diff options
| author | Miles Bader <miles@gnu.org> | 2006-11-20 02:43:10 +0000 |
|---|---|---|
| committer | Miles Bader <miles@gnu.org> | 2006-11-20 02:43:10 +0000 |
| commit | b07e014310fd5536f85ffff82ec87ccacd2992ba (patch) | |
| tree | 93b29c65ee2665e2c757fc9db2afd6df12db4144 /lisp/gnus | |
| parent | b98f7445751fdaf08c83d47542d756812a1efcd2 (diff) | |
| download | emacs-b07e014310fd5536f85ffff82ec87ccacd2992ba.tar.gz | |
Merge from gnus--rel--5.10
Patches applied:
* gnus--rel--5.10 (patch 167)
- Update from CVS
2006-11-18 Andreas Seltenreich <uwi7@rz.uni-karlsruhe.de>
* lisp/gnus/mm-uu.el (mm-uu-pgp-signed-extract-1): Make last fix more thorough
and comment it.
* lisp/gnus/nnslashdot.el (nnslashdot-retrieve-headers-1): Update regexp.
Revision: emacs@sv.gnu.org/emacs--devo--0--patch-518
Diffstat (limited to 'lisp/gnus')
| -rw-r--r-- | lisp/gnus/ChangeLog | 7 | ||||
| -rw-r--r-- | lisp/gnus/mm-uu.el | 12 | ||||
| -rw-r--r-- | lisp/gnus/nnslashdot.el | 2 |
3 files changed, 18 insertions, 3 deletions
diff --git a/lisp/gnus/ChangeLog b/lisp/gnus/ChangeLog index 95e8bff4d16..196c0e6ff71 100644 --- a/lisp/gnus/ChangeLog +++ b/lisp/gnus/ChangeLog @@ -1,3 +1,10 @@ +2006-11-18 Andreas Seltenreich <uwi7@rz.uni-karlsruhe.de> + + * mm-uu.el (mm-uu-pgp-signed-extract-1): Make last fix more thorough + and comment it. + + * nnslashdot.el (nnslashdot-retrieve-headers-1): Update regexp. + 2006-11-15 Reiner Steib <Reiner.Steib@gmx.de> * gnus-util.el (gnus-extract-address-components): Improve comment. diff --git a/lisp/gnus/mm-uu.el b/lisp/gnus/mm-uu.el index b1ed0b7af4e..311dce0d1b2 100644 --- a/lisp/gnus/mm-uu.el +++ b/lisp/gnus/mm-uu.el @@ -373,8 +373,16 @@ Return that buffer." mm-security-handle 'gnus-details (format "Clear verification not supported by `%s'.\n" mml2015-use)))) (goto-char (point-min)) - (if (re-search-forward "\n[\t ]*\n" nil t) - (delete-region (point-min) (point))) + (forward-line) + ;; We need to be careful not to strip beyond the armor headers. + ;; Previously, an attacker could replace the text inside our + ;; markup with trailing garbage by injecting whitespace into the + ;; message. + (while (looking-at "Hash:") ; The only header allowed in cleartext + (forward-line)) ; signatures according to RFC2440. + (when (looking-at "[\t ]*$") + (forward-line)) + (delete-region (point-min) (point)) (if (re-search-forward mm-uu-pgp-beginning-signature nil t) (delete-region (match-beginning 0) (point-max))) (goto-char (point-min)) diff --git a/lisp/gnus/nnslashdot.el b/lisp/gnus/nnslashdot.el index 37ecaf0f32b..0b19fd0ead6 100644 --- a/lisp/gnus/nnslashdot.el +++ b/lisp/gnus/nnslashdot.el @@ -142,7 +142,7 @@ (setq article (if (and article (< start article)) article start)) (goto-char point) (while (re-search-forward - "<a name=\"\\([0-9]+\\)\">\\([^<]+\\)</a>.*\n.*\n.*score:\\([^)]+\\))" + "<a name=\"\\([0-9]+\\)\">\\([^<]+\\)\\(?:.*\n\\)\\{2,10\\}.*score:\\([^)]+\\))" nil t) (setq cid (match-string 1) subject (match-string 2) |