Commit message (Collapse) | Author | Age | Files | ||
---|---|---|---|---|---|
... | |||||
| * | typofix | Guilhem Moulin | 2020-12-11 | 1 | |
| | | |||||
| * | Makefile: new 'release' target. | Guilhem Moulin | 2020-12-11 | 2 | |
| | | | | | | | | Also, change the tag format from upstream/$VERSION to v$VERSION. | ||||
| * | libinterimap: add support for the TLS SNI (Server Name Indication) extension. | Guilhem Moulin | 2020-12-11 | 9 | |
| | | | | | | | | | | | | This is controlled by the new 'SSL_hostname' option. The default value of that option is the value of the 'host' option when it is hostname, and the empty string (which disables SNI) when it is an IP literal. | ||||
| * | typofix | Guilhem Moulin | 2020-12-11 | 1 | |
| | | |||||
| * | libinterimap: make SSL_verify check the hostname as well. | Guilhem Moulin | 2020-12-11 | 9 | |
| | | | | | | | | | | | | | | | | | | | | More precisely, ensure that the certificate Subject Alternative Name (SAN) or Subject CommonName (CN) matches the hostname or IP literal specified by the 'host' option. Previously it was only verifying the chain of trust. This bumps the minimum Net::SSLeay version to 1.83 and OpenSSL version 1.0.2. | ||||
| * | libinterimap: factor out hostname/IP parsing. | Guilhem Moulin | 2020-12-11 | 4 | |
| | | | | | | | | | | Also, document that enclosing 'host' value in square brackets forces its interpretation as an IP literal (hence skips name resolution). | ||||
| * | test suite: always generate new certificates on `make test`. | Guilhem Moulin | 2020-12-11 | 10 | |
| | | | | | | | | | | In addition, sign test certificates with the same root CA. Hence running `make test` now requires OpenSSL 1.1.1 or later. | ||||
| * | libinterimap: show the matching pinned SPKI in --debug mode. | Guilhem Moulin | 2020-12-11 | 5 | |
| | | |||||
| * | documentation: replace example.org with example.net for consistency. | Guilhem Moulin | 2020-12-10 | 3 | |
| | | |||||
| * | Fix broken URLs. | Guilhem Moulin | 2020-12-09 | 2 | |
| | | |||||
* | | d/gbp.conf: Update debian and upstream branches in compliance with DEP-14. | Guilhem Moulin | 2020-12-11 | 2 | |
| | | |||||
* | | d/gbp.conf: Update upstream tag template. | Guilhem Moulin | 2020-12-11 | 3 | |
| | | |||||
* | | Add d/watch pointing to the upstream repository. | Guilhem Moulin | 2020-12-11 | 3 | |
| | | |||||
* | | Add d/upstream/signing-key.asc, the OpenPGP used to signed upstream tags. | Guilhem Moulin | 2020-12-11 | 2 | |
| | | | | | | | | Forgot to checkout the file in 93be16b3b95089517bdfcec1110296706f14e2c0… | ||||
* | | Prepare new release.debian/0.5.3-1 | Guilhem Moulin | 2020-12-09 | 1 | |
| | | |||||
* | | d/control: Bump Standards-Version to 4.5.1. | Guilhem Moulin | 2020-12-09 | 2 | |
| | | | | | | | | No changes necessary. | ||||
* | | d/control: Add missing epoch number on dovecot-* dependencies. | Guilhem Moulin | 2020-12-09 | 2 | |
| | | |||||
* | | Add d/upstream/signing-key.asc, the OpenPGP used to signed upstream tags. | Guilhem Moulin | 2020-12-09 | 1 | |
| | | |||||
* | | d/control: The test suite now requires Dovecot v2.2.31 or later | Guilhem Moulin | 2020-12-09 | 2 | |
| | | | | | | | | For ssl_alt_cert, see 51df40cf82c67ae828c325a42e28b3155fce9864. | ||||
* | | New upstream release. | Guilhem Moulin | 2020-12-09 | 1 | |
| | | | | | | | | Closes: #968392 | ||||
* | | Refresh patches. | Guilhem Moulin | 2020-12-09 | 2 | |
| | | |||||
* | | Merge tag 'upstream/0.5.3' into debian | Guilhem Moulin | 2020-12-09 | 29 | |
|\| | | | | | | | Upstream version 0.5.3 | ||||
| * | Prepare new release.upstream/0.5.3 | Guilhem Moulin | 2020-12-09 | 3 | |
| | | |||||
| * | New test with a server offering both RSA+ECDSA certificates. | Guilhem Moulin | 2020-12-09 | 7 | |
| | | | | | | | | | | | | | | | | | | | | | | | | This requires dovecot-imapd 2.2.31 or later. Certificate generated with: $ openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:P-256 -pkeyopt ec_param_enc:named_curve \ -out tests/snippets/dovecot/dovecot.ecdsa.key $ openssl req -x509 -days 3650 -subj "/CN=InterIMAP test suite" \ -key tests/snippets/dovecot/dovecot.ecdsa.key \ -out tests/snippets/dovecot/dovecot.ecdsa.crt | ||||
| * | typofix | Guilhem Moulin | 2020-12-09 | 2 | |
| | | |||||
| * | libinterimap: SSL_fingerprint now supports a space-separate list of digests ↵ | Guilhem Moulin | 2020-12-09 | 5 | |
| | | | | | | | | | | | | | | | | | | to pin. And succeeds if, and only if, the peer certificate SPKI matches one of the pinned digest values. Specifying multiple digest values can key useful in key rollover scenarios and/or when the server supports certificates of different types (for instance RSA+ECDSA). | ||||
| * | test suite: use a RSA certificate rather than ECDSA. | Guilhem Moulin | 2020-12-09 | 11 | |
| | | | | | | | | | | | | | | | | | | It's arguably the most common use-case. Generated with $ openssl genpkey -algorithm RSA -out tests/snippets/dovecot/dovecot.rsa.key $ openssl req -x509 -days 3650 -subj "/CN=InterIMAP test suite" \ -key tests/snippets/dovecot/dovecot.rsa.key \ -out tests/snippets/dovecot/dovecot.rsa.crt | ||||
| * | libinterimap: 'debug' forces 'null-stderr' = 0. | Guilhem Moulin | 2020-12-08 | 3 | |
| | | | | | | | | | | | | The standard error is never sent to /dev/null in debug mode. Closes: deb#968392 | ||||
| * | typofix | Guilhem Moulin | 2020-08-04 | 2 | |
| | | |||||
| * | typofix | Guilhem Moulin | 2020-08-04 | 1 | |
| | | |||||
| * | Improve long command wrapping. | Guilhem Moulin | 2020-08-04 | 4 | |
| | | |||||
| * | Upgrade URLs to secure HTTP. | Guilhem Moulin | 2020-08-04 | 8 | |
| | | |||||
| * | wibble | Guilhem Moulin | 2020-08-03 | 1 | |
| | | |||||
* | | Prepare new release.debian/0.5.2-1 | Guilhem Moulin | 2020-08-03 | 3 | |
| | | |||||
* | | Merge tag 'upstream/0.5.2' into debian | Guilhem Moulin | 2020-08-03 | 14 | |
|\| | | | | | | | Upstream version 0.5.2 | ||||
| * | Prepare new release.upstream/0.5.2 | Guilhem Moulin | 2020-08-03 | 1 | |
| | | |||||
| * | libinterimap: abort on PREAUTH greeting received on plaintext connections | Guilhem Moulin | 2020-08-03 | 6 | |
| | | | | | | | | | | Set "STARTTLS = NO" to ignore. This is similar to CVE-2020-12398 and CVE-2020-14093. | ||||
| * | libinterimap: Fix response injection vulnerability after STARTTLS. | Guilhem Moulin | 2020-08-03 | 7 | |
| | | | | | | | | For background see https://gitlab.com/muttmua/mutt/-/issues/248 . | ||||
| * | typofix | Guilhem Moulin | 2020-08-03 | 1 | |
| | | |||||
| * | libinterimap: fail when a capability to ENABLE is missing from the server's ↵ | Guilhem Moulin | 2020-08-03 | 2 | |
| | | | | | | | | CAPABILITY listing. | ||||
| * | Bump version number. | Guilhem Moulin | 2020-08-03 | 2 | |
| | | |||||
| * | Makefile: remove 'smart' extension from pandoc call to generate manuals. | Guilhem Moulin | 2020-08-03 | 2 | |
| | | |||||
| * | HTML: Add background color to code snippets. | Guilhem Moulin | 2020-07-02 | 1 | |
| | | |||||
* | | d/rules: Pass '--no-enable' to dh_installsystemduser(1).debian/0.5.1-2 | Guilhem Moulin | 2020-07-05 | 2 | |
| | | | | | | | | | | | | Not enabling the units on install makes sense as interimap resp. pullimap will refuse to create the database when started with '--watch=' resp. '--idle='. | ||||
* | | Prepare new release.debian/0.5.1-1 | Guilhem Moulin | 2020-07-02 | 1 | |
| | | |||||
* | | Adapt d/*.docs, d/*.install and d/*.manpages to the current upstream Makefile. | Guilhem Moulin | 2020-07-02 | 8 | |
| | | |||||
* | | d/patches/Ignore-custom-lib-PATH.patch: Remove patch, applied upstream. | Guilhem Moulin | 2020-07-02 | 3 | |
| | | |||||
* | | 0.5-1 closed #946727. | Guilhem Moulin | 2020-07-02 | 1 | |
| | | |||||
* | | Bump version number. | Guilhem Moulin | 2020-07-02 | 1 | |
| | | |||||
* | | Merge tag 'upstream/0.5.1' into debian | Guilhem Moulin | 2020-07-02 | 10 | |
|\| | | | | | | | Upstream version 0.5.1 |