Bug#1033397: marked as done (Gnus cannot store some incoming mail into nnml)

[Debian Bug Tracking System]

Your message dated Fri, 21 Apr 2023 03:19:39 +0000
with message-id <e1pphjd-007giy...@fasolo.debian.org>
and subject line Bug#1033397: fixed in emacs 1:28.2+1-14
has caused the Debian Bug report #1033397,
regarding Gnus cannot store some incoming mail into nnml
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1033397: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033397
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: emacs
Version: 1:28.2+1-13
Severity: important

A regression in Emacs 28 prevents Gnus from importing any further mail
into its nnml sotre once a message with certain (valid) header is
encountered in incoming mail.  The gnu.org systems seem to be having
problems right now, but it's discussed in this subthread:

From: Florian Weimer <fwei...@redhat.com>
Subject: Re: master ef14acf: Make nnml handle invalid non-ASCII headers more
 consistently
To: emacs-de...@gnu.org
Cc: Lars Ingebrigtsen <la...@gnus.org>, d...@gnus.org
Date: Fri, 16 Dec 2022 23:42:21 +0100 (13 weeks, 6 days, 11 hours ago)
Message-ID: <874jtvq8c2....@oldenburg.str.redhat.com>
  
Please backport the commit below; it fixes the issue and is supposed
not to break the .overview file encoded.

This does not impact all Emacs users (or even all Gnus users), so I'm
not setting severity to serious, but it's an upgrade blocker for nnml
users.

commit 23f7c9c2a92e4619b7c4d2286d4249f812cd695d
Author: Eli Zaretskii <e...@gnu.org>
Date:   Mon Dec 19 19:01:04 2022 +0200

    Fix storing email into nnmail by Gnus
    
    * lisp/gnus/nnml.el (nnml--encode-headers): Wrap
    'rfc2047-encode-string' calls with 'ignore-errors', to avoid
    disrupting email workflows due to possibly-invalid headers.
    Reported by Florian Weimer <fwei...@redhat.com>.

diff --git a/lisp/gnus/nnml.el b/lisp/gnus/nnml.el
index 40e4b9ea828..7aa445e6646 100644
--- a/lisp/gnus/nnml.el
+++ b/lisp/gnus/nnml.el
@@ -776,17 +776,22 @@ article number.  This function is called narrowed to an 
article."
        (nnml--encode-headers headers)
        headers))))
 
+;; RFC2047-encode Subject and From, but leave invalid headers unencoded.
 (defun nnml--encode-headers (headers)
   (let ((subject (mail-header-subject headers))
        (rfc2047-encoding-type 'mime))
     (unless (string-match "\\`[[:ascii:]]*\\'" subject)
-      (setf (mail-header-subject headers)
-           (mail-encode-encoded-word-string subject t))))
+      (let ((encoded-subject
+             (ignore-errors (mail-encode-encoded-word-string subject t))))
+        (if encoded-subject
+            (setf (mail-header-subject headers) encoded-subject)))))
   (let ((from (mail-header-from headers))
        (rfc2047-encoding-type 'address-mime))
     (unless (string-match "\\`[[:ascii:]]*\\'" from)
-      (setf (mail-header-from headers)
-           (rfc2047-encode-string from t)))))
+      (let ((encoded-from
+             (ignore-errors (rfc2047-encode-string from t))))
+        (if encoded-from
+            (setf (mail-header-from headers) encoded-from))))))
 
 (defun nnml-get-nov-buffer (group &optional incrementalp)
   (let ((buffer (gnus-get-buffer-create

--- End Message ---

--- Begin Message ---

Source: emacs
Source-Version: 1:28.2+1-14
Done: Rob Browning <r...@defaultvalue.org>

We believe that the bug you reported is fixed in the latest version of
emacs, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1033...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Rob Browning <r...@defaultvalue.org> (supplier of updated emacs package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 01 Apr 2023 22:38:56 -0500
Source: emacs
Architecture: source
Version: 1:28.2+1-14
Distribution: unstable
Urgency: medium
Maintainer: Rob Browning <r...@defaultvalue.org>
Changed-By: Rob Browning <r...@defaultvalue.org>
Closes: 1033342 1033397
Changes:
 emacs (1:28.2+1-14) unstable; urgency=medium
 .
   * Fix gnus nnml crash on some invalid headers.  Add
     0026-Gnus-nnml-should-avoid-crashing-on-some-invalid-head.patch to
     address the issue. (Closes: 1033397)
 .
   * Fix Org Mode command injection vulnerability CVE-2023-28617.  Add
     0027-Org-Mode-vulnerability-CVE-2023-28617-is-fixed-1-2.patch and
     0028-Org-Mode-vulnerability-CVE-2023-28617-is-fixed-2-2.patch to
     address the issue. (Closes: 1033342)
Checksums-Sha1:
 bdd8a8cd515c739a61c28ef43d31cbbeedb6b3e9 2909 emacs_28.2+1-14.dsc
 a645392239c2c3407974fd723770f62ac6099483 122356 emacs_28.2+1-14.debian.tar.xz
 146f0ebb3be86ea620c69bd42330728a830963d0 19567 emacs_28.2+1-14_amd64.buildinfo
Checksums-Sha256:
 b4a434498fc8f21e77978eac69dcb38f5edab8483fba2eb024adefe1db0a207e 2909 
emacs_28.2+1-14.dsc
 a04a47884d36adafb17a4688eea394848d817dd240718ea380f37715e76f00f2 122356 
emacs_28.2+1-14.debian.tar.xz
 7eedc2aa2339def8dfe27171682b6e522f64ef2acc6913fa47a49ef2141007f8 19567 
emacs_28.2+1-14_amd64.buildinfo
Files:
 a6c44ed97c6eb6e67cda02cb0d21caa8 2909 editors optional emacs_28.2+1-14.dsc
 c2a076d32c9c8b543d0d3d6516c8a040 122356 editors optional 
emacs_28.2+1-14.debian.tar.xz
 1c1252932811dad6ce3479951b8be2d1 19567 editors optional 
emacs_28.2+1-14_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJJBAEBCAAzFiEEPTFSABe5ruOuhW+97vEWxVpaQvEFAmRB+6cVHHJsYkBkZWZh
dWx0dmFsdWUub3JnAAoJEO7xFsVaWkLxNzgP+QFuT6qir9FmG8780+N6W7aoaRkV
+3cWS7xGRgUylIBlneRCwufuTW8YWDBGSlpY8z+jCIxWShQwQwqkmNkwPaEHtuKr
05ty3nBTbV58UyexdfDSSFAlKD5Ra4wU1pQDAXo45u1FAWCGXp80nr3+Qntriz6y
FlwfLD3gBtNwm2opZNI7nwK8loHjyG4jtykiPSIvzSqyYSibp3umIiM2p7K5YJEH
6R83Hx9GP3TrC622b7Jy/vOsaAzK1v8FL6AwEq+6RfZ+Jk7X3TEPwfLFrcTsUgOV
7UeY/0V/+Hh2S8Vfd8HlttZjst34VOT5oh6Bwa3MhukOUHpKS/Zm6+1b4uJ9RI9C
RLWJ54PAL7g1r2vsYTf3tG7+ZkpfrroAUERxF7SZ0FbJcfP1xZaC/cfwMAymd5FN
RJtHHw7UcyC6MUvU/2UPhrI6KjUVq0Qq/73yupU03bJWTrc+eDnxQ4mp+fLvFwd3
6BsMp7nyxRWbX4SoiZmcS/1Ijx5b09WayM1SNFuQWcONwAz+dZtsQAjCRAMeshg3
d844wZw7Mxs42fgSVJcth/JRKK+D7faFPsytflxXyNijZh6i3NsnAiuemgA6EF5t
AlKhR6tpeeJjsY6IlzsRdaFEboHP6GbPjZhvzytKjudt6scXZ9j2q/wX7MuLJu3r
pbao3HYaWkwnictj
=H2zD
-----END PGP SIGNATURE-----

--- End Message ---