[gentoo-commits] gentoo-x86 commit in net-mail/notmuch/files: 0.10.2-emacsui-mml-tags-quoting-fix.patch 0.10.2-emacsui-mml-tags-quoting-test.patch 0.10.2-lib-call-g_mime_init-db-open.patch - gentoo-commits

From:	"Amadeusz Zolnowski (aidecoe)" <aidecoe@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo-x86 commit in net-mail/notmuch/files: 0.10.2-emacsui-mml-tags-quoting-fix.patch 0.10.2-emacsui-mml-tags-quoting-test.patch 0.10.2-lib-call-g_mime_init-db-open.patch
Date:	Wed, 29 Feb 2012 07:41:35
Message-Id:	`20120229074124.180002004C@flycatcher.gentoo.org`

1

aidecoe     12/02/29 07:41:24

2

3

  Added:                0.10.2-emacsui-mml-tags-quoting-fix.patch

4

                        0.10.2-emacsui-mml-tags-quoting-test.patch

5

                        0.10.2-lib-call-g_mime_init-db-open.patch

6

  Log:

7

  net-mail/notmuch-0.10.2: Fixes bug #406175 and bug #406177.

8

9

  Fixes bug #406175 (security fix for Emacs UI) and bug #406177 (Python bindings

10

  tests used to fail). I have backported patches from 0.11.1 and 0.11 releases.

11

12

  (Portage version: 2.1.10.48/cvs/Linux x86_64)

13

14

Revision  Changes    Path

15

1.1                  net-mail/notmuch/files/0.10.2-emacsui-mml-tags-quoting-fix.patch

16

17

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-mail/notmuch/files/0.10.2-emacsui-mml-tags-quoting-fix.patch?rev=1.1&view=markup

18

plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-mail/notmuch/files/0.10.2-emacsui-mml-tags-quoting-fix.patch?rev=1.1&content-type=text/plain

19

20

Index: 0.10.2-emacsui-mml-tags-quoting-fix.patch

21

===================================================================

22

From 52a5f9e1756a5f69570bf694fe3e384cbef84eb9 Mon Sep 17 00:00:00 2001

23

From: Aaron Ecay <aaronecay@×××××.com>

24

Date: Fri, 3 Feb 2012 11:24:08 +0100

25

Subject: [PATCH 2/4] emacs: quote MML tags in replies

26

MIME-Version: 1.0

27

Content-Type: text/plain; charset=UTF-8

28

Content-Transfer-Encoding: 8bit

29

30

Emacs message-mode uses certain text strings to indicate how to attach

31

files to outgoing mail.  If these are present in the text of an email,

32

and a user is tricked into replying to the message, the user’s files

33

could be exposed.

34

35

Edited-by: Pieter Praet <pieter@×××××.org>:  Rebased to release branch.

36

37

Conflicts:

38

39

	NEWS

40

---

41

 emacs/notmuch-mua.el |    7 ++++++-

42

 test/emacs           |    1 -

43

 2 files changed, 6 insertions(+), 2 deletions(-)

44

45

diff --git a/emacs/notmuch-mua.el b/emacs/notmuch-mua.el

46

index 8824b08..a123c71 100644

47

--- a/emacs/notmuch-mua.el

48

+++ b/emacs/notmuch-mua.el

49

@@ -109,7 +109,12 @@ list."

50

     (insert body))

51

   (set-buffer-modified-p nil)

52

53

-  (message-goto-body))

54

+  (message-goto-body)

55

+  ;; Original message may contain (malicious) MML tags.  We must

56

+  ;; properly quote them in the reply.  Note that using `point-max'

57

+  ;; instead of `mark' here is wrong.  The buffer may include user's

58

+  ;; signature which should not be MML-quoted.

59

+  (mml-quote-region (point) (point-max)))

60

61

 (defun notmuch-mua-forward-message ()

62

   (message-forward)

63

diff --git a/test/emacs b/test/emacs

64

index a8f4be4..ad8941c 100755

65

--- a/test/emacs

66

+++ b/test/emacs

67

@@ -253,7 +253,6 @@ EOF

68

 test_expect_equal_file OUTPUT EXPECTED

69

70

 test_begin_subtest "Quote MML tags in reply"

71

-test_subtest_known_broken

72

 message_id='test-emacs-mml-quoting@×××××××.id'

73

 add_message [id]="$message_id" \

74

 	    "[subject]='$test_subtest_name'" \

75

--

76

1.7.8.4

1.1                  net-mail/notmuch/files/0.10.2-emacsui-mml-tags-quoting-test.patch

82

83

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-mail/notmuch/files/0.10.2-emacsui-mml-tags-quoting-test.patch?rev=1.1&view=markup

84

plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-mail/notmuch/files/0.10.2-emacsui-mml-tags-quoting-test.patch?rev=1.1&content-type=text/plain

85

86

Index: 0.10.2-emacsui-mml-tags-quoting-test.patch

87

===================================================================

88

From 1c34ca30118ee8c7fb08228bfb211ff1a7f4f260 Mon Sep 17 00:00:00 2001

89

From: Aaron Ecay <aaronecay@×××××.com>

90

Date: Fri, 3 Feb 2012 11:24:07 +0100

91

Subject: [PATCH 1/4] test: add tests for quoting of MML tags in replies

92

93

The test is broken at this time; the next commit will introduce a fix.

94

95

Edited-by: Pieter Praet <pieter@×××××.org>:

96

  Rebased to release branch, moved expected output into the actual test,

97

  and fixed "Fcc:" line.

98

---

99

 test/emacs |   21 +++++++++++++++++++++

100

 1 files changed, 21 insertions(+), 0 deletions(-)

101

102

diff --git a/test/emacs b/test/emacs

103

index 75a0a74..a8f4be4 100755

104

--- a/test/emacs

105

+++ b/test/emacs

106

@@ -252,6 +252,27 @@ On 01 Jan 2000 12:00:00 -0000, Notmuch Test Suite <test_suite@×××××××××××.org> w

107

EOF

108

 test_expect_equal_file OUTPUT EXPECTED

109

110

+test_begin_subtest "Quote MML tags in reply"

111

+test_subtest_known_broken

112

+message_id='test-emacs-mml-quoting@×××××××.id'

113

+add_message [id]="$message_id" \

114

+	    "[subject]='$test_subtest_name'" \

115

+	    '[body]="<#part disposition=inline>"'

116

+test_emacs "(notmuch-show \"id:$message_id\")

117

+	      (notmuch-show-reply)

118

+	      (test-output)"

119

+cat <<EOF >EXPECTED

120

+From: Notmuch Test Suite <test_suite@×××××××××××.org>

121

+To: 

122

+Subject: Re: Quote MML tags in reply

123

+In-Reply-To: <test-emacs-mml-quoting@×××××××.id>

124

+Fcc: ${MAIL_DIR}/sent

125

+--text follows this line--

126

+On Tue, 05 Jan 2001 15:43:57 -0000, Notmuch Test Suite <test_suite@×××××××××××.org> wrote:

127

+> <#!part disposition=inline>

128

+EOF

129

+test_expect_equal_file OUTPUT EXPECTED

130

+

131

 test_begin_subtest "Save attachment from within emacs using notmuch-show-save-attachments"

132

 # save as archive to test that Emacs does not re-compress .gz

133

 test_emacs '(let ((standard-input "\"attachment1.gz\""))

134

--

135

1.7.8.4

1.1                  net-mail/notmuch/files/0.10.2-lib-call-g_mime_init-db-open.patch

141

142

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-mail/notmuch/files/0.10.2-lib-call-g_mime_init-db-open.patch?rev=1.1&view=markup

143

plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-mail/notmuch/files/0.10.2-lib-call-g_mime_init-db-open.patch?rev=1.1&content-type=text/plain

144

145

Index: 0.10.2-lib-call-g_mime_init-db-open.patch

146

===================================================================

147

From 5f4dad1b12e224f06576e5ed9e71b3f9f16a13f1 Mon Sep 17 00:00:00 2001

148

From: Kazuo Teramoto <kaz.rag@×××××.com>

149

Date: Sat, 31 Dec 2011 02:37:41 -0200

150

Subject: [PATCH 3/3] lib: call g_mime_init() from notmuch_database_open()

151

152

As reported in

153

id:"CAEbOPGyuHnz4BPtDutnTPUHcP3eYcRCRkXhYoJR43RUMw671+g@××××××××××.com"

154

sometimes gmime tries to access a NULL pointer, e.g. g_mime_iconv_open()

155

tries to access iconv_cache that is NULL if g_mime_init() is not called.

156

This causes notmuch to segfault when calling gmime functions.

157

158

Calling g_mime_init() initializes iconv_cache and others variables needed

159

by gmime, making sure they are initialized when notmuch calls gmime

160

functions.

161

---

162

 lib/database.cc |    9 +++++++++

163

 1 files changed, 9 insertions(+), 0 deletions(-)

164

165

diff --git a/lib/database.cc b/lib/database.cc

166

index 98f101e..df6c8d0 100644

167

--- a/lib/database.cc

168

+++ b/lib/database.cc

169

@@ -28,6 +28,8 @@

170

 #include <glib.h> /* g_free, GPtrArray, GHashTable */

171

 #include <glib-object.h> /* g_type_init */

172

173

+#include <gmime/gmime.h> /* g_mime_init */

174

+

175

 using namespace std;

176

177

 #define ARRAY_SIZE(arr) (sizeof (arr) / sizeof (arr[0]))

178

@@ -581,6 +583,7 @@ notmuch_database_open (const char *path,

179

     struct stat st;

180

     int err;

181

     unsigned int i, version;

182

+    static int initialized = 0;

183

184

     if (asprintf (&notmuch_path, "%s/%s", path, ".notmuch") == -1) {

185

 	notmuch_path = NULL;

186

@@ -604,6 +607,12 @@ notmuch_database_open (const char *path,

187

     /* Initialize the GLib type system and threads */

188

     g_type_init ();

189

190

+    /* Initialize gmime */

191

+    if (! initialized) {

192

+	g_mime_init (0);

193

+	initialized = 1;

194

+    }

195

+

196

     notmuch = talloc (NULL, notmuch_database_t);

197

     notmuch->exception_reported = FALSE;

198

     notmuch->path = talloc_strdup (notmuch, path);

199

--

200

1.7.8.4

1	aidecoe 12/02/29 07:41:24
2
3	Added: 0.10.2-emacsui-mml-tags-quoting-fix.patch
4	0.10.2-emacsui-mml-tags-quoting-test.patch
5	0.10.2-lib-call-g_mime_init-db-open.patch
6	Log:
7	net-mail/notmuch-0.10.2: Fixes bug #406175 and bug #406177.
8
9	Fixes bug #406175 (security fix for Emacs UI) and bug #406177 (Python bindings
10	tests used to fail). I have backported patches from 0.11.1 and 0.11 releases.
11
12	(Portage version: 2.1.10.48/cvs/Linux x86_64)
13
14	Revision Changes Path
15	1.1 net-mail/notmuch/files/0.10.2-emacsui-mml-tags-quoting-fix.patch
16
17	file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-mail/notmuch/files/0.10.2-emacsui-mml-tags-quoting-fix.patch?rev=1.1&view=markup
18	plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-mail/notmuch/files/0.10.2-emacsui-mml-tags-quoting-fix.patch?rev=1.1&content-type=text/plain
19
20	Index: 0.10.2-emacsui-mml-tags-quoting-fix.patch
21	===================================================================
22	From 52a5f9e1756a5f69570bf694fe3e384cbef84eb9 Mon Sep 17 00:00:00 2001
23	From: Aaron Ecay <aaronecay@×××××.com>
24	Date: Fri, 3 Feb 2012 11:24:08 +0100
25	Subject: [PATCH 2/4] emacs: quote MML tags in replies
26	MIME-Version: 1.0
27	Content-Type: text/plain; charset=UTF-8
28	Content-Transfer-Encoding: 8bit
29
30	Emacs message-mode uses certain text strings to indicate how to attach
31	files to outgoing mail. If these are present in the text of an email,
32	and a user is tricked into replying to the message, the user’s files
33	could be exposed.
34
35	Edited-by: Pieter Praet <pieter@×××××.org>: Rebased to release branch.
36
37	Conflicts:
38
39	NEWS
40	---
41	emacs/notmuch-mua.el \| 7 ++++++-
42	test/emacs \| 1 -
43	2 files changed, 6 insertions(+), 2 deletions(-)
44
45	diff --git a/emacs/notmuch-mua.el b/emacs/notmuch-mua.el
46	index 8824b08..a123c71 100644
47	--- a/emacs/notmuch-mua.el
48	+++ b/emacs/notmuch-mua.el
49	@@ -109,7 +109,12 @@ list."
50	(insert body))
51	(set-buffer-modified-p nil)
52
53	- (message-goto-body))
54	+ (message-goto-body)
55	+ ;; Original message may contain (malicious) MML tags. We must
56	+ ;; properly quote them in the reply. Note that using `point-max'
57	+ ;; instead of `mark' here is wrong. The buffer may include user's
58	+ ;; signature which should not be MML-quoted.
59	+ (mml-quote-region (point) (point-max)))
60
61	(defun notmuch-mua-forward-message ()
62	(message-forward)
63	diff --git a/test/emacs b/test/emacs
64	index a8f4be4..ad8941c 100755
65	--- a/test/emacs
66	+++ b/test/emacs
67	@@ -253,7 +253,6 @@ EOF
68	test_expect_equal_file OUTPUT EXPECTED
69
70	test_begin_subtest "Quote MML tags in reply"
71	-test_subtest_known_broken
72	message_id='test-emacs-mml-quoting@×××××××.id'
73	add_message [id]="$message_id" \
74	"[subject]='$test_subtest_name'" \
75	--
76	1.7.8.4
77
78
79
80
81	1.1 net-mail/notmuch/files/0.10.2-emacsui-mml-tags-quoting-test.patch
82
83	file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-mail/notmuch/files/0.10.2-emacsui-mml-tags-quoting-test.patch?rev=1.1&view=markup
84	plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-mail/notmuch/files/0.10.2-emacsui-mml-tags-quoting-test.patch?rev=1.1&content-type=text/plain
85
86	Index: 0.10.2-emacsui-mml-tags-quoting-test.patch
87	===================================================================
88	From 1c34ca30118ee8c7fb08228bfb211ff1a7f4f260 Mon Sep 17 00:00:00 2001
89	From: Aaron Ecay <aaronecay@×××××.com>
90	Date: Fri, 3 Feb 2012 11:24:07 +0100
91	Subject: [PATCH 1/4] test: add tests for quoting of MML tags in replies
92
93	The test is broken at this time; the next commit will introduce a fix.
94
95	Edited-by: Pieter Praet <pieter@×××××.org>:
96	Rebased to release branch, moved expected output into the actual test,
97	and fixed "Fcc:" line.
98	---
99	test/emacs \| 21 +++++++++++++++++++++
100	1 files changed, 21 insertions(+), 0 deletions(-)
101
102	diff --git a/test/emacs b/test/emacs
103	index 75a0a74..a8f4be4 100755
104	--- a/test/emacs
105	+++ b/test/emacs
106	@@ -252,6 +252,27 @@ On 01 Jan 2000 12:00:00 -0000, Notmuch Test Suite <test_suite@×××××××××××.org> w
107	EOF
108	test_expect_equal_file OUTPUT EXPECTED
109
110	+test_begin_subtest "Quote MML tags in reply"
111	+test_subtest_known_broken
112	+message_id='test-emacs-mml-quoting@×××××××.id'
113	+add_message [id]="$message_id" \
114	+ "[subject]='$test_subtest_name'" \
115	+ '[body]="<#part disposition=inline>"'
116	+test_emacs "(notmuch-show \"id:$message_id\")
117	+ (notmuch-show-reply)
118	+ (test-output)"
119	+cat <<EOF >EXPECTED
120	+From: Notmuch Test Suite <test_suite@×××××××××××.org>
121	+To:
122	+Subject: Re: Quote MML tags in reply
123	+In-Reply-To: <test-emacs-mml-quoting@×××××××.id>
124	+Fcc: ${MAIL_DIR}/sent
125	+--text follows this line--
126	+On Tue, 05 Jan 2001 15:43:57 -0000, Notmuch Test Suite <test_suite@×××××××××××.org> wrote:
127	+> <#!part disposition=inline>
128	+EOF
129	+test_expect_equal_file OUTPUT EXPECTED
130	+
131	test_begin_subtest "Save attachment from within emacs using notmuch-show-save-attachments"
132	# save as archive to test that Emacs does not re-compress .gz
133	test_emacs '(let ((standard-input "\"attachment1.gz\""))
134	--
135	1.7.8.4
136
137
138
139
140	1.1 net-mail/notmuch/files/0.10.2-lib-call-g_mime_init-db-open.patch
141
142	file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-mail/notmuch/files/0.10.2-lib-call-g_mime_init-db-open.patch?rev=1.1&view=markup
143	plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-mail/notmuch/files/0.10.2-lib-call-g_mime_init-db-open.patch?rev=1.1&content-type=text/plain
144
145	Index: 0.10.2-lib-call-g_mime_init-db-open.patch
146	===================================================================
147	From 5f4dad1b12e224f06576e5ed9e71b3f9f16a13f1 Mon Sep 17 00:00:00 2001
148	From: Kazuo Teramoto <kaz.rag@×××××.com>
149	Date: Sat, 31 Dec 2011 02:37:41 -0200
150	Subject: [PATCH 3/3] lib: call g_mime_init() from notmuch_database_open()
151
152	As reported in
153	id:"CAEbOPGyuHnz4BPtDutnTPUHcP3eYcRCRkXhYoJR43RUMw671+g@××××××××××.com"
154	sometimes gmime tries to access a NULL pointer, e.g. g_mime_iconv_open()
155	tries to access iconv_cache that is NULL if g_mime_init() is not called.
156	This causes notmuch to segfault when calling gmime functions.
157
158	Calling g_mime_init() initializes iconv_cache and others variables needed
159	by gmime, making sure they are initialized when notmuch calls gmime
160	functions.
161	---
162	lib/database.cc \| 9 +++++++++
163	1 files changed, 9 insertions(+), 0 deletions(-)
164
165	diff --git a/lib/database.cc b/lib/database.cc
166	index 98f101e..df6c8d0 100644
167	--- a/lib/database.cc
168	+++ b/lib/database.cc
169	@@ -28,6 +28,8 @@
170	#include <glib.h> /* g_free, GPtrArray, GHashTable */
171	#include <glib-object.h> /* g_type_init */
172
173	+#include <gmime/gmime.h> /* g_mime_init */
174	+
175	using namespace std;
176
177	#define ARRAY_SIZE(arr) (sizeof (arr) / sizeof (arr[0]))
178	@@ -581,6 +583,7 @@ notmuch_database_open (const char *path,
179	struct stat st;
180	int err;
181	unsigned int i, version;
182	+ static int initialized = 0;
183
184	if (asprintf (&notmuch_path, "%s/%s", path, ".notmuch") == -1) {
185	notmuch_path = NULL;
186	@@ -604,6 +607,12 @@ notmuch_database_open (const char *path,
187	/* Initialize the GLib type system and threads */
188	g_type_init ();
189
190	+ /* Initialize gmime */
191	+ if (! initialized) {
192	+ g_mime_init (0);
193	+ initialized = 1;
194	+ }
195	+
196	notmuch = talloc (NULL, notmuch_database_t);
197	notmuch->exception_reported = FALSE;
198	notmuch->path = talloc_strdup (notmuch, path);
199	--
200	1.7.8.4

Gentoo Archives: gentoo-commits