[gentoo-commits] gentoo-x86 commit in net-mail/notmuch/files: 0.10.2-emacsui-mml-tags-quoting-fix.patch 0.10.2-emacsui-mml-tags-quoting-test.patch 0.10.2-lib-call-g_mime_init-db-open.patch

[gentoo-commits] gentoo-x86 commit in net-mail/notmuch/files: 0.10.2-emacsui-mml-tags-quoting-fix.patch 0.10.2-emacsui-mml-tags-quoting-test.patch 0.10.2-lib-call-g_mime_init-db-open.patch

[Amadeusz Zolnowski (aidecoe)]

aidecoe     12/02/29 07:41:24

  Added:                0.10.2-emacsui-mml-tags-quoting-fix.patch
                        0.10.2-emacsui-mml-tags-quoting-test.patch
                        0.10.2-lib-call-g_mime_init-db-open.patch
  Log:
  net-mail/notmuch-0.10.2: Fixes bug #406175 and bug #406177.
  
  Fixes bug #406175 (security fix for Emacs UI) and bug #406177 (Python bindings
  tests used to fail). I have backported patches from 0.11.1 and 0.11 releases.
  
  (Portage version: 2.1.10.48/cvs/Linux x86_64)

Revision  Changes    Path
1.1                  net-mail/notmuch/files/0.10.2-emacsui-mml-tags-quoting-fix.patch

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-mail/notmuch/files/0.10.2-emacsui-mml-tags-quoting-fix.patch?rev=1.1&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-mail/notmuch/files/0.10.2-emacsui-mml-tags-quoting-fix.patch?rev=1.1&content-type=text/plain

Index: 0.10.2-emacsui-mml-tags-quoting-fix.patch
===================================================================
From 52a5f9e1756a5f69570bf694fe3e384cbef84eb9 Mon Sep 17 00:00:00 2001
From: Aaron Ecay <aaronecay@gmail.com>
Date: Fri, 3 Feb 2012 11:24:08 +0100
Subject: [PATCH 2/4] emacs: quote MML tags in replies
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Emacs message-mode uses certain text strings to indicate how to attach
files to outgoing mail.  If these are present in the text of an email,
and a user is tricked into replying to the message, the user’s files
could be exposed.

Edited-by: Pieter Praet <pieter@praet.org>:  Rebased to release branch.

Conflicts:

	NEWS
---
 emacs/notmuch-mua.el |    7 ++++++-
 test/emacs           |    1 -
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/emacs/notmuch-mua.el b/emacs/notmuch-mua.el
index 8824b08..a123c71 100644
--- a/emacs/notmuch-mua.el
+++ b/emacs/notmuch-mua.el
@@ -109,7 +109,12 @@ list."
     (insert body))
   (set-buffer-modified-p nil)
 
-  (message-goto-body))
+  (message-goto-body)
+  ;; Original message may contain (malicious) MML tags.  We must
+  ;; properly quote them in the reply.  Note that using `point-max'
+  ;; instead of `mark' here is wrong.  The buffer may include user's
+  ;; signature which should not be MML-quoted.
+  (mml-quote-region (point) (point-max)))
 
 (defun notmuch-mua-forward-message ()
   (message-forward)
diff --git a/test/emacs b/test/emacs
index a8f4be4..ad8941c 100755
--- a/test/emacs
+++ b/test/emacs
@@ -253,7 +253,6 @@ EOF
 test_expect_equal_file OUTPUT EXPECTED
 
 test_begin_subtest "Quote MML tags in reply"
-test_subtest_known_broken
 message_id='test-emacs-mml-quoting@message.id'
 add_message [id]="$message_id" \
 	    "[subject]='$test_subtest_name'" \
-- 
1.7.8.4




1.1                  net-mail/notmuch/files/0.10.2-emacsui-mml-tags-quoting-test.patch

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-mail/notmuch/files/0.10.2-emacsui-mml-tags-quoting-test.patch?rev=1.1&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-mail/notmuch/files/0.10.2-emacsui-mml-tags-quoting-test.patch?rev=1.1&content-type=text/plain

Index: 0.10.2-emacsui-mml-tags-quoting-test.patch
===================================================================
From 1c34ca30118ee8c7fb08228bfb211ff1a7f4f260 Mon Sep 17 00:00:00 2001
From: Aaron Ecay <aaronecay@gmail.com>
Date: Fri, 3 Feb 2012 11:24:07 +0100
Subject: [PATCH 1/4] test: add tests for quoting of MML tags in replies

The test is broken at this time; the next commit will introduce a fix.

Edited-by: Pieter Praet <pieter@praet.org>:
  Rebased to release branch, moved expected output into the actual test,
  and fixed "Fcc:" line.
---
 test/emacs |   21 +++++++++++++++++++++
 1 files changed, 21 insertions(+), 0 deletions(-)

diff --git a/test/emacs b/test/emacs
index 75a0a74..a8f4be4 100755
--- a/test/emacs
+++ b/test/emacs
@@ -252,6 +252,27 @@ On 01 Jan 2000 12:00:00 -0000, Notmuch Test Suite <test_suite@notmuchmail.org> w
 EOF
 test_expect_equal_file OUTPUT EXPECTED
 
+test_begin_subtest "Quote MML tags in reply"
+test_subtest_known_broken
+message_id='test-emacs-mml-quoting@message.id'
+add_message [id]="$message_id" \
+	    "[subject]='$test_subtest_name'" \
+	    '[body]="<#part disposition=inline>"'
+test_emacs "(notmuch-show \"id:$message_id\")
+	      (notmuch-show-reply)
+	      (test-output)"
+cat <<EOF >EXPECTED
+From: Notmuch Test Suite <test_suite@notmuchmail.org>
+To: 
+Subject: Re: Quote MML tags in reply
+In-Reply-To: <test-emacs-mml-quoting@message.id>
+Fcc: ${MAIL_DIR}/sent
+--text follows this line--
+On Tue, 05 Jan 2001 15:43:57 -0000, Notmuch Test Suite <test_suite@notmuchmail.org> wrote:
+> <#!part disposition=inline>
+EOF
+test_expect_equal_file OUTPUT EXPECTED
+
 test_begin_subtest "Save attachment from within emacs using notmuch-show-save-attachments"
 # save as archive to test that Emacs does not re-compress .gz
 test_emacs '(let ((standard-input "\"attachment1.gz\""))
-- 
1.7.8.4




1.1                  net-mail/notmuch/files/0.10.2-lib-call-g_mime_init-db-open.patch

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-mail/notmuch/files/0.10.2-lib-call-g_mime_init-db-open.patch?rev=1.1&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-mail/notmuch/files/0.10.2-lib-call-g_mime_init-db-open.patch?rev=1.1&content-type=text/plain

Index: 0.10.2-lib-call-g_mime_init-db-open.patch
===================================================================
From 5f4dad1b12e224f06576e5ed9e71b3f9f16a13f1 Mon Sep 17 00:00:00 2001
From: Kazuo Teramoto <kaz.rag@gmail.com>
Date: Sat, 31 Dec 2011 02:37:41 -0200
Subject: [PATCH 3/3] lib: call g_mime_init() from notmuch_database_open()

As reported in
id:"CAEbOPGyuHnz4BPtDutnTPUHcP3eYcRCRkXhYoJR43RUMw671+g@mail.gmail.com"
sometimes gmime tries to access a NULL pointer, e.g. g_mime_iconv_open()
tries to access iconv_cache that is NULL if g_mime_init() is not called.
This causes notmuch to segfault when calling gmime functions.

Calling g_mime_init() initializes iconv_cache and others variables needed
by gmime, making sure they are initialized when notmuch calls gmime
functions.
---
 lib/database.cc |    9 +++++++++
 1 files changed, 9 insertions(+), 0 deletions(-)

diff --git a/lib/database.cc b/lib/database.cc
index 98f101e..df6c8d0 100644
--- a/lib/database.cc
+++ b/lib/database.cc
@@ -28,6 +28,8 @@
 #include <glib.h> /* g_free, GPtrArray, GHashTable */
 #include <glib-object.h> /* g_type_init */
 
+#include <gmime/gmime.h> /* g_mime_init */
+
 using namespace std;
 
 #define ARRAY_SIZE(arr) (sizeof (arr) / sizeof (arr[0]))
@@ -581,6 +583,7 @@ notmuch_database_open (const char *path,
     struct stat st;
     int err;
     unsigned int i, version;
+    static int initialized = 0;
 
     if (asprintf (&notmuch_path, "%s/%s", path, ".notmuch") == -1) {
 	notmuch_path = NULL;
@@ -604,6 +607,12 @@ notmuch_database_open (const char *path,
     /* Initialize the GLib type system and threads */
     g_type_init ();
 
+    /* Initialize gmime */
+    if (! initialized) {
+	g_mime_init (0);
+	initialized = 1;
+    }
+
     notmuch = talloc (NULL, notmuch_database_t);
     notmuch->exception_reported = FALSE;
     notmuch->path = talloc_strdup (notmuch, path);
-- 
1.7.8.4