ChangeLog.neomutt | 499 499 + 0 - 0 !
ChangeLog.nntp | 416 416 + 0 - 0 !
INSTALL | 2 1 + 1 - 0 !
LICENSE.md | 194 95 + 99 - 0 !
Makefile.am | 86 51 + 35 - 0 !
OPS | 34 30 + 4 - 0 !
OPS.NOTMUCH | 5 5 + 0 - 0 !
OPS.SIDEBAR | 1 1 + 0 - 0 !
PATCHES | 30 30 + 0 - 0 !
README.SSL | 18 15 + 3 - 0 !
README.neomutt | 110 110 + 0 - 0 !
README.notmuch | 411 411 + 0 - 0 !
UPDATING.kz | 68 68 + 0 - 0 !
VERSION | 1 0 + 1 - 0 !
account.c | 28 28 + 0 - 0 !
account.h | 3 2 + 1 - 0 !
alias.c | 9 6 + 3 - 0 !
attach.c | 18 14 + 4 - 0 !
attach.h | 2 1 + 1 - 0 !
base64.c | 34 29 + 5 - 0 !
browser.c | 918 856 + 62 - 0 !
browser.h | 7 7 + 0 - 0 !
buffy.c | 278 230 + 48 - 0 !
buffy.h | 6 6 + 0 - 0 !
color.c | 237 181 + 56 - 0 !
commands.c | 82 71 + 11 - 0 !
complete.c | 64 64 + 0 - 0 !
compose.c | 207 197 + 10 - 0 !
compress.c | 961 961 + 0 - 0 !
compress.h | 30 30 + 0 - 0 !
configure.ac | 1847 1014 + 833 - 0 !
contrib/Makefile.am | 20 18 + 2 - 0 !
contrib/keybase/LICENSE | 24 24 + 0 - 0 !
contrib/keybase/README.md | 45 45 + 0 - 0 !
contrib/keybase/attachmentView.png | 957 957 + 0 - 0 !
contrib/keybase/decrypt.sh | 2 2 + 0 - 0 !
contrib/keybase/install.sh | 59 59 + 0 - 0 !
contrib/keybase/keybase.py | 60 60 + 0 - 0 !
contrib/keybase/muttrc | 2 2 + 0 - 0 !
contrib/keybase/pagerMode.png | 854 854 + 0 - 0 !
contrib/keybase/pgpdecrypt.sh | 2 2 + 0 - 0 !
contrib/keybase/pgpverify.sh | 2 2 + 0 - 0 !
contrib/keybase/verify.sh | 2 2 + 0 - 0 !
contrib/vim-keys/README.md | 13 13 + 0 - 0 !
contrib/vim-keys/vim-keys.rc | 35 35 + 0 - 0 !
copy.c | 112 106 + 6 - 0 !
copy.h | 2 2 + 0 - 0 !
crypt-gpgme.c | 211 108 + 103 - 0 !
crypt.c | 42 32 + 10 - 0 !
curs_lib.c | 132 116 + 16 - 0 !
curs_main.c | 1085 946 + 139 - 0 !
date.c | 5 3 + 2 - 0 !
doc/Makefile.am | 58 43 + 15 - 0 !
doc/Muttrc.head | 5 5 + 0 - 0 !
doc/gen-map-doc | 3 2 + 1 - 0 !
doc/makedoc-defs.h | 7 5 + 2 - 0 !
doc/makedoc.c | 25 16 + 9 - 0 !
doc/manual.xml.head | 6289 5902 + 387 - 0 !
doc/mutt-1.7.0-syntax.vim | 781 781 + 0 - 0 !
doc/mutt.css | 17 12 + 5 - 0 !
doc/mutt.man | 8 6 + 2 - 0 !
doc/muttbug.man | 200 0 + 200 - 0 !
doc/muttrc.attach-headers-color | 26 26 + 0 - 0 !
doc/muttrc.compose-to-sender | 10 10 + 0 - 0 !
doc/muttrc.compress | 38 38 + 0 - 0 !
doc/muttrc.cond-date | 16 16 + 0 - 0 !
doc/muttrc.encrypt-to-self | 13 13 + 0 - 0 !
doc/muttrc.forgotten-attachment | 30 30 + 0 - 0 !
doc/muttrc.ifdef | 32 32 + 0 - 0 !
doc/muttrc.index-color | 37 37 + 0 - 0 !
doc/muttrc.initials | 27 27 + 0 - 0 !
doc/muttrc.keywords | 23 23 + 0 - 0 !
doc/muttrc.limit-current-thread | 6 6 + 0 - 0 !
doc/muttrc.man.head | 31 30 + 1 - 0 !
doc/muttrc.nested-if | 24 24 + 0 - 0 !
doc/muttrc.new-mail | 18 18 + 0 - 0 !
doc/muttrc.nntp | 94 94 + 0 - 0 !
doc/muttrc.notmuch | 114 114 + 0 - 0 !
doc/muttrc.progress | 10 10 + 0 - 0 !
doc/muttrc.quasi-delete | 7 7 + 0 - 0 !
doc/muttrc.reply-with-xorig | 11 11 + 0 - 0 !
doc/muttrc.sidebar | 122 122 + 0 - 0 !
doc/muttrc.skip-quoted | 10 10 + 0 - 0 !
doc/muttrc.status-color | 49 49 + 0 - 0 !
doc/muttrc.timeout | 10 10 + 0 - 0 !
doc/vimrc.attach-headers-color | 4 4 + 0 - 0 !
doc/vimrc.compose-to-sender | 4 4 + 0 - 0 !
doc/vimrc.compress | 6 6 + 0 - 0 !
doc/vimrc.encrypt-to-self | 5 5 + 0 - 0 !
doc/vimrc.forgotten-attachment | 6 6 + 0 - 0 !
doc/vimrc.ifdef | 6 6 + 0 - 0 !
doc/vimrc.index-color | 12 12 + 0 - 0 !
doc/vimrc.keywords | 9 9 + 0 - 0 !
doc/vimrc.misc | 6 6 + 0 - 0 !
doc/vimrc.new-mail | 4 4 + 0 - 0 !
doc/vimrc.nntp | 49 49 + 0 - 0 !
doc/vimrc.notmuch | 27 27 + 0 - 0 !
doc/vimrc.progress | 4 4 + 0 - 0 !
doc/vimrc.quasi-delete | 4 4 + 0 - 0 !
doc/vimrc.reply-with-xorig | 4 4 + 0 - 0 !
doc/vimrc.sidebar | 33 33 + 0 - 0 !
doc/vimrc.timeout | 4 4 + 0 - 0 !
dotlock.c | 26 13 + 13 - 0 !
edit.c | 3 3 + 0 - 0 !
enter.c | 70 64 + 6 - 0 !
flags.c | 6 5 + 1 - 0 !
functions.h | 108 99 + 9 - 0 !
globals.h | 58 49 + 9 - 0 !
handler.c | 33 32 + 1 - 0 !
hash.c | 68 68 + 0 - 0 !
hash.h | 11 10 + 1 - 0 !
hcache-backend.h | 132 132 + 0 - 0 !
hcache-bdb.c | 205 205 + 0 - 0 !
hcache-gdbm.c | 120 120 + 0 - 0 !
hcache-kc.c | 126 126 + 0 - 0 !
hcache-lmdb.c | 282 282 + 0 - 0 !
hcache-qdbm.c | 94 94 + 0 - 0 !
hcache-tc.c | 111 111 + 0 - 0 !
hcache.c | 727 211 + 516 - 0 !
hcache.h | 151 131 + 20 - 0 !
hdrline.c | 675 576 + 99 - 0 !
headers.c | 281 281 + 0 - 0 !
hook.c | 103 92 + 11 - 0 !
imap/auth.c | 2 1 + 1 - 0 !
imap/auth_cram.c | 3 1 + 2 - 0 !
imap/auth_gss.c | 8 4 + 4 - 0 !
imap/browse.c | 12 0 + 12 - 0 !
imap/command.c | 5 4 + 1 - 0 !
imap/imap.c | 43 27 + 16 - 0 !
imap/imap.h | 3 3 + 0 - 0 !
imap/message.c | 30 16 + 14 - 0 !
imap/util.c | 122 112 + 10 - 0 !
init.c | 894 809 + 85 - 0 !
init.h | 639 587 + 52 - 0 !
keymap.c | 19 11 + 8 - 0 !
lib.c | 58 58 + 0 - 0 !
lib.h | 9 8 + 1 - 0 !
mailbox.h | 4 4 + 0 - 0 !
main.c | 492 81 + 411 - 0 !
mbox.c | 23 22 + 1 - 0 !
mbyte.c | 7 4 + 3 - 0 !
menu.c | 90 83 + 7 - 0 !
mh.c | 312 204 + 108 - 0 !
mutt.h | 125 121 + 4 - 0 !
mutt_curses.h | 39 28 + 11 - 0 !
mutt_menu.h | 3 3 + 0 - 0 !
mutt_notmuch.c | 2086 2086 + 0 - 0 !
mutt_notmuch.h | 40 40 + 0 - 0 !
mutt_sasl.c | 5 5 + 0 - 0 !
mutt_socket.c | 16 15 + 1 - 0 !
mutt_ssl.c | 316 140 + 176 - 0 !
mutt_ssl_gnutls.c | 14 8 + 6 - 0 !
mutt_tunnel.c | 16 13 + 3 - 0 !
muttbug | 3 0 + 3 - 0 !
muttbug.sh.in | 332 0 + 332 - 0 !
muttlib.c | 321 302 + 19 - 0 !
mx.c | 192 128 + 64 - 0 !
mx.h | 29 26 + 3 - 0 !
newsrc.c | 1270 1270 + 0 - 0 !
nntp.c | 2454 2454 + 0 - 0 !
nntp.h | 170 170 + 0 - 0 !
pager.c | 348 310 + 38 - 0 !
pager.h | 1 1 + 0 - 0 !
parse.c | 131 121 + 10 - 0 !
patchlist.sh | 2 1 + 1 - 0 !
pattern.c | 169 164 + 5 - 0 !
pgp.c | 49 38 + 11 - 0 !
pgpkey.c | 11 5 + 6 - 0 !
po/Makefile.in.in | 11 4 + 7 - 0 !
po/POTFILES.in | 10 8 + 2 - 0 !
po/bg.po | 5591 2950 + 2641 - 0 !
po/ca.po | 3365 1996 + 1369 - 0 !
po/cs.po | 3605 1972 + 1633 - 0 !
po/da.po | 3344 1979 + 1365 - 0 !
po/de.po | 4556 2491 + 2065 - 0 !
po/el.po | 6564 2943 + 3621 - 0 !
po/en_GB.po | 5909 5909 + 0 - 0 !
po/eo.po | 3430 1972 + 1458 - 0 !
po/es.po | 4691 2526 + 2165 - 0 !
po/et.po | 4485 2426 + 2059 - 0 !
po/eu.po | 3339 1934 + 1405 - 0 !
po/fr.po | 3370 1989 + 1381 - 0 !
po/ga.po | 5285 2830 + 2455 - 0 !
po/gl.po | 4769 2464 + 2305 - 0 !
po/hu.po | 5424 2880 + 2544 - 0 !
po/id.po | 3363 1903 + 1460 - 0 !
po/it.po | 3435 1904 + 1531 - 0 !
po/ja.po | 5520 3029 + 2491 - 0 !
po/ko.po | 5448 2918 + 2530 - 0 !
po/lt.po | 5066 2696 + 2370 - 0 !
po/nl.po | 3571 1970 + 1601 - 0 !
po/pl.po | 5009 2758 + 2251 - 0 !
po/pt_BR.po | 4734 2425 + 2309 - 0 !
po/ru.po | 3375 1989 + 1386 - 0 !
po/sk.po | 5723 2892 + 2831 - 0 !
po/sv.po | 3362 1938 + 1424 - 0 !
po/tr.po | 3441 1947 + 1494 - 0 !
po/uk.po | 3242 1935 + 1307 - 0 !
po/zh_CN.po | 3731 1935 + 1796 - 0 !
po/zh_TW.po | 3611 1884 + 1727 - 0 !
pop.c | 18 10 + 8 - 0 !
pop.h | 1 0 + 1 - 0 !
pop_auth.c | 14 13 + 1 - 0 !
pop_lib.c | 5 3 + 2 - 0 !
postpone.c | 34 27 + 7 - 0 !
protos.h | 60 45 + 15 - 0 !
recvattach.c | 56 54 + 2 - 0 !
recvcmd.c | 65 42 + 23 - 0 !
regex.c | 2 2 + 0 - 0 !
rfc822.c | 2 1 + 1 - 0 !
send.c | 311 272 + 39 - 0 !
sendlib.c | 204 177 + 27 - 0 !
sidebar.c | 284 232 + 52 - 0 !
sidebar.h | 3 2 + 1 - 0 !
smime.c | 15 10 + 5 - 0 !
smtp.c | 2 1 + 1 - 0 !
sort.c | 60 60 + 0 - 0 !
sort.h | 18 15 + 3 - 0 !
status.c | 37 27 + 10 - 0 !
system.c | 11 8 + 3 - 0 !
thread.c | 36 25 + 11 - 0 !
url.c | 50 42 + 8 - 0 !
url.h | 6 6 + 0 - 0 !
version.c | 535 535 + 0 - 0 !
version.h | 26 26 + 0 - 0 !
version.sh | 68 0 + 68 - 0 !
226 files changed, 103756 insertions(+), 61463 deletions(-)

---

copy.c | 3 1 + 2 - 0 !
1 file changed, 1 insertion(+), 2 deletions(-)

---

doc/Muttrc.head | 39 37 + 2 - 0 !
1 file changed, 37 insertions(+), 2 deletions(-)

 muttrc

 * 2009-01-15 myon: refreshed for mutt-1.5.19; drop our list of ignored headers
   in favor of upstream's new unignore list

Signed-off-by: Matteo F. Vescovi <mfvescovi@gmail.com>

init.c | 32 30 + 2 - 0 !
1 file changed, 30 insertions(+), 2 deletions(-)

 md.etc_mailname_gethostbyname

If /etc/mailname is present, the hostname inside the file will be
used, rather than calling gethostbyname() on the actual hostname.

init.c | 2 1 + 1 - 0 !
init.h | 2 1 + 1 - 0 !
2 files changed, 2 insertions(+), 2 deletions(-)

 use_usr_bin_editor

Even if EDITOR is not set, mutt will always use /usr/bin/editor
(which is set by update-alternatives), rather than falling back
to vi.

doc/mutt.man | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 correct_docdir_in_man_page

Fix the link so it points to the correct docdir
and gzipped manual.

functions.h | 2 1 + 1 - 0 !
init.h | 2 1 + 1 - 0 !
2 files changed, 2 insertions(+), 2 deletions(-)

 dont_document_not_present_features

As the patch says, this will add an include so only
documented options for Debian will be used.

init.h | 19 19 + 0 - 0 !
1 file changed, 19 insertions(+)

 document_debian_defaults

Some customization of the option which are straying
from the default only on Debian systems.

headers.c | 2 1 + 1 - 0 !
init.h | 11 3 + 8 - 0 !
main.c | 2 1 + 1 - 0 !
protos.h | 2 1 + 1 - 0 !
send.c | 4 2 + 2 - 0 !
sendlib.c | 6 3 + 3 - 0 !
6 files changed, 11 insertions(+), 16 deletions(-)

 467432-write_bcc
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit

The purpose of this patch is to alter the behavior of the write_bcc option
because exim4, the default SMTP in Debian, does not strip the Bcc headers; by
default write_bcc is set so this could cause a privacy leak.

The behavior that this patch introduces is: never write the Bcc header when the
message is sent, otherwise, if the message is sent to Fcc, then this optin
will be evaluated and the Bcc header will be written based on that.

Background discussion on this is in the following bugs:
http://bugs.debian.org/304718
http://bugs.debian.org/467432

This patch is a slightly modified version of the patch provided by
Stefan Vlkel <stefan@bc-bd.org> in the second bug.

doc/Makefile.am | 8 3 + 5 - 0 !
1 file changed, 3 insertions(+), 5 deletions(-)

 566076-build_doc_adjustments

Use w3m to build the txt manual.

contrib/gpg.rc | 26 18 + 8 - 0 !
1 file changed, 18 insertions(+), 8 deletions(-)

---

contrib/gpg.rc | 11 2 + 9 - 0 !
1 file changed, 2 insertions(+), 9 deletions(-)

 gpg.rc-paths

Use the correct path of pgpewrap.

contrib/smime.rc | 21 11 + 10 - 0 !
1 file changed, 11 insertions(+), 10 deletions(-)

 smime.rc

Add CA's provided by ca-certificates to the ones
distributed by the default installation of Mutt.

Signed-off-by: Matteo F. Vescovi <mfv@debian.org>

attach.c | 5 5 + 0 - 0 !
1 file changed, 5 insertions(+)

 528233-readonly-open

Open attachments as read-only so the editor won't be able to modify it;
otherwise the user can believe that he/she can edit it and risk to lose
his/her work (see upstream bug http://bugs.mutt.org/3261)

Debian bugs: #528233, updated in #572203

imap/message.c | 12 9 + 3 - 0 !
1 file changed, 9 insertions(+), 3 deletions(-)

 228671-pipe-mime

Don't draw imap fetch progress if we aren't in visual mode.
Drawing progress leaves terminal in confusing state when
piping a message from pager to less(1).
See http://bugs.mutt.org/1771

Updated in Debian bug #569279

score.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 383769-score-match

Better matching for ~f, same as mutt-ng did.
(see upstream http://bugs.mutt.org/2179)

lib.c | 3 3 + 0 - 0 !
1 file changed, 3 insertions(+)

 771125-cve-2014-9116-jessie

This patch solves the issue raised by CVE-2014-9116 in bug 771125.

We correctly redefine what are the whitespace characters as per RFC5322; by
doing so we prevent mutt_substrdup from being used in a way that could lead to
a segfault.

The lib.c part was written by Antonio Radici <antonio@debian.org> to prevent
crashes due to this kind of bugs from happening again.

init.h | 4 3 + 1 - 0 !
muttlib.c | 3 3 + 0 - 0 !
2 files changed, 6 insertions(+), 1 deletion(-)

---

init.h | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

---

txt2c.sh | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---

mutt_socket.c | 12 11 + 1 - 0 !
url.c | 14 12 + 2 - 0 !
2 files changed, 23 insertions(+), 3 deletions(-)

---

imap/command.c | 5 3 + 2 - 0 !
imap/imap.c | 7 5 + 2 - 0 !
imap/imap_private.h | 3 2 + 1 - 0 !
imap/util.c | 25 20 + 5 - 0 !
4 files changed, 30 insertions(+), 10 deletions(-)

 [patch] properly quote imap mailbox names when (un)subscribing.

When handling automatic subscription (via $imap_check_subscribed), or
manual subscribe/unsubscribe commands, mutt generating a "mailboxes"
command but failed to properly escape backquotes.

Thanks to Jeriko One for the detailed bug report and patch, which this
commit is based upon.

imap/util.c | 19 14 + 5 - 0 !
1 file changed, 14 insertions(+), 5 deletions(-)

 [patch] fix imap_quote_string() length check errors.

The function wasn't properly checking for dlen<2 before quoting, and
wasn't properly pre-adjusting dlen to include the initial quote.

Thanks to Jeriko One for reporting these issues.

pop.c | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

 [patch] ensure uid in fetch_uidl.

pop.c | 31 25 + 6 - 0 !
1 file changed, 25 insertions(+), 6 deletions(-)

 [patch] sanitize pop bcache paths.

Protect against bcache directory path traversal for UID values.

Thanks for Jeriko One for the bug report and patch, which this commit
is based upon.

imap/util.c | 7 7 + 0 - 0 !
1 file changed, 7 insertions(+)

 [patch] selectively cache headers.

Thanks to NeoMutt and Jeriko One for the patch, which was slightly
modified to apply to the Mutt code.

imap/message.c | 13 11 + 2 - 0 !
1 file changed, 11 insertions(+), 2 deletions(-)

 [patch] don't overflow tmp in msg_parse_fetch.

Ensure INTERNALDATE and RFC822.SIZE field sizes fit temp buffer.

Thanks to Jeriko One for the bug report and patch, which this patch is
based upon.

imap/command.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch] handle no response without message properly

imap/command.c | 7 7 + 0 - 0 !
1 file changed, 7 insertions(+)

 [patch] verify imap status mailbox literal count size.

Ensure the length isn't bigger than the idata->buf.

Thanks to Jeriko One fo the bug report and patch, which this commit is
based upon.

base64.c | 8 7 + 1 - 0 !
imap/auth_cram.c | 2 1 + 1 - 0 !
imap/auth_gss.c | 4 2 + 2 - 0 !
protos.h | 2 1 + 1 - 0 !
4 files changed, 11 insertions(+), 5 deletions(-)

 [patch] check outbuf length in mutt_from_base64()

The obuf can be overflowed in auth_cram.c, and possibly auth_gss.c.

Thanks to Jeriko One for the bug report.

newsrc.c | 9 6 + 3 - 0 !
1 file changed, 6 insertions(+), 3 deletions(-)

 [patch] set length modifiers for group and desc

nntp_add_group parses a line controlled by the connected nntp server.
Restrict the maximum lengths read into the stack buffers group, and
desc.

nntp.c | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 [patch] add alloc fail check in nntp_fetch_headers

newsrc.c | 13 12 + 1 - 0 !
1 file changed, 12 insertions(+), 1 deletion(-)

 [patch] sanitise cache paths

Co-authored-by: JerikoOne <jeriko.one@gmx.us>

imap/imap.c | 16 16 + 0 - 0 !
1 file changed, 16 insertions(+)

---

mutt_socket.c | 30 30 + 0 - 0 !
mutt_socket.h | 2 2 + 0 - 0 !
mutt_ssl.c | 12 12 + 0 - 0 !
mutt_ssl_gnutls.c | 12 12 + 0 - 0 !
4 files changed, 56 insertions(+)

 [patch] fix starttls response injection attack.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Thanks again to Damian Poddebniak and Fabian Ising from the Mnster
University of Applied Sciences for reporting this issue.  Their
summary in ticket 248 states the issue clearly:

  We found another STARTTLS-related issue in Mutt. Unfortunately, it
  affects SMTP, POP3 and IMAP.

  When the server responds with its "let's do TLS now message", e.g. A
  OK begin TLS\r\n in IMAP or +OK begin TLS\r\n in POP3, Mutt will
  also read any data after the \r\n and save it into some internal
  buffer for later processing. This is problematic, because a MITM
  attacker can inject arbitrary responses.

  There is a nice blogpost by Wietse Venema about a "command
  injection" in postfix (http://www.postfix.org/CVE-2011-0411.html).
  What we have here is the problem in reverse, i.e. not a command
  injection, but a "response injection."

This commit fixes the issue by clearing the CONNECTION input buffer in
mutt_ssl_starttls().

To make backporting this fix easier, the new functions only clear the
top-level CONNECTION buffer; they don't handle nested buffering in
mutt_zstrm.c or mutt_sasl.c.  However both of those wrap the
connection *after* STARTTLS, so this is currently okay.  mutt_tunnel.c
occurs before connecting, but it does not perform any nesting.