1 Return-Path: <jani@nikula.org>
\r
2 X-Original-To: notmuch@notmuchmail.org
\r
3 Delivered-To: notmuch@notmuchmail.org
\r
4 Received: from localhost (localhost [127.0.0.1])
\r
5 by olra.theworths.org (Postfix) with ESMTP id 37C43431FAF
\r
6 for <notmuch@notmuchmail.org>; Wed, 14 Mar 2012 23:33:29 -0700 (PDT)
\r
7 X-Virus-Scanned: Debian amavisd-new at olra.theworths.org
\r
11 X-Spam-Status: No, score=-0.699 tagged_above=-999 required=5
\r
12 tests=[HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=disabled
\r
13 Received: from olra.theworths.org ([127.0.0.1])
\r
14 by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)
\r
15 with ESMTP id lnl6v3IwCgsF for <notmuch@notmuchmail.org>;
\r
16 Wed, 14 Mar 2012 23:33:23 -0700 (PDT)
\r
17 Received: from mail-pz0-f46.google.com (mail-pz0-f46.google.com
\r
18 [209.85.210.46]) (using TLSv1 with cipher RC4-SHA (128/128 bits))
\r
19 (No client certificate requested)
\r
20 by olra.theworths.org (Postfix) with ESMTPS id DB239431FAE
\r
21 for <notmuch@notmuchmail.org>; Wed, 14 Mar 2012 23:33:22 -0700 (PDT)
\r
22 Received: by dajr28 with SMTP id r28so3974725daj.19
\r
23 for <notmuch@notmuchmail.org>; Wed, 14 Mar 2012 23:33:22 -0700 (PDT)
\r
24 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
\r
25 d=google.com; s=20120113;
\r
26 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
\r
27 :cc:content-type:x-gm-message-state;
\r
28 bh=nGmn7Y/yzsuBr57ku0+wEEAcwAbfNm5EHzhdB7bdU/s=;
\r
29 b=p5XenMw4/G3539hXH5MWNj2eFuOLpVMIGRNWQW7DSpCb1uA+CglBLc5A5i2rj/GkU2
\r
30 tKKXx7JT08Y1QI45BDazvinN/qpwjdFCKIVbU5ijnxK/hPGdHn4hOAEIJRGJsj33xOsB
\r
31 lXUlom6D6IrJVYSk57RLsTuc21wULzql9E7ga/nECF/LDJ0QwLp37rYV08TLxY+E0kgV
\r
32 SEbvK60TXk+rlYkvWYr2DeLEWD2/DE3KvS3CpIz26UINSmMAjAjyI1c/9jL8A7OftZva
\r
33 0cp/iahUhQvXJh9CcjmUrva/QRldQ78isRF0Mf39/e1j0idCwvoV6nqP+XZGCeFy+oQf
\r
36 Received: by 10.68.225.73 with SMTP id ri9mr2505847pbc.70.1331793201890; Wed,
\r
37 14 Mar 2012 23:33:21 -0700 (PDT)
\r
38 Received: by 10.68.136.227 with HTTP; Wed, 14 Mar 2012 23:33:21 -0700 (PDT)
\r
39 Received: by 10.68.136.227 with HTTP; Wed, 14 Mar 2012 23:33:21 -0700 (PDT)
\r
40 In-Reply-To: <87k42momyi.fsf@awakening.csail.mit.edu>
\r
41 References: <87fwdptbir.fsf@dehydrator.spatula.rdu.redhat.com>
\r
42 <1330849538-24558-1-git-send-email-jani@nikula.org>
\r
43 <87k42momyi.fsf@awakening.csail.mit.edu>
\r
44 Date: Thu, 15 Mar 2012 08:33:21 +0200
\r
46 <CAB+hUn8FJ-=CA1JZoYMzH0-E+S9Y75TPqgb1w6YKFuU6=S2Xqw@mail.gmail.com>
\r
47 Subject: Re: [PATCH] emacs: fix MML quoting in replies
\r
48 From: Jani Nikula <jani@nikula.org>
\r
49 To: Austin Clements <amdragon@mit.edu>
\r
50 Content-Type: multipart/alternative; boundary=e89a8ff2437db686d604bb424428
\r
52 ALoCoQkJgMZ7Uh1agFGN90xNIYEopUa+r4JUHtxGuOJPOGy5/LxgV5vO407G9OJ7mJwZZHqpRFaU
\r
53 Cc: notmuch@notmuchmail.org
\r
54 X-BeenThere: notmuch@notmuchmail.org
\r
55 X-Mailman-Version: 2.1.13
\r
57 List-Id: "Use and development of the notmuch mail system."
\r
58 <notmuch.notmuchmail.org>
\r
59 List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,
\r
60 <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>
\r
61 List-Archive: <http://notmuchmail.org/pipermail/notmuch>
\r
62 List-Post: <mailto:notmuch@notmuchmail.org>
\r
63 List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>
\r
64 List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,
\r
65 <mailto:notmuch-request@notmuchmail.org?subject=subscribe>
\r
66 X-List-Received-Date: Thu, 15 Mar 2012 06:33:29 -0000
\r
68 --e89a8ff2437db686d604bb424428
\r
69 Content-Type: text/plain; charset=UTF-8
\r
71 On Mar 15, 2012 12:08 AM, "Austin Clements" <amdragon@mit.edu> wrote:
\r
73 > On Sun, 4 Mar 2012 10:25:38 +0200, Jani Nikula <jani@nikula.org> wrote:
\r
74 > > The reply MML quoting added in commit ae438cc unintentionally MML
\r
75 > > quotes also the signature/encryption MML tags added via
\r
76 > > message-setup-hook, causing the reply not to be signed/encrypted.
\r
78 > > MML quote just the original message in the temp buffer before
\r
79 > > inserting it to the message buffer, to not interfere with message mode
\r
80 > > hooks or message construction in general.
\r
82 > > See [1] and [2] for bug reports.
\r
84 > > Thanks to Tim Bielawa <tbielawa@redhat.com> for testing.
\r
86 > > [1] id:"87hay78x6l.fsf@wyzanski.jamesvasile.com"
\r
87 > > [2] id:"1330812262-28272-1-git-send-email-tbielawa@redhat.com".
\r
89 > > Signed-off-by: Jani Nikula <jani@nikula.org>
\r
91 > > emacs/notmuch-mua.el | 10 ++++------
\r
92 > > 1 files changed, 4 insertions(+), 6 deletions(-)
\r
94 > > diff --git a/emacs/notmuch-mua.el b/emacs/notmuch-mua.el
\r
95 > > index 4be7c13..13244eb 100644
\r
96 > > --- a/emacs/notmuch-mua.el
\r
97 > > +++ b/emacs/notmuch-mua.el
\r
98 > > @@ -95,6 +95,9 @@ list."
\r
99 > > (goto-char (point-min))
\r
100 > > (setq headers (mail-header-extract)))))
\r
101 > > (forward-line 1)
\r
102 > > + ;; Original message may contain (malicious) MML tags. We must
\r
103 > > + ;; properly quote them in the reply.
\r
104 > > + (mml-quote-region (point) (point-max))
\r
106 > Under what circumstances can the (re-search-forward "^$" nil t) above
\r
107 > this code fail? If it does fail, is it possible for the (forward-line 1)
\r
108 > to move past an adversary-controlled line of text and fail to quote that
\r
111 It doesn't matter. The quoting is done between point and point-max, and the
\r
112 message body to cite is extracted right after quoting using: (setq body
\r
113 (buffer-substring (point) (point-max)))).
\r
118 --e89a8ff2437db686d604bb424428
\r
119 Content-Type: text/html; charset=UTF-8
\r
120 Content-Transfer-Encoding: quoted-printable
\r
123 On Mar 15, 2012 12:08 AM, "Austin Clements" <<a href=3D"mailto=
\r
124 :amdragon@mit.edu">amdragon@mit.edu</a>> wrote:<br>
\r
126 > On Sun, =C2=A04 Mar 2012 10:25:38 +0200, Jani Nikula <<a href=3D"ma=
\r
127 ilto:jani@nikula.org">jani@nikula.org</a>> wrote:<br>
\r
128 > > The reply MML quoting added in commit ae438cc unintentionally MML=
\r
130 > > quotes also the signature/encryption MML tags added via<br>
\r
131 > > message-setup-hook, causing the reply not to be signed/encrypted.=
\r
134 > > MML quote just the original message in the temp buffer before<br>
\r
135 > > inserting it to the message buffer, to not interfere with message=
\r
137 > > hooks or message construction in general.<br>
\r
139 > > See [1] and [2] for bug reports.<br>
\r
141 > > Thanks to Tim Bielawa <<a href=3D"mailto:tbielawa@redhat.com">=
\r
142 tbielawa@redhat.com</a>> for testing.<br>
\r
144 > > [1] id:"<a href=3D"mailto:87hay78x6l.fsf@wyzanski.jamesvasil=
\r
145 e.com">87hay78x6l.fsf@wyzanski.jamesvasile.com</a>"<br>
\r
146 > > [2] id:"<a href=3D"mailto:1330812262-28272-1-git-send-email-=
\r
147 tbielawa@redhat.com">1330812262-28272-1-git-send-email-tbielawa@redhat.com<=
\r
150 > > Signed-off-by: Jani Nikula <<a href=3D"mailto:jani@nikula.org"=
\r
151 >jani@nikula.org</a>><br>
\r
153 > > =C2=A0emacs/notmuch-mua.el | =C2=A0 10 ++++------<br>
\r
154 > > =C2=A01 files changed, 4 insertions(+), 6 deletions(-)<br>
\r
156 > > diff --git a/emacs/notmuch-mua.el b/emacs/notmuch-mua.el<br>
\r
157 > > index 4be7c13..13244eb 100644<br>
\r
158 > > --- a/emacs/notmuch-mua.el<br>
\r
159 > > +++ b/emacs/notmuch-mua.el<br>
\r
160 > > @@ -95,6 +95,9 @@ list."<br>
\r
161 > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 (goto-char (point-min))=
\r
163 > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 (setq headers (mail-hea=
\r
164 der-extract)))))<br>
\r
165 > > =C2=A0 =C2=A0 =C2=A0 =C2=A0(forward-line 1)<br>
\r
166 > > + =C2=A0 =C2=A0 =C2=A0;; Original message may contain (malicious)=
\r
167 MML tags. We must<br>
\r
168 > > + =C2=A0 =C2=A0 =C2=A0;; properly quote them in the reply.<br>
\r
169 > > + =C2=A0 =C2=A0 =C2=A0(mml-quote-region (point) (point-max))<br>
\r
171 > Under what circumstances can the (re-search-forward "^$" nil=
\r
173 > this code fail? =C2=A0If it does fail, is it possible for the (forward=
\r
175 > to move past an adversary-controlled line of text and fail to quote th=
\r
178 <p>It doesn't matter. The quoting is done between point and point-max, =
\r
179 and the message body to cite is extracted right after quoting using: (setq =
\r
180 body (buffer-substring (point) (point-max)))).</p>
\r
185 --e89a8ff2437db686d604bb424428--
\r