tuibuilder_pel7x64builder0
4 years ago
23 changed files with 1292 additions and 257 deletions
@ -0,0 +1,10 @@
@@ -0,0 +1,10 @@
|
||||
--- mutt-1.5.13/configure.nodotlock 2007-02-06 15:14:03.000000000 +0100 |
||||
+++ mutt-1.5.13/configure 2007-02-06 15:14:04.000000000 +0100 |
||||
@@ -12300,6 +12300,7 @@ |
||||
{ |
||||
struct stat s; |
||||
|
||||
+ return 1; |
||||
stat ("$mutt_cv_mailpath", &s); |
||||
if (s.st_mode & S_IWGRP) exit (0); |
||||
exit (1); |
@ -0,0 +1,12 @@
@@ -0,0 +1,12 @@
|
||||
diff -up mutt-1.5.18/doc/Makefile.in.manual mutt-1.5.18/doc/Makefile.in |
||||
diff -up mutt-1.5.18/init.h.manual mutt-1.5.18/init.h |
||||
--- mutt-1.5.18/init.h.manual 2008-01-30 05:26:50.000000000 +0100 |
||||
+++ mutt-1.5.18/init.h 2008-05-19 11:05:02.000000000 +0200 |
||||
@@ -19,7 +19,6 @@ |
||||
|
||||
#ifdef _MAKEDOC |
||||
# include "config.h" |
||||
-# include "doc/makedoc-defs.h" |
||||
#else |
||||
# include "sort.h" |
||||
#endif |
@ -0,0 +1,20 @@
@@ -0,0 +1,20 @@
|
||||
diff -up mutt-1.5.18/doc/Muttrc.head.muttrc mutt-1.5.18/doc/Muttrc.head |
||||
--- mutt-1.5.18/doc/Muttrc.head.muttrc 2008-01-30 05:26:50.000000000 +0100 |
||||
+++ mutt-1.5.18/doc/Muttrc.head 2008-05-19 10:58:21.000000000 +0200 |
||||
@@ -19,11 +19,15 @@ macro index,pager,attach,compose \cb "\ |
||||
|
||||
# Show documentation when pressing F1 |
||||
macro generic,pager <F1> "<shell-escape> less @docdir@/manual.txt<Enter>" "show Mutt documentation" |
||||
+# and also F2, as some terminals use F1 |
||||
+macro generic,pager <F2> "<shell-escape> less @docdir@/manual.txt<Enter>" "show Mutt documentation" |
||||
|
||||
# show the incoming mailboxes list (just like "mutt -y") and back when pressing "y" |
||||
macro index,pager y "<change-folder>?<toggle-mailboxes>" "show incoming mailboxes list" |
||||
bind browser y exit |
||||
|
||||
+bind editor <delete> delete-char |
||||
+ |
||||
# If Mutt is unable to determine your site's domain name correctly, you can |
||||
# set the default here. |
||||
# |
||||
diff -up mutt-1.5.18/contrib/sample.muttrc mutt-1.5.18/contrib/sample |
@ -0,0 +1,11 @@
@@ -0,0 +1,11 @@
|
||||
diff -up mutt/copy.c.cve-2014-0467 mutt/copy.c |
||||
--- mutt/copy.c.cve-2014-0467 2009-12-14 19:24:59.000000000 +0100 |
||||
+++ mutt/copy.c 2014-03-13 10:29:13.844051152 +0100 |
||||
@@ -254,6 +254,7 @@ mutt_copy_hdr (FILE *in, FILE *out, LOFF |
||||
{ |
||||
if (!address_header_decode (&this_one)) |
||||
rfc2047_decode (&this_one); |
||||
+ this_one_len = mutt_strlen (this_one); |
||||
} |
||||
|
||||
if (!headers[x]) |
@ -0,0 +1,13 @@
@@ -0,0 +1,13 @@
|
||||
--- mutt/init.c 2009-12-14 19:24:59.000000000 +0100 |
||||
+++ mutt/init.c.new 2016-10-19 16:00:26.065999981 +0200 |
||||
@@ -2928,9 +2928,8 @@ void mutt_init (int skip_sys_rc, LIST *c |
||||
#define DOMAIN buffer |
||||
if (!p && getdnsdomainname (buffer, sizeof (buffer)) == -1) |
||||
Fqdn = safe_strdup ("@"); |
||||
- else |
||||
#endif /* DOMAIN */ |
||||
- if (*DOMAIN != '@') |
||||
+ if (strlen(DOMAIN) > 0 && *DOMAIN != '@') |
||||
{ |
||||
Fqdn = safe_malloc (mutt_strlen (DOMAIN) + mutt_strlen (Hostname) + 2); |
||||
sprintf (Fqdn, "%s.%s", NONULL(Hostname), DOMAIN); /* __SPRINTF_CHECKED__ */ |
@ -0,0 +1,12 @@
@@ -0,0 +1,12 @@
|
||||
diff -rup mutt-17a4f92e4a95-orig/init.h mutt-17a4f92e4a95-new/init.h |
||||
--- mutt-17a4f92e4a95-orig/init.h 2015-06-07 22:59:32.000000000 +0200 |
||||
+++ mutt-17a4f92e4a95-new/init.h 2015-06-25 15:28:56.095570332 +0200 |
||||
@@ -2989,7 +2989,7 @@ struct option_t MuttVars[] = { |
||||
*/ |
||||
#if defined(USE_SSL) |
||||
#ifdef USE_SSL_GNUTLS |
||||
- { "ssl_ca_certificates_file", DT_PATH, R_NONE, UL &SslCACertFile, 0 }, |
||||
+ { "ssl_ca_certificates_file", DT_PATH, R_NONE, UL &SslCACertFile, "/etc/pki/tls/certs/ca-bundle.crt" }, |
||||
/* |
||||
** .pp |
||||
** This variable specifies a file containing trusted CA certificates. |
@ -0,0 +1,28 @@
@@ -0,0 +1,28 @@
|
||||
diff -up mutt-1.5.21/contrib/Makefile.am.cabundle mutt-1.5.21/contrib/Makefile.am |
||||
--- mutt-1.5.21/contrib/Makefile.am.cabundle 2008-03-19 21:07:06.000000000 +0100 |
||||
+++ mutt-1.5.21/contrib/Makefile.am 2011-11-02 12:47:34.143534053 +0100 |
||||
@@ -5,7 +5,7 @@ subdir = contrib |
||||
SAMPLES = Mush.rc Pine.rc gpg.rc pgp2.rc pgp5.rc pgp6.rc Tin.rc \ |
||||
sample.muttrc sample.mailcap sample.muttrc-tlr \ |
||||
colors.default colors.linux smime.rc \ |
||||
- ca-bundle.crt smime_keys_test.pl mutt_xtitle |
||||
+ smime_keys_test.pl mutt_xtitle |
||||
|
||||
EXTRA_DIST = language.txt language50.txt \ |
||||
patch.slang-1.2.2.keypad.1 \ |
||||
diff -up mutt-1.5.21/doc/smime-notes.txt.cabundle mutt-1.5.21/doc/smime-notes.txt |
||||
--- mutt-1.5.21/doc/smime-notes.txt.cabundle 2011-11-02 12:53:56.808750080 +0100 |
||||
+++ mutt-1.5.21/doc/smime-notes.txt 2011-11-02 12:57:46.225881970 +0100 |
||||
@@ -40,8 +40,10 @@ How to add use mutt's S/MIME capabilitie |
||||
- Edit the smime_sign_as line in your muttrc, replacing the keyid with your |
||||
own. |
||||
|
||||
-- You probably want to import the trusted roots in |
||||
- contrib/ca-bundle.crt. This makes you trust anything that was ultimately |
||||
+- There is no more ca-bundle.crt file with the trusted roots to import shipped |
||||
+ in mutt. The upstream file is out-dated and user is encouraged to use |
||||
+ ca-bundle.crt from ca-certificate pacakge. |
||||
+ This makes you trust anything that was ultimately |
||||
signed by one of them. You can use "smime_keys add_root" to do so, or |
||||
just copy ca-bundle.crt into the place you point mutt's smime_ca_location |
||||
variable to. |
@ -0,0 +1,22 @@
@@ -0,0 +1,22 @@
|
||||
diff -up mutt-1.5.21/mutt_ssl_gnutls.c.testcert mutt-1.5.21/mutt_ssl_gnutls.c |
||||
--- mutt-1.5.21/mutt_ssl_gnutls.c.testcert 2010-08-25 18:31:40.000000000 +0200 |
||||
+++ mutt-1.5.21/mutt_ssl_gnutls.c 2013-11-04 14:15:33.956762683 +0100 |
||||
@@ -434,8 +434,16 @@ static int tls_compare_certificates (con |
||||
return 0; |
||||
} |
||||
|
||||
- ptr = (unsigned char *)strstr((char*)b64_data.data, CERT_SEP) + 1; |
||||
- ptr = (unsigned char *)strstr((char*)ptr, CERT_SEP); |
||||
+ /* find start of cert, skipping junk */ |
||||
+ ptr = (unsigned char *)strstr((char*)b64_data.data, CERT_SEP); |
||||
+ if (!ptr) |
||||
+ { |
||||
+ gnutls_free(cert.data); |
||||
+ FREE (&b64_data_data); |
||||
+ return 0; |
||||
+ } |
||||
+ /* find start of next cert */ |
||||
+ ptr = (unsigned char *)strstr((char*)ptr + 1, CERT_SEP); |
||||
|
||||
b64_data.size = b64_data.size - (ptr - b64_data.data); |
||||
b64_data.data = ptr; |
@ -0,0 +1,128 @@
@@ -0,0 +1,128 @@
|
||||
From 185152818541f5cdc059cbff3f3e8b654fc27c1d Mon Sep 17 00:00:00 2001 |
||||
From: Kevin McCarthy <kevin@8t8.us> |
||||
Date: Sat, 7 Jul 2018 19:03:44 -0700 |
||||
Subject: [PATCH] Properly quote IMAP mailbox names when (un)subscribing. |
||||
|
||||
When handling automatic subscription (via $imap_check_subscribed), or |
||||
manual subscribe/unsubscribe commands, mutt generating a "mailboxes" |
||||
command but failed to properly escape backquotes. |
||||
|
||||
Thanks to Jeriko One for the detailed bug report and patch, which this |
||||
commit is based upon. |
||||
--- |
||||
imap/command.c | 5 +++-- |
||||
imap/imap.c | 7 +++++-- |
||||
imap/imap_private.h | 3 ++- |
||||
imap/util.c | 25 ++++++++++++++++++++----- |
||||
4 files changed, 30 insertions(+), 10 deletions(-) |
||||
|
||||
diff --git a/imap/command.c b/imap/command.c |
||||
index c8825981..c79d4f28 100644 |
||||
--- a/imap/command.c |
||||
+++ b/imap/command.c |
||||
@@ -842,8 +842,9 @@ static void cmd_parse_lsub (IMAP_DATA* idata, char* s) |
||||
|
||||
strfcpy (buf, "mailboxes \"", sizeof (buf)); |
||||
mutt_account_tourl (&idata->conn->account, &url); |
||||
- /* escape \ and " */ |
||||
- imap_quote_string(errstr, sizeof (errstr), list.name); |
||||
+ /* escape \ and ". Also escape ` because the resulting |
||||
+ * string will be passed to mutt_parse_rc_line. */ |
||||
+ imap_quote_string_and_backquotes (errstr, sizeof (errstr), list.name); |
||||
url.path = errstr + 1; |
||||
url.path[strlen(url.path) - 1] = '\0'; |
||||
if (!mutt_strcmp (url.user, ImapUser)) |
||||
diff --git a/imap/imap.c b/imap/imap.c |
||||
index 668203b8..c3a8ffd0 100644 |
||||
--- a/imap/imap.c |
||||
+++ b/imap/imap.c |
||||
@@ -1930,6 +1930,7 @@ int imap_subscribe (char *path, int subscribe) |
||||
char buf[LONG_STRING]; |
||||
char mbox[LONG_STRING]; |
||||
char errstr[STRING]; |
||||
+ int mblen; |
||||
BUFFER err, token; |
||||
IMAP_MBOX mx; |
||||
|
||||
@@ -1951,8 +1952,10 @@ int imap_subscribe (char *path, int subscribe) |
||||
memset (&token, 0, sizeof (token)); |
||||
err.data = errstr; |
||||
err.dsize = sizeof (errstr); |
||||
- snprintf (mbox, sizeof (mbox), "%smailboxes \"%s\"", |
||||
- subscribe ? "" : "un", path); |
||||
+ mblen = snprintf (mbox, sizeof (mbox), "%smailboxes ", |
||||
+ subscribe ? "" : "un"); |
||||
+ imap_quote_string_and_backquotes (mbox + mblen, sizeof(mbox) - mblen, |
||||
+ path); |
||||
if (mutt_parse_rc_line (mbox, &token, &err)) |
||||
dprint (1, (debugfile, "Error adding subscribed mailbox: %s\n", errstr)); |
||||
FREE (&token.data); |
||||
diff --git a/imap/imap_private.h b/imap/imap_private.h |
||||
index 312fbfe4..349c5a49 100644 |
||||
--- a/imap/imap_private.h |
||||
+++ b/imap/imap_private.h |
||||
@@ -301,7 +301,8 @@ char* imap_next_word (char* s); |
||||
time_t imap_parse_date (char* s); |
||||
void imap_make_date (char* buf, time_t timestamp); |
||||
void imap_qualify_path (char *dest, size_t len, IMAP_MBOX *mx, char* path); |
||||
-void imap_quote_string (char* dest, size_t slen, const char* src); |
||||
+void imap_quote_string (char* dest, size_t dlen, const char* src); |
||||
+void imap_quote_string_and_backquotes (char *dest, size_t dlen, const char *src); |
||||
void imap_unquote_string (char* s); |
||||
void imap_munge_mbox_name (char *dest, size_t dlen, const char *src); |
||||
void imap_unmunge_mbox_name (char *s); |
||||
diff --git a/imap/util.c b/imap/util.c |
||||
index 914c93c3..3274a70c 100644 |
||||
--- a/imap/util.c |
||||
+++ b/imap/util.c |
||||
@@ -608,11 +608,10 @@ void imap_qualify_path (char *dest, size_t len, IMAP_MBOX *mx, char* path) |
||||
} |
||||
|
||||
|
||||
-/* imap_quote_string: quote string according to IMAP rules: |
||||
- * surround string with quotes, escape " and \ with \ */ |
||||
-void imap_quote_string (char *dest, size_t dlen, const char *src) |
||||
+static void _imap_quote_string (char *dest, size_t dlen, const char *src, |
||||
+ const char *to_quote) |
||||
{ |
||||
- char quote[] = "\"\\", *pt; |
||||
+ char *pt; |
||||
const char *s; |
||||
|
||||
pt = dest; |
||||
@@ -625,7 +623,7 @@ void imap_quote_string (char *dest, size_t dlen, const char *src) |
||||
|
||||
for (; *s && dlen; s++) |
||||
{ |
||||
- if (strchr (quote, *s)) |
||||
+ if (strchr (to_quote, *s)) |
||||
{ |
||||
dlen -= 2; |
||||
if (!dlen) |
||||
@@ -643,6 +641,23 @@ void imap_quote_string (char *dest, size_t dlen, const char *src) |
||||
*pt = 0; |
||||
} |
||||
|
||||
+/* imap_quote_string: quote string according to IMAP rules: |
||||
+ * surround string with quotes, escape " and \ with \ */ |
||||
+void imap_quote_string (char *dest, size_t dlen, const char *src) |
||||
+{ |
||||
+ _imap_quote_string (dest, dlen, src, "\"\\"); |
||||
+} |
||||
+ |
||||
+/* imap_quote_string_and_backquotes: quote string according to IMAP rules: |
||||
+ * surround string with quotes, escape " and \ with \. |
||||
+ * Additionally, escape backquotes with \ to protect against code injection |
||||
+ * when using the resulting string in mutt_parse_rc_line(). |
||||
+ */ |
||||
+void imap_quote_string_and_backquotes (char *dest, size_t dlen, const char *src) |
||||
+{ |
||||
+ _imap_quote_string (dest, dlen, src, "\"\\`"); |
||||
+} |
||||
+ |
||||
/* imap_unquote_string: equally stupid unquoting routine */ |
||||
void imap_unquote_string (char *s) |
||||
{ |
||||
-- |
||||
2.18.0 |
||||
|
@ -0,0 +1,100 @@
@@ -0,0 +1,100 @@
|
||||
From 6aed28b40a0410ec47d40c8c7296d8d10bae7576 Mon Sep 17 00:00:00 2001 |
||||
From: Kevin McCarthy <kevin@8t8.us> |
||||
Date: Fri, 13 Jul 2018 11:16:33 -0700 |
||||
Subject: [PATCH] Sanitize POP bcache paths. |
||||
|
||||
Protect against bcache directory path traversal for UID values. |
||||
|
||||
Thanks for Jeriko One for the bug report and patch, which this commit |
||||
is based upon. |
||||
--- |
||||
pop.c | 31 +++++++++++++++++++++++++------ |
||||
1 file changed, 25 insertions(+), 6 deletions(-) |
||||
|
||||
diff --git a/pop.c b/pop.c |
||||
index d9d95fbe..288166de 100644 |
||||
--- a/pop.c |
||||
+++ b/pop.c |
||||
@@ -40,6 +40,25 @@ |
||||
#define HC_FEXT "hcache" /* extension for hcache as POP lacks paths */ |
||||
#endif |
||||
|
||||
+/** |
||||
+ * cache_id - Make a message-cache-compatible id |
||||
+ * @param id POP message id |
||||
+ * @retval ptr Sanitised string |
||||
+ * |
||||
+ * The POP message id may contain '/' and other awkward characters. |
||||
+ * |
||||
+ * @note This function returns a pointer to a static buffer. |
||||
+ */ |
||||
+static const char *cache_id(const char *id) |
||||
+{ |
||||
+ static char clean[SHORT_STRING]; |
||||
+ |
||||
+ strfcpy (clean, id, sizeof(clean)); |
||||
+ mutt_sanitize_filename (clean, 1); |
||||
+ |
||||
+ return clean; |
||||
+} |
||||
+ |
||||
/* write line to file */ |
||||
static int fetch_message (char *line, void *file) |
||||
{ |
||||
@@ -205,7 +224,7 @@ static int msg_cache_check (const char *id, body_cache_t *bcache, void *data) |
||||
/* message not found in context -> remove it from cache |
||||
* return the result of bcache, so we stop upon its first error |
||||
*/ |
||||
- return mutt_bcache_del (bcache, id); |
||||
+ return mutt_bcache_del (bcache, cache_id (id)); |
||||
} |
||||
|
||||
#ifdef USE_HCACHE |
||||
@@ -355,7 +374,7 @@ static int pop_fetch_headers (CONTEXT *ctx) |
||||
* - if we also have a body: read |
||||
* - if we don't have a body: new |
||||
*/ |
||||
- bcached = mutt_bcache_exists (pop_data->bcache, ctx->hdrs[i]->data) == 0; |
||||
+ bcached = mutt_bcache_exists (pop_data->bcache, cache_id (ctx->hdrs[i]->data)) == 0; |
||||
ctx->hdrs[i]->old = 0; |
||||
ctx->hdrs[i]->read = 0; |
||||
if (hcached) |
||||
@@ -531,7 +550,7 @@ static int pop_fetch_message (CONTEXT* ctx, MESSAGE* msg, int msgno) |
||||
unsigned short bcache = 1; |
||||
|
||||
/* see if we already have the message in body cache */ |
||||
- if ((msg->fp = mutt_bcache_get (pop_data->bcache, h->data))) |
||||
+ if ((msg->fp = mutt_bcache_get (pop_data->bcache, cache_id (h->data)))) |
||||
return 0; |
||||
|
||||
/* |
||||
@@ -578,7 +597,7 @@ static int pop_fetch_message (CONTEXT* ctx, MESSAGE* msg, int msgno) |
||||
M_PROGRESS_SIZE, NetInc, h->content->length + h->content->offset - 1); |
||||
|
||||
/* see if we can put in body cache; use our cache as fallback */ |
||||
- if (!(msg->fp = mutt_bcache_put (pop_data->bcache, h->data, 1))) |
||||
+ if (!(msg->fp = mutt_bcache_put (pop_data->bcache, cache_id (h->data), 1))) |
||||
{ |
||||
/* no */ |
||||
bcache = 0; |
||||
@@ -624,7 +643,7 @@ static int pop_fetch_message (CONTEXT* ctx, MESSAGE* msg, int msgno) |
||||
* portion of the headers, those required for the main display. |
||||
*/ |
||||
if (bcache) |
||||
- mutt_bcache_commit (pop_data->bcache, h->data); |
||||
+ mutt_bcache_commit (pop_data->bcache, cache_id (h->data)); |
||||
else |
||||
{ |
||||
cache->index = h->index; |
||||
@@ -704,7 +723,7 @@ static int pop_sync_mailbox (CONTEXT *ctx, int *index_hint) |
||||
snprintf (buf, sizeof (buf), "DELE %d\r\n", ctx->hdrs[i]->refno); |
||||
if ((ret = pop_query (pop_data, buf, sizeof (buf))) == 0) |
||||
{ |
||||
- mutt_bcache_del (pop_data->bcache, ctx->hdrs[i]->data); |
||||
+ mutt_bcache_del (pop_data->bcache, cache_id (ctx->hdrs[i]->data)); |
||||
#if USE_HCACHE |
||||
mutt_hcache_delete (hc, ctx->hdrs[i]->data, strlen); |
||||
#endif |
||||
-- |
||||
2.18.0 |
||||
|
@ -0,0 +1,26 @@
@@ -0,0 +1,26 @@
|
||||
diff -up mutt-1.5.21/init.c.gpgme-1.2.0 mutt-1.5.21/init.c |
||||
--- mutt-1.5.21/init.c.gpgme-1.2.0 2010-08-25 18:31:40.000000000 +0200 |
||||
+++ mutt-1.5.21/init.c 2011-10-26 10:29:12.166967476 +0200 |
||||
@@ -52,6 +52,10 @@ |
||||
#include <sys/wait.h> |
||||
#include <sys/time.h> |
||||
|
||||
+#if defined(CRYPT_BACKEND_GPGME) |
||||
+#include <gpgme.h> |
||||
+#endif |
||||
+ |
||||
#define CHECK_PAGER \ |
||||
if ((CurrentMenu == MENU_PAGER) && (idx >= 0) && \ |
||||
(MuttVars[idx].flags & R_RESORT)) \ |
||||
@@ -3143,6 +3147,11 @@ void mutt_init (int skip_sys_rc, LIST *c |
||||
|
||||
mutt_read_histfile (); |
||||
|
||||
+#ifdef CRYPT_BACKEND_GPGME |
||||
+ /* needed since version 1.2.0, ticket #3300 */ |
||||
+ gpgme_check_version (NULL); |
||||
+#endif |
||||
+ |
||||
#if 0 |
||||
set_option (OPTWEED); /* turn weeding on by default */ |
||||
#endif |
@ -0,0 +1,59 @@
@@ -0,0 +1,59 @@
|
||||
diff -up mutt-1.5.21/imap/message.c.hdrcnt mutt-1.5.21/imap/message.c |
||||
--- mutt-1.5.21/imap/message.c.hdrcnt 2010-08-24 18:34:21.000000000 +0200 |
||||
+++ mutt-1.5.21/imap/message.c 2011-06-13 15:44:08.268380854 +0200 |
||||
@@ -65,7 +65,7 @@ int imap_read_headers (IMAP_DATA* idata, |
||||
char *hdrreq = NULL; |
||||
FILE *fp; |
||||
char tempfile[_POSIX_PATH_MAX]; |
||||
- int msgno, idx; |
||||
+ int msgno, idx = msgbegin - 1; |
||||
IMAP_HEADER h; |
||||
IMAP_STATUS* status; |
||||
int rc, mfhrc, oldmsgcount; |
||||
@@ -185,7 +185,7 @@ int imap_read_headers (IMAP_DATA* idata, |
||||
continue; |
||||
} |
||||
|
||||
- idx = h.sid - 1; |
||||
+ idx++; |
||||
ctx->hdrs[idx] = imap_hcache_get (idata, h.data->uid); |
||||
if (ctx->hdrs[idx]) |
||||
{ |
||||
@@ -211,6 +211,7 @@ int imap_read_headers (IMAP_DATA* idata, |
||||
dprint (3, (debugfile, "bad cache entry at %d, giving up\n", h.sid - 1)); |
||||
imap_free_header_data((void**) (void*) &h.data); |
||||
evalhc = 0; |
||||
+ idx--; |
||||
} |
||||
} |
||||
while (rc != IMAP_CMD_OK && mfhrc == -1); |
||||
@@ -273,18 +274,20 @@ int imap_read_headers (IMAP_DATA* idata, |
||||
{ |
||||
dprint (2, (debugfile, "msg_fetch_header: ignoring fetch response with no body\n")); |
||||
mfhrc = -1; |
||||
+ msgend--; |
||||
continue; |
||||
} |
||||
|
||||
/* make sure we don't get remnants from older larger message headers */ |
||||
fputs ("\n\n", fp); |
||||
|
||||
- idx = h.sid - 1; |
||||
+ idx++; |
||||
if (idx > msgend) |
||||
{ |
||||
dprint (1, (debugfile, "imap_read_headers: skipping FETCH response for " |
||||
"unknown message number %d\n", h.sid)); |
||||
mfhrc = -1; |
||||
+ idx--; |
||||
continue; |
||||
} |
||||
/* May receive FLAGS updates in a separate untagged response (#2935) */ |
||||
@@ -292,6 +295,7 @@ int imap_read_headers (IMAP_DATA* idata, |
||||
{ |
||||
dprint (2, (debugfile, "imap_read_headers: message %d is not new\n", |
||||
h.sid)); |
||||
+ idx--; |
||||
continue; |
||||
} |
||||
|
@ -0,0 +1,13 @@
@@ -0,0 +1,13 @@
|
||||
diff -up mutt-1.5.21/crypt-gpgme.c.notation mutt-1.5.21/crypt-gpgme.c |
||||
--- mutt-1.5.21/crypt-gpgme.c.notation 2012-04-25 10:26:20.589226791 +0200 |
||||
+++ mutt-1.5.21/crypt-gpgme.c 2012-04-25 10:28:02.075915855 +0200 |
||||
@@ -72,7 +72,8 @@ |
||||
#define xtoi_2(p) ((xtoi_1(p) * 16) + xtoi_1((p)+1)) |
||||
|
||||
#define PKA_NOTATION_NAME "pka-address@gnupg.org" |
||||
-#define is_pka_notation(notation) (! strcmp ((notation)->name, \ |
||||
+#define is_pka_notation(notation) ((notation)->name && \ |
||||
+ ! strcmp ((notation)->name, \ |
||||
PKA_NOTATION_NAME)) |
||||
|
||||
/* Values used for comparing addresses. */ |
@ -0,0 +1,19 @@
@@ -0,0 +1,19 @@
|
||||
diff -up mutt/pop.c.pophash mutt/pop.c |
||||
--- mutt/pop.c.pophash 2009-12-14 19:24:59.000000000 +0100 |
||||
+++ mutt/pop.c 2011-10-04 16:51:23.307236908 +0200 |
||||
@@ -618,8 +618,15 @@ int pop_fetch_message (MESSAGE* msg, CON |
||||
} |
||||
rewind (msg->fp); |
||||
uidl = h->data; |
||||
+ |
||||
+ /* we replace envelop, key in subj_hash has to be updated as well */ |
||||
+ if (ctx->subj_hash && h->env->real_subj) |
||||
+ hash_delete (ctx->subj_hash, h->env->real_subj, h, NULL); |
||||
mutt_free_envelope (&h->env); |
||||
h->env = mutt_read_rfc822_header (msg->fp, h, 0, 0); |
||||
+ if (ctx->subj_hash && h->env->real_subj) |
||||
+ hash_insert (ctx->subj_hash, h->env->real_subj, h, 1); |
||||
+ |
||||
h->data = uidl; |
||||
h->lines = 0; |
||||
fgets (buf, sizeof (buf), msg->fp); |
@ -0,0 +1,12 @@
@@ -0,0 +1,12 @@
|
||||
diff -up mutt-1.5.21/imap/imap.c.syncdebug mutt-1.5.21/imap/imap.c |
||||
--- mutt-1.5.21/imap/imap.c.syncdebug 2012-03-27 10:05:44.978962551 +0200 |
||||
+++ mutt-1.5.21/imap/imap.c 2012-03-27 10:05:54.223252267 +0200 |
||||
@@ -1128,7 +1128,7 @@ static int sync_helper (IMAP_DATA* idata |
||||
|
||||
char buf[LONG_STRING]; |
||||
|
||||
- if (!mutt_bit_isset (idata->ctx->rights, right)) |
||||
+ if (!idata->ctx || !mutt_bit_isset (idata->ctx->rights, right)) |
||||
return 0; |
||||
|
||||
if (right == M_ACL_WRITE && !imap_has_flag (idata->flags, name)) |
@ -0,0 +1,30 @@
@@ -0,0 +1,30 @@
|
||||
diff -up mutt-1.5.21/mutt_ssl_gnutls.c.old mutt-1.5.21/mutt_ssl_gnutls.c |
||||
--- mutt-1.5.21/mutt_ssl_gnutls.c.old 2011-03-23 11:46:28.760386765 +0100 |
||||
+++ mutt-1.5.21/mutt_ssl_gnutls.c 2011-03-23 14:34:45.839456449 +0100 |
||||
@@ -978,6 +978,7 @@ static int tls_check_certificate (CONNEC |
||||
unsigned int cert_list_size = 0; |
||||
gnutls_certificate_status certstat; |
||||
int certerr, i, preauthrc, savedcert, rc = 0; |
||||
+ int rcpeer; |
||||
|
||||
if (gnutls_auth_get_type (state) != GNUTLS_CRD_CERTIFICATE) |
||||
{ |
||||
@@ -1003,6 +1004,9 @@ static int tls_check_certificate (CONNEC |
||||
for (i = 0; i < cert_list_size; i++) { |
||||
rc = tls_check_preauth(&cert_list[i], certstat, conn->account.host, i, |
||||
&certerr, &savedcert); |
||||
+ if (i == 0) |
||||
+ rcpeer = rc; |
||||
+ |
||||
preauthrc += rc; |
||||
|
||||
if (savedcert) |
||||
@@ -1028,7 +1032,7 @@ static int tls_check_certificate (CONNEC |
||||
dprint (1, (debugfile, "error trusting certificate %d: %d\n", i, rc)); |
||||
|
||||
certstat = tls_verify_peers (state); |
||||
- if (!certstat) |
||||
+ if (!certstat && !rcpeer) |
||||
return 1; |
||||
} |
||||
} |
@ -0,0 +1,146 @@
@@ -0,0 +1,146 @@
|
||||
Some servers have problem when connection uses TLS 1.0 or SSL 3.0. |
||||
Since openssl offers TLS 1.1 and 1.2, we would like to use these |
||||
when connecting to server, while having ability to disable these |
||||
protocols if needed. |
||||
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=957840 |
||||
|
||||
Upstream related bug report: |
||||
http://dev.mutt.org/trac/ticket/3571 |
||||
|
||||
diff -up mutt-1.5.21/init.h.tlsv1v2 mutt-1.5.21/init.h |
||||
--- mutt-1.5.21/init.h.tlsv1v2 2013-06-27 12:46:14.120389035 +0200 |
||||
+++ mutt-1.5.21/init.h 2013-06-27 12:47:28.020387743 +0200 |
||||
@@ -2970,6 +2970,18 @@ struct option_t MuttVars[] = { |
||||
** This variable specifies whether to attempt to use TLSv1 in the |
||||
** SSL authentication process. |
||||
*/ |
||||
+ { "ssl_use_tlsv1_1", DT_BOOL, R_NONE, OPTTLSV1_1, 1 }, |
||||
+ /* |
||||
+ ** .pp |
||||
+ ** This variable specifies whether to attempt to use TLSv1.1 in the |
||||
+ ** SSL authentication process. |
||||
+ */ |
||||
+ { "ssl_use_tlsv1_2", DT_BOOL, R_NONE, OPTTLSV1_2, 1 }, |
||||
+ /* |
||||
+ ** .pp |
||||
+ ** This variable specifies whether to attempt to use TLSv1.2 in the |
||||
+ ** SSL authentication process. |
||||
+ */ |
||||
#ifdef USE_SSL_OPENSSL |
||||
{ "ssl_usesystemcerts", DT_BOOL, R_NONE, OPTSSLSYSTEMCERTS, 1 }, |
||||
/* |
||||
diff -up mutt-1.5.21/mutt.h.tlsv1v2 mutt-1.5.21/mutt.h |
||||
--- mutt-1.5.21/mutt.h.tlsv1v2 2010-09-13 19:19:55.000000000 +0200 |
||||
+++ mutt-1.5.21/mutt.h 2013-06-27 12:47:28.020387743 +0200 |
||||
@@ -376,6 +376,8 @@ enum |
||||
# endif /* USE_SSL_GNUTLS */ |
||||
OPTSSLV3, |
||||
OPTTLSV1, |
||||
+ OPTTLSV1_1, |
||||
+ OPTTLSV1_2, |
||||
OPTSSLFORCETLS, |
||||
OPTSSLVERIFYDATES, |
||||
OPTSSLVERIFYHOST, |
||||
diff -up mutt-1.5.21/mutt_ssl.c.tlsv1v2 mutt-1.5.21/mutt_ssl.c |
||||
--- mutt-1.5.21/mutt_ssl.c.tlsv1v2 2010-08-25 18:31:40.000000000 +0200 |
||||
+++ mutt-1.5.21/mutt_ssl.c 2013-06-27 12:47:28.021387743 +0200 |
||||
@@ -106,6 +106,18 @@ int mutt_ssl_starttls (CONNECTION* conn) |
||||
dprint (1, (debugfile, "mutt_ssl_starttls: Error allocating SSL_CTX\n")); |
||||
goto bail_ssldata; |
||||
} |
||||
+#ifdef SSL_OP_NO_TLSv1_1 |
||||
+ if (!option(OPTTLSV1_1)) |
||||
+ { |
||||
+ SSL_CTX_set_options(ssldata->ctx, SSL_OP_NO_TLSv1_1); |
||||
+ } |
||||
+#endif |
||||
+#ifdef SSL_OP_NO_TLSv1_2 |
||||
+ if (!option(OPTTLSV1_2)) |
||||
+ { |
||||
+ SSL_CTX_set_options(ssldata->ctx, SSL_OP_NO_TLSv1_2); |
||||
+ } |
||||
+#endif |
||||
|
||||
ssl_get_client_cert(ssldata, conn); |
||||
|
||||
@@ -303,6 +315,21 @@ static int ssl_socket_open (CONNECTION * |
||||
{ |
||||
SSL_CTX_set_options(data->ctx, SSL_OP_NO_TLSv1); |
||||
} |
||||
+ /* TLSv1.1/1.2 support was added in OpenSSL 1.0.1, but some OS distros such |
||||
+ * as Fedora 17 are on OpenSSL 1.0.0. |
||||
+ */ |
||||
+#ifdef SSL_OP_NO_TLSv1_1 |
||||
+ if (!option(OPTTLSV1_1)) |
||||
+ { |
||||
+ SSL_CTX_set_options(data->ctx, SSL_OP_NO_TLSv1_1); |
||||
+ } |
||||
+#endif |
||||
+#ifdef SSL_OP_NO_TLSv1_2 |
||||
+ if (!option(OPTTLSV1_2)) |
||||
+ { |
||||
+ SSL_CTX_set_options(data->ctx, SSL_OP_NO_TLSv1_2); |
||||
+ } |
||||
+#endif |
||||
if (!option(OPTSSLV2)) |
||||
{ |
||||
SSL_CTX_set_options(data->ctx, SSL_OP_NO_SSLv2); |
||||
diff -up mutt-1.5.21/mutt_ssl_gnutls.c.tlsv1v2 mutt-1.5.21/mutt_ssl_gnutls.c |
||||
--- mutt-1.5.21/mutt_ssl_gnutls.c.tlsv1v2 2013-06-27 12:46:14.123389035 +0200 |
||||
+++ mutt-1.5.21/mutt_ssl_gnutls.c 2013-06-27 12:47:28.018387743 +0200 |
||||
@@ -238,7 +238,11 @@ err_crt: |
||||
gnutls_x509_crt_deinit (clientcrt); |
||||
} |
||||
|
||||
-static int protocol_priority[] = {GNUTLS_TLS1, GNUTLS_SSL3, 0}; |
||||
+/* This array needs to be large enough to hold all the possible values support |
||||
+ * by Mutt. The initialized values are just placeholders--the array gets |
||||
+ * overwrriten in tls_negotiate() depending on the $ssl_use_* options. |
||||
+ */ |
||||
+static int protocol_priority[] = {GNUTLS_TLS1_2, GNUTLS_TLS1_1, GNUTLS_TLS1, GNUTLS_SSL3, 0}; |
||||
|
||||
/* tls_negotiate: After TLS state has been initialised, attempt to negotiate |
||||
* TLS over the wire, including certificate checks. */ |
||||
@@ -246,6 +250,7 @@ static int tls_negotiate (CONNECTION * c |
||||
{ |
||||
tlssockdata *data; |
||||
int err; |
||||
+ size_t nproto = 0; /* number of tls/ssl protocols */ |
||||
|
||||
data = (tlssockdata *) safe_calloc (1, sizeof (tlssockdata)); |
||||
conn->sockdata = data; |
||||
@@ -286,22 +291,22 @@ static int tls_negotiate (CONNECTION * c |
||||
/* set socket */ |
||||
gnutls_transport_set_ptr (data->state, (gnutls_transport_ptr)conn->fd); |
||||
|
||||
+ if (option(OPTTLSV1_2)) |
||||
+ protocol_priority[nproto++] = GNUTLS_TLS1_2; |
||||
+ if (option(OPTTLSV1_1)) |
||||
+ protocol_priority[nproto++] = GNUTLS_TLS1_1; |
||||
+ if (option(OPTTLSV1)) |
||||
+ protocol_priority[nproto++] = GNUTLS_TLS1; |
||||
+ if (option(OPTSSLV3)) |
||||
+ protocol_priority[nproto++] = GNUTLS_SSL3; |
||||
+ protocol_priority[nproto] = 0; |
||||
+ |
||||
/* disable TLS/SSL protocols as needed */ |
||||
- if (!option(OPTTLSV1) && !option(OPTSSLV3)) |
||||
+ if (nproto == 0) |
||||
{ |
||||
mutt_error (_("All available protocols for TLS/SSL connection disabled")); |
||||
goto fail; |
||||
} |
||||
- else if (!option(OPTTLSV1)) |
||||
- { |
||||
- protocol_priority[0] = GNUTLS_SSL3; |
||||
- protocol_priority[1] = 0; |
||||
- } |
||||
- else if (!option(OPTSSLV3)) |
||||
- { |
||||
- protocol_priority[0] = GNUTLS_TLS1; |
||||
- protocol_priority[1] = 0; |
||||
- } |
||||
/* |
||||
else |
||||
use the list set above |
@ -0,0 +1,24 @@
@@ -0,0 +1,24 @@
|
||||
# HG changeset patch |
||||
# User Brendan Cully <brendan@kublai.com> |
||||
# Date 1284573211 25200 |
||||
# Branch HEAD |
||||
# Node ID bd0afbb35c65a9e80c55636e214ca85890554ce1 |
||||
# Parent b42be44bb41a2bca21289aa10a490f58e6bbf044 |
||||
Belatedly update UPDATING |
||||
|
||||
diff -r b42be44bb41a -r bd0afbb35c65 UPDATING |
||||
--- a/UPDATING Wed Sep 15 10:21:04 2010 -0700 |
||||
+++ b/UPDATING Wed Sep 15 10:53:31 2010 -0700 |
||||
@@ -4,8 +4,11 @@ |
||||
The keys used are: |
||||
!: modified feature, -: deleted feature, +: new feature |
||||
|
||||
-hg tip: |
||||
+1.5.21 (2010-09-15): |
||||
|
||||
+ + $mail_check_recent controls whether all unread mail or only new mail |
||||
+ since the last mailbox visit will be reported as new |
||||
+ + %D format expando for $folder_format |
||||
! $thorough_search defaults to yes |
||||
+ imap-logout-all closes all open IMAP connections |
||||
! header/body cache paths are always UTF-8 |
@ -0,0 +1,48 @@
@@ -0,0 +1,48 @@
|
||||
Function gnutls_certificate_verify_peers is deprecated so we should |
||||
rather use gnutls_certificate_verify_peers2. This is a fix applied |
||||
by upstream. |
||||
Upstream bug report: http://dev.mutt.org/trac/ticket/3516 |
||||
|
||||
diff -up mutt-1.5.21/mutt_ssl_gnutls.c.verpeers mutt-1.5.21/mutt_ssl_gnutls.c |
||||
--- mutt-1.5.21/mutt_ssl_gnutls.c.verpeers 2013-03-04 15:19:56.144838094 +0100 |
||||
+++ mutt-1.5.21/mutt_ssl_gnutls.c 2013-03-04 15:19:56.378838087 +0100 |
||||
@@ -946,22 +946,23 @@ static int tls_check_one_certificate (co |
||||
/* sanity-checking wrapper for gnutls_certificate_verify_peers */ |
||||
static gnutls_certificate_status tls_verify_peers (gnutls_session tlsstate) |
||||
{ |
||||
- gnutls_certificate_status certstat; |
||||
+ int verify_ret; |
||||
+ unsigned int status; |
||||
|
||||
- certstat = gnutls_certificate_verify_peers (tlsstate); |
||||
- if (!certstat) |
||||
- return certstat; |
||||
+ verify_ret = gnutls_certificate_verify_peers2 (tlsstate, &status); |
||||
+ if (!verify_ret) |
||||
+ return status; |
||||
|
||||
- if (certstat == GNUTLS_E_NO_CERTIFICATE_FOUND) |
||||
+ if (status == GNUTLS_E_NO_CERTIFICATE_FOUND) |
||||
{ |
||||
mutt_error (_("Unable to get certificate from peer")); |
||||
mutt_sleep (2); |
||||
return 0; |
||||
} |
||||
- if (certstat < 0) |
||||
+ if (verify_ret < 0) |
||||
{ |
||||
mutt_error (_("Certificate verification error (%s)"), |
||||
- gnutls_strerror (certstat)); |
||||
+ gnutls_strerror (status)); |
||||
mutt_sleep (2); |
||||
return 0; |
||||
} |
||||
@@ -974,7 +975,7 @@ static gnutls_certificate_status tls_ver |
||||
return 0; |
||||
} |
||||
|
||||
- return certstat; |
||||
+ return status; |
||||
} |
||||
|
||||
static int tls_check_certificate (CONNECTION* conn) |
@ -0,0 +1,12 @@
@@ -0,0 +1,12 @@
|
||||
diff -up mutt-1.5.21/sendlib.c.writehead mutt-1.5.21/sendlib.c |
||||
--- mutt-1.5.21/sendlib.c.writehead 2012-06-25 14:41:34.681483226 +0200 |
||||
+++ mutt-1.5.21/sendlib.c 2012-06-25 14:41:44.485408610 +0200 |
||||
@@ -1799,7 +1799,7 @@ static int write_one_header (FILE *fp, i |
||||
else |
||||
{ |
||||
t = strchr (start, ':'); |
||||
- if (t > end) |
||||
+ if (t == NULL || t > end) |
||||
{ |
||||
dprint (1, (debugfile, "mwoh: warning: header not in " |
||||
"'key: value' format!\n")); |
Loading…
Reference in new issue