Developers of Sympa

[address@concealed (Jérôme Marant)]

Hi,

  Here is a new bug report.
  Could you have a look to this please?

  Thanks.

--- Begin Message ---

• From: Daniel Pittman <address@concealed>
• From: Daniel Pittman <address@concealed>
• To: Debian Bug Tracking System <address@concealed>
• Subject: Bug#128233: sympa: Identification of "possible command in list message" is *very* loose...
• Date: Tue, 08 Jan 2002 13:47:43 +1100
• Resent-cc: Jerome Marant <address@concealed>
• Resent-date: Tue, 08 Jan 2002 02:48:03 GMT
• Resent-from: Daniel Pittman <address@concealed>
• Resent-to: address@concealed

Package: sympa
Version: 3.2.1-4
Severity: serious

I recently had a message sent to a list that I manage with Sympa
(attached) that had two problems.

Firstly, it was misidentified as containing a list command. I believe
that the line responsible was:

> Review of LoTR on Rocknerd: http://rocknerd.org/

This was misidentified as being a list command despite the trailing text
because of the regexp in 'tools.pl' for the 'checkcommand' routine.

The following patch solved the problem for me, correctly allowing the
message though. It's a more rigorous test than the previous but, I
suspect, more correct:

--- /usr/lib/sympa/bin/tools.pl Fri Dec 28 21:25:48 2001
+++ tools.pl    Tue Jan  8 13:34:44 2002
@@ -81,7 +81,7 @@
    my $subject = $msg->head->get('Subject');
    if ($subject) {
       foreach $avoid (@avoid_hdr) {
-         if ($subject =~ /^\s*(quiet)?($avoid)(\s+|$)/im) {
+         if ($subject =~ /^\s*(quiet)?($avoid)(\s+)?$/im) {
             &rejectMessage($msg, $sender);
             return 1;
          }
@@ -92,7 +92,7 @@
 
    foreach $i (@{$msg->body}) {
       foreach $avoid (@avoid_hdr) {
-         if ($i =~ /^\s*(quiet)?($avoid)(\s+|$)/im) {  ## Suspicious line
+         if ($i =~ /^\s*(quiet)?($avoid)(\s+)?$/im) {  ## Suspicious line
             &rejectMessage($msg, $sender);
             return 1;
          }

This had the unfortunate side-effect of triggering a worse bug in the
sympa package.

The software ran through the spool and found this as the first message.
It then got to the 'tools::checkcommand' call and decided that this
/was/ a command.

It put a message on the outbound queue for the user and 'sympa-request'
happily ... but it never removed the message from the queue!!!

So, every single time sympa walked around to fetch a message from the
queue it got this message, decided it was a command, rejected it, then
started the loop again...


The fixes to the regexp above mean that it's vastly less likely that a
message will trigger this second bug, but for now I have completely
disabled the routine.

It would be really good to work out why the breakage happened as it did;
hopefully the attached message is enough for you or the upstream to
debug this and correct it.

--- Begin Message ---

• From: David Gerard <address@concealed>
• To: address@concealed
• Subject: Re: Which LotR character are you?
• Date: Tue, 8 Jan 2002 11:27:49 +1100

Review of LoTR on Rocknerd: http://rocknerd.org/

When you've read the review, click on the 'Also by Sandro' link for more of
his 2000-3000-word film reviews.

Also, his novel ("Insides" by Andrew Moshos - please don't use his real
name on acg, though) is out now from Zaresky Press and is highly
recommended. A book about the Fitzroy the yuppies have nearly finished
sterilising.


- d.

--
List Information, Subscription Management and Archives, or to Unsubscribe:
<https://lists.rimspace.net/lists/info/cabal>



--- End Message ---

Regards,
Daniel


-- System Information
Debian Release: 3.0
Kernel Version: Linux inanna 2.4.18pre1 #1 Sun Jan 6 22:40:56 EST 2002 i686
unknown

Versions of the packages sympa depends on:
ii adduser 3.45 Add and remove users and groups
ii debconf 1.0.23 Debian configuration management system
ii libc6 2.2.4-7 GNU C Library: Shared libraries and Timezone
ii libdbd-pg-perl 1.01-1 a PostgreSQL interface for Perl 5 using DBI.
ii libdbi-perl 1.20-1 The Perl5 Database Interface by Tim Bunce
ii libio-stringy- 2.108-1 Perl5 modules for IO from scalars and arrays
ii libmailtools-p 1.42-2 Manipulate email in perl programs
ii libmd5-perl 2.02-2 backwards-compatible wrapper for Digest::MD5
ii libmime-base64 2.12-4 MIME/Base64 decoding for Perl
ii libmime-perl 5.411-1 Perl5 modules for MIME-compliant messages (M
ii libmsgcat-perl 1.03-2 Locale::Msgcat perl module
ii perl 5.6.1-6 Larry Wall's Practical Extraction and Report
ii sysklogd 1.4.1-10 System Logging Daemon
sendmail Not installed or no info
sendmail-tls Not installed or no info
ii postfix 0.0.20011217.S A high-performance mail transport agent
^^^ (Provides virtual package mail-transport-agent)
libdbd-mysql-perl Not installed or no info
ii sysklogd 1.4.1-10 System Logging Daemon
^^^ (Provides virtual package system-log-daemon)

--- Ignoring conffile /etc/sympa/sympa.conf-smime.in (not world readable)

--
I am, as I said, inspired by the biological phenomena in which chemical
forces are used in repetitious fashion to produce all kinds of weird
effects (one of which is the author).
-- Richard Feynman, _There's Plenty of Room at the Bottom_

--- End Message ---

-- 
Jérôme Marant <address@concealed>
              <address@concealed>

http://marant.org