Pietro Cerutti [Wed, 17 Apr 2019 09:29:31 +0000 (09:29 +0000)]
Make buffer pool initialization lazy
This fixes an issue in the startup sequence where a buffer is requested
from the buffer pool before mutt_buffer_pool_init is called. The latter
doubles up the number of buffers even though there are free ones.
Richard Russon [Sun, 14 Apr 2019 14:30:23 +0000 (15:30 +0100)]
fix Mailbox->append,changed flags
Replying to an email caused some unwanted side-effects:
- Updating the Context left `m->changed == false`
- `mutt_write_fcc()` left `m->append == true`
Richard Russon [Tue, 2 Apr 2019 12:50:16 +0000 (12:50 +0000)]
fix trash_append()
Prevent a crash when reopening a Mailbox.
> How exactly do these changes prevent the crash from occurring?
It's all about how mx_mbox_open() handles flags. These four examples
are where we have a Mailbox open in 'normal' mode and try to open it
again in 'append' mode.
'Append' mode only makes sense for 'mbox' and 'compress', but the flag
affects mx_mbox_open(). It causes the function to create a duplicate
Mailbox, which is then used and discarded. The original Mailbox is now
out of sync.
The workaround, simply hides the flag for mx_mbox_open(), but
temporarily sets the internal bool append. This means that we work with
one Mailbox.
Richard Russon [Tue, 2 Apr 2019 12:47:27 +0000 (12:47 +0000)]
fix pop_fetch_mail()
Prevent a crash when reopening a Mailbox.
> How exactly do these changes prevent the crash from occurring?
It's all about how mx_mbox_open() handles flags. These four examples
are where we have a Mailbox open in 'normal' mode and try to open it
again in 'append' mode.
'Append' mode only makes sense for 'mbox' and 'compress', but the flag
affects mx_mbox_open(). It causes the function to create a duplicate
Mailbox, which is then used and discarded. The original Mailbox is now
out of sync.
The workaround, simply hides the flag for mx_mbox_open(), but
temporarily sets the internal bool append. This means that we work with
one Mailbox.
Richard Russon [Tue, 2 Apr 2019 12:39:06 +0000 (12:39 +0000)]
fix save_message()
Prevent a crash when reopening a Mailbox.
> How exactly do these changes prevent the crash from occurring?
It's all about how mx_mbox_open() handles flags. These four examples
are where we have a Mailbox open in 'normal' mode and try to open it
again in 'append' mode.
'Append' mode only makes sense for 'mbox' and 'compress', but the flag
affects mx_mbox_open(). It causes the function to create a duplicate
Mailbox, which is then used and discarded. The original Mailbox is now
out of sync.
The workaround, simply hides the flag for mx_mbox_open(), but
temporarily sets the internal bool append. This means that we work with
one Mailbox.
Richard Russon [Mon, 1 Apr 2019 14:09:14 +0000 (14:09 +0000)]
fix ev_message()
Prevent a crash when reopening a Mailbox.
> How exactly do these changes prevent the crash from occurring?
It's all about how mx_mbox_open() handles flags. These four examples
are where we have a Mailbox open in 'normal' mode and try to open it
again in 'append' mode.
'Append' mode only makes sense for 'mbox' and 'compress', but the flag
affects mx_mbox_open(). It causes the function to create a duplicate
Mailbox, which is then used and discarded. The original Mailbox is now
out of sync.
The workaround, simply hides the flag for mx_mbox_open(), but
temporarily sets the internal bool append. This means that we work with
one Mailbox.
Richard Russon [Tue, 9 Apr 2019 13:09:00 +0000 (14:09 +0100)]
merge: upstream changes
* browser.c: Convert LastDir and LastDirBackup to Buffer
* browser.c: Convert prefix to Buffer
* browser.c: Convert buf to Buffer
* browser.c: Convert other browser local variables to Buffer
* browser.c: Convert f parameter to Buffer
* Create mutt_buffer_mailbox() buffer function
* Change main() folder to be Buffer
Richard Russon [Tue, 9 Apr 2019 12:02:28 +0000 (13:02 +0100)]
merge: upstream changes
* Fix raw socket read/write to follow expected behavior
* Fix truncation of long filenames in attachments
* Add $include_encrypted config to prevent reply-decryption attack
* Use gpgme recipient strings for encryption when available
* Fix mailcap %{charset} expansion in send mode
* Check noconv for mailcap %{charset} send mode expansion
* Expand a couple of the comments about charset
* Add "Message Composition Flow" section to manual
* Minor buffer handling code cleanup
* Improve imap uid seqset hcache buffer usage
* Fix imap_pretty_mailbox() call to url_ciss_tostring()
* Add mutt_buffer_expand_path()
* Fixes to mutt_buffer_expand_path()
* Add mutt_buffer_strcpy_n()
* Add mutt_getcwd()
* Add documentation on thread tree characters and config vars
* Fail oauth quietly if it was not configured
* Change IMAP to try oauthbearer first
* Remove h->active hack in imap_sync_message_for_copy()
* Restore active flag in imap_fetch_message() on error
* Add a note about spam and the header cache in the manual
Kevin McCarthy [Fri, 29 Mar 2019 22:21:02 +0000 (15:21 -0700)]
Change IMAP to try oauthbearer first
$imap_authenticators says if it is unset, the authenticators from
most-secure to secure will be tried. It makes sense for oauthbearer
to come first, like with POP.
To make this change backwards compatible, it depends on the previous
commit, which changed imap_auth_oauth() to return IMAP_AUTH_UNAVAIL if
oauth is not configured or explictily requested.
Kevin McCarthy [Sun, 10 Mar 2019 02:03:52 +0000 (10:03 +0800)]
Improve imap uid seqset hcache buffer usage
mutt_buffer_increase_size() terminates the buffer, so there is no need
to explicitly check for an empty buffer after the
imap_msn_index_to_uid_seqset() call.
Kevin McCarthy [Sun, 10 Mar 2019 01:58:07 +0000 (09:58 +0800)]
Minor buffer handling code cleanup
Use mutt_buffer_len() and mutt_buffer_clear() to make the code a bit
clearer. There are still places in the code that manipulate the
buffers directly (pattern.c, for example), but that doesn't mean we
shouldn't abstract the buffer where we can.
Add comments in a couple places where unusual buffer manipulation is
occurring.
Kevin McCarthy [Fri, 8 Mar 2019 11:48:41 +0000 (19:48 +0800)]
Check noconv for mailcap %{charset} send mode expansion
Improve the previous commit by checking to make sure a->noconv also
isn't set. If noconv is set, we ignore any value a->charset might
have picked up during previous encoding checks.
Kevin McCarthy [Fri, 22 Feb 2019 21:50:52 +0000 (13:50 -0800)]
Add $include_encrypted config to prevent reply-decryption attack
@jensvoid, in cooperation with Ruhr-Uni Bochum and FH Münster,
Germany, reported a possible "Oracle decryption" attack on various
mail clients. An attacker could include previously encrypted contents
they obtained access to, and include it in a message. Replying
without trimming would include the decrypted contents.
This attack relies on several "ifs", and is more dangerous for clients
that compose HTML mail. However, it is still an issue that an
unwary/busy Mutt user could fall for.
Add a new config $include_encrytped, defaulting off, to reduce the
possibility of the user being unaware of previously encrypted parts in
the reply. Only the main initial encrypted part will be included in
the reply.
Andrey Skvortsov [Thu, 21 Feb 2019 13:37:05 +0000 (16:37 +0300)]
Fix truncation of long filenames in attachments
Currently mutt truncates long filenames in attachments and doesn't
take into account UTF-8 character size. If filename is truncated in
the middle of multi-byte UTF-8 character (last character is bad),
then some mail clients assume whole attachment name bad and don't
display its name (use 'Noname' instead).
Filenames can be up to 255 *characters* long depending on used
filesystem. ReiserFS, NFTS, FAT, APFS and some other supports up to
255 characters.
In the worst case 255 characters in UTF-8 will take 255*4 = 1020
bytes. Every non-ascii byte in the filename will be encoded using 3
bytes (for example, %8D).
So 'Content-Disposition' will take in the worst case up to: 1020*3 =
3060 bytes. Therefore even LONG_STRING (1024) isn't enough.
projects / neomutt / log