Merge from gnus--rel--5.10

Patches applied:

 * gnus--rel--5.10  (patch 164-168)

   - Update from CVS

2006-11-18  Andreas Seltenreich  <uwi7@rz.uni-karlsruhe.de>

   * lisp/mm-uu.el (mm-uu-pgp-signed-extract-1): Make last fix more thorough
   and comment it.

   * lisp/nnslashdot.el (nnslashdot-retrieve-headers-1): Update regexp.

2006-11-15  Reiner Steib  <Reiner.Steib@gmx.de>

   * lisp/gnus-util.el (gnus-extract-address-components): Improve comment.

Revision: emacs@sv.gnu.org/gnus--devo--0--patch-241

diff --git a/lisp/ChangeLog b/lisp/ChangeLog
index 354d4f2..800bdaa 100644 (file)
--- a/lisp/ChangeLog
+++ b/lisp/ChangeLog
@@ -8,6 +8,17 @@
        include `opportunistic'.
        (message-send-mail): Use it.
 
+2006-11-18  Andreas Seltenreich  <uwi7@rz.uni-karlsruhe.de>
+
+       * mm-uu.el (mm-uu-pgp-signed-extract-1): Make last fix more thorough
+       and comment it.
+
+       * nnslashdot.el (nnslashdot-retrieve-headers-1): Update regexp.
+
+2006-11-15  Reiner Steib  <Reiner.Steib@gmx.de>
+
+       * gnus-util.el (gnus-extract-address-components): Improve comment.
+
 2006-11-14  Katsumi Yamaoka  <yamaoka@jpl.org>
 
        * gnus-util.el (gnus-extract-address-components): Work with address in

diff --git a/lisp/gnus-util.el b/lisp/gnus-util.el
index 4f5d108..28893b6 100644 (file)
--- a/lisp/gnus-util.el
+++ b/lisp/gnus-util.el
@@ -173,8 +173,9 @@ is slower."
     ;; First find the address - the thing with the @ in it.  This may
     ;; not be accurate in mail addresses, but does the trick most of
     ;; the time in news messages.
-    (cond (;; Special case: "foo@bar" <foo@bar>, i.e. one @ in the comment
-          ;; and one in the address.
+    (cond (;; Check ``<foo@bar>'' first in order to handle the quite common
+          ;; form ``"abc@xyz" <foo@bar>'' (i.e. ``@'' as part of a comment)
+          ;; correctly.
           (string-match "<\\([^@ \t<>]+[!@][^@ \t<>]+\\)>" from)
           (setq address (substring from (match-beginning 1) (match-end 1))))
          ((string-match "\\b[^@ \t<>]+[!@][^@ \t<>]+\\b" from)

diff --git a/lisp/mm-uu.el b/lisp/mm-uu.el
index 758b79a..7821841 100644 (file)
--- a/lisp/mm-uu.el
+++ b/lisp/mm-uu.el
@@ -482,8 +482,16 @@ apply the face `mm-uu-extract'."
           mm-security-handle 'gnus-details
           (format "Clear verification not supported by `%s'.\n" mml2015-use))))
       (goto-char (point-min))
-      (if (re-search-forward "\n[\t ]*\n" nil t)
-         (delete-region (point-min) (point)))
+      (forward-line)
+      ;; We need to be careful not to strip beyond the armor headers.
+      ;; Previously, an attacker could replace the text inside our
+      ;; markup with trailing garbage by injecting whitespace into the
+      ;; message.
+      (while (looking-at "Hash:") ; The only header allowed in cleartext
+       (forward-line))           ; signatures according to RFC2440.
+      (when (looking-at "[\t ]*$")
+       (forward-line))
+      (delete-region (point-min) (point))
       (if (re-search-forward mm-uu-pgp-beginning-signature nil t)
          (delete-region (match-beginning 0) (point-max)))
       (goto-char (point-min))

diff --git a/lisp/nnslashdot.el b/lisp/nnslashdot.el
index 54dfdf5..591e92b 100644 (file)
--- a/lisp/nnslashdot.el
+++ b/lisp/nnslashdot.el
@@ -142,7 +142,7 @@
          (setq article (if (and article (< start article)) article start))
          (goto-char point)
          (while (re-search-forward
-                 "<a name=\"\\([0-9]+\\)\">\\([^<]+\\)</a>.*\n.*\n.*score:\\([^)]+\\))"
+                 "<a name=\"\\([0-9]+\\)\">\\([^<]+\\)\\(?:.*\n\\)\\{2,10\\}.*score:\\([^)]+\\))"
                  nil t)
            (setq cid (match-string 1)
                  subject (match-string 2)