However, a bug in current GMime 2.6 causes notmuch not to report
signatures where the signer key is unavailable (GNOME bug 668085).
+Notmuch 0.11.1 (2012-02-03)
+===========================
+
+Bug-fix release.
+----------------
+
+Fix error handling in python bindings.
+
+ The python bindings in 0.11 failed to detect NULL pointers being
+ returned from libnotmuch functions and thus failed to raise
+ exceptions to indicate the error condition. Any subsequent calls
+ into libnotmuch caused segmentation faults.
+
+Quote MML tags in replies
+
+ MML tags are text codes that Emacs uses to indicate attachments
+ (among other things) in messages being composed. The Emacs
+ interface did not quote MML tags in the quoted text of a reply.
+ User could be tricked into replying to a maliciously formatted
+ message and not editing out the MML tags from the quoted text. This
+ could lead to files from the user's machine being attached to the
+ outgoing message. The Emacs interface now quotes these tags in
+ reply text, so that they do not effect outgoing messages.
+
Notmuch 0.11 (2012-01-13)
=========================
# this file should be kept in sync with ../../../version
-__VERSION__ = '0.11'
+__VERSION__ = '0.11.1'
+notmuch (0.11.1-1) unstable; urgency=low
+
+ * Upstream bugfix release
+ - Fix error handling bug in python bindings
+ - Fix vulnerability in emacs reply handling
+
+ -- David Bremner <bremner@debian.org> Fri, 03 Feb 2012 08:35:41 -0400
+
notmuch (0.11-1) unstable; urgency=low
* New upstream release.
(push-mark))
(set-buffer-modified-p nil)
- (message-goto-body))
+ (message-goto-body)
+ ;; Original message may contain (malicious) MML tags. We must
+ ;; properly quote them in the reply. Note that using `point-max'
+ ;; instead of `mark' here is wrong. The buffer may include user's
+ ;; signature which should not be MML-quoted.
+ (mml-quote-region (point) (point-max)))
(defun notmuch-mua-forward-message ()
(message-forward)
EOF
test_expect_equal_file OUTPUT EXPECTED
+test_begin_subtest "Quote MML tags in reply"
+message_id='test-emacs-mml-quoting@message.id'
+add_message [id]="$message_id" \
+ "[subject]='$test_subtest_name'" \
+ '[body]="<#part disposition=inline>"'
+test_emacs "(notmuch-show \"id:$message_id\")
+ (notmuch-show-reply)
+ (test-output)"
+cat <<EOF >EXPECTED
+From: Notmuch Test Suite <test_suite@notmuchmail.org>
+To:
+Subject: Re: Quote MML tags in reply
+In-Reply-To: <test-emacs-mml-quoting@message.id>
+Fcc: ${MAIL_DIR}/sent
+--text follows this line--
+On Tue, 05 Jan 2001 15:43:57 -0000, Notmuch Test Suite <test_suite@notmuchmail.org> wrote:
+> <#!part disposition=inline>
+EOF
+test_expect_equal_file OUTPUT EXPECTED
+
test_begin_subtest "Save attachment from within emacs using notmuch-show-save-attachments"
# save as archive to test that Emacs does not re-compress .gz
test_emacs '(let ((standard-input "\"attachment1.gz\""))
projects / notmuch / commitdiff