1. 13 Mar, 2019 12 commits
  2. 11 Mar, 2019 2 commits
  3. 10 Mar, 2019 3 commits
  4. 09 Mar, 2019 2 commits
  5. 08 Mar, 2019 2 commits
  6. 05 Mar, 2019 1 commit
    • Kevin J. McCarthy's avatar
      Use gpgme recipient strings for encryption when available. · 2366e3d6
      Kevin J. McCarthy authored
      For gpgme >= 1.11.0, use gpgme_op_encrypt_ext() and
      gpgme_op_encrypt_sign_ext() to specify recipients as a string.
      This allows '!' to specify forcing a subkey, as is the case in classic
      gpg and from the command line.
      Remove the '!' "force valid" usage for the newer version.
  7. 04 Mar, 2019 1 commit
    • Kevin J. McCarthy's avatar
      Add $include_encrypted config to prevent reply-decryption attack. · 67bdfa31
      Kevin J. McCarthy authored
      @jensvoid, in cooperation with Ruhr-Uni Bochum and FH Münster,
      Germany, reported a possible "Oracle decryption" attack on various
      mail clients.  An attacker could include previously encrypted contents
      they obtained access to, and include it in a message.  Replying
      without trimming would include the decrypted contents.
      This attack relies on several "ifs", and is more dangerous for clients
      that compose HTML mail.  However, it is still an issue that an
      unwary/busy Mutt user could fall for.
      Add a new config $include_encrytped, defaulting off, to reduce the
      possibility of the user being unaware of previously encrypted parts in
      the reply.  Only the main initial encrypted part will be included in
      the reply.
  8. 23 Feb, 2019 1 commit
  9. 21 Feb, 2019 1 commit
    • Andrey Skvortsov's avatar
      Fix truncation of long filenames in attachments. · f476d0ae
      Andrey Skvortsov authored
      Currently mutt truncates long filenames in attachments and doesn't
      take into account UTF-8 character size. If filename is truncated in
      the middle of multi-byte UTF-8 character (last character is bad),
      then some mail clients assume whole attachment name bad and don't
      display its name (use 'Noname' instead).
      Filenames can be up to 255 *characters* long depending on used
      filesystem. ReiserFS, NFTS, FAT, APFS and some other supports up to
      255 characters.
      In the worst case 255 characters in UTF-8 will take 255*4 = 1020
      bytes. Every non-ascii byte in the filename will be encoded using 3
      bytes (for example, %8D).
      So 'Content-Disposition' will take in the worst case up to: 1020*3 =
      3060 bytes. Therefore even LONG_STRING (1024) isn't enough.
  10. 13 Feb, 2019 4 commits
  11. 07 Feb, 2019 1 commit
  12. 06 Feb, 2019 3 commits
    • Kevin J. McCarthy's avatar
      Create <group-chat-reply> function. · d97bbddf
      Kevin J. McCarthy authored
      This function differs from <group-reply> only in that it preserves To
      recipients in the original email as To recipients in the reply.
      The merits of this function aren't without controversy; therefore it
      is left unbound by default.  Those who care about such things are free
      to bind it.
      Combine reply operation handlers in the pager and curs_main, since the
      code was the same with the exception of the flags used.
    • Vincent Lefevre's avatar
      Updated French translation. · d79cb6b7
      Vincent Lefevre authored
    • Vincent Lefevre's avatar
      corrected typo from dad0eb25 · f03088ea
      Vincent Lefevre authored
  13. 02 Feb, 2019 2 commits
  14. 01 Feb, 2019 4 commits
  15. 25 Jan, 2019 1 commit