[Mailman-Developers] Re: [Mailman-Announce] ANNOUNCE Mailman 2.0.3
Andreas Gietl
a.gietl@e-admin.de
Tue, 13 Mar 2001 00:00:54 +0100
it seems there's a problem with the configure script ... it always told
me that the permissions on the install-directory should at least be
02755 - but they were 2755. So i had to comment the lines checking in
configure out. Am i wrong or is there a bug?
"Barry A. Warsaw" wrote:
>
> I'm sorry folks. As some of you are aware, a small but nasty typo
> snuck its way into the Mailman 2.0.2 release, necessitating a bug fix
> patch. Thus I've just uploaded Mailman 2.0.3 to SourceForge. I
> highly recommend that you upgrade to this version.
>
> As usual I'm releasing this as both a complete tarball and as a patch
> against Mailman 2.0.2. You /must/ update your source to 2.0.2 before
> applying the 2.0.3 patch. Since the patch is small, I'm including it
> in this message. To apply, cd into your 2.0.2 source tree and apply
> it like so:
>
> % patch -p0 < mailman-2.0.2-2.0.3.diff
>
> Currently both http://mailman.sourceforge.net and http://www.list.org
> are updated, and I expect the gnu.org site to be updated soon as
> well. The release information on SF is at
>
> http://sourceforge.net/project/shownotes.php?release_id=27001
>
> -Barry
>
> P.S. It was nice to meet so many Mailman fans at IPC9! It was also
> quite cool to finally meet Thomas Wouters. Don't worry Thomas, I
> won't hold this one against ya. :)
>
> [From the NEWS file]
>
> 2.0.3 (12-Mar-2001)
>
> Bug fix release. There was a small typo in 2.0.2 in ListAdmin.py
> for approving an already subscribed member (thanks Thomas!).
> Also, an update to the OpenWall security workaround
> (contrib/securelinux_fix.py) was included. Thanks to Marc Merlin.
>
> ------------------------------------------------------------------------
> Index: NEWS
> ===================================================================
> RCS file: /cvsroot/mailman/mailman/NEWS,v
> retrieving revision 1.25.2.2
> retrieving revision 1.25.2.4
> diff -u -r1.25.2.2 -r1.25.2.4
> --- NEWS 2001/03/03 06:51:26 1.25.2.2
> +++ NEWS 2001/03/12 19:32:10 1.25.2.4
> @@ -1,8 +1,15 @@
> Mailman - The GNU Mailing List Management System
> -Copyright (C) 1998,1999,2000 by the Free Software Foundation, Inc.
> +Copyright (C) 1998,1999,2000,2001 by the Free Software Foundation, Inc.
> 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
>
> Here is a history of user visible changes to Mailman.
> +
> +2.0.3 (12-Mar-2001)
> +
> + Bug fix release. There was a small typo in 2.0.2 in ListAdmin.py
> + for approving an already subscribed member (thanks Thomas!).
> + Also, an update to the OpenWall security workaround
> + (contrib/securelinux_fix.py) was included. Thanks to Marc Merlin.
>
> 2.0.2 (03-Mar-2001)
>
> Index: README.LINUX
> ===================================================================
> RCS file: /cvsroot/mailman/mailman/README.LINUX,v
> retrieving revision 1.6
> retrieving revision 1.6.2.1
> diff -u -r1.6 -r1.6.2.1
> --- README.LINUX 2000/09/19 17:25:23 1.6
> +++ README.LINUX 2001/03/12 19:21:50 1.6.2.1
> @@ -1,5 +1,5 @@
> Mailman - The GNU Mailing List Management System
> -Copyright (C) 1998,1999,2000 by the Free Software Foundation, Inc.
> +Copyright (C) 1998,1999,2000,2001 by the Free Software Foundation, Inc.
> 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
>
> GNU/LINUX ISSUES
> @@ -14,6 +14,11 @@
> can cause "Operation not permitted" errors in MailList.Save() -- you
> will see a traceback. You must turn restricted hardlinks off. This
> is also known under the name of Openwall Security Patches.
> +
> +There is a workaround for this problem, you can use securelinux_fix.py
> +in the contrib directory (see the README.securelinux_fix.py). Note
> +that the script will not work until you move it in your installed
> +Mailman tree in the bin directory.
>
>
>
> Index: Mailman/ListAdmin.py
> ===================================================================
> RCS file: /cvsroot/mailman/mailman/Mailman/ListAdmin.py,v
> retrieving revision 1.47.2.1
> retrieving revision 1.47.2.4
> diff -u -r1.47.2.1 -r1.47.2.4
> --- Mailman/ListAdmin.py 2001/03/02 23:32:15 1.47.2.1
> +++ Mailman/ListAdmin.py 2001/03/07 23:26:49 1.47.2.4
> @@ -1,4 +1,4 @@
> -# Copyright (C) 1998,1999,2000 by the Free Software Foundation, Inc.
> +# Copyright (C) 1998,1999,2000,2001 by the Free Software Foundation, Inc.
> #
> # This program is free software; you can redistribute it and/or
> # modify it under the terms of the GNU General Public License
> @@ -327,8 +327,8 @@
> # subscribe
> assert value == mm_cfg.SUBSCRIBE
> try:
> - self.ApprovedAddMember(addr, password, digest, lang)
> - except Errors.MMAlreadyMember:
> + self.ApprovedAddMember(addr, password, digest)
> + except Errors.MMAlreadyAMember:
> # User has already been subscribed, after sending the request
> pass
> # TBD: disgusting hack: ApprovedAddMember() can end up closing
> Index: Mailman/Version.py
> ===================================================================
> RCS file: /cvsroot/mailman/mailman/Mailman/Version.py,v
> retrieving revision 1.20.2.2
> retrieving revision 1.20.2.3
> diff -u -r1.20.2.2 -r1.20.2.3
> --- Mailman/Version.py 2001/03/03 06:19:15 1.20.2.2
> +++ Mailman/Version.py 2001/03/07 23:25:41 1.20.2.3
> @@ -15,7 +15,7 @@
> # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
>
> # Mailman version
> -VERSION = "2.0.2"
> +VERSION = "2.0.3"
>
> # And as a hex number in the manner of PY_VERSION_HEX
> ALPHA = 0xa
> @@ -27,7 +27,7 @@
>
> MAJOR_REV = 2
> MINOR_REV = 0
> -MICRO_REV = 2
> +MICRO_REV = 3
> REL_LEVEL = FINAL
> # at most 15 beta releases!
> REL_SERIAL = 0
> Index: admin/www/download.ht
> ===================================================================
> RCS file: /cvsroot/mailman/mailman/admin/www/download.ht,v
> retrieving revision 1.5.2.2
> retrieving revision 1.5.2.4
> diff -u -r1.5.2.2 -r1.5.2.4
> --- admin/www/download.ht 2001/03/03 06:18:47 1.5.2.2
> +++ admin/www/download.ht 2001/03/12 19:33:49 1.5.2.4
> @@ -65,9 +65,9 @@
> <h3>Downloading</h3>
>
> <p>Version
> -(<!-VERSION--->2.0.2<!-VERSION--->,
> +(<!-VERSION--->2.0.3<!-VERSION--->,
> released on
> -<!-DATE--->Mar 3 2001<!-DATE--->)
> +<!-DATE--->Mar 12 2001<!-DATE--->)
> is the current GNU release. It is available from the following mirror sites:
>
> <ul>
> Index: admin/www/download.html
> ===================================================================
> RCS file: /cvsroot/mailman/mailman/admin/www/download.html,v
> retrieving revision 1.6.2.4
> retrieving revision 1.6.2.6
> diff -u -r1.6.2.4 -r1.6.2.6
> --- admin/www/download.html 2001/03/03 06:18:47 1.6.2.4
> +++ admin/www/download.html 2001/03/12 19:33:49 1.6.2.6
> @@ -1,6 +1,6 @@
> <HTML>
> <!-- THIS PAGE IS AUTOMATICALLY GENERATED. DO NOT EDIT. -->
> -<!-- Sat Mar 3 01:06:34 2001 -->
> +<!-- Mon Mar 12 14:32:38 2001 -->
> <!-- USING HT2HTML 1.1 -->
> <!-- SEE http://www.wooz.org/barry/software/pyware.html -->
> <!-- User-specified headers:
> @@ -237,9 +237,9 @@
> <h3>Downloading</h3>
>
> <p>Version
> -(<!-VERSION--->2.0.2<!-VERSION--->,
> +(<!-VERSION--->2.0.3<!-VERSION--->,
> released on
> -<!-DATE--->Mar 3 2001<!-DATE--->)
> +<!-DATE--->Mar 12 2001<!-DATE--->)
> is the current GNU release. It is available from the following mirror sites:
>
> <ul>
> Index: contrib/README.securelinux_fix
> ===================================================================
> RCS file: README.securelinux_fix
> diff -N README.securelinux_fix
> --- /dev/null Mon Dec 11 17:26:27 2000
> +++ contrib/README.securelinux_fix Mon Mar 12 11:49:35 2001
> @@ -0,0 +1,12 @@
> +The securelinux_fix.py script, if copied in your installed
> +~mailman/bin/ directory and run from there will modify permissions of
> +files so that Mailman works despite the securelinux (aka openwall)
> +symbolic and hard link restrictions.
> +
> +The way it works is that it makes sure that the UID of any script that
> +touches config.db is `mailman'. What this means however is that
> +scripts in ~mailman/bin will now only work if run as user mailman or
> +root (the script then changes its UID and GID to mailman).
> +
> +Enjoy
> +Marc MERLIN <marcsoft@merlins.org>/<marc_bts@valinux.com>
> Index: contrib/securelinux_fix.py
> ===================================================================
> RCS file: /cvsroot/mailman/mailman/contrib/securelinux_fix.py,v
> retrieving revision 1.2
> retrieving revision 1.2.2.1
> diff -u -r1.2 -r1.2.2.1
> --- contrib/securelinux_fix.py 2000/11/09 02:07:01 1.2
> +++ contrib/securelinux_fix.py 2001/03/12 19:25:04 1.2.2.1
> @@ -1,6 +1,6 @@
> #! /usr/bin/env python
> #
> -# Copyright (C) 1998,1999,2000 by the Free Software Foundation, Inc.
> +# Copyright (C) 1998,1999,2000,2001 by the Free Software Foundation, Inc.
> #
> # This program is free software; you can redistribute it and/or
> # modify it under the terms of the GNU General Public License
> @@ -25,12 +25,12 @@
> Mailman. The idea is that config.db files have to be owned by the mailman UID
> and only touched by programs that are UID mailman.
>
> -If you have to run check_perms -f, make sure to also run %(PROGRAM) -f, which
> -applies the necessary permission fixes
> +If you have to run check_perms -f, make sure to also run securelinux_fix.py
> +-f, which applies the necessary permission fixes.
>
> -As a result, to prevent anyone from running priviledged Mailman commands
> -\(since the scripts are suid), binary commands that are changed to be SUID are
> -also unreadable and unrunable by people who aren't in the mailman group. This
> +As a result, to prevent anyone from running privileged Mailman commands (since
> +the scripts are suid), binary commands that are changed to be SUID are also
> +unreadable and unrunnable by people who aren't in the mailman group. This
> shouldn't affect much since most of those commands would fail work if you
> weren't part of the mailman group anyway.
>
> @@ -45,8 +45,6 @@
> from Mailman import mm_cfg
> from Mailman.mm_cfg import MAILMAN_UID, MAILMAN_GID
> from stat import *
> -
> -PROGRAM = sys.argv[0]
>
> # Those are the programs that we patch so that they insist being run under the
> # mailman uid or as root.
--
ACHTUNG NEUE ADRESSE + Telefonnummer
andreas gietl
gietl internet services
roter-brach-weg 124a / 93049 Regensburg
fon +49 941 3810884
fax +49 941 3810891
mobile +49 171 60 70 008
gietl@gietl.com