-
mailman (1:2.1.9-4ubuntu1~edgy1) edgy-backports; urgency=low
* Automated backport upload; no source changes.
mailman (1:2.1.9-4ubuntu1) feisty; urgency=low
* Merge from debian unstable, remaining changes:
- debian/control: exim4 -> postfix.
mailman (1:2.1.9-4) unstable; urgency=medium
[ Lionel Elie Mamane ]
* Manually replace empty /var/lib/mailman/pythonlib/ by symlink to
/usr/lib/mailman/pythonlib/ (closes: #403312)
mailman (1:2.1.9-3) unstable; urgency=medium
[ Lionel Elie Mamane ]
* Follow requirements/requests of upgrade to new python policy more
narrowly: build-depend on newer version of python-support, add
XS-Python-Version/XB-Python-Version fields to control, give path to
private python modules to dh_pysupport (Closes: #394181).
* Move python-lib directory to /usr/lib/mailman/, like Mailman code;
/var/lib/mailman is grossly wrong (Closes: #400005).
[ Thijs Kinkhorst ]
* Add subscribe/unsubscribe aliases to second half of example, and a
note about chgrp when creating a new list through the web interface.
Both in README.Exim4.Debian, thanks Ian Wienand (Closes: 387457).
* Remove lintian overrides that are not needed with recent Lintians.
[ Translations ]
* Updated Vietnamese by Clytie Siddall (Closes: 395851).
* Updated German by Holger Wansing (Closes: 400963).
mailman (1:2.1.9-2ubuntu1) feisty; urgency=low
* Synchronize to Debian; remaining Ubuntu change:
- debian/control: exim4 -> postfix.
mailman (1:2.1.9-2) unstable; urgency=medium
[ Thijs Kinkhorst ]
* Medium urgency upload for RC upgrading bug.
* Fix buggy sedding in postinst (Closes: #392995).
* Drop disabled 73_list-id_strict_rfc patch; integrated upstream.
* Clarify README.Debian about where to insert SpamAssassin integration
(Closes: #369171).
* Add 72_fblast_add_shebang patch; this script is set as executable
thus needs an interpreter on the first line.
[ Hector Garcia ]
* Removed 12_savannah_wrapper.patch. Doesn't work and is not supported
upstream any longer (Closes: #287554).
[ Translations ]
* Updated French by Florentin Duneau (Closes: #393096).
* Updated Brazilian Portuguese by Felipe Augusto van de Wiel.
mailman (1:2.1.9-1) unstable; urgency=medium
[ Hector Garcia ]
* New upstream bugfix release
- Deleting included patches:
24_CVE-2006-2941, 23_CVE-2006-3636, 25_CVE-2006-4624
- Fixes German translation (Closes: #273469) and comment typo
(Closes: #378509).
* Updated patches.
* Deleting 03_documentation_source.patch. Integrated upstream.
* Deleting 68_translation_update_nl.patch. Too many upstream changes,
doesn't apply any longer. Wrote to patch author in case it wants to
update it.
* Renamed 58_fix_translations to 58_fix_es_translations
[ Thijs Kinkhorst ]
* Tweak debconf templates according to best practices.
* Update debconf templates, eliminates two, changes some, introduces
new line numbering from debconf-updatepo.
* Name languages together with their ISO code in the debconf question
(Closes: #276505).
* Add new languages Turkish, Interlingua, Arabic, Vietnamese
to debconf choice, change Chinese from big5 to zh_CN and zh_TW.
* Add subscribe/unsubscribe to example in README.Exim4.Debian,
thanks Brian Foley (Closes: #387457).
[ Riccardo Setti ]
* Switched to the new python policy (Closes: #380876).
[ Lionel Elie Mamane ]
* Don't ship C sources with documentation; there is no reason for it.
[ Translations ]
* Updated vi.po. Translated by Clytie Siddall. (Closes: #388202)
* Updated ja.po. Translated by Kenshi Muto. (Closes: #388206, #391532)
* Updated nl.po. Translated by Kurt De Bree. (Closes: #388100)
* Updated ru.po. Translated by Yuri Kozlov. (Closes: #388111, #391597)
* Updated sv.po. Translated by Daniel Nylander. (Closes: #388090)
* Updated hu.po. Translated by Laszlo Boszormenyi.
* Updated it.po: Translated by Luca Monducci. (Closes: #388657, #391568)
* Updated cs.po: Translated by Miroslav Kure. (Closes: #388663)
* Updated pt_BR.po: Translated by Andre Luis Lopes.
* Updated es.po: Translated by Javier Fernández-Sanguino Peña.
* Updated fr.po: Translated by Philippe Batailler. (Closes: #388651)
mailman (1:2.1.8-4) unstable; urgency=high
* High-urgency upload to fix release-critical bug.
* Add versioned depends on lsb-base (>= 3.0-6) to make sure a system
has the lsb output functions (Closes: #390138).
* Remove python2.2-korean-codecs from Suggests, replace with
python-korean-codecs.
mailman (1:2.1.8-3) unstable; urgency=medium
[ Paul Wise ]
* Switch from dpatch to quilt and regenerate all patches
[ Thijs Kinkhorst ]
* Use LSB output functions in init script.
* Use chown root:list instead of deprecated root.list.
* Remove pre-sarge upgrading code; this eliminates a lot of cruft,
non-debconf prompting and two debconf templates.
* Only use ucf on purge when it's available.
[ Matej Vela ]
* Rearrange find options in debian/postinst to prevent warnings.
[ Lionel Elie Mamane ]
* Use Mailman's fork of the Python email package instead of the one from
Python; Mailman is incompatible with the one in Python 2.4
(closes: #384016)
[ Hector Garcia ]
* Added 24_CVE-2006-2941 taken from Lionel's port to sarge
* Added 23_CVE-2006-3636 taken from Lionel's port to sarge
* Added 25_CVE-2006-4624 taken from Lionel's port to sarge
-- John Dong <email address hidden> Fri, 19 Jan 2007 11:31:21 +0000
-
mailman (1:2.1.8-2ubuntu2.1) edgy-security; urgency=low
* SECURITY UPDATE:
+ debian/patches/100_CVE-2008-0564.dpatch (LP: #199338)
- Multiple cross-site scripting (XSS) vulnerabilities in Mailman
before 2.1.10b1 allow remote attackers to inject arbitrary web
script or HTML via unspecified vectors related to (1) editing
templates and (2) the list's "info attribute" in the web
administrator interface.
* References
+ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0564
+ http://bugs.gentoo.org/show_bug.cgi?id=208710
-- Emanuele Gentili <email address hidden> Fri, 07 Mar 2008 05:56:34 +0100
-
mailman (1:2.1.8-2ubuntu2) edgy; urgency=low
* SECURITY UPDATE: XSS.
* Add debian/patches/security-CVE-2006-3636-XSS.dpatch:
- Fix various cross-site scripting vulnerabilities.
- Patch backported from svn head, thanks to Barry Warsaw for preparing it.
- CVE-2006-3636
* Add debian/patches/security-CVE-2006-2941.dpatch:
- Scrubber.py: Do not bail out if emails' get_filename() throws a
ValueError. This has been properly fixed in the next upstream email
package (in Python core), but the fix is very intrusive. Thanks to Steve
Alexander for discovering this and for the proposed patch.
- CVE-2006-2941
- Closes: LP#49620
* Add debian/patches/security-error_log.dpatch:
- Check characters in URL to prevent injecting bogus messages into
error_log.
- Patch taken from upstream SVN:
http://svn.sourceforge.net/viewvc/mailman?view=rev&revision=7918
-- Martin Pitt <email address hidden> Tue, 12 Sep 2006 21:29:14 +0200
-
mailman (1:2.1.8-2ubuntu1) edgy; urgency=low
* Merge new Debian revision; Debian adopted the init script and apache2
dependency fix, only remaining diff is the exim4->postfix dependency
change.
mailman (1:2.1.8-2) unstable; urgency=low
[ Thijs Kinkhorst ]
* Add example apache.conf under /etc/mailman
(Closes: #282460, #135148, #178543, #179253).
* Update all man pages to be in line with current mailman functionality
(Closes: #286607, #276952).
* Add suggests on lynx (Closes: #296781).
* Checked for policy 3.7.2, no changes necessary.
* Add watch file.
* Add LSB dependency info to init script.
* Fix example in postfix-to-mailman.py to pass ${mailbox}, not ${user}
(Closes: #305762).
* Add Lintian overrides for those things that are legitimate.
* Drop recommends on essential base-passwd >= a version from 1997.
* Use apache2 instead of apache as the first alternative for httpd.
* Move options to `find` in debian/rules to start of commandline to
prevent warnings.
[ Hector Garcia ]
* Putting permision on archive/private to 770 www-data:list to prevent
regular users from reading private lists. (Closes: #356877)
* Changed '| xarg' for '-exec' on find to prevent problems when there are
too many files (Closes: #366102)
* Added a slash to the end of DEFAULT_URL_PATTERN on mm_cfg.py
(Closes: #365881)
* Documented on README.Debian the apache + suexec case. (Closes: #360905)
* Updated Uploaders
* Removed the find which deleted ../$(package)*dsc.asc. It is not needed.
[ Riccardo Setti ]
* epoch 1. Now people should upgrade mailman without problems. (closes: #366438)
* Applied patch which fixes string search in admin.py. (closes: #359721)
* Updated German debconf translation (closes: #353713)
* Updated French debconf translation (closes: #355674)
* Updated Italian debconf translation (closes: #352523)
* Updated Russian debconf translation (closes: #361656)
* Updated Dutch debconf translation (closes: #377254)
* Applied patch of Martin Pitt which will create /var/run and
/var/lock directory if missing. (closes: #376542)
* Bumped debhelper compatibily to 5.
- modified debian/control to reflect this change.
[ Paul Wise ]
* Add spamassassin example to the mm_cfg.py
-- Martin Pitt <email address hidden> Tue, 15 Aug 2006 10:19:59 +0200
-
mailman (0:2.1.8-1ubuntu1) edgy; urgency=low
* Merge to Debian; remaining Ubuntu changes:
- debian/mailman.init: Create /var/{run,lock}/mailman.
- debian/control: exim4 -> postfix.
* debian/control: Dependency fix: apache -> apache2.
mailman (0:2.1.8-1) unstable; urgency=low
* New upstream release
mailman (2.1.7+2.1.8rc1-1) unstable; urgency=high
* New upstream release
- Update patches:
03_documentation_source
64_correct_html_nesting
68_translation_update_nl
71_date_overflows
99_js_templates
- Drop patches merged upstream:
02_stolen_from_upstream_CVS
23_fix_urls
72_hyperarch_error_handling.dpatch
- Bugs fixed upstream:
- Fix XSS hole in private archive cgi-bin. (CVE-2006-1512)
* Don't delete other package's ucf-managed configuration files
(closes: #358575)
mailman (2.1.7-2) UNRELEASED; urgency=low
* Integrate translations: (closes: #350491, #351759, #351947)
vi, sv, ja, nl, it
* Don't force archiver URL to end in a slash, yet ensure the default one
has one because pipermail needs it. (closes: #350388)
mailman (2.1.7-1) unstable; urgency=low
* New upstream release:
- Update patches:
71_date_overflows.dpatch
76_fix-private-redirect.dpatch
99_js_templates.dpatch
53_disable_addons.dpatch
68_translation_update_nl.dpatch
- Drop patches merged upstream:
60_french_archtocentry
76_fix-private-redirect
- Bugs fixed upstream:
- Mailman loses header spam rules (closes: #309870)
* Pull fixes from various bugs from upstream CVS
* Ship documentation source (closes: #346180)
* Document queue-is-not-empty upgrade condition better
(closes: #268117)
* Updated debconf template translations:
- it (closes: #345234)
- fr (closes: #346297)
- sv (closes: #347607)
* Tweak mailman/update_passwords debconf note to address ambiguity in
English version discovered by French translation.
mailman (2.1.6-2) UNRELEASED; urgency=low
* Tweak 21_newlist_help.dpatch:
The "automagically setgid to right group" part was slightly
suboptimal. (closes: #309339)
* Update German translation of debconf templates (closes: #344907)
* Shut up DeprecationWarning with Python 2.4 in Scrubber.py (closes: #341699)
mailman (2.1.6-1) unstable; urgency=low
* The "Quick, quick, upload before upstream releases a new version" release
* New upstream release: (closes: #311414)
New release packaging work:
- Drop patches integrated upstream (or same fix in another way):
handle-from-in-non-ascii
75_danish_options_traceback
73_list-id_strict_rfc
69_python24_bouncehandler_datetime
65_donot_add_empty_cc
57_fix_missing_da_template
04_CAN-2005-0202
03_CAN-2004-1143
02_CAN-2004-1177_driver_css
- Upstream doesn't ship README.{EXIM,POSTFIX} anymore: Drop their patch
- Update patches
62_new_list_bad_pending_requests
64_correct_html_nesting
68_translation_update_nl
70_invalid_utf8_dos.dpatch
99_js_templates
Bugs fixed upstream:
- Possible data loss in archives (closes: #244699)
* Don't fold headers in attachments (closes: #244673)
This avoids breaking cryptographic signatures
* Warn that list passwords are broken on upgrade from 2.0 (closes: #343029)
mailman (2.1.5-11) UNRELEASED; urgency=low
* Run genaliases (or direct admin to do it) on upgrade from 2.0 (closes: #340503)
* Include instructions for painless Exim4 integration (closes: #303342)
mailman (2.1.5-10) unstable; urgency=low
* Merge with 2.1.5-8ubuntu2:
Python 2.4 compatibility patch in bounce handling.
* Don't fall apart if the filename of an attachment is an invalid UTF-8
string (closes: #327732)
CVE-2005-3573
* Don't die on overflow in date handling (closes: #326024)
CVE-2005-4153
* Enable error handling in HyperArch (closes: #310451)
* Ensure list-id is always in brackets in headers (closes: #244700)
* Admin page: don't assume subscribed emails are pure ASCII
(closes: #315358)
* Bump up Standards-Version to 3.6.2
* Add vietnamese translation (closes: #312673)
* Apply corrections to german translation (closes: #313800)
* Adapt to the md5sum in dpkg or coreutils automatically (closes: #340036)
* More robust parsing of /var/lib/ucf/hashfile:
- Don't touch files of other packages that happen to have
our file's full path as subpath.
- Accept any number of spaces between the hash and the filename there.
* Work around ucf bug #238730 for postfix-to-mailman.py, too.
* Fix traceback on Danish version of options page (closes: #339582)
* Fix the private authentication form to point to the right file
(closes: #298842)
* Add Swedish debconf template translation (closes: #339890)
* Depend on any debconf-2.0 implementation instead of debconf
specifically (closes: #332018)
* Copyright file:
- New FSF address
- List the other maintainers
* Depend on adduser, used in preinst
* Move away from deprecated user.group syntax in chown
* Ensure package is built with autoconf 2.5x, not autoconf 2.13
-- Martin Pitt <email address hidden> Mon, 3 Jul 2006 16:59:25 +0200
-
mailman (2.1.5-9ubuntu4) dapper; urgency=low
* Security update: Remote DoS.
* Add debian/patches/72_mime_None_payload.dpatch:
- Do not crash if python's email module returns None for the payload of a
MIME part. This can happen for message/delivery-status or parts that
contain only two blank lines.
- See upstream bug reports and CVS patch:
https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1430236&group_id=103
https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1099138&group_id=103
http://cvs.sourceforge.net/viewcvs.py/mailman/mailman/Mailman/
Handlers/Scrubber.py?r1=2.18.2.22&r2=2.18.2.23&diff_format=u
* CVE-2006-0052
-- Martin Pitt <email address hidden> Mon, 3 Apr 2006 14:28:08 +0200
