[Pkg-mailman-hackers] Bug#343029: marked as done (mailman: No
warning about breaking admin passwords!)
Debian Bug Tracking System
owner at bugs.debian.org
Sun Dec 25 15:03:20 UTC 2005
Your message dated Sun, 25 Dec 2005 06:47:10 -0800
with message-id <E1EqX9S-0001zT-Fi at spohr.debian.org>
and subject line Bug#343029: fixed in mailman 2.1.6-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 12 Dec 2005 00:59:52 +0000
>From matthew at pick.ucam.org Sun Dec 11 16:59:52 2005
Return-path: <matthew at pick.ucam.org>
Received: from aragorn.weathertop.principate.org.uk ([217.147.92.65] ident=mail)
by spohr.debian.org with esmtp (Exim 4.50)
id 1Elc2h-00016W-NB
for submit at bugs.debian.org; Sun, 11 Dec 2005 16:59:52 -0800
Received: from matthew by aragorn.weathertop.principate.org.uk with local (Exim 3.36 #1 (Debian))
id 1Elc2g-0007za-00; Mon, 12 Dec 2005 00:59:50 +0000
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Matthew Vernon <matthew at debian.org>
To: Debian Bug Tracking System <submit at bugs.debian.org>
Subject: mailman: No warning about breaking admin passwords!
X-Mailer: reportbug 3.8
Date: Mon, 12 Dec 2005 00:59:50 +0000
Message-Id: <E1Elc2g-0007za-00 at aragorn.weathertop.principate.org.uk>
Sender: Matthew Vernon <matthew at pick.ucam.org>
Delivered-To: submit at bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Package: mailman
Version: 2.1.5-8
Severity: important
Hi,
Another upgrade issue that's just bitten me.
/usr/lib/mailman/bin/change_pw says:
"Prior to Mailman 2.1, list passwords were kept in crypt'd format -- usually.
Some Python installations didn't have the crypt module available, so they'd
fall back to md5. Then suddenly the Python installation might grow a crypt
module and all list passwords would be broken.
In Mailman 2.1, all list and site passwords are stored in SHA1 hexdigest
form. This breaks list passwords for all existing pre-Mailman 2.1 lists, and
since those passwords aren't stored anywhere in plain text, they cannot be
retrieved and updated."
That's all very well and good, but this means that everyone upgrading
from oldstable to stable will have had all their passwords
broken. Without any warning during the upgrade. This time there's
nothing in README.Debian either.
There really should be warning of this (well, actually, I think
breaking the passwords like that is pretty poor, but nonetheless, not
warning the admin you're doing so is bad).
Thanks,
Matthew
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.4.25
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages mailman depends on:
ii apache [httpd] 1.3.33-6sarge1 versatile, high-performance HTTP s
ii apache-ssl [httpd] 1.3.33-6sarge1 versatile, high-performance HTTP s
ii cron 3.0pl1-86 management of regular background p
ii debconf 1.4.30.13 Debian configuration management sy
ii exim [mail-transport-agen 3.36-16 An MTA (Mail Transport Agent)
ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an
ii logrotate 3.7-5 Log rotation utility
ii pwgen 2.03-1 Automatic Password generation
ii python 2.3.5-2 An interactive high-level object-o
ii ucf 1.17 Update Configuration File: preserv
-- debconf information:
* mailman/site_languages: en
* mailman/used_languages: en
* mailman/create_site_list:
mailman/queue_files_present:
* mailman/default_server_language: en
* mailman/gate_news: false
---------------------------------------
Received: (at 343029-close) by bugs.debian.org; 25 Dec 2005 14:51:49 +0000
>From katie at ftp-master.debian.org Sun Dec 25 06:51:49 2005
Return-path: <katie at ftp-master.debian.org>
Received: from katie by spohr.debian.org with local (Exim 4.50)
id 1EqX9S-0001zT-Fi; Sun, 25 Dec 2005 06:47:10 -0800
From: Lionel Elie Mamane <lmamane at debian.org>
To: 343029-close at bugs.debian.org
X-Katie: $Revision: 1.65 $
Subject: Bug#343029: fixed in mailman 2.1.6-1
Message-Id: <E1EqX9S-0001zT-Fi at spohr.debian.org>
Sender: Archive Administrator <katie at ftp-master.debian.org>
Date: Sun, 25 Dec 2005 06:47:10 -0800
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Source: mailman
Source-Version: 2.1.6-1
We believe that the bug you reported is fixed in the latest version of
mailman, which is due to be installed in the Debian FTP archive:
mailman_2.1.6-1.diff.gz
to pool/main/m/mailman/mailman_2.1.6-1.diff.gz
mailman_2.1.6-1.dsc
to pool/main/m/mailman/mailman_2.1.6-1.dsc
mailman_2.1.6-1_sparc.deb
to pool/main/m/mailman/mailman_2.1.6-1_sparc.deb
mailman_2.1.6.orig.tar.gz
to pool/main/m/mailman/mailman_2.1.6.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 343029 at bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Lionel Elie Mamane <lmamane at debian.org> (supplier of updated mailman package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster at debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Format: 1.7
Date: Sun, 25 Dec 2005 15:13:36 +0100
Source: mailman
Binary: mailman
Architecture: source sparc
Version: 2.1.6-1
Distribution: unstable
Urgency: low
Maintainer: Mailman for Debian <pkg-mailman-hackers at lists.alioth.debian.org>
Changed-By: Lionel Elie Mamane <lmamane at debian.org>
Description:
mailman - Powerful, web-based mailing list manager
Closes: 244673 244699 311414 343029
Changes:
mailman (2.1.6-1) unstable; urgency=low
.
* The "Quick, quick, upload before upstream releases a new version" release
* New upstream release: (closes: #311414)
New release packaging work:
- Drop patches integrated upstream (or same fix in another way):
handle-from-in-non-ascii
75_danish_options_traceback
73_list-id_strict_rfc
69_python24_bouncehandler_datetime
65_donot_add_empty_cc
57_fix_missing_da_template
04_CAN-2005-0202
03_CAN-2004-1143
02_CAN-2004-1177_driver_css
- Upstream doesn't ship README.{EXIM,POSTFIX} anymore: Drop their patch
- Update patches
62_new_list_bad_pending_requests
64_correct_html_nesting
68_translation_update_nl
70_invalid_utf8_dos.dpatch
99_js_templates
Bugs fixed upstream:
- Possible data loss in archives (closes: #244699)
* Don't fold headers in attachments (closes: #244673)
This avoids breaking cryptographic signatures
* Warn that list passwords are broken on upgrade from 2.0 (closes: #343029)
Files:
e4e6456ba10c6f8d94c289e7762397c4 738 mail optional mailman_2.1.6-1.dsc
4e0f9d09c1553bd1a0a5327052179ca2 6482726 mail optional mailman_2.1.6.orig.tar.gz
addf55484dbf9bfc0b021c34d51d4560 191965 mail optional mailman_2.1.6-1.diff.gz
079b89ff0bce69bd023d284c393133a1 7676726 mail optional mailman_2.1.6-1_sparc.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iEYEAREDAAYFAkOurwMACgkQscRzFz57S3N6LgCdEzLr9woAqN8XVRIDiqFHUaCB
IRkAoMFLc0rUlql5rcrGrTS1dKRQjgGp
=qh14
-----END PGP SIGNATURE-----
More information about the Pkg-mailman-hackers
mailing list