Remove MD5 and crypt() password downgrade support, only support SHA1 upgrade

- Remove MD5 fallback authentication in SecurityManager
- Remove crypt() fallback authentication in SecurityManager
- Only support PBKDF2 and SHA1 formats (with SHA1 auto-upgrade to PBKDF2)
- Add stamp files to prevent duplicate UTF-8 conversions during build
- Update .gitignore to exclude conversion stamp files

Author: jared mauch

.gitignore

@@ -79,6 +79,8 @@ src/roster
 src/subscribe
 src/vsnprintf.o
 templates/Makefile
+templates/.converted.stamp
 tests/Makefile
 tests/bounces/Makefile
 tests/msgs/Makefile
+messages/.converted.stamp

Mailman/SecurityManager.py

@@ -58,16 +58,12 @@
 import urllib.request, urllib.parse, urllib.error
 from urllib.parse import urlparse
 
-try:
-    import crypt
-except ImportError:
-    crypt = None
 
 from Mailman import mm_cfg
 from Mailman import Utils
 from Mailman import Errors
 from Mailman.Logging.Syslog import syslog
-from Mailman.Utils import md5_new, sha_new, hash_password, verify_password
+from Mailman.Utils import sha_new, hash_password, verify_password
 
 
 class SecurityManager(object):
@@ -152,47 +148,20 @@ def Authenticate(self, authcontexts, response, user=None):
                 if ok:
                     return mm_cfg.AuthSiteAdmin
             elif ac == mm_cfg.AuthListAdmin:
-                def cryptmatchp(response, secret):
-                    try:
-                        salt = secret[:2]
-                        if crypt and crypt.crypt(response, salt) == secret:
-                            return True
-                        return False
-                    except TypeError:
-                        # BAW: Hard to say why we can get a TypeError here.
-                        # SF bug report #585776 says crypt.crypt() can raise
-                        # this if salt contains null bytes, although I don't
-                        # know how that can happen (perhaps if a MM2.0 list
-                        # with USE_CRYPT = 0 has been updated?  Doubtful.
-                        return False
                 # The password for the list admin is stored as a hash.
                 # We support multiple formats for backwards compatibility:
                 # - New format: PBKDF2-SHA256 with $pbkdf2$ prefix
-                # - Old format: SHA1 hexdigest (40 hex chars)
-                # - Legacy: MD5 or crypt() (auto-upgrade to PBKDF2)
+                # - Old format: SHA1 hexdigest (40 hex chars, auto-upgrade to PBKDF2)
                 key, secret = self.AuthContextInfo(ac)
                 if secret is None:
                     continue
                 if isinstance(response, str):
                     response = response.encode('utf-8')
 
-                # Try new PBKDF2 or old SHA1 format first
+                # Try new PBKDF2 or old SHA1 format (verify_password handles both)
                 ok, needs_upgrade = verify_password(response, secret)
                 upgrade = needs_upgrade
 
-                # If that didn't work, try legacy MD5 and crypt() formats
-                if not ok:
-                    sharesponse = sha_new(response).hexdigest()
-                    if sharesponse == secret:
-                        ok = True
-                        upgrade = True
-                    elif md5_new(response).digest() == secret:
-                        ok = True
-                        upgrade = True
-                    elif cryptmatchp(response, secret):
-                        ok = True
-                        upgrade = True
-                
                 # Upgrade to new PBKDF2 format if needed
                 if upgrade and ok:
                     save_and_unlock = False

messages/Makefile.in

@@ -88,7 +88,7 @@ check:
 
 install: doinstall
 
-doinstall: mofiles
+doinstall: .converted.stamp mofiles
 	@for d in $(LANGDIRS); \
 	do \
 	    dir=$(DESTDIR)$(prefix)/$$d; \
@@ -114,15 +114,19 @@ doinstall: mofiles
  	    $(INSTALL) -m $(FILEMODE) $$mo $$dir; \
 	done
 
-convertpofiles: $(wildcard */LC_MESSAGES/*.po)
+# Use a stamp file to track conversion, so it only happens once
+.converted.stamp: $(wildcard */LC_MESSAGES/*.po)
 	../scripts/convert_to_utf8 -d .
+	touch .converted.stamp
+
+convertpofiles: .converted.stamp
 
 mofiles: $(MOFILES)
 
 finish:
 
 clean:
-	-rm -f */LC_MESSAGES/mailman.mo
+	-rm -f */LC_MESSAGES/mailman.mo .converted.stamp
 
 fileclean:
 	-rm -f marked.files docstring.files

templates/Makefile.in

@@ -59,10 +59,14 @@ INSTALL_PROGRAM=$(INSTALL) -m $(EXEMODE)
 
 all: converttemplates
 
-converttemplates: $(wildcard */LC_MESSAGES/*.po) $(wildcard */*.html) $(wildcard */*.txt)
+# Use a stamp file to track conversion, so it only happens once
+.converted.stamp: $(wildcard */LC_MESSAGES/*.po) $(wildcard */*.html) $(wildcard */*.txt)
 	../scripts/convert_to_utf8 -d .
+	touch .converted.stamp
 
-install: all
+converttemplates: .converted.stamp
+
+install: .converted.stamp
 	for d in $(LANGUAGES); \
 	do \
 	    $(srcdir)/../mkinstalldirs $(DESTDIR)$(TEMPLATEDIR)/$$d; \
@@ -75,6 +79,7 @@ install: all
 finish:
 
 clean:
+	-rm -f .converted.stamp
 
-distclean:
+distclean: clean
 	-rm -f Makefile