claws.git
4 years agoUse a hardcoded IV length in password encryption.
Andrej Kacian [Wed, 23 Mar 2016 16:13:43 +0000 (17:13 +0100)]
Use a hardcoded IV length in password encryption.

...since we can't count on having GnuTLS new enough to have
gnutls_cipher_get_iv_size().

4 years agoUse SHA-256 for master_passphrase_hash, since SHA-512 is too new.
Andrej Kacian [Wed, 23 Mar 2016 14:17:04 +0000 (15:17 +0100)]
Use SHA-256 for master_passphrase_hash, since SHA-512 is too new.

4 years agoMake gnutls password encryption the default if gnutls is available.
Andrej Kacian [Tue, 22 Mar 2016 12:23:41 +0000 (13:23 +0100)]
Make gnutls password encryption the default if gnutls is available.

4 years agoWrite passwordstore into file also after account passwords migration.
Andrej Kacian [Sat, 19 Mar 2016 21:28:23 +0000 (22:28 +0100)]
Write passwordstore into file also after account passwords migration.

4 years agoTreat storing empty password same as storing NULL password.
Andrej Kacian [Sat, 19 Mar 2016 20:07:41 +0000 (21:07 +0100)]
Treat storing empty password same as storing NULL password.

(That means delete the password. This simplifies handling
scenario where user had a password set, but wants to delete
it by leaving corresponding GtkEntry empty.)

4 years agoWrite passwordstore into file more often, not just at exit.
Andrej Kacian [Sat, 19 Mar 2016 19:50:04 +0000 (20:50 +0100)]
Write passwordstore into file more often, not just at exit.

4 years agoMake SpamReport plugin use the password store.
Andrej Kacian [Sat, 19 Mar 2016 19:44:21 +0000 (20:44 +0100)]
Make SpamReport plugin use the password store.

4 years agoRemoved a forgotten debug line.
Andrej Kacian [Sat, 19 Mar 2016 19:14:40 +0000 (20:14 +0100)]
Removed a forgotten debug line.

4 years agoDo not create password block when deleting a password from store.
Andrej Kacian [Sat, 19 Mar 2016 19:00:57 +0000 (20:00 +0100)]
Do not create password block when deleting a password from store.

4 years agoFix crash when unloading GData plugin when it's not configured.
Andrej Kacian [Sat, 19 Mar 2016 18:54:40 +0000 (19:54 +0100)]
Fix crash when unloading GData plugin when it's not configured.

4 years agoMake GData plugin use the password store.
Andrej Kacian [Sat, 19 Mar 2016 17:10:02 +0000 (18:10 +0100)]
Make GData plugin use the password store.

Untested, as I have no Google accounts to test with.

4 years agoUpdate manual regarding new show/hide menu shortcut.
Andrej Kacian [Sat, 19 Mar 2016 10:15:21 +0000 (11:15 +0100)]
Update manual regarding new show/hide menu shortcut.

4 years agoChange default show/hide shortcut to Ctrl+F12.
Andrej Kacian [Sat, 19 Mar 2016 10:09:18 +0000 (11:09 +0100)]
Change default show/hide shortcut to Ctrl+F12.

4 years agoUse account ID instead of name in passwordstorerc.
Andrej Kacian [Mon, 14 Mar 2016 19:46:59 +0000 (20:46 +0100)]
Use account ID instead of name in passwordstorerc.

4 years agoMigrate managesieve to passwordstore
Charles Lehner [Mon, 14 Mar 2016 04:55:49 +0000 (00:55 -0400)]
Migrate managesieve to passwordstore

4 years ago"Master password" is now called "master passphrase".
Andrej Kacian [Thu, 3 Mar 2016 10:17:41 +0000 (11:17 +0100)]
"Master password" is now called "master passphrase".

This is to help diferentiate between passwords coming from
accounts, plugins, etc., and the master passphrase used in
an AES encryption key for encrypting these passwords.

4 years agoMake POP3 use password store too.
Andrej Kacian [Wed, 2 Mar 2016 12:59:35 +0000 (13:59 +0100)]
Make POP3 use password store too.

4 years agoFix previous fix ;-)
Andrej Kacian [Wed, 2 Mar 2016 12:36:29 +0000 (13:36 +0100)]
Fix previous fix ;-)

4 years agoFix a Coverity warning caused by previous commits.
Andrej Kacian [Wed, 2 Mar 2016 06:35:25 +0000 (07:35 +0100)]
Fix a Coverity warning caused by previous commits.

4 years agoFix SMTP password use with password store.
Andrej Kacian [Tue, 1 Mar 2016 20:11:09 +0000 (21:11 +0100)]
Fix SMTP password use with password store.

4 years agoMake accounts use new password store for their passwords.
Andrej Kacian [Sun, 28 Feb 2016 22:42:56 +0000 (23:42 +0100)]
Make accounts use new password store for their passwords.

4 years agoImplement a password store.
Andrej Kacian [Thu, 18 Feb 2016 21:25:55 +0000 (22:25 +0100)]
Implement a password store.

4 years agoUpon master password change, ask for old password immediately.
Andrej Kacian [Tue, 1 Mar 2016 18:44:25 +0000 (19:44 +0100)]
Upon master password change, ask for old password immediately.

4 years agofix typos in function name
Paul [Thu, 25 Feb 2016 08:22:02 +0000 (08:22 +0000)]
fix typos in function name

4 years agoremove the whole unncessary if block, completing the last commit
Paul [Wed, 24 Feb 2016 20:19:08 +0000 (20:19 +0000)]
remove the whole unncessary if block, completing the last commit

4 years agoremove spurious single quotes in mailcap_get_command_in_file()
Paul [Wed, 24 Feb 2016 20:02:46 +0000 (20:02 +0000)]
remove spurious single quotes in mailcap_get_command_in_file()

4 years agoadd missing include
Paul [Wed, 24 Feb 2016 12:45:22 +0000 (12:45 +0000)]
add missing include

4 years agoAdd warning about missing LOGIN SASL plugin for IMAP.
Andrej Kacian [Sat, 20 Feb 2016 11:07:01 +0000 (12:07 +0100)]
Add warning about missing LOGIN SASL plugin for IMAP.

4 years agoprevent always selecting html part in multipart/alternative
Paul [Sat, 20 Feb 2016 10:10:21 +0000 (10:10 +0000)]
prevent always selecting html part in multipart/alternative

this bug was introduced in 4745b80528426498b9e4f61d0f1a812e94ce1a6e

4 years agoMade the gnutls password encryption work on Win32.
Andrej Kacian [Fri, 19 Feb 2016 23:27:47 +0000 (00:27 +0100)]
Made the gnutls password encryption work on Win32.

4 years agoRevert "Made the gnutls password encryption work on Win32."
Andrej Kacian [Fri, 19 Feb 2016 23:27:24 +0000 (00:27 +0100)]
Revert "Made the gnutls password encryption work on Win32."

This reverts commit 18ccbd586fec890cab70ce34c94c580d69fffdd0.
I committed more than I expected, files in po/ snuck in, sorry!

4 years agoMade the gnutls password encryption work on Win32.
Andrej Kacian [Fri, 19 Feb 2016 23:21:40 +0000 (00:21 +0100)]
Made the gnutls password encryption work on Win32.

4 years agoFix a compile error on Win32.
Andrej Kacian [Fri, 19 Feb 2016 22:18:28 +0000 (23:18 +0100)]
Fix a compile error on Win32.

4 years agoAdd scroll to SSL certificates list
Ricardo Mones [Fri, 19 Feb 2016 18:24:09 +0000 (19:24 +0100)]
Add scroll to SSL certificates list

Avoids window growing out of screen height when there's a large
amount of certificates on the list.

4 years agoFix leak on error and error reporting
Ricardo Mones [Fri, 19 Feb 2016 18:23:00 +0000 (19:23 +0100)]
Fix leak on error and error reporting

4 years agoFix a couple of typos
Ricardo Mones [Fri, 19 Feb 2016 18:21:50 +0000 (19:21 +0100)]
Fix a couple of typos

4 years agoFix bug #2604: Add support for -geometry
Ricardo Mones [Fri, 19 Feb 2016 18:15:12 +0000 (19:15 +0100)]
Fix bug #2604: Add support for -geometry

And document it too :-)

4 years agoFix bug #3578: Strings around MAILIMAP_ERROR…
Ricardo Mones [Fri, 19 Feb 2016 18:03:15 +0000 (19:03 +0100)]
Fix bug #3578: Strings around MAILIMAP_ERROR…

…could use some whitespace fixes. Patch by Andreas Rönnquist (thanks!).

4 years agoFix bug #3581: sys:1: Warning: Source ID # was…
Ricardo Mones [Fri, 19 Feb 2016 17:58:34 +0000 (18:58 +0100)]
Fix bug #3581: sys:1: Warning: Source ID # was…

…not found when attempting to remove it, and remove unused logic.

4 years agoFix bug #3028: Claws doesn't select html part if attachments present
Ricardo Mones [Fri, 19 Feb 2016 17:50:04 +0000 (18:50 +0100)]
Fix bug #3028: Claws doesn't select html part if attachments present

Make HTML part search recursive maintaining current functionality:
• display first HTML part
• promotion of calendar attachments (if vCalendar is available)
• not promoting HTML attachments

4 years agoImplement real LOGIN auth method for IMAP.
Andrej Kacian [Fri, 19 Feb 2016 16:52:50 +0000 (17:52 +0100)]
Implement real LOGIN auth method for IMAP.

The "old LOGIN" was in fact just a basic plaintext login method,
using: "LOGIN username password", not the SASL LOGIN method.

4 years agoEnable SASL PLAIN auth mechanism for IMAP accounts.
Andrej Kacian [Fri, 19 Feb 2016 16:13:08 +0000 (17:13 +0100)]
Enable SASL PLAIN auth mechanism for IMAP accounts.

4 years agoAdd a plugin method to allow updating stored passwords on master password change.
Colin Leroy [Thu, 11 Feb 2016 13:32:44 +0000 (14:32 +0100)]
Add a plugin method to allow updating stored passwords on master password change.
GData is still untested.

4 years agoActually encrypt passwords before storing them
Colin Leroy [Thu, 11 Feb 2016 11:11:48 +0000 (12:11 +0100)]
Actually encrypt passwords before storing them

4 years agoRequire new password API
Colin Leroy [Thu, 11 Feb 2016 10:42:34 +0000 (11:42 +0100)]
Require new password API

4 years agoSpamReport: use new password API
Colin Leroy [Thu, 11 Feb 2016 10:33:19 +0000 (11:33 +0100)]
SpamReport: use new password API

4 years agoGData: use new password API. Completely untested as I don't have the dependancies...
Colin Leroy [Thu, 11 Feb 2016 10:28:07 +0000 (11:28 +0100)]
GData: use new password API. Completely untested as I don't have the dependancies available to build!

4 years agoForgot to memset. We should add an helper function for this.
Colin Leroy [Thu, 11 Feb 2016 10:22:47 +0000 (11:22 +0100)]
Forgot to memset. We should add an helper function for this.

4 years agovCalendar: Use new password API
Colin Leroy [Thu, 11 Feb 2016 10:21:52 +0000 (11:21 +0100)]
vCalendar: Use new password API

4 years agoFix another g_log warning
Colin Leroy [Thu, 11 Feb 2016 09:33:10 +0000 (10:33 +0100)]
Fix another g_log warning

4 years agoFix indentation, sorry
Colin Leroy [Thu, 11 Feb 2016 09:27:36 +0000 (10:27 +0100)]
Fix indentation, sorry

4 years agoFix a leak and g_log() in case of null passwords
Colin Leroy [Thu, 11 Feb 2016 09:25:06 +0000 (10:25 +0100)]
Fix a leak and g_log() in case of null passwords

4 years agoFix two crashes in IMAP introduced by the passwords change.
Andrej Kacian [Wed, 10 Feb 2016 23:52:49 +0000 (00:52 +0100)]
Fix two crashes in IMAP introduced by the passwords change.

4 years agoFix inputdialog modality and focus issue.
Andrej Kacian [Wed, 10 Feb 2016 23:47:07 +0000 (00:47 +0100)]
Fix inputdialog modality and focus issue.

4 years agoAnother logic fix for handling master password change dialog.
Andrej Kacian [Wed, 10 Feb 2016 18:46:11 +0000 (19:46 +0100)]
Another logic fix for handling master password change dialog.

4 years agoFix a logic error in handling results of master password change dialog.
Andrej Kacian [Wed, 10 Feb 2016 17:31:25 +0000 (18:31 +0100)]
Fix a logic error in handling results of master password change dialog.

4 years agoFix a segfault caused by freeing a string on incorrect place.
Andrej Kacian [Wed, 10 Feb 2016 17:30:20 +0000 (18:30 +0100)]
Fix a segfault caused by freeing a string on incorrect place.

Closes bug #3616.

4 years agoAddendum to 503cb50 (Fix build with --with-password-encryption=old)
Andrej Kacian [Tue, 9 Feb 2016 15:29:31 +0000 (16:29 +0100)]
Addendum to 503cb50 (Fix build with --with-password-encryption=old)

4 years agoAdd help text and change text of second label
Michael Rasmussen [Mon, 8 Feb 2016 19:58:04 +0000 (20:58 +0100)]
Add help text and change text of second label

4 years agoImproved master password change dialog a bit.
Andrej Kacian [Mon, 8 Feb 2016 19:19:19 +0000 (20:19 +0100)]
Improved master password change dialog a bit.

4 years agoRevert "Fix a teensy weensy memory leak in Action configuration dialog."
Andrej Kacian [Mon, 8 Feb 2016 18:23:00 +0000 (19:23 +0100)]
Revert "Fix a teensy weensy memory leak in Action configuration dialog."

This reverts commit 2d1d24e2dce8a0a3704ff28e5d2cc878316d0d84.

4 years agoFix a teensy weensy memory leak in Action configuration dialog.
Andrej Kacian [Mon, 8 Feb 2016 18:19:07 +0000 (19:19 +0100)]
Fix a teensy weensy memory leak in Action configuration dialog.

4 years agoFix a possible use-after-free for ContactData pointers in new addressbook.
Andrej Kacian [Mon, 8 Feb 2016 18:18:35 +0000 (19:18 +0100)]
Fix a possible use-after-free for ContactData pointers in new addressbook.

4 years agoReal fix for #3598. We were zeroing out wrong pointer.
Andrej Kacian [Mon, 8 Feb 2016 17:26:26 +0000 (18:26 +0100)]
Real fix for #3598. We were zeroing out wrong pointer.

4 years agoMake procmime_mimeinfo_free_all() zero the passed pointer.
Andrej Kacian [Mon, 8 Feb 2016 17:26:49 +0000 (18:26 +0100)]
Make procmime_mimeinfo_free_all() zero the passed pointer.

The function's argument type changes from MimeInfo* to MimeInfo**,
so that we can zero out the pointer.

This closes bug #3610, reported by Hanno Boeck.

4 years agoFix build with --with-password-encryption=old
Andrej Kacian [Mon, 8 Feb 2016 11:40:23 +0000 (12:40 +0100)]
Fix build with --with-password-encryption=old

4 years agoAdded "Forget master password" mainwindow menu entry.
Andrej Kacian [Sun, 7 Feb 2016 19:07:03 +0000 (20:07 +0100)]
Added "Forget master password" mainwindow menu entry.

4 years agoForget entered master password before trying to change it.
Andrej Kacian [Sun, 7 Feb 2016 18:51:20 +0000 (19:51 +0100)]
Forget entered master password before trying to change it.

This makes sure the user always has to input current master
password before he is allowed to change it.

4 years agoFix segfault when account password is not saved…
Ricardo Mones [Sat, 6 Feb 2016 22:49:51 +0000 (23:49 +0100)]
Fix segfault when account password is not saved…

…in account preferences, introduced also in 54adfb4.
In this case acc_pass is NULL, so it must be checked
before trying to dereference it.

4 years agoFix a null pointer dereference introduced by 54adfb4.
Andrej Kacian [Fri, 5 Feb 2016 09:43:15 +0000 (10:43 +0100)]
Fix a null pointer dereference introduced by 54adfb4.

acc_pass is pointing to same address as pass, and we are inside
an if block that includes "!pass" condition, so trying to zero
and free acc_pass is a wrong thing to do.

4 years agoAdded password_encryption.txt to docs/src.
Andrej Kacian [Thu, 4 Feb 2016 21:02:35 +0000 (22:02 +0100)]
Added password_encryption.txt to docs/src.

4 years agoRewritten account passwords handling.
Andrej Kacian [Sat, 16 Jan 2016 21:13:53 +0000 (22:13 +0100)]
Rewritten account passwords handling.

Passwords are only decrypted before their actual use, not
while loading from accountrc.
Passwords are stored as "{algorithm}base64encodedciphertext",
encrypted using AES-CBC cipher, with PASSCRYPT_KEY used as
and encryption key.
Optionally, the encryption key, also known as "master password"
can be changed by user.

4 years agoRemoved simple-gettext.c, as it is not being used at all.
Andrej Kacian [Wed, 3 Feb 2016 10:50:43 +0000 (11:50 +0100)]
Removed simple-gettext.c, as it is not being used at all.

4 years agofix Compose account selection when imap folder is selected
Paul [Tue, 2 Feb 2016 13:06:03 +0000 (13:06 +0000)]
fix Compose account selection when imap folder is selected

don't just select the imap account, ignoring default account et al

4 years agoautomatically use external editor on fwd-as-attachment if option is set
Paul [Fri, 29 Jan 2016 13:33:25 +0000 (13:33 +0000)]
automatically use external editor on fwd-as-attachment if option is set

4 years agoRemove the outer scrollbar from header area.
Andrej Kacian [Thu, 28 Jan 2016 19:13:45 +0000 (20:13 +0100)]
Remove the outer scrollbar from header area.

This means the sender address line, with account
selector is always visible.

4 years agoFix superfluous semicolons from 543c7d3.
Andrej Kacian [Wed, 27 Jan 2016 17:16:15 +0000 (18:16 +0100)]
Fix superfluous semicolons from 543c7d3.

4 years agoRSSyl: Handle XHTML content correctly for Atom feeds.
Andrej Kacian [Wed, 27 Jan 2016 15:54:07 +0000 (16:54 +0100)]
RSSyl: Handle XHTML content correctly for Atom feeds.

Fixes bug #3603.

4 years agoFix unused variable warning
Colin Leroy [Sun, 24 Jan 2016 19:11:41 +0000 (20:11 +0100)]
Fix unused variable warning

4 years agoMH class now should not change working directory anymore.
Andrej Kacian [Sat, 23 Jan 2016 22:58:34 +0000 (23:58 +0100)]
MH class now should not change working directory anymore.

4 years agoZero out few forgotten pointers in procmsg_msginfo_free().
Andrej Kacian [Sat, 23 Jan 2016 19:41:25 +0000 (20:41 +0100)]
Zero out few forgotten pointers in procmsg_msginfo_free().

This is a follow-up to commit bfb1815.

4 years agoMake procmsg_msginfo_free() zero out pointers to freed memory.
Andrej Kacian [Sat, 23 Jan 2016 14:40:38 +0000 (15:40 +0100)]
Make procmsg_msginfo_free() zero out pointers to freed memory.

The function's argument type changes from MsgInfo* to MsgInfo**,
so that we can zero out the pointer.

This closes bug #3598, reported by Hanno Boeck.

4 years agoFix for fc42499 - really set correct rcdir on Win32.
Andrej Kacian [Thu, 21 Jan 2016 08:31:44 +0000 (09:31 +0100)]
Fix for fc42499 - really set correct rcdir on Win32.

4 years agoFix typo in handling feed name ending with a period on Win32.
Andrej Kacian [Tue, 19 Jan 2016 14:01:50 +0000 (15:01 +0100)]
Fix typo in handling feed name ending with a period on Win32.

4 years agofor release 3.13.2 3.13.2
Paul [Tue, 19 Jan 2016 11:00:58 +0000 (11:00 +0000)]
for release 3.13.2

4 years agomore removing of space before colon
Paul [Tue, 19 Jan 2016 10:55:21 +0000 (10:55 +0000)]
more removing of space before colon

4 years agoupdate copyright year
Paul [Tue, 19 Jan 2016 10:42:02 +0000 (10:42 +0000)]
update copyright year

4 years agoremove space in front of colon
Paul [Tue, 19 Jan 2016 10:29:29 +0000 (10:29 +0000)]
remove space in front of colon

4 years agoupdate transaltion files
Paul [Tue, 19 Jan 2016 10:19:39 +0000 (10:19 +0000)]
update transaltion files

in order to avoid fuzzies following
b29d9d89c807661179a0c3b92f03c7a2634b1d27

4 years agoDelete prototypes for non-existent prefs_write_close*().
Andrej Kacian [Sun, 17 Jan 2016 11:50:37 +0000 (12:50 +0100)]
Delete prototypes for non-existent prefs_write_close*().

4 years agofix CVE-2015-8708, bug 3557, 'Remotely exploitable bug.'
Paul [Sun, 17 Jan 2016 11:34:14 +0000 (11:34 +0000)]
fix CVE-2015-8708, bug 3557, 'Remotely exploitable bug.'

Patch by Ben Hutchings <ben@decadent.org.uk>

4 years agoUse a different default CFG_RC_DIR for Windows platform.
Andrej Kacian [Sun, 3 Jan 2016 16:40:05 +0000 (17:40 +0100)]
Use a different default CFG_RC_DIR for Windows platform.

4 years agoAdd missing symbol to vcalendar claws.def file.
Andrej Kacian [Sun, 3 Jan 2016 16:39:41 +0000 (17:39 +0100)]
Add missing symbol to vcalendar claws.def file.

4 years agofix bug 2358, '"Disposition-Notification-To:" should default to same value as "From:'
Paul [Mon, 28 Dec 2015 19:12:33 +0000 (19:12 +0000)]
fix bug 2358, '"Disposition-Notification-To:" should default to same value as "From:'

4 years agoadd Charles to the man page
Paul [Wed, 23 Dec 2015 16:34:36 +0000 (16:34 +0000)]
add Charles to the man page

4 years agoremove space in front of colon
Paul [Wed, 23 Dec 2015 08:47:53 +0000 (08:47 +0000)]
remove space in front of colon

4 years agofix bug 3584, 'After 3.13.1, characters in some Japanese codec are never correctly...
Paul [Tue, 22 Dec 2015 11:17:02 +0000 (11:17 +0000)]
fix bug 3584, 'After 3.13.1, characters in some Japanese codec are never correctly converted to internal ones'

Thanks to honda@math.sci.hokudai.ac.jp

4 years agocomment out the paragraphs which no longer apply
Paul [Tue, 22 Dec 2015 11:09:41 +0000 (11:09 +0000)]
comment out the paragraphs which no longer apply

4 years agolate, post-release pt_BR.po update
Paul [Tue, 22 Dec 2015 11:09:09 +0000 (11:09 +0000)]
late, post-release pt_BR.po update

by Frederico Goncalves Guimaraes

4 years agoremove reference to freshmeat_search.pl 3.13.1
Paul [Sun, 20 Dec 2015 13:57:19 +0000 (13:57 +0000)]
remove reference to freshmeat_search.pl