aboutsummaryrefslogtreecommitdiffstats
path: root/lib
Commit message (Collapse)AuthorAgeFiles
* Prepare new release v0.5.6.v0.5.6Guilhem Moulin2021-01-011
|
* Bump required Net::SSLeay version to 1.86_06.Guilhem Moulin2021-01-011
| | | | | | | | | | | That's when get_version() was introduced. Unfortunately the manual doesn't mention it, but 1.85 is lacking the function, see https://github.com/radiator-software/p5-net-ssleay/blob/1.88/Changes#L216 https://github.com/radiator-software/p5-net-ssleay/commit/ae33bb5405dadde973bc25a0c5e3941d5c83f8b1 Compatibility with Net::SSLeay 1.83 can be restored by reverting this commit and 35f4ecefa9c9ff55acfdb337b215e3d13345c86d.
* Prepare new release v0.5.5.v0.5.5Guilhem Moulin2020-12-261
|
* libinterimap: new option SSL_ciphersuites to set the TLSv1.3 ciphersuites.Guilhem Moulin2020-12-171
| | | | | Also, clarify that SSL_cipherlist only applies to TLSv1.2 and below. See SSL_CTX_set_cipher_list(3ssl).
* typofixGuilhem Moulin2020-12-131
|
* libinterimap: _start_ssl() now fails immediately with OpenSSL <1.1.0.Guilhem Moulin2020-12-131
| | | | | | | It could in principle still work with earlier versions if the new settings SSL_protocol_{min,max} are not used, however it's cumbersome to do individual checks for specific settings, let alone maintain test coverage with multiple OpenSSL versions.
* libinterimap: use default locations for trusted CA certificates when neither ↵Guilhem Moulin2020-12-131
| | | | | | | | | | | CAfile nor CApath are set. In particular, OpenSSL's default locations can be overridden by the SSL_CERT_FILE resp. SSL_CERT_DIR environment variables, see SSL_CTX_load_verify_locations(3ssl). This bumps the minimum OpenSSL version to 1.1.0 (when SSL_verify is used).
* Explicitly set SSL_verify=1 (default) only once.Guilhem Moulin2020-12-131
|
* Make error messages more uniform and consistent.Guilhem Moulin2020-12-131
|
* Fix broken URLs.Guilhem Moulin2020-12-131
|
* typofix, spellingGuilhem Moulin2020-12-121
|
* libinterimap: deprecate SSL_protocols and introduce SSL_protocol_{min,max}.Guilhem Moulin2020-12-111
| | | | | | | | Using the libssl interface simplifies our protocol black/whitelist greatly; this only allows simple min/max bounds, but holes are arguably not very useful here. Using the new settings bumps the required libssl version to 1.1.0.
* libinterimap: use Net::SSLeay::get_version() to get the protocol version string.Guilhem Moulin2020-12-111
| | | | This avoids maintaing our own map.
* libinterimap: make $OPENSSL_VERSION global.Guilhem Moulin2020-12-111
|
* libinterimap: remove default SSL_protocols value.Guilhem Moulin2020-12-111
| | | | | | | | Namely, use the system default instead of "!SSLv2 !SSLv3 !TLSv1 !TLSv1.1". As of Debian Buster (OpenSSL 1.1.1) this does not make a difference, however using the system default provides better compatibility with future libssl versions.
* Update copyright years.Guilhem Moulin2020-12-111
|
* typofixGuilhem Moulin2020-12-111
|
* libinterimap: add support for the TLS SNI (Server Name Indication) extension.Guilhem Moulin2020-12-111
| | | | | | This is controlled by the new 'SSL_hostname' option. The default value of that option is the value of the 'host' option when it is hostname, and the empty string (which disables SNI) when it is an IP literal.
* libinterimap: make SSL_verify check the hostname as well.Guilhem Moulin2020-12-111
| | | | | | | | | | More precisely, ensure that the certificate Subject Alternative Name (SAN) or Subject CommonName (CN) matches the hostname or IP literal specified by the 'host' option. Previously it was only verifying the chain of trust. This bumps the minimum Net::SSLeay version to 1.83 and OpenSSL version 1.0.2.
* libinterimap: factor out hostname/IP parsing.Guilhem Moulin2020-12-111
| | | | | Also, document that enclosing 'host' value in square brackets forces its interpretation as an IP literal (hence skips name resolution).
* libinterimap: show the matching pinned SPKI in --debug mode.Guilhem Moulin2020-12-111
|
* libinterimap: SSL_fingerprint now supports a space-separate list of digests ↵Guilhem Moulin2020-12-091
| | | | | | | | | to pin. And succeeds if, and only if, the peer certificate SPKI matches one of the pinned digest values. Specifying multiple digest values can key useful in key rollover scenarios and/or when the server supports certificates of different types (for instance RSA+ECDSA).
* libinterimap: 'debug' forces 'null-stderr' = 0.Guilhem Moulin2020-12-081
| | | | | | The standard error is never sent to /dev/null in debug mode. Closes: deb#968392
* Upgrade URLs to secure HTTP.Guilhem Moulin2020-08-041
|
* libinterimap: abort on PREAUTH greeting received on plaintext connectionsGuilhem Moulin2020-08-031
| | | | | Set "STARTTLS = NO" to ignore. This is similar to CVE-2020-12398 and CVE-2020-14093.
* libinterimap: Fix response injection vulnerability after STARTTLS.Guilhem Moulin2020-08-031
| | | | For background see https://gitlab.com/muttmua/mutt/-/issues/248 .
* typofixGuilhem Moulin2020-08-031
|
* libinterimap: fail when a capability to ENABLE is missing from the server's ↵Guilhem Moulin2020-08-031
| | | | CAPABILITY listing.
* Improve “UIDVALIDITY changed!” error message.Guilhem Moulin2019-11-151
| | | | | Mention the name of the problematic mailbox. (We may detect the violation while not in SELECTED state.)
* Fix minor space damage.Guilhem Moulin2019-11-131
|
* Avoid sending large UID EXPUNGE|FETCH|STORE and APPEND commands.Guilhem Moulin2019-11-131
| | | | | | | | | | | | | | | | | | | | | | UID EXPUNGE|FETCH|STORE commands are now split into multiple (sequential) commands when their set representation exceeds 4096 bytes in size. Without splitting logic set representations could grow arbitrarily large, and exceed the server's maximum command size. This adds roundtrips which could be eliminated by pipelining, but it's unlikely to make any difference in typical synchronization work. While set representations seem to remain small in practice, they might grow significantly if many non-contiguous UIDs were flagged and/or expunged, and later synchronized at once. Furthermore, for MULTIAPPEND-capable servers, the number of messages is limited to 128 per APPEND command (also subject to a combined literal size of 1MiB like before). These numbers are currently not configurable. They're intentionally lower than Dovecot's default maximum command size (64k) in order to avoid a deadlock situation after sending 8k-long commands under COMPRESS=DEFLATE: https://dovecot.org/pipermail/dovecot/2019-November/117522.html .
* Net::IMAP::InterIMAP: Don't export $IMAP_text and $IMAP_cond.Guilhem Moulin2019-11-131
|
* Net::IMAP::InterIMAP::push_flag_updates() bugfixes.Guilhem Moulin2019-11-131
| | | | | | | | | | | | | | The UNCHANGEDSINCE test from the CONDSTORE extension was incorrectly placed after the flag list in UID STORE commands. In practice this meant the server didn't add the MODIFIED code when needed. The server won't send an untagged FETCH command (and won't increase the message's MODSEQ) if no change was made to the flag list. A panic() was incorrectly triggered in that case. When the flag list was set (by another client) to a superset of the UID STORE command currently processed, the extra flags were not synchronized. Cf. RFC 7162 sec. 3.1.3 ex. 10.
* Bump minimum Perl for Net::IMAP::InterIMAP to v5.20.Guilhem Moulin2019-11-131
| | | | | We're using s///r which was introduced in 5.14, and hash slices which were introduced in 5.20.
* Test suite: add new tests for SSL/TLS.Guilhem Moulin2019-11-131
| | | | | SSL connections are accepted on TCP port 10993. Also, fix STARTTLS directive, broken since fba1c36…
* Remove deprecated/buggy 'o' regexp modifier.Guilhem Moulin2019-11-081
|
* libinterimap: honor compress={Yes/No}.Guilhem Moulin2019-11-081
|
* Refactor logging logic.Guilhem Moulin2019-11-071
| | | | | | | Also, introduce new option 'logger-prefix' to determine the prefix of each log line. Closes: #942725.
* libinterimap: Don't panic at the end of the compressed stream.Guilhem Moulin2019-11-071
| | | | | Cf. Compress::Raw::Zlib's documentation. Z_STREAM_END denotes a successful state.
* libinterimap: Free reference to $self in _start_ssl().Guilhem Moulin2019-11-071
| | | | | | | | (We don't need the function anymore once the handshake is established). Otherwise the reference count of that IMAP client never gets to 0 before the global destruction phase. For interimap, this causes traffic stats to be printed not by the cleanup() function as intended, but just before the program exits.
* wibbleGuilhem Moulin2019-11-071
|
* Update copyright years.Guilhem Moulin2019-11-061
|
* Allow lowercase SASL mechanisms.Guilhem Moulin2019-11-061
| | | | | | RFC 2222 sec. 3 says that values are “from 1 to 20 characters in length, consisting of upper-case letters, digits, hyphens, and/or underscores” so we always upper-case the value.
* pullimap, interimap: redact AUTHENTICATE and LOGIN commandsGuilhem Moulin2019-11-061
| | | | | | In --debug mode in order to avoid inadvertently receiving credentials in bug reports. --debug can be set twice to spell out these commands in full.
* libinterimap: use directories relative to $HOME for the XDG defaults.Guilhem Moulin2019-07-081
| | | | | | | | | | | | Previously getpwuid() was called to determine the user's home directory, while the XDG specification explicitely mentions $HOME. Conveniently our docs always mentioned ~/, which on POSIX-compliant systems expands to the value of the variable HOME (and the result is unspecified when the variable is unset). Cf. Shell and Utilities volume of POSIX.1-2017, sec. 2.6.1: https://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3_chap02.html#tag_18_06_01
* typo fixesGuilhem Moulin2019-05-281
|
* Net::IMAP::InterIMAP: call shutdown(2) on teardown also for type=tunnel.Guilhem Moulin2019-05-281
| | | | | | Since we now use socketpair(2) for type=tunnel (instead of a pair of unnamed pipes) we can unify communication endpoints creation and teardown.
* libinterimap: use socketpair(2) in tunnel mode.Guilhem Moulin2019-05-271
| | | | | | Rather than two pipe(2). Also, use SOCK_CLOEXEC to save a fcntl() call when setting the close-on-exec flag on the socket (even though Perl will likely call fcntl() anyway).
* libinterimap: astring is 1*ASTRING-CHAR / string.Guilhem Moulin2019-05-271
| | | | | | | | | | | | | | | Not 1*ATOM-CHAR / string. Also accept LIST responses mailbox names containing '%', '*', or ']'. From RFC 3501: astring = 1*ASTRING-CHAR / string ASTRING-CHAR = ATOM-CHAR / resp-specials list = "LIST" SP mailbox SP list-mailbox list-mailbox = 1*list-char / string list-char = ATOM-CHAR / list-wildcards / resp-specials list-wildcards = "%" / "*" resp-specials = "]"
* libinterimap: quote() the empty string as "" instead of a 0-length literal.Guilhem Moulin2019-05-271
| | | | | Compression asside, this saves 3 bytes and one round-trip on servers not supporting non-synchronizing literals, and 4 bytes otherwise.