diff options
Diffstat (limited to 'gnu/packages/patches/evolution-CVE-2020-11879.patch')
| -rw-r--r-- | gnu/packages/patches/evolution-CVE-2020-11879.patch | 122 |
1 files changed, 0 insertions, 122 deletions
diff --git a/gnu/packages/patches/evolution-CVE-2020-11879.patch b/gnu/packages/patches/evolution-CVE-2020-11879.patch deleted file mode 100644 index 8c85895aab..0000000000 --- a/gnu/packages/patches/evolution-CVE-2020-11879.patch +++ /dev/null @@ -1,122 +0,0 @@ -From 6489f20d6905cc797e2b2581c415e558c457caa7 Mon Sep 17 00:00:00 2001 -From: Milan Crha <mcrha@redhat.com> -Date: Wed, 12 Feb 2020 18:59:52 +0100 -Subject: [PATCH] I#784 - Warn about and limit what can be attached using - mailto: URI - -Closes https://gitlab.gnome.org/GNOME/evolution/issues/784 ---- - src/composer/e-msg-composer.c | 58 +++++++++++++++++++++++++++++------ - src/e-util/e-system.error.xml | 7 ++++- - 2 files changed, 54 insertions(+), 11 deletions(-) - -diff --git a/src/composer/e-msg-composer.c b/src/composer/e-msg-composer.c -index e4c9ac095e..cd3168d882 100644 ---- a/src/composer/e-msg-composer.c -+++ b/src/composer/e-msg-composer.c -@@ -4761,7 +4761,8 @@ handle_mailto (EMsgComposer *composer, - gchar *header, *content, *buf; - gsize nread, nwritten; - const gchar *p; -- gint len, clen; -+ gint len, clen, has_attachments = 0; -+ gboolean has_blacklisted_attachment = FALSE; - - table = e_msg_composer_get_header_table (composer); - view = e_msg_composer_get_attachment_view (composer); -@@ -4844,22 +4845,36 @@ handle_mailto (EMsgComposer *composer, - } else if (!g_ascii_strcasecmp (header, "attach") || - !g_ascii_strcasecmp (header, "attachment")) { - EAttachment *attachment; -+ GFile *file; - - camel_url_decode (content); -- if (file_is_blacklisted (content)) -- e_alert_submit ( -- E_ALERT_SINK (e_msg_composer_get_editor (composer)), -- "mail:blacklisted-file", -- content, NULL); - if (g_ascii_strncasecmp (content, "file:", 5) == 0) - attachment = e_attachment_new_for_uri (content); - else - attachment = e_attachment_new_for_path (content); -- e_attachment_store_add_attachment (store, attachment); -- e_attachment_load_async ( -- attachment, (GAsyncReadyCallback) -- e_attachment_load_handle_error, composer); -+ file = e_attachment_ref_file (attachment); -+ if (!file || !g_file_peek_path (file) || -+ !g_file_test (g_file_peek_path (file), G_FILE_TEST_EXISTS) || -+ g_file_test (g_file_peek_path (file), G_FILE_TEST_IS_DIR)) { -+ /* Do nothing, simply ignore the attachment request */ -+ } else { -+ has_attachments++; -+ -+ if (file_is_blacklisted (content)) { -+ has_blacklisted_attachment = TRUE; -+ e_alert_submit ( -+ E_ALERT_SINK (e_msg_composer_get_editor (composer)), -+ "mail:blacklisted-file", -+ content, NULL); -+ } -+ -+ e_attachment_store_add_attachment (store, attachment); -+ e_attachment_load_async ( -+ attachment, (GAsyncReadyCallback) -+ e_attachment_load_handle_error, composer); -+ } - g_object_unref (attachment); -+ g_clear_object (&file); - } else if (!g_ascii_strcasecmp (header, "from")) { - /* Ignore */ - } else if (!g_ascii_strcasecmp (header, "reply-to")) { -@@ -4883,6 +4898,29 @@ handle_mailto (EMsgComposer *composer, - - g_free (buf); - -+ if (has_attachments && !has_blacklisted_attachment) { -+ const gchar *primary; -+ gchar *secondary; -+ -+ primary = g_dngettext (GETTEXT_PACKAGE, -+ "Review attachment before sending.", -+ "Review attachments before sending.", -+ has_attachments); -+ -+ secondary = g_strdup_printf (g_dngettext (GETTEXT_PACKAGE, -+ "There had been added %d attachment. Make sure it does not contain any sensitive information before sending the message.", -+ "There had been added %d attachments. Make sure they do not contain any sensitive information before sending the message.", -+ has_attachments), -+ has_attachments); -+ -+ e_alert_submit ( -+ E_ALERT_SINK (e_msg_composer_get_editor (composer)), -+ "system:generic-warning", -+ primary, secondary, NULL); -+ -+ g_free (secondary); -+ } -+ - merge_always_cc_and_bcc (table, to, &cc, &bcc); - - tov = destination_list_to_vector (to); -diff --git a/src/e-util/e-system.error.xml b/src/e-util/e-system.error.xml -index ddcf989fda..02facb7d26 100644 ---- a/src/e-util/e-system.error.xml -+++ b/src/e-util/e-system.error.xml -@@ -1,6 +1,11 @@ - <?xml version="1.0"?> - <error-list domain="system"> -- <error type="error" id="generic-error"> -+ <error id="generic-error" type="error"> -+ <primary>{0}</primary> -+ <secondary>{1}</secondary> -+ </error> -+ -+ <error id="generic-warning" type="warning"> - <primary>{0}</primary> - <secondary>{1}</secondary> - </error> --- -GitLab - |