[Git][java-team/apache-mime4j][upstream] New upstream version 0.8.11
Tony Mancill (@tmancill)
gitlab at salsa.debian.org
Fri Mar 8 05:36:26 GMT 2024
Tony Mancill pushed to branch upstream at Debian Java Maintainers / apache-mime4j
Commits:
6fe27965 by tony mancill at 2024-03-07T21:15:17-08:00
New upstream version 0.8.11
- - - - -
15 changed files:
- CHANGELOG.md
- README.adoc
- assemble/pom.xml
- benchmark/pom.xml
- core/pom.xml
- core/src/main/java/org/apache/james/mime4j/stream/RawFieldParser.java
- dom/pom.xml
- dom/src/main/java/org/apache/james/mime4j/message/DefaultBodyDescriptorBuilder.java
- dom/src/test/java/org/apache/james/mime4j/field/address/LenientAddressBuilderTest.java
- dom/src/test/java/org/apache/james/mime4j/message/MaximalBodyDescriptorTest.java
- examples/pom.xml
- james-utils/pom.xml
- mbox/pom.xml
- pom.xml
- storage/pom.xml
Changes:
=====================================
CHANGELOG.md
=====================================
@@ -3,7 +3,23 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
-## [UNRELEASED]
+## [0.8.10] - 2024-01-09
+
+## [0.8.10] - 2024-02-22
+
+CVE-2024-21742: Mime4J DOM header injection
+
+Bug fixes:
+
+ - Prevent header injection with MIME4J DOM
+ - MIME4J-325 DateTimeParser should throw ParseException if value can't be parsed (#88)
+ - MIME4J-324 Handle URL parsing exception in LenientContentDispositionField
+
+Performance:
+
+ - ContentTypeFieldLenientImpl: clear is not needed (#86)
+ - MIME4J-322 Use ArrayDeque in MimeTokenStream
+ - MIME4J-324 Avoid an extra copy of ContentDispositionFieldLenientImpl parameters
## [0.8.9] - 2022-12-30
=====================================
README.adoc
=====================================
@@ -5,7 +5,7 @@ image:https://img.shields.io/badge/Join%20us-Mailing%20lists-purple.svg[link="ht
link:https://gitter.im/apache/james-project[image:https://badges.gitter.im/apache/james-project.svg[Join the chat at link:https://gitter.im/apache/james-project]]
image:https://img.shields.io/badge/CI-Jenkins-blue.svg[link="https://ci-builds.apache.org/job/james/job/ApacheJames-Mime4J/"]
image:https://img.shields.io/badge/Documentation-green.svg[link="https://james.apache.org/mime4j/index.html"]
-image:https://img.shields.io/badge/Downloads-0.8.9-yellow.svg[link="https://james.apache.org/download.cgi#Apache_Mime4J"]
+image:https://img.shields.io/badge/Downloads-0.8.10-yellow.svg[link="https://james.apache.org/download.cgi#Apache_Mime4J"]
image:https://img.shields.io/badge/Tickets-JIRA-blue.svg[link="https://issues.apache.org/jira/projects/MIME4J/issues"]
image:https://img.shields.io/badge/License-ApacheV2-orange.svg[link="https://www.apache.org/licenses/"]
image:https://img.shields.io/badge/Latests-news-red.svg[link="https://james.apache.org/index.html#posts"]
@@ -55,7 +55,7 @@ Add this maven dependency to import MIME4J core:
<dependency>
<groupId>org.apache.james</groupId>
<artifactId>apache-mime4j-core</artifactId>
- <version>0.8.9</version>
+ <version>0.8.10</version>
</dependency>
....
@@ -65,7 +65,7 @@ Add this maven dependency to import MIME4J dom:
<dependency>
<groupId>org.apache.james</groupId>
<artifactId>apache-mime4j-dom</artifactId>
- <version>0.8.9</version>
+ <version>0.8.10</version>
</dependency>
....
====
=====================================
assemble/pom.xml
=====================================
@@ -23,7 +23,7 @@
<parent>
<artifactId>apache-mime4j-project</artifactId>
<groupId>org.apache.james</groupId>
- <version>0.8.10</version>
+ <version>0.8.11</version>
<relativePath>../pom.xml</relativePath>
</parent>
=====================================
benchmark/pom.xml
=====================================
@@ -23,7 +23,7 @@
<parent>
<artifactId>apache-mime4j-project</artifactId>
<groupId>org.apache.james</groupId>
- <version>0.8.10</version>
+ <version>0.8.11</version>
<relativePath>../pom.xml</relativePath>
</parent>
=====================================
core/pom.xml
=====================================
@@ -23,7 +23,7 @@
<parent>
<artifactId>apache-mime4j-project</artifactId>
<groupId>org.apache.james</groupId>
- <version>0.8.10</version>
+ <version>0.8.11</version>
<relativePath>../pom.xml</relativePath>
</parent>
=====================================
core/src/main/java/org/apache/james/mime4j/stream/RawFieldParser.java
=====================================
@@ -440,7 +440,7 @@ public class RawFieldParser {
String decoded = ContentUtil.decode(dstRaw);
if (decoded.startsWith("=?")) {
- decoded = DecoderUtil.decodeEncodedWords(decoded, DecodeMonitor.STRICT);
+ decoded = DecoderUtil.decodeEncodedWords(decoded, DecodeMonitor.SILENT);
}
dst.append(decoded);
=====================================
dom/pom.xml
=====================================
@@ -23,7 +23,7 @@
<parent>
<artifactId>apache-mime4j-project</artifactId>
<groupId>org.apache.james</groupId>
- <version>0.8.10</version>
+ <version>0.8.11</version>
<relativePath>../pom.xml</relativePath>
</parent>
=====================================
dom/src/main/java/org/apache/james/mime4j/message/DefaultBodyDescriptorBuilder.java
=====================================
@@ -19,6 +19,8 @@
package org.apache.james.mime4j.message;
+import java.nio.charset.Charset;
+import java.nio.charset.StandardCharsets;
import java.util.HashMap;
import java.util.Locale;
import java.util.Map;
@@ -56,6 +58,7 @@ public class DefaultBodyDescriptorBuilder implements BodyDescriptorBuilder {
private final DecodeMonitor monitor;
private final FieldParser<? extends ParsedField> fieldParser;
private final Map<String, ParsedField> fields;
+ private Charset defaultCharset = StandardCharsets.US_ASCII;
/**
* Creates a new root <code>BodyDescriptor</code> instance.
@@ -82,6 +85,10 @@ public class DefaultBodyDescriptorBuilder implements BodyDescriptorBuilder {
this.fields = new HashMap<String, ParsedField>();
}
+ public void setDefaultCharset(Charset charset) {
+ this.defaultCharset = charset;
+ }
+
public void reset() {
fields.clear();
}
@@ -128,7 +135,7 @@ public class DefaultBodyDescriptorBuilder implements BodyDescriptorBuilder {
}
}
if (actualCharset == null && MEDIA_TYPE_TEXT.equals(actualMediaType)) {
- actualCharset = US_ASCII;
+ actualCharset = defaultCharset.name();
}
if (!MimeUtil.isMultipart(actualMimeType)) {
actualBoundary = null;
@@ -150,7 +157,9 @@ public class DefaultBodyDescriptorBuilder implements BodyDescriptorBuilder {
actualMimeType = DEFAULT_MIME_TYPE;
}
}
- return new DefaultBodyDescriptorBuilder(actualMimeType, fieldParser, monitor);
+ DefaultBodyDescriptorBuilder child = new DefaultBodyDescriptorBuilder(actualMimeType, fieldParser, monitor);
+ child.setDefaultCharset(defaultCharset);
+ return child;
}
}
=====================================
dom/src/test/java/org/apache/james/mime4j/field/address/LenientAddressBuilderTest.java
=====================================
@@ -108,6 +108,18 @@ public class LenientAddressBuilderTest {
Assert.assertEquals("=?utf-8?Q?Dupont,_Gr=C3=A9goire", mailbox.getName());
}
+ @Test
+ public void shouldTolerateMalformedEncoding() throws Exception {
+ String s = "\"=?windows-1251?B?onsonsmekqixrbahkinyv?=\" <atfilpd at louisphaethon.co.ua>";
+ ByteSequence raw = ContentUtil.encode(s);
+ ParserCursor cursor = new ParserCursor(0, s.length());
+
+ Mailbox address = (Mailbox) parser.parseAddress(raw, cursor, RawFieldParser.INIT_BITSET(','));
+
+ Assert.assertEquals("atfilpd at louisphaethon.co.ua", address.getAddress());
+ Assert.assertEquals("ў{(ћЙћ’Ё±\u00AD¶Ў’)т", address.getName());
+ }
+
@Test
public void testParseAddressTruncated() throws Exception {
String s = "< some one ";
=====================================
dom/src/test/java/org/apache/james/mime4j/message/MaximalBodyDescriptorTest.java
=====================================
@@ -126,17 +126,17 @@ public class MaximalBodyDescriptorTest {
* Test charset.
*/
BodyDescriptor bd = builder.build();
- Assert.assertEquals("us-ascii", bd.getCharset());
+ Assert.assertEquals("US-ASCII", bd.getCharset());
builder.addField(new RawField("Content-Type ", "text/type; charset=ISO-8859-1"));
bd = builder.build();
Assert.assertEquals("ISO-8859-1", bd.getCharset());
builder.reset();
bd = builder.build();
- Assert.assertEquals("us-ascii", bd.getCharset());
+ Assert.assertEquals("US-ASCII", bd.getCharset());
builder.addField(new RawField("Content-Type ", "text/type"));
bd = builder.build();
- Assert.assertEquals("us-ascii", bd.getCharset());
+ Assert.assertEquals("US-ASCII", bd.getCharset());
/*
* Test boundary.
@@ -189,7 +189,7 @@ public class MaximalBodyDescriptorTest {
BodyDescriptorBuilder builder = new DefaultBodyDescriptorBuilder();
builder.addField(new RawField("To", "me at example.org"));
BodyDescriptor bd = builder.build();
- Assert.assertEquals("us-ascii", bd.getCharset());
+ Assert.assertEquals("US-ASCII", bd.getCharset());
}
@Test
=====================================
examples/pom.xml
=====================================
@@ -23,7 +23,7 @@
<parent>
<artifactId>apache-mime4j-project</artifactId>
<groupId>org.apache.james</groupId>
- <version>0.8.10</version>
+ <version>0.8.11</version>
<relativePath>../pom.xml</relativePath>
</parent>
=====================================
james-utils/pom.xml
=====================================
@@ -23,7 +23,7 @@
<parent>
<groupId>org.apache.james</groupId>
<artifactId>apache-mime4j-project</artifactId>
- <version>0.8.10</version>
+ <version>0.8.11</version>
<relativePath>../pom.xml</relativePath>
</parent>
=====================================
mbox/pom.xml
=====================================
@@ -23,7 +23,7 @@
<parent>
<groupId>org.apache.james</groupId>
<artifactId>apache-mime4j-project</artifactId>
- <version>0.8.10</version>
+ <version>0.8.11</version>
<relativePath>../pom.xml</relativePath>
</parent>
=====================================
pom.xml
=====================================
@@ -29,7 +29,7 @@
<groupId>org.apache.james</groupId>
<artifactId>apache-mime4j-project</artifactId>
- <version>0.8.10</version>
+ <version>0.8.11</version>
<packaging>pom</packaging>
<name>Apache James :: Mime4j :: Project</name>
@@ -52,7 +52,7 @@
<connection>scm:git:http://git-wip-us.apache.org/repos/asf/james-mime4j.git</connection>
<developerConnection>scm:git:ssh://git@github.com/apache/james-mime4j.git</developerConnection>
<url>https://git-wip-us.apache.org/repos/asf/james-mime4j.git</url>
- <tag>apache-mime4j-project-0.8.10</tag>
+ <tag>apache-mime4j-project-0.8.11</tag>
</scm>
<issueManagement>
<url>http://issues.apache.org/jira/browse/MIME4J</url>
=====================================
storage/pom.xml
=====================================
@@ -23,7 +23,7 @@
<parent>
<artifactId>apache-mime4j-project</artifactId>
<groupId>org.apache.james</groupId>
- <version>0.8.10</version>
+ <version>0.8.11</version>
<relativePath>../pom.xml</relativePath>
</parent>
View it on GitLab: https://salsa.debian.org/java-team/apache-mime4j/-/commit/6fe27965f5df21be236447bf7f63e86917444478
--
View it on GitLab: https://salsa.debian.org/java-team/apache-mime4j/-/commit/6fe27965f5df21be236447bf7f63e86917444478
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-commits/attachments/20240308/2dafbe5b/attachment.htm>
More information about the pkg-java-commits
mailing list