| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
We may eventually need to check for VSNPRINTF.
|
| |
|
|
| |
vulnerability (PR#72)
|
| |
|
|
|
|
|
|
| |
config.db file in the face of IOErrors during the marshal write. This
is critical code so we have to make sure we get it right, but I've
been running it on python.org for about a day and have seen no
problems under normal conditions. I've tested under failure mode too,
but not under real world conditions.
|
| |
|
|
|
|
|
|
|
|
| |
This isn't part of the bsddb.btree interface assumed by Pipermail, but
it's only used in one place and /dramatically/ improves Mailman's
performance.
HyperDatabase.clearIndex(): Use DumbBTree.clear(). These changes may
not fix all the performance problems with Mailman, but certainly nails
the most serious problem I've been experiencing.
|
| | |
|
| |
|
|
|
|
| |
can bomb out with MMAlreadyAMember if the address has already been
subscribed by some other mechanism after the pending confirmation
was registered. Catch this and reply politely.
|
| | |
|
| |
|
|
|
|
|
| |
single message, we must quote any lines beginning with "From " --
the message will be interpreted by the general
HyperArch.HyperArchive.processUnixMailbox() as a (possibly
multi-message) mbox file on it's way into the archive.
|
| |
|
|
|
|
| |
needed. For now, however (trying to move towards 1.0), I've merely
reduced the amount of work done in the child, and wrapped it in a
try: clause for catching fork() failures.
|
| |
|
|
|
|
| |
files. This fixes a problem where one old, invalid queue file would
always cause the queue runner to abort before the newer, possibly
valid queue files were processed.
|
| |
|
|
| |
are valid.
|
| |
|
|
| |
member password mailed back -- if given with no arguments.
|
| |
|
|
| |
all (these used to raise an IndexError).
|
| |
|
|
|
|
| |
to the directory Mailman has been unpacked into, to avoid any
confusion regarding the "src" directory inside "mailman-<version>".
Tried to clarify the solution to smrsh-induced problems.
|
| |
|
|
| |
used in Mailman's web interface?".
|
| |
|
|
| |
already inserted subject prefixes :(
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
smtplib.sendmail() can raise.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* New method WebAuthenticate(). Takes up to three keyword arguments:
user-address, password and cookie-suffix. If password is supplied
(and authenticates OK), issue a cookie -- otherwise try to do
authentication based on cookies.
* MakeCookie(): Changed to actually return a finished Cookie object.
Takes one (non-optional) argument; the created cookie's name.
Fixed bug in setting of cookie's path.
* CheckCookie(): Now takes cookie's name as single argument, and can
raise various MMAuthenticationErrors if that cookie doesn't
authenticate OK.
admin.py: Do explicit re-authentication when changing list admin
password.
admin.py, admindb.py and private.py: Removed isAuthenticated()
function -- use MailList.WebAuthenticate() instead. This removed
the need to import Cookie, so now we don't.
|
| |
|
|
| |
experiment with the addaliases stuff).
|
| |
|
|
|
| |
anything, to disallow bin/newlist creating lists with bogus admin
addresses.
|
| |
|
|
|
|
|
|
|
| |
to be a per-line operation, done after addition of prefix.
AddError(): Use AddToResponse with the new `prefix' argument to make
sure the prefix is added to all the lines of the error message.
Added info on the `help' mail command to the response indicating
processing problems.
Quite a lot of buglet fixes and general cleanup.
|
| |
|
|
| |
MMBadPasswordError and MMPasswordsMustMatch have been moved.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
standard libraries.
This fix has been verified to work on SCO OpenServer 5, which was the
OS for which this change was originally needed. The previous attempt
at a fix, stolen from GNU sh-utils, proved insufficient.
|
| |
|
|
|
|
|
|
|
| |
SecurityManager: New functions MakeCookie() and CheckCookie(). These
functions work with cookies containing cookie creation and expire
time, the client's IP number, and a checksum hash of these values as
well as a secret (the lists (encrypted) admin password).
admin.py, admindb.py and private.py: isAuthenticated now uses these
new cookie functions.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
I've found two places where smtplib.py sends an extra trailing space
on command lines to the SMTP server. I don't know if this ever causes
any problems, but I'd prefer to be on the safe side. The enclosed
patch removes the extra space.
|
| |
|
|
| |
archives.
|
| |
|
|
|
|
|
|
|
|
| |
contained objects representation after putting them through
Utils.QuoteHyperChars().
Changed class Preformatted to be a subclass of the new QuotedContainer
class.
This hopefully will make the admindb pages display emails containing
"<", ">" etc. characters correctly. It will lose if someone tries to
use other HTML elements inside a Preformatted container.
|
| |
|
|
|
| |
lines is reached, inclusion of the rest of the original message was
being truncated (and was using a strange line prefix). Fixed.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
MailList.py:
Changed MailList.SetUserOption() to take a `save_list' keyword
argument (defaulting to true). When false, SetUserOption won't do
self.Save() after changing the option.
New function MailList.ApprovedAddMembers() (note plural) that takes
a list of prospective new list members (and possibly a list of
corresponding passwords), and does _all_ the necessary list changes
before saving the list configuration. Empty passwords are
substituted with randomly generated ones. Returns a dict with
{address: exception_tuple} entries -- exception_tuple is either None
or a two-element tuple containing the first exception type and value
raised when trying to add address. The exception traceback object
isn't included in the returned dict, because a) I don't think it is
very useful for the relevant exceptions, and b) using it wrongly
could cause some fuzz with Python's garbage collector -- i.e. we
would leak memory.
Changed MailList.ApprovedAddMember() to be a mere wrapper, calling
the new ApprovedAddMembers() function and reraising any exception in
the returned dict.
Also made the logic of the code doing subject prefixing a bit
clearer, and changed MailList.aside_new() so that list's config.db
files are saved with umask 007 (as they contain all list members'
passwords in clear text).
Utils.py:
New function MakeRandomPassword(length=4), used by
MailList.ApprovedAddMembers() whenever empty passwords are found.
The default random password length should possibly be made site
configurable.
Also, fixed an error in the _badchars regular expression -- the
final "," was probably meant to be inside the character set.
Cgi/admin.py:
Changed ChangeOptions() to use the new MailList.ApprovedAddMembers()
function.
|
| |
|
|
| |
lockfiles eating up all the available filehandles.
|
| |
|
|
|
|
|
|
| |
outside of the default libs.
Ran autoconf (from autoconf-2.13) to update configure.
src/common.[ch] now has #ifdefs around syslog-using code -- thus,
Mailman will compile, but _without any syslog calls_ if configure
couldn't find syslog().
|
| |
|
|
|
| |
envvar, but not HTTP_HOST. Thus, if HTTP_HOST is unset, try getting
SERVER_NAME.
|
| |
|
|
|
|
|
|
|
| |
Mailman.
IncomingMessage.SetHeader(): This messed up when changing headers that
spanned multiple lines -- changed it to use rfc822.Message's
emulation of a mapping type, which seems to get this right.
IncomingMessage.__delitem__(): Removed, inherit from rfc822.Message
instead.
|
| |
|
|
| |
SecurityManager raises when the user addr isn't on the list.
|
| | |
|
| | |
|
| | |
|
