Don't untag after edit-label.

Mutt is pretty consistent about NOT untagging automatically after an
operation.  The only place where it does so is when deleting, but even
this is configurable via $delete_untag.
Merge branch 'stable'
Add $smime_pkcs7_default_smime_type config option.

This works around Outlook sending application/pkcs7-mime ".p7m" parts
without a smime-type parameter.

Mutt previously hardcoded an assumption that these were SignedData to
work around an old Outlook book.  However Outlook now appears to also
send EnvelopedData in this form.
Merge branch 'stable'
automatic post-release commit for mutt-2.2.13
Update UPDATING file for 2.2.13 release.
Merge branch 'stable'
Fix smtp client to respect $use_envelope_from option.

The code was only looking to see if $envelope_from_address had a
value, not if $use_envelope_from was set.

Add extra safety checks to make sure the mailbox value isn't NULL.
Fix smtp client $envelope_from_address possible dangling pointer.

If the account-hook invoked by mutt_conn_find() modifies
$envelope_from_address, envfrom could point no longer point to the

Move the mutt_conn_find() before the code that determines the envelope
from address.
354c5b11 — Norman Wood 4 months ago
Use readline to overcome macOS input() restrictions

Under macOS, for a python script launched in a terminal, input() accepts only 1024 characters.  In the authcode flow, the authorization code that is read by the call to input() around line 200 is longer than this and will be truncated, causing token retrieval to fail.  Importing readline resolves this, allowing input() to accept a longer character string.
563c5f60 — Florian Weimer 4 months ago
configure.ac: Fix ICONV_NONTRANS probe

The standard iconv function uses char ** even for its input argument.
With a const char ** argument, ICONV_NONTRANS is incorrectly set to 1
if the compiler produces an error for such incompatible pointer types.

Although as far as I can see, the only thing that accomplishes is
disabling an assert, so it probably does not matter much.
Merge branch 'stable'
automatic post-release commit for mutt-2.2.12
Update UPDATING file for 2.2.12 release.
Fix write_one_header() illegal header check.

This is another crash caused by the rfc2047 decoding bug fixed in the
second prior commit.

In this case, an empty header line followed by a header line starting
with ":", would result in t==end.

The mutt_substrdup() further below would go very badly at that point,
with t >= end+1.  This could result in either a memcpy onto NULL or a
huge malloc call.

Thanks to Chenyuan Mi (@morningbread) for giving a working example
draft message of the rfc2047 decoding flaw.  This allowed me, with
further testing, to discover this additional crash bug.
Check for NULL userhdrs.

When composing an email, miscellaneous extra headers are stored in a
userhdrs list.  Mutt first checks to ensure each header contains at
least a colon character, passes the entire userhdr field (name, colon,
and body) to the rfc2047 decoder, and safe_strdup()'s the result on
the userhdrs list.  An empty result would from the decode would result
in a NULL headers being added to list.

The previous commit removed the possibility of the decoded header
field being empty, but it's prudent to add a check to the strchr
calls, in case there is another unexpected bug resulting in one.

Thanks to Chenyuan Mi (@morningbread) for discovering the two strchr
crashes, giving a working example draft message, and providing the
stack traces for the two NULL derefences.
Fix rfc2047 base64 decoding to abort on illegal characters.

For some reason, the rfc2047 base64 decoder ignored illegal
characters, instead of aborting.  This seems innocuous, but in fact
leads to at least three crash-bugs elsewhere in Mutt.

These stem from Mutt, in some cases, passing an entire header
field (name, colon, and body) to the rfc2047 decoder.  (It is
technically incorrect to do so, by the way, but is beyond scope for
these fixes in stable).  Mutt then assumes the result can't be empty
because of a previous check that the header contains at least a colon.

This commit takes care of the source of the crashes, by aborting the
rfc2047 decode.  The following two commits add protective fixes to the
specific crash points.

Thanks to Chenyuan Mi (@morningbread) for discovering the strchr
crashes, giving a working example draft message, and providing the
stack traces for the two NULL derefences.
Merge branch 'stable'
Add a documentation note that aliases are case insensitive.

It's very old behavior, but doesn't seem to be documented anywhere.

Thanks to Charles for pointing that out.
Merge branch 'stable'