mail 2.5.4 → 2.5.5.rc1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 80272f9450b9b4e8fda722e90b035af0571714a7
+  data.tar.gz: 4ccdee5a66dcb916988af7e26fa5aa40ca0486ca
+SHA512:
+  metadata.gz: 306abdee9ff345ecdf15fc1bbcf3b894d3becfc3aaf4c254931ad088dda67a5043762d263de6dec3f432146d44d1a595aa23d534cb345736dc435738bff3e682
+  data.tar.gz: bb33d18fdbdc381e4c6b0d7aef3c2495dc4d1205bea210f5118bb18c0e6d4bfe5a87df5330a103fa0b8d4fdac62511b264b21f22d50c59599585c0a631731243

data/CHANGELOG.rdoc

@@ -1,5 +1,10 @@
-== HEAD
+== Version 2.5.5 - unreleased
 
+Security:
+* #1097 – SMTP security: prevent command injection via To/From addresses. (jeremy)
+
+Bugs:
+* #633 – Cope with message parts that have an empty Content-Type (ThomasKoppensteiner, zeepeeare)
 
 == Version 2.5.4 - Tue May 14 14:45:00 +1100 2013 Mikel Lindsaar <mikel@lindsaar.net>
 

data/Gemfile

@@ -2,12 +2,14 @@ source 'https://rubygems.org'
 
 gemspec
 
+gem "rake", "< 11.0" if RUBY_VERSION < '1.9.3'
+
 gem "treetop", "~> 1.4.10"
 gem "mime-types", "~> 1.16"
 gem "tlsmail" if RUBY_VERSION <= '1.8.6'
 
 gem 'jruby-openssl', :platform => :jruby
 
-group :test do
-  gem "ruby-debug", :platform => :mri_18
+# For gems not required to run tests
+group :local_development, :test do
 end

data/README.md

@@ -15,11 +15,11 @@ Built from my experience with TMail, it is designed to be a pure ruby
 implementation that makes generating, sending and parsing emails a no
 brainer.
 
-It is also designed form the ground up to work with Ruby 1.9.  This is because
-Ruby 1.9 handles text encodings much more magically than Ruby 1.8.x and so
-these features have been taken full advantage of in this library allowing
-Mail to handle a lot more messages more cleanly than TMail.  Mail does run on
-Ruby 1.8.x... it's just not as fun to code.
+It is also designed form the ground up to work with the more modern versions
+of Ruby.  This is because Ruby > 1.9 handles text encodings much more wonderfully
+than Ruby 1.8.x and so these features have been taken full advantage of in this
+library allowing Mail to handle a lot more messages more cleanly than TMail.
+Mail does run on Ruby 1.8.x... it's just not as fun to code.
 
 Finally, Mail has been designed with a very simple object oriented system
 that really opens up the email messages you are parsing, if you know what
@@ -44,14 +44,15 @@ Compatibility
 
 Every Mail commit is tested by Travis on the [following platforms](https://github.com/mikel/mail/blob/master/.travis.yml)
 
-* ruby-1.8.7-p370 [ i686 ]
-* ruby-1.9.2-p290 [ x86_64 ]
-* ruby-1.9.3-p327 [ x86_64 ]
-* ruby-2.0.0-rc1 [ x86_64 ]
-* jruby-1.6.8 [ x86_64 ]
-* jruby-1.7.0 [ x86_64 ]
-* rbx-d18 [ x86_64 ]
-* rbx-d19 [ x86_64 ]
+* ruby-1.8.7 [ i686 ]
+* ruby-1.9.2 [ x86_64 ]
+* ruby-1.9.3 [ x86_64 ]
+* ruby-2.0.0 [ x86_64 ]
+* ruby-2.1.2 [ x86_64 ]
+* ruby-head [ x86_64 ]
+* jruby [ x86_64 ]
+* jruby-head [ x86_64 ]
+* rbx-2 [ x86_64 ]
 
 Discussion
 ----------

data/lib/VERSION

@@ -1,4 +1,4 @@
 major:2
 minor:5
-patch:4
-build:
+patch:5
+build:rc1

data/lib/mail/check_delivery_params.rb

@@ -1,20 +1,57 @@
 module Mail
-  module CheckDeliveryParams
-    def check_delivery_params(mail)
-      if mail.smtp_envelope_from.blank?
-        raise ArgumentError.new('An SMTP From address is required to send a message. Set the message smtp_envelope_from, return_path, sender, or from address.')
+  module CheckDeliveryParams #:nodoc:
+    class << self
+      def check(mail)
+        [ check_from(mail.smtp_envelope_from),
+          check_to(mail.smtp_envelope_to),
+          check_message(mail) ]
       end
 
-      if mail.smtp_envelope_to.blank?
-        raise ArgumentError.new('An SMTP To address is required to send a message. Set the message smtp_envelope_to, to, cc, or bcc address.')
+      def check_from(addr)
+        if addr.blank?
+          raise ArgumentError, "SMTP From address may not be blank: #{addr.inspect}"
+        end
+
+        check_addr 'From', addr
+      end
+
+      def check_to(addrs)
+        if addrs.blank?
+          raise ArgumentError, "SMTP To address may not be blank: #{addrs.inspect}"
+        end
+
+        Array(addrs).map do |addr|
+          check_addr 'To', addr
+        end
       end
 
-      message = mail.encoded if mail.respond_to?(:encoded)
-      if message.blank?
-        raise ArgumentError.new('An encoded message is required to send an email')
+      def check_addr(addr_name, addr)
+        validate_smtp_addr addr do |error_message|
+          raise ArgumentError, "SMTP #{addr_name} address #{error_message}: #{addr.inspect}"
+        end
       end
 
-      [mail.smtp_envelope_from, mail.smtp_envelope_to, message]
+      def validate_smtp_addr(addr)
+        if addr.bytesize > 2048
+          yield 'may not exceed 2kB'
+        end
+
+        if /[\r\n]/ =~ addr
+          yield 'may not contain CR or LF line breaks'
+        end
+
+        addr
+      end
+
+      def check_message(message)
+        message = message.encoded if message.respond_to?(:encoded)
+
+        if message.blank?
+          raise ArgumentError, 'An encoded message is required to send an email'
+        end
+
+        message
+      end
     end
   end
 end

data/lib/mail/network/delivery_methods/file_delivery.rb

@@ -1,7 +1,6 @@
 require 'mail/check_delivery_params'
 
 module Mail
-  
   # FileDelivery class delivers emails into multiple files based on the destination
   # address.  Each file is appended to if it already exists.
   # 
@@ -13,22 +12,20 @@ module Mail
   # Make sure the path you specify with :location is writable by the Ruby process
   # running Mail.
   class FileDelivery
-    include Mail::CheckDeliveryParams
-
     if RUBY_VERSION >= '1.9.1'
       require 'fileutils'
     else
       require 'ftools'
     end
 
+    attr_accessor :settings
+
     def initialize(values)
       self.settings = { :location => './mails' }.merge!(values)
     end
-    
-    attr_accessor :settings
-    
+
     def deliver!(mail)
-      check_delivery_params(mail)
+      Mail::CheckDeliveryParams.check(mail)
 
       if ::File.respond_to?(:makedirs)
         ::File.makedirs settings[:location]
@@ -40,6 +37,5 @@ module Mail
         ::File.open(::File.join(settings[:location], File.basename(to.to_s)), 'a') { |f| "#{f.write(mail.encoded)}\r\n\r\n" }
       end
     end
-    
   end
 end

data/lib/mail/network/delivery_methods/sendmail.rb

@@ -37,17 +37,15 @@ module Mail
   #
   #   mail.deliver!
   class Sendmail
-    include Mail::CheckDeliveryParams
+    attr_accessor :settings
 
     def initialize(values)
       self.settings = { :location       => '/usr/sbin/sendmail',
                         :arguments      => '-i' }.merge(values)
     end
 
-    attr_accessor :settings
-
     def deliver!(mail)
-      smtp_from, smtp_to, message = check_delivery_params(mail)
+      smtp_from, smtp_to, message = Mail::CheckDeliveryParams.check(mail)
 
       from = "-f #{self.class.shellquote(smtp_from)}"
       to = smtp_to.map { |to| self.class.shellquote(to) }.join(' ')

data/lib/mail/network/delivery_methods/smtp.rb

@@ -74,7 +74,7 @@ module Mail
   # 
   #   mail.deliver!
   class SMTP
-    include Mail::CheckDeliveryParams
+    attr_accessor :settings
 
     def initialize(values)
       self.settings = { :address              => "localhost",
@@ -90,12 +90,10 @@ module Mail
                       }.merge!(values)
     end
 
-    attr_accessor :settings
-
     # Send the message via SMTP.
     # The from and to attributes are optional. If not set, they are retrieve from the Message.
     def deliver!(mail)
-      smtp_from, smtp_to, message = check_delivery_params(mail)
+      smtp_from, smtp_to, message = Mail::CheckDeliveryParams.check(mail)
 
       smtp = Net::SMTP.new(settings[:address], settings[:port])
       if settings[:tls] || settings[:ssl]
@@ -119,7 +117,6 @@ module Mail
         self
       end
     end
-    
 
     private
 

data/lib/mail/network/delivery_methods/smtp_connection.rb

@@ -37,7 +37,7 @@ module Mail
   # 
   #   mail.deliver!
   class SMTPConnection
-    include Mail::CheckDeliveryParams
+    attr_accessor :smtp, :settings
 
     def initialize(values)
       raise ArgumentError.new('A Net::SMTP object is required for this delivery method') if values[:connection].nil?
@@ -45,17 +45,13 @@ module Mail
       self.settings = values
     end
 
-    attr_accessor :smtp
-    attr_accessor :settings
-
     # Send the message via SMTP.
     # The from and to attributes are optional. If not set, they are retrieve from the Message.
     def deliver!(mail)
-      smtp_from, smtp_to, message = check_delivery_params(mail)
+      smtp_from, smtp_to, message = Mail::CheckDeliveryParams.check(mail)
       response = smtp.sendmail(message, smtp_from, smtp_to)
 
       settings[:return_response] ? response : self
     end
-
   end
 end

data/lib/mail/network/delivery_methods/test_mailer.rb

@@ -7,10 +7,8 @@ module Mail
   # It also provides a template of the minimum methods you require to implement
   # if you want to make a custom mailer for Mail
   class TestMailer
-    include Mail::CheckDeliveryParams
-
     # Provides a store of all the emails sent with the TestMailer so you can check them.
-    def TestMailer.deliveries
+    def self.deliveries
       @@deliveries ||= []
     end
 
@@ -25,20 +23,19 @@ module Mail
     # * length
     # * size
     # * and other common Array methods
-    def TestMailer.deliveries=(val)
+    def self.deliveries=(val)
       @@deliveries = val
     end
 
+    attr_accessor :settings
+
     def initialize(values)
       @settings = values.dup
     end
-    
-    attr_accessor :settings
 
     def deliver!(mail)
-      check_delivery_params(mail)
+      Mail::CheckDeliveryParams.check(mail)
       Mail::TestMailer.deliveries << mail
     end
-    
   end
 end

data/lib/mail/parts_list.rb

@@ -44,7 +44,7 @@ module Mail
   private
 
     def get_order_value(part, order)
-      if part.respond_to?(:content_type)
+      if part.respond_to?(:content_type) && !part[:content_type].nil?
         order.index(part[:content_type].string.downcase) || 10000
       else
         10000

data/lib/mail/version_specific/ruby_1_9.rb

@@ -73,6 +73,9 @@ module Mail
         string = string.sub(/\=$/, '')
         str = Encodings::QuotedPrintable.decode(string)
         str.force_encoding(pick_encoding(charset))
+        # We assume that binary strings hold utf-8 directly to work around
+        # jruby/jruby#829 which subtly changes String#encode semantics.
+        str.force_encoding('utf-8') if str.encoding == Encoding::ASCII_8BIT
       end
       decoded = str.encode("utf-8", :invalid => :replace, :replace => "")
       decoded.valid_encoding? ? decoded : decoded.encode("utf-16le", :invalid => :replace, :replace => "").encode("utf-8")

metadata

@@ -1,110 +1,97 @@
 --- !ruby/object:Gem::Specification
 name: mail
 version: !ruby/object:Gem::Version
-  version: 2.5.4
-  prerelease: 
+  version: 2.5.5.rc1
 platform: ruby
 authors:
 - Mikel Lindsaar
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-05-14 00:00:00.000000000 Z
+date: 2017-05-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: mime-types
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.16'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.16'
 - !ruby/object:Gem::Dependency
   name: treetop
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 1.4.8
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 1.4.8
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 1.0.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 1.0.3
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>'
+    - - ">"
       - !ruby/object:Gem::Version
         version: 0.8.7
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>'
+    - - ">"
       - !ruby/object:Gem::Version
         version: 0.8.7
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 2.12.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 2.12.0
 - !ruby/object:Gem::Dependency
   name: rdoc
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 description: A really Ruby Mail handler.
@@ -117,15 +104,17 @@ extra_rdoc_files:
 - CHANGELOG.rdoc
 - TODO.rdoc
 files:
-- README.md
-- MIT-LICENSE
-- CONTRIBUTING.md
 - CHANGELOG.rdoc
+- CONTRIBUTING.md
 - Dependencies.txt
 - Gemfile
+- MIT-LICENSE
+- README.md
 - Rakefile
 - TODO.rdoc
+- lib/VERSION
 - lib/load_parsers.rb
+- lib/mail.rb
 - lib/mail/attachments_list.rb
 - lib/mail/body.rb
 - lib/mail/check_delivery_params.rb
@@ -133,9 +122,10 @@ files:
 - lib/mail/core_extensions/nil.rb
 - lib/mail/core_extensions/object.rb
 - lib/mail/core_extensions/smtp.rb
+- lib/mail/core_extensions/string.rb
 - lib/mail/core_extensions/string/access.rb
 - lib/mail/core_extensions/string/multibyte.rb
-- lib/mail/core_extensions/string.rb
+- lib/mail/elements.rb
 - lib/mail/elements/address.rb
 - lib/mail/elements/address_list.rb
 - lib/mail/elements/content_disposition_element.rb
@@ -148,17 +138,17 @@ files:
 - lib/mail/elements/mime_version_element.rb
 - lib/mail/elements/phrase_list.rb
 - lib/mail/elements/received_element.rb
-- lib/mail/elements.rb
+- lib/mail/encodings.rb
 - lib/mail/encodings/7bit.rb
 - lib/mail/encodings/8bit.rb
 - lib/mail/encodings/base64.rb
 - lib/mail/encodings/binary.rb
 - lib/mail/encodings/quoted_printable.rb
 - lib/mail/encodings/transfer_encoding.rb
-- lib/mail/encodings.rb
 - lib/mail/envelope.rb
 - lib/mail/field.rb
 - lib/mail/field_list.rb
+- lib/mail/fields.rb
 - lib/mail/fields/bcc_field.rb
 - lib/mail/fields/cc_field.rb
 - lib/mail/fields/comments_field.rb
@@ -197,17 +187,17 @@ files:
 - lib/mail/fields/subject_field.rb
 - lib/mail/fields/to_field.rb
 - lib/mail/fields/unstructured_field.rb
-- lib/mail/fields.rb
 - lib/mail/header.rb
 - lib/mail/indifferent_hash.rb
 - lib/mail/mail.rb
 - lib/mail/matchers/has_sent_mail.rb
 - lib/mail/message.rb
+- lib/mail/multibyte.rb
 - lib/mail/multibyte/chars.rb
 - lib/mail/multibyte/exceptions.rb
 - lib/mail/multibyte/unicode.rb
 - lib/mail/multibyte/utils.rb
-- lib/mail/multibyte.rb
+- lib/mail/network.rb
 - lib/mail/network/delivery_methods/exim.rb
 - lib/mail/network/delivery_methods/file_delivery.rb
 - lib/mail/network/delivery_methods/sendmail.rb
@@ -218,7 +208,6 @@ files:
 - lib/mail/network/retriever_methods/imap.rb
 - lib/mail/network/retriever_methods/pop3.rb
 - lib/mail/network/retriever_methods/test_retriever.rb
-- lib/mail/network.rb
 - lib/mail/parsers/address_lists.rb
 - lib/mail/parsers/address_lists.treetop
 - lib/mail/parsers/content_disposition.rb
@@ -255,33 +244,30 @@ files:
 - lib/mail/version.rb
 - lib/mail/version_specific/ruby_1_8.rb
 - lib/mail/version_specific/ruby_1_9.rb
-- lib/mail.rb
 - lib/tasks/corpus.rake
 - lib/tasks/treetop.rake
-- lib/VERSION
 homepage: http://github.com/mikel/mail
 licenses:
 - MIT
+metadata: {}
 post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
 rubyforge_project: 
-rubygems_version: 1.8.24
+rubygems_version: 2.6.12
 signing_key: 
-specification_version: 3
+specification_version: 4
 summary: Mail provides a nice Ruby DSL for making, sending and reading emails.
 test_files: []