Commit graph

4962 commits

Author SHA1 Message Date
cketti
6a6e9979e2 Fix potential ClassCastException
Implemented the fix suggested by zjw in pull request #463
https://github.com/k9mail/k-9/pull/463

Fixes issue 5928
2014-04-07 17:46:39 +02:00
cketti
16df038157 Merge pull request #464 from jca02266/master
Should match the buildToolsVersion with other build.gradle
2014-04-05 17:36:00 +02:00
Koji Arai
929a61c035 Should match the buildToolsVersion with other build.gradle 2014-04-05 12:57:28 +09:00
cketti
16ec0337d1 Fix building with ant 2014-04-01 02:50:12 +02:00
cketti
49dbaf034c Try to use the correct identity with OpenPGP API's EXTRA_ACCOUNT_NAME 2014-04-01 02:44:47 +02:00
cketti
cc8353d255 Merge pull request #457 from openpgp-keychain/openpgp
OpenPGP Provider API
2014-04-01 02:44:32 +02:00
Dominik Schürmann
6175c4c72d Use identity instead of account in MessageCompose, simplify account naming 2014-04-01 00:16:14 +02:00
Dominik Schürmann
71a8ffc2b5 Parcelable versioning, API_VERSION=3 2014-03-30 19:20:46 +02:00
Dominik Schürmann
3fb9cddb33 Fix gradle build 2014-03-26 23:05:45 +01:00
Dominik Schürmann
974a73b07d Use new account extra to allow multiple accounts 2014-03-26 22:11:19 +01:00
Dominik Schürmann
8f1723a451 Update openpgp library 2014-03-26 21:48:43 +01:00
cketti
5c93f105ea Avoid NullPointerException reported via Google Play 2014-03-23 00:39:10 +01:00
Joe Steele
bd4b7d3664 Issue 6280 -- SMTP Setup: ArrayIndexOutOfBoundsException: length=0; index=0
When the outgoing server settings don't require
authentication, userInfoParts.length == 0.
2014-03-20 10:56:02 -04:00
Joe Steele
95f62785fc Eliminate unused field/parameter 2014-03-20 09:47:43 -04:00
cketti
7e3ae3ca3d Merge pull request #458 from rtreffer/patch-2
Prevent a "Resource.NotFoundException" when building from AOSP tree
2014-03-19 23:09:40 +01:00
Rene Treffer
b17890251d Prevent a "Resource.NotFoundException"
AAPT is a bit too aggressive per default and will kill some needed resources (e.g. forward mail icon). Prevent AAPT from optimizing too much.
2014-03-19 23:06:32 +01:00
Joe Steele
b490773546 Include send failures in the K9mail-errors folder 2014-03-11 19:22:36 -04:00
Joe Steele
5162d847ad Build plugins and tests with SDK 19 2014-03-11 19:10:25 -04:00
Joe Steele
01d2247ffd Change POP3 error response detection
Instead of interpreting a "-" at the beginning of a line as
an error response, consider the absence of a "+" at the
beginning of a line as an error response.

This is what Thunderbird does.

http://hg.mozilla.org/releases/comm-esr24/file/55e96a433bd1/mailnews/local/src/nsPop3Protocol.cpp#l1177

The problem arises with godaddy servers spewing additional
lines of data upon login failure.  The login was being
interpreted as successful, and a STAT commanded was subsequently
being sent, resulting in a dialog saying 'Cannot connect to
server. (Invalid int: "auth_error:")'.

$ openssl s_client -quiet -crlf -connect pop.secureserver.net:995
...
+OK <24984.1394317012@pop.secureserver.net>
user testuser
+OK
pass testpass
testuser not found in the auth database
warning: auth_error: authorization failed (no such object)
-ERR authorization failed  Check your server settings.
2014-03-11 19:10:14 -04:00
Joe Steele
dc920b8641 Use the mApplication field in lieu of K9.app 2014-03-11 19:08:49 -04:00
Joe Steele
e475e51731 Rework handling of certificate errors while pushing
Eliminate import of MessagingController in ImapStore.
2014-03-11 19:08:09 -04:00
Joe Steele
a7898fa2eb Fix issue 6269: IMAP LOGIN failure
Some IMAP servers are broken and don't correctly handle string
literals with the LOGIN command.

This switches to using quoted strings instead.

This is what Thunderbird does.
2014-03-11 19:06:00 -04:00
cketti
18da76f4aa Increase number of values available for 'local folder size'
Fixes issue 6235
2014-03-09 05:49:11 +01:00
cketti
c2abfbe165 Exclude error folder from unread/starred count 2014-03-09 05:00:42 +01:00
cketti
e55feee952 Use latest Gradle Android plugin and build tools 2014-03-09 00:00:58 +01:00
Dominik Schürmann
fba406c29f Fix compilation with new lib 2014-03-07 23:34:23 +01:00
Dominik Schürmann
862d1267a8 rename library to avoid confusion and remove OpenKeychain specific intents 2014-03-07 23:07:11 +01:00
Dominik Schürmann
db62215eca Update OpenPgpApi 2014-03-07 11:25:24 +01:00
Dominik Schürmann
949f8ae47e Fix documentation and variable naming 2014-03-06 13:58:06 +01:00
cketti
902bd96f4a Bumped manifest to 4.903 2014-03-06 02:04:14 +01:00
cketti
c6f0a5897b Update changelog for 4.903 2014-03-06 01:59:31 +01:00
cketti
ef8fbb427e Fix typos 2014-03-05 07:18:24 +01:00
cketti
ab9968e71f Merge branch 'more-secure-by-default' 2014-03-05 07:17:59 +01:00
cketti
bc4218be55 Remove all entries without transport encryption from providers.xml 2014-03-05 07:07:43 +01:00
cketti
567ba9c712 Enable connection security by default when setting up an account 2014-03-05 06:47:59 +01:00
cketti
3ca03e8a9d Use SSL/TLS as fallback when importing server settings 2014-03-05 06:29:56 +01:00
cketti
ff5edf43d4 Merge branch 'pr/453'
Authentication changes

 message to explain why this merge is necessary,
2014-03-05 06:19:55 +01:00
cketti
617123c58b Remove SimpleX509TrustManager because it's no longer used 2014-03-05 06:03:06 +01:00
cketti
75fc76773d Make sure settings import doesn't degrade connection security
Rewrite the now obsolete values "SSL_TLS_OPTIONAL" and "STARTTLS_OPTIONAL"
 to their "*_REQUIRED" counterparts before import.
2014-03-05 05:32:00 +01:00
cketti
0a63466704 Add missing import 2014-03-05 04:16:57 +01:00
Dominik Schürmann
0f81cc192a Revert accedentially added signing options from build.gradle 2014-03-04 22:14:47 +01:00
Dominik Schürmann
6881daae6a Remove debug logs 2014-03-04 22:11:42 +01:00
Dominik Schürmann
f5b1ed920b Handle SIGNATURE_SUCCESS_UNCERTIFIED, code cleanup 2014-03-04 15:10:20 +01:00
Joe Steele
094318dacb Use buffered output streams for all output
POP3 already does this.

This is a more general solution to the problem
addressed in commit 8bfd6ca.
2014-03-03 17:31:26 -05:00
Joe Steele
df3eef0052 Fix the K9mail-errors folder
Error messages were not being put in the folder because of a problem with
how loopCatch was being handled.

It looks like this problem goes back to commit 5aea9e7.

Additional device info has been added to the error messages.

Also, now the feature is only enabled in debug mode.
2014-03-03 17:31:23 -05:00
Joe Steele
c8150a12fa Show account name in certificate error notifications
getName() shows the user's name from the first identity for the account.

What we really want is getDescription(), which is the account name that
shows in the account list.
2014-03-03 17:31:20 -05:00
Joe Steele
d67c054d4d Restart pushers after editing server settings
If an error occurs while connecting for push (for example, if the server's
certificate fails authentication), several more attempts will be made to
connect, then finally all attempts will cease.

This commit makes it so that pushers are restarted if the user goes in and
edits the server settings (presumably because the user was notified of a
problem and is attempting to fix it).  Without this, the user could fix
the problem and would still not receive email via push.
2014-03-03 17:29:54 -05:00
Joe Steele
9dc5338501 Eliminate WebDAV STARTTLS security choice
STARTTLS doesn't really apply to WebDAV and should never have been made
available as an option.

Pre-existing settings will be re-mapped to SSL/TLS.
2014-03-03 17:29:51 -05:00
Joe Steele
14a0a7a2a7 Provide notification if STARTTLS is not available 2014-03-03 17:29:48 -05:00
Joe Steele
daea7f1ecd Eliminate the 'if available' connection security options
These options originated in the AOSP email client from which K-9 Mail was
forked.  They provide an odd combination of 2 features:

1. Don't bother to authenticate the server's certificate (applies to both
SSL/TLS and STARTTLS); i.e., blindly accept all certificates.  This is
generally a bad security policy which is susceptible to MITM attacks.

2. If STARTTLS is selected but the server doesn't claim to support
STARTTLS, then proceed without using encryption.  This, too, is a bad
security policy which is susceptible to MITM attacks.

Since the time that K-9 Mail was forked, a couple things have changed:

> K-9 Mail has implemented the ability for users to review and permanently
accept individual certificates that would otherwise fail authentication.
With this ability, there is no need for a user to subject themselves to
the ongoing risks of feature 1. above.  Hence, this commit removes feature
1.

> The AOSP email client has changed its behavior and no longer permits a
security downgrade to an unencrypted connection if the server doesn't
claim to support STARTTLS (i.e., they eliminated feature 2. above). K-9
Mail should do the same.  It's unlikely that a server is going to provide
STARTTLS on an intermittent basis, so providing a contingency for such
unusual behavior is an unnecessary risk.  Hence, this commit removes that
feature as well.

Effect on existing users:

If the old connection security setting was "SSL/TLS (if available)" (which
now gets remapped to "SSL/TLS"), and the server does not provide a
certificate that can be authenticated, then a "Certificate error for
<account name>" notification is generated telling the user to check their
server settings.  Tapping the notification takes the user to the relevant
server settings, where the user can tap "Next" to review the certificate
and choose to permanently accept it.  This process would occur during the
first syncing of folders after application upgrade or (in the case of
SMTP) during the first attempt to send a message.

If the connection security setting was "STARTTLS (if available)" (which
now gets remapped to "STARTTLS"), and the server does not provide a
certificate that can be authenticated, then the same process as above
would occur.

If the old connection security setting was "STARTTLS (if available)", and
the server doesn't claim to support STARTTLS, then the user would get a
certificate error notification which would lead them to the server's
settings.  There they would need to choose a different connection security
-- most likely "NONE".  If they didn't change anything but instead just
tapped "Next", the server settings would be checked again and a dialog
would pop up saying, "Cannot connect to server. (STARTTLS connection
security not available)". (The implementation of notifications when
STARTTLS is not available is not actually included here -- it's in the
commit that follows.)

Regarding the changes to providers.xml:  in cases where the scheme ended
with "+ssl", the schemes were simply updated by appending "+".  In cases
where the scheme ended with "+tls", a check of the server was made to
assure that STARTTLS was available before appending "+" to the scheme.
Domains paran.com and nate.com failed the check and were removed because
no current information could be found.  Domains me.com and mac.com also
failed and were updated based on http://support.apple.com/kb/ht4864.
2014-03-03 17:23:00 -05:00