<<< Date Index >>>     <<< Thread Index >>>

Deletion of attachments broken in 1.5.13?



Hi all,

As far as I can tell, attachment deletion in signed messages is still
broken in 1.5.13. I cannot delete attachments from a signed,
non-encrypted PGP/MIME message ("Deletion of attachments from
encrypted messages is unsupported").

The problem was discussed on a Debian list in 2005 (see
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=302500) and the fix
was propagated to mainline Mutt. Here's the patch that was proposed at
the time (it is still in Mutt, modified only with regard to
parenthetic grouping):

----
 diff -u ../mutt-1.5.9/recvattach.c ./recvattach.c
 --- ../mutt-1.5.9/recvattach.c     2005-02-04 03:47:53.000000000 +0900
 +++ ./recvattach.c                 2005-04-19 22:54:26.000000000 +0900
 @@ -1069,7 +1069,7 @@
    }
  #endif
  
 -        if (WithCrypto && hdr->security)
 +        if (WithCrypto && (hdr->security & ~PGP_TRADITIONAL_CHECKED))
          {
            mutt_message _(
                "Deletion of attachments from encrypted messages is 
unsupported.");
----

However, I don't understand how this patch fixes the actual problem;
the PGP_TRADITIONAL_CHECKED mask apparently matches any signed or
encrypted message. Also, the bitwise not operator seems extraneous. I
applied the following patch to 1.5.13 (I expect it to apply to HEAD
unmodified), and it seemed to fix the issue: deleting attachments from
a signed, unencrypted message works correctly, while attempting to
delete attachments from encrypted messages (signed or not) is
correctly denied.

----
--- orig.recvattach.c   Tue Nov 28 16:27:34 2006
+++ recvattach.c        Tue Nov 28 16:56:00 2006
@@ -1087,7 +1087,7 @@
        }
 #endif
 
-        if (WithCrypto && hdr->security & ~PGP_TRADITIONAL_CHECKED)
+        if (WithCrypto && (hdr->security & ENCRYPT))
         {
          mutt_message _(
            "Deletion of attachments from encrypted messages is unsupported.");
----

Did I miss something, due to my lack of familiarity with Mutt's source
code, or is the above indeed correct?

-- 
David Haguenauer

Attachment: pgpu0UXjRBamV.pgp
Description: PGP signature