mailman-debugsource-2.1.35-lp152.7.6.1 4>$  @pa{!/=„!kqBM-6o~օ > YKs9+8F)a ]M R*BG )q6 +fB^O$ D_몦70[{.(ad-i6[iѽ&cB]T8BF˽j[i9_zUu1,_NG k L[4HoD}~ď牽2h͎mPf47981bcb61b76c8b890ce4bdbf8fc970323698b39c8d3d8b0d6adf2c503935abd1c36936058fc77f7bfa8ef7d4a91e2dd13b7d4RPa{!/=„vL)%k,NH?S5$L5=Wbɉ/^N{vɋ&M1Uk-ξ#9XM#٫nуu1/VkޮM]VLPy_MٞY5gnE,6[G-:5:ΞS갸]e}&(uu X|OtXpXEf+qAYFyѮݷLPjyʺA6dS|+(=/J,Ϙw0@4B@ Dl>p;;?:d ) K- FX     "@d|(;8D9:F7G7H7I7X7Y7\8 ]88^8b9c9d:?e:Df:Gl:Iu:\v:tz:::::Cmailman-debugsource2.1.35lp152.7.6.1Debug sources for package mailmanThis package provides debug sources for package mailman. Debug sources are useful when developing applications that use this package or when debugging this package.a{build70?openSUSE Leap 15.2openSUSEGPL-2.0-or-laterhttp://bugs.opensuse.orgDevelopment/Debughttp://www.gnu.org/software/mailman/mailman.htmllinuxx86_64&- AA큤a{a{a{a{aoaa{a1d45be8d4d1f26f7c597f28980aac317052591aa83a60cd62a391a95f1ee92f600818b7289cf7e3d8ae939f3202421b630154ba2b25cd006a31f480b852614e0ba735224839b1e4ddecf1fdf43b918b88c57eca92ed6759caeb5f294692e98e26d90dd99fca6eedf225f54b15a203f43003e259be2e1639c7b859ff93bf3111rootrootrootrootrootrootrootrootrootrootrootrootmailman-2.1.35-lp152.7.6.1.src.rpmmailman-debugsourcemailman-debugsource(x86-64)    rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)3.0.4-14.6.0-14.0-15.2-14.14.1ay?@_9^^>@^^*@\s[dC[W[4Z@ZZ`@Z@Z@YTX@X@W#W@Vn@V2VU@TPTABernhard Wiedemann Matej Cepl Matej Cepl Matej Cepl Matej Cepl Johannes Segitz Matej Cepl liedke@rz.uni-mannheim.deliedke@rz.uni-mannheim.deliedke@rz.uni-mannheim.detchvatal@suse.comtchvatal@suse.comliedke@rz.uni-mannheim.dedmueller@suse.comrbrown@suse.comdimstar@opensuse.orgkukuk@suse.dekukuk@suse.dehsk17@mail.dehsk@imb-jena.dehsk@imb-jena.dehsk@imb-jena.dempluskal@suse.comhsk@imb-jena.dehsk@imb-jena.dehsk@imb-jena.de- Update to 2.1.35 to fix 2 security issues: - A potential for for a list member to carry out an off-line brute force attack to obtain the list admin password has been reported by Andre Protas, Richard Cloke and Andy Nuttall of Apple. This is fixed. CVE-2021-42096 (boo#1191959, LP:#1947639) - A CSRF attack via the user options page could allow takeover of a users account. This is fixed. CVE-2021-42097 (boo#1191960, LP:#1947640) - Add reproducible.patch to use fixed build date in mailman-config to make package build reproducible (boo#1047218)- Update to 2.1.34: - The fix for lp#1859104 can result in ValueError being thrown on attempts to subscribe to a list. This is fixed and extended to apply REFUSE_SECOND_PENDING to unsubscription as well. (lp#1878458) - DMARC mitigation no longer misses if the domain name returned by DNS contains upper case. (lp#1881035) - A new WARN_MEMBER_OF_SUBSCRIBE setting can be set to No to prevent mailbombing of a member of a list with private rosters by repeated subscribe attempts. (lp#1883017) - Very long filenames for scrubbed attachments are now truncated. (lp#1884456) - A content injection vulnerability via the private login page has been fixed. CVE-2020-15011 (lp#1877379, bsc#1173369) - A content injection vulnerability via the options login page has been discovered and reported by Vishal Singh. CVE-2020-12108 (lp#1873722, bsc#1171363) - Bounce recognition for a non-compliant Yahoo format is added. - Archiving workaround for non-ascii in string.lowercase in some Python packages is added. - Thanks to Jim Popovitch, there is now a dmarc_moderation_addresses list setting that can be used to apply dmarc_moderation_action to mail From: addresses listed or matching listed regexps. This can be used to modify mail to addresses that don't accept external mail From: themselves. - There is a new MAX_LISTNAME_LENGTH setting. The fix for lp#1780874 obtains a list of the names of all the all the lists in the installation in order to determine the maximum length of a legitimate list name. It does this on every web access and on sites with a very large number of lists, this can have performance implications. See the description in Defaults.py for more information. - Thanks to Ralf Jung there is now the ability to add text based captchas (aka textchas) to the listinfo subscribe form. See the documentation for the new CAPTCHA setting in Defaults.py for how to enable this. Also note that if you have custom listinfo.html templates, you will have to add a tag to those templates to make this work. This feature can be used in combination with or instead of the Google reCAPTCHA feature added in 2.1.26. - Thanks to Ralf Hildebrandt the web admin Membership Management section now has a feature to sync the list's membership with a list of email addresses as with the bin/sync_members command. - There is a new drop_cc list attribute set from DEFAULT_DROP_CC. This controls the dropping of addresses from the Cc: header in delivered messages by the duplicate avoidance process. (lp#1845751) - There is a new REFUSE_SECOND_PENDING mm_cfg.py setting that will cause a second request to subscribe to a list when there is already a pending confirmation for that user. This can be set to Yes to prevent mailbombing of a third party by repeatedly posting the subscribe form. (lp#1859104) - Fixed the confirm CGI to catch a rare TypeError on simultaneous confirmations of the same token. (lp#1785854) - Scrubbed application/octet-stream MIME parts will now be given a .bin extension instead of .obj. CVE-2020-12137 (lp#1886117) - Added bounce recognition for a non-compliant opensmtpd DSN with Action: error. (lp#1805137) - Corrected and augmented some security log messages. (lp#1810098) - Implemented use of QRUNNER_SLEEP_TIME for bin/qrunner - -runner=All. (lp#1818205) - Leading/trailing spaces in provided email addresses for login to private archives and the user options page are now ignored. (lp#1818872) - Fixed the spelling of the --no-restart option for mailmanctl. - Fixed an issue where certain combinations of charset and invalid characters in a list's description could produce a List-ID header without angle brackets. (lp#1831321) - With the Postfix MTA and virtual domains, mappings for the site list -bounces and -request addresses in each virtual domain are now added to data/virtual-mailman (-owner was done in 2.1.24). (lp#1831777) - The paths.py module now extends sys.path with the result of site.getsitepackages() if available. (lp#1838866) - A bug causing a UnicodeDecodeError in preparing to send the confirmation request message to a new subscriber has been fixed. (lp#1851442) - The SimpleMatch heuristic bounce recognizer has been improved to not return most invalid email addresses. (lp#1859011) - Remove patch included upstream: - CVE-2020-12108_injection_options.patch - Patches reapplied on the new tarball: - mailman-2.1.14-editarch.patch - mailman-2.1.14-python.dif - mailman-2.1.4-notavaliduser.patch - mailman-2.1.5-no_extra_asian.dif - mailman-weak-password.diff- Add CVE-2020-12108_injection_options.patch fixing bsc#1171363 (CVE-2020-12108) - Make two remaining patches -p1 as well: - mailman-2.1.26-list_lists.patch - mailman-wrapper.patch- Don't default to invalid hosts for DEFAULT_EMAIL_HOST (bsc#682920), adjust mailman-2.1.14-python.dif. - Reapply and adjust remaining patches: - mailman-2.1.14-editarch.patch - mailman-2.1.4-dirmode.patch - mailman-2.1.4-notavaliduser.patch - mailman-2.1.5-no_extra_asian.dif - mailman-weak-password.diff- Fix rights and ownership on /var/lib/mailman/archives (bsc#1167068)- Don't use explicit chown and chmod in %post, but rather use %attr in files. Avoid bsc#1154328 (CVE-2019-3693)- boo#1095112: add /etc/mailman/mailman.cgi-gid and fix user rights.- update to 2.1.29: * Fixed the listinfo and admin overview pages that were broken- update to 2.1.28: * A content spoofing vulnerability with invalid list name messages in the web UI has been fixed. CVE-2018-13796 bsc#1101288 * It is now possible to edit HTML and text templates via the web admin UI in a supported language other than the list's preferred_language. * The Japanese translation has been updated * The German translation has been updated * The Esperanto translation has been updated * The BLOCK_SPAMHAUS_LISTED_DBL_SUBSCRIBE feature added in 2.1.27 was not working. This is fixed. * Escaping of HTML entities for the web UI is now done more selectively.- update to 2.1.27 * Existing protections against malicious listowners injecting evil scripts into listinfo pages have had a few more checks added. JVN#00846677/JPCERT#97432283/CVE-2018-0618 (boo#1099510) * A few more error messages have had their values HTML escaped. JVN#00846677/JPCERT#97432283/CVE-2018-0618 (boo#1099510) * The hash generated when SUBSCRIBE_FORM_SECRET is set could have been the same as one generated at the same time for a different list and IP address. While this is not thought to be exploitable in any way, the generation has been changed to avoid this. * An option has been added to bin/add_members to issue invitations instead of immediately adding members. * A new BLOCK_SPAMHAUS_LISTED_IP_SUBSCRIBE setting has been added to enable blocking web subscribes from IPv4 addresses listed in Spamhaus SBL, CSS or XBL. It will work with IPv6 addresses if Python's py2-ipaddress module is installed. The module can be installed via pip if not included in your Python. * Mailman has a new 'security' log and logs authentication failures to the various web CGI functions. The logged data include the remote IP and can be used to automate blocking of IPs with something like fail2ban. Since Mailman 2.1.14, these have returned an http 401 status and the information should be logged by the web server, but this new log makes that more convenient. Also, the 'mischief' log entries for 'hostile listname' noe include the remote IP if available. * admin notices of (un)subscribes now may give the source of the action. This consists of a %(whence)s replacement that has been added to the admin(un)subscribeack.txt templates. Thanks to Yasuhito FUTATSUKI for updating the non-English templates and help with internationalizing the reasons. * there is a new BLOCK_SPAMHAUS_LISTED_DBL_SUBSCRIBE setting to enable blocking web subscribes for addresses in domains listed in the Spamhaus DBL. * i18n & Bugfixes * for further details see NEWS- Fix install prefix for some of the files - Install license file- Sort out with spec-cleaner - Use direct paths in post scriptlets and properly state their deps - Do not attempt user creation during build, fails anyway - Use proper user creation code in scriptlets- update to 2.1.26 * An XSS vulnerability in the user options CGI could allow a crafted URL to execute arbitrary javascript in a user's browser. A related issue could expose information on a user's options page without requiring login. (CVE-2018-5950) bsc#1077358 * Google reCAPTCHA v2 * New bin/mailman-config command to display various information about this Mailman version and how it was configured. * bug fixes, i18n updates * for further details see NEWS - updato to 2.1.25 * The admindb held subscriptions listing now includes the date of the most recent request from the address. * bug fixes, i18n updates * for further details see NEWS - update to 2.1.24 * bug fixes, i18n updates * for further details see NEWS - Rename and refresh patch: * mailman-2.1.2-list_lists.patch to mailman-2.1.26-list_lists.patch- remove distributable flag (which is always true): drops SuSEconfig.mailman-SuSE, mailman-SuSE.patch, mailman-SuSE2.patch- Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)- Fix pre script for usage with more recent postfix versions.- Require system user wwwrun- Require fillup and insserv if we call them- update to 2.1.23 * CSRF protection in user options page (CVE-2016-6893) * header_filter_rules matching: headers and patterns are all decoded to unicode * another possible REMOVE_DKIM_HEADERS setting * SMTPDirect.py can now do SASL authentication and STARTTLS * bug fixes, i18n updates * for further details see NEWS- update to 2.1.22 * bug fixes, i18n updates; for details see NEWS- updated mailman-apache2.conf to support "require" syntax of recent apache httpd- update to 2.1.21 * new dmarc_none_moderation_action list setting * new feature to automatically turn on moderation for single list members (spam prevention) * new mm_cfg.py setting GLOBAL_BAN_LIST * translation updates and bug fixes * for more details see NEWS and Mailman/Defaults.py - mailman-2.1.4-dirmode.patch: adjusted to 2.1.21- Use url for source - Add gpg signature- update to 2.1.20 bsc#925502 * fix for CVE-2015-2775 (path traversal vulnerability) * new Address Change sub-section in the web admin Membership Management section * translation updates and bug fixes- update to 2.1.19 * backports from 2.2 development branch - new list attribute 'subscribe_auto_approval' - added 'automate' option to bin/newlist - processing of Topics regular expressions has changed - added real name display to the web roster, controlled by new ROSTER_DISPLAY_REALNAME setting - bug fixes * new list attribute dmarc_wrapped_message_text and DEFAULT_DMARC_WRAPPED_MESSAGE_TEXT setting * new list attribute equivalent_domains and DEFAULT_EQUIVALENT_DOMAINS setting * new WEB_HEAD_ADD setting * new DEFAULT_SUBSCRIBE_OR_INVITE setting * new list attribute bounce_notify_owner_on_bounce_increment and DEFAULT_BOUNCE_NOTIFY_OWNER_ON_BOUNCE_INCREMENT setting * log files, request.pck files and heldmsg-* files are no longer created world readable * i18n updates * bug fixes- update to 2.1.18 * mailman now requires dnspython * new dmarc_moderation_action feature and corresponging list and default settings * bug fixesbuild70 16355115672.1.35-lp152.7.6.12.1.35-lp152.7.6.1mailman-2.1.35-lp152.7.6.1.x86_64srccgi-wrapper.ccommon.ccommon.hmail-wrapper.c/usr/src/debug//usr/src/debug/mailman-2.1.35-lp152.7.6.1.x86_64//usr/src/debug/mailman-2.1.35-lp152.7.6.1.x86_64/src/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Maintenance:17121/openSUSE_Leap_15.2_Update/b0439065aec00e733839f47dfd95bbf2-mailman.openSUSE_Leap_15.2_Updatecpioxz5x86_64-suse-linuxdirectoryC source, ASCII textO4-XJ/\jutf-83768948cf08efea4e9bbc9fcc08824218c1cd216e4ecaef431c59df4efa3fe15?P7zXZ !t/Dk2] crt:bLL $HA!h)<}M"jτ֪X*r; 4/l?@kzCO =@w:.EϪ=$?:@XeG I̓7hqdJT,̉OL ldJdζKߌCc7r6#  i?eHVy96Ö+h*[ބpj)u/بG PThryy1fm 3;l"|yVSwCGSE#ư'DhDE_)t^!ΚNR0z]=^B#nL@0`=.cF.%&kV!< 1$rHp'掸:Z>s՚/h񦀧NqqNR64@tpYuL֛z2aQUӒwTQoA[&aY 3U˷Ax B9mZWGdcEء:]E\OYլ 3 '% ˈvm]/F/{ziC8]5T454?G LGOpT# Zg*R|󬿏FZ{7HivF7CU)o?Tte I#r]<6ouR+|)t*NqV\h_eSpE v5_n3RPZB E .R]蔕2ܔ<$2KarO\to hs:ʰR&7ًU1(4QYMVP:"6[1¥N~Q섐~B\2h7yA^B{ئ,3WUՃ0>mW\O&Z6 %=KBؿ;>rQE$os41dWMrW(1Uo˛}M9Zm<#Ζ"85;B[F5@0نcOZZ,%Аe}bCi[/i@[_x |(Uh}(IB?cU D<>'g{ J>$f-Hތ߭>Y݃^|xKiJ=G^lץI쏉+X{yl-U4NChTTo> K4,Br31CBęBʵdyecr.M@t5LyN. `³F@4jݔU2cCWCCAD>'qwR/ɿ =  <,Xze=ܗ89TSWo yX k }Ccʟ=p{n|%\|ož!N#^WL8fs xjfx(ʘ n+c#76Udq8XV^]F2q^z[o&7=DĞ:i埥i?JfEJRtt)}S#6Ht~pΤ#mHq;m챐\~~ju^-C2^ ou]]@#.~ 0s e ̉BX㍫ejQߛm hF!Lߩh QRaŸ8{H)D4!Gؙ0JG f9%אsc /m>ሜ\H:?%dp$T H1{hD]f~`o"i.$PZCZXUr]2m_^B`0fXpVcrY a@aCLEv7"!5YSBC |:;Wۜ/ kh-E!˞U;:иvByZb.7I򙌴9meg b64YHrRpOA"L&a_lqJ؞砹 x$!#ܐT /9% n"KL]_|nۊD%F@;h?p]xWh~6X& 듋)z Pv#]_ ;^~uu%@ŜW*S۵M&t$5jݞ}blF.CAi QQЪF[:idFY4I Ȟy2͸WwlPh1D=i;# P:Jyr{MC7X!A _<:Z2WC=.7D[!$~Kѥ+ETgfnB{AL겱UHE%;iF@7E{;))I<:}*"%VeZֱ;fsRhG,oTltV"my"iXKVm31tv )04TSS,ҡc~O-dRJq z刅֓zK3_LMtu]χ>JʥE*s d>̱A^K)y[@NI@ukb5t| hx]&"V)'v{ -✍94h| bE|0P VVr]]( 2 IߒTlHj͒+G1A'm!ؙF.s{`(vrr_5cwF%ӛ=ķ~"@zjb=J]%AqS,0/}PH>p7 :4ކ߅&$\& ͧWWғiCVo^];(AA}o F=&'tv 8=}؝ eNDRe,_CquEq&A>+UP5aqђs|^ ʜ\NӞE]gjO~7Ls~wާaX=y 4םf ^ya5Vg啷{{1#  \`,KeU I<F xRRrY7#G|K0UW$G攊=s5G:Kxx@)|\oT{ɜ8`RQ xt&)P_;J0 p,tw<\ p2?TseGSB1SG͖+=i;`ڮ* YGfBPIinaگB*[LTr:ljO%ͫ + }:@'0I7G1(@jml&a8FPxξm4( ;;ʆKy[[{FnI4Hvl]9UtUj4? 1Grp ;)g(Kɋh;9p*Iö2KXLw>8*ک.(a:ɢhe|ɶ+ʏkY1_0JGo:~ 90,I_9js~*ARP=ỈéS[ c"nԫlkDF%]xak.b7$(?oҥQ?v߼K=Nm\i Fr-z\Yf%55);r([cp9cW oYrÒR֘ t,a[pά`a |kH-їIno~V!&Ms!R5;WeSՒɘvrv\0}=M1Lx5 {tn]*ۗ0:jŃkoA*bC߀þiayr9r<NYZ;c5geI T}8LS';m y#x|C1CPN!W|ŻcT&N'!%n-xhS2&s߿KIRxe#' WMR_ŢTe~ gse^k"\wMH~[z^vVumx~VjNQ)z@Os9]GMx-"?AZz&1+u"^sdZ&eb| S- PPZX V$Jꇋ\+Q}@Hr+ו{YiTJ7i>H"U .gNմiD}pp=H[+;+!N1XΈ3" fʔw pIyz֥eJ`5 \.h;*߭bb)wɲ]&s]' YZ