Package Release Info

mailman-2.1.29-bp152.6.12

Update Info: Base Release
Available in Package Hub : 15 SP2

platforms

AArch64
ppc64le
s390x
x86-64

subpackages

mailman

Change Logs

Version: 2.1.29-bp151.5.9.1
* Tue May 12 2020 Matej Cepl <mcepl@suse.com>
- Add CVE-2020-12108_injection_options.patch fixing bsc#1171363
  (CVE-2020-12108)
- Make two remaining patches -p1 as well:
  - mailman-2.1.26-list_lists.patch
  - mailman-wrapper.patch
* Mon May 11 2020 Matej Cepl <mcepl@suse.com>
- Don't default to invalid hosts for DEFAULT_EMAIL_HOST
  (bsc#682920), adjust mailman-2.1.14-python.dif.
- Reapply and adjust remaining patches:
  - mailman-2.1.14-editarch.patch
  - mailman-2.1.4-dirmode.patch
  - mailman-2.1.4-notavaliduser.patch
  - mailman-2.1.5-no_extra_asian.dif
  - mailman-weak-password.diff
Version: 2.1.29-bp151.5.6.1
* Tue Apr 28 2020 Matej Cepl <mcepl@suse.com>
- Fix rights and ownership on /var/lib/mailman/archives (bsc#1167068)
Version: 2.1.29-bp151.5.3.1
* Fri Jan 24 2020 Johannes Segitz <jsegitz@suse.de>
- Don't use explicit chown and chmod in %post, but rather use
  %attr in files. Avoid bsc#1154328 (CVE-2019-3693)
Version: 2.1.29-bp150.2.3.1
* Mon Feb 25 2019 Matej Cepl <mcepl@suse.com>
- boo#1095112: add /etc/mailman/mailman.cgi-gid and fix user
  rights.
Version: 2.1.29-bp150.1.1
* Fri Aug 03 2018 liedke@rz.uni-mannheim.de
- update to 2.1.29:
  * Fixed the listinfo and admin overview pages that were broken
* Tue Jul 24 2018 liedke@rz.uni-mannheim.de
- update to 2.1.28:
  * A content spoofing vulnerability with invalid list name messages in
    the web UI has been fixed.  CVE-2018-13796 bsc#1101288
  * It is now possible to edit HTML and text templates via the web admin
    UI in a supported language other than the list's preferred_language.
  * The Japanese translation has been updated
  * The German translation has been updated
  * The Esperanto translation has been updated
  * The BLOCK_SPAMHAUS_LISTED_DBL_SUBSCRIBE feature added in 2.1.27 was
    not working.  This is fixed.
  * Escaping of HTML entities for the web UI is now done more selectively.
* Thu Jun 28 2018 liedke@rz.uni-mannheim.de
- update to 2.1.27
  * Existing protections against malicious listowners injecting evil
    scripts into listinfo pages have had a few more checks added.
    JVN#00846677/JPCERT#97432283/CVE-2018-0618 (boo#1099510)
  * A few more error messages have had their values HTML escaped.
    JVN#00846677/JPCERT#97432283/CVE-2018-0618 (boo#1099510)
  * The hash generated when SUBSCRIBE_FORM_SECRET is set could have been
    the same as one generated at the same time for a different list and
    IP address.  While this is not thought to be exploitable in any way,
    the generation has been changed to avoid this.
  * An option has been added to bin/add_members to issue invitations
    instead of immediately adding members.
  * A new BLOCK_SPAMHAUS_LISTED_IP_SUBSCRIBE setting has been added to
    enable blocking web subscribes from IPv4 addresses listed in Spamhaus
    SBL, CSS or XBL.  It will work with IPv6 addresses if Python's
    py2-ipaddress module is installed.  The module can be installed via pip
    if not included in your Python.
  * Mailman has a new 'security' log and logs
    authentication failures to the various web CGI functions.  The logged
    data include the remote IP and can be used to automate blocking of IPs
    with something like fail2ban.  Since Mailman 2.1.14, these have returned
    an http 401 status and the information should be logged by the web
    server, but this new log makes that more convenient.  Also, the
    'mischief' log entries for 'hostile listname' noe include the remote IP
    if available.
  * admin notices of (un)subscribes now may give
    the source of the action.  This consists of a %(whence)s replacement
    that has been added to the admin(un)subscribeack.txt templates.  Thanks
    to Yasuhito FUTATSUKI for updating the non-English templates and help
    with internationalizing the reasons.
  * there is a new
    BLOCK_SPAMHAUS_LISTED_DBL_SUBSCRIBE setting to enable blocking web
    subscribes for addresses in domains listed in the Spamhaus DBL.
  * i18n & Bugfixes
  * for further details see NEWS
* Mon Mar 19 2018 tchvatal@suse.com
- Fix install prefix for some of the files
- Install license file
* Fri Mar 16 2018 tchvatal@suse.com
- Sort out with spec-cleaner
- Use direct paths in post scriptlets and properly state their deps
- Do not attempt user creation during build, fails anyway
- Use proper user creation code in scriptlets
* Thu Mar 15 2018 liedke@rz.uni-mannheim.de
- update to 2.1.26
  * An XSS vulnerability in the user options CGI could allow a crafted
    URL to execute arbitrary javascript in a user's browser.  A
    related issue could expose information on a user's options page
    without requiring login. (CVE-2018-5950) bsc#1077358
  * Google reCAPTCHA v2
  * New bin/mailman-config command to display various information
    about this Mailman version and how it was configured.
  * bug fixes, i18n updates
  * for further details see NEWS
- updato to 2.1.25
  * The admindb held subscriptions listing now includes the date of the
    most recent request from the address.
  * bug fixes, i18n updates
  * for further details see NEWS
- update to 2.1.24
  * bug fixes, i18n updates
  * for further details see NEWS
- Rename and refresh patch:
  * mailman-2.1.2-list_lists.patch to mailman-2.1.26-list_lists.patch
* Mon Nov 27 2017 dmueller@suse.com
- remove distributable flag (which is always true):
  drops SuSEconfig.mailman-SuSE, mailman-SuSE.patch, mailman-SuSE2.patch
* Thu Nov 23 2017 rbrown@suse.com
- Replace references to /var/adm/fillup-templates with new
  %_fillupdir macro (boo#1069468)
* Thu Jun 29 2017 dimstar@opensuse.org
- Fix pre script for usage with more recent postfix versions.
* Mon Mar 20 2017 kukuk@suse.de
- Require system user wwwrun
* Mon Feb 20 2017 kukuk@suse.de
- Require fillup and insserv if we call them
* Mon Aug 29 2016 hsk17@mail.de
- update to 2.1.23
  * CSRF protection in user options page (CVE-2016-6893)
  * header_filter_rules matching: headers and patterns are all
    decoded to unicode
  * another possible REMOVE_DKIM_HEADERS setting
  * SMTPDirect.py can now do SASL authentication and STARTTLS
  * bug fixes, i18n updates
  * for further details see NEWS
* Mon Apr 18 2016 hsk@imb-jena.de
- update to 2.1.22
  * bug fixes, i18n updates; for details see NEWS
* Tue Mar 29 2016 hsk@imb-jena.de
- updated mailman-apache2.conf to support "require" syntax of recent
  apache httpd
* Mon Feb 29 2016 hsk@imb-jena.de
- update to 2.1.21
  * new dmarc_none_moderation_action list setting
  * new feature to automatically turn on moderation for single list
    members (spam prevention)
  * new mm_cfg.py setting GLOBAL_BAN_LIST
  * translation updates and bug fixes
  * for more details see NEWS and Mailman/Defaults.py
- mailman-2.1.4-dirmode.patch: adjusted to 2.1.21
* Wed Feb 03 2016 mpluskal@suse.com
- Use url for source
- Add gpg signature
* Tue Mar 31 2015 hsk@imb-jena.de
- update to 2.1.20
  * fix for CVE-2015-2775 (path traversal vulnerability)
  * new Address Change sub-section in the web admin Membership
    Management section
  * translation updates and bug fixes
* Mon Mar 02 2015 hsk@imb-jena.de
- update to 2.1.19
  * backports from 2.2 development branch
  - new list attribute 'subscribe_auto_approval'
  - added 'automate' option to bin/newlist
  - processing of Topics regular expressions has changed
  - added real name display to the web roster, controlled by new
    ROSTER_DISPLAY_REALNAME setting
  - bug fixes
  * new list attribute dmarc_wrapped_message_text and
    DEFAULT_DMARC_WRAPPED_MESSAGE_TEXT setting
  * new list attribute equivalent_domains and DEFAULT_EQUIVALENT_DOMAINS
    setting
  * new WEB_HEAD_ADD setting
  * new DEFAULT_SUBSCRIBE_OR_INVITE setting
  * new list attribute bounce_notify_owner_on_bounce_increment and
    DEFAULT_BOUNCE_NOTIFY_OWNER_ON_BOUNCE_INCREMENT setting
  * log files, request.pck files and heldmsg-* files are no longer created
    world readable
  * i18n updates
  * bug fixes
* Fri Oct 17 2014 hsk@imb-jena.de
- update to 2.1.18
  * mailman now requires dnspython
  * new dmarc_moderation_action feature and corresponging list and default
    settings
  * bug fixes
* Fri Feb 14 2014 jmatejek@suse.com
- rename README.SuSE
- update to 2.1.17
  * option to strip/keep non-standard headers in anonymous lists
  * option to make membership checks on mail-news gateway
  * UI improvements for admin interface
  * digest_size_threshold = 0 now means that *no* digest is sent
    based on size
  * option to CSRF-protect subscription form
  * admins can add members with mail delivery disabled
  * configurable name of master lock
  * updated translations
- updated list_lists patch because upstream list_lists now has
  an argument -p / --public-archive that does the same as SUSE-specific
  argument -u / --public-archives. Both spellings are supported
  and are synonymous.