Age | Commit message (Collapse) | Author |
|
We don't want to copy the deleted flag over to the trash folder too.
I looked into various ways to keep the UID COPY, but they lead to
niggling issues with error handling along with handling if the server
sends flag updates back to the client.
So for that (hopefully rare) case, abort the fast trash and just use a
regular copy.
|
|
There are some prompts that can cause it to abruptly fail, but it
turns out SMTP has some of those too.
For now, abort if $confirmcreate is set.
Certificate prompts were fixed in commit c46db2be for 2.2.7.
|
|
Ticket 405 had an almost-exploit enabled by sloppy assignment of
strlen(). There were more details involved, of course, but this
served as encouragement to clean up obvious "strlen assignment to int"
in the rest of the code.
Note this is not *all* cases, only those that were simple and obvious.
In some cases, the code assigns strlen() to an int but also uses that
variable to hold negative values for another reason. In other cases,
an API is involved (e.g. SASL) that make changing potentially
dangerous. And lastly, some functions were just a bit too complicated
to risk introducing a bug.
|
|
Commit b0570d76, in the 2.0 release, improved some of the mailbox
prompt flow and logic, creating a separate function for mailbox
prompting. At the same time it changed "save/copy to mailbox" to use
that function and thus the mailbox history ring.
Unfortunately, this created a partition between some other prompts
that used the filename history ring but were actually prompting for
mailboxes.
Change those prompts: edit-fcc, and imap create/rename mailbox to use
the mailbox history ring. This will allow values to be shared between
them and prompts such as "open mailbox" and "save/copy to mailbox".
Ordinarily I wouldn't commit this to stable, but that change broke at
least one person's workflow badly.
|
|
Commit 960afab4 changed URL generation to preserve the data originally
in the mailbox URL, to fix some internal comparison problems.
Unfortunately, it also affected header and body cache generation.
Since those could easily be shared across multi-muttrc situations,
it's important the username be part of the pathname.
Thanks to exg on the #mutt IRC channel for reporting the regression!
|
|
Commit e7df4d5a changed the close commands to queue up, on the theory
that it will always be followed by a SELECT or a LOGOUT.
However, performing a <recall-message> while in the inbox will open a
*new* connection. mutt_conn_find() prepends the new conection to the
Connections list. The next mailbox opened will use that *new*
connection.
The effect will be the queued CLOSE won't occur before that mailbox is
opened, and so "\Deleted" messages won't be expunged on the server
right away.
If the user had $move set and reopened their $spoolfile, they would
find the read messages marked for delete but not yet expunged from the
server.
|
|
It turns out Cyrus SASL's license may not be compatible with GPL
programs, see Debian Bug 999672.
So, add support for the GNU SASL library, using configure option
--with-gsasl.
I haven't touched the Cyrus SASL code in Mutt all that much in the
past, but I've done my best to keep the gsasl code clean and simple.
There are likely mistakes to be fixed and additions to be made,
though.
I queried the gsasl mailing list about the need for a socket
wrapper (as is done for the cyrus code), and it seems this should no
longer be needed. As long as GSASL_QOP is left at the
default (qop-auth), the client should ask for authentication, and not
negotiate integrity or confidentiality. (Thanks to Phil Pennock and
Simon Josefsson for their reponses - although the blame is fully
on *me* if this turns out to be incorrect). Therefore there is no
CONNECTION wrapping in this implementation.
Add multiline response support for SMTP authentication (which is
probably not actually needed). Also add arbitrary line length for the
SASL server responses (the RFCs note that for SASL, the protocol line
lengths don't apply).
|
|
|
|
DavMail is putting more than one space between '*' and the EXISTS
count, e.g. '* 5 EXISTS'
Strictly speaking, this is disallowed by RFC3501 (see Section 9, Note
2). However, there is also no good reason for imap_open_mailbox() to
be stricter than the untagged handler, which correctly extracts the
count.
Add a check to make sure we are looking at an untagged response, and
then use imap_next_word() rather than just incrementing by two.
Thank you to Michael Gernoth (@stargo) for debugging this issue,
creating a merge request with a possible fix, and helping to test this
commit.
|
|
Subtraction can overflow, resulting in incorrect sorts. This is
especially a concern for the date and size sorting, whose fields are
greater than an 'int' size.
The index values should be okay, but it's better to be consistent and
avoid any possible issues.
Define a macro, mutt_numeric_cmp(), that uses direct comparison rather
than subtraction.
|
|
This helps ensure they match for browser sticky-cursor, sidebar, and a
few other places where a path is compared against
something (e.g. $trash).
Add two flags that track if the user/password came from the parsed
URL. If they were instead added to the account via $imap_user or
$imap_pass, don't include those when generating a URL string as
output.
Change LSUB to also include the password, if present in the original
connection URL.
|
|
Without this, IMAP autoreconnect, background-edit Fcc, browser
sticky-cursor, and sidebar "current" selection may not work properly.
Change imap_qualify_path() to preserve the password if it is present
in IMAP_MBOX for the generated URL.
In almost all cases, DT_PATH types are run through
mutt_pretty_mailbox(), which filters out the passwords, before
displaying them in the UI.
However there are a few cases where the context->path is displayed
directly. Create a new function, mutt_buffer_remove_path_password()
to remove it and display that instead.
|
|
|
|
There is no need to perform expensive sorting (e.g. by thread), which
will just need to be done again after the mailbox is opened.
|
|
Reset ctx->size.
Clear all hash structures. Currently imap_expunge_mailbox() triggers
a resort, which can populate some of these hashes. The next commit
will change that, but it's better to make sure there are no remnants
in any hashes to avoid memory corruption.
|
|
Commit 74ce032f moved the msn increment outside the check for a
missing header. The idea was that a header-cache hole needed to be
accounted for. However, a header can also be missing just by a VANISH
happening the last time the mailbox was open.
Since the header won't be in the uid_hash, cmd_parse_vanished() can't
decrement subsequent msns, so it need to be done in this loop.
If there is a header cache hole, or another problem, verify_qresync()
will detect a problem and try again without QRESYNC.
However if there were an actual stored "blank", do increment, since
there was no UID to process a vanish on.
|
|
The function was pulled from the other sort methods used in mutt. But
those don't work properly for a 32-bit unsigned value. If the
difference between two UID values is greater than a signed int can
represent, it will sort improperly.
Some of the other sort functions need to be fixed too, but that can be
done in master.
|
|
|
|
|
|
It's possible for there to be holes in the MSN sequence, and also in
the header cache. When iterating through the seqset, preserve those
by incrementing msn even if the result isn't found in the header
cache (because it is 0 or because the record is missing in the header
cache).
|
|
Currently only deleted messages that will be expunged are marked
inactive, so it shouldn't be an issue. However, before the previous
commit (changing sorting by UID), I think there was a possibility for
a bug if trailing expunge-marked messages with MAXINT index were also
marked inactive.
The sort change fixes that, but to make the code clearer just remove
the possibility of inactive messages being included.
|
|
When there is a hole in the header cache, the UID numbers are no
longer guaranteed to increase with the index. This can result in
incorrect msgset values being sent to the server.
Thanks to Pieter-Tjerk de Boer for reporting this problem, with a
detailed description of the problem, and a suggested patch.
Note to backporters:
* this patch depends on the imap_disallow_reopen() added in commit
6051760c2cf492ada1e06d910c0c2c05607c08bc for release 1.13.4.
* the bug was introduced in release 1.9.0 so there is no need to
backport earlier than that.
|
|
Since the msn_index will be regenerated differently, Mutt needs to
scan for holes again.
|
|
|
|
For both of these cases, there is no actual bug. But set them to 0 to
make the compiler happy.
|
|
The prompt currently just prints "See $%s for more information." where
%s is the variable name. This will at least give a pointer to what
variable can be adjusted to change the prompt behavior.
A handful of boolean variables also control prompt display. Add a
help choice for those too using the function mutt_query_boolean().
|
|
|
|
If the seqset ended with a comma, the substr_end marker would be just
before the trailing nul. In the next call, the loop to skip the
marker would iterate right past the end of string too.
The fix is simple: place the substr_end marker and skip past it
immediately.
|
|
Record entry numbers as they are added to the list, so re-sorting by
"unsorted" can return to the original order.
This is most useful for the mailboxes case, where "unsorted" should
mean the order listed in the muttrc.
|
|
entrymax contains the number of slots allocated. entrylen contains
the current number of slots used.
Note: there isn't a memory access bug here - it was merely
reallocating too early.
|
|
The keymap_alldefs.h file was previously generated and scanned inside
po/Makefile.in.in as an additional POTFILES files build dependency and
step.
The file can't be scanned by just adding it to po/POTFILES.in because
it's a generated file that will be in the build directory. The next
commit will instead add the OPS* files directly to POTFILES.in to be
scanned.
For this commit, remove the generation of keymap_alldefs.h.
Remove the redundant ALL_LINGUAS setting from configure.ac. Reformat
the LINGUAS file to be on one line, as the documentation shows. I
think it was okay before, but just to be safe.
Fix L10N scanning by adding '--add-comments=L10N' to XGETTEXT_OPTIONS
in po/Makevars.
Set MSGID_BUGS_ADDRESS to silence a warning.
Add gettext.h to the Makefile.am EXTRA_DIST list.
Remove -Iintl flags from all Makefile.am files, since the intl
directory is no longer bundled in Mutt.
|
|
* Remove the automatic conversion of NULL and '\0' to 0. Add a flag
for the cases that require lax evaluation.
* Make trailing characters generate an error by default for the
mutt_atouX functions. Add a flag for that case. Most of the IMAP
code parses numbers out of a stream, so add the flag to those
calls.
* The mutt_atouX functions were also behaving incorrectly with
invalid input, e.g. "ABC", returning and setting 0. Fix them to
return an error in those cases.
* Add a mutt_atoll() function, to be used in the next commit.
* Change converters to store 0 on error. atos, atoi, and atoui were
already doing this, but the others were not.
|
|
-nonotify allows to disable notifications for mailboxes.
-notify can be used to re-enable notifications for a previously disabled
mailbox.
A typical use case are mailboxes for mailing lists. The User may want to
get notified about new mail in their work mailbox, but not get disrupted
by new mail received from the mailing list.
This patch allows individual configuration for all mailboxes.
|
|
|
|
mx.mbox (allocated by imap_parse_path) was not always freed before
return.
The sync_cmd and cmd buffers were also not always freed. One case was
on retrying after creating the mailbox, which would overwrite the
allocated pointers.
As long as I'm touching the buffers, convert them to use the buffer
pool. I think the mutt_buffer_clear() at the beginning of the retry
loop isn't necessary, but will keep it to make it clear any existing
values won't be reused a second time through the loop.
|
|
The mx.mbox allocated by imap_parse_path() was not freed on error in a
couple places.
There is also a leak in imap_copy_message(), but this was fixed in
master in commit 1ec642e2. I'll cherry pick that into stable.
|
|
This is a part two, made in master, to the stable branch commit
11b18027. These are mostly length adjustments to use LOFF_T, matching the
BODY->length type.
An argument could be made for size_t instead, and a few places in Mutt
do assign between those types. I've used LOFF_T because off_t is a
signed integer. Some changes in this commit affect loops that
decrement a length pointer while > 0. Switching to a size_t could
create a wraparound infinite loop bug.
This also changes the Content-Length header parser to use atoll()
intead of atol(). I noticed from the man page that atol() doesn't
seem to return -1 on error. But I've kept the check anyway.
|
|
|
|
If it fails, force a redownload without qresync, to set the uid_seqset
to a correct state.
Note the headers should almost all be in the header cache, so this
isn't a huge penalty, but ensures no duplicates occur (the most common
issue if something goes wrong).
|
|
This will allow some operations to retrieve only headers, such as ~h
pattern matching or the new list menu.
Modify the IMAP and POP3 implementation to retrieve only headers when
the parameter is set.
Headers-only will use the message cache if one exists, but will not
populate the message cache (since the body of the message is not
downloaded.)
|
|
This will be a bit slower over IMAP from the index, but it removes
storing all the new headers in the header cache. Since those are not
used for anything except the list menu, and the list menu is
infrequently used, it's a bit wasteful to store them in the header
cache.
|
|
|
|
I don't think this would cause any issues, but it should be cleared
here in any case.
|
|
|
|
An error in imap_cmd_step() was not being properly returned to the
caller.
|
|
List-Post parsing is inline in the List-Post header handler. This moves
it to some separate functions so that we can use it for other purposes.
|
|
mx.mbox (allocated by imap_parse_path) was not always freed before
return.
The sync_cmd and cmd buffers were also not always freed. One case was
on retrying after creating the mailbox, which would overwrite the
allocated pointers.
As long as I'm touching the buffers, convert them to use the buffer
pool. I think the mutt_buffer_clear() at the beginning of the retry
loop isn't necessary, but will keep it to make it clear any existing
values won't be reused a second time through the loop.
|
|
Commit 04b06aaa was purposely kept minimal, to aid backporting the
fix. It kept the err_close_conn label, but there is no need for the
label anymore. Change all goto's to use the bail label.
|
|
|
|
During connection, if the server provided an illegal initial response,
Mutt "bailed", but did not actually close the connection. The calling
code unfortunately relied on the connection status to decide to
continue with authentication, instead of checking the "bail" return
value.
This could result in authentication credentials being sent over an
unencrypted connection, without $ssl_force_tls being consulted.
Fix this by strictly closing the connection on any invalid response
during connection. The fix is intentionally small, to ease
backporting. A better fix would include removing the 'err_close_conn'
label, and perhaps adding return value checking in the caller (though
this change obviates the need for that).
This addresses CVE-2020-28896. Thanks to Gabriel Salles-Loustau for
reporting the problem, and providing test cases to reproduce.
|