iequidoo ebfbc11973 feat: Don't affect MimeMessage with "From" and secured headers from encrypted unsigned messages ...

If a message is encrypted, but unsigned:
- Don't set `MimeMessage::from_is_signed`.
- Remove "secure-join-fingerprint" and "chat-verified" headers from `MimeMessage`.
- Minor: Preserve "Subject" from the unencrypted top level if there's no "Subject" in the encrypted
  part, this message is displayed w/o a padlock anyway.

Apparently it didn't lead to any vulnerabilities because there are checks for
`MimeMessage::signatures.is_empty()` in all necessary places, but still the code looked dangerous,
especially because `from_is_singed` var name didn't correspond to its actual value (it was rather
`from_is_encrypted_maybe_signed`).

2023-12-01 19:06:11 -03:00

..

autoconfig

Parse multiple servers in Mozilla autoconfig

2020-08-23 22:15:06 +03:00

golden

fix: always add "Member added" as system message

2023-11-16 01:54:45 +00:00

image

fix: W/a sending images sent as stickers on some platforms (#4611)

2023-08-27 23:16:19 -03:00

key

Convert test keys from base64 to ASCII armor

2021-12-04 19:56:03 +03:00

message

feat: Don't affect MimeMessage with "From" and secured headers from encrypted unsigned messages

2023-12-01 19:06:11 -03:00

webxdc

restricted webxdc internet access (#3516)

2022-09-05 11:45:34 +02:00

spaces.html

fix: do not run simplify() on dehtml() output

2023-07-02 23:12:13 +00:00