You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

Marcin Serwin 5ccd2d0d51 gpg: redirect status-fd from stdout to stderr ... By preparing a maliciously crafted message an attacker could send an encrypted message without signature that would appear as signed within the aerc client. It is caused by the fact that the gpg status messages, which are used for determining the validity signature, are interspered with message contents. An example of such malicious message was added to the `reader_test.go`. This change redirects the satus-fd to stderr, while the usual stderr logs are discarded to /dev/null. In addition to fixing the vulnerability described above, this has the added benefit of stdout containing only useful output which does not need to be filtered. This simplifies the logic and avoids needless copies. Previous stderr parsing logic which detected when no valid OpenPGP data was present is replaced with detecting `NODATA 1` in status-fd messages. The stderr logs are different depending on user locale, thus, they should not be parsed. On the other hand, the status-fd are relatively stable. The previous method of detecting invalid OpenPGP data would fail on systems with non-English locale. Signed-off-by: Marcin Serwin <marcin@serwin.dev> Acked-by: Robin Jarry <robin@jarry.cc>		1 week ago
..
auth	lint: homogenize operations and minor fixes (gocritic)	2 years ago
calendar	calendar: make invitation matching case-insensitive	9 months ago
crypto	gpg: redirect status-fd from stdout to stderr	1 week ago
format	compose,viewer: do not always wrap people names in quotes	7 months ago
hooks	hooks: add logging for STDOUT and STDERR	3 months ago
ipc	ipc: disable IPC completely when disable-ipc=true	7 months ago
iterator	treewide: replace uint32 uids with opaque strings	2 months ago
log	log: handle config reload	3 months ago
marker	treewide: replace uint32 uids with opaque strings	2 months ago
notmuch	main: improve version string	9 months ago
pama	patch: add auto-switch option	2 months ago
parse	log: move package to lib	9 months ago
pinentry	aerc: support terminal-based pinentry programs	4 weeks ago
rfc822	treewide: replace uint32 uids with opaque strings	2 months ago
send	completion: display descriptions next to choices	2 weeks ago
sort	treewide: replace uint32 uids with opaque strings	2 months ago
state	templates: add a template for forwaded messages	3 months ago
templates	templates/quote: only prefix quoted lines with '>'	2 months ago
ui	textinput: make completions run async with cancellation	2 weeks ago
watchers	log: move package to lib	9 months ago
xdg	history: read the history file from XDG_STATE_HOME	2 weeks ago
attachment.go	attach: fix content-transfer-encoding for rfc822 attachments	2 weeks ago
dirstore.go	dirstore: list the folders in arrival order	1 year ago
dirstore_test.go	dirstore: list the folders in arrival order	1 year ago
emlview.go	treewide: replace uint32 uids with opaque strings	2 months ago
history.go	Add command history and cycling	5 years ago
keepalive_dummy.go	format: reformat code with go 1.17	3 years ago
keepalive_linux.go	format: reformat code with go 1.17	3 years ago
messageview.go	treewide: replace uint32 uids with opaque strings	2 months ago
msgstore.go	treewide: replace uint32 uids with opaque strings	2 months ago
notmuch_version.go	main: improve version string	9 months ago
notmuch_version_dummy.go	main: improve version string	9 months ago
oauthbearer.go	lint: work nicely with wrapped errors (errorlint)	2 years ago
open.go	completion: display descriptions next to choices	2 weeks ago
structure_helpers.go	lib: introduce FindMIMEPart, adapt Find{Plain,Calendar}text	10 months ago
structure_helpers_test.go	lint: apply new formatting rules	2 years ago
threadbuilder.go	treewide: replace uint32 uids with opaque strings	2 months ago
xoauth2.go	xdg: get rid of deprecated dependencies	1 year ago