Public bug reported:
When a message contains an invalud unicode sequence in its header,
qrunner flat out crashes on that:
May 17 15:32:20 2015 (981) Uncaught runner exception: 'utf8' codec can't decode byte
0xe9 in position 18: invalid continuation byte
May 17 15:32:20 2015 (981) Traceback (most recent call last):
File "/var/lib/mailman/Mailman/Queue/Runner.py", line 119, in _oneloop
self._onefile(msg, msgdata)
File "/var/lib/mailman/Mailman/Queue/Runner.py", line 190, in _onefile
keepqueued = self._dispose(mlist, msg, msgdata)
File "/var/lib/mailman/Mailman/Queue/IncomingRunner.py", line 130, in _dispose
more = self._dopipeline(mlist, msg, msgdata, pipeline)
File "/var/lib/mailman/Mailman/Queue/IncomingRunner.py", line 153, in _dopipeline
sys.modules[modname].process(mlist, msg, msgdata)
File "/var/lib/mailman/Mailman/Handlers/CookHeaders.py", line 239, in process
i18ndesc = uheader(mlist, mlist.description, 'List-Id', maxlinelen=998)
File "/var/lib/mailman/Mailman/Handlers/CookHeaders.py", line 65, in uheader
return Header(s, charset, maxlinelen, header_name, continuation_ws)
File "/usr/lib/python2.7/email/header.py", line 183, in __init__
self.append(s, charset, errors)
File "/usr/lib/python2.7/email/header.py", line 267, in append
ustr = unicode(s, incodec, errors)
UnicodeDecodeError: 'utf8' codec can't decode byte 0xe9 in position 18: invalid
continuation byte
May 17 15:32:20 2015 (981) SHUNTING:
1431869540.389822+156779307d54473d0eb732994bb67eee95733285
A solution for this specific case is to have Mailman/Handlers/CookHeaders.py pass the erorrs='replace' parameter.
I would say that this is actually a bug in python-email, since I think it doesn't make sense to set errors to "strict" rather than something like "replace" when the intention is to parse stuff so free-formed, under-specd
and user-controlled as email. Nonetheless, Mailman already sets errors='replace' in some places so it might aswell add it here.
** Affects: mailman
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1462755
Title:
qrunner crashes on invalid unicode sequence
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1462755/+subscriptions
Public bug reported:
The fix for CVE-2021-42097 requires that the user submitting a user
options form match the user in the CSRF token submitted with the form,
but the match is case sensitive and should not be.
There is also a potential NameError exception in logging a mismatch.
** Affects: mailman
Importance: Medium
Assignee: Mark Sapiro (msapiro)
Status: In Progress
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1954694
Title:
CSRF check for user tokens should not be case sensitive.
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1954694/+subscriptions
Public bug reported:
Part of the logic in bin/cleanarch in determining if a From_ line is a
valid Unix From_ separator checks if the following line is a valid
header. This test is intended to be that the following line contains a
colon and only one or more ascii printable characters up to the first
colon. It does check for a colon, but only checks that there is at least
one ascii printable character at the beginning of the line before the
colon.
** Affects: mailman
Importance: Low
Status: In Progress
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1957025
Title:
Test for From_ followed by valid header in bin/cleanarch is
incomplete.
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1957025/+subscriptions