| Age | Commit message (Collapse) | Author |
|---|
|
In order to avoid $edit_headers, <resend-message>, or other places
setting env->date and inadvertantly generating a wrong Date header,
store the "protected headers" generated date header in the sctx, in
addition to mime_headers.
I initially removed env->date setting from mutt_parse_rfc822_line(),
thinking it a more elegant solution, but unfortunately protected
headers reading needs it to be there. We don't currently print or
compare the headers, but might wish to in the future.
Explicitly pass in a date parameters to mutt_write_rfc822_header() to
make each caller conscious of where the date is coming from.
|
|
Remove it in the same place that the mime-headers are removed. This
is so that the parameter doesn't stay in there if we loop back to the
compose menu on failure and the sender toggle encrption off.
|
|
Add a "cleared" bit for smime_crypt_alg. Otherwise clearing the value
in smime.c's menu would cause the compose menu and mutt_protect() to
fall back to using SmimeCryptAlg.
|
|
Pass the sctx into postpone_message() and save_fcc() to it can be
passed to mutt_protect.
Change compose menu to show the sctx values, but fall back to the
globals.
|
|
This is optional part of the draft RFC, marked with "FIXME":
* FIXME: Enigmail adds "protected-headers="v1"" parameter to
"payload" here. Is this necessary?
The answer is: for Enigmail yes. Otherwise it ignores protected headers
and use the envelope headers. This results in all the emails listed with
"..." subject, which isn't very helpful.
Since the user can disable protected headers while in the compose menu
(after potentially failed send), remove the attribute if protected
headers are disabled.
|
|
|
|
|
|
Try autocrypt first for crypt_pgp_decrypt_mime() and
pgp_gpgme_encrypted_handler().
Propagate the autocrypt bit if successful. This is used when replying
to an autocrypt message, to force a reply using autocrypt.
|
|
Change crypt_get_keys() to query autocrypt.
When oppenc_mode is set, we still query the original keyring
regardless, because the compose menu can still run oppenc even if
autocrypt is on.
Since mutt_autocrypt_ui_recommendation() checks each key as part of
making the recommendation, add a keylist parameter and use that
function.
Add gpgme changes to use the autocrypt context for encryption.
Postpone work:
* Change mutt_protect() to have a postpone parameter. Remove the
manual toggling of the SIGN bit outside the call when postponing.
* Since autocrypt doesn't set the SIGN bit, this allows us to turn off
signing inside mutt_protect() for both normal and autocrypt mode.
* Set the autocrypt postpone key in AutocryptDefaultKey.
Write autocrypt and gossip headers in outgoing emails.
|
|
MuttVars of those types are set via safe_strdup(), which returns NULL
if the original is "". Thus Var implies *Var.
A good portion of the code relies on that axiom, but over the years
some (Var && *Var) checks have crept in, including from me.
This was partially because of the INITVAL("") that were in the code,
which implied (incorrectly) the initial value could be "". Commit
2f91d43e removed those to make it more clear.
This commit removes the *Var checks to make it even clearer, and help
avoid them creeping back in again.
|
|
Add spaces after if, else, while, for, switch.
Unify the brace placement style. The vast majority of the code uses
Allman style so convert the relatively few K&R braces over.
|
|
These are mostly automated changes corresponding to the emacs
settings:
(c-set-style "linux")
(setq c-basic-offset 2)
(c-set-offset 'case-label '+)
Most of the code follows the convention:
(add-to-list 'c-cleanup-list 'space-before-funcall)
but this is not enforced by this indentation cleanup.
Also, I personally dislike tabs, so I have:
(setq-default indent-tabs-mode nil)
in my own configuration. However I have no desire to change every line
just for that effect. So this cleanup does nothing about the mix issue.
Some of the secondary files (e.g. regex.c) have been skipped.
I've also skipped crypt-gpgme.c, because I need to think about that
file. Werner Koch and the GnuPG team contributed most it, and it
follows the Gnu indentation settings. It should probably be made
uniform with Mutt, but I don't want to discourage future GnuPG
contribution to the file.
I manually reverted a few unsightly cleanups, and added a few tweeks
when I saw things that could be improved.
|
|
The result of
find . -name "*.[ch]" -exec emacs -batch {} \
--eval="(progn (delete-trailing-whitespace) (and (buffer-modified-p) (save-buffer)))" \;
|
|
Most of these have been "#if 0" out for 10-20 years. Any utility in
keeping them around is miniscule at this point.
There are a few other "#if 0" in the code, but I've kept them for now.
Some are utility functions that are not used, but I think still may
have some documentation value.
|
|
|
|
|
|
Write out the protected headers when writing the mime header part.
Hide protected subjects with $crypt_protected_headers_subject, for
outgoing, postponed, and fcc'ed messages.
Don't hide in postponed and fcc'ed if $crypt_protected_headers_read
isn't set.
Add a few missing cases where mime_headers needed to be cleaned up on
error.
Remove the protected headers for $fcc_clear.
|
|
Add config vars $crypt_protected_headers_write (unset by default),
and $crypt_protected_headers_subject.
Store the protected headers during mime_protect().
|
|
Add $crypt_protected_headers_read config variable to enable reading
and updating the index/header cache.
Print protected Subject header in the pager as parts are rendered.
Once opened, update the index, subject hash, and header cache.
|
|
|
|
|
|
Thanks to Vincent Lefèvre for reporting the issue and for the wording
suggestion!
|
|
The $postpone_encrypt and $(pgp/smime)_self_encrypt configuration
variables have created a somewhat messier situation for users. Many
of them now have to specify their keys across multiple configuration
variables.
(Trac) Ticket #3983 had a reasonable request: "if my encrypt and
signing keys are the same, why can't I just specify my key once in my
.muttrc?"
The problem currently is that $smime_default_key and $pgp_sign_as are
both used to specify signing keys, and are set by the "sign (a)s"
security menu choice. So we can't store encryption keys there because
some users have separate sign-only capability keys.
Create $pgp_default_key to store the default encryption key. Change
signing to use $pgp_default_key, unless overridden by $pgp_sign_as.
The pgp "sign (a)s" will continue setting $pgp_sign_as.
Create $smime_sign_as. Change signing to use $smime_default_key
unless overridden by $smime_sign_as. Change s/mime "sign (a)s" menu
to set $smime_sign_as instead.
Change $postpone_encrypt and $(pgp/smime)_self_encrypt to use
$(pgp/smime)_default_key by default.
Mark $(pgp/smime)_self_encrypt_as deprecated. They are now aliases
for the $(pgp/smime)_default_key config vars.
Change $(pgp/smime)_self_encrypt default to set.
The intent is that most users now need only set
$(pgp/smime)_default_key. If they have a sign-only key, or have
separate signing and encryption keys, they can put that in
$(pgp/smime)_sign_as. This also enables to default self_encrypt on
and solve a very common request.
Thanks to Michele Marcionelli and Vincent Lefèvre for gently pushing
me towards a solution.
|
|
The reporter noted that when trying to use inline signing with
format=flowed, the flowed was turned off.
After some research, this appears to be deliberate, probably because
of strange interactions between inline PGP and format=flowed. In fact
the RFC strongly discourages their combined use:
https://tools.ietf.org/html/rfc3676#section-4.6
Add a warning and prompt to use PGP/MIME in mutt_protect().
|
|
Add $pgp_self_encrypt, $pgp_self_encrypt_as, $smime_self_encrypt,
$smime_self_encrypt_as.
$pgp_sign_as and $smime_default_key are inappropriate to use, as they
specify signing key/certs. In some cases, this is a different value
than the encryption key/cert.
|
|
$locale was only used to set the LC_TIME locale. Unfortunately, Mutt
previously defaulted to using "C". This overrode the user's locale
setting and forced them to re-specify their locale inside their
.muttrc.
Remove $locale and instead use the locale specified by the
environment. Mutt still allows "C locale" dates by using a leading
"!" in $date_format, ${}, etc.
Another use of $locale was to customize attribution dates using hooks.
The next commit will introduce $attribution_locale, which can be used
for this instead.
Thanks to Derek Martin for the original patch!
|
|
Changeset 23334e967dd7 created a workaround for a namespace conflict
with Solaris and derivatives. After some discussion, the team decided
it would be best to move away from using the "M_" prefix for macros.
This patch was automatically generated by running:
perl -wpi -e 's/\bM_(\w+)\b/MUTT_$1/g' `find . -name '*.[ch]' -print`
with the exception that sys_socket.h was exempted. (That file will
be backed out subsequent to this commit.)
Thanks to Andras Salamon for supplying the perl script used to make
this change.
|
|
The oppenc changes allow security bits to be set even when not
encrypting or signing (for instance, OPPENCRYPT and INLINE).
mutt_protect() assumed that if INLINE is set, then either ENCRYPT or
SIGN must also be set. Specifically, it would end up inline-signing
the message even though neither was set.
Ensure mutt_protect() is a noop if neither SIGN or ENCRYPT are set.
In ci_send_message(), check for sign or encrypt before calling the
crypt_get_keys() / mutt_protect() block, and also in the fcc section
(since clear_content would be NULL if not).
The second change to the fcc part is somewhat redundant, but better to
be explicit and avoid the case where the subtype is somehow
"encrypted" or "signed" even though msg->security wasn't set thus.
|
|
Vincent Lefèvre pointed out the common shortcut, e.g 1996-9, is
actually not allowed for copyright years. Convert all the copyright
years (for mutt files) to use 4 digits.
|
|
#3738)
Change mutt_protect() to check for text/plain before trying to invoke
crypt_pgp_traditional_encryptsign(). This way, mutt can provide a bit
more specific prompt and error message.
Since pgp_mime_auto says it will prompt in the event of any failure,
keep the more generic prompt after the encryptsign call too.
|
|
Apparently, for S/MIME, some MUAs mismatch the protocol value of
the multipart/signed and the content-type of the signature: putting
"pkcs7-signature" in one and "x-pkcs7-signature" in the other.
Change mutt_signed_handler() to independently verify the values of the
protocol and the content-type. This still checks for correct values but
doesn't ensure they match between the two (for S/MIME).
|
|
In certain circumstances, Exchange corrupts a multipart/encrypted block
into:
<multipart/mixed>
<text/plain>
<application/pgp-encrypted> [BASE64-encoded]
<application/octet-stream> [BASE64-encoded]
This patch pulls the full detection of valid/invalid multiparts
into mutt_body_handler(). It extracts a run_decode_and_handler()
function, which is reused by new intermediate handlers to decode
the application/octet-stream part before passing it directly to
crypt_pgp_encrypted_handler. These intermediate handlers then check
and set any GOODSIG flags back into the parent part.
This change may result in less error messages for invalid
multipart/encrypted parts. Instead, mutt will default to the
multipart_handler if it isn't fully "correct".
Viewing attachments uses crypt_pgp_decrypt_mime() which bypasses the
handler mechanism. Add decoding to the decrypt_mime() functions for pgp
and gpgme.
Thanks to Vincent Brillault for his analysis and initial patch.
|
|
This allows oppenc to be enabled/disabled on a message level. If
something initially enables encryption, such as crypt_autoencrypt or
crypt_replyencrypt, oppenc is turned off for the message.
Change the postpone/resume code to persist the oppenc bit.
Also change resend message to enable and invoke oppenc if the option is
set.
|
|
This patch creates the OPTCRYPTOPPORTUNISTICENCRYPT option and
documentation.
It also adds calls to crypt_opportunistic_encrypt() during initial
message composition, after updating to, cc, or bcc, and after editing
the message (if edit_headers is enabled).
|
|
This function will be called to flip encryption on and off based on
message recipients.
|
|
A subsequent patch (re?)-introduces a call to is_numerical_keyid inside
find_keys(). Rather than duplicate the function, this patch pulls it
into crypt.c, where find_keys() and pgp_findKeys() can both call it.
|
|
It's added to the parameter lists through the call stack down to the
find_keys calls.
No functionality is implemented yet. This patch is separated just to
keep other patches more readable.
|
|
All four find_keys routines have a similar set up code for generating a
single address list out of the to, cc, bcc lists. This patch pulls all
the code into crypt_get_keys.
This is done to simplify the functions before later patches make them
more complicated (with the oppenc_mode parameter).
|
|
Accept and check input of a fingerprint and find the matching key.
Note that for both to work, match against and display of fingerprint, the
pgp_list_pubring_command and pgp_list_secring_command need to contain the
--with-fingerprint option, or have with-fingerprint in ~/.gnupg/gpg.conf.
|
|
|
|
|
|
|
|
I went through the logs of each file with a copyright header and
updated the years for the authors in the headers for any non-comment
changes they introduced. What a pain!
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
