Merge tag 'v0.5.5' into debian/latest

Release version 0.5.5

1 files changed, 58 insertions, 9 deletions

diff --git a/Changelog b/Changelog
index 28a1ef4..cba8719 100644
--- a/Changelog
+++ b/Changelog
@@ -1,18 +1,67 @@
+interimap (0.5.5) upstream;
+
+ * libinterimap: remove default SSL_protocols value "!SSLv2 !SSLv3
+   !TLSv1 !TLSv1.1" and use the system default instead.  As of Debian
+   Buster (OpenSSL 1.1.1) this does not make a difference, however using
+   the system default provides better compatibility with future libssl
+   versions.
+ * libinterimap: deprecate SSL_protocols, obsoleted by new settings
+   SSL_protocol_{min,max}.  Using the libssl interface simplifies our
+   protocol black/whitelist greatly; this only allows simple min/max
+   bounds, but holes are arguably not very useful here.
+ * libinterimap: use default locations for trusted CA certificates when
+   neither CAfile nor CApath are set.  In particular, OpenSSL's default
+   locations can be overridden by the SSL_CERT_FILE resp. SSL_CERT_DIR
+   environment variables, see SSL_CTX_load_verify_locations(3ssl).
+ * libinterimap: _start_ssl() now fails immediately with OpenSSL <1.1.0.
+   It could in principle still work with earlier versions if the new
+   settings SSL_protocol_{min,max} are not used, however it's cumbersome
+   to do individual checks for specific settings, let alone maintain
+   test coverage with multiple OpenSSL versions.
+ * libinterimap: new option SSL_ciphersuites to set the TLSv1.3
+   ciphersuites; also, clarify that SSL_cipherlist only applies to
+   TLSv1.2 and below, see SSL_CTX_set_cipher_list(3ssl).
+ + `make release`: also bump libinterimap version and pin it in 'use'
+   declarations.
+ + Make error messages more uniform and consistent.
+ - libinterimap: use Net::SSLeay::get_version() to get the protocol
+   version string.
+ - test suite: `mv tests/snippets tests/config`
+ - tests/tls-protocols: use custom OpenSSL configuration file with
+   MinProtocol=None so we can test TLSv1 as well, not just TLSv1.2 and
+   later.
+ - test suite: explicitly set ssl_min_protocol=TLSv1 in the Dovecot
+   configuration file (the default as of 2.3.11.3), hence running TLS
+   tests now require Dovecot 2.3 or later.
+ - documentation: simplify SSL options in the sample configuration files.
+ - README: suggest 'restrict,command="/usr/bin/doveadm exec imap"' as
+   authorized_keys(5) options.
+ - README: suggest ControlPath=$XDG_RUNTIME_DIR/ssh-imap-%C for the SSH
+   transport (note that variable expansion is only available in OpenSSH
+   8.4 and later).
+ - test suite: ensure we haven't started speaking IMAP when the SSL/TLS
+   handshake is aborted (unless STARTTLS is used to upgrade to
+   connection).
+ - documentation: clarify that known TLS protocol versions depend on the
+   OpenSSL version used.
+
+ -- Guilhem Moulin <guilhem@fripost.org>  Sat, 26 Dec 2020 23:11:10 +0100
+
 interimap (0.5.4) upstream;
 
  * libinterimap: make SSL_verify also checks that the certificate
    Subject Alternative Name (SAN) or Subject CommonName (CN) matches the
    hostname or IP literal specified by the 'host' option.  Previously it
    was only checking the chain of trust.  This bumps the minimum
-   Net::SSLeay version to 1.83 and OpenSSL version 1.0.2.
+   Net::SSLeay version to 1.83 and OpenSSL version to 1.0.2 (when
+   SSL_verify is used).
  * libinterimap: add support for the TLS SNI (Server Name Indication)
    extension, controlled by the new 'SSL_hostname' option.  The default
    value of that option is the value of the 'host' option when it is
    hostname, and the empty string (which disables SNI) when it is an IP
    literal.
  + libinterimap: show the matching pinned SPKI in --debug mode.
- + test suite: always generate new certificates on `make test`.  Hence
-   running `make test` now requires OpenSSL 1.1.1 or later.
+ + test suite: always generate new certificates on `make test`.
  + test suite: sign all test certificates with the same root CA.
  + libinterimap: factor out hostname/IP parsing.
  + document that enclosing 'host' value in square brackets forces its
@@ -26,7 +75,7 @@ interimap (0.5.4) upstream;
 
 interimap (0.5.3) upstream;
 
- * libinterimap: SSL_fingerprint now supports a space-separate list of
+ * libinterimap: SSL_fingerprint now supports a space-separated list of
    digests to pin, and succeeds if, and only if, the peer certificate
    SPKI matches one of the pinned digest values.  Specifying multiple
    digest values can key useful in key rollover scenarios and/or when
@@ -75,7 +124,7 @@ interimap (0.5) upstream;
    (regardless of the hierarchy delimiter in use).
 
  Other changes:
- * interimap: the space-speparated list of names and/or patterns in
+ * interimap: the space-separated list of names and/or patterns in
    'list-mailbox' can now contain C-style escape sequences (backslash
    and hexadecimal escape).
  * interimap: fail when two non-INBOX LIST replies return different
@@ -83,7 +132,7 @@ interimap (0.5) upstream;
    happen if mailboxes from different namespaces are being listed.  The
    workaround here is to run a new interimap instance for each
    namespace.
- * libinterimap: in tunnel mode, use a socketpair rather than two pipes
+ * libinterimap: in tunnel mode, use a socket pair rather than two pipes
    for IPC between the interimap and the IMAP server.  Also, use
    SOCK_CLOEXEC to save an fcntl() call when setting the close-on-exec
    flag on the socket.
@@ -146,7 +195,7 @@ interimap (0.5) upstream;
  - libinterimap: use directories relative to $HOME for the XDG
    environment variables default values.  Previously getpwuid() was
    called to determine the user's home directory, while the XDG
-   specification explicitely mentions $HOME.  Conveniently our docs
+   specification explicitly mentions $HOME.  Conveniently our docs
    always mentioned ~/, which on POSIX-compliant systems expands to the
    value of the variable HOME.  (Cf. Shell and Utilities volume of
    POSIX.1-2017, sec. 2.6.1.)
@@ -160,7 +209,7 @@ interimap (0.5) upstream;
  - libinterimap: push_flag_updates(): ignore UIDs for which no untagged
    FETCH response was received.
  - libinterimap: push_flag_updates(): don't ignores received updates (by
-   another client) to a superset of the desigred flag list.
+   another client) to a superset of the desired flag list.
  - libinterimap: avoid sending large UID EXPUNGE|FETCH|STORE commands as
    they might exceed the server's max acceptable command size; these
    commands are now split into multiple (sequential) commands when their
@@ -170,7 +219,7 @@ interimap (0.5) upstream;
    This is a also a workaround for a bug in Dovecot 2.3.4:
    https://dovecot.org/pipermail/dovecot/2019-November/117522.html
  - interimap: for the reason explained above, limit number of messages
-   to 128 per APPEND command (only on servers advertizing MULTIAPPEND,
+   to 128 per APPEND command (only on servers advertising MULTIAPPEND,
    for other servers the number remains 1).
  - interimap: gracefully ignore messages with a NIL RFC822 attribute.
  - pullimap: treat messages with a NIL RFC822 attribute as empty.