aerc: backport an upstream patch for handling of attachments' filenames (a8b64551) · Commits · nix / nixpkgs

pkgs/by-name/ae/aerc/basename-temp-file-fixup.patch

0 → 100644

+34 −0

Original line number	Diff line number	Diff line
		From 2bbe75fe0bc87ab4c1e16c5a18c6200224391629 Mon Sep 17 00:00:00 2001
		From: Nicole Patricia Mazzuca <nicole@streganil.no>
		Date: Fri, 9 May 2025 09:32:21 +0200
		Subject: [PATCH] open: fix opening text/html messages

		This fixes a bug introduced in 93bec0de8ed5ab3d6b1f01026fe2ef20fa154329:
		aerc started using `path.Base(<part>)`, which returns `"."` on an empty
		path, but still checked for `""` two lines later.

		On macOS, the result is that aerc attempts to open the directory:

		```
		open /var/folders/vn/hs0zvdsx3vq6svvry8s1bnym0000gn/T/aerc-4229266673: is a directory
		```

		Signed-off-by: Nicole Patricia Mazzuca <nicole@streganil.no>
		Acked-by: Robin Jarry <robin@jarry.cc>
		---
		commands/msgview/open.go \| 2 +-
		1 file changed, 1 insertion(+), 1 deletion(-)

		diff --git a/commands/msgview/open.go b/commands/msgview/open.go
		index a6e43cb8da5fd49d2aa562d4c25ee2d597deefc3..7c770d4a90b771e3a18dfcb327f5e9306d5b5fa7 100644
		--- a/commands/msgview/open.go
		+++ b/commands/msgview/open.go
		@@ -59,7 +59,7 @@ func (o Open) Execute(args []string) error {
		}
		filename := path.Base(part.FileName())
		var tmpFile *os.File
		- if filename == "" {
		+ if filename == "." {
		extension := ""
		if exts, _ := mime.ExtensionsByType(mimeType); len(exts) > 0 {
		extension = exts[0]

0 → 100644

+41 −0

Original line number	Diff line number	Diff line
		From 93bec0de8ed5ab3d6b1f01026fe2ef20fa154329 Mon Sep 17 00:00:00 2001
		From: Robin Jarry <robin@jarry.cc>
		Date: Wed, 9 Apr 2025 10:49:24 +0200
		Subject: [PATCH] open: only use part basename for temp file

		When an attachment part has a name such as "/tmp/55208186_AllDocs.pdf",
		aerc creates a temp folder and tries to store the file by blindly
		concatenating the path as follows:

		/tmp/aerc-3444057757/tmp/55208186_AllDocs.pdf

		And when writing to this path, it gets a "No such file or directory"
		error because the intermediate "tmp" subfolder isn't created.

		Reported-by: Erik Colson <eco@ecocode.net>
		Signed-off-by: Robin Jarry <robin@jarry.cc>
		---
		commands/msgview/open.go \| 3 ++-
		1 file changed, 2 insertions(+), 1 deletion(-)

		diff --git a/commands/msgview/open.go b/commands/msgview/open.go
		index 4293b7e4892c137a7f3fbbe79245ffb6733b2671..a6e43cb8da5fd49d2aa562d4c25ee2d597deefc3 100644
		--- a/commands/msgview/open.go
		+++ b/commands/msgview/open.go
		@@ -5,6 +5,7 @@ import (
		"io"
		"mime"
		"os"
		+ "path"
		"path/filepath"

		"git.sr.ht/~rjarry/aerc/app"
		@@ -56,7 +57,7 @@ func (o Open) Execute(args []string) error {
		app.PushError(err.Error())
		return
		}
		- filename := part.FileName()
		+ filename := path.Base(part.FileName())
		var tmpFile *os.File
		if filename == "" {
		extension := ""

+8 −1

Original line number	Diff line number	Diff line
		@@ -33,7 +33,14 @@ buildGoModule (finalAttrs: {
		python3Packages.wrapPython
		];

		patches = [ ./runtime-libexec.patch ];
		patches = [
		./runtime-libexec.patch

		# TODO remove these with the next release
		# they resolve a path injection vulnerability when saving attachments (CVE-2025-49466)
		./basename-temp-file.patch
		./basename-temp-file-fixup.patch
		];

		postPatch = ''
		substituteAllInPlace config/aerc.conf