interimap (0.5.5) upstream; * libinterimap: remove default SSL_protocols value "!SSLv2 !SSLv3 !TLSv1 !TLSv1.1" and use the system default instead. As of Debian Buster (OpenSSL 1.1.1) this does not make a difference, however using the system default provides better compatibility with future libssl versions. * libinterimap: deprecate SSL_protocols, obsoleted by new settings SSL_protocol_{min,max}. Using the libssl interface simplifies our protocol black/whitelist greatly; this only allows simple min/max bounds, but holes are arguably not very useful here. * libinterimap: use default locations for trusted CA certificates when neither CAfile nor CApath are set. In particular, OpenSSL's default locations can be overridden by the SSL_CERT_FILE resp. SSL_CERT_DIR environment variables, see SSL_CTX_load_verify_locations(3ssl). * libinterimap: _start_ssl() now fails immediately with OpenSSL <1.1.0. It could in principle still work with earlier versions if the new settings SSL_protocol_{min,max} are not used, however it's cumbersome to do individual checks for specific settings, let alone maintain test coverage with multiple OpenSSL versions. + `make release`: also bump libinterimap version and pin it in 'use' declarations. + Make error messages more uniform and consistent. - libinterimap: use Net::SSLeay::get_version() to get the protocol version string. - test suite: `mv tests/snippets tests/config` - tests/tls-protocols: use custom OpenSSL configuration file with MinProtocol=None so we can test TLSv1 as well, not just TLSv1.2 and later. - test suite: explicitly set ssl_min_protocol=TLSv1 in the Dovecot configuration file (the default as of 2.3.11.3), hence running TLS tests now require Dovecot 2.3 or later. - documentation: simplify SSL options in the sample configuration files. - README: suggest 'restrict,command="/usr/bin/doveadm exec imap"' as authorized_keys(5) options. - README: suggest ControlPath=$XDG_RUNTIME_DIR/ssh-imap-%C for the SSH transport (note that variable expansion is only available in OpenSSH 8.4 and later). - test suite: ensure we haven't started speaking IMAP when the SSL/TLS handshake is aborted (unless STARTTLS is used to upgrade to connection). - documentation: Clarify that known TLS protocol versions depend on the OpenSSL version used. -- Guilhem Moulin Fri, 11 Dec 2020 14:55:53 +0100 interimap (0.5.4) upstream; * libinterimap: make SSL_verify also checks that the certificate Subject Alternative Name (SAN) or Subject CommonName (CN) matches the hostname or IP literal specified by the 'host' option. Previously it was only checking the chain of trust. This bumps the minimum Net::SSLeay version to 1.83 and OpenSSL version to 1.0.2 (when SSL_verify is used). * libinterimap: add support for the TLS SNI (Server Name Indication) extension, controlled by the new 'SSL_hostname' option. The default value of that option is the value of the 'host' option when it is hostname, and the empty string (which disables SNI) when it is an IP literal. + libinterimap: show the matching pinned SPKI in --debug mode. + test suite: always generate new certificates on `make test`. + test suite: sign all test certificates with the same root CA. + libinterimap: factor out hostname/IP parsing. + document that enclosing 'host' value in square brackets forces its interpretation as an IP literal (hence skips name resolution). + Makefile: new 'release' target; also, change the tag format from upstream/$VERSION to v$VERSION. - documentation: replace example.org with example.net for consistency. - rename 'debian' branch to 'debian/latest' for DEP-14 compliance. -- Guilhem Moulin Fri, 11 Dec 2020 11:21:17 +0100 interimap (0.5.3) upstream; * libinterimap: SSL_fingerprint now supports a space-separated list of digests to pin, and succeeds if, and only if, the peer certificate SPKI matches one of the pinned digest values. Specifying multiple digest values can key useful in key rollover scenarios and/or when the server supports certificates of different types (for instance RSA+ECDSA). - libinterimap: 'null-stderr' is now ignored when the 'debug' flag is set (the standard error is never sent to /dev/null). - test suite: use a RSA certificate rather than ECDSA. - test suite: new test with a server offering both RSA+ECDSA certificates. This test requires dovecot-imapd 2.2.31 or later. -- Guilhem Moulin Wed, 09 Dec 2020 15:32:01 +0100 interimap (0.5.2) upstream; - Makefile: remove 'smart' extension from pandoc call to generate manuals (it's no longer supported by pandoc 2.9 which generates \[lq] and \[rq] in the groff output anyway). - libinterimap: fix response injection vulnerability after STARTTLS. For background see https://gitlab.com/muttmua/mutt/-/issues/248 . - libinterimap: abort on PREAUTH greeting received on plaintext connections (set "STARTTLS = NO" to ignore). This is similar to CVE-2020-12398 and CVE-2020-14093. * libinterimap: fail when a capability to ENABLE is missing from the server's CAPABILITY listing. -- Guilhem Moulin Mon, 03 Aug 2020 20:50:41 +0200 interimap (0.5.1) upstream; + pullimap: also compare RFC 5322 date and envelope information in mailbox comparison tests. + interimap, pullimap: remove `use lib` statement. * Makefile: major refactoring, add install and uninstall targets, honor BUILD_DOCDIR and DESTDIR variables. -- Guilhem Moulin Thu, 02 Jul 2020 00:15:03 +0200 interimap (0.5) upstream; Breaking changes: * interimap: when matching mailbox names against the 'ignore-mailbox' pattern, the hierarchy delimiter is substituted with a null character before hand. For instance one should now use '^virtual(?:\x00|$)' to exclude the mailbox named 'virtual' as well as its descendants (regardless of the hierarchy delimiter in use). Other changes: * interimap: the space-separated list of names and/or patterns in 'list-mailbox' can now contain C-style escape sequences (backslash and hexadecimal escape). * interimap: fail when two non-INBOX LIST replies return different separators. This never happens for a single LIST command, but may happen if mailboxes from different namespaces are being listed. The workaround here is to run a new interimap instance for each namespace. * libinterimap: in tunnel mode, use a socket pair rather than two pipes for IPC between the interimap and the IMAP server. Also, use SOCK_CLOEXEC to save an fcntl() call when setting the close-on-exec flag on the socket. * interimap: new option 'list-reference' to specify a reference name. This is useful for synchronizing multiple remote servers against different namespaces belonging to the same local IMAP server (using a different InterIMAP instance for each local namespace <-> remote synchronization, for instance with the newly provided systemd template unit file). * Add a test-suite. (Requires dovecot-imapd, pkill(1) and xxd(1).) * Completely refactor the documentation. In particular, move manpages to a new 'doc' directory, and generate HTML documentation with `make html`. + interimap: write which --target to use in --delete command suggestions. + interimap: avoid caching hierarchy delimiters forever in the database. Instead, use null characters internally, and substitute them with the local and remote hierarchy delimiters (which thus no longer need to match) for IMAP commands. This require a database schema upgrade to alter the mailbox name column type from TEXT to BLOB. + interimap: use the 'user_version' SQLite PRAGMA for database schema version. + interimap, pullimap: in the manpage, clarify that the tunnel command is run following Perl's `exec` semantics: it is passed to `/bin/sh -c` when it contains shell metacharacters; and split into words and passed to execvp(3) otherwise. + interimap, pullimap: redact AUTHENTICATE and LOGIN commands in --debug mode in order to avoid inadvertently receiving credentials in bug reports. --debug can be set twice to spell out these commands in full. + interimap: new option 'log-prefix' to control the prefix of each log entry, depending on the component name and relevant mailbox. + interimap: raise SELECT sample range size from 64 to 256 bytes. - libinterimap: bugfix: hierarchy delimiters in LIST responses were returned as an escaped quoted special, like "\\", not as a single character (backslash in this case). - libinterimap: the parser choked on responses with non-quoted/literal astring containing ']' characters. And LIST responses with non-quoted/literal list-mailbox names containing '%', '*' or ']' characters. - libinterimap: quote() the empty string as "" instead of a 0-length literal. (This saves 3 bytes + one round-trip on servers not supporting non-synchronizing literals, and 4 bytes otherwise.) - interimap: unlike what the documentation said, spaces where not allowed in the 'list-select-opts' configuration option, so at maximum one selector could be used for the initial LIST command. - interimap: unlike what the documentation said, 'ignore-mailbox' was not ignored when names were specified as command line arguments. - interimap: accept comma-separated values for --target. - interimap: --rename of a \NonExistent mailbox didn't trigger a RENAME command on the local/remote IMAP servers, nor an update of the 'mailboxes' table. - interimap: don't try to delete \NoSelect mailboxes (it's an error per RFC 3501 sec. 6.3.4). - interimap: SQLite were not enforcing foreign key constraints (setting the 'foreign_keys' PRAGMA during a transaction is a documented no-op). - interimap: fix handling of mod-sequence values greater or equal than 2 << 63. - libinterimap: use directories relative to $HOME for the XDG environment variables default values. Previously getpwuid() was called to determine the user's home directory, while the XDG specification explicitly mentions $HOME. Conveniently our docs always mentioned ~/, which on POSIX-compliant systems expands to the value of the variable HOME. (Cf. Shell and Utilities volume of POSIX.1-2017, sec. 2.6.1.) - libinterimap: don't panic() when inflate() reports the end of the compression stream is reached. - libinterimap: the 'compress' boolean wasn't honored. - libinterimap: fix STARTTLS directive, broken since 0.2. - libinterimap: push_flag_updates(): the UNCHANGEDSINCE test from the CONDSTORE extension was incorrectly placed after the flag list in UID STORE commands. - libinterimap: push_flag_updates(): ignore UIDs for which no untagged FETCH response was received. - libinterimap: push_flag_updates(): don't ignores received updates (by another client) to a superset of the desired flag list. - libinterimap: avoid sending large UID EXPUNGE|FETCH|STORE commands as they might exceed the server's max acceptable command size; these commands are now split into multiple (sequential) commands when their set representation exceeds 4096 bytes in size. Performance could be improved by pipelining but given the scope of this software (synchronization) it's unlikely to make any difference in practice. This is a also a workaround for a bug in Dovecot 2.3.4: https://dovecot.org/pipermail/dovecot/2019-November/117522.html - interimap: for the reason explained above, limit number of messages to 128 per APPEND command (only on servers advertising MULTIAPPEND, for other servers the number remains 1). - interimap: gracefully ignore messages with a NIL RFC822 attribute. - pullimap: treat messages with a NIL RFC822 attribute as empty. - pullimap: fix mangling of data lines starting with a dot (when an RFC 5322 line starts with a '.', double it). -- Guilhem Moulin Sat, 14 Dec 2019 18:42:25 +0100 interimap (0.4) upstream; * pullimap: replace non RFC 5321-compliant envelope sender addresses (received by the IMAP FETCH ENVELOPE command) with the null address <>. * pullimap, interimap: take configuration filename (default: "config") relative to $XDG_CONFIG_HOME/$NAME (or ~/.config/$NAME), to comply with the XDG specification. Thus the previous default config file $XDG_CONFIG_HOME/$NAME should become $XDG_CONFIG_HOME/$NAME/config. * Library: add support for TLSv1.3 (on recent enough Net::SSLeay), and change "SSL_protocols" default value from "!SSLv2 !SSLv3" to "!SSLv2 !SSLv3 !TLSv1 !TLSv1.1". + Library: new API idle_start() and idle_stop(). + Add support for untagged ESEARCH responses from RFC 4731. + pullimap: Use extended SEARCH commands (RFC 4731) if supported by the server to search old mail and EXPUNGE them. + pullimap, interimap: don't autocreate statefile or database in long-lived mode (when --watch or --idle is set). Instead, an error is raised if the statefile or database doesn't exist. - Ensure the lower bound of UID ranges is at least 1. - Fix manpage generation with pandoc >=2.1. - Specify minimum Perl and Net::SSLeay versions. - interimap.service: use --watch=60 rather than --notify, because dovecot's NOTIFY extension doesn't seem to work so well as of 2.2.27. -- Guilhem Moulin Sun, 20 Jan 2019 20:30:08 +0100 interimap (0.3) upstream; + New script 'pullimap', to pull mails from an IMAP mailbox and deliver them to an SMTP session. + Convert manpage format from groff to pandoc. + interimap: Add support for IMAP NOTIFY [RFC 5465]. + 'fingerprint' now only pins the cert's SPKI, not the cert itself (require Net::SSLeay >=1.73). - Fix byte count for compression streams. - Add an option 'SSL_protocols' to list SSL protocols to enable or disable. The default value, "!SSLv2 !SSLv3", enables only TLSv1 and above. - Ensure "inbox" is always used in upper-case internally. - Ensure the FD_CLOEXEC bit is 1 on sockets, logger and state files. - Try again if connect(2) was interrupted. - interimap: fix memory leak. - interimap: use SQLite's own locking mechanism (instead of rolling our own). - interimap: when resuming a sync, only consider UIDs greater than a known UIDNEXT. -- Guilhem Moulin Thu, 01 Dec 2016 14:37:50 +0100 interimap (0.2) upstream; * Add support for the IMAP COMPRESS extension [RFC4978]. By default enabled for the remote server, and disabled for the local server. * Add traffic statistics after closing the connection to the IMAP server. * Add a configuration option 'null-stderr=YES' to send STDERR to /dev/null for type=tunnel. * Exit with return value 0 when receiving a SIGTERM. * Add SSL options SINGLE_ECDH_USE, SINGLE_DH_USE, NO_SSLv2, NO_SSLv3 and NO_COMPRESSION to the compiled-in CTX options. * Use SSL_MODE_AUTO_RETRY to avoid SSL_read failures during a handshake. * Rename the 'SSL_verify_trusted_peer', 'SSL_ca_path', and 'SSL_cipher_list' options to 'SSL_CApath', 'SSL_verify' and 'SSL_cipherlist', respectively. * Add an option 'SSL_CAfile' to specify a file containing trusted certificates to use during server certificate authentication. * Replace IO::Socket::SSL dependency by the lower level Net::SSLeay. * Accept non-fully qualified commands. * Replace IO::Socket::INET dependency by the lower lever Socket to enable IPv6. (Both are core Perl module.) * Add a configuration option 'proxy' to proxy TCP connections to the IMAP server. * Set X.509 certificate purpose to 'SSL Server' for SSL_verify=YES. * Display the certificate chain, SSL protocol and cipher in debug mode. * Bug fix: don't delete the lockfile if another instance of interimap is running. * Display source UIDs upon APPEND. Previously only target UIDs where displayed in non-debug mode. -- Guilhem Moulin Wed, 09 Sep 2015 00:44:35 +0200 interimap (0.1) upstream; * Initial public release. Development was started in July 2015. -- Guilhem Moulin Mon, 07 Sep 2015 17:14:42 +0200