Hi, I tried to check all sudo bugs with attached patches. Sadly the
upstream bug link is broken. So I cannot follow-up the upstream
progress. The git history revealed no reference to bug number 457.
Looking at the upstream code, I found following in
lib/eventlog/eventlog.c:
#if defined(HAVE_NL_LANGINFO) && defined(CODESET)
locale = setlocale(LC_ALL, NULL);
if (locale[0] != 'C' || locale[1] != '\0')
(void) fprintf(mail, "\nContent-Type: text/plain;
charset=\"%s\"\nContent-Transfer-Encoding: 8bit", nl_langinfo(CODESET));
#endif /* HAVE_NL_LANGINFO && CODESET */
So I assume that it was fixed upstream. This code snippet was introduced
in commit bd1ca79cca827a92e904f022e49df121931d4ff5 and was part of sudo
1.9.4 which landed in Ubuntu 22.04 (jammy).
If my assumption is wrong, please reopen this bug report.
** Changed in: sudo (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to sudo in Ubuntu.
https://bugs.launchpad.net/bugs/491352
Title:
Patch for incorrect charset in notification emails
Status in sudo:
Unknown
Status in sudo package in Ubuntu:
Fix Released
Bug description:
Binary package hint: sudo
sudo uses strftime() to generate the date string in the notification
mails sent to administrators when something fishy happens. strftime()
generates the date according to locale env vars. This could result in
date strings containing arbitrary characters in arbitrary charsets
(think UTF-8 in far eastern languages).
By default, email messages are us-ascii. sudo does no conversion of
the data returned by strftime (which is in the user's current charset)
to the default us-ascii charset. This causes non-ascii dates to come
through as garbage.
Solution:
1. stop using strftime. The code actually has the strftime code in a IFDEF,
remove that whole ifdef, and use ctime, which is ascii.
2. insert charset information into the notification email. add header
(Content-Type: text/plain; charset="<nl_langinfo(CODESET)>") and
(Content-Transfer-Encoding: 8bit).
downside of solution 2:
1. 8bit transfer encoding is required. 8bit is not strictly supported by
SMTP, although is supported by most MTA's, probably all MTA's in the Ubuntu
repo.
2. Also, since the strftime uses the locale of the user, it could represent
the date in some language unreadable by the sysadmin (who receives the
notification, but does not necessarily read the same language as the user who
committed whatever offense). ctime() always represents the date in English
ASCII. I think we can safely assume the large majority of sysadmins out there
can read English ASCII?
I've attached a patch to only use ctime in notification emails and
logging. Since launch pad only allows one attachment at time of bug
creation, I'll try attach the other patch after I've submitted this.
Here's hoping I can do that.
To manage notifications about this bug go to:
https://bugs.launchpad.net/sudo/+bug/491352/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
