Change logs for mailman source package in Sid

  • mailman (1:2.1.29-1) unstable; urgency=medium
    
      * New upstream release.
        - Fixes CVE-2018-13796
    
     -- Thijs Kinkhorst <email address hidden>  Wed, 05 Sep 2018 05:03:24 +0000
  • mailman (1:2.1.27-1.1) unstable; urgency=medium
    
      * Non-maintainer upload.
      * Arbitrary text injection vulnerability in Mailman CGIs (CVE-2018-13796)
        (Closes: #903674)
    
     -- Salvatore Bonaccorso <email address hidden>  Sun, 02 Sep 2018 22:23:45 +0200
  • mailman (1:2.1.27-1) unstable; urgency=medium
    
      * New upstream release.
      * Run dh_autoreconf to make build reproducble (closes: 889637).
        Thanks Chris Lamb for the patch.
      * Drop Debian patches mangling translations, upstream is in
        a much better shape nowadays (closes: 901810).
      * Checked for policy 4.1.4, no changes.
      * Set a SUBSCRIBE_FORM_SECRET in mm_cfg.py on new installs,
        to add protection against subscription spam in the default
        installation. Existing installs will not be changed because
        it might break external subscribe forms (closes: 900648).
    
     -- Thijs Kinkhorst <email address hidden>  Sat, 23 Jun 2018 13:23:17 +0000
  • mailman (1:2.1.26-1) unstable; urgency=medium
    
      * New upstream release.
        - Fixes XSS in user options CGI (CVE-2018-5950, closes: #888201)
      * Document that this is the legacy branch of Mailman and that all
        major development is focused on Mailman 3 (package mailman3).
    
     -- Thijs Kinkhorst <email address hidden>  Sun, 04 Feb 2018 18:23:18 +0000
  • mailman (1:2.1.25-1) unstable; urgency=medium
    
      * New upstream release.
      * Checked for policy 4.1.3: removed init.d invocation from
        prerm and also from user instructions.
      * Upgraded to debhelper compat level 11.
      * Replace init script with systemd service file.
        Thanks a lot to Stefan Bühler for the helpful suggestion!
        This also should improve robustness against log rotation.
        (Closes: #881329, #733475, #505638)
      * Packaging cleanups.
    
     -- Thijs Kinkhorst <email address hidden>  Sun, 07 Jan 2018 18:22:51 +0000
  • mailman (1:2.1.24-1) unstable; urgency=medium
    
      * New upstream release.
      * Fixed broken dependencies in SpamAssassin.py (Closes: #838288).
        Thanks Stephen Rothwell for the patch.
    
     -- Thijs Kinkhorst <email address hidden>  Tue, 05 Sep 2017 14:31:54 +0000
  • mailman (1:2.1.23-1) unstable; urgency=medium
    
      * New upstream release.
        - Fixes CSRF in user options (CVE-2016-6893, closes: #835970).
    
     -- Thijs Kinkhorst <email address hidden>  Tue, 13 Sep 2016 16:01:59 +0000
  • mailman (1:2.1.22-1) unstable; urgency=medium
    
      * New upstream release. (Closes: #821367)
      * Checked for policy 3.9.8, no changes.
    
     -- Thijs Kinkhorst <email address hidden>  Mon, 25 Apr 2016 16:39:06 +0000
  • mailman (1:2.1.20-1) unstable; urgency=medium
    
      * New upstream release. (Closes: #779911)
        - Drop obsolete patches:
          92_CVE-2015-2775.patch
      * Checked for policy 3.9.6, no changes.
      * Update to debhelper compat level 9.
      * Make postfix-to-mailman.py work with the full recipient email
        address, solving an issue when recipient_delimiter = "-".
        To take advantage of this, change "${user}" to "${recipient}"
        in Postfix' master.cf. Patch by Brian O'Connor. (Closes: #578986)
      * Make package build reproducibly by using install instead of cp
        for installing qmail-to-mailman.py. Patch by Jérémy Bobbio.
        (Closes: #783151)
      * Update example apache.conf for Apache 2.4.
      * Add cron-daemon as dependency alternative to cron. (Closes: #785193)
    
     -- Thijs Kinkhorst <email address hidden>  Thu, 14 May 2015 14:09:42 +0000
  • mailman (1:2.1.18-2) unstable; urgency=high
    
    
      * Fix security issue: path traversal through local_part.
        Affects installations which use an Exim or Postfix transport
        instead of fixed aliases; attacker needs to be able to place
        files on the local filesystem.
        (CVE-2015-2775, Closes: 781626)
    
     -- Thijs Kinkhorst <email address hidden>  Mon, 06 Apr 2015 15:36:15 +0000
  • mailman (1:2.1.18-1) unstable; urgency=medium
    
    
      * New upstream release.
        - Adds DMARC support. (Closes: #746592)
        - Drop obsolete patches:
          20_qmail_to_mailman.debian.patch
          80_sync_members_unicode.patch
      * Add lsb-release to debian/tests/control. (Closes: #734180)
      * Fix ownership on /var/lib/mailman/archives/private as upstream
        suggests, also reflecting group ownership for public archives.
        Thanks Luca Capello! (closes: #603904)
      * Checked for policy 3.6.5, no changes.
    
     -- Thijs Kinkhorst <email address hidden>  Thu, 10 Jul 2014 19:27:46 +0200
  • mailman (1:2.1.16-2) unstable; urgency=medium
    
    
      * Upload to unstable, as requested by Thijs; we did not encounter
        any unexpected trouble with the version in experimental, and it
        does fix an RC bug as well as a release goal.
    
     -- Thorsten Glaser <email address hidden>  Mon, 03 Feb 2014 14:00:37 +0100
  • mailman (1:2.1.16-1) unstable; urgency=low
    
    
      * New upstream release.
    
     -- Thijs Kinkhorst <email address hidden>  Wed, 06 Nov 2013 19:57:54 +0100
  • mailman (1:2.1.16~rc2-1) unstable; urgency=low
    
    
      [ Thijs Kinkhorst ]
      * New upstream release candidate.
        - Exposes message-id to templates (closes: #614340).
      * Remove obsolete patches, applied upstream:
        21_newlist_help.patch
      * Updates to Russian debconf templates, thanks Ivan Krylov!
        (closes: #710268).
      * Needs at least version 3.8.0 of logrotate (closes: #687215).
      * Add autopkgtests, thanks Yolanda Robla! (closes: #710095)
      * Packaging cleanup: checked for policy 3.9.4, update Vcs URL,
        recommend default-mta instead of exim4.
    
      [ Thorsten Glaser ]
      * Prevent losing stderr in the init script when there are many lists.
        (closes: #702002)
      * debian/watch: mangle the epoch away so DDPO is green again.
    
     -- Thijs Kinkhorst <email address hidden>  Sun, 04 Aug 2013 12:00:05 +0200
  • mailman (1:2.1.15-1) unstable; urgency=low
    
    
      * New upstream release.
      * Improve Exim4 instructions, thanks Andrew Hodgson.
      * Remove obsolete PRIVATE_ARCHIVE_URL variable, thanks Matthew Hall
        (closes: #676481).
      * Correct mmarch man page, thanks Francesco Potortì (closes: #583369).
      * Specify need for MTA=None in postfix-to-mailman.py (closes: #648976).
    
     -- Thijs Kinkhorst <email address hidden>  Sat, 16 Jun 2012 12:04:40 +0200
  • mailman (1:2.1.15~rc1-1) unstable; urgency=low
    
    
      [ Thijs Kinkhorst ]
      * New upstream release candidate.
      * Remove obsolete patches, applied upstream:
        02_use_dpkg_buildflags.patch
        07_snooze.patch
        59_fix_missing_language_crash.patch
        70_invalid_utf8_dos.patch
        71_date_overflows.patch
        74_admin_non-ascii_emails.patch
        80_CVE-2011-0707_confirm_xss.patch
        99_js_templates.patch
    
      [ Thorsten Glaser ]
      * Update the watch file for Launchpad
    
     -- Thijs Kinkhorst <email address hidden>  Sun, 20 May 2012 14:01:42 +0200
  • mailman (1:2.1.14-4) unstable; urgency=low
    
    
      * Ensure CPPFLAGS and LDFLAGS are actually used during build,
        thanks Simon Ruderich for the patch! (closes: #663590)
        Additionally, enable all available hardening features.
      * Checked for policy 3.9.3, add DEP3 patch headers.
      * Add Danish debconf translation, thanks Joe Dalton (closes: #659467).
      * Add 'su root list' statements to logrotate config, to cope
        with logrotate >= 3.8; thanks Joël Bertrand (closes: #653766).
      * Avoid config file prompt for mailman crontab entry if this
        file was unmodified (closes: #655837).
    
     -- Thijs Kinkhorst <email address hidden>  Sun, 18 Mar 2012 14:12:49 +0100
  • mailman (1:2.1.14-3) unstable; urgency=low
    
    
      * Make man page descruptions match more keywords (closes: #597112).
      * Add cull_bad_shunt command to default cron job (closes: #615204)
        and improve cron job handling in the package.
      * Import dpkg buildflags, also enabling hardening features.
      * Remove gate_news debconf question.
    
     -- Thijs Kinkhorst <email address hidden>  Sat, 08 Oct 2011 17:27:51 +0200
  • mailman (1:2.1.14-2) unstable; urgency=low
    
    
      [ Thijs Kinkhorst ]
      * Move mail-transport-agent to Recommends, since Mailman can be
        configured to run with a remote MTA (closes: #616292).
      * Update to policy 3.9.2, add build-{arch,indep} targets.
    
      [ Thorsten Glaser ]
      * Add myself to Uploaders, as suggested by Thijs.
      * Apply patch from Barry Warsaw to switch from python-support
        to dh_python2. (LP: #788514) (Closes: #637398)
    
     -- Thijs Kinkhorst <email address hidden>  Wed, 17 Aug 2011 12:00:50 +0000
  • mailman (1:2.1.14-1) unstable; urgency=medium
      * New upstream release. Patches incorporated:    - 15_mailmanctl_daemonize.patch    - 83-CVE-2010-3089--bug599833.patch  * Add upstream patch for CVE-2011-0707: XSS in confirmations. -- Thijs Kinkhorst <email address hidden>  Sat, 19 Feb 2011 08:26:43 +0100
  • mailman (1:2.1.13-4.1) unstable; urgency=high
    
    
      * Non-maintainer upload.
      * debian/patches
        - (83): New. CVE-2010-3089 security fix from mailman 2.14. Patch
          thanks to <email address hidden> (grave, security; Closes: #599833).
    
     -- Jari Aalto <email address hidden>  Sat, 16 Oct 2010 08:46:55 +0300
  • mailman (1:2.1.13-4) unstable; urgency=medium
    
    
      * Fix permissions on /var/lib/mailman/archives/private, so
        archiving works again. Problem introduced in 1:2.1.12-3.
      * Fix invocation of update-rc.d which yields an error when
        not using dependency-based boot (closes: #590249).
      * Checked for policy 3.9.1, no changes needed.
    
     -- Thijs Kinkhorst <email address hidden>  Tue, 27 Jul 2010 22:56:03 +0200
  • mailman (1:2.1.13-3) unstable; urgency=low
    
    
      * Drop unneeded Indexes option from shipped apache.conf.
      * Eliminate update_rc.d warning by not passing runlevel 1 at stop.
      * Add 25_site_logo patch by Paul Wise (closes: #267243).
      * Do not compress PDF's under /u/s/d/mailman (closes: #582259).
      * Back up ./configure before running autoconf, so it can be restored
        in clean as not to generate irrelevant diff.gz content.
      * Switch to dpkg-source 3.0 (quilt) format.
      * Checked for policy 3.9.0, no changes needed.
    
     -- Thijs Kinkhorst <email address hidden>  Tue, 13 Jul 2010 21:35:40 +0200
  • mailman (1:2.1.13-2) unstable; urgency=low
    
    
      * postfix-to-mailman.py: check for list existence before stripping off
        administrative suffixes, making it also work for mailing list names
        ending in e.g. -admin. Thanks Axel Beckert for the patch!
        (Closes: #570548)
      * Checked for policy 3.8.4, no changes.
      * Minor fixes pointed out by Lintian.
    
     -- Thijs Kinkhorst <email address hidden>  Sat, 20 Mar 2010 21:57:55 +0100
  • mailman (1:2.1.13-1) unstable; urgency=low
    
    
      * New upstream release. Patches incorporated:
        - 16_update_debian (partially)
        - 30_pipermail_threads
        - 65_handle_templates_directories
        - 77_header_folding_in_attachments
      * Remove msgfmt.py, only used at build-time (closes: #555416).
      * Remove adduser calls for 'list' user. Base-passwd guarantees it
        to be available, and trying to add it if it were not present may
        lead to inconsistencies regarding expectations for that user.
      * Document second parameter of postfix-to-mailman.py to be
        ${mailbox}, effectively reverting inappropriate fix for #305762
        (closes: #549224).
    
     -- Thijs Kinkhorst <email address hidden>  Thu, 31 Dec 2009 15:50:29 +0100
  • mailman (1:2.1.12-3) unstable; urgency=low
    
    
      * Remove potentially long running 'find' command in postinst, as
        permissions are already set correctly in the deb. Thanks Paul
        Slootman (closes: #544046).
      * Add Slovak debconf translation, thanks Ivan Masár (closes: #531576).
      * Update 30_pipermail_threads patch to use sequence ID instead of
        message ID, avoids thread breakage in archives. Thanks
        Mark Sapiro.
      * Checked for policy 3.8.3, no changes necessary.
    
     -- Thijs Kinkhorst <email address hidden>  Sun, 27 Sep 2009 17:36:01 +0200
  • mailman (1:2.1.12-2) unstable; urgency=low
    
    
      [ Lionel Elie Mamane ]
      * README.Exim4.Debian: add debug_print statements
      * apply fix from upstream to 77_header_folding_in_attachments
        to fix bug it introduces: messages with lines starting with
        "From" are split into several messages in the archive.
      * Use autoconf >= 2.50, not 2.13
      * Ensure Mailman locks directory exists before calling update
        (Closes: #513988).
    
      [ Thijs Kinkhorst ]
      * Apply patch from Tanguy Ortolo updating postfix-to-mailman
        instructions to avoid backscatter mail (Closes: #520040).
      * Remove obsolete unicodify_archives for upgrading sarge->etch.
    
     -- Lionel Elie Mamane <email address hidden>  Fri, 22 May 2009 11:09:49 +0200
  • mailman (1:2.1.12-1) unstable; urgency=low
    
    
      * New upstream release.
        + Minimum Python version is now 2.4.
        + Patches obsoleted (incorporated or not useful anymore):
          00_stolen_from_HEAD,
          11_handle_propfind.patch,
          32_MIME_fixup,
          62_new_list_bad_pending_requests,
          67_update_handle_old_versions,
          68_update_catalan,
          78_DeprecationWarning,
          80_fix_string_search.
          Refresh all others. Many thanks to Mark Sapiro and
          Paul Wise for the help in cleaning this up.
        + Fixes bounce handling NotAMemberError (closes: #517997).
      * Various packaging cleanups, upgrade debhelper to level 7.
      * Removes embedded copy of pythonlib/email module.
      * Checked for policy 3.8.1, remove shipped var/{run,lock}
        dirs, they are already created correctly by the init script.
    
     -- Thijs Kinkhorst <email address hidden>  Sat, 14 Mar 2009 14:18:16 +0100
  • mailman (1:2.1.11-11) unstable; urgency=high
    
    
      [ Debconf Translations ]
      * Updated Vietnamese, thanks Clytie Siddall (closes: #513097).
    
     -- Thijs Kinkhorst <email address hidden>  Mon, 26 Jan 2009 13:42:33 +0100
  • mailman (1:2.1.11-10) unstable; urgency=low
    
    
      [ Debconf Translations ]
      * Updated Catalan, thanks David Planella.
    
     -- Thijs Kinkhorst <email address hidden>  Wed, 07 Jan 2009 23:09:56 +0100
  • mailman (1:2.1.11-9) unstable; urgency=high
    
    
      [ Debconf Translations ]
      * Updated Spanish, thanks Javier Fernández-Sanguino (closes: #510023).
      * Updated Japanese, thanks Kenshi Muto (closes: #509996).
      * Updated Galician, thanks Marce Villarino (closes: #510002).
      * Updated French, thanks Christian Perrier (closes: #510016).
      * Updated Italian, thanks Luca Monducci (closes: #510107).
      * Updated Swedish, thanks Martin Bagge and Daniel Nylander
        (closes: #510206).
      * Updated Czech, thanks Miroslav Kure (closes: #510230).
      * Updated German, thanks Holger Wansing (closes: #510361).
      * Updated Portuguese, thanks Miguel Figueiredo (closes: 510556).
      * Updated Russian, thanks Sergey Alyoshin (closes: #510614).
    
     -- Thijs Kinkhorst <email address hidden>  Sun, 04 Jan 2009 12:30:58 +0100
  • mailman (1:2.1.11-8) unstable; urgency=low
    
    
      * Do not stop installation when queue files are present, and this is
        an upgrade from the same version that was already installed. Based
        on a patch by Marcin Owsiany (closes: #468569).
      * When queue files present, offer the administrator the option to
        continue regardless at their own risk. This unfortunately requires
        some extra strings to be translated.
      * Update Dutch translation.
      * Remove mail-transport-agent from init script deps (closes: #508800).
    
     -- Thijs Kinkhorst <email address hidden>  Sat, 27 Dec 2008 15:18:55 +0100
  • mailman (1:2.1.11-7) unstable; urgency=low
    
    
      [ Thijs Kinkhorst ]
      * Clarify POSTFIX_STYLE_VIRTUAL_DOMAINS syntax, thanks Tomas Pospisek
        (closes: #507519).
    
      [ Lionel Elie Mamane ]
      * README.Exim4.Debian: Do lookup whole email (with domain, not only
        localpart) in virtual_mailman data file
        (bug introduced in 1:2.1.11-4)
      * README.Exim4.Debian: explain how to regenerate the aliases list
        manually (for people switching their existing configuration to the
        recommended one, or switching MTAs, as opposed to setting up a fresh
        system).
    
     -- Thijs Kinkhorst <email address hidden>  Sat, 13 Dec 2008 18:40:34 +0100
  • mailman (1:2.1.11-6) unstable; urgency=high
    
    
      * Further site list detection improvements, thanks Adeodato Simó
        for his suggestions.
    
     -- Thijs Kinkhorst <email address hidden>  Sun, 16 Nov 2008 13:17:10 +0100
  • mailman (1:2.1.11-5) unstable; urgency=high
    
    
      * Make init script also cope with non-specified site list.
    
     -- Thijs Kinkhorst <email address hidden>  Sun, 09 Nov 2008 11:26:46 +0100
  • mailman (1:2.1.11-4) unstable; urgency=medium
    
    
      [ Lionel Elie Mamane ]
      * Add -loop to list of accepted suffixes for routers in
        README.Exim4.Debian
    
      [ Thijs Kinkhorst ]
      * Add mischief to logrotate configuration (closes: #504700).
      * Update Mailman group and aliases path in README.Exim4.Debian,
        thanks Kris Popendorf (closes: #504695).
      * Detect a nonstandard site list name, thanks Moritz Naumann
        (closes: #418062).
    
     -- Thijs Kinkhorst <email address hidden>  Fri, 07 Nov 2008 09:48:10 +0100
  • mailman (1:2.1.11-3) unstable; urgency=low
    
    
      * Updated Catalan debconf translation, thanks David Planella Molas
        (Closes: #494110).
      * Added patch 68_update_catalan to update Catalan program translation,
        thanks Jordi Mallach (Closes: #492297).
      * Add a README.source file referring to quilt.
    
     -- Thijs Kinkhorst <email address hidden>  Mon, 11 Aug 2008 16:06:19 +0200