diff --git a/bindings/vapi/gmime-2.6.vapi b/bindings/vapi/gmime-2.6.vapi index 0bb1991e..ae9458d5 100644 --- a/bindings/vapi/gmime-2.6.vapi +++ b/bindings/vapi/gmime-2.6.vapi @@ -1376,7 +1376,7 @@ namespace GMime { [CCode (cheader_filename = "gmime/gmime.h", cname = "g_mime_utils_structured_header_fold")] public static string utils_structured_header_fold (string header); [CCode (cheader_filename = "gmime/gmime.h", cname = "g_mime_utils_text_is_8bit")] - public static bool utils_text_is_8bit (uint text, size_t len); + public static bool utils_text_is_8bit (string text, size_t len); [CCode (cheader_filename = "gmime/gmime.h", cname = "g_mime_utils_unquote_string")] public static void utils_unquote_string (string str); [CCode (cheader_filename = "gmime/gmime.h", cname = "g_mime_utils_unstructured_header_fold")] diff --git a/src/engine/rfc822/rfc822-mailbox-address.vala b/src/engine/rfc822/rfc822-mailbox-address.vala index 26df61ef..87733f7a 100644 --- a/src/engine/rfc822/rfc822-mailbox-address.vala +++ b/src/engine/rfc822/rfc822-mailbox-address.vala @@ -34,6 +34,47 @@ public class Geary.RFC822.MailboxAddress : Geary.MessageData.SearchableMessageDa } } + private static string decode_name(string name) { + return GMime.utils_header_decode_phrase(prepare_header_text_part(name)); + } + + private static string decode_address_part(string mailbox) { + return GMime.utils_header_decode_text(prepare_header_text_part(mailbox)); + } + + private static string prepare_header_text_part(string part) { + // Borrowed liberally from GMime's internal + // _internet_address_decode_name() function. + + // see if a broken mailer has sent raw 8-bit information + string text = GMime.utils_text_is_8bit(part, part.length) + ? part : GMime.utils_decode_8bit(part, part.length); + + // unquote the string then decode the text + GMime.utils_unquote_string(text); + + // Sometimes quoted printables contain unencoded spaces which trips up GMime, so we want to + // encode them all here. + int offset = 0; + int start; + while ((start = text.index_of("=?", offset)) != -1) { + // Find the closing marker. + int end = text.index_of("?=", start + 2) + 2; + if (end == -1) { + end = text.length; + } + + // Replace any spaces inside the encoded string. + string encoded = text.substring(start, end - start); + if (encoded.contains("\x20")) { + text = text.replace(encoded, encoded.replace("\x20", "_")); + } + offset = end; + } + + return text; + } + internal delegate string ListToStringDelegate(MailboxAddress address); @@ -84,26 +125,24 @@ public class Geary.RFC822.MailboxAddress : Geary.MessageData.SearchableMessageDa public MailboxAddress(string? name, string address) { this.name = name; + this.source_route = null; this.address = address; - source_route = null; - int atsign = address.last_index_of_char('@'); if (atsign > 0) { - mailbox = address.slice(0, atsign); - domain = address.slice(atsign + 1, address.length); + this.mailbox = address[0:atsign]; + this.domain = address[atsign + 1:address.length]; } else { - mailbox = ""; - domain = ""; + this.mailbox = ""; + this.domain = ""; } } public MailboxAddress.imap(string? name, string? source_route, string mailbox, string domain) { this.name = (name != null) ? decode_name(name) : null; this.source_route = source_route; - this.mailbox = mailbox; + this.mailbox = decode_address_part(mailbox); this.domain = domain; - this.address = "%s@%s".printf(mailbox, domain); } @@ -119,41 +158,39 @@ public class Geary.RFC822.MailboxAddress : Geary.MessageData.SearchableMessageDa // TODO: Handle group lists InternetAddressMailbox? mbox_addr = addr as InternetAddressMailbox; if (mbox_addr != null) { - this(mbox_addr.get_name(), mbox_addr.get_addr()); + this.gmime(mbox_addr); return; } } throw new RFC822Error.INVALID("Could not parse RFC822 address: %s", rfc822); } - // Borrowed liberally from GMime's internal _internet_address_decode_name() function. - private static string decode_name(string name) { - // see if a broken mailer has sent raw 8-bit information - string text = name.validate() ? name : GMime.utils_decode_8bit(name, name.length); - - // unquote the string and decode the text - GMime.utils_unquote_string(text); - - // Sometimes quoted printables contain unencoded spaces which trips up GMime, so we want to - // encode them all here. - int offset = 0; - int start; - while ((start = text.index_of("=?", offset)) != -1) { - // Find the closing marker. - int end = text.index_of("?=", start + 2) + 2; - if (end == -1) { - end = text.length; - } - - // Replace any spaces inside the encoded string. - string encoded = text.substring(start, end - start); - if (encoded.contains("\x20")) { - text = text.replace(encoded, encoded.replace("\x20", "_")); - } - offset = end; + public MailboxAddress.gmime(InternetAddressMailbox mailbox) { + // GMime strips source route for us, so the address part + // should only ever contain a single '@' + string? name = mailbox.get_name(); + if (name != null) { + this.name = decode_name(name); } - return GMime.utils_header_decode_text(text); + string address = mailbox.get_addr(); + int atsign = address.last_index_of_char('@'); + if (atsign == -1) { + // No @ detected, try decoding in case a mailer (wrongly) + // encoded the whole thing and re-try + address = decode_address_part(address); + atsign = address.last_index_of_char('@'); + } + + if (atsign >= 0) { + this.mailbox = decode_address_part(address[0:atsign]); + this.domain = address[atsign + 1:address.length]; + this.address = "%s@%s".printf(this.mailbox, this.domain); + } else { + this.mailbox = ""; + this.domain = ""; + this.address = address; + } } /** diff --git a/src/engine/rfc822/rfc822-mailbox-addresses.vala b/src/engine/rfc822/rfc822-mailbox-addresses.vala index b5f39b1e..2667ff1d 100644 --- a/src/engine/rfc822/rfc822-mailbox-addresses.vala +++ b/src/engine/rfc822/rfc822-mailbox-addresses.vala @@ -4,6 +4,14 @@ * (version 2.1 or later). See the COPYING file in this distribution. */ +/** + * An immutable representation an RFC 822 address list. + * + * This would typically be found as the value of the To, CC, BCC and + * other headers fields. + * + * See [[https://tools.ietf.org/html/rfc5322#section-3.4]] + */ public class Geary.RFC822.MailboxAddresses : Geary.MessageData.AbstractMessageData, Geary.MessageData.SearchableMessageData, Geary.RFC822.MessageData, Gee.Hashable { @@ -27,13 +35,26 @@ public class Geary.RFC822.MailboxAddresses : Geary.MessageData.AbstractMessageDa int length = addrlist.length(); for (int ctr = 0; ctr < length; ctr++) { InternetAddress? addr = addrlist.get_address(ctr); - - // TODO: Handle group lists + InternetAddressMailbox? mbox_addr = addr as InternetAddressMailbox; - if (mbox_addr == null) - continue; - - addrs.add(new MailboxAddress(mbox_addr.get_name(), mbox_addr.get_addr())); + if (mbox_addr != null) { + this.addrs.add(new MailboxAddress.gmime(mbox_addr)); + } else { + // XXX this is pretty bad - we just flatten the + // group's addresses into this list, merging lists and + // losing the group names. + InternetAddressGroup? mbox_group = addr as InternetAddressGroup; + if (mbox_group != null) { + InternetAddressList group_list = mbox_group.get_members(); + for (int i = 0; i < group_list.length(); i++) { + InternetAddressMailbox? group_addr = + addrlist.get_address(i) as InternetAddressMailbox; + if (group_addr != null) { + this.addrs.add(new MailboxAddress.gmime(group_addr)); + } + } + } + } } } @@ -73,7 +94,16 @@ public class Geary.RFC822.MailboxAddresses : Geary.MessageData.AbstractMessageDa return false; } - + + /** + * Returns a new list with the given addresses appended to this list's. + */ + public MailboxAddresses append(MailboxAddresses others) { + MailboxAddresses new_addrs = new MailboxAddresses(this.addrs); + new_addrs.addrs.add_all(others.addrs); + return new_addrs; + } + /** * Returns the addresses suitable for insertion into an RFC822 message. RFC822 quoting is * performed if required. diff --git a/src/engine/rfc822/rfc822-message-data.vala b/src/engine/rfc822/rfc822-message-data.vala index 44593f8a..adb9da97 100644 --- a/src/engine/rfc822/rfc822-message-data.vala +++ b/src/engine/rfc822/rfc822-message-data.vala @@ -142,7 +142,17 @@ public class Geary.RFC822.MessageIDList : Geary.MessageData.AbstractMessageData, // don't assert that list.size > 0; even though this method should generated a decoded ID // from any non-empty string, an empty Message-ID (i.e. "<>") won't. } - + + /** + * Returns a new list with the given messages ids appended to this list's. + */ + public MessageIDList append(MessageIDList others) { + MessageIDList new_ids = new MessageIDList(); + new_ids.list.add_all(this.list); + new_ids.list.add_all(others.list); + return new_ids; + } + public override string to_string() { return "MessageIDList (%d)".printf(list.size); } diff --git a/src/engine/rfc822/rfc822-message.vala b/src/engine/rfc822/rfc822-message.vala index b374dc40..97ef3511 100644 --- a/src/engine/rfc822/rfc822-message.vala +++ b/src/engine/rfc822/rfc822-message.vala @@ -416,106 +416,6 @@ public class Geary.RFC822.Message : BaseObject { return null; } - private void stock_from_gmime() { - // GMime calls the From address the "sender" - string? message_sender = message.get_sender(); - if (message_sender != null) { - this.from = new RFC822.MailboxAddresses.from_rfc822_string(message_sender); - } - - // And it doesn't provide a convenience method for Sender header - if (!String.is_empty(message.get_header(HEADER_SENDER))) { - string sender = GMime.utils_header_decode_text(message.get_header(HEADER_SENDER)); - try { - this.sender = new RFC822.MailboxAddress.from_rfc822_string(sender); - } catch (RFC822Error e) { - debug("Invalid RDC822 Sender address: %s", sender); - } - } - - if (!String.is_empty(message.get_reply_to())) - this.reply_to = new RFC822.MailboxAddresses.from_rfc822_string(message.get_reply_to()); - - Gee.List? converted = convert_gmime_address_list( - message.get_recipients(GMime.RecipientType.TO)); - if (converted != null && converted.size > 0) - to = new RFC822.MailboxAddresses(converted); - - converted = convert_gmime_address_list(message.get_recipients(GMime.RecipientType.CC)); - if (converted != null && converted.size > 0) - cc = new RFC822.MailboxAddresses(converted); - - converted = convert_gmime_address_list(message.get_recipients(GMime.RecipientType.BCC)); - if (converted != null && converted.size > 0) - bcc = new RFC822.MailboxAddresses(converted); - - if (!String.is_empty(message.get_header(HEADER_IN_REPLY_TO))) - in_reply_to = new RFC822.MessageIDList.from_rfc822_string(message.get_header(HEADER_IN_REPLY_TO)); - - if (!String.is_empty(message.get_header(HEADER_REFERENCES))) - references = new RFC822.MessageIDList.from_rfc822_string(message.get_header(HEADER_REFERENCES)); - - if (!String.is_empty(message.get_subject())) - subject = new RFC822.Subject.decode(message.get_subject()); - - if (!String.is_empty(message.get_header(HEADER_MAILER))) - mailer = message.get_header(HEADER_MAILER); - - if (!String.is_empty(message.get_date_as_string())) { - try { - date = new Geary.RFC822.Date(message.get_date_as_string()); - } catch (Error error) { - debug("Could not get date from message: %s", error.message); - } - } - } - - private Gee.List? convert_gmime_address_list(InternetAddressList? addrlist, - int depth = 0) { - if (addrlist == null || addrlist.length() == 0) - return null; - - Gee.List? converted = new Gee.ArrayList(); - - int length = addrlist.length(); - for (int ctr = 0; ctr < length; ctr++) { - InternetAddress addr = addrlist.get_address(ctr); - - InternetAddressMailbox? mbox_addr = addr as InternetAddressMailbox; - if (mbox_addr != null) { - converted.add(new RFC822.MailboxAddress(mbox_addr.get_name(), mbox_addr.get_addr())); - - continue; - } - - // Two problems here: - // - // First, GMime crashes when parsing a malformed group list (the case seen in the - // wild is -- weirdly enough -- a date appended to the end of a cc: list on a spam - // email. GMime interprets it as a group list but segfaults when destroying the - // InterneAddresses it generated from it. See: - // https://bugzilla.gnome.org/show_bug.cgi?id=695319 - // - // Second, RFC 822 6.2.6: "This standard does not permit recursive specification - // of groups within groups." So don't do it. - InternetAddressGroup? group = addr as InternetAddressGroup; - if (group != null) { - if (depth == 0) { - Gee.List? grouplist = convert_gmime_address_list( - group.get_members(), depth + 1); - if (grouplist != null) - converted.add_all(grouplist); - } - - continue; - } - - warning("Unknown InternetAddress in list: %s", addr.get_type().name()); - } - - return (converted.size > 0) ? converted : null; - } - public Gee.List? get_recipients() { Gee.List addrs = new Gee.ArrayList(); @@ -873,7 +773,86 @@ public class Geary.RFC822.Message : BaseObject { get_attachments_recursively(attachments, message.get_mime_part(), disposition); return attachments; } - + + private void stock_from_gmime() { + this.message.get_header_list().foreach((name, value) => { + switch (name.down()) { + case "from": + this.from = append_address(this.from, value); + break; + + case "sender": + try { + this.sender = new RFC822.MailboxAddress.from_rfc822_string(value); + } catch (Error err) { + debug("Could parse subject: %s", err.message); + } + break; + + case "reply-to": + this.reply_to = append_address(this.reply_to, value); + break; + + case "to": + this.to = append_address(this.to, value); + break; + + case "cc": + this.cc = append_address(this.cc, value); + break; + + case "bcc": + this.bcc = append_address(this.bcc, value); + break; + + case "subject": + this.subject = new RFC822.Subject.decode(value); + break; + + case "date": + try { + this.date = new Geary.RFC822.Date(value); + } catch (Error err) { + debug("Could not parse date: %s", err.message); + } + break; + + case "in-reply-to": + this.in_reply_to = append_message_id(this.in_reply_to, value); + break; + + case "references": + this.references = append_message_id(this.references, value); + break; + + case "x-mailer": + this.mailer = GMime.utils_header_decode_text(value); + break; + + default: + break; + } + }); + } + + private MailboxAddresses append_address(MailboxAddresses? existing, + string header_value) { + MailboxAddresses addresses = new MailboxAddresses.from_rfc822_string(header_value); + if (existing != null) { + addresses = existing.append(addresses); + } + return addresses; + } + + private MessageIDList append_message_id(MessageIDList? existing, + string header_value) { + MessageIDList ids = new MessageIDList.from_rfc822_string(header_value); + if (existing != null) { + ids = existing.append(ids); + } + return ids; + } + private void get_attachments_recursively(Gee.List attachments, GMime.Object root, Mime.DispositionType requested_disposition) throws RFC822Error { // If this is a multipart container, dive into each of its children. diff --git a/test/engine/rfc822-mailbox-address-test.vala b/test/engine/rfc822-mailbox-address-test.vala index a7fe5a83..f30480b4 100644 --- a/test/engine/rfc822-mailbox-address-test.vala +++ b/test/engine/rfc822-mailbox-address-test.vala @@ -11,6 +11,7 @@ class Geary.RFC822.MailboxAddressTest : Gee.TestCase { base("Geary.RFC822.MailboxAddressTest"); add_test("is_valid_address", is_valid_address); add_test("unescaped_constructor", unescaped_constructor); + add_test("from_rfc822_string_encoded", from_rfc822_string_encoded); add_test("is_spoofed", is_spoofed); add_test("has_distinct_name", has_distinct_name); add_test("to_full_display", to_full_display); @@ -66,6 +67,87 @@ class Geary.RFC822.MailboxAddressTest : Gee.TestCase { assert(addr5.domain == ""); } + public void from_rfc822_string_encoded() { + try { + MailboxAddress addr = new MailboxAddress.from_rfc822_string("test@example.com"); + assert(addr.name == null); + assert(addr.mailbox == "test"); + assert(addr.domain == "example.com"); + + addr = new MailboxAddress.from_rfc822_string("\"test\"@example.com"); + assert(addr.name == null); + assert(addr.address == "test@example.com"); + assert(addr.mailbox == "test"); + assert(addr.domain == "example.com"); + + addr = new MailboxAddress.from_rfc822_string("=?UTF-8?b?dGVzdA==?=@example.com"); + assert(addr.name == null); + assert(addr.address == "test@example.com"); + assert(addr.mailbox == "test"); + assert(addr.domain == "example.com"); + + addr = new MailboxAddress.from_rfc822_string("\"=?UTF-8?b?dGVzdA==?=\"@example.com"); + assert(addr.name == null); + assert(addr.address == "test@example.com"); + assert(addr.mailbox == "test"); + assert(addr.domain == "example.com"); + + addr = new MailboxAddress.from_rfc822_string(""); + assert(addr.name == null); + assert(addr.address == "test@example.com"); + assert(addr.mailbox == "test"); + assert(addr.domain == "example.com"); + + addr = new MailboxAddress.from_rfc822_string("<\"test\"@example.com>"); + assert(addr.name == null); + assert(addr.address == "test@example.com"); + assert(addr.mailbox == "test"); + assert(addr.domain == "example.com"); + + addr = new MailboxAddress.from_rfc822_string("Test 1 "); + assert(addr.name == "Test 1"); + assert(addr.address == "test2@example.com"); + assert(addr.mailbox == "test2"); + assert(addr.domain == "example.com"); + + addr = new MailboxAddress.from_rfc822_string("\"Test 1\" "); + assert(addr.name == "Test 1"); + assert(addr.address == "test2@example.com"); + assert(addr.mailbox == "test2"); + assert(addr.domain == "example.com"); + + addr = new MailboxAddress.from_rfc822_string("Test 1 <\"test2\"@example.com>"); + assert(addr.name == "Test 1"); + assert(addr.address == "test2@example.com"); + assert(addr.mailbox == "test2"); + assert(addr.domain == "example.com"); + + addr = new MailboxAddress.from_rfc822_string("=?UTF-8?b?VGVzdCAx?= "); + assert(addr.name == "Test 1"); + assert(addr.address == "test2@example.com"); + assert(addr.mailbox == "test2"); + assert(addr.domain == "example.com"); + + addr = new MailboxAddress.from_rfc822_string("\"=?UTF-8?b?VGVzdCAx?=\" "); + assert(addr.name == "Test 1"); + assert(addr.address == "test2@example.com"); + assert(addr.mailbox == "test2"); + assert(addr.domain == "example.com"); + + // Courtesy Mailsploit https://www.mailsploit.com + addr = new MailboxAddress.from_rfc822_string("\"=?utf-8?b?dGVzdCIgPHBvdHVzQHdoaXRlaG91c2UuZ292Pg==?==?utf-8?Q?=00=0A?=\" "); + assert(addr.name == "test ?\n"); + assert(addr.address == "demo@mailsploit.com"); + + // Courtesy Mailsploit https://www.mailsploit.com + addr = new MailboxAddress.from_rfc822_string("\"=?utf-8?Q?=42=45=47=49=4E=20=2F=20=28=7C=29=7C=3C=7C=3E=7C=40=7C=2C=7C=3B=7C=3A=7C=5C=7C=22=7C=2F=7C=5B=7C=5D=7C=3F=7C=2E=7C=3D=20=2F=20=00=20=50=41=53=53=45=44=20=4E=55=4C=4C=20=42=59=54=45=20=2F=20=0D=0A=20=50=41=53=53=45=44=20=43=52=4C=46=20=2F=20?==?utf-8?b?RU5E=?=\""); + assert(addr.name == null); + assert(addr.address == "BEGIN / (|)|<|>|@|,|;|:|\\|\"|/|[|]|?|.|= / ? PASSED NULL BYTE / \r\n PASSED CRLF / END"); + } catch (Error err) { + assert_not_reached(); + } + } + public void is_spoofed() { assert(new MailboxAddress(null, "example@example.com").is_spoofed() == false); assert(new MailboxAddress("", "example@example.com").is_spoofed() == false); diff --git a/test/engine/rfc822-message-test.vala b/test/engine/rfc822-message-test.vala index bf555aed..664e4b61 100644 --- a/test/engine/rfc822-message-test.vala +++ b/test/engine/rfc822-message-test.vala @@ -1,5 +1,5 @@ /* - * Copyright 2016 Michael Gratton + * Copyright 2016-2018 Michael Gratton * * This software is licensed under the GNU Lesser General Public License * (version 2.1 or later). See the COPYING file in this distribution. @@ -9,7 +9,72 @@ class Geary.RFC822.MessageTest : Gee.TestCase { public MessageTest() { base("Geary.RFC822.MessageTest"); - add_test("Message::get_preview", get_preview); + add_test("basic_message_from_buffer", basic_message_from_buffer); + add_test("encoded_recipient", encoded_recipient); + add_test("duplicate_mailbox", duplicate_mailbox); + add_test("duplicate_message_id", duplicate_message_id); + add_test("get_preview", get_preview); + } + + public void basic_message_from_buffer() { + Message? basic = null; + try { + basic = string_to_message(BASIC_MESSAGE); + } catch (Error err) { + assert_no_error(err); + } + assert_data(basic.subject, "Re: Saying Hello"); + assert_addresses(basic.from, "Mary Smith "); + assert_address(basic.sender, "Mary Smith Sender "); + assert_addresses(basic.reply_to, "\"Mary Smith: Personal Account\" "); + assert_addresses(basic.to, "John Doe "); + assert_addresses(basic.cc, "John Doe CC "); + assert_addresses(basic.bcc, "John Doe BCC "); + //assert_data(basic.message_id, "<3456@example.net>"); + assert_message_id_list(basic.in_reply_to, "<1234@local.machine.example>"); + assert_message_id_list(basic.references, "<1234@local.machine.example>"); + assert_data(basic.date, "Fri, 21 Nov 1997 10:01:10 -0600"); + assert(basic.mailer == "Geary Test Suite 1.0"); + } + + public void encoded_recipient() { + Message? enc = null; + try { + enc = string_to_message(ENCODED_TO); + } catch (Error err) { + assert_no_error(err); + } + + // Courtesy Mailsploit https://www.mailsploit.com + assert(enc.to[0].name == "potus@whitehouse.gov "); + } + + public void duplicate_mailbox() { + Message? dup = null; + try { + dup = string_to_message(DUPLICATE_TO); + } catch (Error err) { + assert_no_error(err); + } + + assert(dup.to.size == 2); + assert_addresses( + dup.to, "John Doe 1 , John Doe 2 " + ); + } + + public void duplicate_message_id() { + Message? dup = null; + try { + dup = string_to_message(DUPLICATE_REFERENCES); + } catch (Error err) { + assert_no_error(err); + } + + assert(dup.references.list.size == 2); + assert_message_id_list( + dup.references, "<1234@local.machine.example> <5678@local.machine.example>" + ); } public void get_preview() { @@ -27,6 +92,35 @@ class Geary.RFC822.MessageTest : Gee.TestCase { ); } + private void assert_data(Geary.MessageData.AbstractMessageData? data, string expected) { + assert(data != null); + assert(data.to_string() == expected); + } + + private void assert_address(Geary.RFC822.MailboxAddress? address, string expected) { + assert(address != null); + assert(address.to_rfc822_string() == expected); + } + + private void assert_addresses(Geary.RFC822.MailboxAddresses? addresses, string expected) { + assert(addresses != null); + assert(addresses.to_rfc822_string() == expected); + } + + private void assert_message_id_list(Geary.RFC822.MessageIDList? ids, string expected) { + assert(ids != null); + assert(ids.to_rfc822_string() == expected); + } + + private static string BASIC_MESSAGE = "From: Mary Smith \r\nSender: Mary Smith Sender \r\nTo: John Doe \r\nCC: John Doe CC \r\nBCC: John Doe BCC \r\nReply-To: \"Mary Smith: Personal Account\" \r\nSubject: Re: Saying Hello\r\nDate: Fri, 21 Nov 1997 10:01:10 -0600\r\nMessage-ID: <3456@example.net>\r\nIn-Reply-To: <1234@local.machine.example>\r\nReferences: <1234@local.machine.example>\r\nX-Mailer: Geary Test Suite 1.0\r\n\r\nThis is a reply to your hello.\r\n\r\n"; + + // Courtesy Mailsploit https://www.mailsploit.com + private static string ENCODED_TO = "From: Mary Smith \r\nTo: =?utf-8?b?cG90dXNAd2hpdGVob3VzZS5nb3YiIDx0ZXN0Pg==?= \r\nSubject: Re: Saying Hello\r\nDate: Fri, 21 Nov 1997 10:01:10 -0600\r\n\r\nThis is a reply to your hello.\r\n\r\n"; + + private static string DUPLICATE_TO = "From: Mary Smith \r\nTo: John Doe 1 \r\nTo: John Doe 2 \r\nSubject: Re: Saying Hello\r\nDate: Fri, 21 Nov 1997 10:01:10 -0600\r\n\r\nThis is a reply to your hello.\r\n\r\n"; + + private static string DUPLICATE_REFERENCES = "From: Mary Smith \r\nTo: John Doe \r\nReferences: <1234@local.machine.example>\r\nReferences: <5678@local.machine.example>\r\nSubject: Re: Saying Hello\r\nDate: Fri, 21 Nov 1997 10:01:10 -0600\r\n\r\nThis is a reply to your hello.\r\n\r\n"; + private static string MULTIPART_SIGNED_MESSAGE_TEXT = "Return-Path: \r\nReceived: from mogul.quuxo.net ([unix socket])\r\n by mogul (Cyrus v2.4.12-Debian-2.4.12-2) with LMTPA;\r\n Wed, 21 Dec 2016 06:54:03 +1030\r\nX-Sieve: CMU Sieve 2.4\r\nReceived: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19])\r\n by mogul.quuxo.net (8.14.4/8.14.4/Debian-2ubuntu2.1) with ESMTP id uBKKNtpt026727\r\n for ; Wed, 21 Dec 2016 06:53:57 +1030\r\nReceived: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)\r\n by huckleberry.canonical.com with esmtp (Exim 4.76)\r\n (envelope-from )\r\n id 1cJQwM-0003Xk-IO; Tue, 20 Dec 2016 20:23:14 +0000\r\nReceived: from 208-151-246-43.dq1sn.easystreet.com ([208.151.246.43]\r\n helo=lizaveta.nxnw.org)\r\n by huckleberry.canonical.com with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)\r\n (Exim 4.76) (envelope-from )\r\n id 1cJQin-0000t2-G6\r\n for ubuntu-security-announce@lists.ubuntu.com; Tue, 20 Dec 2016 20:09:14 +0000\r\nReceived: from kryten.nxnw.org (kryten.nxnw.org [10.19.96.254])\r\n (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\r\n (Client CN \"kryten.int.wirex.com\", Issuer \"nxnw.org\" (not verified))\r\n by lizaveta.nxnw.org (Postfix) with ESMTPS id DD8C360941\r\n for ;\r\n Tue, 20 Dec 2016 12:09:06 -0800 (PST)\r\nReceived: by kryten.nxnw.org (Postfix, from userid 1000)\r\n id 84341342F6C; Tue, 20 Dec 2016 12:09:06 -0800 (PST)\r\nDate: Tue, 20 Dec 2016 12:09:06 -0800\r\nFrom: Steve Beattie \r\nTo: ubuntu-security-announce@lists.ubuntu.com\r\nSubject: [USN-3159-1] Linux kernel vulnerability\r\nMessage-ID: <20161220200906.GF8251@nxnw.org>\r\nMail-Followup-To: Ubuntu Security \r\nMIME-Version: 1.0\r\nUser-Agent: Mutt/1.5.24 (2015-08-30)\r\nX-Mailman-Approved-At: Tue, 20 Dec 2016 20:23:12 +0000\r\nX-BeenThere: ubuntu-security-announce@lists.ubuntu.com\r\nX-Mailman-Version: 2.1.14\r\nPrecedence: list\r\nReply-To: ubuntu-users@lists.ubuntu.com, Ubuntu Security \r\nList-Id: Ubuntu Security Announcements\r\n \r\nList-Unsubscribe: , \r\n \r\nList-Archive: \r\nList-Post: \r\nList-Help: \r\nList-Subscribe: , \r\n \r\nContent-Type: multipart/mixed; boundary=\"===============7564301068935298617==\"\r\nErrors-To: ubuntu-security-announce-bounces@lists.ubuntu.com\r\nSender: ubuntu-security-announce-bounces@lists.ubuntu.com\r\nX-Greylist: Sender IP whitelisted by DNSRBL, not delayed by milter-greylist-4.3.9 (mogul.quuxo.net [203.18.245.241]); Wed, 21 Dec 2016 06:53:57 +1030 (ACDT)\r\nX-Virus-Scanned: clamav-milter 0.99.2 at mogul\r\nX-Virus-Status: Clean\r\nX-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED\r\n autolearn=ham version=3.3.2\r\nX-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on mogul.quuxo.net\r\n\r\n\r\n--===============7564301068935298617==\r\nContent-Type: multipart/signed; micalg=pgp-sha512;\r\n protocol=\"application/pgp-signature\"; boundary=\"O98KdSgI27dgYlM5\"\r\nContent-Disposition: inline\r\n\r\n\r\n--O98KdSgI27dgYlM5\r\nContent-Type: text/plain; charset=us-ascii\r\nContent-Disposition: inline\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-3159-1\r\nDecember 20, 2016\r\n\r\nlinux vulnerability\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 12.04 LTS\r\n\r\nSummary:\r\n\r\nThe system could be made to expose sensitive information.\r\n\r\nSoftware Description:\r\n- linux: Linux kernel\r\n\r\nDetails:\r\n\r\nIt was discovered that a race condition existed in the procfs\r\nenviron_read function in the Linux kernel, leading to an integer\r\nunderflow. A local attacker could use this to expose sensitive\r\ninformation (kernel memory).\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 12.04 LTS:\r\n linux-image-3.2.0-119-generic 3.2.0-119.162\r\n linux-image-3.2.0-119-generic-pae 3.2.0-119.162\r\n linux-image-3.2.0-119-highbank 3.2.0-119.162\r\n linux-image-3.2.0-119-omap 3.2.0-119.162\r\n linux-image-3.2.0-119-powerpc-smp 3.2.0-119.162\r\n linux-image-3.2.0-119-powerpc64-smp 3.2.0-119.162\r\n linux-image-3.2.0-119-virtual 3.2.0-119.162\r\n linux-image-generic 3.2.0.119.134\r\n linux-image-generic-pae 3.2.0.119.134\r\n linux-image-highbank 3.2.0.119.134\r\n linux-image-omap 3.2.0.119.134\r\n linux-image-powerpc-smp 3.2.0.119.134\r\n linux-image-powerpc64-smp 3.2.0.119.134\r\n linux-image-virtual 3.2.0.119.134\r\n\r\nAfter a standard system update you need to reboot your computer to make\r\nall the necessary changes.\r\n\r\nATTENTION: Due to an unavoidable ABI change the kernel updates have\r\nbeen given a new version number, which requires you to recompile and\r\nreinstall all third party kernel modules you might have installed.\r\nUnless you manually uninstalled the standard kernel metapackages\r\n(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,\r\nlinux-powerpc), a standard system upgrade will automatically perform\r\nthis as well.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-3159-1\r\n CVE-2016-7916\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/linux/3.2.0-119.162\r\n\r\n\r\n--O98KdSgI27dgYlM5\r\nContent-Type: application/pgp-signature; name=\"signature.asc\"\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1\r\n\r\niQIcBAEBCgAGBQJYWY/iAAoJEC8Jno0AXoH0gKUQAJ7UOWV591M8K+HGXHI3BVJi\r\n75LCUSBRrV2NZTpc32ZMCsssb4TSqQinzczQfWSNtlLsgucKTLdCYGJvbXYxd32z\r\nBzHHHH9D8EDC6X4Olx0byiDBTX76kVBVUjxsKJ1zkYBFeMZ6tx9Tmgsl7Rdr26lP\r\n9oe3nBadkP0vM7j/dG1913MdzOlFc/2YOnGRK6QKzy1HhM74XMQTzvj9Nsbgs8ea\r\nZFTzWgDiUXi9SbBDLmwkY2uFJ+zreIH/vRjZHZ5ofJz9ed91HDhMB7CmRzn4JG/b\r\nSPAmTk0IRzWVBWglb0hPA8NN194ijeQFa6OJt94+EIMYuIasjsi8zGr+o1yxM5aY\r\ngTiDLzrQVWfddcZWmoCw8WWVbHAjMW60ehAs+y6ly0tBAn7wailXFRDFir1Vt4i2\r\n1WRTnJR2JebfQN4YeJ7CAiw34+PO8+vi8qHcRqMGkRu5IYdBy8AvBucVO923jIIy\r\nJBRTVkZqacRVp4PLx7vrOXX02z7y38iQcP2QSeapMoQjViYOVSMYhycO9zqGe3Tj\r\nAHMqp2HGj1uPp+3mM/yRBaE1X1j7lzjsKO1XZwjMUIYcFmAAsg2Gwi5S0FhhS+cD\r\nulCZ0A+r4wZ/1K6cZ2ZCEQoAZyMovwiVLNP+4q7pHhcQGTYAvCEgPksktQwD3YOe\r\nnSj5HG2dTMTOHDjVGSVV\r\n=qUGf\r\n-----END PGP SIGNATURE-----\r\n\r\n--O98KdSgI27dgYlM5--\r\n\r\n\r\n--===============7564301068935298617==\r\nContent-Type: text/plain; charset=\"us-ascii\"\r\nMIME-Version: 1.0\r\nContent-Transfer-Encoding: 7bit\r\nContent-Disposition: inline\r\n\r\n-- \r\nubuntu-security-announce mailing list\r\nubuntu-security-announce@lists.ubuntu.com\r\nModify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n--===============7564301068935298617==--\r\n"; private static string MULTIPART_SIGNED_MESSAGE_PREVIEW = "Ubuntu Security Notice USN-3159-1 December 20, 2016 linux vulnerability A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS Summary: The system could be made to expose sensitive information. Software Description: - linux: Linux kernel Details: It was discovered that a race condition existed in the procfs environ_read function in the Linux kernel, leading to an integer underflow. A local attacker could use this to expose sensitive information (kernel memory). Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: linux-image-3.2.0-119-generic 3.2.0-119.162 linux-image-3.2.0-119-generic-pae 3.2.0-119.162 linux-image-3.2.0-119-highbank 3.2.0-119.162 linux-image-3.2.0-119-omap 3.2.0-119.162 linux-image-3.2.0-119-powerpc-smp 3.2.0-119.162 linux-image-3.2.0-119-powerpc64-smp 3.2.0-119.162 linux-image-3.2.0-119-virtual 3.2.0-119.162 linux-image-generic 3.2.0.119.134 linux-image-generic-pae 3.2.0.119.134 linux-image-highbank 3.2.0.119.134 linux-image-omap 3.2.0.119.134 linux-image-powerpc-smp 3.2.0.119.134 linux-image-powerpc64-smp 3.2.0.119.134 linux-image-virtual 3.2.0.119.134 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: http://www.ubuntu.com/usn/usn-3159-1 CVE-2016-7916 Package Information: https://launchpad.net/ubuntu/+source/linux/3.2.0-119.162 ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce"; }