1 Return-Path: <jani@nikula.org>
\r
2 X-Original-To: notmuch@notmuchmail.org
\r
3 Delivered-To: notmuch@notmuchmail.org
\r
4 Received: from localhost (localhost [127.0.0.1])
\r
5 by olra.theworths.org (Postfix) with ESMTP id 16FE3431FAF
\r
6 for <notmuch@notmuchmail.org>; Sat, 3 Mar 2012 15:36:37 -0800 (PST)
\r
7 X-Virus-Scanned: Debian amavisd-new at olra.theworths.org
\r
11 X-Spam-Status: No, score=-0.7 tagged_above=-999 required=5
\r
12 tests=[RCVD_IN_DNSWL_LOW=-0.7] autolearn=disabled
\r
13 Received: from olra.theworths.org ([127.0.0.1])
\r
14 by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)
\r
15 with ESMTP id bXT-GUqATMCf for <notmuch@notmuchmail.org>;
\r
16 Sat, 3 Mar 2012 15:36:35 -0800 (PST)
\r
17 Received: from mail-lpp01m010-f53.google.com (mail-lpp01m010-f53.google.com
\r
18 [209.85.215.53]) (using TLSv1 with cipher RC4-SHA (128/128 bits))
\r
19 (No client certificate requested)
\r
20 by olra.theworths.org (Postfix) with ESMTPS id ADF9E431FAE
\r
21 for <notmuch@notmuchmail.org>; Sat, 3 Mar 2012 15:36:34 -0800 (PST)
\r
22 Received: by lahc1 with SMTP id c1so3588507lah.26
\r
23 for <notmuch@notmuchmail.org>; Sat, 03 Mar 2012 15:36:33 -0800 (PST)
\r
24 Received-SPF: pass (google.com: domain of jani@nikula.org designates
\r
25 10.112.103.228 as permitted sender) client-ip=10.112.103.228;
\r
26 Authentication-Results: mr.google.com;
\r
27 spf=pass (google.com: domain of jani@nikula.org
\r
28 designates 10.112.103.228 as permitted sender)
\r
29 smtp.mail=jani@nikula.org
\r
30 Received: from mr.google.com ([10.112.103.228])
\r
31 by 10.112.103.228 with SMTP id fz4mr6491577lbb.99.1330817793231
\r
32 (num_hops = 1); Sat, 03 Mar 2012 15:36:33 -0800 (PST)
\r
33 Received: by 10.112.103.228 with SMTP id fz4mr5307297lbb.99.1330817793076;
\r
34 Sat, 03 Mar 2012 15:36:33 -0800 (PST)
\r
35 Received: from localhost (dsl-hkibrasgw4-fe50f800-253.dhcp.inet.fi.
\r
37 by mx.google.com with ESMTPS id fl2sm15225898lbb.4.2012.03.03.15.36.31
\r
38 (version=SSLv3 cipher=OTHER); Sat, 03 Mar 2012 15:36:32 -0800 (PST)
\r
39 From: Jani Nikula <jani@nikula.org>
\r
40 To: Tim Bielawa <tbielawa@redhat.com>, notmuch@notmuchmail.org
\r
41 Subject: Re: [PATCH] Fix mml-quoting in responses where pgp-signing is enabled
\r
42 In-Reply-To: <1330812262-28272-1-git-send-email-tbielawa@redhat.com>
\r
43 References: <1330812262-28272-1-git-send-email-tbielawa@redhat.com>
\r
44 User-Agent: Notmuch/0.11.1+295~g780f284 (http://notmuchmail.org) Emacs/23.3.1
\r
46 Date: Sun, 04 Mar 2012 01:36:29 +0200
\r
47 Message-ID: <87ty25fe9u.fsf@nikula.org>
\r
49 Content-Type: text/plain; charset=us-ascii
\r
51 ALoCoQnRWkKHP28R+OCe08SWbBS2xNcci14RgspHbtiLGrsyVY5WLEkyDpqtXMoXFhN0cG2bdBRK
\r
52 X-BeenThere: notmuch@notmuchmail.org
\r
53 X-Mailman-Version: 2.1.13
\r
55 List-Id: "Use and development of the notmuch mail system."
\r
56 <notmuch.notmuchmail.org>
\r
57 List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,
\r
58 <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>
\r
59 List-Archive: <http://notmuchmail.org/pipermail/notmuch>
\r
60 List-Post: <mailto:notmuch@notmuchmail.org>
\r
61 List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>
\r
62 List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,
\r
63 <mailto:notmuch-request@notmuchmail.org?subject=subscribe>
\r
64 X-List-Received-Date: Sat, 03 Mar 2012 23:36:37 -0000
\r
66 On Sat, 3 Mar 2012 17:04:22 -0500, Tim Bielawa <tbielawa@redhat.com> wrote:
\r
67 > The addition of mml-quote-region (notmuch-mua.el) in 2c6710e3 breaks
\r
68 > automatic signing in replies. When replies are mml-quoted and signing
\r
69 > is enabled by default the "<#part sign=pgpmime>" string will appear on
\r
70 > line 1. This will be consumed during the application of the
\r
71 > mml-quote-region function and transform into the inert string
\r
72 > "<#!part sign=pgpmime>". The result is that responses will no longer
\r
73 > be signed by default.
\r
75 > This fix moves the point forward one line before applying the quoting
\r
78 > Consideration: Clients not signing mail by default. The first line of
\r
79 > their responses would be skipped when the quoting function is
\r
80 > applied. This string takes this general form:
\r
82 > On Sat, 03 Mar 2012 12:55:14 -0800, notmuch-request@notmuchmail.org wrote:
\r
84 > Because the string is generated by notmuch I don't believe this fix
\r
85 > introduces the possibility for malicious mml commands being omitted
\r
88 Hmm, would it work to mml quote the reply *before* extracting it from
\r
89 the temp buffer, like below? It would handle not mml quoting the user's
\r
90 signature too. Completely untested...
\r
96 diff --git a/emacs/notmuch-mua.el b/emacs/notmuch-mua.el
\r
97 index 4be7c13..13244eb 100644
\r
98 --- a/emacs/notmuch-mua.el
\r
99 +++ b/emacs/notmuch-mua.el
\r
100 @@ -95,6 +95,9 @@ list."
\r
101 (goto-char (point-min))
\r
102 (setq headers (mail-header-extract)))))
\r
104 + ;; Original message may contain (malicious) MML tags. We must
\r
105 + ;; properly quote them in the reply.
\r
106 + (mml-quote-region (point) (point-max))
\r
107 (setq body (buffer-substring (point) (point-max))))
\r
108 ;; If sender is non-nil, set the From: header to its value.
\r
110 @@ -116,12 +119,7 @@ list."
\r
112 (set-buffer-modified-p nil)
\r
114 - (message-goto-body)
\r
115 - ;; Original message may contain (malicious) MML tags. We must
\r
116 - ;; properly quote them in the reply. Note that using `point-max'
\r
117 - ;; instead of `mark' here is wrong. The buffer may include user's
\r
118 - ;; signature which should not be MML-quoted.
\r
119 - (mml-quote-region (point) (mark)))
\r
120 + (message-goto-body))
\r
122 (defun notmuch-mua-forward-message ()
\r