From: Miles Bader <miles@gnu.org>
Date: Wed, 22 Nov 2006 23:28:12 +0000 (+0000)
Subject: Merge from gnus--rel--5.10
X-Git-Url: http://cgit.sxemacs.org/?a=commitdiff_plain;h=f4d486326efc55e51816619defc4353e97fb1d96;p=gnus

Merge from gnus--rel--5.10

Patches applied:

 * gnus--rel--5.10  (patch 164-168)

   - Update from CVS

2006-11-18  Andreas Seltenreich  <uwi7@rz.uni-karlsruhe.de>

   * lisp/mm-uu.el (mm-uu-pgp-signed-extract-1): Make last fix more thorough
   and comment it.

   * lisp/nnslashdot.el (nnslashdot-retrieve-headers-1): Update regexp.

2006-11-15  Reiner Steib  <Reiner.Steib@gmx.de>

   * lisp/gnus-util.el (gnus-extract-address-components): Improve comment.

Revision: emacs@sv.gnu.org/gnus--devo--0--patch-241
---

diff --git a/lisp/ChangeLog b/lisp/ChangeLog
index 354d4f210..800bdaac3 100644
--- a/lisp/ChangeLog
+++ b/lisp/ChangeLog
@@ -8,6 +8,17 @@
 	include `opportunistic'.
 	(message-send-mail): Use it.
 
+2006-11-18  Andreas Seltenreich  <uwi7@rz.uni-karlsruhe.de>
+
+	* mm-uu.el (mm-uu-pgp-signed-extract-1): Make last fix more thorough
+	and comment it.
+
+	* nnslashdot.el (nnslashdot-retrieve-headers-1): Update regexp.
+
+2006-11-15  Reiner Steib  <Reiner.Steib@gmx.de>
+
+	* gnus-util.el (gnus-extract-address-components): Improve comment.
+
 2006-11-14  Katsumi Yamaoka  <yamaoka@jpl.org>
 
 	* gnus-util.el (gnus-extract-address-components): Work with address in
diff --git a/lisp/gnus-util.el b/lisp/gnus-util.el
index 4f5d108aa..28893b6f6 100644
--- a/lisp/gnus-util.el
+++ b/lisp/gnus-util.el
@@ -173,8 +173,9 @@ is slower."
     ;; First find the address - the thing with the @ in it.  This may
     ;; not be accurate in mail addresses, but does the trick most of
     ;; the time in news messages.
-    (cond (;; Special case: "foo@bar" <foo@bar>, i.e. one @ in the comment
-	   ;; and one in the address.
+    (cond (;; Check ``<foo@bar>'' first in order to handle the quite common
+	   ;; form ``"abc@xyz" <foo@bar>'' (i.e. ``@'' as part of a comment)
+	   ;; correctly.
 	   (string-match "<\\([^@ \t<>]+[!@][^@ \t<>]+\\)>" from)
 	   (setq address (substring from (match-beginning 1) (match-end 1))))
 	  ((string-match "\\b[^@ \t<>]+[!@][^@ \t<>]+\\b" from)
diff --git a/lisp/mm-uu.el b/lisp/mm-uu.el
index 758b79a59..782184153 100644
--- a/lisp/mm-uu.el
+++ b/lisp/mm-uu.el
@@ -482,8 +482,16 @@ apply the face `mm-uu-extract'."
 	   mm-security-handle 'gnus-details
 	   (format "Clear verification not supported by `%s'.\n" mml2015-use))))
       (goto-char (point-min))
-      (if (re-search-forward "\n[\t ]*\n" nil t)
-	  (delete-region (point-min) (point)))
+      (forward-line)
+      ;; We need to be careful not to strip beyond the armor headers.
+      ;; Previously, an attacker could replace the text inside our
+      ;; markup with trailing garbage by injecting whitespace into the
+      ;; message.
+      (while (looking-at "Hash:") ; The only header allowed in cleartext
+	(forward-line))		  ; signatures according to RFC2440.
+      (when (looking-at "[\t ]*$")
+	(forward-line))
+      (delete-region (point-min) (point))
       (if (re-search-forward mm-uu-pgp-beginning-signature nil t)
 	  (delete-region (match-beginning 0) (point-max)))
       (goto-char (point-min))
diff --git a/lisp/nnslashdot.el b/lisp/nnslashdot.el
index 54dfdf554..591e92b13 100644
--- a/lisp/nnslashdot.el
+++ b/lisp/nnslashdot.el
@@ -142,7 +142,7 @@
 	  (setq article (if (and article (< start article)) article start))
 	  (goto-char point)
 	  (while (re-search-forward
-		  "<a name=\"\\([0-9]+\\)\">\\([^<]+\\)</a>.*\n.*\n.*score:\\([^)]+\\))"
+		  "<a name=\"\\([0-9]+\\)\">\\([^<]+\\)\\(?:.*\n\\)\\{2,10\\}.*score:\\([^)]+\\))"
 		  nil t)
 	    (setq cid (match-string 1)
 		  subject (match-string 2)