Richard Russon [Tue, 9 Apr 2019 13:09:00 +0000 (14:09 +0100)]
merge: upstream changes
* browser.c: Convert LastDir and LastDirBackup to Buffer
* browser.c: Convert prefix to Buffer
* browser.c: Convert buf to Buffer
* browser.c: Convert other browser local variables to Buffer
* browser.c: Convert f parameter to Buffer
* Create mutt_buffer_mailbox() buffer function
* Change main() folder to be Buffer
Richard Russon [Tue, 9 Apr 2019 12:02:28 +0000 (13:02 +0100)]
merge: upstream changes
* Fix raw socket read/write to follow expected behavior
* Fix truncation of long filenames in attachments
* Add $include_encrypted config to prevent reply-decryption attack
* Use gpgme recipient strings for encryption when available
* Fix mailcap %{charset} expansion in send mode
* Check noconv for mailcap %{charset} send mode expansion
* Expand a couple of the comments about charset
* Add "Message Composition Flow" section to manual
* Minor buffer handling code cleanup
* Improve imap uid seqset hcache buffer usage
* Fix imap_pretty_mailbox() call to url_ciss_tostring()
* Add mutt_buffer_expand_path()
* Fixes to mutt_buffer_expand_path()
* Add mutt_buffer_strcpy_n()
* Add mutt_getcwd()
* Add documentation on thread tree characters and config vars
* Fail oauth quietly if it was not configured
* Change IMAP to try oauthbearer first
* Remove h->active hack in imap_sync_message_for_copy()
* Restore active flag in imap_fetch_message() on error
* Add a note about spam and the header cache in the manual
Kevin McCarthy [Fri, 29 Mar 2019 22:21:02 +0000 (15:21 -0700)]
Change IMAP to try oauthbearer first
$imap_authenticators says if it is unset, the authenticators from
most-secure to secure will be tried. It makes sense for oauthbearer
to come first, like with POP.
To make this change backwards compatible, it depends on the previous
commit, which changed imap_auth_oauth() to return IMAP_AUTH_UNAVAIL if
oauth is not configured or explictily requested.
Kevin McCarthy [Sun, 10 Mar 2019 02:03:52 +0000 (10:03 +0800)]
Improve imap uid seqset hcache buffer usage
mutt_buffer_increase_size() terminates the buffer, so there is no need
to explicitly check for an empty buffer after the
imap_msn_index_to_uid_seqset() call.
Kevin McCarthy [Sun, 10 Mar 2019 01:58:07 +0000 (09:58 +0800)]
Minor buffer handling code cleanup
Use mutt_buffer_len() and mutt_buffer_clear() to make the code a bit
clearer. There are still places in the code that manipulate the
buffers directly (pattern.c, for example), but that doesn't mean we
shouldn't abstract the buffer where we can.
Add comments in a couple places where unusual buffer manipulation is
occurring.
Kevin McCarthy [Fri, 8 Mar 2019 11:48:41 +0000 (19:48 +0800)]
Check noconv for mailcap %{charset} send mode expansion
Improve the previous commit by checking to make sure a->noconv also
isn't set. If noconv is set, we ignore any value a->charset might
have picked up during previous encoding checks.
Kevin McCarthy [Fri, 22 Feb 2019 21:50:52 +0000 (13:50 -0800)]
Add $include_encrypted config to prevent reply-decryption attack
@jensvoid, in cooperation with Ruhr-Uni Bochum and FH Münster,
Germany, reported a possible "Oracle decryption" attack on various
mail clients. An attacker could include previously encrypted contents
they obtained access to, and include it in a message. Replying
without trimming would include the decrypted contents.
This attack relies on several "ifs", and is more dangerous for clients
that compose HTML mail. However, it is still an issue that an
unwary/busy Mutt user could fall for.
Add a new config $include_encrytped, defaulting off, to reduce the
possibility of the user being unaware of previously encrypted parts in
the reply. Only the main initial encrypted part will be included in
the reply.
Andrey Skvortsov [Thu, 21 Feb 2019 13:37:05 +0000 (16:37 +0300)]
Fix truncation of long filenames in attachments
Currently mutt truncates long filenames in attachments and doesn't
take into account UTF-8 character size. If filename is truncated in
the middle of multi-byte UTF-8 character (last character is bad),
then some mail clients assume whole attachment name bad and don't
display its name (use 'Noname' instead).
Filenames can be up to 255 *characters* long depending on used
filesystem. ReiserFS, NFTS, FAT, APFS and some other supports up to
255 characters.
In the worst case 255 characters in UTF-8 will take 255*4 = 1020
bytes. Every non-ascii byte in the filename will be encoded using 3
bytes (for example, %8D).
So 'Content-Disposition' will take in the worst case up to: 1020*3 =
3060 bytes. Therefore even LONG_STRING (1024) isn't enough.
Kevin McCarthy [Mon, 21 Jan 2019 23:19:08 +0000 (15:19 -0800)]
Fix raw socket read/write to follow expected behavior
The mutt_sasl.c code expects conn_write() to write the entire buffer.
This is inconsistent with mutt_socket.c, but since other conn_write()
implementations guarantee this, change raw_socket_write() to do so too
for now.
Also, update reading and writing to loop on EINTR, as gnutls does.
They won't return EAGAIN or EWOULDBLOCK because we don't mark sockets
as non-blocking.
Pietro Cerutti [Thu, 4 Apr 2019 07:28:03 +0000 (07:28 +0000)]
Disable mailbox notify on close
This fixes a crash when two mailboxes have been opened within a session,
and an 'unmailboxes *' command is issued. In this case, both the current
mailbox and the previously opened mailbox have a non-NULL `notify`
member. The notify method assumes the mailbox is currently active within
the context. The context gets thus doubly freed.
Darshit Shah [Tue, 26 Mar 2019 07:40:11 +0000 (08:40 +0100)]
sidebar: New option to display only non-empty mailboxes
Adds a new option $sidebar_only_non_empty_mailboxes which forces neomutt
to display only the mailboxes that have atleast one mail in them. This
option will also work in tandem with the existing $side_new_mail_only
projects / neomutt / log