From 4d77713f495bc1e797393cb05e88f17f78ff91d1 Mon Sep 17 00:00:00 2001 From: Eduardo Chappa Date: Mon, 29 Jun 2020 03:19:56 -0600 Subject: * Modifications to protect the privacy of users: + Alpine does not generate Sender or X-X-Sender by default by making [X] Do Not Generate Sender Header the default. + Alpine does not disclose User Agent by default by making [X] Suppress User Agent When Sending the default. + Alpine uses the domain in the From: header of a message to generate a message-id and suppresses all information about Alpine, version, revision, and time of generation of the message-id from this header. This information is replaced by a random string. --- alpine/send.c | 21 +++++++++++++-- imap/src/c-client/mail.h | 1 + imap/src/c-client/oauth2_aux.h | 1 - pith/conf.c | 4 +-- pith/pine.hlp | 25 ++++++++++++++---- pith/reply.c | 59 +++++++++--------------------------------- 6 files changed, 54 insertions(+), 57 deletions(-) diff --git a/alpine/send.c b/alpine/send.c index b4e2322f..2e6eace4 100644 --- a/alpine/send.c +++ b/alpine/send.c @@ -603,6 +603,7 @@ compose_mail(char *given_to, char *fcc_arg, ACTION_S *role_arg, int impl, template_len = 0; long rflags = ROLE_COMPOSE; PAT_STATE dummy; + char *hostpart; /*================= Compose new message ===============*/ body = mail_newbody(); @@ -611,8 +612,6 @@ compose_mail(char *given_to, char *fcc_arg, ACTION_S *role_arg, if(given_to) rfc822_parse_adrlist(&outgoing->to, given_to, ps_global->maildomain); - outgoing->message_id = generate_message_id(); - /* * Setup possible role */ @@ -645,6 +644,24 @@ compose_mail(char *given_to, char *fcc_arg, ACTION_S *role_arg, q_status_message1(SM_ORDER, 3, 4, _("Composing using role \"%s\""), role->nick); + /* + * set ps_global->hostname to something sensible, if possible, + * for purposes of generating a message id + */ + hostpart = cpystr(ps_global->hostname); + fs_give((void **) &ps_global->hostname); + if(role && role->from) + ps_global->hostname = cpystr(role->from->host ? role->from->host : "huh"); + else if(ps_global->maildomain) /* as in generate_from() */ + ps_global->hostname = cpystr(ps_global->maildomain); + else + ps_global->hostname = cpystr(hostpart); /* all for nothing */ + outgoing->message_id = generate_message_id(); + /* undo the changes above */ + fs_give((void **) &ps_global->hostname); + ps_global->hostname = cpystr(hostpart); + fs_give((void **) &hostpart); + /* * The type of storage object allocated below is vitally * important. See SIMPLIFYING ASSUMPTION #37 diff --git a/imap/src/c-client/mail.h b/imap/src/c-client/mail.h index eb8f0139..65e02288 100644 --- a/imap/src/c-client/mail.h +++ b/imap/src/c-client/mail.h @@ -2005,3 +2005,4 @@ void oauth2deviceinfo_get_accesscode(void *, void *); XOAUTH2_INFO_S *new_xoauth2_info(void); void free_xoauth2_info(XOAUTH2_INFO_S **); XOAUTH2_INFO_S *copy_xoauth2_info(XOAUTH2_INFO_S *); +char *oauth2_generate_state(void); diff --git a/imap/src/c-client/oauth2_aux.h b/imap/src/c-client/oauth2_aux.h index b076da3c..7882a3c0 100644 --- a/imap/src/c-client/oauth2_aux.h +++ b/imap/src/c-client/oauth2_aux.h @@ -18,7 +18,6 @@ #define OA2_CODE_SUCCESS 0 void mm_login_oauth2_c_client_method (NETMBX *, char *, char *, OAUTH2_S *, unsigned long, int *); -char *oauth2_generate_state(void); void oauth2deviceinfo_get_accesscode(void *, void *); #endif /* C_CLIENT_OAUTH2_AUX_INCLUDED */ diff --git a/pith/conf.c b/pith/conf.c index 1835c404..8b977ae2 100644 --- a/pith/conf.c +++ b/pith/conf.c @@ -2909,7 +2909,7 @@ feature_list(int index) /* Sending Prefs */ {"disable-sender", "Do Not Generate Sender Header", - F_DISABLE_SENDER, h_config_disable_sender, PREF_SEND, 0}, + F_DISABLE_SENDER, h_config_disable_sender, PREF_SEND, 1}, {"use-sender-not-x-sender", "Use Sender Instead of X-X-Sender", F_USE_SENDER_NOT_X, h_config_use_sender_not_x, PREF_SEND, 0}, {"quell-flowed-text", "Do Not Send Flowed Text", @@ -3281,7 +3281,7 @@ feature_list(int index) {"quell-timezone-comment-when-sending", "Suppress Timezone Comment When Sending", F_QUELL_TIMEZONE, h_config_quell_tz_comment, PREF_MISC, 0}, {"suppress-user-agent-when-sending", NULL, - F_QUELL_USERAGENT, h_config_suppress_user_agent, PREF_MISC, 0}, + F_QUELL_USERAGENT, h_config_suppress_user_agent, PREF_MISC, 1}, {"tab-checks-recent", "Tab Checks for Recent Messages", F_TAB_CHK_RECENT, h_config_tab_checks_recent, PREF_MISC, 0}, {"termdef-takes-precedence", NULL, diff --git a/pith/pine.hlp b/pith/pine.hlp index 92f2d9a3..b549bc91 100644 --- a/pith/pine.hlp +++ b/pith/pine.hlp @@ -194,19 +194,34 @@ problems you find with this release.
  • Expansion of the configuration screen for XOAUTH2 to include username, and tenant. +
  • If a user has more than one client-id for a service, Alpine tries to + asks the user which client-id to use and associates that client-id to + the credentials in the XOAUTH2 configuration screen. + Learn more. +
  • Addition of a link to the Apache License 2.0 (see above). This is available from the Release Notes as well as the welcome screen. +
  • Modifications to protect the privacy of users: + +
  • Alpine will ding the terminal bell when asking about quitting when new mail arrives. This is consistent with Alpine dinging the bell when new mail arrives. The bell will not ding if it is disabled for status messages. Suggested by Chime Hart. -
  • If a user has more than one client-id for a service, Alpine tries to - asks the user which client-id to use and associates that client-id to - the credentials in the XOAUTH2 configuration screen. - Learn more. -
  • When messages are selected, pressing the ";" command to broaden or narrow a search, now offers the possibility to completely replace the search, and is almost equivalent to being a shortcut to "unselect all messages, and select diff --git a/pith/reply.c b/pith/reply.c index ab4e97c2..702832a0 100644 --- a/pith/reply.c +++ b/pith/reply.c @@ -3346,58 +3346,23 @@ second and a single unique character char * generate_message_id(void) { - static short osec = 0, cnt = 0; - char idbuf[128], revisionbuf[128]; char *id; - time_t now; - struct tm *now_x; - char *revision = NULL; - char *hostpart = NULL; - char *alpine_name = NULL; - char *alpine_version = NULL; - char *system_os = NULL; - - now = time((time_t *)0); - now_x = localtime(&now); - - if(now_x->tm_sec == osec) - cnt++; - else{ - cnt = 0; - osec = now_x->tm_sec; - } + char *leftpart; + char *hostpart; - get_alpine_revision_number(revisionbuf, sizeof(revisionbuf)); if(F_ON(F_ROT13_MESSAGE_ID, ps_global)){ - hostpart = rot13(ps_global->hostname); - alpine_name = rot13("alpine"); - alpine_version = rot5n(ALPINE_VERSION); - system_os = rot13(SYSTYPE); - revision = rot5n(revisionbuf); + hostpart = rot13(ps_global->hostname); + leftpart = rot13(oauth2_generate_state()); } else { - hostpart = cpystr(ps_global->hostname); - alpine_name = cpystr("alpine"); - alpine_version = cpystr(ALPINE_VERSION); - system_os = cpystr(SYSTYPE); - revision = cpystr(revisionbuf); + hostpart = cpystr(ps_global->hostname); + leftpart = oauth2_generate_state(); } - - if(!hostpart) - hostpart = cpystr("huh"); - - snprintf(idbuf, sizeof(idbuf), "<%.6s.%.4s.%.20s.%.10s.%02d%02d%02d%02d%02d%02d%X.%d@%.50s>", - alpine_name, system_os, alpine_version, revision,(now_x->tm_year) % 100, now_x->tm_mon + 1, - now_x->tm_mday, now_x->tm_hour, now_x->tm_min, now_x->tm_sec, - cnt, getpid(), hostpart); - idbuf[sizeof(idbuf)-1] = '\0'; - - id = cpystr(idbuf); - - if(hostpart) fs_give((void **) &hostpart); - if(alpine_name) fs_give((void **) & alpine_name); - if(alpine_version) fs_give((void **)&alpine_version); - if(system_os) fs_give((void **)&system_os); - if(revision) fs_give((void **)&revision); + + id = fs_get(strlen(leftpart) + strlen(hostpart) + 4); + sprintf(id, "<%s@%s>", leftpart, hostpart); + + fs_give((void **) &hostpart); + fs_give((void **) &leftpart); return(id); } -- cgit v1.2.3-70-g09d2