1. 06 Apr, 2018 1 commit
  2. 01 Feb, 2018 1 commit
  3. 31 Jan, 2018 4 commits
    • Michael Gratton's avatar
    • Michael Gratton's avatar
      Ensure encoded mailbox addresses are decoded correctly. · 8a1906fa
      Michael Gratton authored
      Both RFC mailbox address names and mailboxes/local-names may by RFC 2047
      be Quoted-Printable or Base64 encoded. This patch ensures these parts are
      correctly decoded when parsing a RFC 822 message, so that they are
      displayed to the user in human-readable form.
      Part 2 of Mailsploit mitigation.
      * src/engine/rfc822/rfc822-message.vala (Message): Since GMime.Message's
        convenience properties for accessing header values such as senders,
        recipients, etc. in string form are presented as human-readable, not
        RFC822 compliant strings, we can't re-parse them for use by this class
        when it is being constructed from a GMime-based source. Instead,
        iterate over all headers to get the raw values and parse those we are
        interested in instead. Add unit tests.
      * src/engine/rfc822/rfc822-mailbox-address.vala (BaseObject): Add gmime
        constructor so we can handle construction and decoding from a GMime
        InternetAddressMailbox object in a consistent way. Ensure both names
        are decoded correctly, and mailboxes are decoded at all, from both
        GMime and IMAP sources. If a GMime source's address has no @-symbol,
        try to decode the whole thing first it in case the whole address is
        encoded. Add unit tests.
      * src/engine/rfc822/rfc822-mailbox-addresses.vala (MailboxAddresses):
        Add append method and handle group addresses here instead of in Message
        to simplify updated Message implementation.
      * src/engine/rfc822/rfc822-message-data.vala (MessageData): Add append
        method to simplify updated Message implementation.
    • Michael Gratton's avatar
      Ensure mailbox addresses escaped correctly when formatted as RFC 822. · 8810e957
      Michael Gratton authored
      * src/engine/rfc822/rfc822-mailbox-address.vala (MailboxAddress): Escape
        and encode name and mailbox (local-part) when serialising as a RFC 822
        string. Provide a means to get a RFC 822 version of the address only
        for SMTP. Add unit tests.
      * src/engine/smtp/smtp-request.vala (MailRequest): Use proper RFC 822
        formatted version of mailbox addresses.
    • Michael Gratton's avatar
      Check for spoofed sender addresses, only display the address if so. · 71e0e683
      Michael Gratton authored
      This adds a check for malware spoofing of RFC 822 mailbox addresses such
      as those found in Mailsploit, and if found only displays the email
      address part and not the mailbox name part.
      Part 1 of Mailsploit mitigation.
      * src/engine/rfc822/rfc822-mailbox-address.vala (MailboxAddress): Add new
        is_spoofed method to check if the mailbox address looks like it has
        been spoofed. Add is_distinct method to determine if the name and the
        label is the same. Do whitespace and non-printing character stripping
        when generating display versions of the mailbox address, rename methods
        to make it more obvious what they do and update call sites. Add unit
        tests to cover all this.
      * src/client/conversation-viewer/conversation-message.vala
        (ConversationMessage): Check name is distinct and is not valid before
        displaying it. Use new MailboxAddress methods for getting display
        versions of the address, to ensure we get the stripped versions of the
      * src/client/conversation-list/formatted-conversation-data.vala
        (ParticipantDisplay): Ensure full addresses are always HTML-markup
        escaped before displaying them as markup, to avoid dropping "<address>"
        values as invalid HTML. Always show the full address if an address is
      * src/engine/util/util-string.vala (reduce_whitespace): Strip not only
        whitespace but also non-printing characters. Add unit tests.
  4. 18 Dec, 2017 1 commit
  5. 04 Dec, 2017 1 commit
  6. 13 Dec, 2016 1 commit