~rjarry/aerc

rfc822: parse multipart messages on a best efforts basis

Parse multipart messages on a best-efforts basis. Allow the user to see
as much of the message as possible, but log the errors.

If a charset or encoding error is encountered for a message part of a
multipart message, the error is logged and ignored. In those cases, we
still get a valid message body but the content is just not decoded or
converted. No error will be propagated.

If a multipart message cannot be parsed, ParseEntityStructure will
return a multipart error. This error indicates that the message is
malformed and there is nothing more we can do. The caller is then
advised to use a single text/plain body structure using
CreateTextPlainPart() to provide the entire message content to the user.

Fixes: https://todo.sr.ht/~rjarry/aerc/288
Signed-off-by: Koni Marti <koni.marti@gmail.com>
Acked-by: Robin Jarry <robin@jarry.cc>

composer: add focus-body option

When the composer window opens, an user might want to start writing
the email body before adding a subject and recipients. Setting the
focus-body option to true achieves that by setting the focus to the
editor.

Signed-off-by: Markus Unkel <markus@unkel.io>
Acked-by: Robin Jarry <robin@jarry.cc>

forward: fix panic when using :eml

Fix a panic when forwarding a message that was opened with :eml.
:forward will try to the set the forwarded flag but there's no
associated message store available for that message (it's either loaded
from disk or an attachment).

Fixes: b94b4c00c9c9 ("forward: allow forwarded flag to be set")
Reported-by: inwit <inwit@sindominio.net>
Signed-off-by: Koni Marti <koni.marti@gmail.com>
Tested-by: Inwit <inwit@sindominio.net>
Acked-by: Robin Jarry <robin@jarry.cc>
commands: fix empty entries from completion funcs

Fix the commands.GetTemplates() and types.StrategyStrs() completion
functions to avoid showing empty entries.

Reported-by: inwit <inwit@sindominio.net>
Reported-by: pam79
Signed-off-by: Koni Marti <koni.marti@gmail.com>
Acked-by: Robin Jarry <robin@jarry.cc>
import-mbox: unzip compressed mboxes

Unzip data when importing gzip compressed mbox files.

Suggested-by: diederich
Signed-off-by: Koni Marti <koni.marti@gmail.com>
Tested-by: Bence Ferdinandy <bence@ferdinandy.com>
Acked-by: Robin Jarry <robin@jarry.cc>
import-mbox: enable url import

Enable the :import-mbox command to also import data from an URL.

Changelog-added: `:import-mbox` can now import data from an URL.
Suggested-by: Matěj Cepl <mcepl@cepl.eu>
Signed-off-by: Koni Marti <koni.marti@gmail.com>
Tested-by: Bence Ferdinandy <bence@ferdinandy.com>
Acked-by: Robin Jarry <robin@jarry.cc>
434ca29c — Andrew Jeffery a month ago
completion: complete paths with FilterList

Make the completion filtering for paths use the standard FilterList
function. This leads to fuzzy filtering if configured, as per other
completions.

Changelog-changed: Path completion now uses the normal filtering
 mechanism, respecting case sensitivity and the fuzzy completion option.
Signed-off-by: Andrew Jeffery <dev@jeffas.net>
Acked-by: Robin Jarry <robin@jarry.cc>

gpg: redirect status-fd from stdout to stderr

By preparing a maliciously crafted message an attacker could send an
encrypted message without signature that would appear as signed within
the aerc client. It is caused by the fact that the gpg status messages,
which are used for determining the validity signature, are interspered
with message contents. An example of such malicious message was added to
the `reader_test.go`.

This change redirects the satus-fd to stderr, while the usual stderr
logs are discarded to /dev/null. In addition to fixing the vulnerability
described above, this has the added benefit of stdout containing only
useful output which does not need to be filtered. This simplifies the
logic and avoids needless copies.

Previous stderr parsing logic which detected when no valid OpenPGP data
was present is replaced with detecting `NODATA 1` in status-fd messages.
The stderr logs are different depending on user locale, thus, they
should not be parsed. On the other hand, the status-fd are relatively
stable. The previous method of detecting invalid OpenPGP data would fail
on systems with non-English locale.

Signed-off-by: Marcin Serwin <marcin@serwin.dev>
Acked-by: Robin Jarry <robin@jarry.cc>

reply: consider the From address too when checking aliases

This sets the likely usually desired From address when replying to a
previously sent email and does not compose To the alias instead (unless
reply-to-self is enabled).

Changelog-fixed: Aliases are now taken into account correctly when
 replying to own messages such as from the Sent folder or via a
 mailing list.
Signed-off-by: Karel Balej <balejk@matfyz.cz>
Acked-by: Robin Jarry <robin@jarry.cc>

imap: strip whitespace from Message-Id and In-Reply-To

Outlook.com is generating fairly long Message-IDs and using folding[0]
to put the ID on a new line. This is resulting in the Message-ID to
contain a leading white space, which is preventing `TrimPrefix` from
removing the less than symbol. When replying the In-Reply-To header will
then contain "< <message-id>" which is not desired and prevents email
clients or lists form correctly associating the email replied to. For
example lore.kernel.org[1]. Trimming tabs, newlines, and spaces from
Message-ID resolves the issue.

[0]: https://datatracker.ietf.org/doc/html/rfc822#section-3.1.1
[1]: https://lore.kernel.org/git/D4U1RWVWEW5D.2T853XSBO1FPA@swagemakers.org/#t

Changelog-fixed: Remove unwanted less than symbol from In-Reply-To
 header when Message-ID uses folding.
Signed-off-by: Julian Swagemakers <julian@swagemakers.org>
Acked-by: Robin Jarry <robin@jarry.cc>

attach: fix content-transfer-encoding for rfc822 attachments

Fix the content-transfer-encoding for attachments with message/rfc822
mime types.

It's not allowed by RFC2046 to set any other content-transfer-encoding
than 7bit, 8bit, or binary for message/rfc822 mime types (see RFC2046,
section 5.2.1).

We can enforce this by setting a content-transfer-encoding header for
attachments to 'binary' explicitly. 'binary' is more lenient than '8bit'
with respect to line length and CRLF semantics and thus seems more
suitable.

Link: https://datatracker.ietf.org/doc/html/rfc2046#section-5.2.1
Link: https://lists.sr.ht/~rjarry/aerc-devel/%3CD48A6YOQOXRG.3KKB6UTGMT8LY@maslowski.xyz%3E
Reported-by: Piotr Masłowski <piotr@maslowski.xyz>
Reported-by: inwit <inwit@sindominio.net>
Signed-off-by: Koni Marti <koni.marti@gmail.com>
Acked-by: Robin Jarry <robin@jarry.cc>

textinput: make completions run async with cancellation

Make the Completer interface accept a context.Context. Provide a
cancellation feature on text input tab completion to cancel an inflight
completion command. This is particularly useful for address book
completion if the user has specified a network-accessing command, eg
carddav-query. The command is started according to the completion delay,
but is cancellable if another request comes in. We also check for
cancellation after the request is complete to ensure we only show valid
completion results.

Changelog-changed: Tab completions for text fields are run
 asynchronously. In-flight requests are cancelled when new input
 arrives.
Signed-off-by: Tim Culverhouse <tim@timculverhouse.com>
Acked-by: Robin Jarry <robin@jarry.cc>

history: read the history file from XDG_STATE_HOME

History is more like application state than a cache you would just want
to blow away. Let's reflect that in the path for the history file.

Changelog-changed: The location of the command history file has
 changed to ${XDG_STATE_HOME:-$HOME/.local/state}/aerc/history.
Signed-off-by: Tristan Partin <tristan@partin.io>
Acked-by: Robin Jarry <robin@jarry.cc>

completion: add command option descriptions

Add `desc:""` struct field tags in all command arguments where it makes
sense.

The description values will be returned along with completion choices.

Implements: https://todo.sr.ht/~rjarry/aerc/271
Signed-off-by: Robin Jarry <robin@jarry.cc>
Tested-by: Bojan Gabric <bojan@bojangabric.com>
Tested-by: Jason Cox <me@jasoncarloscox.com>
Acked-by: Tim Culverhouse <tim@timculverhouse.com>
completion: add commands descriptions

Update the Command interface to include a Description() method.
Implement the method for all commands using short descriptions inspired
from the aerc(1) man page.

Return the description values along with command names so that they can
be displayed in completion choices.

Implements: https://todo.sr.ht/~rjarry/aerc/271
Signed-off-by: Robin Jarry <robin@jarry.cc>
Tested-by: Bojan Gabric <bojan@bojangabric.com>
Tested-by: Jason Cox <me@jasoncarloscox.com>
Acked-by: Tim Culverhouse <tim@timculverhouse.com>
completion: display descriptions next to choices

Use go-opt v2 new completion API which returns items descriptions along
with their text values.

Display the descriptions after the items separated by two spaces. Wrap
the descriptions in parentheses to better indicate that they are not
part of the completion choices. Limit the description length to 80
characters to avoid display issues.

Add a new style object completion_description in stylesets. By default,
the object will be rendered with a dimmed terminal attribute. Update all
stylesets and documentation accordingly.

Implements: https://todo.sr.ht/~rjarry/aerc/271
Link: https://git.sr.ht/~rjarry/go-opt/commit/ebeb82538395a
Changelog-added: Command completion now displays descriptions next
 to completion items.
Changelog-added: New `completion_description` style object in style
 sets used for rendering completion item descriptions.
Signed-off-by: Robin Jarry <robin@jarry.cc>
Tested-by: Bojan Gabric <bojan@bojangabric.com>
Tested-by: Jason Cox <me@jasoncarloscox.com>
Acked-by: Tim Culverhouse <tim@timculverhouse.com>
gpg: do not sign with untrusted keys

During encryption gpg was ignoring trust model of the user in favor of
always using the insecure "always". This change removes this override
and adds a helpful message if a user tries to encrypt a message with an
untrusted key. To revert to the previous behavior users can add
"trust-model always" to their gpg.conf file (default ~/.gnupg/gpg.conf).

Signed-off-by: Marcin Serwin <marcin@serwin.dev>
Acked-by: Tim Culverhouse <tim@timculverhouse.com>
docs: fix typo for aerc-notmuch multi-file-strategy

Fix a typo tin aerc-notmuch(5) where multi-file-strategy is misspelled
as multi-file-stategy.

Signed-off-by: Gary Kim <gary@garykim.dev>
Acked-by: Robin Jarry <robin@jarry.cc>

viewer: avoid crashes on opening invalid messages

When an error occurs during the opening of a message because its
contents cannot be parsed, the PartSwitcher object is left to nil and
the err field is set to the reported error.

This defers the error reporting after the viewer tab is displayed but it
is not handled in all sub functions which assume that switcher cannot be
nil.

 Error: runtime error: invalid memory address or nil pointer dereference

 git.sr.ht/~rjarry/aerc/app.(*PartSwitcher).Show(...)
     /build/aerc/src/aerc/app/partswitcher.go:77
 git.sr.ht/~rjarry/aerc/app.(*MessageViewer).Show(...)
     /build/aerc/src/aerc/app/msgviewer.go:409
 git.sr.ht/~rjarry/aerc/lib/ui.(*Tabs).selectPriv(...)
     /build/aerc/src/aerc/lib/ui/tab.go:181
 git.sr.ht/~rjarry/aerc/lib/ui.(*Tabs).Add(...)
     /build/aerc/src/aerc/lib/ui/tab.go:75
 git.sr.ht/~rjarry/aerc/app.(*Aerc).NewTab(...)
     /build/aerc/src/aerc/app/aerc.go:511
 git.sr.ht/~rjarry/aerc/app.NewTab(...)
     /build/aerc/src/aerc/app/app.go:61
 git.sr.ht/~rjarry/aerc/commands/account.ViewMessage.Execute.func1(...)
     /build/aerc/src/aerc/commands/account/view.go:71
 git.sr.ht/~rjarry/aerc/lib.NewMessageStoreView.func1(...)
     /build/aerc/src/aerc/lib/messageview.go:80
 git.sr.ht/~rjarry/aerc/lib.NewMessageStoreView(...)
     /build/aerc/src/aerc/lib/messageview.go:124
 git.sr.ht/~rjarry/aerc/commands/account.ViewMessage.Execute(...)
     /build/aerc/src/aerc/commands/account/view.go:52
 git.sr.ht/~rjarry/aerc/commands.ExecuteCommand(...)
     /build/aerc/src/aerc/commands/commands.go:205
 main.execCommand(...)

Remove that private err field and return an explicit error when the
message cannot be opened to enforce handling of the error by the caller.

When the msg argument is nil (only used in split viewer), return an
empty message viewer object and ensure that all code paths that read the
switcher or msg fields perform a nil check before accessing it.

Link: https://lists.sr.ht/~rjarry/aerc-devel/%3C12c465e4-b733-4b15-b4b0-62f87429fdf7@gmail.com%3E
Link: https://lists.sr.ht/~rjarry/aerc-devel/%3C2C55CF50-A636-46E5-9BA8-FE60A2303ECA@proton.me%3E
Link: https://lists.sr.ht/~rjarry/aerc-devel/%3CD51PEB6OMNDT.1KVSX0UCNL2MB@posteo.de%3E
Reported-by: Benjamin Braun <ben.braun@posteo.de>
Reported-by: Filip <filip.sh@proton.me>
Reported-by: Sarthak Bhan <sbstratos79@gmail.com>
Signed-off-by: Robin Jarry <robin@jarry.cc>
invite: honor the -a flag for :send

When sending replies to invitations with :accept, :accept-tentative or
:decline, calling `:send -a` in the review screen does not archive the
original invitation, as it should. Solve this situation and allow for
directly archiving invitations after replying to them.

Changelog-fixed: Invitations now honor the -a flag for :send.
Signed-off-by: inwit <inwit@sindominio.net>
Acked-by: Robin Jarry <robin@jarry.cc>

Next