[Pkg-mailman-hackers] Bug#458045: mailman: When run on SSL host: admindb form contains NON-ssl action URL

Ralf G. R. Bergs Ralf+Debian at Bergs.BIZ
Fri Dec 28 08:59:37 UTC 2007 

Package: mailman
Version: 1:2.1.9-7
Severity: important

I'm running Mailman on an SSL host. When I try to work on administrative
requests, i. e. to discard a held message, and press the "Submit All Data"
form submit button, my browser (Firefox 2.0.0.11) sends a POST request
against the non-SSL host, because the action URL constructed by
/cgi-bin/mailman/admindb starts with http://...

Moreover, my non-SSL host redirects all requests to http://... to the SSL
host, i. e. http://my.host/foobar would be redirected to
https://my.host/foobar. This also happens with the form POST request
described above. Mailmain's CGI executable /cgi-bin/mailman/admindb *does*
follow the Location header to the SSL host, BUT it doesn't send a POST
afterwards to the new location, but instead sends a GET request. That means
my changes aren't applied, but instead the current (unchanged!) status is
requested again.


-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (990, 'stable'), (650, 'testing')
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-5-amd64
Locale: LANG=en_US.ISO-8859-15, LC_CTYPE=en_US.ISO-8859-15 (charmap=ISO-8859-15)

Versions of packages mailman depends on:
ii  adduser                3.102             Add and remove users and groups
ii  apache2-mpm-prefork [h 2.2.3-4+etch3     Traditional model for Apache HTTPD
ii  cron                   3.0pl1-100        management of regular background p
ii  debconf [debconf-2.0]  1.5.11etch1       Debian configuration management sy
ii  exim4                  4.63-17           metapackage to ease exim MTA (v4) 
ii  exim4-daemon-heavy [ma 4.63-17           exim MTA (v4) daemon with extended
ii  libc6                  2.3.6.ds1-13etch4 GNU C Library: Shared libraries
ii  logrotate              3.7.1-3           Log rotation utility
ii  lsb-base               3.1-23.2etch1     Linux Standard Base 3.1 init scrip
ii  pwgen                  2.05-1            Automatic Password generation
ii  python                 2.4.4-2           An interactive high-level object-o
ii  python-support         0.5.6             automated rebuilding support for p
ii  ucf                    2.0020            Update Configuration File: preserv

mailman recommends no packages.

-- debconf information:
  mailman/queue_files_present:
* mailman/default_server_language: en
* mailman/gate_news: false
* mailman/site_languages: en
* mailman/used_languages: en
* mailman/create_site_list:

More information about the Pkg-mailman-hackers mailing list