headers
Brendan Cully | 1 Apr 2010 09:00
Gravatar

mutt: new changeset

New changeset in mutt:

http://dev.mutt.org/hg/mutt/rev/7e9e31b1bd7b
changeset:   6066:7e9e31b1bd7b
branch:      HEAD
tag:         tip
user:        Michael Elkins <me <at> mutt.org>
date:        Wed Mar 31 08:50:12 2010 -0700
summary:     avoid buffer overflow when expanding the format string associated with a 'spam' command.

--

-- 
Repository URL: http://dev.mutt.org/hg/mutt
Permalink | Reply | 0 comments |
headers
Simon Ruderich | 1 Apr 2010 17:28

[PATCH] Minor source documentation typos.

Hi,

This fixes some typos I found while browsing the source code.

Thanks,
Simon
---
 attach.c    |    2 +-
 commands.c  |    2 +-
 curs_main.c |    2 +-
 filter.c    |    2 +-
 muttlib.c   |    2 +-
 send.c      |    6 +++---
 6 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/attach.c b/attach.c
index 238dbc2..9e45cfd 100644
--- a/attach.c
+++ b/attach.c
 <at>  <at>  -938,7 +938,7  <at>  <at>  int mutt_decode_save_attachment (FILE *fp, BODY *m, char *path,

 /* Ok, the difference between send and receive:
  * recv: BODY->filename is a suggested name, and Context|HEADER points
- *       to the attachment in mailbox which is encooded
+ *       to the attachment in mailbox which is encoded
  * send: BODY->filename points to the un-encoded file which contains the
  *       attachment
  */
diff --git a/commands.c b/commands.c
index ebd0ca5..f9c2025 100644
(Continue reading)

Permalink | Reply | 2 comments |
headers
Simon Ruderich | 1 Apr 2010 17:30

[PATCH] Mention that quotes can't be used in query_command.

Hi,

This patch improves the description of $query_format to mention
that no quotes shouldn't be used around %s.

I'm not sure what $query is, so I left it unchanged.

Thanks,
Simon
---
 init.h |    5 +++--
 1 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/init.h b/init.h
index d730d28..342b8d5 100644
--- a/init.h
+++ b/init.h
 <at>  <at>  -2168,8 +2168,9  <at>  <at>  struct option_t MuttVars[] = {
   ** .pp
   ** This specifies the command that mutt will use to make external address
   ** queries.  The string should contain a ``%s'', which will be substituted
-  ** with the query string the user types.  See ``$query'' for more
-  ** information.
+  ** with the query string the user types.  Don't quote ``%s'' in single or
+  ** double quotes or it may cause security problems!  Mutt does handle the
+  ** quoting on its own.  See ``$query'' ** for more information.
   */
   { "query_format",	DT_STR, R_NONE, UL &QueryFormat, UL "%4c %t %-25.25a %-25.25n %?e?(%e)?" },
   /*
--

--
(Continue reading)

Permalink | Reply | 2 comments |
headers
Simon Ruderich | 1 Apr 2010 17:31

[PATCH] manual.xml.head: Add example to editor description.

Hi,

When browsing the manual I wasn't sure at first what editor
means, so I thought maybe add a little description.

Thanks,
Simon
---
 doc/manual.xml.head |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/doc/manual.xml.head b/doc/manual.xml.head
index 305caf7..c1735be 100644
--- a/doc/manual.xml.head
+++ b/doc/manual.xml.head
 <at>  <at>  -2209,7 +2209,8  <at>  <at>  for listing all of your incoming mailboxes.
 <term>editor</term>
 <listitem>
 <para>
-The editor is the line-based editor the user enters text data.
+The editor is the line-based editor the user enters text data, for example in
+the To: prompt when composing new mails.
 </para>
 </listitem>
 </varlistentry>
-- 
1.7.0.3

--

-- 
+ privacy is necessary
(Continue reading)

Permalink | Reply | 1 comment |
headers
Michael Elkins | 1 Apr 2010 18:36

Re: [PATCH] manual.xml.head: Add example to editor description.

On Thu, Apr 01, 2010 at 05:31:54PM +0200, Simon Ruderich wrote:
> When browsing the manual I wasn't sure at first what editor
> means, so I thought maybe add a little description.

Thanks for the patch.  I reworded it slightly and added the sgml
attributes to make it match the style.  The wording that was in the
manual wasn't even a complete sentence, either. :(

me
Permalink | Reply | 0 comments |
headers
Michael Elkins | 1 Apr 2010 18:59

Re: [PATCH] Mention that quotes can't be used in query_command.

On Thu, Apr 01, 2010 at 05:30:26PM +0200, Simon Ruderich wrote:
> This patch improves the description of $query_format to mention
> that no quotes shouldn't be used around %s.

I reworked that section to be more clear:

	This specifies the command Mutt will use to make external address
	queries. The string may contain a “%s”, which will be substituted with
	the query string the user types. Mutt will add quotes around the string
	substituted for “%s” automatically according to shell quoting rules, so
	you should avoid adding your own. If no “%s” is found in the string,
	Mutt will append the user's query to the end of the string. See “query”
	for more information.

I would not consider it a security issue, however.  $query_command is
only ever expanded using a string the Mutt user types in, not any data
received externally.

> I'm not sure what $query is, so I left it unchanged.

It's a reference to the "External Address Queries" section in the
manual (aka http://www.mutt.org/doc/devel/manual.html#query).

me
Permalink | Reply | 1 comment |
headers
Michael Elkins | 1 Apr 2010 19:12

Re: [PATCH] Minor source documentation typos.

On Thu, Apr 01, 2010 at 05:28:43PM +0200, Simon Ruderich wrote:
> This fixes some typos I found while browsing the source code.

Thanks for the patch.  I applied most of it (comments below).

>      /* If Sort is reverse and not threaded, the latest message is first.
> -     * If Sort is threaded, the latest message is first iff exactly one
> +     * If Sort is threaded, the latest message is first if exactly one
>       * of Sort and SortAux are reverse.
>       */

This is not a typo.  "iff" in this context has the mathematically
meaning "if and only iff."

> -    /* If this is a reply evaluate the 'template_file' option and but the
> +    /* If this is a reply evaluate the 'template_file' option and put the
>       * template below the quoted text. */

This code does not appear to be in the Mutt repository.  Are you
tracking a 3rd party patch?

me
Permalink | Reply | 1 comment |
headers
Simon Ruderich | 1 Apr 2010 21:33

Re: [PATCH] Minor source documentation typos.

On Thu, Apr 01, 2010 at 10:12:48AM -0700, Michael Elkins wrote:
> On Thu, Apr 01, 2010 at 05:28:43PM +0200, Simon Ruderich wrote:
>> This fixes some typos I found while browsing the source code.
>
> Thanks for the patch.  I applied most of it (comments below).
>
>>      /* If Sort is reverse and not threaded, the latest message is first.
>> -     * If Sort is threaded, the latest message is first iff exactly one
>> +     * If Sort is threaded, the latest message is first if exactly one
>>       * of Sort and SortAux are reverse.
>>       */
>
> This is not a typo.  "iff" in this context has the mathematically
> meaning "if and only iff."

Interesting, I didn't know that. Thanks.

>> -    /* If this is a reply evaluate the 'template_file' option and but the
>> +    /* If this is a reply evaluate the 'template_file' option and put the
>>       * template below the quoted text. */
>
> This code does not appear to be in the Mutt repository.  Are you
> tracking a 3rd party patch?

Oh, sorry, that's one of my local patches.

> me

Thanks for your quick response,
Simon
(Continue reading)

Permalink | Reply | 0 comments |
headers
Simon Ruderich | 1 Apr 2010 21:56

Re: [PATCH] Mention that quotes can't be used in query_command.

On Thu, Apr 01, 2010 at 09:59:37AM -0700, Michael Elkins wrote:
> On Thu, Apr 01, 2010 at 05:30:26PM +0200, Simon Ruderich wrote:
>> This patch improves the description of $query_format to mention
>> that no quotes shouldn't be used around %s.
>
> I reworked that section to be more clear:
>
> 	This specifies the command Mutt will use to make external address
> 	queries. The string may contain a “%s”, which will be substituted with
> 	the query string the user types. Mutt will add quotes around the string
> 	substituted for “%s” automatically according to shell quoting rules, so
> 	you should avoid adding your own. If no “%s” is found in the string,
> 	Mutt will append the user's query to the end of the string. See “query”
> 	for more information.

Thanks.

> I would not consider it a security issue, however.  $query_command is
> only ever expanded using a string the Mutt user types in, not any data
> received externally.

I run it sometimes on a email from another user (for example in
the send menu) to fix their name if they forgot to add it. But
you're right, that's not really a security problem.

>> I'm not sure what $query is, so I left it unchanged.
>
> It's a reference to the "External Address Queries" section in the
> manual (aka http://www.mutt.org/doc/devel/manual.html#query).
>
(Continue reading)

Permalink | Reply | 0 comments |
headers
Mutt | 2 Apr 2010 00:11

Re: [Mutt] #3261: mutt should open attachment as read-only file for external viewer

#3261: mutt should open attachment as read-only file for external viewer
------------------------------+---------------------------------------------
 Reporter:  antonio <at> …         |       Owner:  mutt-dev
     Type:  enhancement       |      Status:  new     
 Priority:  minor             |   Milestone:          
Component:  mutt              |     Version:          
 Keywords:                    |  
------------------------------+---------------------------------------------

Comment(by pweis):

 Hi,

 the chmod should only apply to attachments of received e-mails, not to
 attachments of composed ones. Attached is the patch from
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572203.

 Philipp

--

-- 
Ticket URL: <http://dev.mutt.org/trac/ticket/3261#comment:1>
Mutt <http://www.mutt.org/>
The Mutt mail user agent
Permalink | Reply | 0 comments |

Gmane