evolution/SOURCES/evolution-3.28.5-cve-2018-15587-reposition-signature-bar.patch
2021-09-09 16:26:16 +00:00

384 lines
14 KiB
Diff

diff -up evolution-3.28.5/src/em-format/e-mail-formatter-utils.c.cve-2018-15587-reposition-signature-bar evolution-3.28.5/src/em-format/e-mail-formatter-utils.c
--- evolution-3.28.5/src/em-format/e-mail-formatter-utils.c.cve-2018-15587-reposition-signature-bar 2018-07-30 15:37:05.000000000 +0200
+++ evolution-3.28.5/src/em-format/e-mail-formatter-utils.c 2019-10-24 16:21:32.730944332 +0200
@@ -549,71 +549,136 @@ e_mail_formatter_format_security_header
EMailPart *part,
guint32 flags)
{
- const gchar* part_id;
- gchar* part_id_prefix;
- GString* tmp;
+ struct _validity_flags {
+ guint32 flags;
+ const gchar *description_complete;
+ const gchar *description_partial;
+ } validity_flags[] = {
+ { E_MAIL_PART_VALIDITY_PGP | E_MAIL_PART_VALIDITY_SIGNED, N_("GPG signed"), N_("partially GPG signed") },
+ { E_MAIL_PART_VALIDITY_PGP | E_MAIL_PART_VALIDITY_ENCRYPTED, N_("GPG encrypted"), N_("partially GPG encrypted") },
+ { E_MAIL_PART_VALIDITY_SMIME | E_MAIL_PART_VALIDITY_SIGNED, N_("S/MIME signed"), N_("partially S/MIME signed") },
+ { E_MAIL_PART_VALIDITY_SMIME | E_MAIL_PART_VALIDITY_ENCRYPTED, N_("S/MIME encrypted"), N_("partially S/MIME encrypted") }
+ };
+ const gchar *part_id;
+ gchar *part_id_prefix;
GQueue queue = G_QUEUE_INIT;
GList *head, *link;
+ guint32 check_valid_flags = 0;
+ gint part_id_prefix_len;
+ gboolean is_partial = FALSE;
+ guint ii;
g_return_if_fail (E_IS_MAIL_PART_HEADERS (part));
/* Get prefix of this PURI */
part_id = e_mail_part_get_id (part);
part_id_prefix = g_strndup (part_id, g_strrstr (part_id, ".") - part_id);
-
- /* Add encryption/signature header */
- tmp = g_string_new ("");
+ part_id_prefix_len = strlen (part_id_prefix);
e_mail_part_list_queue_parts (context->part_list, NULL, &queue);
head = g_queue_peek_head_link (&queue);
- /* Find first secured part. */
- for (link = head; link != NULL; link = g_list_next(link)) {
+ /* Ignore the main message, the headers and the end parts */
+ #define should_skip_part(_id) \
+ (g_strcmp0 (_id, part_id_prefix) == 0 || \
+ (_id && g_str_has_suffix (_id, ".rfc822.end")) || \
+ (_id && strlen (_id) == part_id_prefix_len + 8 /* strlen (".headers") */ && \
+ g_strcmp0 (_id + part_id_prefix_len, ".headers") == 0))
+
+ /* Check parts for this ID. */
+ for (link = head; link != NULL; link = g_list_next (link)) {
EMailPart *mail_part = link->data;
+ const gchar *id = e_mail_part_get_id (mail_part);
- if (!e_mail_part_has_validity (mail_part))
+ if (!e_mail_part_id_has_prefix (mail_part, part_id_prefix))
continue;
- if (!e_mail_part_id_has_prefix (mail_part, part_id_prefix))
+ if (should_skip_part (id))
continue;
- if (e_mail_part_get_validity (mail_part, E_MAIL_PART_VALIDITY_PGP | E_MAIL_PART_VALIDITY_SIGNED)) {
- g_string_append (tmp, _("GPG signed"));
+ if (!e_mail_part_has_validity (mail_part)) {
+ /* A part without validity, thus it's partially signed/encrypted */
+ is_partial = TRUE;
+ } else {
+ guint32 validies = 0;
+ for (ii = 0; ii < G_N_ELEMENTS (validity_flags); ii++) {
+ if (e_mail_part_get_validity (mail_part, validity_flags[ii].flags))
+ validies |= validity_flags[ii].flags;
+ }
+ check_valid_flags |= validies;
}
- if (e_mail_part_get_validity (mail_part, E_MAIL_PART_VALIDITY_PGP | E_MAIL_PART_VALIDITY_ENCRYPTED)) {
- if (tmp->len > 0)
- g_string_append (tmp, ", ");
- g_string_append (tmp, _("GPG encrypted"));
- }
+ /* Do not traverse sub-messages */
+ if (g_str_has_suffix (e_mail_part_get_id (mail_part), ".rfc822") &&
+ !g_str_equal (e_mail_part_get_id (mail_part), part_id_prefix))
+ link = e_mail_formatter_find_rfc822_end_iter (link);
+ }
- if (e_mail_part_get_validity (mail_part, E_MAIL_PART_VALIDITY_SMIME | E_MAIL_PART_VALIDITY_SIGNED)) {
- if (tmp->len > 0)
- g_string_append (tmp, ", ");
- g_string_append (tmp, _("S/MIME signed"));
+ if (check_valid_flags) {
+ GString *tmp;
+
+ if (!is_partial) {
+ for (link = head; link != NULL && !is_partial; link = g_list_next (link)) {
+ EMailPart *mail_part = link->data;
+ const gchar *id = e_mail_part_get_id (mail_part);
+
+ if (!e_mail_part_id_has_prefix (mail_part, part_id_prefix))
+ continue;
+
+ if (should_skip_part (id))
+ continue;
+
+ if (!e_mail_part_has_validity (mail_part)) {
+ /* A part without validity, thus it's partially signed/encrypted */
+ is_partial = TRUE;
+ break;
+ }
+
+ is_partial = !e_mail_part_get_validity (mail_part, check_valid_flags);
+
+ /* Do not traverse sub-messages */
+ if (g_str_has_suffix (e_mail_part_get_id (mail_part), ".rfc822") &&
+ !g_str_equal (e_mail_part_get_id (mail_part), part_id_prefix))
+ link = e_mail_formatter_find_rfc822_end_iter (link);
+ }
}
- if (e_mail_part_get_validity (mail_part, E_MAIL_PART_VALIDITY_SMIME | E_MAIL_PART_VALIDITY_ENCRYPTED)) {
- if (tmp->len > 0)
- g_string_append (tmp, ", ");
- g_string_append (tmp, _("S/MIME encrypted"));
+ /* Add encryption/signature header */
+ tmp = g_string_new ("");
+
+ for (link = head; link; link = g_list_next (link)) {
+ EMailPart *mail_part = link->data;
+ const gchar *id = e_mail_part_get_id (mail_part);
+
+ if (!e_mail_part_has_validity (mail_part) ||
+ !e_mail_part_id_has_prefix (mail_part, part_id_prefix))
+ continue;
+
+ if (should_skip_part (id))
+ continue;
+
+ for (ii = 0; ii < G_N_ELEMENTS (validity_flags); ii++) {
+ if (e_mail_part_get_validity (mail_part, validity_flags[ii].flags)) {
+ if (tmp->len > 0)
+ g_string_append (tmp, ", ");
+ g_string_append (tmp, is_partial ? _(validity_flags[ii].description_partial) : _(validity_flags[ii].description_complete));
+ }
+ }
+
+ break;
}
- break;
- }
+ if (tmp->len > 0)
+ e_mail_formatter_format_header (formatter, buffer, _("Security"), tmp->str, flags, "UTF-8");
- if (tmp->len > 0) {
- e_mail_formatter_format_header (
- formatter, buffer,
- _("Security"), tmp->str,
- flags,
- "UTF-8");
+ g_string_free (tmp, TRUE);
}
+ #undef should_skip_part
+
while (!g_queue_is_empty (&queue))
g_object_unref (g_queue_pop_head (&queue));
- g_string_free (tmp, TRUE);
g_free (part_id_prefix);
}
diff -up evolution-3.28.5/src/em-format/e-mail-parser-application-smime.c.cve-2018-15587-reposition-signature-bar evolution-3.28.5/src/em-format/e-mail-parser-application-smime.c
--- evolution-3.28.5/src/em-format/e-mail-parser-application-smime.c.cve-2018-15587-reposition-signature-bar 2018-07-30 15:37:05.000000000 +0200
+++ evolution-3.28.5/src/em-format/e-mail-parser-application-smime.c 2019-10-24 16:21:32.730944332 +0200
@@ -22,6 +22,7 @@
#include <e-util/e-util.h>
+#include "e-mail-formatter-utils.h"
#include "e-mail-parser-extension.h"
#include "e-mail-part-utils.h"
@@ -104,6 +105,10 @@ empe_app_smime_parse (EMailParserExtensi
mail_part, valid,
E_MAIL_PART_VALIDITY_ENCRYPTED |
E_MAIL_PART_VALIDITY_SMIME);
+
+ /* Do not traverse sub-messages */
+ if (g_str_has_suffix (e_mail_part_get_id (mail_part), ".rfc822"))
+ link = e_mail_formatter_find_rfc822_end_iter (link);
}
e_queue_transfer (&work_queue, out_mail_parts);
diff -up evolution-3.28.5/src/em-format/e-mail-parser.c.cve-2018-15587-reposition-signature-bar evolution-3.28.5/src/em-format/e-mail-parser.c
--- evolution-3.28.5/src/em-format/e-mail-parser.c.cve-2018-15587-reposition-signature-bar 2018-07-30 15:37:05.000000000 +0200
+++ evolution-3.28.5/src/em-format/e-mail-parser.c 2019-10-24 16:21:32.729944332 +0200
@@ -79,6 +79,67 @@ GType e_mail_parser_application_smime_ge
static gpointer parent_class;
static void
+mail_parser_move_security_before_headers (GQueue *part_queue)
+{
+ GList *link, *last_headers = NULL;
+ GSList *headers_stack = NULL;
+
+ link = g_queue_peek_head_link (part_queue);
+ while (link) {
+ EMailPart *part = link->data;
+ const gchar *id;
+
+ if (!part) {
+ link = g_list_next (link);
+ continue;
+ }
+
+ id = e_mail_part_get_id (part);
+ if (!id) {
+ link = g_list_next (link);
+ continue;
+ }
+
+ if (g_str_has_suffix (id, ".rfc822")) {
+ headers_stack = g_slist_prepend (headers_stack, last_headers);
+ last_headers = NULL;
+ } else if (g_str_has_suffix (id, ".rfc822.end")) {
+ g_warn_if_fail (headers_stack != NULL);
+
+ if (headers_stack) {
+ last_headers = headers_stack->data;
+ headers_stack = g_slist_remove (headers_stack, last_headers);
+ } else {
+ last_headers = NULL;
+ }
+ }
+
+ if (g_strcmp0 (e_mail_part_get_mime_type (part), "application/vnd.evolution.headers") == 0) {
+ last_headers = link;
+ link = g_list_next (link);
+ } else if (g_strcmp0 (e_mail_part_get_mime_type (part), "application/vnd.evolution.secure-button") == 0) {
+ g_warn_if_fail (last_headers != NULL);
+
+ if (last_headers) {
+ GList *next = g_list_next (link);
+
+ g_warn_if_fail (g_queue_remove (part_queue, part));
+ g_queue_insert_before (part_queue, last_headers, part);
+
+ link = next;
+ } else {
+ link = g_list_next (link);
+ }
+ } else {
+ link = g_list_next (link);
+ }
+ }
+
+ g_warn_if_fail (headers_stack == NULL);
+ g_slist_free (headers_stack);
+}
+
+static void
mail_parser_run (EMailParser *parser,
EMailPartList *part_list,
GCancellable *cancellable)
@@ -132,6 +193,8 @@ mail_parser_run (EMailParser *parser,
break;
}
+ mail_parser_move_security_before_headers (&mail_part_queue);
+
while (!g_queue_is_empty (&mail_part_queue)) {
mail_part = g_queue_pop_head (&mail_part_queue);
e_mail_part_list_add_part (part_list, mail_part);
diff -up evolution-3.28.5/src/em-format/e-mail-parser-inlinepgp-encrypted.c.cve-2018-15587-reposition-signature-bar evolution-3.28.5/src/em-format/e-mail-parser-inlinepgp-encrypted.c
--- evolution-3.28.5/src/em-format/e-mail-parser-inlinepgp-encrypted.c.cve-2018-15587-reposition-signature-bar 2018-07-30 15:37:05.000000000 +0200
+++ evolution-3.28.5/src/em-format/e-mail-parser-inlinepgp-encrypted.c 2019-10-24 16:21:32.730944332 +0200
@@ -22,6 +22,7 @@
#include <e-util/e-util.h>
+#include "e-mail-formatter-utils.h"
#include "e-mail-parser-extension.h"
#include "e-mail-part-utils.h"
@@ -135,6 +136,10 @@ empe_inlinepgp_encrypted_parse (EMailPar
mail_part, valid,
E_MAIL_PART_VALIDITY_ENCRYPTED |
E_MAIL_PART_VALIDITY_PGP);
+
+ /* Do not traverse sub-messages */
+ if (g_str_has_suffix (e_mail_part_get_id (mail_part), ".rfc822"))
+ link = e_mail_formatter_find_rfc822_end_iter (link);
}
e_queue_transfer (&work_queue, out_mail_parts);
diff -up evolution-3.28.5/src/em-format/e-mail-parser-inlinepgp-signed.c.cve-2018-15587-reposition-signature-bar evolution-3.28.5/src/em-format/e-mail-parser-inlinepgp-signed.c
--- evolution-3.28.5/src/em-format/e-mail-parser-inlinepgp-signed.c.cve-2018-15587-reposition-signature-bar 2018-07-30 15:37:05.000000000 +0200
+++ evolution-3.28.5/src/em-format/e-mail-parser-inlinepgp-signed.c 2019-10-24 16:21:32.731944332 +0200
@@ -22,6 +22,7 @@
#include <e-util/e-util.h>
+#include "e-mail-formatter-utils.h"
#include "e-mail-parser-extension.h"
#include "e-mail-part-utils.h"
@@ -142,6 +143,10 @@ empe_inlinepgp_signed_parse (EMailParser
mail_part, valid,
E_MAIL_PART_VALIDITY_SIGNED |
E_MAIL_PART_VALIDITY_PGP);
+
+ /* Do not traverse sub-messages */
+ if (g_str_has_suffix (e_mail_part_get_id (mail_part), ".rfc822"))
+ link = e_mail_formatter_find_rfc822_end_iter (link);
}
e_queue_transfer (&work_queue, out_mail_parts);
diff -up evolution-3.28.5/src/em-format/e-mail-parser-multipart-encrypted.c.cve-2018-15587-reposition-signature-bar evolution-3.28.5/src/em-format/e-mail-parser-multipart-encrypted.c
--- evolution-3.28.5/src/em-format/e-mail-parser-multipart-encrypted.c.cve-2018-15587-reposition-signature-bar 2018-07-30 15:37:05.000000000 +0200
+++ evolution-3.28.5/src/em-format/e-mail-parser-multipart-encrypted.c 2019-10-24 16:21:32.731944332 +0200
@@ -21,6 +21,7 @@
#include <libedataserver/libedataserver.h>
+#include "e-mail-formatter-utils.h"
#include "e-mail-parser-extension.h"
#include "e-mail-part-utils.h"
@@ -126,6 +127,10 @@ empe_mp_encrypted_parse (EMailParserExte
mail_part, valid,
E_MAIL_PART_VALIDITY_ENCRYPTED |
E_MAIL_PART_VALIDITY_PGP);
+
+ /* Do not traverse sub-messages */
+ if (g_str_has_suffix (e_mail_part_get_id (mail_part), ".rfc822"))
+ link = e_mail_formatter_find_rfc822_end_iter (link);
}
e_queue_transfer (&work_queue, out_mail_parts);
diff -up evolution-3.28.5/src/em-format/e-mail-parser-multipart-signed.c.cve-2018-15587-reposition-signature-bar evolution-3.28.5/src/em-format/e-mail-parser-multipart-signed.c
--- evolution-3.28.5/src/em-format/e-mail-parser-multipart-signed.c.cve-2018-15587-reposition-signature-bar 2018-07-30 15:37:05.000000000 +0200
+++ evolution-3.28.5/src/em-format/e-mail-parser-multipart-signed.c 2019-10-24 16:21:32.731944332 +0200
@@ -21,6 +21,7 @@
#include <libedataserver/libedataserver.h>
+#include "e-mail-formatter-utils.h"
#include "e-mail-parser-extension.h"
#include "e-mail-part-utils.h"
@@ -170,6 +171,10 @@ empe_mp_signed_parse (EMailParserExtensi
e_mail_part_update_validity (
mail_part, valid,
validity_type | E_MAIL_PART_VALIDITY_SIGNED);
+
+ /* Do not traverse sub-messages */
+ if (g_str_has_suffix (e_mail_part_get_id (mail_part), ".rfc822"))
+ link = e_mail_formatter_find_rfc822_end_iter (link);
}
e_queue_transfer (&work_queue, out_mail_parts);
diff -up evolution-3.28.5/src/em-format/e-mail-part.c.cve-2018-15587-reposition-signature-bar evolution-3.28.5/src/em-format/e-mail-part.c
--- evolution-3.28.5/src/em-format/e-mail-part.c.cve-2018-15587-reposition-signature-bar 2018-07-30 15:37:05.000000000 +0200
+++ evolution-3.28.5/src/em-format/e-mail-part.c 2019-10-24 16:21:32.731944332 +0200
@@ -662,6 +662,15 @@ e_mail_part_update_validity (EMailPart *
mask = E_MAIL_PART_VALIDITY_PGP | E_MAIL_PART_VALIDITY_SMIME;
+ /* Auto-add flags when the related part is present */
+ if (!(validity_type & E_MAIL_PART_VALIDITY_SIGNED) &&
+ validity->sign.status != CAMEL_CIPHER_VALIDITY_SIGN_NONE)
+ validity_type |= E_MAIL_PART_VALIDITY_SIGNED;
+
+ if (!(validity_type & E_MAIL_PART_VALIDITY_ENCRYPTED) &&
+ validity->encrypt.status != CAMEL_CIPHER_VALIDITY_ENCRYPT_NONE)
+ validity_type |= E_MAIL_PART_VALIDITY_ENCRYPTED;
+
pair = mail_part_find_validity_pair (part, validity_type & mask);
if (pair != NULL) {
pair->validity_type |= validity_type;