Kevin McCarthy [Wed, 13 Mar 2019 04:06:11 +0000 (12:06 +0800)]
Fix incorrect IMAP message purging bug.
Thanks to Ivan Middleton @imiddle for the awesome bug report and
suggested fix.
The bug is most easily generated using Gmail with the $trash variable
set.
Deleted messages are first copied to the $trash folder. If this is
set to "[Gmail]/Trash", then Gmail inteprets the copy as a "delete"
and sends EXPUNGE messages back for the messages.
cmd_parse_expunge() and cmd_parse_vanished() set the hdr->index to
INT_MAX, which subsequently an imap_expunge_mailbox() will use to
remove the messages from the local mailbox.
If we close the mailbox instead of sync it, Mutt will end up executing
the 'Deleted' flag setting before processing the expunge (because
"imap_check_mailbox() -> imap_cmd_finish()' doesn't set check_status
when we are closing). The expunged messages will then be included in
the set of 'Deleted' flags.
Unfortunately, because the messages are sorted by *index* before
msgset generation, an incorrect range of UIDs will be sent, which
could easily include messages that should not be deleted.
This fix is a minimal fix for a stable bug fix excluding
messages with the index set to INT_MAX from all msg sets. Other
things that should be investigated in master are:
- sorting by UID instead of index before msgset generation
- unsetting the 'active' flag in cmd_parse_expunge() and
cmd_parse_vanished() instead of waiting until imap_expunge_mailbox()
to do so.
Kevin McCarthy [Fri, 25 Jan 2019 02:28:27 +0000 (18:28 -0800)]
Show top-level decoded smime text/plain parts.
Commit 331d9d5a attempted to fix a problem with an attachment having
extension .p7m. The attachment menu tried to decode and failed, and
the part ended up being replaced by a bogus text/plain part.
The problem is that crypt_smime_decrypt_mime() returns a text/plain
part if the decode fails, meaning we can't distinguish failure from
success in this case.
As a compromise, only use a text/plain resulting from a single
top-level application_smime part. This will allow for the case of an
text/plain encoded email, but won't end up hiding attachments that
were not decoded.
Kevin McCarthy [Thu, 24 Jan 2019 22:15:33 +0000 (14:15 -0800)]
Improve attachment menu for s/mime parts. (closes #113)
Don't prompt for passphrase or getkeys, or set the ENCRYPT flag, for
OPAQUE types.
Don't recurse on "text" output from decrypt_mime(). There is no
reason to recurse on a text type. Additionally, the
mutt_read_mime_header() will return an empty text type even if the
decode doesn't generate mime output. In those cases, we want to show
the original attachment.
Kevin McCarthy [Tue, 22 Jan 2019 03:43:08 +0000 (19:43 -0800)]
Fix tunnels to also retry and write full buffer.
Change the tunnel_socket_read() and tunnel_socket_write() as the raw
sockets were adjusted in the previous commit. Retry on EINTR, and
complete a full write so all the implementations have the same behavior.
Kevin McCarthy [Mon, 21 Jan 2019 23:19:08 +0000 (15:19 -0800)]
Fix raw socket read/write to follow expected behavior.
The mutt_sasl.c code expects conn_write() to write the entire buffer.
This is inconsistent with mutt_socket.c, but since other conn_write()
implementations guarantee this, change raw_socket_write() to do so too
for now.
Also, update reading and writing to loop on EINTR, as gnutls does.
They won't return EAGAIN or EWOULDBLOCK because we don't mark sockets
as non-blocking.
Kevin McCarthy [Mon, 21 Jan 2019 19:56:04 +0000 (11:56 -0800)]
Fix gnutls tls_socket_write() to properly retry.
Retry on GNUTLS_E_AGAIN and GNUTLS_E_INTERRUPTED. This prevents an
aborted send due to a SIGWINCH, for instance.
Change tls_socket_read() to follow the same flow. Don't bother
checking gnutls_error_is_fatal() because return codes besides AGAIN
and INTERRUPTED end up closing the connection regardless. (We don't
handle handshakes and negotations during send/receive).
Kevin McCarthy [Thu, 10 Jan 2019 17:56:41 +0000 (09:56 -0800)]
Wrap ssl init calls for LibreSSL too.
It looks like LibreSSL does not perform automatic initialization of
the library and error strings.
Since LibreSSL defines OPENSSL_VERSION_NUMBER as a "version 2",
add a check if LIBRESSL_VERSION_NUMBER is defined and call the
initialization functions for that case.
Fabian Groffen [Thu, 10 Jan 2019 15:03:02 +0000 (16:03 +0100)]
mx_open_mailbox: provide output buffer to realpath(3)
Starting with POSIX.1.2008 resolved_path can be NULL.
Systems implementing a standard before that crash. Example of such
system is Mac OS X 10.5, the last version running on PowerPC hardware.
Since this is the only occurrance of the realpath(3) function in Mutt,
instead of wrapping it, just adjust this invocation.
Kevin McCarthy [Fri, 4 Jan 2019 19:20:05 +0000 (11:20 -0800)]
Fix mkdtemp.c implementation.
Two statements were indented on the same line under a for statement.
The second one would not be included in the loop, only being executed
after the loop finishes.
This is obviously an error, as it modifies the LETTERS entry being
used.
Kevin McCarthy [Fri, 28 Dec 2018 23:43:51 +0000 (15:43 -0800)]
Make a copy of x_label before encoding it for updates.
This isn't actually a bug. Context->label_hash strdups the keys, so
we are safe from dangling references. However, the subj_hash uses
direct references, so to keep things consistent and safe, make a copy
and encode that.
Kevin McCarthy [Fri, 28 Dec 2018 00:24:27 +0000 (16:24 -0800)]
Restore the xlabel_changed reset.
The cherry pick accidentally obliterated the reset. That flag is now
located in hdr->env->changed in the branch and is reset properly
elsewhere. Keep it in place in the stable branch.
Some clients (or even mail servers) improperly encode the octetstream
part.
Thanks to Riccardo Schirone for the original merge request patch.
This commit also handles the attachment menu, and makes the decoding
conditional so it's not done if it isn't necessary.
Kevin McCarthy [Thu, 13 Dec 2018 00:10:23 +0000 (16:10 -0800)]
Fix imap_sync_mailbox() hcache leak.
Uploading changed messages to the server ends up overwriting the
hcache. Add a straightforward fix and a longish explanation comment
for the stable branch fix.
Add a TODO noting a better fix should be done in the master branch in
the future.
Kevin McCarthy [Fri, 7 Dec 2018 03:22:59 +0000 (19:22 -0800)]
Fix classic gpg date parsing in list-keys.
GnuPG changed the format of their --with-colons output in 2.0.10.
Dates are now seconds since epoch. Update the parse_pub_line() code
to detect the new format.
The GnuPG changes also separated pub and the first uid. Since mutt
allows an empty uid field, the output is a bit less friendly now, with
an initial key without an uid. I think that's acceptable, but
eventually we'll want to change the parsing behavior.
Kevin McCarthy [Thu, 29 Nov 2018 20:36:08 +0000 (12:36 -0800)]
Add SENDER to default list of IMAP headers.
This header is matched by the ~e and ~L patterns. Those patterns
should work without the user having to know to add Sender to the list
of $imap_headers. This was probably just an oversight.
Kevin McCarthy [Tue, 27 Nov 2018 21:55:04 +0000 (13:55 -0800)]
Fix QRESYNC crash after a large number of VANISHED messages.
When handling QRESYNC vanished, imap_expunge_mailbox() was called to
empty out the messages. Various counters, including vcount are
updated by the mx_update_tables() after the expunge.
These counters need to be reset, because mx_update_context() will do
so once again at the end of reading new headers. This can cause an
out of bounds access in v2r.
Kevin McCarthy [Tue, 30 Oct 2018 18:53:37 +0000 (11:53 -0700)]
Add a flag for dynamic date range evaluation in patterns.
By default, Mutt evaluates relative date patterns, such as "~d<1d"
against the date when the pattern is compiled.
For index-format-hook, we need to pattern match against a message
based on the current date/time, so that for example, conditional date
format patterns correctly match after Mutt has been open for many
days/weeks.
Add a flag, MUTT_PATTERN_DYNAMIC, that changes ~d and ~r evaluation to
reevaluate the min/max range with each match.
This will of course be slower, but for the index, where a screenful of
messages at a time are evaluated, is an acceptable tradeoff against
accurate pattern matching.
Peter Wu [Tue, 23 Oct 2018 10:29:26 +0000 (12:29 +0200)]
Fix memleaks of saslconn on error paths
If mutt_sasl_client_new returns an error, the callers would ignore the
allocated saslconn resource from sasl_client_new. Be sure to release
these with sasl_dispose as documented in sasl.h. Likewise, let callers
(POP/IMAP) dispose the resource on their error paths. SMTP was already
taken care of. Found with LeakSanitizer in IMAP.
Kevin McCarthy [Wed, 17 Oct 2018 00:35:54 +0000 (17:35 -0700)]
Ensure a resized empty buffer is null-terminated.
The new buffer code is using the pool, which ensures its buffers are
null-terminated.
However, if a "new" buffer from another part of the code were passed
to one of the temporary interfaces that resizes the buffer, it's
possible a non-terminated string might end up being passed through.
It's reasonable to expect mutt_b2s() for a "new" buffer should be the
same as after it is resized larger. So ensure the resulting buf->data
is properly terminated to avoid surprises.
Kevin McCarthy [Tue, 16 Oct 2018 23:04:57 +0000 (16:04 -0700)]
Remove conversion of nbsp to space.
Keep the behavior of it not line-breaking, but don't change it to a
space character when displaying. This is so copy-paste from the pager
will preserve the nbsp, which is semantically important in some
locales.
Kevin McCarthy [Sun, 14 Oct 2018 22:48:07 +0000 (15:48 -0700)]
Add rfc1524 buffer function interfaces for attach.c conversion.
The rfc1524 functions call, and are called by, many functions that
need to be converted. But to keep the conversion manageable, install
helper interface functions that pass the buffer->data and
buffer->dsize in and adjust the buffer->dptr afterwards.
Kevin McCarthy [Tue, 9 Oct 2018 21:39:09 +0000 (14:39 -0700)]
Change gnutls certificate_file processing and interactive prompts.
Accept a saved cert at any point in the chain, except for those
revoked or with invalid dates.
The INSECUREALG processing was a bit goofed up. It was skipping the
prompt for every chain except the host, and was only displaying an
error for entry 1 (the host being 0, root being len-1). Instead
prompt at any point, and display a warning as with the other errors.
Add a CERTERR_OTHER type to capture other bits. Recently GnuTLS has
added additional certificate_status_t types. We may want to improve
the prompts in the future for those, but for now at least make sure
it's recorded in certerr.
Kevin McCarthy [Tue, 9 Oct 2018 20:28:15 +0000 (13:28 -0700)]
Fix gnutls (a)lways to properly save for all certerr values.
For the case of SIGNERNOTCA, INSECUREALG, or a newer unhandled value,
the "(a)ccept always" prompt was allowed, but the cert saving was
prevented by a check only against NOTTRUSTED. This ended up giving a
strange error message saying the cert was not saved.
Fix to save the cert for all errors except HOSTNAME (which is handled
separately).
Max Görner [Wed, 3 Oct 2018 20:28:57 +0000 (22:28 +0200)]
Add several "Durchkopplungsbindestrich" to some German translations
While up to personal taste to a certain extent, in general it is more
appropriate to use dashes instead of spaces to to combine related but
distinct terms.
This commit introduces dashes, so called Durchkopplungsbindestriche, to
some of the terms, were found more suiting.
Kevin McCarthy [Fri, 28 Sep 2018 22:08:19 +0000 (15:08 -0700)]
Convert pgp_invoke_list_keys and mix_send_message to use BUFFERs.
Both repetitively perform a lot of copying back in forth, which is
much cleaner with a BUFFER.
Note that in pgp_invoke_list_keys, if there are no hints uids->data
would be NULL. However, the pgp_invoke() checks and wraps all the
format substitutions with NONULL.
Kevin McCarthy [Fri, 28 Sep 2018 00:29:16 +0000 (17:29 -0700)]
Increase buffer sizes for some IMAP commands.
Use to ensure assembled IMAP commands fit in the resultant buffer to
be imap_exec()'ed.
RFC2683 suggested a limit of 1000, but asked servers to accept up to
8000. Furthermore, RFC7162 bumped the client limit suggestion up to
8192. So I don't believe any issues will be caused by this.
Most of these are increases are just to remove theoretical truncation
warned about by the compiler; I don't believe we've had reports of
actual command truncation due to a mailbox 1024 characters long.
Kevin McCarthy [Wed, 26 Sep 2018 02:03:56 +0000 (19:03 -0700)]
Fix non-threaded $sort_aux "reverse-" sorting.
The secondary sort was looking at (Sort & SORT_REVERSE) instead
of (SortAux & SORT_REVERSE), so wasn't even performing the reverse
based on the correct flag.
Additionally, afterwards, the primary sort was improperly applying a
reverse when the secondary sort returned non-zero.
Change SORTCODE() to look at SortAux when we are inside a secondary
sort.
Change AUXSORT() to return the result if the secondary sort returns
non-zero. It is ugly to put a return inside the macro, but the check
for non-zero needs to be performed inside the AUXSORT if branch.
If the secondary sort returns 0, then the primary sort can still
compare index and apply a reverse as needed.