Commit ed9d7727 authored by Kevin J. McCarthy's avatar Kevin J. McCarthy

automatic post-release commit for mutt-1.10.1

parent 3d9028fe
Pipeline #25863948 passed with stage
in 12 minutes and 48 seconds
2018-07-13 14:25:28 -0700 Kevin McCarthy <[email protected]> (3d9028fe)
* Check outbuf length in mutt_from_base64()
The obuf can be overflowed in auth_cram.c, and possibly auth_gss.c.
Thanks to Jeriko One for the bug report.
M base64.c
M imap/auth_cram.c
M imap/auth_gss.c
M protos.h
2018-07-13 13:05:22 -0700 Kevin McCarthy <[email protected]> (6962328c)
* Check destlen and truncate in url_pct_encode().
Thanks to Jeriko One for the patch, which this commit is based upon.
M url.c
2018-07-13 12:35:50 -0700 Kevin McCarthy <[email protected]> (e57a8602)
* Verify IMAP status mailbox literal count size.
Ensure the length isn't bigger than the idata->buf.
Thanks to Jeriko One fo the bug report and patch, which this commit is
based upon.
M imap/command.c
2018-07-13 12:24:58 -0700 JerikoOne <[email protected]> (9347b5c0)
* Handle NO response without message properly
M imap/command.c
2018-07-13 12:15:00 -0700 Kevin McCarthy <[email protected]> (3287534d)
* Don't overflow tmp in msg_parse_fetch.
Ensure INTERNALDATE and RFC822.SIZE field sizes fit temp buffer.
Thanks to Jeriko One for the bug report and patch, which this patch is
based upon.
M imap/message.c
2018-07-13 11:33:16 -0700 Richard Russon <[email protected]> (31eef6c7)
* Selectively cache headers.
Thanks to NeoMutt and Jeriko One for the patch, which was slightly
modified to apply to the Mutt code.
M imap/util.c
2018-07-13 11:16:33 -0700 Kevin McCarthy <[email protected]> (6aed28b4)
* Sanitize POP bcache paths.
Protect against bcache directory path traversal for UID values.
Thanks for Jeriko One for the bug report and patch, which this commit
is based upon.
M pop.c
2018-07-13 10:47:11 -0700 JerikoOne <[email protected]> (e154cba1)
* Ensure UID in fetch_uidl.
M pop.c
2018-07-12 21:41:17 -0700 Kevin McCarthy <[email protected]> (4d0cd265)
* Fix buffer size check in cmd_parse_lsub.
The size parameter to url_ciss_tostring() was off by one.
M imap/command.c
2018-07-12 20:46:37 -0700 Kevin McCarthy <[email protected]> (e0131852)
* Fix imap_quote_string() length check errors.
The function wasn't properly checking for dlen<2 before quoting, and
wasn't properly pre-adjusting dlen to include the initial quote.
Thanks to Jeriko One for reporting these issues.
M imap/util.c
2018-07-07 19:32:57 -0700 Kevin McCarthy <[email protected]> (4ff007ca)
* Mention $pgp_decode_command for $pgp_check_gpg_decrypt_status_fd
It scans $pgp_decode_command for inline and application/pgp mime
M init.h
2018-07-07 19:03:44 -0700 Kevin McCarthy <[email protected]> (18515281)
* Properly quote IMAP mailbox names when (un)subscribing.
When handling automatic subscription (via $imap_check_subscribed), or
manual subscribe/unsubscribe commands, mutt generating a "mailboxes"
command but failed to properly escape backquotes.
Thanks to Jeriko One for the detailed bug report and patch, which this
commit is based upon.
M imap/command.c
M imap/imap.c
M imap/imap_private.h
M imap/util.c
2018-06-18 11:21:38 +0200 Philipp Gesang <[email protected]> (df4affd1)
* crypt-gpgme: prevent crash on bad S/MIME signature
Inform the user about the fingerprint being unavailable instead
of crashing if the S/MIME signature is bad.
M crypt-gpgme.c
2018-06-04 21:31:33 -0700 Kevin McCarthy <[email protected]> (edb4ec84)
* Add GnuPG status fd checks for inline pgp.
The difficulty is that "BEGIN PGP MESSAGE" could be a signed and
armored part, so we can't fail hard if it isn't encrypted.
Change pgp_check_decryption_okay() to return more status codes, with
>=0 indicating an actual decryption; -2 and -1 indicating plaintext
found; and -3 indicating an actual DECRYPTION_FAILED status code seen.
Fail hard on -3, but change the message for -2 and -1 to indicate the
message was not encrypted.
M pgp.c
2018-06-04 15:40:57 -0700 Kevin McCarthy <[email protected]> (8ec6d766)
* Add $pgp_check_gpg_decrypt_status_fd.
If set (the default) mutt performs more thorough checking of the
$pgp_decrypt_command status output for GnuPG result codes.
Ticket #39 revealed that GnuPG (currently) does not protect against
messages that have been manipulated to contain an empty encryption
packet followed by a plaintext packet.
A huge thanks to Marcus Brinkmann for researching this issue, taking
the time to report it to us (and the GnuPG team), and taking even more
time to clarify exactly what needed to be checked for.  
M contrib/gpg.rc
M contrib/pgp2.rc
M contrib/pgp5.rc
M contrib/pgp6.rc
M init.h
M mutt.h
M pgp.c
2018-06-03 14:52:37 -0700 Kevin McCarthy <[email protected]> (cb2329ae)
* Revert showing real size for small files in mutt_pretty_size().
I thought the change made in 0fa64ba9 was small enough not to matter,
but at least one long-time user took the time to track down the change
and request it be reverted.
M muttlib.c
2018-06-03 14:40:31 -0700 Kevin McCarthy <[email protected]> (33290d12)
* Switch build scripts to use `` instead of $()
This is for older systems running Bourne shell as /bin/sh.
2013-01-06 19:24:18 +0100 Oswald Buddenhagen <[email protected]> (ec96f5f5)
* fix inappropriate use of FREE() in ssl init error path
OpenSSL structures need to be freed with dedicated functions.
M mutt_ssl.c
2018-05-19 10:57:10 -0700 Kevin McCarthy <[email protected]> (d55950a8)
* automatic post-release commit for mutt-1.10.0
M ChangeLog
M po/bg.po
M po/ca.po
M po/cs.po
M po/da.po
M po/de.po
M po/el.po
M po/eo.po
M po/es.po
M po/et.po
M po/eu.po
M po/fr.po
M po/ga.po
M po/gl.po
M po/hu.po
M po/id.po
M po/it.po
M po/ja.po
M po/ko.po
M po/lt.po
M po/nl.po
M po/pl.po
M po/pt_BR.po
M po/ru.po
M po/sk.po
M po/sv.po
M po/tr.po
M po/uk.po
M po/zh_CN.po
M po/zh_TW.po
2018-05-17 12:24:31 -0700 Ivan Vilata i Balaguer <[email protected]> (70c9c89b)
* Updated Catalan translation.
......@@ -8,6 +8,13 @@
The keys used are:
!: modified feature, -: deleted feature, +: new feature
1.10.1 (2018-07-16):
! Bug fix release.
+ $pgp_check_gpg_decrypt_status_fd, when set (the default), checks
GnuPG status fd output more thoroughly for spooofed encrypted
messages. Please see contrib/gpg.rc for suggested values.
1.10.0 (2018-05-19):
! $reply_self is now respected for group-reply, even with $metoo unset.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment