aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFiles
...
* | d/salsa-ci.yml: run .test-reprotest with DEB_BUILD_OPTIONS=nocheck.Guilhem Moulin2020-12-112
| |
* | d/rules: Run test suite with TMPDIR=/var/tmp.Guilhem Moulin2020-12-112
| | | | | | | | | | | | Ssome systems (such as salsa's CI runners) mount /dev/shm with the 'noexec' option. /var/tmp is probably safer in that regard since it's what mkinitramfs(8) defaults to.
* | Add debian/salsa-ci.yml file.Guilhem Moulin2020-12-112
| |
* | d/control: Point Vcs-* to salsa.Guilhem Moulin2020-12-112
| |
* | Bump minimum libnet-ssleay-perl version from 1.73 to 1.83.Guilhem Moulin2020-12-112
| | | | | | | | And alsa openssl to 1.1.1 in Build-Depends.
* | Refresh patches and bump version number.Guilhem Moulin2020-12-113
| |
* | Merge tag 'v0.5.4' into debian/latestGuilhem Moulin2020-12-1125
|\| | | | | | | Release version 0.5.4
| * Prepare new release v0.5.4.v0.5.4Guilhem Moulin2020-12-111
| |
| * Prepare new release v0.5.4.Guilhem Moulin2020-12-113
| |
| * rename 'debian' branch to 'debian/latest' for DEP-14 compliance.Guilhem Moulin2020-12-112
| |
| * documentation: improve wording.Guilhem Moulin2020-12-112
| |
| * typofixGuilhem Moulin2020-12-111
| |
| * Makefile: new 'release' target.Guilhem Moulin2020-12-112
| | | | | | | | Also, change the tag format from upstream/$VERSION to v$VERSION.
| * libinterimap: add support for the TLS SNI (Server Name Indication) extension.Guilhem Moulin2020-12-119
| | | | | | | | | | | | This is controlled by the new 'SSL_hostname' option. The default value of that option is the value of the 'host' option when it is hostname, and the empty string (which disables SNI) when it is an IP literal.
| * typofixGuilhem Moulin2020-12-111
| |
| * libinterimap: make SSL_verify check the hostname as well.Guilhem Moulin2020-12-119
| | | | | | | | | | | | | | | | | | | | More precisely, ensure that the certificate Subject Alternative Name (SAN) or Subject CommonName (CN) matches the hostname or IP literal specified by the 'host' option. Previously it was only verifying the chain of trust. This bumps the minimum Net::SSLeay version to 1.83 and OpenSSL version 1.0.2.
| * libinterimap: factor out hostname/IP parsing.Guilhem Moulin2020-12-114
| | | | | | | | | | Also, document that enclosing 'host' value in square brackets forces its interpretation as an IP literal (hence skips name resolution).
| * test suite: always generate new certificates on `make test`.Guilhem Moulin2020-12-1110
| | | | | | | | | | In addition, sign test certificates with the same root CA. Hence running `make test` now requires OpenSSL 1.1.1 or later.
| * libinterimap: show the matching pinned SPKI in --debug mode.Guilhem Moulin2020-12-115
| |
| * documentation: replace example.org with example.net for consistency.Guilhem Moulin2020-12-103
| |
| * Fix broken URLs.Guilhem Moulin2020-12-092
| |
* | d/gbp.conf: Update debian and upstream branches in compliance with DEP-14.Guilhem Moulin2020-12-112
| |
* | d/gbp.conf: Update upstream tag template.Guilhem Moulin2020-12-113
| |
* | Add d/watch pointing to the upstream repository.Guilhem Moulin2020-12-113
| |
* | Add d/upstream/signing-key.asc, the OpenPGP used to signed upstream tags.Guilhem Moulin2020-12-112
| | | | | | | | Forgot to checkout the file in 93be16b3b95089517bdfcec1110296706f14e2c0…
* | Prepare new release.debian/0.5.3-1Guilhem Moulin2020-12-091
| |
* | d/control: Bump Standards-Version to 4.5.1.Guilhem Moulin2020-12-092
| | | | | | | | No changes necessary.
* | d/control: Add missing epoch number on dovecot-* dependencies.Guilhem Moulin2020-12-092
| |
* | Add d/upstream/signing-key.asc, the OpenPGP used to signed upstream tags.Guilhem Moulin2020-12-091
| |
* | d/control: The test suite now requires Dovecot v2.2.31 or laterGuilhem Moulin2020-12-092
| | | | | | | | For ssl_alt_cert, see 51df40cf82c67ae828c325a42e28b3155fce9864.
* | New upstream release.Guilhem Moulin2020-12-091
| | | | | | | | Closes: #968392
* | Refresh patches.Guilhem Moulin2020-12-092
| |
* | Merge tag 'upstream/0.5.3' into debianGuilhem Moulin2020-12-0929
|\| | | | | | | Upstream version 0.5.3
| * Prepare new release.upstream/0.5.3Guilhem Moulin2020-12-093
| |
| * New test with a server offering both RSA+ECDSA certificates.Guilhem Moulin2020-12-097
| | | | | | | | | | | | | | | | | | | | | | | | This requires dovecot-imapd 2.2.31 or later. Certificate generated with: $ openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:P-256 -pkeyopt ec_param_enc:named_curve \ -out tests/snippets/dovecot/dovecot.ecdsa.key $ openssl req -x509 -days 3650 -subj "/CN=InterIMAP test suite" \ -key tests/snippets/dovecot/dovecot.ecdsa.key \ -out tests/snippets/dovecot/dovecot.ecdsa.crt
| * typofixGuilhem Moulin2020-12-092
| |
| * libinterimap: SSL_fingerprint now supports a space-separate list of digests ↵Guilhem Moulin2020-12-095
| | | | | | | | | | | | | | | | | | to pin. And succeeds if, and only if, the peer certificate SPKI matches one of the pinned digest values. Specifying multiple digest values can key useful in key rollover scenarios and/or when the server supports certificates of different types (for instance RSA+ECDSA).
| * test suite: use a RSA certificate rather than ECDSA.Guilhem Moulin2020-12-0911
| | | | | | | | | | | | | | | | | | It's arguably the most common use-case. Generated with $ openssl genpkey -algorithm RSA -out tests/snippets/dovecot/dovecot.rsa.key $ openssl req -x509 -days 3650 -subj "/CN=InterIMAP test suite" \ -key tests/snippets/dovecot/dovecot.rsa.key \ -out tests/snippets/dovecot/dovecot.rsa.crt
| * libinterimap: 'debug' forces 'null-stderr' = 0.Guilhem Moulin2020-12-083
| | | | | | | | | | | | The standard error is never sent to /dev/null in debug mode. Closes: deb#968392
| * typofixGuilhem Moulin2020-08-042
| |
| * typofixGuilhem Moulin2020-08-041
| |
| * Improve long command wrapping.Guilhem Moulin2020-08-044
| |
| * Upgrade URLs to secure HTTP.Guilhem Moulin2020-08-048
| |
| * wibbleGuilhem Moulin2020-08-031
| |
* | Prepare new release.debian/0.5.2-1Guilhem Moulin2020-08-033
| |
* | Merge tag 'upstream/0.5.2' into debianGuilhem Moulin2020-08-0314
|\| | | | | | | Upstream version 0.5.2
| * Prepare new release.upstream/0.5.2Guilhem Moulin2020-08-031
| |
| * libinterimap: abort on PREAUTH greeting received on plaintext connectionsGuilhem Moulin2020-08-036
| | | | | | | | | | Set "STARTTLS = NO" to ignore. This is similar to CVE-2020-12398 and CVE-2020-14093.
| * libinterimap: Fix response injection vulnerability after STARTTLS.Guilhem Moulin2020-08-037
| | | | | | | | For background see https://gitlab.com/muttmua/mutt/-/issues/248 .
| * typofixGuilhem Moulin2020-08-031
| |