From 1630f2387c52a0ac460922eda6535165fdb279d1 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Tue, 8 Dec 2020 16:03:23 +0100
Subject: libinterimap: 'debug' forces 'null-stderr' = 0.

The standard error is never sent to /dev/null in debug mode.

Closes: deb#968392
---
 Changelog | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'Changelog')

diff --git a/Changelog b/Changelog
index 6ee44fc..6dca6b4 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,10 @@
+interimap (0.5.3) upstream;
+
+ - libinterimap: 'null-stderr' is now ignored when the 'debug' flag is
+    set (the standard error is never sent to /dev/null).
+
+ -- Guilhem Moulin <guilhem@fripost.org>  Tue, 08 Dec 2020 15:58:22 +0100
+
 interimap (0.5.2) upstream;
 
  - Makefile: remove 'smart' extension from pandoc call to generate
-- 
cgit v1.2.3


From b13c9fa6f442f555af65f869b954935dae40fcc4 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Wed, 9 Dec 2020 14:57:11 +0100
Subject: test suite: use a RSA certificate rather than ECDSA.

It's arguably the most common use-case.  Generated with

  $ openssl genpkey -algorithm RSA -out tests/snippets/dovecot/dovecot.rsa.key
  $ openssl req -x509 -days 3650 -subj "/CN=InterIMAP test suite" \
        -key tests/snippets/dovecot/dovecot.rsa.key \
        -out tests/snippets/dovecot/dovecot.rsa.crt
---
 Changelog | 1 +
 1 file changed, 1 insertion(+)

(limited to 'Changelog')

diff --git a/Changelog b/Changelog
index 6dca6b4..341d5f7 100644
--- a/Changelog
+++ b/Changelog
@@ -2,6 +2,7 @@ interimap (0.5.3) upstream;
 
  - libinterimap: 'null-stderr' is now ignored when the 'debug' flag is
     set (the standard error is never sent to /dev/null).
+ - test suite: use a RSA certificate rather than ECDSA.
 
  -- Guilhem Moulin <guilhem@fripost.org>  Tue, 08 Dec 2020 15:58:22 +0100
 
-- 
cgit v1.2.3


From a1ef66a76b4a6651b7371a9fd1e35f2f99e85bfa Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Wed, 9 Dec 2020 15:06:37 +0100
Subject: libinterimap: SSL_fingerprint now supports a space-separate list of
 digests to pin.

And succeeds if, and only if, the peer certificate SPKI matches one of
the pinned digest values.  Specifying multiple digest values can key
useful in key rollover scenarios and/or when the server supports
certificates of different types (for instance RSA+ECDSA).
---
 Changelog | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'Changelog')

diff --git a/Changelog b/Changelog
index 341d5f7..e400b37 100644
--- a/Changelog
+++ b/Changelog
@@ -1,5 +1,11 @@
 interimap (0.5.3) upstream;
 
+ * libinterimap: SSL_fingerprint now supports a space-separate list of
+   digests to pin, and succeeds if, and only if, the peer certificate
+   SPKI matches one of the pinned digest values.  Specifying multiple
+   digest values can key useful in key rollover scenarios and/or when
+   the server supports certificates of different types (for instance
+   RSA+ECDSA).
  - libinterimap: 'null-stderr' is now ignored when the 'debug' flag is
     set (the standard error is never sent to /dev/null).
  - test suite: use a RSA certificate rather than ECDSA.
-- 
cgit v1.2.3


From 51df40cf82c67ae828c325a42e28b3155fce9864 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Wed, 9 Dec 2020 15:11:45 +0100
Subject: New test with a server offering both RSA+ECDSA certificates.

This requires dovecot-imapd 2.2.31 or later.

Certificate generated with:

      $ openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:P-256 -pkeyopt ec_param_enc:named_curve \
            -out tests/snippets/dovecot/dovecot.ecdsa.key
      $ openssl req -x509 -days 3650 -subj "/CN=InterIMAP test suite" \
            -key tests/snippets/dovecot/dovecot.ecdsa.key \
            -out tests/snippets/dovecot/dovecot.ecdsa.crt
---
 Changelog | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'Changelog')

diff --git a/Changelog b/Changelog
index e400b37..ddc4695 100644
--- a/Changelog
+++ b/Changelog
@@ -9,6 +9,8 @@ interimap (0.5.3) upstream;
  - libinterimap: 'null-stderr' is now ignored when the 'debug' flag is
     set (the standard error is never sent to /dev/null).
  - test suite: use a RSA certificate rather than ECDSA.
+ - test suite: new test with a server offering both RSA+ECDSA
+   certificates.  This test requires dovecot-imapd 2.2.31 or later.
 
  -- Guilhem Moulin <guilhem@fripost.org>  Tue, 08 Dec 2020 15:58:22 +0100
 
-- 
cgit v1.2.3


From bb58678ba034e56f88db7202bf4e29ef3bd1bebd Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Wed, 9 Dec 2020 15:33:15 +0100
Subject: Prepare new release.

---
 Changelog | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'Changelog')

diff --git a/Changelog b/Changelog
index ddc4695..4d9b9a4 100644
--- a/Changelog
+++ b/Changelog
@@ -12,7 +12,7 @@ interimap (0.5.3) upstream;
  - test suite: new test with a server offering both RSA+ECDSA
    certificates.  This test requires dovecot-imapd 2.2.31 or later.
 
- -- Guilhem Moulin <guilhem@fripost.org>  Tue, 08 Dec 2020 15:58:22 +0100
+ -- Guilhem Moulin <guilhem@fripost.org>  Wed, 09 Dec 2020 15:32:01 +0100
 
 interimap (0.5.2) upstream;
 
-- 
cgit v1.2.3