Return-Path: X-Original-To: notmuch@notmuchmail.org Delivered-To: notmuch@notmuchmail.org Received: from localhost (localhost [127.0.0.1]) by olra.theworths.org (Postfix) with ESMTP id 023B4431FAF for ; Sat, 3 Mar 2012 14:04:24 -0800 (PST) X-Virus-Scanned: Debian amavisd-new at olra.theworths.org X-Spam-Flag: NO X-Spam-Score: -5 X-Spam-Level: X-Spam-Status: No, score=-5 tagged_above=-999 required=5 tests=[RCVD_IN_DNSWL_HI=-5] autolearn=disabled Received: from olra.theworths.org ([127.0.0.1]) by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XsH9TmQCrV49 for ; Sat, 3 Mar 2012 14:04:24 -0800 (PST) Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by olra.theworths.org (Postfix) with ESMTP id 527AC431FAE for ; Sat, 3 Mar 2012 14:04:24 -0800 (PST) Received: from int-mx09.intmail.prod.int.phx2.redhat.com (int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id q23M4NF1018015 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Sat, 3 Mar 2012 17:04:23 -0500 Received: from localhost.localdomain (ovpn-113-28.phx2.redhat.com [10.3.113.28]) by int-mx09.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id q23M4MVC007561 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Sat, 3 Mar 2012 17:04:23 -0500 From: Tim Bielawa To: notmuch@notmuchmail.org Subject: [PATCH] Fix mml-quoting in responses where pgp-signing is enabled Date: Sat, 3 Mar 2012 17:04:22 -0500 Message-Id: <1330812262-28272-1-git-send-email-tbielawa@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.22 X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 03 Mar 2012 22:04:25 -0000 The addition of mml-quote-region (notmuch-mua.el) in 2c6710e3 breaks automatic signing in replies. When replies are mml-quoted and signing is enabled by default the "<#part sign=pgpmime>" string will appear on line 1. This will be consumed during the application of the mml-quote-region function and transform into the inert string "<#!part sign=pgpmime>". The result is that responses will no longer be signed by default. This fix moves the point forward one line before applying the quoting function. Consideration: Clients not signing mail by default. The first line of their responses would be skipped when the quoting function is applied. This string takes this general form: On Sat, 03 Mar 2012 12:55:14 -0800, notmuch-request@notmuchmail.org wrote: Because the string is generated by notmuch I don't believe this fix introduces the possibility for malicious mml commands being omitted from the quoting. --- emacs/notmuch-mua.el | 15 +++++++++++++-- 1 files changed, 13 insertions(+), 2 deletions(-) diff --git a/emacs/notmuch-mua.el b/emacs/notmuch-mua.el index 4be7c13..d8ab2c0 100644 --- a/emacs/notmuch-mua.el +++ b/emacs/notmuch-mua.el @@ -114,14 +114,25 @@ list." (goto-char (point-max))) (insert body) (push-mark)) - (set-buffer-modified-p nil) (message-goto-body) ;; Original message may contain (malicious) MML tags. We must ;; properly quote them in the reply. Note that using `point-max' ;; instead of `mark' here is wrong. The buffer may include user's ;; signature which should not be MML-quoted. - (mml-quote-region (point) (mark))) + ;; + ;; Note also that we skip the first line of the response as it is + ;; either: the "<#part sign=pgpmime>" string when clients use + ;; automatic signing, or it is the generated string from notmuch + ;; indicating the date and author of the message which is being + ;; responded to, "on date x, y z -0000, foo@bar.com wrote:" + (forward-line 1) + (mml-quote-region (point) (mark)) + + ;; Quoting the message may modify the contents of the buffer, + ;; however, we shouldn't consider mml-quoting a modification because + ;; it's preformed by the mua, not the user. + (set-buffer-modified-p nil)) (defun notmuch-mua-forward-message () (message-forward) -- 1.7.4.4