SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for mailman-2.1.29-106.4.x86_64.rpm :

* Thu Dec 20 2018 mceplAATTsuse.com- Add mailman-update-cfg to avoid user mailman writing to /usr/lib directories (compiled Python files).
* Tue Dec 11 2018 Jan Engelhardt - Use multi-argument find -exec.- Set bash as build shell due to occurrence of \"=~\".
* Fri Dec 07 2018 mceplAATTsuse.com- Add systemd timers to be used instead of cron. (boo#1115446)- Rewrite whole package to use systemd services instead of SysV init. (boo#1116022)- Lots and lots of cleanup to minimize rpmlint warnings (remainings are either false positives or they don\'t make much sense)
* Wed Aug 22 2018 bwiedemannAATTsuse.com- Add reproducible.patch to use fixed build date in mailman-config to make package build reproducible (boo#1047218)
* Thu Aug 09 2018 mceplAATTsuse.com- Restore generation of /etc/mailman/mailman.cgi-gid (bsc#1095112)
* Thu Jul 26 2018 liedkeAATTrz.uni-mannheim.de- update to 2.1.29:
* Fixed the listinfo and admin overview pages that were broken
* Tue Jul 24 2018 liedkeAATTrz.uni-mannheim.de- update to 2.1.28:
* A content spoofing vulnerability with invalid list name messages in the web UI has been fixed. CVE-2018-13796 bsc#1101288
* It is now possible to edit HTML and text templates via the web admin UI in a supported language other than the list\'s preferred_language.
* The Japanese translation has been updated
* The German translation has been updated
* The Esperanto translation has been updated
* The BLOCK_SPAMHAUS_LISTED_DBL_SUBSCRIBE feature added in 2.1.27 was not working. This is fixed.
* Escaping of HTML entities for the web UI is now done more selectively.
* Wed Jun 27 2018 liedkeAATTrz.uni-mannheim.de- update to 2.1.27 bsc#1099510:
* Existing protections against malicious listowners injecting evil scripts into listinfo pages have had a few more checks added. JVN#00846677/JPCERT#97432283/CVE-2018-0618
* A few more error messages have had their values HTML escaped. JVN#00846677/JPCERT#97432283/CVE-2018-0618
* The hash generated when SUBSCRIBE_FORM_SECRET is set could have been the same as one generated at the same time for a different list and IP address. While this is not thought to be exploitable in any way, the generation has been changed to avoid this.
* An option has been added to bin/add_members to issue invitations instead of immediately adding members.
* A new BLOCK_SPAMHAUS_LISTED_IP_SUBSCRIBE setting has been added to enable blocking web subscribes from IPv4 addresses listed in Spamhaus SBL, CSS or XBL. It will work with IPv6 addresses if Python\'s py2-ipaddress module is installed. The module can be installed via pip if not included in your Python.
* Mailman has a new \'security\' log and logs authentication failures to the various web CGI functions. The logged data include the remote IP and can be used to automate blocking of IPs with something like fail2ban. Since Mailman 2.1.14, these have returned an http 401 status and the information should be logged by the web server, but this new log makes that more convenient. Also, the \'mischief\' log entries for \'hostile listname\' noe include the remote IP if available.
* admin notices of (un)subscribes now may give the source of the action. This consists of a %(whence)s replacement that has been added to the admin(un)subscribeack.txt templates. Thanks to Yasuhito FUTATSUKI for updating the non-English templates and help with internationalizing the reasons.
* there is a new BLOCK_SPAMHAUS_LISTED_DBL_SUBSCRIBE setting to enable blocking web subscribes for addresses in domains listed in the Spamhaus DBL.
* i18n & Bugfixes
* for further details see NEWS
* Mon Mar 19 2018 tchvatalAATTsuse.com- Fix install prefix for some of the files- Install license file
* Fri Mar 16 2018 tchvatalAATTsuse.com- Sort out with spec-cleaner- Use direct paths in post scriptlets and properly state their deps- Do not attempt user creation during build, fails anyway- Use proper user creation code in scriptlets
* Thu Mar 15 2018 liedkeAATTrz.uni-mannheim.de- update to 2.1.26
* An XSS vulnerability in the user options CGI could allow a crafted URL to execute arbitrary javascript in a user\'s browser. A related issue could expose information on a user\'s options page without requiring login. (CVE-2018-5950) bsc#1077358
* Google reCAPTCHA v2
* New bin/mailman-config command to display various information about this Mailman version and how it was configured.
* bug fixes, i18n updates
* for further details see NEWS- updato to 2.1.25
* The admindb held subscriptions listing now includes the date of the most recent request from the address.
* bug fixes, i18n updates
* for further details see NEWS- update to 2.1.24
* bug fixes, i18n updates
* for further details see NEWS- Rename and refresh patch:
* mailman-2.1.2-list_lists.patch to mailman-2.1.26-list_lists.patch
* Mon Nov 27 2017 dmuellerAATTsuse.com- remove distributable flag (which is always true): drops SuSEconfig.mailman-SuSE, mailman-SuSE.patch, mailman-SuSE2.patch
* Thu Nov 23 2017 rbrownAATTsuse.com- Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)
* Thu Jun 29 2017 dimstarAATTopensuse.org- Fix pre script for usage with more recent postfix versions.
* Mon Mar 20 2017 kukukAATTsuse.de- Require system user wwwrun
* Mon Feb 20 2017 kukukAATTsuse.de- Require fillup and insserv if we call them
* Mon Aug 29 2016 hsk17AATTmail.de- update to 2.1.23
* CSRF protection in user options page (CVE-2016-6893)
* header_filter_rules matching: headers and patterns are all decoded to unicode
* another possible REMOVE_DKIM_HEADERS setting
* SMTPDirect.py can now do SASL authentication and STARTTLS
* bug fixes, i18n updates
* for further details see NEWS
* Mon Apr 18 2016 hskAATTimb-jena.de- update to 2.1.22
* bug fixes, i18n updates; for details see NEWS
* Tue Mar 29 2016 hskAATTimb-jena.de- updated mailman-apache2.conf to support \"require\" syntax of recent apache httpd
* Mon Feb 29 2016 hskAATTimb-jena.de- update to 2.1.21
* new dmarc_none_moderation_action list setting
* new feature to automatically turn on moderation for single list members (spam prevention)
* new mm_cfg.py setting GLOBAL_BAN_LIST
* translation updates and bug fixes
* for more details see NEWS and Mailman/Defaults.py- mailman-2.1.4-dirmode.patch: adjusted to 2.1.21
* Wed Feb 03 2016 mpluskalAATTsuse.com- Use url for source- Add gpg signature
* Tue Mar 31 2015 hskAATTimb-jena.de- update to 2.1.20 bsc#925502
* fix for CVE-2015-2775 (path traversal vulnerability)
* new Address Change sub-section in the web admin Membership Management section
* translation updates and bug fixes
* Mon Mar 02 2015 hskAATTimb-jena.de- update to 2.1.19
* backports from 2.2 development branch - new list attribute \'subscribe_auto_approval\' - added \'automate\' option to bin/newlist - processing of Topics regular expressions has changed - added real name display to the web roster, controlled by new ROSTER_DISPLAY_REALNAME setting - bug fixes
* new list attribute dmarc_wrapped_message_text and DEFAULT_DMARC_WRAPPED_MESSAGE_TEXT setting
* new list attribute equivalent_domains and DEFAULT_EQUIVALENT_DOMAINS setting
* new WEB_HEAD_ADD setting
* new DEFAULT_SUBSCRIBE_OR_INVITE setting
* new list attribute bounce_notify_owner_on_bounce_increment and DEFAULT_BOUNCE_NOTIFY_OWNER_ON_BOUNCE_INCREMENT setting
* log files, request.pck files and heldmsg-
* files are no longer created world readable
* i18n updates
* bug fixes
* Fri Oct 17 2014 hskAATTimb-jena.de- update to 2.1.18
* mailman now requires dnspython
* new dmarc_moderation_action feature and corresponging list and default settings
* bug fixes
  
ICM