head	1.6;
access;
symbols
	pkgsrc-2013Q2:1.6.0.36
	pkgsrc-2013Q2-base:1.6
	pkgsrc-2012Q4:1.6.0.34
	pkgsrc-2012Q4-base:1.6
	pkgsrc-2011Q4:1.6.0.32
	pkgsrc-2011Q4-base:1.6
	pkgsrc-2011Q2:1.6.0.30
	pkgsrc-2011Q2-base:1.6
	pkgsrc-2009Q4:1.6.0.28
	pkgsrc-2009Q4-base:1.6
	pkgsrc-2008Q4:1.6.0.26
	pkgsrc-2008Q4-base:1.6
	pkgsrc-2008Q3:1.6.0.24
	pkgsrc-2008Q3-base:1.6
	cube-native-xorg:1.6.0.22
	cube-native-xorg-base:1.6
	pkgsrc-2008Q2:1.6.0.20
	pkgsrc-2008Q2-base:1.6
	pkgsrc-2008Q1:1.6.0.18
	pkgsrc-2008Q1-base:1.6
	pkgsrc-2007Q4:1.6.0.16
	pkgsrc-2007Q4-base:1.6
	pkgsrc-2007Q3:1.6.0.14
	pkgsrc-2007Q3-base:1.6
	pkgsrc-2007Q2:1.6.0.12
	pkgsrc-2007Q2-base:1.6
	pkgsrc-2007Q1:1.6.0.10
	pkgsrc-2007Q1-base:1.6
	pkgsrc-2006Q4:1.6.0.8
	pkgsrc-2006Q4-base:1.6
	pkgsrc-2006Q3:1.6.0.6
	pkgsrc-2006Q3-base:1.6
	pkgsrc-2006Q2:1.6.0.4
	pkgsrc-2006Q2-base:1.6
	pkgsrc-2006Q1:1.6.0.2
	pkgsrc-2006Q1-base:1.6
	pkgsrc-2005Q4:1.5.0.2
	pkgsrc-2005Q4-base:1.5
	pkgsrc-2005Q3:1.4.0.4
	pkgsrc-2005Q3-base:1.4
	pkgsrc-2005Q2:1.4.0.2
	pkgsrc-2005Q2-base:1.4
	pkgsrc-2005Q1:1.3.0.2
	pkgsrc-2005Q1-base:1.3
	pkgsrc-2004Q4:1.2.0.8
	pkgsrc-2004Q4-base:1.2
	pkgsrc-2004Q3:1.2.0.6
	pkgsrc-2004Q3-base:1.2
	pkgsrc-2004Q2:1.2.0.4
	pkgsrc-2004Q2-base:1.2
	pkgsrc-2004Q1:1.2.0.2
	pkgsrc-2004Q1-base:1.2
	pkgsrc-2003Q4:1.1.1.1.0.4
	pkgsrc-2003Q4-base:1.1.1.1
	netbsd-1-6-1:1.1.1.1.0.2
	netbsd-1-6-1-base:1.1.1.1
	pkgsrc-base:1.1.1.1
	TNF:1.1.1;
locks; strict;
comment	@# @;


1.6
date	2006.01.21.16.14.24;	author bouyer;	state dead;
branches;
next	1.5;

1.5
date	2005.12.08.21.09.04;	author bouyer;	state Exp;
branches
	1.5.2.1;
next	1.4;

1.4
date	2005.06.01.23.25.07;	author bouyer;	state dead;
branches
	1.4.4.1;
next	1.3;

1.3
date	2005.03.02.21.09.56;	author kim;	state Exp;
branches
	1.3.2.1;
next	1.2;

1.2
date	2003.12.23.11.02.13;	author xtraeme;	state Exp;
branches
	1.2.8.1;
next	1.1;

1.1
date	2002.08.23.15.28.17;	author bouyer;	state Exp;
branches
	1.1.1.1;
next	;

1.5.2.1
date	2006.01.22.17.17.53;	author salo;	state dead;
branches;
next	;

1.4.4.1
date	2005.12.08.22.44.48;	author salo;	state Exp;
branches;
next	;

1.3.2.1
date	2005.06.02.11.12.08;	author salo;	state dead;
branches;
next	;

1.2.8.1
date	2005.03.05.18.43.13;	author snj;	state Exp;
branches;
next	;

1.1.1.1
date	2002.08.23.15.28.17;	author bouyer;	state Exp;
branches;
next	;


desc
@@


1.6
log
@Upgrade to 2.1.7nb1.
Local change (which is why we have PKGREVISION=1)
Fix http://secunia.com/advisories/18449/ (CVE-2005-4153) based on debian
patches.

Changes between 2.1.6 and 2.1.7:
  Security

    - The fix for CAN-2005-0202 has been enhanced to issue an appropriate
      message instead of just quietly dropping ./ and ../ from URLs.

    - A note on CVE-2005-3573: Although the RFC2231 bug example in the CVE has
      been solved in Mailman 2.1.6, there may be more cases where
      ToDigest.send_digests() can block regular delivery.  We put the
      send_digests() calling part in a try/except clause and leave a message
      in the error log if something happened in send_digests().  Daily call of
      cron/senddigests will provide more detail to the site administrator.

    - List administrators can no longer change the user's option/subscription
      globally.  Site admin can change these only if
      mm_cfg.ALLOW_SITE_ADMIN_COOKIES is set to Yes.

    - <script> tags are HTML-escaped in the edithtml CGI script.

    - Since the probe message for disabled users may reach unintended
      recipients, the password is excluded from sendProbe() and probe.txt.
      Note that the default value of VERP_PROBE has been set to `No' from
      2.1.6., thus this change doesn't affect the default behavior.
  New Features

    - Always remove DomainKey (and similar) headers from messages sent to the
      list. (1287546)

    - List owners can control the content filter behavior when collapsing
      multipart/alternative parts to its first subpart.  This allows the
      option of letting the HTML part pass through after other content
      filtering is done.

  Internationalization

    - New language: Interlingua.

  Bug fixes and other patches

    - Defaults.py.in: SCRUBBER_DONT_USE_ATTACHMENT_FILENAME is set to True for
      safer operation.

    - Fixed the bug where Scrubber.py munges quoted-printable by introducing
      the 'X-Mailman-Scrubbed' header which marks that the payload is
      scrubber-munged.  The flag is referenced in ToDigest.py, ToArchive.py,
      Decorate.py and Archiver.  A similar problem in ToDigest.py where the
      plain digest is generated is also fixed.

    - Fixed Syslog.py to write quopri encoded messages when it fail to write
      8-bit characters.

    - Fixed MTA/Postfix.py to check aliases group permission in check_perms
      and fixed mailman-install document on this matter (1378270).

    - Fixed private.py to go to the original URL after authorization
      (1080943).

    - Fixed bounce log score messages to be more consistent.

    - Fixed bin/remove_members to accept no arguments when both --fromall and
      --file= options are specified.

    - Changed cgi-bin and mail wrapper "group not found" error message to be
      more descriptive of the actual problem.
    - The list's ban_list now applies to address changes, admin mass
      subscribes and invites, and to confirmations/approvals of address
      changes, subscriptions and invitations.

    - quoted-printable and base64 encoded parts are decoded before passing to
      HTML_TO_PLAIN_TEXT_COMMAND (1367783).

    - Approve: header is removed from posts, and treated the same as the
      Approved: header. (1355707)

    - Fixed the removal of the line following Approve[d]: line in body of
      post.  (1318883)

    - The Approve[d]: <password> header is removed from all text/* parts in
      addition the initial text/plain part.  It must still be the first
      non-blank line in the first text/plain part or it won't be found or
      removed at all. (1181161)

    - Posts are now logged in post log file with the true sender, not
      listname-bounces. (1287921)
    - Correctly initialize and remember the list's default_member_moderation
      attribute in the web list creation page. (1263213)

    - PEP263 charset is added to the config_list output. (1343100)

    - Fixed header_filter_rules getting lost if accessed directly and
      authentication was needed by login page. (1230865)

    - Obscure email when the poster doesn't set full name in 'From:' header.

    - Preambles and epilogues are taken into account when calculating message
      sizes for holding purposes. (Mark Sapiro)

    - Logging/Logger.py unicode transform option. (1235567)

    - bin/update crashes with bogus files. (949117)

    - Bugs and patches: 1212066/1301983 (Date header in create/remove notice)
@
text
@$NetBSD: patch-ac,v 1.5 2005/12/08 21:09:04 bouyer Exp $

Fix for http://secunia.com/advisories/17511/ adapted from
http://ftp.debian.org/debian/pool/main/m/mailman/mailman_2.1.5-10.diff.gz

--- Mailman/Handlers/Scrubber.py.orig	2005-05-22 22:55:08.000000000 +0300
+++ Mailman/Handlers/Scrubber.py	2005-12-05 12:58:43.000000000 +0200
@@@@ -195,7 +195,10 @@@@ def process(mlist, msg, msgdata=None):
                     url = save_attachment(mlist, part, dir)
                 finally:
                     os.umask(omask)
-                filename = part.get_filename(_('not available'))
+                try:
+                    filename = part.get_filename(_('not available'))
+                except UnicodeDecodeError:
+                    filename = _('not available')
                 filename = Utils.oneline(filename, lcset)
                 del part['content-type']
                 del part['content-transfer-encoding']
@@@@ -300,7 +303,10 @@@@ Url: %(url)s
             finally:
                 os.umask(omask)
             desc = part.get('content-description', _('not available'))
-            filename = part.get_filename(_('not available'))
+            try:
+                filename = part.get_filename(_('not available'))
+            except UnicodeDecodeError:
+                filename = _('not available')
             filename = Utils.oneline(filename, lcset)
             del part['content-type']
             del part['content-transfer-encoding']
@@@@ -408,7 +414,11 @@@@ def save_attachment(mlist, msg, dir, fil
     ctype = msg.get_content_type()
     # i18n file name is encoded
     lcset = Utils.GetCharSet(mlist.preferred_language)
-    filename = Utils.oneline(msg.get_filename(''), lcset)
+    try:
+        filename = msg.get_filename('')
+    except UnicodeDecodeError:
+        filename = ''
+    filename = Utils.oneline(filename, lcset)
     fnext = os.path.splitext(filename)[1]
     # For safety, we should confirm this is valid ext for content-type
     # but we can use fnext if we introduce fnext filtering
@@@@ -434,7 +444,10 @@@@ def save_attachment(mlist, msg, dir, fil
     try:
         # Now base the filename on what's in the attachment, uniquifying it if
         # necessary.
-        filename = msg.get_filename()
+        try:
+            filename = msg.get_filename()
+        except UnicodeDecodeError:
+            filename = None
         if not filename or mm_cfg.SCRUBBER_DONT_USE_ATTACHMENT_FILENAME:
             filebase = 'attachment'
         else:
@


1.5
log
@Apply patch (from debian via Kimmo Suominen) to address
http://secunia.com/advisories/17511/ (denial of service).
@
text
@d1 1
a1 1
$NetBSD$
@


1.5.2.1
log
@Pullup ticket 1045 - requested by Manuel Bouyer
security update for mailman

Revisions pulled up:
- pkgsrc/mail/mailman/Makefile			1.30
- pkgsrc/mail/mailman/PLIST			1.9
- pkgsrc/mail/mailman/distinfo			1.10
- pkgsrc/mail/mailman/patches/patch-ac		removed
- pkgsrc/mail/mailman/patches/patch-ai		1.3
- pkgsrc/mail/mailman/patches/patch-aj		1.1

   Module Name:		pkgsrc
   Committed By:	bouyer
   Date:		Sat Jan 21 16:14:24 UTC 2006

   Modified Files:
   	pkgsrc/mail/mailman: Makefile PLIST distinfo
   Added Files:
   	pkgsrc/mail/mailman/patches: patch-ai patch-aj
   Removed Files:
   	pkgsrc/mail/mailman/patches: patch-ac

   Log Message:
   Upgrade to 2.1.7nb1.
   Local change (which is why we have PKGREVISION=1)
   Fix http://secunia.com/advisories/18449/ (CVE-2005-4153) based on debian
   patches.

   Changes between 2.1.6 and 2.1.7:
     Security

       - The fix for CAN-2005-0202 has been enhanced to issue an appropriate
         message instead of just quietly dropping ./ and ../ from URLs.

       - A note on CVE-2005-3573: Although the RFC2231 bug example in the CVE has
         been solved in Mailman 2.1.6, there may be more cases where
         ToDigest.send_digests() can block regular delivery.  We put the
         send_digests() calling part in a try/except clause and leave a message
         in the error log if something happened in send_digests().  Daily call of
         cron/senddigests will provide more detail to the site administrator.

       - List administrators can no longer change the user's option/subscription
         globally.  Site admin can change these only if
         mm_cfg.ALLOW_SITE_ADMIN_COOKIES is set to Yes.

       - <script> tags are HTML-escaped in the edithtml CGI script.

       - Since the probe message for disabled users may reach unintended
         recipients, the password is excluded from sendProbe() and probe.txt.
         Note that the default value of VERP_PROBE has been set to `No' from
         2.1.6., thus this change doesn't affect the default behavior.
     New Features

       - Always remove DomainKey (and similar) headers from messages sent to the
         list. (1287546)

       - List owners can control the content filter behavior when collapsing
         multipart/alternative parts to its first subpart.  This allows the
         option of letting the HTML part pass through after other content
         filtering is done.

     Internationalization

       - New language: Interlingua.

     Bug fixes and other patches

       - Defaults.py.in: SCRUBBER_DONT_USE_ATTACHMENT_FILENAME is set to True for
         safer operation.

       - Fixed the bug where Scrubber.py munges quoted-printable by introducing
         the 'X-Mailman-Scrubbed' header which marks that the payload is
         scrubber-munged.  The flag is referenced in ToDigest.py, ToArchive.py,
         Decorate.py and Archiver.  A similar problem in ToDigest.py where the
         plain digest is generated is also fixed.

       - Fixed Syslog.py to write quopri encoded messages when it fail to write
         8-bit characters.

       - Fixed MTA/Postfix.py to check aliases group permission in check_perms
         and fixed mailman-install document on this matter (1378270).

       - Fixed private.py to go to the original URL after authorization
         (1080943).

       - Fixed bounce log score messages to be more consistent.

       - Fixed bin/remove_members to accept no arguments when both --fromall and
         --file= options are specified.

       - Changed cgi-bin and mail wrapper "group not found" error message to be
         more descriptive of the actual problem.
       - The list's ban_list now applies to address changes, admin mass
         subscribes and invites, and to confirmations/approvals of address
         changes, subscriptions and invitations.

       - quoted-printable and base64 encoded parts are decoded before passing to
         HTML_TO_PLAIN_TEXT_COMMAND (1367783).

       - Approve: header is removed from posts, and treated the same as the
         Approved: header. (1355707)

       - Fixed the removal of the line following Approve[d]: line in body of
         post.  (1318883)

       - The Approve[d]: <password> header is removed from all text/* parts in
         addition the initial text/plain part.  It must still be the first
         non-blank line in the first text/plain part or it won't be found or
         removed at all. (1181161)

       - Posts are now logged in post log file with the true sender, not
         listname-bounces. (1287921)
       - Correctly initialize and remember the list's default_member_moderation
         attribute in the web list creation page. (1263213)

       - PEP263 charset is added to the config_list output. (1343100)

       - Fixed header_filter_rules getting lost if accessed directly and
         authentication was needed by login page. (1230865)

       - Obscure email when the poster doesn't set full name in 'From:' header.

       - Preambles and epilogues are taken into account when calculating message
         sizes for holding purposes. (Mark Sapiro)

       - Logging/Logger.py unicode transform option. (1235567)

       - bin/update crashes with bogus files. (949117)

       - Bugs and patches: 1212066/1301983 (Date header in create/remove notice)
@
text
@d1 1
a1 1
$NetBSD: patch-ac,v 1.5 2005/12/08 21:09:04 bouyer Exp $
@


1.4
log
@Update to 2.1.6. Changes (note: the fix for CAN-2005-0202 was already in
pkgsrc as patches/patch-ai):

  Security

    - Added the ability for Mailman generated passwords (both member and list
      admin) to be more cryptographically secure.  See new configuration
      variables USER_FRIENDLY_PASSWORDS, MEMBER_PASSWORD_LENGTH, and
      ADMIN_PASSWORD_LENGTH.  Also added a new bin/withlist script called
      reset_pw.py which can be used to reset all member passwords.  Passwords
      generated by Mailman are now 8 characters by default for members, and 10
      characters for list administrators.

    - A potential cross-site scripting hole in the driver script has been
      closed.  Thanks to Florian Weimer for its discovery.  Also, turn
      STEALTH_MODE on by default.
  Internationalization

    - Chinese languages are now supported.  They have been moved from 'big5'
      and 'gb' to 'zh_TW' and 'zh_CN' respectively for compliance to the IANA
      spec.  Note, however, that the character sets were changed from 'Big5'
      or 'GB2312' to 'UTF-8' to cope with the insufficient codecs support in
      Python 2.3 and earlier.  You may have to install Chinese capable codecs
      (like CJKCodecs) separately to handle the incoming messages which are in
      local charsets, or upgrade your Python to 2.4 or newer.

  Behavior or defaults changes

    - VERP_PROBES is disabled by default.

    - bin/withlist can be run without a list name, but only if -i is given.
      Also, withlist puts the directory it's found in at the end of sys.path,
      making it easier to run withlist scripts that live in $prefix/bin.

    - bin/newlist grew two new options: -u/--urlhost and -e/--emailhost which
      lets the user provide the web and email hostnames for the new mailing
      list.  This is a better way to specify the domain for the list, rather
      than the old 'mylist@@hostname' syntax (which is still supported for
      backward compatibility, but deprecated).
  Compatibility

    - Python 2.4 compatibility issue: time.strftime() became strict about the
      'day of year' range.  (1078482)

  New Features

    - New feature: automatic discards of held messages.  List owners can now
      set how many days to hold the messages in the moderator request queue.
      cron/checkdb will automatically discard old messages.  See the
      max_days_to_hold variable in the General Options and
      DEFAULT_MAX_DAYS_TO_HOLD in Defaults.py.  This defaults to 0
      (i.e. disabled). (790494)

    - New feature: subject_prefix can be configured to include a sequence
      number which is taken from the post_id variable.  Also, the prefix is
      always put at the start of the subject, i.e. "[list-name] Re: original
      subject", if mm_cfg.OLD_STYLE_PREFIXING is set No.  The default style
      is "Re: [list-name]" if numbering is not set, for backward compatibility.
      If the list owner is using numbering feature by "%d" directive, the new
      style, "[list-name 123] Re:", is always used.
    - List owners can now cusomize the non-member rejection notice from
      admin/<listname>/privacy/sender page. (1107169)

    - Allow editing of the welcome message from the admin page (1085501).

    - List owners can now use Scrubber to get the attachments scrubbed (held
      in the web archive), if the site admin permits it in mm_cfg.py.  New
      variables introduced are SCRUBBER_DONT_USE_ATTACHMENT_FILENAME and
      SCRUBBER_USE_ATTACHMENT_FILENAME_EXTENSION in Defaults.py for scrubber
      behavior.  (904850)

  Documentation

    - Most of the installation instructions have been moved to a latex
      document.  See admin/www/mailman-install/index.html for details.

  Bug fixes and other patches

    - Mail-to-news gateway now strips subject prefix off from a response
      by a mail user if news_prefix_subject_too is not set.

    - Date and Message-Id headers are added for digests. (1116952)
    - Improved mail address sanity check.  (1030228)

    - SpamDetect.py now checks attachment header.  (1026977)

    - Filter attachments by filename extensions.  (1027882)

    - Bugs and patches: 955381 (older Python compatibility), 1020102/1013079/
      1020013 (fix spam filter removed), 665569 (newer Postfix bounce
      detection), 970383 (moderator -1 admin requests pending), 873035
      (subject handling in -request mail), 799166/946554 (makefile
      compatibility), 872068 (add header/footer via unicode), 1032434
      (KNOWN_SPAMMERS check for multi-header), 1025372 (empty Cc:), 789015
      (fix pipermail URL), 948152 (Out of date link on Docs),  1099138
      (Scrubber.py breaks on None part),  1099840/1099840 (deprecated %
      insertion),  880073/933762 (List-ID RFC compliance),  1090439 (passwd
      reminder shunted), 1112349 (case insensitivity in acceptable_aliases),
      1117618 (Don't Cc for personalized anonymous list), 1190404 (wrong
      permission after editing html)
@
text
@d1 1
a1 1
$NetBSD: patch-ac,v 1.3 2005/03/02 21:09:56 kim Exp $
d3 54
a56 15
--- INSTALL.orig	2004-02-17 18:05:32.000000000 -0500
+++ INSTALL	2005-03-01 19:41:09.000000000 -0500
@@@@ -348,10 +348,10 @@@@
       information.
 
       Now configure your site list.  There is a convenient template
-      for a generic site list in data/sitelist.cfg to help you with
+      for a generic site list in support/sitelist.cfg to help you with
       this.  The template can be applied to your site list by running:
 
-          % bin/config_list -i data/sitelist.cfg mailman
+          % bin/config_list -i support/sitelist.cfg mailman
 
       Before doing this, review the configuration options in the
       template (note that many options are not changed by
@


1.4.4.1
log
@Pullup ticket 947 - requested by Manuel Bouyer
security fix for mailman

Revisions pulled up:
- pkgsrc/mail/mailman/Makefile			1.27
- pkgsrc/mail/mailman/distinfo			1.9
- pkgsrc/mail/mailman/patches/patch-ac		1.5

   Module Name:		pkgsrc
   Committed By:	bouyer
   Date:		Thu Dec  8 21:09:04 UTC 2005

   Modified Files:
   	pkgsrc/mail/mailman: Makefile distinfo
   Added Files:
   	pkgsrc/mail/mailman/patches: patch-ac

   Log Message:
   Apply patch (from debian via Kimmo Suominen) to address
   http://secunia.com/advisories/17511/ (denial of service).
@
text
@d1 1
a1 1
$NetBSD: patch-ac,v 1.5 2005/12/08 21:09:04 bouyer Exp $
d3 15
a17 54
Fix for http://secunia.com/advisories/17511/ adapted from
http://ftp.debian.org/debian/pool/main/m/mailman/mailman_2.1.5-10.diff.gz

--- Mailman/Handlers/Scrubber.py.orig	2005-05-22 22:55:08.000000000 +0300
+++ Mailman/Handlers/Scrubber.py	2005-12-05 12:58:43.000000000 +0200
@@@@ -195,7 +195,10 @@@@ def process(mlist, msg, msgdata=None):
                     url = save_attachment(mlist, part, dir)
                 finally:
                     os.umask(omask)
-                filename = part.get_filename(_('not available'))
+                try:
+                    filename = part.get_filename(_('not available'))
+                except UnicodeDecodeError:
+                    filename = _('not available')
                 filename = Utils.oneline(filename, lcset)
                 del part['content-type']
                 del part['content-transfer-encoding']
@@@@ -300,7 +303,10 @@@@ Url: %(url)s
             finally:
                 os.umask(omask)
             desc = part.get('content-description', _('not available'))
-            filename = part.get_filename(_('not available'))
+            try:
+                filename = part.get_filename(_('not available'))
+            except UnicodeDecodeError:
+                filename = _('not available')
             filename = Utils.oneline(filename, lcset)
             del part['content-type']
             del part['content-transfer-encoding']
@@@@ -408,7 +414,11 @@@@ def save_attachment(mlist, msg, dir, fil
     ctype = msg.get_content_type()
     # i18n file name is encoded
     lcset = Utils.GetCharSet(mlist.preferred_language)
-    filename = Utils.oneline(msg.get_filename(''), lcset)
+    try:
+        filename = msg.get_filename('')
+    except UnicodeDecodeError:
+        filename = ''
+    filename = Utils.oneline(filename, lcset)
     fnext = os.path.splitext(filename)[1]
     # For safety, we should confirm this is valid ext for content-type
     # but we can use fnext if we introduce fnext filtering
@@@@ -434,7 +444,10 @@@@ def save_attachment(mlist, msg, dir, fil
     try:
         # Now base the filename on what's in the attachment, uniquifying it if
         # necessary.
-        filename = msg.get_filename()
+        try:
+            filename = msg.get_filename()
+        except UnicodeDecodeError:
+            filename = None
         if not filename or mm_cfg.SCRUBBER_DONT_USE_ATTACHMENT_FILENAME:
             filebase = 'attachment'
         else:
@


1.3
log
@Upgrade to 2.1.5 due to security issues:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1143
@
text
@d1 1
a1 1
$NetBSD$
@


1.3.2.1
log
@Pullup ticket 536 - requested by Manuel Bouyer
security update for mailman

Revisions pulled up:
- pkgsrc/mail/mailman/Makefile		1.22
- pkgsrc/mail/mailman/PLIST		1.8
- pkgsrc/mail/mailman/distinfo		1.8
- pkgsrc/mail/mailman/patches/patch-ac	removed
- pkgsrc/mail/mailman/patches/patch-ai	removed

   Module Name:	pkgsrc
   Committed By:	bouyer
   Date:		Wed Jun  1 23:25:07 UTC 2005

   Modified Files:
   	pkgsrc/mail/mailman: Makefile PLIST distinfo
   Removed Files:
   	pkgsrc/mail/mailman/patches: patch-ac patch-ai

   Log Message:
   Update to 2.1.6. Changes (note: the fix for CAN-2005-0202 was already in
   pkgsrc as patches/patch-ai):

     Security

       - Added the ability for Mailman generated passwords (both member
         and list admin) to be more cryptographically secure.  See new
         configuration variables USER_FRIENDLY_PASSWORDS,
         MEMBER_PASSWORD_LENGTH, and ADMIN_PASSWORD_LENGTH.  Also added
         a new bin/withlist script called reset_pw.py which can be used
         to reset all member passwords.  Passwords generated by Mailman
         are now 8 characters by default for members, and 10 characters
         for list administrators.

       - A potential cross-site scripting hole in the driver script has been
         closed.  Thanks to Florian Weimer for its discovery.  Also, turn
         STEALTH_MODE on by default.
     Internationalization

       - Chinese languages are now supported.  They have been moved from
         'big5' and 'gb' to 'zh_TW' and 'zh_CN' respectively for compliance
         to the IANA spec.  Note, however, that the character sets were
         changed from 'Big5' or 'GB2312' to 'UTF-8' to cope with the
         insufficient codecs support in Python 2.3 and earlier.  You may
         have to install Chinese capable codecs (like CJKCodecs) separately
         to handle the incoming messages which are in local charsets, or
         upgrade your Python to 2.4 or newer.

     Behavior or defaults changes

       - VERP_PROBES is disabled by default.

       - bin/withlist can be run without a list name, but only if -i is
         given.  Also, withlist puts the directory it's found in at the end
         of sys.path, making it easier to run withlist scripts that live in
         $prefix/bin.

       - bin/newlist grew two new options: -u/--urlhost and -e/--emailhost
         which lets the user provide the web and email hostnames for the new
         mailing list.  This is a better way to specify the domain for the
         list, rather than the old 'mylist@@hostname' syntax (which is still
         supported for backward compatibility, but deprecated).

     Compatibility

       - Python 2.4 compatibility issue: time.strftime() became strict about
         the 'day of year' range.  (1078482)

     New Features

       - New feature: automatic discards of held messages.  List owners can now
         set how many days to hold the messages in the moderator request queue.
         cron/checkdb will automatically discard old messages.  See the
         max_days_to_hold variable in the General Options and
         DEFAULT_MAX_DAYS_TO_HOLD in Defaults.py.  This defaults to 0
         (i.e. disabled). (790494)

       - New feature: subject_prefix can be configured to include a sequence
         number which is taken from the post_id variable.  Also, the prefix is
         always put at the start of the subject, i.e. "[list-name] Re:
         original subject", if mm_cfg.OLD_STYLE_PREFIXING is set No.
         The default style is "Re: [list-name]" if numbering is not set, for
         backward compatibility.  If the list owner is using numbering feature
         by "%d" directive, the new style, "[list-name 123] Re:", is always
         used.
       - List owners can now cusomize the non-member rejection notice from
         admin/<listname>/privacy/sender page. (1107169)

       - Allow editing of the welcome message from the admin page (1085501).

       - List owners can now use Scrubber to get the attachments scrubbed
         (held in the web archive), if the site admin permits it in mm_cfg.py.
         New variables introduced are SCRUBBER_DONT_USE_ATTACHMENT_FILENAME
         and SCRUBBER_USE_ATTACHMENT_FILENAME_EXTENSION in Defaults.py for
         scrubber behavior.  (904850)

     Documentation

       - Most of the installation instructions have been moved to a latex
         document.  See admin/www/mailman-install/index.html for details.

     Bug fixes and other patches

       - Mail-to-news gateway now strips subject prefix off from a response
         by a mail user if news_prefix_subject_too is not set.

       - Date and Message-Id headers are added for digests. (1116952)
       - Improved mail address sanity check.  (1030228)

       - SpamDetect.py now checks attachment header.  (1026977)

       - Filter attachments by filename extensions.  (1027882)

       - Bugs and patches: 955381 (older Python compatibility),
         1020102/1013079/ 1020013 (fix spam filter removed), 665569 (newer
         Postfix bounce detection), 970383 (moderator -1 admin requests
         pending), 873035 (subject handling in -request mail), 799166/946554
         (makefile compatibility), 872068 (add header/footer via unicode),
         1032434 (KNOWN_SPAMMERS check for multi-header), 1025372 (empty
         Cc:), 789015 (fix pipermail URL), 948152 (Out of date link on Docs),
         1099138 (Scrubber.py breaks on None part),  1099840/1099840
         (deprecated % insertion),  880073/933762 (List-ID RFC compliance),
         1090439 (passwd reminder shunted), 1112349 (case insensitivity in
         acceptable_aliases), 1117618 (Don't Cc for personalized anonymous
         list), 1190404 (wrong permission after editing html)
@
text
@d1 1
a1 1
$NetBSD: patch-ac,v 1.3 2005/03/02 21:09:56 kim Exp $
@


1.2
log
@Update to 2.1.3 from pkgsrc-wip via Todd Vierling. This also closes
PR pkg/22820.

Changes:

      - Closed a cross-site scripting exploit in the create cgi script.

      - Improvements in the performance of the bounce processor.
        Now, instead of processing each bounce immediately (which
        can cause severe lock contention), bounce events are queued.
        Every 15 minutes by default, the queued bounce events are
        processed en masse, on a list-per-list basis, so that each
        list only needs to be locked once.

      - When some or all of a message's recipients have temporary
        delivery failures, the message is moved to a "retry" queue.
        This queue wakes up occasionally and moves the file back to
        the outgoing queue for attempted redelivery.  This should
        fix most observed OutgoingRunner 100% cpu consumption,
        especially for bounces to local recipients when using the
        Postfix MTA.

      - Optional support for fsync()'ing qfile data after writing.
        Under some catastrophic system failures (e.g. power lose),
        it would be possible to lose messages because the data
        wasn't sync'd to disk.  By setting SYNC_AFTER_WRITE to True
        in Mailman/Queue/Switchboard.py, you can force Mailman to
        fsync() queue files after flushing them.  The benefits are
        debatable for most operating environments, and you must
        ensure that your Python has the os.fsync() function defined
        before enabling this feature (it isn't, even on all
        Unix-like operating systems).

And more... please review Changelog to see a complete list of changes.
@
text
@d3 8
a10 4
--- INSTALL.orig	Mon Sep 15 15:01:56 2003
+++ INSTALL
@@@@ -331,7 +331,7 @@@@ upgrade.
       for a generic site list in misc/sitelist.cfg to help you with
@


1.2.8.1
log
@Pullup ticket 330 - requested by Lubomir Sedlacik
security fix for mailman

Revisions pulled up:
- pkgsrc/mail/mailman/Makefile		1.21
- pkgsrc/mail/mailman/PLIST		1.6
- pkgsrc/mail/mailman/distinfo		1.7
- pkgsrc/mail/mailman/patches/patch-ac	1.3


    Module Name:    pkgsrc
    Committed By:   kim
    Date:           Wed Mar  2 21:09:56 UTC 2005

    Modified Files:
            pkgsrc/mail/mailman: Makefile PLIST distinfo
            pkgsrc/mail/mailman/patches: patch-ac

    Log Message:
    Upgrade to 2.1.5 due to security issues:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1177
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1143
@
text
@d1 1
a1 1
$NetBSD: patch-ac,v 1.3 2005/03/02 21:09:56 kim Exp $
d3 4
a6 8
--- INSTALL.orig	2004-02-17 18:05:32.000000000 -0500
+++ INSTALL	2005-03-01 19:41:09.000000000 -0500
@@@@ -348,10 +348,10 @@@@
       information.
 
       Now configure your site list.  There is a convenient template
-      for a generic site list in data/sitelist.cfg to help you with
+      for a generic site list in support/sitelist.cfg to help you with
@


1.1
log
@Initial revision
@
text
@d1 1
a1 1
$NetBSD: patch-aa,v 1.4 2002/05/02 16:18:49 martti Exp $
d3 5
a7 8
--- misc/Makefile.in.orig	Thu Jul 25 17:07:03 2002
+++ misc/Makefile.in	Thu Jul 25 17:07:36 2002
@@@@ -68,7 +68,7 @@@@
 	    dir=$(prefix)/$$d; \
 	    $(INSTALL) -m $(FILEMODE) paths.py $$dir; \
 	done
-	$(INSTALL) -m $(DATAMODE) pending_subscriptions.db $(DATADIR)
+	$(INSTALL) -m $(DATAMODE) pending_subscriptions.db $(prefix)/support
d9 2
a10 1
 finish:
d12 2
@


1.1.1.1
log
@Initial import of mailman package (posted to tech-pkg on Aug, 01)
Maiman is a e-mail list manager. It includes a web interface for
management from a user (subscribe/unsuscribe) and administrator point
of view, as well as the traditionnal command-though-emails management.
It also offers web-browsable mailing-list archives.
@
text
@@