1. 29 Oct, 2021 1 commit
  2. 25 Oct, 2021 1 commit
  3. 26 May, 2021 1 commit
    • Jan Kundrát's avatar
      www: we've switched to Libera for IRC · 3c1013eb
      Jan Kundrát authored
      There's been "something" at Freenode. I don't neccessarily understand
      all the details, but when Gentoo announced a channel takeover, that's
      enough for me to get going.
      Change-Id: I19075916a1bb58409b1544ee95b656e1a1366a2a
  4. 26 Mar, 2021 2 commits
  5. 06 Nov, 2020 1 commit
  6. 06 Sep, 2020 1 commit
  7. 05 Aug, 2020 1 commit
  8. 04 Aug, 2020 1 commit
  9. 06 Jul, 2020 2 commits
  10. 01 Jul, 2020 1 commit
    • Jan Kundrát's avatar
      Fix colors of quote bars when using user-provided CSS · ac16951c
      Jan Kundrát authored
      The code tried to be smart when reading the user-provided CSS from the
      disk, only re-interpreting it if the file's timestamp changed. I think
      it's probably not critical to optimize that, but that commit
      (af2c4f34) was still correct.
      Stuff changed when I did 5d3696a6, ddbbcf05. With these commits and
      when using a user-provided CSS, the message viewer would no longer use
      correct colors for the quote indicator because that call to
      QString::arg() for replacing the %1 and %2 placeholders was undone by
      reinitialization of that variable from the defaultStylesheet.
      Fix this by simplifying the logic at the cost of some extra disk IO.
      Hey, we're invoking a full blown HTML viewer, let's not optimize stuff
      that's not in a hotspot.
      Change-Id: Ic399b49c9f6f73fb3da9bff04ddb0d7646e317cf
  11. 27 Jun, 2020 2 commits
  12. 26 Jun, 2020 5 commits
  13. 25 Jun, 2020 4 commits
    • Jan Kundrát's avatar
      Fix credits for Caspar · ba703638
      Jan Kundrát authored
      Change-Id: I8e99072a998e5630806ff2877329d1b0c36297ec
    • Jan Kundrát's avatar
    • Caspar Schutijser's avatar
      www: remove hyperlinks to prebuilt binaries · ca0c5746
      Caspar Schutijser authored
      Nobody was maintaining the binary builds anymore so I removed the
      project from OBS. The nightly builds for Windows appear to be
      unavailable for quite some time as well. Add a note saying that the
      prebuilt binaries are no longer available. OBS, thanks for the fish.
      Discussed with jkt.
      Change-Id: Ie152d9f1d32fe5ad7b1a1f160e6b7f76b680966f
    • Jan Kundrát's avatar
      SMTP: Do not ignore TLS errors · 77ddd5d4
      Jan Kundrát authored
      This fixes a CVE-2020-15047 (category: CWE-295). Since commit 0083eea5
      which added initial, experimental support for SMTP message submission,
      we have apparently never implemented proper SSL/TLS error handling, and
      the code has ever since just kept silently ignoring any certificate
      verification errors.  As a result, Trojita was susceptible to a MITM
      attack when sending e-mails. The information leaked include user's
      authentication details, including the password, and the content of sent
      Sorry for this :(.
      Now, this patch re-enabes proper TLS error handling. It was not possible
      to directly re-use our code for TLS key pinning which we are using for
      IMAP connections. In the Qt TLS code, the decision to accept or not
      accept a TLS connection is a blocking one, so the IMAP code relies upon
      the protocol state machine (i.e., another layer) for deciding whether to
      use or not to use the just-established TLS connection. Implementing an
      equivalent code in the SMTP library would be nice, but this hot-fix has
      a priority. As a result, SMTP connections to hosts with, e.g.,
      self-signed TLS certs, are no longer possible. Let's hope that this is
      not a practical problem with Lets Encrypt anymore.
      Thanks to Damian Poddebniak for reporting this bug.
      Change-Id: Icd6bbb2b0fb3e45159fc9699ebd07ab84262fe37
      CVE: CVE-2020-15047
      BUG: 423453
  14. 24 Jun, 2020 2 commits
  15. 18 Jun, 2020 2 commits
  16. 17 Jun, 2020 2 commits
  17. 29 May, 2020 1 commit
    • Caspar Schutijser's avatar
      Rewrite command line option parsing · 10383b06
      Caspar Schutijser authored
      Use QCommandLineParser for that. A couple of behavior changes:
       * Profile names starting with a '-' are now allowed.
       * Specifying an URL that doesn't start with "mailto:" is now an
       * The feature to activate debug traffic logging to disk may now be
         enabled by specifying -l in addition to --log-to-disk.
       * Specifying -p multiple times is not an error anymore; the value
         specified last is used.
      As a result of using a real command line argument parser, we may now
      combine arguments when invoking trojita, e.g. trojita -lp work.
      While there, slightly reword some text.
      Change-Id: Ic97470837b530ed60e54f513eb4b834a3a6a4f39
  18. 20 May, 2020 1 commit
  19. 05 May, 2020 1 commit
  20. 04 Apr, 2020 1 commit
  21. 24 Mar, 2020 1 commit
    • Heiko Becker's avatar
      Fix build with Qt 5.15.0 · 2869c385
      Heiko Becker authored
      QPainterPath is no longer included via qtransform.h (since
      5.15.0-beta2, 50d2acdc93b4de2ba56eb67787e2bdcb21dd4bea in qtbase.git).
      Change-Id: Ibb59e769bba8514d86aa886afee26a2395d458ef
  22. 13 Mar, 2020 1 commit
  23. 09 Mar, 2020 1 commit
    • Jan Kundrát's avatar
      Fix possible crash when downloading attachments · cf2364b8
      Jan Kundrát authored
      Turns out we've been happily deleting network replies from the
      QNetworkReply::finished(). That was never a good thing to do, but it did
      not use to crash with older Qt. Now it does.
      After changing to deleteLater(), there's a window for
      already-deregistered replies to generate events, therefore the assert
      has to go, too, otherwise Bad Things happen:
       (gdb) bt
       #0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
        0x00007ffff16bdcd2 in __GI_abort () at abort.c:89
       #2  0x00007ffff2400bcb in qt_message_fatal (context=..., message=<synthetic pointer>...) at /var/tmp/portage/dev-qt/qtcore-5.13.9999/work/qtcore-5.13.9999/src/corelib/global/qlogging.cpp:1904
       #3  QMessageLogger::fatal (this=this@entry=0x7fffffffc990, msg=msg@entry=0x7ffff2690b10 "ASSERT: \"%s\" in file %s, line %d") at /var/tmp/portage/dev-qt/qtcore-5.13.9999/work/qtcore-5.13.9999/src/corelib/global/qlogging.cpp:888
       #4  0x00007ffff23fff7c in qt_assert (assertion=assertion@entry=0x5555558451d7 "reply", file=file@entry=0x555555841a38 "/home/jkt/work/prog/trojita/src/Imap/Network/FileDownloadManager.cpp", line=line@entry=142)
           at /var/tmp/portage/dev-qt/qtcore-5.13.9999/work/qtcore-5.13.9999/src/corelib/global/qglobal.cpp:3247
       #5  0x00005555555da840 in Imap::Network::FileDownloadManager::onPartDataTransfered (this=0x555556a20990)
       #6  0x00007ffff25f1bdf in QtPrivate::QSlotObjectBase::call (a=0x7fffffffcaa0, r=0x555556a20990, this=0x5555569f99c0) at ../../include/QtCore/../../../qtcore-5.13.9999/src/corelib/kernel/qobjectdefs_impl.h:394
       #7  QMetaObject::activate(QObject*, int, int, void**) () at /var/tmp/portage/dev-qt/qtcore-5.13.9999/work/qtcore-5.13.9999/src/corelib/kernel/qobject.cpp:3787
       #8  0x00007ffff25f20b7 in QMetaObject::activate (sender=sender@entry=0x555556a21370, m=m@entry=0x7ffff3f96b00 <QNetworkReply::staticMetaObject>, local_signal_index=local_signal_index@entry=1, argv=argv@entry=0x0)
           at /var/tmp/portage/dev-qt/qtcore-5.13.9999/work/qtcore-5.13.9999/src/corelib/kernel/qobject.cpp:3658
       #9  0x00007ffff3d3cbf3 in QNetworkReply::finished (this=this@entry=0x555556a21370) at .moc/moc_qnetworkreply.cpp:385
       #10 0x0000555555709485 in Imap::Network::MsgPartNetworkReply::slotMyDataChanged() () at /home/jkt/work/prog/trojita/src/Imap/Network/MsgPartNetworkReply.cpp:112
      BUG: 417697
      Reported-by: Stefan de Konink's avatarStefan de Konink <stefan@konink.de>
      Change-Id: I79f340c5a471430a14474472513d0a055c7238d6
  24. 13 Feb, 2020 1 commit
  25. 12 Feb, 2020 1 commit
  26. 09 Feb, 2020 1 commit
  27. 06 Jan, 2020 1 commit