| Age | Commit message (Collapse) | Author |
|---|
|
This is a part two, made in master, to the stable branch commit
11b18027. These are mostly length adjustments to use LOFF_T, matching the
BODY->length type.
An argument could be made for size_t instead, and a few places in Mutt
do assign between those types. I've used LOFF_T because off_t is a
signed integer. Some changes in this commit affect loops that
decrement a length pointer while > 0. Switching to a size_t could
create a wraparound infinite loop bug.
This also changes the Content-Length header parser to use atoll()
intead of atol(). I noticed from the man page that atol() doesn't
seem to return -1 on error. But I've kept the check anyway.
|
|
Properly deal with multiple blocks:
* Extract the inline block to armored_data, instead of the entire
message. Use the code from pgp.c to find the block boundaries.
* The copy_clearsigned() function, probably originally ported from the
classic code too, assumes the first blank line starts the clear text.
But this is only true if the passed in data is just the block.
* Use the Charset armor header if found for encrypted content
conversion, as pgp.d does.
* Reset all states in each loop.
It looks like the pgp.c code wasn't resetting pgp_keyblock and
gpgcharset, so reset those in pgp.c too.
|
|
When displaying a message, display a mutt_error() to warn of
incomplete rendering.
Fix mutt_copy_message() to check for ferror and feof errors on partial
decode too.
Clean up _mutt_append_message() to not pass a partial-decode along as
a success.
Modify the crypt handlers to return 1 if any kind of state message is
displayed. There is some fuzzyness about what a "fatal" error is, but
for now just consider a handler error that notifies by
state_attach_puts() as "non-fatal".
|
|
All invocations pass a pointer parameter. Perhaps at one point this
was like the init.h combined usage. But as with that, using an
unsigned long is incorrect, and we've been lucky to get away with it.
Since we don't need a union, just change it to void * to properly size
the parameter.
|
|
|
|
crypt-gpgme and pgpkey $pgp_entry_format optional expando processing
passed the wrong function parameter. So did remailer for
$mix_entry_format.
|
|
Add a "cleared" bit for smime_crypt_alg. Otherwise clearing the value
in smime.c's menu would cause the compose menu and mutt_protect() to
fall back to using SmimeCryptAlg.
|
|
When set, this modifies $crypt_opportunistic_encrypt to only search
for "strong" keys (fully valid keys according to the web of trust).
S/MIME behavior depends on the backend.
|
|
The parameter is not actually used anywhere. The next commit will
convert the classic pgp implementation to use the buffer pool. This
change will simplify the logic.
|
|
Use the pool where possible, but when the function calls other
long-running functions (such as mutt_body_handler() or
mutt_do_pager()), allocate the buffer.
smime_gpgme_decrypt_mime() was not freeing the "cur" BODY generated on
error. Add a call to mutt_free_body(cur) in the error handling.
|
|
This is useful when adding accounts, or for users who want to use an
existing key from the keyring during initial account creation.
|
|
Try autocrypt first for crypt_pgp_decrypt_mime() and
pgp_gpgme_encrypted_handler().
Propagate the autocrypt bit if successful. This is used when replying
to an autocrypt message, to force a reply using autocrypt.
|
|
Change crypt_get_keys() to query autocrypt.
When oppenc_mode is set, we still query the original keyring
regardless, because the compose menu can still run oppenc even if
autocrypt is on.
Since mutt_autocrypt_ui_recommendation() checks each key as part of
making the recommendation, add a keylist parameter and use that
function.
Add gpgme changes to use the autocrypt context for encryption.
Postpone work:
* Change mutt_protect() to have a postpone parameter. Remove the
manual toggling of the SIGN bit outside the call when postponing.
* Since autocrypt doesn't set the SIGN bit, this allows us to turn off
signing inside mutt_protect() for both normal and autocrypt mode.
* Set the autocrypt postpone key in AutocryptDefaultKey.
Write autocrypt and gossip headers in outgoing emails.
|
|
MuttVars of those types are set via safe_strdup(), which returns NULL
if the original is "". Thus Var implies *Var.
A good portion of the code relies on that axiom, but over the years
some (Var && *Var) checks have crept in, including from me.
This was partially because of the INITVAL("") that were in the code,
which implied (incorrectly) the initial value could be "". Commit
2f91d43e removed those to make it more clear.
This commit removes the *Var checks to make it even clearer, and help
avoid them creeping back in again.
|
|
Allow for S/MIME keys and the possibility of missing subkeys
|
|
For gpgme >= 1.11.0, use gpgme_op_encrypt_ext() and
gpgme_op_encrypt_sign_ext() to specify recipients as a string.
This allows '!' to specify forcing a subkey, as is the case in classic
gpg and from the command line.
Remove the '!' "force valid" usage for the newer version.
|
|
Add spaces after if, else, while, for, switch.
Unify the brace placement style. The vast majority of the code uses
Allman style so convert the relatively few K&R braces over.
|
|
Most of these have been "#if 0" out for 10-20 years. Any utility in
keeping them around is miniscule at this point.
There are a few other "#if 0" in the code, but I've kept them for now.
Some are utility functions that are not used, but I think still may
have some documentation value.
|
|
Some clients (or even mail servers) improperly encode the octetstream
part.
Thanks to Riccardo Schirone for the original merge request patch.
This commit also handles the attachment menu, and makes the decoding
conditional so it's not done if it isn't necessary.
|
|
Add $crypt_protected_headers_read config variable to enable reading
and updating the index/header cache.
Print protected Subject header in the pager as parts are rendered.
Once opened, update the index, subject hash, and header cache.
|
|
|
|
The listing of imported keys to the console must have stopped working
on 2014-12-31 due to a fix for bug #3698, commit
bbc5acb6de0ca56d7e8366402d68a1a919ca9b23 which was needed due to a
not fully working stub code introduced in 2008 with commit
a4b3a60dd63bc7af7927025b2d1344530ca89aa9.
The latter commit also introduced a bug in the import code which
listed all keys in the keyring to a temporary file and copied that one
to stdout. The former commit avoided the output to stdout.
The fix here is to use pgp_gpgme_extract_keys only for extracting
information about the key and don't re-use the same code for importing
keys. We now import the keys directly in pgp_gpgme_invoke_import and
we print the fingerprint and status flags for all imported keys. That
information available from GPGME for ages (0.3.1 from 2003).
The user id is unfortunately not printed; that would require a lookup
of the newly imported key. Can be done with another patch.
|
|
Since gpgme 1.9.0 it is possible to list keys directly from a file
without importing it into gpg' own keyring. This patch implements
this in a backward compatible way.
Unfortunately we need to check for a suitable gpgme version at build
time and also for a suitable gpg version at runtime. This is
implemented by a version check which requires to call or include code
taken from libgpg-error (aka gpgrt). However this library is anyway a
dependency of gpgme and thus does not pose any extra burden.
The functions parse_version_number, parse_version_string, and
cmp_version_strings are taken from libgpg-error's repo at 2018-11-20.
Libgpg-error is distributed under the LGPL-2.1-or-later.
|
|
The wrapper is much more convenient and there is no need to sometimes
use gpgme_new directly. The perceived advantage on not bailing out in
an out-of-core condition is not realistic because other small amounts
of memory are allocated all over mutt anyway and thus function will
terminate the process as well.
This patch also changes the minimum version of gpgme to 1.4.0. This
is so that we can always pass NULL to functions like gpgme_release.
Further 1.4.0 has new functions which we may soon like to use.
|
|
GPGME 1.2.0 was released nearly 10 years ago and thus we can really
demand this version. For various reasons it would be advisable to
require a decent version but that is a different thing and needs to be
done in a separate patch.
HAVE_GPGME_OP_EXPORT_KEYS and HAVE_GPGME_PKA_TRUST are not anymore
needed because they are supported by that GPGME version.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
|
|
Updating Japanese translation, I found that some of the updated messages
were a little hard to understand without reading the code.
Add comments to some messages I nearly translated in a wrong way.
|
|
Inform the user about the fingerprint being unavailable instead
of crashing if the S/MIME signature is bad.
|
|
|
|
This fix is based on stbuehler's patch from
https://dev.gnupg.org/T2919.
Recent versions of gpgme seem to terminate the connection for a
protocol error. stbuehler's analysis is that this is actually a
gpgme bug, but recreating the context works around the problem.
|
|
The message is not an error message, and flies by so quickly it has
little informative content. Change it to use dprint instead.
Thanks to Darac Marjal for reporting the issue.
|
|
The $postpone_encrypt and $(pgp/smime)_self_encrypt configuration
variables have created a somewhat messier situation for users. Many
of them now have to specify their keys across multiple configuration
variables.
(Trac) Ticket #3983 had a reasonable request: "if my encrypt and
signing keys are the same, why can't I just specify my key once in my
.muttrc?"
The problem currently is that $smime_default_key and $pgp_sign_as are
both used to specify signing keys, and are set by the "sign (a)s"
security menu choice. So we can't store encryption keys there because
some users have separate sign-only capability keys.
Create $pgp_default_key to store the default encryption key. Change
signing to use $pgp_default_key, unless overridden by $pgp_sign_as.
The pgp "sign (a)s" will continue setting $pgp_sign_as.
Create $smime_sign_as. Change signing to use $smime_default_key
unless overridden by $smime_sign_as. Change s/mime "sign (a)s" menu
to set $smime_sign_as instead.
Change $postpone_encrypt and $(pgp/smime)_self_encrypt to use
$(pgp/smime)_default_key by default.
Mark $(pgp/smime)_self_encrypt_as deprecated. They are now aliases
for the $(pgp/smime)_default_key config vars.
Change $(pgp/smime)_self_encrypt default to set.
The intent is that most users now need only set
$(pgp/smime)_default_key. If they have a sign-only key, or have
separate signing and encryption keys, they can put that in
$(pgp/smime)_sign_as. This also enables to default self_encrypt on
and solve a very common request.
Thanks to Michele Marcionelli and Vincent Lefèvre for gently pushing
me towards a solution.
|
|
Add helpers and iterate over the actx->idx instead of the BODY structure.
|
|
Remove the ridiculous need for the translators to pad the translation
strings themselves.
|
|
Classic-PGP key selection auto-selected a match if there was a single
strong, valid, address-match result, even if there were other weak
matches.
GPGME was prompting in the same situation, if there were other weak
matches.
Change GPGME to match the classic behavior, as this is more useful and
matches the manual description.
|
|
Mutt calls msgfmt with '-c' to verify that translation format strings
match, but it is still safer to indirect strings with no formatting
through %s.
|
|
The parameter was used to notify the caller if the sign (a)s menu was
invoked, which displayed the key selection menu. This is no longer
necessary with the menu stack pop operation.
|
|
This removes the need for the OPTNEEDREDRAW option and MAYBE_REDRAW
macro previously used to communicate back the need to refresh after
exiting a menu.
Remove the redraw parameter from ci_bounce_message() and
mix_make_chain() which served the same purpose.
|
|
Change the pager to use a MENU, right now just to hold the refresh
state.
|
|
This matches the behavior for S/MIME classic mode: OpenSSL converts
the line endings to cr/lf before encrypting. Although Mutt always
canonicalizes the line endings before verifying the signature, some
clients do not do this for encrypted messages.
Thanks to cooler for the patch!
|
|
|
|
|
|
Changeset 6e44bfa16096 did not fix the segv. (Sorry, I made the fix
based off a report on IRC but didn't trigger the segv myself: it was
caused by an out-of-tree patch).
The actual problem was that the rset was only resized on a successful
gpgme_get_key(). However, on error, the array still needs to be
NULL-terminated before calling free_recipient_set().
Move the resize so it always takes place. This obviates the need for
the NULL check added in 6e44bfa16096.
|
|
|
|
If gpgme_get_key() errors on the first key, the rset will not be
allocated yet. Attempting to null-terminate (and then free) the array
causes a segfault.
|
|
GPGME signature information has two minor problems.
[-- Begin signature information --]
*BAD* signature from: Name <user@example.com>
aka: Name <user@example.org>
created: Thu Jan 1 09:00:00 1970
[-- End signature information --]
First, the created timestamp is incorrect when the message is not
verified successfully.
Second, as the code itself has some "TODO" comments, "aka" and
"created" lines are not properly-aligned when LC_MESSAGES != English.
|
|
TAKAHASHI Tamotsu reported that when gpg2 isn't in PATH, the
gpgme_op_verify() won't return an error, but instead will return a
result with no signatures.
verify_one() was only returning an error if a signature actually
failed, so in this case the function was defaulting to returning
success.
Other callers of gpgme_op_verify() check to make sure the
result->signatures exist before processing signatures. Add a check
for verify_one() too.
|
|
When switching from pgp_* commands to crypt_use_gpgme=yes, Peter
Colberg noticed that the output was colored 'brightyellow'.
The issue is that crypt-gpgme.c uses state_attach_puts in various
places where it should use state_puts to maintain compatibility with
the previous behavior in pgp.c.
|
|
|
|
(closes #3873)
list_to_pattern() was not allocating enough space for the '+' to '%2B'
transformation.
|
