1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
|
interimap (0.5.5) upstream;
* libinterimap: remove default SSL_protocols value "!SSLv2 !SSLv3
!TLSv1 !TLSv1.1" and use the system default instead. As of Debian
Buster (OpenSSL 1.1.1) this does not make a difference, however using
the system default provides better compatibility with future libssl
versions.
* libinterimap: deprecate SSL_protocols, obsoleted by new settings
SSL_protocol_{min,max}. Using the libssl interface simplifies our
protocol black/whitelist greatly; this only allows simple min/max
bounds, but holes are arguably not very useful here. Using the new
settings bumps the required libssl version to 1.1.0.
+ `make release`: also bump libinterimap version and pin it in 'use'
declarations.
+ Make error messages more uniform and consistent.
- libinterimap: make $OPENSSL_VERSION global.
- libinterimap: use Net::SSLeay::get_version() to get the protocol
version string.
- test suite: `mv tests/snippets tests/config`
- test suite: supply our own OpenSSL configuration file with
MinProtocol=None so we can test TLSv1 as well, not just TLSv1.2 and
later.
- test suite: explicitly set ssl_min_protocol=TLSv1 in the Dovecot
configuration file (the default as of 2.3.11.3), hence running TLS
tests now require Dovecot 2.3 or later.
- documentation: simplify SSL options in the sample configuration files.
- README: suggest 'restrict,command="/usr/bin/doveadm exec imap"' as
authorized_keys(5) options.
- README: suggest ControlPath=$XDG_RUNTIME_DIR/ssh-imap-%C for the SSH
transport (note that variable expansion is only available in OpenSSH
8.4 and later).
-- Guilhem Moulin <guilhem@fripost.org> Fri, 11 Dec 2020 14:55:53 +0100
interimap (0.5.4) upstream;
* libinterimap: make SSL_verify also checks that the certificate
Subject Alternative Name (SAN) or Subject CommonName (CN) matches the
hostname or IP literal specified by the 'host' option. Previously it
was only checking the chain of trust. This bumps the minimum
Net::SSLeay version to 1.83 and OpenSSL version to 1.0.2 (when
SSL_verify is used).
* libinterimap: add support for the TLS SNI (Server Name Indication)
extension, controlled by the new 'SSL_hostname' option. The default
value of that option is the value of the 'host' option when it is
hostname, and the empty string (which disables SNI) when it is an IP
literal.
+ libinterimap: show the matching pinned SPKI in --debug mode.
+ test suite: always generate new certificates on `make test`.
+ test suite: sign all test certificates with the same root CA.
+ libinterimap: factor out hostname/IP parsing.
+ document that enclosing 'host' value in square brackets forces its
interpretation as an IP literal (hence skips name resolution).
+ Makefile: new 'release' target; also, change the tag format from
upstream/$VERSION to v$VERSION.
- documentation: replace example.org with example.net for consistency.
- rename 'debian' branch to 'debian/latest' for DEP-14 compliance.
-- Guilhem Moulin <guilhem@fripost.org> Fri, 11 Dec 2020 11:21:17 +0100
interimap (0.5.3) upstream;
* libinterimap: SSL_fingerprint now supports a space-separated list of
digests to pin, and succeeds if, and only if, the peer certificate
SPKI matches one of the pinned digest values. Specifying multiple
digest values can key useful in key rollover scenarios and/or when
the server supports certificates of different types (for instance
RSA+ECDSA).
- libinterimap: 'null-stderr' is now ignored when the 'debug' flag is
set (the standard error is never sent to /dev/null).
- test suite: use a RSA certificate rather than ECDSA.
- test suite: new test with a server offering both RSA+ECDSA
certificates. This test requires dovecot-imapd 2.2.31 or later.
-- Guilhem Moulin <guilhem@fripost.org> Wed, 09 Dec 2020 15:32:01 +0100
interimap (0.5.2) upstream;
- Makefile: remove 'smart' extension from pandoc call to generate
manuals (it's no longer supported by pandoc 2.9 which generates \[lq]
and \[rq] in the groff output anyway).
- libinterimap: fix response injection vulnerability after STARTTLS.
For background see https://gitlab.com/muttmua/mutt/-/issues/248 .
- libinterimap: abort on PREAUTH greeting received on plaintext
connections (set "STARTTLS = NO" to ignore). This is similar to
CVE-2020-12398 and CVE-2020-14093.
* libinterimap: fail when a capability to ENABLE is missing from the
server's CAPABILITY listing.
-- Guilhem Moulin <guilhem@fripost.org> Mon, 03 Aug 2020 20:50:41 +0200
interimap (0.5.1) upstream;
+ pullimap: also compare RFC 5322 date and envelope information in
mailbox comparison tests.
+ interimap, pullimap: remove `use lib` statement.
* Makefile: major refactoring, add install and uninstall targets, honor
BUILD_DOCDIR and DESTDIR variables.
-- Guilhem Moulin <guilhem@fripost.org> Thu, 02 Jul 2020 00:15:03 +0200
interimap (0.5) upstream;
Breaking changes:
* interimap: when matching mailbox names against the 'ignore-mailbox'
pattern, the hierarchy delimiter is substituted with a null character
before hand. For instance one should now use '^virtual(?:\x00|$)' to
exclude the mailbox named 'virtual' as well as its descendants
(regardless of the hierarchy delimiter in use).
Other changes:
* interimap: the space-separated list of names and/or patterns in
'list-mailbox' can now contain C-style escape sequences (backslash
and hexadecimal escape).
* interimap: fail when two non-INBOX LIST replies return different
separators. This never happens for a single LIST command, but may
happen if mailboxes from different namespaces are being listed. The
workaround here is to run a new interimap instance for each
namespace.
* libinterimap: in tunnel mode, use a socket pair rather than two pipes
for IPC between the interimap and the IMAP server. Also, use
SOCK_CLOEXEC to save an fcntl() call when setting the close-on-exec
flag on the socket.
* interimap: new option 'list-reference' to specify a reference name.
This is useful for synchronizing multiple remote servers against
different namespaces belonging to the same local IMAP server (using a
different InterIMAP instance for each local namespace <-> remote
synchronization, for instance with the newly provided systemd
template unit file).
* Add a test-suite. (Requires dovecot-imapd, pkill(1) and xxd(1).)
* Completely refactor the documentation. In particular, move manpages
to a new 'doc' directory, and generate HTML documentation with `make
html`.
+ interimap: write which --target to use in --delete command
suggestions.
+ interimap: avoid caching hierarchy delimiters forever in the
database. Instead, use null characters internally, and substitute
them with the local and remote hierarchy delimiters (which thus no
longer need to match) for IMAP commands. This require a database
schema upgrade to alter the mailbox name column type from TEXT to
BLOB.
+ interimap: use the 'user_version' SQLite PRAGMA for database schema
version.
+ interimap, pullimap: in the manpage, clarify that the tunnel command
is run following Perl's `exec` semantics: it is passed to `/bin/sh -c`
when it contains shell metacharacters; and split into words and passed
to execvp(3) otherwise.
+ interimap, pullimap: redact AUTHENTICATE and LOGIN commands in
--debug mode in order to avoid inadvertently receiving credentials in
bug reports. --debug can be set twice to spell out these commands in
full.
+ interimap: new option 'log-prefix' to control the prefix of each log
entry, depending on the component name and relevant mailbox.
+ interimap: raise SELECT sample range size from 64 to 256 bytes.
- libinterimap: bugfix: hierarchy delimiters in LIST responses were
returned as an escaped quoted special, like "\\", not as a single
character (backslash in this case).
- libinterimap: the parser choked on responses with non-quoted/literal
astring containing ']' characters. And LIST responses with
non-quoted/literal list-mailbox names containing '%', '*' or ']'
characters.
- libinterimap: quote() the empty string as "" instead of a 0-length
literal. (This saves 3 bytes + one round-trip on servers not
supporting non-synchronizing literals, and 4 bytes otherwise.)
- interimap: unlike what the documentation said, spaces where not
allowed in the 'list-select-opts' configuration option, so at maximum
one selector could be used for the initial LIST command.
- interimap: unlike what the documentation said, 'ignore-mailbox' was
not ignored when names were specified as command line arguments.
- interimap: accept comma-separated values for --target.
- interimap: --rename of a \NonExistent mailbox didn't trigger a RENAME
command on the local/remote IMAP servers, nor an update of the
'mailboxes' table.
- interimap: don't try to delete \NoSelect mailboxes (it's an error per
RFC 3501 sec. 6.3.4).
- interimap: SQLite were not enforcing foreign key constraints (setting
the 'foreign_keys' PRAGMA during a transaction is a documented no-op).
- interimap: fix handling of mod-sequence values greater or equal than
2 << 63.
- libinterimap: use directories relative to $HOME for the XDG
environment variables default values. Previously getpwuid() was
called to determine the user's home directory, while the XDG
specification explicitly mentions $HOME. Conveniently our docs
always mentioned ~/, which on POSIX-compliant systems expands to the
value of the variable HOME. (Cf. Shell and Utilities volume of
POSIX.1-2017, sec. 2.6.1.)
- libinterimap: don't panic() when inflate() reports the end of the
compression stream is reached.
- libinterimap: the 'compress' boolean wasn't honored.
- libinterimap: fix STARTTLS directive, broken since 0.2.
- libinterimap: push_flag_updates(): the UNCHANGEDSINCE test from
the CONDSTORE extension was incorrectly placed after the flag list in
UID STORE commands.
- libinterimap: push_flag_updates(): ignore UIDs for which no untagged
FETCH response was received.
- libinterimap: push_flag_updates(): don't ignores received updates (by
another client) to a superset of the desired flag list.
- libinterimap: avoid sending large UID EXPUNGE|FETCH|STORE commands as
they might exceed the server's max acceptable command size; these
commands are now split into multiple (sequential) commands when their
set representation exceeds 4096 bytes in size. Performance could be
improved by pipelining but given the scope of this software
(synchronization) it's unlikely to make any difference in practice.
This is a also a workaround for a bug in Dovecot 2.3.4:
https://dovecot.org/pipermail/dovecot/2019-November/117522.html
- interimap: for the reason explained above, limit number of messages
to 128 per APPEND command (only on servers advertising MULTIAPPEND,
for other servers the number remains 1).
- interimap: gracefully ignore messages with a NIL RFC822 attribute.
- pullimap: treat messages with a NIL RFC822 attribute as empty.
- pullimap: fix mangling of data lines starting with a dot (when an RFC
5322 line starts with a '.', double it).
-- Guilhem Moulin <guilhem@fripost.org> Sat, 14 Dec 2019 18:42:25 +0100
interimap (0.4) upstream;
* pullimap: replace non RFC 5321-compliant envelope sender addresses
(received by the IMAP FETCH ENVELOPE command) with the null address
<>.
* pullimap, interimap: take configuration filename (default: "config")
relative to $XDG_CONFIG_HOME/$NAME (or ~/.config/$NAME), to comply
with the XDG specification. Thus the previous default config file
$XDG_CONFIG_HOME/$NAME should become $XDG_CONFIG_HOME/$NAME/config.
* Library: add support for TLSv1.3 (on recent enough Net::SSLeay), and
change "SSL_protocols" default value from "!SSLv2 !SSLv3" to "!SSLv2
!SSLv3 !TLSv1 !TLSv1.1".
+ Library: new API idle_start() and idle_stop().
+ Add support for untagged ESEARCH responses from RFC 4731.
+ pullimap: Use extended SEARCH commands (RFC 4731) if supported by
the server to search old mail and EXPUNGE them.
+ pullimap, interimap: don't autocreate statefile or database in
long-lived mode (when --watch or --idle is set). Instead, an error
is raised if the statefile or database doesn't exist.
- Ensure the lower bound of UID ranges is at least 1.
- Fix manpage generation with pandoc >=2.1.
- Specify minimum Perl and Net::SSLeay versions.
- interimap.service: use --watch=60 rather than --notify, because
dovecot's NOTIFY extension doesn't seem to work so well as of 2.2.27.
-- Guilhem Moulin <guilhem@fripost.org> Sun, 20 Jan 2019 20:30:08 +0100
interimap (0.3) upstream;
+ New script 'pullimap', to pull mails from an IMAP mailbox and
deliver them to an SMTP session.
+ Convert manpage format from groff to pandoc.
+ interimap: Add support for IMAP NOTIFY [RFC 5465].
+ 'fingerprint' now only pins the cert's SPKI, not the cert itself
(require Net::SSLeay >=1.73).
- Fix byte count for compression streams.
- Add an option 'SSL_protocols' to list SSL protocols to enable or
disable. The default value, "!SSLv2 !SSLv3", enables only TLSv1
and above.
- Ensure "inbox" is always used in upper-case internally.
- Ensure the FD_CLOEXEC bit is 1 on sockets, logger and state files.
- Try again if connect(2) was interrupted.
- interimap: fix memory leak.
- interimap: use SQLite's own locking mechanism (instead of rolling
our own).
- interimap: when resuming a sync, only consider UIDs greater than a
known UIDNEXT.
-- Guilhem Moulin <guilhem@fripost.org> Thu, 01 Dec 2016 14:37:50 +0100
interimap (0.2) upstream;
* Add support for the IMAP COMPRESS extension [RFC4978]. By default
enabled for the remote server, and disabled for the local server.
* Add traffic statistics after closing the connection to the IMAP
server.
* Add a configuration option 'null-stderr=YES' to send STDERR to
/dev/null for type=tunnel.
* Exit with return value 0 when receiving a SIGTERM.
* Add SSL options SINGLE_ECDH_USE, SINGLE_DH_USE, NO_SSLv2, NO_SSLv3
and NO_COMPRESSION to the compiled-in CTX options.
* Use SSL_MODE_AUTO_RETRY to avoid SSL_read failures during a
handshake.
* Rename the 'SSL_verify_trusted_peer', 'SSL_ca_path', and
'SSL_cipher_list' options to 'SSL_CApath', 'SSL_verify' and
'SSL_cipherlist', respectively.
* Add an option 'SSL_CAfile' to specify a file containing trusted
certificates to use during server certificate authentication.
* Replace IO::Socket::SSL dependency by the lower level Net::SSLeay.
* Accept non-fully qualified commands.
* Replace IO::Socket::INET dependency by the lower lever Socket to enable
IPv6. (Both are core Perl module.)
* Add a configuration option 'proxy' to proxy TCP connections to the
IMAP server.
* Set X.509 certificate purpose to 'SSL Server' for SSL_verify=YES.
* Display the certificate chain, SSL protocol and cipher in debug
mode.
* Bug fix: don't delete the lockfile if another instance of interimap
is running.
* Display source UIDs upon APPEND. Previously only target UIDs where
displayed in non-debug mode.
-- Guilhem Moulin <guilhem@fripost.org> Wed, 09 Sep 2015 00:44:35 +0200
interimap (0.1) upstream;
* Initial public release. Development was started in July 2015.
-- Guilhem Moulin <guilhem@fripost.org> Mon, 07 Sep 2015 17:14:42 +0200
|