Bug#1060290: bullseye-pu: package django-mailman3/1.3.5-2

[Pierre-Elliott Bécue]

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian....@packages.debian.org
Usertags: pu

Hello,

Some users brought to my attention that in bullseye, django-mailman3
doesn't scrub messages properly before passing them to any archiver, and
therefore some messages are not archived.

This PU patches django-mailman3 so that it processes messages having a
null-byte in their body properly.

[ Reason ]
The bug probably has existed all the time before the patch made upstream
there:
https://gitlab.com/mailman/django-mailman3/-/commit/5bc1f6e8ca4d95ea4e2be861821cb17f168f8d1b?merge_request_iid=121

[ Impact ]
Messages received by mailman3 might not be archived properly archived.

[ Tests ]
Tests were designed upstream, but require binary files to be added to
the code, which can't be done through a quilt patch, so I have not
included the tests.

[ Risks ]
The patch works properly. Should a bug arise due to the new code,
archiving would be broken.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
Explicit replacement of nullbyte characters by '' in a message body when
scrubbing.

dpkg-source: avertissement: extraction d'un paquet source non signé 
(/home/peb/git/debian/mailman-team/django-mailman3/django-mailman3_1.3.5-2.dsc)
dpkg-source: avertissement: extraction d'un paquet source non signé 
(/home/peb/git/debian/mailman-team/django-mailman3/django-mailman3_1.3.5-2+deb11u1.dsc)
diff -Nru django-mailman3-1.3.5/debian/changelog 
django-mailman3-1.3.5/debian/changelog
--- django-mailman3-1.3.5/debian/changelog      2021-03-04 00:23:46.000000000 
+0100
+++ django-mailman3-1.3.5/debian/changelog      2024-01-08 22:32:29.000000000 
+0100
@@ -1,3 +1,10 @@
+django-mailman3 (1.3.5-2+deb11u1) bullseye; urgency=medium
+
+  * d/p/0001: Fix archiving issues due to nullbytes in message body
+    (Closes: #1033256)
+
+ -- Pierre-Elliott Bécue <p...@debian.org>  Mon, 08 Jan 2024 22:32:29 +0100
+
 django-mailman3 (1.3.5-2) unstable; urgency=medium
 
   * Compile django LC messages at build time
diff -Nru 
django-mailman3-1.3.5/debian/patches/0001-Scrubber-now-removes-null-bytes-from-the-scrubbed-me.patch
 
django-mailman3-1.3.5/debian/patches/0001-Scrubber-now-removes-null-bytes-from-the-scrubbed-me.patch
--- 
django-mailman3-1.3.5/debian/patches/0001-Scrubber-now-removes-null-bytes-from-the-scrubbed-me.patch
        1970-01-01 01:00:00.000000000 +0100
+++ 
django-mailman3-1.3.5/debian/patches/0001-Scrubber-now-removes-null-bytes-from-the-scrubbed-me.patch
        2024-01-08 22:32:29.000000000 +0100
@@ -0,0 +1,43 @@
+From: =?utf-8?q?Pierre-Elliott_B=C3=A9cue?= <p...@debian.org>
+Date: Mon, 8 Jan 2024 22:40:38 +0100
+Subject: Scrubber now removes null bytes from the scrubbed message body.
+
+---
+ README.rst                                           |   1 +
+ django_mailman3/lib/scrub.py                         |   5 ++++-
+ 3 files changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/README.rst b/README.rst
+index 775b158..98264be 100644
+--- a/README.rst
++++ b/README.rst
+@@ -17,6 +17,7 @@ NEWS
+ * Add a new method get_django_user to return Django User model. (See !99)
+ * Add ``delete_archives`` field to ``mailinglist_deleted`` Signal.
+ * Replaced deprecated ``ugettexy_lazy`` with ``gettext_lazy``. (Closes #37)
++* Scrubber now removes null bytes from the scrubbed message body.
+ 
+ 
+ 1.3.4 (2020-06-05)
+diff --git a/django_mailman3/lib/scrub.py b/django_mailman3/lib/scrub.py
+index f35761b..2be66c9 100644
+--- a/django_mailman3/lib/scrub.py
++++ b/django_mailman3/lib/scrub.py
+@@ -248,6 +248,8 @@ class Scrubber():
+         next_part_match = NEXT_PART.search(result)
+         if next_part_match:
+             result = result[0:next_part_match.start(0)]
++        # MAS Remove any null butes from the result.
++        result = re.sub('\x00', '', result)
+         return result
+ 
+     def _get_text(self):
+@@ -276,6 +278,7 @@ class Scrubber():
+                     if not part_content.endswith('\n'):
+                         part_content += '\n'
+                 text.append(part_content)
+-            return '\n'.join(text)
++            # MAS remove any null bytes from the text.
++            return re.sub('\x00', '', '\n'.join(text))
+         else:
+             return self._get_text_one_part(self.msg)
diff -Nru django-mailman3-1.3.5/debian/patches/series 
django-mailman3-1.3.5/debian/patches/series
--- django-mailman3-1.3.5/debian/patches/series 1970-01-01 01:00:00.000000000 
+0100
+++ django-mailman3-1.3.5/debian/patches/series 2024-01-08 22:32:29.000000000 
+0100
@@ -0,0 +1 @@
+0001-Scrubber-now-removes-null-bytes-from-the-scrubbed-me.patch