Subject: CVS commit: [pkgsrc-2005Q1] pkgsrc/mail/mailman
To: None <pkgsrc-changes@NetBSD.org>
From: Lubomir Sedlacik <salo@netbsd.org>
List: pkgsrc-changes
Date: 06/02/2005 11:12:08
Module Name: pkgsrc
Committed By: salo
Date: Thu Jun 2 11:12:08 UTC 2005
Modified Files:
pkgsrc/mail/mailman [pkgsrc-2005Q1]: Makefile PLIST distinfo
Removed Files:
pkgsrc/mail/mailman/patches [pkgsrc-2005Q1]: patch-ac patch-ai
Log Message:
Pullup ticket 536 - requested by Manuel Bouyer
security update for mailman
Revisions pulled up:
- pkgsrc/mail/mailman/Makefile 1.22
- pkgsrc/mail/mailman/PLIST 1.8
- pkgsrc/mail/mailman/distinfo 1.8
- pkgsrc/mail/mailman/patches/patch-ac removed
- pkgsrc/mail/mailman/patches/patch-ai removed
Module Name: pkgsrc
Committed By: bouyer
Date: Wed Jun 1 23:25:07 UTC 2005
Modified Files:
pkgsrc/mail/mailman: Makefile PLIST distinfo
Removed Files:
pkgsrc/mail/mailman/patches: patch-ac patch-ai
Log Message:
Update to 2.1.6. Changes (note: the fix for CAN-2005-0202 was already in
pkgsrc as patches/patch-ai):
Security
- Added the ability for Mailman generated passwords (both member
and list admin) to be more cryptographically secure. See new
configuration variables USER_FRIENDLY_PASSWORDS,
MEMBER_PASSWORD_LENGTH, and ADMIN_PASSWORD_LENGTH. Also added
a new bin/withlist script called reset_pw.py which can be used
to reset all member passwords. Passwords generated by Mailman
are now 8 characters by default for members, and 10 characters
for list administrators.
- A potential cross-site scripting hole in the driver script has been
closed. Thanks to Florian Weimer for its discovery. Also, turn
STEALTH_MODE on by default.
Internationalization
- Chinese languages are now supported. They have been moved from
'big5' and 'gb' to 'zh_TW' and 'zh_CN' respectively for compliance
to the IANA spec. Note, however, that the character sets were
changed from 'Big5' or 'GB2312' to 'UTF-8' to cope with the
insufficient codecs support in Python 2.3 and earlier. You may
have to install Chinese capable codecs (like CJKCodecs) separately
to handle the incoming messages which are in local charsets, or
upgrade your Python to 2.4 or newer.
Behavior or defaults changes
- VERP_PROBES is disabled by default.
- bin/withlist can be run without a list name, but only if -i is
given. Also, withlist puts the directory it's found in at the end
of sys.path, making it easier to run withlist scripts that live in
$prefix/bin.
- bin/newlist grew two new options: -u/--urlhost and -e/--emailhost
which lets the user provide the web and email hostnames for the new
mailing list. This is a better way to specify the domain for the
list, rather than the old 'mylist@hostname' syntax (which is still
supported for backward compatibility, but deprecated).
Compatibility
- Python 2.4 compatibility issue: time.strftime() became strict about
the 'day of year' range. (1078482)
New Features
- New feature: automatic discards of held messages. List owners can now
set how many days to hold the messages in the moderator request queue.
cron/checkdb will automatically discard old messages. See the
max_days_to_hold variable in the General Options and
DEFAULT_MAX_DAYS_TO_HOLD in Defaults.py. This defaults to 0
(i.e. disabled). (790494)
- New feature: subject_prefix can be configured to include a sequence
number which is taken from the post_id variable. Also, the prefix is
always put at the start of the subject, i.e. "[list-name] Re:
original subject", if mm_cfg.OLD_STYLE_PREFIXING is set No.
The default style is "Re: [list-name]" if numbering is not set, for
backward compatibility. If the list owner is using numbering feature
by "%d" directive, the new style, "[list-name 123] Re:", is always
used.
- List owners can now cusomize the non-member rejection notice from
admin/<listname>/privacy/sender page. (1107169)
- Allow editing of the welcome message from the admin page (1085501).
- List owners can now use Scrubber to get the attachments scrubbed
(held in the web archive), if the site admin permits it in mm_cfg.py.
New variables introduced are SCRUBBER_DONT_USE_ATTACHMENT_FILENAME
and SCRUBBER_USE_ATTACHMENT_FILENAME_EXTENSION in Defaults.py for
scrubber behavior. (904850)
Documentation
- Most of the installation instructions have been moved to a latex
document. See admin/www/mailman-install/index.html for details.
Bug fixes and other patches
- Mail-to-news gateway now strips subject prefix off from a response
by a mail user if news_prefix_subject_too is not set.
- Date and Message-Id headers are added for digests. (1116952)
- Improved mail address sanity check. (1030228)
- SpamDetect.py now checks attachment header. (1026977)
- Filter attachments by filename extensions. (1027882)
- Bugs and patches: 955381 (older Python compatibility),
1020102/1013079/ 1020013 (fix spam filter removed), 665569 (newer
Postfix bounce detection), 970383 (moderator -1 admin requests
pending), 873035 (subject handling in -request mail), 799166/946554
(makefile compatibility), 872068 (add header/footer via unicode),
1032434 (KNOWN_SPAMMERS check for multi-header), 1025372 (empty
Cc:), 789015 (fix pipermail URL), 948152 (Out of date link on Docs),
1099138 (Scrubber.py breaks on None part), 1099840/1099840
(deprecated % insertion), 880073/933762 (List-ID RFC compliance),
1090439 (passwd reminder shunted), 1112349 (case insensitivity in
acceptable_aliases), 1117618 (Don't Cc for personalized anonymous
list), 1190404 (wrong permission after editing html)
To generate a diff of this commit:
cvs rdiff -r1.21 -r1.21.2.1 pkgsrc/mail/mailman/Makefile
cvs rdiff -r1.6 -r1.6.2.1 pkgsrc/mail/mailman/PLIST
cvs rdiff -r1.7 -r1.7.2.1 pkgsrc/mail/mailman/distinfo
cvs rdiff -r1.3 -r0 pkgsrc/mail/mailman/patches/patch-ac
cvs rdiff -r1.1 -r0 pkgsrc/mail/mailman/patches/patch-ai
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.