Mirrors/chatmail-core
1
0
Fork 0
mirror of https://github.com/chatmail/core.git synced 2026-04-20 06:56:29 +03:00
Code Issues Packages Projects Releases Wiki Activity
8,097 Commits 527 Branches 384 Tags
6dd2f16df14aa6fa717e6ddbb4e8065e9b7a4e14
Commit Graph

8097 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
link2xt
781d3abdb9 fix: make should_do_gossip() return true even if we send securejoin only to Alice 2024-03-04 21:10:04 +00:00
link2xt
78d01933ad fix: don't leak Group-ID in Message-ID 
Chat assignment based on In-Reply-To and References works good enough
even if the message cannot be decrypted.
 2024-03-04 21:07:10 +00:00
iequidoo
1a1467f7cf fix: Remove unsigned Chat-Group-* headers from Autocrypt-encrypted messages 
These headers are opportunistically protected, so if they appear in the unencrypted part, they are
probably added by a malicious server.
 2024-03-04 21:07:10 +00:00
link2xt
8d09291d1e fix: do not send Secure-Join-Group in vg-request 
Secure-Join-Group is only expected by old core in vg-request-with-auth.
There is no reason to leak group ID in unencrypted vg-request.
Besides that, Secure-Join-Group is deprecated
as Alice knows Group ID corresponding to the auth code,
so the header can be removed completely eventually.
 2024-03-04 21:07:10 +00:00
link2xt
4ccd2b8d02 fix: require that Autocrypt Setup Message is self-sent 2024-03-04 21:07:10 +00:00
iequidoo
794596ec69 fix: Don't log SecureJoin QRs 
Delta Chat mustn't write sensitive information to unencrypted log files in local storage.
 2024-03-04 21:07:10 +00:00
link2xt
3a787519b3 test: test that encrypted Message-ID overwrites X-Microsoft-Original-Message-ID 2024-03-04 21:07:10 +00:00
link2xt
c03e163ed2 fix: reject messages with protected From not corresponding to outer From 2024-03-04 21:07:10 +00:00
iequidoo
6cee295a5d fix: Don't treat forged outgoing messages as Autocrypt-encrypted 2024-03-04 21:07:10 +00:00
iequidoo
f0be7daae9 test: Add failing test on outgoing message forgery 
If a message is sent from SELF, but signed with a foreign key, it mustn't be considered
Autocrypt-encrypted and shown with a padlock. Currently this is broken.
 2024-03-04 21:07:10 +00:00
link2xt
0b279ec84e fix: make protected Message-ID take precedence over X-Microsoft-Original-Message-ID 2024-03-04 21:07:10 +00:00
link2xt
e919de78a3 fix: do not take Secure-Join-Auth from unprotected headers 2024-03-04 21:07:10 +00:00
link2xt
6ea675a12f fix: do not use Secure-Join-Group header 
Alice already knows which auth token corresponds to which group.
There is no need to trust Bob on sending the correct group ID.
 2024-03-04 21:07:10 +00:00
link2xt
b970ebe67a fix: do not compress SecureJoin messages 2024-03-04 21:07:10 +00:00
link2xt
3c4c701f9b fix: protect Secure-Join header 
Secure-Join header must come from protected headers
unless it is a "vc-request" or "vg-request".
 2024-03-04 21:07:10 +00:00
link2xt
01ac9c8b90 fix: ensure Autocrypt-Gossip is not taken from insecure headers 2024-03-04 21:07:10 +00:00
link2xt
f6de23738d build: increase MSRV to 1.74.0 
This is what updated dependencies require.

Also update Rust used to build manylinux wheels
from 1.72.0 to 1.76.0.
 2024-03-04 21:07:10 +00:00
link2xt
ddc2704278 chore: cargo update 2024-03-04 21:07:10 +00:00
link2xt
3d2b164c05 chore(deps): update mio to fix RUSTSEC-2024-0019 2024-03-04 21:07:09 +00:00
link2xt
2094bc3135 chore(deps): update buffer-redux to remove unmaintained safemem 2024-03-04 21:07:09 +00:00
holger krekel
acff8205e2 test: fix pytest compat (#5317) 
seems pytest_report_header has changed with pytest incompatible but we
don't need it anyway so we can just leave it out.
 2024-03-04 21:07:09 +00:00
link2xt
255400028a build: do not vendor OpenSSL when cross-compiling (#5316) 
Compilation of vendored OpenSSL inside Nix is broken since
<https://github.com/alexcrichton/openssl-src-rs/pull/229> due to build
script changes.

There is anyway no need to compile vendored OpenSSL as nixpkgs already
contains OpenSSL package.

This fixes `nix build .#deltachat-rpc-server-x86_64-linux` and similar
commands which are used during releases.
 2024-03-04 21:07:09 +00:00
Hocuri
d7615b223f feat(Self-Reporting): Report number of protected/encrypted/unencrypted chats (#5292) 2024-03-04 21:07:09 +00:00
dependabot[bot]
00fbf540c4 chore(cargo): bump tempfile from 3.10.0 to 3.10.1 
Bumps [tempfile](https://github.com/Stebalien/tempfile) from 3.10.0 to 3.10.1.
- [Changelog](https://github.com/Stebalien/tempfile/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Stebalien/tempfile/compare/v3.10.0...v3.10.1)

---
updated-dependencies:
- dependency-name: tempfile
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-03-04 21:07:09 +00:00
dependabot[bot]
288eccf722 chore(cargo): bump image from 0.24.8 to 0.24.9 
Bumps [image](https://github.com/image-rs/image) from 0.24.8 to 0.24.9.
- [Changelog](https://github.com/image-rs/image/blob/master/CHANGES.md)
- [Commits](https://github.com/image-rs/image/compare/v0.24.8...v0.24.9)

---
updated-dependencies:
- dependency-name: image
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-03-03 14:46:53 +00:00
dependabot[bot]
99ee769580 chore(cargo): bump textwrap from 0.16.0 to 0.16.1 
Bumps [textwrap](https://github.com/mgeisler/textwrap) from 0.16.0 to 0.16.1.
- [Release notes](https://github.com/mgeisler/textwrap/releases)
- [Changelog](https://github.com/mgeisler/textwrap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/mgeisler/textwrap/compare/0.16.0...0.16.1)

---
updated-dependencies:
- dependency-name: textwrap
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-03-03 08:01:51 +00:00
dependabot[bot]
345759d653 chore(cargo): bump syn from 2.0.48 to 2.0.52 
Bumps [syn](https://github.com/dtolnay/syn) from 2.0.48 to 2.0.52.
- [Release notes](https://github.com/dtolnay/syn/releases)
- [Commits](https://github.com/dtolnay/syn/compare/2.0.48...2.0.52)

---
updated-dependencies:
- dependency-name: syn
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-03-03 04:15:51 +00:00
link2xt
db0143f01a build: remove deprecated unmaintained field from deny.toml 2024-03-03 03:49:27 +00:00
link2xt
4da0c19766 test: fixup tests/test_3_offline.py::TestOfflineAccountBasic::test_wrong_db 2024-03-03 03:28:47 +00:00
link2xt
08247a5d37 refactor: build contexts using ContextBuilder 2024-03-02 17:19:50 +00:00
link2xt
ceadd8928e api: add ContextBuilder.build() to build Context without opening 2024-03-02 17:19:50 +00:00
dependabot[bot]
c3d96814ca chore(cargo): bump walkdir from 2.4.0 to 2.5.0 
Bumps [walkdir](https://github.com/BurntSushi/walkdir) from 2.4.0 to 2.5.0.
- [Commits](https://github.com/BurntSushi/walkdir/compare/2.4.0...2.5.0)

---
updated-dependencies:
- dependency-name: walkdir
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-03-02 17:08:47 +00:00
dependabot[bot]
c2953623b9 chore(cargo): bump serde from 1.0.196 to 1.0.197 
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.196 to 1.0.197.
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.196...v1.0.197)

---
updated-dependencies:
- dependency-name: serde
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-03-02 17:07:36 +00:00
dependabot[bot]
1907d1859e chore(cargo): bump anyhow from 1.0.79 to 1.0.80 
Bumps [anyhow](https://github.com/dtolnay/anyhow) from 1.0.79 to 1.0.80.
- [Release notes](https://github.com/dtolnay/anyhow/releases)
- [Commits](https://github.com/dtolnay/anyhow/compare/1.0.79...1.0.80)

---
updated-dependencies:
- dependency-name: anyhow
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-03-02 16:00:57 +00:00
dependabot[bot]
a1970e998f chore(cargo): bump log from 0.4.20 to 0.4.21 
Bumps [log](https://github.com/rust-lang/log) from 0.4.20 to 0.4.21.
- [Release notes](https://github.com/rust-lang/log/releases)
- [Changelog](https://github.com/rust-lang/log/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/log/compare/0.4.20...0.4.21)

---
updated-dependencies:
- dependency-name: log
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-03-02 16:00:33 +00:00
dependabot[bot]
1e9baefca0 chore(cargo): bump serde_json from 1.0.113 to 1.0.114 
Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.113 to 1.0.114.
- [Release notes](https://github.com/serde-rs/json/releases)
- [Commits](https://github.com/serde-rs/json/compare/v1.0.113...v1.0.114)

---
updated-dependencies:
- dependency-name: serde_json
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-03-02 15:59:55 +00:00
iequidoo
e16322d99d test: get_protected_chat(): Use FFIEventTracker instead of dc_wait_next_msgs() (#5207) 
The way it was implemented it threw out all remaining messages after finding the next incoming
message. Better use FFIEventTracker functions, they are used in all the tests anyway.
 2024-03-02 12:12:26 -03:00
dependabot[bot]
ecfe3898c6 Merge pull request #5311 from deltachat/dependabot/cargo/rusqlite-0.31.0 2024-03-02 03:12:56 +00:00
link2xt
5499ca52bf refactor: get rid of ImapActionResult 2024-03-02 01:31:29 +00:00
link2xt
4e8979f7c8 refactor: merge ImapConfig into Imap 2024-03-01 21:12:21 +00:00
dependabot[bot]
417db31098 chore(cargo): bump rusqlite from 0.30.0 to 0.31.0 
Bumps [rusqlite](https://github.com/rusqlite/rusqlite) from 0.30.0 to 0.31.0.
- [Release notes](https://github.com/rusqlite/rusqlite/releases)
- [Changelog](https://github.com/rusqlite/rusqlite/blob/master/Changelog.md)
- [Commits](https://github.com/rusqlite/rusqlite/compare/v0.30.0...v0.31.0)

---
updated-dependencies:
- dependency-name: rusqlite
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-03-01 21:11:09 +00:00
link2xt
cd9f6c3d5b ci: build c.delta.chat docs with nix 2024-03-01 20:28:20 +00:00
link2xt
07870a6d69 refactor(imap): remove Session from Imap structure 
Connection establishment now happens only in one place in each IMAP loop.
Now all connection establishment happens in one place
and is limited by the ratelimit.

Backoff was removed from fake_idle
as it does not establish connections anymore.
If connection fails, fake_idle will return an error.
We then drop the connection and get back to the beginning of IMAP
loop.

Backoff may be still nice to have to delay retries
in case of constant connection failures
so we don't immediately hit ratelimit if the network is unusable
and returns immediate error on each connection attempt
(e.g. ICMP network unreachable error),
but adding backoff for connection failures is out of scope for this change.
 2024-03-01 18:36:03 +00:00
link2xt
b08a4d6fcf ci: upload cffi docs without GH actions 2024-03-01 02:30:55 +00:00
link2xt
b3a82b416f ci: upload python docs without GH actions 2024-03-01 02:21:35 +00:00
link2xt
4e5d7fb821 ci: build Python docs with Nix 2024-03-01 02:00:53 +00:00
link2xt
1d73f97ef3 nix: add deltachat-time to sources 2024-03-01 01:58:11 +00:00
link2xt
f5601e7683 Merge pull request #5296 from deltachat/link2xt/imap-session 
refactor: move more methods from Imap into Session
 2024-02-29 02:29:52 +00:00
link2xt
0000c09ad3 fix(imap): allow maybe_network to interrupt connection ratelimit 
ratelimit can be exhausted quickly if the network is not available,
i.e. if every connection attempt returns "network unreachable" error.
When the network becomes available, we want to retry connecting
as soon as maybe_network is called without waiting for ratelimiter.
 2024-02-29 02:29:18 +00:00
link2xt
a83884d7e9 refactor(imap): require watch_folder for fake_idle() 2024-02-28 23:18:30 +00:00