------------------------------------------------------------
revno: 1805
fixes bug: https://launchpad.net/bugs/1810098
committer: Mark Sapiro <m...@msapiro.net>
branch nick: 2.1
timestamp: Sun 2018-12-30 09:40:15 -0800
message:
Corrected and augmented some security log messages.
modified:
Mailman/Cgi/create.py
Mailman/Cgi/options.py
Mailman/Cgi/rmlist.py
Mailman/Cgi/roster.py
NEWS
--
lp:mailman/2.1
https://code.launchpad.net/~mailman-coders/mailman/2.1
Your team Mailman Checkins is subscribed to branch lp:mailman/2.1.
To unsubscribe from this branch go to
https://code.launchpad.net/~mailman-coders/mailman/2.1/+edit-subscription
=== modified file 'Mailman/Cgi/create.py'
--- Mailman/Cgi/create.py 2018-06-17 23:47:34 +0000
+++ Mailman/Cgi/create.py 2018-12-30 17:40:15 +0000
@@ -162,6 +162,13 @@
if not ok:
ok = Utils.check_global_password(auth)
if not ok:
+ remote = os.environ.get('HTTP_FORWARDED_FOR',
+ os.environ.get('HTTP_X_FORWARDED_FOR',
+ os.environ.get('REMOTE_ADDR',
+ 'unidentified origin')))
+ syslog('security',
+ 'Authorization failed (create): list=%s: remote=%s',
+ listname, remote)
request_creation(
doc, cgidata,
_('You are not authorized to create new mailing lists'))
=== modified file 'Mailman/Cgi/options.py'
--- Mailman/Cgi/options.py 2018-06-18 11:35:51 +0000
+++ Mailman/Cgi/options.py 2018-12-30 17:40:15 +0000
@@ -296,7 +296,7 @@
os.environ.get('REMOTE_ADDR',
'unidentified origin')))
syslog('security',
- 'Authorization failed (private): user=%s: list=%s: remote=%s',
+ 'Authorization failed (options): user=%s: list=%s: remote=%s',
user, listname, remote)
# So as not to allow membership leakage, prompt for the email
# address and the password here.
=== modified file 'Mailman/Cgi/rmlist.py'
--- Mailman/Cgi/rmlist.py 2018-06-17 23:47:34 +0000
+++ Mailman/Cgi/rmlist.py 2018-12-30 17:40:15 +0000
@@ -127,6 +127,13 @@
mm_cfg.AuthListAdmin,
mm_cfg.AuthSiteAdmin),
password) == mm_cfg.UnAuthorized:
+ remote = os.environ.get('HTTP_FORWARDED_FOR',
+ os.environ.get('HTTP_X_FORWARDED_FOR',
+ os.environ.get('REMOTE_ADDR',
+ 'unidentified origin')))
+ syslog('security',
+ 'Authorization failed (rmlist): list=%s: remote=%s',
+ mlist.internal_name(), remote)
request_deletion(
doc, mlist,
_('You are not authorized to delete this mailing list'))
=== modified file 'Mailman/Cgi/roster.py'
--- Mailman/Cgi/roster.py 2018-06-17 23:47:34 +0000
+++ Mailman/Cgi/roster.py 2018-12-30 17:40:15 +0000
@@ -123,8 +123,8 @@
os.environ.get('REMOTE_ADDR',
'unidentified origin')))
syslog('security',
- 'Authorization failed (roster): list=%s: remote=%s',
- listname, remote)
+ 'Authorization failed (roster): user=%s: list=%s: remote=%s',
+ addr, listname, remote)
return
# The document and its language
=== modified file 'NEWS'
--- NEWS 2018-12-15 18:07:41 +0000
+++ NEWS 2018-12-30 17:40:15 +0000
@@ -26,6 +26,8 @@
- Added bounce recognition for a non-compliant opensmtpd DSN with
Action: error. (LP: #1805137)
+ - Corrected and augmented some security log messages. (LP: #1810098)
+
2.1.29 (24-Jul-2018)
Bug Fixes
_______________________________________________
Mailman-checkins mailing list
Mailman-checkins@python.org
Unsubscribe:
https://mail.python.org/mailman/options/mailman-checkins/archive%40jab.org
