[Mailman-Announce] ANNOUNCE Mailman 2.0.3

Barry A. Warsaw mailman-developers@python.org
Mon, 12 Mar 2001 17:29:06 -0500


--O17lvtC8kj
Content-Type: text/plain; charset=us-ascii
Content-Description: message body text
Content-Transfer-Encoding: 7bit


I'm sorry folks.  As some of you are aware, a small but nasty typo
snuck its way into the Mailman 2.0.2 release, necessitating a bug fix
patch.  Thus I've just uploaded Mailman 2.0.3 to SourceForge.  I
highly recommend that you upgrade to this version.

As usual I'm releasing this as both a complete tarball and as a patch
against Mailman 2.0.2.  You /must/ update your source to 2.0.2 before
applying the 2.0.3 patch.  Since the patch is small, I'm including it
in this message.  To apply, cd into your 2.0.2 source tree and apply
it like so:

    % patch -p0 < mailman-2.0.2-2.0.3.diff

Currently both http://mailman.sourceforge.net and http://www.list.org
are updated, and I expect the gnu.org site to be updated soon as
well.  The release information on SF is at

    http://sourceforge.net/project/shownotes.php?release_id=27001

-Barry

P.S. It was nice to meet so many Mailman fans at IPC9!  It was also
quite cool to finally meet Thomas Wouters.  Don't worry Thomas, I
won't hold this one against ya. :)

[From the NEWS file]

2.0.3 (12-Mar-2001)

    Bug fix release.  There was a small typo in 2.0.2 in ListAdmin.py
    for approving an already subscribed member (thanks Thomas!).
    Also, an update to the OpenWall security workaround
    (contrib/securelinux_fix.py) was included.  Thanks to Marc Merlin.


--O17lvtC8kj
Content-Type: text/plain
Content-Description: Patch Mailman 2.0.2 -> 2.0.3
Content-Disposition: inline;
	filename="mailman-2.0.2-2.0.3.diff"
Content-Transfer-Encoding: 7bit

Index: NEWS
===================================================================
RCS file: /cvsroot/mailman/mailman/NEWS,v
retrieving revision 1.25.2.2
retrieving revision 1.25.2.4
diff -u -r1.25.2.2 -r1.25.2.4
--- NEWS	2001/03/03 06:51:26	1.25.2.2
+++ NEWS	2001/03/12 19:32:10	1.25.2.4
@@ -1,8 +1,15 @@
 Mailman - The GNU Mailing List Management System
-Copyright (C) 1998,1999,2000 by the Free Software Foundation, Inc.
+Copyright (C) 1998,1999,2000,2001 by the Free Software Foundation, Inc.
 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
 
 Here is a history of user visible changes to Mailman.
+
+2.0.3 (12-Mar-2001)
+
+    Bug fix release.  There was a small typo in 2.0.2 in ListAdmin.py
+    for approving an already subscribed member (thanks Thomas!).
+    Also, an update to the OpenWall security workaround
+    (contrib/securelinux_fix.py) was included.  Thanks to Marc Merlin.
 
 2.0.2 (03-Mar-2001)
 
Index: README.LINUX
===================================================================
RCS file: /cvsroot/mailman/mailman/README.LINUX,v
retrieving revision 1.6
retrieving revision 1.6.2.1
diff -u -r1.6 -r1.6.2.1
--- README.LINUX	2000/09/19 17:25:23	1.6
+++ README.LINUX	2001/03/12 19:21:50	1.6.2.1
@@ -1,5 +1,5 @@
 Mailman - The GNU Mailing List Management System
-Copyright (C) 1998,1999,2000 by the Free Software Foundation, Inc.
+Copyright (C) 1998,1999,2000,2001 by the Free Software Foundation, Inc.
 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
 
 GNU/LINUX ISSUES
@@ -14,6 +14,11 @@
 can cause "Operation not permitted" errors in MailList.Save() -- you
 will see a traceback.  You must turn restricted hardlinks off.  This
 is also known under the name of Openwall Security Patches.
+
+There is a workaround for this problem, you can use securelinux_fix.py
+in the contrib directory (see the README.securelinux_fix.py). Note
+that the script will not work until you move it in your installed
+Mailman tree in the bin directory.
 
 
 
Index: Mailman/ListAdmin.py
===================================================================
RCS file: /cvsroot/mailman/mailman/Mailman/ListAdmin.py,v
retrieving revision 1.47.2.1
retrieving revision 1.47.2.4
diff -u -r1.47.2.1 -r1.47.2.4
--- Mailman/ListAdmin.py	2001/03/02 23:32:15	1.47.2.1
+++ Mailman/ListAdmin.py	2001/03/07 23:26:49	1.47.2.4
@@ -1,4 +1,4 @@
-# Copyright (C) 1998,1999,2000 by the Free Software Foundation, Inc.
+# Copyright (C) 1998,1999,2000,2001 by the Free Software Foundation, Inc.
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -327,8 +327,8 @@
             # subscribe
             assert value == mm_cfg.SUBSCRIBE
             try:
-                self.ApprovedAddMember(addr, password, digest, lang)
-            except Errors.MMAlreadyMember:
+                self.ApprovedAddMember(addr, password, digest)
+            except Errors.MMAlreadyAMember:
                 # User has already been subscribed, after sending the request
                 pass
             # TBD: disgusting hack: ApprovedAddMember() can end up closing
Index: Mailman/Version.py
===================================================================
RCS file: /cvsroot/mailman/mailman/Mailman/Version.py,v
retrieving revision 1.20.2.2
retrieving revision 1.20.2.3
diff -u -r1.20.2.2 -r1.20.2.3
--- Mailman/Version.py	2001/03/03 06:19:15	1.20.2.2
+++ Mailman/Version.py	2001/03/07 23:25:41	1.20.2.3
@@ -15,7 +15,7 @@
 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 
 # Mailman version
-VERSION = "2.0.2"
+VERSION = "2.0.3"
 
 # And as a hex number in the manner of PY_VERSION_HEX
 ALPHA = 0xa
@@ -27,7 +27,7 @@
 
 MAJOR_REV = 2
 MINOR_REV = 0
-MICRO_REV = 2
+MICRO_REV = 3
 REL_LEVEL = FINAL
 # at most 15 beta releases!
 REL_SERIAL = 0
Index: admin/www/download.ht
===================================================================
RCS file: /cvsroot/mailman/mailman/admin/www/download.ht,v
retrieving revision 1.5.2.2
retrieving revision 1.5.2.4
diff -u -r1.5.2.2 -r1.5.2.4
--- admin/www/download.ht	2001/03/03 06:18:47	1.5.2.2
+++ admin/www/download.ht	2001/03/12 19:33:49	1.5.2.4
@@ -65,9 +65,9 @@
 <h3>Downloading</h3>
 
 <p>Version
-(<!-VERSION--->2.0.2<!-VERSION--->,
+(<!-VERSION--->2.0.3<!-VERSION--->,
 released on
-<!-DATE--->Mar  3 2001<!-DATE--->)
+<!-DATE--->Mar 12 2001<!-DATE--->)
 is the current GNU release.  It is available from the following mirror sites:
 
 <ul>
Index: admin/www/download.html
===================================================================
RCS file: /cvsroot/mailman/mailman/admin/www/download.html,v
retrieving revision 1.6.2.4
retrieving revision 1.6.2.6
diff -u -r1.6.2.4 -r1.6.2.6
--- admin/www/download.html	2001/03/03 06:18:47	1.6.2.4
+++ admin/www/download.html	2001/03/12 19:33:49	1.6.2.6
@@ -1,6 +1,6 @@
 <HTML>
 <!-- THIS PAGE IS AUTOMATICALLY GENERATED.  DO NOT EDIT. -->
-<!-- Sat Mar  3 01:06:34 2001 -->
+<!-- Mon Mar 12 14:32:38 2001 -->
 <!-- USING HT2HTML 1.1 -->
 <!-- SEE http://www.wooz.org/barry/software/pyware.html -->
 <!-- User-specified headers:
@@ -237,9 +237,9 @@
 <h3>Downloading</h3>
 
 <p>Version
-(<!-VERSION--->2.0.2<!-VERSION--->,
+(<!-VERSION--->2.0.3<!-VERSION--->,
 released on
-<!-DATE--->Mar  3 2001<!-DATE--->)
+<!-DATE--->Mar 12 2001<!-DATE--->)
 is the current GNU release.  It is available from the following mirror sites:
 
 <ul>
Index: contrib/README.securelinux_fix
===================================================================
RCS file: README.securelinux_fix
diff -N README.securelinux_fix
--- /dev/null	Mon Dec 11 17:26:27 2000
+++ contrib/README.securelinux_fix	Mon Mar 12 11:49:35 2001
@@ -0,0 +1,12 @@
+The securelinux_fix.py script, if copied in your installed
+~mailman/bin/ directory and run from there will modify permissions of
+files so that Mailman works despite the securelinux (aka openwall)
+symbolic and hard link restrictions.
+
+The way it works is that it makes sure that the UID of any script that
+touches config.db is `mailman'. What this means however is that
+scripts in ~mailman/bin will now only work if run as user mailman or
+root (the script then changes its UID and GID to mailman).
+
+Enjoy
+Marc MERLIN <marcsoft@merlins.org>/<marc_bts@valinux.com>
Index: contrib/securelinux_fix.py
===================================================================
RCS file: /cvsroot/mailman/mailman/contrib/securelinux_fix.py,v
retrieving revision 1.2
retrieving revision 1.2.2.1
diff -u -r1.2 -r1.2.2.1
--- contrib/securelinux_fix.py	2000/11/09 02:07:01	1.2
+++ contrib/securelinux_fix.py	2001/03/12 19:25:04	1.2.2.1
@@ -1,6 +1,6 @@
 #! /usr/bin/env python
 #
-# Copyright (C) 1998,1999,2000 by the Free Software Foundation, Inc.
+# Copyright (C) 1998,1999,2000,2001 by the Free Software Foundation, Inc.
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -25,12 +25,12 @@
 Mailman.  The idea is that config.db files have to be owned by the mailman UID
 and only touched by programs that are UID mailman.
  
-If you have to run check_perms -f, make sure to also run %(PROGRAM) -f, which
-applies the necessary permission fixes
+If you have to run check_perms -f, make sure to also run securelinux_fix.py
+-f, which applies the necessary permission fixes.
  
-As a result, to prevent anyone from running priviledged Mailman commands
-\(since the scripts are suid), binary commands that are changed to be SUID are
-also unreadable and unrunable by people who aren't in the mailman group.  This
+As a result, to prevent anyone from running privileged Mailman commands (since
+the scripts are suid), binary commands that are changed to be SUID are also
+unreadable and unrunnable by people who aren't in the mailman group.  This
 shouldn't affect much since most of those commands would fail work if you
 weren't part of the mailman group anyway.
 
@@ -45,8 +45,6 @@
 from Mailman import mm_cfg
 from Mailman.mm_cfg import MAILMAN_UID, MAILMAN_GID
 from stat import *
-
-PROGRAM = sys.argv[0]
 
 # Those are the programs that we patch so that they insist being run under the
 # mailman uid or as root.

--O17lvtC8kj--