Your message dated Sat, 23 Jan 2016 13:57:15 +0000 with message-id <1453557435.1835.52.camel@adam-barratt.org.uk> and subject line 8.3 point release cleanup has caused the Debian Bug report #787423, regarding jessie-pu: package getmail4/4.46.0-1+debu8u1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 787423: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787423 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: jessie-pu: package getmail4/4.46.0-1+debu8u1
- From: Osamu Aoki <osamu@debian.org>
- Date: Tue, 2 Jun 2015 00:36:27 +0900
- Message-id: <20150601153627.GA2145@goofy.local>
Package: release.debian.org Severity: normal Tags: jessie User: release.debian.org@packages.debian.org Usertags: pu This is related to CVE-2013-1752: poplib: Limit maximum line lengths to 2048 of Python. https://bugs.python.org/issue16041 introduced in Python 2.7.9 With python version of jessie bumped at the last moment to 2.7.9 as: | python-defaults (2.7.9-1) unstable; urgency=medium | | * Bump version to 2.7.9. | | -- Matthias Klose <doko@debian.org> Mon, 16 Mar 2015 23:32:04 +0100 This caused surprises to programs using the poplib. See https://bugs.debian.org/782614 (for now it is important bug but really grave one) At least, getmail upstream thinks this arbitual untested limit of 2048 bytes is stupid. The getmail upstream thinks 1MB is reasonable value. He has added following effectively 1 line patch with the latest release. (uploaded to sid) I would like to apply this to the jessie package since this cause normal users to loose capability to retrieve mail. --- getmail-4.47.0/getmailcore/_retrieverbases.py 2015-02-26 10:10:44.000000000 +0900 +++ getmail-4.48.0/getmailcore/_retrieverbases.py 2015-06-01 23:49:04.499564781 +0900 @@ -233,6 +233,15 @@ # Constant for POPSSL POP3_SSL_PORT = 995 + +# Python added poplib._MAXLINE somewhere along the way. As far as I can +# see, it serves no purpose except to introduce bugs into any software +# using poplib. Any computer running Python will have at least some megabytes +# of userspace memory; arbitrarily causing message retrieval to break if any +# "line" exceeds 2048 bytes is absolutely stupid. +poplib._MAXLINE = 1 << 20 # 1MB; decrease this if you're running on a VIC-20 + + # # Mix-in classes # I am not going to change anything else. (4.46.0 and 4.47.0 are the same for this part.) -- System Information: Debian Release: 8.0 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable'), (100, 'unstable'), (100, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---
- To: 783355-done@bugs.debian.org, 784944-done@bugs.debian.org, 787021-done@bugs.debian.org, 787423-done@bugs.debian.org, 791403-done@bugs.debian.org, 792468-done@bugs.debian.org, 792806-done@bugs.debian.org, 793556-done@bugs.debian.org, 794940-done@bugs.debian.org, 796281-done@bugs.debian.org, 797170-done@bugs.debian.org, 797710-done@bugs.debian.org, 798028-done@bugs.debian.org, 798584-done@bugs.debian.org, 798749-done@bugs.debian.org, 798889-done@bugs.debian.org, 798890-done@bugs.debian.org, 798891-done@bugs.debian.org, 798892-done@bugs.debian.org, 798893-done@bugs.debian.org, 798895-done@bugs.debian.org, 799033-done@bugs.debian.org, 799070-done@bugs.debian.org, 799229-done@bugs.debian.org, 799230-done@bugs.debian.org, 799369-done@bugs.debian.org, 799477-done@bugs.debian.org, 799758-done@bugs.debian.org, 799777-done@bugs.debian.org, 800006-done@bugs.debian.org, 800664-done@bugs.debian.org, 800793-done@bugs.debian.org, 800881-done@bugs.debian.org, 801095-done@bugs.debian.org, 801098-done@bugs.debian.org, 801100-done@bugs.debian.org, 801304-done@bugs.debian.org, 801318-done@bugs.debian.org, 801441-done@bugs.debian.org, 801580-done@bugs.debian.org, 801743-done@bugs.debian.org, 801851-done@bugs.debian.org, 801892-done@bugs.debian.org, 802851-done@bugs.debian.org, 802879-done@bugs.debian.org, 802900-done@bugs.debian.org, 802942-done@bugs.debian.org, 803362-done@bugs.debian.org, 803467-done@bugs.debian.org, 803490-done@bugs.debian.org, 803569-done@bugs.debian.org, 803678-done@bugs.debian.org, 803730-done@bugs.debian.org, 804157-done@bugs.debian.org, 804172-done@bugs.debian.org, 804208-done@bugs.debian.org, 804381-done@bugs.debian.org, 804383-done@bugs.debian.org, 804734-done@bugs.debian.org, 804885-done@bugs.debian.org, 805024-done@bugs.debian.org, 805127-done@bugs.debian.org, 805190-done@bugs.debian.org, 805214-done@bugs.debian.org, 805260-done@bugs.debian.org, 805293-done@bugs.debian.org, 805383-done@bugs.debian.org, 805634-done@bugs.debian.org, 805721-done@bugs.debian.org, 805894-done@bugs.debian.org, 806129-done@bugs.debian.org, 806165-done@bugs.debian.org, 806247-done@bugs.debian.org, 806252-done@bugs.debian.org, 806338-done@bugs.debian.org, 806529-done@bugs.debian.org, 806640-done@bugs.debian.org, 807129-done@bugs.debian.org, 807140-done@bugs.debian.org, 807142-done@bugs.debian.org, 807273-done@bugs.debian.org, 807280-done@bugs.debian.org, 807467-done@bugs.debian.org, 807489-done@bugs.debian.org, 807515-done@bugs.debian.org, 807576-done@bugs.debian.org, 807612-done@bugs.debian.org, 807828-done@bugs.debian.org, 807917-done@bugs.debian.org, 808559-done@bugs.debian.org, 808890-done@bugs.debian.org, 809200-done@bugs.debian.org, 809255-done@bugs.debian.org, 809258-done@bugs.debian.org, 809307-done@bugs.debian.org, 809534-done@bugs.debian.org, 809561-done@bugs.debian.org, 809688-done@bugs.debian.org, 809757-done@bugs.debian.org, 809824-done@bugs.debian.org, 810004-done@bugs.debian.org, 810111-done@bugs.debian.org, 810130-done@bugs.debian.org, 810542-done@bugs.debian.org, 810760-done@bugs.debian.org, 810887-done@bugs.debian.org, 811132-done@bugs.debian.org, 811320-done@bugs.debian.org, 792779-done@bugs.debian.org
- Subject: 8.3 point release cleanup
- From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Date: Sat, 23 Jan 2016 13:57:15 +0000
- Message-id: <1453557435.1835.52.camel@adam-barratt.org.uk>
Version: 8.3 Hi, The updates referred to in these bugs were included in today's 8.3 Jessie point release. Regards, Adam
--- End Message ---