Limit CVE-2017-17689 (EFAIL) in KMail #70
Merged
SlavekB
merged 2 commits from feat/efail-fixes
into master
2 years ago
Loading…
Reference in new issue
There is no content yet.
Delete Branch 'feat/efail-fixes'
Deleting a branch is permanent. It CANNOT be undone. Continue?
The patches are taken from KDE and adapted for TDE. Because we do not have a separate library
messagelib
, patches formessagelib
and KMail as such are merged into one. Therefore, there are two patches instead of three patches. See https://dot.kde.org/2018/05/15/efail-and-kmailThis resolve issue #22.
Look good. Have not tested, but it's surprising to see how simple the fix is.
I did not do additional research – I just came out of the conclusions in the overview of the impact of the problem on individual clients at https://efail.de/ and the patches that were applied to KMail in KDE.
The patches deal with, for encrypted messages, it is always necessary to confirm the loading of parts from external sources. That is, for the user to always check what will be loaded. Therefore, they are quite simple.
This requires further testing and adjustments, because the behavior with patches is not as intended.
Limit CVE-2017-17689 (EFAIL) in KMailto WIP: Limit CVE-2017-17689 (EFAIL) in KMail 2 years agobe41d346d1
tofb582ff127
2 years agoWIP: Limit CVE-2017-17689 (EFAIL) in KMailto Limit CVE-2017-17689 (EFAIL) in KMail 2 years agoResetting override flag has been added to the slot responding to the message selection.
Limit CVE-2017-17689 (EFAIL) in KMailto WIP: Limit CVE-2017-17689 (EFAIL) in KMail 2 years agoTurning on to load external links at the folder level does not have the expected behavior. So it requires another effort.
fb582ff127
toc8e1b254e2
2 years agoWIP: Limit CVE-2017-17689 (EFAIL) in KMailto Limit CVE-2017-17689 (EFAIL) in KMail 2 years agoTesting
!mMessage
was misleading and caused an unwanted result. Set themViewer->setOnlyLocalReferences(!htmlLoadExternal());
moved to the moment when the message that is currently displayed is already loaded.I did tests and it seems that now everything really works as it was intended.
Looks good.
c8e1b254e2
into master 2 years agoReviewers
c8e1b254e2
.