head 1.6; access; symbols pkgsrc-2023Q4:1.6.0.102 pkgsrc-2023Q4-base:1.6 pkgsrc-2023Q3:1.6.0.100 pkgsrc-2023Q3-base:1.6 pkgsrc-2023Q2:1.6.0.98 pkgsrc-2023Q2-base:1.6 pkgsrc-2023Q1:1.6.0.96 pkgsrc-2023Q1-base:1.6 pkgsrc-2022Q4:1.6.0.94 pkgsrc-2022Q4-base:1.6 pkgsrc-2022Q3:1.6.0.92 pkgsrc-2022Q3-base:1.6 pkgsrc-2022Q2:1.6.0.90 pkgsrc-2022Q2-base:1.6 pkgsrc-2022Q1:1.6.0.88 pkgsrc-2022Q1-base:1.6 pkgsrc-2021Q4:1.6.0.86 pkgsrc-2021Q4-base:1.6 pkgsrc-2021Q3:1.6.0.84 pkgsrc-2021Q3-base:1.6 pkgsrc-2021Q2:1.6.0.82 pkgsrc-2021Q2-base:1.6 pkgsrc-2021Q1:1.6.0.80 pkgsrc-2021Q1-base:1.6 pkgsrc-2020Q4:1.6.0.78 pkgsrc-2020Q4-base:1.6 pkgsrc-2020Q3:1.6.0.76 pkgsrc-2020Q3-base:1.6 pkgsrc-2020Q2:1.6.0.72 pkgsrc-2020Q2-base:1.6 pkgsrc-2020Q1:1.6.0.52 pkgsrc-2020Q1-base:1.6 pkgsrc-2019Q4:1.6.0.74 pkgsrc-2019Q4-base:1.6 pkgsrc-2019Q3:1.6.0.70 pkgsrc-2019Q3-base:1.6 pkgsrc-2019Q2:1.6.0.68 pkgsrc-2019Q2-base:1.6 pkgsrc-2019Q1:1.6.0.66 pkgsrc-2019Q1-base:1.6 pkgsrc-2018Q4:1.6.0.64 pkgsrc-2018Q4-base:1.6 pkgsrc-2018Q3:1.6.0.62 pkgsrc-2018Q3-base:1.6 pkgsrc-2018Q2:1.6.0.60 pkgsrc-2018Q2-base:1.6 pkgsrc-2018Q1:1.6.0.58 pkgsrc-2018Q1-base:1.6 pkgsrc-2017Q4:1.6.0.56 pkgsrc-2017Q4-base:1.6 pkgsrc-2017Q3:1.6.0.54 pkgsrc-2017Q3-base:1.6 pkgsrc-2017Q2:1.6.0.50 pkgsrc-2017Q2-base:1.6 pkgsrc-2017Q1:1.6.0.48 pkgsrc-2017Q1-base:1.6 pkgsrc-2016Q4:1.6.0.46 pkgsrc-2016Q4-base:1.6 pkgsrc-2016Q3:1.6.0.44 pkgsrc-2016Q3-base:1.6 pkgsrc-2016Q2:1.6.0.42 pkgsrc-2016Q2-base:1.6 pkgsrc-2016Q1:1.6.0.40 pkgsrc-2016Q1-base:1.6 pkgsrc-2015Q4:1.6.0.38 pkgsrc-2015Q4-base:1.6 pkgsrc-2015Q3:1.6.0.36 pkgsrc-2015Q3-base:1.6 pkgsrc-2015Q2:1.6.0.34 pkgsrc-2015Q2-base:1.6 pkgsrc-2015Q1:1.6.0.32 pkgsrc-2015Q1-base:1.6 pkgsrc-2014Q4:1.6.0.30 pkgsrc-2014Q4-base:1.6 pkgsrc-2014Q3:1.6.0.28 pkgsrc-2014Q3-base:1.6 pkgsrc-2014Q2:1.6.0.26 pkgsrc-2014Q2-base:1.6 pkgsrc-2014Q1:1.6.0.24 pkgsrc-2014Q1-base:1.6 pkgsrc-2013Q4:1.6.0.22 pkgsrc-2013Q4-base:1.6 pkgsrc-2013Q3:1.6.0.20 pkgsrc-2013Q3-base:1.6 pkgsrc-2013Q2:1.6.0.18 pkgsrc-2013Q2-base:1.6 pkgsrc-2013Q1:1.6.0.16 pkgsrc-2013Q1-base:1.6 pkgsrc-2012Q4:1.6.0.14 pkgsrc-2012Q4-base:1.6 pkgsrc-2012Q3:1.6.0.12 pkgsrc-2012Q3-base:1.6 pkgsrc-2012Q2:1.6.0.10 pkgsrc-2012Q2-base:1.6 pkgsrc-2012Q1:1.6.0.8 pkgsrc-2012Q1-base:1.6 pkgsrc-2011Q4:1.6.0.6 pkgsrc-2011Q4-base:1.6 pkgsrc-2011Q3:1.6.0.4 pkgsrc-2011Q3-base:1.6 pkgsrc-2011Q2:1.6.0.2 pkgsrc-2011Q2-base:1.6 pkgsrc-2011Q1:1.4.0.44 pkgsrc-2011Q1-base:1.4 pkgsrc-2010Q4:1.4.0.42 pkgsrc-2010Q4-base:1.4 pkgsrc-2010Q3:1.4.0.40 pkgsrc-2010Q3-base:1.4 pkgsrc-2010Q2:1.4.0.38 pkgsrc-2010Q2-base:1.4 pkgsrc-2010Q1:1.4.0.36 pkgsrc-2010Q1-base:1.4 pkgsrc-2009Q4:1.4.0.34 pkgsrc-2009Q4-base:1.4 pkgsrc-2009Q3:1.4.0.32 pkgsrc-2009Q3-base:1.4 pkgsrc-2009Q2:1.4.0.30 pkgsrc-2009Q2-base:1.4 pkgsrc-2009Q1:1.4.0.28 pkgsrc-2009Q1-base:1.4 pkgsrc-2008Q4:1.4.0.26 pkgsrc-2008Q4-base:1.4 pkgsrc-2008Q3:1.4.0.24 pkgsrc-2008Q3-base:1.4 cube-native-xorg:1.4.0.22 cube-native-xorg-base:1.4 pkgsrc-2008Q2:1.4.0.20 pkgsrc-2008Q2-base:1.4 cwrapper:1.4.0.18 pkgsrc-2008Q1:1.4.0.16 pkgsrc-2008Q1-base:1.4 pkgsrc-2007Q4:1.4.0.14 pkgsrc-2007Q4-base:1.4 pkgsrc-2007Q3:1.4.0.12 pkgsrc-2007Q3-base:1.4 pkgsrc-2007Q2:1.4.0.10 pkgsrc-2007Q2-base:1.4 pkgsrc-2007Q1:1.4.0.8 pkgsrc-2007Q1-base:1.4 pkgsrc-2006Q4:1.4.0.6 pkgsrc-2006Q4-base:1.4 pkgsrc-2006Q3:1.4.0.4 pkgsrc-2006Q3-base:1.4 pkgsrc-2006Q2:1.4.0.2 pkgsrc-2006Q2-base:1.4 pkgsrc-2006Q1:1.3.0.18 pkgsrc-2006Q1-base:1.3 pkgsrc-2005Q4:1.3.0.16 pkgsrc-2005Q4-base:1.3 pkgsrc-2005Q3:1.3.0.14 pkgsrc-2005Q3-base:1.3 pkgsrc-2005Q2:1.3.0.12 pkgsrc-2005Q2-base:1.3 pkgsrc-2005Q1:1.3.0.10 pkgsrc-2005Q1-base:1.3 pkgsrc-2004Q4:1.3.0.8 pkgsrc-2004Q4-base:1.3 pkgsrc-2004Q3:1.3.0.6 pkgsrc-2004Q3-base:1.3 pkgsrc-2004Q2:1.3.0.4 pkgsrc-2004Q2-base:1.3 pkgsrc-2004Q1:1.3.0.2 pkgsrc-2004Q1-base:1.3 pkgsrc-2003Q4:1.2.0.4 pkgsrc-2003Q4-base:1.2 netbsd-1-6-1:1.2.0.2 netbsd-1-6-1-base:1.2 pkgsrc-base:1.1.1.1 TNF:1.1.1; locks; strict; comment @# @; 1.6 date 2011.04.07.15.45.37; author hauke; state Exp; branches; next 1.5; 1.5 date 2011.04.07.13.57.23; author hauke; state Exp; branches; next 1.4; 1.4 date 2006.04.10.20.33.12; author bouyer; state Exp; branches; next 1.3; 1.3 date 2003.12.23.11.02.13; author xtraeme; state Exp; branches 1.3.18.1; next 1.2; 1.2 date 2002.09.24.12.30.15; author wiz; state Exp; branches; next 1.1; 1.1 date 2002.08.23.15.28.17; author bouyer; state Exp; branches 1.1.1.1; next ; 1.3.18.1 date 2006.04.13.16.31.39; author salo; state Exp; branches; next ; 1.1.1.1 date 2002.08.23.15.28.17; author bouyer; state Exp; branches; next ; desc @@ 1.6 log @Update Mailman to 2.1.14.1 Partly addresses pkg/25165. From the package's NEWS file: 2.1.14 (20-Sep-2010) Security - Two potential XSS vulnerabilities have been identified and fixed. New Features - A new feature for controlling the addition/replacement of the Sender: header in outgoing mail has been implemented. This allows a list owner to set include_sender_header on the list's General Options page in the admin GUI. The default for this setting is Yes which preserves the prior behavior of removing any pre-existing Sender: and setting it to the list's -bounces address. Setting this to No stops Mailman from adding or modifying the Sender: at all. Additionally, there is a new Defaults.py/mm_cfg.py setting ALLOW_SENDER_OVERRIDES which defaults to Yes but which can be set to No to remove the include_sender_header setting from General Options, and thus preserve the prior behavior completely. - Bounce processing has been enhanced so that if a bounce is returned to a list from a non-member who is a member of a regular_include_list, the bounce will be processed as a bounce for the included list. i18n - Fixed a missing format character in the German bin/mailmanctl docstring. - Updated Dutch translation from Jan Veuger. - Updated Japanese Translation from Tokio Kikuchi. - Updated Finnish translation from Joni Töyrylä. - Made a few corrections to some Polish templates. Bug #566731. - Made a minor change to the Chinese (China) message catalog. Bug #545772. - Changed a few DOCTYPE directives in templates for compliance. Bug #500952 and Bug #500955. Bug Fixes and other patches - Made minor wording improvements and typo corrections in some messages. Bug #426979. - Fixed i18n._() to catch exceptions due to bad formats. Bug #632660. - Fixed admindb interface to decode base64 and quoted-printable encoded message body excerpts for display. Bug #629738. - Fixed web CGI tracebacks to properly report sys.path. Bug #615114. - Changed the member options login page unsubscribe request to include the requesters IP address in the confirmation request. Bug #610527. - Changed fix_url to lock the list if not locked. Bug #610364. - Made a minor change to the English subscribeack.txt (welcome message) template to emphasize that a password is only required to unsubscribe *without confirmation*. - Fixed an issue in admindb that could result in a KeyError and "we hit a bug" response when a moderator acts on a post that had been handled by someone else after the first moderator had retrieved it. Bug #598671. - Fixed a bug which would fail to show a list on the admin and listinfo overview pages if its web_page_url contained a :port. Bug # 597741. - Fixed bin/genaliases to not throw TypeError when MTA = None. Bug #587657. - Provided the ability to specify in mm_cfg.py a local domain (e.g. 'localhost') for the local addresses in the generated virtual-mailman when MTA = 'Postfix'. See VIRTUAL_MAILMAN_LOCAL_DOMAIN in Defaults.py. Bug #328907. - Made a minor change to the removal of an Approved: pseudo-header from a text/html alternative to allow for an inserted '\xA0' before the password. - Fixed Content Filtering collapse_alternatives to work on deeply nested multipart/alternative parts. Bug #576675. - We now accept/remove X-Approved: and X-Approve: headers in addition to Approved: and Approve: for pre-approving posts. Bug #557750. - Reordered the 'cancel' and 'subscribe' buttons on the subscription confirmation web page so the default action upon 'enter' will be the subscribe button in browsers that pick the first button. Bug #530654. - Fixed a bug in the admindb interface that could apply a moderator action to a message not displayed. Bug #533468. - Added a traceback to the log message produced when processing the digest.mbox throws an exception. - Added a urlhost argument to the MailList.MailList.Create() method to allow bin/newlist and the the create CGI to pass urlhost so the host will be correct in the listinfo link on the emptyarchive page. Bug #529100. - Added the List-Post header to the default list of headers retained in messages in the MIME digest. Bug #526143. - When daemonizing mailmanctl, we now ensure terminal files are closed. - Fixed a bug in pipermail archiving that caused fallback threading by subject to fail. Bug #266572. - We now give an HTTP 401 status for authentication failures from admin, admindb, private, options and roster CGIs, and an HTTP 404 status from all the CGIs for an invalid list name. - Backported the listinfo template change from the 2.2 branch to fix Bug #514050. - Fixed a bug where going to an archives/private/list.mbox/list.mbox URL would result in a munged URL if authentication was required. Bug #266164. - Fixed a bug where check_perms would throw an OSError if an entry in Mailman's lists/ directory was not a directory. Bug #265613. - Fixed a bug where a message with an Approved: header held by a handler that precedes Approve (SpamDetect by default) would not have the Approved: header removed if the held message was approved. Bug #501739. 2.1.13 (22-Dec-2009) i18n - Updated Dutch message catalog from Jan Veuger. - Added Asturian translation from Marcos Costales and the Asturian Language Team. Bug Fixes and other patches - Added "white-space: pre-wrap" style for
tag in archives. Bug #266467. - Added vette logging for rejected and discarded (un)subscribe requests. - Fixed a bug in admindb.py that could erroneously discard an unsubscribe request as a duplicate. - Decoded RFC 2047 encoded message subjects for a few reports. Bug #266428. - Fixed the French, Spanish and Hebrew translations which improperly translated the 'coding:' line in bin/config_list output. - Fixed the auto-responder to treat messages to -confirm, -join, -leave, -subscribe and -unsubscribe as requests rather than posts. Bug #427962. - Configure/make no longer builds Japanese and Korean codecs in pythonlib if Python already has them. - Inadvertently setting a null site or list password allowed access to a list's web admin interface without authentication. Fixed by not accepting null passwords. - Changed VERP_CONFIRM_REGEXP in Defaults.py to work if the replying MUA folds the To: header and in cases where the list name includes '+'. - Fixed some paths in contrib/check_perms_grsecurity.py. Bug #411192. - Replies to commands sent to list-request now come From: list-owner instead of list-bounces. - Mailman no longer folds long sub-part headers in multipart messages. In addition, Mailman no longer escapes From_ lines in the body of messages sent to regular list members, although MTA's may do it anyway. This is to avoid breaking signatures per Bug #265967. - XSS protection in the web interface went too far in escaping HTML entities. Fixed. - Removed or anonymized additional headers in posts to anonymous lists. - Fixed a bug that could cause incorrect threading of replies to archived messages that arrive with timestamps in the same second. - Scrubbed HTML attachments containing tab characters would get the tabs replaced by a string of ' ' without a semicolon. Fixed. - Caught a TypeError in content filtering, collapse alternatives that occurred with a malformed message if a multipart/alternative part wasn't multi-part. Reported in comments to bug #266230. - Fixed a few things in bin/update: - Changed some old messages for more current meaning. - Fixed qfiles update to not lose metadata from 2.1.5+ format entries. - Fixed 2.0.x template migration to not die if the templates/ tree contains subdirectories from a version control system. - Fixed a bug that would show a list on the admin and listinfo overview pages if its web_page_url host contained the current host as a substring. Bug #342162. - Fixed a bug in Utils.canonstr() that would throw a UnicodeDecodeError if the string contained an HTML entity > 255 and also characters in the 128-255 range. Bug #341594. - Added recognition for more bounces. - Updated contrib/mmdsr to report preserved messages and to use mktemp to create temp files. @ text @=========================================================================== $NetBSD: MESSAGE,v 1.5 2011/04/07 13:57:23 hauke Exp $ Mailman needs to know your mail domain and Web server hostname. Edit ${PREFIX}/lib/mailman/Mailman/mm_cfg.py and insert your hostname in place of "localhost" in DEFAULT_EMAIL_HOST and DEFAULT_URL_HOST. You will need to make mailman accessible through your HTTP server. If you are running Apache, then you may add the following line to httpd.conf: Include ${PKG_SYSCONFDIR}/mailman.conf to make mailman and its archive accessible through, respectively, http://www.domain.com/mailman/ http://www.domain.com/pipermail/ You will also need to add some crontab entries for the user ${MAILMAN_USER}. You can use ${EGDIR}/crontab.in as template. See the files in ${DOCDIR} for how to use mailman, especially the file ${DOCDIR}/mailman-install.txt. If you are upgrading an existing mailman installation, see ${DOCDIR}/UPGRADING. =========================================================================== @ 1.5 log @Point to the UPGRADING file, for those unhappy fellows who have to upgrade an existing mailman installation. Relevant for pkg/25165 @ text @d2 1 a2 1 $NetBSD: MESSAGE,v 1.4 2006/04/10 20:33:12 bouyer Exp $ d19 1 a19 1 You can use ${EXECDIR}/cron/crontab.in as template. d21 5 a25 3 See the files in ${DOCDIR} for how to use mailman, especially the file ${DOCDIR}/mailman-install.txt and, if you are upgrading an existing mailman installation, ${DOCDIR}/UPGRADING. @ 1.4 log @Upgrade mailman to 2.1.8rc1, fix a cross-site scripting issue. pkgsrc changes: - install the admin/www/mailman-*.{pdf,ps,txt} documentation file, and change MESSAGES to point to mailman-install.txt changes between 2.1.7 and 2.1.8rc1: - A cross-site scripting hole in the private archive script of 2.1.7 has been closed. Thanks to Moritz Naumann for its discovery. - Bouncers support added: 'unknown user', Microsoft SMTPSVC, Prodigy.net and several others. - Updated email library to 2.5.7 which will encode payload into qp/base64 upon setting. This enabled backing out the scrubber related patches including 'X-Mailman-Scrubbed' header in 2.1.7. - Fix SpamDetect.py potential hold/reject loop problem. - A warning message from email package to the stderr can cause error in Logging because stderr may be detached from the process during the qrunner run. We chose not to output errors to stderr but to the logs/error if the process is running under mailmanctl subprocess. - DKIM header cleansing was separated from Cleanse.py and added to -owner messages too. - Fixes: Lose Topics when go directly to topics URL (1194419). UnicodeError running bin/arch (1395683). edithtml.py missing import (1400128). Bad escape in cleanarch. Wrong timezone in list archive index pages (1433673). bin/arch fails with TypeError (1430236). Subscription fails with some Language combinations (1435722). Postfix delayed notification not recognized (863989). 2.1.7 (VERP) mistakes delay notice for bounce (1421285). show_qfiles: 'str' object has no attribute 'as_string' (1444447). Utils.get_domain() wrong if VIRTUAL_HOST_OVERVIEW off (1275856). @ text @d2 1 a2 1 $NetBSD: MESSAGE,v 1.3 2003/12/23 11:02:13 xtraeme Exp $ d21 3 a23 2 See the files in ${DOCDIR} for how to use mailman, especially the file ${DOCDIR}/mailman-install.txt @ 1.3 log @Update to 2.1.3 from pkgsrc-wip via Todd Vierling. This also closes PR pkg/22820. Changes: - Closed a cross-site scripting exploit in the create cgi script. - Improvements in the performance of the bounce processor. Now, instead of processing each bounce immediately (which can cause severe lock contention), bounce events are queued. Every 15 minutes by default, the queued bounce events are processed en masse, on a list-per-list basis, so that each list only needs to be locked once. - When some or all of a message's recipients have temporary delivery failures, the message is moved to a "retry" queue. This queue wakes up occasionally and moves the file back to the outgoing queue for attempted redelivery. This should fix most observed OutgoingRunner 100% cpu consumption, especially for bounces to local recipients when using the Postfix MTA. - Optional support for fsync()'ing qfile data after writing. Under some catastrophic system failures (e.g. power lose), it would be possible to lose messages because the data wasn't sync'd to disk. By setting SYNC_AFTER_WRITE to True in Mailman/Queue/Switchboard.py, you can force Mailman to fsync() queue files after flushing them. The benefits are debatable for most operating environments, and you must ensure that your Python has the os.fsync() function defined before enabling this feature (it isn't, even on all Unix-like operating systems). And more... please review Changelog to see a complete list of changes. @ text @d2 1 a2 1 $NetBSD: MESSAGE,v 1.2 2002/09/24 12:30:15 wiz Exp $ d22 1 a22 4 especially the sections: 4, starting with 'Create a "site-wide" mailing list'. 5, 'Customizing Mailman' @ 1.3.18.1 log @Pullup ticket 1368 - requested by bouyer security update for mailman Revisions pulled up: - pkgsrc/mail/mailman/MESSAGE 1.4 - pkgsrc/mail/mailman/Makefile 1.33 - pkgsrc/mail/mailman/PLIST 1.10 - pkgsrc/mail/mailman/distinfo 1.11 - pkgsrc/mail/mailman/patches/patch-ai removed - pkgsrc/mail/mailman/patches/patch-aj removed Module Name: pkgsrc Committed By: bouyer Date: Mon Apr 10 20:33:12 UTC 2006 Modified Files: pkgsrc/mail/mailman: MESSAGE Makefile PLIST distinfo Removed Files: pkgsrc/mail/mailman/patches: patch-ai patch-aj Log Message: Upgrade mailman to 2.1.8rc1, fix a cross-site scripting issue. pkgsrc changes: - install the admin/www/mailman-*.{pdf,ps,txt} documentation file, and change MESSAGES to point to mailman-install.txt changes between 2.1.7 and 2.1.8rc1: - A cross-site scripting hole in the private archive script of 2.1.7 has been closed. Thanks to Moritz Naumann for its discovery. - Bouncers support added: 'unknown user', Microsoft SMTPSVC, Prodigy.net and several others. - Updated email library to 2.5.7 which will encode payload into qp/base64 upon setting. This enabled backing out the scrubber related patches including 'X-Mailman-Scrubbed' header in 2.1.7. - Fix SpamDetect.py potential hold/reject loop problem. - A warning message from email package to the stderr can cause error in Logging because stderr may be detached from the process during the qrunner run. We chose not to output errors to stderr but to the logs/error if the process is running under mailmanctl subprocess. - DKIM header cleansing was separated from Cleanse.py and added to -owner messages too. - Fixes: Lose Topics when go directly to topics URL (1194419). UnicodeError running bin/arch (1395683). edithtml.py missing import (1400128). Bad escape in cleanarch. Wrong timezone in list archive index pages (1433673). bin/arch fails with TypeError (1430236). Subscription fails with some Language combinations (1435722). Postfix delayed notification not recognized (863989). 2.1.7 (VERP) mistakes delay notice for bounce (1421285). show_qfiles: 'str' object has no attribute 'as_string' (1444447). Utils.get_domain() wrong if VIRTUAL_HOST_OVERVIEW off (1275856). @ text @d2 1 a2 1 $NetBSD: MESSAGE,v 1.4 2006/04/10 20:33:12 bouyer Exp $ d22 4 a25 1 especially the file ${DOCDIR}/mailman-install.txt @ 1.2 log @Complete standardization of messages according to latest pkglint. @ text @d2 5 a6 1 $NetBSD: MESSAGE,v 1.1.1.1 2002/08/23 15:28:17 bouyer Exp $ d13 2 a14 2 to make mailman accessible through: a15 2 and the archive accessible though d20 6 a25 2 See the files in ${DOCDIR} for how to use mailman, especially ${DOCDIR}/INSTALL starting at section 5 for post-install configurations. @ 1.1 log @Initial revision @ text @d1 2 a2 2 ========================================================================== $NetBSD: MESSAGE,v 1.3 2001/11/26 07:34:05 jlam Exp $ d21 1 a21 1 ========================================================================== @ 1.1.1.1 log @Initial import of mailman package (posted to tech-pkg on Aug, 01) Maiman is a e-mail list manager. It includes a web interface for management from a user (subscribe/unsuscribe) and administrator point of view, as well as the traditionnal command-though-emails management. It also offers web-browsable mailing-list archives. @ text @@