------------------------------------------------------------ revno: 1805 fixes bug: https://launchpad.net/bugs/1810098 committer: Mark Sapiro <m...@msapiro.net> branch nick: 2.1 timestamp: Sun 2018-12-30 09:40:15 -0800 message: Corrected and augmented some security log messages. modified: Mailman/Cgi/create.py Mailman/Cgi/options.py Mailman/Cgi/rmlist.py Mailman/Cgi/roster.py NEWS
-- lp:mailman/2.1 https://code.launchpad.net/~mailman-coders/mailman/2.1 Your team Mailman Checkins is subscribed to branch lp:mailman/2.1. To unsubscribe from this branch go to https://code.launchpad.net/~mailman-coders/mailman/2.1/+edit-subscription
=== modified file 'Mailman/Cgi/create.py' --- Mailman/Cgi/create.py 2018-06-17 23:47:34 +0000 +++ Mailman/Cgi/create.py 2018-12-30 17:40:15 +0000 @@ -162,6 +162,13 @@ if not ok: ok = Utils.check_global_password(auth) if not ok: + remote = os.environ.get('HTTP_FORWARDED_FOR', + os.environ.get('HTTP_X_FORWARDED_FOR', + os.environ.get('REMOTE_ADDR', + 'unidentified origin'))) + syslog('security', + 'Authorization failed (create): list=%s: remote=%s', + listname, remote) request_creation( doc, cgidata, _('You are not authorized to create new mailing lists')) === modified file 'Mailman/Cgi/options.py' --- Mailman/Cgi/options.py 2018-06-18 11:35:51 +0000 +++ Mailman/Cgi/options.py 2018-12-30 17:40:15 +0000 @@ -296,7 +296,7 @@ os.environ.get('REMOTE_ADDR', 'unidentified origin'))) syslog('security', - 'Authorization failed (private): user=%s: list=%s: remote=%s', + 'Authorization failed (options): user=%s: list=%s: remote=%s', user, listname, remote) # So as not to allow membership leakage, prompt for the email # address and the password here. === modified file 'Mailman/Cgi/rmlist.py' --- Mailman/Cgi/rmlist.py 2018-06-17 23:47:34 +0000 +++ Mailman/Cgi/rmlist.py 2018-12-30 17:40:15 +0000 @@ -127,6 +127,13 @@ mm_cfg.AuthListAdmin, mm_cfg.AuthSiteAdmin), password) == mm_cfg.UnAuthorized: + remote = os.environ.get('HTTP_FORWARDED_FOR', + os.environ.get('HTTP_X_FORWARDED_FOR', + os.environ.get('REMOTE_ADDR', + 'unidentified origin'))) + syslog('security', + 'Authorization failed (rmlist): list=%s: remote=%s', + mlist.internal_name(), remote) request_deletion( doc, mlist, _('You are not authorized to delete this mailing list')) === modified file 'Mailman/Cgi/roster.py' --- Mailman/Cgi/roster.py 2018-06-17 23:47:34 +0000 +++ Mailman/Cgi/roster.py 2018-12-30 17:40:15 +0000 @@ -123,8 +123,8 @@ os.environ.get('REMOTE_ADDR', 'unidentified origin'))) syslog('security', - 'Authorization failed (roster): list=%s: remote=%s', - listname, remote) + 'Authorization failed (roster): user=%s: list=%s: remote=%s', + addr, listname, remote) return # The document and its language === modified file 'NEWS' --- NEWS 2018-12-15 18:07:41 +0000 +++ NEWS 2018-12-30 17:40:15 +0000 @@ -26,6 +26,8 @@ - Added bounce recognition for a non-compliant opensmtpd DSN with Action: error. (LP: #1805137) + - Corrected and augmented some security log messages. (LP: #1810098) + 2.1.29 (24-Jul-2018) Bug Fixes
_______________________________________________ Mailman-checkins mailing list Mailman-checkins@python.org Unsubscribe: https://mail.python.org/mailman/options/mailman-checkins/archive%40jab.org