aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFiles
...
| * Makefile: Honor srcdir=.Guilhem Moulin2022-02-221
| | | | | | | | Cf. https://www.gnu.org/prep/standards/html_node/Directory-Variables.html .
| * Tests: Dovecot: Bump min protocol level to TLSv1.2.Guilhem Moulin2022-02-211
| | | | | | | | | | And use security level 2 for ssl_cipher_list. As of dovecot 2.3.18 ssl_min_protocol defaults to TLSv1.2.
| * Tests: TLS ciphers/protocols: Downgrade security level to 0.Guilhem Moulin2022-02-212
| | | | | | | | | | | | This is required to test TLS version <1.2 on systems with higher security levels, see SSL_CTX_set_security_level(3ssl). Addapted from a patch from <xnox> for Unbuntu.
| * Improve message for unknown untagged UIDNEXT response.Guilhem Moulin2021-02-221
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Per RFC3501 §6.3.1 and §6.3.2 ‘UIDNEXT’ must be returned in an OK untagged response. See also Appendix B#34. However §6.3.1 suggests that it's in fact optional: “If this is missing, the client can not make any assumptions about the next unique identifier value.” A correction was proposed in Errata ID 3445 https://www.rfc-editor.org/errata/eid3445 , and rejected on the ground that clients SHOULD support the implement default behavior for missing data. We heavily rely on the ‘UIDNEXT’ presence and won't implement a workaround for its absence; instead we panic() with a more informative message.
* | d/watch: Use substitution strings.Guilhem Moulin2022-02-262
| |
* | Update d/u/signing-key.asc.Guilhem Moulin2022-02-251
| |
* | d/control: Mention alternatives in long descriptions.Guilhem Moulin2022-02-251
| | | | | | | | | | Namely OfflineIMAP for InterIMAP, and fetchmail/getmail for PullIMAP. This should improve visibility.
* | d/control: Improve long descriptions.Guilhem Moulin2022-02-251
| |
* | Update standards version to 4.6.0, no changes needed.Guilhem Moulin2022-02-252
| | | | | | | | | | | | Changes-By: lintian-brush Fixes: lintian: out-of-date-standards-version See-also: https://lintian.debian.org/tags/out-of-date-standards-version.html
* | Set field Upstream-Name in debian/copyright.Guilhem Moulin2022-02-252
| | | | | | | | Changes-By: lintian-brush
* | Prepare new release.debian/0.5.6-1Guilhem Moulin2021-01-011
| |
* | Bump required libnet-ssleay-perl version to 1.88.Guilhem Moulin2021-01-012
| | | | | | | | | | Next stable upstream release after developer release 1.86_06, and also earliest version available in Debian.
* | Merge tag 'v0.5.6' into debian/latestGuilhem Moulin2021-01-016
|\| | | | | | | Release version 0.5.6
| * Prepare new release v0.5.6.v0.5.6Guilhem Moulin2021-01-014
| |
| * doc/template.html: remove type attribute from <style/> element.Guilhem Moulin2021-01-012
| |
| * Bump required Net::SSLeay version to 1.86_06.Guilhem Moulin2021-01-013
| | | | | | | | | | | | | | | | | | | | | | That's when get_version() was introduced. Unfortunately the manual doesn't mention it, but 1.85 is lacking the function, see https://github.com/radiator-software/p5-net-ssleay/blob/1.88/Changes#L216 https://github.com/radiator-software/p5-net-ssleay/commit/ae33bb5405dadde973bc25a0c5e3941d5c83f8b1 Compatibility with Net::SSLeay 1.83 can be restored by reverting this commit and 35f4ecefa9c9ff55acfdb337b215e3d13345c86d.
* | Add d/upstream/metadata with Repository and Repository-Browse.Guilhem Moulin2020-12-271
| |
* | Prepare new release.debian/0.5.5-1Guilhem Moulin2020-12-271
| |
* | Run wrap-and-sort(1).Guilhem Moulin2020-12-272
| |
* | Refresh patches.Guilhem Moulin2020-12-273
| |
* | d/.gitattributes: New file to merge d/changelog with dpkg-mergechangelogs(1).Guilhem Moulin2020-12-272
| |
* | Update copyright years.Guilhem Moulin2020-12-271
| |
* | d/control: bump dovecot-imapd version to >=2.3 in Build-Depends.Guilhem Moulin2020-12-272
| | | | | | | | | | We're using ssl_min_protocol in the test suite, see feeb91998a29ca040f6e5dd103e09507a6355e32 .
* | d/control: pin exact libinterimap version in interimap & pullimap's depends.Guilhem Moulin2020-12-272
| | | | | | | | | | The components are tightly tied together and libinterimap makes no promise of API stability.
* | Bump version number.Guilhem Moulin2020-12-271
| |
* | Merge tag 'v0.5.5' into debian/latestGuilhem Moulin2020-12-2632
|\| | | | | | | Release version 0.5.5
| * Prepare new release v0.5.5.v0.5.5Guilhem Moulin2020-12-264
| |
| * typofixGuilhem Moulin2020-12-171
| |
| * libinterimap: new option SSL_ciphersuites to set the TLSv1.3 ciphersuites.Guilhem Moulin2020-12-179
| | | | | | | | | | Also, clarify that SSL_cipherlist only applies to TLSv1.2 and below. See SSL_CTX_set_cipher_list(3ssl).
| * manuals: Clarify that known TLS protocol versions depend on the OpenSSL ↵Guilhem Moulin2020-12-173
| | | | | | | | version used.
| * test suite: use stock OpenSSL config except for tests/tls-protocols.Guilhem Moulin2020-12-174
| | | | | | | | | | It's best to use a stock (clean) environment when possible. We only need to test TLS protocol version <1.2 for tests/tls-protocols.
| * typofixGuilhem Moulin2020-12-132
| |
| * Remove obsolete Changelog entry.Guilhem Moulin2020-12-131
| |
| * manual: improve wording.Guilhem Moulin2020-12-132
| |
| * libinterimap: _start_ssl() now fails immediately with OpenSSL <1.1.0.Guilhem Moulin2020-12-132
| | | | | | | | | | | | | | It could in principle still work with earlier versions if the new settings SSL_protocol_{min,max} are not used, however it's cumbersome to do individual checks for specific settings, let alone maintain test coverage with multiple OpenSSL versions.
| * libinterimap: use default locations for trusted CA certificates when neither ↵Guilhem Moulin2020-12-138
| | | | | | | | | | | | | | | | | | | | | | CAfile nor CApath are set. In particular, OpenSSL's default locations can be overridden by the SSL_CERT_FILE resp. SSL_CERT_DIR environment variables, see SSL_CTX_load_verify_locations(3ssl). This bumps the minimum OpenSSL version to 1.1.0 (when SSL_verify is used).
| * test suite: ensure we haven't started speaking IMAP when the SSL/TLS ↵Guilhem Moulin2020-12-134
| | | | | | | | | | | | handshake is aborted. (Unless STARTTLS is used to upgrade the connection.)
| * typofixGuilhem Moulin2020-12-132
| |
| * Explicitly set SSL_verify=1 (default) only once.Guilhem Moulin2020-12-131
| |
| * Make error messages more uniform and consistent.Guilhem Moulin2020-12-135
| |
| * Fix broken URLs.Guilhem Moulin2020-12-131
| |
| * README: Reflow with tw=78.Guilhem Moulin2020-12-121
| |
| * README: suggest ControlPath=$XDG_RUNTIME_DIR/ssh-imap-%C for the SSH transportGuilhem Moulin2020-12-122
| | | | | | | | | | | | | | Not a good idea to use a world-writable directory, see ssh_config(5)… Note that variable expansion is only available in OpenSSH 8.4 and later, cf. https://bugzilla.mindrot.org/show_bug.cgi?id=3140 .
| * README: use 'restrict' option in authorized_keys(5) snippet.Guilhem Moulin2020-12-122
| | | | | | | | | | | | | | | | | | | | | | | | | | This is shorter and more future-proof. Quoting the manual: restrict Enable all restrictions, i.e. disable port, agent and X11 forwarding, as well as disabling PTY allocation and execution of ~/.ssh/rc. If any future restriction capabilities are added to authorized_keys files they will be included in this set. Note that this won't work with Jessie's OpenSSH server.
| * gitignore: Exclude aspell(1)'s backup copies.Guilhem Moulin2020-12-121
| |
| * typofix, spellingGuilhem Moulin2020-12-127
| |
| * `make release`: also bump libinterimap version and pin it in 'use' declarations.Guilhem Moulin2020-12-112
| | | | | | | | | | Also, make use the tag doesn't exist, and fail early if we can't detect the version.
| * documentation: simplify SSL options in the sample configuration files.Guilhem Moulin2020-12-113
| |
| * libinterimap: deprecate SSL_protocols and introduce SSL_protocol_{min,max}.Guilhem Moulin2020-12-116
| | | | | | | | | | | | | | | | Using the libssl interface simplifies our protocol black/whitelist greatly; this only allows simple min/max bounds, but holes are arguably not very useful here. Using the new settings bumps the required libssl version to 1.1.0.
| * test suite: supply our own OpenSSL configuration file with MinProtocol=None.Guilhem Moulin2020-12-117
| | | | | | | | | | | | | | | | So we can test TLSv1 as well, not just TLSv1.2 and later. Also, explicitly set ssl_min_protocol=TLSv1 in the Dovecot configuration file (the default as of 2.3.11.3), hence running TLS tests now require Dovecot 2.3 or later.