From 8beaa7ffcf5e07dd814689c28ce8ce060036d532 Mon Sep 17 00:00:00 2001 From: Don Armstrong Date: Mon, 24 Jul 2023 16:17:17 -0700 Subject: [PATCH 01/10] Handle RFC1522 escaped commas in structured headers (#1041638) --- debian/changelog | 1 + lib/Debbugs/MIME.pm | 35 ++++++++++++++++++++++++++++++++++- scripts/process | 12 +++++++++--- t/01_mime.t | 5 +++-- 4 files changed, 47 insertions(+), 6 deletions(-) diff --git a/debian/changelog b/debian/changelog index 60dfa6c..5cdd98c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -6,6 +6,7 @@ debbugs (3.0.0~alpha.1) unstable; urgency=medium * Fix unescaped From (closes: #983847) * Actually return message/rfc822 when there is a single message instead of mbox (closes: #1009181) + * Fix missing escaping of comma in address fields (closes: #1041638) -- Don Armstrong Fri, 09 Mar 2018 11:17:10 -0800 diff --git a/lib/Debbugs/MIME.pm b/lib/Debbugs/MIME.pm index fec3b6e..579f332 100644 --- a/lib/Debbugs/MIME.pm +++ b/lib/Debbugs/MIME.pm @@ -44,7 +44,7 @@ BEGIN { %EXPORT_TAGS = (mime => [qw(parse create_mime_message getmailbody), qw(parse_to_mime_entity), ], - rfc1522 => [qw(decode_rfc1522 encode_rfc1522)], + rfc1522 => [qw(decode_rfc1522 encode_rfc1522 handle_escaped_commas)], ); @EXPORT_OK=(); Exporter::export_ok_tags(keys %EXPORT_TAGS); @@ -54,6 +54,7 @@ BEGIN { use File::Path qw(remove_tree); use File::Temp qw(tempdir); use MIME::Parser; +use Mail::Message::Field; use POSIX qw(strftime); use List::AllUtils qw(apply); @@ -396,4 +397,36 @@ sub encode_rfc1522 { return $string; } +=head2 + + $header = handle_escaped_commas('','From: ') + +Handle commas in addresses which have been RFC1522 escaped and now need to be +quoted to avoid parsing as a record separator. + +=cut + +sub handle_escaped_commas { + my ($modified_hdr, $orig_hdr) = @_; + + my $field = Mail::Message::Field->new($orig_hdr); + # if the header isn't structured, it can't contain an address + if (not $field->isStructured()) { + return $modified_hdr + } + if ($field->name() !~ m/^(?:to|from|reply-to)$/) { + return $modified_hdr + } + my @addresses = $field->addresses(); + if (not @addresses) { + return $modified_hdr + } + my @return_addresses; + for my $address (@addresses) { + $address->phrase(decode_rfc1522($address->phrase())); + push @return_addresses, $address->format(); + } + return join(', ',@return_addresses) +} + 1; diff --git a/scripts/process b/scripts/process index 4e4d97a..8310998 100755 --- a/scripts/process +++ b/scripts/process @@ -184,7 +184,7 @@ for my $hdr (@headerlines) { mail-followup-to| references): |From\s|X-Debbugs-)/xi; - $fwd .= encode_utf8($hdr)."\n" if $ins; + $fwd .= $orig_hdr."\n" if $ins; # print {$debugfh} ">$_<\n"; if (s/^(\S+):\s*//) { my $v = lc $1; @@ -192,7 +192,13 @@ for my $hdr (@headerlines) { push @common_headers, 'X-Loop',$_; } print {$debugfh} ">$v=$_<\n"; - $header{$v} = $_; + # Handle a comma which is escaped being passed through un-escaped. See + # https://bugs.debian.org/1041638 + if ($_ =~ m/,/ and not $orig_hdr =~ m/,/) { + $header{$v} = handle_escaped_commas($_,$orig_hdr); + } else { + $header{$v} = $_; + } } else { print {$debugfh} "!>$_<\n"; } @@ -718,7 +724,7 @@ if ($ref<0) { # new bug report ); } } - if ($name eq 'usertags'){ + if ($name eq 'usertags' and defined $current_user){ my %user_tags; read_usertags(\%user_tags, $current_user); $value =~ s/(?:^\s+|\s+$)//g; diff --git a/t/01_mime.t b/t/01_mime.t index dcd3b76..ecad37b 100644 --- a/t/01_mime.t +++ b/t/01_mime.t @@ -1,7 +1,7 @@ # -*- mode: cperl;-*- # $Id: 01_mime.t,v 1.1 2005/08/17 21:46:17 don Exp $ -use Test::More tests => 6; +use Test::More tests => 7; use warnings; use strict; @@ -36,7 +36,8 @@ ok(Debbugs::MIME::decode_rfc1522(Debbugs::MIME::encode_rfc1522(encode_utf8($test "encode_rfc1522 encodes strings that decode_rfc1522 can decode"); ok(Debbugs::MIME::decode_rfc1522(Debbugs::MIME::encode_rfc1522(encode_utf8($test_str3))) eq $test_str3, "encode_rfc1522 properly handles parenthesis and \""); - +ok(Debbugs::MIME::handle_escaped_commas(q(),q(From: =?UTF-8?Q?Armstrong=2C?= Don )) eq q("Armstrong, Don" ), + "handle_escaped_commas properly handles commas in RFC1522 encoded strings"); # Make sure that create_mime_message has encoded headers and doesn't enclude any 8-bit characters -- 2.39.2 From a15eee729610a5fa25ca0415b6fd19a7a63b43d0 Mon Sep 17 00:00:00 2001 From: Don Armstrong Date: Wed, 27 Sep 2023 20:41:06 -0700 Subject: [PATCH 02/10] Sort blocked-by to allow merging bugs with mis-sorted blockers --- debian/changelog | 1 + lib/Debbugs/Status.pm | 11 +++++++++++ t/12_merge.t | 20 +++++++++++++++++++- 3 files changed, 31 insertions(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index 5cdd98c..a639202 100644 --- a/debian/changelog +++ b/debian/changelog @@ -7,6 +7,7 @@ debbugs (3.0.0~alpha.1) unstable; urgency=medium * Actually return message/rfc822 when there is a single message instead of mbox (closes: #1009181) * Fix missing escaping of comma in address fields (closes: #1041638) + * Sort blocked-by (closes: 751808), thanks to Tim Landscheidt. -- Don Armstrong Fri, 09 Mar 2018 11:17:10 -0800 diff --git a/lib/Debbugs/Status.pm b/lib/Debbugs/Status.pm index f539781..dcc83b1 100644 --- a/lib/Debbugs/Status.pm +++ b/lib/Debbugs/Status.pm @@ -299,6 +299,17 @@ sub read_bug{ $data{archived} = (defined($location) and ($location eq 'archive'))?1:0; $data{bug_num} = $param{bug}; + # Sort blockedby numerically so that bugs with identical blockers have + # identical lists. + if (defined $data{blockedby} and + $data{blockedby}) { + $data{blockedby} = + join(' ', + sort { $a <=> $b } + split / /, $data{blockedby} + ); + } + # mergedwith occasionally is sorted badly. Fix it to always be sorted by <=> # and not include this bug if (defined $data{mergedwith} and diff --git a/t/12_merge.t b/t/12_merge.t index a20b397..901b883 100644 --- a/t/12_merge.t +++ b/t/12_merge.t @@ -142,7 +142,7 @@ send_message(to => 'control@bugs.something', ], body => <<'EOF') or fail 'message to control@bugs.something failed'; debug 10 -clone 2 -1 -2 -3 -4 -5 -6 +clone 2 -1 -2 -3 -4 -5 -6 -7 -8 retitle 2 foo owner 2 bar@baz.com submitter 2 fleb@bleh.com @@ -159,9 +159,21 @@ fixed -4 1.2-3 found -4 1.2-1 found -5 1.2-5 fixed -5 1.2-6 +block -7 by -1 +block -7 by -2 +block -8 by -2 +block -8 by -1 thanks EOF +# The order of "Blocked-By:" in *.summary is not deterministic, so +# these tests assert that the blockers of bugs #9 and #10 are sorted +# differently. +ok(system('perl', '-i', '-pwe', 's/^Blocked-By: 4 3\n/Blocked-By: 3 4\n/;', $spool_dir . '/db-h/09/9.summary') == 0, 'Changed bug #9'); +ok(system('perl', '-i', '-pwe', 's/^Blocked-By: 3 4\n/Blocked-By: 4 3\n/;', $spool_dir . '/db-h/10/10.summary') == 0, 'Changed bug #10'); +ok(system('grep','-q','^Blocked-By: 3 4',"$spool_dir/db-h/09/9.summary") == 0,'Bug #9 has "Blocked-By: 3 4"'); +ok(system('grep','-q','^Blocked-By: 4 3',"$spool_dir/db-h/10/10.summary") == 0,'Bug #10 has "Blocked-By: 4 3"'); + test_control_commands(\%config, forcemerge => {command => 'forcemerge', value => "2 3\nseverity 2 minor", @@ -191,6 +203,12 @@ test_control_commands(\%config, status_value => '8', bug => '7', }, + merge => {command => 'merge', + value => '9 10', + status_key => 'mergedwith', + status_value => '10', + bug => '9', + }, ); done_testing(); -- 2.39.2 From a20cb580b6893fa44b984d51fa1641ef3c3b6db1 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Otto=20Kek=C3=A4l=C3=A4inen?= Date: Wed, 15 May 2024 23:26:14 -0700 Subject: [PATCH 03/10] Enable Salsa-CI This will help ensure easily machine detectable regressions don't slip into the code base. This also makes any future contribution process faster and more reliable, as any contributor submitting a Merge Request will get immediate feedback, and the maintainers save time by not having to point out basic mistakes. --- debian/salsa-ci.yml | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 debian/salsa-ci.yml diff --git a/debian/salsa-ci.yml b/debian/salsa-ci.yml new file mode 100644 index 0000000..3de2c8b --- /dev/null +++ b/debian/salsa-ci.yml @@ -0,0 +1,9 @@ +--- +include: + - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml + - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml + +# If Salsa-CI is not running at +# https://salsa.debian.org/%{project_path}/-/pipelines, ensure that +# https://salsa.debian.org/%{project_path}/-/settings/ci_cd has in field "CI/CD +# configuration file" filename "debian/salsa-ci.yml" -- 2.39.2 From 9d67d3594ee0b40d8bdbefcfaabc798f8c6a5717 Mon Sep 17 00:00:00 2001 From: Diederik de Haas Date: Sun, 11 Dec 2022 10:15:44 +0100 Subject: [PATCH 04/10] d/control: Update postgresql-N-debversion packages Version 10 doesn't (seem to) exist at all and 9.6 and 11 are for very old versions. Replace them with the versions included in recent Debian versions: - 13 in Bullseye - 15 in Bookworm - 16 in Trixie and current unstable (cherry-picked from https://salsa.debian.org/debbugs-team/debbugs/-/merge_requests/16) --- debian/control | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/debian/control b/debian/control index 61bfcee..514b90b 100644 --- a/debian/control +++ b/debian/control @@ -21,7 +21,7 @@ Build-Depends-Indep: libparams-validate-perl, libdatetime-perl, libaliased-perl, postgresql, - postgresql-9.6-debversion|postgresql-10-debversion|postgresql-11-debversion, + postgresql-13-debversion|postgresql-15-debversion|postgresql-16-debversion, libtext-xslate-perl, graphviz, libtext-iconv-perl, libnet-server-perl, libmouse-perl, libmousex-nativetraits-perl, # required for use strictures 2 @@ -40,7 +40,7 @@ Depends: libdebbugs-perl Recommends: debbugs-web (>= 2.6~) Suggests: spamassassin (>= 3.0), libcgi-alert-perl, postgresql, - postgresql-9.6-debversion|postgresql-10-debversion|postgresql-11-debversion + postgresql-13-debversion|postgresql-15-debversion|postgresql-16-debversion Description: bug tracking system based on the active Debian BTS Debian has a bug tracking system which files details of bugs reported by users and developers. Each bug is given a number, and is kept on file until -- 2.39.2 From 50fdd07de3c36d6b7289cc0bf79542519d7b218e Mon Sep 17 00:00:00 2001 From: =?utf8?q?Otto=20Kek=C3=A4l=C3=A4inen?= Date: Sat, 18 May 2024 15:27:58 -0700 Subject: [PATCH 05/10] Add missing build dependency: libmail-message-perl The post-build tests were failing on tens of errors like: t/07_bugreport.t ..................... Can't locate Mail/Message/Field.pm in @INC (you may need to install the Mail::Message::Field module) (@INC entries checked: lib /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.38.2 /usr/local/share/perl/5.38.2 /usr/lib/x86_64-linux-gnu/perl5/5.38 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl-base /usr/lib/x86_64-linux-gnu/perl/5.38 /usr/share/perl/5.38 /usr/local/lib/site_perl .) at lib/Debbugs/MIME.pm line 57. BEGIN failed--compilation aborted at lib/Debbugs/MIME.pm line 57. Compilation failed in require at t/07_bugreport.t line 19. BEGIN failed--compilation aborted at t/07_bugreport.t line 19. Add the missing dependency to overcome this and get the tests passing. Note that the tests still emit multiple times this warning which warrants additional follow-up later: t/07_bugreport.t ..................... 14/19 Text::Xslate: get_info_from_db not implemented without schema at lib/Debbugs/Package.pm line 196. Debbugs::Package::_get_valid_version_info_from_db(Debbugs::Package={package=bar}) called at lib/Debbugs/Package.pm line 166 Debbugs::Package::_build_valid_version_info(Debbugs::Package={package=bar}) called at /usr/share/perl5/MouseX/NativeTraits/MethodProvider/ArrayRef.pm line 315 Debbugs::Package::_valid_version_info(Debbugs::Package={package=bar}) called at lib/Debbugs/Package.pm line 534 Debbugs::Package::source_names(Debbugs::Package={package=bar}) called at lib/Debbugs/Package.pm line 525 Debbugs::Package::_build_sources(Debbugs::Package={package=bar}) called at lib/Debbugs/Text.pm line 209 eval {...} called at lib/Debbugs/Text.pm line 209 Debbugs::Text::fill_in_template("template", "cgi/bugreport", "variables", HASH(0x559b9ebe1c10), "hole_var", HASH(0x559b9ebe2288)) called at ./cgi/bugreport.cgi line 403 --- debian/control | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/control b/debian/control index 514b90b..b053393 100644 --- a/debian/control +++ b/debian/control @@ -11,7 +11,7 @@ Build-Depends-Indep: libparams-validate-perl, libmailtools-perl, libmime-tools-perl, libio-stringy-perl, libmldbm-perl, liburi-perl, libsoap-lite-perl, libcgi-simple-perl, libhttp-server-simple-perl, libtest-www-mechanize-perl, - libmail-rfc822-address-perl, libuser-perl, + libmail-rfc822-address-perl, libuser-perl, libmail-message-perl, libconfig-simple-perl, libtest-pod-perl, liblist-allutils-perl, libfile-libmagic-perl, libgravatar-url-perl, libwww-perl, imagemagick, libdbix-class-perl, libdatetime-format-pg-perl, libtest-postgresql-perl, -- 2.39.2 From 5f49d3c56ac8dd6a332bc764c10b71d9c05ee3a5 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Otto=20Kek=C3=A4l=C3=A4inen?= Date: Sat, 18 May 2024 15:55:47 -0700 Subject: [PATCH 06/10] Fix filename in install: UPGRADE -> UPGRADE.md (Closed: #903413) This fixes the dh_install stage that was failing on missing file. Seems that when the file was renamed nobody tried to build the package. Having Salsa-CI will prevent such lapses in the future. --- debian/docs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/docs b/debian/docs index ef44632..64e62ee 100644 --- a/debian/docs +++ b/debian/docs @@ -1 +1 @@ -UPGRADE debian/README.mail +UPGRADE.md debian/README.mail -- 2.39.2 From c95368d2fd7555904d075b73e9860ee75f846889 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Otto=20Kek=C3=A4l=C3=A4inen?= Date: Sat, 18 May 2024 15:59:17 -0700 Subject: [PATCH 07/10] Fix d/control syntax Add missing comma and fix the comment indentation done by a developer who did not test the build after their changes. Having Salsa-CI in the project will prevent such lapses in the future. --- debian/control | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/debian/control b/debian/control index b053393..54256c8 100644 --- a/debian/control +++ b/debian/control @@ -62,8 +62,8 @@ Depends: graphviz, libtext-iconv-perl, libuser-perl, libmouse-perl, libmousex-nativetraits-perl, # used by Debbugs::Libravatar and libravatar.cgi - libfile-libmagic-perl, libgravatar-url-perl, libwww-perl, imagemagick - # used by the database + libfile-libmagic-perl, libgravatar-url-perl, libwww-perl, imagemagick, +# used by the database libdbix-class-timestamp-perl, libdbix-class-deploymenthandler-perl, libdatetime-perl, -- 2.39.2 From 4c1a9d712a04d24c4b10c8f08bb3107ba8eedf5b Mon Sep 17 00:00:00 2001 From: =?utf8?q?Otto=20Kek=C3=A4l=C3=A4inen?= Date: Sat, 18 May 2024 16:08:36 -0700 Subject: [PATCH 08/10] Add sensible-utils as dependency and make package Lintian clean Lintian was erroring on: E: debbugs-local: missing-depends-on-sensible-utils sensible-browser [usr/bin/local-debbugs] Add this missing dependency to get the number of Lintian errors to zero so that builds and e.g. Salsa-CI passes. Several Lintian warnings still remain. Having Salsa-CI in the package will make it less likely that new Lintian errors are introduced, or at least their are caught immediately. --- debian/control | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/debian/control b/debian/control index 54256c8..a04a575 100644 --- a/debian/control +++ b/debian/control @@ -104,7 +104,8 @@ Depends: ${perl:Depends}, ${misc:Depends}, libdebbugs-perl, debbugs-web, libconfig-simple-perl, - libuser-perl, rsync, libhttp-server-simple-perl, libnet-server-perl + libuser-perl, rsync, libhttp-server-simple-perl, libnet-server-perl, + sensible-utils Description: Run and maintains a local mirror of the Debian BTS Debian has a bug tracking system which files details of bugs reported by users and developers. Each bug is given a number, and is kept on -- 2.39.2 From 51f0b912c6d13214b09716d51bcb5d3baed5d56c Mon Sep 17 00:00:00 2001 From: =?utf8?q?Otto=20Kek=C3=A4l=C3=A4inen?= Date: Sat, 18 May 2024 18:34:58 -0700 Subject: [PATCH 09/10] Salsa-CI: Allow autopkgtest to fail for now The package does not have any debian/tests and thus autopkgtest will run autodep8-perl which does not pass, and will need some work before enabled: autodep8-perl-build-deps FAIL non-zero exit status 253 autodep8-perl PASS (superficial) autodep8-perl-recommends FAIL non-zero exit status 1 Allowing failure in GitLab CI will still show the job as yellow, and hopefully attract the attention of developers to later fix is too. --- debian/salsa-ci.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/debian/salsa-ci.yml b/debian/salsa-ci.yml index 3de2c8b..60fbec3 100644 --- a/debian/salsa-ci.yml +++ b/debian/salsa-ci.yml @@ -7,3 +7,12 @@ include: # https://salsa.debian.org/%{project_path}/-/pipelines, ensure that # https://salsa.debian.org/%{project_path}/-/settings/ci_cd has in field "CI/CD # configuration file" filename "debian/salsa-ci.yml" + +# The package does not have any debian/tests and thus autopkgtest will run +# autodep8-perl which does not pass, and will need some work before enabled: +# autodep8-perl-build-deps FAIL non-zero exit status 253 +# autodep8-perl PASS (superficial) +# autodep8-perl-recommends FAIL non-zero exit status 1 +autopkgtest: + extends: .test-autopkgtest + allow_failure: true -- 2.39.2 From cb1ea6e86b9500a89954e25018058e3fa1b98aa4 Mon Sep 17 00:00:00 2001 From: Don Armstrong Date: Sun, 19 May 2024 20:59:10 -0700 Subject: [PATCH 10/10] Don't make the logo; it's checked into git and isn't necessary --- Makefile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index b3e46a6..5872d2f 100644 --- a/Makefile +++ b/Makefile @@ -27,7 +27,8 @@ all: build build: $(PERL) Makefile.PL $(MAKE) -f Makefile.perl - $(MAKE) -C html/logo +# Don't bother to make the logo; it's not necessary +# $(MAKE) -C html/logo test: LC_ALL=$(UTF8_LOCALE) $(PERL) -MTest::Harness -Ilib -e 'runtests(glob(q(t/*.t)))' -- 2.39.2