virtualmin-mailman/admin.cgi authentication aborts

Webmin 1.870 (at least in Debian 8.1) causes /virtualmin-mailman/admin.cgi to abort when authentication is submitted. It happens whether the entered password is correct or not, regardless of which mailing list is involved, and in both Chrome and Firefox. I don't know if coming into mailman from a non-Webmin link does the same thing. Reinstalling mailman 1:2.1.18-2+deb8u1 and webmin-virtualmin-mailman 6.3 doesn't fix it. Downgrading Webmin to 1.860 does fix it.

Marking this as a Webmin issue because it seems that the webmin package downgrade fixed it; I didn't try downgrading webmin-virtual-server (which is now at 6.02 and was upgraded recently also).

Log lines from /var/log/mailman/error:

admin(22835): @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
admin(22835): [----- Mailman Version: 2.1.18 -----]
admin(22835): [----- Traceback ------]
admin(22835): Traceback (most recent call last):
admin(22835):   File "/var/lib/mailman/scripts/driver", line 117, in run_main
admin(22835):     main()
admin(22835):   File "/var/lib/mailman/Mailman/Cgi/admin.py", line 93, in main
admin(22835):     params = cgidata.keys()
admin(22835):   File "/usr/lib/python2.7/cgi.py", line 582, in keys
admin(22835):     raise TypeError, "not indexable"
admin(22835): TypeError: not indexable
admin(22835): [----- Python Information -----]
admin(22835): sys.version     =   2.7.9 (default, Jun 29 2016, 13:08:31)
[GCC 4.9.2]
admin(22835): sys.executable  =   /usr/bin/python
admin(22835): sys.prefix      =   /usr
admin(22835): sys.exec_prefix =   /usr
admin(22835): sys.path        =   ['/var/lib/mailman/pythonlib', '/var/lib/mailman', '/usr/lib/mailman/scripts', '/var/lib/mailman', '/usr/lib/python2.7/', '/usr/lib/python2.7/plat-x86_64-linux-gnu', '/usr/lib/python2.7/lib-tk', '/usr/lib/python2.7/lib-old', '/usr/lib/python2.7/lib-dynload', '/usr/lib/python2.7/site-packages']
admin(22835): sys.platform    =   linux2
admin(22835): [----- Environment Variables -----]
admin(22835):   DOCUMENT_REALROOT: /usr/share/webmin
admin(22835):   HTTP_COOKIE: redirect=1; testing=1
admin(22835):   SERVER_SOFTWARE: MiniServ/1.870
admin(22835):   SCRIPT_NAME: /virtualmin-mailman/admin.cgi
admin(22835):   SHELL: /bin/sh
admin(22835):   REQUEST_METHOD: POST
admin(22835):   LOGNAME: www-data
admin(22835):   USER: www-data
admin(22835):   HTTP_ORIGIN: https://REDACTED_SERVER_NAME.example.com:10000
admin(22835):   SERVER_PROTOCOL: HTTP/1.0
admin(22835):   QUERY_STRING:
admin(22835):   HOME: /var/www
admin(22835):   PATH_REALTRANSLATED: /usr/share/webmin/REDACTED_MAIL_LIST_NAME
admin(22835):   SERVER_REALROOT: /usr/share/webmin
admin(22835):   CONTENT_LENGTH: 15
admin(22835):   BASE_REMOTE_USER:
admin(22835):   REMOTE_USER: root
admin(22835):   HTTP_CONNECTION: keep-alive
admin(22835):   HTTP_REFERER: https://REDACTED_SERVER_NAME.example.com:10000/virtualmin-mailman/admin.cgi/REDACTED_MAIL_LIST_NAME?xnavigation=1
admin(22835):   SERVER_NAME: REDACTED_SERVER_NAME.example.com
admin(22835):   REMOTE_ADDR: REDACTED.CLIENT.IP.ADDRESS
admin(22835):   HTTP_CONTENT_TYPE: text/plain;charset=UTF-8
admin(22835):   SERVER_ROOT: /usr/share/webmin
admin(22835):   PATH_TRANSLATED: /usr/share/webmin/REDACTED_MAIL_LIST_NAME
admin(22835):   SERVER_PORT: 10000
admin(22835):   WEBMIN_VAR: /var/webmin
admin(22835):   DOCUMENT_ROOT: /usr/share/webmin
admin(22835):   LANG: en_US.UTF-8
admin(22835):   XDG_RUNTIME_DIR: /run/user/33
admin(22835):   HTTP_X_REQUESTED_WITH: XMLHttpRequest
admin(22835):   HTTP_X_PJAX_CONTAINER: [data-dcontainer]
admin(22835):   PYTHONPATH: /var/lib/mailman
admin(22835):   SCRIPT_FILENAME: /usr/share/webmin/virtualmin-mailman/admin.cgi
admin(22835):   SERVER_ADMIN:
admin(22835):   PERLLIB: /usr/share/webmin
admin(22835):   HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
admin(22835):   HTTP_HOST: REDACTED_SERVER_NAME.example.com:10000
admin(22835):   HTTPS: ON
admin(22835):   XDG_SESSION_ID: c372316
admin(22835):   HTTP_CONTENT_LENGTH: 15
admin(22835):   REQUEST_URI: /virtualmin-mailman/admin.cgi/REDACTED_MAIL_LIST_NAME
admin(22835):   HTTP_ACCEPT: text/html, */*; q=0.01
admin(22835):   GATEWAY_INTERFACE: CGI/1.1
admin(22835):   WEBMIN_CONFIG: /etc/webmin
admin(22835):   HTTP_ACCEPT_LANGUAGE: en-US,en;q=0.9
admin(22835):   HTTP_X_PJAX: true
admin(22835):   HTTP_ACCEPT_ENCODING: gzip, deflate, br
admin(22835):   PWD: /usr/share/webmin/virtualmin-mailman/
admin(22835):   HTTP_DNT: 1
admin(22835):   MINISERV_CONFIG: /etc/webmin/miniserv.conf
admin(22835):   CONTENT_TYPE: text/plain;charset=UTF-8
admin(22835):   REMOTE_ADDR_PROTOCOL: 4
admin(22835):   MAIL: /var/www/Maildir
admin(22835):   REMOTE_HOST: REDACTED.CLIENT.IP.ADDRESS
admin(22835):   MINISERV_PID: 31340
admin(22835):   PATH_INFO: /REDACTED_MAIL_LIST_NAME
Status: 
Active

Comments

Can you confirm that it is specifically the Webmin upgrade to 1.870 that causes this, rather than any other package that we released around the same time (like Virtualmin 6.02) ?

Both Webmin and Virtualmin were upgraded between the last known successful authentication and the first error. The last time I know there was a successful Mailman authentication was 2017-12-03. webmin-virtual-server was upgraded from 6.01.gpl-3 to 6.02.gpl on 2017-12-07; webmin:amd64 was upgraded from 1.860 to 1.870 on 2017-12-12. The errors happened at Mailman authentication on 2017-12-16. Packages mailman:amd64 and webmin-virtualmin-mailman:amd64 were not updated during that time; I did trigger a reinstall of both of those afterwards on 2017-12-16 to try to fix the problem, but with no effect.

I but I did not attempt to downgrade webmin-virtual-server to 6.01.gpl-3 to test it, since the downgrade of webmin:amd64 to 1.860 fixed the problem; if it hadn't fixed the problem, I would have attempted to downgrade webmin-virtual-server next.

I can confirm exactly the same issue on Ubuntu 16.04.3 LTS. Direct mailman links not through Virtualmin work ok so it's just when using inside minserv. Extract from error log below:

Dec 18 20:45:24 2017 admin(20532): @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
admin(20532): [----- Mailman Version: 2.1.20 -----]
admin(20532): [----- Traceback ------]
admin(20532): Traceback (most recent call last):
admin(20532):   File "/var/lib/mailman/scripts/driver", line 117, in run_main
admin(20532):     main()
admin(20532):   File "/var/lib/mailman/Mailman/Cgi/admin.py", line 94, in main
admin(20532):     params = cgidata.keys()
admin(20532):   File "/usr/lib/python2.7/cgi.py", line 582, in keys
admin(20532):     raise TypeError, "not indexable"
admin(20532): TypeError: not indexable
admin(20532): [----- Python Information -----]
admin(20532): sys.version     =   2.7.12 (default, Nov 20 2017, 18:23:56)
[GCC 5.4.0 20160609]
admin(20532): sys.executable  =   /usr/bin/python
admin(20532): sys.prefix      =   /usr
admin(20532): sys.exec_prefix =   /usr
admin(20532): sys.path        =   ['/var/lib/mailman/pythonlib', '/var/lib/mailman', '/usr/lib/mailman/scripts', '/var/lib/mailman', '/usr/lib/python2.7/', '/usr/lib/python2.7/plat-x86_64-linux-gnu', '/usr/lib/python2.7/lib-tk', '/usr/lib/python2.7/lib-old', '/usr/lib/python2.7/lib-dynload', '/usr/lib/python2.7/site-packages']
admin(20532): sys.platform    =   linux2
admin(20532): [----- Environment Variables -----]
admin(20532): DOCUMENT_REALROOT: /usr/share/webmin
admin(20532): HTTP_COOKIE: sessiontest=1; redirect=1; testing=1
admin(20532): SERVER_SOFTWARE: MiniServ/1.870
admin(20532): SCRIPT_NAME: /virtualmin-mailman/admin.cgi
admin(20532): SHELL: /bin/sh
admin(20532): REQUEST_METHOD: POST
admin(20532): LOGNAME: www-data
admin(20532): USER: www-data