Package: libpython2.7-stdlib
Version: 2.7.10-2
Severity: normal
Consider this:
tglase@tglase:~ $ cat x.py
from email.message import Message
from email.header import Header
msg = Message()
h = Header('p\xf6stal foo bar baz foo bar baz foo bar baz foo bar baz',
'iso-8859-1')
msg['Subject'] = h
print h
print msg.as_string()
tglase@tglase:~ $ python x.py
=?iso-8859-1?q?p=F6stal_foo_bar_baz_foo_bar_baz_foo_bar_baz_foo_bar_baz?=
Subject:
=?iso-8859-1?q?p=F6stal_foo_bar_baz_foo_bar_baz_foo_bar_baz_foo_bar_baz?=
tglase@tglase:~ $ cat x.php
<?php
$h = "Subject: p\xf6stal foo bar baz foo bar baz foo bar baz foo bar baz";
echo mb_encode_mimeheader($h, "ISO-8859-1", "Q", "\n") . "\n";
$h = "Subject: [service-Aufgaben S&W-Team][#19415] VM''s aufsetzen mit
unterschiedlichen";
echo mb_encode_mimeheader($h, "UTF-8", "Q", "\n") . "\n";
tglase@tglase:~ $ php x.php
Subject: =?ISO-8859-1?Q?p=3Fstal=20foo=20bar=20baz=20foo=20bar=20baz=20fo?=
=?ISO-8859-1?Q?o=20bar=20baz=20foo=20bar=20baz?=
Subject: [service-Aufgaben S&W-Team][#19415] VM''s aufsetzen mit
unterschiedlichen
See how Python 2.7 embarassingly fails this extremely simple
RFC2047 eMail header MIME encoding test: the resulting header
line is 82 chars, and thus longer than what RFC822 permits.
“Embarassing” because PHP gets it all right.
If I add another ' foo' at the end, I get this:
=?iso-8859-1?q?p=F6stal_foo_bar_baz_foo_bar_baz_foo_bar_baz_foo_bar_baz_f?=
=?iso-8859-1?q?oo?=
Subject:
=?iso-8859-1?q?p=F6stal_foo_bar_baz_foo_bar_baz_foo_bar_baz_foo_bar_baz_f?=
=?iso-8859-1?q?oo?=
Note how it’s still broken because the length of the actual
header name is not taken into account where it must be, even
though the idea to break after the 75th output octet is right.
This is bad because MUAs like Pine rightfully refuse to
RFC2047-decode such bad and broken messages (but apparently
widespread to an amount that Alpine as packaged in Debian
contains a hack to allow for such broken, overlong lines).
Related bugs in: libpython3.4-stdlib, perl
-- System Information:
Debian Release: stretch/sid
APT prefers unreleased
APT policy: (500, 'unreleased'), (500, 'buildd-unstable'), (500, 'unstable')
Architecture: x32 (x86_64)
Foreign Architectures: i386, amd64
Kernel: Linux 4.0.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/lksh
Init: sysvinit (via /sbin/init)
Versions of packages libpython2.7-stdlib depends on:
ii libbz2-1.0 1.0.6-8
ii libc6 2.19-18
ii libdb5.3 5.3.28-9
ii libexpat1 2.1.0-6+b3
ii libffi6 3.1-2+b2
ii libncursesw5 5.9+20150516-2
ii libpython2.7-minimal 2.7.10-2
ii libreadline6 6.3-8
ii libsqlite3-0 3.8.10.2-1
ii libssl1.0.0 1.0.1k-3
ii libtinfo5 5.9+20150516-2
ii mime-support 3.58
libpython2.7-stdlib recommends no packages.
libpython2.7-stdlib suggests no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
