AddEditor acquires the lock and calls FocusEditor which also attempts to
acquire it. Since the lock is not re-entrant, it ends in deadlock.
Add an internal focusEditor fonction that does not acquire the lock.
Fixes: bf2bf8c242 ("compose: prevent out of bounds access")
Reported-by: Moritz Poldrack <moritz@poldrack.dev>
Signed-off-by: Robin Jarry <robin@jarry.cc>
Tested-by: Thomas Vigouroux <thomas.vigouroux@protonmail.com>
The algorithm is broken, there may be more than one header editor with
focused=true. Reset the focused flag before forwarding the mouse event
to the composer grid.
Signed-off-by: Robin Jarry <robin@jarry.cc>
Tested-by: Bence Ferdinandy <bence@ferdinandy.com>
The MouseEvent locks the composer, and also calls FocusEditor which
attempts to lock the composer. This results in a deadlock.
No need to call FocusEditor which takes a name as parameter and needs to
iterate over all editors to find the correct one. We already have the
headerEditor object, use it directly.
Fixes: bf2bf8c242 ("compose: prevent out of bounds access")
Signed-off-by: Tim Culverhouse <tim@timculverhouse.com>
Signed-off-by: Robin Jarry <robin@jarry.cc>
Fix the following panic, seen while switching accounts:
runtime error: index out of range [4] with length 4
goroutine 6 [running]:
git.sr.ht/~rjarry/aerc/widgets.(*Composer).Focus(0xc005cfbe30?, 0x40?)
git.sr.ht/~rjarry/aerc/widgets/compose.go:618 +0x51
git.sr.ht/~rjarry/aerc/widgets.(*Aerc).focus(0xc00034c000, {0x0?, 0x0})
git.sr.ht/~rjarry/aerc/widgets/aerc.go:568 +0xec
git.sr.ht/~rjarry/aerc/widgets.(*Aerc).BeginExCommand.func2()
git.sr.ht/~rjarry/aerc/widgets/aerc.go:590 +0x4c
git.sr.ht/~rjarry/aerc/widgets.(*ExLine).Event(0xc009453860, {0xbb6820?, 0xc009baa320?})
git.sr.ht/~rjarry/aerc/widgets/exline.go:81 +0xbc
git.sr.ht/~rjarry/aerc/widgets.(*Aerc).Event(0xc009ab1950?, {0xbb6820?, 0xc009baa320?})
git.sr.ht/~rjarry/aerc/widgets/aerc.go:285 +0x470
git.sr.ht/~rjarry/aerc/lib/ui.(*UI).ProcessEvents(0xc000327540)
git.sr.ht/~rjarry/aerc/lib/ui/ui.go:117 +0x202
created by main.main
git.sr.ht/~rjarry/aerc/aerc.go:244 +0x94c
Protect Composer.editable and Composer.focus with a mutex.
Reported-by: Bence Ferdinandy <bence@ferdinandy.com>
Signed-off-by: Robin Jarry <robin@jarry.cc>
Acked-by: Moritz Poldrack <moritz@poldrack.dev>
Extract some functionality of the composer constructor into a
account-specific setup function that can be used to implement account
switching.
Signed-off-by: Koni Marti <koni.marti@gmail.com>
Acked-by: Robin Jarry <robin@jarry.cc>
A race condition can occur when a PartViewer is closing and also working
on a draw. The closing process sets the terminal to nil, which will
create a panic. This can be tested in development by setting the timer
in the main aerc tick loop to something very low (1 ms for example).
One other unprotected call to terminal exists in the composer widget.
Check that the terminal is not nil before calling methods on it.
Signed-off-by: Tim Culverhouse <tim@timculverhouse.com>
Acked-by: Robin Jarry <robin@jarry.cc>
Some people are worried that they might leak their timezone and wish to
send their mails with the Date header in UTC. For this a new key is
added to the account sections to enforce sending in UTC instead of the
system's timezone.
Suggested-by: "Ricardo Correia" <aerc-lists.sr.ht@wizy.org>
Thanks: to Ricardo for checking and correcting my incorrect assertions
Signed-off-by: Moritz Poldrack <git@moritz.sh>
Acked-by: Tim Culverhouse <tim@timculverhouse.com>
Since the minimum required version of Go has been bumped to 1.16, the
deprecation of io/ioutil can now be acted upon. This Commit removes the
remaining dependencies on ioutil and replaces them with their io or os
counterparts.
Signed-off-by: Moritz Poldrack <git@moritz.sh>
Acked-by: Robin Jarry <robin@jarry.cc>
Error wrapping as introduced in Go 1.13 adds some additional logic to
use for comparing errors and adding information to it.
Signed-off-by: Moritz Poldrack <moritz@poldrack.dev>
Acked-by: Robin Jarry <robin@jarry.cc>
Apply GoDoc comment policy (comments for humans should have a space
after the //; machine-readable comments shouldn't)
Use strings.ReplaceAll instead of strings.Replace when appropriate
Remove if/else chains by replacing them with switches
Use short assignment/increment notation
Replace single case switches with if statements
Combine else and if when appropriate
Signed-off-by: Moritz Poldrack <moritz@poldrack.dev>
Acked-by: Robin Jarry <robin@jarry.cc>
Do not pass logger objects around anymore. Shuffle some messages to make
them consistent with the new logging API. Avoid using %v when a more
specific verb exists for the argument types.
The loggers are completely disabled (i.e. Sprintf is not even called)
by default. They are only enabled when redirecting stdout to a file.
Signed-off-by: Robin Jarry <robin@jarry.cc>
Acked-by: Moritz Poldrack <moritz@poldrack.dev>
When using multiple accounts, the contacts may be different. Allow using
specific address book commands per account.
Signed-off-by: Robin Jarry <robin@jarry.cc>
Acked-by: Moritz Poldrack <moritz@poldrack.dev>
Remove a header when it is empty.
Commit a253e89bda ("compose: prevent sending empty address list
headers") tried to avoid sending empty headers; but instead of deleting
the header, the empty string value was just ignored.
Fixes: https://todo.sr.ht/~rjarry/aerc/55
Signed-off-by: Koni Marti <koni.marti@gmail.com>
Acked-by: Tim Culverhouse <tim@timculverhouse.com>
This patch changes references to uiConfig in function signatures and
structs to be pointers.
Signed-off-by: Tim Culverhouse <tim@timculverhouse.com>
Acked-by: Robin Jarry <robin@jarry.cc>
Refactor the attachment handling process in the composer. The composer
can currently only handle attachments that are stored as files (or pgp
keys). This patch removes this limitation so that any message part can
be handled as an attachment. With this we can treat files, pgp keys and
message parts on an equal footing and it will enable us also to easily
forward attachments.
Signed-off-by: Koni Marti <koni.marti@gmail.com>
Tested-by: Tim Culverhouse <tim@timculverhouse.com>
Add error handling for messages that were unable to be encrypted.
Previously, messages that failed encryption would be sent with no
content. This patch adds error handling - when encryption fails, the
user is returned to the Review screen and instructed to check the public
keys for their recipients.
Reported-by: Moritz Poldrack <moritz@poldrack.dev>
Signed-off-by: Tim Culverhouse <tim@timculverhouse.com>
Acked-by: Moritz Poldrack <moritz@poldrack.dev>
Append text parts to emails in the composer as multipart/alternative.
Display the mime-type of the parts in the review window.
Signed-off-by: Koni Marti <koni.marti@gmail.com>
Acked-by: Robin Jarry <robin@jarry.cc>
Aerc was sending empty address list header fields (specifically CC by
default). This was causing DKIM failures in lists.sr.ht. RFC 5322 states
that an address field should consist of the field name and one or more
addresses, implying empty fields are not allowed.
Signed-off-by: Tim Culverhouse <tim@timculverhouse.com>
Acked-by: Robin Jarry <robin@jarry.cc>
Add compose command ("attach-key") to attach the public key associated
with the sending account. Public key is attached in ascii armor format,
with the mimetype set according to RFC 3156 ("application/pgp-keys").
Signed-off-by: Tim Culverhouse <tim@timculverhouse.com>
Tested-by: Koni Marti <koni.marti@gmail.com>
Add check for public keys of all message recipients (to, cc, and bcc)
before sending the message. Adds an OnFocusLost callback to header
editors to facilitate a callback for checking keys whenever a new
recipient is added (OnChange results in too many keyring checks).
Once encryption is initially set, the callbacks are registered. If a
public key is not available for any recipient, encryption is turned off.
However, notably, the callbacks are still registered meaning as s soon
as the user removes the recipients with missing keys, encryption is
turned back on.
Signed-off-by: Tim Culverhouse <tim@timculverhouse.com>
Tested-by: Koni Marti <koni.marti@gmail.com>
Check that the signing key exists when the user issues the :sign
command. The signing key ID will be displayed in the security status
also, allowing the user to see what key will be used to sign the
message.
Signed-off-by: Tim Culverhouse <tim@timculverhouse.com>
Tested-by: Jens Grassel <jens@wegtam.com>
Add a text row below the header editors to (persistently) display if the
current message will be signed, encrypted, or both. The display will
disappear if the message will not be signed or encrypted. The display
is visible on the reviewMessage screen as well
Signed-off-by: Tim Culverhouse <tim@timculverhouse.com>
Tested-by: Koni Marti <koni.marti@gmail.com>
The composer widget already has a reference to the AccountView object.
Get the UI config from it directly.
This completes commit 6edfbfa8ce ("aerc: use contextual ui styleset
for tabs/compose").
Fixes: https://todo.sr.ht/~rjarry/aerc/3
Signed-off-by: Robin Jarry <robin@jarry.cc>
Tested-by: Koni Marti <koni.marti@gmail.com>
This commit adds gpg system integration. This is done through two new
packages: gpgbin, which handles the system calls and parsing; and gpg
which is mostly a copy of emersion/go-pgpmail with modifications to
interface with package gpgbin. gpg includes tests for many cases, and
by it's nature also tests package gpgbin. I separated these in case an
external dependency is ever used for the gpg sys-calls/parsing (IE we
mirror how go-pgpmail+openpgp currently are dependencies)
Two new config options are introduced:
* pgp-provider. If it is not explicitly set to "gpg", aerc will default to
it's internal pgp provider
* pgp-key-id: (Optionally) specify a key by short or long keyId
Signed-off-by: Tim Culverhouse <tim@timculverhouse.com>
Acked-by: Koni Marti <koni.marti@gmail.com>
Acked-by: Robin Jarry <robin@jarry.cc>
This commit refactors the internal PGP implementation to make way for
GPG integration.
Signed-off-by: Tim Culverhouse <tim@timculverhouse.com>
Acked-by: Koni Marti <koni.marti@gmail.com>
Acked-by: Robin Jarry <robin@jarry.cc>
Also show commands that don't have a binding.
This allows users to see what's available to bind.
Signed-off-by: kt programs <ktprograms@gmail.com>
Acked-by: Robin Jarry <robin@jarry.cc>
Focusing header editors was hardcoded as integers which only worked with
the default ui. If a user changed the UI to, for example, put CC as a
field below "to", FocusSubject would focus the CC field instead of the
subject. This commit reuses and modifies the function FocusEditor to
generalize the focusing of header editors - which can now be called by
name via FocusEditor(name string)
Signed-off-by: Tim Culverhouse <tim@timculverhouse.com>
Acked-by: Robin Jarry <robin@jarry.cc>
This commit fixes all occurrences of the abovementioned lint-error in
the codebase.
Signed-off-by: Moritz Poldrack <git@moritz.sh>
Acked-by: Robin Jarry <robin@jarry.cc>
aerc.SelectedAccount() is used in lots of places. Most of them without
checking the return value.
In some cases, the currently selected tab is not related to any account
(widget.Terminal for example). This can lead to unexpected crashes when
accessing account specific configuration.
When possible, return an error when no account is currently selected.
If no error can be returned, fallback to non-account specific
configuration.
Signed-off-by: Robin Jarry <robin@jarry.cc>
Reviewed-by: Koni Marti <koni.marti@gmail.com>
Parse the actual user bindings to determine what shortcuts are available
in the compose::review stage. Add a predefined list of commands for
which we want to display the keyboard shortcuts.
Fixes: https://todo.sr.ht/~rjarry/aerc/14
Signed-off-by: Robin Jarry <robin@jarry.cc>
implements PGP/MIME encryption with go-pgpmail. The Encrypt() function of
go-pgpmail requires a list of public keys which are taken from the
keystore. The keystore is searched for the email addresses of all
recipients (to, cc, and bcc).
If you want to be able to read the encrypted email afterwards, add
yourself as a recipient in either to, cc, or bcc as well.
Public keys can be exported from gpg into aerc as follows:
$ gpg --export >> ~/.local/share/aerc/keyring.asc
When composing a message, the encryption is enabled with the
":encrypt" command. This sets a bool flag in the Composer struct.
A reapted application of this command will toggle the flag.
The encrypted message can also be signed by using the ":sign"
command before or after ":encrypt".
References: https://todo.sr.ht/~rjarry/aerc/6
Signed-off-by: Koni Marti <koni.marti@gmail.com>
implements PGP/MIME signing with go-pgpmail. The Sign() function of
go-pgpmail requires a private (signing) key. The signing key which matches
the senders email address (from field in email header) is looked up
in aerc's copy of the keyring.
Private keys can be exported from gpg into aerc as follows:
$ gpg --export-secret-keys >> ~/.local/share/aerc/keyring.asc
A message is signed with the ":sign" command. The sign command sets
a bool flag in the Composer struct. Using the command repeatedly will
toggle the flag.
References: https://todo.sr.ht/~rjarry/aerc/6
Signed-off-by: Koni Marti <koni.marti@gmail.com>
Replaces golang.org/x/crypto with github.com/ProtonMail/go-crypto
consistently and updates go-pgpmail to v0.2.0
Signed-off-by: Koni Marti <koni.marti@gmail.com>
New border-char-horizontal and border-char-vertical config settings in
aerc.conf allow users to modify border appearance from the default
1-wide/tall blank space. In stylesets, border.fg now affects the
foreground color when custom characters are defined.
Signed-off-by: Robin Jarry <robin@jarry.cc>
When composing a message, there is an empty fill line between the
headers and the text editor. The line is printed with the default style
which may cause users to assume it is part of the editor.
Display the fill lines with the border color to avoid confusion.
Signed-off-by: Robin Jarry <robin@jarry.cc>
Also update to the tcell v2 PaletteColor api, which should keep the chosen
theme of the user intact.
Note, that if $TRUECOLOR is defined and a truecolor given, aerc will now stop
clipping the value to one of the theme colors.
Generally this is desired behaviour though.
Prior to this commit, the composer was based on a map[string]string.
While this approach was very versatile, it lead to a constant encoding / decoding
of addresses and other headers.
This commit switches to a different model, where the composer is based on a header.
Commands which want to interact with it can simply set some defaults they would
like to have. Users can overwrite them however they like.
In order to get access to the functions generating / getting the msgid go-message
was upgraded.