S/MIME broken reading signed-then-encrypted messages - ID: 3201704

diff --git a/alpine.spec b/alpine.spec
index 577132ca7d804ffa8c48744cd345d4d2de6cc22b..613975abc8afac737c9163a5482b68c1157fdcbd 100644 (file)
--- a/alpine.spec
+++ b/alpine.spec
@@ -10,7 +10,7 @@ Summary:      University of Washington Alpine mail user agent
 Summary(pl.UTF-8):     Klient pocztowy Alpine z Uniwersytetu w Waszyngtonie
 Name:          alpine
 Version:       %{ver}.%{patchlevel}
-Release:       6
+Release:       6.1
 Epoch:         1
 License:       Apache v2.0
 Group:         Applications/Mail
@@ -31,6 +31,8 @@ Patch5:               %{name}-ssl.patch
 Patch6:                %{name}-no_1777_warning.patch
 Patch7:                %{name}-home_etc.patch
 Patch8:                %{name}-RFC1522_MAXW.patch
+Patch9:                mimedesc.patch
+Patch10:       re-alpine-2.01.smime-signandencrypt.patch
 URL:           http://www.washington.edu/alpine/
 BuildRequires: autoconf
 BuildRequires: automake
@@ -132,6 +134,8 @@ ajuda de acordo com o contexto está disponível.
 %patch6 -p1
 %patch7 -p1
 %patch8 -p1
+%patch9 -p1
+%patch10 -p1
 
 %build
 rm -f libtool missing

diff --git a/re-alpine-2.01.smime-signandencrypt.patch b/re-alpine-2.01.smime-signandencrypt.patch
new file mode 100644 (file)
index 0000000..7e76b93
--- /dev/null
+++ b/re-alpine-2.01.smime-signandencrypt.patch
@@ -0,0 +1,39 @@
+diff -rup re-alpine-2.01.orig/pith/smime.c re-alpine-2.01.smime-patch/pith/smime.c
+--- re-alpine-2.01.orig/pith/smime.c   2009-08-03 04:02:24.000000000 -0400
++++ re-alpine-2.01.smime-patch/pith/smime.c    2011-03-06 22:41:08.894139317 -0500
+@@ -1736,7 +1736,6 @@ do_decoding(BODY *b, long msgno, const c
+     PERSONAL_CERT     *pcert = NULL;
+     char    *what_we_did = "";
+     char     null[1];
+-    char     newSec[100];
+ 
+     dprint((9, "do_decoding(msgno=%ld type=%d subtype=%s section=%s)", msgno, b->type, b->subtype ? b->subtype : "NULL", (section && *section) ? section : (section != NULL) ? "Top" : "NULL"));
+     null[0] = '\0';
+@@ -1751,8 +1750,25 @@ do_decoding(BODY *b, long msgno, const c
+     }
+     else{
+ 
+-      snprintf(newSec, sizeof(newSec), "%s%s1", section ? section : "", (section && *section) ? "." : "");
+-      p7 = get_pkcs7_from_part(msgno, newSec);
++      /*
++       * Fix for signed-then-encrypted messages.
++       *
++       * If we're on the Top part (section == ""), then we need to bump it to "1".
++       * Otherwise, we already know we're in a pkcs7-mime subpart and called
++       * from do_fiddle_smime_message at the top, and the MULTIPART handline
++       * has already bumped the section per-part.
++       *
++       * This allows signed-then-encrypted emails to work.
++       * It *may* break signed or encrypted parts that are buried down in
++       * a multi-part message (untested). Those are, IMO, far less common,
++       * and I'd rather the signed+encrypted work.
++       *
++       * This used to do:
++       * snprintf(newSec, sizeof(newSec), "%s%s1", section ? section : "", (section && *section) ? "." : "");
++       * and pass the newSec to get_pkcs7_from_part
++       *
++       */
++      p7 = get_pkcs7_from_part(msgno, (section && *section) ? section : "1");
+       if(!p7){
+             q_status_message1(SM_ORDER, 2, 2, "Couldn't load PKCS7 object: %s",
+                            (char*) openssl_error_string());