interimap/lib/Net, branch upstream/0.5.3 Fast bidirectional synchronization for QRESYNC-capable IMAP servers libinterimap: SSL_fingerprint now supports a space-separate list of digests to pin. 2020-12-09T14:29:54+00:00 Guilhem Moulin guilhem@fripost.org 2020-12-09T14:06:37+00:00 a1ef66a76b4a6651b7371a9fd1e35f2f99e85bfa And succeeds if, and only if, the peer certificate SPKI matches one of the pinned digest values. Specifying multiple digest values can key useful in key rollover scenarios and/or when the server supports certificates of different types (for instance RSA+ECDSA). 
And succeeds if, and only if, the peer certificate SPKI matches one of
the pinned digest values.  Specifying multiple digest values can key
useful in key rollover scenarios and/or when the server supports
certificates of different types (for instance RSA+ECDSA).
libinterimap: 'debug' forces 'null-stderr' = 0. 2020-12-08T15:03:23+00:00 Guilhem Moulin guilhem@fripost.org 2020-12-08T15:03:23+00:00 1630f2387c52a0ac460922eda6535165fdb279d1 The standard error is never sent to /dev/null in debug mode. Closes: deb#968392 
The standard error is never sent to /dev/null in debug mode.

Closes: deb#968392
Upgrade URLs to secure HTTP. 2020-08-04T00:35:05+00:00 Guilhem Moulin guilhem@fripost.org 2020-08-04T00:35:05+00:00 11cd204852f665670b5d4271eab86a3d9f5e5624 






libinterimap: abort on PREAUTH greeting received on plaintext connections
2020-08-03T18:50:08+00:00

Guilhem Moulin
guilhem@fripost.org

2020-08-03T18:27:38+00:00

3b2939febdeb7f92051f95a3b08cf86e221ce21d

Set "STARTTLS = NO" to ignore.  This is similar to CVE-2020-12398 and
CVE-2020-14093.





Set "STARTTLS = NO" to ignore.  This is similar to CVE-2020-12398 and
CVE-2020-14093.







libinterimap: Fix response injection vulnerability after STARTTLS.
2020-08-03T18:30:46+00:00

Guilhem Moulin
guilhem@fripost.org

2020-08-03T17:20:05+00:00

bc43c0d9468a8d50ba141c8a965f9f07ed0456ff

For background see https://gitlab.com/muttmua/mutt/-/issues/248 .





For background see https://gitlab.com/muttmua/mutt/-/issues/248 .







typofix
2020-08-03T18:29:56+00:00

Guilhem Moulin
guilhem@fripost.org

2020-08-03T16:58:08+00:00

bf4175c4f5fa40c5b6385dd728d4e7732833f64c












libinterimap: fail when a capability to ENABLE is missing from the server's CAPABILITY listing.
2020-08-03T18:29:56+00:00

Guilhem Moulin
guilhem@fripost.org

2020-08-03T16:24:30+00:00

845d43fcc08089e87cd8cdf776ebc2345fd4e1ff












Improve “UIDVALIDITY changed!” error message.
2019-11-15T21:22:55+00:00

Guilhem Moulin
guilhem@fripost.org

2019-11-15T21:20:40+00:00

51336e88f2de76c56b513de23d06677461742454

Mention the name of the problematic mailbox.  (We may detect the
violation while not in SELECTED state.)





Mention the name of the problematic mailbox.  (We may detect the
violation while not in SELECTED state.)







Fix minor space damage.
2019-11-13T16:47:11+00:00

Guilhem Moulin
guilhem@fripost.org

2019-11-13T16:47:02+00:00

1be03491746552ac1c5111049268dfc7b67889c1












Avoid sending large UID EXPUNGE|FETCH|STORE and APPEND commands.
2019-11-13T05:23:57+00:00

Guilhem Moulin
guilhem@fripost.org

2019-11-10T23:39:09+00:00

0a2558aabfefd6800fe74c24e5aff2b0d47cc5e2

UID EXPUNGE|FETCH|STORE commands are now split into multiple (sequential)
commands when their set representation exceeds 4096 bytes in size.  Without
splitting logic set representations could grow arbitrarily large, and
exceed the server's maximum command size.

This adds roundtrips which could be eliminated by pipelining, but it's
unlikely to make any difference in typical synchronization work.  While set
representations seem to remain small in practice, they might grow
significantly if many non-contiguous UIDs were flagged and/or expunged, and
later synchronized at once.

Furthermore, for MULTIAPPEND-capable servers, the number of messages is
limited to 128 per APPEND command (also subject to a combined literal size of
1MiB like before).

These numbers are currently not configurable.  They're intentionally lower
than Dovecot's default maximum command size (64k) in order to avoid a
deadlock situation after sending 8k-long commands under COMPRESS=DEFLATE:
https://dovecot.org/pipermail/dovecot/2019-November/117522.html .





UID EXPUNGE|FETCH|STORE commands are now split into multiple (sequential)
commands when their set representation exceeds 4096 bytes in size.  Without
splitting logic set representations could grow arbitrarily large, and
exceed the server's maximum command size.

This adds roundtrips which could be eliminated by pipelining, but it's
unlikely to make any difference in typical synchronization work.  While set
representations seem to remain small in practice, they might grow
significantly if many non-contiguous UIDs were flagged and/or expunged, and
later synchronized at once.

Furthermore, for MULTIAPPEND-capable servers, the number of messages is
limited to 128 per APPEND command (also subject to a combined literal size of
1MiB like before).

These numbers are currently not configurable.  They're intentionally lower
than Dovecot's default maximum command size (64k) in order to avoid a
deadlock situation after sending 8k-long commands under COMPRESS=DEFLATE:
https://dovecot.org/pipermail/dovecot/2019-November/117522.html .