Kevin McCarthy [Thu, 2 May 2019 19:31:29 +0000 (12:31 -0700)]
Write rfc2231 parameter continuations for long parameters.
Previously, Mutt would truncate long attachment filenames, to avoid
writing an illegal length header line. This commit is a followup to 4dcb3ba1, where I reverted an incorrect fix for the problem.
rfc2231_encode_string() now returns a list of continuations, with
encoding and continuation number suffixes already appended to the
attribute. The function tries to keep the line length less than 78
characters, but the code is a bit imprecise as a trade off for
simplicity and readability.
Modify mutt_write_mime_header() to loop through the continuations.
Kevin McCarthy [Sun, 28 Apr 2019 22:48:33 +0000 (15:48 -0700)]
Fix mailbox search to not recompile for a repeated search.
The LastSearchExpn was being compared, but was never set to the
expanded search value. This was causing the search to be recompiled
even if it were for the same previous expanded search string.
Kevin McCarthy [Fri, 26 Apr 2019 02:41:04 +0000 (19:41 -0700)]
Add $forward_attachments quadoption for inline-forward mode.
When set or answered yes, non text-decodable parts will be attached to
the new message. The default value is "ask-yes", because I believe
this is something people will want to use, and should be made aware of
the new possible behavior.
The option presents a nice middle ground between previous
inline-forwarding behavior (where all the non-text parts were
dropped), and $mime_forward where the entire email was included as an
attachment.
This was previously difficult to achieve, but after the
recv-attachment refactoring: (a19e5266^..faabd621)
it became possible to use the ATTACH_CONTEXT and the recvattach.c
helper mutt_generate_recvattach_list() to properly deal with nesting
and multiple file-handles.
Kevin McCarthy [Wed, 24 Apr 2019 02:06:11 +0000 (19:06 -0700)]
Add RECURSIVEMATCH LIST-EXTENDED selection option to query.
LSUB is required to include mailboxes with subscribed children, but
the just added "LIST (SUBSCRIBED)" by default does not do that.
To match previous behavior, add RECURSIVEMATCH to make sure the
children are included. Fix the parser to trim off the CHILDINFO
suffix in the response.
Parse \NonExistent LIST attribute the same as \NoSelect.
Improve hierarchy information accuracy in IMAP browser
Currently the IMAP browser relies on LIST and LSUB (for listing subscribed
folders) which may not provide the required hierarchy information.
RFC3348 section 3 goes as far as stating that a client mustn't rely on LSUB
for hierarchy information.
This patch implements the LIST command extensions specified in RFC5258
requiring that a server must respond with hierarchy information for
listed folders (whether or not filtering on subscribed folders).
Kevin McCarthy [Sun, 19 Aug 2018 16:25:53 +0000 (09:25 -0700)]
Add $imap_fetch_chunk_size to allow FETCHing new headers in chunks.
For extremely large mailboxes, some implementations will time out just
while fetching the new headers, because the client doesn't send any
commands for 30 minutes while downloading the large number of headers.
Rewrite imap_fetch_msn_seqset() to return chunks of size
$imap_fetch_chunk_size.
The change requires trusting the server will follow the RFC and not
send an EXPUNGE during or between the FETCH chunks; otherwise we'll
miss MSNs between the chunks because the shift.
We could in theory continue to set "msn_begin = idata->max_msn + 1",
but that makes the assumption there are no holes in the header cache
that we are filling in during a chunk. Personally I am dubious about
"header cache holes", but the IMAP code has explicitly mentioned and
handled them since prior to my involvement.
Since the RFC forbids the interleaving EXPUNGE I believe it's safe
enough to set "msn_begin = fetch_msn_end + 1" until proven otherwise.
Kevin McCarthy [Sun, 21 Apr 2019 18:00:23 +0000 (11:00 -0700)]
Fix unistring library configure test.
The "action-if-found" argument of AC_SEARCH_LIBS is run even if the
result is "none required" (i.e. the test function is already in LIBS,
in this case -lidn2).
This was causing "-lunistring" to be appended on a system without the
library installed, generating a build error. Fix the test to not
append the library for the "none required" case.
Thanks to Fabrice Fontaine for reporting this issue and helping me
test the fix.
Kevin McCarthy [Sat, 20 Apr 2019 19:34:35 +0000 (12:34 -0700)]
Convert compress to use mutt_buffer_quote_filename().
Because the compress expandos operate differently than the rest of
mutt, requiring manual outer quoting, add a parameter to the function
to toggle outer quoting off.
Kevin McCarthy [Fri, 19 Apr 2019 23:06:43 +0000 (16:06 -0700)]
Increase mutt_pgpring path size to silence warning.
This is an independent binary, and doesn't have access to the BUFFER
functions. The binary is used by very few (if any) people at this
point, so just make the minimum fix to silence the warning.
Kevin McCarthy [Thu, 18 Apr 2019 22:35:22 +0000 (15:35 -0700)]
Relocate lib.c functions to muttlib.c to enable BUFFER use.
Relocate safe_symlink(), safe_open(), mutt_rmtree() and their
dependent functions.
This rearrangement is a bit awkward. Another approach for the future
might be to convert lib.c into a muttlib.c aware file, and just copy
the functions pgppubring.c uses inside itself.
Kevin McCarthy [Wed, 17 Apr 2019 01:11:35 +0000 (18:11 -0700)]
Convert other users of BUFFY->pathbuf to use BUFFERS.
A few functions in browser.c, buffy.c, and monitor.c were using
BUFFY->pathbuf but were potentially truncating via fixed size buffers.
Convert those to use BUFFERS too.
buffy_get() was creating epath and expanding it, apparently to match
against expanded BUFFY list entries, was wasn't using the epath. I
believe this is a bug, and have switched the comparison to epath.
Kevin McCarthy [Tue, 16 Apr 2019 20:41:10 +0000 (13:41 -0700)]
Convert BUFFER->path to a BUFFER.
Rename to BUFFER->pathbuf to make it clear the field is a BUFFER, and
to make sure to catch and review all usages.
There are still uses of pathbuf that are truncating and need to be
fixed, for example in browser.c and buffy.c.
Fix up sidebar usage in one place, that was pointing inside the
BUFFY->path with a char *. At the same time, change their "short
folder" computation to also use a BUFFER.
Switch to generating the version string during make process rather than
at configure time. This makes it easier to keep the detailed version
string accurate when doing development which doesn't require that the
configure script be rerun.
Kevin McCarthy [Wed, 10 Apr 2019 00:52:14 +0000 (17:52 -0700)]
Convert mutt_expand_fmt() and rfc1524_expand_filename() to BUFFER.
These two functions were tied together and so are converted at the
same time.
Note that rfc1524_expand_filename() had an off-by-one error for the
left hand size of the name template. It was only copying i-1 instead
of the i characters before %s.
Kevin McCarthy [Fri, 29 Mar 2019 22:21:02 +0000 (15:21 -0700)]
Change IMAP to try oauthbearer first.
$imap_authenticators says if it is unset, the authenticators from
most-secure to secure will be tried. It makes sense for oauthbearer
to come first, like with POP.
To make this change backwards compatible, it depends on the previous
commit, which changed imap_auth_oauth() to return IMAP_AUTH_UNAVAIL if
oauth is not configured or explictily requested.
Kevin McCarthy [Wed, 13 Mar 2019 04:06:11 +0000 (12:06 +0800)]
Fix incorrect IMAP message purging bug.
Thanks to Ivan Middleton @imiddle for the awesome bug report and
suggested fix.
The bug is most easily generated using Gmail with the $trash variable
set.
Deleted messages are first copied to the $trash folder. If this is
set to "[Gmail]/Trash", then Gmail inteprets the copy as a "delete"
and sends EXPUNGE messages back for the messages.
cmd_parse_expunge() and cmd_parse_vanished() set the hdr->index to
INT_MAX, which subsequently an imap_expunge_mailbox() will use to
remove the messages from the local mailbox.
If we close the mailbox instead of sync it, Mutt will end up executing
the 'Deleted' flag setting before processing the expunge (because
"imap_check_mailbox() -> imap_cmd_finish()' doesn't set check_status
when we are closing). The expunged messages will then be included in
the set of 'Deleted' flags.
Unfortunately, because the messages are sorted by *index* before
msgset generation, an incorrect range of UIDs will be sent, which
could easily include messages that should not be deleted.
This fix is a minimal fix for a stable bug fix excluding
messages with the index set to INT_MAX from all msg sets. Other
things that should be investigated in master are:
- sorting by UID instead of index before msgset generation
- unsetting the 'active' flag in cmd_parse_expunge() and
cmd_parse_vanished() instead of waiting until imap_expunge_mailbox()
to do so.
Kevin McCarthy [Sun, 10 Mar 2019 02:03:52 +0000 (10:03 +0800)]
Improve imap uid seqset hcache buffer usage.
mutt_buffer_increase_size() terminates the buffer, so there is no need
to explicitly check for an empty buffer after the
imap_msn_index_to_uid_seqset() call.
Kevin McCarthy [Sun, 10 Mar 2019 01:58:07 +0000 (09:58 +0800)]
Minor buffer handling code cleanup.
Use mutt_buffer_len() and mutt_buffer_clear() to make the code a bit
clearer. There are still places in the code that manipulate the
buffers directly (pattern.c, for example), but that doesn't mean we
shouldn't abstract the buffer where we can.
Add comments in a couple places where unusual buffer manipulation is
occurring.
Kevin McCarthy [Fri, 8 Mar 2019 11:48:41 +0000 (19:48 +0800)]
Check noconv for mailcap %{charset} send mode expansion.
Improve the previous commit by checking to make sure a->noconv also
isn't set. If noconv is set, we ignore any value a->charset might
have picked up during previous encoding checks.
Kevin McCarthy [Fri, 22 Feb 2019 21:50:52 +0000 (13:50 -0800)]
Add $include_encrypted config to prevent reply-decryption attack.
@jensvoid, in cooperation with Ruhr-Uni Bochum and FH Münster,
Germany, reported a possible "Oracle decryption" attack on various
mail clients. An attacker could include previously encrypted contents
they obtained access to, and include it in a message. Replying
without trimming would include the decrypted contents.
This attack relies on several "ifs", and is more dangerous for clients
that compose HTML mail. However, it is still an issue that an
unwary/busy Mutt user could fall for.
Add a new config $include_encrytped, defaulting off, to reduce the
possibility of the user being unaware of previously encrypted parts in
the reply. Only the main initial encrypted part will be included in
the reply.
Andrey Skvortsov [Thu, 21 Feb 2019 13:37:05 +0000 (16:37 +0300)]
Fix truncation of long filenames in attachments.
Currently mutt truncates long filenames in attachments and doesn't
take into account UTF-8 character size. If filename is truncated in
the middle of multi-byte UTF-8 character (last character is bad),
then some mail clients assume whole attachment name bad and don't
display its name (use 'Noname' instead).
Filenames can be up to 255 *characters* long depending on used
filesystem. ReiserFS, NFTS, FAT, APFS and some other supports up to
255 characters.
In the worst case 255 characters in UTF-8 will take 255*4 = 1020
bytes. Every non-ascii byte in the filename will be encoded using 3
bytes (for example, %8D).
So 'Content-Disposition' will take in the worst case up to: 1020*3 =
3060 bytes. Therefore even LONG_STRING (1024) isn't enough.
Kevin McCarthy [Sat, 2 Feb 2019 23:03:03 +0000 (15:03 -0800)]
Separate out op variable in the browser.
The i variable is used in several places and scopes as a temporary
index variable, but is also used to record the current operation.
Separate them out to make the code less confusing.