates that are different from the global defaults. Templates renamed: admlogin.txt => admlogin.html Templates added: private.html - Web UI o Redesigned the user options page. It now sits behind an authentication so user options cannot be viewed without the proper password. The other advantage is that the user's password need not be entered on the options page to unsubscribe or change option values. The login screen also provides for password mail-back, and unsubscription w/ confirmation. Other new features accessible from the user options page include: ability to change email address (with confirmation) both per-list and globally for all list on virtual domain; global membership password changing; global mail delivery disable/enable; ability to suppress password reminders both per-list and globally; logout button. [Note: the handle_opts cgi has gone away] o Color schemes for non-template based web pages can be defined via mm_cfg. o Redesign of the membership management page. The page is now split into three subcategories (Membership List, Mass Subscription, and Mass Removal). The Membership List subcategory now supports searching for member addresses by regular expression, and if necessary, it groups member addresses first alphabetically, and then by chunks. Mass Subscription and Mass Removal now support file upload, with one address per line. o Hyperlinks from the logos in the footers have been removed. The sponsors got too much "unsubscribe me!" spam from desperate user of Mailman at other sites. o New buttons on the digest admin page to send a digest immediately (if it's non-empty), to start a new digest volume with the next digest, and to select the interval with which to automatically start a new digest volume (yearly, monthly, quarterly, weekly, daily). DEFAULT_DIGEST_VOLUME_FREQUENCY is a new configuration variable, initially set to give a new digest volume monthly. o Through-the-web list creation and removal, using a separate site-wide authentication role called the "list creator and destroyer" or simply "list creator". If the configuration variable OWNERS_CAN_DELETE_THEIR_OWN_LISTS is set to 1 (by default, it's 0), then list admins can delete their own lists. This feature requires an adaptor for the particular MTA you're using. An adaptor for Postfix is included, as is a dumb adaptor that just emails mailman@yoursite with the necessary Sendmail style /etc/alias file changes. Some MTAs like Exim can be configured to automatically recognize new lists. The adaptor is selected via the MTA option in mm_cfg.py - Email UI o In email commands, "join" is a synonym for "subscribe". "remove" and "leave" are synonyms for "unsubscribe". New robot addresses are support to make subscribing and unsubscribing much easier: mylist-join@mysite mylist-leave@mysite o Confirmation messages have a shortened Subject: header, containing just the word "confirm" and the confirmation cookie. This should help for MUAs that like to wrap long Subject: lines, messing up confirmation. o Mailman now recognizes an Urgent: header, which, if it contains the list moderator or list administrator password, forces the message to be delivered immediately to all members (i.e. both regular and digest members). The message is also placed in the digest. If the password is incorrect, the message will be bounced back to the sender. - Performance o Refinements to the new qrunner subsystem which preserves FIFO order of messages. o The qrunner is no longer started from cron. It is started by a Un*x init-style script called bin/mailmanctl (see below). cron/qrunner has been removed. - Command line scripts o bin/mailmanctl script added, which is used to start, stop, and restart the qrunner daemon. o bin/qrunner script added which allows a single sub-qrunner to run once through its processing loop. o bin/change_pw script added (eases mass changing of list passwords). o bin/update grows a -f switch to force an update. o bin/newlang renamed to bin/addlang; bin/rmlang removed. o bin/mmsitepass has grown a -c option to set the list creator's password. The site-wide `create' web page is linked to from the admin overview page. o bin/newlist's -o option is removed. This script also grows a way of spelling the creation of a list in a specific virtual domain. o The `auto' script has been removed. o bin/dumpdb has grown -m/--marshal and -p/--pickle options. o bin/list_admins can be used to print the owners of a mailing list. o bin/genaliases regenerates from scratch the aliases and aliases.db file for the Postfix MTA. - Archiver o New archiver date clobbering option, which allows dates to only be clobber if they are outrageously out-of-date (default setting is 15 days on either side of received timestamp). New configuration variables: ARCHIVER_CLOBBER_DATE_POLICY ARCHIVER_ALLOWABLE_SANE_DATE_SKEW The archived copy of messages grows an X-List-Received-Date: header indicating the time the message was received by Mailman. o PRIVATE_ARCHIVE_URL configuration variable is removed (this can be calculated on the fly, and removing it actually makes site configuration easier). - Miscellaneous o Several new README's have been added. o Most syslog entries for the qrunner have been redirected to logs/error. o On SIGHUP, qrunner will re-open all its log files and restart all child processes. See "bin/mailmanctl restart". - Patches and bug fixes o SF patches and bug fixes applied: 420396, 424389, 227694, 426002, 401372 (partial), 401452. o Fixes in 2.0.5 ported forward: Fix a lock stagnation problem that can result when the user hits the `stop' button on their browser during a write operation that can take a long time (e.g. hitting the membership management admin page). o Fixes in 2.0.4 ported forward: Python 2.1 compatibility release. There were a few questionable constructs and uses of deprecated modules that caused annoying warnings when used with Python 2.1. This release quiets those warnings. o Fixes in 2.0.3 ported forward: Bug fix release. There was a small typo in 2.0.2 in ListAdmin.py for approving an already subscribed member (thanks Thomas!). Also, an update to the OpenWall security workaround (contrib/securelinux_fix.py) was included. Thanks to Marc Merlin. From mailman-developers@python.org Wed Jul 25 20:54:55 2001 From: mailman-developers@python.org (Barry A. Warsaw) Date: Wed, 25 Jul 2001 15:54:55 -0400 Subject: [Mailman-Announce] ANNOUNCE Mailman 2.0.6 Message-ID: <15199.9231.468022.571002@anthem.wooz.org> Folks, I've just released Mailman 2.0.6 which fixes a potential security problem in Mailman 2.0.x, and includes a few other minor bug fixes. It is possible, although unlikely, that you could have an empty site password, or an empty list password. Because of peculiarities in the Unix crypt() function, such empty passwords could allow unauthorized access to the list administrative pages with an arbitrary password string. This situation does not occur normally, but it is possible to create it by accident (e.g. by touch'ing data/adm.pw). This patch ensures that such empty passwords do not allow unauthorized access, by first checking to make sure that the salt is at least 2 characters in length. Alternatively, you can make sure that either data/adm.pw does not exist or that it is not empty. For the extra paranoid, you'd need to be sure that none of your lists have empty passwords, but that's an even more difficult situation to create by accident. This patch guards against both situations. Please note that Mailman 2.1alpha is not vulnerable to this problem because it does not use crypt(). A few other minor bugs have been fixed; see the NEWS excerpt below for details. As usual, I'm releasing this as both a complete tarball and as a patch against Mailman 2.0.5. You /must/ update your source to 2.0.5 before applying the 2.0.6 patch. Since the patch is small, I'm including it in this message. To apply, cd into your 2.0.5 source tree and apply it like so: % patch -p0 < mailman-2.0.5-2.0.6.txt Then run "config.status; make install". Currently both http://mailman.sf.net and http://www.list.org are updated, and I expect the gnu.org site to be updated soon as well. The release information on SF is at http://sourceforge.net/project/shownotes.php?release_id=45268 See also http://www.gnu.org/software/mailman http://www.list.org http://mailman.sf.net My thanks to Dave Helton, Ray Sanders, and Thomas Wouters for their help with this release. Enjoy, -Barry Index: NEWS =================================================================== RCS file: /cvsroot/mailman/mailman/NEWS,v retrieving revision 1.25.2.6 retrieving revision 1.25.2.9 diff -u -r1.25.2.6 -r1.25.2.9 --- NEWS 2001/05/03 21:06:56 1.25.2.6 +++ NEWS 2001/07/25 18:52:27 1.25.2.9 @@ -4,6 +4,34 @@ Here is a history of user visible changes to Mailman. +2.0.6 (25-Jul-2001) + + Security fix: + + - Fixed a potential security hole which could allow access to list + administrative features by unauthorized users. If there is an + empty data/adm.pw file (the site password file), then any + password will be accepted as the list administrative password. + This exploit is caused by a common "bug" in the crypt() function + suffered by several Unix distributions, including at least + GNU/Linux and Solaris. Given a salt string of length zero, + crypt() always returns the empty string. + + In lieu of applying this patch, sites can run bin/mmsitepass and + ensure that data/adm.pw is of length 2 or greater. + + Bug fixes: + + - Ensure that even if DEFAULT_URL is misconfigured in mm_cfg.py + (i.e. is missing a trailing slash), it is always fixed upon list + creation. + + - Check for administrivia holds before any other tests. + + - SF bugs fixed: 407666, 227694 + + - Other miscellaneous buglets fixed. + 2.0.5 (04-May-2001) Fix a lock stagnation problem that can result when the user hits Index: Mailman/MailList.py =================================================================== RCS file: /cvsroot/mailman/mailman/Mailman/MailList.py,v retrieving revision 1.189 retrieving revision 1.189.2.2 diff -u -r1.189 -r1.189.2.2 --- Mailman/MailList.py 2000/11/16 04:33:27 1.189 +++ Mailman/MailList.py 2001/05/29 14:45:27 1.189.2.2 @@ -1,4 +1,4 @@ -# Copyright (C) 1998,1999,2000 by the Free Software Foundation, Inc. +# Copyright (C) 1998,1999,2000,2001 by the Free Software Foundation, Inc. # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License @@ -712,7 +712,7 @@ " fails, or if the pattern does contain an `@', then the pattern" " is matched against the entire recipient address. " "

Matching against the local part is deprecated; in a future" - " release, the patterm will always be matched against the " + " release, the pattern will always be matched against the " " entire recipient address."), ('max_num_recipients', mm_cfg.Number, 5, 0, @@ -787,6 +787,7 @@ self.InitVars(name, admin, crypted_password) self._ready = 1 self.InitTemplates() + self.CheckValues() self.Save() # Touch these files so they have the right dir perms no matter what. # A "just-in-case" thing. This shouldn't have to be here. Index: Mailman/SecurityManager.py =================================================================== RCS file: /cvsroot/mailman/mailman/Mailman/SecurityManager.py,v retrieving revision 1.31 retrieving revision 1.31.2.1 diff -u -r1.31 -r1.31.2.1 --- Mailman/SecurityManager.py 2000/10/02 20:40:41 1.31 +++ Mailman/SecurityManager.py 2001/07/25 18:07:51 1.31.2.1 @@ -1,4 +1,4 @@ -# Copyright (C) 1998,1999,2000 by the Free Software Foundation, Inc. +# Copyright (C) 1998,1999,2000,2001 by the Free Software Foundation, Inc. # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License @@ -44,8 +44,12 @@ def ValidAdminPassword(self, pw): if Utils.CheckSiteAdminPassword(pw): return 1 - return type(pw) == StringType and \ - Crypt.crypt(pw, self.password) == self.password + salt = self.password[:2] + # crypt() has a bug in that if the salt is the empty string, it will + # always return the empty string, regardless of the key. :( + if len(salt) < 2: + return 0 + return Crypt.crypt(pw, salt) == self.password def ConfirmAdminPassword(self, pw): if not self.ValidAdminPassword(pw): Index: Mailman/Utils.py =================================================================== RCS file: /cvsroot/mailman/mailman/Mailman/Utils.py,v retrieving revision 1.104.2.2 retrieving revision 1.104.2.4 diff -u -r1.104.2.2 -r1.104.2.4 --- Mailman/Utils.py 2001/04/18 04:23:07 1.104.2.2 +++ Mailman/Utils.py 2001/07/25 18:06:46 1.104.2.4 @@ -262,7 +262,7 @@ finally: os.umask(ou) if verbose: - print 'made directory: ', madepart + print 'made directory: ', made_part @@ -405,7 +405,12 @@ f = open(mm_cfg.SITE_PW_FILE) pw2 = f.read() f.close() - return Crypt.crypt(pw1, pw2[:2]) == pw2 + salt = pw2[:2] + # crypt() has a bug in that if the salt is the empty string, it will + # always return the empty string, regardless of the key. :( + if len(salt) < 2: + return 0 + return Crypt.crypt(pw1, salt) == pw2 # There probably is no site admin password if there was an exception except IOError: return 0 Index: Mailman/Version.py =================================================================== RCS file: /cvsroot/mailman/mailman/Mailman/Version.py,v retrieving revision 1.20.2.5 retrieving revision 1.20.2.6 diff -u -r1.20.2.5 -r1.20.2.6 --- Mailman/Version.py 2001/05/03 20:58:19 1.20.2.5 +++ Mailman/Version.py 2001/07/25 18:05:30 1.20.2.6 @@ -15,7 +15,7 @@ # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. # Mailman version -VERSION = "2.0.5" +VERSION = "2.0.6" # And as a hex number in the manner of PY_VERSION_HEX ALPHA = 0xa @@ -27,7 +27,7 @@ MAJOR_REV = 2 MINOR_REV = 0 -MICRO_REV = 5 +MICRO_REV = 6 REL_LEVEL = FINAL # at most 15 beta releases! REL_SERIAL = 0 Index: Mailman/versions.py =================================================================== RCS file: /cvsroot/mailman/mailman/Mailman/versions.py,v retrieving revision 1.27 retrieving revision 1.27.2.1 diff -u -r1.27 -r1.27.2.1 --- Mailman/versions.py 2000/06/14 05:09:58 1.27 +++ Mailman/versions.py 2001/07/10 14:58:56 1.27.2.1 @@ -142,7 +142,7 @@ # set admin_notify_mchanges # if not hasattr(l, "admin_notify_mchanges"): - setatrr(l, "admin_notify_mchanges", + setattr(l, "admin_notify_mchanges", mm_cfg.DEFAULT_ADMIN_NOTIFY_MCHANGES) # # Convert the members and digest_members addresses so that the keys of Index: Mailman/Archiver/pipermail.py =================================================================== RCS file: /cvsroot/mailman/mailman/Mailman/Archiver/pipermail.py,v retrieving revision 1.15 retrieving revision 1.15.2.2 diff -u -r1.15 -r1.15.2.2 --- Mailman/Archiver/pipermail.py 2000/10/20 06:18:11 1.15 +++ Mailman/Archiver/pipermail.py 2001/06/01 22:30:16 1.15.2.2 @@ -62,7 +62,7 @@ # Abstract class for databases -class DatabaseInterface: +class DatabaseInterface: def __init__(self): pass def close(self): pass def getArticle(self, archive, msgid): pass @@ -162,13 +162,15 @@ id = strip_separators(message.getheader('Message-Id')) if id == "": self.msgid = str(self.sequence) - else: self.msgid = id + else: + self.msgid = id if message.has_key('Subject'): self.subject = str(message['Subject']) else: + self.subject = 'No subject' + if self.subject == "": self.subject = 'No subject' - if self.subject == "": self.subject = 'No subject' self._set_date(message) @@ -180,7 +182,8 @@ self.email = strip_separators(self.email) self.author = strip_separators(self.author) - if self.author == "": self.author = self.email + if self.author == "": + self.author = self.email # Save the In-Reply-To:, References:, and Message-ID: lines # @@ -197,8 +200,10 @@ self.in_reply_to = '' else: match = msgid_pat.search(i_r_t) - if match is None: self.in_reply_to = '' - else: self.in_reply_to = strip_separators(match.group(1)) + if match is None: + self.in_reply_to = '' + else: + self.in_reply_to = strip_separators(match.group(1)) references = message.getheader('References') if references is None: @@ -352,7 +357,7 @@ refs[0]) for ref in refs[1:]: a = self.database.getArticle(self.archive, ref) - if a.date > maxdate.data: + if a.date > maxdate.date: maxdate = a parentID = maxdate.msgid else: Index: Mailman/Bouncers/BouncerAPI.py =================================================================== RCS file: /cvsroot/mailman/mailman/Mailman/Bouncers/BouncerAPI.py,v retrieving revision 1.11 retrieving revision 1.11.2.1 diff -u -r1.11 -r1.11.2.1 --- Mailman/Bouncers/BouncerAPI.py 2000/09/21 04:50:10 1.11 +++ Mailman/Bouncers/BouncerAPI.py 2001/07/10 15:00:09 1.11.2.1 @@ -82,6 +82,7 @@ # for testing if __name__ == '__main__': + import sys import mimetools from Mailman import MailList Index: Mailman/Bouncers/DSN.py =================================================================== RCS file: /cvsroot/mailman/mailman/Mailman/Bouncers/DSN.py,v retrieving revision 1.7 retrieving revision 1.7.2.1 diff -u -r1.7 -r1.7.2.1 --- Mailman/Bouncers/DSN.py 2000/07/21 05:25:53 1.7 +++ Mailman/Bouncers/DSN.py 2001/07/25 18:04:42 1.7.2.1 @@ -1,4 +1,4 @@ -# Copyright (C) 1998,1999,2000 by the Free Software Foundation, Inc. +# Copyright (C) 1998,1999,2000,2001 by the Free Software Foundation, Inc. # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License @@ -43,8 +43,8 @@ def process(msg): - if msg.gettype() <> 'multipart/report' or \ - msg.getparam('report-type') <> 'delivery-status': + if string.lower(msg.gettype()) <> 'multipart/report' or \ + string.lower(msg.getparam('report-type')) <> 'delivery-status': # then return None boundary = msg.getparam('boundary') Index: Mailman/Cgi/handle_opts.py =================================================================== RCS file: /cvsroot/mailman/mailman/Mailman/Cgi/Attic/handle_opts.py,v retrieving revision 1.30.2.2 retrieving revision 1.30.2.3 diff -u -r1.30.2.2 -r1.30.2.3 --- Mailman/Cgi/handle_opts.py 2001/05/03 21:05:06 1.30.2.2 +++ Mailman/Cgi/handle_opts.py 2001/07/10 14:52:32 1.30.2.3 @@ -266,14 +266,14 @@ except Errors.MMNotAMemberError: PrintResults(mlist, operation, doc, "%s isn't subscribed to this list." - % mail.GetSender(), user) + % user, user) except Errors.MMListNotReadyError: PrintResults(mlist, operation, doc, "List is not functional.", user) except Errors.MMNoSuchUserError: PrintResults(mlist, operation, doc, "%s is not subscribed to this list." - % mail.GetSender(), user) + % user, user) except Errors.MMBadPasswordError: PrintResults(mlist, operation, doc, "You gave the wrong password.", user) Index: Mailman/Handlers/Hold.py =================================================================== RCS file: /cvsroot/mailman/mailman/Mailman/Handlers/Hold.py,v retrieving revision 1.16 retrieving revision 1.16.2.2 diff -u -r1.16 -r1.16.2.2 --- Mailman/Handlers/Hold.py 2000/08/01 23:02:28 1.16 +++ Mailman/Handlers/Hold.py 2001/05/31 21:05:44 1.16.2.2 @@ -1,4 +1,4 @@ -# Copyright (C) 1998,1999,2000 by the Free Software Foundation, Inc. +# Copyright (C) 1998,1999,2000,2001 by the Free Software Foundation, Inc. # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License @@ -118,6 +118,11 @@ if not sender or sender[:len(listname)+6] == adminaddr: sender = msg.GetSender(use_envelope=0) # + # possible administrivia? + if mlist.administrivia and Utils.IsAdministrivia(msg): + hold_for_approval(mlist, msg, msgdata, Administrivia) + # no return + # # is the poster in the list of explicitly forbidden posters? if len(mlist.forbidden_posters): forbiddens = Utils.List2Dict(mlist.forbidden_posters) @@ -175,11 +180,6 @@ not msgdata.get('fromusenet'): # then hold_for_approval(mlist, msg, msgdata, ImplicitDestination) - # no return - # - # possible administrivia? - if mlist.administrivia and Utils.IsAdministrivia(msg): - hold_for_approval(mlist, msg, msgdata, Administrivia) # no return # # suspicious headers? Index: admin/www/download.ht =================================================================== RCS file: /cvsroot/mailman/mailman/admin/www/download.ht,v retrieving revision 1.5.2.6 retrieving revision 1.5.2.7 diff -u -r1.5.2.6 -r1.5.2.7 --- admin/www/download.ht 2001/05/03 21:09:36 1.5.2.6 +++ admin/www/download.ht 2001/07/25 18:08:31 1.5.2.7 @@ -65,9 +65,9 @@

Downloading

Version -(2.0.5, +(2.0.6, released on -May 4 2001) +Jul 25 2001) is the current GNU release. It is available from the following mirror sites: