[DRE-maint] Bug#749193: apt-listbugs: Reemergence

Sun May 25 22:07:40 UTC 2014

Control: reassign -1 ruby-locale 2.1.0-2
Control: affects -1 + apt-listbugs

On Sun, 25 May 2014 20:26:25 +0200 Stefan Skoglund wrote:

> The direct trigger of the crash is a peculiar character in a bug report
> for sound-juicer (bug #717391.)

Yes, I reproduced the issue with the following command:

  $ LC_ALL=sv_SE.UTF-8 apt-listbugs list sound-juicer

I performed a number of tests and it seems to me that the problem lies
in the subject line of bug #717391 which includes non-ASCII UTF-8
quotes “ and ” .

For some reason that I cannot understand, Ruby at some point seems to
consider this string as ASCII-8BIT and cannot concatenate it with a
UTF-8 string. Hence, when using a localization where the translation of
"Fixed" includes non-ASCII UTF-8 characters (one such localization is
the Swedish "Tillrättade"), an Encoding::CompatibilityError is
generated...

As I said, I cannot understand why Ruby is convinced that the subject
line of bug #717391 is encoded in ASCII-8BIT.
By using the -d option of apt-listbugs, I took a look at the SOAP wire
dump and it seems to me that the Debian BTS SOAP interface sends this
subject line as

<subject xsi:type="xsd:base64Binary">c291bmQtanVpY2VyOiBSZWZ1c2VzIHRvIHN0YXJ0OiDigJxUaGUgcGx1Z2luIG5lY2Vzc2FyeSBmb3IgZmlsZSBhY2Nlc3Mgd2FzIG5vdCBmb3VuZOKAnQ==</subject>

but:

  $ echo c291bmQtanVpY2VyOiBSZWZ1c2VzIHRvIHN0YXJ0OiDigJxUaGUgcGx1Z2luIG5lY2Vzc2FyeSBmb3IgZmlsZSBhY2Nlc3Mgd2FzIG5vdCBmb3VuZOKAnQ== | base64 -d
  sound-juicer: Refuses to start: “The plugin necessary for file access was not found”

and:

  $ echo c291bmQtanVpY2VyOiBSZWZ1c2VzIHRvIHN0YXJ0OiDigJxUaGUgcGx1Z2luIG5lY2Vzc2FyeSBmb3IgZmlsZSBhY2Nlc3Mgd2FzIG5vdCBmb3VuZOKAnQ== | base64 -d | file -
  /dev/stdin: UTF-8 Unicode text, with no line terminators

Hence, I seem to understand that this subject line is sent as a
base64-encoded UTF-8 string. I failed to figure out where Ruby begins
to consider it as ASCII-8BIT.

> 
> Take a look in the report from Ben Finney (message 1.)
> 
> It could be a lack of input sanitizing in bugs.debian.org ?
> 
> Still, this together with localization shouldn't cause a crash in
> ruby's localization module (if the weakness is there.)

I am reassigning your bug report to package ruby-locale, since I am
more and more convinced that the problem lies in how Ruby handles
string encodings.
I hope the maintainers of ruby-locale may investigate and fix
the issue.

> 
> The older report (725496) regarding this had another trigger:
[...]
> Ruby isn't sensitive to 'utf-8' or 'UTF-8' but 'utf8' or 'UTF8' was once
> sensitive.

Definitely, lowercase "utf" or uppercase "UTF" does not seem to make
any difference for the issue you are experiencing.

Thanks for taking the time to check this as well!

Now let's hope that the issue may be fixed soon.
Bye.

-- 
 http://www.inventati.org/frx/frx-gpg-key-transition-2010.txt
 New GnuPG key, see the transition document!
..................................................... Francesco Poli .
 GnuPG key fpr == CA01 1147 9CD2 EFDF FB82  3925 3E1C 27E1 1F69 BFFE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-ruby-extras-maintainers/attachments/20140526/85d141c3/attachment-0001.sig>