2016-04-27 13:08 -0700  Kevin McCarthy  <kevin@8t8.us>  (23334e967dd7)

	* Makefile.am, getdomain.c, mutt_sasl.c, mutt_socket.c, mutt_tunnel.c,
	sys_socket.h: Create a wrapper sys_socket.h to work around Solaris
	namespace issues. (closes #3833)

	Solaris includes "sys/stream.h" inside their "sys/socket.h". This
	include file adds many non-reserved macros to Mutt's namespace, two
	of which conflict with existing Mutt macros.

	The simplest fix would be to rename those macros in Mutt, however
	this will cause difficulty with out-of-tree patches. This fix
	creates a wrapper include file that preserves those existing macros
	and prevents the Solaris values from entering Mutt's namespace.

2016-04-10 16:02 -0700  Kevin McCarthy  <kevin@8t8.us>  (a6a4d6ed0f19)

	* crypt.c, send.c: Fix mutt_protect() when INLINE is set. (closes
	#3828)

	The oppenc changes allow security bits to be set even when not
	encrypting or signing (for instance, OPPENCRYPT and INLINE).

	mutt_protect() assumed that if INLINE is set, then either ENCRYPT or
	SIGN must also be set. Specifically, it would end up inline-signing
	the message even though neither was set.

	Ensure mutt_protect() is a noop if neither SIGN or ENCRYPT are set.

	In ci_send_message(), check for sign or encrypt before calling the
	crypt_get_keys() / mutt_protect() block, and also in the fcc section
	(since clear_content would be NULL if not).

	The second change to the fcc part is somewhat redundant, but better
	to be explicit and avoid the case where the subtype is somehow
	"encrypted" or "signed" even though msg->security wasn't set thus.

2016-04-05 14:31 -0700  Kevin McCarthy  <kevin@8t8.us>  (f7db9cefd3b0)

	* Makefile.am, configure.ac, mutt_idna.h: Fix IDNA functions for
	systems without iconv.

	The IDNA changes for SMTPUTF8 support introduced a bug for systems
	without iconv. For those systems, the local<->intl functions would
	return an error due to the charset conversion failing.

	Change mutt_idna.c back to being conditionally compiled, but this
	time based on HAVE_ICONV. If there is no iconv, stub out the
	functions in mutt_idna.h.

2016-04-02 13:04 -0700  Kevin McCarthy  <kevin@8t8.us>  (b983eb6c1a04)

	* merge default into stable

2016-04-02 11:55 -0700  Kevin McCarthy  <kevin@8t8.us>  (b81408b02cbb)

	* .hgsigs: mutt-1.6.0 signed

2016-04-02 11:18 -0700  Kevin McCarthy  <kevin@8t8.us>  (349f9cb71427)

	* .hgtags: Added tag mutt-1-6-rel for changeset be82a2fde82f

2016-04-02 11:18 -0700  Kevin McCarthy  <kevin@8t8.us>  (be82a2fde82f)

	* ChangeLog, UPDATING, VERSION, po/bg.po, po/ca.po, po/cs.po,
	po/da.po, po/de.po, po/el.po, po/eo.po, po/es.po, po/et.po,
	po/eu.po, po/fr.po, po/ga.po, po/gl.po, po/hu.po, po/id.po,
	po/it.po, po/ja.po, po/ko.po, po/lt.po, po/nl.po, po/pl.po,
	po/pt_BR.po, po/ru.po, po/sk.po, po/sv.po, po/tr.po, po/uk.po,
	po/zh_CN.po, po/zh_TW.po: automatic post-release commit for
	mutt-1.6.0

2016-04-01 09:38 -0700  Kevin McCarthy  <kevin@8t8.us>  (503bd3a3c818)

	* Makefile.am: Fix hcversion.h generation error when using included
	gettext.

	When configuring mutt with --enable-hcache and
	--with-included-gettext, there is an automake ordering issue:
	BUILT_SOURCES are processed before SUBDIRS. Therefore, the
	'hcversion.h' target is run before the included gettext (intl) is
	built.

	The hcversion.h target runs the cpp over config.h and mutt.h, but
	mutt.h includes lib.h which tries to #include <libintl.h>.
	Unfortunately, libintl.h (in this configuration) is generated by the
	intl subdir build and so doesn't exist yet.

	While the build doesn't completely fail, the resulting hcversion.h
	is incorrect: it's just the md5sum of the initial value of
	BASEVERSION.

	This fix is somewhat of a hack but is cleaner than trying to change
	automake's behavior. It inserts a '#undef ENABLE_NLS' in between the
	config.h and mutt.h sent to the cpp. Since hcachever.sh is just
	scanning the data structures used by mutt, this shouldn't affect the
	hash generated.

	Thanks to Will Yardley for reporting this issue.

2016-03-30 13:16 -0700  Kevin McCarthy  <kevin@8t8.us>  (6e0aca94cdb0)

	* mbyte.c: Filter out bidi marks in rfc2047 and rfc2231 encoding. (see
	#3827)

	Filter out U+200F RIGHT-TO-LEFT MARK and U+200E LEFT-TO-RIGHT MARK
	in rfc2047 and 2231 encoded fields. GNU Screen has a bug that
	corrupts the display, and can cause the wrong email to appear to be
	selected in the index. Until screen fixes the issue, filter it out
	in mutt.

2016-03-29 14:07 -0700  Kevin McCarthy  <kevin@8t8.us>  (96b7714fef87)

	* doc/manual.xml.head: Fix documentation: mime_lookup (not mime-
	lookup).

2016-03-29 15:06 +0200  Vincent Lefevre  <vincent@vinc17.net>  (47aeb87ce9cd)

	* doc/manual.xml.head: Fix typo.

2016-03-26 15:45 -0700  Kevin McCarthy  <kevin@8t8.us>  (62e478a3f1c8)

	* imap/imap.c: Fix error handling in sync_helper() and
	imap_sync_mailbox(). (closes #3817)

	This patch is based on the one Richard Russon found in the Fedora
	package.

	If an error occurs during one of the imap_exec() calls in
	imap_sync_mailbox(), the mailbox could end up being closed. This
	would cause idata->ctx to be NULL. Add a check in sync_helper() for
	the case where idata->ctx == NULL.

	In imap_sync_mailbox(), check the return value of sync_helper(). To
	keep the code simple, change rc from being the sum of the calls to
	the bitwise-OR of the calls. (We only need to know if a single flag
	needs to be updated, and bitwise-OR will detect negatives.)

	Below the calls to sync_helper(), if the call to imap_exec() fails,
	make sure rc is set to -1.

2016-03-26 13:30 -0700  TAKAHASHI Tamotsu  <ttakah@lapis.plala.or.jp>  (0b1f1daba437)

	* po/ja.po: Updated Japanese translation.

2016-03-24 12:07 -0700  Benno Schulenberg  <i18n@benno.vertaalt.nl>  (484b34e23f2a)

	* po/eo.po: Updated Esperanto translation.

2016-03-23 15:28 -0700  Kevin McCarthy  <kevin@8t8.us>  (55a389b96d0b)

	* imap/browse.c: Prevent renaming root folder in imap.

	The root folder results in mx.mbox being NULL, which causes a
	segfault. This can be triggered by entering a subfolder and trying
	to rename the ".." entry.

	Due to the translation string freeze, no visible error message is
	displayed. Add a TODO note about this for post-1.6 release.

2016-03-23 14:20 -0700  Kevin McCarthy  <kevin@8t8.us>  (27cde0a2fe32)

	* imap/browse.c: Fix uninitialized prompt buffer in
	imap_mailbox_rename(). (closes #3819)

	This is a patch from OpenBSD to initialize the newname buffer in
	imap_mailbox_rename(). Previously it would generate random garbage
	in the prompt.

	This version of the patch initializes the prompt to the old mailbox
	name.

	Thanks to TAKAHASHI Tamotsu for finding this patch.

2016-03-23 13:17 -0700  Kevin McCarthy  <kevin@8t8.us>  (789500dae762)

	* doc/manual.xml.head: Add "-d" command-line option to manual. (closes
	#3816)

	Thanks to Richard Russon for finding this patch in the Fedora
	package.

2016-03-23 13:06 -0700  Ivan Vilata i Balaguer  <ivan@selidor.net>  (180380cd9119)

	* po/ca.po: Updated Catalan translation.

2016-03-22 18:00 -0700  Kevin McCarthy  <kevin@8t8.us>  (a3450fd50d11)

	* curs_lib.c, protos.h: Clean up mutt_wstr_trunc() some more.

	* Change return type to size_t. The return value is the cumulation
	of values from mbrtowc(), which returns size_t. All callers already
	assign the return value to a size_t, requiring no external changes.

	* Change the local variables n, w, l, and cl to size_t. n is the
	strlen of the src parameter. l and cl are used for the return value.
	w is assigned to the *width parameter, which is size_t.

	 cw is kept as an int, because wcwidth returns type int.

	* Change error handling of mbrtowc to be the same as other functions
	in mutt: only reset mbstate when the retval==-1. When retvat==-2,
	set cl=n to break out of the loop. Also, set wc to replacement_char
	and allow the logic below to determine the width instead of
	hardcoding to 1.

2016-03-20 17:06 -0700  Karel Zak  <kzak@redhat.com>  (c8c76a6a1e61)

	* curs_lib.c: Improve error handling in mutt_wstr_trunc().

	This is Karel Zak's patch to fix handling of (illegal) multi-byte
	chars.

	 * mutt_wstr_trunc(): Reset mbstate after error in mbrtowc(). Set
	wc=0 if wcwidth returns < 0.

	Addresses: https://github.com/karelzak/mutt-kz/issues/58

	Thanks to Richard Russon for bringing this patch to our attention.

2016-03-22 12:35 -0700  Benno Schulenberg  <i18n@benno.vertaalt.nl>  (b302f9868d78)

	* po/nl.po: Updated Dutch translation.

2016-03-21 01:31 +0100  Vincent Lefevre  <vincent@vinc17.net>  (b3703e907d83)

	* po/fr.po: Updated French translation.

2016-03-20 15:38 -0700  Vsevolod Volkov  <vvv@mutt.org.ua>  (2a73a6e7c6e7)

	* po/ru.po: Updated Russian translation.

2016-03-20 15:36 -0700  Vsevolod Volkov  <vvv@mutt.org.ua>  (b3504a7b6cc2)

	* po/uk.po: Updated Ukrainian translation.

2016-03-20 15:30 -0700  Morten Bo Johansen  <mbj@spamcop.net>  (1f8e728ac6af)

	* po/da.po: Updated Danish translation.

2016-03-19 17:25 -0700  Kevin McCarthy  <kevin@8t8.us>  (7992020e522d)

	* sendlib.c: Turn off asserts in sendlib.c.

	The Doctor reported triggering an assertion in convert_file_to(),
	due to an unexpected errno from iconv(). According to the comments,
	the assertions were only enabled for debugging and should have been
	turned off. We certainly don't want to abort mutt for this case, so
	just disable them as the comment indicates.

2016-03-19 16:19 -0700  Petr Pisar  <petr.pisar@atlas.cz>  (36bf3b7ebd2c)

	* po/cs.po: Updated Czech translation.

2016-03-19 06:08 -0700  Kevin McCarthy  <kevin@8t8.us>  (36f855a4a2cc)

	* crypt-gpgme.c, init.c, mutt_ssl.c, pgp.c: Fix a few typos in
	translation messages.

	Thanks to Moritz Barsnick for reporting these.

2016-03-18 12:12 +0100  Vincent Lefevre  <vincent@vinc17.net>  (fb13f458ad16)

	* po/fr.po: Updated French translation.

2016-03-18 10:15 +0100  Vincent Lefevre  <vincent@vinc17.net>  (6630c196ecd8)

	* mutt_ssl.c: Fix typo in debug message.

2016-03-17 17:33 -0700  Richard Russon  <rich@flatcap.org>  (cbf073e5e0d7)

	* recvattach.c: Fix typo picked up by Debian's QA.

	This was allegedly fixed 5 years ago (see #3493).

2016-03-17 17:22 -0700  Richard Russon  <rich@flatcap.org>  (1fb2a924a7c0)

	* Makefile.am: Use '$(PACKAGE).pot' instead of 'mutt.pot' in
	Makefile.am

2016-03-17 17:12 -0700  Richard Russon  <rich@flatcap.org>  (80926cec6d41)

	* hcache.c, imap/auth_gss.c: Fix three build warnings when DEBUG isn't
	defined.

2016-03-16 14:15 -0700  Kevin McCarthy  <kevin@8t8.us>  (cc1af19c0763)

	* hcache.c: Fix tcbdb error reporting to use ecode, not errno.

	After committing aff8d62ebddb and taking a closer look at the tcbdb
	documentation, I realized those functions don't set errno.

	Change the error handling messages to instead get the ecode and
	message using tcbdbecode() and tcbdberrmsg().

2016-03-16 13:33 -0700  Kevin McCarthy  <kevin@8t8.us>  (aff8d62ebddb)

	* hcache.c: Fix crash in hcache_open_tc() when open fails and debug is
	on. (closes #3813)

	When the hcache open fails, it was trying to dprint. The dprint had
	a %s where it was passing errno, leading to a crash in strlen.

	Unify the dprint messages for tcdbopen and tcdbclose to report the
	path, strerror, and errno.

	Thanks to Will Yardley for capturing the stack trace!

2016-03-15 18:04 -0700  Kevin McCarthy  <kevin@8t8.us>  (29b254ac7c12)

	* mbox.c: Prevent ctx->fp from being closed twice in the event of an
	error.

	The previous patch from Vincent exposed a crash if ftruncate() fails
	in mbox_sync_mailbox(). Change fclose() to safe_fclose(), to avoid
	it being called twice.

2016-03-15 18:01 -0700  Vincent Lefevre  <vincent@vinc17.org>  (2a152212cd9a)

	* mbox.c: Check return value of ftruncate() in mbox_sync_mailbox().

	Generate an error in the event that ftruncate() fails.

2016-03-13 19:04 -0700  Kevin McCarthy  <kevin@8t8.us>  (73c8c033e184)

	* init.h: Update the $hostname documentation.

	Change to reflect the updates in changeset ce71d168c819.

2016-03-13 18:18 -0700  Kevin McCarthy  <kevin@8t8.us>  (ad14066bf6c1)

	* UPDATING: Update the UPDATING file for 1.6.0

2016-03-13 11:19 -0700  Kevin McCarthy  <kevin@8t8.us>  (90d0935c3142)

	* rfc2231.c: Fix RFC2231 continuation join order. (closes #3811)
	(closes #3741)

	The function generating a list of parts to join had incorrect
	sorting logic. It was comparing values, not attributes.
	Additionally, the order logic wasn't correct.

	Thanks to TAKAHASHI Tamotsu for pointing out the value vs attribute
	comparison bug.

2016-03-11 13:47 +0100  Vincent Lefevre  <vincent@vinc17.net>  (bd0e695f627e)

	* po/fr.po: Updated French translation.

2016-03-10 15:52 -0800  Kevin McCarthy  <kevin@8t8.us>  (b5f170446e14)

	* doc/manual.xml.head: Improve the mailto_allow documentation.

	Add to the commands list. Document unmailto_allow. Mention the new
	behavior in the Security Considerations section about mailto: links.

2016-03-10 14:59 -0800  Michael Elkins  <me@sigpipe.org>  (ad94dd58966b)

	* doc/manual.xml.head, doc/muttrc.man.head, globals.h, init.c, init.h,
	url.c: Restrict mailto header fields using mailto_allow.

	By default, only the body and subject fields are allowed. These can
	be changed with the mailto_allow and unmailto_allow commands.

2016-03-10 14:20 -0800  Kevin McCarthy  <kevin@8t8.us>  (b46ee6523400)

	* configure.ac: Check stat return value in configure.ac. (closes
	#3810)

2016-03-08 15:57 -0800  Kevin McCarthy  <kevin@8t8.us>  (d07d2e9f1e34)

	* init.h, main.c, mutt.h: Add $resume_edited_draft_files option.

	This adds an extra header when saving edited draft files (-E -H on
	the command line). With this header, the next time they are edited,
	they are automatically "resumed" (by setting $resume_draft_files).

	The idea is to prevent multiple user-defined headers and signatures
	from being added to the draft message by avoiding processing it as a
	brand new message after the first time.

2016-03-08 15:57 -0800  Kevin McCarthy  <kevin@8t8.us>  (24b4f14e9538)

	* init.h, mutt.h, send.c: Add $resume_draft_files option.

	When set, draft files are processed the same as when resuming
	postponed messages. One use of this option is to avoid multiple
	user-defined headers and signatures being added to the message.
	(e.g. when -E is used repeatedly on the draft files).

2016-03-08 13:12 -0800  Derek Martin  <code@pizzashack.org>  (ce71d168c819)

	* getdomain.c, init.c: Improve method of determining FQDN. (closes
	#3298)

	Rather than reading /etc/resolv.conf, use gethostname() and
	getaddrinfo() to get the canonical domain.

	Thanks to Vincent Lefèvre for the memory leak fix.

2016-03-02 15:08 -0800  Kevin McCarthy  <kevin@8t8.us>  (8e77637a1a69)

	* init.h: Document that GPGME doesn't support creating inline PGP
	messages.

2016-03-02 15:08 -0800  Kevin McCarthy  <kevin@8t8.us>  (6034900d1636)

	* crypt-gpgme.c: Add hard redraw for the gpgme application/pgp
	handler.

	Will Yardley reported display artifacts and keyboard issues after
	decrypting a traditional pgp message using gpgme. It turns out the
	gpgpme code path was missing a hard_redraw() to repaint the screen
	after pinentry.

2016-02-28 19:42 -0800  Kevin McCarthy  <kevin@8t8.us>  (d11b6776532f)

	* main.c, mutt.h, send.c: Draft file tweeks: rename flag, don't auto-
	abort on no change.

	Rename the flag to SENDDRAFTFILE since it will be used in contexts
	other than the body allocation.

	Don't automatically abort if the message was unchanged; it seems
	possible the draft files could be used as the entire message reply.

2016-02-15 19:44 -0800  Kevin McCarthy  <kevin@8t8.us>  (909cf6dd067c)

	* contrib/gpg.rc, crypt-gpgme.c, globals.h, init.h, pgp.c: Add
	$pgp_decryption_okay to verify multipart/encrypted are actually
	encrypted. (closes #3770)

	In pgp classic mode, if the $pgp_decrypt_command generated output,
	it assumed the content was encrypted. However, gpg will generate
	output even if the block is simply signed and armored text. The
	problem is that mutt was then printing mime headers labelling the
	output as encrypted text in the ui.

	Add a new option, and suggested value of: set
	pgp_decryption_okay="^\\[GNUPG:\\] DECRYPTION_OKAY" If set, the
	output from the decrypt command will be scanned for this regexp to
	confirm an actual decryption occurred.

	Note that gpgme already correctly rejects this form of spoofed
	message.

2016-02-11 15:12 -0800  Kevin McCarthy  <kevin@8t8.us>  (b55c6a64a07b)

	* crypt-gpgme.c: Update the status message after decryption using
	gpgpme.

	Change gpgme to behave the same as classic pgp mode: after a
	decryption, update the status message to overwrite the initial
	"Invoking PGP..." message.

2016-02-11 02:15 +0100  Vincent Lefevre  <vincent@vinc17.net>  (3b59ef2bf032)

	* po/fr.po: Updated French translation.

2016-02-07 10:15 -0800  Kevin McCarthy  <kevin@8t8.us>  (87c46e1f6f8c)

	* postpone.c: Fix pgp and smime decryption in mutt_prepare_template().

	Change the "combined" multipart decryption block to only work for
	pgp, since mutt_is_multipart_encrypted() currently only checks for
	pgp headers and it therefore only worked for pgp in the first place.

	Fix the newhdr->security to be based on what that function returns,
	instead of the "context" hdr passed in.

	Add a smime decryption block below when iterating through the
	content.

	Fix the application/pgp decryption block to assign to hdr->security
	using the type of the app/pgp part instead of hdr->content.

2016-02-07 10:15 -0800  Kevin McCarthy  <kevin@8t8.us>  (a4d885bb36ab)

	* compose.c, doc/manual.xml.head, doc/mutt.man, main.c, mutt.h,
	protos.h, send.c: Add new flag -E to modify draft/include file.
	(closes #3799)

	Specifying -E with -i will cause mutt to directly edit the include
	file.

	Specifying -E with -H will cause the draft file to be regenerated
	from the latest version of the email on exit.

	Improve -H so that it will read (and write) multipart messages.

2016-01-26 13:46 -0800  Kevin McCarthy  <kevin@8t8.us>  (e8f7a08cb7ac)

	* doc/manual.xml.head: Mention <what-key> under the key bindings
	documentation.

2016-01-23 12:30 -0800  Kevin McCarthy  <kevin@8t8.us>  (df42596d08fe)

	* lib.h: Increase HUGE_STRING size to 8192. (see #3804)

	The interface for editing a large number of recipients is poor and
	perhaps shouldn't be using a fixed buffer size. Until a redesign can
	be thought about, this will help.

2016-01-19 14:05 -0800  Kevin McCarthy  <kevin@8t8.us>  (b315c4d4ede7)

	* imap/auth_sasl.c, pop_auth.c, smtp.c: Make sasl authentication
	buffers dynamically sized. (see #3804)

	The reporter found that the current buffer of HUGE_STRING was
	insufficient in his case to encode the clientout response back to
	the server in imap_auth_sasl().

	Since sasl gives us the size of "clientout", we can dynamically
	malloc and resize the buffer as needed. This patch uses
	max(LONG_STRING, (clientoutlen*2)). This is sufficient to hold the
	base64 encoded value plus additional prefix/suffix needed in each
	protocol.

	The size is rechecked after each sasl_client_step() and resized as
	needed.

	Similar code is in pop_auth_sasl() and smtp_auth_sasl(), so convert
	all three to use a dynamic buffer.

2016-01-05 18:08 -0800  Kevin McCarthy  <kevin@8t8.us>  (7c0bd34546f4)

	* smime.c: Allow tab as a delimiter in smime .index files. (closes
	#3802)

	The old parsing code used fscanf, and so happened to allow a tab as
	a delimiter. Even though smime_keys.pl uses a space, some users
	maintain their own .index files by hand (using tab delimiters), so
	continue to allow that delimiter.

	Thanks to Andre for the bug report and patch.

2016-01-04 16:28 -0800  Kevin McCarthy  <kevin@8t8.us>  (cf4c1c21e58d)

	* compose.c: Add a couple missing ATTACHPTR->tree frees.

	While working on ticket 3800, I noticed the tree wasn't being freed
	inside OP_COMPOSE_EDIT_HEADERS. Add a free there, and in the cleanup
	at the end of mutt_compose_menu().

	A few other sections in mutt_compose_menu() are performing a free-
	on-error where the tree isn't allocated yet, so skip it for those.

	I believe this is actually not fixing a memory leak: all attachments
	are always at level 0 in the compose menu (as far as I know); so
	nothing is ever allocated in the tree pointer. However since other
	parts of the code in compose.c clean this up, it make sense to add
	them here too.

2016-01-04 13:57 -0800  S. Gilles  <sgilles@math.umd.edu>  (960017a249f7)

	* color.c: Prefer bright versions (8-15) of colors for brightXXX
	backgrounds.

	When a bright color is specified as a background, try to use the
	bright version of that color, falling back to the A_BLINK method
	only on terms which do not support enough colors.

2016-01-01 12:24 -0800  Kevin McCarthy  <kevin@8t8.us>  (d3f31cf9239e)

	* parse.c: Use strrchr to search for Received date separator. (closes
	#3798)

	Sample email provided by the submitter showed a Received header with
	a ";" at the end of each line, instead of a single ";" in front of
	the date. The emails are obviously not RFC compliant, but the fix is
	simple enough: find the last ";" using strrchr instead of the first.

2016-01-01 12:16 -0800  Kevin McCarthy  <kevin@8t8.us>  (cec45c0a405e)

	* doc/manual.xml.head: Update manual copyright too.

2016-01-01 12:07 -0800  Kevin McCarthy  <kevin@8t8.us>  (b74ce90c7ba1)

	* account.c, account.h, ascii.h, bcache.c, bcache.h, commands.c,
	crypt-gpgme.c, crypt.c, cryptglue.c, curs_lib.c, curs_main.c,
	enter.c, globals.h, imap/auth.c, imap/auth.h, imap/auth_sasl.c,
	imap/browse.c, imap/command.c, imap/imap.c, imap/imap.h,
	imap/imap_private.h, imap/message.c, imap/message.h, imap/util.c,
	init.h, keymap.c, lib.c, mutt_idna.c, mutt_sasl.c, mutt_sasl.h,
	pager.c, parse.c, pattern.c, pgp.c, pgp.h, pgpkey.c, pgplib.h,
	pgppacket.c, pop.c, postpone.c, rfc3676.c, rfc822.c, send.c,
	smime.c, smime.h, smime_keys.pl, smtp.c, url.c: Convert copyright
	years to all use 4 digit years.

	Vincent Lefèvre pointed out the common shortcut, e.g 1996-9, is
	actually not allowed for copyright years. Convert all the copyright
	years (for mutt files) to use 4 digits.

2016-01-01 12:07 -0800  Kevin McCarthy  <kevin@8t8.us>  (fdd3fdd6f708)

	* COPYRIGHT, account.h, attach.c, bcache.c, browser.c, buffy.c,
	buffy.h, color.c, compose.c, copy.c, crypt-gpgme.c, curs_lib.c,
	curs_main.c, enter.c, from.c, handler.c, headers.c,
	imap/auth_login.c, imap/command.c, imap/imap.c, imap/imap_private.h,
	imap/util.c, init.c, init.h, keymap.c, keymap.h, lib.c, lib.h,
	main.c, mbox.c, mh.c, mime.h, mutt.h, mutt_curses.h, mutt_idna.c,
	mutt_sasl.c, muttlib.c, mx.c, mx.h, pager.c, parse.c, pattern.c,
	pgp.c, pop.c, postpone.c, protos.h, query.c, recvattach.c,
	rfc1524.c, rfc2047.c, rfc822.c, send.c, sendlib.c, signal.c,
	smime_keys.pl, system.c: Update copyright notices.

	This patch only updates existing copyright notices in the source
	files, using commit dates since the last copyright update in commits
	e3af935cdb1a and f8fd60d8d3f2.

	Add a notice to the COPYRIGHT file to refer to our mercurial
	repository for the full commit history.

	Add myself to the COPYRIGHT file and smime_keys.pl file.

2016-01-01 09:52 -0800  Kevin McCarthy  <kevin@8t8.us>  (c6471322c68f)

	* compose.c: merge stable

2016-01-01 09:48 -0800  Kevin McCarthy  <kevin@8t8.us>  (f99561e22a99)

	* compose.c: Fix segfault when deleting and reusing attachment slots.
	(closes #3800)

	When attachments are deleted, delete_attachment() slides the entries
	down in the idx array, but forgets to NULL out the last vacated
	slot.

	If more attachments are added later on via OP_COMPOSE_EDIT_HEADERS
	and the Attach: pseudo-header, mutt_gen_attach_list() will attempt
	to re-use the ATTACHPTR in that last slot because it wasn't set to
	NULL. This will be pointing to freed memory and likely segfault (at
	best).

2015-12-17 12:25 -0800  Kevin McCarthy  <kevin@8t8.us>  (9480a363a68a)

	* init.h: Add missing "yes" to $recall option documentation.

	Also add a blurb about the <recall-message> function.

2015-12-17 07:37 -0800  Kevin McCarthy  <kevin@8t8.us>  (52df4013b0b7)

	* doc/manual.xml.head: Reword new f=f documentation.

	Reword a couple parts, as Oswald Buddenhagen suggested the original
	wording was somewhat confusing.

2015-12-15 15:29 -0800  Kevin McCarthy  <kevin@8t8.us>  (e52d3e9c83d8)

	* doc/manual.xml.head, init.h, mutt.h, rfc3676.c: Add
	$reflow_space_quotes option. (closes #3309)

	When viewing and replying to a flowed email, add spacing between the
	quotes to improve readability and interoperability with non-flowed
	replies.

	Add a section to the documentation discussing support for viewing
	and non-flowed replies to flowed emails.

2015-12-08 09:12 -0800  Kevin McCarthy  <kevin@8t8.us>  (02bc14ed1569)

	* merge stable

2015-12-08 09:11 -0800  Kevin McCarthy  <kevin@8t8.us>  (f542783e257d)

	* mh.c: Fix hash table key "use after free" in mh_check_mailbox().
	(closes #3797)

	The fnames hash uses the maildir->header->path as the key. As
	matches are found, the headers are freed. This inadvertantly also
	freed the key to the hashtable entry; the next hash_find() going to
	the same bucket might end up comparing keys with a freed string.

	This patch stores the path in the struct maildir canon_fname field
	(just as maildir_check_mailbox() does) and uses that as the hash key
	instead. This field isn't used outside of maildir_check_mailbox(),
	and is automatically freed for us in the maildir_move_to_context()
	call at the bottom of both functions.

	Note there are other ways to fix this problem:
	- Add a new mode to the hash table, causing it to strdup the keys and
	free them itself.
	- Delete the entries in the fnames hash, rather leaving them there.
	The first seems the cleanest, but would end up touching much more
	code. The second is also clean, but might have a negative
	performance impact.

	Additionally, peeking back in history to changeset 1d45a50b6f9b, it
	looks like the canon_fname used to be used by mh too, so perhaps
	removing the strdup may have been a mistake during refactoring at
	some point.

2015-12-07 12:22 +0100  Vincent Lefevre  <vincent@vinc17.net>  (72fbf15cd9a1)

	* po/fr.po: Updated French translation.

2015-12-03 15:23 -0800  Kevin McCarthy  <kevin@8t8.us>  (bce2a0e71bf6)

	* crypt.c: Provide a better prompt and error for inline PGP with
	attachments. (closes #3738)

	Change mutt_protect() to check for text/plain before trying to
	invoke crypt_pgp_traditional_encryptsign(). This way, mutt can
	provide a bit more specific prompt and error message.

	Since pgp_mime_auto says it will prompt in the event of any failure,
	keep the more generic prompt after the encryptsign call too.

2015-12-01 18:20 -0800  Kevin McCarthy  <kevin@8t8.us>  (5e5aff1782dc)

	* crypt.c: Loosen mutt_signed_handler() protocol value consistency
	check. (closes #3639)

	Apparently, for S/MIME, some MUAs mismatch the protocol value of the
	multipart/signed and the content-type of the signature: putting
	"pkcs7-signature" in one and "x-pkcs7-signature" in the other.

	Change mutt_signed_handler() to independently verify the values of
	the protocol and the content-type. This still checks for correct
	values but doesn't ensure they match between the two (for S/MIME).

2015-11-30 15:52 -0800  Kevin McCarthy  <kevin@8t8.us>  (428a92464d5b)

	* contrib/smime.rc, globals.h, init.h, smime.c: smime: allow signing
	message digest algorithm to be specified.

	Currently, Mutt hardcodes micalg=sha1 for signed messages.
	Unfortunately, the actual message digest algorithm used defaults to
	the value in the "Signature Algorithm" field in the signing key's
	certificate.

	Add a new configuration option $smime_sign_digest_alg, defaulting to
	sha256. Add a new printf format string, %d, to be used in the
	signing command to specify the digest algorithm. Modify the sample
	$smime_sign_command to include "-md %d".

	Note: This solution requires using the modified $smime_sign_command,
	or else the micalg parameter again may not match the algorithm used.
	An alternative solution would be to query the certificate "Signature
	Algorithm" field and try to change the micalg to match it, but this
	method is easier to implement and provides better control for the
	user to configure, in any case.

2015-11-26 11:01 -0800  Kevin McCarthy  <kevin@8t8.us>  (ff560d1f3f7a)

	* smtp.c: Clean up address_uses_unicode() (closes #3794)

	Pull the null check out of the loop. Use a bit comparison to detect
	if the high bit is set: this avoids a warning for platforms where
	char is implicitly signed (where comparing < 128 is always true).

2015-11-24 21:45 -0800  Kevin McCarthy  <kevin@8t8.us>  (94186a96ca17)

	* mutt_idna.c: Fix bad idn error on local mailboxes. (closes #3795)

	Commit 831abf39d53a pulled the mbox_to_udomain() call inside the
	conversion functions. Unfortunately, this causes local (user only)
	mailboxes to be considered conversion errors instead of just
	skipping them.

	Revert mbox_to_udomain() back to using a static buffer and pull back
	into the mutt_addrlist_to_local/intl() functions.

	Pass the user and domain into the conversion functions instead of
	the address.

2015-11-24 15:49 -0800  Kevin McCarthy  <kevin@8t8.us>  (0d7ce56bbafd)

	* mutt_idna.c: Add user reversibility check in intl_to_local.

	This ensures we don't lose information by converting to the local
	charset.

2015-11-24 15:49 -0800  Kevin McCarthy  <kevin@8t8.us>  (935c779db0ea)

	* smtp.c: Implement SMTPUTF8 capability support in smtp.c

	This is patch 4 of 4 implementing support for SMTPUTF8 (RFC 6531).

	RFC6532 support already worked: rfc822*.c already parsed messages in
	exactly the way RFC6532 wants.

	Thanks for Arnt Gulbrandsen for the original patch.

2015-11-24 15:49 -0800  Kevin McCarthy  <kevin@8t8.us>  (151ff413e21a)

	* init.h, mutt.h, mutt_idna.c: Add option 'idn_encode'; rename option
	'use_idn' to 'idn_decode'.

	This is patch 3 of 4 implementing support for SMTPUTF8 (RFC 6531).

	Add an option to control whether international domains are encoded
	with IDN or not. This defaults to set, for backward compatibility.

	Rename the use_idn option to idn_decode, since that more properly
	reflects its purpose.

2015-11-24 15:49 -0800  Kevin McCarthy  <kevin@8t8.us>  (831abf39d53a)

	* mutt_idna.c: Rewrite address local-to-intl conversion functions.

	This is patch 2 of 4 implementing support for SMTPUTF8 (RFC 6531).

	Perform charset conversion from local to UTF-8 for both the user and
	domain parts of the address.

	If IDN is enabled and the options (added in the next patch) are
	turned on, encode/decode the domain part.

	Use the intl_checked and is_intl status bits to record the
	intl/local status of the ADDRESS mailbox part.

2015-11-24 15:49 -0800  Kevin McCarthy  <kevin@8t8.us>  (814ece9689cc)

	* Makefile.am, alias.c, commands.c, compose.c, configure.ac, edit.c,
	init.c, main.c, mutt_idna.c, mutt_idna.h, query.c, recvcmd.c,
	rfc822.c, rfc822.h, send.c, sendlib.c: Rename idna functions and
	bits for smtputf8 changes.

	This is patch 1 of 4 implementing support for SMTPUTF8 (RFC 6531).

	Change mutt_idna.c to be always compiled. Remove the stub functions
	in mutt_idna.h. Instead, put #ifdefs around the idna function calls.
	The conversion functions will be fixed up in the next patch.

	Rename the conversion functions to mutt_addrlist_to_intl() and
	mutt_env_to_intl(). Rename the ADDRESS idna status bits to "intl"
	status bits.

2015-11-21 15:28 -0800  Kevin McCarthy  <kevin@8t8.us>  (e635ce43b001)

	* imap/browse.c: Remove redundant mbox delimiter check in
	imap_browse(). (closes #3646)

	imap_fix_path() removes duplicate and trailing delimiters, so the
	check below it was redundant. This also made it appear list.delim
	could be used uninitialized.

	Remove the check, but add a check to make sure the "fixed" path has
	len>0, to prevent oob accesses of mbox[n-1] below.

	Lastly, remove a redundant n=strlen(mbox) inside the initial LIST
	processing loop. The mbox isn't changed from above, so there is no
	need to rerun strlen.

2015-11-18 16:14 -0800  Kevin McCarthy  <kevin@8t8.us>  (444f1f013f1b)

	* enter.c: Fix memcpy buf=NULL/len=0 issue in replace_part(). (closes
	#3790)

	Calling memcpy with src or dest=NULL is technically illegal, even if
	len=0. Recent compilers seem to now be generating warnings/errors
	with this.

	replace_part() is currently the only place we are getting bug
	reports, so for now just fix the problem in this one place.

2015-11-09 18:53 -0800  Kevin McCarthy  <kevin@8t8.us>  (c799162691b2)

	* pattern.c: Improve error messages for eat_date() and eat_regexp().

	After calling mutt_extract_token(), s->dptr will typically be at the
	end of the string if an error occurred. Save a pointer to the
	beginning of the expression, so it can be properly displayed in the
	error message.

	Convert eat_date() and eat_regexp() to use the same iconv strings
	for the error message.

2015-11-09 15:40 -0800  Kevin McCarthy  <kevin@8t8.us>  (1c151d8800de)

	* curs_lib.c, lib.h, pattern.c, rfc2047.c, rfc822.c: Fix possible
	unintentional '\0' strchr matches.

	After fixing the ticket 3787 strchr issue, this patch cleans up
	other potentially incorrect uses of strchr for the '\0' case.

	In mutt_multi_choice(), mutt_getch() can technically return 0.
	Although it seems the user would have to try quite hard to do this,
	it's incorrect to return that index into letters. Change "ch.ch==0"
	to be considered the same as an abort.

	is_email_wsp() is used in a couple places where it wasn't obvious
	whether '\0' was being accounted for, so add an explicit check to
	the function.

	Inside eat_date(), if mutt_extract_token() had no input and returned
	"", the strchr ("<>=", buffer.data[0]) below would return a pointer.
	In actuality, this is prevented by an empty parameter check inside
	mutt_pattern_comp(), but it doesn't hurt to make it the same as
	eat_regexp() and have the check explicitly done here too.

	rfc2047_encode() was another borderline case for adding a check. The
	convert_string() sets a length, so it seems highly unlikely that *t
	could be 0, but doesn't hurt to add the check.

	The find_encoded_word() fix looks necessary. If the passed in s was
	something like "=?charset?" (followed by EOS, '\0'), the
	strchr("BbQq", q[1]) would in fact return a pointer and the
	following q[2] would read past the end of string. If q[2] happened
	to be '?', it might even continue reading in the for loop below.

	Lastly, in parse_mailboxdomain(), the potential overread was already
	fixed in changeset:a6919571eb59, but although the nonspecial and
	special strchr() line happens to "work" for the case of '\0', it's
	pretty fragile to leave as is. It's better to be explicit and just
	return if we hit EOS without calling next_token().

2015-10-20 17:59 +0200  Vincent Lefevre  <vincent@vinc17.net>  (17991330c086)

	* po/fr.po: Updated French translation.

2015-10-18 20:05 +0800  Kevin McCarthy  <kevin@8t8.us>  (41af5a753d6f)

	* merge stable

2015-10-18 19:45 +0800  Kevin McCarthy  <kevin@8t8.us>  (a6919571eb59)

	* rfc822.c: Fix next_token() oob read. (closes #3787)

	With specially crafted input to 'mutt -H', the line "Return-Path:<()
	" is read and passed to mutt_parse_rfc822_line(). "<() " is then
	passed through to rfc822_parse_adrlist().

	Eventually, inside next_token(), is_special(*s) is called when s
	points to the end of the string ('\0'). This macro calls strchr,
	which will actually match and return a pointer to the trailing '\0'
	in RFC822Specials! This causes "s + 1" to be returned, skipping past
	the end of string inside parse_mailboxdomain().

	This patch adds a check to make sure *s is non-null before calling
	is_special(*s).

2015-10-17 11:15 +0800  Kevin McCarthy  <kevin@8t8.us>  (19c3406fbad9)

	* compose.c: Fix error message for attach-message. (closes #3785)

	Currently if mx_open_mailbox() fails when trying to attach a
	message, mutt_perror() is called. Change this to call mutt_error()
	instead, since errno isn't set for all failure cases.

2015-10-08 13:17 +0200  Vincent Lefevre  <vincent@vinc17.net>  (7aa4e6fc6884)

	* po/fr.po: Updated French translation.

2015-10-04 10:08 +0800  Kevin McCarthy  <kevin@8t8.us>  (a07e8215a0ef)

	* browser.c, commands.c, curs_lib.c, curs_main.c, keymap.c, menu.c,
	mutt.h, mutt_curses.h, mutt_ssl.c, mutt_ssl_gnutls.c: Create a
	separate macro/push/exec event buffer. (closes #3779)

	Currently, the SSL and TLS certficate prompts turn on
	OPTUNBUFFEREDINPUT, (to prevent macros and such from running right
	through the dialog). Unfortunately, the menu dialog processing in
	menu_dialog_dokey() is using mutt_ungetch() to forward non-dialog
	keys on to standard menu processing. With OPTUNBUFFEREDINPUT set,
	those keys never make it to the menu and are buffered until after
	the menu dialog.

	This patch creates a new event buffer, separate from the standard
	"unget" buffer, for use by macros, exec, and push events. These
	events can be temporarily ignored by setting OPTIGNOREMACROEVENTS
	(renamed from OPTUNBUFFEREDINPUT), while continuing to allow unget
	events to be processed.

	Since the "push" and "unget" functions now go to different buffers,
	function names were slightly renamed, to make it less easy to
	unintentionally use the wrong function at the wrong time.

2015-10-04 10:08 +0800  Kevin McCarthy  <kevin@8t8.us>  (ac156dcc2c54)

	* menu.c, mutt_ssl.c, mutt_ssl_gnutls.c: Fix menu type in certificate
	prompt. (see #3779)

	The menu type is used in several places as a direct index into
	Keymaps[], so passing in -1 to mutt_new_menu() was leading to
	illegal memory accesses later on.

	Add a range check in mutt_new_menu(), defaulting to MENU_GENERIC, to
	prevent this problem in the future.

2015-10-01 15:38 +0800  Kevin McCarthy  <kevin@8t8.us>  (9de2f1c6da87)

	* compose.c: Improve prompt when switching between PGP and S/MIME.
	(closes #3777)

	Only prompt when encrypt or sign is enabled.

	Also, improve oppenc to run and refresh the status when switching.

2015-09-30 11:25 +0800  Kevin McCarthy  <kevin@8t8.us>  (909dfe9878ff)

	* smime.c: Fix chomp in smime_handle_cert_email.

	During a review of the previous patch, Oswald Buddenhagen noticed
	two of the fixed oob reads had another problem: they were "chomping"
	(the newline) without verifying there actually was a newline at the
	end of the string.

2015-09-30 11:25 +0800  Kevin McCarthy  <kevin@8t8.us>  (d9142ca37afb)
