Package: enigmail
Version: 0.94.2-1
Followup-For: Bug #423531
Dear maintainer,
In order to ease the process of submitting (or not ?) a Stable update,
I attached to this mail:
* An example debdiff of such an update.
* The diff of the enigmail sources, from which I have removed :
- The files in the CVS directories,
- Changes which are just increases of version numbers,
- Temporary files left by editors.
Hope this helps,
--
Charles Plessy,
Wako, Saitama, Japan
Les fichiers binaires
/tmp/GSXLKoqL1w/enigmail-0.94.2/archives/enigmail-0.94.2.tar.gz et
/tmp/Pkdujq4tRr/enigmail-0.94.4/archives/enigmail-0.94.2.tar.gz sont différents.
Les fichiers binaires
/tmp/GSXLKoqL1w/enigmail-0.94.2/archives/enigmail-0.94.4.tar.gz et
/tmp/Pkdujq4tRr/enigmail-0.94.4/archives/enigmail-0.94.4.tar.gz sont différents.
diff -Nru /tmp/GSXLKoqL1w/enigmail-0.94.2/debian/changelog
/tmp/Pkdujq4tRr/enigmail-0.94.4/debian/changelog
--- /tmp/GSXLKoqL1w/enigmail-0.94.2/debian/changelog 2007-08-28
17:03:40.000000000 +0900
+++ /tmp/Pkdujq4tRr/enigmail-0.94.4/debian/changelog 2007-08-28
17:03:41.000000000 +0900
@@ -1,3 +1,9 @@
+enigmail (2:0.94.4-1) unstable; urgency=low
+
+ * New upstream release (Closes: #423531)
+
+ -- Charles Plessy <[EMAIL PROTECTED]> Tue, 28 Aug 2007 08:56:23 +0900
+
enigmail (2:0.94.2-1) unstable; urgency=high
* new upstream version fixes potential security issue (Closes: 406604)
diff -Nru /tmp/GSXLKoqL1w/enigmail-0.94.2/debian/rules.thunderbird
/tmp/Pkdujq4tRr/enigmail-0.94.4/debian/rules.thunderbird
--- /tmp/GSXLKoqL1w/enigmail-0.94.2/debian/rules.thunderbird 2007-08-28
17:03:40.000000000 +0900
+++ /tmp/Pkdujq4tRr/enigmail-0.94.4/debian/rules.thunderbird 2007-08-28
17:03:41.000000000 +0900
@@ -16,7 +16,7 @@
export MOZSDK_EXTENSIONS_DEPTH=../..
export PATCH_DEPTH=2
-ENIGMAIL_VERS=0.94.2
+ENIGMAIL_VERS=0.94.4
IPC_VERS=1.1.3
ENIG_EXT_ID={847b3a00-7ab1-11d4-8f02-006008948af5}
diff -pruN enigmail-0.94.2/enigmail/package/enigmail.js enigmail-0.94.4/enigmail/package/enigmail.js
--- enigmail-0.94.2/enigmail/package/enigmail.js 2007-01-11 19:40:28.000000000 +0900
+++ enigmail-0.94.4/enigmail/package/enigmail.js 2007-06-25 17:37:09.000000000 +0900
@@ -127,6 +127,8 @@ var gXULOwner = null; // Global
var gEnvList = []; // Global environment list
var gEnigStrBundle; // Global string bundle
+const ENIG_MULTIPLE_PARTS = 0x20000000;
+
// GPG status flags mapping (see doc/DETAILS file in the GnuPG distribution)
var gStatusFlags = {GOODSIG: nsIEnigmail.GOOD_SIGNATURE,
BADSIG: nsIEnigmail.BAD_SIGNATURE,
@@ -144,6 +146,7 @@ var gStatusFlags = {GOODSIG: nsI
BAD_PASSPHRASE: nsIEnigmail.BAD_PASSPHRASE,
BADARMOR: nsIEnigmail.BAD_ARMOR,
NODATA: nsIEnigmail.NODATA,
+ ERROR: nsIEnigmail.BAD_SIGNATURE | nsIEnigmail.DECRYPTION_FAILED,
DECRYPTION_FAILED: nsIEnigmail.DECRYPTION_FAILED,
DECRYPTION_OKAY: nsIEnigmail.DECRYPTION_OKAY,
TRUST_UNDEFINED: nsIEnigmail.UNTRUSTED_IDENTITY,
@@ -786,40 +789,17 @@ function EnigConvertFromUnicode(text, ch
function EnigConvertGpgToUnicode(text) {
if (typeof(text)=="string") {
- var a=text.search(/[\x80-\xFF]{2}/);
- var b=0;
-
+ text = text.replace(/\\x3a/ig, "\\e3A");
+ a=text.search(/\\x[0-9a-fA-F]{2}/);
while (a>=0) {
- var ch=text.substr(a,2).toSource().substr(13,8).replace(/\\x/g, "\\u00");
- var newCh=EnigConvertToUnicode(EnigConvertToUnicode(ch, "x-u-escaped"), "utf-8");
- if (newCh != ch) {
- //dump(ch+"\n");
- var r=new RegExp(text.substr(a, 2), "g");
- text=text.replace(r, newCh);
- }
- b=a+2;
- a=text.substr(b+2).search(/[\x80-\xFF]{2}/);
- if (a>=0) {
- a += b+2;
- }
- }
-
- a=text.search(/\\x3a/i);
- if (a>0) {
- text = text.replace(/\\x3a/ig, "\\e3A");
- }
+ ch=unescape('%'+text.substr(a+2,2));
+ r= new RegExp("\\"+text.substr(a,4));
+ text=text.replace(r, ch);
- a=text.search(/\\x/);
- while (a>=0) {
- ch=text.substr(a,4).replace(/\\x/g, "\\u00");
- newCh=EnigConvertToUnicode(ch, "x-u-escaped");
- if (newCh != ch) {
- r=new RegExp("\\"+text.substr(a, 4), "g");
- text=text.replace(r, newCh);
- }
- a=text.search(/\\x/);
+ a=text.search(/\\x[0-9a-fA-F]{2}/);
}
+ text = EnigConvertToUnicode(text, "utf-8");
}
return text;
@@ -1987,6 +1967,29 @@ function (errOutput, statusFlagsObj, sta
}
}
+ var plaintextCount=0;
+ var withinCryptoMsg = false;
+ var cryptoStartPat = /^BEGIN_DECRYPTION/;
+ var cryptoEndPat = /^END_DECRYPTION/;
+ var plaintextPat = /^PLAINTEXT /;
+
+ for (j=0; j<statusArray.length; j++) {
+ if (statusArray[j].search(cryptoStartPat) == 0) {
+ withinCryptoMsg = true;
+ }
+ else if (withinCryptoMsg && statusArray[j].search(cryptoEndPat) == 0) {
+ withinCryptoMsg = false;
+ }
+ else if (statusArray[j].search(plaintextPat) == 0) {
+ ++plaintextCount;
+ if (plaintextCount > 1) {
+ statusFlags |= ENIG_MULTIPLE_PARTS;
+ }
+ }
+ }
+
+ if (plaintextCount > 1) statusFlags |= (nsIEnigmail.PARTIALLY_PGP | nsIEnigmail.DECRYPTION_FAILED | nsIEnigmail.BAD_SIGNATURE);
+
statusFlagsObj.value = statusFlags;
statusMsgObj.value = statusArray.join("\n");
var errorMsg = errArray.join("\n");
@@ -2784,6 +2787,11 @@ function (parent, uiFlags, cipherText, s
statusFlagsObj.value |= nsIEnigmail.PARTIALLY_PGP;
}
+ if (statusFlagsObj.value & ENIG_MULTIPLE_PARTS) {
+ plainText = EnigGetString("notePartEncrypted") + "\n\n" + plainText.substr(0, Number(sigDetailsObj.value));
+ sigDetailsObj.value = "";
+ }
+
if (exitCodeObj.value == 0) {
// Normal return
@@ -2981,6 +2989,7 @@ function (uiFlags, outputLen, pipeTransp
keyExpPat = /EXPKEYSIG (\w{16}) (.*)$/i
revKeyPat = /REVKEYSIG (\w{16}) (.*)$/i;
validSigPat = /VALIDSIG (\w+) (.*) (\d+) (.*)/i;
+ plainTextPat = /PLAINTEXT_LENGTH (\w+)/i;
} else {
errLines = cmdErrorMsgObj.value.split(/\r?\n/);
@@ -2990,6 +2999,7 @@ function (uiFlags, outputLen, pipeTransp
keyExpPat = /This key has expired/i;
revKeyPat = /This key has been revoked/i;
validSigPat = /dummy-not-used/i;
+ plainTextPat = /dummy-not-used/i;
}
errorMsgObj.value = "";
@@ -3002,6 +3012,7 @@ function (uiFlags, outputLen, pipeTransp
var userId = "";
var keyId = "";
var sigDetails = "";
+ var plainTextLength = -1;
for (j=0; j<errLines.length; j++) {
matches = errLines[j].match(badSignPat);
@@ -3044,6 +3055,15 @@ function (uiFlags, outputLen, pipeTransp
break;
}
+
+ if (statusFlagsObj.value & ENIG_MULTIPLE_PARTS) {
+ matches = errLines[j].match(plainTextPat);
+
+ if (matches && (matches.length >= 2)) {
+ plainTextLength = matches[1];
+ break;
+ }
+ }
}
if (goodSignature) {
@@ -3075,6 +3095,11 @@ function (uiFlags, outputLen, pipeTransp
keyIdObj.value = keyId;
sigDetailsObj.value = sigDetails;
+ if (plainTextLength > 0) {
+ sigDetailsObj.value = plainTextLength.toString();
+ }
+
+
if (signed) {
var trustPrefix = "";
diff -pruN enigmail-0.94.2/enigmail/ui/content/enigmailCommon.js enigmail-0.94.4/enigmail/ui/content/enigmailCommon.js
--- enigmail-0.94.2/enigmail/ui/content/enigmailCommon.js 2007-01-15 17:48:53.000000000 +0900
+++ enigmail-0.94.4/enigmail/ui/content/enigmailCommon.js 2007-06-25 17:38:23.000000000 +0900
@@ -34,8 +34,8 @@ GPL.
// enigmailCommon.js: shared JS functions for Enigmail
// This Enigmail version and compatible Enigmime version
-var gEnigmailVersion = "0.94.2.0";
-var gEnigmimeVersion = "0.94.2.0";
+var gEnigmailVersion = "0.94.4.0";
+var gEnigmimeVersion = "0.94.4.0";
// Maximum size of message directly processed by Enigmail
const ENIG_MSG_BUFFER_SIZE = 96000;
@@ -83,6 +83,7 @@ const ENIG_C = Components;
// Key algorithms
const ENIG_KEYTYPE_DSA = 1;
const ENIG_KEYTYPE_RSA = 2;
+const ENIG_MULTIPLE_PARTS = 0x20000000;
// Interfaces
const nsIEnigmail = ENIG_C.interfaces.nsIEnigmail;
@@ -868,38 +869,17 @@ function EnigConvertToUnicode(text, char
function EnigConvertGpgToUnicode(text) {
if (typeof(text)=="string") {
- var a=text.search(/[\x80-\xFF]{2}/);
- var b=0;
-
+ text = text.replace(/\\x3a/ig, "\\e3A");
+ a=text.search(/\\x[0-9a-fA-F]{2}/);
while (a>=0) {
- var ch=text.substr(a,2).toSource().substr(13,8).replace(/\\x/g, "\\u00");
- var newCh=EnigConvertToUnicode(EnigConvertToUnicode(ch, "x-u-escaped"), "utf-8");
- if (newCh != ch) {
- var r=new RegExp(text.substr(a, 2), "g");
- text=text.replace(r, newCh);
- }
- b=a+2;
- a=text.substr(b+2).search(/[\x80-\xFF]{2}/);
- if (a>=0) {
- a += b+2;
- }
- }
+ ch=unescape('%'+text.substr(a+2,2));
+ r= new RegExp("\\"+text.substr(a,4));
+ text=text.replace(r, ch);
- a=text.search(/\\x3a/i);
- if (a>0) {
- text = text.replace(/\\x3a/ig, "\\e3A");
+ a=text.search(/\\x[0-9a-fA-F]{2}/);
}
- a=text.search(/\\x/);
- while (a>=0) {
- ch=text.substr(a,4).replace(/\\x/g, "\\u00");
- newCh=EnigConvertToUnicode(ch, "x-u-escaped");
- if (newCh != ch) {
- r=new RegExp("\\"+text.substr(a, 4), "g");
- text=text.replace(r, newCh);
- }
- a=text.search(/\\x/);
- }
+ text = EnigConvertToUnicode(text, "utf-8");
}
return text;
diff -pruN enigmail-0.94.2/enigmail/ui/content/enigmailMessengerOverlay.js enigmail-0.94.4/enigmail/ui/content/enigmailMessengerOverlay.js
--- enigmail-0.94.2/enigmail/ui/content/enigmailMessengerOverlay.js 2006-07-11 17:17:09.000000000 +0900
+++ enigmail-0.94.4/enigmail/ui/content/enigmailMessengerOverlay.js 2007-06-25 17:36:00.000000000 +0900
@@ -155,6 +155,10 @@ function enigViewSecurityInfo(event, dis
enigHandleUnknownKey();
+ } else if (gEnigSecurityInfo.statusFlags & ENIG_MULTIPLE_PARTS) {
+
+ enigDisplayMimeMessage();
+
} else if ( (gEnigSecurityInfo.statusFlags & nsIEnigmail.NODATA) &&
(gEnigSecurityInfo.statusFlags &
(nsIEnigmail.PGP_MIME_SIGNED | nsIEnigmail.PGP_MIME_ENCRYPTED)) ) {
@@ -182,6 +186,58 @@ function enigViewSecurityInfo(event, dis
}
}
+function enigDisplayMimeMessage() {
+ DEBUG_LOG("enigmailMessengerOverlay.js: enigDisplayMimeMessage\n");
+
+ var charset = msgWindow ? msgWindow.mailCharacterSet : "";
+ var contentEncoding = "";
+
+ if ("content-transfer-encoding" in gEnigSavedHeaders) {
+ contentEncoding = gEnigSavedHeaders["content-transfer-encoding"];
+ }
+
+ enigMsgDirect(true, false, contentEncoding, charset, "", 0, "", "", enigDisplayMimeCallback)
+}
+
+function enigDisplayMimeCallback(msgText) {
+ DEBUG_LOG("enigmailMessengerOverlay.js: enigDisplayMimeCallback\n");
+
+ if (!msgText)
+ return;
+
+ var enigmailSvc = GetEnigmailSvc();
+ if (!enigmailSvc)
+ return;
+
+ var plainText;
+ var exitCode;
+ var statusFlags = 0;
+
+ var errorMsgObj = new Object();
+ var keyIdObj = new Object();
+ var exitCodeObj = new Object();
+ var statusFlagsObj = new Object();
+ var userIdObj = new Object();
+ var sigDetailsObj = new Object();
+ var blockSeparationObj = new Object();
+ var signatureObj = new Object();
+ var uiFlags = nsIEnigmail.UI_INTERACTIVE;
+
+ plainText = enigmailSvc.decryptMessage(window, uiFlags, msgText,
+ signatureObj, exitCodeObj, statusFlagsObj,
+ keyIdObj, userIdObj, sigDetailsObj, errorMsgObj);
+
+ if (!plainText) {
+ if (interactive && gEnigSecurityInfo && gEnigSecurityInfo.statusInfo)
+ EnigLongAlert(gEnigSecurityInfo.statusInfo);
+ return;
+ }
+
+ // hard-coded to avoid localization for security patch
+ plainText = "Warning: multiple OpenPGP message blocks detected" + "\n\n" + plainText + "\n\n" + "End of first OpenPGP block";
+ EnigLongAlert(EnigGetString("securityInfo")+gEnigSecurityInfo.statusInfo+"\n---------------------------------\n"+plainText);
+}
+
function enigInitViewHeadersMenu() {
DEBUG_LOG("enigmailMessengerOverlay.js: enigInitViewHeadersMenu\n");
@@ -802,7 +858,7 @@ function enigMessageParseCallback(msgTex
if (retry) {
// Try to verify signature by accessing raw message text directly
// (avoid recursion by setting retry parameter to false on callback)
- enigMsgDirect(interactive, importOnly, contentEncoding, charset, newSignature, 0, head, tail);
+ enigMsgDirect(interactive, importOnly, contentEncoding, charset, newSignature, 0, head, tail, enigMessageParseCallback);
return;
}
}
@@ -1309,7 +1365,7 @@ function enigMessageSave() {
return;
}
-function enigMsgDirect(interactive, importOnly, contentEncoding, charset, signature, bufferSize, head, tail) {
+function enigMsgDirect(interactive, importOnly, contentEncoding, charset, signature, bufferSize, head, tail, callbackFunction) {
WRITE_LOG("enigmailMessengerOverlay.js: enigMsgDirect: contentEncoding="+contentEncoding+", signature="+signature+"\n");
var mailNewsUrl = enigGetCurrentMsgUrl();
if (!mailNewsUrl)
@@ -1333,7 +1389,8 @@ function enigMsgDirect(interactive, impo
ipcBuffer:ipcBuffer,
expectedBufferSize: bufferSize,
head:head,
- tail:tail };
+ tail:tail,
+ callbackFunction: callbackFunction };
var requestObserver = new EnigRequestObserver(enigMsgDirectCallback,
callbackArg);
@@ -1401,12 +1458,13 @@ function enigMsgDirectCallback(callbackA
callbackArg.signature,
newBufferSize,
callbackArg.head,
- callbackArg.tail);
+ callbackArg.tail,
+ callbackArg.callbackFunction);
}
DEBUG_LOG("enigmailMessengerOverlay.js: enigMsgDirectCallback: msgText='"+msgText+"'\n");
- enigMessageParseCallback(msgText, callbackArg.contentEncoding,
+ callbackArg.callbackFunction(msgText, callbackArg.contentEncoding,
callbackArg.charset,
callbackArg.interactive,
callbackArg.importOnly,