Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
For bugs related to Red Hat Enterprise Linux 5 product line. The current stable release is 5.10. For Red Hat Enterprise Linux 6 and above, please visit Red Hat JIRA https://issues.redhat.com/secure/CreateIssue!default.jspa?pid=12332745 to report new issues.

Bug 644147

Summary: Patch for get_filename in email.message when content-disposition is missing
Product: Red Hat Enterprise Linux 5 Reporter: Masahiro Matsuya <mmatsuya>
Component: pythonAssignee: Dave Malcolm <dmalcolm>
Status: CLOSED ERRATA QA Contact: Petr Šplíchal <psplicha>
Severity: high Docs Contact:
Priority: urgent    
Version: 5.5CC: cww, katzj, ohudlick, psplicha, syeghiay
Target Milestone: rcKeywords: ZStream
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: python-2.4.3-36.el5 Doc Type: Bug Fix
Doc Text:
The email module incorrectly implemented the logic for obtaining attachment filenames: the get_filename() fallback for using the deprecated "name" parameter of the "Content-Type" header erroneously used the "Content-Disposition" header. This update backports a fix from Python 2.6, which resolves this issue.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2011-01-13 23:10:29 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 649250    

Description Masahiro Matsuya 2010-10-19 02:24:21 UTC 
Description of problem:

This is a request to backport the following bugfix.

   http://bugs.python.org/issue7082

Case Summary:
============

Upstream bug: http://bugs.python.org/issue7082

message.get_filename() in python email incorrectly looks for a "name" parameter in Content-Disposition header when it does not find a "filename" parameter. This is wrong, since there is no such defined parameter. Instead, there is a "name" parameter in Content-Type header, which ought to be checked in case the "filename" parameter in content-Disposition does not exist.

Issues:
---------

* The issue impacts the customer of our customer, hence they need an urgent fix for this.
* The fix is trivial, but may be viewed as a behaviour change and hence not recommended for RHEL-5
* The "name" parameter for Content-Type is apparently deprecated:

http://www.imc.org/ietf-822/old-archive2/msg02121.html

but a number of applications still use it (Microsoft's .Net framework) and hence needs to be supported.


Version-Release number of selected component (if applicable):
python-2.4.3-27

How reproducible:
Always


Actual results:
message.get_filename() in python email incorrectly looks for a "name" parameter in Content-Disposition header when it does not find a "filename" parameter

Expected results:
Content-Type header should be checked

Additional info:

patch:
svn co http://svn.python.org/projects/python/trunk python
svn diff -r75300:75301
Comment 9 Eva Kopalova 2010-12-20 10:20:34 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
The email module incorrectly implemented the logic for obtaining attachment filenames: the get_filename() fallback for using the deprecated "name" parameter of the "Content-Type" header erroneously used the "Content-Disposition" header. This update backports a fix from Python 2.6, which resolves this issue.
Comment 11 errata-xmlrpc 2011-01-13 23:10:29 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2011-0027.html