Re: [PATCH] emacs: wash: make word-wrap bound message width

[notmuch-archives.git] / 38 / e3168ef353107cfdacd37f1fdb9ec15c5b2a92

Return-Path: <aaronecay@gmail.com>\r
X-Original-To: notmuch@notmuchmail.org\r
Delivered-To: notmuch@notmuchmail.org\r
Received: from localhost (localhost [127.0.0.1])\r
        by olra.theworths.org (Postfix) with ESMTP id 8FA5E429E36\r
        for <notmuch@notmuchmail.org>; Sat, 28 Jan 2012 22:07:34 -0800 (PST)\r
X-Virus-Scanned: Debian amavisd-new at olra.theworths.org\r
X-Spam-Flag: NO\r
X-Spam-Score: -0.799\r
X-Spam-Level: \r
X-Spam-Status: No, score=-0.799 tagged_above=-999 required=5\r
        tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,\r
        FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=disabled\r
Received: from olra.theworths.org ([127.0.0.1])\r
        by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)\r
        with ESMTP id XMrl3J+hTthN for <notmuch@notmuchmail.org>;\r
        Sat, 28 Jan 2012 22:07:33 -0800 (PST)\r
Received: from mail-qw0-f46.google.com (mail-qw0-f46.google.com\r
        [209.85.216.46]) (using TLSv1 with cipher RC4-SHA (128/128 bits))\r
        (No client certificate requested)\r
        by olra.theworths.org (Postfix) with ESMTPS id 9C34F429E31\r
        for <notmuch@notmuchmail.org>; Sat, 28 Jan 2012 22:07:33 -0800 (PST)\r
Received: by qadc10 with SMTP id c10so1950750qad.5\r
        for <notmuch@notmuchmail.org>; Sat, 28 Jan 2012 22:07:32 -0800 (PST)\r
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;\r
        h=from:to:subject:date:message-id:x-mailer:in-reply-to:references\r
        :mime-version:content-type:content-transfer-encoding;\r
        bh=1LHl+nDk6Tk9/5HYWAaNSUExatoSMxytak5m0/ZG2mw=;\r
        b=bhgX0fdu4jjHSn7gSFiJ738y0kYF0xQp2uGKHoM+5VuGDli6vHHZKhEU1FNEatjiqT\r
        X0hUfKz8sLuNLSbpADUEuVTJs7uzbYHZNfqM8foMypE48KekuNSYeTUHt8dseahteZgT\r
        eRn1dTh08LL5zxdh5dO8inrXfJTrZUqEyud/Y=\r
Received: by 10.224.10.19 with SMTP id n19mr15517854qan.68.1327817252835;\r
        Sat, 28 Jan 2012 22:07:32 -0800 (PST)\r
Received: from localhost.localdomain (c-68-80-94-73.hsd1.pa.comcast.net.\r
        [68.80.94.73])\r
        by mx.google.com with ESMTPS id dm7sm26381298qab.5.2012.01.28.22.07.31\r
        (version=TLSv1/SSLv3 cipher=OTHER);\r
        Sat, 28 Jan 2012 22:07:32 -0800 (PST)\r
From: Aaron Ecay <aaronecay@gmail.com>\r
To: notmuch@notmuchmail.org\r
Subject: [PATCH 2/2] emacs: Quote MML tags in replies\r
Date: Sun, 29 Jan 2012 01:07:08 -0500\r
Message-Id: <1327817229-18124-2-git-send-email-aaronecay@gmail.com>\r
X-Mailer: git-send-email 1.7.9\r
In-Reply-To: <1327817229-18124-1-git-send-email-aaronecay@gmail.com>\r
References: <20120126191654.GF1940@mit.edu>\r
        <1327817229-18124-1-git-send-email-aaronecay@gmail.com>\r
MIME-Version: 1.0\r
Content-Type: text/plain; charset=UTF-8\r
Content-Transfer-Encoding: 8bit\r
X-BeenThere: notmuch@notmuchmail.org\r
X-Mailman-Version: 2.1.13\r
Precedence: list\r
List-Id: "Use and development of the notmuch mail system."\r
        <notmuch.notmuchmail.org>\r
List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,\r
        <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>\r
List-Archive: <http://notmuchmail.org/pipermail/notmuch>\r
List-Post: <mailto:notmuch@notmuchmail.org>\r
List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>\r
List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,\r
        <mailto:notmuch-request@notmuchmail.org?subject=subscribe>\r
X-List-Received-Date: Sun, 29 Jan 2012 06:07:34 -0000\r
\r
Emacs message-mode uses certain text strings to indicate how to attach\r
files to outgoing mail.  If these are present in the text of an email,\r
and a user is tricked into replying to the message, the user’s files\r
could be exposed.\r
---\r
 NEWS                 |   18 ++++++++++++++++++\r
 emacs/notmuch-mua.el |    3 ++-\r
 test/emacs           |    1 -\r
 3 files changed, 20 insertions(+), 2 deletions(-)\r
\r
diff --git a/NEWS b/NEWS\r
index 2acdce5..c8b90c7 100644\r
--- a/NEWS\r
+++ b/NEWS\r
@@ -56,6 +56,24 @@ Compatibility with GMime 2.6\r
   However, a bug in current GMime 2.6 causes notmuch not to report\r
   signatures where the signer key is unavailable (GNOME bug 668085).\r
 \r
+Notmuch 0.11.1 (2012-xx-xx)\r
+===========================\r
+\r
+Emacs Interface\r
+---------------\r
+\r
+Quote MML tags in replies\r
+\r
+  MML tags are text codes that Emacs uses to indicate attachments\r
+  (among other things) in messages being composed.  The Emacs\r
+  interface did not quote MML tags in the quoted text of a reply.  If\r
+  a user could be tricked into replying to a maliciously formatted\r
+  message and not editing out the MML tags from the quoted text, this\r
+  could lead to files from the user's machine being attached to the\r
+  outgoing message.  The Emacs interface now quotes these tags in\r
+  reply text, so that they cannot have an effect on the outgoing\r
+  message.\r
+\r
 Notmuch 0.11 (2012-01-13)\r
 =========================\r
 \r
diff --git a/emacs/notmuch-mua.el b/emacs/notmuch-mua.el\r
index 023645e..32c376d 100644\r
--- a/emacs/notmuch-mua.el\r
+++ b/emacs/notmuch-mua.el\r
@@ -116,7 +116,8 @@ list."\r
     (push-mark))\r
   (set-buffer-modified-p nil)\r
 \r
-  (message-goto-body))\r
+  (message-goto-body)\r
+  (mml-quote-region (point) (mark)))\r
 \r
 (defun notmuch-mua-forward-message ()\r
   (message-forward)\r
diff --git a/test/emacs b/test/emacs\r
index a57513a..affcca4 100755\r
--- a/test/emacs\r
+++ b/test/emacs\r
@@ -274,7 +274,6 @@ EOF\r
 test_expect_equal_file OUTPUT EXPECTED\r
 \r
 test_begin_subtest "Quote MML tags on reply"\r
-test_subtest_known_broken\r
 add_message '[from]="1337 h4xor <test@test.com>"' \\r
             '[to]="Unsuspecting rube <luser@securityhole.com>"' \\r
             '[subject]="hackety hack hack"' \\r
-- \r
1.7.9\r
\r