Age | Commit message (Collapse) | Author |
|
Ticket 405 had an almost-exploit enabled by sloppy assignment of
strlen(). There were more details involved, of course, but this
served as encouragement to clean up obvious "strlen assignment to int"
in the rest of the code.
Note this is not *all* cases, only those that were simple and obvious.
In some cases, the code assigns strlen() to an int but also uses that
variable to hold negative values for another reason. In other cases,
an API is involved (e.g. SASL) that make changing potentially
dangerous. And lastly, some functions were just a bit too complicated
to risk introducing a bug.
|
|
The type save/restore seems to have been copied around the other crypt
code calls to mutt_decode_attachment(). Remove it, because
mutt_decode_attachment() makes no such changes.
Note run_decode_and_handler() *does* need to save/restore because it
manually assigns to b->type itself.
|
|
Thanks to Vincent Lefèvre for pointing out the incorrect usage. POSIX
does not specify the actual values (although they are evidently
commonly in use).
|
|
The prompt currently just prints "See $%s for more information." where
%s is the variable name. This will at least give a pointer to what
variable can be adjusted to change the prompt behavior.
A handful of boolean variables also control prompt display. Add a
help choice for those too using the function mutt_query_boolean().
|
|
Ensure the hard redraw is set even if the decryption fails. The agent
prompt still may have appeared.
Since we don't need to set environment variables afterwards, directly
check the OPTUSEGPGAGENT option for the post-check.
|
|
Run 'gettextize -f --no-changelog' to update to 0.21.
This removes the entire intl directory, and relies on an external
libintl only.
$(INTLLIBS) should now be referred to as $(LIBINTL), so change all
references.
Unfortunately, some of the gettext m4 files were modified and "mutt
customized" in the past. I'm trying to keep them in a pristine state
after this upgrade. glibc21.m4, lcmessage.m4, codeset.m4 have also
been removed.
Manually call AM_ICONV in configure.ac. This was previously called
in the modified "MUTT_AM_GNU_GETTEXT" but the result $am_cv_func_iconv
is tested just below.
locale.h is a standard library defined by C99. The gpgme and pgp code
wrapped those includes in HAVE_LOCALE_H checks, but that check was
performed inside of gettext.m4. Remove the check inside those
files (locale.h is already included unconditionally elsewhere in
Mutt).
Copy the sample gettext.h file and include that instead, as suggested
by the gettext documentation.
unistd.h is also a standard posix header, so remove HAVE_UNISTD_H
checks inside mutt too.
Create po/LINGUAS file listing available languages.
Create po/Makevars from the template and customize for Mutt.
Set PO_DEPENDS_ON_POT to no to prevent po file rebuilds. According to
the gettext manual, with this set, "PO files can be accidentally
updated even if a POT file is not updated" when using git.
|
|
Properly deal with multiple blocks:
* Extract the inline block to armored_data, instead of the entire
message. Use the code from pgp.c to find the block boundaries.
* The copy_clearsigned() function, probably originally ported from the
classic code too, assumes the first blank line starts the clear text.
But this is only true if the passed in data is just the block.
* Use the Charset armor header if found for encrypted content
conversion, as pgp.d does.
* Reset all states in each loop.
It looks like the pgp.c code wasn't resetting pgp_keyblock and
gpgcharset, so reset those in pgp.c too.
|
|
When displaying a message, display a mutt_error() to warn of
incomplete rendering.
Fix mutt_copy_message() to check for ferror and feof errors on partial
decode too.
Clean up _mutt_append_message() to not pass a partial-decode along as
a success.
Modify the crypt handlers to return 1 if any kind of state message is
displayed. There is some fuzzyness about what a "fatal" error is, but
for now just consider a handler error that notifies by
state_attach_puts() as "non-fatal".
|
|
|
|
Add a "cleared" bit for smime_crypt_alg. Otherwise clearing the value
in smime.c's menu would cause the compose menu and mutt_protect() to
fall back to using SmimeCryptAlg.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Rename the pgp_copy_checksig() and mutt_wait_filter() return code
variables to provide more clarity, and to make the purpose and
assignment of rc more obvious.
Change tmpfname creation failure to be like pgpoutfile and
pgperrfile, by going to the cleanup point.
|
|
These are mostly the result of making the formatting changes commit
after the indent changes commit.
|
|
Add spaces after if, else, while, for, switch.
Unify the brace placement style. The vast majority of the code uses
Allman style so convert the relatively few K&R braces over.
|
|
These are mostly automated changes corresponding to the emacs
settings:
(c-set-style "linux")
(setq c-basic-offset 2)
(c-set-offset 'case-label '+)
Most of the code follows the convention:
(add-to-list 'c-cleanup-list 'space-before-funcall)
but this is not enforced by this indentation cleanup.
Also, I personally dislike tabs, so I have:
(setq-default indent-tabs-mode nil)
in my own configuration. However I have no desire to change every line
just for that effect. So this cleanup does nothing about the mix issue.
Some of the secondary files (e.g. regex.c) have been skipped.
I've also skipped crypt-gpgme.c, because I need to think about that
file. Werner Koch and the GnuPG team contributed most it, and it
follows the Gnu indentation settings. It should probably be made
uniform with Mutt, but I don't want to discourage future GnuPG
contribution to the file.
I manually reverted a few unsightly cleanups, and added a few tweeks
when I saw things that could be improved.
|
|
The result of
find . -name "*.[ch]" -exec emacs -batch {} \
--eval="(progn (delete-trailing-whitespace) (and (buffer-modified-p) (save-buffer)))" \;
|
|
Most of these have been "#if 0" out for 10-20 years. Any utility in
keeping them around is miniscule at this point.
There are a few other "#if 0" in the code, but I've kept them for now.
Some are utility functions that are not used, but I think still may
have some documentation value.
|
|
Some clients (or even mail servers) improperly encode the octetstream
part.
Thanks to Riccardo Schirone for the original merge request patch.
This commit also handles the attachment menu, and makes the decoding
conditional so it's not done if it isn't necessary.
|
|
Add $crypt_protected_headers_read config variable to enable reading
and updating the index/header cache.
Print protected Subject header in the pager as parts are rendered.
Once opened, update the index, subject hash, and header cache.
|
|
The past tense phrase makes it unclear whether the error is about a
failed action or the state of the message.
Thanks to Vincent Lefèvre for the improved wording suggestion.
|
|
Updating Japanese translation, I found that some of the updated messages
were a little hard to understand without reading the code.
Add comments to some messages I nearly translated in a wrong way.
|
|
This came up in the comp.mail.mutt newsgroup where a user wasn't
satisfied with the SHORT_MAX seconds ~9 hours limit on passphrase
timeouts.
For the first time made it necessary for the options parser to be
able to parse numbers as long values. Also, introduced
mutt_add_timeout() to detect possible overflow before adding a
timeout to a time_t value and truncate to TIME_T_MAX instead.
|
|
The difficulty is that "BEGIN PGP MESSAGE" could be a signed and
armored part, so we can't fail hard if it isn't encrypted.
Change pgp_check_decryption_okay() to return more status codes, with
>=0 indicating an actual decryption; -2 and -1 indicating plaintext
found; and -3 indicating an actual DECRYPTION_FAILED status code seen.
Fail hard on -3, but change the message for -2 and -1 to indicate the
message was not encrypted.
|
|
If set (the default) mutt performs more thorough checking of the
$pgp_decrypt_command status output for GnuPG result codes.
Ticket #39 revealed that GnuPG (currently) does not protect against
messages that have been manipulated to contain an empty encryption
packet followed by a plaintext packet.
A huge thanks to Marcus Brinkmann for researching this issue, taking
the time to report it to us (and the GnuPG team), and taking even more
time to clarify exactly what needed to be checked for.
|
|
pgp_extract_keys_from_messages() has been subsumed by
crypt_extract_keys_from_messages(). The function had incorrect
multi-bit flag comparisons, but since it's dead code, remove it
instead.
|
|
Add helpers and iterate over the actx->idx instead of the BODY structure.
|
|
Vincent expressed some legitimate concerns about exporting this to all
programs lauched by mutt. The user can always set GPG_TTY in their
.bashrc if needed for $sendmail. cf90bf5989f3 should resolve the
refresh issue.
|
|
This allows other programs mutt runs to use the ncurses pinentry if needed.
|
|
Partially revert fa1192803257, restoring setenv. It turns out we
still need the function.
|
|
The documentation implies that all children processes will be affected
by the setenv command, so convert all the exec calls to use
mutt_envlist().
The setenv("GPG_TTY") call is no longer needed so remove it.
With that removed, there are no other setenv calls in mutt, so remove
the autoconf check and replacement function.
|
|
|
|
Changeset 37209157e33c converted filters to use the envlist.
Unfortunately, I missed that pgp.c sets GPG_TTY when using the GnuPG
agent. Convert to add GPG_TTY to the envlist too.
|
|
The parameter was used to notify the caller if the sign (a)s menu was
invoked, which displayed the key selection menu. This is no longer
necessary with the menu stack pop operation.
|
|
Changeset 23334e967dd7 created a workaround for a namespace conflict
with Solaris and derivatives. After some discussion, the team decided
it would be best to move away from using the "M_" prefix for macros.
This patch was automatically generated by running:
perl -wpi -e 's/\bM_(\w+)\b/MUTT_$1/g' `find . -name '*.[ch]' -print`
with the exception that sys_socket.h was exempted. (That file will
be backed out subsequent to this commit.)
Thanks to Andras Salamon for supplying the perl script used to make
this change.
|
|
Thanks to Moritz Barsnick for reporting these.
|
|
encrypted. (closes #3770)
In pgp classic mode, if the $pgp_decrypt_command generated output, it
assumed the content was encrypted. However, gpg will generate output
even if the block is simply signed and armored text. The problem is
that mutt was then printing mime headers labelling the output as
encrypted text in the ui.
Add a new option, and suggested value of:
set pgp_decryption_okay="^\\[GNUPG:\\] DECRYPTION_OKAY"
If set, the output from the decrypt command will be scanned for this
regexp to confirm an actual decryption occurred.
Note that gpgme already correctly rejects this form of spoofed message.
|
|
Vincent Lefèvre pointed out the common shortcut, e.g 1996-9, is
actually not allowed for copyright years. Convert all the copyright
years (for mutt files) to use 4 digits.
|
|
This patch only updates existing copyright notices in the source
files, using commit dates since the last copyright update in commits
e3af935cdb1a and f8fd60d8d3f2.
Add a notice to the COPYRIGHT file to refer to our mercurial
repository for the full commit history.
Add myself to the COPYRIGHT file and smime_keys.pl file.
|
|
These were suggested by TAKAHASHI Tamotsu.
|
|
This documents the 'f' "forget it" choice for translators.
Thanks to Benno Schulenberg for pointing this out and for the original
patch.
|
|
In certain circumstances, Exchange corrupts a multipart/encrypted block
into:
<multipart/mixed>
<text/plain>
<application/pgp-encrypted> [BASE64-encoded]
<application/octet-stream> [BASE64-encoded]
This patch pulls the full detection of valid/invalid multiparts
into mutt_body_handler(). It extracts a run_decode_and_handler()
function, which is reused by new intermediate handlers to decode
the application/octet-stream part before passing it directly to
crypt_pgp_encrypted_handler. These intermediate handlers then check
and set any GOODSIG flags back into the parent part.
This change may result in less error messages for invalid
multipart/encrypted parts. Instead, mutt will default to the
multipart_handler if it isn't fully "correct".
Viewing attachments uses crypt_pgp_decrypt_mime() which bypasses the
handler mechanism. Add decoding to the decrypt_mime() functions for pgp
and gpgme.
Thanks to Vincent Brillault for his analysis and initial patch.
|
|
|