* [PATCH v3 1/2] test: add tests for quoting of MML tags in replies
2012-02-01 2:49 ` emacs: quote " Dmitry Kurochkin
@ 2012-02-01 2:49 ` Dmitry Kurochkin
2012-02-01 13:54 ` [PATCH v4 " Pieter Praet
2012-02-01 2:49 ` [PATCH v3 2/2] emacs: quote " Dmitry Kurochkin
` (2 subsequent siblings)
3 siblings, 1 reply; 40+ messages in thread
From: Dmitry Kurochkin @ 2012-02-01 2:49 UTC (permalink / raw)
To: notmuch
From: Aaron Ecay <aaronecay@gmail.com>
The test is broken at this time; the next commit will introduce a fix.
---
test/emacs | 12 ++++++++++++
test/emacs.expected-output/quote-mml-in-reply | 7 +++++++
2 files changed, 19 insertions(+), 0 deletions(-)
create mode 100644 test/emacs.expected-output/quote-mml-in-reply
diff --git a/test/emacs b/test/emacs
index 8ca4c8a..a3f4893 100755
--- a/test/emacs
+++ b/test/emacs
@@ -273,6 +273,18 @@ On 01 Jan 2000 12:00:00 -0000, Notmuch Test Suite <test_suite@notmuchmail.org> w
EOF
test_expect_equal_file OUTPUT EXPECTED
+test_begin_subtest "Quote MML tags in reply"
+test_subtest_known_broken
+message_id='test-emacs-mml-quoting@message.id'
+add_message [id]="$message_id" \
+ "[subject]='$test_subtest_name'" \
+ '[body]="<#part disposition=inline>"'
+test_emacs "(let ((notmuch-fcc-dirs nil))
+ (notmuch-show \"id:$message_id\")
+ (notmuch-show-reply)
+ (test-output))"
+test_expect_equal_file OUTPUT "$EXPECTED/quote-mml-in-reply"
+
test_begin_subtest "Save attachment from within emacs using notmuch-show-save-attachments"
# save as archive to test that Emacs does not re-compress .gz
test_emacs '(let ((standard-input "\"attachment1.gz\""))
diff --git a/test/emacs.expected-output/quote-mml-in-reply b/test/emacs.expected-output/quote-mml-in-reply
new file mode 100644
index 0000000..adec92a
--- /dev/null
+++ b/test/emacs.expected-output/quote-mml-in-reply
@@ -0,0 +1,7 @@
+From: Notmuch Test Suite <test_suite@notmuchmail.org>
+To:
+Subject: Re: Quote MML tags in reply
+In-Reply-To: <test-emacs-mml-quoting@message.id>
+--text follows this line--
+On Fri, 05 Jan 2001 15:43:57 +0000, Notmuch Test Suite <test_suite@notmuchmail.org> wrote:
+> <#!part disposition=inline>
--
1.7.9
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [PATCH v4 1/2] test: add tests for quoting of MML tags in replies
2012-02-01 2:49 ` [PATCH v3 1/2] test: add tests for quoting of " Dmitry Kurochkin
@ 2012-02-01 13:54 ` Pieter Praet
2012-02-01 20:36 ` [PATCH v5 " Pieter Praet
0 siblings, 1 reply; 40+ messages in thread
From: Pieter Praet @ 2012-02-01 13:54 UTC (permalink / raw)
To: Dmitry Kurochkin; +Cc: Notmuch Mail
From: Aaron Ecay <aaronecay@gmail.com>
The test is broken at this time; the next commit will introduce a fix.
Edited-by: Pieter Praet <pieter@praet.org>:
Moved expected output into the actual test and fixed "Fcc:" line.
---
test/emacs | 21 +++++++++++++++++++++
1 files changed, 21 insertions(+), 0 deletions(-)
diff --git a/test/emacs b/test/emacs
index 8ca4c8a..1fdd3a5 100755
--- a/test/emacs
+++ b/test/emacs
@@ -273,6 +273,27 @@ On 01 Jan 2000 12:00:00 -0000, Notmuch Test Suite <test_suite@notmuchmail.org> w
EOF
test_expect_equal_file OUTPUT EXPECTED
+test_begin_subtest "Quote MML tags in reply"
+test_subtest_known_broken
+message_id='test-emacs-mml-quoting@message.id'
+add_message [id]="$message_id" \
+ "[subject]='$test_subtest_name'" \
+ '[body]="<#part disposition=inline>"'
+test_emacs "(notmuch-show \"id:$message_id\")
+ (notmuch-show-reply)
+ (test-output)"
+cat <<EOF >EXPECTED
+From: Notmuch Test Suite <test_suite@notmuchmail.org>
+To:
+Subject: Re: Quote MML tags in reply
+In-Reply-To: <test-emacs-mml-quoting@message.id>
+Fcc: $(pwd)/mail/sent
+--text follows this line--
+On Fri, 05 Jan 2001 15:43:57 +0000, Notmuch Test Suite <test_suite@notmuchmail.org> wrote:
+> <#!part disposition=inline>
+EOF
+test_expect_equal_file OUTPUT EXPECTED
+
test_begin_subtest "Save attachment from within emacs using notmuch-show-save-attachments"
# save as archive to test that Emacs does not re-compress .gz
test_emacs '(let ((standard-input "\"attachment1.gz\""))
--
1.7.8.1
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [PATCH v5 1/2] test: add tests for quoting of MML tags in replies
2012-02-01 13:54 ` [PATCH v4 " Pieter Praet
@ 2012-02-01 20:36 ` Pieter Praet
0 siblings, 0 replies; 40+ messages in thread
From: Pieter Praet @ 2012-02-01 20:36 UTC (permalink / raw)
To: Dmitry Kurochkin; +Cc: Notmuch Mail
From: Aaron Ecay <aaronecay@gmail.com>
The test is broken at this time; the next commit will introduce a fix.
Edited-by: Pieter Praet <pieter@praet.org>:
Moved expected output into the actual test and fixed "Fcc:" line.
---
test/emacs | 21 +++++++++++++++++++++
1 files changed, 21 insertions(+), 0 deletions(-)
diff --git a/test/emacs b/test/emacs
index 8ca4c8a..17129b7 100755
--- a/test/emacs
+++ b/test/emacs
@@ -273,6 +273,27 @@ On 01 Jan 2000 12:00:00 -0000, Notmuch Test Suite <test_suite@notmuchmail.org> w
EOF
test_expect_equal_file OUTPUT EXPECTED
+test_begin_subtest "Quote MML tags in reply"
+test_subtest_known_broken
+message_id='test-emacs-mml-quoting@message.id'
+add_message [id]="$message_id" \
+ "[subject]='$test_subtest_name'" \
+ '[body]="<#part disposition=inline>"'
+test_emacs "(notmuch-show \"id:$message_id\")
+ (notmuch-show-reply)
+ (test-output)"
+cat <<EOF >EXPECTED
+From: Notmuch Test Suite <test_suite@notmuchmail.org>
+To:
+Subject: Re: Quote MML tags in reply
+In-Reply-To: <test-emacs-mml-quoting@message.id>
+Fcc: ${MAIL_DIR}/sent
+--text follows this line--
+On Fri, 05 Jan 2001 15:43:57 +0000, Notmuch Test Suite <test_suite@notmuchmail.org> wrote:
+> <#!part disposition=inline>
+EOF
+test_expect_equal_file OUTPUT EXPECTED
+
test_begin_subtest "Save attachment from within emacs using notmuch-show-save-attachments"
# save as archive to test that Emacs does not re-compress .gz
test_emacs '(let ((standard-input "\"attachment1.gz\""))
--
1.7.8.1
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [PATCH v3 2/2] emacs: quote MML tags in replies
2012-02-01 2:49 ` emacs: quote " Dmitry Kurochkin
2012-02-01 2:49 ` [PATCH v3 1/2] test: add tests for quoting of " Dmitry Kurochkin
@ 2012-02-01 2:49 ` Dmitry Kurochkin
2012-02-01 13:51 ` Pieter Praet
2012-02-02 4:01 ` David Bremner
3 siblings, 0 replies; 40+ messages in thread
From: Dmitry Kurochkin @ 2012-02-01 2:49 UTC (permalink / raw)
To: notmuch
From: Aaron Ecay <aaronecay@gmail.com>
Emacs message-mode uses certain text strings to indicate how to attach
files to outgoing mail. If these are present in the text of an email,
and a user is tricked into replying to the message, the user’s files
could be exposed.
---
NEWS | 12 ++++++++++++
emacs/notmuch-mua.el | 7 ++++++-
test/emacs | 1 -
3 files changed, 18 insertions(+), 2 deletions(-)
diff --git a/NEWS b/NEWS
index 2acdce5..ef26b8c 100644
--- a/NEWS
+++ b/NEWS
@@ -39,6 +39,17 @@ Reply to sender
and search modes, 'r' has been bound to reply to sender, replacing
reply to all, which now has key binding 'R'.
+Quote MML tags in replies
+
+ MML tags are text codes that Emacs uses to indicate attachments
+ (among other things) in messages being composed. The Emacs
+ interface did not quote MML tags in the quoted text of a reply.
+ User could be tricked into replying to a maliciously formatted
+ message and not editing out the MML tags from the quoted text. This
+ could lead to files from the user's machine being attached to the
+ outgoing message. The Emacs interface now quotes these tags in
+ reply text, so that they do not effect outgoing messages.
+
Library changes
---------------
@@ -56,6 +67,7 @@ Compatibility with GMime 2.6
However, a bug in current GMime 2.6 causes notmuch not to report
signatures where the signer key is unavailable (GNOME bug 668085).
+
Notmuch 0.11 (2012-01-13)
=========================
diff --git a/emacs/notmuch-mua.el b/emacs/notmuch-mua.el
index 023645e..4be7c13 100644
--- a/emacs/notmuch-mua.el
+++ b/emacs/notmuch-mua.el
@@ -116,7 +116,12 @@ list."
(push-mark))
(set-buffer-modified-p nil)
- (message-goto-body))
+ (message-goto-body)
+ ;; Original message may contain (malicious) MML tags. We must
+ ;; properly quote them in the reply. Note that using `point-max'
+ ;; instead of `mark' here is wrong. The buffer may include user's
+ ;; signature which should not be MML-quoted.
+ (mml-quote-region (point) (mark)))
(defun notmuch-mua-forward-message ()
(message-forward)
diff --git a/test/emacs b/test/emacs
index a3f4893..b9f7d15 100755
--- a/test/emacs
+++ b/test/emacs
@@ -274,7 +274,6 @@ EOF
test_expect_equal_file OUTPUT EXPECTED
test_begin_subtest "Quote MML tags in reply"
-test_subtest_known_broken
message_id='test-emacs-mml-quoting@message.id'
add_message [id]="$message_id" \
"[subject]='$test_subtest_name'" \
--
1.7.9
^ permalink raw reply related [flat|nested] 40+ messages in thread
* Re: emacs: quote MML tags in replies
2012-02-01 2:49 ` emacs: quote " Dmitry Kurochkin
2012-02-01 2:49 ` [PATCH v3 1/2] test: add tests for quoting of " Dmitry Kurochkin
2012-02-01 2:49 ` [PATCH v3 2/2] emacs: quote " Dmitry Kurochkin
@ 2012-02-01 13:51 ` Pieter Praet
2012-02-01 14:18 ` Dmitry Kurochkin
2012-02-02 4:01 ` David Bremner
3 siblings, 1 reply; 40+ messages in thread
From: Pieter Praet @ 2012-02-01 13:51 UTC (permalink / raw)
To: Dmitry Kurochkin, notmuch
On Wed, 1 Feb 2012 06:49:39 +0400, Dmitry Kurochkin <dmitry.kurochkin@gmail.com> wrote:
> Hi Aaron.
>
> Thanks for your work! I took the liberty to do some cleanups for your
> patch. Below is a detailed list of changes.
>
Thanks to the both of you!
> Hope this helps.
>
> Changes since v2:
>
> * change patch names to be consistent with others:
>
> - s/emacs:/test:/ for the test patch
>
> - lower case the first word after colon in the patch title
>
> * polish NEWS wording, move it to 0.12 section
>
> * add comment to `mml-quote-region' call, as suggested by Tomi [1]
>
> * fix and clean up the test:
>
> - set `notmuch-fcc-dirs' to nil to avoid adding the Fcc header,
> otherwise it breaks the test on other systems as pointed by
> David [2]
>
Could also have been avoided by adding the expected result inline,
and using "Fcc: $(pwd)/mail/sent". I'll send an updated patch to
that effect.
> - use default values for add_message parameters where possible
>
> - use a sane subject value in add_message
>
> - use shorter MML tag as produced by (mml-insert-part)
>
> - indenting and other minor cleanups
>
> Regards,
> Dmitry
>
> [1] id:"m2wr89ioos.fsf@guru.guru-group.fi"
> [2] id:"87ehugzycb.fsf@zancas.localnet"
>
> _______________________________________________
> notmuch mailing list
> notmuch@notmuchmail.org
> http://notmuchmail.org/mailman/listinfo/notmuch
Despite my comment re Fcc, both LGTM.
Peace
--
Pieter
^ permalink raw reply [flat|nested] 40+ messages in thread
* Re: emacs: quote MML tags in replies
2012-02-01 13:51 ` Pieter Praet
@ 2012-02-01 14:18 ` Dmitry Kurochkin
2012-02-01 20:35 ` Pieter Praet
0 siblings, 1 reply; 40+ messages in thread
From: Dmitry Kurochkin @ 2012-02-01 14:18 UTC (permalink / raw)
To: Pieter Praet, notmuch
On Wed, 01 Feb 2012 14:51:37 +0100, Pieter Praet <pieter@praet.org> wrote:
> On Wed, 1 Feb 2012 06:49:39 +0400, Dmitry Kurochkin <dmitry.kurochkin@gmail.com> wrote:
> > Hi Aaron.
> >
> > Thanks for your work! I took the liberty to do some cleanups for your
> > patch. Below is a detailed list of changes.
> >
>
> Thanks to the both of you!
>
>
> > Hope this helps.
> >
> > Changes since v2:
> >
> > * change patch names to be consistent with others:
> >
> > - s/emacs:/test:/ for the test patch
> >
> > - lower case the first word after colon in the patch title
> >
> > * polish NEWS wording, move it to 0.12 section
> >
> > * add comment to `mml-quote-region' call, as suggested by Tomi [1]
> >
> > * fix and clean up the test:
> >
> > - set `notmuch-fcc-dirs' to nil to avoid adding the Fcc header,
> > otherwise it breaks the test on other systems as pointed by
> > David [2]
> >
>
> Could also have been avoided by adding the expected result inline,
> and using "Fcc: $(pwd)/mail/sent". I'll send an updated patch to
> that effect.
>
I do not understand how this is better. But please do not use $(pwd)
here. I know that other tests do that in the same case, but it is
wrong. There is $MAIL_DIR variable for this. See "notmuch-fcc-dirs set
to a string" test for an example.
Regards,
Dmitry
>
> > - use default values for add_message parameters where possible
> >
> > - use a sane subject value in add_message
> >
> > - use shorter MML tag as produced by (mml-insert-part)
> >
> > - indenting and other minor cleanups
> >
> > Regards,
> > Dmitry
> >
> > [1] id:"m2wr89ioos.fsf@guru.guru-group.fi"
> > [2] id:"87ehugzycb.fsf@zancas.localnet"
> >
> > _______________________________________________
> > notmuch mailing list
> > notmuch@notmuchmail.org
> > http://notmuchmail.org/mailman/listinfo/notmuch
>
> Despite my comment re Fcc, both LGTM.
>
>
> Peace
>
> --
> Pieter
^ permalink raw reply [flat|nested] 40+ messages in thread
* Re: emacs: quote MML tags in replies
2012-02-01 14:18 ` Dmitry Kurochkin
@ 2012-02-01 20:35 ` Pieter Praet
2012-02-01 20:37 ` [PATCH] test: replace occurrences of $PWD with vars that are more stable Pieter Praet
0 siblings, 1 reply; 40+ messages in thread
From: Pieter Praet @ 2012-02-01 20:35 UTC (permalink / raw)
To: Dmitry Kurochkin, notmuch
On Wed, 01 Feb 2012 18:18:55 +0400, Dmitry Kurochkin <dmitry.kurochkin@gmail.com> wrote:
> On Wed, 01 Feb 2012 14:51:37 +0100, Pieter Praet <pieter@praet.org> wrote:
> > On Wed, 1 Feb 2012 06:49:39 +0400, Dmitry Kurochkin <dmitry.kurochkin@gmail.com> wrote:
> > > Hi Aaron.
> > >
> > > Thanks for your work! I took the liberty to do some cleanups for your
> > > patch. Below is a detailed list of changes.
> > >
> >
> > Thanks to the both of you!
> >
> >
> > > Hope this helps.
> > >
> > > Changes since v2:
> > >
> > > * change patch names to be consistent with others:
> > >
> > > - s/emacs:/test:/ for the test patch
> > >
> > > - lower case the first word after colon in the patch title
> > >
> > > * polish NEWS wording, move it to 0.12 section
> > >
> > > * add comment to `mml-quote-region' call, as suggested by Tomi [1]
> > >
> > > * fix and clean up the test:
> > >
> > > - set `notmuch-fcc-dirs' to nil to avoid adding the Fcc header,
> > > otherwise it breaks the test on other systems as pointed by
> > > David [2]
> > >
> >
> > Could also have been avoided by adding the expected result inline,
> > and using "Fcc: $(pwd)/mail/sent". I'll send an updated patch to
> > that effect.
> >
>
> I do not understand how this is better. [...]
Well, the expected output is only 7 lines, so we might as well keep it
inside the test itself (of which the advantages need no reiteration),
and doing so would allow us to get the Fcc path in a more future-proof way;
`notmuch-fcc-dirs' is more susceptible to deprecation than $MAIL_DIR et al.
> [...] But please do not use $(pwd)
> here. I know that other tests do that in the same case, but it is
> wrong. There is $MAIL_DIR variable for this. See "notmuch-fcc-dirs set
> to a string" test for an example.
>
Good point! Patch follows.
> Regards,
> Dmitry
>
> >
> > > - use default values for add_message parameters where possible
> > >
> > > - use a sane subject value in add_message
> > >
> > > - use shorter MML tag as produced by (mml-insert-part)
> > >
> > > - indenting and other minor cleanups
> > >
> > > Regards,
> > > Dmitry
> > >
> > > [1] id:"m2wr89ioos.fsf@guru.guru-group.fi"
> > > [2] id:"87ehugzycb.fsf@zancas.localnet"
> > >
> > > _______________________________________________
> > > notmuch mailing list
> > > notmuch@notmuchmail.org
> > > http://notmuchmail.org/mailman/listinfo/notmuch
> >
> > Despite my comment re Fcc, both LGTM.
> >
> >
> > Peace
> >
> > --
> > Pieter
Peace
--
Pieter
^ permalink raw reply [flat|nested] 40+ messages in thread
* [PATCH] test: replace occurrences of $PWD with vars that are more stable
2012-02-01 20:35 ` Pieter Praet
@ 2012-02-01 20:37 ` Pieter Praet
2012-02-01 23:09 ` Dmitry Kurochkin
2012-02-25 13:54 ` David Bremner
0 siblings, 2 replies; 40+ messages in thread
From: Pieter Praet @ 2012-02-01 20:37 UTC (permalink / raw)
To: Dmitry Kurochkin; +Cc: Notmuch Mail
Thanks to Dmitry Kurochkin <dmitry.kurochkin@gmail.com>
for pointing this out: id:"87d39ymyb4.fsf@gmail.com"
---
test/emacs | 2 +-
test/new | 6 +++---
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/test/emacs b/test/emacs
index 17129b7..9c9d0b4 100755
--- a/test/emacs
+++ b/test/emacs
@@ -266,7 +266,7 @@ From: Notmuch Test Suite <test_suite@notmuchmail.org>
To: user@example.com
Subject: Re: Testing message sent via SMTP
In-Reply-To: <XXX>
-Fcc: $(pwd)/mail/sent
+Fcc: ${MAIL_DIR}/sent
--text follows this line--
On 01 Jan 2000 12:00:00 -0000, Notmuch Test Suite <test_suite@notmuchmail.org> wrote:
> This is a test that messages are sent via SMTP
diff --git a/test/new b/test/new
index 49f390d..1b24c84 100755
--- a/test/new
+++ b/test/new
@@ -117,10 +117,10 @@ test_expect_equal "$output" "No new mail. Removed 3 messages."
test_begin_subtest "New symlink to directory"
rm -rf "${MAIL_DIR}"/.notmuch
-mv "${MAIL_DIR}" "$PWD"/actual_maildir
+mv "${MAIL_DIR}" "${TMP_DIRECTORY}"/actual_maildir
mkdir "${MAIL_DIR}"
-ln -s "$PWD"/actual_maildir "${MAIL_DIR}"/symlink
+ln -s "${TMP_DIRECTORY}"/actual_maildir "${MAIL_DIR}"/symlink
output=$(NOTMUCH_NEW)
test_expect_equal "$output" "Added 1 new message to the database."
@@ -128,7 +128,7 @@ test_expect_equal "$output" "Added 1 new message to the database."
test_begin_subtest "New symlink to a file"
generate_message
-external_msg_filename="$PWD"/external/"$(basename "$gen_msg_filename")"
+external_msg_filename="${TMP_DIRECTORY}"/external/"$(basename "$gen_msg_filename")"
mkdir -p "$(dirname "$external_msg_filename")"
mv "$gen_msg_filename" "$external_msg_filename"
ln -s "$external_msg_filename" "$gen_msg_filename"
--
1.7.8.1
^ permalink raw reply related [flat|nested] 40+ messages in thread
* Re: [PATCH] test: replace occurrences of $PWD with vars that are more stable
2012-02-01 20:37 ` [PATCH] test: replace occurrences of $PWD with vars that are more stable Pieter Praet
@ 2012-02-01 23:09 ` Dmitry Kurochkin
2012-02-03 10:20 ` Pieter Praet
2012-02-25 13:54 ` David Bremner
1 sibling, 1 reply; 40+ messages in thread
From: Dmitry Kurochkin @ 2012-02-01 23:09 UTC (permalink / raw)
To: Pieter Praet; +Cc: Notmuch Mail
On Wed, 1 Feb 2012 21:37:21 +0100, Pieter Praet <pieter@praet.org> wrote:
> Thanks to Dmitry Kurochkin <dmitry.kurochkin@gmail.com>
> for pointing this out: id:"87d39ymyb4.fsf@gmail.com"
> ---
Looks good to me. Minor comments below.
> test/emacs | 2 +-
> test/new | 6 +++---
> 2 files changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/test/emacs b/test/emacs
> index 17129b7..9c9d0b4 100755
> --- a/test/emacs
> +++ b/test/emacs
> @@ -266,7 +266,7 @@ From: Notmuch Test Suite <test_suite@notmuchmail.org>
> To: user@example.com
> Subject: Re: Testing message sent via SMTP
> In-Reply-To: <XXX>
> -Fcc: $(pwd)/mail/sent
> +Fcc: ${MAIL_DIR}/sent
> --text follows this line--
> On 01 Jan 2000 12:00:00 -0000, Notmuch Test Suite <test_suite@notmuchmail.org> wrote:
> > This is a test that messages are sent via SMTP
> diff --git a/test/new b/test/new
> index 49f390d..1b24c84 100755
> --- a/test/new
> +++ b/test/new
> @@ -117,10 +117,10 @@ test_expect_equal "$output" "No new mail. Removed 3 messages."
> test_begin_subtest "New symlink to directory"
>
> rm -rf "${MAIL_DIR}"/.notmuch
> -mv "${MAIL_DIR}" "$PWD"/actual_maildir
> +mv "${MAIL_DIR}" "${TMP_DIRECTORY}"/actual_maildir
I would prefer to put the whole second argument inside the quotes, not
just the variable.
>
> mkdir "${MAIL_DIR}"
> -ln -s "$PWD"/actual_maildir "${MAIL_DIR}"/symlink
> +ln -s "${TMP_DIRECTORY}"/actual_maildir "${MAIL_DIR}"/symlink
Same.
>
> output=$(NOTMUCH_NEW)
> test_expect_equal "$output" "Added 1 new message to the database."
> @@ -128,7 +128,7 @@ test_expect_equal "$output" "Added 1 new message to the database."
>
> test_begin_subtest "New symlink to a file"
> generate_message
> -external_msg_filename="$PWD"/external/"$(basename "$gen_msg_filename")"
> +external_msg_filename="${TMP_DIRECTORY}"/external/"$(basename "$gen_msg_filename")"
And here as well. The quotes around "/external/" can just be removed.
Regards,
Dmitry
> mkdir -p "$(dirname "$external_msg_filename")"
> mv "$gen_msg_filename" "$external_msg_filename"
> ln -s "$external_msg_filename" "$gen_msg_filename"
> --
> 1.7.8.1
^ permalink raw reply [flat|nested] 40+ messages in thread
* Re: [PATCH] test: replace occurrences of $PWD with vars that are more stable
2012-02-01 23:09 ` Dmitry Kurochkin
@ 2012-02-03 10:20 ` Pieter Praet
2012-02-03 10:28 ` Dmitry Kurochkin
0 siblings, 1 reply; 40+ messages in thread
From: Pieter Praet @ 2012-02-03 10:20 UTC (permalink / raw)
To: Dmitry Kurochkin; +Cc: Notmuch Mail
On Thu, 02 Feb 2012 03:09:39 +0400, Dmitry Kurochkin <dmitry.kurochkin@gmail.com> wrote:
> [...]
> I would prefer to put the whole second argument inside the quotes, not
> just the variable.
> [...]
>
I felt the same way initially, but then decided to leave the extra
quotes in place because the resulting fontification helps differentiate
between the vars and actual strings.
I assume that was the reason for the extra quotes' presence in the first
place? I might be wrong though...
So with that in mind, do I submit a new patch without the quotes, or leave
it as it is?
> Regards,
> Dmitry
>
> > mkdir -p "$(dirname "$external_msg_filename")"
> > mv "$gen_msg_filename" "$external_msg_filename"
> > ln -s "$external_msg_filename" "$gen_msg_filename"
> > --
> > 1.7.8.1
Peace
--
Pieter
^ permalink raw reply [flat|nested] 40+ messages in thread
* Re: [PATCH] test: replace occurrences of $PWD with vars that are more stable
2012-02-03 10:20 ` Pieter Praet
@ 2012-02-03 10:28 ` Dmitry Kurochkin
0 siblings, 0 replies; 40+ messages in thread
From: Dmitry Kurochkin @ 2012-02-03 10:28 UTC (permalink / raw)
To: Pieter Praet; +Cc: Notmuch Mail
On Fri, 03 Feb 2012 11:20:58 +0100, Pieter Praet <pieter@praet.org> wrote:
> On Thu, 02 Feb 2012 03:09:39 +0400, Dmitry Kurochkin <dmitry.kurochkin@gmail.com> wrote:
> > [...]
> > I would prefer to put the whole second argument inside the quotes, not
> > just the variable.
> > [...]
> >
>
> I felt the same way initially, but then decided to leave the extra
> quotes in place because the resulting fontification helps differentiate
> between the vars and actual strings.
>
I still prefer it without quotes.
> I assume that was the reason for the extra quotes' presence in the first
> place? I might be wrong though...
>
Interesting theory.
> So with that in mind, do I submit a new patch without the quotes, or leave
> it as it is?
>
I would not insist on another patch, taking into account that it was
this way already.
Regards,
Dmitry
> > Regards,
> > Dmitry
> >
> > > mkdir -p "$(dirname "$external_msg_filename")"
> > > mv "$gen_msg_filename" "$external_msg_filename"
> > > ln -s "$external_msg_filename" "$gen_msg_filename"
> > > --
> > > 1.7.8.1
>
>
> Peace
>
> --
> Pieter
^ permalink raw reply [flat|nested] 40+ messages in thread
* Re: [PATCH] test: replace occurrences of $PWD with vars that are more stable
2012-02-01 20:37 ` [PATCH] test: replace occurrences of $PWD with vars that are more stable Pieter Praet
2012-02-01 23:09 ` Dmitry Kurochkin
@ 2012-02-25 13:54 ` David Bremner
1 sibling, 0 replies; 40+ messages in thread
From: David Bremner @ 2012-02-25 13:54 UTC (permalink / raw)
To: Pieter Praet; +Cc: Notmuch Mail
On Wed, 1 Feb 2012 21:37:21 +0100, Pieter Praet <pieter@praet.org> wrote:
> Thanks to Dmitry Kurochkin <dmitry.kurochkin@gmail.com>
> for pointing this out: id:"87d39ymyb4.fsf@gmail.com"
Pushed.
d
^ permalink raw reply [flat|nested] 40+ messages in thread
* (no subject)
2012-02-01 2:49 ` emacs: quote " Dmitry Kurochkin
` (2 preceding siblings ...)
2012-02-01 13:51 ` Pieter Praet
@ 2012-02-02 4:01 ` David Bremner
2012-02-02 4:01 ` [PATCH v4 1/2] test: add tests for quoting of MML tags in replies David Bremner
` (2 more replies)
3 siblings, 3 replies; 40+ messages in thread
From: David Bremner @ 2012-02-02 4:01 UTC (permalink / raw)
To: notmuch
I rebased these against branch release (and copied a comment from
aaron's email), but the test fails there, as does the reply within emacs test.
FAIL Reply within emacs
--- emacs.24.expected 2012-02-02 03:55:14.000000000 +0000
+++ emacs.24.output 2012-02-02 03:55:14.000000000 +0000
@@ -1,8 +1,4 @@
From: Notmuch Test Suite <test_suite@notmuchmail.org>
-To: user@example.com
-Subject: Re: Testing message sent via SMTP
-In-Reply-To: <XXX>
-Fcc: /home/bremner/software/upstream/notmuch/test/tmp.emacs/mail/sent
+To:
+Subject:
--text follows this line--
-On 01 Jan 2000 12:00:00 -0000, Notmuch Test Suite <test_suite@notmuchmail.org> wrote:
-> This is a test that messages are sent via SMTP
*ERROR*: Wrong type argument: integer-or-marker-p, nil
FAIL Quote MML tags in reply
--- emacs.25.expected 2012-02-02 03:55:15.000000000 +0000
+++ emacs.25.output 2012-02-02 03:55:15.000000000 +0000
@@ -1,7 +1,4 @@
From: Notmuch Test Suite <test_suite@notmuchmail.org>
To:
-Subject: Re: Quote MML tags in reply
-In-Reply-To: <test-emacs-mml-quoting@message.id>
+Subject:
--text follows this line--
-On Fri, 05 Jan 2001 15:43:57 +0000, Notmuch Test Suite <test_suite@notmuchmail.org> wrote:
-> <#!part disposition=inline>
*ERROR*: Wrong type argument: integer-or-marker-p, nil
^ permalink raw reply [flat|nested] 40+ messages in thread
* [PATCH v4 1/2] test: add tests for quoting of MML tags in replies
2012-02-02 4:01 ` David Bremner
@ 2012-02-02 4:01 ` David Bremner
2012-02-02 4:01 ` [PATCH v4 2/2] emacs: quote " David Bremner
2012-02-03 10:22 ` Pieter Praet
2 siblings, 0 replies; 40+ messages in thread
From: David Bremner @ 2012-02-02 4:01 UTC (permalink / raw)
To: notmuch
From: Aaron Ecay <aaronecay@gmail.com>
The test is broken at this time; the next commit will introduce a fix.
---
test/emacs | 12 ++++++++++++
test/emacs.expected-output/quote-mml-in-reply | 7 +++++++
2 files changed, 19 insertions(+), 0 deletions(-)
create mode 100644 test/emacs.expected-output/quote-mml-in-reply
diff --git a/test/emacs b/test/emacs
index f36718e..2a2ce28 100755
--- a/test/emacs
+++ b/test/emacs
@@ -273,6 +273,18 @@ On 01 Jan 2000 12:00:00 -0000, Notmuch Test Suite <test_suite@notmuchmail.org> w
EOF
test_expect_equal_file OUTPUT EXPECTED
+test_begin_subtest "Quote MML tags in reply"
+test_subtest_known_broken
+message_id='test-emacs-mml-quoting@message.id'
+add_message [id]="$message_id" \
+ "[subject]='$test_subtest_name'" \
+ '[body]="<#part disposition=inline>"'
+test_emacs "(let ((notmuch-fcc-dirs nil))
+ (notmuch-show \"id:$message_id\")
+ (notmuch-show-reply)
+ (test-output))"
+test_expect_equal_file OUTPUT "$EXPECTED/quote-mml-in-reply"
+
test_begin_subtest "Save attachment from within emacs using notmuch-show-save-attachments"
# save as archive to test that Emacs does not re-compress .gz
test_emacs '(let ((standard-input "\"attachment1.gz\""))
diff --git a/test/emacs.expected-output/quote-mml-in-reply b/test/emacs.expected-output/quote-mml-in-reply
new file mode 100644
index 0000000..adec92a
--- /dev/null
+++ b/test/emacs.expected-output/quote-mml-in-reply
@@ -0,0 +1,7 @@
+From: Notmuch Test Suite <test_suite@notmuchmail.org>
+To:
+Subject: Re: Quote MML tags in reply
+In-Reply-To: <test-emacs-mml-quoting@message.id>
+--text follows this line--
+On Fri, 05 Jan 2001 15:43:57 +0000, Notmuch Test Suite <test_suite@notmuchmail.org> wrote:
+> <#!part disposition=inline>
--
1.7.8.3
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [PATCH v4 2/2] emacs: quote MML tags in replies
2012-02-02 4:01 ` David Bremner
2012-02-02 4:01 ` [PATCH v4 1/2] test: add tests for quoting of MML tags in replies David Bremner
@ 2012-02-02 4:01 ` David Bremner
2012-02-03 10:22 ` Pieter Praet
2 siblings, 0 replies; 40+ messages in thread
From: David Bremner @ 2012-02-02 4:01 UTC (permalink / raw)
To: notmuch
From: Aaron Ecay <aaronecay@gmail.com>
Emacs message-mode uses certain text strings to indicate how to attach
files to outgoing mail. If these are present in the text of an email,
and a user is tricked into replying to the message, the user’s files
could be exposed.
Using point-max would include the signature in the quoting as well.
It would probably be fairly odd to want to put an MML tag in one’s
signature, but that doesn’t mean that we should break that usage.
---
NEWS | 11 +++++++++++
emacs/notmuch-mua.el | 7 ++++++-
test/emacs | 1 -
3 files changed, 17 insertions(+), 2 deletions(-)
diff --git a/NEWS b/NEWS
index 3d2c2a8..a089e67 100644
--- a/NEWS
+++ b/NEWS
@@ -11,6 +11,17 @@ Fix error handling in python bindings.
exceptions to indicate the error condition. Any subsequent calls
into libnotmuch caused segmentation faults.
+Quote MML tags in replies
+
+ MML tags are text codes that Emacs uses to indicate attachments
+ (among other things) in messages being composed. The Emacs
+ interface did not quote MML tags in the quoted text of a reply.
+ User could be tricked into replying to a maliciously formatted
+ message and not editing out the MML tags from the quoted text. This
+ could lead to files from the user's machine being attached to the
+ outgoing message. The Emacs interface now quotes these tags in
+ reply text, so that they do not effect outgoing messages.
+
Notmuch 0.11 (2012-01-13)
=========================
diff --git a/emacs/notmuch-mua.el b/emacs/notmuch-mua.el
index 7114e48..768b693 100644
--- a/emacs/notmuch-mua.el
+++ b/emacs/notmuch-mua.el
@@ -111,7 +111,12 @@ list."
(insert body))
(set-buffer-modified-p nil)
- (message-goto-body))
+ (message-goto-body)
+ ;; Original message may contain (malicious) MML tags. We must
+ ;; properly quote them in the reply. Note that using `point-max'
+ ;; instead of `mark' here is wrong. The buffer may include user's
+ ;; signature which should not be MML-quoted.
+ (mml-quote-region (point) (mark)))
(defun notmuch-mua-forward-message ()
(message-forward)
diff --git a/test/emacs b/test/emacs
index 2a2ce28..de100c5 100755
--- a/test/emacs
+++ b/test/emacs
@@ -274,7 +274,6 @@ EOF
test_expect_equal_file OUTPUT EXPECTED
test_begin_subtest "Quote MML tags in reply"
-test_subtest_known_broken
message_id='test-emacs-mml-quoting@message.id'
add_message [id]="$message_id" \
"[subject]='$test_subtest_name'" \
--
1.7.8.3
^ permalink raw reply related [flat|nested] 40+ messages in thread
* Re:
2012-02-02 4:01 ` David Bremner
2012-02-02 4:01 ` [PATCH v4 1/2] test: add tests for quoting of MML tags in replies David Bremner
2012-02-02 4:01 ` [PATCH v4 2/2] emacs: quote " David Bremner
@ 2012-02-03 10:22 ` Pieter Praet
2012-02-03 10:24 ` [PATCH v6 1/3] test: add tests for quoting of MML tags in replies Pieter Praet
` (3 more replies)
2 siblings, 4 replies; 40+ messages in thread
From: Pieter Praet @ 2012-02-03 10:22 UTC (permalink / raw)
To: David Bremner, notmuch
On Thu, 2 Feb 2012 00:01:31 -0400, David Bremner <david@tethera.net> wrote:
> I rebased these against branch release (and copied a comment from
> aaron's email), but the test fails there, as does the reply within emacs test.
>
Same issue here.
That mark was introduced in commit 03146f20, so isn't available in the
release branch yet. Let's just use `point-max' instead, merge 'release'
into 'master', and change it back to `mark' there. It's better to break
MML tags in the user's sig for a little while than leave this security
hole wide open.
Same issue wrt commit 66ecd906; the citation line should still be:
On Tue, 05 Jan 2001 15:43:57 -0000, Notmuch Test Suite <test_suite@notmuchmail.org> wrote:
instead of:
On Fri, 05 Jan 2001 15:43:57 +0000, Notmuch Test Suite <test_suite@notmuchmail.org> wrote:
Fixed patches follow, including a post-merge fix.
> FAIL Reply within emacs
> --- emacs.24.expected 2012-02-02 03:55:14.000000000 +0000
> +++ emacs.24.output 2012-02-02 03:55:14.000000000 +0000
> @@ -1,8 +1,4 @@
> From: Notmuch Test Suite <test_suite@notmuchmail.org>
> -To: user@example.com
> -Subject: Re: Testing message sent via SMTP
> -In-Reply-To: <XXX>
> -Fcc: /home/bremner/software/upstream/notmuch/test/tmp.emacs/mail/sent
> +To:
> +Subject:
> --text follows this line--
> -On 01 Jan 2000 12:00:00 -0000, Notmuch Test Suite <test_suite@notmuchmail.org> wrote:
> -> This is a test that messages are sent via SMTP
> *ERROR*: Wrong type argument: integer-or-marker-p, nil
> FAIL Quote MML tags in reply
> --- emacs.25.expected 2012-02-02 03:55:15.000000000 +0000
> +++ emacs.25.output 2012-02-02 03:55:15.000000000 +0000
> @@ -1,7 +1,4 @@
> From: Notmuch Test Suite <test_suite@notmuchmail.org>
> To:
> -Subject: Re: Quote MML tags in reply
> -In-Reply-To: <test-emacs-mml-quoting@message.id>
> +Subject:
> --text follows this line--
> -On Fri, 05 Jan 2001 15:43:57 +0000, Notmuch Test Suite <test_suite@notmuchmail.org> wrote:
> -> <#!part disposition=inline>
> *ERROR*: Wrong type argument: integer-or-marker-p, nil
>
>
> _______________________________________________
> notmuch mailing list
> notmuch@notmuchmail.org
> http://notmuchmail.org/mailman/listinfo/notmuch
Peace
--
Pieter
^ permalink raw reply [flat|nested] 40+ messages in thread
* [PATCH v6 1/3] test: add tests for quoting of MML tags in replies
2012-02-03 10:22 ` Pieter Praet
@ 2012-02-03 10:24 ` Pieter Praet
2012-02-03 10:24 ` [PATCH v6 2/3] emacs: quote " Pieter Praet
` (2 subsequent siblings)
3 siblings, 0 replies; 40+ messages in thread
From: Pieter Praet @ 2012-02-03 10:24 UTC (permalink / raw)
To: David Bremner; +Cc: Notmuch Mail
From: Aaron Ecay <aaronecay@gmail.com>
The test is broken at this time; the next commit will introduce a fix.
Edited-by: Pieter Praet <pieter@praet.org>:
Rebased to release branch, moved expected output into the actual test,
and fixed "Fcc:" line.
---
test/emacs | 21 +++++++++++++++++++++
1 files changed, 21 insertions(+), 0 deletions(-)
diff --git a/test/emacs b/test/emacs
index f36718e..db8e4ad 100755
--- a/test/emacs
+++ b/test/emacs
@@ -273,6 +273,27 @@ On 01 Jan 2000 12:00:00 -0000, Notmuch Test Suite <test_suite@notmuchmail.org> w
EOF
test_expect_equal_file OUTPUT EXPECTED
+test_begin_subtest "Quote MML tags in reply"
+test_subtest_known_broken
+message_id='test-emacs-mml-quoting@message.id'
+add_message [id]="$message_id" \
+ "[subject]='$test_subtest_name'" \
+ '[body]="<#part disposition=inline>"'
+test_emacs "(notmuch-show \"id:$message_id\")
+ (notmuch-show-reply)
+ (test-output)"
+cat <<EOF >EXPECTED
+From: Notmuch Test Suite <test_suite@notmuchmail.org>
+To:
+Subject: Re: Quote MML tags in reply
+In-Reply-To: <test-emacs-mml-quoting@message.id>
+Fcc: ${MAIL_DIR}/sent
+--text follows this line--
+On Tue, 05 Jan 2001 15:43:57 -0000, Notmuch Test Suite <test_suite@notmuchmail.org> wrote:
+> <#!part disposition=inline>
+EOF
+test_expect_equal_file OUTPUT EXPECTED
+
test_begin_subtest "Save attachment from within emacs using notmuch-show-save-attachments"
# save as archive to test that Emacs does not re-compress .gz
test_emacs '(let ((standard-input "\"attachment1.gz\""))
--
1.7.8.1
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [PATCH v6 2/3] emacs: quote MML tags in replies
2012-02-03 10:22 ` Pieter Praet
2012-02-03 10:24 ` [PATCH v6 1/3] test: add tests for quoting of MML tags in replies Pieter Praet
@ 2012-02-03 10:24 ` Pieter Praet
2012-02-03 10:24 ` [PATCH v6 3/3] post-merge fixes Pieter Praet
2012-02-03 12:54 ` MML Quoting patches David Bremner
3 siblings, 0 replies; 40+ messages in thread
From: Pieter Praet @ 2012-02-03 10:24 UTC (permalink / raw)
To: David Bremner; +Cc: Notmuch Mail
From: Aaron Ecay <aaronecay@gmail.com>
Emacs message-mode uses certain text strings to indicate how to attach
files to outgoing mail. If these are present in the text of an email,
and a user is tricked into replying to the message, the user’s files
could be exposed.
Edited-by: Pieter Praet <pieter@praet.org>: Rebased to release branch.
---
NEWS | 11 +++++++++++
emacs/notmuch-mua.el | 7 ++++++-
test/emacs | 1 -
3 files changed, 17 insertions(+), 2 deletions(-)
diff --git a/NEWS b/NEWS
index 3d2c2a8..a089e67 100644
--- a/NEWS
+++ b/NEWS
@@ -11,6 +11,17 @@ Fix error handling in python bindings.
exceptions to indicate the error condition. Any subsequent calls
into libnotmuch caused segmentation faults.
+Quote MML tags in replies
+
+ MML tags are text codes that Emacs uses to indicate attachments
+ (among other things) in messages being composed. The Emacs
+ interface did not quote MML tags in the quoted text of a reply.
+ User could be tricked into replying to a maliciously formatted
+ message and not editing out the MML tags from the quoted text. This
+ could lead to files from the user's machine being attached to the
+ outgoing message. The Emacs interface now quotes these tags in
+ reply text, so that they do not effect outgoing messages.
+
Notmuch 0.11 (2012-01-13)
=========================
diff --git a/emacs/notmuch-mua.el b/emacs/notmuch-mua.el
index 7114e48..3e93d7c 100644
--- a/emacs/notmuch-mua.el
+++ b/emacs/notmuch-mua.el
@@ -111,7 +111,12 @@ list."
(insert body))
(set-buffer-modified-p nil)
- (message-goto-body))
+ (message-goto-body)
+ ;; Original message may contain (malicious) MML tags. We must
+ ;; properly quote them in the reply. Note that using `point-max'
+ ;; instead of `mark' here is wrong. The buffer may include user's
+ ;; signature which should not be MML-quoted.
+ (mml-quote-region (point) (point-max)))
(defun notmuch-mua-forward-message ()
(message-forward)
diff --git a/test/emacs b/test/emacs
index db8e4ad..2d066ed 100755
--- a/test/emacs
+++ b/test/emacs
@@ -274,7 +274,6 @@ EOF
test_expect_equal_file OUTPUT EXPECTED
test_begin_subtest "Quote MML tags in reply"
-test_subtest_known_broken
message_id='test-emacs-mml-quoting@message.id'
add_message [id]="$message_id" \
"[subject]='$test_subtest_name'" \
--
1.7.8.1
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [PATCH v6 3/3] post-merge fixes
2012-02-03 10:22 ` Pieter Praet
2012-02-03 10:24 ` [PATCH v6 1/3] test: add tests for quoting of MML tags in replies Pieter Praet
2012-02-03 10:24 ` [PATCH v6 2/3] emacs: quote " Pieter Praet
@ 2012-02-03 10:24 ` Pieter Praet
2012-02-04 19:05 ` David Bremner
2012-02-03 12:54 ` MML Quoting patches David Bremner
3 siblings, 1 reply; 40+ messages in thread
From: Pieter Praet @ 2012-02-03 10:24 UTC (permalink / raw)
To: David Bremner; +Cc: Notmuch Mail
---
emacs/notmuch-mua.el | 2 +-
test/emacs | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/emacs/notmuch-mua.el b/emacs/notmuch-mua.el
index 3e93d7c..768b693 100644
--- a/emacs/notmuch-mua.el
+++ b/emacs/notmuch-mua.el
@@ -116,7 +116,7 @@ list."
;; properly quote them in the reply. Note that using `point-max'
;; instead of `mark' here is wrong. The buffer may include user's
;; signature which should not be MML-quoted.
- (mml-quote-region (point) (point-max)))
+ (mml-quote-region (point) (mark)))
(defun notmuch-mua-forward-message ()
(message-forward)
diff --git a/test/emacs b/test/emacs
index 2d066ed..f4955fe 100755
--- a/test/emacs
+++ b/test/emacs
@@ -288,7 +288,7 @@ Subject: Re: Quote MML tags in reply
In-Reply-To: <test-emacs-mml-quoting@message.id>
Fcc: ${MAIL_DIR}/sent
--text follows this line--
-On Tue, 05 Jan 2001 15:43:57 -0000, Notmuch Test Suite <test_suite@notmuchmail.org> wrote:
+On Fri, 05 Jan 2001 15:43:57 +0000, Notmuch Test Suite <test_suite@notmuchmail.org> wrote:
> <#!part disposition=inline>
EOF
test_expect_equal_file OUTPUT EXPECTED
--
1.7.8.1
^ permalink raw reply related [flat|nested] 40+ messages in thread
* Re: MML Quoting patches.
2012-02-03 10:22 ` Pieter Praet
` (2 preceding siblings ...)
2012-02-03 10:24 ` [PATCH v6 3/3] post-merge fixes Pieter Praet
@ 2012-02-03 12:54 ` David Bremner
2012-02-03 14:28 ` Pieter Praet
3 siblings, 1 reply; 40+ messages in thread
From: David Bremner @ 2012-02-03 12:54 UTC (permalink / raw)
To: Pieter Praet, notmuch
On Fri, 03 Feb 2012 11:22:25 +0100, Pieter Praet <pieter@praet.org> wrote:
> That mark was introduced in commit 03146f20, so isn't available in the
> release branch yet. Let's just use `point-max' instead, merge 'release'
> into 'master', and change it back to `mark' there. It's better to break
> MML tags in the user's sig for a little while than leave this security
> hole wide open.
Thanks Pieter.
I have pushed these both to release.
I'll have a look at the 3rd patch when I merge into master (after
release is tagged). At a glance, I suspect it would be better off to
make it real commit with a real commit message, since it does change
functionality.
d
^ permalink raw reply [flat|nested] 40+ messages in thread
* Re: MML Quoting patches.
2012-02-03 12:54 ` MML Quoting patches David Bremner
@ 2012-02-03 14:28 ` Pieter Praet
0 siblings, 0 replies; 40+ messages in thread
From: Pieter Praet @ 2012-02-03 14:28 UTC (permalink / raw)
To: David Bremner, notmuch
On Fri, 03 Feb 2012 08:54:48 -0400, David Bremner <david@tethera.net> wrote:
> On Fri, 03 Feb 2012 11:22:25 +0100, Pieter Praet <pieter@praet.org> wrote:
>
> > That mark was introduced in commit 03146f20, so isn't available in the
> > release branch yet. Let's just use `point-max' instead, merge 'release'
> > into 'master', and change it back to `mark' there. It's better to break
> > MML tags in the user's sig for a little while than leave this security
> > hole wide open.
>
> Thanks Pieter.
>
> I have pushed these both to release.
>
Thanks to you as well!
> I'll have a look at the 3rd patch when I merge into master (after
> release is tagged). At a glance, I suspect it would be better off to
> make it real commit with a real commit message, since it does change
> functionality.
>
Agreed.
> d
>
Peace
--
Pieter
^ permalink raw reply [flat|nested] 40+ messages in thread