search

sympa-community / sympa

Sympa, Mailing List Management Software
https://www.sympa.community/sympa
GNU General Public License v2.0
237 stars 94 forks source link

From Header sanitation fails with brackets and Umlauts #1787

Open b90g opened 5 months ago

b90g commented 5 months ago

Version

6.2.70

Installation method

Debian Packages

Expected behavior

Having filled in signs and umlauts in the name field of my mail client (thunderbird) just fills in the name in Sympa like

"verdigado test [B 90 / Die Grünen]" (via test-htmlkoepfe Mailing List) <test-htmlkoepfe@lists.verdigado.net>

Actual behavior

The from header name part gets through stages of transformation: verdigado test [B 90 / Die Grünen] i guess this is really normal:

From: =?UTF-8?Q?verdigado_test_=5BB_90_/_Die_Gr=C3=BCnen=5D?=
 <support.test@verdigado.net>

but what sympa sends me is not:

From: verdigado@lists01.mail.verdigado.net,
    test@lists01.mail.verdigado.net,
    "[B 90 / Die =?UTF-8?Q?Gr=C3=BCnen=5D?= (via test-htmlkoepfe Mailing List) <test-htmlkoepfe@lists.verdigado.net>]"@lists01.mail.verdigado.net

Google and others reject these messages because it has multiple From: addresses.

Steps to reproduce

Use umlauts an brackets in the name field of your mail client.

I use verdigado test [B 90 / Die Grünen]

Additional information

Maybe similar to: /1113

ikedas commented 5 months ago

Hi @b90g , Perhaps #1572 might fix the problem? Could you please check it?

b90g commented 5 months ago

will come back when debian offers 2.6.74 or included this in their packages, thank you, looks promising,

ikedas commented 4 months ago

Hi @b90g ,

I realized that this is due to a bug in MIME-EncWords module. If possible, please update it to the latest release and check if the problem will be solved.

b90g commented 4 months ago

Thanks, but we heavily rely on debian packages. just looked still the same version and the current version has not implemented into debians own system. also i dont have the capabilities to build a test environment even if sympa has .deb packages available. feel free to put it further onto backlog.

ikedas commented 4 months ago

Corresponding package on Debian is libmime-encwords-perl. Currently trixie and sid have the package based on the latest release.

peter- commented 3 weeks ago

@b90g: The bug report and fix for libmime-encwords-perl originated in Debian back in 2016, cf. Debian's post wrt CVE-2016-1238. Debian has been carrying a patch for this ever since. Only with the latest release of the Debian package for libmime-encwords-perl (for Testing/Unstable) this patch could be dropped from Debian because @ikedas was kind enough to upsteam the fix.

I.e., you shouldn't have to wait until Debian Stable carries v1.015 of libmime-encwords-perl as the version of that package distributed by Debian contained that all along.

OTOH if that patch has been available on Debian since 2016 I don't see how you couldn't have run into this problem on Debian, then? :frowning_face:

ikedas commented 3 weeks ago

Hi @peter- ,

MIME-EncWords 1.015.0 has been released on 2024-02-12 and includes the other fixes, including a fix for special characters used in display names.

peter- commented 3 weeks ago

MIME-EncWords 1.015.0 has been released on 2024-02-12 and includes the other fixes, including a fix for special characters used in display names.

Thanks, I focussed on the only two entries in the changelog that had bug identifiers to follow up on, ruling out the 2nd one ("spelling error in manpage"). Took me a bit to find the diff in metacpan for the other changes. :smirk: