Merge tag '2.6.6' into 2-6-stable

Mail 2.6.6 Security: * mikel#1097 – SMTP security: prevent command injection via To/From addresses. (jeremy) Bugs: * mikel#689 - Fix Exim delivery method broken by mikel#477 in 2.5.4. (jethrogb)
planio-gmbh · Jan 26, 2018 · 4f7eba4 · 4f7eba4
2 parents bdda1a4 + 3d1e8fe
commit 4f7eba4
Show file tree

Hide file tree

Showing 42 changed files with 306 additions and 141 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -11,12 +11,14 @@ rvm:
   - 1.9.2
   - 1.9.3
   - 2.0.0
-  - 2.1.9
-  - 2.2.5
-  - 2.3.1
+  - 2.1.10
+  - 2.2.7
+  - 2.3.4
+  - 2.4.1
   - ruby-head
   - jruby
   - jruby-9.0.5.0
+  - jruby-9.1.6.0
   - jruby-head
   - rbx-2
 
@@ -75,6 +77,7 @@ matrix:
   allow_failures:
     - rvm: ruby-head
     - rvm: jruby-9.0.5.0
+    - rvm: jruby-9.1.6.0
     - rvm: jruby-head
     - rvm: rbx-2
   fast_finish: true
diff --git a/CHANGELOG.rdoc b/CHANGELOG.rdoc
@@ -1,6 +1,20 @@
-== Version 2.6.5 - Unreleased
+== Version 2.6.6 - 2017-06-09 Jeremy Daer <jeremydaer@gmail.com>
 
+Security:
+* #1097 – SMTP security: prevent command injection via To/From addresses. (jeremy)
+
+Bugs:
+* #689 - Fix Exim delivery method broken by #477 in 2.5.4. (jethrogb)
+
+== Version 2.6.5 - 2017-04-26 Jeremy Daer <jeremydaer@gmail.com>
+
+Features:
+* #1053 - Ruby 2.4.0 compatibility. Fixnum+Bignum unified as Integer. (peterkovacs)
+
+Bugs:
+* #605 - Fix Mail::Address#name for nil addresses (peterkovacs)
 * #1003 - Fix decoding some b encoded headers on specific rubies that don't account for lack of base64 padding (kjg)
+* #1023 - Fix double-quoting in display names. (garethrees)
 
 == Version 2.6.4 - Wed Mar 23 08:16 -0700 2016 Jeremy Daer <jeremydaer@gmail.com>
 

diff --git a/Gemfile b/Gemfile
@@ -1,12 +1,14 @@
-source "https://rubygems.org"
+source 'https://rubygems.org'
 
 gemspec
 
-gem "tlsmail", "~> 0.0.1" if RUBY_VERSION <= "1.8.6"
-gem "jruby-openssl", :platforms => :jruby
-gem "rake", "< 11.0", :platforms => :ruby_18
+gem 'tlsmail', '~> 0.0.1' if RUBY_VERSION <= '1.8.6'
+gem 'jruby-openssl', :platforms => :jruby
+gem 'rake', '< 11.0', :platforms => :ruby_18
+gem 'rdoc', '< 4.3', :platforms => [ :ruby_18, :ruby_19 ]
+gem 'mime-types', '< 2.0', :platforms => [ :ruby_18, :ruby_19 ]
 
 # For gems not required to run tests
 group :local_development, :test do
-  gem "appraisal", "~> 1.0" unless RUBY_VERSION <= "1.8.7"
+  gem 'appraisal', '~> 1.0' unless RUBY_VERSION < '1.9'
 end
diff --git a/MIT-LICENSE b/MIT-LICENSE
@@ -1,4 +1,4 @@
-Copyright (c) 2009-2016 Mikel Lindsaar
+Copyright (c) 2009-2017 Mikel Lindsaar
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

diff --git a/README.md b/README.md
@@ -42,22 +42,14 @@ me a nice email :)
 Compatibility
 -------------
 
-Every Mail commit is tested by Travis on the [following platforms](https://github.com/mikel/mail/blob/master/.travis.yml)
+Mail supports Ruby 1.8.7+, including JRuby and Rubinius.
 
-* ruby-1.8.7 [ i686 ]
-* ruby-1.9.2 [ x86_64 ]
-* ruby-1.9.3 [ x86_64 ]
-* ruby-2.0.0 [ x86_64 ]
-* ruby-2.1.2 [ x86_64 ]
-* ruby-head [ x86_64 ]
-* jruby [ x86_64 ]
-* jruby-head [ x86_64 ]
-* rbx-2 [ x86_64 ]
+Every Mail commit is tested by Travis on [all supported Ruby versions](https://github.com/mikel/mail/blob/master/.travis.yml).
 
-Testing a specific mime type (needed for 1.8.7 for example) can be done manually with:
+Testing a specific version of mime-types (needed for Ruby 1.8.7, for example) can be done manually with:
 
 ```sh
-BUNDLE_GEMFILE=gemfiles/mime_types_1.16.gemfile (bundle check || bundle) && rake
+BUNDLE_GEMFILE=gemfiles/mime_types_1.16.gemfile bundle && rake
 ```
 
 Discussion
@@ -697,7 +689,7 @@ License
 
 (The MIT License)
 
-Copyright (c) 2009-2016 Mikel Lindsaar
+Copyright (c) 2009-2017 Mikel Lindsaar
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

diff --git a/gemfiles/mime_types_1.16.gemfile b/gemfiles/mime_types_1.16.gemfile
@@ -4,6 +4,7 @@ source "https://rubygems.org"
 
 gem "jruby-openssl", :platforms => :jruby
 gem "rake", "< 11.0", :platforms => :ruby_18
+gem "rdoc", "< 4.3", :platforms => [:ruby_18, :ruby_19]
 gem "mime-types", "~> 1.16"
 
 group :local_development, :test do

diff --git a/gemfiles/mime_types_2.0.gemfile b/gemfiles/mime_types_2.0.gemfile
@@ -4,6 +4,7 @@ source "https://rubygems.org"
 
 gem "jruby-openssl", :platforms => :jruby
 gem "rake", "< 11.0", :platforms => :ruby_18
+gem "rdoc", "< 4.3", :platforms => [:ruby_18, :ruby_19]
 gem "mime-types", "~> 2.0.0"
 
 group :local_development, :test do

diff --git a/gemfiles/mime_types_2.1.gemfile b/gemfiles/mime_types_2.1.gemfile
@@ -4,6 +4,7 @@ source "https://rubygems.org"
 
 gem "jruby-openssl", :platforms => :jruby
 gem "rake", "< 11.0", :platforms => :ruby_18
+gem "rdoc", "< 4.3", :platforms => [:ruby_18, :ruby_19]
 gem "mime-types", "~> 2.1.0"
 
 group :local_development, :test do

diff --git a/gemfiles/mime_types_2.2.gemfile b/gemfiles/mime_types_2.2.gemfile
@@ -4,6 +4,7 @@ source "https://rubygems.org"
 
 gem "jruby-openssl", :platforms => :jruby
 gem "rake", "< 11.0", :platforms => :ruby_18
+gem "rdoc", "< 4.3", :platforms => [:ruby_18, :ruby_19]
 gem "mime-types", "~> 2.2.0"
 
 group :local_development, :test do

diff --git a/gemfiles/mime_types_2.3.gemfile b/gemfiles/mime_types_2.3.gemfile
@@ -4,6 +4,7 @@ source "https://rubygems.org"
 
 gem "jruby-openssl", :platforms => :jruby
 gem "rake", "< 11.0", :platforms => :ruby_18
+gem "rdoc", "< 4.3", :platforms => [:ruby_18, :ruby_19]
 gem "mime-types", "~> 2.3.0"
 
 group :local_development, :test do

diff --git a/gemfiles/mime_types_2.4.gemfile b/gemfiles/mime_types_2.4.gemfile
@@ -4,6 +4,7 @@ source "https://rubygems.org"
 
 gem "jruby-openssl", :platforms => :jruby
 gem "rake", "< 11.0", :platforms => :ruby_18
+gem "rdoc", "< 4.3", :platforms => [:ruby_18, :ruby_19]
 gem "mime-types", "~> 2.4.0"
 
 group :local_development, :test do

diff --git a/gemfiles/mime_types_2.5.gemfile b/gemfiles/mime_types_2.5.gemfile
@@ -4,6 +4,7 @@ source "https://rubygems.org"
 
 gem "jruby-openssl", :platforms => :jruby
 gem "rake", "< 11.0", :platforms => :ruby_18
+gem "rdoc", "< 4.3", :platforms => [:ruby_18, :ruby_19]
 gem "mime-types", "~> 2.5.0"
 
 group :local_development, :test do

diff --git a/gemfiles/mime_types_2.6.gemfile b/gemfiles/mime_types_2.6.gemfile
@@ -4,6 +4,7 @@ source "https://rubygems.org"
 
 gem "jruby-openssl", :platforms => :jruby
 gem "rake", "< 11.0", :platforms => :ruby_18
+gem "rdoc", "< 4.3", :platforms => [:ruby_18, :ruby_19]
 gem "mime-types", "~> 2.6.0"
 
 group :local_development, :test do

diff --git a/gemfiles/mime_types_2.6_columnar.gemfile b/gemfiles/mime_types_2.6_columnar.gemfile
@@ -4,6 +4,7 @@ source "https://rubygems.org"
 
 gem "jruby-openssl", :platforms => :jruby
 gem "rake", "< 11.0", :platforms => :ruby_18
+gem "rdoc", "< 4.3", :platforms => [:ruby_18, :ruby_19]
 gem "mime-types", "~> 2.6.0", :require => "mime/types/columnar"
 
 group :local_development, :test do

diff --git a/gemfiles/mime_types_2.99.gemfile b/gemfiles/mime_types_2.99.gemfile
@@ -4,6 +4,7 @@ source "https://rubygems.org"
 
 gem "jruby-openssl", :platforms => :jruby
 gem "rake", "< 11.0", :platforms => :ruby_18
+gem "rdoc", "< 4.3", :platforms => [:ruby_18, :ruby_19]
 gem "mime-types", "~> 2.99.0"
 
 group :local_development, :test do

diff --git a/gemfiles/mime_types_3.0.gemfile b/gemfiles/mime_types_3.0.gemfile
@@ -4,6 +4,7 @@ source "https://rubygems.org"
 
 gem "jruby-openssl", :platforms => :jruby
 gem "rake", "< 11.0", :platforms => :ruby_18
+gem "rdoc", "< 4.3", :platforms => [:ruby_18, :ruby_19]
 gem "mime-types", "~> 3.0.0"
 
 group :local_development, :test do

diff --git a/gemfiles/mime_types_edge.gemfile b/gemfiles/mime_types_edge.gemfile
@@ -4,6 +4,7 @@ source "https://rubygems.org"
 
 gem "jruby-openssl", :platforms => :jruby
 gem "rake", "< 11.0", :platforms => :ruby_18
+gem "rdoc", "< 4.3", :platforms => [:ruby_18, :ruby_19]
 gem "mime-types", :github => "mime-types/ruby-mime-types"
 
 group :local_development, :test do

diff --git a/lib/mail/attachments_list.rb b/lib/mail/attachments_list.rb
@@ -30,7 +30,7 @@ def inline
     # mail.attachments['test.png'].filename #=> 'test.png'
     # mail.attachments[1].filename          #=> 'test.jpg'
     def [](index_value)
-      if index_value.is_a?(Fixnum)
+      if index_value.is_a?(Integer)
         self.fetch(index_value)
       else
         self.select { |a| a.filename == index_value }.first

diff --git a/lib/mail/check_delivery_params.rb b/lib/mail/check_delivery_params.rb
@@ -1,21 +1,58 @@
 # frozen_string_literal: true
 module Mail
-  module CheckDeliveryParams
-    def check_delivery_params(mail)
-      if Utilities.blank?(mail.smtp_envelope_from)
-        raise ArgumentError.new('An SMTP From address is required to send a message. Set the message smtp_envelope_from, return_path, sender, or from address.')
+  module CheckDeliveryParams #:nodoc:
+    class << self
+      def check(mail)
+        [ check_from(mail.smtp_envelope_from),
+          check_to(mail.smtp_envelope_to),
+          check_message(mail) ]
       end
 
-      if Utilities.blank?(mail.smtp_envelope_to)
-        raise ArgumentError.new('An SMTP To address is required to send a message. Set the message smtp_envelope_to, to, cc, or bcc address.')
+      def check_from(addr)
+        if Utilities.blank?(addr)
+          raise ArgumentError, "SMTP From address may not be blank: #{addr.inspect}"
+        end
+
+        check_addr 'From', addr
+      end
+
+      def check_to(addrs)
+        if Utilities.blank?(addrs)
+          raise ArgumentError, "SMTP To address may not be blank: #{addrs.inspect}"
+        end
+
+        Array(addrs).map do |addr|
+          check_addr 'To', addr
+        end
       end
 
-      message = mail.encoded if mail.respond_to?(:encoded)
-      if Utilities.blank?(message)
-        raise ArgumentError.new('An encoded message is required to send an email')
+      def check_addr(addr_name, addr)
+        validate_smtp_addr addr do |error_message|
+          raise ArgumentError, "SMTP #{addr_name} address #{error_message}: #{addr.inspect}"
+        end
       end
 
-      [mail.smtp_envelope_from, mail.smtp_envelope_to, message]
+      def validate_smtp_addr(addr)
+        if addr.bytesize > 2048
+          yield 'may not exceed 2kB'
+        end
+
+        if /[\r\n]/ =~ addr
+          yield 'may not contain CR or LF line breaks'
+        end
+
+        addr
+      end
+
+      def check_message(message)
+        message = message.encoded if message.respond_to?(:encoded)
+
+        if Utilities.blank?(message)
+          raise ArgumentError, 'An encoded message is required to send an email'
+        end
+
+        message
+      end
     end
   end
 end
diff --git a/lib/mail/elements/address.rb b/lib/mail/elements/address.rb
@@ -123,7 +123,12 @@ def domain
     #  a.comments #=> ['My email address']
     def comments
       parse unless @parsed
-      get_comments.map { |c| c.squeeze(SPACE) } unless get_comments.empty?
+      comments = get_comments
+      if comments.nil? || comments.none?
+        nil
+      else
+        comments.map { |c| c.squeeze(SPACE) }
+      end
     end
 
     # Sometimes an address will not have a display name, but might have the name

diff --git a/lib/mail/elements/address_list.rb b/lib/mail/elements/address_list.rb
@@ -20,7 +20,7 @@ class AddressList # :nodoc:
     #  a.group_names  #=> ["My Group"]
     def initialize(string)
       @addresses_grouped_by_group = nil
-      @address_list = Parsers::AddressListsParser.new.parse(string)
+      @address_list = Mail::Parsers::AddressListsParser.new.parse(string)
     end
 
     # Returns a list of address objects from the parsed line

diff --git a/lib/mail/fields/common/address_container.rb b/lib/mail/fields/common/address_container.rb
@@ -8,10 +8,10 @@ def initialize(field, list = [])
       super(list)
     end
 
-    def << (address)
+    def <<(address)
       @field << address
     end
 
   end
 
-end
+end
diff --git a/lib/mail/multibyte/chars.rb b/lib/mail/multibyte/chars.rb
@@ -269,12 +269,12 @@ def []=(*args)
           @wrapped_string[*args] = replace_by
         else
           result = Unicode.u_unpack(@wrapped_string)
-          if args[0].is_a?(Fixnum)
+          if args[0].is_a?(Integer)
             raise IndexError, "index #{args[0]} out of string" if args[0] >= result.length
             min = args[0]
             max = args[1].nil? ? min : (min + args[1] - 1)
             range = Range.new(min, max)
-            replace_by = [replace_by].pack('U') if replace_by.is_a?(Fixnum)
+            replace_by = [replace_by].pack('U') if replace_by.is_a?(Integer)
           elsif args.first.is_a?(Range)
             raise RangeError, "#{args[0]} out of range" if args[0].min >= result.length
             range = args[0]

diff --git a/lib/mail/network/delivery_methods/exim.rb b/lib/mail/network/delivery_methods/exim.rb
@@ -37,17 +37,13 @@ module Mail
   #
   #   mail.deliver!
   class Exim < Sendmail
-    def initialize(values)
-      self.settings = { :location       => '/usr/sbin/exim',
-                        :arguments      => '-i -t' }.merge(values)
-    end
+    DEFAULTS = {
+      :location   => '/usr/sbin/exim',
+      :arguments  => '-i -t'
+    }
 
-    def self.call(path, arguments, destinations, mail)
-      popen "#{path} #{arguments}" do |io|
-        io.puts ::Mail::Utilities.to_lf(mail.encoded)
-        io.flush
-      end
+    def self.call(path, arguments, destinations, encoded_message)
+      super path, arguments, nil, encoded_message
     end
-
   end
 end