Package: release.debian.org Severity: normal Tags: jessie User: release.debian....@packages.debian.org Usertags: pu
This is related to CVE-2013-1752: poplib: Limit maximum line lengths to 2048 of Python. https://bugs.python.org/issue16041 introduced in Python 2.7.9 With python version of jessie bumped at the last moment to 2.7.9 as: | python-defaults (2.7.9-1) unstable; urgency=medium | | * Bump version to 2.7.9. | | -- Matthias Klose <d...@debian.org> Mon, 16 Mar 2015 23:32:04 +0100 This caused surprises to programs using the poplib. See https://bugs.debian.org/782614 (for now it is important bug but really grave one) At least, getmail upstream thinks this arbitual untested limit of 2048 bytes is stupid. The getmail upstream thinks 1MB is reasonable value. He has added following effectively 1 line patch with the latest release. (uploaded to sid) I would like to apply this to the jessie package since this cause normal users to loose capability to retrieve mail. --- getmail-4.47.0/getmailcore/_retrieverbases.py 2015-02-26 10:10:44.000000000 +0900 +++ getmail-4.48.0/getmailcore/_retrieverbases.py 2015-06-01 23:49:04.499564781 +0900 @@ -233,6 +233,15 @@ # Constant for POPSSL POP3_SSL_PORT = 995 + +# Python added poplib._MAXLINE somewhere along the way. As far as I can +# see, it serves no purpose except to introduce bugs into any software +# using poplib. Any computer running Python will have at least some megabytes +# of userspace memory; arbitrarily causing message retrieval to break if any +# "line" exceeds 2048 bytes is absolutely stupid. +poplib._MAXLINE = 1 << 20 # 1MB; decrease this if you're running on a VIC-20 + + # # Mix-in classes # I am not going to change anything else. (4.46.0 and 4.47.0 are the same for this part.) -- System Information: Debian Release: 8.0 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable'), (100, 'unstable'), (100, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org