[Mailman-Users] Mailman 2.1.14rc1 released.

[Mark Sapiro]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I am happy to announce the first release candidate for the 2.1.14
release of the 2.1 stable maintenance branch of GNU Mailman.

Mailman 2.1.14rc1 is mainly a bug fix release, but it contains one
security fix as previously announced at

and one new feature.

This new feature controls the addition/replacement of the Sender:
header in outgoing mail. This allows a list owner to set
include_sender_header on the list's General Options page in the
admin GUI. The default for this setting is Yes which preserves the prior
behavior of removing any pre-existing Sender: and setting it to the
list's -bounces address. Setting this to No stops Mailman from adding or
modifying the Sender: at all.

Additionally, there is a new Defaults.py/mm_cfg.py setting
ALLOW_SENDER_OVERRIDES which defaults to Yes but which can be set to No
to remove the include_sender_header setting from General Options, and
thus preserve the prior behavior completely.

Python 2.4 is the minimum supported, but Python 2.5.or 2.6 is recommended.

See the changelog at  for
more details.

Mailman is free software for managing email mailing lists and
e-newsletters. Mailman is used for all the python.org and
SourceForge.net mailing lists, as well as at hundreds of other sites.

For more information, please see:

http://www.list.org
http://www.gnu.org/software/mailman

Mailman 2.1.14rc1 can be downloaded from

https://launchpad.net/mailman/2.1/
http://ftp.gnu.org/gnu/mailman/


- -- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)

iD8DBQFMiVTzVVuXXpU7hpMRAoOBAJ9toQK+LGWfIW0GQ3bwGd7oQlDUJACfe+8a
wyxtS0VdLRJfjicrVGewmyA=
=uGQl
-END PGP SIGNATURE-
--
Mailman-Users mailing list Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] [Mailman-Developers] [Mailman-Announce] Mailman security patch.

[Barry Warsaw]

On Sep 09, 2010, at 06:46 AM, Mark Sapiro wrote:

>The patch is attached. Since it only affects the web CGIs, it can be
>applied and will be effective without restarting Mailman, although
>since it includes a patch to Utils.py which is imported by the
>qrunners, a restart of Mailman is advisable as soon as convenient
>after applying the patch.

Thanks Mark!
-Barry


signature.asc
Description: PGP signature
--
Mailman-Users mailing list Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Help - postfix rejecting mailing list addresses.

[Daniel Maher]

On 09/09/2010 01:14 AM, Waldo Ramirez wrote:



postfix is rejecting mailing list addresses. I was able to subscribe but
when I email list-requ...@domain.com or something

: Recipient address
rejected: User unknown in virtual mailbox table



Sounds like you don't have aliases for mailman set up.

http://www.list.org/mailman-install/node13.html

--
Daniel Maher 
"The Internet is completely over." -- Prince
--
Mailman-Users mailing list Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Help - postfix rejecting mailing list addresses.

[Mark Sapiro]

Waldo Ramirez wrote:
>
>postfix is rejecting mailing list addresses. I was able to subscribe but
>when I email list-requ...@domain.com or something 
>
>: Recipient address
>rejected: User unknown in virtual mailbox table 


See  and
.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan

--
Mailman-Users mailing list Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

[Mailman-Users] Help - postfix rejecting mailing list addresses.

[Waldo Ramirez]

postfix is rejecting mailing list addresses. I was able to subscribe but
when I email list-requ...@domain.com or something 

: Recipient address
rejected: User unknown in virtual mailbox table 

-- 

_-WALDO RAMIREZ_ 
--
Mailman-Users mailing list Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] [Mailman-Announce] Mailman security patch.

[Mark Sapiro]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 9/4/2010 5:59 PM, Mark Sapiro wrote:
> I plan to release a Mailman 2.1.14 candidate release towards the end of
> next week (Sept 9 or 10). This release will have enhanced XSS defenses
> addressing two recently discovered vulnerabilities. Since release of the
> code will potentially expose the vulnerabilities, I plan to publish a
> patch against the 2.1.13 base with the fix before actually releasing the
> 2.1.14 candidate.
> 
> I will post the patch to the same 4 lists that this post is being sent
> to in the early afternoon, GMT, on September 9.
> 
> The vulnerabilities are obscure and can only be exploited by a list
> owner, but if you are concerned about them you can plan to install the
> patch.


The patch is attached. Since it only affects the web CGIs, it can be
applied and will be effective without restarting Mailman, although since
it includes a patch to Utils.py which is imported by the qrunners, a
restart of Mailman is advisable as soon as convenient after applying the
patch.

- -- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)

iD8DBQFMiOUnVVuXXpU7hpMRAkWlAJoCqVN2gSlNummYeDfq+BHcVfSKhACg5qrJ
7Idyd0aET0xWy11P6njxT3w=
=9uxx
-END PGP SIGNATURE-
=== modified file 'Mailman/Cgi/listinfo.py'
--- Mailman/Cgi/listinfo.py 2010-06-24 04:09:34 +
+++ Mailman/Cgi/listinfo.py 2010-09-05 14:38:30 +
@@ -1,4 +1,4 @@
-# Copyright (C) 1998-2009 by the Free Software Foundation, Inc.
+# Copyright (C) 1998-2010 by the Free Software Foundation, Inc.
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -97,7 +97,7 @@
 else:
 advertised.append((mlist.GetScriptURL('listinfo'),
mlist.real_name,
-   mlist.description))
+   Utils.websafe(mlist.description)))
 if msg:
 greeting = FontAttr(msg, color="ff5060", size="+1")
 else:

=== modified file 'Mailman/HTMLFormatter.py'
--- Mailman/HTMLFormatter.py2008-02-03 19:27:07 +
+++ Mailman/HTMLFormatter.py2010-09-05 00:15:08 +
@@ -1,4 +1,4 @@
-# Copyright (C) 1998-2008 by the Free Software Foundation, Inc.
+# Copyright (C) 1998-2010 by the Free Software Foundation, Inc.
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -383,8 +383,9 @@
 '' : self.GetMailmanFooter(),
 '' : self.real_name,
 '' : self._internal_name,
-'' : self.description,
-'' : BR.join(self.info.split(NL)),
+'' : Utils.websafe(self.description),
+'' : 
+'' + BR.join(self.info.split(NL)) + '',
 ''  : self.FormatFormEnd(),
 ''   : self.FormatArchiveAnchor(),
 ''  : '',

=== modified file 'Mailman/Utils.py'
--- Mailman/Utils.py2009-08-01 19:22:34 +
+++ Mailman/Utils.py2010-09-05 14:36:02 +
@@ -1,4 +1,4 @@
-# Copyright (C) 1998-2009 by the Free Software Foundation, Inc.
+# Copyright (C) 1998-2010 by the Free Software Foundation, Inc.
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -911,6 +911,7 @@
 # Kludge to allow the specific tag that's in the options.html template.
 ')',
 '--
Mailman-Users mailing list Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org