1 Return-Path: <bremner@tethera.net>
\r
2 X-Original-To: notmuch@notmuchmail.org
\r
3 Delivered-To: notmuch@notmuchmail.org
\r
4 Received: from localhost (localhost [127.0.0.1])
\r
5 by olra.theworths.org (Postfix) with ESMTP id 29874431FAF
\r
6 for <notmuch@notmuchmail.org>; Wed, 1 Feb 2012 20:01:59 -0800 (PST)
\r
7 X-Virus-Scanned: Debian amavisd-new at olra.theworths.org
\r
11 X-Spam-Status: No, score=-2.3 tagged_above=-999 required=5
\r
12 tests=[RCVD_IN_DNSWL_MED=-2.3] autolearn=disabled
\r
13 Received: from olra.theworths.org ([127.0.0.1])
\r
14 by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)
\r
15 with ESMTP id swv2QBQZEuE8 for <notmuch@notmuchmail.org>;
\r
16 Wed, 1 Feb 2012 20:01:58 -0800 (PST)
\r
17 Received: from tempo.its.unb.ca (tempo.its.unb.ca [131.202.1.21])
\r
18 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
\r
19 (No client certificate requested)
\r
20 by olra.theworths.org (Postfix) with ESMTPS id 8EAC7431FAE
\r
21 for <notmuch@notmuchmail.org>; Wed, 1 Feb 2012 20:01:58 -0800 (PST)
\r
22 Received: from zancas.localnet
\r
23 (fctnnbsc36w-156034071197.pppoe-dynamic.High-Speed.nb.bellaliant.net
\r
24 [156.34.71.197]) (authenticated bits=0)
\r
25 by tempo.its.unb.ca (8.13.8/8.13.8) with ESMTP id q1241u3A010872
\r
26 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NO);
\r
27 Thu, 2 Feb 2012 00:01:56 -0400
\r
28 Received: from bremner by zancas.localnet with local (Exim 4.77)
\r
29 (envelope-from <bremner@tethera.net>)
\r
30 id 1Rsnrw-0003l2-I7; Thu, 02 Feb 2012 00:01:56 -0400
\r
31 From: David Bremner <david@tethera.net>
\r
32 To: notmuch@notmuchmail.org
\r
33 Subject: [PATCH v4 2/2] emacs: quote MML tags in replies
\r
34 Date: Thu, 2 Feb 2012 00:01:33 -0400
\r
35 Message-Id: <1328155293-2334-3-git-send-email-david@tethera.net>
\r
36 X-Mailer: git-send-email 1.7.8.3
\r
37 In-Reply-To: <1328155293-2334-1-git-send-email-david@tethera.net>
\r
38 References: <1328064581-13949-1-git-send-email-dmitry.kurochkin@gmail.com>
\r
39 <1328155293-2334-1-git-send-email-david@tethera.net>
\r
41 Content-Type: text/plain; charset=UTF-8
\r
42 Content-Transfer-Encoding: 8bit
\r
43 X-BeenThere: notmuch@notmuchmail.org
\r
44 X-Mailman-Version: 2.1.13
\r
46 List-Id: "Use and development of the notmuch mail system."
\r
47 <notmuch.notmuchmail.org>
\r
48 List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,
\r
49 <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>
\r
50 List-Archive: <http://notmuchmail.org/pipermail/notmuch>
\r
51 List-Post: <mailto:notmuch@notmuchmail.org>
\r
52 List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>
\r
53 List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,
\r
54 <mailto:notmuch-request@notmuchmail.org?subject=subscribe>
\r
55 X-List-Received-Date: Thu, 02 Feb 2012 04:01:59 -0000
\r
57 From: Aaron Ecay <aaronecay@gmail.com>
\r
59 Emacs message-mode uses certain text strings to indicate how to attach
\r
60 files to outgoing mail. If these are present in the text of an email,
\r
61 and a user is tricked into replying to the message, the user’s files
\r
64 Using point-max would include the signature in the quoting as well.
\r
65 It would probably be fairly odd to want to put an MML tag in one’s
\r
66 signature, but that doesn’t mean that we should break that usage.
\r
68 NEWS | 11 +++++++++++
\r
69 emacs/notmuch-mua.el | 7 ++++++-
\r
71 3 files changed, 17 insertions(+), 2 deletions(-)
\r
73 diff --git a/NEWS b/NEWS
\r
74 index 3d2c2a8..a089e67 100644
\r
77 @@ -11,6 +11,17 @@ Fix error handling in python bindings.
\r
78 exceptions to indicate the error condition. Any subsequent calls
\r
79 into libnotmuch caused segmentation faults.
\r
81 +Quote MML tags in replies
\r
83 + MML tags are text codes that Emacs uses to indicate attachments
\r
84 + (among other things) in messages being composed. The Emacs
\r
85 + interface did not quote MML tags in the quoted text of a reply.
\r
86 + User could be tricked into replying to a maliciously formatted
\r
87 + message and not editing out the MML tags from the quoted text. This
\r
88 + could lead to files from the user's machine being attached to the
\r
89 + outgoing message. The Emacs interface now quotes these tags in
\r
90 + reply text, so that they do not effect outgoing messages.
\r
93 Notmuch 0.11 (2012-01-13)
\r
94 =========================
\r
95 diff --git a/emacs/notmuch-mua.el b/emacs/notmuch-mua.el
\r
96 index 7114e48..768b693 100644
\r
97 --- a/emacs/notmuch-mua.el
\r
98 +++ b/emacs/notmuch-mua.el
\r
99 @@ -111,7 +111,12 @@ list."
\r
101 (set-buffer-modified-p nil)
\r
103 - (message-goto-body))
\r
104 + (message-goto-body)
\r
105 + ;; Original message may contain (malicious) MML tags. We must
\r
106 + ;; properly quote them in the reply. Note that using `point-max'
\r
107 + ;; instead of `mark' here is wrong. The buffer may include user's
\r
108 + ;; signature which should not be MML-quoted.
\r
109 + (mml-quote-region (point) (mark)))
\r
111 (defun notmuch-mua-forward-message ()
\r
113 diff --git a/test/emacs b/test/emacs
\r
114 index 2a2ce28..de100c5 100755
\r
117 @@ -274,7 +274,6 @@ EOF
\r
118 test_expect_equal_file OUTPUT EXPECTED
\r
120 test_begin_subtest "Quote MML tags in reply"
\r
121 -test_subtest_known_broken
\r
122 message_id='test-emacs-mml-quoting@message.id'
\r
123 add_message [id]="$message_id" \
\r
124 "[subject]='$test_subtest_name'" \
\r
projects / notmuch-archives.git / blob