Return-Path: <aaronecay@gmail.com>
X-Original-To: notmuch@notmuchmail.org
Delivered-To: notmuch@notmuchmail.org
Received: from localhost (localhost [127.0.0.1])
	by olra.theworths.org (Postfix) with ESMTP id 8FA5E429E36
	for <notmuch@notmuchmail.org>; Sat, 28 Jan 2012 22:07:34 -0800 (PST)
X-Virus-Scanned: Debian amavisd-new at olra.theworths.org
X-Spam-Flag: NO
X-Spam-Score: -0.799
X-Spam-Level: 
X-Spam-Status: No, score=-0.799 tagged_above=-999 required=5
	tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
	FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=disabled
Received: from olra.theworths.org ([127.0.0.1])
	by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id XMrl3J+hTthN for <notmuch@notmuchmail.org>;
	Sat, 28 Jan 2012 22:07:33 -0800 (PST)
Received: from mail-qw0-f46.google.com (mail-qw0-f46.google.com
	[209.85.216.46]) (using TLSv1 with cipher RC4-SHA (128/128 bits))
	(No client certificate requested)
	by olra.theworths.org (Postfix) with ESMTPS id 9C34F429E31
	for <notmuch@notmuchmail.org>; Sat, 28 Jan 2012 22:07:33 -0800 (PST)
Received: by qadc10 with SMTP id c10so1950750qad.5
	for <notmuch@notmuchmail.org>; Sat, 28 Jan 2012 22:07:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=from:to:subject:date:message-id:x-mailer:in-reply-to:references
	:mime-version:content-type:content-transfer-encoding;
	bh=1LHl+nDk6Tk9/5HYWAaNSUExatoSMxytak5m0/ZG2mw=;
	b=bhgX0fdu4jjHSn7gSFiJ738y0kYF0xQp2uGKHoM+5VuGDli6vHHZKhEU1FNEatjiqT
	X0hUfKz8sLuNLSbpADUEuVTJs7uzbYHZNfqM8foMypE48KekuNSYeTUHt8dseahteZgT
	eRn1dTh08LL5zxdh5dO8inrXfJTrZUqEyud/Y=
Received: by 10.224.10.19 with SMTP id n19mr15517854qan.68.1327817252835;
	Sat, 28 Jan 2012 22:07:32 -0800 (PST)
Received: from localhost.localdomain (c-68-80-94-73.hsd1.pa.comcast.net.
	[68.80.94.73])
	by mx.google.com with ESMTPS id dm7sm26381298qab.5.2012.01.28.22.07.31
	(version=TLSv1/SSLv3 cipher=OTHER);
	Sat, 28 Jan 2012 22:07:32 -0800 (PST)
From: Aaron Ecay <aaronecay@gmail.com>
To: notmuch@notmuchmail.org
Subject: [PATCH 2/2] emacs: Quote MML tags in replies
Date: Sun, 29 Jan 2012 01:07:08 -0500
Message-Id: <1327817229-18124-2-git-send-email-aaronecay@gmail.com>
X-Mailer: git-send-email 1.7.9
In-Reply-To: <1327817229-18124-1-git-send-email-aaronecay@gmail.com>
References: <20120126191654.GF1940@mit.edu>
	<1327817229-18124-1-git-send-email-aaronecay@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: notmuch@notmuchmail.org
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: "Use and development of the notmuch mail system."
	<notmuch.notmuchmail.org>
List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,
	<mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>
List-Archive: <http://notmuchmail.org/pipermail/notmuch>
List-Post: <mailto:notmuch@notmuchmail.org>
List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>
List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,
	<mailto:notmuch-request@notmuchmail.org?subject=subscribe>
X-List-Received-Date: Sun, 29 Jan 2012 06:07:34 -0000

Emacs message-mode uses certain text strings to indicate how to attach
files to outgoing mail.  If these are present in the text of an email,
and a user is tricked into replying to the message, the user’s files
could be exposed.
---
 NEWS                 |   18 ++++++++++++++++++
 emacs/notmuch-mua.el |    3 ++-
 test/emacs           |    1 -
 3 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/NEWS b/NEWS
index 2acdce5..c8b90c7 100644
--- a/NEWS
+++ b/NEWS
@@ -56,6 +56,24 @@ Compatibility with GMime 2.6
   However, a bug in current GMime 2.6 causes notmuch not to report
   signatures where the signer key is unavailable (GNOME bug 668085).
 
+Notmuch 0.11.1 (2012-xx-xx)
+===========================
+
+Emacs Interface
+---------------
+
+Quote MML tags in replies
+
+  MML tags are text codes that Emacs uses to indicate attachments
+  (among other things) in messages being composed.  The Emacs
+  interface did not quote MML tags in the quoted text of a reply.  If
+  a user could be tricked into replying to a maliciously formatted
+  message and not editing out the MML tags from the quoted text, this
+  could lead to files from the user's machine being attached to the
+  outgoing message.  The Emacs interface now quotes these tags in
+  reply text, so that they cannot have an effect on the outgoing
+  message.
+
 Notmuch 0.11 (2012-01-13)
 =========================
 
diff --git a/emacs/notmuch-mua.el b/emacs/notmuch-mua.el
index 023645e..32c376d 100644
--- a/emacs/notmuch-mua.el
+++ b/emacs/notmuch-mua.el
@@ -116,7 +116,8 @@ list."
     (push-mark))
   (set-buffer-modified-p nil)
 
-  (message-goto-body))
+  (message-goto-body)
+  (mml-quote-region (point) (mark)))
 
 (defun notmuch-mua-forward-message ()
   (message-forward)
diff --git a/test/emacs b/test/emacs
index a57513a..affcca4 100755
--- a/test/emacs
+++ b/test/emacs
@@ -274,7 +274,6 @@ EOF
 test_expect_equal_file OUTPUT EXPECTED
 
 test_begin_subtest "Quote MML tags on reply"
-test_subtest_known_broken
 add_message '[from]="1337 h4xor <test@test.com>"' \
             '[to]="Unsuspecting rube <luser@securityhole.com>"' \
             '[subject]="hackety hack hack"' \
-- 
1.7.9