diff options
author | Eduardo Chappa <chappa@washington.edu> | 2020-01-04 20:08:32 -0700 |
---|---|---|
committer | Eduardo Chappa <chappa@washington.edu> | 2020-01-04 20:08:32 -0700 |
commit | f398f615b6df385aec2b3553310cc237b29e068a (patch) | |
tree | 5af79c6a9a180c72c58a9d9cd2d79a1d7657d152 /pith | |
parent | 77191bf3e4e049603fb6a0547876259c29c71dbd (diff) | |
download | alpine-f398f615b6df385aec2b3553310cc237b29e068a.tar.xz |
* The feature that stopped alpine from saving passwords in the password
file prevented users from actually saving their passwords in Windows
and MAC OS. Fix the code so that passwords will be saved. Also,
update the documentation of this feature.
* Fix a buffer overflow bug in the XOAUTH2 code (off by one error).
* Update PC-Alpine to work with Libressl version 3.0.2 instead of
version 2.5.5 (update build.bat and lib files from the LibreSSL
build).
* Erase SSLXXXXXX file.
* ssl_nt.c actually directs the code to ssl_libressl.c or ssl_win.c.
The file ssl_libressl.c is the file ssl_unix.c from the unix osdep
directory. The file ssl_win.c is the native SSL windows code. The
Unix side provides S/MIME support for Alpine and the latest
encryption protocols support for Alpine when connecting to a secure
server, while the windows side provide TLSv1_3 support for Alpine,
but not S/MIME support.
In order to provide unix code for TLSv1_3 (once LibreSSL supports it)
edit the file os_nt.c and remove the comments on the #ifdef section.
This would provide both TLSv1_3 and S/MIME support with unix code. On
the other hand, when we provide TLSv1_3 with the Windows code we need
to undefine DF_ENCRYPTION_RANGE, and this is done in the file
include/config.wnt.h. The way this is done as of this moment is by
commenting an #else directive that preceedes this #undefine.
* Update makefile.nt and friends in the windows side to account for the
addition of XOAUTH2, and the use of only ssl_nt.c when dealing with
Alpine.
* Define SMIME_SSLCERTS as c:\libressl\ssl\certs, so that these
certificates be considered while checking a digital S/MIME signature.
* Improvements to the SMARTTIME24 token to account for changes in year.
Diffstat (limited to 'pith')
-rw-r--r-- | pith/conf.c | 6 | ||||
-rw-r--r-- | pith/conftype.h | 4 | ||||
-rw-r--r-- | pith/mailindx.c | 2 | ||||
-rw-r--r-- | pith/pine.hlp | 18 |
4 files changed, 21 insertions, 9 deletions
diff --git a/pith/conf.c b/pith/conf.c index ea133a74..c802d011 100644 --- a/pith/conf.c +++ b/pith/conf.c @@ -3116,11 +3116,11 @@ feature_list(int index) {"disable-password-caching", NULL, F_DISABLE_PASSWORD_CACHING, h_config_disable_password_caching, PREF_MISC, 0}, -#ifdef PASSFILE +#ifdef LOCAL_PASSWD_CACHE {"disable-password-file-saving", NULL, F_DISABLE_PASSWORD_FILE_SAVING, h_config_disable_password_file_saving, PREF_MISC, 0}, -#endif /* PASSFILE */ +#endif /* LOCAL_PASSWD_CACHE */ {"disable-regular-expression-matching-for-alternate-addresses", NULL, F_DISABLE_REGEX, h_config_disable_regex, PREF_MISC, 0}, {"disable-save-input-history", NULL, @@ -8205,8 +8205,6 @@ get_supported_options(void) #ifdef TLS1_3_VERSION strcat(tmp, "TLSv1.3, "); #endif /* TLS1_3_VERSION */ - strcat(tmp, "DTLSv1, "); - strcat(tmp, "DTLSv1.2, "); tmp[strlen(tmp)-2] = '.'; tmp[strlen(tmp)-1] = '\0'; } diff --git a/pith/conftype.h b/pith/conftype.h index 42573ce3..0e782e62 100644 --- a/pith/conftype.h +++ b/pith/conftype.h @@ -359,9 +359,9 @@ typedef enum { F_AUTO_INCLUDE_IN_REPLY, F_DISABLE_CONFIG_SCREEN, F_DISABLE_PASSWORD_CACHING, -#ifdef PASSFILE +#ifdef LOCAL_PASSWD_CACHE F_DISABLE_PASSWORD_FILE_SAVING, -#endif /* PASSFILE */ +#endif /* LOCAL_PASSWD_CACHE */ F_DISABLE_REGEX, F_DISABLE_PASSWORD_CMD, F_DISABLE_UPDATE_CMD, diff --git a/pith/mailindx.c b/pith/mailindx.c index 4c649964..3d7e5c70 100644 --- a/pith/mailindx.c +++ b/pith/mailindx.c @@ -4961,7 +4961,7 @@ date_str(char *datesrc, IndexColType type, int v, char *str, size_t str_len, /* (if message dated this month or last month...) */ if((d.year == now.year && d.month >= now.month - 6) || - (d.year == now.year - 1 && d.month == 12 && now.month == 6)){ + (d.year == now.year - 1 && d.month == 12 && now.month <= 6)){ daydiff = day_of_year(&now) - day_of_year(&d); diff --git a/pith/pine.hlp b/pith/pine.hlp index aa86c17c..38d76e7a 100644 --- a/pith/pine.hlp +++ b/pith/pine.hlp @@ -140,7 +140,7 @@ with help text for the config screen and the composer that didn't have any reasonable place to be called from. Dummy change to get revision in pine.hlp ============= h_revision ================= -Alpine Commit 380 2019-12-19 08:22:29 +Alpine Commit 381 2020-01-04 20:07:10 ============= h_news ================= <HTML> <HEAD> @@ -33910,7 +33910,15 @@ That is a separate and independent feature. <BODY> <H1>FEATURE: <!--#echo var="FEAT_disable-password-file-saving"--></H1> -This feature changes the behavior of Alpine when a login name and password combination +<P> This feature disables caching of passwords, even if your version of Alpine allows +saving passwords. For MAC OS users saving passwords is done using the Apple Key Chain, for +Windows users caching passwords is done using the internal Windows Credentials, and for +other users this is done by using the password file. In this feature, the phrase +"password file" is a misnomer and represents the way in which your system +stores passwords. + +<P> +Specifically, this feature changes the behavior of Alpine when a login name and password combination for a specific server is not found in the password file. The default behavior is that Alpine will ask the user if they wish to save this information in the password file for future use. It is assumed that if a user created a password file it is because they intend @@ -33918,6 +33926,12 @@ to use it, but in some instances a user might want to save some passwords and no In this case, enabling this feature will make Alpine not add any more passwords to the password file and will only use the passwords that it already saved. If you wish to allow Alpine to save more passwords in the password file, disable this feature. + +<P> Regardless of which method Alpine uses to store passwords, this is done in a secure +way when compiled with OpenSSL or LibreSSL. This is very likely to be your version, and +you can check this by reading the encryption features +<A HREF="X-Alpine-Config:">supported</A> by Alpine. + <P> <UL> <LI><A HREF="h_finding_help">Finding more information and requesting help</A> |