Patches for Alpine

Alpine-Alpha version 2.19.3 available

Mon, 18 Nov 2013 10:55:23 MST

In this version

Alpine signed a message, but did not send the message that signed, making the signature not valid on the receiving end, and in the sent-mail folder.

Alpine-Alpha version 2.19.4 available

Fri, 27 Dec 2013 12:27:31 MST

I have not gotten to fix the problem on signing messages with attachments, but there have been many important changes since the last alpha release. Here is the list of changes in this version

new address alpine-count@patches.x10host.com for counting users of Alpine.
When writing the .pinerc file, lines could not be longer than 10,000 characters, or else this caused corruption in the .pinerc data. Now they are allowed to be of any size.
Fix a problem that made Alpine remove files before they were open by the viewer. It requires that the user has an equivalent to a command such as "ps auxww" to list the list of processes. The default is "/bin/ps auxww", but it can be changed at compile time with the option --with-ps-cmd.
Remove -lregex from linker flags when building --with-supplied-regex.
Fix _INIT_ token for reply quote string to include support for 8-bit in personal names.

Patches for Alpha versions of Alpine

Sat, 08 Feb 2014 23:07:46 MST

I have updated all patches for version 2.19.4. I have not updated their descriptions, and still have much updates to make to the main page for alpha patches, but they are all available at the Alpha patches page

New Toggle Command in Patched Alpine

Sat, 08 Feb 2014 23:32:11 MST

One of the problems that I had integrating patches in version 2.11 was that I had run out of subcommands of the ^W command in Pico, to integrate the new search backwards command. After some testing, the following made sense to me.

Just as before, the ^W ^N command to reinsert the search pattern, and the ^W ^X command to delete to the end of a file will remain as they are. I believe these patches are more popular than the ^W ^P feature that is used to delete a paragraph in Pico. If new subcommands were added after these commands it would only be possible to add prompt editing commands to the ^W command (such as delete a character, delete until the end of line, etc.), so in order to avoid this, and in order to keep the old commands as closely as to what they used to be, I decided to make the ^J command the toggle, and so in order to delete a paragraph one just needs to push ^W ^J ^P.

What about backward search? bacward search is activated with the ^W ^P command. That is, ^W searches forward, but ^W ^P searches backward. In fact, ^P is a toggle between backward and forward search, so ^W ^P ^P searches forward, while ^W ^P ^P ^P searches backward, etc. The new backward search command will be in the main release, and will appear in version 2.19.5.

Alpine-Alpha version 2.19.5 released

Sun, 09 Feb 2014 15:23:22 MST

New in this release

Add backward search support for Pico and file browser.
check bounds and tie strings off to improve security. Contributed by James Jerkins.
Alpine crashed when a user attempted to add a folder collection, due to bug in GET_NAMESPACE in imap4r1.c.
Add .pine-crash to man page.
Style tag in html body causes all text to disappear until we find a tag.
Shorten name of temporary file for a mailcap command.

Alpine-Alpha version 2.19.6 released

Sat, 15 Feb 2014 22:37:42 MST

New in this release

Fixes to documentation to update old washington.edu/alpine site for alpineapp.email/alpine/. Work in progress.
prototype function tigetstr in pico/osdep/terminal.c
folders encoded in modified utf7 are transformed their names to a human readable utf8.
New attempt to fix smime support in Alpine. Messages sent by alpine with or without attachments should validate in all servers and in all folder formats.

Alpine-Alpha version 2.19.7 released

Mon, 17 Feb 2014 01:16:55 MST

New in this release

Encrypted and signed messages sent by Thunderbird did not validate.

Alpine-Alpha version 2.19.8 released

Sun, 09 Mar 2014 16:17:49 MDT

Forwarding messages with attachments of content-type multipart, failed when attempting to sign it, with and "Error writing pipe" error.
Using a .pinerc file outside the home directory made Alpine not find the .alpine-smime directory with certificates.
Configuration screen for S/MIME adds ability to manage certificates. (currently available to users who manage certificates in directories, not in containers, which will be available in the next alpha release.)

Alpine-Alpha version 2.19.9 released

Wed, 09 Apr 2014 00:10:18 MDT

Fixes bug in 2.19.8 that would make Alpine fail to build in Windows.
S/MIME configuration screen would deinitialize smime, not allowing it to send encrypted or signed messages.
Add documentation for /loser option in definition of external servers.
crashing bug in certificate management screen due to a BIO_free() call of memory that had not been allocated.
When the password file is decrypted, smime is inited. If smime is inited before the .pinerc is read, some values might not be correctly set.
When a password file exists, and S/MIME is enabled, encrypt it by either using an existing key/certificate pair. The key is saved separately in ~/.alpine-smime/.pwd, or in the directory specified by the -pwdcertdir command line option.

Alpine-Alpha version 2.19.10 released

Wed, 09 Apr 2014 16:57:15 MDT

No more .lzma versions will be distributed. This will make it easier to upload new versions in the future.
patch by Sam Hathaway to make web alpine build when debug is turned off.
Version 2.19.9 would not build if passfile was not defined.

Alpine-Alpha version 2.19.11 released

Fri, 18 Apr 2014 01:14:00 MDT

Set default ssl configuration for Homebrew in MAC OSX to /usr/local/etc/openssl,
Add management certificate support for containers.
Fix crashing bugs introduced in version 2.19.9, which did not allow alpine to start with the -passfile and use a remote pinerc. Reported by Ulf-Dietrich Braumann.
fix a bug which was introduced in version 2.19.9, where Alpine would free a certificate associated to a key after encryption, and so this could not be used during decryption. We use X509_dup to copy the cert and so make the copy be freed, and not the original.
S/MIME: sign messages using intermediate certificates when needed and possible.

The next few weeks

Sat, 19 Apr 2014 22:07:03 MDT

We are getting closer to a new release of Alpine. The focus of this release has been to improve S/MIME support in Alpine. We have added new features, such as certificate and key management screen, inclusion of intermediate certificates in signed messages, correct check of signed and encrypted messages sent by Thunderbird. The one missing piece is the check of signed messages that are valid.

The main problem we are having with signed messages is that some IMAP servers transform the message when they send it to the client. Alpine only asks for the parts that are needed to verify the signature and these are changed by the server, from the original message, that is, the server processes the message, and sends what is asked for from what is processed, not from reading it from the message. Alpine in contrast keeps pointers to the places in the message that it can find the requested information, and so Alpine will always send the information to validate signatures from the message itself.

However, this is not the end of the story. If one were to save a message that does not validate to a local folder, the message would validate when read in the local folder. This means that all we have to do in order to validate messages is to download them, and check them locally. This might not be the best solution, but there is no other way to do it. There is no IMAP command for the server to check the signature, and the information is not sent correctly from the server to the client. As a result, I will concentrate my efforts in adding this type of validation in the next alpha release. Once this validation is done, I will start to wrap up development for this release, fix all bugs I can find and release Alpine 2.20.

If you have any other suggestions for development, or bugs to report please do so. I will be happy to look at them before we move to the development cycle.

Alpine-Alpha version 2.19.12 released

Mon, 21 Apr 2014 00:37:30 MDT

New in this release:

S/MIME: validation of signed messages in servers that modify content that is needed for validation.

This release marks the end of the development cycle. This means that further alpha releases will contain fixes to bugs present in the current alpha releases, or improvement to currently existing features. I do not plan to add any new features (meaning, I am not planning on doing it, but could do it if I find it necessary). Once I have reached a stable version, I will release version 2.20.

Alpine-Alpha version 2.19.99 released

Fri, 25 Apr 2014 17:36:35 MDT

This release fixes issues found in previous releases:

When downloading a signed message, and processing it, we use body->nested.part instead of b->nested.part in the do_detached_signature_verify function, and save its body and mime headers in create_local_cache. Now all signed messages should verify correctly.
Protect against potential crash bug in write_passfile function by checking if text != NULL. text can only be null if there are no passwords to save. We assume we could get write_passfile called with null arguments, so this is just to protect that.
Add handling of corner cases to several functions by initializing some variables. Reported and patched by James Jerkins.
When selecting the certificate/key pair to encrypt/decrypt the password file choose it in this order:
- if -pwdcertdir is given look for certificates there, if nothing there, we bail out;
- otherwise we look in the default directory, if anything there and it matches to be a key/cert pair, we use it;
- otherwise we check if smime_init() has been called. If not we call it;
- we check if a key/cert pair has been found with smime initialized, if so, use it and copy it to the default directory;
- if not, check if there is anything in the default smime directories (.alpine-smime/private and .alpine-smime/public), and in this case copy it to the default.
- otherwise we bail. We will eventually create a certificate/key pair for the user;
- finally, if we called smime_init(), we call smime_deinit().
Throughout this process, if smime_init() was not called before we tried to get the cert/key pair we exit this process without ps_global->smime->inited set, so that other process that need to call smime_init() get the right structure initialized. This is done because we might pick a cert/key pair to decrypt the password file.

Alpine-Alpha version 2.19.991 released

Fri, 02 May 2014 19:12:00 MDT

New in this release:

Create help for explaining how encrypted password file support works.
When a message is sent encrypted, add the sender certificate so that the sender can decrypt it too.
When a message is signed and encrypted, first sign it and then encrypt it. This changes the usual order of encrypting and then signing, and it has the shortcoming of making bigger messages. However, this is the way that most clients work with S/MIME, and so for compatibility with other programs, we will send signed, then encrypted, instead of encrypted, then signed. Hmm... should we sign the encrypted part?
Avoid the first RSET smtp command, as this causes delays in some evily managed servers.

Alpine-Alpha version 2.19.999 released

Sat, 17 May 2014 16:57:57 MDT

This release fixes problems found in previous pre-releases as well as problems in version 2.11 that were reported while this version was being developed.

New in this release:

Introduce the option "Validate Using Certificate Store Only", and make it the default. This will make Alpine check for the validity of signatures in certificates that a user has installed in their system, and not in the certificates that come with the message. A user can override this, although is not recommended, by disabling this feature.
When viewing a signed message, the ^E command would present an empty screen or Alpine would crash because when Alpine would get the PKCS7 body of the message from body->sparep, it would not decode it properly due to the new way in which the sparep pointer is encoded that was introduced in version 2.19.991.
When a signed message is forwarded, the message might not be filtered correctly, and mime information might make it into the body of the forwarded message. In order to produce this, the message must be forwarded from the index screen and not be opened. The reason why this makes a difference is because opening a signed message changes its body structure. The reason why a person could forward a message before reading it is because the person could already be aware of the content of the message (e.g. the message is in the sent-mail folder).
When a message fails to validate and the body is saved from the server for validation, be careful in the way that body part pointers are set, in order to do this we split the mail_body function into two parts, one that gets the body, the other that gets the section of the body. The new function that gets the section of the body (mail_body_section), is used to assign pointers of the reconstructed new body.
When a container has not been defined, transferring messages to a container will succeed, and the name of the container will be written on screen.
When Alpine is receiving the envelopes from an imap server, it attempts to generate the index line immediately; while doing so it might need to compute a score, and for this, it might need to go back and do some operation in the same imap server. In this case, Alpine will crash with a "lock when already locked" message. In order to avoid this crash, a new check in match_pattern was added to Alpine to avoid the second trip to a server that is busy sending us envelopes. Reported by Peter Koellner.
Update copyright notice in mswin.rc and pmapi.rc, as well as first time user notice and special request notice.
Alpine cannot handle correctly some characters in the Windows-1256 character set, which might lead to a crash or a corruption in the screen. Work was done to contain the bug. A more complete fix will be done in a future release. Reported by Professor Robert Funnell.
Decode the name of attachment names, so they can be written as part of the description of the part.
When transferring certificates to a local container, create container with default names PublicContainer, PrivateContainer and CAContainer, as appropriate for these files, unless the user has provided some other names.

Alpine-Alpha version 2.19.9991 released

Sun, 01 Jun 2014 01:16:54 MDT

I am working on creating a system that will allow users to keep old certificates and keys in use, while updating to new ones. I do not expect this will be a short amount of work, so I am releasing what I have done so far in other features.

New in this release:

S/MIME Alpine would compute incorrectly the signature of a message that contains 8bit if the option "Enable 8bit ESMTP Negotiation" is enabled, the message contains 8bit characters and the smtp server supports 8bit sending.
Crash while redrawing S/MIME configuration screen when importing a certificate
When forwarding a message before opening it, the message might not be found. The problem is in the forward_body function, where the section of the body is not correctly set in all instances.
When forwarding a signed message Alpine might forward the message as a multipart message, instead of just selecting the body of the message. Change to forward the signed part only. This aligns Alpine with what it does when it replies to a similar message.

Alpine-Alpha version 2.19.9992 released

Fri, 20 Jun 2014 23:32:24 MDT

Even though my intention was to release version 2.19.9999 with several improvements in the way Alpine manages S/MIME certificates, I have not gotten there yet, so I am releasing what has changed since the last pre-release.

New in this release:

New version 2.19.9992
Alpine would not parse options from the command line, such as -patterns-filters2, correctly.
Add /usr/local/include as a path to find include and libs files for openssl in FreeBSD.
Management certificate screen now prints, in addition to the e-mail address of the owner of the certificates, the dates of validity and the MD5 hash of such certificates.
crash when processing message/rfc822 attachments that are encoded in base64.
Openssl: if /usr/local/ssl exists, assume that this is the intended place where ssl libraries, include files and certificates are located. Typically, distributions do not use this directory, so its existence indicates that Openssl has been specially installed there, so it is probably a preferred place to get the system Openssl files.
Postponed messages whose content-type is text/html, text/enriched and text/richtext are sent with that content-type, even though, after resuming composition, Alpine had changed its type to text/plain.
Some HTML tags like BR and HR are recognized as such if followed by a slash.

Alpine-Alpha version 2.19.9993 released

Sun, 07 Dec 2014 20:59:57 MST

I am working in creating a backup system for certificates. It is incomplete, but many problems in version 2.19.9992 are fixed, and a new feature is added. See below for details.

New in this release:

new version 2.19.9993
Compilation error of module pith/reply.c if SMIME is not defined (as in Windows Alpine). There was a misplaced parenthesis.
Update to S/MIME to explain how to use a PKCS12 certificate in Alpine.
Fix error in compare_certs function, that would modify the name of the certificates after sorting them, and return when no certificates are given.
When replying to several messages, subject will be decoded first, and then stripped from re/fwd before they are compared to determine the subject of the replied message.
Add $(LIBINTL) to the flags to link rpdump, rpload, alpined and alpineldap because MAC OSX 10.8 x86_64 needs it.
When the download of an attachment is interrumpted, Alpine stills caches what was downloaded, making the download incomplete for subsequent calls of Alpine attempting to open the attachment. In the future, Alpine will not cache any downloaded part of the attachment when it is interrupted.
Aggregate operations allows bouncing a list of messages using a role. Suggested by Ulf-Dietrich Braumann.

Alpine-Alpha version 2.19.9999 released

Wed, 07 Jan 2015 21:29:48 MST

This is the last prerelease of Alpine before version 2.20 is released.

New in this release:

new version 2.19.9999
crash on importing certificates that do not have an email address associated to them, such as those of a Certificate Authority.
Disable saving new passwords to the password file. Implemented by Louis Raphael from dpslabs.com.
Panda IMAP does not decode correctly Korean text encoded in UTF-8. Reported by Chulho Yang.

Alpine 2.20 Released!

Fri, 15 Jan 2015 10:30:02 MST

Dear Alpine Enthusiasts,

I am proud to announce the release of Alpine 2.20. This is a continuation of the old Alpine project developed by the University of Washington until 2009. Alpine 2.20 is based on version 2.11, released in August 2013, and is released under the Apache License version 2.0.

The official release is available at

http://alpineapp.email/alpine/release/

where you can find the full source code and a precompiled version for Windows, PC-Alpine 2.20. As usual, please test it by yourself before putting it into production use.

This version brings many new features and bug fixes. We have upgraded the underlying c-client library from UW-IMAP to Panda IMAP. An important step was taken to improve S/MIME support by clearing several bugs that existed in the verification of signed and/or encrypted messages and adding many new features, including a new key and certificates management screen.

Mac OS X users will enjoy an easier build process than in previous releases, as the configure script has been improved to detect the location of the ssl library and certificates. For unix users that need password file support and have configured S/MIME support, their password file will be encrypted using their certificate and private keys. A copy of the key and certificate pair needed to encrypt and decrypt your password file is kept in a separate directory to avoid accidental substitution which might make the password file undecryptable.

There are many more additions and bug fixes for this release. The list is long enough that it would be inappropriate to add it to this notice, but it can be found in its entirety at

http://alpineapp.email/alpine/release/

More importantly, I would like to thank to the many people that have provided feedback, advice and tested patiently early code for these releases. Their contribution has made this release much better I could have envisioned. In particular, I would like to thank Dr. Ulf-Dietrich Braumann, who has provided many contributions to this project, including providing the Windows(R) binaries of this release.

I would also like to invite everyone who is not part of the Alpine community to join it and help make this great program even better.

Thank you.

Alpine-Alpha version 2.20.1 released

Sun, 25 Jan 2015 21:13:18 MST

The purpose of this alpha release is to test some bug fixes found in the release of version 2.20.

What to expect in this release

new version 2.20.1
Ignore message from smtp server after a successful authentication challenge.
Alpine would not set include and lib paths for OpenSSL if this was installed in /usr/local/ssl.
If the .pinerc file is a symbolic link, Alpine might not write its contents when saving its configuration.
The _INIT_ token does not skip over non-alpha numeric characters in the name. Reported by Andreas Fehr.
If SSLDIR is defined somehow, do not disable S/MIME if the SSLCERTSDIR is not found.
Mismatch in size of UCS and CELL caused a corruption in the content of a pointer, which made the speller in PC-Alpine get the content of a word incorrectly.
Skip testing openssl compatibility version when cross-compilation is detected. Fix contributed by Antti Seppala.

Patched Alpine-Alpha version 2.20.1 Uploaded

Wed, 28 Jan 2015 00:10:54 MST

I have updated all patches for version 2.20.1, and Dr. Ulf-Dietrich Braumann has provided a build for the windows version of it. Enjoy it!

Alpine-Alpha version 2.20.2 Released

Sat, 28 Feb 2015 15:51:46 MST

The purpose of this alpha release is to test some bug fixes found in the release of version 2.20.

What to expect in this release

new version 2.20.2
Further enhancement to the configure script in finding the location of the SSL include and library files, when they are installed in th e default location by openssl.
When Alpine sends an attachment, it will set the boundary attribute in lower case, as some SMTP servers, such as those of libero.it reject messages if the boundary attribute is in uppercase.
Alpine fails to remove temporary files used during a display or sending filter. Fix contributed by Phil Brooke.
SMIME: Crash when checking the signature of a message that contains a RFC822 attached message. Reported by Holger Trapp and Bjorn Krellner.

Alpine-Alpha version 2.20.3 Released

Sun, 15 Mar 2015 22:56:51 MDT

What to expect in this release:

new version 2.20.3
SMIME: If a message contains a RFC822 atachment that is signed/decrypted add the ability to view its SMIME information.
SMIME: The ^E command that gives infromation on the certificate is only available for messages that have a signed or encrypted part.
Fix vulnerability in regex library. This only affects those who use this library, such as the windows version of Alpine. See < A href="http://www.kb.cert.org/vuls/id/695940" > http://www.kb.cert.org/vuls/id/695940.
HTML: Add support for decoding entities in hexadecimal notation. Suggested by Tulipant Gergely.
Pico: Add the ability to search for strings in the beginning or end of a line. In the search menu, pressing Ctrl-^ toggles the prompt to search for a string at the beginning of a line. Another press of Ctrl-^ toggles the prompt to search for a string at the end of a line, and pressing Ctrl-^ one more time searches for the string anywhere in the text.

Patched Alpine-Alpha version 2.20.3 Uploaded

Wed, 18 Mar 2015 20:59:21 MDT

I have updated all patches for version 2.20.3, since there was a change in version 2.20.3 that makes it necessary to release a new version of these alpine.

Alpine-Alpha version 2.20.4 Released

Wed, 25 Mar 2015 20:39:40 MDT

What to expect in this release:

new version 2.20.4
If the charset of a message can not be determined, use the value set in the "Unknown Character Set" option.
Resizing setup screen will redraw screen.
Unix Alpine only. Experimental: If Alpine/Pico finds a UCS4 code in the width ambiguous zone, it will use other means to determine the width, such as call wcwidth.

Pico: Changes to the search command

Sat, 28 Mar 2015 01:02:44 MDT

I have been working lately in adding options to the search command in Pico. Not long ago, I added the ability to find a string in the beginning of a line, or the end of the line. I also added the ability to search backwards, and now I added the ability to do an exact match (case sensitive search).

One of the problems is to create an interface that will be similar to the old interface. The default should be equivalent to what users are accostumed to, but specifying these options should be easy.

On the other hand, many subcommands of the search command have already been used, and there is a problem of assigning subcommands to all of these options: There are more new options than available commands. One way to solve this problem is to use toggles, by adding a new command that allows for a rotation of the menu in the bottom. This is already being done in the patched source code.

However, I did not think this was desirable for not users of the patched source code, so what I decided to do was to create a new command, namely Ctrl-^ that creates a new menu where the user can select as many options for that search. Once a user presses Ctrl-^ a new menu appears in the bottom of the screen, which allows a user to decide if this search will be backward, or exact (case sensitive), or the search will be performed for a string at the beginning of the line, or at the end of it. In addition, a user can select if they would like to replace the string they are searching for.

This new subcommand of the search command gives us the option to add two more subcommands for the search command in a later version. Some of the patches add subcommands for the search command, so this gives us some options for the future, without having to add a toggle for the subcommands of the search command. This is desirable because it does not require old users of Pico to relearn how to use it.

I do not have a very strong logic in the choice for the keys that activate the options. For example, Ctrl-X activates eXact match, Ctrl-N activates searching for a string at the end of a line, Ctrl-V for a search at the beginning of a line, and Ctrl-P for backward search. If you would like to suggest keys associated to these options, I am happy to read your suggestions. The only options that are available are ^J, ^N, ^O, ^P, ^R, ^T, ^U, ^V, ^W, ^X and ^Y.

Thank you for your feedback.

Alpine-Alpha version 2.20.5 Released

Tue, 31 Mar 2015 12:59:21 MDT

What to expect in this release:

new version 2.20.5
SMIME: Crash when a certificate has an invalid date of validity. Also Alpine will use the function ASN1_TIME_print to determine the date of validity. Reported by Ben Stienstra.
SMIME: Crash when atempting to unlock the password file and an incorrect password is entered.
Alpine version 2.20.4 would not build in Windows, due to a missing #ifdef SMIME directive in file alpine/mailpart.c. Reported by Ulf-Dietrich Braunmann.
Pico: Code reorganization in the search command to make it easier to add subcommands of the search command.
Pico: Search command can do a case sensitive match. Use the Ctrl-^ subcommand of the search command to bring this choice into view.
For a multipart/alternative message, the Take Address command will work on the part that is being read.

Patched Alpine-Alpha version 2.20.5 Uploaded

Tue, 31 Mar 2015 13:20:08 MDT

I have updated all patches for version 2.20.5. It turns out that version 2.20.4 will not work with the old patches so I had to make changes to the source code of Alpine to make all patches integrate and work as before. These changes are in the clean (unpatched) version 2.20.5.

The most important change is that both the patched version of Alpine as well as clean source have the same toggles, and so there is no need to remap any commands in the patched version. All commands that work in patched source in their original code work when they are integrated with the other patches in the same way, using the same commands.

Git repository of Alpine

Fri, 03 Apr 2015 20:27:11 MDT

Upon request by many of you, I have uploaded my local git code to the repo.or.cz web site. In order to download it to your computer run the command

git clone http://repo.or.cz/alpine.git

this command will download the current state of the repository to your computer to a directory called "alpine". In order to get future updates run the command

cd alpine

git pull

Compilation is done as usual. I hope this helps.

Thank you.

Alpine-Alpha version 2.20.6 Released

Fri, 17 Apr 2015 10:00:08 MDT

New in this release

new version 2.20.6
SMIME: Cancelling entering password to unlock key will not reprompt.
When sending a message, allow for 512 characters of consecutive non-white space before folding the subject line.
Call to utf8_parameters was not prototyped.
Call to utf8_parameters did not return NULL when the value to be searched was not defined by that function, causing a crash. Reported and fixed by Dennis Davis.

New Patch: Add subcommands to the compose command

Sun, 19 Apr 2015 15:00:27 MDT

This is a patch for Alpine and it is not currently included in the release of Alpine.

If you have enabled [X] Alternate Compose Menu then this patch will add two new subcommands to the compose command. Here are their descriptions:

S: If you are reading a message from a person, and you would like to compose a new message to that person, then this option will enter the address in the From: field of that message into the To: field of the new message. This allows you to start a fresh conversation with that person, without using the reply command, which might not always be the best way to start a conversation (thread) with another user. One of the main advantages of this approach is that is makes composing a message to a person faster than entering their address or nickname in the To: field.
M: If you are reading a message that was sent to a mailing list, this option will add the address of the mailing list in the To: field of your message. In many mailing lists, people are frowned upon if they reply to an old message to start a new message to the list. Using this option will start a new message (thread) in that mailing list.

These options are not available in case that the alternate composer menu is not enabled, as they slow down users to start composing a message.

Alpine-Alpha version 2.20.7 Released

Thu, 23 Apr 2015 00:58:36 MDT

New in this release

new version 2.20.7.
Fix documentation for search to beginning and to end of line, which had not been updated, even though the behavior had changed.
Exact search is sticky, that is, once an exact search is done, so will be the next ones. This is consistent with the default behavior where all searches are not exact.
Pico upgraded to versio 5.08.
some hunks of integrate.patch were added to this source code to make handling of menus consistent, and reduce the size of integrate.patch at the same time.

Alpine-Alpha version 2.20.8 Released

Sun, 17 May 2015 18:58:14 MDT

New in this release

new version 2.20.8.
Make sure titlebar (the line at the top of the screen) always contains the name of the folder/newsgroup that is open, if this fits in the title.
Fix a bug in the Windows version in which width of characters in the width ambiguous zone was computed incorrectly. Reported by Ulf-Dietrich Braumann.
Crash: Pico would crash when a search and replace was requested. The problem was that the menu must have size 10, even if not all items are used, and in this case, it had size 2, making the routines that process menu items crash.
The feature Scramble the Message-ID When Sending will also scramble the name, version and operative system in the message-id header. Based on a contribution by Dennis Davis, which is itself based on a contribution by Mark Hills.
Change in logic in imap_set_password function to make Alpine ask if a user wants to save a password before reading the password file. This makes a difference when decrypting a password file, as the password file was attempted to be decrypted before the user was asked if they intended to save such password. Now the logic is that the user will be asked if they intend to save the password, and if they agree, then users will be asked to provide the password to unlock their private key.
Add the Control-R subcommand to the save command for attachments. This subcommand toggles if the saving will be done in binary mode for text attachments. When a user saves an attachment using binary mode it will be saved as it was sent, otherwise the attachment will be transformed to UTF-8 for further transformation through internal and user defined filters for saving.

Alpine-Alpha version 2.20.9 Released

Sun, 15 Nov 2015 18:47:21 MST

New in this release

Fix a bug in the S/MIME certificate management screen where not all the information on a certificate might be printed on the screen. The bug was introduced when warnings from clang were cleared.
LibreSSL 2.2.2 does not have RAND_egd, so we eliminate that call (we were not using it anyway.)
Clean up code in pith/smime.c.
When the index is in zoomed state, adding new messages to the selection would not show those messages if those messages are on top of the current message in the top of the screen.
S/MIME: fix a bug that did not allow users to transfer certificates to remote containers. Reported by Matthias Rieber.
S/MIME: transferring certificates failed to remove temporary files.
Reimplementation of the code that allows the .pinerc file to be a symbolic link by Kyle George from tcpsoft.com to use realpath.
SMIME: certificates included in messages were not being transferred to a remote container.
SMIME: add full year when displaying information about a certificate in the certificate management screen. Suggested by Matthias Rieber.
SMIME: sort certificates by some type of alphabetical order in the displayed name.
SMIME: Offer the common name of the person, instead of the name of file containing the certificate, as the name to be displayed in the certificate management screen for certificate authorities. Suggested by Matthias Rieber.
SMIME: Crash if public certificates are located in an inaccessible remote server and the private key is not available.
SMIME: Management of several alternate name (SAN) certificates is improved. When importing a SAN certificate, also import a certificate for the filename, besides for the e-mail addresses in the certificate.
When saving an attachment, the "^T" command leads to a screen where the "A" command can be used to add a file. A directory can be added by pressing "^X" after the "A" command. Added after a suggestion by Stefan Goessling.
Crash when reviewing history of saving attachments.
When saving an attachment, the ^Y and ^V commands allow a user to scroll through the history of directories used to save attachments, while preserving the given name of the file. Suggested by Peter Koellner.
SMIME: Turn off automatic signing and encrypting of a message when bouncing. Suggested after a discussion with Matthias Rieber.
Crash in Pico when forwarding messages that contain a direction mark at the end of a line. Reported by James Mingo.
Crash when opening an attachment in Mac OS X 10.11.1. Reported by Peter Koellner.
Elements of the FILE structure were used in the Windows port to save information about the use of a file, but the contents of that structure changed in Visual Studio 2015, so a new system had to be created to save this information, that did not depend on the contents of the FILE structure.
tzname and daylight disappeared from Visual Studio, and they are replaced by _tzname and _daylight. Also change from tzset() to _tzset().
PC-Alpine: New configuration option "Aspell Dictionaries" allows a user to choose the dictionary used to spell, in case the user communicates in more than one language. Examples of values for the variable are "en_US" or "de_DE", etc. Only the first 10 dictionaries are offered.

Alpine-Alpha version 2.20.10 Released

Mon, 01 Feb 2016 21:26:35 MST

New in this release

New version 2.20.10.
Fix typos in documentation (cotainer to container.) Reported by Holger Trapp.
Alpine does not remove remporary files created when adding a CA certificate to a container. Reported by Holger Trapp.
Alpine will ask users if they wish to save S/MIME certificates included in signatures, when the option "Validate Using Certificate Store Only" is enabled. If the user does not wish to save it, validation will fail.
When the index is zoomed, broadening the search will redraw the screen to account for the broadened search, but will not repaint the screen due to scrolling. Suggested by Holger Trapp.
Several changes so that Alpine will build in Windows (change ldap_unbind_ext to ldap_unbind and add config.wnt.h to git repository.)
S/MIME: When reading a local certificate, Alpine converts the name of the certificate to lowercase, which may make Alpine not be able to read such certificate. Reported by Dennis Davis.
Extend size of extrakeys in search menu so that there is no conflict with expected size in modules in display.c.
Added support for RFC 2971 - IMAP ID extension.

Alpine-Alpha version 2.20.11 Released

Sat, 26 Mar 2016 15:11:07 MDT

New in this release

New version 2.20.11.
Update of copyright notice
Update to release notes to indicate support of RFC 2971.
Added corrections to the Release Notes (several misspellings) provided by Dennis Davis.
Add support to c-client of special-use mailboxes for client use.
Bug (introduced in version 2.20.9): Saving a password in the password file, writes a non-secure encrypted password file until Alpine is restarted again.
Add the ability to change the private key and certificates used to encrypt a password file in the SMIME setup configuration screen.
Protection against deleting new key and certificate when replacing key that encrypts password file in case that the new key/certificate pairs have the same name as the old key/certificate.
Adjust the "import certificate" prompt to make it clear that the user is sometimes asked to import a certificate and sometimes a key.
Fix a case of memory freed twice introduced in commit 4bf825141c...
Changes to make Alpine build when PASSFILE is not specified and adding memory freeing calls when necessary.
Bug: Crash when attempting to read a message after a bounce command. In order to produce a crash one needed to use the ^T subcommand and do a search in a LDAP directory. The crash is produced by changes to the text in the title bar. Reported by Heinrich Mislik in the Alpine-info list.
Add ignore size option to Alpine, which helps users deal with some servers that compute sizes incorrectly but send complete messages when users save messages from those servers.
Fix a bug that makes Alpine not wrap lines correctly in HTML messages when the position for wrapping is at a wide UTF-8 code point.
Small fix to SETUP DIRECTORY SERVERS screen, where Alpine would print only a small portion of the subtitle (e.g. "Directo" instead of "Directory Server on some.server.com".)
When exporting all parts of a message, if two attachments have the same name, do not overwrite a file more than once, but instead add a counter number to the filename to make a new file that does not exist in the file system.

Alpine-Alpha version 2.20.12 Released

Sat, 14 May 2016 10:29:45 MDT

New in this release

New version 2.20.12.
Unix-Alpine: Connect securely to a LDAP server on a secure port. Based on a contribution by Wang Kang.
When a message is saved in the Form Letter folder, add the ability to save the role being used to compose such message so that settings such as the SMTP server set in the role can be used when sending such form message. Suggested and patched by Frank Doepper.
Add a "dedup" command to the mailutil program. The format is as follows:
mailutil dedup MAILBOX
This command will open MAILBOX and remove duplicates of messages. Two messages are duplicate of each other if they have the same message-id. If a message does not have a message-id, it is not deleted. If MAILBOX is omitted, then INBOX is assumed.
Fix an error in compilation when Alpine is not built with S/MIME support, but it is built with password file support. Reported by Robert G. Siebeck.
Fix an error where the string "ldap " instead of "ldap" was being used to form a URL. Reported and fixed by Wang Kang.
Minor fix to documentation.
Add the configuration variable "default-directories", which is called "Extra Directories for Save" in the configuration screen. This variable saves a list of directories that are readily accessible for save or export of attachments. This makes it easier to save attachments in directories that are hard to navigate to, or that are accessed frequently.
When a filename is attached and its name is encoded, the save attachment command will offer to save the file in the encoded form. This might work for some users, but the save command will have a subcommand ^N to decode the file name and save the file with the decoded name.

Alpine-Alpha version 2.20.13 Released

Sat, 23 Jul 2016 10:56:22 MDT

New in this release

New version 2.20.13.
The TAB key allows autocomplete in the Fcc field in the composer headers, as well as autocompletes automatically when only one possibility exists for the ^J attach command.
With the change in logic in the way passwords are saved we need to check if the password file exists before we ask the user if we want to preserve the password for the next login.
Replace snprintf by sprintf in mailutil.c since Visual Studio has problems building when the former function in used. Reported by Ulf-Dietrich Braumann.
Add a missing call to fclose in newsrc.c. Reported by David Binderman.
When messages are selected, warn the user if a message that is not selected will be bounced, or if not all selected messages will be bounced. Suggested by Ulf-Dietrich Braumann.
Work in progress: Alpine calls non-safe functions while handling a signal. An attempt is being made to correct this in the future. See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=825772.
Add define _DEFAULT_SOURCE, since _BSD_SOURCE is deprecated by gcc 6.
Update/Fix alpine.spec file to build rpm packages.
Bug: when moving to use realpath to resolve symbolic links, .pinerc file would not be created if it did not exist.
Add the ability to select messages by number and thread-number by using '.' character to represent the current message/thread, and "$" to represent the last message/thread.
Bug: When selecting messages while in Threaded Index Screen, some messages other than top of threads could appear in the index, making Alpine display messages "out of the screen." The solution was to apply unview_thread to all threads.

Alpine-Alpha version 2.20.14 Released

Sun, 28 Aug 2016 12:54:58 MDT

New in this release

New version 2.20.14.
Bug: Alpine would use freed memory while trying to compute the color of the titlebar. This happened when trying to continue a postponed message. Alpine would call the format_titlebar function, which would attempt to use the msgmap of the freed stream of the postponed messages folder. The solution was to not to call the format_titlebar function, because all that is needed is the color of the titlebar, and that can be obtained in a different way.
When Alpine opens an attachment, it sometimes changes the extension of the file that is being opened and replaces it by another for the same mime type. If Alpine finds that the extension of the file corresponds with the mime type, according to the mime-types file, then it will keep it, and no substitution will be made.
The "#" command, when used as part of an aggregate operation will allow users to select the role used in either replying, forwarding or replying to the group of selected messages, Suggested by Hisashi T Fujinaka.
Compilation fails in Debian Hardening, due to a printf call that is not correctly made. Reported and patched by Christian Kujau. Final patch uses fprintf instead of printf.
Protect all calls to mail_elt in pith/ and alpine/ code. Protect means to check for correct range of message number before calling mail_elt.
Work in progress: correct some uses of system calls that do not check for returned value. This work will follow the lead given by Christian Kujau and Asheesh Laroia. Expect more changes of this type in subsequent commits.
Set no restrictions on the length of encoded subjects, but encode words in length of no more than 75 characters.
Add improvements to the Solaris port to find openssl files and compile without problems.
New configuration option Alternate Reply Menu which adds more ways to control features and variables when you start to reply to a message.
The bounce command adds a subcommand to choose a role.

Alpine-Alpha version 2.20.15 Released

Thu, 08 Sep 2016 08:59:11 MDT

New in this release

New version 2.20.15.
Bug: When implementing the alternate-reply-menu, some of the code got moved to the beginning of the reply_text_query function, which made the function return before it initialized some variables, which were therefore initialized to default values, and not the values configured by the user. This made, for example, make Alpine place the signature at the top of a message, regardless of what the user had configured. Reported by Andreas Schamanek.
Alpine does not build with openssl 1.1.0, so this update fixes that. Users have the option to build with older versions of OpenSSL or with version 1.1.0. The current code is transitional and it is intended that we will move Alpine to build exclusively with version 1.1.0 or above in the future. This update also recognizes if we are using LibreSSL. It was tested with version 2.4.2.

Alpine-Alpha version 2.20.16 Released

Sat, 08 Oct 2016 10:08:04 MDT

New in this release

New version 2.20.16
SMIME: Bouncing could sign (and therefore corrupt) a message when it is signed automatically. Reported by Björn Krellner.
Alpine failed to read an encrypted password file if too many passwords have been saved in it.
S/MIME: If the option "Remember S/MIME Passphrase" is disabled, then entering a password to read an encrypted message will make Alpine forget the key and not ask the password to unlock it again in case it is necessary to unlock it again. Reported by Ulf-Dietrich Braumann.
Alpine will include attachments when forwarding some multipart/alternative messages for which it did not use to include attachments.
When Alpine is compiled with password file and SMIME support the password file is encrypted using a private key/public certificate pair. If one such pair cannot be found, one will be created.

Alpine-Alpha version 2.20.17 Released. From now on we will move to version 2.20.99, and release Alpine in January 2017.

Wed, 23 Nov 2016 07:44:46 MST

New in this release

New version 2.20.17

Color support for the default composer and Pico. If users have configured colors to read messages in Alpine, the same colors will be used in the default composer. In the case of Pico, read the manual to understand how to configure this new feature.

Deleting from the end of the line in the composer, still showed deleted characters. Reported bt Mark Peveto.

Crash when canceling a goto command on a local collection that has not been expanded and attempting to expand such collection.

Remove limit of encoded words in the c-client library, since any limit makes a search eventually fail for a long enough encoded word.

SMIME: Change the default signature digest from sha1 to sha-256, since clients such as Thunderbird do not validate signatures that use sha1 digest.

Alpine-Alpha version 2.20.99 Released.

Fri, 16 Dec 2016 19:52:47 MST

New in this release

New version 2.20.99

new color code had problems when TABs were present in text, since line length computation was not done correctly. The code also works for wide characters and control keys.

When opening an INBOX folder in a context different from the incoming folders collection, from the command line, Alpine would open the INBOX folder from the incoming folders collection.

In Cygwin, installing Openssl does not install libcrypto-devel, so we add a check for crypt.h to the configure script to check that this file is properly installed.

Corrections to pico manual and improvements in documentation contributed by Dennis Davis.

Add location of openssl libraries, include files, etc for openssl in manjaro Linux.

Alpine-Alpha version 2.20.999 Released.

Sun, 01 Jan 2017 13:26:36 MST

New in this release

New version 2.20.999

New token SHORTSUBJECT, SHORTSUBJKEY and SHORTSUBJKEYINIT to shorten the subject, removing list name information from the subject (text enclosed between "[" and "]".)

New SMARTTIME24 token for index screen. It is close to SMARTDATETIME but it differns in that it gives the time in which the message was sent for messages that are less than a week old. it uses a 24 hour format.

Bug fix: The index format would be chopped at the position of an unrecognized token, instead of skipping the token as intended.

Add support for the TYPE and VALUE attributes of the html OL tag.

crypto.h is installed in /usr/include in cygwin, but everyone else installs it in /usr/include/openssl. Also other systems seem to install crypto.h when they install openssl, so we only check for the existence of crypto.h in Cygwin.

Alpine-Alpha version 2.21 Released.

Fri, 17 Mar 2017 19:11:31 MDT

Dear Alpine Enthusiasts,

it is with great pleasure that I announce the release of Alpine 2.21. The new version has a long list of new updates and bug fixes, too long to post here. The full list can be read at

http://alpineapp.email/alpine/release/

this page also has links to the source code and RPM. Windows binaries will be released soon.

Needless to say, this is an effort of many people who have tested and contributed to this final product. Thanks to everyone who tested prereleases.

Please test this release before putting it in a production environment.

Please report any and all problems you find with this release. Your assistance is appreciated.

Thank you.

Alpine-Alpha version 2.22.1 Released.

Thu, 11 Jun 2020 01:09:39 MDT

Dear Alpine Enthusiasts,

A new alpha version of Alpine has been released. Here is the list of changes since the release of version 2.22.

Add support for the OAUTHBEARER authentication method in Gmail. Thanks to Alexander Perlis for suggesting it and explaining how the method works.
Support for the SASL-IR IMAP extension that avoids a round trip during authentication. Similar support added for the SMTP, NNTP and POP3 protocols. Thanks to Geoffrey Bodwin for a report that lead to this implementation.
Alpine can pass an HTML message to an external web browser, by using the "External" command in the ATTACHMENT INDEX screen. Learn more.
New configuration variable External Command Loads Inline Images Only that controls if Alpine will keep the source link to all the images in the HTML message, or will only pass a link to inline images included in the message. For your privacy and security this feature is enabled by default.
When reading an email and a user selects an email address to which to compose a message from the message, the user will be able to select a role to compose that message.
New variable system-certs-path that allows users to indicate the location of the directory where certificates are located. In PC-Alpine this must be C:\libressl\ssl\certs. The C: drive can be replaced by the name of the drive where the binary and DLL files are located.
New variable system-certs-file that allows users to configure the location of a container of certificate authority (CA) certificates to be used to validate certificates of remote servers.
Remove sleep of 5 seconds for mailcap programs that use the terminal to display content. Suggested by Carl Edquist. In addition, remove configurable process table command and its corresponding sleep time.
* Bug in PC-Alpine that made Alpine go into an infinite loop and consume CPU when it was iconized. Reported by Holger Schieferdecker in comp.mail.pine.
Crash in Alpine when attempting to reply to a multipart/alternative message that is malformed, and the option to include attachments in reply is enabled. Reported and patched by Peter Tirsek.
Bug that makes Alpine split encoded words in the subject of a message in the middle of a utf-8 character into two encoded words, breaking the encoding. Reported by Jean Chevalier.
Alpine would not redraw the screen when a check for new mail in an incoming folder failed due to a failurec while validating the server certificate, and the user did not allow the connection to proceed.
Crash in Alpine while resizing the screen when using any of the tokens SUBJKEYTEXT, SUBJECTTEXT, or SUBJKEYINITTEXT in the index format, and the screen was resized. Reported by Iggy Mogo.
When Alpine is trying to authenticate to Gmail, using the XOAUTH2 method, it does not display the url the user needs to open, in order to authorize Alpine to access Gmail using XOAUTH2 when Alpine still has not created a screen. Reported by Baron Fujimoto.
When an html anchor does not quote the link in the href parameter, alpine does not link to it.
Attempt to fix a bug that breaks scrolling of a message in Alpine when the screen is resized. Reported in the Debian bug system at https://bugs.debian.org/cgi-bin/bugreport.cgie?bug=956361..

Please report any and all problems you find with this release. Your assistance is appreciated.

Thank you.

Security Bug in all versions of Alpine

Fri, 18 Jun 2020 03:41:29 MDT

Dear Alpine Users,

the following security issue was reported about Alpine:

Alpine can be configured to start a secure connection using /tls on an insecure connection. However, if the connection is PREAUTH, Alpine will not upgrade the connection to a secure connection, because a client must not issue a STARTTLS to a server that supports it, while in authenticated state. This makes Alpine continue to use an insecure connection with the server, exposing user data. Reported by Damian Poddebniak and Fabian Ising from Münster University of Applied Sciences.

this issue affects all versions of Alpine. As a result, when Alpine finds a server that supports STARTTLS for which a PREAUTH connection has been established, Alpine will close the connection and let the user decide how to proceed. In this case in order to establish a connection the user will have to remove /tls from the server, but this implies that the connection will be insecure, as configured. RFC 3501 does not allow a client to use STARTTLS in authenticated state, nor a server would accept it, so it is not possible to upgrade the connection in this situation either.

This fix is already included in the git repository and will be included in the next release of Alpine, to be released soon

Thank you.

Alpine version 2.23 Released.

Fri, 19 Jun 2020 01:18:18 MDT

Dear Alpine Enthusiasts,

I have a released a new version of Alpine. Version 2.23 adds new features and fixes bugs found in previous releases. Among the bugs fixed is a security bug found in all previous releases of Alpine.

New features include support of the XOAUTH2 authentication method for Microsoft Outlook, and the OAUTHBEARER method of authentication for Gmail. The full list of additions and bug fixes can be found in the Release Notes, which can be accessed by pressing "R" from the main menu.

The source code to build Alpine in the Unix or Windows operating system, as well as already built binaries for the Windows operating sysetm can be found at

http://alpineapp.email/

If you have any comments or problems with this release, do not hesitate to contact me.

Thank you.

Alpine version 2.23.1 Released.

Sat, 27 Jun 2020 22:38:40 MDT

Dear Alpine Enthusiasts,

Following the release of version 2.23, I added a new feature that allows users to add several client-ids to Alpine, even more than one per server. This modification affects the application of some of the patches, so in order to have patches successfully apply in every version, I needed to update the version of ALpine, and the patches from version 2.23 to version 2.23.1.

I addition, version 2.23.1 clears an issue that did not allow messages with detached signatures to validate on the recipient side, and clears an issue with PREAUTH sessions that still asked users to login, even though they were pre authenticated.

This version is an alpha version, and the direct link to download it is

http://alpineapp.email/alpine/alpha/release/alpine-alpha.tar.xz

If you use all.patch, the direct link is http://alpineapp.email/alpine/alpha/patches/alpine-2.23.1/all.patch.gz

Thank you.

Update of ooauth2.py to Python 3

Sat, 27 Jun 2020 22:49:53 MDT

If you use Alpine with other tools, such as fetchmail, or you use mutt, and will need to access Outlook.com using XOAUTH2 in the future, I have updated the ooauth2.py script to Python 3.

The oouath2.py script allows you to get your initial refresh tokens and access tokens, which you should save securely, as well as to renew the access token when it expires. This could be useful when you use other tools such as fetchmail or mutt which do not do this part of the process for you, and the ooauth2.py script can be used to do this part for you.

Instructions on how to use the script are linked from this post, and include images showing the process of creating a refresh and access tokens, as well as how to refresh them.

The original script was written in python 2, and this is an update to python 3.

Please send me all feedback about the script, so I can keep updating it based on your needs.

Thank you.

Alpine Alpha Version 2.23.2 Released

Mon, 29 Jun 2020 17:50:45 MDT

Since the patches for version 2.23.1 do not apply over the content of the git repository, I have released a new version 2.23.2, and updated the corresponding patches. Here is a summary of the changes since version 2.23.1.

Update ooauth2.py to python3 using the 2to3 script and fixing the conversions between strings and bytes throughout the script. Suggested by Holger Trapp.
Update to some information on configuring Gmail with XOAUTH2.
Corrections and improvements to the documentation by Dennis Davis.
Change flags from 0 and 1 and to BIO_NOCLOSE and BIO_CLOSE to improve readability.
Alpine links with tcl, even if WebAlpine is not built. The solution was to test for header files before we test for library files. If the former do not exists, we do not test for the latter.
After returning from the directory side of a dual-folder, sometimes Alpine would return to the first folder in the parent directory or to the dual-folder. The fix is to return to the original dual-folder as intended. Reported by Holger Trapp.
When an attachment is deleted and the original message is saved, Alpine might write only a part of the name of the file deleted. Reported by Holger Trapp.
When messages are selected, pressing the ";" command to broaden or narrow a search, now offers the possibility to completely replace the search, and is almost equivalent to being a shortcut to "unselect all messages, and select again". The difference is that cancelling this command will not unselect all currently selected messages. Suggested by Holger Trapp.
Addition of a link to the Apache License 2.0. This is available from the Release Notes as well as the welcome screen.
URLs that are surrounded by white space are not cleaned by Alpine before passing them to the browser, resulting in no display of the URL when Alpine tries to open it. Reported by Gregory Heytings.
Modifications to protect the privacy of users:
- Alpine does not generate Sender or X-X-Sender by default by making [X] Do Not Generate Sender Header the default.
- Alpine does not disclose User Agent by default by making [X] Suppress User Agent When Sending the default.
- Alpine uses the domain in the From: header of a message to generate a message-id and suppresses all information about Alpine, version, revision, and time of generation of the message-id from this header. This information is replaced by a random string.

Please send me all feedback about the script, so I can keep updating it based on your needs.

The links to the source code are the following: http://alpineapp.email/alpine/alpha/release/alpine-alpha.tar.xz

Link to all.patch: http://alpineapp.email/alpine/alpha/alpine-2.23.2/all.patch.gz

Link to source code that is already patched: http://alpineapp.email/alpine/alpha/alpine-2.23.2/alpine-2.23.2.tar.xz

Thank you.

Added XOAUTH2 Support for Yandex.com

Sat, 11 Jul 2020 14:27:14 MDT

I have added support for XAOUTH2 for Yandex.com, and I am investigating how to add this support for Yahoo.com. I have already contacted Verizon to request permission to have Alpine access authorize its users to access their email services.

I will update this feed as I have updates on this topic.

Deprecation of /novalidate-cert

Thu, 16 Jul 2020 13:18:04 MDT

Dear Alpiners,

in the spirit of increasing security for Alpine, I will deprecate /novalidate-cert completely. The current behavior of Alpine will be replaced by the following flow:

If a user has a validation issue, the /novalidate-cert flag will continue to be parsed by Alpine (that is, it will not produce an error) but it will be completely ignored.
When a validation issue occurs, a screen will be shown to the user telling them that a local certificate could not be found. This screen will be very similar to the current error screen, except for the fact that it will not recommend users to add /novalidate-cert.
Once a user has opened the error screen, a user will not be able to continue unless the user has reviewed the certificate. After a user has reviewed the certificate, the user will be asked if they wish to continue or they wish to save the certificate to a local folder.
The name of the folder that will contain certificates trusted by the user is ~/.alpine-certs, or alpine-certs in PC-Alpine, located in the same directory as the pinerc file. Alpine will support containers or individual certificates.
Certificates trusted by the user will be added to those that are part of the system; that is, Alpine will trust certificates that the user trusts and those that are part of the system.
If a user adds a certificate for a server, that is not possible or desirable to save in the certificates system to the ~/.alpine-certs folder, then that server will not give anymore validation errors, and this will solve the validation error in a more secure way.

Why the change? I have seen many places that advice how to setup Alpine to connect to popular email services, that tell you to configure your inbox-path or the folders collection using /novalidate-cert. This exposes all Alpine users to being attacked by a meddler-in-the-middle. This is not acceptable today, even if it was yesterday. I am currently working on setting this up, and the change will come soon.

Alpine 2.24 released!

Sat, 10 Oct 2020 16:32:50 MDT

Dear Alpiners,

it is my pleasure to announce the release of version 2.24 of Alpine. The full list of new features and bug fixes can be read from the Release Notes, which can be reached from the Main Menu, by pressing the "R" key.

New features include the addition of XOAUTH2 support for Yahoo!, automatic renew of the access token before it expires, and improvements to the privacy of Alpine users.

When starting up alpine, you will be given a welcome screen whose default command is to read the Apache License. The same welcome screen contains a link to Alpine's privacy policy. If you wish to exit that screen press "E".

The configure option --disable-debug has been redefined to only not compile debug symbols into Alpine. This means that Alpine will still compile internal debug messages, and so the journal screen will be available for all users. The .pine-debug files will not be created automatically, unless Alpine is started with the "-d" option (e.g. a command such as "alpine -d 2" or "alpine -d tcp")

Please test this release by yourself before putting it in a production environment.

All binaries and source code can be downloaded from the main web site at http://alpineapp.email/

The following are the relevant links:

Source code
http://alpineapp.email/alpine/release/src/alpine-2.24.tar.xz
MD5: 1c520c3a791b019772570674c7c17073
SHA256: 651a9ffa0a29e2b646a0a6e0d5a2c8c50f27a07a26a61640b7c783d06d0abcef
Windows 64 bits
http://alpineapp.email/alpine/release/src/alpine-2.24.zip
MD5: 619b5b46c5630591f184091a22011583
SHA256: 055a137e9aaa2e046c98de5809cc0d87eea7fcdd7f78d23ae26e1c276ff4424c
Windows 32 bits
http://alpineapp.email/alpine/release/src/alpine-2.24_32bits.zip
MD5: 83e6bf25e07c07cad8a5efea2ec2dca2
SHA256: e64840734747b340ecdd581964a51c36956ae9b69ea3f4025b28b3cacf87a603

Thank you.