Overview Repositories Revisions Requests Users Attributes Meta

Revisions of mailman

Dirk Mueller's avatar Dirk Mueller (dirkmueller) accepted request 1145033 from Giacomo Comes's avatar Giacomo Comes (gcomes.obs) (revision 76) 
- Provide user/group, as required by RPM 4.19 (boo#1219531).
Bernhard Wiedemann's avatar Bernhard Wiedemann (bmwiedemann) accepted request 934510 from Bernhard Wiedemann's avatar Bernhard Wiedemann (bmwiedemann) (revision 75) 
Update to 2.1.37
  - A bug in the fix for CVE-2021-43332 has been fixed.  (LP: #1950833)
  - Fixed a potential XSS attack via the user options page CVE-2021-43331)
  - Fixed a potential for a list moderator to carry out an off-line
    brute force attack to obtain the list admin password
    CVE-2021-43332 (LP: #1949403)
Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) accepted request 927820 from Bernhard Wiedemann's avatar Bernhard Wiedemann (bmwiedemann) (revision 74) 
- Update to 2.1.35 to fix 2 security issues: 
  - A potential for for a list member to carry out an off-line brute force
    attack to obtain the list admin password has been reported by Andre
    Protas, Richard Cloke and Andy Nuttall of Apple.  This is fixed.
    CVE-2021-42096  (boo#1191959, LP:#1947639)
 
  - A CSRF attack via the user options page could allow takeover of a users
    account.  This is fixed.  CVE-2021-42097  (boo#1191960, LP:#1947640)

- Update to 2.1.34:
  - The fix for lp#1859104 can result in ValueError being thrown
    on attempts to subscribe to a list. This is fixed and
    extended to apply REFUSE_SECOND_PENDING to unsubscription as
    well. (lp#1878458)
  - DMARC mitigation no longer misses if the domain name returned
    by DNS contains upper case. (lp#1881035)
  - A new WARN_MEMBER_OF_SUBSCRIBE setting can be set to No to
    prevent mailbombing of a member of a list with private
    rosters by repeated subscribe attempts. (lp#1883017)
  - Very long filenames for scrubbed attachments are now
    truncated. (lp#1884456)
  - A content injection vulnerability via the private login page
    has been fixed. CVE-2020-15011  (lp#1877379, bsc#1173369)
  - A content injection vulnerability via the options login page
    has been discovered and reported by Vishal Singh.
    CVE-2020-12108 (lp#1873722, bsc#1171363)
  - Bounce recognition for a non-compliant Yahoo format is added.
  - Archiving workaround for non-ascii in string.lowercase in
    some Python packages is added.
  - Thanks to Jim Popovitch, there is now
Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) accepted request 793947 from Sven Uebelacker's avatar Sven Uebelacker (uebelhacker) (revision 73) 
tested on openSUSE Tumbleweed x86_64 (20200331)

- update to version 2.1.30
- Thanks to Jim Popovitch, there is now a dmarc_moderation_addresses list
  setting that can be used to apply dmarc_moderation_action to mail From:
  addresses listed or matching listed regexps. This can be used to modify mail
  to addresses that don't accept external mail From: themselves.
- There is a new MAX_LISTNAME_LENGTH setting. The fix for LP: #1780874 obtains
  a list of the names of all the all the lists in the installation in order to
  determine the maximum length of a legitimate list name. It does this on every
  web access and on sites with a very large number of lists, this can have
  performance implications. See the description in Defaults.py for more
  information.
- Thanks to Ralf Jung there is now the ability to add text based captchas (aka
  textchas) to the listinfo subscribe form. See the documentation for the new
  CAPTCHA setting in Defaults.py for how to enable this. Also note that if you
  have custom listinfo.html templates, you will have to add a <mm-captcha-ui>
  tag to those templates to make this work. This feature can be used in
  combination with or instead of the Google reCAPTCHA feature added in 2.1.26.
- Thanks to Ralf Hildebrandt the web admin Membership Management section now
  has a feature to sync the list's membership with a list of email addresses as
  with the bin/sync_members command.
- There is a new drop_cc list attribute set from DEFAULT_DROP_CC. This controls
  the dropping of addresses from the Cc: header in delivered messages by the
  duplicate avoidance process. (LP: #1845751)
- There is a new REFUSE_SECOND_PENDING mm_cfg.py setting that will cause a
  second request to subscribe to a list when there is already a pending
  confirmation for that user. This can be set to Yes to prevent mailbombing of
  a third party by repeatedly posting the subscribe form.  (LP: #1859104)
- i18n
  * The Japanese translation has been updated by Yasuhito FUTATSUKI.  The German
  * translation has been updated by Ludwig Reiter.  The Spanish translation has
  * been updated by Omar Walid Llorente.  The Brazilian Portugese translation has
  * been updated by Emerson de Mello.
buildservice-autocommit accepted request 660941 from Tomáš Chvátal's avatar Tomáš Chvátal (scarabeus_iv) (revision 71) 
baserev update by copy to link target
Tomáš Chvátal's avatar Tomáš Chvátal (scarabeus_iv) accepted request 660333 from Matej Cepl's avatar Matej Cepl (mcepl) (revision 70) 
- Add mailman-update-cfg to avoid user mailman writing to
  /usr/lib directories (compiled Python files).
buildservice-autocommit accepted request 657139 from Tomáš Chvátal's avatar Tomáš Chvátal (scarabeus_iv) (revision 69) 
baserev update by copy to link target
Tomáš Chvátal's avatar Tomáš Chvátal (scarabeus_iv) accepted request 657137 from Jan Engelhardt's avatar Jan Engelhardt (jengelh) (revision 68) 
- Use multi-argument find -exec.
- Set bash as build shell due to occurrence of "=~".
Tomáš Chvátal's avatar Tomáš Chvátal (scarabeus_iv) accepted request 657013 from Matej Cepl's avatar Matej Cepl (mcepl) (revision 67) 
- Add systemd timers to be used instead of cron. (boo#1115446)
- Rewrite whole package to use systemd services instead of SysV
  init. (boo#1116022)
- Lots and lots of cleanup to minimize rpmlint warnings
  (remainings are either false positives or they don't make
  much sense)
buildservice-autocommit accepted request 631022 from Tomáš Chvátal's avatar Tomáš Chvátal (scarabeus_iv) (revision 66) 
baserev update by copy to link target
Tomáš Chvátal's avatar Tomáš Chvátal (scarabeus_iv) accepted request 630980 from Bernhard Wiedemann's avatar Bernhard Wiedemann (bmwiedemann) (revision 65) 
Add reproducible.patch to use fixed build date in mailman-config to make package build reproducible (boo#1047218)

Code seems dropped in upstream mailman 3
buildservice-autocommit accepted request 628573 from Tomáš Chvátal's avatar Tomáš Chvátal (scarabeus_iv) (revision 64) 
baserev update by copy to link target
Tomáš Chvátal's avatar Tomáš Chvátal (scarabeus_iv) accepted request 628563 from Matej Cepl's avatar Matej Cepl (mcepl) (revision 63) 
- Restore generation of /etc/mailman/mailman.cgi-gid (bsc#1095112)
buildservice-autocommit accepted request 625375 from Tomáš Chvátal's avatar Tomáš Chvátal (scarabeus_iv) (revision 62) 
baserev update by copy to link target
Tomáš Chvátal's avatar Tomáš Chvátal (scarabeus_iv) accepted request 625374 from David Liedke's avatar David Liedke (dliedke) (revision 61) 
update to 2.1.29:
buildservice-autocommit accepted request 624942 from Tomáš Chvátal's avatar Tomáš Chvátal (scarabeus_iv) (revision 60) 
baserev update by copy to link target
Tomáš Chvátal's avatar Tomáš Chvátal (scarabeus_iv) accepted request 624937 from David Liedke's avatar David Liedke (dliedke) (revision 59) 
update to 2.1.28 with security fix
buildservice-autocommit accepted request 620600 from Tomáš Chvátal's avatar Tomáš Chvátal (scarabeus_iv) (revision 58) 
baserev update by copy to link target
Tomáš Chvátal's avatar Tomáš Chvátal (scarabeus_iv) committed (revision 57) 
- update to 2.1.20 bsc#925502
- update to 2.1.15 bsc#997205
    * better CSRF protection CVE 2016-7123
Displaying revisions 1 - 20 of 76
openSUSE Build Service is sponsored by
Places