Revisions of mailman
Dirk Mueller (dirkmueller)
accepted
request 1145033
from
Giacomo Comes (gcomes.obs)
(revision 76)
- Provide user/group, as required by RPM 4.19 (boo#1219531).
Bernhard Wiedemann (bmwiedemann)
accepted
request 934510
from
Bernhard Wiedemann (bmwiedemann)
(revision 75)
Update to 2.1.37 - A bug in the fix for CVE-2021-43332 has been fixed. (LP: #1950833) - Fixed a potential XSS attack via the user options page CVE-2021-43331) - Fixed a potential for a list moderator to carry out an off-line brute force attack to obtain the list admin password CVE-2021-43332 (LP: #1949403)
Wolfgang Rosenauer (wrosenauer)
accepted
request 927820
from
Bernhard Wiedemann (bmwiedemann)
(revision 74)
- Update to 2.1.35 to fix 2 security issues: - A potential for for a list member to carry out an off-line brute force attack to obtain the list admin password has been reported by Andre Protas, Richard Cloke and Andy Nuttall of Apple. This is fixed. CVE-2021-42096 (boo#1191959, LP:#1947639) - A CSRF attack via the user options page could allow takeover of a users account. This is fixed. CVE-2021-42097 (boo#1191960, LP:#1947640) - Update to 2.1.34: - The fix for lp#1859104 can result in ValueError being thrown on attempts to subscribe to a list. This is fixed and extended to apply REFUSE_SECOND_PENDING to unsubscription as well. (lp#1878458) - DMARC mitigation no longer misses if the domain name returned by DNS contains upper case. (lp#1881035) - A new WARN_MEMBER_OF_SUBSCRIBE setting can be set to No to prevent mailbombing of a member of a list with private rosters by repeated subscribe attempts. (lp#1883017) - Very long filenames for scrubbed attachments are now truncated. (lp#1884456) - A content injection vulnerability via the private login page has been fixed. CVE-2020-15011 (lp#1877379, bsc#1173369) - A content injection vulnerability via the options login page has been discovered and reported by Vishal Singh. CVE-2020-12108 (lp#1873722, bsc#1171363) - Bounce recognition for a non-compliant Yahoo format is added. - Archiving workaround for non-ascii in string.lowercase in some Python packages is added. - Thanks to Jim Popovitch, there is now
Wolfgang Rosenauer (wrosenauer)
accepted
request 793947
from
Sven Uebelacker (uebelhacker)
(revision 73)
tested on openSUSE Tumbleweed x86_64 (20200331) - update to version 2.1.30 - Thanks to Jim Popovitch, there is now a dmarc_moderation_addresses list setting that can be used to apply dmarc_moderation_action to mail From: addresses listed or matching listed regexps. This can be used to modify mail to addresses that don't accept external mail From: themselves. - There is a new MAX_LISTNAME_LENGTH setting. The fix for LP: #1780874 obtains a list of the names of all the all the lists in the installation in order to determine the maximum length of a legitimate list name. It does this on every web access and on sites with a very large number of lists, this can have performance implications. See the description in Defaults.py for more information. - Thanks to Ralf Jung there is now the ability to add text based captchas (aka textchas) to the listinfo subscribe form. See the documentation for the new CAPTCHA setting in Defaults.py for how to enable this. Also note that if you have custom listinfo.html templates, you will have to add a <mm-captcha-ui> tag to those templates to make this work. This feature can be used in combination with or instead of the Google reCAPTCHA feature added in 2.1.26. - Thanks to Ralf Hildebrandt the web admin Membership Management section now has a feature to sync the list's membership with a list of email addresses as with the bin/sync_members command. - There is a new drop_cc list attribute set from DEFAULT_DROP_CC. This controls the dropping of addresses from the Cc: header in delivered messages by the duplicate avoidance process. (LP: #1845751) - There is a new REFUSE_SECOND_PENDING mm_cfg.py setting that will cause a second request to subscribe to a list when there is already a pending confirmation for that user. This can be set to Yes to prevent mailbombing of a third party by repeatedly posting the subscribe form. (LP: #1859104) - i18n * The Japanese translation has been updated by Yasuhito FUTATSUKI. The German * translation has been updated by Ludwig Reiter. The Spanish translation has * been updated by Omar Walid Llorente. The Brazilian Portugese translation has * been updated by Emerson de Mello.
Wolfgang Rosenauer (wrosenauer)
committed
(revision 72)
buildservice-autocommit
accepted
request 660941
from
Tomáš Chvátal (scarabeus_iv)
(revision 71)
baserev update by copy to link target
Tomáš Chvátal (scarabeus_iv)
accepted
request 660333
from
Matej Cepl (mcepl)
(revision 70)
- Add mailman-update-cfg to avoid user mailman writing to /usr/lib directories (compiled Python files).
buildservice-autocommit
accepted
request 657139
from
Tomáš Chvátal (scarabeus_iv)
(revision 69)
baserev update by copy to link target
Tomáš Chvátal (scarabeus_iv)
accepted
request 657137
from
Jan Engelhardt (jengelh)
(revision 68)
- Use multi-argument find -exec. - Set bash as build shell due to occurrence of "=~".
Tomáš Chvátal (scarabeus_iv)
accepted
request 657013
from
Matej Cepl (mcepl)
(revision 67)
- Add systemd timers to be used instead of cron. (boo#1115446) - Rewrite whole package to use systemd services instead of SysV init. (boo#1116022) - Lots and lots of cleanup to minimize rpmlint warnings (remainings are either false positives or they don't make much sense)
buildservice-autocommit
accepted
request 631022
from
Tomáš Chvátal (scarabeus_iv)
(revision 66)
baserev update by copy to link target
Tomáš Chvátal (scarabeus_iv)
accepted
request 630980
from
Bernhard Wiedemann (bmwiedemann)
(revision 65)
Add reproducible.patch to use fixed build date in mailman-config to make package build reproducible (boo#1047218) Code seems dropped in upstream mailman 3
buildservice-autocommit
accepted
request 628573
from
Tomáš Chvátal (scarabeus_iv)
(revision 64)
baserev update by copy to link target
Tomáš Chvátal (scarabeus_iv)
accepted
request 628563
from
Matej Cepl (mcepl)
(revision 63)
- Restore generation of /etc/mailman/mailman.cgi-gid (bsc#1095112)
buildservice-autocommit
accepted
request 625375
from
Tomáš Chvátal (scarabeus_iv)
(revision 62)
baserev update by copy to link target
Tomáš Chvátal (scarabeus_iv)
accepted
request 625374
from
David Liedke (dliedke)
(revision 61)
update to 2.1.29:
buildservice-autocommit
accepted
request 624942
from
Tomáš Chvátal (scarabeus_iv)
(revision 60)
baserev update by copy to link target
Tomáš Chvátal (scarabeus_iv)
accepted
request 624937
from
David Liedke (dliedke)
(revision 59)
update to 2.1.28 with security fix
buildservice-autocommit
accepted
request 620600
from
Tomáš Chvátal (scarabeus_iv)
(revision 58)
baserev update by copy to link target
Tomáš Chvátal (scarabeus_iv)
committed
(revision 57)
- update to 2.1.20 bsc#925502 - update to 2.1.15 bsc#997205 * better CSRF protection CVE 2016-7123
Displaying revisions 1 - 20 of 76