The NetBSD Project

CVS log for pkgsrc/mail/mailman/Makefile

[BACK] Up to [cvs.NetBSD.org] / pkgsrc / mail / mailman

Request diff between arbitrary revisions


Default branch: MAIN


Revision 1.89 / (download) - annotate - [select for diffs], Sat Nov 2 16:25:22 2019 UTC (11 days, 20 hours ago) by rillig
Branch: MAIN
CVS Tags: HEAD
Changes since 1.88: +4 -4 lines
Diff to previous 1.88 (colored)

mail: align variable assignments

pkglint -Wall -F --only aligned -r

No manual corrections.

Revision 1.88 / (download) - annotate - [select for diffs], Mon Sep 2 13:19:56 2019 UTC (2 months, 1 week ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2019Q3-base, pkgsrc-2019Q3
Changes since 1.87: +2 -2 lines
Diff to previous 1.87 (colored)

Changed PYTHON_VERSIONS_INCOMPATIBLE to PYTHON_VERSIONS_ACCEPTED; needed for future Python 3.8

Revision 1.87 / (download) - annotate - [select for diffs], Thu May 23 19:23:06 2019 UTC (5 months, 3 weeks ago) by rillig
Branch: MAIN
CVS Tags: pkgsrc-2019Q2-base, pkgsrc-2019Q2
Changes since 1.86: +3 -3 lines
Diff to previous 1.86 (colored)

all: replace SUBST_SED with the simpler SUBST_VARS

pkglint -Wall -r --only "substitution command" -F

With manual review and indentation fixes since pkglint doesn't get that
part correct in every case.

Revision 1.86 / (download) - annotate - [select for diffs], Fri Apr 26 14:12:41 2019 UTC (6 months, 2 weeks ago) by maya
Branch: MAIN
Changes since 1.85: +2 -2 lines
Diff to previous 1.85 (colored)

fix some whitespace, mostly introduced in the previous
python 3.4 / 3.5 removal commit.

Revision 1.85 / (download) - annotate - [select for diffs], Fri Apr 26 13:14:03 2019 UTC (6 months, 2 weeks ago) by maya
Branch: MAIN
Changes since 1.84: +2 -2 lines
Diff to previous 1.84 (colored)

Omit mentions of python 34 and 35, after those were removed.

- Includes some whitespace changes, to be handled in a separate commit.

Revision 1.84 / (download) - annotate - [select for diffs], Thu Apr 25 07:33:04 2019 UTC (6 months, 2 weeks ago) by maya
Branch: MAIN
Changes since 1.83: +2 -1 lines
Diff to previous 1.83 (colored)

PKGREVISION bump for anything using python without a PYPKGPREFIX.

This is a semi-manual PKGREVISION bump.

Revision 1.83 / (download) - annotate - [select for diffs], Mon Mar 25 01:52:02 2019 UTC (7 months, 3 weeks ago) by jklos
Branch: MAIN
CVS Tags: pkgsrc-2019Q1-base, pkgsrc-2019Q1
Changes since 1.82: +4 -4 lines
Diff to previous 1.82 (colored)

Updated to mail/mailman to version 2.1.29 which has a number of bug fixes.
Thanks to Oskar:

http://mail-index.netbsd.org/pkgsrc-users/2019/03/24/msg028185.html

Revision 1.82 / (download) - annotate - [select for diffs], Wed Jul 4 13:40:23 2018 UTC (16 months, 1 week ago) by jperkin
Branch: MAIN
CVS Tags: pkgsrc-2018Q4-base, pkgsrc-2018Q4, pkgsrc-2018Q3-base, pkgsrc-2018Q3
Changes since 1.81: +2 -2 lines
Diff to previous 1.81 (colored)

*: Move SUBST_STAGE from post-patch to pre-configure

Performing substitutions during post-patch breaks tools such as mkpatches,
making it very difficult to regenerate correct patches after making changes,
and often leading to substituted string replacements being committed.

Revision 1.81 / (download) - annotate - [select for diffs], Tue Jul 3 05:03:23 2018 UTC (16 months, 1 week ago) by adam
Branch: MAIN
Changes since 1.80: +2 -2 lines
Diff to previous 1.80 (colored)

extend PYTHON_VERSIONS_ for Python 3.7

Revision 1.80 / (download) - annotate - [select for diffs], Mon Dec 4 01:52:58 2017 UTC (23 months, 1 week ago) by maya
Branch: MAIN
CVS Tags: pkgsrc-2018Q2-base, pkgsrc-2018Q2, pkgsrc-2018Q1-base, pkgsrc-2018Q1, pkgsrc-2017Q4-base, pkgsrc-2017Q4
Changes since 1.79: +4 -4 lines
Diff to previous 1.79 (colored)

mailman: update to 2.1.25.
Tested by jcea, thanks!

2.1.25 (26-Oct-2017)

  New Features

    - The admindb held subscriptions listing now includes the date of the
      most recent request from the address.  (LP: #1697097)

  Accessibility

    - The admin Membership List now includes text for screen readers which
      identifies the function of each checkbox.  CSS is added to the page to
      visually hide the text but still allow screen readers to read it.
      Similar text has been added to some radio buttons on the admindb pages.

  i18n

    - The Russian translation has been updated by Sergey Matveev.
      (LP:#1708016)

  Bug fixes and other patches

    - Thanks to Jim Popovitch, certain failures in DNS lookups of DMARC policy
      will now result in mitigations being applied.  (LP: #1722013)

    - The default DMARC reject reason now properly replaces %(listowner)s.
      (LP: #1718962)

    - The web roster page now shows case preserved email addresses.
      (LP: #1707447)

    - Changed the SETGID wrappers to only pass those items in the environment
      that are needed by the called scripts.  (LP: #1705736)

    - Fixed MTA/Postfix.py to ensure that created aliases(.db) and
      virtual-mailman(.db) files are readable by Postfix and the .db files are
      owned by the Mailman user.  (LP: #1696066)

    - Defended against certain web attacks that cause exceptions and "we hit
      a bug" responses when POST data or query fragments contain multiple
      values for the same parameter.  (LP: #1695667)

    - The fix for LP: #1614841 caused a regression in the options CGI.  This
      has been fixed.  (LP: #1602608)

    - Added a -a option to the (e)grep commands in contrib/mmdsr to account
      for logs that may have non-ascii and be seen as binary.

    - Fixed the -V option to bin/list_lists to not show lists whose host is a
      subdomain of the given domain.  (LP: #1695610)

2.1.24 (02-Jun-2017)

  Security

    - A most likely unexploitable XSS attach that relies on the Mailman web
      server passing a crafted Host: header to the CGI environment has been
      fixed.  Apache for one is not vulnerable.  Thanks to Alqnas Eslam.

  New Features

    - There is a new RCPT_BASE64_HEADER_NAME setting.  If this is set to a
      non-empty string, that string is the name of a header that will be added
      to personalized and VERPed deliveries with value equal to the base64
      encoding of the recipient's email address.  This is intended to enable
      identification of the recipient otherwise redacted from "spam report"
      feedback loop messages.

    - cron/senddigests has a new -e/--exceptlist option to send pending
      digests for all but a named list.  (LP: #1619770)

    - The values for DEFAULT_DIGEST_FOOTER and DEFAULT_MSG_FOOTER have been
      changed to use a standard signature separator for DEFAULT_MSG_FOOTER
      and to remove the unneded line of underscores from DEFAULT_DIGEST_FOOTER.
      (LP: #266269)

  i18n

    - The Polish html templates have been recoded to use html entities
      instead of non-ascii characters.

    - The Basque (Euskara) translation has been updated by Gari Araolaza.

    - The German "details for personalize" page has been updated by
      Christian F Buser.

    - The Japanese translation has been updated by Yasuhito FUTATSUKI.

  Bug fixes and other patches

    - The list-owner@virtual.domain addresses are now added to virtual-mailman
      as they are exposed in 'list created' emails.  (LP: 1694384)

    - The 'list run by' addresses in web page footers are now just the
      list-owner address.  (LP: #1694384)

    - Changed member_verbosity_threshold from a >= test to a strictly > test
      to avoid the issue of moderating every post when the threshold = 1.
      (LP: #1693366)

    - Subject prefixing has been improved to always have a space between
      the prefix and the subject even with non-ascii in the prefix.  This
      will sometimes result in two spaces when the prefix is non-ascii but
      the subject is ascii, but this is the lesser evil.  (LP: #1525954)

    - Treat message and digest headers and footers as empty if they contain
      only whitespace.  (LP: #1673307)

    - Ensured that added message and digest headers and footers always have
      a terminating new-line.  (LP: #1670033)

    - Fixed an uncaught TypeError in the subscribe CGI.  (LP: #1667215)

    - Added recognition for a newly seen mailEnable bounce.

    - Fixed an uncaught NotAMemberError when a member is removed before a
      probe bounce for the member is returned.  (LP: #1664729)

    - Fixed a TypeError thrown in the roster CGI when called with a listname
      containing a % character.  (LP: #1661810)

    - Fixed a NameError issue in bin/add_members with
      DISABLE_COMMAND_LOCALE_CSET = yes.  (LP: #1647450)

    - The CleanseDKIM handler has been removed from OWNER_PIPELINE.  It isn't
      needed there and has adverse DMARC implications for messages to -owner
      of an anonymous list.  (LP: #1645901)

    - Fixed an issue with properly RFC 2047 encoding the display name in the
      From: header for messages with DMARC mitigations.  (LP: #1643210)

    - Fixed an issue causing UnicodeError in sending digests following a
      change of a list's preferred_language.  (LP: #1644356)

    - Enhanced the fix for race conditions in MailList().Load().  (LP: #266464)

    - Fixed a typo in Utils.py that could have resulted in a NameError in
      logging an unlikely occurrence.  (LP: #1637745)

    - Fixed a bug which created incorrect "view more members" links at the
      bottom of the admin Membership List pages.  (LP: #1637061)

    - The 2.1.23 fix for LP: #1604544 only fixed the letter links at the top
      of the Membership List.  The links at the bottom have now been fixed.

    - paths.py now adds dist-packages as well as site-packages to sys.path.
      (LP: #1621172)

    - INIT INFO has been added to the sample init.d script.  (LP: #1620121)

2.1.23 (27-Aug-2016)

  Security

    - CSRF protection has been extended to the user options page.  This was
      actually fixed by Tokio Kikuchi as part of the fix for LP: #775294 and
      intended for Mailman 2.1.15, but that fix wasn't completely merged at the
      time.  The full fix also addresses the admindb, and edithtml pages as
      well as the user options page and the previously fixed admin pages.
      Thanks to Nishant Agarwala for reporting the issue.  CVE-2016-6893
      (LP: #1614841)

  New Features

    - For header_filter_rules matching, RFC 2047 encoded headers, non-encoded
      headers and header_filter_rules patterns are now all decoded to unicode.
      Both XML character references of the form &#nnnn; and unicode escapes
      of the form \Uxxxx in patterns are converted to unicodes as well.  Both
      headers and patterns are normalized to 'NFKC' normal form before
      matching, but the normalization form can be set via a new NORMALIZE_FORM
      mm_cfg setting.  Also, the web UI has been updated to encode characters
      in text fields that are invalid in the character set of the page's
      language as XML character references instead of '?'.  This should help
      with entering header_filter_rules patterns to match 'odd' characters.
      This feature is experimental and is problematic for some cases where it
      is desired to have a header_filter_rules pattern with characters not in
      the character set of the list's preferred language.  For patterns
      without such characters, the only change in behavior should be because
      of unicode normalization which should improve matching.  For other
      situations such as trying to match a Subject: with CJK characters (range
      U+4E00..U+9FFF) on an English language (ascii) list, one can enter a
      pattern like '^subject:.*[一-鿿]' or
      '^subject:.*[\u4e00;-\u9fff;]' to match a Subject with any character in
      the range, and it will work, but depending on the actual characters and
      the browser, submitting another, even unrelated change can garble the
      original entry although this usually occurs only with ascii pages and
      characters in the range \u0080-\u00ff.  The \Uxxxx unicode escapes must
      have exactly 4 hex digits, but they are case insensitive.  (LP: #558155)

    - Thanks to Jim Popovitch REMOVE_DKIM_HEADERS can now be set to 3 to
      preserve the original headers as X-Mailman-Original-... before removing
      them.

    - Several additional templates have been added to those that can be edited
      via the web admin GUI.  (LP: #1583387)

    - SMTPDirect.py can now do SASL authentication and STARTTLS security when
      connecting to the outgoiung MTA. Associated with this are new
      Defaults.py/mm_cfg.py settings SMTP_AUTH, SMTP_USER, SMTP_PASSWD and
      SMTP_USE_TLS.  (LP: #558281)

    - There is a new Defaults.py/mm_cfg.py setting SMTPLIB_DEBUG_LEVEL which
      can be set to 1 to enable verbose smtplib debugging to Mailman's error
      log to help with debugging 'low level smtp failures'.  (LP: #1573074)

    - A list's nonmember_rejection_notice attribute will now be the default
      rejection reason for a held non-member post in addition to it's prior
      role as the reson for an automatically rejected non-member post.
      (LP: #1572330)

  i18n

    - The French translation of 'Dutch' is changed from 'Hollandais' to
      'N├ęerlandais' per Francis Jorissen.

    - Some German language templates that were incorrectly utf-8 encoded have
      been recoded as iso-8859-1.  (LP: #1602779)

    - Japanese translation and documentation in messages/ja has been updated by
      Yasuhito FUTATSUKI.

  Bug fixes and other patches

    - The admin Membership List letter links could be incorrectly rendered as
      Unicode strings following a search.  (LP: #1604544)

    - We no longer throw an uncaught TypeError with certain defective crafted
      POST requests to Mailman's CGIs.  (LP: #1602608)

    - Scrubber links in archives are now in the list's preferred_language
      rather than the poster's language.  (LP: #1586505)

    - Improved logging of banned subscription and address change attempts.
      (LP: #1582856)

    - In rare circumstances a list can be removed while the admin or listinfo
      CGI or bin/list_lists is running causing an uncaught MMUnknownListError
      to be thrown.  The exception is now caught and handled.  (LP: #1582532)

    - Set the Date: header in the wrapper message when from_is_list or
      dmarc_moderation_action is Wrap Message.  (LP: #1581215)

    - A site can now set DMARC_ORGANIZATIONAL_DOMAIN_DATA_URL to None or the
      null string if it wants to avoid using this.  (LP: #1578450)

    - The white space to the left of the admindb Logout link is no longer
      part of the link.  (LP: #1573623)

2.1.22 (17-Apr-2016)

  i18n

    - Fixed a typo in the German options.html template.  (LP: #1562408)

    - An error in the Brazilian Portugese translation of Quarterly has been
      fixed thanks to Kleber A. Benatti.

    - The Brazilian Portugese translation has been updated by Emerson Ribeiro
      de Mello.

  Bug fixes and other patches

    - All addresses in data/virtual-mailman are now properly appended with
      VIRTUAL_MAILMAN_LOCAL_DOMAIN and duplicates are not generated if the
      site list is in a virtual domain.  (LP: #1570630)

    - DMARC mitigations will now find the From: domain to the right of the
      rightmost '@' rather than the leftmost '@'.  (LP: #1568445)

    - DMARC mitigations for a sub-domain of an organizational domain will now
      use the organizational domain's sp= policy if any.  (LP: #1568398)

    - Modified NewsRunner.py to ensure that messages gated to Usenet have a
      non-blank Subject: header and when munging the Message-ID to add the
      original to References: to help with threading.  (LP: #557955)

    - Fixed the pipermail archiver to do a better job of figuring the date of
      a post when its Date: header is missing, unparseable or has an obviously
      out of range date.  This should only affect bin/arch as ArchRunner has
      code to fix dates at least if ARCHIVER_CLOBBER_DATE_POLICY has not been
      set to 0 in mm_cfg.py.  If posts have been added in the past to a list's
      archive using bin/arch and an imported mbox, running bin/arch again could
      result is some of those posts being archived with a different date.
      (LP: #1555798)

    - Fixed an issue with CommandRunner shunting a malformed message with a
      null byte in the body.  (LP: #1553888)

    - Don't collapse multipart with a single sub-part inside multipart/signed
      parts.  (LP: #1551075)

2.1.21 (28-Feb-2016)

  New Features

    - There is a new dmarc_none_moderation_action list setting and a
      DEFAULT_DMARC_NONE_MODERATION_ACTION mm_cfg.py setting to optionally
      apply Munge From or Wrap Message actions to posts From: domains that
      publish DMARC p=none.  The intent is to eliminate failure reports to
      the domain owner for messages that would be munged or wrapped if the
      domain published a stronger DMARC policy.  See the descriptions in
      Defaults.py, the web UI and the bug report for more.  (LP: #1539384)

    - Thanks to Jim Popovitch there is now a feature to automatically turn
      on moderation for a malicious list member who attempts to flood a list
      with spam.  See the details for the Privacy options ... -> Sender
      filters -> member_verbosity_threshold and member_verbosity_interval
      settings in the web admin UI and the documentation in Defaults.py for
      the DEFAULT_MEMBER_VERBOSITY_* and VERBOSE_CLEAN_LIMIT settings for
      information.

    - bin/list_members now has options to display all moderated or all
      non-moderated members.

    - There is now a mm_cfg.py setting GLOBAL_BAN_LIST which is like the
      individual list's ban_list but applies globally to all subscribe
      requests.  See the description in Defaults.py for more details.

  i18n

    - The Japanese translation has been updated by Yasuhito FUTATSUKI.

    - Also thanks to Miloslav Trmac and Yasuhito FUTATSUKI, the l10n for
      Mailman's bin/ commands has been fixed to display using the character
      set of the user's work station even when Mailman's character set for
      the language is different.  Because this has not been tested over a
      wide set of locales, there is an mm_cfg.py switch
      DISABLE_COMMAND_LOCALE_CSET to disable it if it causes problems.
      (LP: #558167)

    - The Polish translation has been updated by Stefan Plewako.

    - The German translation has been updated by Mirian Margiani and
      Bernhard Schmidt.

    - The Russian translation has been updated by Danil Smirnov.

    - Several Galician templates that were improperly encoded as iso-8859-1
      have been fixed.  (LP: #1532504)

    - The Brazilian Portugese translation has been updated by Emerson Ribeiro
      de Mello.

  Bug fixes and other patches

    - If DMARC lookup fails to find a policy, also try the Organizational
      Domain.  Associated with this is a new mm_cfg.py setting
      DMARC_ORGANIZATIONAL_DOMAIN_DATA_URL which sets the URL used to
      retrieve the data for the algorithm that computes the Organizational
      Domain.  See https://publicsuffix.org/list/ for info.  (LP: #1549420)

    - Modified contrib/mmdsr to correctly report No such list names that
      contain ".

    - User's "Acknowledge" option will now be honored for posts to anonymous
      lists.  (LP: #1546679)

    - Fixed a typo in the Non-digest options regular_exclude_ignore
      description thanks to Yasuhito FUTATSUKI.

    - DEFAULT_PASS_MIME_TYPES has been changed to accept text/plain sub-parts
      from message/rfc822 parts and multipart parts other than mixed and
      alternative and also accept pgp signatures.  This only applies to newly
      created lists and other than pgp signatures, still only accepts
      text/plain.  (LP: #1517446)

    - Modified contrib/mmdsr to report held and banned subscriptions and DMARC
      lookups in their own categories.

    - Fixed a bug that could create a garbled From: header with certain DMARC
      mitigation actions.  (LP: #1536816)

    - Treat a poster's address which matches an equivalent_domains address as
      a list member for the regular_exclude_ignore check.  (LP: #1526550)

    - Fixed an issue that sometimes left no white space following
      subject_prefix.  (LP: #1525954)

    - Vette log entries for banned subscriptions now include the source of
      the request if available.  (LP: #1525733)

    - Submitting the user options form for a user who was asynchronously
      unsubscribed would throw an uncaught NotAMemberError.  (LP: #1523273)

    - It was possible under some circumstances for a message to be shunted
      after a handler rejected or discarded it, and the handler would be
      skipped upon unshunting and the message accepted.  (LP: #1519062)

    - Posts gated to usenet will no longer have other than the target group
      in the Newsgroups: header.  (LP: #1512866)

    - Invalid regexps in *_these_nonmembers, subscribe_auto_approval and
      ban_list are now logged.  (LP: #1507241)

    - Refactored the GetPattern list method to simplify extending @listname
      syntax to new attributes in the future.  Changed Moderate.py to use the
      GetPattern method to process the *_these_nonmembers lists.

    - Changed CookHeaders to default to using space rather than tab as
      continuation_ws when folding headers.  (LP: #1505878)

    - Fixed the 'pidfile' path in the sample init.d script.  (LP: #1503422)

    - Subject prefixing could fail to collapse multiple 'Re:' in an incomming
      message if they all came after the list's subject_prefix.  This is now
      fixed.  (LP: #1496620)

    - Defended against a user submitting URLs with query fragments or POST
      data containing multiple occurrences of the same variable.
      (LP: #1496632)

    - Fixed bin/mailmanctl to check its effective rather than real uid.
      (LP: #1491187)

    - Fixed cron/gate_news to catch EOFError on opening the newsgroup.
      (LP: #1486263)

    - Fixed a bug where a delayed probe bounce can throw an AttributeError.
      (LP: #1482940)

    - If a list is not digestable an the user is not currently set to
      receive digests, the digest options will not be shown on the user's
      options page.  (LP: #1476298)

    - Improved identification of remote clients for logging and subscribe
      form checking in cases where access is via a proxy server.  Thanks to
      Jim Popovitch.  Also updated contrib/mmdsr for log change.

    - Fixed an issue with shunted messages on a list where the charset for
      the list's preferred_language had been changed from iso-8859-1 to
      utf-8 without recoding the list's description.  (LP: #1462755)

    - Mailman-Postfix integration will now add mailman@domain entries in
      data/virtual-mailman for each domain in POSTFIX_STYLE_VIRTUAL_DOMAINS
      which is a host_name of a list.  This is so the addresses which are
      exposed on admin and listinfo overview pages of virtual domains will
      be deliverable.  (LP: #1459236)

    - The vette log entry for DMARC policy hits now contains the list name.
      (LP: #1450826)

    - If SUBSCRIBE_FORM_SECRET is enabled and a user's network has a load
      balancer or similar in use the POSTing IP might not exactly match the
      GETting IP.  This is now accounted for by not requiring the last
      octet (16 bits for ipV6) to match.  (LP: #1447445)

    - DKIM-Signature:, DomainKey-Signature: and Authentication-Results:
      headers are now removed by default from posts to anonymous lists.
      (LP: #1444673)

    - The list admin web UI Mambership List search function often doesn't
      return correct results for search strings (regexps) that contain
      non-ascii characters.  This is partially fixed.  (LP: #1442298)

Revision 1.79 / (download) - annotate - [select for diffs], Sun Jan 1 14:43:45 2017 UTC (2 years, 10 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2017Q3-base, pkgsrc-2017Q3, pkgsrc-2017Q2-base, pkgsrc-2017Q2, pkgsrc-2017Q1-base, pkgsrc-2017Q1, pkgsrc-
Changes since 1.78: +2 -2 lines
Diff to previous 1.78 (colored)

Add python-3.6 to incompatible versions.

Revision 1.78 / (download) - annotate - [select for diffs], Sat Jul 9 13:03:54 2016 UTC (3 years, 4 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2016Q4-base, pkgsrc-2016Q4, pkgsrc-2016Q3-base, pkgsrc-2016Q3
Changes since 1.77: +2 -2 lines
Diff to previous 1.77 (colored)

Remove python33: adapt all packages that refer to it.

Revision 1.77 / (download) - annotate - [select for diffs], Sat Dec 5 21:25:48 2015 UTC (3 years, 11 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2016Q2-base, pkgsrc-2016Q2, pkgsrc-2016Q1-base, pkgsrc-2016Q1, pkgsrc-2015Q4-base, pkgsrc-2015Q4
Changes since 1.76: +2 -2 lines
Diff to previous 1.76 (colored)

Extend PYTHON_VERSIONS_INCOMPATIBLE to 35

Revision 1.76 / (download) - annotate - [select for diffs], Fri Oct 23 14:24:30 2015 UTC (4 years ago) by richard
Branch: MAIN
Changes since 1.75: +6 -2 lines
Diff to previous 1.75 (colored)

Avoid what seems to be a bash issue with the posix character range expression
'for i in [A-IN-U]*' by simply providing a filelist.  Noticed at least on SunOS

Revision 1.75 / (download) - annotate - [select for diffs], Wed Sep 2 21:04:18 2015 UTC (4 years, 2 months ago) by fhajny
Branch: MAIN
CVS Tags: pkgsrc-2015Q3-base, pkgsrc-2015Q3
Changes since 1.74: +4 -10 lines
Diff to previous 1.74 (colored)

Updated mail/mailman to 2.1.20.

Removed PKG_DESTDIR_SUPPORT=destdir, no longer needed since 2011.

2.1.20 (31-Mar-2015)
- A path traversal vulnerability has been discovered and fixed (CVE-2015-2775)
- There is a new Address Change sub-section in the web admin
  Membership Management section
- The Russian translation has been updated by Danil Smirnov.
- The Polish translation has been updated by Stefan Plewako.
- A LookupError in SpamDetect on a message with RFC 2047 encoded headers
  in an unknown character set is fixed.
- Fixed a bug in CommandRunner that could process the second word of a
  body line as a command word and a case sensitivity in commands in
  Subject: with an Re: prefix.
- Fixed a bug in CommandRunner that threw an uncaught KeyError if
  the input to the list-request address contained a command word
  terminated by a period.
- Changed the response to an invalid confirmation to be more generic.
  Not all confirmations are subscription requests.
- Changed the default nonmember_rejection_notice to be more user friendly.
- Added "If you are a list member" qualification to some messages from the
  options login page.
- Changed the 'Approve' wording in the admindbdetails.html template to
  'Accept/Approve' for better agreement with the button labels.
- Added '(by thread)' to the previous and next message links in the
  archive to emphasize that even if you got to the message from a
  subject, date or author index, previous and next are still by thread.

2.1.19 (28-Feb-2015)
- The subscribe_auto_approval feature backported from the 2.2 branch and
  described above has been enhanced to accept entries of the form
  @listname to auto approve members of another list.
- There is a new list attribute dmarc_wrapped_message_text and a
  DEFAULT_DMARC_WRAPPED_MESSAGE_TEXT setting to set the default for new
  lists.  This text is added to a message which is wrapped because of
  dmarc_moderation_action in a separate text/plain part that precedes the
  message/rfc822 part containing the original message.  It can be used to
  provide an explanation of why the message was wrapped or similar info.
- There is a new list attribute equivalent_domains and a
  DEFAULT_EQUIVALENT_DOMAINS setting to set the default for new lists which
  in turn defaults to the empty string.  This provides a way to specify one
  or more groups of domains, e.g., mac.com, me.com, icloud.com, which are
  considered equivalent for validating list membership for posting and
  moderation purposes.
- There is a new WEB_HEAD_ADD setting to specify text to be added to the
  <HEAD> section of Mailman's internally generated web pages.  This doesn't
  apply to pages built from templates, but in those cases, custom templates
  can be created.
- There is a new DEFAULT_SUBSCRIBE_OR_INVITE setting.  Set this to Yes
  to make the default selection on the admin Mass Subscriptions page
  Invite rather than Subscribe.
- There is a new list attribute in the Bounce processing section.
  bounce_notify_owner_on_bounce_increment if set to Yes will cause
  Mailman to notify the list owner on every bounce that increments a
  list member's score but doesn't result in a probe or disable.  There
  is a new configuration setting setting
  DEFAULT_BOUNCE_NOTIFY_OWNER_ON_BOUNCE_INCREMENT to set the default
  for new lists.  This in turn defaults to No.
- Mailman's log files, request.pck files and heldmsg-* files are no
  longer created world readable to protect against access by untrusted
  local users.  Note that permissions on existing log files won't be
  changed so if you are concerned about this and don't rotate logs or
  have a logrotate process that creates new log files instead of letting
  Mailman create them, you will need to address that.
- The Python Powered logo image has been replaced in the misc/ directory
  in the source distribution.  Depending on how you've installed these
  images, you may need to copy PythonPowered.png from the misc/ directory
  in the source or from the $prefix/icons/ installed directory to another
  location for your web server.
- The Polish translation has been updated by Stefan Plewako.
- The Interlingua translation has been updated by Martijn Dekker.
- The Japanese message catalog has been updated by SATOH Fumiyasu.
- Mailman's character set for Romanian has been changed from iso-8859-2
  to utf-8 and the templates and messages recoded.  This change will
  require running 'bin/arch --wipe' on any existing Romanian language
  lists in order to recode the list's archives, and will require recoding
  any edited templates in lists/LISTNAME/ro/*, templates/DOMAIN/ro/* and
  templates/site/ro/*.  It may also require recoding any existing
  iso-8859-2 text in list attributes.
- Mailman's character set for Russian has been changed from koi8-r to
  utf-8 and the templates and messages recoded.  This change will
  require running 'bin/arch --wipe' on any existing Russian language
  lists in order to recode the list's archives, and will require recoding
  any edited templates in lists/LISTNAME/ru/*, templates/DOMAIN/ru/* and
  templates/site/ru/*.  It may also require recoding any existing koi8-r
  text in list attributes.
- Mailman's versions.py has been augmented to help with the above two
  character set changes.  The first time a list with preferred_language
  of Romanian or Russian is accessed or upon upgrade to this release,
  any list attributes which have string values such as description, info,
  welcome_msg, etc. that appear to be in the old character set will be
  converted to utf-8.  This is done recursively for the values (but not
  the keys) of dictionary attributes and the elements of list and tuple
  attributes.
- The Russian message catalog and templates have been further updated by
  Danil Smirnov.
- The Romanian message catalog has been updated.
- The Russian templates have been updated by Danil Smirnov.
- The Japanese translation has been updated by SATOH Fumiyasu.
- A minor change in the French translation of a listinfo subscribe form
  message has been made.
- Because of privacy concerns with the 2.2 backport adding real name to
  list rosters, this is controlled by a new ROSTER_DISPLAY_REALNAME
  setting that defaults to No.  You may wish to set this to Yes in
  mm_cfg.py.
- Organization: headers are now unconditionally removed from posts to
  anonymous lists.  Regexps in ANONYMOUS_LIST_KEEP_HEADERS weren't kept
  if the regexp included the trailing ':'.  This is fixed too.
- The admindb interface has been fixed so the the detail message body
  display doesn't lose part of a multi-byte character, and characters which
  are invalid in the message's charset are replaced rather than the whole
  body not being converted to the display charset.
- Fixed a bug in bin/rmlist that would throw an exception or just fail to
  remove held message files for a list with regexp special characters in
  its name.
- When applying DMARC mitigations, CookHeaders now adds the original From:
  to Cc: rather than Reply-To: in some cases to make MUA 'reply' and
  'reply all' more consistent with the non-DMARC cases.
- The Subject: of the list welcome message wasn't always in the user's
  preferred language.  Fixed.
- Accept email command in Subject: prefixed with Re: or similar with no
  intervening space.
- Fixed a UnicodeDecodeError that could occur in the web admin interface
  if 'text' valued attributes have unicode values.
- We now catch the NotAMemberError exception thrown if an authenticated
  unsubscribe is submitted from the user options page for a nonmember.
- Fixed an archiving bug that would cause messages with 'Subject: Re:'
  only to be indexed in the archives without a link to the message.
- The vette log entry for a message discarded by a handler now includes
  the list name and the name of the handler.
- The options CGI now rejects all but HTTP GET and POST requests.
- A list's poster password will now be accepted on an Urgent: header.
- Fixed a bug which caused a setting of 2 for REMOVE_DKIM_HEADERS to be
  ignored.
- Renamed messages/sr/readme.sr to README.sr.
- Moved the dmarc_moderation_action checks from the Moderate handler to
  the SpamDetect handler so that the Reject and Discard actions will be
  done before the message might be held by header_filter_rules, and the
  Wrap Message and Munge From actions will be done on messages held by
  header_filter_rules if the message is approved.
- <label> tags have been added around most check boxes and radio buttons
  and their text labels in the admin and admindb web GUI so they can be
  (de)selected by clicking the text.
- If checking DNS for dmarc_moderation_action and DNS lookup is not
  available, log it.
- Handle missing From: header addresses for DMARC mitigation actions.

Revision 1.74 / (download) - annotate - [select for diffs], Wed Dec 31 14:09:36 2014 UTC (4 years, 10 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2015Q2-base, pkgsrc-2015Q2, pkgsrc-2015Q1-base, pkgsrc-2015Q1
Changes since 1.73: +1 -4 lines
Diff to previous 1.73 (colored)

Remove unnecessary line (no egg is created either way).

Revision 1.73 / (download) - annotate - [select for diffs], Sat Aug 23 14:43:33 2014 UTC (5 years, 2 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2014Q4-base, pkgsrc-2014Q4, pkgsrc-2014Q3-base, pkgsrc-2014Q3
Changes since 1.72: +3 -1 lines
Diff to previous 1.72 (colored)

Add bug report URL.

Revision 1.72 / (download) - annotate - [select for diffs], Sat Aug 23 14:12:07 2014 UTC (5 years, 2 months ago) by wiz
Branch: MAIN
Changes since 1.71: +3 -1 lines
Diff to previous 1.71 (colored)

Rename readme.sr to README.sr so all opsys have the same PLIST.
Hope this works on case-insensitive file systems. If not, let's
just rm this thing.

Bump PKGREVISION.

XXX: Why is this package "destdir" and not "user-destdir"?

Revision 1.71 / (download) - annotate - [select for diffs], Sat Jun 14 09:20:49 2014 UTC (5 years, 5 months ago) by fhajny
Branch: MAIN
CVS Tags: pkgsrc-2014Q2-base, pkgsrc-2014Q2
Changes since 1.70: +6 -5 lines
Diff to previous 1.70 (colored)

Update mailman to 2.1.18.

Changelog
---------

2.1.18-1 (06-May-2014)

  Bug fixes and other patches

    - A critical incompatibility between the DMARC Wrap Message action and
      Python versions older than 2.6.x for some x <= 5 existed and caused
      Wrapped message to be shunted.  This is fixed.  (LP: #1316682)

    - Sender: headers are no longer removed in from_is_list Munge From
      actions.  (LP: #1315970)

2.1.18 (03-May-2014)

  Acknowledgements

    - Thanks to Jim Popovitch and Phil Pennock for the branch that formed the
      basis of the dmarc_moderation_action feature.

    - Thanks to Franck Martin et al for the branch that formed the basis of
      the from_is_list feature.

  Dependencies

    - There is a new dependency associated with the new Privacy options ->
      Sender filters -> dmarc_moderation_action feature discussed below.
      This requires that the dnspython <http://www.dnspython.org/> package
      be available in Python.  This package can be downloaded from the above
      site or from the CheeseShop <https://pypi.python.org/pypi/dnspython/>
      or installed with pip.

  New Features

    - The from_is_list feature introduced in 2.1.16 is now unconditionally
      available to list owners.  There is also, a new Privacy options ->
      Sender filters -> dmarc_moderation_action feature which applies to list
      messages where the From: address is in a domain which publishes a DMARC
      policy of reject or possibly quarantine.  This is a list setting with
      values of Accept, Wrap Message, Munge From, Reject or Discard. There is
      a new DEFAULT_DMARC_MODERATION_ACTION configuration setting to set the
      default for this, and the list admin UI is not able to set an action
      which is 'less' than the default.  The prior ALLOW_FROM_IS_LIST setting
      has been removed and is effectively always Yes. There is a new
      dmarc_quarantine_moderation_action list setting with default set by a
      new DEFAULT_DMARC_QUARANTINE_MODERATION_ACTION configuration setting
      which in turn defaults to Yes.  The list setting can be set to No to
      exclude domains with DMARC policy of quarantine from
      dmarc_moderation_action.

      dmarc_moderation_action and from_is_list interact in the following way.
      If the message is From: a domain to which dmarc_moderation_action applies
      and if dmarc_moderation_action is other than Accept,
      dmarc_moderation_action applies to that message.  Otherwise the
      from_is_list action applies.

      Also associated with dmarc_moderation_action are configuration settings
      DMARC_RESOLVER_TIMEOUT and DMARC_RESOLVER_LIFETIME. These are described
      in more detail in Defaults.py.  There are also new vette log entries
      written when dmarc_moderation_action is found to apply to a post.

  i18n

    - Added missing <mm-digest-question-start> tag to French listinfo template.
      (LP: #1275964)

  Bug Fixes and other patches

    - Removed HTML tags from the title of a couple of rmlist.py pages because
      browsers don't render tags in the title.  (LP: #265848)

    - Most Mailman generated notices to list owners and moderators are now
      sent as Precedence: list instead of bulk.  (LP: #1313146)

    - The Reply-To: munging options weren't honored if there was no
      from_is_list action.  (LP: #1313010)

    - Changed from_is_list actions to insert the list address in Cc: if the
      list is fully personalized.  Otherwise, the list address is only in
      From: and Reply-To: overrides it.  (LP: #1312970)

    - Fixed the Munge From action to only Munge the From: and/or Reply-To: in
      the outgoing message and not in archives, digests and messages sent via
      the usenet gateway.  (LP: #1311431)

    - Fixed a long standing issue in which a notice sent to a user whose
      language is other than that of the list can cause subsequent things
      which should be in the list's language to be in the user's language
      instead.  (LP: #1308655)

    - Fixed the admin Membership List so a search string if any is not lost
      when visiting subsequent fragments of a chunked list.  (LP: #1307454)

    - For from_is_list feature, use email address from original From: if
      original From: has no display name and strip domain part from resultant
      names that look like email addresses.  (LP: #1304511)

    - Added the list name to the vette log "held message approved" entry.
      (LP: 1295875)

    - Added the CGI module name to various "No such list" error log entries.
      (LP: 1295875)

    - Modified contrib/mmdsr to report module name if present in "No such list
      error log entries.

    - Fixed a NameError exception in cron/nightly_gzip when it tries to print
      the usage message.  (LP: #1291038)

    - Fixed a bug in ListAdmin._handlepost that would crash when trying to
      preserve a held message for the site admin if HOLD_MESSAGES_AS_PICKLES
      is False.  (LP: #1282365)

    - The from_is_list header munging feature introduced in Mailman 2.1.16 is
      no longer erroneously applied to Mailman generated notices.
      (LP: #1279667)

    - Changed the message from the confirm CGI to not indicate approval is
      required for an acceptance of an invitation.  (LP: #1277744)

    - Fixed POSTFIX_STYLE_VIRTUAL_DOMAINS to be case-insensitiive.
      (LP: #1267003)

    - Added recognition for another simple warning to bounce processing.
      (LP: #1263247)

    - Fixed a few failing tests in tests/test_handlers.py.  (LP: #1262950)

    - Fixed bin/arch to not create scrubbed attachments for messages skipped
      when processing the --start= option.  (LP: #1260883)

    - Fixed email address validation to do a bit better in obscure cases.
      (LP: #1258703)

    - Fixed a bug which caused some authentication cookies to expire too soon
      if AUTHENTICATION_COOKIE_LIFETIME is non-zero.  (LP: #1257112)

    - Fixed a possible TypeError in bin/sync_members introduced in 2.1.17.
      (LP: #1243343)

  Miscellaneous

    - Added to the contrib directory, a script from Alain Williams to count
      posts in a list's archive.

2.1.17 (23-Nov-2013)

  New Features

    - Handling of posts gated from usenet to a list via the Mail <-> News
      gateway is changed.  Formerly, no list membership, moderation or
      *_these_nonmembers checks were done.  Now, if the sender of the usenet
      post is a moderated member or a nonmember matching a *_these_nonmembers
      filter, those checks will be done and actions applied.  Nonmember posts
      from senders not matching a *_these_nonmembers filter are still accepted
      as before.  (LP: #1252575)

    - There is a new mm_cfg.py setting ANONYMOUS_LIST_KEEP_HEADERS.  Since it
      is not possible to know which non-standard headers in a message might
      reveal sender information, we now remove all headers from incoming posts
      to anonymous lists except those which match regular expressions in this
      list. The default setting keeps non X- headers except those known to
      reveal sender information, Mailman added X- headers and x-Spam- headers.
      See the description in Defaults.py for more information.  (LP: #1246039)

  i18n

    - The Japanese message catalog has been updated by SATOH Fumiyasu.
      (LP: #1248855)

  Bug Fixes and other patches

    - Added a reopen command to the sample init.d script in misc/mailman.in.
      (LP: #1251917)

    - Fixed a misspelling in Tagger.py causing an "unexpected keyword argument
      'Delete'" exception.  (LP: #1251495)

    - Fixed contrib/qmail-to-mailman.py to work with a user other than
      'mailman' and to recognize more listname-* addresses.  (LP: #412293)

    - Fixed a possible UnicodeDecodeError in bin/sync_members.  (LP: #1243343)

    - Fixed Makefile to not include $DESTDIR in paths compiled into .pyc
      files for traceback purposes.  (LP: #1241770)

2.1.16 (16-Oct-2013)

  New Features

    - There is a new list attribute from_is_list to either rewrite the From:
      header of posts replacing the posters address with that of the list or
      wrap the message in an outer message From: the list for compatability
      with DMARC and or ADSP.  There is a new mm_cfg.py setting
      DEFAULT_FROM_IS_LIST to control the default for new lists, and the
      existing REMOVE_DKIM_HEADERS setting has been extended to allow removing
      those headers only for certain from_is_list lists.  This feature must
      be enabled by setting ALLOW_FROM_IS_LIST to Yes in mm_cfg.py.  See the
      description of these settings in Defaults.py for more detail.  This
      feature is experimental in 2.1.16, and it is subject to change or to
      become just one of the two methods in a subsequent release. People
      interested in this feature are encouraged to try it and report their
      experiences to the mailman-users@python.org list.

    - There is a new DISPLAY_HELD_SUMMARY_SORT_BUTTONS setting which if set
      in mm_cfg.py will display a set of radio buttons in the admindb held
      message summary to select how the held messages are sorted and grouped
      for display. The exact setting determines the default grouping and
      sorting.  See the description in Defaults.py for details.

    - Setting digest_size_threshhold to zero now means no digests will be
      sent based on size instead of a digest being sent with every post.
      (LP: #558274)

    - There is a new mm_cfg.py setting SUBSCRIBE_FORM_SECRET which will put
      a dynamically generated, hidden hash in the listinfo subscribe form and
      check it upon submission.  Setting this will prevent automated processes
      (bots) from successfully POSTing web subscribes without first retrieving
      and parsing the form from the listinfo page.  The form must also be
      submitted no later than FORM_LIFETIME nor no earlier than
      SUBSCRIBE_FORM_MIN_TIME after retrieval.  Note that enabling this will
      break any static subscribe forms on your site.  See the description in
      Defaults.py for more info.  (LP: #1082746)

    - add_members now has an option to add members with mail delivery disabled
      by admin.  (LP: #1070574)

    - IncomingRunner now logs rejected messages to the vette log.
      (LP: #1068837)

    - The name of the mailmanctl master lock file is now congigurable via the
      mm_cfg.py setting MASTER_LOCK_FILE.  (LP: #1082308)

    - list_lists now has an option to list only lists with public archives.
      (LP: #1082711)

  Contributed programs

    - A new import_majordomo_into_mailman.pl script has been contributed by
      Geoff Mayes.  (LP: #1129742)

    - A new "sitemap" bash script has been contributed by Tomasz Chmielewski
      <mangoo@wpkg.org> to generate a sitemap.xml file of an installation's
      public archives for submission to search engines.

  i18n

    - The Danish translation has been updated thanks to Tom Christensen.

    - Fixed a string in the Czech message catalog.  (LP: #1234567)

    - A Farsi (Persian) translation has been added thanks to Javad Hoseini and
      Mahyar Moghimi.

    - Fixed several misspelled or garbled string replacements in the Spanish
      message catalog.  (LP: #1160138)

    - pt_BR message catalog has two new and an updated message per Hugo Koji
      Kobayashi.  (LP: #1138578)

    - German message catalog has been updated per Ralf Hildebrandt.

    - Corrected typo in templates/it/private.html.

  Bug Fixes and other patches

    - Fixed a crash in SpamDetect.py which caused messages with unparseable
      RFC 2047 encoded headers to be shunted.  (LP: #1235101)

    - Fixed cron/disabled to send a fresh cookie when notifying disabled
      members.  (LP: #1203200)

    - Added "message_id" to the interpolation dictionary for the Article.html
      template.  (LP: #725498)

    - Changed the admin GUI to report only the bad entries in a list of email
      addresses if any are bad.  (LP: #558253)

    - Added logging for template errors in HyperArch.py.  (LP: #558254)

    - Added more explanation to the bad owner address message from
      bin/newlist.  (LP: #1200763)

    - Fixed a bug causing the admin web interface to fail CSRF checking if
      the list name contains a '+' character.  (LP: #1190802)

    - Fixed bin/mailmanctl -s to not remove the master lock if it can't be
      determined to be truly stale.  (LP: #1189558)

    - It is no longer possible to add 'invalid' addresses to the ban_list
      and the *_these_nonmembers filters from the check boxes on the admindb
      interface.  (LP: #1187201)

    - Backported recognition for mail.ru DSNs and minor bug fixes from
      lp:flufl.bounce.  (LP: #1074592, LP: #1079249 and #1079254)

    - Defended against buggy web servers that don't include an empty
      QUERY_STRING in the CGI environment.  (LP: #1160647)

    - The Switchboard.finish() method now logs the text of the exception when
      it fails to unlink/preserve a .bak file.  (LP: #1165589)

    - The pending (un)subscriptions waiting approval are now sorted by email
      address in the admindb interface as intended.  (LP: #1164160)

    - The subscribe log entry for a bin/add_members subscribe now identifies
      bin/add_members as the source.  (LP: #1161642)

    - Fixed a bug where the Subject: of the user notification of a
      bin/remove_members unsubscribe was not in the user's language.
      (LP: #1161445)

    - Fixed a bug where BounceRunner could create and leave behind zero length
      bounce-events files.  (LP: #1161610)

    - Added recognition for another Yahoo bounce format.  (LP: #1157961)

    - Changed configure's method for getting Python's include directory from
      distutils.sysconfig.get_config_var('CONFINCLUDEPY') to
      distutils.sysconfig.get_python_inc().  (LP: #1098162)

    - Added an Auto-Generated: header to password reminders.  (LP: #558240)

    - Fixed a bug where non-ascii characters in the real name in a subscription
      request could throw a UnicodeEncodeError upon subscription approval and
      perhaps in other situations too.  (LP: #1047100)

    - The query fragments send_unsub_notifications_to_list_owner and
      send_unsub_ack_to_this_batch will now assume default values if not set
      in mass unsubscribe URLs.  (LP: #1032378)

    - Replaced utf-8 encoded characters in newly added German templates with
      HTML entities. (LP: #1018208)

2.1.15 (13-Jun-2012)

  Security

    - Strengthened the validation of email addresses.

    - An XSS vulnerability, CVE-2011-0707, has been fixed.

    - The web admin interface has been hardened against CSRF attacks by adding
      a hidden, encrypted token with a time stamp to form submissions and not
      accepting authentication by cookie if the token is missing, invalid or
      older than the new mm_cfg.py setting FORM_LIFETIME which defaults to one
      hour.  Posthumous thanks go to Tokio Kikuchi for this implementation
      which is only one of his many contributions to Mailman prior to his
      death from cancer on 14 January 2012.

  New Features

    - Added a password reminder button to the private archive login page.
      Backported from the 2.2 branch.

    - There is a new list attribute regular_exclude_ignore set from mm_cfg.py
      DEFAULT_REGULAR_EXCLUDE_IGNORE.  This defaults to True even though the
      prior behavior is equivalent to False.  A True setting will ignore an
      exclude list if the poster is not a member of that list.  The False
      setting can result in list members not receiving posts if the nonmember
      post is not accepted by the exclude list.  Backported from 2.2 branch.

    - Eliminated the list cache from the qrunners.  Indirect self-references
      caused lists to never be dropped from the cache which in turn caused
      the qrunners to grow very large in installations with many lists or
      multiple large lists.  Bug #862683.

    - The user options 'list my other subscriptions' page now indicates for
      each list if the subscription is 'nomail' or 'digest'.  Bug #793669.

    - A new list poster password has been implemented.  This password may only
      be used in Approved: or X-Approved: headers for pre-approving posts.
      Using this password for that purpose precludes compromise of a more
      valuable password sent in plain text email.  Bug #770581.

    - A new mm_cfg.py setting AUTHENTICATION_COOKIE_LIFETIME has been added.
      If this is set to a non-zero value, web authentication cookies will
      expire that many seconds following their last use.  Its default value is
      zero to preserve current behavior.

    - A new mm_cfg.py setting RESPONSE_INCLUDE_LEVEL has been added to control
      how much of the original message is included in automatic responses to
      email commands.  The default is 2 to preserve the prior behavior of
      including the full message.  Setting this to 1 in mm_cfg.py will include
      only the original headers, and 0 will include none of the original.  It
      is recommended to set this to 0 in mm_cfg.py to minimize the effects of
      backscatter.  Bug #265835.

    - A new mm_cfg.py setting DEFAULT_RESPOND_TO_POST_REQUESTS has been added
      to control the default for respond_to_post_requests for new lists.  It is
      set to Yes for backwards compatibility, but it is recommended that
      serious consideration be given to setting it to No.  Bug #266051.

    - A new mm_cfg.py setting DISCARD_MESSAGE_WITH_NO_COMMAND has been added to
      control whether a message to the -request address without any commands or
      a message to -confirm whose To: address doesn't match VERP_CONFIRM_REGEXP
      is responded to or just logged.  It defaults to Yes which is different
      from prior behavior.  Bug #410236.

    - Two new mm_cfg.py settings, BROKEN_BROWSER_WORKAROUND and
      BROKEN_BROWSER_REPLACEMENTS, have been added to control escaping of
      additional characters beyond the standard <, >, &, and " in the web UI.
      See the documentation of these settings in Defaults.py.  The default
      values for these settings result in no change from the prior release.
      Bug #774588.

  i18n

    - Added some missing German templates from Egon Frerich.

    - Added Greek translation from Antonis Limperis.

    - A few errors in the Basque translation are fixed.  Bug #836861.

    - Fixed a misspelling in the German invite.txt template.  Bug #815444.

    - Fixed a missing format character in the Spanish translation.
      Bug #670988.

    - Thanks go to the following for updating translations for the changes in
      this release.
        Thijs Kinkhorst
        Stefan Foerster
        Fabian Wenk

  Bug Fixes and other patches

    - Fixed a bug that could send an admin notice of a held subscription with
      the subject in the user's preferred language instead of the list's
      preferred language and possibly not properly RFC 2047 encoded.
      (LP: #998949)

    - Fixed a possible CPU bound loop in OutgoingRunner if the attempt to
      Connect to the SMTP server throws a socket.error.  (LP: #966531)

    - Fixed a potential crash in the web UI if a language is removed from the
      LC_DESCRIPTIONS dictionary.  (LP: #966565)

    - Added an Auto-Submitted: header to invitations and (un)subscription
      confirmation requests to reduce the possibility of an autoresponder
      confirming the request.  (LP: #265831)

    - Added javascript to the private.html and admlogin.html templates to
      focus the cursor on the entry field.  (LP: #266054)

    - Added CPPFLAGS and LDFLAGS to src/Makefile to support their use.
      (LP: #637652)

    - Stopped removing the trailing slash from the List-Archive: header URL.
      (LP: #964190)

    - A configured version of contrib/courier-to-mailman.py is now created in
      build/contrib/courier-to-mailman.py.  (LP: #999250)

    - Subscription disabled warnings are now sent without a Precedence:
      header.  Bug #808821.

    - Backported 2.2 branch fix for a problem in SpamDetect.py that could
      cause header_filter_rules to fail to match RFC 2047 encoded headers.

    - Fix for bug #629738 could cause a crash in the admindb details display
      if the decoded message body contained characters not in the character
      set of the list's preferred language.  Fixed.  Bug #910440.

    - Added recognition for another Qmail bounce format.

    - Fixed an erroneous seek in the Mailman.Mailbox.Mailbox.AppendMessage
      method that could cause a corrupt mailbox for files opened 'w+'.
      Bug #901957.

    - A held message with a null sender caused a crash in the admindb
      interface.  This is fixed by changing the sender to <missing>.
      Bug #897103.

    - Changed subject prefixing to allow for possible whitespace between an
      'Re' and the following colon when determining how to add the prefix.
      Bug #893290.

    - Fixed a problem where topics regexps would not match RFC 2047 encoded
      Keywords: and/or Subject: headers.  Bug #891676.

    - Fixed misleading response to an email approval of a held message.
      Bug #889968.

    - Added masthead.txt to the list of templates that can be edited via the
      web admin interface.  Bug #266805.

    - Changed the way digest_footer is added to the RFC 1153 (plain) format
      digest for RFC compliance.  Bug #887610.

    - Fixed cron/checkdbs to report unsubscriptions waiting approval.
      Bug #873821.

    - The fix for BUG #266220 (sf1181161) has been enhanced so that if there
      is a pathological HTML part such that the Approved: password text isn't
      found, but it is found after stripping out HTML tags, the post is
      rejected with an informative message.

    - A bug that would cause reset of any new_member_options bits other than
      the four displayed as checkboxes on the list admin General Options page
      whenever the page was updated or bin/config_list attempted to update
      new_member_options has been fixed.  Bug #865825.

    - A problem with the logic avoiding unnecessarily reloading a current list
      object from the config.pck arises if the list is updated by another
      process within the same second that it was last read/written.  That can
      cause the reading of latest version of the list to be skipped.  This has
      been fixed.  Bug #862675.

    - Fixed bin/export.py to accept case insensitive password schemes.
      Bug #833134.

    - Added Tokio Kikuchi's icons to the misc/ and installed icons/
      directories.  Bug #782474.

    - Fixed a problem which could result in raw, undecoded message bodies
      appearing in plain digests and archives.  Bug #787790.

    - Fixed a problem in admindb.py where the character set for the display of
      the message body excerpt was not correctly determined.  Bug #779751.

    - Prevented setting user passwords with leading/trailing whitespace.
      Bug #778088.

    - Mailman now sets the 'secure' flag in cookies set via https URLs.
      Bug #770377.

    - Added a logout link to the admindb interface and made both admin and
      admindb logout effective for a site admin cookie if allowed.
      Bug #769318.

    - Replaced the old Mailman logos and icon that install to Mailman's icons
      directory with the new ones.  If you copy these elsewhere on your
      server, please copy these new ones.

    - Changed bin/genaliases to only call the POSTFIX_*_CMD commands once when
      MTA = 'Postfix'.  Bug #266408.

    - Added a report of the affected members to the warnings issued when
      setting a list with digest members digestable=No and when setting a list
      with non-digest members nondigestable=no.  Bug #761232.

    - Fixed a problem where content filtering could remove the headers from
      an attached message/rfc822 part if the message in that part is
      multipart/alternative and collapse_alternatives is Yes.  Bug #757062.

    - Changed the subscribe CGI to strip leading and trailing whitespace from
      the supplied email address.  Bug #745432.

    - Changed the maximum number of arguments for the who command to be
      considered administrivia from 2 to 1 to help avoid false positives.
      Bug #739524.

    - Added the list name as 'display-name' in added Sender: headers to help
      mitigate Outlook et al 'on behalf of' displays.  Bug #736849.

    - Fixed a typo in the usage() definition cron/gate_news.  Bug #721015.

    - Fixed an uncaught KeyError when poster tries to cancel a post which was
      already handled.  Bug #266224.

    - Held message user notifications now come From: list-owner instead of
      list-bounces.  Bug #714424.

    - Issue an HTTP 404 status for private archive file not found.

    - @listname entries in *_these_nonmembers are no longer case sensitive.
      Bug #705715.

    - Changed bin/rmlist to also remove heldmsg files for the removed list and
      fixed a problem with removal of stale locks for the list.  Bug #700528.

    - Fixed a bug where content filtering could leave a multipart message or
      part with just one sub-part. These should be recast to just the sub-part.
      Bug #701558.

    - Fixed a bug that could erroneously handle posts from addresses in
      *_these_nonmembers and send held/rejected notices to bogus addresses when
      The From or other sender header is RFC 2047 encoded.  Bug #702516.

    - Updated contrib/mm-handler-2.1.10 to better handle lists with names that
      look like admin addresses.  Bug #697161.

    - Added bounce recognition for a bogus Dovecot MDN.  Bug #693134.

    - Fixed a problem where an emailed command in the Subject: header with a
      non-ascii l10n of an 'Re:' prefix is ignored.  Bug #685261.

    - Fixed a problem with approving a post by email when the body of the
      approval mail is base64 encoded.  Bug #677115.

    - Fixed the host name in the From: address of the owner notification from
      bin/add_members.  Bug #666181.

Revision 1.70 / (download) - annotate - [select for diffs], Fri May 9 07:37:10 2014 UTC (5 years, 6 months ago) by wiz
Branch: MAIN
Changes since 1.69: +2 -2 lines
Diff to previous 1.69 (colored)

Mark packages that are not ready for python-3.3 also not ready for 3.4,
until proven otherwise.

Revision 1.69 / (download) - annotate - [select for diffs], Sat Jan 25 10:45:19 2014 UTC (5 years, 9 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2014Q1-base, pkgsrc-2014Q1
Changes since 1.68: +4 -4 lines
Diff to previous 1.68 (colored)

No need to have two variables for the same logic.
Replace PYTHON_PATCH_SCRIPTS with REPLACE_PYTHON.

Revision 1.68 / (download) - annotate - [select for diffs], Sat Jan 25 10:30:12 2014 UTC (5 years, 9 months ago) by wiz
Branch: MAIN
Changes since 1.67: +2 -1 lines
Diff to previous 1.67 (colored)

Mark packages as not ready for python-3.x where applicable;
either because they themselves are not ready or because a
dependency isn't. This is annotated by
PYTHON_VERSIONS_INCOMPATIBLE=  33 # not yet ported as of x.y.z
or
PYTHON_VERSIONS_INCOMPATIBLE=  33 # py-foo, py-bar
respectively, please use the same style for other packages,
and check during updates.

Use versioned_dependencies.mk where applicable.
Use REPLACE_PYTHON instead of handcoded alternatives, where applicable.
Reorder Makefile sections into standard order, where applicable.

Remove PYTHON_VERSIONS_INCLUDE_3X lines since that will be default
with the next commit.

Whitespace cleanups and other nits corrected, where necessary.

Revision 1.67 / (download) - annotate - [select for diffs], Fri Jul 12 10:44:57 2013 UTC (6 years, 4 months ago) by jperkin
Branch: MAIN
CVS Tags: pkgsrc-2013Q4-base, pkgsrc-2013Q4, pkgsrc-2013Q3-base, pkgsrc-2013Q3
Changes since 1.66: +2 -2 lines
Diff to previous 1.66 (colored)

Bump PKGREVISION of all packages which create users, to pick up change of
sysutils/user_* packages.

Revision 1.66 / (download) - annotate - [select for diffs], Thu Mar 15 11:53:29 2012 UTC (7 years, 8 months ago) by obache
Branch: MAIN
CVS Tags: pkgsrc-2013Q2-base, pkgsrc-2013Q2, pkgsrc-2013Q1-base, pkgsrc-2013Q1, pkgsrc-2012Q4-base, pkgsrc-2012Q4, pkgsrc-2012Q3-base, pkgsrc-2012Q3, pkgsrc-2012Q2-base, pkgsrc-2012Q2, pkgsrc-2012Q1-base, pkgsrc-2012Q1
Changes since 1.65: +2 -2 lines
Diff to previous 1.65 (colored)

Bump PKGREVISION from default python to 2.7.

Revision 1.65 / (download) - annotate - [select for diffs], Thu Dec 22 11:06:40 2011 UTC (7 years, 10 months ago) by fhajny
Branch: MAIN
CVS Tags: pkgsrc-2011Q4-base, pkgsrc-2011Q4
Changes since 1.64: +3 -5 lines
Diff to previous 1.64 (colored)

Disable configure-time check for Mailman user & group. Removes the need
to hard code UID/GID when building a binary package.

Fixes PR pkg/44048

Revision 1.64 / (download) - annotate - [select for diffs], Sun Jul 3 06:20:06 2011 UTC (8 years, 4 months ago) by markd
Branch: MAIN
CVS Tags: pkgsrc-2011Q3-base, pkgsrc-2011Q3, pkgsrc-2011Q2-base, pkgsrc-2011Q2
Changes since 1.63: +3 -2 lines
Diff to previous 1.63 (colored)

/usr/bin/env cleanup

Revision 1.63 / (download) - annotate - [select for diffs], Thu Apr 7 15:45:37 2011 UTC (8 years, 7 months ago) by hauke
Branch: MAIN
Changes since 1.62: +7 -5 lines
Diff to previous 1.62 (colored)

Update Mailman to 2.1.14.1

Partly addresses pkg/25165.

From the package's NEWS file:

2.1.14 (20-Sep-2010)

  Security

    - Two potential XSS vulnerabilities have been identified and fixed.

  New Features

    - A new feature for controlling the addition/replacement of the Sender:
      header in outgoing mail has been implemented.  This allows a list owner
      to set include_sender_header on the list's General Options page in the
      admin GUI.  The default for this setting is Yes which preserves the prior
      behavior of removing any pre-existing Sender: and setting it to the
      list's -bounces address.  Setting this to No stops Mailman from adding or
      modifying the Sender: at all.

      Additionally, there is a new Defaults.py/mm_cfg.py setting
      ALLOW_SENDER_OVERRIDES which defaults to Yes but which can be set to No
      to remove the include_sender_header setting from General Options, and
      thus preserve the prior behavior completely.

    - Bounce processing has been enhanced so that if a bounce is returned to a
      list from a non-member who is a member of a regular_include_list, the
      bounce will be processed as a bounce for the included list.

  i18n

    - Fixed a missing format character in the German bin/mailmanctl docstring.

    - Updated Dutch translation from Jan Veuger.

    - Updated Japanese Translation from Tokio Kikuchi.

    - Updated Finnish translation from Joni T֬ryl

    - Made a few corrections to some Polish templates.  Bug #566731.

    - Made a minor change to the Chinese (China) message catalog.  Bug #545772.

    - Changed a few DOCTYPE directives in templates for compliance.
      Bug #500952 and Bug #500955.

  Bug Fixes and other patches

    - Made minor wording improvements and typo corrections in some messages.
      Bug #426979.

    - Fixed i18n._() to catch exceptions due to bad formats.  Bug #632660.

    - Fixed admindb interface to decode base64 and quoted-printable encoded
      message body excerpts for display.  Bug #629738.

    - Fixed web CGI tracebacks to properly report sys.path.  Bug #615114.

    - Changed the member options login page unsubscribe request to include the
      requesters IP address in the confirmation request.  Bug #610527.

    - Changed fix_url to lock the list if not locked.  Bug #610364.

    - Made a minor change to the English subscribeack.txt (welcome message)
      template to emphasize that a password is only required to unsubscribe
      *without confirmation*.

    - Fixed an issue in admindb that could result in a KeyError and "we hit a
      bug" response when a moderator acts on a post that had been handled by
      someone else after the first moderator had retrieved it.  Bug #598671.

    - Fixed a bug which would fail to show a list on the admin and listinfo
      overview pages if its web_page_url contained a :port.  Bug # 597741.

    - Fixed bin/genaliases to not throw TypeError when MTA = None.
      Bug #587657.

    - Provided the ability to specify in mm_cfg.py a local domain (e.g.
      'localhost') for the local addresses in the generated virtual-mailman
      when MTA = 'Postfix'.  See VIRTUAL_MAILMAN_LOCAL_DOMAIN in Defaults.py.
      Bug #328907.

    - Made a minor change to the removal of an Approved: pseudo-header from
      a text/html alternative to allow for an inserted '\xA0' before the
      password.

    - Fixed Content Filtering collapse_alternatives to work on deeply nested
      multipart/alternative parts.  Bug #576675.

    - We now accept/remove X-Approved: and X-Approve: headers in addition to
      Approved: and Approve: for pre-approving posts.  Bug #557750.

    - Reordered the 'cancel' and 'subscribe' buttons on the subscription
      confirmation web page so the default action upon 'enter' will be the
      subscribe button in browsers that pick the first button.  Bug #530654.

    - Fixed a bug in the admindb interface that could apply a moderator
      action to a message not displayed.  Bug #533468.

    - Added a traceback to the log message produced when processing the
      digest.mbox throws an exception.

    - Added a urlhost argument to the MailList.MailList.Create() method to
      allow bin/newlist and the the create CGI to pass urlhost so the host
      will be correct in the listinfo link on the emptyarchive page.
      Bug #529100.

    - Added the List-Post header to the default list of headers retained in
      messages in the MIME digest.  Bug #526143.

    - When daemonizing mailmanctl, we now ensure terminal files are closed.

    - Fixed a bug in pipermail archiving that caused fallback threading by
      subject to fail.  Bug #266572.

    - We now give an HTTP 401 status for authentication failures from admin,
      admindb, private, options and roster CGIs, and an HTTP 404 status from
      all the CGIs for an invalid list name.

    - Backported the listinfo template change from the 2.2 branch to fix
      Bug #514050.

    - Fixed a bug where going to an archives/private/list.mbox/list.mbox URL
      would result in a munged URL if authentication was required. Bug #266164.

    - Fixed a bug where check_perms would throw an OSError if an entry in
      Mailman's lists/ directory was not a directory.  Bug #265613.

    - Fixed a bug where a message with an Approved: header held by a handler
      that precedes Approve (SpamDetect by default) would not have the
      Approved: header removed if the held message was approved.  Bug #501739.

2.1.13 (22-Dec-2009)

  i18n

    - Updated Dutch message catalog from Jan Veuger.

    - Added Asturian translation from Marcos Costales and the Asturian
      Language Team.

  Bug Fixes and other patches

    - Added "white-space: pre-wrap" style for <pre> tag in archives.
      Bug #266467.

    - Added vette logging for rejected and discarded (un)subscribe requests.

    - Fixed a bug in admindb.py that could erroneously discard an unsubscribe
      request as a duplicate.

    - Decoded RFC 2047 encoded message subjects for a few reports.
      Bug #266428.

    - Fixed the French, Spanish and Hebrew translations which improperly
      translated the 'coding:' line in bin/config_list output.

    - Fixed the auto-responder to treat messages to -confirm, -join, -leave,
      -subscribe and -unsubscribe as requests rather than posts.  Bug #427962.

    - Configure/make no longer builds Japanese and Korean codecs in
      pythonlib if Python already has them.

    - Inadvertently setting a null site or list password allowed access
      to a list's web admin interface without authentication.  Fixed by
      not accepting null passwords.

    - Changed VERP_CONFIRM_REGEXP  in Defaults.py to work if the replying
      MUA folds the To: header and in cases where the list name includes '+'.

    - Fixed some paths in contrib/check_perms_grsecurity.py. Bug #411192.

    - Replies to commands sent to list-request now come From: list-owner
      instead of list-bounces.

    - Mailman no longer folds long sub-part headers in multipart messages.
      In addition, Mailman no longer escapes From_ lines in the body of
      messages sent to regular list members, although MTA's may do it anyway.
      This is to avoid breaking signatures per Bug #265967.

    - XSS protection in the web interface went too far in escaping HTML
      entities.  Fixed.

    - Removed or anonymized additional headers in posts to anonymous lists.

    - Fixed a bug that could cause incorrect threading of replies to archived
      messages that arrive with timestamps in the same second.

    - Scrubbed HTML attachments containing tab characters would get the tabs
      replaced by a string of '&nbsp' without a semicolon.  Fixed.

    - Caught a TypeError in content filtering, collapse alternatives that
      occurred with a malformed message if a multipart/alternative part
      wasn't multi-part.  Reported in comments to bug #266230.

    - Fixed a few things in bin/update:
      - Changed some old messages for more current meaning.
      - Fixed qfiles update to not lose metadata from 2.1.5+ format entries.
      - Fixed 2.0.x template migration to not die if the templates/ tree
        contains subdirectories from a version control system.

    - Fixed a bug that would show a list on the admin and listinfo overview
      pages if its web_page_url host contained the current host as a
      substring.  Bug #342162.

    - Fixed a bug in Utils.canonstr() that would throw a UnicodeDecodeError
      if the string contained an HTML entity > 255 and also characters in the
      128-255 range.  Bug #341594.

    - Added recognition for more bounces.

    - Updated contrib/mmdsr to report preserved messages and to use mktemp to
      create temp files.

Revision 1.60.4.2 / (download) - annotate - [select for diffs], Sat Sep 25 10:02:51 2010 UTC (9 years, 1 month ago) by tron
Branch: pkgsrc-2010Q2
Changes since 1.60.4.1: +2 -2 lines
Diff to previous 1.60.4.1 (colored) to branchpoint 1.60 (colored) next main 1.61 (colored)

Pullup ticket #3229 - requested by taca
mail/mailman: security patch

Revisions pulled up:
- mail/mailman/Makefile				1.62
- mail/mailman/distinfo				1.19
- mail/mailman/patches/patch-ak			1.1
- mail/mailman/patches/patch-al			1.1
---
Module Name:	pkgsrc
Committed By:	taca
Date:		Fri Sep 24 23:24:31 UTC 2010

Modified Files:
	pkgsrc/mail/mailman: Makefile distinfo
Added Files:
	pkgsrc/mail/mailman/patches: patch-ak patch-al

Log Message:
Add patches to fix XSS (CVE-2010-3089).

Bump PKGREVISION.

Revision 1.62 / (download) - annotate - [select for diffs], Fri Sep 24 23:24:30 2010 UTC (9 years, 1 month ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2011Q1-base, pkgsrc-2011Q1, pkgsrc-2010Q4-base, pkgsrc-2010Q4, pkgsrc-2010Q3-base, pkgsrc-2010Q3
Changes since 1.61: +2 -2 lines
Diff to previous 1.61 (colored)

Add patches to fix XSS (CVE-2010-3089).

Bump PKGREVISION.

Revision 1.60.4.1 / (download) - annotate - [select for diffs], Sun Jul 4 07:20:40 2010 UTC (9 years, 4 months ago) by agc
Branch: pkgsrc-2010Q2
Changes since 1.60: +15 -12 lines
Diff to previous 1.60 (colored)

Pullup previous changes on HEAD to pkgsrc-2010Q2 branch to fix branching
error, and to sync with reality.

Revision 1.61 / (download) - annotate - [select for diffs], Mon Jun 28 09:29:40 2010 UTC (9 years, 4 months ago) by joerg
Branch: MAIN
Changes since 1.60: +15 -12 lines
Diff to previous 1.60 (colored)

DESTDIR support

Revision 1.60 / (download) - annotate - [select for diffs], Wed Feb 10 19:17:40 2010 UTC (9 years, 9 months ago) by joerg
Branch: MAIN
CVS Tags: pkgsrc-2010Q2-base, pkgsrc-2010Q1-base, pkgsrc-2010Q1
Branch point for: pkgsrc-2010Q2
Changes since 1.59: +2 -1 lines
Diff to previous 1.59 (colored)

Bump revision for PYTHON_VERSION_DEFAULT change.

Revision 1.59 / (download) - annotate - [select for diffs], Wed Jul 8 13:55:59 2009 UTC (10 years, 4 months ago) by joerg
Branch: MAIN
CVS Tags: pkgsrc-2009Q4-base, pkgsrc-2009Q4, pkgsrc-2009Q3-base, pkgsrc-2009Q3
Changes since 1.58: +2 -4 lines
Diff to previous 1.58 (colored)

Provide PY_COMPILE_ALL and PY_COMPILE_O_ALL to compile all Python
sources in a directory (tree) in pversion.mk. Adjust the various places
that called it locally.

Revision 1.58 / (download) - annotate - [select for diffs], Wed Jun 3 06:55:07 2009 UTC (10 years, 5 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2009Q2-base, pkgsrc-2009Q2
Changes since 1.57: +8 -9 lines
Diff to previous 1.57 (colored)

Changes 2.1.12:
* Fix compatibility with Python 2.6.
* Fixed a bug in admin.py which would result in chunked pages of the
  membership list for members whose address begins with a non-alphanumeric
  character to not be visible or retrievable.
* Changed ListAdmin.py to make rejected post messages From: the -owner
  address instead of the -bounces address.
* With MTA = 'Postfix', if the STANZA END for a list being removed is
  missing or munged, the remainder of the aliases and/or virtual-mailman
  file is lost. Fixed.
* Since Mailman 2.1.1, 2.0.x outstanding subscription and held message
  requests have not been migrated properly. This is fixed.
* Changed cron/gate_news to continue processing the remaining lists on
  certain errors that can be caused by configuration of a particular list.
* Fixed a bug in AvoidDuplicates.py that caused it to fail if the address
  in the To: or Cc: header differed in case from the case-preserved member
  address.
* Fixed a problem in SecurityManager that caused it to not find the
  cookie when CheckCookie was not given a user and the user in the cookie
  had a %xx encoded character.
* Fixed a minor fromusenet reporting issue in the contributed mmdsr
  script.
* Fixed a minor issue in cron/gate_news that could cause a list's
  watermark to not be completely updated.
* Fixed an issue that prevented editing the options.html template from
  the web admin interface.
* Fixed a problem in Decorate which could throw a TypeError on conversion
  to unicode of a header/footer that was already unicode because of
  interpolating a unicode value.
* Fixed an issue where list creation would report bad owner email
  instead of bad listname when the list name had non-ascii characters.
* Updated Dutch, Catalan and Polish translations.

Revision 1.57 / (download) - annotate - [select for diffs], Mon Feb 9 22:56:25 2009 UTC (10 years, 9 months ago) by joerg
Branch: MAIN
CVS Tags: pkgsrc-2009Q1-base, pkgsrc-2009Q1
Changes since 1.56: +2 -1 lines
Diff to previous 1.56 (colored)

Switch to Python 2.5 as default. Bump revision of all packages that have
changed runtime dependencies now.

Revision 1.56 / (download) - annotate - [select for diffs], Tue Dec 30 01:39:25 2008 UTC (10 years, 10 months ago) by markd
Branch: MAIN
CVS Tags: pkgsrc-2008Q4-base, pkgsrc-2008Q4
Changes since 1.55: +4 -1 lines
Diff to previous 1.55 (colored)

Dont create egg-info files (rather than under some circumstances having them
and others not).

Revision 1.55 / (download) - annotate - [select for diffs], Fri Dec 19 21:10:39 2008 UTC (10 years, 10 months ago) by markd
Branch: MAIN
Changes since 1.54: +2 -3 lines
Diff to previous 1.54 (colored)

Update mailman to 2.1.11

  New Features

    - Added a new cron/cull_bad_shunt script to cull and optionally
      archive old entries from the bad and shunt queues. This is controlled
      by new Defaults.py/mm_cfg.py settings BAD_SHUNT_STALE_AFTER (default
      7 days) and BAD_SHUNT_ARCHIVE_DIRECTORY (default None) which determine
      how long to keep bad and shunt queue entries and optionally, where to
      archive removed entries.

    - Prepended list name to bounce log unrecognized bounce messages.

    - Added a new Defaults.py|mm_cfg.py setting ACCEPTABLE_LISTNAME_CHARACTERS
      with default value '[-+_.=a-z0-9]'.  This Python regular expression
      character class specifies the characters allowed in list names.  The
      motivation for this is the fact that previously, a list named, e.g.,
      xxx&yyy could be created and MTA aliases generated that would cause
      The MTA to execute yyy as a command.  There is a possible security issue
      here, but it is not believed to be exploitable in any meaningful way.

  Bug fixes and other patches

    - Changed the preservation of unparseable messages to be conditional on
      the Defaults.py/mm_cfg.py setting of QRUNNER_SAVE_BAD_MESSAGES and
      changed the queue directory in which messages are preserved from 'shunt'
      to 'bad'.

    - Fixed a bug introduced in 2.1.10 that caused some email subscribe
      requests to be shunted (1966837).

    - Fixed a problem with bin/update erroneously moving templates from
      templates/xx to lists/xx if a list has the same name as a language
      code.  Also fixed the absolute path to lists/ (1418670 ).

    - Changed Utils.ValidateEmail to not allow specials (particularly ':')
      in unquoted local parts (1956393).

    - Changed bin/update to remove .bak files erroneously left behind in
      qfiles/*/ by a 2.1.9 bug.

    - Added 's' to %(listname) in templates/ia/admlogin.html and
      templates/sl/help.txt (1682990).

    - Use newer template variable for site-owner address in
      templates/ko/newlist.txt and templates/ru/newlist.txt (1578766).

    - Corrections to Spanish translation submitted by Wikimedia Foundation
      (1433262) and Debian.

    - Corrections to German translation submitted by Ralf Doeblitz (916196).

    - Correction to French translation submitted by Maxime Carron (1588617).

    - Correction to Portuguese translation submitted by Gabriel P. Silva
      (1733057).

    - Add #! line to fblast.py test script (1578740).

    - Fixed unescaped '%' in templates/nl/newlist.txt (1719017).

    - Changed non-ascii characters in some templates/*/*.html files to HTML
      entities.

    - Fixed a problem in Decorate.py that could result in a multipart
      message with no part headers for the original body part (1991348).

    - Improved recognition of some bounce messages.

    - Rearranged calls to the list setBounceInfo() method in Bouncer.py
      to accommodate MemberAdaptors that store bounce info outside the
      list instance.

    - Fixed CookHeaders.py which in some cases with new style prefixing
      would insert an extra space between the prefix and the subject.

    - Changed OldStyleMemberships.py to remove the member from one_last_digest
      when changing from regular to digest delivery to avoid the possibility
      of a duplicate digest in some circumstances.

    - Patched Danish message catalog for proper use of HTML entities per
      Jonas Smedegaard (1999966).

    - Improved bounce loop detection and handling in BounceRunner.py.

    - Merged the Catalan i18n from the Mailman Catalan Translation Team.

    - German translation updated by Peer Heinlein.

    - Added check for gateway_to_news before holding for ModeratedNewsgroup.

    - At some point, cron/senddigests and bin/update were inadvertently
      'preconfigured'. This has been fixed.

    - Brazilian Portuguese translation updated by Diego Francisco
      de Gastal Morales.

    - Added 'listname' to the replacements for the archidxfoot.html template.

  Miscellaneous

    - Brad Knowles' mailman daily status report script updated to 0.0.18.

Revision 1.54 / (download) - annotate - [select for diffs], Sun Sep 21 18:30:00 2008 UTC (11 years, 1 month ago) by martti
Branch: MAIN
CVS Tags: pkgsrc-2008Q3-base, pkgsrc-2008Q3
Changes since 1.53: +2 -2 lines
Diff to previous 1.53 (colored)

Start mailman with -s to get rid of the stale lock file (pkg/39355).

PKGREVISION++

Revision 1.53 / (download) - annotate - [select for diffs], Tue Aug 5 13:22:21 2008 UTC (11 years, 3 months ago) by joerg
Branch: MAIN
CVS Tags: cube-native-xorg-base, cube-native-xorg
Changes since 1.52: +4 -1 lines
Diff to previous 1.52 (colored)

Fix path to wrong interpreter. Bump revision. From PR 39290.

Revision 1.52 / (download) - annotate - [select for diffs], Sun Jun 29 07:47:03 2008 UTC (11 years, 4 months ago) by kim
Branch: MAIN
CVS Tags: pkgsrc-2008Q2-base, pkgsrc-2008Q2, cwrapper
Changes since 1.51: +3 -7 lines
Diff to previous 1.51 (colored)

Update mailman to 2.1.10 as a security fix for CVE-2008-0564
http://secunia.com/advisories/28794/

Includes many bug fixes, see share/doc/mailman/NEWS for details.

Revision 1.51 / (download) - annotate - [select for diffs], Thu May 29 19:17:34 2008 UTC (11 years, 5 months ago) by joerg
Branch: MAIN
Changes since 1.50: +4 -1 lines
Diff to previous 1.50 (colored)

Disable the permission check, mailman is very bitching otherwise.

Revision 1.50 / (download) - annotate - [select for diffs], Fri Apr 25 20:39:10 2008 UTC (11 years, 6 months ago) by joerg
Branch: MAIN
Changes since 1.49: +1 -2 lines
Diff to previous 1.49 (colored)

Update PYTHON_VERSIONS_COMPATIBLE
- assume that Python 2.4 and 2.5 are compatible and allow checking for
fallout.
- remove PYTHON_VERSIONS_COMPATIBLE that are obsoleted by the 2.3+
default. Modify the others to deal with the removals.

Revision 1.49 / (download) - annotate - [select for diffs], Wed Apr 16 12:15:28 2008 UTC (11 years, 7 months ago) by abs
Branch: MAIN
Changes since 1.48: +2 -2 lines
Diff to previous 1.48 (colored)

PYTHON_VERSIONS_ACCEPTED+=25

Revision 1.48 / (download) - annotate - [select for diffs], Wed Jul 4 20:54:44 2007 UTC (12 years, 4 months ago) by jlam
Branch: MAIN
CVS Tags: pkgsrc-2008Q1-base, pkgsrc-2008Q1, pkgsrc-2007Q4-base, pkgsrc-2007Q4, pkgsrc-2007Q3-base, pkgsrc-2007Q3
Changes since 1.47: +4 -5 lines
Diff to previous 1.47 (colored)

Make it easier to build and install packages "unprivileged", where
the owner of all installed files is a non-root user.  This change
affects most packages that require special users or groups by making
them use the specified unprivileged user and group instead.

(1) Add two new variables PKG_GROUPS_VARS and PKG_USERS_VARS to
    unprivileged.mk.  These two variables are lists of other bmake
    variables that define package-specific users and groups.  Packages
    that have user-settable variables for users and groups, e.g. apache
    and APACHE_{USER,GROUP}, courier-mta and COURIER_{USER,GROUP},
    etc., should list these variables in PKG_USERS_VARS and PKG_GROUPS_VARS
    so that unprivileged.mk can know to set them to ${UNPRIVILEGED_USER}
    and ${UNPRIVILEGED_GROUP}.

(2) Modify packages to use PKG_GROUPS_VARS and PKG_USERS_VARS.

Revision 1.47 / (download) - annotate - [select for diffs], Wed Mar 28 20:55:58 2007 UTC (12 years, 7 months ago) by bouyer
Branch: MAIN
CVS Tags: pkgsrc-2007Q2-base, pkgsrc-2007Q2, pkgsrc-2007Q1-base, pkgsrc-2007Q1
Changes since 1.46: +2 -2 lines
Diff to previous 1.46 (colored)

Release maintenership; I will hopefully not have to use this software any more.

Revision 1.46 / (download) - annotate - [select for diffs], Mon Sep 25 18:56:44 2006 UTC (13 years, 1 month ago) by bouyer
Branch: MAIN
CVS Tags: pkgsrc-2006Q4-base, pkgsrc-2006Q4, pkgsrc-2006Q3-base, pkgsrc-2006Q3
Changes since 1.45: +2 -2 lines
Diff to previous 1.45 (colored)

Update to 2.1.9, from Martin Wilke in pkg/34567
Chnages since 2.1.9rc1:
    - Fixed an unexploitable format string vulnerability.  Discovery and fix
      by Karl Chen.  Analysis of non-exploitability by Martin 'Joey' Schulze.
      Also thanks go to Lionel Elie Mamane.  CVE-2006-2191.

Also running a diff -r shows that there has been small updates to various
translations.

Revision 1.44.2.1 / (download) - annotate - [select for diffs], Mon Sep 11 09:26:08 2006 UTC (13 years, 2 months ago) by ghen
Branch: pkgsrc-2006Q2
Changes since 1.44: +3 -3 lines
Diff to previous 1.44 (colored) next main 1.45 (colored)

Pullup ticket 1819 - requested by bouyer
security update for mailman

Revisions pulled up:
- pkgsrc/mail/mailman/Makefile				1.45
- pkgsrc/mail/mailman/PLIST				1.12
- pkgsrc/mail/mailman/distinfo				1.13

   Module Name:	pkgsrc
   Committed By:	bouyer
   Date:		Sat Sep  9 23:20:11 UTC 2006

   Modified Files:
	pkgsrc/mail/mailman: Makefile PLIST distinfo

   Log Message:
   Update to 2.1.9rc1, fixes security issues.

     Security

       - A malicious user could visit a specially crafted URI and inject an
         apparent log message into Mailman's error log which might induce an
         unsuspecting administrator to visit a phishing site.  This has been
         blocked.  Thanks to Moritz Naumann for its discovery.

       - Fixed denial of service attack which can be caused by some
         standards-breaking RFC 2231 formatted headers.  CVE-2006-2941.

       - Several cross-site scripting issues have been fixed.  Thanks to Moritz
         Naumann for their discovery.  CVE-2006-3636

     Internationalization

       - New languages: Arabic, Vietnamese.

     Bug fixes and other patches

       - Fixed Decorate.py so that characters in message header/footer which
         are not in the character set of the list's language are ignored rather
         than causing shunted messages (1507248).

       - Switchboard.py - Closed very tiny holes at the upper ends of queue
         slices that could result in unprocessable queue entries.  Improved FIFO
         processing when two queue entries have the same timestamp.

Revision 1.45 / (download) - annotate - [select for diffs], Sat Sep 9 23:20:11 2006 UTC (13 years, 2 months ago) by bouyer
Branch: MAIN
Changes since 1.44: +3 -3 lines
Diff to previous 1.44 (colored)

Update to 2.1.9rc1, fixes security issues.

  Security

    - A malicious user could visit a specially crafted URI and inject an
      apparent log message into Mailman's error log which might induce an
      unsuspecting administrator to visit a phishing site.  This has been
      blocked.  Thanks to Moritz Naumann for its discovery.

    - Fixed denial of service attack which can be caused by some
      standards-breaking RFC 2231 formatted headers.  CVE-2006-2941.

    - Several cross-site scripting issues have been fixed.  Thanks to Moritz
      Naumann for their discovery.  CVE-2006-3636

  Internationalization

    - New languages: Arabic, Vietnamese.

  Bug fixes and other patches

    - Fixed Decorate.py so that characters in message header/footer which
      are not in the character set of the list's language are ignored rather
      than causing shunted messages (1507248).

    - Switchboard.py - Closed very tiny holes at the upper ends of queue
      slices that could result in unprocessable queue entries.  Improved FIFO
      processing when two queue entries have the same timestamp.

Revision 1.44 / (download) - annotate - [select for diffs], Thu Jun 15 22:13:59 2006 UTC (13 years, 5 months ago) by jlam
Branch: MAIN
CVS Tags: pkgsrc-2006Q2-base
Branch point for: pkgsrc-2006Q2
Changes since 1.43: +3 -3 lines
Diff to previous 1.43 (colored)

Pluralize INSTALL_TEMPLATE and DEINSTALL_TEMPLATE variable names as per
the pkglint warning:

    As {INSTALL,DEINSTALL}_TEMPLATE is modified using "+=", its name
    should indicate plural.

This does make the variables a bit more suggestive of the fact that they
hold lists of values.

Revision 1.43 / (download) - annotate - [select for diffs], Wed Jun 14 14:31:35 2006 UTC (13 years, 5 months ago) by tv
Branch: MAIN
Changes since 1.42: +2 -3 lines
Diff to previous 1.42 (colored)

Update to 2.1.8 release.  Changes from 2.1.8rc1:
    - Brad Knowles' mailman daily status report script updated to 0.0.16.

Revision 1.42 / (download) - annotate - [select for diffs], Thu Jun 1 15:21:29 2006 UTC (13 years, 5 months ago) by tv
Branch: MAIN
Changes since 1.41: +2 -2 lines
Diff to previous 1.41 (colored)

Reapply the fix from rev 1.40; it was clobbered in previous.

Revision 1.41 / (download) - annotate - [select for diffs], Wed May 31 21:53:49 2006 UTC (13 years, 5 months ago) by hubertf
Branch: MAIN
Changes since 1.40: +2 -2 lines
Diff to previous 1.40 (colored)

Document postfix' group

Revision 1.40 / (download) - annotate - [select for diffs], Wed May 24 17:38:53 2006 UTC (13 years, 5 months ago) by tv
Branch: MAIN
Changes since 1.39: +2 -2 lines
Diff to previous 1.39 (colored)

Fix error comment line - # must be in the first column or preceded by
non-tabs; else make(1) interprets it as a command line.

Fixes the following message on NetBSD 2.1:
make: "/export/SRC/netbsd/pkgsrc/mail/mailman/Makefile" line 31: Unassociated shell command "# use 'postfix' for postfix"

Revision 1.39 / (download) - annotate - [select for diffs], Tue May 23 23:30:00 2006 UTC (13 years, 5 months ago) by hubertf
Branch: MAIN
Changes since 1.38: +3 -2 lines
Diff to previous 1.38 (colored)

Fix MAILMAN_MAILGROUP to work with our default mailer (sendmail),
and add a commend what to change for postfix.

Before, this used group 'guest', which didn't work with any mailer,
so that's not perfect, but a step in the right direction.

Revision 1.38 / (download) - annotate - [select for diffs], Wed May 10 13:18:21 2006 UTC (13 years, 6 months ago) by joerg
Branch: MAIN
Changes since 1.37: +5 -1 lines
Diff to previous 1.37 (colored)

compile the scripts in lib/mailman/{bin,cron,scripts} for consistency,
e.g. bin/paths.py wasn't always compiled before. Bump revision.

Revision 1.37 / (download) - annotate - [select for diffs], Sun Apr 23 00:12:38 2006 UTC (13 years, 6 months ago) by jlam
Branch: MAIN
Changes since 1.36: +5 -2 lines
Diff to previous 1.36 (colored)

Modify packages that set PKG_USERS and PKG_GROUPS to follow the new
syntax as specified in pkgsrc/mk/install/bsd.pkginstall.mk:1.47.

Revision 1.36 / (download) - annotate - [select for diffs], Thu Apr 13 18:27:24 2006 UTC (13 years, 7 months ago) by jlam
Branch: MAIN
Changes since 1.35: +1 -3 lines
Diff to previous 1.35 (colored)

BROKEN_GETTEXT_DETECTION already defaults to "no".

Revision 1.32.2.1 / (download) - annotate - [select for diffs], Thu Apr 13 16:31:39 2006 UTC (13 years, 7 months ago) by salo
Branch: pkgsrc-2006Q1
Changes since 1.32: +6 -4 lines
Diff to previous 1.32 (colored) next main 1.33 (colored)

Pullup ticket 1368 - requested by bouyer
security update for mailman

Revisions pulled up:
- pkgsrc/mail/mailman/MESSAGE			1.4
- pkgsrc/mail/mailman/Makefile			1.33
- pkgsrc/mail/mailman/PLIST			1.10
- pkgsrc/mail/mailman/distinfo			1.11
- pkgsrc/mail/mailman/patches/patch-ai		removed
- pkgsrc/mail/mailman/patches/patch-aj		removed

   Module Name:		pkgsrc
   Committed By:	bouyer
   Date:		Mon Apr 10 20:33:12 UTC 2006

   Modified Files:
   	pkgsrc/mail/mailman: MESSAGE Makefile PLIST distinfo
   Removed Files:
   	pkgsrc/mail/mailman/patches: patch-ai patch-aj

   Log Message:
   Upgrade mailman to 2.1.8rc1, fix a cross-site scripting issue.

   pkgsrc changes:
   - install the admin/www/mailman-*.{pdf,ps,txt} documentation file, and
     change MESSAGES to point to mailman-install.txt
   changes between 2.1.7 and 2.1.8rc1:
   - A cross-site scripting hole in the private archive script of 2.1.7
     has been closed.  Thanks to Moritz Naumann for its discovery.
   - Bouncers support added: 'unknown user', Microsoft SMTPSVC, Prodigy.net
     and several others.
   - Updated email library to 2.5.7 which will encode payload into qp/base64
     upon setting.  This enabled backing out the scrubber related patches
     including 'X-Mailman-Scrubbed' header in 2.1.7.
   - Fix SpamDetect.py potential hold/reject loop problem.
   - A warning message from email package to the stderr can cause error
     in Logging because stderr may be detached from the process during
     the qrunner run.  We chose not to output errors to stderr but to
     the logs/error if the process is running under mailmanctl subprocess.
   - DKIM header cleansing was separated from Cleanse.py and added to
     -owner messages too.
   - Fixes: Lose Topics when go directly to topics URL (1194419).
     UnicodeError running bin/arch (1395683).  edithtml.py missing import
     (1400128).  Bad escape in cleanarch.  Wrong timezone in list archive
     index pages (1433673).  bin/arch fails with TypeError (1430236).
     Subscription fails with some Language combinations (1435722).
     Postfix delayed notification not recognized (863989).  2.1.7 (VERP)
     mistakes delay notice for bounce (1421285).  show_qfiles: 'str'
     object has no attribute 'as_string' (1444447).  Utils.get_domain()
     wrong if VIRTUAL_HOST_OVERVIEW off (1275856).

Revision 1.35 / (download) - annotate - [select for diffs], Wed Apr 12 22:20:02 2006 UTC (13 years, 7 months ago) by joerg
Branch: MAIN
Changes since 1.34: +2 -2 lines
Diff to previous 1.34 (colored)

One conversion to much, partly revert the last change.

Revision 1.34 / (download) - annotate - [select for diffs], Wed Apr 12 22:16:06 2006 UTC (13 years, 7 months ago) by joerg
Branch: MAIN
Changes since 1.33: +3 -3 lines
Diff to previous 1.33 (colored)

Use REQD_DIRS for the files under ${PREFIX}.

Revision 1.33 / (download) - annotate - [select for diffs], Mon Apr 10 20:33:12 2006 UTC (13 years, 7 months ago) by bouyer
Branch: MAIN
Changes since 1.32: +6 -4 lines
Diff to previous 1.32 (colored)

Upgrade mailman to 2.1.8rc1, fix a cross-site scripting issue.

pkgsrc changes:
- install the admin/www/mailman-*.{pdf,ps,txt} documentation file, and
  change MESSAGES to point to mailman-install.txt
changes between 2.1.7 and 2.1.8rc1:
- A cross-site scripting hole in the private archive script of 2.1.7
  has been closed.  Thanks to Moritz Naumann for its discovery.
- Bouncers support added: 'unknown user', Microsoft SMTPSVC, Prodigy.net
  and several others.
- Updated email library to 2.5.7 which will encode payload into qp/base64
  upon setting.  This enabled backing out the scrubber related patches
  including 'X-Mailman-Scrubbed' header in 2.1.7.
- Fix SpamDetect.py potential hold/reject loop problem.
- A warning message from email package to the stderr can cause error
  in Logging because stderr may be detached from the process during
  the qrunner run.  We chose not to output errors to stderr but to
  the logs/error if the process is running under mailmanctl subprocess.
- DKIM header cleansing was separated from Cleanse.py and added to
  -owner messages too.
- Fixes: Lose Topics when go directly to topics URL (1194419).
  UnicodeError running bin/arch (1395683).  edithtml.py missing import
  (1400128).  Bad escape in cleanarch.  Wrong timezone in list archive
  index pages (1433673).  bin/arch fails with TypeError (1430236).
  Subscription fails with some Language combinations (1435722).
  Postfix delayed notification not recognized (863989).  2.1.7 (VERP)
  mistakes delay notice for bounce (1421285).  show_qfiles: 'str'
  object has no attribute 'as_string' (1444447).  Utils.get_domain()
  wrong if VIRTUAL_HOST_OVERVIEW off (1275856).

Revision 1.32 / (download) - annotate - [select for diffs], Tue Mar 14 01:14:30 2006 UTC (13 years, 8 months ago) by jlam
Branch: MAIN
CVS Tags: pkgsrc-2006Q1-base
Branch point for: pkgsrc-2006Q1
Changes since 1.31: +3 -3 lines
Diff to previous 1.31 (colored)

Modify the pkginstall framework so that it manages all aspects of
INSTALL/DEINSTALL script creation within pkgsrc.

If an INSTALL or DEINSTALL script is found in the package directory,
it is automatically used as a template for the pkginstall-generated
scripts.  If instead, they should be used simply as the full scripts,
then the package Makefile should set INSTALL_SRC or DEINSTALL_SRC
explicitly, e.g.:

	INSTALL_SRC=	${PKGDIR}/INSTALL
	DEINSTALL_SRC=	# emtpy

As part of the restructuring of the pkginstall framework internals,
we now *always* generate temporary INSTALL or DEINSTALL scripts.  By
comparing these temporary scripts with minimal INSTALL/DEINSTALL
scripts formed from only the base templates, we determine whether or
not the INSTALL/DEINSTALL scripts are actually needed by the package
(see the generate-install-scripts target in bsd.pkginstall.mk).

In addition, more variables in the framework have been made private.
The *_EXTRA_TMPL variables have been renamed to *_TEMPLATE, which are
more sensible names given the very few exported variables in this
framework.  The only public variables relating to the templates are:

	INSTALL_SRC		INSTALL_TEMPLATE
	DEINSTALL_SRC		DEINSTALL_TEMPLATE
				HEADER_TEMPLATE

The packages in pkgsrc have been modified to reflect the changes in
the pkginstall framework.

Revision 1.31 / (download) - annotate - [select for diffs], Sun Feb 5 23:09:56 2006 UTC (13 years, 9 months ago) by joerg
Branch: MAIN
Changes since 1.30: +2 -2 lines
Diff to previous 1.30 (colored)

Recursive revision bump / recommended bump for gettext ABI change.

Revision 1.27.2.1 / (download) - annotate - [select for diffs], Sun Jan 22 17:17:53 2006 UTC (13 years, 9 months ago) by salo
Branch: pkgsrc-2005Q4
Changes since 1.27: +3 -4 lines
Diff to previous 1.27 (colored) next main 1.28 (colored)

Pullup ticket 1045 - requested by Manuel Bouyer
security update for mailman

Revisions pulled up:
- pkgsrc/mail/mailman/Makefile			1.30
- pkgsrc/mail/mailman/PLIST			1.9
- pkgsrc/mail/mailman/distinfo			1.10
- pkgsrc/mail/mailman/patches/patch-ac		removed
- pkgsrc/mail/mailman/patches/patch-ai		1.3
- pkgsrc/mail/mailman/patches/patch-aj		1.1

   Module Name:		pkgsrc
   Committed By:	bouyer
   Date:		Sat Jan 21 16:14:24 UTC 2006

   Modified Files:
   	pkgsrc/mail/mailman: Makefile PLIST distinfo
   Added Files:
   	pkgsrc/mail/mailman/patches: patch-ai patch-aj
   Removed Files:
   	pkgsrc/mail/mailman/patches: patch-ac

   Log Message:
   Upgrade to 2.1.7nb1.
   Local change (which is why we have PKGREVISION=1)
   Fix http://secunia.com/advisories/18449/ (CVE-2005-4153) based on debian
   patches.

   Changes between 2.1.6 and 2.1.7:
     Security

       - The fix for CAN-2005-0202 has been enhanced to issue an appropriate
         message instead of just quietly dropping ./ and ../ from URLs.

       - A note on CVE-2005-3573: Although the RFC2231 bug example in the CVE has
         been solved in Mailman 2.1.6, there may be more cases where
         ToDigest.send_digests() can block regular delivery.  We put the
         send_digests() calling part in a try/except clause and leave a message
         in the error log if something happened in send_digests().  Daily call of
         cron/senddigests will provide more detail to the site administrator.

       - List administrators can no longer change the user's option/subscription
         globally.  Site admin can change these only if
         mm_cfg.ALLOW_SITE_ADMIN_COOKIES is set to Yes.

       - <script> tags are HTML-escaped in the edithtml CGI script.

       - Since the probe message for disabled users may reach unintended
         recipients, the password is excluded from sendProbe() and probe.txt.
         Note that the default value of VERP_PROBE has been set to `No' from
         2.1.6., thus this change doesn't affect the default behavior.
     New Features

       - Always remove DomainKey (and similar) headers from messages sent to the
         list. (1287546)

       - List owners can control the content filter behavior when collapsing
         multipart/alternative parts to its first subpart.  This allows the
         option of letting the HTML part pass through after other content
         filtering is done.

     Internationalization

       - New language: Interlingua.

     Bug fixes and other patches

       - Defaults.py.in: SCRUBBER_DONT_USE_ATTACHMENT_FILENAME is set to True for
         safer operation.

       - Fixed the bug where Scrubber.py munges quoted-printable by introducing
         the 'X-Mailman-Scrubbed' header which marks that the payload is
         scrubber-munged.  The flag is referenced in ToDigest.py, ToArchive.py,
         Decorate.py and Archiver.  A similar problem in ToDigest.py where the
         plain digest is generated is also fixed.

       - Fixed Syslog.py to write quopri encoded messages when it fail to write
         8-bit characters.

       - Fixed MTA/Postfix.py to check aliases group permission in check_perms
         and fixed mailman-install document on this matter (1378270).

       - Fixed private.py to go to the original URL after authorization
         (1080943).

       - Fixed bounce log score messages to be more consistent.

       - Fixed bin/remove_members to accept no arguments when both --fromall and
         --file= options are specified.

       - Changed cgi-bin and mail wrapper "group not found" error message to be
         more descriptive of the actual problem.
       - The list's ban_list now applies to address changes, admin mass
         subscribes and invites, and to confirmations/approvals of address
         changes, subscriptions and invitations.

       - quoted-printable and base64 encoded parts are decoded before passing to
         HTML_TO_PLAIN_TEXT_COMMAND (1367783).

       - Approve: header is removed from posts, and treated the same as the
         Approved: header. (1355707)

       - Fixed the removal of the line following Approve[d]: line in body of
         post.  (1318883)

       - The Approve[d]: <password> header is removed from all text/* parts in
         addition the initial text/plain part.  It must still be the first
         non-blank line in the first text/plain part or it won't be found or
         removed at all. (1181161)

       - Posts are now logged in post log file with the true sender, not
         listname-bounces. (1287921)
       - Correctly initialize and remember the list's default_member_moderation
         attribute in the web list creation page. (1263213)

       - PEP263 charset is added to the config_list output. (1343100)

       - Fixed header_filter_rules getting lost if accessed directly and
         authentication was needed by login page. (1230865)

       - Obscure email when the poster doesn't set full name in 'From:' header.

       - Preambles and epilogues are taken into account when calculating message
         sizes for holding purposes. (Mark Sapiro)

       - Logging/Logger.py unicode transform option. (1235567)

       - bin/update crashes with bogus files. (949117)

       - Bugs and patches: 1212066/1301983 (Date header in create/remove notice)

Revision 1.30 / (download) - annotate - [select for diffs], Sat Jan 21 16:14:24 2006 UTC (13 years, 9 months ago) by bouyer
Branch: MAIN
Changes since 1.29: +3 -4 lines
Diff to previous 1.29 (colored)

Upgrade to 2.1.7nb1.
Local change (which is why we have PKGREVISION=1)
Fix http://secunia.com/advisories/18449/ (CVE-2005-4153) based on debian
patches.

Changes between 2.1.6 and 2.1.7:
  Security

    - The fix for CAN-2005-0202 has been enhanced to issue an appropriate
      message instead of just quietly dropping ./ and ../ from URLs.

    - A note on CVE-2005-3573: Although the RFC2231 bug example in the CVE has
      been solved in Mailman 2.1.6, there may be more cases where
      ToDigest.send_digests() can block regular delivery.  We put the
      send_digests() calling part in a try/except clause and leave a message
      in the error log if something happened in send_digests().  Daily call of
      cron/senddigests will provide more detail to the site administrator.

    - List administrators can no longer change the user's option/subscription
      globally.  Site admin can change these only if
      mm_cfg.ALLOW_SITE_ADMIN_COOKIES is set to Yes.

    - <script> tags are HTML-escaped in the edithtml CGI script.

    - Since the probe message for disabled users may reach unintended
      recipients, the password is excluded from sendProbe() and probe.txt.
      Note that the default value of VERP_PROBE has been set to `No' from
      2.1.6., thus this change doesn't affect the default behavior.
  New Features

    - Always remove DomainKey (and similar) headers from messages sent to the
      list. (1287546)

    - List owners can control the content filter behavior when collapsing
      multipart/alternative parts to its first subpart.  This allows the
      option of letting the HTML part pass through after other content
      filtering is done.

  Internationalization

    - New language: Interlingua.

  Bug fixes and other patches

    - Defaults.py.in: SCRUBBER_DONT_USE_ATTACHMENT_FILENAME is set to True for
      safer operation.

    - Fixed the bug where Scrubber.py munges quoted-printable by introducing
      the 'X-Mailman-Scrubbed' header which marks that the payload is
      scrubber-munged.  The flag is referenced in ToDigest.py, ToArchive.py,
      Decorate.py and Archiver.  A similar problem in ToDigest.py where the
      plain digest is generated is also fixed.

    - Fixed Syslog.py to write quopri encoded messages when it fail to write
      8-bit characters.

    - Fixed MTA/Postfix.py to check aliases group permission in check_perms
      and fixed mailman-install document on this matter (1378270).

    - Fixed private.py to go to the original URL after authorization
      (1080943).

    - Fixed bounce log score messages to be more consistent.

    - Fixed bin/remove_members to accept no arguments when both --fromall and
      --file= options are specified.

    - Changed cgi-bin and mail wrapper "group not found" error message to be
      more descriptive of the actual problem.
    - The list's ban_list now applies to address changes, admin mass
      subscribes and invites, and to confirmations/approvals of address
      changes, subscriptions and invitations.

    - quoted-printable and base64 encoded parts are decoded before passing to
      HTML_TO_PLAIN_TEXT_COMMAND (1367783).

    - Approve: header is removed from posts, and treated the same as the
      Approved: header. (1355707)

    - Fixed the removal of the line following Approve[d]: line in body of
      post.  (1318883)

    - The Approve[d]: <password> header is removed from all text/* parts in
      addition the initial text/plain part.  It must still be the first
      non-blank line in the first text/plain part or it won't be found or
      removed at all. (1181161)

    - Posts are now logged in post log file with the true sender, not
      listname-bounces. (1287921)
    - Correctly initialize and remember the list's default_member_moderation
      attribute in the web list creation page. (1263213)

    - PEP263 charset is added to the config_list output. (1343100)

    - Fixed header_filter_rules getting lost if accessed directly and
      authentication was needed by login page. (1230865)

    - Obscure email when the poster doesn't set full name in 'From:' header.

    - Preambles and epilogues are taken into account when calculating message
      sizes for holding purposes. (Mark Sapiro)

    - Logging/Logger.py unicode transform option. (1235567)

    - bin/update crashes with bogus files. (949117)

    - Bugs and patches: 1212066/1301983 (Date header in create/remove notice)

Revision 1.29 / (download) - annotate - [select for diffs], Fri Jan 20 23:33:24 2006 UTC (13 years, 9 months ago) by joerg
Branch: MAIN
Changes since 1.28: +10 -7 lines
Diff to previous 1.28 (colored)

Replace FILES_SUBST usage with SUBST framework.

Revision 1.28 / (download) - annotate - [select for diffs], Thu Dec 29 06:21:50 2005 UTC (13 years, 10 months ago) by jlam
Branch: MAIN
Changes since 1.27: +1 -2 lines
Diff to previous 1.27 (colored)

Remove USE_PKGINSTALL from pkgsrc now that mk/install/pkginstall.mk
automatically detects whether we want the pkginstall machinery to be
used by the package Makefile.

Revision 1.23.2.1 / (download) - annotate - [select for diffs], Thu Dec 8 22:44:48 2005 UTC (13 years, 11 months ago) by salo
Branch: pkgsrc-2005Q3
Changes since 1.23: +2 -2 lines
Diff to previous 1.23 (colored) next main 1.24 (colored)

Pullup ticket 947 - requested by Manuel Bouyer
security fix for mailman

Revisions pulled up:
- pkgsrc/mail/mailman/Makefile			1.27
- pkgsrc/mail/mailman/distinfo			1.9
- pkgsrc/mail/mailman/patches/patch-ac		1.5

   Module Name:		pkgsrc
   Committed By:	bouyer
   Date:		Thu Dec  8 21:09:04 UTC 2005

   Modified Files:
   	pkgsrc/mail/mailman: Makefile distinfo
   Added Files:
   	pkgsrc/mail/mailman/patches: patch-ac

   Log Message:
   Apply patch (from debian via Kimmo Suominen) to address
   http://secunia.com/advisories/17511/ (denial of service).

Revision 1.27 / (download) - annotate - [select for diffs], Thu Dec 8 21:09:04 2005 UTC (13 years, 11 months ago) by bouyer
Branch: MAIN
CVS Tags: pkgsrc-2005Q4-base
Branch point for: pkgsrc-2005Q4
Changes since 1.26: +2 -1 lines
Diff to previous 1.26 (colored)

Apply patch (from debian via Kimmo Suominen) to address
http://secunia.com/advisories/17511/ (denial of service).

Revision 1.26 / (download) - annotate - [select for diffs], Mon Dec 5 23:55:11 2005 UTC (13 years, 11 months ago) by rillig
Branch: MAIN
Changes since 1.25: +8 -8 lines
Diff to previous 1.25 (colored)

Ran "pkglint --autofix", which corrected some of the quoting issues in
CONFIGURE_ARGS.

Revision 1.25 / (download) - annotate - [select for diffs], Mon Dec 5 20:50:33 2005 UTC (13 years, 11 months ago) by rillig
Branch: MAIN
Changes since 1.24: +7 -8 lines
Diff to previous 1.24 (colored)

Fixed pkglint warnings. The warnings are mostly quoting issues, for
example MAKE_ENV+=FOO=${BAR} is changed to MAKE_ENV+=FOO=${BAR:Q}. Some
other changes are outlined in

    http://mail-index.netbsd.org/tech-pkg/2005/12/02/0034.html

Revision 1.24 / (download) - annotate - [select for diffs], Sat Dec 3 23:00:06 2005 UTC (13 years, 11 months ago) by joerg
Branch: MAIN
Changes since 1.23: +3 -1 lines
Diff to previous 1.23 (colored)

Disable BROKEN_GETTEXT_DETECTION, it confuses configure on DrgaonFly.

Revision 1.23 / (download) - annotate - [select for diffs], Tue Aug 23 11:48:48 2005 UTC (14 years, 2 months ago) by rillig
Branch: MAIN
CVS Tags: pkgsrc-2005Q3-base
Branch point for: pkgsrc-2005Q3
Changes since 1.22: +2 -2 lines
Diff to previous 1.22 (colored)

The real user name in PKG_USERS does not need to be escaped with double
backslashes anymore. A single backslash is enough. Changed the
definition in all affected packages. For those that are not caught, an
additional check is placed into bsd.pkginstall.mk.

Revision 1.21.2.1 / (download) - annotate - [select for diffs], Thu Jun 2 11:12:08 2005 UTC (14 years, 5 months ago) by salo
Branch: pkgsrc-2005Q1
Changes since 1.21: +3 -3 lines
Diff to previous 1.21 (colored) next main 1.22 (colored)

Pullup ticket 536 - requested by Manuel Bouyer
security update for mailman

Revisions pulled up:
- pkgsrc/mail/mailman/Makefile		1.22
- pkgsrc/mail/mailman/PLIST		1.8
- pkgsrc/mail/mailman/distinfo		1.8
- pkgsrc/mail/mailman/patches/patch-ac	removed
- pkgsrc/mail/mailman/patches/patch-ai	removed

   Module Name:	pkgsrc
   Committed By:	bouyer
   Date:		Wed Jun  1 23:25:07 UTC 2005

   Modified Files:
   	pkgsrc/mail/mailman: Makefile PLIST distinfo
   Removed Files:
   	pkgsrc/mail/mailman/patches: patch-ac patch-ai

   Log Message:
   Update to 2.1.6. Changes (note: the fix for CAN-2005-0202 was already in
   pkgsrc as patches/patch-ai):

     Security

       - Added the ability for Mailman generated passwords (both member
         and list admin) to be more cryptographically secure.  See new
         configuration variables USER_FRIENDLY_PASSWORDS,
         MEMBER_PASSWORD_LENGTH, and ADMIN_PASSWORD_LENGTH.  Also added
         a new bin/withlist script called reset_pw.py which can be used
         to reset all member passwords.  Passwords generated by Mailman
         are now 8 characters by default for members, and 10 characters
         for list administrators.

       - A potential cross-site scripting hole in the driver script has been
         closed.  Thanks to Florian Weimer for its discovery.  Also, turn
         STEALTH_MODE on by default.
     Internationalization

       - Chinese languages are now supported.  They have been moved from
         'big5' and 'gb' to 'zh_TW' and 'zh_CN' respectively for compliance
         to the IANA spec.  Note, however, that the character sets were
         changed from 'Big5' or 'GB2312' to 'UTF-8' to cope with the
         insufficient codecs support in Python 2.3 and earlier.  You may
         have to install Chinese capable codecs (like CJKCodecs) separately
         to handle the incoming messages which are in local charsets, or
         upgrade your Python to 2.4 or newer.

     Behavior or defaults changes

       - VERP_PROBES is disabled by default.

       - bin/withlist can be run without a list name, but only if -i is
         given.  Also, withlist puts the directory it's found in at the end
         of sys.path, making it easier to run withlist scripts that live in
         $prefix/bin.

       - bin/newlist grew two new options: -u/--urlhost and -e/--emailhost
         which lets the user provide the web and email hostnames for the new
         mailing list.  This is a better way to specify the domain for the
         list, rather than the old 'mylist@hostname' syntax (which is still
         supported for backward compatibility, but deprecated).

     Compatibility

       - Python 2.4 compatibility issue: time.strftime() became strict about
         the 'day of year' range.  (1078482)

     New Features

       - New feature: automatic discards of held messages.  List owners can now
         set how many days to hold the messages in the moderator request queue.
         cron/checkdb will automatically discard old messages.  See the
         max_days_to_hold variable in the General Options and
         DEFAULT_MAX_DAYS_TO_HOLD in Defaults.py.  This defaults to 0
         (i.e. disabled). (790494)

       - New feature: subject_prefix can be configured to include a sequence
         number which is taken from the post_id variable.  Also, the prefix is
         always put at the start of the subject, i.e. "[list-name] Re:
         original subject", if mm_cfg.OLD_STYLE_PREFIXING is set No.
         The default style is "Re: [list-name]" if numbering is not set, for
         backward compatibility.  If the list owner is using numbering feature
         by "%d" directive, the new style, "[list-name 123] Re:", is always
         used.
       - List owners can now cusomize the non-member rejection notice from
         admin/<listname>/privacy/sender page. (1107169)

       - Allow editing of the welcome message from the admin page (1085501).

       - List owners can now use Scrubber to get the attachments scrubbed
         (held in the web archive), if the site admin permits it in mm_cfg.py.
         New variables introduced are SCRUBBER_DONT_USE_ATTACHMENT_FILENAME
         and SCRUBBER_USE_ATTACHMENT_FILENAME_EXTENSION in Defaults.py for
         scrubber behavior.  (904850)

     Documentation

       - Most of the installation instructions have been moved to a latex
         document.  See admin/www/mailman-install/index.html for details.

     Bug fixes and other patches

       - Mail-to-news gateway now strips subject prefix off from a response
         by a mail user if news_prefix_subject_too is not set.

       - Date and Message-Id headers are added for digests. (1116952)
       - Improved mail address sanity check.  (1030228)

       - SpamDetect.py now checks attachment header.  (1026977)

       - Filter attachments by filename extensions.  (1027882)

       - Bugs and patches: 955381 (older Python compatibility),
         1020102/1013079/ 1020013 (fix spam filter removed), 665569 (newer
         Postfix bounce detection), 970383 (moderator -1 admin requests
         pending), 873035 (subject handling in -request mail), 799166/946554
         (makefile compatibility), 872068 (add header/footer via unicode),
         1032434 (KNOWN_SPAMMERS check for multi-header), 1025372 (empty
         Cc:), 789015 (fix pipermail URL), 948152 (Out of date link on Docs),
         1099138 (Scrubber.py breaks on None part),  1099840/1099840
         (deprecated % insertion),  880073/933762 (List-ID RFC compliance),
         1090439 (passwd reminder shunted), 1112349 (case insensitivity in
         acceptable_aliases), 1117618 (Don't Cc for personalized anonymous
         list), 1190404 (wrong permission after editing html)

Revision 1.22 / (download) - annotate - [select for diffs], Wed Jun 1 23:25:07 2005 UTC (14 years, 5 months ago) by bouyer
Branch: MAIN
CVS Tags: pkgsrc-2005Q2-base, pkgsrc-2005Q2
Changes since 1.21: +3 -3 lines
Diff to previous 1.21 (colored)

Update to 2.1.6. Changes (note: the fix for CAN-2005-0202 was already in
pkgsrc as patches/patch-ai):

  Security

    - Added the ability for Mailman generated passwords (both member and list
      admin) to be more cryptographically secure.  See new configuration
      variables USER_FRIENDLY_PASSWORDS, MEMBER_PASSWORD_LENGTH, and
      ADMIN_PASSWORD_LENGTH.  Also added a new bin/withlist script called
      reset_pw.py which can be used to reset all member passwords.  Passwords
      generated by Mailman are now 8 characters by default for members, and 10
      characters for list administrators.

    - A potential cross-site scripting hole in the driver script has been
      closed.  Thanks to Florian Weimer for its discovery.  Also, turn
      STEALTH_MODE on by default.
  Internationalization

    - Chinese languages are now supported.  They have been moved from 'big5'
      and 'gb' to 'zh_TW' and 'zh_CN' respectively for compliance to the IANA
      spec.  Note, however, that the character sets were changed from 'Big5'
      or 'GB2312' to 'UTF-8' to cope with the insufficient codecs support in
      Python 2.3 and earlier.  You may have to install Chinese capable codecs
      (like CJKCodecs) separately to handle the incoming messages which are in
      local charsets, or upgrade your Python to 2.4 or newer.

  Behavior or defaults changes

    - VERP_PROBES is disabled by default.

    - bin/withlist can be run without a list name, but only if -i is given.
      Also, withlist puts the directory it's found in at the end of sys.path,
      making it easier to run withlist scripts that live in $prefix/bin.

    - bin/newlist grew two new options: -u/--urlhost and -e/--emailhost which
      lets the user provide the web and email hostnames for the new mailing
      list.  This is a better way to specify the domain for the list, rather
      than the old 'mylist@hostname' syntax (which is still supported for
      backward compatibility, but deprecated).
  Compatibility

    - Python 2.4 compatibility issue: time.strftime() became strict about the
      'day of year' range.  (1078482)

  New Features

    - New feature: automatic discards of held messages.  List owners can now
      set how many days to hold the messages in the moderator request queue.
      cron/checkdb will automatically discard old messages.  See the
      max_days_to_hold variable in the General Options and
      DEFAULT_MAX_DAYS_TO_HOLD in Defaults.py.  This defaults to 0
      (i.e. disabled). (790494)

    - New feature: subject_prefix can be configured to include a sequence
      number which is taken from the post_id variable.  Also, the prefix is
      always put at the start of the subject, i.e. "[list-name] Re: original
      subject", if mm_cfg.OLD_STYLE_PREFIXING is set No.  The default style
      is "Re: [list-name]" if numbering is not set, for backward compatibility.
      If the list owner is using numbering feature by "%d" directive, the new
      style, "[list-name 123] Re:", is always used.
    - List owners can now cusomize the non-member rejection notice from
      admin/<listname>/privacy/sender page. (1107169)

    - Allow editing of the welcome message from the admin page (1085501).

    - List owners can now use Scrubber to get the attachments scrubbed (held
      in the web archive), if the site admin permits it in mm_cfg.py.  New
      variables introduced are SCRUBBER_DONT_USE_ATTACHMENT_FILENAME and
      SCRUBBER_USE_ATTACHMENT_FILENAME_EXTENSION in Defaults.py for scrubber
      behavior.  (904850)

  Documentation

    - Most of the installation instructions have been moved to a latex
      document.  See admin/www/mailman-install/index.html for details.

  Bug fixes and other patches

    - Mail-to-news gateway now strips subject prefix off from a response
      by a mail user if news_prefix_subject_too is not set.

    - Date and Message-Id headers are added for digests. (1116952)
    - Improved mail address sanity check.  (1030228)

    - SpamDetect.py now checks attachment header.  (1026977)

    - Filter attachments by filename extensions.  (1027882)

    - Bugs and patches: 955381 (older Python compatibility), 1020102/1013079/
      1020013 (fix spam filter removed), 665569 (newer Postfix bounce
      detection), 970383 (moderator -1 admin requests pending), 873035
      (subject handling in -request mail), 799166/946554 (makefile
      compatibility), 872068 (add header/footer via unicode), 1032434
      (KNOWN_SPAMMERS check for multi-header), 1025372 (empty Cc:), 789015
      (fix pipermail URL), 948152 (Out of date link on Docs),  1099138
      (Scrubber.py breaks on None part),  1099840/1099840 (deprecated %
      insertion),  880073/933762 (List-ID RFC compliance),  1090439 (passwd
      reminder shunted), 1112349 (case insensitivity in acceptable_aliases),
      1117618 (Don't Cc for personalized anonymous list), 1190404 (wrong
      permission after editing html)

Revision 1.15.2.2 / (download) - annotate - [select for diffs], Sat Mar 5 18:43:13 2005 UTC (14 years, 8 months ago) by snj
Branch: pkgsrc-2004Q4
Changes since 1.15.2.1: +8 -6 lines
Diff to previous 1.15.2.1 (colored) to branchpoint 1.15 (colored) next main 1.16 (colored)

Pullup ticket 330 - requested by Lubomir Sedlacik
security fix for mailman

Revisions pulled up:
- pkgsrc/mail/mailman/Makefile		1.21
- pkgsrc/mail/mailman/PLIST		1.6
- pkgsrc/mail/mailman/distinfo		1.7
- pkgsrc/mail/mailman/patches/patch-ac	1.3


    Module Name:    pkgsrc
    Committed By:   kim
    Date:           Wed Mar  2 21:09:56 UTC 2005

    Modified Files:
            pkgsrc/mail/mailman: Makefile PLIST distinfo
            pkgsrc/mail/mailman/patches: patch-ac

    Log Message:
    Upgrade to 2.1.5 due to security issues:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1177
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1143

Revision 1.21 / (download) - annotate - [select for diffs], Wed Mar 2 21:09:56 2005 UTC (14 years, 8 months ago) by kim
Branch: MAIN
CVS Tags: pkgsrc-2005Q1-base
Branch point for: pkgsrc-2005Q1
Changes since 1.20: +6 -4 lines
Diff to previous 1.20 (colored)

Upgrade to 2.1.5 due to security issues:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1143

Revision 1.20 / (download) - annotate - [select for diffs], Sun Feb 27 07:49:02 2005 UTC (14 years, 8 months ago) by kim
Branch: MAIN
Changes since 1.19: +3 -3 lines
Diff to previous 1.19 (colored)

To run on python 2.4 one would need mailman 2.1.6 (beta).
So don't accept python 2.4 for now, to avoid crashes.

http://mail.python.org/pipermail/mailman-coders/2005-February/001611.html

Revision 1.15.2.1 / (download) - annotate - [select for diffs], Tue Feb 22 22:13:28 2005 UTC (14 years, 8 months ago) by snj
Branch: pkgsrc-2004Q4
Changes since 1.15: +8 -5 lines
Diff to previous 1.15 (colored)

Pullup ticket 304 - requested by Lubomir Sedlacik
security fix for mailman

Revisions pulled up:
- pkgsrc/mail/mailman/Makefile		1.16,1.19
- pkgsrc/mail/mailman/PLIST		1.5
- pkgsrc/mail/mailman/files/DEINSTALL	1.1
- pkgsrc/mail/mailman/files/INSTALL	1.1
- pkgsrc/mail/mailman/distinfo		1.5
- pkgsrc/mail/mailman/patches/patch-ai	1.1


    Module Name:    pkgsrc
    Committed By:   kim
    Date:           Sat Dec 25 16:55:33 UTC 2004

    Modified Files:
            pkgsrc/mail/mailman: Makefile PLIST
    Added Files:
            pkgsrc/mail/mailman/files: DEINSTALL INSTALL

    Log Message:
    Change permissions of installed files to match what is required by
    the software to work.  Run "check_perms -f" to make sure permissions
    are correct (it still fixes a setgid problem with "mail/mailman").

    Remove mm_cfg.pyc (compiled copy of mm_cfg.py) always, so the package
    can be deinstalled cleanly.

    Closes PR pkg/24041.

    ---

    Module Name:    pkgsrc
    Committed By:   tv
    Date:           Mon Feb 14 16:56:38 UTC 2005

    Modified Files:
            pkgsrc/mail/mailman: Makefile distinfo
    Added Files:
            pkgsrc/mail/mailman/patches: patch-ai

    Log Message:
    Apply patch from Mailman maintainers to fix vulnerability described in:
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0202

Revision 1.19 / (download) - annotate - [select for diffs], Mon Feb 14 16:56:38 2005 UTC (14 years, 9 months ago) by tv
Branch: MAIN
Changes since 1.18: +2 -2 lines
Diff to previous 1.18 (colored)

Apply patch from Mailman maintainers to fix vulnerability described in:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0202

Revision 1.18 / (download) - annotate - [select for diffs], Sun Jan 23 20:41:48 2005 UTC (14 years, 9 months ago) by recht
Branch: MAIN
Changes since 1.17: +2 -2 lines
Diff to previous 1.17 (colored)

Build Python with thread support by default and turn the existing
python*-pth packages into meta-packages which will install the non-pth
packages. Bump PKGREVISIONs on the non-pth versions to propagate the
thread change, but leave the *-pth versions untouched to not affect
existing installations.
Sync all PYTHON_VERSIONS_AFFECTED lines in package Makefiles.

Revision 1.17 / (download) - annotate - [select for diffs], Tue Dec 28 02:47:44 2004 UTC (14 years, 10 months ago) by reed
Branch: MAIN
Changes since 1.16: +2 -2 lines
Diff to previous 1.16 (colored)

The default location of the pkgsrc-installed rc.d scripts is now
under share/examples/rc.d. The variable name already was named
RCD_SCRIPTS_EXAMPLEDIR.

This is from ideas from Greg Woods and others.

Also bumped PKGREVISION for all packages using RCD_SCRIPTS mechanism
(as requested by wiz).

Revision 1.16 / (download) - annotate - [select for diffs], Sat Dec 25 16:55:33 2004 UTC (14 years, 10 months ago) by kim
Branch: MAIN
Changes since 1.15: +7 -4 lines
Diff to previous 1.15 (colored)

Change permissions of installed files to match what is required by
the software to work.  Run "check_perms -f" to make sure permissions
are correct (it still fixes a setgid problem with "mail/mailman").

Remove mm_cfg.pyc (compiled copy of mm_cfg.py) always, so the package
can be deinstalled cleanly.

Closes PR pkg/24041.

Revision 1.15 / (download) - annotate - [select for diffs], Sun Dec 19 21:25:42 2004 UTC (14 years, 10 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2004Q4-base
Branch point for: pkgsrc-2004Q4
Changes since 1.14: +2 -2 lines
Diff to previous 1.14 (colored)

Add space (between option and argument) for Irix.
From Georg Schwarz in PR 28715.

Revision 1.14 / (download) - annotate - [select for diffs], Sat Oct 30 01:01:09 2004 UTC (15 years ago) by xtraeme
Branch: MAIN
Changes since 1.13: +2 -2 lines
Diff to previous 1.13 (colored)

s/\/var/${VARBASE}/

Revision 1.13 / (download) - annotate - [select for diffs], Mon Sep 6 06:29:42 2004 UTC (15 years, 2 months ago) by lukem
Branch: MAIN
CVS Tags: pkgsrc-2004Q3-base, pkgsrc-2004Q3
Changes since 1.12: +3 -1 lines
Diff to previous 1.12 (colored)

Provide rc.d script wrapper to mailmanctl

Revision 1.12 / (download) - annotate - [select for diffs], Mon Sep 6 04:12:46 2004 UTC (15 years, 2 months ago) by lukem
Branch: MAIN
Changes since 1.11: +2 -1 lines
Diff to previous 1.11 (colored)

Allow IMAGE3_URL IMAGE3_IMG and IMAGE3_ALT to be specified in mm_cfg.py to
override the third image in the web pages (which is currently the "gnu head").

Revision 1.11 / (download) - annotate - [select for diffs], Wed Jan 14 01:46:29 2004 UTC (15 years, 10 months ago) by xtraeme
Branch: MAIN
CVS Tags: pkgsrc-2004Q2-base, pkgsrc-2004Q2, pkgsrc-2004Q1-base, pkgsrc-2004Q1
Changes since 1.10: +3 -3 lines
Diff to previous 1.10 (colored)

Update to 2.1.4, provided by Min Sik Kim in PR pkg/24083.

Changes:

    - Close some cross-site scripting vulnerabilities in the admin pages
      (CAN-2003-0965).
    - New languages: Catalan, Croatian, Romanian, Slovenian.
    - New mm_cfg.py/Defaults.py variable PUBLIC_MBOX which allows the site
      administrator to disable public access to all the raw list mbox files
      (this is not a per-list configuration).
    - Expanded header filter rules under Privacy -> Spam Filters.  Now you can
      specify regular expression matches against any header, with specific
      actions tied to those matches.
    - Rework the SMTP error handling in SMTPDirect.py to avoid scoring bounces
      for all recipients when a permanent error code is returned by the mail
      server (e.g. because of content restrictions).
    - Promoted SYNC_AFTER_WRITE to a Default.py/mm_cfg.py variable and
      make it control syncing on the config.pck file.  Also, we always flush
      and sync message files.
    - Reduce archive bloat by not storing the HTML body of Article objects in
      the Pipermail database.  A new script bin/rb-archfix was added to clean
      up older archives.
    - Proper RFC quoting for List-ID descriptions.
    - PKGDIR can be passed to the make command in order to specify a different
      directory to unpack the distutils packages in misc.  (SF bug 784700).
    - Improved logging of the origin of subscription requests.
    - Misc bugfixes.

Revision 1.10 / (download) - annotate - [select for diffs], Sun Jan 11 17:28:30 2004 UTC (15 years, 10 months ago) by kim
Branch: MAIN
Changes since 1.9: +2 -1 lines
Diff to previous 1.9 (colored)

Fix PLIST wrt MAILMAN_CGIEXT too.

Revision 1.9 / (download) - annotate - [select for diffs], Sun Jan 11 17:17:25 2004 UTC (15 years, 10 months ago) by kim
Branch: MAIN
Changes since 1.8: +14 -5 lines
Diff to previous 1.8 (colored)

Allow for selecting a different CGI GID than the default pkgsrc APACHE GID.

Allow for not using a CGI extension (no extension was the pkgsrc default
for the previous mailman version, and forcing to add one seems like just
a gratuitous change).

Record BUILD_DEFS. (XXX: All these should be documented, too.)

Revision 1.8 / (download) - annotate - [select for diffs], Tue Dec 23 11:02:13 2003 UTC (15 years, 10 months ago) by xtraeme
Branch: MAIN
Changes since 1.7: +60 -96 lines
Diff to previous 1.7 (colored)

Update to 2.1.3 from pkgsrc-wip via Todd Vierling. This also closes
PR pkg/22820.

Changes:

      - Closed a cross-site scripting exploit in the create cgi script.

      - Improvements in the performance of the bounce processor.
        Now, instead of processing each bounce immediately (which
        can cause severe lock contention), bounce events are queued.
        Every 15 minutes by default, the queued bounce events are
        processed en masse, on a list-per-list basis, so that each
        list only needs to be locked once.

      - When some or all of a message's recipients have temporary
        delivery failures, the message is moved to a "retry" queue.
        This queue wakes up occasionally and moves the file back to
        the outgoing queue for attempted redelivery.  This should
        fix most observed OutgoingRunner 100% cpu consumption,
        especially for bounces to local recipients when using the
        Postfix MTA.

      - Optional support for fsync()'ing qfile data after writing.
        Under some catastrophic system failures (e.g. power lose),
        it would be possible to lose messages because the data
        wasn't sync'd to disk.  By setting SYNC_AFTER_WRITE to True
        in Mailman/Queue/Switchboard.py, you can force Mailman to
        fsync() queue files after flushing them.  The benefits are
        debatable for most operating environments, and you must
        ensure that your Python has the os.fsync() function defined
        before enabling this feature (it isn't, even on all
        Unix-like operating systems).

And more... please review Changelog to see a complete list of changes.

Revision 1.7 / (download) - annotate - [select for diffs], Fri Sep 5 21:18:52 2003 UTC (16 years, 2 months ago) by bouyer
Branch: MAIN
CVS Tags: pkgsrc-2003Q4-base, pkgsrc-2003Q4
Changes since 1.6: +1 -13 lines
Diff to previous 1.6 (colored)

Remove MAKE_DIRS/OWN_DIRS, MAKE_DIRS_PERMS/OWN_DIRS_PERMS will create the
directories too, and having both will cause the directories to be created with
the wrong owner/mode.
Thanks to Marc Recht for giving me details on this.

Revision 1.6 / (download) - annotate - [select for diffs], Mon Jul 21 16:56:46 2003 UTC (16 years, 3 months ago) by martti
Branch: MAIN
Changes since 1.5: +2 -2 lines
Diff to previous 1.5 (colored)

COMMENT should start with a capital letter.

Revision 1.5 / (download) - annotate - [select for diffs], Thu Jul 17 21:46:23 2003 UTC (16 years, 4 months ago) by grant
Branch: MAIN
Changes since 1.4: +2 -2 lines
Diff to previous 1.4 (colored)

s/netbsd.org/NetBSD.org/

Revision 1.4 / (download) - annotate - [select for diffs], Tue Jan 28 22:03:34 2003 UTC (16 years, 9 months ago) by jlam
Branch: MAIN
CVS Tags: netbsd-1-6-1-base, netbsd-1-6-1
Changes since 1.3: +2 -2 lines
Diff to previous 1.3 (colored)

Instead of including bsd.pkg.install.mk directly in a package Makefile,
have it be automatically included by bsd.pkg.mk if USE_PKGINSTALL is set
to "YES".  This enforces the requirement that bsd.pkg.install.mk be
included at the end of a package Makefile.  Idea suggested by Julio M.
Merino Vidal <jmmv at menta.net>.

Revision 1.3 / (download) - annotate - [select for diffs], Sat Sep 21 23:46:53 2002 UTC (17 years, 1 month ago) by jlam
Branch: MAIN
Changes since 1.2: +2 -2 lines
Diff to previous 1.2 (colored)

Strip the ".buildlink" from the names of the python application and
extension Makefile fragments, because they really don't have anything to
do with the buildlink[12] frameworks.  Change all the Makefiles that use
application.buildlink.mk and extension.buildlink.mk to use application.mk
and extension.mk instead.

Revision 1.2 / (download) - annotate - [select for diffs], Wed Aug 28 19:48:33 2002 UTC (17 years, 2 months ago) by bouyer
Branch: MAIN
Changes since 1.1: +2 -2 lines
Diff to previous 1.1 (colored)

Ops, DISTNAME is mailman-2.0.12 not 2.0.13. This is a leftover from my
attemps to upgrade it to 2.0.13.
2.0.13 is announced on the home page, but the distfile doesn't seem to
be available from ftp.gnu.org yet ...

Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Fri Aug 23 15:28:17 2002 UTC (17 years, 2 months ago) by bouyer
Branch: TNF
CVS Tags: pkgsrc-base
Changes since 1.1: +0 -0 lines
Diff to previous 1.1 (colored)

Initial import of mailman package (posted to tech-pkg on Aug, 01)
Maiman is a e-mail list manager. It includes a web interface for
management from a user (subscribe/unsuscribe) and administrator point
of view, as well as the traditionnal command-though-emails management.
It also offers web-browsable mailing-list archives.

Revision 1.1 / (download) - annotate - [select for diffs], Fri Aug 23 15:28:17 2002 UTC (17 years, 2 months ago) by bouyer
Branch: MAIN

Initial revision

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.




CVSweb <webmaster@jp.NetBSD.org>