| Age | Commit message (Collapse) | Author |
|---|
|
Ticket 405 had an almost-exploit enabled by sloppy assignment of
strlen(). There were more details involved, of course, but this
served as encouragement to clean up obvious "strlen assignment to int"
in the rest of the code.
Note this is not *all* cases, only those that were simple and obvious.
In some cases, the code assigns strlen() to an int but also uses that
variable to hold negative values for another reason. In other cases,
an API is involved (e.g. SASL) that make changing potentially
dangerous. And lastly, some functions were just a bit too complicated
to risk introducing a bug.
|
|
Commit b0570d76, in the 2.0 release, improved some of the mailbox
prompt flow and logic, creating a separate function for mailbox
prompting. At the same time it changed "save/copy to mailbox" to use
that function and thus the mailbox history ring.
Unfortunately, this created a partition between some other prompts
that used the filename history ring but were actually prompting for
mailboxes.
Change those prompts: edit-fcc, and imap create/rename mailbox to use
the mailbox history ring. This will allow values to be shared between
them and prompts such as "open mailbox" and "save/copy to mailbox".
Ordinarily I wouldn't commit this to stable, but that change broke at
least one person's workflow badly.
|
|
|
|
Mutt tries to hide the format=flowed stuff/unstuff processing from the
user in other cases (when editing, viewing, piping, and printing, for
instance). It should also do this when piping the content to the
alternative filter.
|
|
With the default keymap, hitting 'D' in the compose menu will remove
parts and unlink owned files. Mutt prevents removing all the parts,
but if you have added attachments, this makes it very easy mis-type
and accidentally nuke the message you've been composing.
This option only checks for the first part - which is highly likely
the main composed message. It might be possible to try and make the
check more intelligent, but I think a simple check will go a long way
towards preventing disaster.
|
|
|
|
Hitting enter at the attach files prompt will still allocate an entry
in the attachment array. It might make sense to "abort" inside the
prompt for that case, but it's a change of behavior to have the prompt
do so.
Instead, have the compose menu prompt skip NULL values.
|
|
closes #368.
Rename THREAD->sort_key to sort_aux_key, to make the fields more
distinct. Add THREAD->sort_group_key for caching the top-level sort
HEADER. An additional value is needed to allow propagating up values,
for place-holder threads, and for "last" sort handling.
Add recalc_aux_key and recalc_group_key bits to THREAD, in addition to
sort_children. These are used to allow separate flagging of either
the group key or aux key needing to be recalculated. Adding these two
fields helped me keep better track of how the subthread sorting was
working, because I'm just not as smart the people who originally wrote
the threading code. :-)
Fix up some of the logic with rescoring, and "first_message" to take
the new config vars into account.
Add %T expando to $status_format, and change the default to
conditionally show the value based on whether $sort is "threads" and
$sort_thread_groups is not "aux".
Lastly, a thank you to Eric Blake. He implemented separate
thread/subthread sorting in the NeoMutt code, after suggesting it on
the #mutt IRC channel a couple months ago. When ticket 368 was opened
he pointed me at his work and offered to port. However, I couldn't
pass up the opportunity to learn more about the thread code myself, so
I declined his offer.
Although no copy/pasting was done, the basic of structure of the
mutt_sort_subthreads() changes is the same, and I did look at his
modifications to the function for guidance. Thank you Eric!
|
|
These were forwarded to mutt-po by Helge Kreutzmann, from his
translation team.
I've added comments to a couple places where the meaning was unclear.
|
|
This mirrors the <view-pager> in the attachment menu (and just added
to the compose menu), but adds it to the compose menu for alternative
generation.
|
|
These are less commonly needed, so don't bind them to a key. But for
those who need it, make them be available.
|
|
enter_filename() api:
* Rename enter_fname() to _enter_fname()
* Rename mutt_buffer_enter_mailbox() to mutt_enter_mailbox()
* Rename mutt_buffer_enter_filenames() to mutt_enter_filenames()
* Remove 'multiple' and 'fname buffer' parameters from
mutt_enter_filenames(). Create a temp buffer, and enable multiple
automatically. This removes the possibility of mistakenly looking
at an unpopulated 'fname' parameter for the result.
* Create mutt_enter_filename(). This isn't used currently, but it
makes sense to have a "single filename" api already set up with
correct parameters.
get_field() api:
* Rename _mutt_buffer_get_field() to a static _get_field() function.
* Remove _mutt_get_field() and make mutt_get_field() an actual
function.
* Remove the multiple/files/numfiles parameters, since this
should only be done through mutt_enter_filenames().
_mutt_enter_string() api:
Add comments to mutt_enter_string() and _mutt_enter_string() headers.
Noting that they should generally not be called directly. List the
functions that should be used inside Mutt. Note the behavior of the
multiple parameter.
|
|
There was a disconnect between the compose menu and the behavior when
selecting multiple files. The select_file() operation populates the
files and numfiles when hitting 'quit'. The compose menu was
incorrectly looking at the fname parameter, which won't be populated
unless the user presses enter.
The enter_string() menu makes the same mistake. Change it to behave
differently depending on whether multiple is set.
The logic needs to be made clearer by changing the api. I will do
that in the next commit.
|
|
Create mutt_buffer_enter_mailbox(), which turns on the MUTT_MAILBOX
flag (renamed from MUTT_EFILE). This uses the mailbox history file
category, and turns on MUTT_SEL_FOLDER in the select_file browser.
Add a do_incoming paramter and a new separate flag MUTT_INCOMING, so
that buffy-completion can be enabled optionally for mailboxes. It
only makes sense for the change-folder operation, so disable it in
other contexts (such as saving/copying a message, prompting for an Fcc
mailbox, or an autocrypt scan mailbox).
Change saving/copying a message to use the mailbox function, so that
it shares the history file with other mailbox operations. It would
previously use the "file" history category.
Create mutt_buffer_enter_filenames() to replace the enter_fname()
prompt for files.
Since nothing directly uses the _mutt_buffer_enter_fname() function
anymore, rename and make it static.
|
|
The variable defaults unset, to prevent breaking anyone's
configuration.
If set to a value, such as ",", $record and fcc-hook may list multiple
mailboxes separated by the delimiter. Mutt will tokenize and
expand/prettify each separate mailbox. At Fcc time, it will loop
through trying to save to each mailbox.
This patch introduces a bit more uglyness into init.c, which has to
special-process for $record in a few places. I don't like that, but I
believe the feature is important enough to allow for the one-off
behavior hack, because we are constrained by backwards compatibility.
Add documentation notes about the resulting issues with '<' mailbox
shortcut expansion, and with fcc-save-hook processing. It is
recommended to use fcc-hook to set multiple mailboxes in those cases
instead.
|
|
All invocations pass a pointer parameter. Perhaps at one point this
was like the init.h combined usage. But as with that, using an
unsigned long is incorrect, and we've been lucky to get away with it.
Since we don't need a union, just change it to void * to properly size
the parameter.
|
|
The landing page waits for the $editor process to exit, or until the
user presses <exit>, "q" by default. If they press exit they are
returned to the index. If the $editor exits first, they are returned
directly to the compose process.
|
|
Backgrounding exits to the index menu. Re-invoking <mail> will resume
the backgrounded session, if one exists, otherwise start a new
session.
This is just to get basic support going. Multiple background edits, a
landing page, a background compose menu list will be added next.
|
|
|
|
Add a "cleared" bit for smime_crypt_alg. Otherwise clearing the value
in smime.c's menu would cause the compose menu and mutt_protect() to
fall back to using SmimeCryptAlg.
|
|
Pass the sctx into postpone_message() and save_fcc() to it can be
passed to mutt_protect.
Change compose menu to show the sctx values, but fall back to the
globals.
|
|
todo: we need to fix the send_menus.
We need to save/restore the globals in mutt_protect().
|
|
This will be used to set the sctx signas instead of globals for header
editing.
|
|
This will be used to store and use sctx for sign_as values.
|
|
This fits the current naming conventions. There are a few other "ci_"
prefixed functions, but there's no need to tackle all those changes
right now.
|
|
This adds the ability to rearrange the order of the attachments,
including swapping the first attachment if desired.
The compose menu doesn't support nested attachments, but since data
structures and code are shared with recvattach, the new functions use
the v2r and try to behave sensibly with respect to parent pointer
adjustments.
However, the functions do restrict movement to be between siblings.
Adding code to support cross-tree movement would be more complicated
for no current purpose.
|
|
add view-alt function, so now we have
* view-alt "v"
* view-alt-text "Esc v"
* view-alt-mailcap "V"
|
|
Most of these were already commented. Change a few of them to
a format gcc will recognize. In the future, we'll want to change to
whatever is standardized.
|
|
There was no code that explicitly enabled APP_PGP mode when either the
recommendation engine or autocrypt menu were invoked. This would
cause the actual encryption to fail when sending.
This was hidden by the $crypt_opportunistic_encrypt config, which does
ensure it gets turned on. I can only guess that this variable is
popular with the autocrypt early adopters too.
Also explicity enable APP_PGP for $autocrypt_reply. We can't rely on
$crypt_autopgp to turn this on.
|
|
Create config variables $send_multipart_alternative (a quadoption)
and $send_multipart_alternative_filter. The filter script expects
output to be the mime type, a blank line, then the content.
Add ability to preview alternative from compose menu. <view-alt-text>
forces viewing as text. <view-alt-mailcap> forces using the mailcap.
Bind them to 'v' and 'V', respectively.
Improve <resend-message> so a multipart/alternative is stripped out,
which would just confuse the compose menu. Currently this preserves
the first alternative.
Allow alternative generation in batch mode, as long as the quadoption
is set to 'yes'.
|
|
Since we will be dealing with multipart/alternative, we need the
helpers to be a bit more specific.
We need to distinguish a top-level multipart/alternative from a
multipart/mixed created because of attachments.
|
|
This affects the send.c flow (ci_send_message()), the compose menu,
and various helper functions.
|
|
The parameter is not actually used anywhere. The next commit will
convert the classic pgp implementation to use the buffer pool. This
change will simplify the logic.
|
|
The outer multipart was not being freed after writing.
|
|
|
|
Modify error message so that the filename comes last, to prevent a
long path from hiding the error message or prompt.
|
|
Setting actx->idx[]->content->parts to NULL causes a memory leak,
because message attachments store a BODY there that needs to be freed.
I looked through the various use cases of ci_send_message() and
actually believe content->parts will be NULL for all other cases
except message attachments. From the comment added to
delete_attachment():
Other ci_send_message() message constructors are careful to free
any body->parts, removing depth:
- mutt_prepare_template() used by postponed, resent, and draft files
- mutt_copy_body() used by the recvattach menu and $forward_attachments.
I believe it is safe to completely remove the "content->parts =
NULL" statement. But for safety, am doing so only for the case
it must be avoided: message attachments.
|
|
Commit 04cb5bde tried to fix re-stuffing a postponed message more than
once, but unfortunately broke the normal case of composing a new
message. So actually, space-stuffing has been turned off the past 7
years.
Move format=flowed parameter setting below the standard message
pre-processing block. It shouldn't be performed for draft-files even
with $resume_draft_files set. Moving out of the block makes that
clearer.
Create mutt_rfc3676_space_(un)stuff() functions, which check the
content type and stuff/unstuff apprpropriately. Note that the
stuff/unstuff does not depend on $text_flowed, which is only in charge
of setting the format=flowed parameter. This parameter can also come
from resumed/resent/draft messages and should still be respected.
Add unstuffing to mutt_prepare_template(). This is called by
postponed, resent, and draft files. This will prevent double-stuffing
in those cases.
Unstuff/restuff around editing the message in the compose menu, to
keep everything transparent to the user. I originally put the
stuffing *after* the compose menu, but previewing the messages in the
compose menu did not work properly in that case. It's cleaner this
way too.
Change the stuff/unstuff functions to preserve the original
hdr->content->filename. The "hack" previously used would interact
poorly with editable body files (mutt -i -E). Fortunately space
stuffing was pretty much disabled except in unusual cases before.
|
|
|
|
|
|
Change crypt_get_keys() to query autocrypt.
When oppenc_mode is set, we still query the original keyring
regardless, because the compose menu can still run oppenc even if
autocrypt is on.
Since mutt_autocrypt_ui_recommendation() checks each key as part of
making the recommendation, add a keylist parameter and use that
function.
Add gpgme changes to use the autocrypt context for encryption.
Postpone work:
* Change mutt_protect() to have a postpone parameter. Remove the
manual toggling of the SIGN bit outside the call when postponing.
* Since autocrypt doesn't set the SIGN bit, this allows us to turn off
signing inside mutt_protect() for both normal and autocrypt mode.
* Set the autocrypt postpone key in AutocryptDefaultKey.
Write autocrypt and gossip headers in outgoing emails.
|
|
Remove the hardcoded HDR_ATTACH offset calcuation, and add an explicit
enum for the "-- Attachments" line to make loops and padding array
sizes easier.
Add security and recommendataion fields on the line.
Add mutt_autocrypt_ui_recommendation, following the autocrypt spec
guidelines.
|
|
MuttVars of those types are set via safe_strdup(), which returns NULL
if the original is "". Thus Var implies *Var.
A good portion of the code relies on that axiom, but over the years
some (Var && *Var) checks have crept in, including from me.
This was partially because of the INITVAL("") that were in the code,
which implied (incorrectly) the initial value could be "". Commit
2f91d43e removed those to make it more clear.
This commit removes the *Var checks to make it even clearer, and help
avoid them creeping back in again.
|
|
Switch to generating the version string during make process rather than
at configure time. This makes it easier to keep the detailed version
string accurate when doing development which doesn't require that the
configure script be rerun.
|
|
Add spaces after if, else, while, for, switch.
Unify the brace placement style. The vast majority of the code uses
Allman style so convert the relatively few K&R braces over.
|
|
These are mostly automated changes corresponding to the emacs
settings:
(c-set-style "linux")
(setq c-basic-offset 2)
(c-set-offset 'case-label '+)
Most of the code follows the convention:
(add-to-list 'c-cleanup-list 'space-before-funcall)
but this is not enforced by this indentation cleanup.
Also, I personally dislike tabs, so I have:
(setq-default indent-tabs-mode nil)
in my own configuration. However I have no desire to change every line
just for that effect. So this cleanup does nothing about the mix issue.
Some of the secondary files (e.g. regex.c) have been skipped.
I've also skipped crypt-gpgme.c, because I need to think about that
file. Werner Koch and the GnuPG team contributed most it, and it
follows the Gnu indentation settings. It should probably be made
uniform with Mutt, but I don't want to discourage future GnuPG
contribution to the file.
I manually reverted a few unsightly cleanups, and added a few tweeks
when I saw things that could be improved.
|
|
The result of
find . -name "*.[ch]" -exec emacs -batch {} \
--eval="(progn (delete-trailing-whitespace) (and (buffer-modified-p) (save-buffer)))" \;
|
|
Most of these have been "#if 0" out for 10-20 years. Any utility in
keeping them around is miniscule at this point.
There are a few other "#if 0" in the code, but I've kept them for now.
Some are utility functions that are not used, but I think still may
have some documentation value.
|
|
The $postpone_encrypt and $(pgp/smime)_self_encrypt configuration
variables have created a somewhat messier situation for users. Many
of them now have to specify their keys across multiple configuration
variables.
(Trac) Ticket #3983 had a reasonable request: "if my encrypt and
signing keys are the same, why can't I just specify my key once in my
.muttrc?"
The problem currently is that $smime_default_key and $pgp_sign_as are
both used to specify signing keys, and are set by the "sign (a)s"
security menu choice. So we can't store encryption keys there because
some users have separate sign-only capability keys.
Create $pgp_default_key to store the default encryption key. Change
signing to use $pgp_default_key, unless overridden by $pgp_sign_as.
The pgp "sign (a)s" will continue setting $pgp_sign_as.
Create $smime_sign_as. Change signing to use $smime_default_key
unless overridden by $smime_sign_as. Change s/mime "sign (a)s" menu
to set $smime_sign_as instead.
Change $postpone_encrypt and $(pgp/smime)_self_encrypt to use
$(pgp/smime)_default_key by default.
Mark $(pgp/smime)_self_encrypt_as deprecated. They are now aliases
for the $(pgp/smime)_default_key config vars.
Change $(pgp/smime)_self_encrypt default to set.
The intent is that most users now need only set
$(pgp/smime)_default_key. If they have a sign-only key, or have
separate signing and encryption keys, they can put that in
$(pgp/smime)_sign_as. This also enables to default self_encrypt on
and solve a very common request.
Thanks to Michele Marcionelli and Vincent Lefèvre for gently pushing
me towards a solution.
|
|
Gitlab issue #3 exposed an awkward corner case: if mutt is configured
without PGP or S/MIME, and with GPGME, but $crypt_use_gpgme is unset.
In this case, no backend will be available, but WithCrypto will be set
with both APPLICATION_PGP and APPLICATION_SMIME bits.
That will allow various config vars to enable encryption or signing,
even though there will be no backend available to perform them. The
message security flag might then be set, but when the user hits send,
will end up back at the compose menu due to the error.
The pgp or smime menu might not even be available to clear the
security setting!
Add a check in send.c before the compose menu is invoked, and give a
warning message for the menu ops inside the compose menu.
I believe this should prevent the issue. However this is a corner
case combined with user misconfiguration, so I don't believe is worth
a large effort to completely eradicate.
|
