Subject: CVS commit: [pkgsrc-2005Q1] pkgsrc/mail/mailman
To: None <>
From: Lubomir Sedlacik <>
List: pkgsrc-changes
Date: 06/02/2005 11:12:08
Module Name:	pkgsrc
Committed By:	salo
Date:		Thu Jun  2 11:12:08 UTC 2005

Modified Files:
	pkgsrc/mail/mailman [pkgsrc-2005Q1]: Makefile PLIST distinfo
Removed Files:
	pkgsrc/mail/mailman/patches [pkgsrc-2005Q1]: patch-ac patch-ai

Log Message:
Pullup ticket 536 - requested by Manuel Bouyer
security update for mailman

Revisions pulled up:
- pkgsrc/mail/mailman/Makefile		1.22
- pkgsrc/mail/mailman/PLIST		1.8
- pkgsrc/mail/mailman/distinfo		1.8
- pkgsrc/mail/mailman/patches/patch-ac	removed
- pkgsrc/mail/mailman/patches/patch-ai	removed

   Module Name:	pkgsrc
   Committed By:	bouyer
   Date:		Wed Jun  1 23:25:07 UTC 2005

   Modified Files:
   	pkgsrc/mail/mailman: Makefile PLIST distinfo
   Removed Files:
   	pkgsrc/mail/mailman/patches: patch-ac patch-ai

   Log Message:
   Update to 2.1.6. Changes (note: the fix for CAN-2005-0202 was already in
   pkgsrc as patches/patch-ai):


       - Added the ability for Mailman generated passwords (both member
         and list admin) to be more cryptographically secure.  See new
         configuration variables USER_FRIENDLY_PASSWORDS,
         a new bin/withlist script called which can be used
         to reset all member passwords.  Passwords generated by Mailman
         are now 8 characters by default for members, and 10 characters
         for list administrators.

       - A potential cross-site scripting hole in the driver script has been
         closed.  Thanks to Florian Weimer for its discovery.  Also, turn
         STEALTH_MODE on by default.

       - Chinese languages are now supported.  They have been moved from
         'big5' and 'gb' to 'zh_TW' and 'zh_CN' respectively for compliance
         to the IANA spec.  Note, however, that the character sets were
         changed from 'Big5' or 'GB2312' to 'UTF-8' to cope with the
         insufficient codecs support in Python 2.3 and earlier.  You may
         have to install Chinese capable codecs (like CJKCodecs) separately
         to handle the incoming messages which are in local charsets, or
         upgrade your Python to 2.4 or newer.

     Behavior or defaults changes

       - VERP_PROBES is disabled by default.

       - bin/withlist can be run without a list name, but only if -i is
         given.  Also, withlist puts the directory it's found in at the end
         of sys.path, making it easier to run withlist scripts that live in

       - bin/newlist grew two new options: -u/--urlhost and -e/--emailhost
         which lets the user provide the web and email hostnames for the new
         mailing list.  This is a better way to specify the domain for the
         list, rather than the old 'mylist@hostname' syntax (which is still
         supported for backward compatibility, but deprecated).


       - Python 2.4 compatibility issue: time.strftime() became strict about
         the 'day of year' range.  (1078482)

     New Features

       - New feature: automatic discards of held messages.  List owners can now
         set how many days to hold the messages in the moderator request queue.
         cron/checkdb will automatically discard old messages.  See the
         max_days_to_hold variable in the General Options and
         DEFAULT_MAX_DAYS_TO_HOLD in  This defaults to 0
         (i.e. disabled). (790494)

       - New feature: subject_prefix can be configured to include a sequence
         number which is taken from the post_id variable.  Also, the prefix is
         always put at the start of the subject, i.e. "[list-name] Re:
         original subject", if mm_cfg.OLD_STYLE_PREFIXING is set No.
         The default style is "Re: [list-name]" if numbering is not set, for
         backward compatibility.  If the list owner is using numbering feature
         by "%d" directive, the new style, "[list-name 123] Re:", is always
       - List owners can now cusomize the non-member rejection notice from
         admin/<listname>/privacy/sender page. (1107169)

       - Allow editing of the welcome message from the admin page (1085501).

       - List owners can now use Scrubber to get the attachments scrubbed
         (held in the web archive), if the site admin permits it in
         New variables introduced are SCRUBBER_DONT_USE_ATTACHMENT_FILENAME
         scrubber behavior.  (904850)


       - Most of the installation instructions have been moved to a latex
         document.  See admin/www/mailman-install/index.html for details.

     Bug fixes and other patches

       - Mail-to-news gateway now strips subject prefix off from a response
         by a mail user if news_prefix_subject_too is not set.

       - Date and Message-Id headers are added for digests. (1116952)
       - Improved mail address sanity check.  (1030228)

       - now checks attachment header.  (1026977)

       - Filter attachments by filename extensions.  (1027882)

       - Bugs and patches: 955381 (older Python compatibility),
         1020102/1013079/ 1020013 (fix spam filter removed), 665569 (newer
         Postfix bounce detection), 970383 (moderator -1 admin requests
         pending), 873035 (subject handling in -request mail), 799166/946554
         (makefile compatibility), 872068 (add header/footer via unicode),
         1032434 (KNOWN_SPAMMERS check for multi-header), 1025372 (empty
         Cc:), 789015 (fix pipermail URL), 948152 (Out of date link on Docs),
         1099138 ( breaks on None part),  1099840/1099840
         (deprecated % insertion),  880073/933762 (List-ID RFC compliance),
         1090439 (passwd reminder shunted), 1112349 (case insensitivity in
         acceptable_aliases), 1117618 (Don't Cc for personalized anonymous
         list), 1190404 (wrong permission after editing html)

To generate a diff of this commit:
cvs rdiff -r1.21 -r1.21.2.1 pkgsrc/mail/mailman/Makefile
cvs rdiff -r1.6 -r1.6.2.1 pkgsrc/mail/mailman/PLIST
cvs rdiff -r1.7 -r1.7.2.1 pkgsrc/mail/mailman/distinfo
cvs rdiff -r1.3 -r0 pkgsrc/mail/mailman/patches/patch-ac
cvs rdiff -r1.1 -r0 pkgsrc/mail/mailman/patches/patch-ai

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.