tuibuilder_pel7x64builder0
4 years ago
23 changed files with 1292 additions and 257 deletions
@ -0,0 +1,10 @@ |
|||||||
|
--- mutt-1.5.13/configure.nodotlock 2007-02-06 15:14:03.000000000 +0100 |
||||||
|
+++ mutt-1.5.13/configure 2007-02-06 15:14:04.000000000 +0100 |
||||||
|
@@ -12300,6 +12300,7 @@ |
||||||
|
{ |
||||||
|
struct stat s; |
||||||
|
|
||||||
|
+ return 1; |
||||||
|
stat ("$mutt_cv_mailpath", &s); |
||||||
|
if (s.st_mode & S_IWGRP) exit (0); |
||||||
|
exit (1); |
@ -0,0 +1,12 @@ |
|||||||
|
diff -up mutt-1.5.18/doc/Makefile.in.manual mutt-1.5.18/doc/Makefile.in |
||||||
|
diff -up mutt-1.5.18/init.h.manual mutt-1.5.18/init.h |
||||||
|
--- mutt-1.5.18/init.h.manual 2008-01-30 05:26:50.000000000 +0100 |
||||||
|
+++ mutt-1.5.18/init.h 2008-05-19 11:05:02.000000000 +0200 |
||||||
|
@@ -19,7 +19,6 @@ |
||||||
|
|
||||||
|
#ifdef _MAKEDOC |
||||||
|
# include "config.h" |
||||||
|
-# include "doc/makedoc-defs.h" |
||||||
|
#else |
||||||
|
# include "sort.h" |
||||||
|
#endif |
@ -0,0 +1,20 @@ |
|||||||
|
diff -up mutt-1.5.18/doc/Muttrc.head.muttrc mutt-1.5.18/doc/Muttrc.head |
||||||
|
--- mutt-1.5.18/doc/Muttrc.head.muttrc 2008-01-30 05:26:50.000000000 +0100 |
||||||
|
+++ mutt-1.5.18/doc/Muttrc.head 2008-05-19 10:58:21.000000000 +0200 |
||||||
|
@@ -19,11 +19,15 @@ macro index,pager,attach,compose \cb "\ |
||||||
|
|
||||||
|
# Show documentation when pressing F1 |
||||||
|
macro generic,pager <F1> "<shell-escape> less @docdir@/manual.txt<Enter>" "show Mutt documentation" |
||||||
|
+# and also F2, as some terminals use F1 |
||||||
|
+macro generic,pager <F2> "<shell-escape> less @docdir@/manual.txt<Enter>" "show Mutt documentation" |
||||||
|
|
||||||
|
# show the incoming mailboxes list (just like "mutt -y") and back when pressing "y" |
||||||
|
macro index,pager y "<change-folder>?<toggle-mailboxes>" "show incoming mailboxes list" |
||||||
|
bind browser y exit |
||||||
|
|
||||||
|
+bind editor <delete> delete-char |
||||||
|
+ |
||||||
|
# If Mutt is unable to determine your site's domain name correctly, you can |
||||||
|
# set the default here. |
||||||
|
# |
||||||
|
diff -up mutt-1.5.18/contrib/sample.muttrc mutt-1.5.18/contrib/sample |
@ -0,0 +1,11 @@ |
|||||||
|
diff -up mutt/copy.c.cve-2014-0467 mutt/copy.c |
||||||
|
--- mutt/copy.c.cve-2014-0467 2009-12-14 19:24:59.000000000 +0100 |
||||||
|
+++ mutt/copy.c 2014-03-13 10:29:13.844051152 +0100 |
||||||
|
@@ -254,6 +254,7 @@ mutt_copy_hdr (FILE *in, FILE *out, LOFF |
||||||
|
{ |
||||||
|
if (!address_header_decode (&this_one)) |
||||||
|
rfc2047_decode (&this_one); |
||||||
|
+ this_one_len = mutt_strlen (this_one); |
||||||
|
} |
||||||
|
|
||||||
|
if (!headers[x]) |
@ -0,0 +1,13 @@ |
|||||||
|
--- mutt/init.c 2009-12-14 19:24:59.000000000 +0100 |
||||||
|
+++ mutt/init.c.new 2016-10-19 16:00:26.065999981 +0200 |
||||||
|
@@ -2928,9 +2928,8 @@ void mutt_init (int skip_sys_rc, LIST *c |
||||||
|
#define DOMAIN buffer |
||||||
|
if (!p && getdnsdomainname (buffer, sizeof (buffer)) == -1) |
||||||
|
Fqdn = safe_strdup ("@"); |
||||||
|
- else |
||||||
|
#endif /* DOMAIN */ |
||||||
|
- if (*DOMAIN != '@') |
||||||
|
+ if (strlen(DOMAIN) > 0 && *DOMAIN != '@') |
||||||
|
{ |
||||||
|
Fqdn = safe_malloc (mutt_strlen (DOMAIN) + mutt_strlen (Hostname) + 2); |
||||||
|
sprintf (Fqdn, "%s.%s", NONULL(Hostname), DOMAIN); /* __SPRINTF_CHECKED__ */ |
@ -0,0 +1,12 @@ |
|||||||
|
diff -rup mutt-17a4f92e4a95-orig/init.h mutt-17a4f92e4a95-new/init.h |
||||||
|
--- mutt-17a4f92e4a95-orig/init.h 2015-06-07 22:59:32.000000000 +0200 |
||||||
|
+++ mutt-17a4f92e4a95-new/init.h 2015-06-25 15:28:56.095570332 +0200 |
||||||
|
@@ -2989,7 +2989,7 @@ struct option_t MuttVars[] = { |
||||||
|
*/ |
||||||
|
#if defined(USE_SSL) |
||||||
|
#ifdef USE_SSL_GNUTLS |
||||||
|
- { "ssl_ca_certificates_file", DT_PATH, R_NONE, UL &SslCACertFile, 0 }, |
||||||
|
+ { "ssl_ca_certificates_file", DT_PATH, R_NONE, UL &SslCACertFile, "/etc/pki/tls/certs/ca-bundle.crt" }, |
||||||
|
/* |
||||||
|
** .pp |
||||||
|
** This variable specifies a file containing trusted CA certificates. |
@ -0,0 +1,28 @@ |
|||||||
|
diff -up mutt-1.5.21/contrib/Makefile.am.cabundle mutt-1.5.21/contrib/Makefile.am |
||||||
|
--- mutt-1.5.21/contrib/Makefile.am.cabundle 2008-03-19 21:07:06.000000000 +0100 |
||||||
|
+++ mutt-1.5.21/contrib/Makefile.am 2011-11-02 12:47:34.143534053 +0100 |
||||||
|
@@ -5,7 +5,7 @@ subdir = contrib |
||||||
|
SAMPLES = Mush.rc Pine.rc gpg.rc pgp2.rc pgp5.rc pgp6.rc Tin.rc \ |
||||||
|
sample.muttrc sample.mailcap sample.muttrc-tlr \ |
||||||
|
colors.default colors.linux smime.rc \ |
||||||
|
- ca-bundle.crt smime_keys_test.pl mutt_xtitle |
||||||
|
+ smime_keys_test.pl mutt_xtitle |
||||||
|
|
||||||
|
EXTRA_DIST = language.txt language50.txt \ |
||||||
|
patch.slang-1.2.2.keypad.1 \ |
||||||
|
diff -up mutt-1.5.21/doc/smime-notes.txt.cabundle mutt-1.5.21/doc/smime-notes.txt |
||||||
|
--- mutt-1.5.21/doc/smime-notes.txt.cabundle 2011-11-02 12:53:56.808750080 +0100 |
||||||
|
+++ mutt-1.5.21/doc/smime-notes.txt 2011-11-02 12:57:46.225881970 +0100 |
||||||
|
@@ -40,8 +40,10 @@ How to add use mutt's S/MIME capabilitie |
||||||
|
- Edit the smime_sign_as line in your muttrc, replacing the keyid with your |
||||||
|
own. |
||||||
|
|
||||||
|
-- You probably want to import the trusted roots in |
||||||
|
- contrib/ca-bundle.crt. This makes you trust anything that was ultimately |
||||||
|
+- There is no more ca-bundle.crt file with the trusted roots to import shipped |
||||||
|
+ in mutt. The upstream file is out-dated and user is encouraged to use |
||||||
|
+ ca-bundle.crt from ca-certificate pacakge. |
||||||
|
+ This makes you trust anything that was ultimately |
||||||
|
signed by one of them. You can use "smime_keys add_root" to do so, or |
||||||
|
just copy ca-bundle.crt into the place you point mutt's smime_ca_location |
||||||
|
variable to. |
@ -0,0 +1,22 @@ |
|||||||
|
diff -up mutt-1.5.21/mutt_ssl_gnutls.c.testcert mutt-1.5.21/mutt_ssl_gnutls.c |
||||||
|
--- mutt-1.5.21/mutt_ssl_gnutls.c.testcert 2010-08-25 18:31:40.000000000 +0200 |
||||||
|
+++ mutt-1.5.21/mutt_ssl_gnutls.c 2013-11-04 14:15:33.956762683 +0100 |
||||||
|
@@ -434,8 +434,16 @@ static int tls_compare_certificates (con |
||||||
|
return 0; |
||||||
|
} |
||||||
|
|
||||||
|
- ptr = (unsigned char *)strstr((char*)b64_data.data, CERT_SEP) + 1; |
||||||
|
- ptr = (unsigned char *)strstr((char*)ptr, CERT_SEP); |
||||||
|
+ /* find start of cert, skipping junk */ |
||||||
|
+ ptr = (unsigned char *)strstr((char*)b64_data.data, CERT_SEP); |
||||||
|
+ if (!ptr) |
||||||
|
+ { |
||||||
|
+ gnutls_free(cert.data); |
||||||
|
+ FREE (&b64_data_data); |
||||||
|
+ return 0; |
||||||
|
+ } |
||||||
|
+ /* find start of next cert */ |
||||||
|
+ ptr = (unsigned char *)strstr((char*)ptr + 1, CERT_SEP); |
||||||
|
|
||||||
|
b64_data.size = b64_data.size - (ptr - b64_data.data); |
||||||
|
b64_data.data = ptr; |
@ -0,0 +1,128 @@ |
|||||||
|
From 185152818541f5cdc059cbff3f3e8b654fc27c1d Mon Sep 17 00:00:00 2001 |
||||||
|
From: Kevin McCarthy <kevin@8t8.us> |
||||||
|
Date: Sat, 7 Jul 2018 19:03:44 -0700 |
||||||
|
Subject: [PATCH] Properly quote IMAP mailbox names when (un)subscribing. |
||||||
|
|
||||||
|
When handling automatic subscription (via $imap_check_subscribed), or |
||||||
|
manual subscribe/unsubscribe commands, mutt generating a "mailboxes" |
||||||
|
command but failed to properly escape backquotes. |
||||||
|
|
||||||
|
Thanks to Jeriko One for the detailed bug report and patch, which this |
||||||
|
commit is based upon. |
||||||
|
--- |
||||||
|
imap/command.c | 5 +++-- |
||||||
|
imap/imap.c | 7 +++++-- |
||||||
|
imap/imap_private.h | 3 ++- |
||||||
|
imap/util.c | 25 ++++++++++++++++++++----- |
||||||
|
4 files changed, 30 insertions(+), 10 deletions(-) |
||||||
|
|
||||||
|
diff --git a/imap/command.c b/imap/command.c |
||||||
|
index c8825981..c79d4f28 100644 |
||||||
|
--- a/imap/command.c |
||||||
|
+++ b/imap/command.c |
||||||
|
@@ -842,8 +842,9 @@ static void cmd_parse_lsub (IMAP_DATA* idata, char* s) |
||||||
|
|
||||||
|
strfcpy (buf, "mailboxes \"", sizeof (buf)); |
||||||
|
mutt_account_tourl (&idata->conn->account, &url); |
||||||
|
- /* escape \ and " */ |
||||||
|
- imap_quote_string(errstr, sizeof (errstr), list.name); |
||||||
|
+ /* escape \ and ". Also escape ` because the resulting |
||||||
|
+ * string will be passed to mutt_parse_rc_line. */ |
||||||
|
+ imap_quote_string_and_backquotes (errstr, sizeof (errstr), list.name); |
||||||
|
url.path = errstr + 1; |
||||||
|
url.path[strlen(url.path) - 1] = '\0'; |
||||||
|
if (!mutt_strcmp (url.user, ImapUser)) |
||||||
|
diff --git a/imap/imap.c b/imap/imap.c |
||||||
|
index 668203b8..c3a8ffd0 100644 |
||||||
|
--- a/imap/imap.c |
||||||
|
+++ b/imap/imap.c |
||||||
|
@@ -1930,6 +1930,7 @@ int imap_subscribe (char *path, int subscribe) |
||||||
|
char buf[LONG_STRING]; |
||||||
|
char mbox[LONG_STRING]; |
||||||
|
char errstr[STRING]; |
||||||
|
+ int mblen; |
||||||
|
BUFFER err, token; |
||||||
|
IMAP_MBOX mx; |
||||||
|
|
||||||
|
@@ -1951,8 +1952,10 @@ int imap_subscribe (char *path, int subscribe) |
||||||
|
memset (&token, 0, sizeof (token)); |
||||||
|
err.data = errstr; |
||||||
|
err.dsize = sizeof (errstr); |
||||||
|
- snprintf (mbox, sizeof (mbox), "%smailboxes \"%s\"", |
||||||
|
- subscribe ? "" : "un", path); |
||||||
|
+ mblen = snprintf (mbox, sizeof (mbox), "%smailboxes ", |
||||||
|
+ subscribe ? "" : "un"); |
||||||
|
+ imap_quote_string_and_backquotes (mbox + mblen, sizeof(mbox) - mblen, |
||||||
|
+ path); |
||||||
|
if (mutt_parse_rc_line (mbox, &token, &err)) |
||||||
|
dprint (1, (debugfile, "Error adding subscribed mailbox: %s\n", errstr)); |
||||||
|
FREE (&token.data); |
||||||
|
diff --git a/imap/imap_private.h b/imap/imap_private.h |
||||||
|
index 312fbfe4..349c5a49 100644 |
||||||
|
--- a/imap/imap_private.h |
||||||
|
+++ b/imap/imap_private.h |
||||||
|
@@ -301,7 +301,8 @@ char* imap_next_word (char* s); |
||||||
|
time_t imap_parse_date (char* s); |
||||||
|
void imap_make_date (char* buf, time_t timestamp); |
||||||
|
void imap_qualify_path (char *dest, size_t len, IMAP_MBOX *mx, char* path); |
||||||
|
-void imap_quote_string (char* dest, size_t slen, const char* src); |
||||||
|
+void imap_quote_string (char* dest, size_t dlen, const char* src); |
||||||
|
+void imap_quote_string_and_backquotes (char *dest, size_t dlen, const char *src); |
||||||
|
void imap_unquote_string (char* s); |
||||||
|
void imap_munge_mbox_name (char *dest, size_t dlen, const char *src); |
||||||
|
void imap_unmunge_mbox_name (char *s); |
||||||
|
diff --git a/imap/util.c b/imap/util.c |
||||||
|
index 914c93c3..3274a70c 100644 |
||||||
|
--- a/imap/util.c |
||||||
|
+++ b/imap/util.c |
||||||
|
@@ -608,11 +608,10 @@ void imap_qualify_path (char *dest, size_t len, IMAP_MBOX *mx, char* path) |
||||||
|
} |
||||||
|
|
||||||
|
|
||||||
|
-/* imap_quote_string: quote string according to IMAP rules: |
||||||
|
- * surround string with quotes, escape " and \ with \ */ |
||||||
|
-void imap_quote_string (char *dest, size_t dlen, const char *src) |
||||||
|
+static void _imap_quote_string (char *dest, size_t dlen, const char *src, |
||||||
|
+ const char *to_quote) |
||||||
|
{ |
||||||
|
- char quote[] = "\"\\", *pt; |
||||||
|
+ char *pt; |
||||||
|
const char *s; |
||||||
|
|
||||||
|
pt = dest; |
||||||
|
@@ -625,7 +623,7 @@ void imap_quote_string (char *dest, size_t dlen, const char *src) |
||||||
|
|
||||||
|
for (; *s && dlen; s++) |
||||||
|
{ |
||||||
|
- if (strchr (quote, *s)) |
||||||
|
+ if (strchr (to_quote, *s)) |
||||||
|
{ |
||||||
|
dlen -= 2; |
||||||
|
if (!dlen) |
||||||
|
@@ -643,6 +641,23 @@ void imap_quote_string (char *dest, size_t dlen, const char *src) |
||||||
|
*pt = 0; |
||||||
|
} |
||||||
|
|
||||||
|
+/* imap_quote_string: quote string according to IMAP rules: |
||||||
|
+ * surround string with quotes, escape " and \ with \ */ |
||||||
|
+void imap_quote_string (char *dest, size_t dlen, const char *src) |
||||||
|
+{ |
||||||
|
+ _imap_quote_string (dest, dlen, src, "\"\\"); |
||||||
|
+} |
||||||
|
+ |
||||||
|
+/* imap_quote_string_and_backquotes: quote string according to IMAP rules: |
||||||
|
+ * surround string with quotes, escape " and \ with \. |
||||||
|
+ * Additionally, escape backquotes with \ to protect against code injection |
||||||
|
+ * when using the resulting string in mutt_parse_rc_line(). |
||||||
|
+ */ |
||||||
|
+void imap_quote_string_and_backquotes (char *dest, size_t dlen, const char *src) |
||||||
|
+{ |
||||||
|
+ _imap_quote_string (dest, dlen, src, "\"\\`"); |
||||||
|
+} |
||||||
|
+ |
||||||
|
/* imap_unquote_string: equally stupid unquoting routine */ |
||||||
|
void imap_unquote_string (char *s) |
||||||
|
{ |
||||||
|
-- |
||||||
|
2.18.0 |
||||||
|
|
@ -0,0 +1,100 @@ |
|||||||
|
From 6aed28b40a0410ec47d40c8c7296d8d10bae7576 Mon Sep 17 00:00:00 2001 |
||||||
|
From: Kevin McCarthy <kevin@8t8.us> |
||||||
|
Date: Fri, 13 Jul 2018 11:16:33 -0700 |
||||||
|
Subject: [PATCH] Sanitize POP bcache paths. |
||||||
|
|
||||||
|
Protect against bcache directory path traversal for UID values. |
||||||
|
|
||||||
|
Thanks for Jeriko One for the bug report and patch, which this commit |
||||||
|
is based upon. |
||||||
|
--- |
||||||
|
pop.c | 31 +++++++++++++++++++++++++------ |
||||||
|
1 file changed, 25 insertions(+), 6 deletions(-) |
||||||
|
|
||||||
|
diff --git a/pop.c b/pop.c |
||||||
|
index d9d95fbe..288166de 100644 |
||||||
|
--- a/pop.c |
||||||
|
+++ b/pop.c |
||||||
|
@@ -40,6 +40,25 @@ |
||||||
|
#define HC_FEXT "hcache" /* extension for hcache as POP lacks paths */ |
||||||
|
#endif |
||||||
|
|
||||||
|
+/** |
||||||
|
+ * cache_id - Make a message-cache-compatible id |
||||||
|
+ * @param id POP message id |
||||||
|
+ * @retval ptr Sanitised string |
||||||
|
+ * |
||||||
|
+ * The POP message id may contain '/' and other awkward characters. |
||||||
|
+ * |
||||||
|
+ * @note This function returns a pointer to a static buffer. |
||||||
|
+ */ |
||||||
|
+static const char *cache_id(const char *id) |
||||||
|
+{ |
||||||
|
+ static char clean[SHORT_STRING]; |
||||||
|
+ |
||||||
|
+ strfcpy (clean, id, sizeof(clean)); |
||||||
|
+ mutt_sanitize_filename (clean, 1); |
||||||
|
+ |
||||||
|
+ return clean; |
||||||
|
+} |
||||||
|
+ |
||||||
|
/* write line to file */ |
||||||
|
static int fetch_message (char *line, void *file) |
||||||
|
{ |
||||||
|
@@ -205,7 +224,7 @@ static int msg_cache_check (const char *id, body_cache_t *bcache, void *data) |
||||||
|
/* message not found in context -> remove it from cache |
||||||
|
* return the result of bcache, so we stop upon its first error |
||||||
|
*/ |
||||||
|
- return mutt_bcache_del (bcache, id); |
||||||
|
+ return mutt_bcache_del (bcache, cache_id (id)); |
||||||
|
} |
||||||
|
|
||||||
|
#ifdef USE_HCACHE |
||||||
|
@@ -355,7 +374,7 @@ static int pop_fetch_headers (CONTEXT *ctx) |
||||||
|
* - if we also have a body: read |
||||||
|
* - if we don't have a body: new |
||||||
|
*/ |
||||||
|
- bcached = mutt_bcache_exists (pop_data->bcache, ctx->hdrs[i]->data) == 0; |
||||||
|
+ bcached = mutt_bcache_exists (pop_data->bcache, cache_id (ctx->hdrs[i]->data)) == 0; |
||||||
|
ctx->hdrs[i]->old = 0; |
||||||
|
ctx->hdrs[i]->read = 0; |
||||||
|
if (hcached) |
||||||
|
@@ -531,7 +550,7 @@ static int pop_fetch_message (CONTEXT* ctx, MESSAGE* msg, int msgno) |
||||||
|
unsigned short bcache = 1; |
||||||
|
|
||||||
|
/* see if we already have the message in body cache */ |
||||||
|
- if ((msg->fp = mutt_bcache_get (pop_data->bcache, h->data))) |
||||||
|
+ if ((msg->fp = mutt_bcache_get (pop_data->bcache, cache_id (h->data)))) |
||||||
|
return 0; |
||||||
|
|
||||||
|
/* |
||||||
|
@@ -578,7 +597,7 @@ static int pop_fetch_message (CONTEXT* ctx, MESSAGE* msg, int msgno) |
||||||
|
M_PROGRESS_SIZE, NetInc, h->content->length + h->content->offset - 1); |
||||||
|
|
||||||
|
/* see if we can put in body cache; use our cache as fallback */ |
||||||
|
- if (!(msg->fp = mutt_bcache_put (pop_data->bcache, h->data, 1))) |
||||||
|
+ if (!(msg->fp = mutt_bcache_put (pop_data->bcache, cache_id (h->data), 1))) |
||||||
|
{ |
||||||
|
/* no */ |
||||||
|
bcache = 0; |
||||||
|
@@ -624,7 +643,7 @@ static int pop_fetch_message (CONTEXT* ctx, MESSAGE* msg, int msgno) |
||||||
|
* portion of the headers, those required for the main display. |
||||||
|
*/ |
||||||
|
if (bcache) |
||||||
|
- mutt_bcache_commit (pop_data->bcache, h->data); |
||||||
|
+ mutt_bcache_commit (pop_data->bcache, cache_id (h->data)); |
||||||
|
else |
||||||
|
{ |
||||||
|
cache->index = h->index; |
||||||
|
@@ -704,7 +723,7 @@ static int pop_sync_mailbox (CONTEXT *ctx, int *index_hint) |
||||||
|
snprintf (buf, sizeof (buf), "DELE %d\r\n", ctx->hdrs[i]->refno); |
||||||
|
if ((ret = pop_query (pop_data, buf, sizeof (buf))) == 0) |
||||||
|
{ |
||||||
|
- mutt_bcache_del (pop_data->bcache, ctx->hdrs[i]->data); |
||||||
|
+ mutt_bcache_del (pop_data->bcache, cache_id (ctx->hdrs[i]->data)); |
||||||
|
#if USE_HCACHE |
||||||
|
mutt_hcache_delete (hc, ctx->hdrs[i]->data, strlen); |
||||||
|
#endif |
||||||
|
-- |
||||||
|
2.18.0 |
||||||
|
|
@ -0,0 +1,26 @@ |
|||||||
|
diff -up mutt-1.5.21/init.c.gpgme-1.2.0 mutt-1.5.21/init.c |
||||||
|
--- mutt-1.5.21/init.c.gpgme-1.2.0 2010-08-25 18:31:40.000000000 +0200 |
||||||
|
+++ mutt-1.5.21/init.c 2011-10-26 10:29:12.166967476 +0200 |
||||||
|
@@ -52,6 +52,10 @@ |
||||||
|
#include <sys/wait.h> |
||||||
|
#include <sys/time.h> |
||||||
|
|
||||||
|
+#if defined(CRYPT_BACKEND_GPGME) |
||||||
|
+#include <gpgme.h> |
||||||
|
+#endif |
||||||
|
+ |
||||||
|
#define CHECK_PAGER \ |
||||||
|
if ((CurrentMenu == MENU_PAGER) && (idx >= 0) && \ |
||||||
|
(MuttVars[idx].flags & R_RESORT)) \ |
||||||
|
@@ -3143,6 +3147,11 @@ void mutt_init (int skip_sys_rc, LIST *c |
||||||
|
|
||||||
|
mutt_read_histfile (); |
||||||
|
|
||||||
|
+#ifdef CRYPT_BACKEND_GPGME |
||||||
|
+ /* needed since version 1.2.0, ticket #3300 */ |
||||||
|
+ gpgme_check_version (NULL); |
||||||
|
+#endif |
||||||
|
+ |
||||||
|
#if 0 |
||||||
|
set_option (OPTWEED); /* turn weeding on by default */ |
||||||
|
#endif |
@ -0,0 +1,59 @@ |
|||||||
|
diff -up mutt-1.5.21/imap/message.c.hdrcnt mutt-1.5.21/imap/message.c |
||||||
|
--- mutt-1.5.21/imap/message.c.hdrcnt 2010-08-24 18:34:21.000000000 +0200 |
||||||
|
+++ mutt-1.5.21/imap/message.c 2011-06-13 15:44:08.268380854 +0200 |
||||||
|
@@ -65,7 +65,7 @@ int imap_read_headers (IMAP_DATA* idata, |
||||||
|
char *hdrreq = NULL; |
||||||
|
FILE *fp; |
||||||
|
char tempfile[_POSIX_PATH_MAX]; |
||||||
|
- int msgno, idx; |
||||||
|
+ int msgno, idx = msgbegin - 1; |
||||||
|
IMAP_HEADER h; |
||||||
|
IMAP_STATUS* status; |
||||||
|
int rc, mfhrc, oldmsgcount; |
||||||
|
@@ -185,7 +185,7 @@ int imap_read_headers (IMAP_DATA* idata, |
||||||
|
continue; |
||||||
|
} |
||||||
|
|
||||||
|
- idx = h.sid - 1; |
||||||
|
+ idx++; |
||||||
|
ctx->hdrs[idx] = imap_hcache_get (idata, h.data->uid); |
||||||
|
if (ctx->hdrs[idx]) |
||||||
|
{ |
||||||
|
@@ -211,6 +211,7 @@ int imap_read_headers (IMAP_DATA* idata, |
||||||
|
dprint (3, (debugfile, "bad cache entry at %d, giving up\n", h.sid - 1)); |
||||||
|
imap_free_header_data((void**) (void*) &h.data); |
||||||
|
evalhc = 0; |
||||||
|
+ idx--; |
||||||
|
} |
||||||
|
} |
||||||
|
while (rc != IMAP_CMD_OK && mfhrc == -1); |
||||||
|
@@ -273,18 +274,20 @@ int imap_read_headers (IMAP_DATA* idata, |
||||||
|
{ |
||||||
|
dprint (2, (debugfile, "msg_fetch_header: ignoring fetch response with no body\n")); |
||||||
|
mfhrc = -1; |
||||||
|
+ msgend--; |
||||||
|
continue; |
||||||
|
} |
||||||
|
|
||||||
|
/* make sure we don't get remnants from older larger message headers */ |
||||||
|
fputs ("\n\n", fp); |
||||||
|
|
||||||
|
- idx = h.sid - 1; |
||||||
|
+ idx++; |
||||||
|
if (idx > msgend) |
||||||
|
{ |
||||||
|
dprint (1, (debugfile, "imap_read_headers: skipping FETCH response for " |
||||||
|
"unknown message number %d\n", h.sid)); |
||||||
|
mfhrc = -1; |
||||||
|
+ idx--; |
||||||
|
continue; |
||||||
|
} |
||||||
|
/* May receive FLAGS updates in a separate untagged response (#2935) */ |
||||||
|
@@ -292,6 +295,7 @@ int imap_read_headers (IMAP_DATA* idata, |
||||||
|
{ |
||||||
|
dprint (2, (debugfile, "imap_read_headers: message %d is not new\n", |
||||||
|
h.sid)); |
||||||
|
+ idx--; |
||||||
|
continue; |
||||||
|
} |
||||||
|
|
@ -0,0 +1,13 @@ |
|||||||
|
diff -up mutt-1.5.21/crypt-gpgme.c.notation mutt-1.5.21/crypt-gpgme.c |
||||||
|
--- mutt-1.5.21/crypt-gpgme.c.notation 2012-04-25 10:26:20.589226791 +0200 |
||||||
|
+++ mutt-1.5.21/crypt-gpgme.c 2012-04-25 10:28:02.075915855 +0200 |
||||||
|
@@ -72,7 +72,8 @@ |
||||||
|
#define xtoi_2(p) ((xtoi_1(p) * 16) + xtoi_1((p)+1)) |
||||||
|
|
||||||
|
#define PKA_NOTATION_NAME "pka-address@gnupg.org" |
||||||
|
-#define is_pka_notation(notation) (! strcmp ((notation)->name, \ |
||||||
|
+#define is_pka_notation(notation) ((notation)->name && \ |
||||||
|
+ ! strcmp ((notation)->name, \ |
||||||
|
PKA_NOTATION_NAME)) |
||||||
|
|
||||||
|
/* Values used for comparing addresses. */ |
@ -0,0 +1,19 @@ |
|||||||
|
diff -up mutt/pop.c.pophash mutt/pop.c |
||||||
|
--- mutt/pop.c.pophash 2009-12-14 19:24:59.000000000 +0100 |
||||||
|
+++ mutt/pop.c 2011-10-04 16:51:23.307236908 +0200 |
||||||
|
@@ -618,8 +618,15 @@ int pop_fetch_message (MESSAGE* msg, CON |
||||||
|
} |
||||||
|
rewind (msg->fp); |
||||||
|
uidl = h->data; |
||||||
|
+ |
||||||
|
+ /* we replace envelop, key in subj_hash has to be updated as well */ |
||||||
|
+ if (ctx->subj_hash && h->env->real_subj) |
||||||
|
+ hash_delete (ctx->subj_hash, h->env->real_subj, h, NULL); |
||||||
|
mutt_free_envelope (&h->env); |
||||||
|
h->env = mutt_read_rfc822_header (msg->fp, h, 0, 0); |
||||||
|
+ if (ctx->subj_hash && h->env->real_subj) |
||||||
|
+ hash_insert (ctx->subj_hash, h->env->real_subj, h, 1); |
||||||
|
+ |
||||||
|
h->data = uidl; |
||||||
|
h->lines = 0; |
||||||
|
fgets (buf, sizeof (buf), msg->fp); |
@ -0,0 +1,12 @@ |
|||||||
|
diff -up mutt-1.5.21/imap/imap.c.syncdebug mutt-1.5.21/imap/imap.c |
||||||
|
--- mutt-1.5.21/imap/imap.c.syncdebug 2012-03-27 10:05:44.978962551 +0200 |
||||||
|
+++ mutt-1.5.21/imap/imap.c 2012-03-27 10:05:54.223252267 +0200 |
||||||
|
@@ -1128,7 +1128,7 @@ static int sync_helper (IMAP_DATA* idata |
||||||
|
|
||||||
|
char buf[LONG_STRING]; |
||||||
|
|
||||||
|
- if (!mutt_bit_isset (idata->ctx->rights, right)) |
||||||
|
+ if (!idata->ctx || !mutt_bit_isset (idata->ctx->rights, right)) |
||||||
|
return 0; |
||||||
|
|
||||||
|
if (right == M_ACL_WRITE && !imap_has_flag (idata->flags, name)) |
@ -0,0 +1,30 @@ |
|||||||
|
diff -up mutt-1.5.21/mutt_ssl_gnutls.c.old mutt-1.5.21/mutt_ssl_gnutls.c |
||||||
|
--- mutt-1.5.21/mutt_ssl_gnutls.c.old 2011-03-23 11:46:28.760386765 +0100 |
||||||
|
+++ mutt-1.5.21/mutt_ssl_gnutls.c 2011-03-23 14:34:45.839456449 +0100 |
||||||
|
@@ -978,6 +978,7 @@ static int tls_check_certificate (CONNEC |
||||||
|
unsigned int cert_list_size = 0; |
||||||
|
gnutls_certificate_status certstat; |
||||||
|
int certerr, i, preauthrc, savedcert, rc = 0; |
||||||
|
+ int rcpeer; |
||||||
|
|
||||||
|
if (gnutls_auth_get_type (state) != GNUTLS_CRD_CERTIFICATE) |
||||||
|
{ |
||||||
|
@@ -1003,6 +1004,9 @@ static int tls_check_certificate (CONNEC |
||||||
|
for (i = 0; i < cert_list_size; i++) { |
||||||
|
rc = tls_check_preauth(&cert_list[i], certstat, conn->account.host, i, |
||||||
|
&certerr, &savedcert); |
||||||
|
+ if (i == 0) |
||||||
|
+ rcpeer = rc; |
||||||
|
+ |
||||||
|
preauthrc += rc; |
||||||
|
|
||||||
|
if (savedcert) |
||||||
|
@@ -1028,7 +1032,7 @@ static int tls_check_certificate (CONNEC |
||||||
|
dprint (1, (debugfile, "error trusting certificate %d: %d\n", i, rc)); |
||||||
|
|
||||||
|
certstat = tls_verify_peers (state); |
||||||
|
- if (!certstat) |
||||||
|
+ if (!certstat && !rcpeer) |
||||||
|
return 1; |
||||||
|
} |
||||||
|
} |
@ -0,0 +1,146 @@ |
|||||||
|
Some servers have problem when connection uses TLS 1.0 or SSL 3.0. |
||||||
|
Since openssl offers TLS 1.1 and 1.2, we would like to use these |
||||||
|
when connecting to server, while having ability to disable these |
||||||
|
protocols if needed. |
||||||
|
|
||||||
|
https://bugzilla.redhat.com/show_bug.cgi?id=957840 |
||||||
|
|
||||||
|
Upstream related bug report: |
||||||
|
http://dev.mutt.org/trac/ticket/3571 |
||||||
|
|
||||||
|
diff -up mutt-1.5.21/init.h.tlsv1v2 mutt-1.5.21/init.h |
||||||
|
--- mutt-1.5.21/init.h.tlsv1v2 2013-06-27 12:46:14.120389035 +0200 |
||||||
|
+++ mutt-1.5.21/init.h 2013-06-27 12:47:28.020387743 +0200 |
||||||
|
@@ -2970,6 +2970,18 @@ struct option_t MuttVars[] = { |
||||||
|
** This variable specifies whether to attempt to use TLSv1 in the |
||||||
|
** SSL authentication process. |
||||||
|
*/ |
||||||
|
+ { "ssl_use_tlsv1_1", DT_BOOL, R_NONE, OPTTLSV1_1, 1 }, |
||||||
|
+ /* |
||||||
|
+ ** .pp |
||||||
|
+ ** This variable specifies whether to attempt to use TLSv1.1 in the |
||||||
|
+ ** SSL authentication process. |
||||||
|
+ */ |
||||||
|
+ { "ssl_use_tlsv1_2", DT_BOOL, R_NONE, OPTTLSV1_2, 1 }, |
||||||
|
+ /* |
||||||
|
+ ** .pp |
||||||
|
+ ** This variable specifies whether to attempt to use TLSv1.2 in the |
||||||
|
+ ** SSL authentication process. |
||||||
|
+ */ |
||||||
|
#ifdef USE_SSL_OPENSSL |
||||||
|
{ "ssl_usesystemcerts", DT_BOOL, R_NONE, OPTSSLSYSTEMCERTS, 1 }, |
||||||
|
/* |
||||||
|
diff -up mutt-1.5.21/mutt.h.tlsv1v2 mutt-1.5.21/mutt.h |
||||||
|
--- mutt-1.5.21/mutt.h.tlsv1v2 2010-09-13 19:19:55.000000000 +0200 |
||||||
|
+++ mutt-1.5.21/mutt.h 2013-06-27 12:47:28.020387743 +0200 |
||||||
|
@@ -376,6 +376,8 @@ enum |
||||||
|
# endif /* USE_SSL_GNUTLS */ |
||||||
|
OPTSSLV3, |
||||||
|
OPTTLSV1, |
||||||
|
+ OPTTLSV1_1, |
||||||
|
+ OPTTLSV1_2, |
||||||
|
OPTSSLFORCETLS, |
||||||
|
OPTSSLVERIFYDATES, |
||||||
|
OPTSSLVERIFYHOST, |
||||||
|
diff -up mutt-1.5.21/mutt_ssl.c.tlsv1v2 mutt-1.5.21/mutt_ssl.c |
||||||
|
--- mutt-1.5.21/mutt_ssl.c.tlsv1v2 2010-08-25 18:31:40.000000000 +0200 |
||||||
|
+++ mutt-1.5.21/mutt_ssl.c 2013-06-27 12:47:28.021387743 +0200 |
||||||
|
@@ -106,6 +106,18 @@ int mutt_ssl_starttls (CONNECTION* conn) |
||||||
|
dprint (1, (debugfile, "mutt_ssl_starttls: Error allocating SSL_CTX\n")); |
||||||
|
goto bail_ssldata; |
||||||
|
} |
||||||
|
+#ifdef SSL_OP_NO_TLSv1_1 |
||||||
|
+ if (!option(OPTTLSV1_1)) |
||||||
|
+ { |
||||||
|
+ SSL_CTX_set_options(ssldata->ctx, SSL_OP_NO_TLSv1_1); |
||||||
|
+ } |
||||||
|
+#endif |
||||||
|
+#ifdef SSL_OP_NO_TLSv1_2 |
||||||
|
+ if (!option(OPTTLSV1_2)) |
||||||
|
+ { |
||||||
|
+ SSL_CTX_set_options(ssldata->ctx, SSL_OP_NO_TLSv1_2); |
||||||
|
+ } |
||||||
|
+#endif |
||||||
|
|
||||||
|
ssl_get_client_cert(ssldata, conn); |
||||||
|
|
||||||
|
@@ -303,6 +315,21 @@ static int ssl_socket_open (CONNECTION * |
||||||
|
{ |
||||||
|
SSL_CTX_set_options(data->ctx, SSL_OP_NO_TLSv1); |
||||||
|
} |
||||||
|
+ /* TLSv1.1/1.2 support was added in OpenSSL 1.0.1, but some OS distros such |
||||||
|
+ * as Fedora 17 are on OpenSSL 1.0.0. |
||||||
|
+ */ |
||||||
|
+#ifdef SSL_OP_NO_TLSv1_1 |
||||||
|
+ if (!option(OPTTLSV1_1)) |
||||||
|
+ { |
||||||
|
+ SSL_CTX_set_options(data->ctx, SSL_OP_NO_TLSv1_1); |
||||||
|
+ } |
||||||
|
+#endif |
||||||
|
+#ifdef SSL_OP_NO_TLSv1_2 |
||||||
|
+ if (!option(OPTTLSV1_2)) |
||||||
|
+ { |
||||||
|
+ SSL_CTX_set_options(data->ctx, SSL_OP_NO_TLSv1_2); |
||||||
|
+ } |
||||||
|
+#endif |
||||||
|
if (!option(OPTSSLV2)) |
||||||
|
{ |
||||||
|
SSL_CTX_set_options(data->ctx, SSL_OP_NO_SSLv2); |
||||||
|
diff -up mutt-1.5.21/mutt_ssl_gnutls.c.tlsv1v2 mutt-1.5.21/mutt_ssl_gnutls.c |
||||||
|
--- mutt-1.5.21/mutt_ssl_gnutls.c.tlsv1v2 2013-06-27 12:46:14.123389035 +0200 |
||||||
|
+++ mutt-1.5.21/mutt_ssl_gnutls.c 2013-06-27 12:47:28.018387743 +0200 |
||||||
|
@@ -238,7 +238,11 @@ err_crt: |
||||||
|
gnutls_x509_crt_deinit (clientcrt); |
||||||
|
} |
||||||
|
|
||||||
|
-static int protocol_priority[] = {GNUTLS_TLS1, GNUTLS_SSL3, 0}; |
||||||
|
+/* This array needs to be large enough to hold all the possible values support |
||||||
|
+ * by Mutt. The initialized values are just placeholders--the array gets |
||||||
|
+ * overwrriten in tls_negotiate() depending on the $ssl_use_* options. |
||||||
|
+ */ |
||||||
|
+static int protocol_priority[] = {GNUTLS_TLS1_2, GNUTLS_TLS1_1, GNUTLS_TLS1, GNUTLS_SSL3, 0}; |
||||||
|
|
||||||
|
/* tls_negotiate: After TLS state has been initialised, attempt to negotiate |
||||||
|
* TLS over the wire, including certificate checks. */ |
||||||
|
@@ -246,6 +250,7 @@ static int tls_negotiate (CONNECTION * c |
||||||
|
{ |
||||||
|
tlssockdata *data; |
||||||
|
int err; |
||||||
|
+ size_t nproto = 0; /* number of tls/ssl protocols */ |
||||||
|
|
||||||
|
data = (tlssockdata *) safe_calloc (1, sizeof (tlssockdata)); |
||||||
|
conn->sockdata = data; |
||||||
|
@@ -286,22 +291,22 @@ static int tls_negotiate (CONNECTION * c |
||||||
|
/* set socket */ |
||||||
|
gnutls_transport_set_ptr (data->state, (gnutls_transport_ptr)conn->fd); |
||||||
|
|
||||||
|
+ if (option(OPTTLSV1_2)) |
||||||
|
+ protocol_priority[nproto++] = GNUTLS_TLS1_2; |
||||||
|
+ if (option(OPTTLSV1_1)) |
||||||
|
+ protocol_priority[nproto++] = GNUTLS_TLS1_1; |
||||||
|
+ if (option(OPTTLSV1)) |
||||||
|
+ protocol_priority[nproto++] = GNUTLS_TLS1; |
||||||
|
+ if (option(OPTSSLV3)) |
||||||
|
+ protocol_priority[nproto++] = GNUTLS_SSL3; |
||||||
|
+ protocol_priority[nproto] = 0; |
||||||
|
+ |
||||||
|
/* disable TLS/SSL protocols as needed */ |
||||||
|
- if (!option(OPTTLSV1) && !option(OPTSSLV3)) |
||||||
|
+ if (nproto == 0) |
||||||
|
{ |
||||||
|
mutt_error (_("All available protocols for TLS/SSL connection disabled")); |
||||||
|
goto fail; |
||||||
|
} |
||||||
|
- else if (!option(OPTTLSV1)) |
||||||
|
- { |
||||||
|
- protocol_priority[0] = GNUTLS_SSL3; |
||||||
|
- protocol_priority[1] = 0; |
||||||
|
- } |
||||||
|
- else if (!option(OPTSSLV3)) |
||||||
|
- { |
||||||
|
- protocol_priority[0] = GNUTLS_TLS1; |
||||||
|
- protocol_priority[1] = 0; |
||||||
|
- } |
||||||
|
/* |
||||||
|
else |
||||||
|
use the list set above |
@ -0,0 +1,24 @@ |
|||||||
|
# HG changeset patch |
||||||
|
# User Brendan Cully <brendan@kublai.com> |
||||||
|
# Date 1284573211 25200 |
||||||
|
# Branch HEAD |
||||||
|
# Node ID bd0afbb35c65a9e80c55636e214ca85890554ce1 |
||||||
|
# Parent b42be44bb41a2bca21289aa10a490f58e6bbf044 |
||||||
|
Belatedly update UPDATING |
||||||
|
|
||||||
|
diff -r b42be44bb41a -r bd0afbb35c65 UPDATING |
||||||
|
--- a/UPDATING Wed Sep 15 10:21:04 2010 -0700 |
||||||
|
+++ b/UPDATING Wed Sep 15 10:53:31 2010 -0700 |
||||||
|
@@ -4,8 +4,11 @@ |
||||||
|
The keys used are: |
||||||
|
!: modified feature, -: deleted feature, +: new feature |
||||||
|
|
||||||
|
-hg tip: |
||||||
|
+1.5.21 (2010-09-15): |
||||||
|
|
||||||
|
+ + $mail_check_recent controls whether all unread mail or only new mail |
||||||
|
+ since the last mailbox visit will be reported as new |
||||||
|
+ + %D format expando for $folder_format |
||||||
|
! $thorough_search defaults to yes |
||||||
|
+ imap-logout-all closes all open IMAP connections |
||||||
|
! header/body cache paths are always UTF-8 |
@ -0,0 +1,48 @@ |
|||||||
|
Function gnutls_certificate_verify_peers is deprecated so we should |
||||||
|
rather use gnutls_certificate_verify_peers2. This is a fix applied |
||||||
|
by upstream. |
||||||
|
Upstream bug report: http://dev.mutt.org/trac/ticket/3516 |
||||||
|
|
||||||
|
diff -up mutt-1.5.21/mutt_ssl_gnutls.c.verpeers mutt-1.5.21/mutt_ssl_gnutls.c |
||||||
|
--- mutt-1.5.21/mutt_ssl_gnutls.c.verpeers 2013-03-04 15:19:56.144838094 +0100 |
||||||
|
+++ mutt-1.5.21/mutt_ssl_gnutls.c 2013-03-04 15:19:56.378838087 +0100 |
||||||
|
@@ -946,22 +946,23 @@ static int tls_check_one_certificate (co |
||||||
|
/* sanity-checking wrapper for gnutls_certificate_verify_peers */ |
||||||
|
static gnutls_certificate_status tls_verify_peers (gnutls_session tlsstate) |
||||||
|
{ |
||||||
|
- gnutls_certificate_status certstat; |
||||||
|
+ int verify_ret; |
||||||
|
+ unsigned int status; |
||||||
|
|
||||||
|
- certstat = gnutls_certificate_verify_peers (tlsstate); |
||||||
|
- if (!certstat) |
||||||
|
- return certstat; |
||||||
|
+ verify_ret = gnutls_certificate_verify_peers2 (tlsstate, &status); |
||||||
|
+ if (!verify_ret) |
||||||
|
+ return status; |
||||||
|
|
||||||
|
- if (certstat == GNUTLS_E_NO_CERTIFICATE_FOUND) |
||||||
|
+ if (status == GNUTLS_E_NO_CERTIFICATE_FOUND) |
||||||
|
{ |
||||||
|
mutt_error (_("Unable to get certificate from peer")); |
||||||
|
mutt_sleep (2); |
||||||
|
return 0; |
||||||
|
} |
||||||
|
- if (certstat < 0) |
||||||
|
+ if (verify_ret < 0) |
||||||
|
{ |
||||||
|
mutt_error (_("Certificate verification error (%s)"), |
||||||
|
- gnutls_strerror (certstat)); |
||||||
|
+ gnutls_strerror (status)); |
||||||
|
mutt_sleep (2); |
||||||
|
return 0; |
||||||
|
} |
||||||
|
@@ -974,7 +975,7 @@ static gnutls_certificate_status tls_ver |
||||||
|
return 0; |
||||||
|
} |
||||||
|
|
||||||
|
- return certstat; |
||||||
|
+ return status; |
||||||
|
} |
||||||
|
|
||||||
|
static int tls_check_certificate (CONNECTION* conn) |
@ -0,0 +1,12 @@ |
|||||||
|
diff -up mutt-1.5.21/sendlib.c.writehead mutt-1.5.21/sendlib.c |
||||||
|
--- mutt-1.5.21/sendlib.c.writehead 2012-06-25 14:41:34.681483226 +0200 |
||||||
|
+++ mutt-1.5.21/sendlib.c 2012-06-25 14:41:44.485408610 +0200 |
||||||
|
@@ -1799,7 +1799,7 @@ static int write_one_header (FILE *fp, i |
||||||
|
else |
||||||
|
{ |
||||||
|
t = strchr (start, ':'); |
||||||
|
- if (t > end) |
||||||
|
+ if (t == NULL || t > end) |
||||||
|
{ |
||||||
|
dprint (1, (debugfile, "mwoh: warning: header not in " |
||||||
|
"'key: value' format!\n")); |
Loading…
Reference in new issue