I have released Mailman 2.1.3, a bug fix release which also contains
support for four new languages: Ukrainian, Serbian, Euskara (Basque),
and Danish. This release also contains a fix for a cross-site
scripting vulnerability in the 'create' cgi script, as well as
improved performance of the bounce and outgoing queue runners. I
recommend all sites running versions of the 2.1.x line upgrade to the
new version.

The full source tarball has been made available from the usual sites
(although the gnu.org sites have not yet been updated). Sorry, there
is no patch available, but you should be able to install 2.1.3 over
your existing 2.1.x installation. See

http://sourceforge.net/project/showfiles.php?group_id3

for links to download all the patches and the source tarballs. After
installing, be sure you restart your Mailman daemon by doing a
"mailmanctl restart".

See also:

http://www.gnu.org/software/mailman
http://www.list.org (not yet updated)
http://mailman.sf.net

Cheers,
-Barry

-------------------- snip snip --------------------
2.1.3 (28-Sep-2003)

Performance, Reliability, Security

- Closed a cross-site scripting exploit in the create cgi script.

- Improvements in the performance of the bounce processor.
Now, instead of processing each bounce immediately (which
can cause severe lock contention), bounce events are queued.
Every 15 minutes by default, the queued bounce events are
processed en masse, on a list-per-list basis, so that each
list only needs to be locked once.

- When some or all of a message's recipients have temporary
delivery failures, the message is moved to a "retry" queue.
This queue wakes up occasionally and moves the file back to
the outgoing queue for attempted redelivery. This should
fix most observed OutgoingRunner 100% cpu consumption,
especially for bounces to local recipients when using the
Postfix MTA.

- Optional support for fsync()'ing qfile data after writing.
Under some catastrophic system failures (e.g. power lose),
it would be possible to lose messages because the data
wasn't sync'd to disk. By setting SYNC_AFTER_WRITE to True
in Mailman/Queue/Switchboard.py, you can force Mailman to
fsync() queue files after flushing them. The benefits are
debatable for most operating environments, and you must
ensure that your Python has the os.fsync() function defined
before enabling this feature (it isn't, even on all
Unix-like operating systems).

Internationalization

- New languages Ukrainian, Serbian, Danish, Euskara/Basque.

- Fixes to template lookup. Lists with local overriding
templates would find the wrong template.

- .mo files (for internationalization) are now generated at
build time instead of coming as part of the source
distribution.

Documentation

- A first draft of member documentation by Terri Oda. There
is also a Japanese translation of this manual by Ikeda Soji.

Archiver / Pipermail

- In the configuration variables PUBLIC_EXTERNAL_ARCHIVER, and
PRIVATE_EXTERNAL_ARCHIVER, %(hostname)s has been added to
the list of allowable substitution variables.

- The timezone is now taken into account when figuring the
posting date for an article.

Scripts / Cron

- Fixes to cron/disabled for NotAMemberError crashes.

- New script bin/show_qfiles which prints the contents of .pck
message files. New script bin/discard which can be used to
mass discard held messages.

- Fixes to cron/mailpasswds to account for old password-less
subscriptions.

- bin/list_members has grown two new options: --invalid/-i
prints only the addresses in the member database that are
invalid (which could have snuck in via old releases);
--unicode/-u prints addresses which are stored as Unicode
objects instead of as normal strings.

Miscellaneous

- Fixes to problems in some configurations where Python wouldn't
be able to find its standard library.

- Fixes to the digest which could cause MIME-losing missing
newlines when parts are scrubbed via the content filters.

- In the News/Mail gateway admin page, the configuration variable
nntp_host can now be a name:port pair.

- When messages are pulled from NNTP, the member moderation checks
are short-circuited.

- email 2.5.4 is included. This fixes an RFC 2231 bug, among
possibly others.

- Fixed some extra spaces that could appear in the List-ID header.

- Fixes to ensure that invalid email addresses can't be invited.

- WEB_LINK_COLOR in Defaults.py/mm_cfg.py should now work.

- Fixes so that shunted message file names actually match
those logged in log/errors.

- An improved pending action cookie generation algorithm has
been added.

- Fixes to the DSN bounce detector.

- The usual additional u/i, internationalization, unicode, and
other miscellaneous fixes.

Search Discussions

  • Ricardo Kleemann at Sep 29, 2003 at 2:37 pm
    Hi,

    Is there a way for mailman's configure script to detect the
    current settings (such as
    --with-username, --with-mail-gid and so on)?

    Or is there a quick way for me to manually check what they
    should be?

    I want to be able to upgrade mailman, but I never remember
    exactly what those settings should be, and since I have
    non-default settings, everytime I rebuild mailman,
    everything goes out of whack because I haven't specified the
    appropriate configuration.


    ----- Original Message Follows -----

    I have released Mailman 2.1.3, a bug fix release which
    also contains support for four new languages: Ukrainian,
    Serbian, Euskara (Basque), and Danish. This release also
    contains a fix for a cross-site scripting vulnerability in
    the 'create' cgi script, as well as improved performance
    of the bounce and outgoing queue runners. I recommend all
    sites running versions of the 2.1.x line upgrade to the
    new version.

    The full source tarball has been made available from the
    usual sites (although the gnu.org sites have not yet been
    updated). Sorry, there is no patch available, but you
    should be able to install 2.1.3 over your existing 2.1.x
    installation. See


    http://sourceforge.net/project/showfiles.php?group_id3

    for links to download all the patches and the source
    tarballs. After installing, be sure you restart your
    Mailman daemon by doing a "mailmanctl restart".

    See also:

    http://www.gnu.org/software/mailman
    http://www.list.org (not yet updated)
    http://mailman.sf.net

    Cheers,
    -Barry

    -------------------- snip snip --------------------
    2.1.3 (28-Sep-2003)

    Performance, Reliability, Security

    - Closed a cross-site scripting exploit in the
    create cgi script.

    - Improvements in the performance of the bounce
    processor.
    Now, instead of processing each bounce
    immediately (which
    can cause severe lock contention), bounce events
    are queued.
    Every 15 minutes by default, the queued bounce
    events are
    processed en masse, on a list-per-list basis, so
    that each
    list only needs to be locked once.

    - When some or all of a message's recipients have
    temporary
    delivery failures, the message is moved to a
    "retry" queue.
    This queue wakes up occasionally and moves the
    file back to
    the outgoing queue for attempted redelivery.
    This should
    fix most observed OutgoingRunner 100% cpu
    consumption,
    especially for bounces to local recipients when
    using the
    Postfix MTA.

    - Optional support for fsync()'ing qfile data
    after writing.
    Under some catastrophic system failures (e.g.
    power lose),
    it would be possible to lose messages because
    the data
    wasn't sync'd to disk. By setting
    SYNC_AFTER_WRITE to True
    in Mailman/Queue/Switchboard.py, you can force
    Mailman to
    fsync() queue files after flushing them. The
    benefits are
    debatable for most operating environments, and
    you must
    ensure that your Python has the os.fsync()
    function defined
    before enabling this feature (it isn't, even on
    all
    Unix-like operating systems).

    Internationalization

    - New languages Ukrainian, Serbian, Danish,
    Euskara/Basque.

    - Fixes to template lookup. Lists with local
    overriding
    templates would find the wrong template.

    - .mo files (for internationalization) are now
    generated at
    build time instead of coming as part of the
    source
    distribution.

    Documentation

    - A first draft of member documentation by Terri
    Oda. There
    is also a Japanese translation of this manual by
    Ikeda Soji.

    Archiver / Pipermail

    - In the configuration variables
    PUBLIC_EXTERNAL_ARCHIVER, and
    PRIVATE_EXTERNAL_ARCHIVER, %(hostname)s has been
    added to
    the list of allowable substitution variables.

    - The timezone is now taken into account when
    figuring the
    posting date for an article.

    Scripts / Cron

    - Fixes to cron/disabled for NotAMemberError
    crashes.

    - New script bin/show_qfiles which prints the
    contents of .pck
    message files. New script bin/discard which can
    be used to
    mass discard held messages.

    - Fixes to cron/mailpasswds to account for old
    password-less
    subscriptions.

    - bin/list_members has grown two new options:
    --invalid/-i
    prints only the addresses in the member database
    that are
    invalid (which could have snuck in via old
    releases);
    --unicode/-u prints addresses which are stored
    as Unicode
    objects instead of as normal strings.

    Miscellaneous

    - Fixes to problems in some configurations where
    Python wouldn't
    be able to find its standard library.

    - Fixes to the digest which could cause
    MIME-losing missing
    newlines when parts are scrubbed via the content
    filters.

    - In the News/Mail gateway admin page, the
    configuration variable
    nntp_host can now be a name:port pair.

    - When messages are pulled from NNTP, the member
    moderation checks
    are short-circuited.

    - email 2.5.4 is included. This fixes an RFC 2231
    bug, among
    possibly others.

    - Fixed some extra spaces that could appear in the
    List-ID header.

    - Fixes to ensure that invalid email addresses
    can't be invited.

    - WEB_LINK_COLOR in Defaults.py/mm_cfg.py should
    now work.

    - Fixes so that shunted message file names
    actually match
    those logged in log/errors.

    - An improved pending action cookie generation
    algorithm has
    been added.

    - Fixes to the DSN bounce detector.

    - The usual additional u/i, internationalization,
    unicode, and
    other miscellaneous fixes.

    ------------------------------------------------------
    Mailman-Users mailing list
    Mailman-Users at python.org
    http://mail.python.org/mailman/listinfo/mailman-users
    Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
    Searchable Archives:
    http://www.mail-archive.com/mailman-users%40python.org/

    This message was sent to: ricardo at americasnet.com
    Unsubscribe or change your options at
    http://mail.python.org/mailman/options/mailman-users/ricardo%40americasnet.com
  • Barry Warsaw at Sep 29, 2003 at 2:41 pm

    On Mon, 2003-09-29 at 10:37, Ricardo Kleemann wrote:
    Hi,

    Is there a way for mailman's configure script to detect the
    current settings (such as
    --with-username, --with-mail-gid and so on)?

    Or is there a quick way for me to manually check what they
    should be?

    I want to be able to upgrade mailman, but I never remember
    exactly what those settings should be, and since I have
    non-default settings, everytime I rebuild mailman,
    everything goes out of whack because I haven't specified the
    appropriate configuration.
    You can look in config.log (on some systems config.status). Look in the
    first bunch of lines and it will show you the options you used the last
    time you ran configure -- as long as you have your old source tree still
    around, of course!

    -Barry
  • Chris Linstruth at Sep 29, 2003 at 2:45 pm
    Take a look at config.status.

    --
    Chris Linstruth <cjl at qnet.com>
    On Mon, 29 Sep 2003, Ricardo Kleemann wrote:


    Hi,

    Is there a way for mailman's configure script to detect the
    current settings (such as
    --with-username, --with-mail-gid and so on)?

    Or is there a quick way for me to manually check what they
    should be?

    I want to be able to upgrade mailman, but I never remember
    exactly what those settings should be, and since I have
    non-default settings, everytime I rebuild mailman,
    everything goes out of whack because I haven't specified the
    appropriate configuration.


    ----- Original Message Follows -----

    I have released Mailman 2.1.3, a bug fix release which
    also contains support for four new languages: Ukrainian,
    Serbian, Euskara (Basque), and Danish. This release also
    contains a fix for a cross-site scripting vulnerability in
    the 'create' cgi script, as well as improved performance
    of the bounce and outgoing queue runners. I recommend all
    sites running versions of the 2.1.x line upgrade to the
    new version.

    The full source tarball has been made available from the
    usual sites (although the gnu.org sites have not yet been
    updated). Sorry, there is no patch available, but you
    should be able to install 2.1.3 over your existing 2.1.x
    installation. See


    http://sourceforge.net/project/showfiles.php?group_id3

    for links to download all the patches and the source
    tarballs. After installing, be sure you restart your
    Mailman daemon by doing a "mailmanctl restart".

    See also:

    http://www.gnu.org/software/mailman
    http://www.list.org (not yet updated)
    http://mailman.sf.net

    Cheers,
    -Barry

    -------------------- snip snip --------------------
    2.1.3 (28-Sep-2003)

    Performance, Reliability, Security

    - Closed a cross-site scripting exploit in the
    create cgi script.

    - Improvements in the performance of the bounce
    processor.
    Now, instead of processing each bounce
    immediately (which
    can cause severe lock contention), bounce events
    are queued.
    Every 15 minutes by default, the queued bounce
    events are
    processed en masse, on a list-per-list basis, so
    that each
    list only needs to be locked once.

    - When some or all of a message's recipients have
    temporary
    delivery failures, the message is moved to a
    "retry" queue.
    This queue wakes up occasionally and moves the
    file back to
    the outgoing queue for attempted redelivery.
    This should
    fix most observed OutgoingRunner 100% cpu
    consumption,
    especially for bounces to local recipients when
    using the
    Postfix MTA.

    - Optional support for fsync()'ing qfile data
    after writing.
    Under some catastrophic system failures (e.g.
    power lose),
    it would be possible to lose messages because
    the data
    wasn't sync'd to disk. By setting
    SYNC_AFTER_WRITE to True
    in Mailman/Queue/Switchboard.py, you can force
    Mailman to
    fsync() queue files after flushing them. The
    benefits are
    debatable for most operating environments, and
    you must
    ensure that your Python has the os.fsync()
    function defined
    before enabling this feature (it isn't, even on
    all
    Unix-like operating systems).

    Internationalization

    - New languages Ukrainian, Serbian, Danish,
    Euskara/Basque.

    - Fixes to template lookup. Lists with local
    overriding
    templates would find the wrong template.

    - .mo files (for internationalization) are now
    generated at
    build time instead of coming as part of the
    source
    distribution.

    Documentation

    - A first draft of member documentation by Terri
    Oda. There
    is also a Japanese translation of this manual by
    Ikeda Soji.

    Archiver / Pipermail

    - In the configuration variables
    PUBLIC_EXTERNAL_ARCHIVER, and
    PRIVATE_EXTERNAL_ARCHIVER, %(hostname)s has been
    added to
    the list of allowable substitution variables.

    - The timezone is now taken into account when
    figuring the
    posting date for an article.

    Scripts / Cron

    - Fixes to cron/disabled for NotAMemberError
    crashes.

    - New script bin/show_qfiles which prints the
    contents of .pck
    message files. New script bin/discard which can
    be used to
    mass discard held messages.

    - Fixes to cron/mailpasswds to account for old
    password-less
    subscriptions.

    - bin/list_members has grown two new options:
    --invalid/-i
    prints only the addresses in the member database
    that are
    invalid (which could have snuck in via old
    releases);
    --unicode/-u prints addresses which are stored
    as Unicode
    objects instead of as normal strings.

    Miscellaneous

    - Fixes to problems in some configurations where
    Python wouldn't
    be able to find its standard library.

    - Fixes to the digest which could cause
    MIME-losing missing
    newlines when parts are scrubbed via the content
    filters.

    - In the News/Mail gateway admin page, the
    configuration variable
    nntp_host can now be a name:port pair.

    - When messages are pulled from NNTP, the member
    moderation checks
    are short-circuited.

    - email 2.5.4 is included. This fixes an RFC 2231
    bug, among
    possibly others.

    - Fixed some extra spaces that could appear in the
    List-ID header.

    - Fixes to ensure that invalid email addresses
    can't be invited.

    - WEB_LINK_COLOR in Defaults.py/mm_cfg.py should
    now work.

    - Fixes so that shunted message file names
    actually match
    those logged in log/errors.

    - An improved pending action cookie generation
    algorithm has
    been added.

    - Fixes to the DSN bounce detector.

    - The usual additional u/i, internationalization,
    unicode, and
    other miscellaneous fixes.

    ------------------------------------------------------
    Mailman-Users mailing list
    Mailman-Users at python.org
    http://mail.python.org/mailman/listinfo/mailman-users
    Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
    Searchable Archives:
    http://www.mail-archive.com/mailman-users%40python.org/

    This message was sent to: ricardo at americasnet.com
    Unsubscribe or change your options at
    http://mail.python.org/mailman/options/mailman-users/ricardo%40americasnet.com

    ------------------------------------------------------
    Mailman-Users mailing list
    Mailman-Users at python.org
    http://mail.python.org/mailman/listinfo/mailman-users
    Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
    Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/

    This message was sent to: cjl at qnet.com
    Unsubscribe or change your options at
    http://mail.python.org/mailman/options/mailman-users/cjl%40qnet.com
  • Pug Bainter at Sep 29, 2003 at 2:49 pm

    Ricardo Kleemann (ricardo at americasnet.com) said something that sounded like:
    Is there a way for mailman's configure script to detect the
    current settings (such as --with-username, --with-mail-gid and so on)?

    Or is there a quick way for me to manually check what they
    should be?
    I always keep my build directory for at least one version back. Because
    of that, I can look at the top of the config.status file to see how I
    called configure.

    Ciao,

    --
    Pug Bainter | AMD, Inc.
    System Engineer, MTS | Mail Stop 625
    Pug.Bainter at amd.com | pug at pug.net | 5900 E. Ben White Blvd
    Phone: (512) 602-0364 | Fax: (512) 602-6970 | Austin, TX 78741
    Note: The views may not reflect my employers, or even my own for that matter.
  • Tom Limoncelli at Oct 2, 2003 at 7:53 pm

    On Monday, September 29, 2003, at 10:49 AM, Pug Bainter wrote:

    Ricardo Kleemann (ricardo at americasnet.com) said something that sounded
    like:
    Is there a way for mailman's configure script to detect the
    current settings (such as --with-username, --with-mail-gid and so on)?

    Or is there a quick way for me to manually check what they
    should be?
    I always keep my build directory for at least one version back. Because
    of that, I can look at the top of the config.status file to see how I
    called configure.
    Not to one-up you but...

    I record the steps I take to build something in a script, so that the
    next time I build something I can edit the script a little and run it.
    Lately I've added a boilerplate at the top that sets the PATH,
    LD_LIBRARY_PATH and other variables so that things are 100% repeatable.
    (You'd be surprised at the number of times I need to make subtle
    changes to the PATH to get something to build.)

    Eventually I made the editing easier by changing version numbers to
    variables, which are all set at the top of the script.

    And not to brag, but you should see my BUILD_APACHE.sh script. It gets
    apache, php, mod_perl, checks the md5 checksums, builds everything, and
    does the install. And I only have to change variables at the top each
    time a new version is released.

    I highly recommend this technique for anyone that upgrades UNIX
    packages frequently.

    --tal
  • Vivek Khera at Oct 2, 2003 at 7:58 pm
    "TL" == Tom Limoncelli <tal at whatexit.org> writes:
    TL> And not to brag, but you should see my BUILD_APACHE.sh script. It gets
    TL> apache, php, mod_perl, checks the md5 checksums, builds everything, and
    TL> does the install. And I only have to change variables at the top each
    TL> time a new version is released.

    Almost sounds like freebsd's ports system ;-)

    Personally, for stuff I don't build from ports with default settings,
    I just keep notes in a text file on what I did.

    Documentation... who'd a thunk it?

    --
    =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
    Vivek Khera, Ph.D. Khera Communications, Inc.
    Internet: khera at kciLink.com Rockville, MD +1-240-453-8497
    AIM: vivekkhera Y!: vivek_khera http://www.khera.org/~vivek/
  • Barry Warsaw at Oct 2, 2003 at 8:59 pm

    On Thu, 2003-10-02 at 15:53, Tom Limoncelli wrote:

    Not to one-up you but...

    I record the steps I take to build something in a script, so that the
    next time I build something I can edit the script a little and run it.
    Lately I've added a boilerplate at the top that sets the PATH,
    LD_LIBRARY_PATH and other variables so that things are 100% repeatable.
    (You'd be surprised at the number of times I need to make subtle
    changes to the PATH to get something to build.)

    Eventually I made the editing easier by changing version numbers to
    variables, which are all set at the top of the script.

    And not to brag, but you should see my BUILD_APACHE.sh script. It gets
    apache, php, mod_perl, checks the md5 checksums, builds everything, and
    does the install. And I only have to change variables at the top each
    time a new version is released.

    I highly recommend this technique for anyone that upgrades UNIX
    packages frequently.
    You'd love our build-out scripts for when we deploy Zope at a customer
    site. :)

    -Barry

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupmailman-users @
categoriespython
postedSep 29, '03 at 1:10p
activeOct 2, '03 at 8:59p
posts8
users6
websitelist.org

People

Translate

site design / logo © 2022 Grokbase