interimap/tests/list, branch debian/0.5.4-1 Fast bidirectional synchronization for QRESYNC-capable IMAP servers libinterimap: add support for the TLS SNI (Server Name Indication) extension. 2020-12-11T10:20:41+00:00 Guilhem Moulin guilhem@fripost.org 2020-12-10T20:52:44+00:00 4ed6f0982cc0553e31e7beadf441beb8573a07d4 This is controlled by the new 'SSL_hostname' option. The default value of that option is the value of the 'host' option when it is hostname, and the empty string (which disables SNI) when it is an IP literal. 
This is controlled by the new 'SSL_hostname' option.  The default value
of that option is the value of the 'host' option when it is hostname,
and the empty string (which disables SNI) when it is an IP literal.
New test with a server offering both RSA+ECDSA certificates. 2020-12-09T14:29:59+00:00 Guilhem Moulin guilhem@fripost.org 2020-12-09T14:11:45+00:00 51df40cf82c67ae828c325a42e28b3155fce9864 This requires dovecot-imapd 2.2.31 or later. Certificate generated with: $ openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:P-256 -pkeyopt ec_param_enc:named_curve \ -out tests/snippets/dovecot/dovecot.ecdsa.key $ openssl req -x509 -days 3650 -subj "/CN=InterIMAP test suite" \ -key tests/snippets/dovecot/dovecot.ecdsa.key \ -out tests/snippets/dovecot/dovecot.ecdsa.crt 
This requires dovecot-imapd 2.2.31 or later.

Certificate generated with:

      $ openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:P-256 -pkeyopt ec_param_enc:named_curve \
            -out tests/snippets/dovecot/dovecot.ecdsa.key
      $ openssl req -x509 -days 3650 -subj "/CN=InterIMAP test suite" \
            -key tests/snippets/dovecot/dovecot.ecdsa.key \
            -out tests/snippets/dovecot/dovecot.ecdsa.crt
libinterimap: abort on PREAUTH greeting received on plaintext connections 2020-08-03T18:50:08+00:00 Guilhem Moulin guilhem@fripost.org 2020-08-03T18:27:38+00:00 3b2939febdeb7f92051f95a3b08cf86e221ce21d Set "STARTTLS = NO" to ignore. This is similar to CVE-2020-12398 and CVE-2020-14093. 
Set "STARTTLS = NO" to ignore.  This is similar to CVE-2020-12398 and
CVE-2020-14093.
libinterimap: Fix response injection vulnerability after STARTTLS. 2020-08-03T18:30:46+00:00 Guilhem Moulin guilhem@fripost.org 2020-08-03T17:20:05+00:00 bc43c0d9468a8d50ba141c8a965f9f07ed0456ff For background see https://gitlab.com/muttmua/mutt/-/issues/248 . 
For background see https://gitlab.com/muttmua/mutt/-/issues/248 .
New test for hierarchy delimiter change. 2019-12-13T19:05:11+00:00 Guilhem Moulin guilhem@fripost.org 2019-12-13T03:43:43+00:00 0dfcd073ffc391ca38b523a8d43e3f9479bb14c1 Cf. https://www.imapwiki.org/ClientImplementation/MailboxList#Hierarchy_separators “Some clients cache the hierarchy separator forever. This has problems if the server configuration is changed (e.g. server software changed). Try to avoid this problem.” 
Cf. https://www.imapwiki.org/ClientImplementation/MailboxList#Hierarchy_separators
“Some clients cache the hierarchy separator forever. This has problems
if the server configuration is changed (e.g. server software changed).
Try to avoid this problem.”
Test suite: add new test for pullimap(1). 2019-11-13T05:23:57+00:00 Guilhem Moulin guilhem@fripost.org 2019-11-13T03:16:48+00:00 dac4ab1c9306bf2035bc1547d2ed27ab09850120 This adds a dependency on Dovecot's LMTPd, which will bind to to TCP port 10024 on the loopback interface. 
This adds a dependency on Dovecot's LMTPd, which will bind to
to TCP port 10024 on the loopback interface.
Avoid sending large UID EXPUNGE|FETCH|STORE and APPEND commands. 2019-11-13T05:23:57+00:00 Guilhem Moulin guilhem@fripost.org 2019-11-10T23:39:09+00:00 0a2558aabfefd6800fe74c24e5aff2b0d47cc5e2 UID EXPUNGE|FETCH|STORE commands are now split into multiple (sequential) commands when their set representation exceeds 4096 bytes in size. Without splitting logic set representations could grow arbitrarily large, and exceed the server's maximum command size. This adds roundtrips which could be eliminated by pipelining, but it's unlikely to make any difference in typical synchronization work. While set representations seem to remain small in practice, they might grow significantly if many non-contiguous UIDs were flagged and/or expunged, and later synchronized at once. Furthermore, for MULTIAPPEND-capable servers, the number of messages is limited to 128 per APPEND command (also subject to a combined literal size of 1MiB like before). These numbers are currently not configurable. They're intentionally lower than Dovecot's default maximum command size (64k) in order to avoid a deadlock situation after sending 8k-long commands under COMPRESS=DEFLATE: https://dovecot.org/pipermail/dovecot/2019-November/117522.html . 
UID EXPUNGE|FETCH|STORE commands are now split into multiple (sequential)
commands when their set representation exceeds 4096 bytes in size.  Without
splitting logic set representations could grow arbitrarily large, and
exceed the server's maximum command size.

This adds roundtrips which could be eliminated by pipelining, but it's
unlikely to make any difference in typical synchronization work.  While set
representations seem to remain small in practice, they might grow
significantly if many non-contiguous UIDs were flagged and/or expunged, and
later synchronized at once.

Furthermore, for MULTIAPPEND-capable servers, the number of messages is
limited to 128 per APPEND command (also subject to a combined literal size of
1MiB like before).

These numbers are currently not configurable.  They're intentionally lower
than Dovecot's default maximum command size (64k) in order to avoid a
deadlock situation after sending 8k-long commands under COMPRESS=DEFLATE:
https://dovecot.org/pipermail/dovecot/2019-November/117522.html .
Net::IMAP::InterIMAP::push_flag_updates() bugfixes. 2019-11-13T05:23:57+00:00 Guilhem Moulin guilhem@fripost.org 2019-11-12T00:39:29+00:00 3aa5593af18bd4925235d1820fd0fe7c646843aa The UNCHANGEDSINCE test from the CONDSTORE extension was incorrectly placed after the flag list in UID STORE commands. In practice this meant the server didn't add the MODIFIED code when needed. The server won't send an untagged FETCH command (and won't increase the message's MODSEQ) if no change was made to the flag list. A panic() was incorrectly triggered in that case. When the flag list was set (by another client) to a superset of the UID STORE command currently processed, the extra flags were not synchronized. Cf. RFC 7162 sec. 3.1.3 ex. 10. 
The UNCHANGEDSINCE test from the CONDSTORE extension was incorrectly
placed after the flag list in UID STORE commands.  In practice this
meant the server didn't add the MODIFIED code when needed.

The server won't send an untagged FETCH command (and won't increase the
message's MODSEQ) if no change was made to the flag list.  A panic() was
incorrectly triggered in that case.

When the flag list was set (by another client) to a superset of the UID
STORE command currently processed, the extra flags were not synchronized.
Cf. RFC 7162 sec. 3.1.3 ex. 10.
Test suite: add new test for COMPRESS=DEFLATE. 2019-11-13T05:23:57+00:00 Guilhem Moulin guilhem@fripost.org 2019-11-10T19:17:45+00:00 7bf1b61dcf4eacc4e9d7a23fbe3050495990f8d9 An imapd is required as `doveadm exec imap` won't offer COMPRESS=DEFLATE in its capability list. 
An imapd is required as `doveadm exec imap` won't offer COMPRESS=DEFLATE
in its capability list.
Test suite: add new tests for SSL/TLS. 2019-11-13T05:23:57+00:00 Guilhem Moulin guilhem@fripost.org 2019-11-10T04:39:41+00:00 a7c364bf90a4593cfbc7911b1b7536dc66b1c879 SSL connections are accepted on TCP port 10993. Also, fix STARTTLS directive, broken since fba1c36… 
SSL connections are accepted on TCP port 10993.  Also, fix STARTTLS
directive, broken since fba1c36…