[Pkg-mutt-maintainers] Bug#836343: mutt: macro interpretation is really fragile

Samuel Hym samuel.hym+bugs at rustyne.lautre.net
Thu Sep 1 21:50:01 UTC 2016


Package: mutt
Version: 1.7.0-1
Severity: normal

Dear Maintainer,

I set up mutt with some heavy macros but I ran into a very dangerous
behaviour: if I define

macro index <F2> '<postpone-message>'

and press <F2> in index, it doesn't call the postpone-message command
(of course, because it is not available in index), but it instead runs
the 18 commands associated with the 18 keys!

I ran into this problem in a macro that was expected to end up in
compose menu  but didn’t, and so <postpone-message> wasn’t interpreted
as a command call but as a sequence of keys (I think I remember it was
calling <recall-message>, but with an empty postponed box, so it
stayed in index menu; before you ask, the idea was to shuffle messages
between postponed boxes).
Fortunately I don’t think I lost any message or anything else nasty.
Still I wondered whether this could deserve a higher severity (but I
guess few people use macros that extensively).

Clearly, I would have hoped the macro interpreter would have aborted
the macro when encountering a command not available.

On a related note, since I don’t think it deserves a bug all by itself
even if that’s probably only superficially related, I also noted that
if I call tmux in a shell escape in a macro, the rest of the macro is
not reliably interpreted.
For instance, with

macro index <F3> '<shell-escape>tmux split-window -h<enter><next-entry>'

and testing for some time, the <next-entry> is never executed. I think
that, unfortunately, in larger examples (with quite a long tail of
commands after the shell-escape), some of it was interpreted, as
unreliably as I mentionned for <postpone-message> above.

I attach a simple muttrc I used with a dummy mailbox with quite a few
messages, to check that it was indeed executing the 18 keys.

Best regards,
Samuel

-- Package-specific info:
NeoMutt  (1.7.0)
Copyright (C) 1996-2016 Michael R. Elkins and others.
Mutt comes with ABSOLUTELY NO WARRANTY; for details type `mutt -vv'.
Mutt is free software, and you are welcome to redistribute it
under certain conditions; type `mutt -vv' for details.

System: Linux 4.6.0-1-amd64 (x86_64)
libidn: 1.33 (compiled with 1.33)
hcache backend: tokyocabinet 1.4.48

Compiler:
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-linux-gnu/6/lto-wrapper
Target: x86_64-linux-gnu
Configured with: ../src/configure -v --with-pkgversion='Debian 6.2.0-1' --with-bugurl=file:///usr/share/doc/gcc-6/README.Bugs --enable-languages=c,ada,c++,java,go,d,fortran,objc,obj-c++ --prefix=/usr --program-suffix=-6 --enable-shared --enable-linker-build-id --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --libdir=/usr/lib --enable-nls --with-sysroot=/ --enable-clocale=gnu --enable-libstdcxx-debug --enable-libstdcxx-time=yes --with-default-libstdcxx-abi=new --enable-gnu-unique-object --disable-vtable-verify --enable-libmpx --enable-plugin --with-system-zlib --disable-browser-plugin --enable-java-awt=gtk --enable-gtk-cairo --with-java-home=/usr/lib/jvm/java-1.5.0-gcj-6-amd64/jre --enable-java-home --with-jvm-root-dir=/usr/lib/jvm/java-1.5.0-gcj-6-amd64 --with-jvm-jar-dir=/usr/lib/jvm-exports/java-1.5.0-gcj-6-amd64 --with-arch-directory=amd64 --with-ecj-jar=/usr/share/java/eclipse-ecj.jar --enable-objc-gc --enable-multiarch --with-arch-32=i686 --with-abi=m64 --with-multilib-list=m32,m64,mx32 --enable-multilib --with-tune=generic --enable-checking=release --build=x86_64-linux-gnu --host=x86_64-linux-gnu --target=x86_64-linux-gnu
Thread model: posix
gcc version 6.2.0 20160822 (Debian 6.2.0-1) 

Configure options: '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=\${prefix}/include' '--mandir=\${prefix}/share/man' '--infodir=\${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-silent-rules' '--libdir=\${prefix}/lib/x86_64-linux-gnu' '--libexecdir=\${prefix}/lib/x86_64-linux-gnu' '--disable-maintainer-mode' '--disable-dependency-tracking' '--with-mailpath=/var/mail' '--enable-compressed' '--enable-debug' '--enable-fcntl' '--enable-hcache' '--enable-gpgme' '--enable-imap' '--enable-smtp' '--enable-pop' '--enable-sidebar' '--enable-nntp' '--enable-notmuch' '--disable-fmemopen' '--with-curses' '--with-gnutls' '--with-gss' '--with-idn' '--with-mixmaster' '--with-sasl' '--without-gdbm' '--without-bdb' '--without-qdbm' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -fdebug-prefix-map=/build/mutt-wQLglL/mutt-1.7.0=. -fPIE -fstack-protector-strong -Wformat -Werror=format-security' 'LDFLAGS=-fPIE -pie -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2'

Compilation CFLAGS: -Wall -pedantic -Wno-long-long -g -O2 -fdebug-prefix-map=/build/mutt-wQLglL/mutt-1.7.0=. -fPIE -fstack-protector-strong -Wformat -Werror=format-security

Compile options:
+CRYPT_BACKEND_CLASSIC_PGP +CRYPT_BACKEND_CLASSIC_SMIME +CRYPT_BACKEND_GPGME 
+DEBUG +DL_STANDALONE +ENABLE_NLS -EXACT_ADDRESS -HOMESPOOL -LOCALES_HACK 
-SUN_ATTACHMENT +HAVE_BKGDSET +HAVE_COLOR +HAVE_CURS_SET +HAVE_GETADDRINFO 
+HAVE_GETSID +HAVE_ICONV +HAVE_LANGINFO_CODESET +HAVE_LANGINFO_YESEXPR 
+HAVE_LIBIDN +HAVE_META +HAVE_REGCOMP +HAVE_RESIZETERM +HAVE_START_COLOR 
+HAVE_TYPEAHEAD +HAVE_WC_FUNCS +ICONV_NONTRANS +USE_COMPRESSED +USE_DOTLOCK 
+USE_FCNTL -USE_FLOCK -USE_FMEMOPEN -USE_GNU_REGEX +USE_GSS +USE_HCACHE 
+USE_IMAP +USE_NOTMUCH +USE_NNTP +USE_POP +USE_SASL +USE_SETGID +USE_SIDEBAR 
+USE_SMTP +USE_SSL_GNUTLS -USE_SSL_OPENSSL 
-DOMAIN
MIXMASTER="mixmaster"
-ISPELL
SENDMAIL="/usr/sbin/sendmail"
MAILPATH="/var/mail"
PKGDATADIR="/usr/share/mutt"
SYSCONFDIR="/etc"
EXECSHELL="/bin/sh"

patch-compress-neomutt
patch-cond-date-neomutt
patch-fmemopen-neomutt
patch-ifdef-neomutt
patch-index-color-neomutt
patch-initials-neomutt
patch-keywords-neomutt
patch-limit-current-thread-neomutt
patch-lmdb-neomutt
patch-multiple-fcc-neomutt
patch-nested-if-neomutt
patch-new-mail-neomutt
patch-nntp-neomutt
patch-notmuch-neomutt
patch-progress-neomutt
patch-quasi-delete-neomutt
patch-sidebar-neomutt
patch-skip-quoted-neomutt
patch-smime-encrypt-self-neomutt
patch-status-color-neomutt
patch-timeout-neomutt
patch-tls-sni-neomutt

To learn more about NeoMutt, visit: http://www.neomutt.org/
If you find a bug in NeoMutt, please raise an issue at:
    https://github.com/neomutt/neomutt/issues
or send an email at: <neomutt-devel at neomutt.org>


-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.6.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=es_AR.UTF-8, LC_CTYPE=es_AR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages mutt depends on:
ii  libassuan0        2.4.3-1
ii  libc6             2.24-1
ii  libcomerr2        1.43.1-1
ii  libgnutls30       3.5.3-3
ii  libgpg-error0     1.24-1
ii  libgpgme11        1.6.0-3
ii  libgssapi-krb5-2  1.14.3+dfsg-1
ii  libidn11          1.33-1
ii  libk5crypto3      1.14.3+dfsg-1
ii  libkrb5-3         1.14.3+dfsg-1
ii  libncursesw5      6.0+20160625-1
ii  libnotmuch4       0.22.1-3
ii  libsasl2-2        2.1.26.dfsg1-15
ii  libtinfo5         6.0+20160625-1
ii  libtokyocabinet9  1.4.48-10

Versions of packages mutt recommends:
ii  libsasl2-modules  2.1.26.dfsg1-15
ii  locales           2.24-1
ii  mime-support      3.60

Versions of packages mutt suggests:
ii  aspell                          0.60.7~20110707-3+b1
ii  ca-certificates                 20160104
ii  gnupg                           2.1.15-2
ii  ispell                          3.4.00-5
pn  mixmaster                       <none>
ii  openssl                         1.0.2h-1
ii  postfix [mail-transport-agent]  3.1.0-5+b1
pn  urlview                         <none>

Versions of packages mutt is related to:
ii  mutt  1.7.0-1

-- no debconf information
-------------- next part --------------
# for safe testing
bind index a next-entry
bind index b next-entry
bind index c next-entry
bind index d next-entry
bind index e next-entry
bind index f next-entry
bind index g next-entry
bind index h next-entry
bind index i next-entry
bind index j next-entry
bind index k next-entry
bind index l next-entry
bind index m next-entry
bind index n next-entry
bind index o next-entry
bind index p next-entry
bind index q next-entry
bind index r next-entry
bind index s next-entry
bind index t next-entry
bind index u next-entry
bind index v next-entry
bind index w next-entry
bind index x next-entry
bind index y next-entry
bind index z next-entry
bind index - next-entry
bind index < next-entry
bind index > next-entry

macro index <F2> '<postpone-message>'

macro index <F3> '<shell-escape>tmux split-window -h<enter><next-entry>'

bind generic <F4> exit


More information about the Pkg-mutt-maintainers mailing list