Kevin McCarthy [Thu, 28 Apr 2016 00:56:56 +0000 (17:56 -0700)]
Modify the compose screen to use windows.
The header field positions enum is now started at 0: the windows
compute the relative positioning as needed. A small improvement from
this is that the headers now align with the top: there isn't a gap if
$help is turned off.
Kevin McCarthy [Thu, 28 Apr 2016 00:56:55 +0000 (17:56 -0700)]
Modify the pager to use windows.
The pager view is somewhat complex, due to the "mini-index" and the
positioning of the index_status vs pager_status changes depending on
$status_on_top as well as $pager_index_lines and $help.
To make things simpler, it creates four "pager windows":
index_status_window, index_window, pager_status_window, pager_window.
mutt_term_width() is renamed to mutt_window_wrap_cols() and a
mutt_window_t parameter passed in.
Also, the pager drawing loop calling display_line() has a
mutt_window_move() added to move to the beginning of the next line
each time. This is in case the pager_window isn't flush with the left
side of the terminal.
Kevin McCarthy [Thu, 28 Apr 2016 00:56:51 +0000 (17:56 -0700)]
Modify the menu code to use windows.
Change menu.c to use the mutt_window_t structures and functions. The
index/stats/help/message window pointers are stored inside the menu_t.
This is useful for the pager, where the "index" we want to use is a
mini-index.
Kevin McCarthy [Thu, 28 Apr 2016 00:56:49 +0000 (17:56 -0700)]
Add window structures to use for screen layout.
This is a series of 11 patches, centralizing Mutt screen drawing
inside windows (mutt_window_t structures).
Currently, the screen drawing and cursor positioning logic is
distributed all over the code, resulting in many files having the same
logic of where the help, status, message windows are. Additionally,
the code directly uses move and mvadd*/mvprint* functions, which means
if the layouts are changed, the row/column computation logic needs to
be changed all over the place.
The patch creates a (very simple) mutt_window_t structure and
functions for moving, addch/str/printw, along with clearing the line.
The windows keep track of where they are on the screen, allowing the
Mutt code to simply position elements relative to the window.
During curses initalization, and when the window is resized, the
window sizes and positions and recomputed. Also, a new option flags,
R_REFLOW is added for options that need to force a reflow when they are changed.
Thanks to Richard Russon for pointing out the slang compilation issue.
Kevin McCarthy [Wed, 27 Apr 2016 20:08:52 +0000 (13:08 -0700)]
Create a wrapper sys_socket.h to work around Solaris namespace issues. (closes #3833)
Solaris includes "sys/stream.h" inside their "sys/socket.h". This
include file adds many non-reserved macros to Mutt's namespace, two of
which conflict with existing Mutt macros.
The simplest fix would be to rename those macros in Mutt, however this
will cause difficulty with out-of-tree patches. This fix creates a
wrapper include file that preserves those existing macros and prevents
the Solaris values from entering Mutt's namespace.
Kevin McCarthy [Thu, 14 Apr 2016 19:35:50 +0000 (12:35 -0700)]
Pre-space softfill multi-column padding.
Similar to the previous patch, this deals with multi-column padding
characters and soft-fill. This will add spacing so the padding and
content after padding aligns with the right side.
You can see the effect by setting
set index_format="%s %*我[ooooo]"
and resizing the terminal. The right hand side will be jagged without
the patch.
Kevin McCarthy [Thu, 14 Apr 2016 19:35:48 +0000 (12:35 -0700)]
Add spacing to truncated multi-column characters when using soft-fill.
First, fix the left-hand side column truncation calculation:
"col + pad*pw -offset"
pad = (COLS - col - wid) / pw, so this becomes
"col + COLS - col - wid - offset" =>
"COLS - wid - offset"
The problem is that pad was calculated *before* the right side was
mutt_wstr_trunc() truncated, which may adjust wid! We want that
calculation, with correct values, so instead just use the final
reduction directly. (Note, the reduction ignores integer truncation,
but pad shouldn't be used here in any case, because it's negative:
there is no padding occuring).
Second, when the left-hand side is truncated, multi-column characters
may get chopped in the middle. Truncated characters are not included
in the wlen and col values returned. Add spaces until the number of
columns lines up (checking to make sure we don't run out of space
too).
Kevin McCarthy [Sun, 10 Apr 2016 23:02:06 +0000 (16:02 -0700)]
Fix mutt_protect() when INLINE is set. (closes #3828)
The oppenc changes allow security bits to be set even when not
encrypting or signing (for instance, OPPENCRYPT and INLINE).
mutt_protect() assumed that if INLINE is set, then either ENCRYPT or
SIGN must also be set. Specifically, it would end up inline-signing
the message even though neither was set.
Ensure mutt_protect() is a noop if neither SIGN or ENCRYPT are set.
In ci_send_message(), check for sign or encrypt before calling the
crypt_get_keys() / mutt_protect() block, and also in the fcc section
(since clear_content would be NULL if not).
The second change to the fcc part is somewhat redundant, but better to
be explicit and avoid the case where the subtype is somehow
"encrypted" or "signed" even though msg->security wasn't set thus.
Kevin McCarthy [Fri, 8 Apr 2016 22:27:17 +0000 (15:27 -0700)]
Fix pager.c format_line() to use size_t for mbrtowc() retvals.
While fixing up the error checking for mbrtowc(), I noticed the uses
in pager.c format_line() were assigning the retval to an int.
The cleanup for this was a little tricky, because it was making use of
possible negative values for (k1 - k). The backspace detection loop
condition was a bit heavy, so this patch first pulled the
initialization and first call above, and put the second call inside
the loop.
Note that k1 previously included k, but this patch changes it to be
just the retval of mbrtowc. This means the second mbrtowc() arguments
are changed to include k, as is the ch increment at the bottom of the
loop.
Kevin McCarthy [Fri, 8 Apr 2016 22:20:53 +0000 (15:20 -0700)]
Reset mbstate for other mbrtowc() calls returning -1
Continue the cleanup started in changesets c8c76a6a1e61 and a3450fd50d11. In those changesets, a bug was occurring due to the
mbstate not being reset when mbrtowc() returned -1.
This patch fixes other callers of mbrtowc() to reset mbstate when it
returns -1.
Kevin McCarthy [Tue, 5 Apr 2016 21:31:36 +0000 (14:31 -0700)]
Fix IDNA functions for systems without iconv.
The IDNA changes for SMTPUTF8 support introduced a bug for systems
without iconv. For those systems, the local<->intl functions would
return an error due to the charset conversion failing.
Change mutt_idna.c back to being conditionally compiled, but this time
based on HAVE_ICONV. If there is no iconv, stub out the functions in
mutt_idna.h.
Kevin McCarthy [Fri, 1 Apr 2016 16:38:47 +0000 (09:38 -0700)]
Fix hcversion.h generation error when using included gettext.
When configuring mutt with --enable-hcache and
--with-included-gettext, there is an automake ordering issue:
BUILT_SOURCES are processed before SUBDIRS. Therefore, the
'hcversion.h' target is run before the included gettext (intl) is
built.
The hcversion.h target runs the cpp over config.h and mutt.h,
but mutt.h includes lib.h which tries to #include <libintl.h>.
Unfortunately, libintl.h (in this configuration) is generated by the
intl subdir build and so doesn't exist yet.
While the build doesn't completely fail, the resulting hcversion.h is
incorrect: it's just the md5sum of the initial value of BASEVERSION.
This fix is somewhat of a hack but is cleaner than trying to change
automake's behavior. It inserts a '#undef ENABLE_NLS' in between the
config.h and mutt.h sent to the cpp. Since hcachever.sh is just
scanning the data structures used by mutt, this shouldn't affect the
hash generated.
Kevin McCarthy [Wed, 30 Mar 2016 20:16:20 +0000 (13:16 -0700)]
Filter out bidi marks in rfc2047 and rfc2231 encoding. (see #3827)
Filter out U+200F RIGHT-TO-LEFT MARK and U+200E LEFT-TO-RIGHT MARK in
rfc2047 and 2231 encoded fields. GNU Screen has a bug that corrupts
the display, and can cause the wrong email to appear to be selected in
the index. Until screen fixes the issue, filter it out in mutt.
Kevin McCarthy [Sat, 26 Mar 2016 22:45:18 +0000 (15:45 -0700)]
Fix error handling in sync_helper() and imap_sync_mailbox(). (closes #3817)
This patch is based on the one Richard Russon found in the Fedora package.
If an error occurs during one of the imap_exec() calls in
imap_sync_mailbox(), the mailbox could end up being closed. This
would cause idata->ctx to be NULL. Add a check in sync_helper() for
the case where idata->ctx == NULL.
In imap_sync_mailbox(), check the return value of sync_helper(). To
keep the code simple, change rc from being the sum of the calls to the
bitwise-OR of the calls. (We only need to know if a single flag needs
to be updated, and bitwise-OR will detect negatives.)
Below the calls to sync_helper(), if the call to imap_exec() fails,
make sure rc is set to -1.
Kevin McCarthy [Wed, 23 Mar 2016 22:28:25 +0000 (15:28 -0700)]
Prevent renaming root folder in imap.
The root folder results in mx.mbox being NULL, which causes a
segfault. This can be triggered by entering a subfolder and trying to
rename the ".." entry.
Due to the translation string freeze, no visible error message is
displayed. Add a TODO note about this for post-1.6 release.
Kevin McCarthy [Wed, 23 Mar 2016 01:00:13 +0000 (18:00 -0700)]
Clean up mutt_wstr_trunc() some more.
* Change return type to size_t.
The return value is the cumulation of values from mbrtowc(), which
returns size_t. All callers already assign the return value to a
size_t, requiring no external changes.
* Change the local variables n, w, l, and cl to size_t.
n is the strlen of the src parameter. l and cl are used for the
return value. w is assigned to the *width parameter, which is
size_t.
cw is kept as an int, because wcwidth returns type int.
* Change error handling of mbrtowc to be the same as other functions
in mutt: only reset mbstate when the retval==-1. When retvat==-2,
set cl=n to break out of the loop. Also, set wc to replacement_char
and allow the logic below to determine the width instead of
hardcoding to 1.
Kevin McCarthy [Sun, 20 Mar 2016 00:25:10 +0000 (17:25 -0700)]
Turn off asserts in sendlib.c.
The Doctor reported triggering an assertion in convert_file_to(), due
to an unexpected errno from iconv(). According to the comments, the
assertions were only enabled for debugging and should have been turned
off. We certainly don't want to abort mutt for this case, so just
disable them as the comment indicates.
Kevin McCarthy [Wed, 16 Mar 2016 01:04:26 +0000 (18:04 -0700)]
Prevent ctx->fp from being closed twice in the event of an error.
The previous patch from Vincent exposed a crash if ftruncate() fails
in mbox_sync_mailbox(). Change fclose() to safe_fclose(), to avoid it
being called twice.
The function generating a list of parts to join had incorrect sorting
logic. It was comparing values, not attributes. Additionally, the
order logic wasn't correct.
Thanks to TAKAHASHI Tamotsu for pointing out the value vs attribute
comparison bug.
Kevin McCarthy [Tue, 8 Mar 2016 23:57:55 +0000 (15:57 -0800)]
Add $resume_edited_draft_files option.
This adds an extra header when saving edited draft files (-E -H on the
command line). With this header, the next time they are edited, they
are automatically "resumed" (by setting $resume_draft_files).
The idea is to prevent multiple user-defined headers and signatures
from being added to the draft message by avoiding processing it as a
brand new message after the first time.
Kevin McCarthy [Tue, 8 Mar 2016 23:57:50 +0000 (15:57 -0800)]
Add $resume_draft_files option.
When set, draft files are processed the same as when resuming
postponed messages. One use of this option is to avoid multiple
user-defined headers and signatures being added to the message.
(e.g. when -E is used repeatedly on the draft files).
Kevin McCarthy [Wed, 2 Mar 2016 23:08:49 +0000 (15:08 -0800)]
Add hard redraw for the gpgme application/pgp handler.
Will Yardley reported display artifacts and keyboard issues after
decrypting a traditional pgp message using gpgme. It turns out the
gpgpme code path was missing a hard_redraw() to repaint the screen
after pinentry.
Kevin McCarthy [Tue, 16 Feb 2016 03:44:23 +0000 (19:44 -0800)]
Add $pgp_decryption_okay to verify multipart/encrypted are actually encrypted. (closes #3770)
In pgp classic mode, if the $pgp_decrypt_command generated output, it
assumed the content was encrypted. However, gpg will generate output
even if the block is simply signed and armored text. The problem is
that mutt was then printing mime headers labelling the output as
encrypted text in the ui.
Add a new option, and suggested value of:
set pgp_decryption_okay="^\\[GNUPG:\\] DECRYPTION_OKAY"
If set, the output from the decrypt command will be scanned for this
regexp to confirm an actual decryption occurred.
Note that gpgme already correctly rejects this form of spoofed message.
Kevin McCarthy [Sun, 7 Feb 2016 18:15:27 +0000 (10:15 -0800)]
Fix pgp and smime decryption in mutt_prepare_template().
Change the "combined" multipart decryption block to only work for pgp,
since mutt_is_multipart_encrypted() currently only checks for pgp
headers and it therefore only worked for pgp in the first place.
Fix the newhdr->security to be based on what that function returns,
instead of the "context" hdr passed in.
Add a smime decryption block below when iterating through the content.
Fix the application/pgp decryption block to assign to hdr->security
using the type of the app/pgp part instead of hdr->content.
Kevin McCarthy [Sat, 23 Jan 2016 20:30:16 +0000 (12:30 -0800)]
Increase HUGE_STRING size to 8192. (see #3804)
The interface for editing a large number of recipients is poor and
perhaps shouldn't be using a fixed buffer size. Until a redesign can
be thought about, this will help.
Kevin McCarthy [Tue, 19 Jan 2016 22:05:52 +0000 (14:05 -0800)]
Make sasl authentication buffers dynamically sized. (see #3804)
The reporter found that the current buffer of HUGE_STRING was
insufficient in his case to encode the clientout response back to the
server in imap_auth_sasl().
Since sasl gives us the size of "clientout", we can dynamically malloc
and resize the buffer as needed. This patch uses max(LONG_STRING,
(clientoutlen*2)). This is sufficient to hold the base64 encoded
value plus additional prefix/suffix needed in each protocol.
The size is rechecked after each sasl_client_step() and resized as
needed.
Similar code is in pop_auth_sasl() and smtp_auth_sasl(), so convert
all three to use a dynamic buffer.
Kevin McCarthy [Wed, 6 Jan 2016 02:08:07 +0000 (18:08 -0800)]
Allow tab as a delimiter in smime .index files. (closes #3802)
The old parsing code used fscanf, and so happened to allow a tab as a
delimiter. Even though smime_keys.pl uses a space, some users
maintain their own .index files by hand (using tab delimiters), so
continue to allow that delimiter.
Kevin McCarthy [Tue, 5 Jan 2016 00:28:56 +0000 (16:28 -0800)]
Add a couple missing ATTACHPTR->tree frees.
While working on ticket 3800, I noticed the tree wasn't being freed
inside OP_COMPOSE_EDIT_HEADERS. Add a free there, and in the cleanup
at the end of mutt_compose_menu().
A few other sections in mutt_compose_menu() are performing a
free-on-error where the tree isn't allocated yet, so skip it for
those.
I believe this is actually not fixing a memory leak: all attachments
are always at level 0 in the compose menu (as far as I know); so
nothing is ever allocated in the tree pointer. However since other
parts of the code in compose.c clean this up, it make sense to add
them here too.
S. Gilles [Mon, 4 Jan 2016 21:57:40 +0000 (13:57 -0800)]
Prefer bright versions (8-15) of colors for brightXXX backgrounds.
When a bright color is specified as a background, try to use the
bright version of that color, falling back to the A_BLINK method only
on terms which do not support enough colors.
Kevin McCarthy [Fri, 1 Jan 2016 20:24:53 +0000 (12:24 -0800)]
Use strrchr to search for Received date separator. (closes #3798)
Sample email provided by the submitter showed a Received header with a
";" at the end of each line, instead of a single ";" in front of the
date. The emails are obviously not RFC compliant, but the fix is
simple enough: find the last ";" using strrchr instead of the first.
Kevin McCarthy [Fri, 1 Jan 2016 20:07:46 +0000 (12:07 -0800)]
Convert copyright years to all use 4 digit years.
Vincent Lefèvre pointed out the common shortcut, e.g 1996-9, is
actually not allowed for copyright years. Convert all the copyright
years (for mutt files) to use 4 digits.
Kevin McCarthy [Fri, 1 Jan 2016 20:07:40 +0000 (12:07 -0800)]
Update copyright notices.
This patch only updates existing copyright notices in the source
files, using commit dates since the last copyright update in commits e3af935cdb1a and f8fd60d8d3f2.
Add a notice to the COPYRIGHT file to refer to our mercurial
repository for the full commit history.
Add myself to the COPYRIGHT file and smime_keys.pl file.
Kevin McCarthy [Fri, 1 Jan 2016 17:48:51 +0000 (09:48 -0800)]
Fix segfault when deleting and reusing attachment slots. (closes #3800)
When attachments are deleted, delete_attachment() slides the entries
down in the idx array, but forgets to NULL out the last vacated slot.
If more attachments are added later on via OP_COMPOSE_EDIT_HEADERS and
the Attach: pseudo-header, mutt_gen_attach_list() will attempt to
re-use the ATTACHPTR in that last slot because it wasn't set to NULL.
This will be pointing to freed memory and likely segfault (at best).
Kevin McCarthy [Tue, 8 Dec 2015 17:11:30 +0000 (09:11 -0800)]
Fix hash table key "use after free" in mh_check_mailbox(). (closes #3797)
The fnames hash uses the maildir->header->path as the key. As matches
are found, the headers are freed. This inadvertantly also freed the key
to the hashtable entry; the next hash_find() going to the same bucket
might end up comparing keys with a freed string.
This patch stores the path in the struct maildir canon_fname field (just
as maildir_check_mailbox() does) and uses that as the hash key instead.
This field isn't used outside of maildir_check_mailbox(), and is
automatically freed for us in the maildir_move_to_context() call at the
bottom of both functions.
Note there are other ways to fix this problem:
- Add a new mode to the hash table, causing it to strdup the keys and
free them itself.
- Delete the entries in the fnames hash, rather leaving them there.
The first seems the cleanest, but would end up touching much more code.
The second is also clean, but might have a negative performance impact.
Additionally, peeking back in history to changeset 1d45a50b6f9b, it
looks like the canon_fname used to be used by mh too, so perhaps
removing the strdup may have been a mistake during refactoring at some
point.
Kevin McCarthy [Thu, 3 Dec 2015 23:23:34 +0000 (15:23 -0800)]
Provide a better prompt and error for inline PGP with attachments. (closes #3738)
Change mutt_protect() to check for text/plain before trying to invoke
crypt_pgp_traditional_encryptsign(). This way, mutt can provide a bit
more specific prompt and error message.
Since pgp_mime_auto says it will prompt in the event of any failure,
keep the more generic prompt after the encryptsign call too.
Kevin McCarthy [Wed, 2 Dec 2015 02:20:27 +0000 (18:20 -0800)]
Loosen mutt_signed_handler() protocol value consistency check. (closes #3639)
Apparently, for S/MIME, some MUAs mismatch the protocol value of
the multipart/signed and the content-type of the signature: putting
"pkcs7-signature" in one and "x-pkcs7-signature" in the other.
Change mutt_signed_handler() to independently verify the values of the
protocol and the content-type. This still checks for correct values but
doesn't ensure they match between the two (for S/MIME).