Blob Blame History Raw
diff -up evolution-3.28.5/src/em-format/e-mail-formatter-utils.c.cve-2018-15587-reposition-signature-bar evolution-3.28.5/src/em-format/e-mail-formatter-utils.c
--- evolution-3.28.5/src/em-format/e-mail-formatter-utils.c.cve-2018-15587-reposition-signature-bar	2018-07-30 15:37:05.000000000 +0200
+++ evolution-3.28.5/src/em-format/e-mail-formatter-utils.c	2019-10-24 16:21:32.730944332 +0200
@@ -549,71 +549,136 @@ e_mail_formatter_format_security_header
                                          EMailPart *part,
                                          guint32 flags)
 {
-	const gchar* part_id;
-	gchar* part_id_prefix;
-	GString* tmp;
+	struct _validity_flags {
+		guint32 flags;
+		const gchar *description_complete;
+		const gchar *description_partial;
+	} validity_flags[] = {
+		{ E_MAIL_PART_VALIDITY_PGP | E_MAIL_PART_VALIDITY_SIGNED, N_("GPG signed"), N_("partially GPG signed") },
+		{ E_MAIL_PART_VALIDITY_PGP | E_MAIL_PART_VALIDITY_ENCRYPTED, N_("GPG encrypted"), N_("partially GPG encrypted") },
+		{ E_MAIL_PART_VALIDITY_SMIME | E_MAIL_PART_VALIDITY_SIGNED, N_("S/MIME signed"), N_("partially S/MIME signed") },
+		{ E_MAIL_PART_VALIDITY_SMIME | E_MAIL_PART_VALIDITY_ENCRYPTED, N_("S/MIME encrypted"), N_("partially S/MIME encrypted") }
+	};
+	const gchar *part_id;
+	gchar *part_id_prefix;
 	GQueue queue = G_QUEUE_INIT;
 	GList *head, *link;
+	guint32 check_valid_flags = 0;
+	gint part_id_prefix_len;
+	gboolean is_partial = FALSE;
+	guint ii;
 
 	g_return_if_fail (E_IS_MAIL_PART_HEADERS (part));
 
 	/* Get prefix of this PURI */
 	part_id = e_mail_part_get_id (part);
 	part_id_prefix = g_strndup (part_id, g_strrstr (part_id, ".") - part_id);
-
-	/* Add encryption/signature header */
-	tmp = g_string_new ("");
+	part_id_prefix_len = strlen (part_id_prefix);
 
 	e_mail_part_list_queue_parts (context->part_list, NULL, &queue);
 
 	head = g_queue_peek_head_link (&queue);
 
-	/* Find first secured part. */
-	for (link = head; link != NULL; link = g_list_next(link)) {
+	/* Ignore the main message, the headers and the end parts */
+	#define should_skip_part(_id) \
+		(g_strcmp0 (_id, part_id_prefix) == 0 || \
+		(_id && g_str_has_suffix (_id, ".rfc822.end")) || \
+		(_id && strlen (_id) == part_id_prefix_len + 8 /* strlen (".headers") */ && \
+		g_strcmp0 (_id + part_id_prefix_len, ".headers") == 0))
+
+	/* Check parts for this ID. */
+	for (link = head; link != NULL; link = g_list_next (link)) {
 		EMailPart *mail_part = link->data;
+		const gchar *id = e_mail_part_get_id (mail_part);
 
-		if (!e_mail_part_has_validity (mail_part))
+		if (!e_mail_part_id_has_prefix (mail_part, part_id_prefix))
 			continue;
 
-		if (!e_mail_part_id_has_prefix (mail_part, part_id_prefix))
+		if (should_skip_part (id))
 			continue;
 
-		if (e_mail_part_get_validity (mail_part, E_MAIL_PART_VALIDITY_PGP | E_MAIL_PART_VALIDITY_SIGNED)) {
-			g_string_append (tmp, _("GPG signed"));
+		if (!e_mail_part_has_validity (mail_part)) {
+			/* A part without validity, thus it's partially signed/encrypted */
+			is_partial = TRUE;
+		} else {
+			guint32 validies = 0;
+			for (ii = 0; ii < G_N_ELEMENTS (validity_flags); ii++) {
+				if (e_mail_part_get_validity (mail_part, validity_flags[ii].flags))
+					validies |= validity_flags[ii].flags;
+			}
+			check_valid_flags |= validies;
 		}
 
-		if (e_mail_part_get_validity (mail_part, E_MAIL_PART_VALIDITY_PGP | E_MAIL_PART_VALIDITY_ENCRYPTED)) {
-			if (tmp->len > 0)
-				g_string_append (tmp, ", ");
-			g_string_append (tmp, _("GPG encrypted"));
-		}
+		/* Do not traverse sub-messages */
+		if (g_str_has_suffix (e_mail_part_get_id (mail_part), ".rfc822") &&
+		    !g_str_equal (e_mail_part_get_id (mail_part), part_id_prefix))
+			link = e_mail_formatter_find_rfc822_end_iter (link);
+	}
 
-		if (e_mail_part_get_validity (mail_part, E_MAIL_PART_VALIDITY_SMIME | E_MAIL_PART_VALIDITY_SIGNED)) {
-			if (tmp->len > 0)
-				g_string_append (tmp, ", ");
-			g_string_append (tmp, _("S/MIME signed"));
+	if (check_valid_flags) {
+		GString *tmp;
+
+		if (!is_partial) {
+			for (link = head; link != NULL && !is_partial; link = g_list_next (link)) {
+				EMailPart *mail_part = link->data;
+				const gchar *id = e_mail_part_get_id (mail_part);
+
+				if (!e_mail_part_id_has_prefix (mail_part, part_id_prefix))
+					continue;
+
+				if (should_skip_part (id))
+					continue;
+
+				if (!e_mail_part_has_validity (mail_part)) {
+					/* A part without validity, thus it's partially signed/encrypted */
+					is_partial = TRUE;
+					break;
+				}
+
+				is_partial = !e_mail_part_get_validity (mail_part, check_valid_flags);
+
+				/* Do not traverse sub-messages */
+				if (g_str_has_suffix (e_mail_part_get_id (mail_part), ".rfc822") &&
+				    !g_str_equal (e_mail_part_get_id (mail_part), part_id_prefix))
+					link = e_mail_formatter_find_rfc822_end_iter (link);
+			}
 		}
 
-		if (e_mail_part_get_validity (mail_part, E_MAIL_PART_VALIDITY_SMIME | E_MAIL_PART_VALIDITY_ENCRYPTED)) {
-			if (tmp->len > 0)
-				g_string_append (tmp, ", ");
-			g_string_append (tmp, _("S/MIME encrypted"));
+		/* Add encryption/signature header */
+		tmp = g_string_new ("");
+
+		for (link = head; link; link = g_list_next (link)) {
+			EMailPart *mail_part = link->data;
+			const gchar *id = e_mail_part_get_id (mail_part);
+
+			if (!e_mail_part_has_validity (mail_part) ||
+			    !e_mail_part_id_has_prefix (mail_part, part_id_prefix))
+				continue;
+
+			if (should_skip_part (id))
+				continue;
+
+			for (ii = 0; ii < G_N_ELEMENTS (validity_flags); ii++) {
+				if (e_mail_part_get_validity (mail_part, validity_flags[ii].flags)) {
+					if (tmp->len > 0)
+						g_string_append (tmp, ", ");
+					g_string_append (tmp, is_partial ? _(validity_flags[ii].description_partial) : _(validity_flags[ii].description_complete));
+				}
+			}
+
+			break;
 		}
 
-		break;
-	}
+		if (tmp->len > 0)
+			e_mail_formatter_format_header (formatter, buffer, _("Security"), tmp->str, flags, "UTF-8");
 
-	if (tmp->len > 0) {
-		e_mail_formatter_format_header (
-			formatter, buffer,
-			_("Security"), tmp->str,
-			flags,
-			"UTF-8");
+		g_string_free (tmp, TRUE);
 	}
 
+	#undef should_skip_part
+
 	while (!g_queue_is_empty (&queue))
 		g_object_unref (g_queue_pop_head (&queue));
 
-	g_string_free (tmp, TRUE);
 	g_free (part_id_prefix);
 }
diff -up evolution-3.28.5/src/em-format/e-mail-parser-application-smime.c.cve-2018-15587-reposition-signature-bar evolution-3.28.5/src/em-format/e-mail-parser-application-smime.c
--- evolution-3.28.5/src/em-format/e-mail-parser-application-smime.c.cve-2018-15587-reposition-signature-bar	2018-07-30 15:37:05.000000000 +0200
+++ evolution-3.28.5/src/em-format/e-mail-parser-application-smime.c	2019-10-24 16:21:32.730944332 +0200
@@ -22,6 +22,7 @@
 
 #include <e-util/e-util.h>
 
+#include "e-mail-formatter-utils.h"
 #include "e-mail-parser-extension.h"
 #include "e-mail-part-utils.h"
 
@@ -104,6 +105,10 @@ empe_app_smime_parse (EMailParserExtensi
 				mail_part, valid,
 				E_MAIL_PART_VALIDITY_ENCRYPTED |
 				E_MAIL_PART_VALIDITY_SMIME);
+
+			/* Do not traverse sub-messages */
+			if (g_str_has_suffix (e_mail_part_get_id (mail_part), ".rfc822"))
+				link = e_mail_formatter_find_rfc822_end_iter (link);
 		}
 
 		e_queue_transfer (&work_queue, out_mail_parts);
diff -up evolution-3.28.5/src/em-format/e-mail-parser.c.cve-2018-15587-reposition-signature-bar evolution-3.28.5/src/em-format/e-mail-parser.c
--- evolution-3.28.5/src/em-format/e-mail-parser.c.cve-2018-15587-reposition-signature-bar	2018-07-30 15:37:05.000000000 +0200
+++ evolution-3.28.5/src/em-format/e-mail-parser.c	2019-10-24 16:21:32.729944332 +0200
@@ -79,6 +79,67 @@ GType e_mail_parser_application_smime_ge
 static gpointer parent_class;
 
 static void
+mail_parser_move_security_before_headers (GQueue *part_queue)
+{
+	GList *link, *last_headers = NULL;
+	GSList *headers_stack = NULL;
+
+	link = g_queue_peek_head_link (part_queue);
+	while (link) {
+		EMailPart *part = link->data;
+		const gchar *id;
+
+		if (!part) {
+			link = g_list_next (link);
+			continue;
+		}
+
+		id = e_mail_part_get_id (part);
+		if (!id) {
+			link = g_list_next (link);
+			continue;
+		}
+
+		if (g_str_has_suffix (id, ".rfc822")) {
+			headers_stack = g_slist_prepend (headers_stack, last_headers);
+			last_headers = NULL;
+		} else if (g_str_has_suffix (id, ".rfc822.end")) {
+			g_warn_if_fail (headers_stack != NULL);
+
+			if (headers_stack) {
+				last_headers = headers_stack->data;
+				headers_stack = g_slist_remove (headers_stack, last_headers);
+			} else {
+				last_headers = NULL;
+			}
+		}
+
+		if (g_strcmp0 (e_mail_part_get_mime_type (part), "application/vnd.evolution.headers") == 0) {
+			last_headers = link;
+			link = g_list_next (link);
+		} else if (g_strcmp0 (e_mail_part_get_mime_type (part), "application/vnd.evolution.secure-button") == 0) {
+			g_warn_if_fail (last_headers != NULL);
+
+			if (last_headers) {
+				GList *next = g_list_next (link);
+
+				g_warn_if_fail (g_queue_remove (part_queue, part));
+				g_queue_insert_before (part_queue, last_headers, part);
+
+				link = next;
+			} else {
+				link = g_list_next (link);
+			}
+		} else {
+			link = g_list_next (link);
+		}
+	}
+
+	g_warn_if_fail (headers_stack == NULL);
+	g_slist_free (headers_stack);
+}
+
+static void
 mail_parser_run (EMailParser *parser,
                  EMailPartList *part_list,
                  GCancellable *cancellable)
@@ -132,6 +193,8 @@ mail_parser_run (EMailParser *parser,
 			break;
 	}
 
+	mail_parser_move_security_before_headers (&mail_part_queue);
+
 	while (!g_queue_is_empty (&mail_part_queue)) {
 		mail_part = g_queue_pop_head (&mail_part_queue);
 		e_mail_part_list_add_part (part_list, mail_part);
diff -up evolution-3.28.5/src/em-format/e-mail-parser-inlinepgp-encrypted.c.cve-2018-15587-reposition-signature-bar evolution-3.28.5/src/em-format/e-mail-parser-inlinepgp-encrypted.c
--- evolution-3.28.5/src/em-format/e-mail-parser-inlinepgp-encrypted.c.cve-2018-15587-reposition-signature-bar	2018-07-30 15:37:05.000000000 +0200
+++ evolution-3.28.5/src/em-format/e-mail-parser-inlinepgp-encrypted.c	2019-10-24 16:21:32.730944332 +0200
@@ -22,6 +22,7 @@
 
 #include <e-util/e-util.h>
 
+#include "e-mail-formatter-utils.h"
 #include "e-mail-parser-extension.h"
 #include "e-mail-part-utils.h"
 
@@ -135,6 +136,10 @@ empe_inlinepgp_encrypted_parse (EMailPar
 			mail_part, valid,
 			E_MAIL_PART_VALIDITY_ENCRYPTED |
 			E_MAIL_PART_VALIDITY_PGP);
+
+		/* Do not traverse sub-messages */
+		if (g_str_has_suffix (e_mail_part_get_id (mail_part), ".rfc822"))
+			link = e_mail_formatter_find_rfc822_end_iter (link);
 	}
 
 	e_queue_transfer (&work_queue, out_mail_parts);
diff -up evolution-3.28.5/src/em-format/e-mail-parser-inlinepgp-signed.c.cve-2018-15587-reposition-signature-bar evolution-3.28.5/src/em-format/e-mail-parser-inlinepgp-signed.c
--- evolution-3.28.5/src/em-format/e-mail-parser-inlinepgp-signed.c.cve-2018-15587-reposition-signature-bar	2018-07-30 15:37:05.000000000 +0200
+++ evolution-3.28.5/src/em-format/e-mail-parser-inlinepgp-signed.c	2019-10-24 16:21:32.731944332 +0200
@@ -22,6 +22,7 @@
 
 #include <e-util/e-util.h>
 
+#include "e-mail-formatter-utils.h"
 #include "e-mail-parser-extension.h"
 #include "e-mail-part-utils.h"
 
@@ -142,6 +143,10 @@ empe_inlinepgp_signed_parse (EMailParser
 			mail_part, valid,
 			E_MAIL_PART_VALIDITY_SIGNED |
 			E_MAIL_PART_VALIDITY_PGP);
+
+		/* Do not traverse sub-messages */
+		if (g_str_has_suffix (e_mail_part_get_id (mail_part), ".rfc822"))
+			link = e_mail_formatter_find_rfc822_end_iter (link);
 	}
 
 	e_queue_transfer (&work_queue, out_mail_parts);
diff -up evolution-3.28.5/src/em-format/e-mail-parser-multipart-encrypted.c.cve-2018-15587-reposition-signature-bar evolution-3.28.5/src/em-format/e-mail-parser-multipart-encrypted.c
--- evolution-3.28.5/src/em-format/e-mail-parser-multipart-encrypted.c.cve-2018-15587-reposition-signature-bar	2018-07-30 15:37:05.000000000 +0200
+++ evolution-3.28.5/src/em-format/e-mail-parser-multipart-encrypted.c	2019-10-24 16:21:32.731944332 +0200
@@ -21,6 +21,7 @@
 
 #include <libedataserver/libedataserver.h>
 
+#include "e-mail-formatter-utils.h"
 #include "e-mail-parser-extension.h"
 #include "e-mail-part-utils.h"
 
@@ -126,6 +127,10 @@ empe_mp_encrypted_parse (EMailParserExte
 			mail_part, valid,
 			E_MAIL_PART_VALIDITY_ENCRYPTED |
 			E_MAIL_PART_VALIDITY_PGP);
+
+		/* Do not traverse sub-messages */
+		if (g_str_has_suffix (e_mail_part_get_id (mail_part), ".rfc822"))
+			link = e_mail_formatter_find_rfc822_end_iter (link);
 	}
 
 	e_queue_transfer (&work_queue, out_mail_parts);
diff -up evolution-3.28.5/src/em-format/e-mail-parser-multipart-signed.c.cve-2018-15587-reposition-signature-bar evolution-3.28.5/src/em-format/e-mail-parser-multipart-signed.c
--- evolution-3.28.5/src/em-format/e-mail-parser-multipart-signed.c.cve-2018-15587-reposition-signature-bar	2018-07-30 15:37:05.000000000 +0200
+++ evolution-3.28.5/src/em-format/e-mail-parser-multipart-signed.c	2019-10-24 16:21:32.731944332 +0200
@@ -21,6 +21,7 @@
 
 #include <libedataserver/libedataserver.h>
 
+#include "e-mail-formatter-utils.h"
 #include "e-mail-parser-extension.h"
 #include "e-mail-part-utils.h"
 
@@ -170,6 +171,10 @@ empe_mp_signed_parse (EMailParserExtensi
 			e_mail_part_update_validity (
 				mail_part, valid,
 				validity_type | E_MAIL_PART_VALIDITY_SIGNED);
+
+			/* Do not traverse sub-messages */
+			if (g_str_has_suffix (e_mail_part_get_id (mail_part), ".rfc822"))
+				link = e_mail_formatter_find_rfc822_end_iter (link);
 		}
 
 		e_queue_transfer (&work_queue, out_mail_parts);
diff -up evolution-3.28.5/src/em-format/e-mail-part.c.cve-2018-15587-reposition-signature-bar evolution-3.28.5/src/em-format/e-mail-part.c
--- evolution-3.28.5/src/em-format/e-mail-part.c.cve-2018-15587-reposition-signature-bar	2018-07-30 15:37:05.000000000 +0200
+++ evolution-3.28.5/src/em-format/e-mail-part.c	2019-10-24 16:21:32.731944332 +0200
@@ -662,6 +662,15 @@ e_mail_part_update_validity (EMailPart *
 
 	mask = E_MAIL_PART_VALIDITY_PGP | E_MAIL_PART_VALIDITY_SMIME;
 
+	/* Auto-add flags when the related part is present */
+	if (!(validity_type & E_MAIL_PART_VALIDITY_SIGNED) &&
+	    validity->sign.status != CAMEL_CIPHER_VALIDITY_SIGN_NONE)
+		validity_type |= E_MAIL_PART_VALIDITY_SIGNED;
+
+	if (!(validity_type & E_MAIL_PART_VALIDITY_ENCRYPTED) &&
+	    validity->encrypt.status != CAMEL_CIPHER_VALIDITY_ENCRYPT_NONE)
+		validity_type |= E_MAIL_PART_VALIDITY_ENCRYPTED;
+
 	pair = mail_part_find_validity_pair (part, validity_type & mask);
 	if (pair != NULL) {
 		pair->validity_type |= validity_type;