[packages/alpine] S/MIME broken reading signed-then-encrypted messages - ID: 3201704

Mon Sep 3 15:02:46 CEST 2012

commit cf89ef84504d211e85dc6d059ede5f7d88cfe0ba
Author: Paweł Gołaszewski <blues at pld-linux.org>
Date:   Mon Sep 3 14:50:34 2012 +0200

    S/MIME broken reading signed-then-encrypted messages - ID: 3201704

 alpine.spec                               |  6 ++++-
 re-alpine-2.01.smime-signandencrypt.patch | 39 +++++++++++++++++++++++++++++++
 2 files changed, 44 insertions(+), 1 deletion(-)
---

diff --git a/alpine.spec b/alpine.spec
index 577132c..613975a 100644
--- a/alpine.spec
+++ b/alpine.spec
@@ -10,7 +10,7 @@ Summary:	University of Washington Alpine mail user agent
 Summary(pl.UTF-8):	Klient pocztowy Alpine z Uniwersytetu w Waszyngtonie
 Name:		alpine
 Version:	%{ver}.%{patchlevel}
-Release:	6
+Release:	6.1
 Epoch:		1
 License:	Apache v2.0
 Group:		Applications/Mail
@@ -31,6 +31,8 @@ Patch5:		%{name}-ssl.patch
 Patch6:		%{name}-no_1777_warning.patch
 Patch7:		%{name}-home_etc.patch
 Patch8:		%{name}-RFC1522_MAXW.patch
+Patch9:		mimedesc.patch
+Patch10:	re-alpine-2.01.smime-signandencrypt.patch
 URL:		http://www.washington.edu/alpine/
 BuildRequires:	autoconf
 BuildRequires:	automake
@@ -132,6 +134,8 @@ ajuda de acordo com o contexto está disponível.
 %patch6 -p1
 %patch7 -p1
 %patch8 -p1
+%patch9 -p1
+%patch10 -p1
 
 %build
 rm -f libtool missing
diff --git a/re-alpine-2.01.smime-signandencrypt.patch b/re-alpine-2.01.smime-signandencrypt.patch
new file mode 100644
index 0000000..7e76b93
--- /dev/null
+++ b/re-alpine-2.01.smime-signandencrypt.patch
@@ -0,0 +1,39 @@
+diff -rup re-alpine-2.01.orig/pith/smime.c re-alpine-2.01.smime-patch/pith/smime.c
+--- re-alpine-2.01.orig/pith/smime.c	2009-08-03 04:02:24.000000000 -0400
++++ re-alpine-2.01.smime-patch/pith/smime.c	2011-03-06 22:41:08.894139317 -0500
+@@ -1736,7 +1736,6 @@ do_decoding(BODY *b, long msgno, const c
+     PERSONAL_CERT 	*pcert = NULL;
+     char    *what_we_did = "";
+     char     null[1];
+-    char     newSec[100];
+ 
+     dprint((9, "do_decoding(msgno=%ld type=%d subtype=%s section=%s)", msgno, b->type, b->subtype ? b->subtype : "NULL", (section && *section) ? section : (section != NULL) ? "Top" : "NULL"));
+     null[0] = '\0';
+@@ -1751,8 +1750,25 @@ do_decoding(BODY *b, long msgno, const c
+     }
+     else{
+ 
+-	snprintf(newSec, sizeof(newSec), "%s%s1", section ? section : "", (section && *section) ? "." : "");
+-	p7 = get_pkcs7_from_part(msgno, newSec);
++	/*
++	 * Fix for signed-then-encrypted messages.
++	 *
++	 * If we're on the Top part (section == ""), then we need to bump it to "1".
++	 * Otherwise, we already know we're in a pkcs7-mime subpart and called
++	 * from do_fiddle_smime_message at the top, and the MULTIPART handline
++	 * has already bumped the section per-part.
++	 *
++	 * This allows signed-then-encrypted emails to work.
++	 * It *may* break signed or encrypted parts that are buried down in
++	 * a multi-part message (untested). Those are, IMO, far less common,
++	 * and I'd rather the signed+encrypted work.
++	 *
++	 * This used to do:
++	 * snprintf(newSec, sizeof(newSec), "%s%s1", section ? section : "", (section && *section) ? "." : "");
++	 * and pass the newSec to get_pkcs7_from_part
++	 *
++	 */
++	p7 = get_pkcs7_from_part(msgno, (section && *section) ? section : "1");
+ 	if(!p7){
+             q_status_message1(SM_ORDER, 2, 2, "Couldn't load PKCS7 object: %s",
+ 			     (char*) openssl_error_string());
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/alpine.git/commitdiff/71e303d9b5bc042f8a4f4dc2cc73949d1438dbb0

