Changes to fix cgi and portability with respect to the python interpreter location #22
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add __contains__ method to DumbBTree class to properly handle 'in' operator checks. Previously, when parentID was 0 (or any value not in the index), Python would fall back to __getitem__ which raised KeyError. Now __contains__ returns False for missing keys instead of raising an exception.
Encode response to bytes before calling sha_new() in AuthListModerator and AuthListPoster authentication branches. In Python 3, hashlib.sha1 requires bytes, not strings. This matches the existing fix in the AuthListAdmin branch.
Decode payload to string before processing in Approve handler. The get_payload(decode=True) can return bytes or strings, but the code was using line.find(b':') which assumes bytes. Now we ensure the payload is decoded to a string first, then use string operations consistently. Also fix similar issue with regex operations on payload.
Fixed a bug where MailList.__getattr__ returning 0 for missing pipeline attributes caused 'pipeline is not a list: 0 (type: int)' errors in the error log. The code now properly validates pipeline attributes and correctly prioritizes pipeline sources (msgdata > mlist.pipeline > GLOBAL_PIPELINE). Also improved error logging to indicate the source of invalid pipeline values for easier debugging.
This commit combines all work done during the divergence period from cpanel/main, from the divergence point (b00d5ae) through the convergence point where cpanel fixes were merged in (5f2368e). Includes: - Python 2 to Python 3 migration work - Pickle protocol handling fixes - Encoding and string handling improvements - Bug fixes and compatibility improvements - Configuration and build system updates Original commits: 720 commits from b00d5ae to 5f2368e
This commit consolidates extensive Python 3 compatibility improvements, bug fixes, and feature enhancements including: - Python 3 migration: Replace raw_input with input, fix execfile usage, handle string/bytes encoding throughout codebase - Encoding fixes: UTF-8 handling, proper encoding for email headers, subscription forms, and message decoration - Archiver improvements: Fix on-the-fly archiving, handle non-ASCII characters, improve archive format handling - cPanel integration: Sync fixes for pickle protocol detection, encoding issues, and various CPANEL ticket fixes - Configuration: Improve mm_cfg handler, fix circular import issues - Bug fixes: Fix TypeError with string encoding/hashing, KeyError in HyperDatabase, NNTP bridge issues, and various other fixes - Cron script fixes: Update senddigests, checkdbs, and other cron jobs for Python 3 compatibility This represents a comprehensive update bringing the codebase to full Python 3 compatibility while maintaining backward compatibility where possible.
Add __contains__ method to DumbBTree class to properly handle 'in' operator checks. Previously, when parentID was 0 (or any value not in the index), Python would fall back to __getitem__ which raised KeyError. Now __contains__ returns False for missing keys instead of raising an exception.
Encode response to bytes before calling sha_new() in AuthListModerator and AuthListPoster authentication branches. In Python 3, hashlib.sha1 requires bytes, not strings. This matches the existing fix in the AuthListAdmin branch.
Decode payload to string before processing in Approve handler. The get_payload(decode=True) can return bytes or strings, but the code was using line.find(b':') which assumes bytes. Now we ensure the payload is decoded to a string first, then use string operations consistently. Also fix similar issue with regex operations on payload.
Fixed a bug where MailList.__getattr__ returning 0 for missing pipeline attributes caused 'pipeline is not a list: 0 (type: int)' errors in the error log. The code now properly validates pipeline attributes and correctly prioritizes pipeline sources (msgdata > mlist.pipeline > GLOBAL_PIPELINE). Also improved error logging to indicate the source of invalid pipeline values for easier debugging.
Collapse divergence
- Add new password hashing functions using PBKDF2-SHA256 with format prefix - Maintain backward compatibility with old SHA1 passwords - Auto-upgrade passwords to PBKDF2 format on successful authentication - Update all password setting locations to use new hashing - Use only Python 3 standard library (hashlib.pbkdf2_hmac, secrets) This addresses GitHub security warnings about SHA1 usage while maintaining full backward compatibility for existing installations. Passwords are automatically upgraded as users authenticate, allowing incremental migration. Format: New passwords use $pbkdf2$<iterations>$<salt>$<hash> prefix Old format: 40 hex character SHA1 hashes (no prefix) still supported
- Add check_and_notify_password_upgrades() function to scan lists for old SHA1 passwords - Send email notifications to list administrators asking them to login - Add auto-upgrade support for global passwords when used for authentication - Add --dry-run option to preview password upgrade checks without sending emails - Update check_global_password() to support auto-upgrade parameter When bin/update runs, it now: - Checks all lists for old password formats - Sends emails to list owners asking them to login (which triggers auto-upgrade) - Detects old global passwords and notes they'll upgrade on next use - Supports --dry-run mode to preview without sending emails
Add deduplication by internal_name() to prevent the same list from being processed multiple times when checking for old password formats. This fixes an issue where the same list could appear multiple times in the output with different email addresses.
- Catch PermissionError/IOError when attempting to write password upgrades - Log uid/euid/gid/egid for debugging permission issues - Continue authentication even if upgrade fails (non-fatal) - Apply to global passwords, list admin, moderator, and poster passwords This prevents authentication failures when the process doesn't have write permissions to update password files, while still logging the issue for administrator review.
- Deduplicate listnames list before processing - Track both listname and internal_name to catch all duplicate cases - Use real_name for display instead of internal_name for better readability - Add multiple levels of deduplication to ensure each list appears only once This fixes an issue where the same list could appear multiple times in the output with different email addresses.
- Store both listname and mlist object to preserve original listname - Use email address listname part for display instead of real_name - This ensures correct list identification when multiple lists share the same real_name - Add clarifying comment about OwnerNotification sending to -owner address
…upgrade - Remove MD5 fallback authentication in SecurityManager - Remove crypt() fallback authentication in SecurityManager - Only support PBKDF2 and SHA1 formats (with SHA1 auto-upgrade to PBKDF2) - Add stamp files to prevent duplicate UTF-8 conversions during build - Update .gitignore to exclude conversion stamp files
- Add dependencies in bin/Makefile.in and cron/Makefile.in so build directory files are rebuilt when source files change - Make install targets depend on all target to ensure build files are current - Ensure build directories exist before descending into subdirectories - This fixes the issue where changes to source scripts weren't reflected in the build directory until a clean rebuild
- Make convertpofiles depend on $(POFILES) so make checks if .po files need to be merged with mailman.pot - The existing dependency rule %/LC_MESSAGES/mailman.po: mailman.pot ensures msgmerge only runs when mailman.pot is newer - Add --backup=none to msgmerge to avoid creating backup files - This fixes the issue where .po files were always being merged on every make run, even when mailman.pot hadn't changed
Upgrade password hashing from SHA1 to PBKDF2-SHA256
- Reorder arguments so that options are first for portability
1. catching errors 2. looking for the version in the right place
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.