You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
384 lines
14 KiB
384 lines
14 KiB
2 years ago
|
diff -up evolution-3.28.5/src/em-format/e-mail-formatter-utils.c.cve-2018-15587-reposition-signature-bar evolution-3.28.5/src/em-format/e-mail-formatter-utils.c
|
||
|
--- evolution-3.28.5/src/em-format/e-mail-formatter-utils.c.cve-2018-15587-reposition-signature-bar 2018-07-30 15:37:05.000000000 +0200
|
||
|
+++ evolution-3.28.5/src/em-format/e-mail-formatter-utils.c 2019-10-24 16:21:32.730944332 +0200
|
||
|
@@ -549,71 +549,136 @@ e_mail_formatter_format_security_header
|
||
|
EMailPart *part,
|
||
|
guint32 flags)
|
||
|
{
|
||
|
- const gchar* part_id;
|
||
|
- gchar* part_id_prefix;
|
||
|
- GString* tmp;
|
||
|
+ struct _validity_flags {
|
||
|
+ guint32 flags;
|
||
|
+ const gchar *description_complete;
|
||
|
+ const gchar *description_partial;
|
||
|
+ } validity_flags[] = {
|
||
|
+ { E_MAIL_PART_VALIDITY_PGP | E_MAIL_PART_VALIDITY_SIGNED, N_("GPG signed"), N_("partially GPG signed") },
|
||
|
+ { E_MAIL_PART_VALIDITY_PGP | E_MAIL_PART_VALIDITY_ENCRYPTED, N_("GPG encrypted"), N_("partially GPG encrypted") },
|
||
|
+ { E_MAIL_PART_VALIDITY_SMIME | E_MAIL_PART_VALIDITY_SIGNED, N_("S/MIME signed"), N_("partially S/MIME signed") },
|
||
|
+ { E_MAIL_PART_VALIDITY_SMIME | E_MAIL_PART_VALIDITY_ENCRYPTED, N_("S/MIME encrypted"), N_("partially S/MIME encrypted") }
|
||
|
+ };
|
||
|
+ const gchar *part_id;
|
||
|
+ gchar *part_id_prefix;
|
||
|
GQueue queue = G_QUEUE_INIT;
|
||
|
GList *head, *link;
|
||
|
+ guint32 check_valid_flags = 0;
|
||
|
+ gint part_id_prefix_len;
|
||
|
+ gboolean is_partial = FALSE;
|
||
|
+ guint ii;
|
||
|
|
||
|
g_return_if_fail (E_IS_MAIL_PART_HEADERS (part));
|
||
|
|
||
|
/* Get prefix of this PURI */
|
||
|
part_id = e_mail_part_get_id (part);
|
||
|
part_id_prefix = g_strndup (part_id, g_strrstr (part_id, ".") - part_id);
|
||
|
-
|
||
|
- /* Add encryption/signature header */
|
||
|
- tmp = g_string_new ("");
|
||
|
+ part_id_prefix_len = strlen (part_id_prefix);
|
||
|
|
||
|
e_mail_part_list_queue_parts (context->part_list, NULL, &queue);
|
||
|
|
||
|
head = g_queue_peek_head_link (&queue);
|
||
|
|
||
|
- /* Find first secured part. */
|
||
|
- for (link = head; link != NULL; link = g_list_next(link)) {
|
||
|
+ /* Ignore the main message, the headers and the end parts */
|
||
|
+ #define should_skip_part(_id) \
|
||
|
+ (g_strcmp0 (_id, part_id_prefix) == 0 || \
|
||
|
+ (_id && g_str_has_suffix (_id, ".rfc822.end")) || \
|
||
|
+ (_id && strlen (_id) == part_id_prefix_len + 8 /* strlen (".headers") */ && \
|
||
|
+ g_strcmp0 (_id + part_id_prefix_len, ".headers") == 0))
|
||
|
+
|
||
|
+ /* Check parts for this ID. */
|
||
|
+ for (link = head; link != NULL; link = g_list_next (link)) {
|
||
|
EMailPart *mail_part = link->data;
|
||
|
+ const gchar *id = e_mail_part_get_id (mail_part);
|
||
|
|
||
|
- if (!e_mail_part_has_validity (mail_part))
|
||
|
+ if (!e_mail_part_id_has_prefix (mail_part, part_id_prefix))
|
||
|
continue;
|
||
|
|
||
|
- if (!e_mail_part_id_has_prefix (mail_part, part_id_prefix))
|
||
|
+ if (should_skip_part (id))
|
||
|
continue;
|
||
|
|
||
|
- if (e_mail_part_get_validity (mail_part, E_MAIL_PART_VALIDITY_PGP | E_MAIL_PART_VALIDITY_SIGNED)) {
|
||
|
- g_string_append (tmp, _("GPG signed"));
|
||
|
+ if (!e_mail_part_has_validity (mail_part)) {
|
||
|
+ /* A part without validity, thus it's partially signed/encrypted */
|
||
|
+ is_partial = TRUE;
|
||
|
+ } else {
|
||
|
+ guint32 validies = 0;
|
||
|
+ for (ii = 0; ii < G_N_ELEMENTS (validity_flags); ii++) {
|
||
|
+ if (e_mail_part_get_validity (mail_part, validity_flags[ii].flags))
|
||
|
+ validies |= validity_flags[ii].flags;
|
||
|
+ }
|
||
|
+ check_valid_flags |= validies;
|
||
|
}
|
||
|
|
||
|
- if (e_mail_part_get_validity (mail_part, E_MAIL_PART_VALIDITY_PGP | E_MAIL_PART_VALIDITY_ENCRYPTED)) {
|
||
|
- if (tmp->len > 0)
|
||
|
- g_string_append (tmp, ", ");
|
||
|
- g_string_append (tmp, _("GPG encrypted"));
|
||
|
- }
|
||
|
+ /* Do not traverse sub-messages */
|
||
|
+ if (g_str_has_suffix (e_mail_part_get_id (mail_part), ".rfc822") &&
|
||
|
+ !g_str_equal (e_mail_part_get_id (mail_part), part_id_prefix))
|
||
|
+ link = e_mail_formatter_find_rfc822_end_iter (link);
|
||
|
+ }
|
||
|
|
||
|
- if (e_mail_part_get_validity (mail_part, E_MAIL_PART_VALIDITY_SMIME | E_MAIL_PART_VALIDITY_SIGNED)) {
|
||
|
- if (tmp->len > 0)
|
||
|
- g_string_append (tmp, ", ");
|
||
|
- g_string_append (tmp, _("S/MIME signed"));
|
||
|
+ if (check_valid_flags) {
|
||
|
+ GString *tmp;
|
||
|
+
|
||
|
+ if (!is_partial) {
|
||
|
+ for (link = head; link != NULL && !is_partial; link = g_list_next (link)) {
|
||
|
+ EMailPart *mail_part = link->data;
|
||
|
+ const gchar *id = e_mail_part_get_id (mail_part);
|
||
|
+
|
||
|
+ if (!e_mail_part_id_has_prefix (mail_part, part_id_prefix))
|
||
|
+ continue;
|
||
|
+
|
||
|
+ if (should_skip_part (id))
|
||
|
+ continue;
|
||
|
+
|
||
|
+ if (!e_mail_part_has_validity (mail_part)) {
|
||
|
+ /* A part without validity, thus it's partially signed/encrypted */
|
||
|
+ is_partial = TRUE;
|
||
|
+ break;
|
||
|
+ }
|
||
|
+
|
||
|
+ is_partial = !e_mail_part_get_validity (mail_part, check_valid_flags);
|
||
|
+
|
||
|
+ /* Do not traverse sub-messages */
|
||
|
+ if (g_str_has_suffix (e_mail_part_get_id (mail_part), ".rfc822") &&
|
||
|
+ !g_str_equal (e_mail_part_get_id (mail_part), part_id_prefix))
|
||
|
+ link = e_mail_formatter_find_rfc822_end_iter (link);
|
||
|
+ }
|
||
|
}
|
||
|
|
||
|
- if (e_mail_part_get_validity (mail_part, E_MAIL_PART_VALIDITY_SMIME | E_MAIL_PART_VALIDITY_ENCRYPTED)) {
|
||
|
- if (tmp->len > 0)
|
||
|
- g_string_append (tmp, ", ");
|
||
|
- g_string_append (tmp, _("S/MIME encrypted"));
|
||
|
+ /* Add encryption/signature header */
|
||
|
+ tmp = g_string_new ("");
|
||
|
+
|
||
|
+ for (link = head; link; link = g_list_next (link)) {
|
||
|
+ EMailPart *mail_part = link->data;
|
||
|
+ const gchar *id = e_mail_part_get_id (mail_part);
|
||
|
+
|
||
|
+ if (!e_mail_part_has_validity (mail_part) ||
|
||
|
+ !e_mail_part_id_has_prefix (mail_part, part_id_prefix))
|
||
|
+ continue;
|
||
|
+
|
||
|
+ if (should_skip_part (id))
|
||
|
+ continue;
|
||
|
+
|
||
|
+ for (ii = 0; ii < G_N_ELEMENTS (validity_flags); ii++) {
|
||
|
+ if (e_mail_part_get_validity (mail_part, validity_flags[ii].flags)) {
|
||
|
+ if (tmp->len > 0)
|
||
|
+ g_string_append (tmp, ", ");
|
||
|
+ g_string_append (tmp, is_partial ? _(validity_flags[ii].description_partial) : _(validity_flags[ii].description_complete));
|
||
|
+ }
|
||
|
+ }
|
||
|
+
|
||
|
+ break;
|
||
|
}
|
||
|
|
||
|
- break;
|
||
|
- }
|
||
|
+ if (tmp->len > 0)
|
||
|
+ e_mail_formatter_format_header (formatter, buffer, _("Security"), tmp->str, flags, "UTF-8");
|
||
|
|
||
|
- if (tmp->len > 0) {
|
||
|
- e_mail_formatter_format_header (
|
||
|
- formatter, buffer,
|
||
|
- _("Security"), tmp->str,
|
||
|
- flags,
|
||
|
- "UTF-8");
|
||
|
+ g_string_free (tmp, TRUE);
|
||
|
}
|
||
|
|
||
|
+ #undef should_skip_part
|
||
|
+
|
||
|
while (!g_queue_is_empty (&queue))
|
||
|
g_object_unref (g_queue_pop_head (&queue));
|
||
|
|
||
|
- g_string_free (tmp, TRUE);
|
||
|
g_free (part_id_prefix);
|
||
|
}
|
||
|
diff -up evolution-3.28.5/src/em-format/e-mail-parser-application-smime.c.cve-2018-15587-reposition-signature-bar evolution-3.28.5/src/em-format/e-mail-parser-application-smime.c
|
||
|
--- evolution-3.28.5/src/em-format/e-mail-parser-application-smime.c.cve-2018-15587-reposition-signature-bar 2018-07-30 15:37:05.000000000 +0200
|
||
|
+++ evolution-3.28.5/src/em-format/e-mail-parser-application-smime.c 2019-10-24 16:21:32.730944332 +0200
|
||
|
@@ -22,6 +22,7 @@
|
||
|
|
||
|
#include <e-util/e-util.h>
|
||
|
|
||
|
+#include "e-mail-formatter-utils.h"
|
||
|
#include "e-mail-parser-extension.h"
|
||
|
#include "e-mail-part-utils.h"
|
||
|
|
||
|
@@ -104,6 +105,10 @@ empe_app_smime_parse (EMailParserExtensi
|
||
|
mail_part, valid,
|
||
|
E_MAIL_PART_VALIDITY_ENCRYPTED |
|
||
|
E_MAIL_PART_VALIDITY_SMIME);
|
||
|
+
|
||
|
+ /* Do not traverse sub-messages */
|
||
|
+ if (g_str_has_suffix (e_mail_part_get_id (mail_part), ".rfc822"))
|
||
|
+ link = e_mail_formatter_find_rfc822_end_iter (link);
|
||
|
}
|
||
|
|
||
|
e_queue_transfer (&work_queue, out_mail_parts);
|
||
|
diff -up evolution-3.28.5/src/em-format/e-mail-parser.c.cve-2018-15587-reposition-signature-bar evolution-3.28.5/src/em-format/e-mail-parser.c
|
||
|
--- evolution-3.28.5/src/em-format/e-mail-parser.c.cve-2018-15587-reposition-signature-bar 2018-07-30 15:37:05.000000000 +0200
|
||
|
+++ evolution-3.28.5/src/em-format/e-mail-parser.c 2019-10-24 16:21:32.729944332 +0200
|
||
|
@@ -79,6 +79,67 @@ GType e_mail_parser_application_smime_ge
|
||
|
static gpointer parent_class;
|
||
|
|
||
|
static void
|
||
|
+mail_parser_move_security_before_headers (GQueue *part_queue)
|
||
|
+{
|
||
|
+ GList *link, *last_headers = NULL;
|
||
|
+ GSList *headers_stack = NULL;
|
||
|
+
|
||
|
+ link = g_queue_peek_head_link (part_queue);
|
||
|
+ while (link) {
|
||
|
+ EMailPart *part = link->data;
|
||
|
+ const gchar *id;
|
||
|
+
|
||
|
+ if (!part) {
|
||
|
+ link = g_list_next (link);
|
||
|
+ continue;
|
||
|
+ }
|
||
|
+
|
||
|
+ id = e_mail_part_get_id (part);
|
||
|
+ if (!id) {
|
||
|
+ link = g_list_next (link);
|
||
|
+ continue;
|
||
|
+ }
|
||
|
+
|
||
|
+ if (g_str_has_suffix (id, ".rfc822")) {
|
||
|
+ headers_stack = g_slist_prepend (headers_stack, last_headers);
|
||
|
+ last_headers = NULL;
|
||
|
+ } else if (g_str_has_suffix (id, ".rfc822.end")) {
|
||
|
+ g_warn_if_fail (headers_stack != NULL);
|
||
|
+
|
||
|
+ if (headers_stack) {
|
||
|
+ last_headers = headers_stack->data;
|
||
|
+ headers_stack = g_slist_remove (headers_stack, last_headers);
|
||
|
+ } else {
|
||
|
+ last_headers = NULL;
|
||
|
+ }
|
||
|
+ }
|
||
|
+
|
||
|
+ if (g_strcmp0 (e_mail_part_get_mime_type (part), "application/vnd.evolution.headers") == 0) {
|
||
|
+ last_headers = link;
|
||
|
+ link = g_list_next (link);
|
||
|
+ } else if (g_strcmp0 (e_mail_part_get_mime_type (part), "application/vnd.evolution.secure-button") == 0) {
|
||
|
+ g_warn_if_fail (last_headers != NULL);
|
||
|
+
|
||
|
+ if (last_headers) {
|
||
|
+ GList *next = g_list_next (link);
|
||
|
+
|
||
|
+ g_warn_if_fail (g_queue_remove (part_queue, part));
|
||
|
+ g_queue_insert_before (part_queue, last_headers, part);
|
||
|
+
|
||
|
+ link = next;
|
||
|
+ } else {
|
||
|
+ link = g_list_next (link);
|
||
|
+ }
|
||
|
+ } else {
|
||
|
+ link = g_list_next (link);
|
||
|
+ }
|
||
|
+ }
|
||
|
+
|
||
|
+ g_warn_if_fail (headers_stack == NULL);
|
||
|
+ g_slist_free (headers_stack);
|
||
|
+}
|
||
|
+
|
||
|
+static void
|
||
|
mail_parser_run (EMailParser *parser,
|
||
|
EMailPartList *part_list,
|
||
|
GCancellable *cancellable)
|
||
|
@@ -132,6 +193,8 @@ mail_parser_run (EMailParser *parser,
|
||
|
break;
|
||
|
}
|
||
|
|
||
|
+ mail_parser_move_security_before_headers (&mail_part_queue);
|
||
|
+
|
||
|
while (!g_queue_is_empty (&mail_part_queue)) {
|
||
|
mail_part = g_queue_pop_head (&mail_part_queue);
|
||
|
e_mail_part_list_add_part (part_list, mail_part);
|
||
|
diff -up evolution-3.28.5/src/em-format/e-mail-parser-inlinepgp-encrypted.c.cve-2018-15587-reposition-signature-bar evolution-3.28.5/src/em-format/e-mail-parser-inlinepgp-encrypted.c
|
||
|
--- evolution-3.28.5/src/em-format/e-mail-parser-inlinepgp-encrypted.c.cve-2018-15587-reposition-signature-bar 2018-07-30 15:37:05.000000000 +0200
|
||
|
+++ evolution-3.28.5/src/em-format/e-mail-parser-inlinepgp-encrypted.c 2019-10-24 16:21:32.730944332 +0200
|
||
|
@@ -22,6 +22,7 @@
|
||
|
|
||
|
#include <e-util/e-util.h>
|
||
|
|
||
|
+#include "e-mail-formatter-utils.h"
|
||
|
#include "e-mail-parser-extension.h"
|
||
|
#include "e-mail-part-utils.h"
|
||
|
|
||
|
@@ -135,6 +136,10 @@ empe_inlinepgp_encrypted_parse (EMailPar
|
||
|
mail_part, valid,
|
||
|
E_MAIL_PART_VALIDITY_ENCRYPTED |
|
||
|
E_MAIL_PART_VALIDITY_PGP);
|
||
|
+
|
||
|
+ /* Do not traverse sub-messages */
|
||
|
+ if (g_str_has_suffix (e_mail_part_get_id (mail_part), ".rfc822"))
|
||
|
+ link = e_mail_formatter_find_rfc822_end_iter (link);
|
||
|
}
|
||
|
|
||
|
e_queue_transfer (&work_queue, out_mail_parts);
|
||
|
diff -up evolution-3.28.5/src/em-format/e-mail-parser-inlinepgp-signed.c.cve-2018-15587-reposition-signature-bar evolution-3.28.5/src/em-format/e-mail-parser-inlinepgp-signed.c
|
||
|
--- evolution-3.28.5/src/em-format/e-mail-parser-inlinepgp-signed.c.cve-2018-15587-reposition-signature-bar 2018-07-30 15:37:05.000000000 +0200
|
||
|
+++ evolution-3.28.5/src/em-format/e-mail-parser-inlinepgp-signed.c 2019-10-24 16:21:32.731944332 +0200
|
||
|
@@ -22,6 +22,7 @@
|
||
|
|
||
|
#include <e-util/e-util.h>
|
||
|
|
||
|
+#include "e-mail-formatter-utils.h"
|
||
|
#include "e-mail-parser-extension.h"
|
||
|
#include "e-mail-part-utils.h"
|
||
|
|
||
|
@@ -142,6 +143,10 @@ empe_inlinepgp_signed_parse (EMailParser
|
||
|
mail_part, valid,
|
||
|
E_MAIL_PART_VALIDITY_SIGNED |
|
||
|
E_MAIL_PART_VALIDITY_PGP);
|
||
|
+
|
||
|
+ /* Do not traverse sub-messages */
|
||
|
+ if (g_str_has_suffix (e_mail_part_get_id (mail_part), ".rfc822"))
|
||
|
+ link = e_mail_formatter_find_rfc822_end_iter (link);
|
||
|
}
|
||
|
|
||
|
e_queue_transfer (&work_queue, out_mail_parts);
|
||
|
diff -up evolution-3.28.5/src/em-format/e-mail-parser-multipart-encrypted.c.cve-2018-15587-reposition-signature-bar evolution-3.28.5/src/em-format/e-mail-parser-multipart-encrypted.c
|
||
|
--- evolution-3.28.5/src/em-format/e-mail-parser-multipart-encrypted.c.cve-2018-15587-reposition-signature-bar 2018-07-30 15:37:05.000000000 +0200
|
||
|
+++ evolution-3.28.5/src/em-format/e-mail-parser-multipart-encrypted.c 2019-10-24 16:21:32.731944332 +0200
|
||
|
@@ -21,6 +21,7 @@
|
||
|
|
||
|
#include <libedataserver/libedataserver.h>
|
||
|
|
||
|
+#include "e-mail-formatter-utils.h"
|
||
|
#include "e-mail-parser-extension.h"
|
||
|
#include "e-mail-part-utils.h"
|
||
|
|
||
|
@@ -126,6 +127,10 @@ empe_mp_encrypted_parse (EMailParserExte
|
||
|
mail_part, valid,
|
||
|
E_MAIL_PART_VALIDITY_ENCRYPTED |
|
||
|
E_MAIL_PART_VALIDITY_PGP);
|
||
|
+
|
||
|
+ /* Do not traverse sub-messages */
|
||
|
+ if (g_str_has_suffix (e_mail_part_get_id (mail_part), ".rfc822"))
|
||
|
+ link = e_mail_formatter_find_rfc822_end_iter (link);
|
||
|
}
|
||
|
|
||
|
e_queue_transfer (&work_queue, out_mail_parts);
|
||
|
diff -up evolution-3.28.5/src/em-format/e-mail-parser-multipart-signed.c.cve-2018-15587-reposition-signature-bar evolution-3.28.5/src/em-format/e-mail-parser-multipart-signed.c
|
||
|
--- evolution-3.28.5/src/em-format/e-mail-parser-multipart-signed.c.cve-2018-15587-reposition-signature-bar 2018-07-30 15:37:05.000000000 +0200
|
||
|
+++ evolution-3.28.5/src/em-format/e-mail-parser-multipart-signed.c 2019-10-24 16:21:32.731944332 +0200
|
||
|
@@ -21,6 +21,7 @@
|
||
|
|
||
|
#include <libedataserver/libedataserver.h>
|
||
|
|
||
|
+#include "e-mail-formatter-utils.h"
|
||
|
#include "e-mail-parser-extension.h"
|
||
|
#include "e-mail-part-utils.h"
|
||
|
|
||
|
@@ -170,6 +171,10 @@ empe_mp_signed_parse (EMailParserExtensi
|
||
|
e_mail_part_update_validity (
|
||
|
mail_part, valid,
|
||
|
validity_type | E_MAIL_PART_VALIDITY_SIGNED);
|
||
|
+
|
||
|
+ /* Do not traverse sub-messages */
|
||
|
+ if (g_str_has_suffix (e_mail_part_get_id (mail_part), ".rfc822"))
|
||
|
+ link = e_mail_formatter_find_rfc822_end_iter (link);
|
||
|
}
|
||
|
|
||
|
e_queue_transfer (&work_queue, out_mail_parts);
|
||
|
diff -up evolution-3.28.5/src/em-format/e-mail-part.c.cve-2018-15587-reposition-signature-bar evolution-3.28.5/src/em-format/e-mail-part.c
|
||
|
--- evolution-3.28.5/src/em-format/e-mail-part.c.cve-2018-15587-reposition-signature-bar 2018-07-30 15:37:05.000000000 +0200
|
||
|
+++ evolution-3.28.5/src/em-format/e-mail-part.c 2019-10-24 16:21:32.731944332 +0200
|
||
|
@@ -662,6 +662,15 @@ e_mail_part_update_validity (EMailPart *
|
||
|
|
||
|
mask = E_MAIL_PART_VALIDITY_PGP | E_MAIL_PART_VALIDITY_SMIME;
|
||
|
|
||
|
+ /* Auto-add flags when the related part is present */
|
||
|
+ if (!(validity_type & E_MAIL_PART_VALIDITY_SIGNED) &&
|
||
|
+ validity->sign.status != CAMEL_CIPHER_VALIDITY_SIGN_NONE)
|
||
|
+ validity_type |= E_MAIL_PART_VALIDITY_SIGNED;
|
||
|
+
|
||
|
+ if (!(validity_type & E_MAIL_PART_VALIDITY_ENCRYPTED) &&
|
||
|
+ validity->encrypt.status != CAMEL_CIPHER_VALIDITY_ENCRYPT_NONE)
|
||
|
+ validity_type |= E_MAIL_PART_VALIDITY_ENCRYPTED;
|
||
|
+
|
||
|
pair = mail_part_find_validity_pair (part, validity_type & mask);
|
||
|
if (pair != NULL) {
|
||
|
pair->validity_type |= validity_type;
|