REGRESSION: mailman broken after security upgrade on gutsy

Bug #202332 reported by Szilveszter Farkas on 2008-03-14
14
Affects Status Importance Assigned to Milestone
mailman (Ubuntu)
Critical
Emanuele Gentili
Feisty
Critical
Martin Pitt
Gutsy
Critical
Martin Pitt

Bug Description

A security update to mailman, fixing multiple cross-site scripting vulnerabilities, caused mailman to fail to start due to a patching error. The following versions are affected:
  1:2.1.9-4ubuntu1.1 (Ubuntu 7.04)
  1:2.1.9-8ubuntu0.1 (Ubuntu 7.10)

The update has been withdrawn (both by disabling downloads of the relevant files, and by removing the package from feisty-security and gutsy-security) pending corrective action, and the security team is testing a fix.

Original report follows:

I got the following output during an 'apt-get upgrade':

Setting up mailman (1:2.1.9-8ubuntu0.1) ...
Traceback (most recent call last):
  File "/var/lib/mailman/bin/list_lists", line 47, in <module>
    from Mailman import MailList
  File "/var/lib/mailman/Mailman/MailList.py", line 64, in <module>
    from Mailman import Gui
  File "/var/lib/mailman/Mailman/Gui/__init__.py", line 21, in <module>
    from General import General
  File "/var/lib/mailman/Mailman/Gui/General.py", line 438
    elif property == 'info':
       ^
SyntaxError: invalid syntax
Installing site language en ............................................ done.
Traceback (most recent call last):
  File "/usr/lib/mailman/bin/update", line 51, in <module>
    from Mailman import MailList
  File "/var/lib/mailman/Mailman/MailList.py", line 64, in <module>
    from Mailman import Gui
  File "/var/lib/mailman/Mailman/Gui/__init__.py", line 21, in <module>
    from General import General
  File "/var/lib/mailman/Mailman/Gui/General.py", line 438
    elif property == 'info':
       ^
SyntaxError: invalid syntax
Traceback (most recent call last):
  File "/var/lib/mailman/bin/list_lists", line 47, in <module>
    from Mailman import MailList
  File "/var/lib/mailman/Mailman/MailList.py", line 64, in <module>
    from Mailman import Gui
  File "/var/lib/mailman/Mailman/Gui/__init__.py", line 21, in <module>
    from General import General
  File "/var/lib/mailman/Mailman/Gui/General.py", line 438
    elif property == 'info':
       ^
SyntaxError: invalid syntax
 * Site list for mailman (usually named mailman) missing.
 * Please create it; until then, mailman will refuse to start.
WARNING: compile error while trying to byte-compile /usr/lib/mailman/Mailman/Gui/General.py: File "/usr/lib/mailman/Mailman/Gui/General.py", line 438
    elif property == 'info':
       ^
SyntaxError: invalid syntax

(And I also get the same traceback in the logfiles when I try to access the lists page.)

Ernst Sjöstrand (ernstp) wrote :

Sorry, this wasn't a dupe, looked to quickly on the backtraces.
Happens on Feisty too.

Changed in mailman:
status: New → Confirmed
Contivity (maybespam) wrote :

Happening to me too. It was also impossible to stop after that. I have to download the older .deb package and use dpkg -i (for some reason it stops the process) and recreate every lists.

Contivity (maybespam) wrote :

I forget to mention. It happens on Gutsy after apt-get upgrade

Contivity (maybespam) wrote :

Can't edit previous posting and to mention it's amd64 platform

Simon IJskes (sim-nyx) wrote :

the problem is in 100_CVE-2008-0564.patch

Jeff Waugh (jdub) wrote :

Also seen here (gutsy, i386). Very serious, as it causes the daemon to fail, rendering lists inoperable.

The bug is obvious in the code (line 437 in /var/lib/mailman/Mailman/Gui/General.py):

            mlist.subject_prefix = Utils.canonstr(
        elif property == 'info':

Jeff Waugh (jdub) wrote :

Assigning to emgent, who uploaded the security update.

Changed in mailman:
assignee: nobody → emgent
Simon IJskes (sim-nyx) wrote :

fixed patch, cannot guarantee correctness, but it at least runs.

Simon IJskes (sim-nyx) wrote :

updated package.

NO WARRANTY , NO GUARANTEE OF ANY KIND!

Emanuele Gentili (emgent) wrote :

Thanks for notice, i'm working to it.
Sim IJskes please attach your cleaned diff, I will consider this.

Thanks for all

Changed in mailman:
importance: Undecided → Critical
status: Confirmed → In Progress
Simon IJskes (sim-nyx) wrote :

diff -r mailman-2.1.9/debian/patches/100_CVE-2008-0564.patch mailman-2.1.9-sgy/debian/patches/100_CVE-2008-0564.patch
59,60c59
< @@ -435,19 +435,21 @@
< elif property == 'subject_prefix':
---
> @@ -436,18 +436,21 @@
63c62
< - val, mlist.preferred_language)
---
> val, mlist.preferred_language)

Simon IJskes (sim-nyx) wrote :

The problem is in the incorrect 100_CVE-2008-0564.patch in the debian/patches directory.

It removes the line 'val, mlist.preferred_language)' from the file 'MailMan/Gui/General.py'.

My guess is, the patch was generated from a damaged General.py

Simon IJskes (sim-nyx) wrote :

--- mailman-2.1.9.orig/Mailman/Gui/General.py 2008-03-07 05:33:39.000000000 +0100
+++ mailman-2.1.9/Mailman/Gui/General.py 2008-03-07 05:35:05.000000000 +0100

By the way, 5:33 is for sleeping. LOL!

Gr. Sim

Colin Watson (cjwatson) wrote :

I've called James to ask for the broken update to be disabled temporarily, and raised a member of the security team to deal with a fix.

Miek Gieben (miek) wrote :

I'm using the debian etch package, which seems to work fine under Gutsy. See packages.debian.org.

Emanuele Gentili (emgent) wrote :

It's possible use my PPA for temporarily fix the problem.
https://edge.launchpad.net/~emgent/+archive

pitti working to upload my fix in security repository.

Thanks to all.

Colin Watson (cjwatson) on 2008-03-15
description: updated
Changed in mailman:
assignee: nobody → emgent
importance: Undecided → Critical
status: New → In Progress
assignee: nobody → emgent
importance: Undecided → Critical
status: New → In Progress
Colin Watson (cjwatson) on 2008-03-15
description: updated
Changed in mailman:
status: In Progress → Fix Committed
Martin Pitt (pitti) wrote :

Gutsy fix verified and uploaded.

Changed in mailman:
assignee: emgent → pitti
Martin Pitt (pitti) wrote :

Hardy is not affected according to Emanuele.

Changed in mailman:
status: In Progress → Invalid
Martin Pitt (pitti) wrote :

Tested and uploaded Feisty fix.

I'm going to publish the security update now.

Changed in mailman:
assignee: emgent → pitti
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mailman - 1:2.1.9-8ubuntu0.2

---------------
mailman (1:2.1.9-8ubuntu0.2) gutsy-security; urgency=low

  * debian/patches/100_CVE-2008-0564.dpatch: Readd erroneously removed code
    line which caused the code to become invalid and the package to not be
    installable. (LP: #202332)

 -- Emanuele Gentili <email address hidden> Sat, 15 Mar 2008 14:40:18 +0100

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mailman - 1:2.1.9-4ubuntu1.2

---------------
mailman (1:2.1.9-4ubuntu1.2) feisty-security; urgency=low

  * debian/patches/100_CVE-2008-0564.dpatch: Readd erroneously removed code
    line which caused the code to become invalid and the package to not be
    installable. (LP: #202332)

 -- Emanuele Gentili <email address hidden> Sat, 15 Mar 2008 15:04:04 +0100

Changed in mailman:
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers