2022-11-05 12:37:33 -0700  Kevin McCarthy  <kevin@8t8.us> (44b9bd4f)

        * Update UPDATING file for 2.2.8 release.

M	UPDATING

2022-11-04 13:18:51 -0700  Kevin McCarthy  <kevin@8t8.us> (db16ce47)

        * Add explicit void to 0-parameter function definitions.
        
        These are the errors output with:
          -Werror=implicit-int -Werror=implicit-function-declaration
          -Werror=int-conversion -Werror=strict-prototypes
          -Werror=old-style-definition

M	autocrypt/autocrypt_acct_menu.c
M	background.c
M	charset.c
M	curs_lib.c
M	menu.c
M	monitor.c
M	pattern.c

2022-11-03 14:01:12 -0700  Kevin McCarthy  <kevin@8t8.us> (0838a8f4)

        * Clarify $uncollapse_new documentation.
        
        Indicate more clearly it is talking about "delivered" messages that
        arrive in a thread, not about the unread-status of those messages.

M	init.h

2022-11-01 20:22:06 -0700  Kevin McCarthy  <kevin@8t8.us> (b254f2fb)

        * Add a check for key->uids in create_recipient_set.
        
        For gpgme < 1.11.0, it used this function to create the encryption key
        list.  The '!' was interpreted differently back then, and it
        apparently didn't check if the returned key had any uids before
        referencing it.  Add a check to prevent a segv as in the public key
        block fix.

M	crypt-gpgme.c

2022-10-31 15:06:51 -0700  Kevin McCarthy  <kevin@8t8.us> (f0eb3586)

        * Fix public key block listing for old versions of gpgme.
        
        Commit 382355a5 accidentally removed the data import for legacy mode,
        which would cause it to produce empty output.

M	crypt-gpgme.c

2022-10-31 15:02:57 -0700  Kevin McCarthy  <kevin@8t8.us> (48b6ea32)

        * Fix gpgme crash when listing keys in a public key block.
        
        The gpgme code handling classic application/pgp assumed each key would
        have a uid.  Change it to check for a missing uid list.
        
        Also change it to list every uid (instead of only the first), and to
        put each one on a "uid" line in the output.
        
        The output is only for display, so the format change won't affect
        other parts of the code.
        
        Thanks to Mikko Lehto for the high quality bug report, detailing the
        exact place of the crash with a reproducing example and a workaround
        patch.

M	crypt-gpgme.c

2022-10-13 13:25:51 -0700  Kevin McCarthy  <kevin@8t8.us> (25b69530)

        * Allow Fcc'ing to IMAP in batch mode.
        
        There are some prompts that can cause it to abruptly fail, but it
        turns out SMTP has some of those too.
        
        For now, abort if $confirmcreate is set.
        
        Certificate prompts were fixed in commit c46db2be for 2.2.7.

M	imap/imap.c
M	send.c

2022-10-13 13:18:55 -0700  Kevin McCarthy  <kevin@8t8.us> (a1c86bd2)

        * Add fcc error handling in batch mode.
        
        If $fcc_before_send is set, then abort with an error message.
        
        If it's not set (the default), then continue on, as the message is
        already sent.

M	send.c

2022-10-09 11:13:15 -0700  Kevin McCarthy  <kevin@8t8.us> (9cfa36ea)

        * Fix scrolling when handling SIGWINCH in the index.
        
        The index had some (very very old) code which reset the scroll top
        during SIGWINCH handling.  This caused a recomputation of the top,
        which caused the index to jumble around randomly during resizing.
        
        The last few commits added SigWinch flag setting whenever
        mutt_endwin() was called, which meant this jumbling would occur much
        more often.  (For example when piping a message.)
        
        After looking more closely, this top reset seems to be unnecessary.  A
        full redraw needs to properly handle the case where "current" is
        outside the visible range, because a resize could occur in a called
        menu.  Additionally, the menu.c code does just fine without this, and
        is used for all the other standard menus in Mutt.
        
        Thanks to Vincent Lefèvre for helping test the SigWinch changes, and
        reporting this regression.

M	curs_main.c

2022-10-08 13:47:15 -0700  Kevin McCarthy  <kevin@8t8.us> (082ed14e)

        * Explicitly mention --with-sqlite3 in the INSTALL file.

M	INSTALL

2022-09-23 13:05:59 +0800  Kevin McCarthy  <kevin@8t8.us> (5649e381)

        * Set the curses resize policy to use tioctl()
        
        mutt_resize_screen() calls mutt_reflow_windows(), which records window
        sizes in those data structures.  After a endwin(), curses will also
        check the terminal size, but it if uses a different policy than Mutt,
        the screen will be drawn incorrectly.
        
        I looked into adding a config option to change this, but ran into a
        chicken-egg problem.  initscr() must be called before the config is
        processed, to allow for color setting.  However, use_env() must be
        called before initscr().  So for now, just set to policy to ignore the
        env vars, except as a fallback.

M	configure.ac
M	main.c

2022-09-21 13:03:22 +0800  Kevin McCarthy  <kevin@8t8.us> (fede64d0)

        * Remove unneeded calls in mutt_edit_file().
        
        The mutt_resize_screen() is no longer needed now that mutt_endwin()
        sets SigWinch.
        
        The keypad() and clearok() calls are generally only needed if a
        program takes over the screen unexpectedly (without Mutt having run
        endwin()).

M	curs_lib.c

2022-09-21 13:02:40 +0800  Kevin McCarthy  <kevin@8t8.us> (9fb2755d)

        * Change a few cases of endwin() to call mutt_endwin().
        
        The remaining cases in the Mutt code are special cases, but these two
        should be fixed.  This ensures SigWinch is set.

M	commands.c
M	compress.c

2022-09-21 13:00:44 +0800  Kevin McCarthy  <kevin@8t8.us> (619db54f)

        * Add SigWinch = 1 to mutt_endwin().
        
        Since mutt_reflow_window() needs to be called on a resize, and it's
        possible for programs to block SIGWINCH being sent to Mutt, this is a
        fail-safe to ensure it's run.
        
        The previous commit moved SigWinch handling before refresh() in the
        menus, which should prevent double-refresh issues.

M	curs_lib.c

2022-09-19 18:41:48 +0800  Kevin McCarthy  <kevin@8t8.us> (925a2927)

        * Move SigWinch handling before refresh in menus.
        
        This will prevent an unneeded double-refresh after an endwin() when we
        set SigWinch in the next commit.
        
        In the pager, change RETWINCH handling to account for a sigwinch while
        in the handler.  Previously a redraw would occur and use/free the
        Resize data, but since the SigWinch check now occurs before the
        redraw, keep existing data.

M	curs_main.c
M	menu.c
M	pager.c

2022-08-30 15:31:24 -0700  Kevin McCarthy  <kevin@8t8.us> (e43a42bf)

        * Ensure pop_data is freed for mailbox and fetch-mail usage.
        
        <fetch-mail> was only free'ing the container and not the auth_list or
        timestamp used in authentication.
        
        Mailbox usage was never free'ing the pop_data object.
        
        Create a pop_free_pop_data() helper and use that in <fetch-mail>
        usage where the pop_data was being free'd before.
        
        Since the pop code always allocates and assigns a new pop_data object
        after each mutt_conn_find(), add a call to pop_close_mailbox() too.
        
        Just to make sure, reset connection->data before free'ing the pop_data
        in each case.

M	pop.c

2022-08-25 13:23:43 -0700  Kevin McCarthy  <kevin@8t8.us> (c46db2be)

        * Add error handling for cert prompts in batch mode.
        
        It looks like there are no batch mode checks before trying to throw up
        a curses menu for certificate prompts.
        
        This currently affects SMTP, and I guess either hasn't been an issue
        or people just learned to work around it.
        
        Mutt has no great way to deal with this, so at least for now display
        an error and abort verification gracefully as opposed to whatever was
        happening before (which could not have been pretty).
        
        Alas, this breaks my rule of adding translation strings in stable, but
        I couldn't find another appropriate string.

M	mutt_ssl.c
M	mutt_ssl_gnutls.c

2022-08-22 09:24:19 -0700  Ivan Vilata i Balaguer  <ivan@selidor.net> (56f1d398)

        * Updated Catalan translation.

M	po/ca.po

2022-08-07 10:20:17 -0700  Kevin McCarthy  <kevin@8t8.us> (4927240d)

        * automatic post-release commit for mutt-2.2.7

M	ChangeLog
M	VERSION

2022-08-07 10:15:32 -0700  Kevin McCarthy  <kevin@8t8.us> (7b41537e)

        * Update UPDATING file for 2.2.7 release.

M	UPDATING

2022-08-02 20:51:17 -0700  Kevin McCarthy  <kevin@8t8.us> (40228035)

        * Fix mutt_read_rfc822_line() to use is_email_wsp().
        
        ISSPACE() uses isspace() which is locale-dependent.  On some
        platforms, unexpected 8-bit chars, such as 0xa0 or 0x85 return true.
        
        When using $edit_headers, this can result in Subject: lines being
        truncated if a multi-byte character ending in one of these values is
        at the end of a line.
        
        There are probably other bugs that could be triggered by this, such as
        in IMAP parsing.  However, I need more time to investigate before
        making large-scale changes that could introduce new bugs.

M	parse.c

2022-08-04 10:25:26 +0200  Matthias Andree  <matthias.andree@gmx.de> (4d2b33ba)

        * Drop X509 *cert from sslsockdata, unused.
        
        Signed-off-by: Matthias Andree <matthias.andree@gmx.de>
        (cherry picked from commit 0d03501ac9ddd1a4a62a7274651d64da0c4c3865)

M	mutt_ssl.c

2022-07-29 19:52:45 -0700  Kevin McCarthy  <kevin@8t8.us> (a1a08067)

        * Change mutt_display_message() $pager to use %s if present.
        
        Other places in the code all use mutt_do_pager(), which uses
        mutt_expand_file_fmt().
        
        The use of %s was not documented (and likely not used since it's
        broken when displaying messages), so add documentation to the $pager
        option.

M	commands.c
M	init.h

2022-07-29 10:40:33 -0700  Kevin McCarthy  <kevin@8t8.us> (4f672027)

        * Overide SSL_CTX min/max protocol versions.
        
        Newer versions of OpenSSL disable old (insecure) protocols by default.
        Reset the allowed versions, so that Mutt's configuration variables
        enabling old protocols actually work if needed.
        
        Thanks to Matthias Andree for the patch, which this commit is based
        upon.

M	mutt_ssl.c

2022-03-04 15:26:56 -0800  Kevin McCarthy  <kevin@8t8.us> (b022931d)

        * Tighten $query_command parsing to allow empty name field.
        
        The documentation writes the output should be "each line containing a
        tab separated address then name then some other optional information".
        The wiki page at
        <https://gitlab.com/muttmua/mutt/-/wikis/MuttGuide/Aliases> also
        implies a single tab between each field.
        
        Since the function used strtok, consecutive tab delimeters were
        treated as a single delimiter.  This caused a missing name field to
        use the comment field as the name.
        
        Change the function to use strchr instead.  This is not without risk,
        as the functionality is old.  Who knows what all programs have been
        written that might assume initial, or multiple delimiters are
        acceptable...
        
        Thanks to Magnus Groß for reporting the problem along with a patch,
        which this commit is derived from.

M	query.c

2022-07-10 14:58:40 +0200  Matthias Andree  <matthias.andree@gmx.de> (135fb67e)

        * version.sh: fix robustness on git failure
        
        for instance, with untrusted directory under sudo.
        
        Signed-off-by: Matthias Andree <matthias.andree@gmx.de>

M	version.sh

2022-07-17 22:20:12 +0200  Matthias Andree  <matthias.andree@gmx.de> (607efef7)

        * de.po: Fix German certificate dialog translation.
        
        Remove the full-stop to ensure reader will continue reading rather
        than mistake this as a conclusion.
        
        Also, from: to: here translate to von: bis: (not an: which would be
        spatial not temporal).
        
        Finally, fix a mistranslation where SHA256 was translated as SHA1
        
        Reviewed by: Helge Kreutzmann <debian@helgefjell.de>
        Signed-off-by: Matthias Andree <matthias.andree@gmx.de>

M	po/de.po

2022-07-06 14:39:42 -0700  Kevin McCarthy  <kevin@8t8.us> (0614c38c)

        * Comment out undesirable default settings in smime.rc.
        
        Some distributions, such as Debian, use the contrib/smime.rc as a
        default system configuration file (under /etc/Muttrc.d).  However
        settings such as $smime_is_default and $crypt_autosign should not be
        enabled by default for everyone.
        
        Debian previously maintained a patch against the file, commenting out
        those settings, but the patch somehow got dropped and is causing
        confusion for Debian users.
        
        Since the settings aren't necessarily desirable for anyone who wants
        to use S/MIME, comment them out in the contrib file.

M	contrib/smime.rc

2022-06-09 09:22:03 -0700  Kevin McCarthy  <kevin@8t8.us> (97f8eee2)

        * Decrypt S/MIME when mime-forwarding with $forward_decrypt set.
        
        The code was performing a decode for S/MIME, but this had the effect
        of running attachments through the autoview routines.
        
        Change so it only performs a decrypt.  This is also how copying is
        handled in set_copy_flags(), so I believe the decode was just a
        mistake.

M	sendlib.c

2022-06-05 11:20:00 -0700  Kevin McCarthy  <kevin@8t8.us> (d1ee1314)

        * automatic post-release commit for mutt-2.2.6

M	ChangeLog
M	VERSION

2022-06-05 11:13:47 -0700  Kevin McCarthy  <kevin@8t8.us> (42c9d1ea)

        * Update UPDATING file for 2.2.6 release.

M	UPDATING

2022-05-27 14:58:23 -0700  Kevin McCarthy  <kevin@8t8.us> (44636260)

        * Fix $pgp_sort_keys sorting.
        
        Both gpgme and pgpkey used nonsensical comparison return values, for
        example: "return r > 0".
        
        Adjust numeric comparisons to use mutt_numeric_cmp() and have the
        comparator return the result of the actual comparison.
        
        Adjust the "trust" sorting of gpgme to be the same as classic-pgp:
        putting restrictions at the bottom, but reverse sorting validity,
        length and timestamp values so they come first in the list.

M	crypt-gpgme.c
M	pgpkey.c

2022-05-22 19:03:33 -0700  Kevin McCarthy  <kevin@8t8.us> (818ea32c)

        * Adjust browser and sidebar numeric sorting to use mutt_numeric_cmp()
        
        Large values shouldn't use subtraction into an integer return type, so
        just convert all of them to use the macro, to be safe.

M	browser.c
M	sidebar.c

2022-05-27 13:24:11 -0700  Kevin McCarthy  <kevin@8t8.us> (f8336984)

        * Fix mbrtowc() error handling in mutt_which_case().
        
        The function did not reset the increment value on a -2 return value.
        
        Increase the maximum conversion size to the string length, and check
        for -2.  Since we're looking at the whole string, we can then just
        terminate the loop on either value, assuming a case-sensitive search.
        
        mbrtowc() will return -2 if passed n==0, so add an explicit check for
        the end of string and a positive n count.

M	pattern.c

2022-05-27 13:22:22 -0700  Kevin McCarthy  <kevin@8t8.us> (def28317)

        * Fix mbrtowc() error handling in check_alias_name().
        
        The function did not reset the increment value on any error.  Increase
        the maximum conversion size to the string length, and check for -2.
        Since we're looking at the whole string, we can then just terminate
        the loop on a -2 return value.

M	alias.c

2022-05-26 11:29:15 -0700  Kevin McCarthy  <kevin@8t8.us> (51c67ba9)

        * Convert my_width() to use mbrtowc().
        
        This allows handling a single corrupted character vs an incomplete
        multibyte character differently, as other parts of Mutt do.

M	sendlib.c

2022-05-25 20:59:39 -0700  Kevin McCarthy  <kevin@8t8.us> (ca960228)

        * Fix header folding my_width() calculation.
        
        After calculating the width of a character, the routine would only
        increment the string pointer by one byte.  Any errors returned by
        mbtowc() would also increment the width by one.  This means multibyte
        characters would overcount width by the number of bytes minus one.
        
        Change it to check the return value and use that value to increment
        the string pointer.
        
        Change mbtowc() to look at the whole rest of the string instead of
        just MB_CUR_MAX, as the manpage says even MB_CUR_MAX may not be enough
        in some circumstances.
        
        Since we calculate strlen, use that as well as '\0' for the loop
        termination check.  Also check for mbtowc() returning 0 just for extra
        safety.
        
        Reset the internal mbstate_t before converting, and on any error.
        
        If mbtowc() returns an error, use replacment_char() as a substitue for
        width calcluation, as mutt_strwidth() and other parts of Mutt do.

M	sendlib.c

2022-05-25 09:53:07 -0700  Kevin McCarthy  <kevin@8t8.us> (67bb3d35)

        * Filter Arabic Letter Mark due to display corruption.
        
        Under GNU Screen, the directional marker causes display corruption in
        the index.
        
        This (along with past filters added) should perhaps be considered GNU
        Screen bugs.  They've been reported upstream a while ago, but so far
        not received any attention.  So for Mutt users' benefit it's better to
        filter them out for now.
        
        Thanks to Vincent Lefèvre for debugging and reporting the problem,
        along with providing historical information from similar past issues.

M	mbyte.c

2022-05-21 09:18:04 -0700  Kevin McCarthy  <kevin@8t8.us> (ceb6c4fc)

        * Fix browser completion path expansion to preserve a trailing slash.
        
        The browser lists the contents of a directory passed as 'f' when it
        has a trailing slash; without, it lists everything matching that name
        in the parent directory.
        
        Since the browser does its own relative path expansion, we can just
        use mutt_buffer_path_norel() to keep a trailing slash in 'f'.

M	browser.c

2022-05-21 09:07:23 -0700  Kevin McCarthy  <kevin@8t8.us> (599806a0)

        * Decouple expand_path() relpath vs trailing slash handling.
        
        This change was originally done for the next commit, to fix browser
        completion handling.  However, I discovered the browser does its own
        relative path expansion, and could just be fixed by using the _norel()
        version.
        
        Still, I think this change is a good idea in any case.  There may be a
        few more fixes needed that require relpath expansion while keeping
        trailing slashes.
        
        Since the number of flag parameters to expand_path would become
        excessive by adding a "remove_trailing_slash" paremeter, convert it to
        use a single 'flags' parameter instead.

M	hook.c
M	mutt.h
M	muttlib.c
M	protos.h

2022-05-20 08:51:05 -0700  Helge Kreutzmann  <debian@helgefjell.de> (5006b546)

        * Update de.po.

M	po/de.po

2022-05-19 12:36:06 -0700  Kevin McCarthy  <kevin@8t8.us> (80d90e0c)

        * Document $sendmail invocation behavior.
        
        This variable is handled differently from other "command" variables in
        Mutt.  It's tokenized by space and then executed via execvp().  This
        means spaces in command/arguments are not supported, and neither is
        shell quoting.
        
        I don't know if it was done this way out of some security concern, but
        it seems like using mutt_system() and mutt_buffer_quote_filename() for
        recipient arguments should at least be investigated.

M	init.h

2022-05-16 10:20:30 -0700  Kevin McCarthy  <kevin@8t8.us> (a8c7fba1)

        * automatic post-release commit for mutt-2.2.5

M	ChangeLog
M	VERSION

2022-05-16 10:16:07 -0700  Kevin McCarthy  <kevin@8t8.us> (c94b511a)

        * Update UPDATING file for 2.2.5.

M	UPDATING

2022-05-13 15:37:58 -0700  Kevin McCarthy  <kevin@8t8.us> (6688bfbf)

        * Set gsasl hostname callback value.
        
        This is needed for GSSAPI, and apparently DIGEST-MD5 too.
        
        The gsasl documentation is a little confusing, saying it "should be
        the local host name of the machine", however the imap/auth_gss.c code
        seems to be using the server name, and the msmtp source also uses the
        server name for this callback.
        
        Thanks to brian m. carlson and Gábor Gombás for reporting this issue
        in Debian ticket 1010915, and an additional thanks to brian for
        quickly testing the fix.

M	mutt_sasl_gnu.c

2022-05-06 12:51:56 -0700  Kevin McCarthy  <kevin@8t8.us> (9d5db7cb)

        * Force IR with gsasl SMTP PLAIN authentication.
        
        Debian ticket 1010658 showed a server violating RFC 4954 by sending
        non-base64 data in the 334 response when Mutt sends "AUTH PLAIN"
        (without IR).
        
        The msmtp source also seems to force IR with PLAIN because it found
        other broken servers.
        
        So the best option seems to be just handling PLAIN specially for now.

M	smtp.c

2022-04-30 12:41:43 -0700  Kevin McCarthy  <kevin@8t8.us> (c3baa83e)

        * automatic post-release commit for mutt-2.2.4

M	ChangeLog
M	VERSION

2022-04-30 12:38:09 -0700  Kevin McCarthy  <kevin@8t8.us> (4d082513)

        * Update UPDATING file for 2.2.4 release.

M	UPDATING

2022-04-30 11:11:04 -0700  Kevin McCarthy  <kevin@8t8.us> (7dec694f)

        * Document $header_cache behavior change wrt directories.
        
        Although not documented, Mutt would previously intepret a
        $header_cache value ending in '/' as a directory even if it didn't
        exist.  The new DT_PATH normalization prevents this possibility, so a
        directory will need to be created in advance.
        
        I'm not fond of "fixing" regressions with documentation, but I believe
        this is a small issue, easily worked around for first-time use, and
        the benefits of the normalization are worth this small change.

M	doc/manual.xml.head
M	init.h

2022-04-28 12:48:09 -0700  Kevin McCarthy  <kevin@8t8.us> (a20ed9b4)

        * When expanding local paths, normalize to remove a trailing '/'.
        
        Commit 986e9e74 normalized Maildir/mh paths upon opening, to aid in
        mailbox comparison issues that can crop up (as the IMAP path
        normalization does).
        
        Unfortunately, this caused other problems in cases where users were
        explicitly adding a trailing '/' to their config settings, such as
        with buffy mailboxes, or with $spoolfile.
        
        To normalize properly, we need to do as the IMAP code does - both on
        the context opening, and expand_path (as imap_expand_path() and
        imap_fix_path() do).
        
        This also helps other cases; for example, the file browser returns
        entries without a trailing '/', while tab completion in the editor
        menu appends a trailing '/'.
        
        Right now the only regression I'm aware of is with $header_cache on
        first use, which I will document in the next commit.  If it turns out
        there are more important regressions I may have to back this and the
        original commit out.

M	muttlib.c

2022-04-21 22:58:48 +0300  Emir SARI  <emir_sari@icloud.com> (b69aed8e)

        * Minor translation fixes

M	po/tr.po

2022-04-12 11:23:07 -0700  Kevin McCarthy  <kevin@8t8.us> (d9199322)

        * automatic post-release commit for mutt-2.2.3

M	ChangeLog
M	VERSION

2022-04-12 11:14:38 -0700  Kevin McCarthy  <kevin@8t8.us> (03f8c660)

        * Update UPDATING file for 2.2.3.

M	UPDATING

2022-04-10 11:05:48 -0700  Kevin McCarthy  <kevin@8t8.us> (efe4186a)

        * Fix read past end of buf in is_mmnoask().
        
        buf is size STRING while the environment variable is copied into a
        LONG_STRING, so lng can be past the end of buf.  Swap the comparison
        order to make sure they match (and thus ensuring buf[lng] isn't
        outside the buffer).

M	handler.c

2022-04-09 13:32:33 -0700  Kevin McCarthy  <kevin@8t8.us> (f8264135)

        * Fix strlen() assigns to be of type size_t where obvious.
        
        Ticket 405 had an almost-exploit enabled by sloppy assignment of
        strlen().  There were more details involved, of course, but this
        served as encouragement to clean up obvious "strlen assignment to int"
        in the rest of the code.
        
        Note this is not *all* cases, only those that were simple and obvious.
        In some cases, the code assigns strlen() to an int but also uses that
        variable to hold negative values for another reason.  In other cases,
        an API is involved (e.g. SASL) that make changing potentially
        dangerous.  And lastly, some functions were just a bit too complicated
        to risk introducing a bug.

M	charset.c
M	compose.c
M	copy.c
M	crypt-gpgme.c
M	edit.c
M	handler.c
M	hcache.c
M	imap/auth_cram.c
M	imap/imap.c
M	init.c
M	muttlib.c
M	parse.c
M	pgp.c
M	sendlib.c
M	smime.c

2022-04-09 09:54:38 -0700  Kevin McCarthy  <kevin@8t8.us> (195bcad0)

        * Flush iconv() in mutt_convert_string().
        
        The man page says this ought to be done, and other places in Mutt do
        so.

M	charset.c

2022-04-08 21:07:46 -0700  Kevin McCarthy  <kevin@8t8.us> (f58a25cc)

        * Add convert_string() size check.
        
        This is similar to the mutt_convert_string() fix in the last commit.
        In this case there was no integer overflow issue, but there was still
        a (remote) possibility of obl wrapping, so add a check.
        
        Also, ensure there is at least one byte to terminate ob by allocating "obl
        + 1" size buffer, but passing obl to iconv().
        
        Note that mutt_convert_string() uses a multiplier of MB_LEN_MAX, while
        this function used 4.  I thought MB_LEN_MAX might be too large, but
        Tavis Ormandy was able to give a counter-example (0x82 in TSCII (Tamil
        SCII) requires 4 3-byte UTF-8 codepoints).  Convert this function to
        use MB_LEN_MAX, like mutt_convert_string().

M	rfc2047.c

2022-04-08 20:19:27 -0700  Kevin McCarthy  <kevin@8t8.us> (f26d304b)

        * Fix integer overflow in mutt_convert_string().
        
        In the case of a *very* large message header (which is possible via a
        compressed encrypted message) it's possible to overflow the incorrect
        assignment of strlen() to an int local variable.
        
        Thanks to Tavis Ormandy for the bug report and patch, which this
        commit is based upon.
        
        Although Tavis wasn't able to find an exploit, it was almost possible
        to make ob small and obl big, which would have allowed attacker
        control of a heap corruption.
        
        Change the strlen() to assign directly to ibl (of type size_t).  This
        prevents signed to unsigned conversion of len to ibl, which make the
        attack almost possible.
        
        Note that ibl should reflect the number of bytes to be converted by
        iconv(), so the change of ibl to strlen() instead of (strlen() + 1) is
        intentional, and correct.
        
        ob is allocated with an additional byte for a trailing nul, which is
        appended after the conversion.

M	charset.c

2022-04-05 13:14:47 -0700  Kevin McCarthy  <kevin@8t8.us> (4ae494ca)

        * Fix uudecode cleanup on unexpected eof.
        
        Clean up iconv state and state->prefix handling instead of just
        returning.  This is done for the other encoding handlers.

M	handler.c

2022-04-05 11:05:52 -0700  Kevin McCarthy  <kevin@8t8.us> (e5ed080c)

        * Fix uudecode buffer overflow.
        
        mutt_decode_uuencoded() used each line's initial "length character"
        without any validation.  It would happily read past the end of the
        input line, and with a suitable value even past the length of the
        input buffer.
        
        As I noted in ticket 404, there are several other changes that could
        be added to make the parser more robust.  However, to avoid
        accidentally introducing another bug or regression, I'm restricting
        this patch to simply addressing the overflow.
        
        Thanks to Tavis Ormandy for reporting the issue, along with a sample
        message demonstrating the problem.

M	handler.c

2022-03-25 13:07:34 -0700  Kevin McCarthy  <kevin@8t8.us> (aa28abe8)

        * automatic post-release commit for mutt-2.2.2

M	ChangeLog
M	VERSION

2022-03-25 12:58:51 -0700  Kevin McCarthy  <kevin@8t8.us> (dcfbfb16)

        * Update UPDATING file for 2.2.2 release.

M	UPDATING

2022-03-05 11:17:40 -0800  Kevin McCarthy  <kevin@8t8.us> (8babf6c0)

        * Protect prompt completion memcpy() calls with a NULL check.
        
        The behavior of memcpy() is undefined when dest is NULL, even if n is
        0.  It's possible to trigger this, somewhat deliberately, for these
        two cases, so add a guard check.

M	enter.c

2022-03-05 09:31:21 -0800  Kevin McCarthy  <kevin@8t8.us> (7c8992aa)

        * Fix mutt.man formatting.
        
        Thanks for the fix from Mario Blättermann and the manpages-l10n
        project.

M	doc/mutt.man

2022-03-05 09:12:53 -0800  Kevin McCarthy  <kevin@8t8.us> (e65fdf56)

        * Fix query menu tagging behavior.
        
        rfc822_write_address() will automatically prepend ", " to the buf
        parameter if it is non-empty.  Since query_menu() just appended ", "
        to buf, the '\0' marker is at "curpos + 2", and that should be passed
        as the offset instead.
        
        Prior to this fix, tagging would result in two comma-space separators
        between each tagged entry.
        
        Since rfc822_write_address() does the work too, we could just change
        query_menu() to pass rfc822_write_address(buf, buflen, tmpa, 0) each
        time.  But for a stable-branch fix I'll make the smallest change.
        
        As a note, I presume this hasn't been reported because (almost) no one
        uses tagging in this menu.  That may be because it requires hitting
        <select-entry> after tagging, which is non-intuitive.  I think it
        would be worth changing to allow tagging and then hitting <exit> too.

M	query.c

2022-02-21 12:19:30 -0800  Kevin McCarthy  <kevin@8t8.us> (bce2c294)

        * Fix some mailbox prompts to use mailbox history ring.
        
        Commit b0570d76, in the 2.0 release, improved some of the mailbox
        prompt flow and logic, creating a separate function for mailbox
        prompting.  At the same time it changed "save/copy to mailbox" to use
        that function and thus the mailbox history ring.
        
        Unfortunately, this created a partition between some other prompts
        that used the filename history ring but were actually prompting for
        mailboxes.
        
        Change those prompts: edit-fcc, and imap create/rename mailbox to use
        the mailbox history ring.  This will allow values to be shared between
        them and prompts such as "open mailbox" and "save/copy to mailbox".
        
        Ordinarily I wouldn't commit this to stable, but that change broke at
        least one person's workflow badly.

M	compose.c
M	imap/browse.c

2022-02-19 10:48:43 -0800  Kevin McCarthy  <kevin@8t8.us> (c8109e14)

        * automatic post-release commit for mutt-2.2.1

M	ChangeLog
M	VERSION

2022-02-19 10:42:53 -0800  Kevin McCarthy  <kevin@8t8.us> (58b6b76a)

        * Update UPDATING file for 2.2.1 release.

M	UPDATING

2022-02-17 14:38:04 -0800  Kevin McCarthy  <kevin@8t8.us> (30d18234)

        * Make sure username is included in header and body cache paths.
        
        Commit 960afab4 changed URL generation to preserve the data originally
        in the mailbox URL, to fix some internal comparison problems.
        
        Unfortunately, it also affected header and body cache generation.
        Since those could easily be shared across multi-muttrc situations,
        it's important the username be part of the pathname.
        
        Thanks to exg on the #mutt IRC channel for reporting the regression!

M	account.c
M	account.h
M	bcache.c
M	imap/command.c
M	imap/imap.c
M	imap/util.c
M	mutt_socket.c
M	pop.c

2022-02-15 00:15:28 +0300  Emir SARI  <emir_sari@icloud.com> (6457ac67)

        * Fix ambiguity in translation

M	po/tr.po

2022-02-12 10:57:33 -0800  Kevin McCarthy  <kevin@8t8.us> (7160e05a)

        * automatic post-release commit for mutt-2.2.0

M	ChangeLog
M	VERSION
M	po/bg.po
M	po/ca.po
M	po/cs.po
M	po/da.po
M	po/de.po
M	po/el.po
M	po/eo.po
M	po/es.po
M	po/et.po
M	po/eu.po
M	po/fi.po
M	po/fr.po
M	po/ga.po
M	po/gl.po
M	po/hu.po
M	po/id.po
M	po/it.po
M	po/ja.po
M	po/ko.po
M	po/lt.po
M	po/nl.po
M	po/pl.po
M	po/pt_BR.po
M	po/ru.po
M	po/sk.po
M	po/sv.po
M	po/tr.po
M	po/uk.po
M	po/zh_CN.po
M	po/zh_TW.po

2022-02-12 10:49:21 -0800  Kevin McCarthy  <kevin@8t8.us> (a5175478)

        * Set release date for 2.2.0 in UPDATING file.

M	UPDATING

2022-02-11 13:37:27 +0100  Grzegorz Szymaszek  <gszymaszek@short.pl> (cc7578a1)

        * Update the Polish translation for Mutt 2.2.0

M	po/pl.po

2022-02-09 22:58:23 +0300  Emir SARI  <emir_sari@icloud.com> (1c47970f)

        * Improve Turkish translations

M	po/tr.po

2022-02-06 14:53:01 -0800  Kevin McCarthy  <kevin@8t8.us> (70958893)

        * Fix mutt_paddstr() to properly filter unprintable chars.
        
        The original version of this function had no "replacement character"
        functionality, so it simply directly called addnstr() to display the
        characters if everything was okay.
        
        Commit a080fd35 added replacement logic, similar to
        mutt_format_string(), but forgot to change addnstr to use the
        replacement character.
        
        This means garbage characters could goof up the mutt display, for
        things such as the subject in the compose menu.
