Michał Kępień [Tue, 13 Dec 2016 19:16:10 +0000 (11:16 -0800)]
Rework OpenSSL certificate verification to support alternative chains. (closes #3903)
The way Mutt currently verifies SSL certificates using OpenSSL does
not support alternative chains, which may cause confusion when some
popular mail providers (e.g. Gmail) are used with specific sets of
trusted CA certificates.
Replace the "manual" verification done by mutt in
check_certificate_by_signer() with SSL_set_verify() using a callback.
OpenSSL then does the certificate verification, including properly
looking at alternative chains. The callback still provides the
opportunity to override using ~/.mutt_certificates or an interactive
prompt.
Kevin McCarthy [Sat, 3 Dec 2016 23:24:32 +0000 (15:24 -0800)]
Change sidebar_spoolfile coloring to be lower precedence.
Give sidebar_new and sidebar_flagged higher precedence than
sidebar_spoolfile, so that new and flagged message colors will show up
for the spoolfile in the sidebar.
Don't use X509_NAME_oneline() with a fixed size buffer, which could
truncate the string, perhaps leaving off the CN field entirely.
Instead, work directly off the X509_NAME.
Rather than use strstr to tokenize it, call
X509_NAME_get_text_by_NID() with the nid types. Although
X509_NAME_get_text_by_NID() is "legacy", it is the most directly
useful for mutt in this simple interactive prompt.
The function was set up to include the ST and C fields in the prompt,
but the loop limit was too low. I believe this was an oversight, so
increase the loop to include those two fields.
Kevin McCarthy [Mon, 21 Nov 2016 00:19:17 +0000 (16:19 -0800)]
Don't close stderr when opening a tunnel. (closes #3726)
Instead of closing stderr, redirect it to /dev/null in
tunnel_socket_open(). Otherwise a program can accidentally open a
file into handle 2 and then unknowingly use that when trying to print
to stderr.
Thanks to lotheac for the original patch, which I just modified
slightly.
Kevin McCarthy [Sun, 20 Nov 2016 03:35:07 +0000 (19:35 -0800)]
More openssl1.1 fixes: remove uses of X509->name in debugging. (closes #3870)
X509->name was a shortcut for the longer
name = X509_NAME_oneline (X509_get_subject_name (cert),
buf, sizeof (buf));
invocation. Change the debugging to print the cert name and chain
names in the ssl_check_certificate() loop instead.
Kevin McCarthy [Sun, 20 Nov 2016 03:35:07 +0000 (19:35 -0800)]
More openssl1.1 fixes: remove uses of X509->name in debugging. (closes #3870)
X509->name was a shortcut for the longer
name = X509_NAME_oneline (X509_get_subject_name (cert),
buf, sizeof (buf));
invocation. Change the debugging to print the cert name and chain
names in the ssl_check_certificate() loop instead.
Kevin McCarthy [Fri, 18 Nov 2016 23:54:27 +0000 (15:54 -0800)]
Fix mark-message translation and keybind menu.
Move the OP_MARK_MESSAGE and hotkey macro from MENU_GENERIC to the
MENU_MAIN keymap. Putting the macro under generic prevents it from
overriding a keybinding in the index (even if the function is bound to
noop). Additionally, the macro can only be executed from the index,
so it doesn't make sense as a generic keybinding.
Use the term "hotkey" in both the OPS and km_bind description.
Mark the km_bind description translatable.
Add L10N messages for the new translation strings.
Kevin McCarthy [Fri, 18 Nov 2016 01:54:35 +0000 (17:54 -0800)]
Revert changes made to mutt_find_cfg() in 3c6d322912e3
The usage of MUTT_VERSION in mutt_find_cfg() was fine before the
commit: it wasn't using MUTT_VERSION inlined into a string with format
string substitution.
Revert to the version of mutt_find_cfg() before that changeset.
David Champion [Thu, 17 Nov 2016 23:57:42 +0000 (15:57 -0800)]
Adds <mark-message> binding to create "hotkeys" for messages.
<mark-message>foo<enter> will create a new macro "'foo" which will
return to the current message by searching for that message's
message id. The initial character of the macro is defined by
$mark_macro_prefix, and defaults to "'" for verisimilitude vs. vi.
Kevin McCarthy [Mon, 14 Nov 2016 04:02:36 +0000 (20:02 -0800)]
Compress: check mailbox type if possible when appending.
If an append hook isn't defined, then mutt has to decompress the
mailbox. In that case, we can check the type of the decompressed
mailbox instead of defaulting to DefaultMagic.
Kevin McCarthy [Mon, 14 Nov 2016 04:02:35 +0000 (20:02 -0800)]
Compress: fix check_mailbox and sync_mailbox.
Change check_mailbox to delegate to the child_ops->check_mailbox if
the compressed mailbox has changed. This allows the mailbox to
properly recover if both the decompressed mailbox and compressed file
have changed.
Change sync_mailbox to call check_mailbox before attempting to sync.
This will prevent overwriting external changes to the compressed
mailbox.
Kevin McCarthy [Mon, 14 Nov 2016 04:02:35 +0000 (20:02 -0800)]
Create mx_ops.sync operation. Refactor compress to use the mx_ops.sync.
Change compress.sync_mailbox() to lock the compressed mailbox around
both the tempfile sync and compress operations. This will prevent
changes made inbetween the two syncs from being overwritten.
Thanks to Damien Riegel for his original patch refactoring
mx_ops.sync, which this patch is partially based upon.
Kevin McCarthy [Mon, 14 Nov 2016 04:02:35 +0000 (20:02 -0800)]
Compress: pull the lock/unlock operations into the open,close,sync operations.
Some operations, such as open_append and sync, need an exclusive lock
across a longer period than a single compress/decompress. Remove it
from the execute_command and pull into the outer callers. Store lock
information inside compress_info.
Sync and check_mailbox need more fixes, which will be addressed in
subsequent patches.
Kevin McCarthy [Mon, 14 Nov 2016 04:02:34 +0000 (20:02 -0800)]
Compress: add delegate calls to open_append and close mx_ops functions.
The open_append and close were partially duplicating mbox open_append
and close operations internally. Change it to call the actual
delegate functions instead.
Inline the open_read() function inside open_mailbox(). Having it
split improved nothing and just complicated the code (i.e. added
error-handling checks in open_mailbox() that in reality could not
fail).
Kevin McCarthy [Mon, 14 Nov 2016 04:02:34 +0000 (20:02 -0800)]
Compress: fix several logic and memory bugs.
setup_paths leaks memory: realpath is already set in mx_open_mailbox()
restore_paths is unneeded. mx_fastclose_mailbox() will free stuff,
and nothing is looking at the path once we are closing or aborting.
Make a copy of the hooks. Otherwise 'unhook *' will leave dangling
pointers.
Add compress_info freeing inside mx_fastclose_mailbox(). Only free
inside compress.c when we want to prevent close() from doing anything.
close_mailbox() didn't preserve ctx->path on error.
execute_command() didn't return an error if the mutt_system() command
failed.
mx_open_mailbox_append() should check mutt_comp_can_append() only for
the case that the mailbox doesn't exist. When it exists,
mx_get_magic() has already looked at the file contents before checking
for matching open_hooks.
In open_append_mailbox() if no append hook is defined, it should't
call ci->open() if the mailbox doesn't exist. It should act just like
append and create a temporary file.
check_mailbox() needs more work. For now, at least have it properly
close the mailbox on error.
Kevin McCarthy [Mon, 14 Nov 2016 04:02:34 +0000 (20:02 -0800)]
Compress: remove buffy stats "improvisation".
Mutt doesn't support polling compressed mailboxes. This code creates
a false impression and dirties mutt_save_message() in the process. I
don't like it, so am taking it out.
Damien Riegel [Mon, 14 Nov 2016 02:45:35 +0000 (18:45 -0800)]
search muttrc file according to XDG Base Specification (closes #3207)
First of all, the MUTT_VERSION symbol is now concatenated (when
possible) at compile time.
Then, the logic to find the config file has been changed a bit to remove
unnecessary calls to access(), so now each possible locations for the
config file is only tested once, and it stops as soon as a valid one has
been found. So instead of:
access("/home/dkc/.muttrc-1.7.1", F_OK) = -1 ENOENT (No such file or directory)
access("/home/dkc/.muttrc", F_OK) = 0
access("/home/dkc/.muttrc", F_OK) = 0
access("/home/dkc/.muttrc", F_OK) = 0
[... Tests for Muttrc ... ]
access("/home/dkc/.muttrc", F_OK) = 0
We now have:
access("/home/dkc/.muttrc-1.7+13 (f658e517960e)", F_OK) = -1 ENOENT (No such file or directory)
access("/home/dkc/.muttrc", F_OK) = 0
It also cleans up the case where -F is passed on the command line but
points to a non-existent file by moving the error path closer to the
actual fail condition.
Finally, it adds partial support for the XDG Base Directory
Specification. mutt will now try to locate its config at:
The mx_fastclose_mailbox() calls mx_ops->close(), which invokes
mbox_close_mailbox().
Also, close the ctx->fp inside mbox_close_mailbox(). This way, the
(to be added) compress logic can call the mx_ops->close() instead of
"knowing" to close the fp before recompressing.
mx_fastclose_mailbox() will safe_fclose() the fp again, but I'm
leaving it there just in case I missed a usage of the fp in some other
part of the code.
Kevin McCarthy [Tue, 8 Nov 2016 02:10:27 +0000 (18:10 -0800)]
Chain %d->%F->%f in the attachment menu.
Previously, %d would use %f if there was no description set.
Place the new %F option in between %d and %f. This way, %d will fall
back on %F, which will fall back on %f. This allows the standard
attachment menu to show d_filename.
This is useful for forwarding attachments or editing draft files with
attachments. In these cases the actual filename is sanitized but the
attachment name is preserved in d_filename.
Damien Riegel [Tue, 8 Nov 2016 02:10:22 +0000 (18:10 -0800)]
compose: add operation to rename an attachment
As opposed to rename-file, which actually renames the underlying file
of the attachment, rename-attachment puts a value in d_filename, which
is used in the Content-Disposition header.
Kevin McCarthy [Sun, 23 Oct 2016 22:11:56 +0000 (15:11 -0700)]
Perform charset conversion on text attachments when piping. (closes #3773) (see #3886)
When piping a text attachment, there is no reliable way to know the
charset used.
Vincent Lefèvre says:
It was decided in the past that when there is no information on the
charset in a transmission to an external command (e.g. as for mail
composing), texts are expected to be transmitted in the local
charset.
Add a MUTT_CHARSET flag to enable charset conversion on text
attachments for both when $attach_split is set and unset.
Kevin McCarthy [Sun, 23 Oct 2016 21:46:37 +0000 (14:46 -0700)]
Fix pager segfault when lineInfo.chunks overflows. (closes #3888)
The reporter had an html attachment with extremely long lines,
combined with a color pattern of "color body default default ."
This overflowed the lineInfo.chunks, causing a segfault.
Kevin McCarthy [Wed, 19 Oct 2016 20:21:16 +0000 (13:21 -0700)]
Add root-message function to jump to root message in thread.
This seems like a useful feature that was brought up for discussion on
mutt-users. Proposed solutions involved collapsing/uncollapsing
threads, but it's not hard to modify the mutt_parent_message()
function to return the root instead.
Kevin McCarthy [Mon, 17 Oct 2016 18:22:13 +0000 (11:22 -0700)]
Actually fix gpgme segfault in create_recipient_set().
Changeset 6e44bfa16096 did not fix the segv. (Sorry, I made the fix
based off a report on IRC but didn't trigger the segv myself: it was
caused by an out-of-tree patch).
The actual problem was that the rset was only resized on a successful
gpgme_get_key(). However, on error, the array still needs to be
NULL-terminated before calling free_recipient_set().
Move the resize so it always takes place. This obviates the need for
the NULL check added in 6e44bfa16096.
Kevin McCarthy [Sun, 16 Oct 2016 22:44:17 +0000 (15:44 -0700)]
Change sidebar to only match $folder prefix on a $sidebar_divider_char. (closes #3887)
The reporter had a $spoolfile of ~/Mailbox and a $folder of ~/Mail.
The sidebar was truncating the spoolfile to "ox" because it only
looked at a substring prefix match.
Kevin McCarthy [Sun, 16 Oct 2016 21:16:47 +0000 (14:16 -0700)]
Fix gpgme segfault in create_recipient_set().
If gpgme_get_key() errors on the first key, the rset will not be
allocated yet. Attempting to null-terminate (and then free) the array
causes a segfault.
Kevin McCarthy [Thu, 13 Oct 2016 01:10:35 +0000 (18:10 -0700)]
Handle presence of '--' delimiter in $sendmail. (closes #3168)
If the delimiter exists, additional sendmail flags will be inserted
before the delimiter. Any arguments after the delimiter will be
preserved as recipients.
Fix GPGME signature zero timestamp and locale awareness issues. (closes #3882)
GPGME signature information has two minor problems.
[-- Begin signature information --]
*BAD* signature from: Name <user@example.com>
aka: Name <user@example.org>
created: Thu Jan 1 09:00:00 1970
[-- End signature information --]
First, the created timestamp is incorrect when the message is not
verified successfully.
Second, as the code itself has some "TODO" comments, "aka" and
"created" lines are not properly-aligned when LC_MESSAGES != English.
sasl_client_step() returns SASL_OK after the fourth step: server auth
confirmation. However, the protocol requires the client send one more
blank line to the server, to which the server then replies with "+OK".
See https://tools.ietf.org/html/rfc5034#section-6.
The code currently only sends a final response if sasl_client_step
returns data to send. Change it to always send a final client message
after the SASL_OK.
Kevin McCarthy [Thu, 6 Oct 2016 19:35:38 +0000 (12:35 -0700)]
Mark IMAP fast-trash'ed messages as read before copying. (see #3860)
Regular copying/saving messages in mutt via a UID COPY first calls
imap_sync_message(). However that function is designed to sync all
flags (including deleted), and so isn't useful for the fast-trash
code.
As an easier solution, instead add a UID STORE to set \\Seen for the
same msgset as the trashed messages.
Kevin McCarthy [Tue, 4 Oct 2016 18:13:24 +0000 (11:13 -0700)]
Preserve forwarded attachment names in d_filename.
When forwarding an attachment with an non-ascii name, mutt_copy_body()
mangles the filename when calling mutt_adv_mktemp. Preserve
the original attachment filename in d_filename.
Remove the double copy of b->filename, which is a memory leak.
Kevin McCarthy [Sat, 1 Oct 2016 23:21:59 +0000 (16:21 -0700)]
Ensure signatures exist when verifying multipart/signed emails. (closes #3881).
TAKAHASHI Tamotsu reported that when gpg2 isn't in PATH, the
gpgme_op_verify() won't return an error, but instead will return a
result with no signatures.
verify_one() was only returning an error if a signature actually
failed, so in this case the function was defaulting to returning
success.
Other callers of gpgme_op_verify() check to make sure the
result->signatures exist before processing signatures. Add a check
for verify_one() too.
Kevin McCarthy [Sat, 1 Oct 2016 20:58:35 +0000 (13:58 -0700)]
RFC2047-decode mailto url headers after RFC2822 parsing. (closes #3879)
Commit 55819a7e6169 performed the RFC2047 decode before the parsing.
This works okay for headers such as subject, but for others such as
address fields could lead to parsing errors.
Change to perform a decode on envelope headers after all the calls to
mutt_parse_rfc822_line(), using the same list of fields as
mutt_read_rfc822_header().
Change the do_2047 parameter of mutt_read_rfc822_line() to true, so
that user headers are decoded if needed.
Kevin McCarthy [Sun, 25 Sep 2016 20:11:03 +0000 (13:11 -0700)]
Reset invalid parsed received dates to 0. (closes #3878)
The actual problem in the ticket would be solved by d3f31cf9239e (see
#3798). However there is still the bug that Mutt considers a
(hdr->received != 0) to be set and usable, despite not checking the
return value of mutt_parse_date().
Change mutt_read_rfc822_header() to unset an invalid received value
back to 0. We don't do this inside mutt_read_rfc822_line() because
that would cause the next received line to be parsed.
Kevin McCarthy [Fri, 23 Sep 2016 23:07:36 +0000 (16:07 -0700)]
Clear pager position when toggling headers.
It doesn't make sense to try to preserve the pager position when
toggling headers: the purpose of toggling headers is to see the
headers in full or weeded state. So, reset the position back to the
top.
Kevin McCarthy [Thu, 22 Sep 2016 21:07:18 +0000 (14:07 -0700)]
Don't abort the menu editor on sigwinch. (closes #3875)
getch() will return ERR on sigwinch when timeout() is called with a
positive value. mutt_getch() will therefore return ch==-2 for both a
timeout and a sigwinch in this case.
The imap code in km_dokey() exits out of the ImapKeepalive loop for a
SigWinch, and was skipping past the check for MENU_EDITOR and
tmp.ch==-2. Move this check below the gotkey: label so the
ImapKeepalive loop behaves the same as the Timeout code.
Thanks to nicop for reporting the problem and for the initial patch!
Antonio Radici [Thu, 22 Sep 2016 01:10:33 +0000 (18:10 -0700)]
Mark some gpgme pgp menu keybinding translations as fuzzy. (closes #3874)
Some translations for crypt-gpgme.c are marked as fuzzy but the keybindings
attached to these translations are not, this creates confusions for the users
who see the english message but have the keybindings for a message in their own
language available.
As long as the translations are fuzzy, the keybindings should stay fuzzy.
Kevin McCarthy [Wed, 21 Sep 2016 20:51:01 +0000 (22:51 +0200)]
Check for NULL mx_ops in mx.c
Eike Rathke reported this happening when in an IMAP index view the
underlying connection was terminated, ctx->mx_ops was NULL and thus
accessing ctx->mx_ops->check segfaulted.
Thanks also to Eike Rathke for the initial patch, for which I expanded
the checks to other functions.
Antonio Radici [Tue, 20 Sep 2016 22:51:13 +0000 (15:51 -0700)]
Use body color for gpgme output. (closes #3872)
When switching from pgp_* commands to crypt_use_gpgme=yes, Peter
Colberg noticed that the output was colored 'brightyellow'.
The issue is that crypt-gpgme.c uses state_attach_puts in various
places where it should use state_puts to maintain compatibility with
the previous behavior in pgp.c.