Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

From Header sanitation fails with brackets and Umlauts #1787

Closed
b90g opened this issue Jan 12, 2024 · 8 comments · Fixed by #1800
Closed

From Header sanitation fails with brackets and Umlauts #1787

b90g opened this issue Jan 12, 2024 · 8 comments · Fixed by #1800
Labels

Comments

@b90g
Copy link

b90g commented Jan 12, 2024

Version

6.2.70

Installation method

Debian Packages

Expected behavior

Having filled in signs and umlauts in the name field of my mail client (thunderbird) just fills in the name in Sympa like

"verdigado test [B 90 / Die Grünen]" (via test-htmlkoepfe Mailing List) <[email protected]>

Actual behavior

The from header name part gets through stages of transformation:
verdigado test [B 90 / Die Grünen]
i guess this is really normal:

From: =?UTF-8?Q?verdigado_test_=5BB_90_/_Die_Gr=C3=BCnen=5D?=
 <[email protected]>

but what sympa sends me is not:

From: [email protected],
	[email protected],
	"[B 90 / Die =?UTF-8?Q?Gr=C3=BCnen=5D?= (via test-htmlkoepfe Mailing List) <[email protected]>]"@lists01.mail.verdigado.net

Google and others reject these messages because it has multiple From: addresses.

Steps to reproduce

Use umlauts an brackets in the name field of your mail client.

I use verdigado test [B 90 / Die Grünen]

Additional information

Maybe similar to: /1113

@b90g b90g added the bug label Jan 12, 2024
@ikedas
Copy link
Member

ikedas commented Jan 12, 2024

Hi @b90g ,
Perhaps #1572 might fix the problem? Could you please check it?

@b90g
Copy link
Author

b90g commented Jan 12, 2024

will come back when debian offers 2.6.74 or included this in their packages, thank you, looks promising,

@b90g b90g closed this as not planned Won't fix, can't repro, duplicate, stale Jan 12, 2024
@ikedas ikedas reopened this Feb 12, 2024
@ikedas
Copy link
Member

ikedas commented Feb 12, 2024

Hi @b90g ,

I realized that this is due to a bug in MIME-EncWords module. If possible, please update it to the latest release and check if the problem will be solved.

@b90g
Copy link
Author

b90g commented Feb 13, 2024

Thanks, but we heavily rely on debian packages. just looked still the same version and the current version has not implemented into debians own system. also i dont have the capabilities to build a test environment even if sympa has .deb packages available. feel free to put it further onto backlog.

@ikedas
Copy link
Member

ikedas commented Feb 18, 2024

Corresponding package on Debian is libmime-encwords-perl. Currently trixie and sid have the package based on the latest release.

@peter-
Copy link

peter- commented Jun 11, 2024

@b90g: The bug report and fix for libmime-encwords-perl originated in Debian back in 2016, cf. Debian's post wrt CVE-2016-1238. Debian has been carrying a patch for this ever since. Only with the latest release of the Debian package for libmime-encwords-perl (for Testing/Unstable) this patch could be dropped from Debian because @ikedas was kind enough to upsteam the fix.

I.e., you shouldn't have to wait until Debian Stable carries v1.015 of libmime-encwords-perl as the version of that package distributed by Debian contained that all along.

OTOH if that patch has been available on Debian since 2016 I don't see how you couldn't have run into this problem on Debian, then? ☹️

@ikedas
Copy link
Member

ikedas commented Jun 11, 2024

Hi @peter- ,

MIME-EncWords 1.015.0 has been released on 2024-02-12 and includes the other fixes, including a fix for special characters used in display names.

@peter-
Copy link

peter- commented Jun 11, 2024

MIME-EncWords 1.015.0 has been released on 2024-02-12 and includes the other fixes, including a fix for special characters used in display names.

Thanks, I focussed on the only two entries in the changelog that had bug identifiers to follow up on, ruling out the 2nd one ("spelling error in manpage"). Took me a bit to find the diff in metacpan for the other changes. 😏

ikedas added a commit that referenced this issue Sep 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants