dbp/linamh
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

add mailman

Browse Source 
git-svn-id: https://svn.disconnected-by-peer.at/svn/linamh/trunk/linamh@832 6952d904-891a-0410-993b-d76249ca496b
This commit is contained in:
geos_one
2009-02-26 21:04:19 +00:00
parent 9ec78fe8de
commit f9b0a1af5a
14 changed files with 1501 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
net-mail/mailman/files/50_mailman.conf Normal file
View File

@@ -0,0 +1,18 @@
<IfDefine MAILMAN>
ScriptAlias /mailman/ "/usr/local/mailman/cgi-bin/"
<Directory "/usr/local/mailman/cgi-bin/">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
Alias /pipermail/ "/usr/local/mailman/archives/public/"
<Directory "/usr/local/mailman/archives/public/">
AllowOverride None
Options ExecCGI FollowSymLinks
Order allow,deny
Allow from all
</Directory>
</IfDefine>

24
net-mail/mailman/files/50_mailman.conf-r1 Normal file
View File

@@ -0,0 +1,24 @@
<IfDefine MAILMAN>
ScriptAlias /mailman/ "/usr/local/mailman/cgi-bin/"
<Directory "/usr/local/mailman/cgi-bin/">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
Alias /pipermail/ "/usr/local/mailman/archives/public/"
<Directory "/usr/local/mailman/archives/public/">
AllowOverride None
Options ExecCGI FollowSymLinks
Order allow,deny
Allow from all
</Directory>
Alias /mailman-icons/ "/usr/local/mailman/icons/"
<Directory "/usr/local/mailman/icons/">
AllowOverride None
Order allow,deny
Allow from all
</Directory>
</IfDefine>

149
net-mail/mailman/files/README.gentoo-r2 Normal file
View File

@@ -0,0 +1,149 @@
# Copyright 1999-2004 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-mail/mailman/files/README.gentoo-r2,v 1.1 2008/01/22 15:47:37 hanno Exp $
Follow these instructions to finish setting up mailman. This file and the
original ebuild were tweaked by me <lamer@gentoo.org> but were graciously
submitted by Joby Walker (YOU RULE!)
2003 Jul 09: updated by Jesus Perez and re-tweaked by me <raker@gentoo.org>
for 2.1.x.
Please view the documentation on Mailman at: http://www.list.org/
This documentation assumes you're using the default gentoo path
(/usr/lib/mailman/), if you've changed it with MAILMAN_PREFIX, adjust them
accordingly.
1) If this is your first time installing mailman, after your "emerge mailman",
you need to add -D MAILMAN to /etc/conf.d/apache or /etc/conf.d/apache2 and restart
apache.
2) In your /etc/conf.d/apache (for apache 1.x)
or /etc/conf.d/apache2 (for apache 2.x)
file add the additional option to the
APACHE_OPTS or APACHE2_OPTS variable:
-D MAILMAN
3) Make sure mailman is a part of the cron group
4) This must be done as user mailman:
su - mailman
Add the cron jobs:
cd cron
crontab crontab.in
cd ..
Create the site password:
bin/mmsitepass
and main list:
bin/newlist mailman
5) Change back to root:
exit
(Postfix users: read the notes at the end of this file before you continue)
Add this to /etc/mail/aliases (and see point 9 for notes):
mailman: "|/usr/lib/mailman/mail/mailman post mailman"
mailman-admin: "|/usr/lib/mailman/mail/mailman admin mailman"
mailman-bounces: "|/usr/lib/mailman/mail/mailman bounces mailman"
mailman-confirm: "|/usr/lib/mailman/mail/mailman confirm mailman"
mailman-join: "|/usr/lib/mailman/mail/mailman join mailman"
mailman-leave: "|/usr/lib/mailman/mail/mailman leave mailman"
mailman-owner: "|/usr/lib/mailman/mail/mailman owner mailman"
mailman-request: "|/usr/lib/mailman/mail/mailman request mailman"
mailman-subscribe: "|/usr/lib/mailman/mail/mailman subscribe mailman"
mailman-unsubscribe: "|/usr/lib/mailman/mail/mailman unsubscribe mailman"
For courier, the aliases have to go to /etc/courier/aliases and you have to skip
the quotes.
Run newaliases (only if you use sendmail).
newaliases
Copy the web icons:
cp /usr/lib/mailman/icons/* /var/www/localhost/icons
6) Start the mailman daemon:
/etc/init.d/mailman start
and add it to default runlevel (optional but recommended):
rc-update add mailman default
7) For each list created (either with web interface or with bin/newlist)
this must be added to /etc/mail/aliases (see smrsh notes below)
replace <list-name> with the name of the list:
<list-name>: "|/usr/lib/mailman/mail/mailman post <list-name>"
<list-name>-admin: "|/usr/lib/mailman/mail/mailman admin <list-name>"
<list-name>-bounces: "|/usr/lib/mailman/mail/mailman bounces <list-name>"
<list-name>-confirm: "|/usr/lib/mailman/mail/mailman confirm <list-name>"
<list-name>-join: "|/usr/lib/mailman/mail/mailman join <list-name>"
<list-name>-leave: "|/usr/lib/mailman/mail/mailman leave <list-name>"
<list-name>-owner: "|/usr/lib/mailman/mail/mailman owner <list-name>"
<list-name>-request: "|/usr/lib/mailman/mail/mailman request <list-name>"
<list-name>-subscribe: "|/usr/lib/mailman/mail/mailman subscribe <list-name>"
<list-name>-unsubscribe: "|/usr/lib/mailman/mail/mailman unsubscribe <list-name>"
For courier, the aliases have to go to /etc/courier/aliases and you have to skip
the quotes.
Run newaliases:
newaliases
smrsh notes
-----------
(if you use sendmail, you are surely using srmsh) you must note that
sendmail won't run any program outside of EBINDIR. I tried to change
EBINDIR using,define(`confEBINDIR', `/usr/lib/mailman/mail')dnl in
sendmail.mc but it didn't work, so mailman must be placed in EBINDIR,
which in Gentoo is /usr/adm/sm.bin, so you must run as root:
ln -s /usr/lib/mailman/mail/mailman /usr/adm/sm.bin/mailman
And the lines in /etc/mail/aliases which refer to
/usr/lib/mailman/mail/mailman must be changed to mailman:
<list-name>: "|mailman post <list-name>"
<list-name>-admin: "|mailman admin <list-name>"
<list-name>-bounces: "|mailman bounces <list-name>"
<list-name>-confirm: "|mailman confirm <list-name>"
<list-name>-join: "|mailman join <list-name>"
<list-name>-leave: "|mailman leave <list-name>"
<list-name>-owner: "|mailman owner <list-name>"
<list-name>-request: "|mailman request <list-name>"
<list-name>-subscribe: "|mailman subscribe <list-name>"
<list-name>-unsubscribe: "|mailman unsubscribe <list-name>"
Other Helpful things to know...
-------------------------------
run "bin/check_perms -f" from the root mailman directory
(/usr/lib/mailman) to check and fix permission problems.
The INSTALL file is located in /usr/share/doc/mailman-$VERSION/
Postfix notes
-------------
If you're using Postfix, don't manually change your /etc/mail/aliases
file, as described above. Instead, follow these instructions:
http://list.org/mailman-install/node13.html
This will set up Mailman and Postfix to automatically generate the new
aliases when you create new lists. It will also make sure that Postfix
uses the correct group ID when it's talking to Mailman, otherwise you
will get security errors from Mailman.

182
net-mail/mailman/files/README.gentoo-r3 Normal file
View File

@@ -0,0 +1,182 @@
# Copyright 1999-2004 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-mail/mailman/files/README.gentoo-r3,v 1.2 2008/11/14 11:07:55 hanno Exp $
Follow these instructions to finish setting up mailman. This file and the
original ebuild were tweaked by me <lamer@gentoo.org> but were graciously
submitted by Joby Walker (YOU RULE!)
2003 Jul 09: updated by Jesus Perez and re-tweaked by me <raker@gentoo.org>
for 2.1.x.
Please view the documentation on Mailman at: http://www.list.org/
This documentation assumes you're using the default gentoo path
(/usr/lib/mailman/), if you've changed it with MAILMAN_PREFIX, adjust them
accordingly.
1) If this is your first time installing mailman, after your "emerge mailman",
you need to add -D MAILMAN to /etc/conf.d/apache or /etc/conf.d/apache2 and restart
apache.
2) In your /etc/conf.d/apache (for apache 1.x)
or /etc/conf.d/apache2 (for apache 2.x)
file add the additional option to the
APACHE_OPTS or APACHE2_OPTS variable:
-D MAILMAN
3) Make sure mailman is a part of the cron group
4) This must be done as user mailman:
su - mailman
Add the cron jobs:
cd cron
crontab crontab.in
cd ..
Create the site password:
bin/mmsitepass
and main list:
bin/newlist mailman
5) Change back to root:
exit
(Postfix users: read the notes at the end of this file before you continue)
Add this to /etc/mail/aliases (and see point 9 for notes):
mailman: "|/usr/lib/mailman/mail/mailman post mailman"
mailman-admin: "|/usr/lib/mailman/mail/mailman admin mailman"
mailman-bounces: "|/usr/lib/mailman/mail/mailman bounces mailman"
mailman-confirm: "|/usr/lib/mailman/mail/mailman confirm mailman"
mailman-join: "|/usr/lib/mailman/mail/mailman join mailman"
mailman-leave: "|/usr/lib/mailman/mail/mailman leave mailman"
mailman-owner: "|/usr/lib/mailman/mail/mailman owner mailman"
mailman-request: "|/usr/lib/mailman/mail/mailman request mailman"
mailman-subscribe: "|/usr/lib/mailman/mail/mailman subscribe mailman"
mailman-unsubscribe: "|/usr/lib/mailman/mail/mailman unsubscribe mailman"
For courier, the aliases have to go to /etc/courier/aliases and you have to skip
the quotes.
Run newaliases (only if you use sendmail).
newaliases
6) Start the mailman daemon:
/etc/init.d/mailman start
and add it to default runlevel (optional but recommended):
rc-update add mailman default
7) For each list created (either with web interface or with bin/newlist)
this must be added to /etc/mail/aliases (see smrsh notes below)
replace <list-name> with the name of the list:
<list-name>: "|/usr/lib/mailman/mail/mailman post <list-name>"
<list-name>-admin: "|/usr/lib/mailman/mail/mailman admin <list-name>"
<list-name>-bounces: "|/usr/lib/mailman/mail/mailman bounces <list-name>"
<list-name>-confirm: "|/usr/lib/mailman/mail/mailman confirm <list-name>"
<list-name>-join: "|/usr/lib/mailman/mail/mailman join <list-name>"
<list-name>-leave: "|/usr/lib/mailman/mail/mailman leave <list-name>"
<list-name>-owner: "|/usr/lib/mailman/mail/mailman owner <list-name>"
<list-name>-request: "|/usr/lib/mailman/mail/mailman request <list-name>"
<list-name>-subscribe: "|/usr/lib/mailman/mail/mailman subscribe <list-name>"
<list-name>-unsubscribe: "|/usr/lib/mailman/mail/mailman unsubscribe <list-name>"
For courier, the aliases have to go to /etc/courier/aliases and you have to skip
the quotes.
Run newaliases:
newaliases
smrsh notes
-----------
(if you use sendmail, you are surely using srmsh) you must note that
sendmail won't run any program outside of EBINDIR. I tried to change
EBINDIR using,define(`confEBINDIR', `/usr/lib/mailman/mail')dnl in
sendmail.mc but it didn't work, so mailman must be placed in EBINDIR,
which in Gentoo is /usr/adm/sm.bin, so you must run as root:
ln -s /usr/lib/mailman/mail/mailman /usr/adm/sm.bin/mailman
And the lines in /etc/mail/aliases which refer to
/usr/lib/mailman/mail/mailman must be changed to mailman:
<list-name>: "|mailman post <list-name>"
<list-name>-admin: "|mailman admin <list-name>"
<list-name>-bounces: "|mailman bounces <list-name>"
<list-name>-confirm: "|mailman confirm <list-name>"
<list-name>-join: "|mailman join <list-name>"
<list-name>-leave: "|mailman leave <list-name>"
<list-name>-owner: "|mailman owner <list-name>"
<list-name>-request: "|mailman request <list-name>"
<list-name>-subscribe: "|mailman subscribe <list-name>"
<list-name>-unsubscribe: "|mailman unsubscribe <list-name>"
exim notes
----------
You can write an exim stanza for the router and transport that looks something
like (Derived from, and in part taken from cpanel):
mailman_virtual_router:
driver = accept
require_files = /var/lib/mailman/lists/${lc::$local_part}/config.pck
local_part_suffix_optional
local_part_suffix = -admin : \
-bounces : -bounces+* : \
-confirm : -confirm+* : \
-join : -leave : \
-owner : -request : \
-subscribe : -unsubscribe
transport = mailman_virtual_transport
mailman_virtual_transport:
driver = pipe
command = /usr/lib/mailman/mail/mailman \
'${if def:local_part_suffix \
{${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \
{post}}' \
${lc:$local_part}
current_directory = /usr/lib/mailman
home_directory = /usr/lib/mailman
user = mailman
group = mailman
Note the double colon in the require files. See
http://wiki.exim.org/FAQ/General_Debugging/Q0060 for more information.
This should be modified if you're using the vhosts USE flag, specifically you
need to modify the location of the config.pck file, to be
${lc::$local_part}-${lc::$domain} instead of simply ${lc::$local_part}, and for the
transport you need to change the last part of the command in the same fashion.
Other Helpful things to know...
-------------------------------
run "bin/check_perms -f" from the root mailman directory
(/usr/lib/mailman) to check and fix permission problems.
The INSTALL file is located in /usr/share/doc/mailman-$VERSION/
Postfix notes
-------------
If you're using Postfix, don't manually change your /etc/mail/aliases
file, as described above. Instead, follow these instructions:
http://list.org/mailman-install/node13.html
This will set up Mailman and Postfix to automatically generate the new
aliases when you create new lists. It will also make sure that Postfix
uses the correct group ID when it's talking to Mailman, otherwise you
will get security errors from Mailman.

30
net-mail/mailman/files/mailman-2.1.8_rc1-directory-check.patch Normal file
View File

@@ -0,0 +1,30 @@
--- bin/check_perms.org 2005-05-25 00:04:15.000000000 +0200
+++ bin/check_perms 2005-05-25 00:04:35.000000000 +0200
@@ -331,6 +331,8 @@
print _('checking permissions on list data')
# BAW: This needs to be converted to the Site module abstraction
for dir in os.listdir(mm_cfg.LIST_DATA_DIR):
+ if not S_ISDIR(statmode(os.path.join(mm_cfg.LIST_DATA_DIR,dir))):
+ continue
for file in checkfiles:
path = os.path.join(mm_cfg.LIST_DATA_DIR, dir, file)
if STATE.VERBOSE:
--- bin/update.org 2005-05-25 00:04:30.000000000 +0200
+++ bin/update 2005-05-25 00:04:35.000000000 +0200
@@ -34,6 +34,7 @@
"""
import os
+import stat
import md5
import sys
import time
@@ -425,7 +426,7 @@
# Now update for the Mailman 2.1.5 qfile format. For every filebase in
# the qfiles/* directories that has both a .pck and a .db file, pull the
# data out and re-queue them.
- for dirname in os.listdir(mm_cfg.QUEUE_DIR):
+ for dirname in [x for x in os.listdir(mm_cfg.QUEUE_DIR) if stat.S_ISDIR(os.stat(os.path.join(mm_cfg.QUEUE_DIR,x)).st_mode)]:
dirpath = os.path.join(mm_cfg.QUEUE_DIR, dirname)
if dirpath == mm_cfg.BADQUEUE_DIR:
# The files in qfiles/bad can't possibly be pickles

275
net-mail/mailman/files/mailman-2.1.9-fix-XSS.patch Normal file
View File

@@ -0,0 +1,275 @@
=== modified file 'Mailman/Cgi/edithtml.py'
--- Mailman/Cgi/edithtml.py 2006-08-30 14:54:22 +0000
+++ Mailman/Cgi/edithtml.py 2007-12-04 19:52:18 +0000
@@ -1,4 +1,4 @@
-# Copyright (C) 1998-2006 by the Free Software Foundation, Inc.
+# Copyright (C) 1998-2007 by the Free Software Foundation, Inc.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
@@ -159,7 +159,20 @@
doc.AddItem('<hr>')
return
code = cgi_info['html_code'].value
- code = re.sub(r'<([/]?script.*?)>', r'&lt;\1&gt;', code)
+ if Utils.suspiciousHTML(code):
+ doc.AddItem(Header(3,
+ _("""The page you saved contains suspicious HTML that could
+potentially expose your users to cross-site scripting attacks. This change
+has therefore been rejected. If you still want to make these changes, you
+must have shell access to your Mailman server.
+ """)))
+ doc.AddItem(_('See '))
+ doc.AddItem(Link(
+'http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq04.048.htp',
+ _('FAQ 4.48.')))
+ doc.AddItem(Header(3,_("Page Unchanged.")))
+ doc.AddItem('<hr>')
+ return
langdir = os.path.join(mlist.fullpath(), mlist.preferred_language)
# Make sure the directory exists
omask = os.umask(0)
=== modified file 'Mailman/Gui/General.py'
--- Mailman/Gui/General.py 2006-08-30 14:54:22 +0000
+++ Mailman/Gui/General.py 2007-12-04 19:52:18 +0000
@@ -1,4 +1,4 @@
-# Copyright (C) 2001-2006 by the Free Software Foundation, Inc.
+# Copyright (C) 2001-2007 by the Free Software Foundation, Inc.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
@@ -436,17 +442,21 @@
# Convert any html entities to Unicode
mlist.subject_prefix = Utils.canonstr(
val, mlist.preferred_language)
+ elif property == 'info':
+ if val <> mlist.info:
+ if Utils.suspiciousHTML(val):
+ doc.addError(_("""The <b>info</b> attribute you saved
+contains suspicious HTML that could potentially expose your users to cross-site
+scripting attacks. This change has therefore been rejected. If you still want
+to make these changes, you must have shell access to your Mailman server.
+This change can be made with bin/withlist or with bin/config_list by setting
+mlist.info.
+ """))
+ else:
+ mlist.info = val
else:
GUIBase._setValue(self, mlist, property, val, doc)
- def _escape(self, property, value):
- # The 'info' property allows HTML, but let's sanitize it to avoid XSS
- # exploits. Everything else should be fully escaped.
- if property <> 'info':
- return GUIBase._escape(self, property, value)
- # Sanitize <script> and </script> tags but nothing else. Not the best
- # solution, but expedient.
- return re.sub(r'(?i)<([/]?script.*?)>', r'&lt;\1&gt;', value)
def _postValidate(self, mlist, doc):
if not mlist.reply_to_address.strip() and \
=== modified file 'Mailman/Gui/GUIBase.py'
--- Mailman/Gui/GUIBase.py 2005-08-27 01:40:17 +0000
+++ Mailman/Gui/GUIBase.py 2007-11-18 20:01:26 +0000
@@ -1,4 +1,4 @@
-# Copyright (C) 2002-2004 by the Free Software Foundation, Inc.
+# Copyright (C) 2002-2007 by the Free Software Foundation, Inc.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
@@ -12,7 +12,8 @@
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+# USA.
"""Base class for all web GUI components."""
@@ -122,10 +127,6 @@
# Validate all the attributes for this category
pass
- def _escape(self, property, value):
- value = value.replace('<', '&lt;')
- return value
-
def handleForm(self, mlist, category, subcat, cgidata, doc):
for item in self.GetConfigInfo(mlist, category, subcat):
# Skip descriptions and legacy non-attributes
@@ -144,10 +145,9 @@
elif not cgidata.has_key(property):
continue
elif isinstance(cgidata[property], ListType):
- val = [self._escape(property, x.value)
- for x in cgidata[property]]
+ val = [x.value for x in cgidata[property]]
else:
- val = self._escape(property, cgidata[property].value)
+ val = cgidata[property].value
# Coerce the value to the expected type, raising exceptions if the
# value is invalid.
try:
=== modified file 'Mailman/Utils.py'
--- Mailman/Utils.py 2007-11-25 08:04:30 +0000
+++ Mailman/Utils.py 2007-12-04 19:52:18 +0000
@@ -876,3 +876,154 @@
except (LookupError, UnicodeError, ValueError, HeaderParseError):
# possibly charset problem. return with undecoded string in one line.
return EMPTYSTRING.join(s.splitlines())
+
+
+# Patterns and functions to flag possible XSS attacks in HTML.
+# This list is compiled from information at http://ha.ckers.org/xss.html,
+# http://www.quirksmode.org/js/events_compinfo.html,
+# http://www.htmlref.com/reference/appa/events1.htm,
+# http://lxr.mozilla.org/mozilla/source/content/events/src/nsDOMEvent.cpp#59,
+# http://www.w3.org/TR/DOM-Level-2-Events/events.html and
+# http://www.xulplanet.com/references/elemref/ref_EventHandlers.html
+# Many thanks are due to Moritz Naumann for his assistance with this.
+_badwords = [
+ '<i?frame',
+ '<link',
+ '<meta',
+ '<script',
+ r'(?:^|\W)j(?:ava)?script(?:\W|$)',
+ r'(?:^|\W)vbs(?:cript)?(?:\W|$)',
+ r'(?:^|\W)domactivate(?:\W|$)',
+ r'(?:^|\W)domattrmodified(?:\W|$)',
+ r'(?:^|\W)domcharacterdatamodified(?:\W|$)',
+ r'(?:^|\W)domfocus(?:in|out)(?:\W|$)',
+ r'(?:^|\W)dommenuitem(?:in)?active(?:\W|$)',
+ r'(?:^|\W)dommousescroll(?:\W|$)',
+ r'(?:^|\W)domnodeinserted(?:intodocument)?(?:\W|$)',
+ r'(?:^|\W)domnoderemoved(?:fromdocument)?(?:\W|$)',
+ r'(?:^|\W)domsubtreemodified(?:\W|$)',
+ r'(?:^|\W)fscommand(?:\W|$)',
+ r'(?:^|\W)onabort(?:\W|$)',
+ r'(?:^|\W)on(?:de)?activate(?:\W|$)',
+ r'(?:^|\W)on(?:after|before)print(?:\W|$)',
+ r'(?:^|\W)on(?:after|before)update(?:\W|$)',
+ r'(?:^|\W)onbefore(?:(?:de)?activate|copy|cut|editfocus|paste)(?:\W|$)',
+ r'(?:^|\W)onbeforeunload(?:\W|$)',
+ r'(?:^|\W)onbegin(?:\W|$)',
+ r'(?:^|\W)onblur(?:\W|$)',
+ r'(?:^|\W)onbounce(?:\W|$)',
+ r'(?:^|\W)onbroadcast(?:\W|$)',
+ r'(?:^|\W)on(?:cell)?change(?:\W|$)',
+ r'(?:^|\W)oncheckboxstatechange(?:\W|$)',
+ r'(?:^|\W)on(?:dbl)?click(?:\W|$)',
+ r'(?:^|\W)onclose(?:\W|$)',
+ r'(?:^|\W)oncommand(?:update)?(?:\W|$)',
+ r'(?:^|\W)oncomposition(?:end|start)(?:\W|$)',
+ r'(?:^|\W)oncontextmenu(?:\W|$)',
+ r'(?:^|\W)oncontrolselect(?:\W|$)',
+ r'(?:^|\W)oncopy(?:\W|$)',
+ r'(?:^|\W)oncut(?:\W|$)',
+ r'(?:^|\W)ondataavailable(?:\W|$)',
+ r'(?:^|\W)ondataset(?:changed|complete)(?:\W|$)',
+ r'(?:^|\W)ondrag(?:drop|end|enter|exit|gesture|leave|over)?(?:\W|$)',
+ r'(?:^|\W)ondragstart(?:\W|$)',
+ r'(?:^|\W)ondrop(?:\W|$)',
+ r'(?:^|\W)onend(?:\W|$)',
+ r'(?:^|\W)onerror(?:update)?(?:\W|$)',
+ r'(?:^|\W)onfilterchange(?:\W|$)',
+ r'(?:^|\W)onfinish(?:\W|$)',
+ r'(?:^|\W)onfocus(?:in|out)?(?:\W|$)',
+ r'(?:^|\W)onhelp(?:\W|$)',
+ r'(?:^|\W)oninput(?:\W|$)',
+ r'(?:^|\W)onkey(?:up|down|press)(?:\W|$)',
+ r'(?:^|\W)onlayoutcomplete(?:\W|$)',
+ r'(?:^|\W)on(?:un)?load(?:\W|$)',
+ r'(?:^|\W)onlosecapture(?:\W|$)',
+ r'(?:^|\W)onmedia(?:complete|error)(?:\W|$)',
+ r'(?:^|\W)onmouse(?:down|enter|leave|move|out|over|up|wheel)(?:\W|$)',
+ r'(?:^|\W)onmove(?:end|start)?(?:\W|$)',
+ r'(?:^|\W)on(?:off|on)line(?:\W|$)',
+ r'(?:^|\W)onoutofsync(?:\W|$)',
+ r'(?:^|\W)onoverflow(?:changed)?(?:\W|$)',
+ r'(?:^|\W)onpage(?:hide|show)(?:\W|$)',
+ r'(?:^|\W)onpaint(?:\W|$)',
+ r'(?:^|\W)onpaste(?:\W|$)',
+ r'(?:^|\W)onpause(?:\W|$)',
+ r'(?:^|\W)onpopup(?:hidden|hiding|showing|shown)(?:\W|$)',
+ r'(?:^|\W)onprogress(?:\W|$)',
+ r'(?:^|\W)onpropertychange(?:\W|$)',
+ r'(?:^|\W)onradiostatechange(?:\W|$)',
+ r'(?:^|\W)onreadystatechange(?:\W|$)',
+ r'(?:^|\W)onrepeat(?:\W|$)',
+ r'(?:^|\W)onreset(?:\W|$)',
+ r'(?:^|\W)onresize(?:end|start)?(?:\W|$)',
+ r'(?:^|\W)onresume(?:\W|$)',
+ r'(?:^|\W)onreverse(?:\W|$)',
+ r'(?:^|\W)onrow(?:delete|enter|exit|inserted)(?:\W|$)',
+ r'(?:^|\W)onrows(?:delete|enter|inserted)(?:\W|$)',
+ r'(?:^|\W)onscroll(?:\W|$)',
+ r'(?:^|\W)onseek(?:\W|$)',
+ r'(?:^|\W)onselect(?:start)?(?:\W|$)',
+ r'(?:^|\W)onselectionchange(?:\W|$)',
+ r'(?:^|\W)onstart(?:\W|$)',
+ r'(?:^|\W)onstop(?:\W|$)',
+ r'(?:^|\W)onsubmit(?:\W|$)',
+ r'(?:^|\W)onsync(?:from|to)preference(?:\W|$)',
+ r'(?:^|\W)onsyncrestored(?:\W|$)',
+ r'(?:^|\W)ontext(?:\W|$)',
+ r'(?:^|\W)ontimeerror(?:\W|$)',
+ r'(?:^|\W)ontrackchange(?:\W|$)',
+ r'(?:^|\W)onunderflow(?:\W|$)',
+ r'(?:^|\W)onurlflip(?:\W|$)',
+ r'(?:^|\W)seeksegmenttime(?:\W|$)',
+ r'(?:^|\W)svgabort(?:\W|$)',
+ r'(?:^|\W)svgerror(?:\W|$)',
+ r'(?:^|\W)svgload(?:\W|$)',
+ r'(?:^|\W)svgresize(?:\W|$)',
+ r'(?:^|\W)svgscroll(?:\W|$)',
+ r'(?:^|\W)svgunload(?:\W|$)',
+ r'(?:^|\W)svgzoom(?:\W|$)',
+ ]
+
+
+# This is the actual re to look for the above patterns
+_badhtml = re.compile('|'.join(_badwords), re.IGNORECASE)
+# This is used to filter non-printable us-ascii characters, some of which
+# can be used to break words to avoid recognition.
+_filterchars = re.compile('[\000-\011\013\014\016-\037\177-\237]')
+# This is used to recognize '&#' and '%xx' strings for _translate which
+# translates them to characters
+_encodedchars = re.compile('(&#[0-9]+;?)|(&#x[0-9a-f]+;?)|(%[0-9a-f]{2})',
+ re.IGNORECASE)
+
+
+def _translate(mo):
+ """Translate &#... and %xx encodings into the encoded character."""
+ match = mo.group().lower().strip('&#;')
+ try:
+ if match.startswith('x') or match.startswith('%'):
+ val = int(match[1:], 16)
+ else:
+ val = int(match, 10)
+ except ValueError:
+ return ''
+ if val < 256:
+ return chr(val)
+ else:
+ return ''
+
+
+def suspiciousHTML(html):
+ """Check HTML string for various tags, script language names and
+ 'onxxx' actions that can be used in XSS attacks.
+ Currently, this a very simple minded test. It just looks for
+ patterns without analyzing context. Thus, it potentially flags lots
+ of benign stuff.
+ Returns True if anything suspicious found, False otherwise.
+ """
+
+ if _badhtml.search(_filterchars.sub(
+ '', _encodedchars.sub(_translate, html))):
+ return True
+ else:
+ return False

12
net-mail/mailman/files/mailman-2.1.9-icons.patch Normal file
View File

@@ -0,0 +1,12 @@
diff -rau mailman-2.1.9-orig/Mailman/Defaults.py.in mailman-2.1.9-mailman-icons/Mailman/Defaults.py.in
--- mailman-2.1.9-orig/Mailman/Defaults.py.in 2006-08-04 14:20:33.000000000 +0200
+++ mailman-2.1.9/Mailman/Defaults.py.in 2008-02-03 14:27:02.000000000 +0200
@@ -54,7 +54,7 @@
# disable Mailman's logo footer altogther, hack
# Mailman/htmlformat.py:MailmanLogo(), which also contains the hardcoded links
# and image names.
-IMAGE_LOGOS = '/icons/'
+IMAGE_LOGOS = '/mailman-icons/'
# The name of the Mailman favicon
SHORTCUT_ICON = 'mm-icon.png'

157
net-mail/mailman/files/mailman-python2.6.patch Normal file
View File

@@ -0,0 +1,157 @@
diff -ur mailman-2.1.11/Mailman/Bouncers/Caiwireless.py mailman-2.1.11-py26/Mailman/Bouncers/Caiwireless.py
--- mailman-2.1.11/Mailman/Bouncers/Caiwireless.py 2008-06-30 18:29:46.000000000 +0200
+++ mailman-2.1.11-py26/Mailman/Bouncers/Caiwireless.py 2008-10-15 13:29:11.000000000 +0200
@@ -27,7 +27,7 @@
def process(msg):
- if msg.get_type() <> 'multipart/mixed':
+ if msg.get_content_type() <> 'multipart/mixed':
return None
# simple state machine
# 0 == nothing seen
diff -ur mailman-2.1.11/Mailman/Bouncers/GroupWise.py mailman-2.1.11-py26/Mailman/Bouncers/GroupWise.py
--- mailman-2.1.11/Mailman/Bouncers/GroupWise.py 2008-06-30 18:29:46.000000000 +0200
+++ mailman-2.1.11-py26/Mailman/Bouncers/GroupWise.py 2008-10-15 13:29:26.000000000 +0200
@@ -30,7 +30,7 @@
def find_textplain(msg):
- if msg.get_type(msg.get_default_type()) == 'text/plain':
+ if msg.get_content_type(msg.get_default_type()) == 'text/plain':
return msg
if msg.is_multipart:
for part in msg.get_payload():
@@ -44,7 +44,7 @@
def process(msg):
- if msg.get_type() <> 'multipart/mixed' or not msg['x-mailer']:
+ if msg.get_content_type() <> 'multipart/mixed' or not msg['x-mailer']:
return None
if msg['x-mailer'][:3].lower() not in ('nov', 'ntm', 'int'):
return None
diff -ur mailman-2.1.11/Mailman/Bouncers/Microsoft.py mailman-2.1.11-py26/Mailman/Bouncers/Microsoft.py
--- mailman-2.1.11/Mailman/Bouncers/Microsoft.py 2008-06-30 18:29:46.000000000 +0200
+++ mailman-2.1.11-py26/Mailman/Bouncers/Microsoft.py 2008-10-15 13:29:52.000000000 +0200
@@ -25,7 +25,7 @@
def process(msg):
- if msg.get_type() <> 'multipart/mixed':
+ if msg.get_content_type() <> 'multipart/mixed':
return None
# Find the first subpart, which has no MIME type
try:
diff -ur mailman-2.1.11/Mailman/Bouncers/Netscape.py mailman-2.1.11-py26/Mailman/Bouncers/Netscape.py
--- mailman-2.1.11/Mailman/Bouncers/Netscape.py 2008-06-30 18:29:46.000000000 +0200
+++ mailman-2.1.11-py26/Mailman/Bouncers/Netscape.py 2008-10-15 13:30:04.000000000 +0200
@@ -61,7 +61,7 @@
leaves = []
flatten(msg, leaves)
for i, subpart in zip(range(len(leaves)-1), leaves):
- if subpart.get_type() == 'text/plain':
+ if subpart.get_content_type() == 'text/plain':
plainmsg = subpart
break
if not plainmsg:
diff -ur mailman-2.1.11/Mailman/Bouncers/Postfix.py mailman-2.1.11-py26/Mailman/Bouncers/Postfix.py
--- mailman-2.1.11/Mailman/Bouncers/Postfix.py 2008-06-30 18:29:46.000000000 +0200
+++ mailman-2.1.11-py26/Mailman/Bouncers/Postfix.py 2008-10-15 13:29:01.000000000 +0200
@@ -71,14 +71,14 @@
def process(msg):
- if msg.get_type() not in ('multipart/mixed', 'multipart/report'):
+ if msg.get_content_type() not in ('multipart/mixed', 'multipart/report'):
return None
# We're looking for the plain/text subpart with a Content-Description: of
# `notification'.
leaves = []
flatten(msg, leaves)
for subpart in leaves:
- if subpart.get_type() == 'text/plain' and \
+ if subpart.get_content_type() == 'text/plain' and \
subpart.get('content-description', '').lower() == 'notification':
# then...
return findaddr(subpart)
diff -ur mailman-2.1.11/Mailman/Handlers/Decorate.py mailman-2.1.11-py26/Mailman/Handlers/Decorate.py
--- mailman-2.1.11/Mailman/Handlers/Decorate.py 2008-06-30 18:29:46.000000000 +0200
+++ mailman-2.1.11-py26/Mailman/Handlers/Decorate.py 2008-10-15 13:30:23.000000000 +0200
@@ -130,7 +130,7 @@
wrap = False
except (LookupError, UnicodeError):
pass
- elif msg.get_type() == 'multipart/mixed':
+ elif msg.get_content_type() == 'multipart/mixed':
# The next easiest thing to do is just prepend the header and append
# the footer as additional subparts
payload = msg.get_payload()
diff -ur mailman-2.1.11/Mailman/Handlers/Scrubber.py mailman-2.1.11-py26/Mailman/Handlers/Scrubber.py
--- mailman-2.1.11/Mailman/Handlers/Scrubber.py 2008-06-30 18:29:46.000000000 +0200
+++ mailman-2.1.11-py26/Mailman/Handlers/Scrubber.py 2008-10-15 13:26:42.000000000 +0200
@@ -189,7 +189,7 @@
# Now walk over all subparts of this message and scrub out various types
format = delsp = None
for part in msg.walk():
- ctype = part.get_type(part.get_default_type())
+ ctype = part.get_content_type()
# If the part is text/plain, we leave it alone
if ctype == 'text/plain':
# We need to choose a charset for the scrubbed message, so we'll
@@ -300,7 +300,7 @@
# will transform the url into a hyperlink.
elif part.get_payload() and not part.is_multipart():
payload = part.get_payload(decode=True)
- ctype = part.get_type()
+ ctype = part.get_content_type()
# XXX Under email 2.5, it is possible that payload will be None.
# This can happen when you have a Content-Type: multipart/* with
# only one part and that part has two blank lines between the
diff -ur mailman-2.1.11/Mailman/Handlers/Tagger.py mailman-2.1.11-py26/Mailman/Handlers/Tagger.py
--- mailman-2.1.11/Mailman/Handlers/Tagger.py 2008-06-30 18:29:46.000000000 +0200
+++ mailman-2.1.11-py26/Mailman/Handlers/Tagger.py 2008-10-15 13:30:37.000000000 +0200
@@ -69,11 +69,11 @@
# or if the outer type is multipart/alternative and there is a text/plain
# part. Anything else, and the body is ignored for header-scan purposes.
found = None
- if msg.get_type('text/plain') == 'text/plain':
+ if msg.get_content_type('text/plain') == 'text/plain':
found = msg
- elif msg.is_multipart() and msg.get_type() == 'multipart/alternative':
+ elif msg.is_multipart() and msg.get_content_type() == 'multipart/alternative':
for found in msg.get_payload():
- if found.get_type('text/plain') == 'text/plain':
+ if found.get_content_type('text/plain') == 'text/plain':
break
else:
found = None
diff -ur mailman-2.1.11/Mailman/SecurityManager.py mailman-2.1.11-py26/Mailman/SecurityManager.py
--- mailman-2.1.11/Mailman/SecurityManager.py 2008-06-30 18:29:46.000000000 +0200
+++ mailman-2.1.11-py26/Mailman/SecurityManager.py 2008-10-15 12:55:04.000000000 +0200
@@ -49,6 +49,11 @@
import os
import re
+
+from warnings import filterwarnings
+filterwarnings('ignore', '.* sha module', DeprecationWarning)
+filterwarnings('ignore', '.* md5 module', DeprecationWarning)
+
import sha
import time
import Cookie
diff -ur mailman-2.1.11/Mailman/Utils.py mailman-2.1.11-py26/Mailman/Utils.py
--- mailman-2.1.11/Mailman/Utils.py 2008-06-30 18:29:46.000000000 +0200
+++ mailman-2.1.11-py26/Mailman/Utils.py 2008-10-15 12:47:17.000000000 +0200
@@ -28,6 +28,10 @@
import os
import re
+
+from warnings import filterwarnings
+filterwarnings('ignore', '.* sha module', DeprecationWarning)
+
import cgi
import sha
import time

17
net-mail/mailman/files/mailman.conf Normal file
View File

@@ -0,0 +1,17 @@
ScriptAlias /mailman/ "/usr/local/mailman/cgi-bin/"
<Directory "/usr/local/mailman/cgi-bin/">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
Alias /pipermail/ "/usr/local/mailman/archives/public/"
<Directory "/usr/local/mailman/archives/public/">
AllowOverride None
Options ExecCGI FollowSymLinks
Order allow,deny
Allow from all
</Directory>

27
net-mail/mailman/files/mailman.rc Normal file
View File

@@ -0,0 +1,27 @@
#!/sbin/runscript
# Copyright 1999-2004 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-mail/mailman/files/mailman.rc,v 1.5 2004/07/14 23:50:52 agriffis Exp $
depend() {
need net
use logger
}
start() {
ebegin "Starting mailman"
su - mailman -c 'bin/mailmanctl -s start' >/dev/null 2>&1
eend $?
}
stop() {
ebegin "Stopping mailman"
su - mailman -c 'bin/mailmanctl stop' >/dev/null 2>&1
eend $?
}
svc_restart() {
ebegin "Restarting mailman"
su - mailman -c 'bin/mailmanctl restart' >/dev/null 2>&1
eend $?
}