aboutsummaryrefslogtreecommitdiffstats
path: root/Changelog
blob: 2fbdf36bb556ff914a6e3d89729f57f167d2647a (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
interimap (0.5.5) upstream;

 * libinterimap: remove default SSL_protocols value "!SSLv2 !SSLv3
   !TLSv1 !TLSv1.1" and use the system default instead.  As of Debian
   Buster (OpenSSL 1.1.1) this does not make a difference, however using
   the system default provides better compatibility with future libssl
   versions.
 * libinterimap: deprecate SSL_protocols, obsoleted by new settings
   SSL_protocol_{min,max}.  Using the libssl interface simplifies our
   protocol black/whitelist greatly; this only allows simple min/max
   bounds, but holes are arguably not very useful here.  Using the new
   settings bumps the required libssl version to 1.1.0.
 * libinterimap: use default locations for trusted CA certificates when
   neither CAfile nor CApath are set.  In particular, OpenSSL's default
   locations can be overridden by the SSL_CERT_FILE resp. SSL_CERT_DIR
   environment variables, see SSL_CTX_load_verify_locations(3ssl).
   This bumps the minimum OpenSSL version to 1.1.0 (when SSL_verify is
   used).
 + `make release`: also bump libinterimap version and pin it in 'use'
   declarations.
 + Make error messages more uniform and consistent.
 - libinterimap: make $OPENSSL_VERSION global.
 - libinterimap: use Net::SSLeay::get_version() to get the protocol
   version string.
 - test suite: `mv tests/snippets tests/config`
 - test suite: supply our own OpenSSL configuration file with
   MinProtocol=None so we can test TLSv1 as well, not just TLSv1.2 and
   later.
 - test suite: explicitly set ssl_min_protocol=TLSv1 in the Dovecot
   configuration file (the default as of 2.3.11.3), hence running TLS
   tests now require Dovecot 2.3 or later.
 - documentation: simplify SSL options in the sample configuration files.
 - README: suggest 'restrict,command="/usr/bin/doveadm exec imap"' as
   authorized_keys(5) options.
 - README: suggest ControlPath=$XDG_RUNTIME_DIR/ssh-imap-%C for the SSH
   transport (note that variable expansion is only available in OpenSSH
   8.4 and later).
 - test suite: ensure we haven't started speaking IMAP when the SSL/TLS
   handshake is aborted (unless STARTTLS is used to upgrade to
   connection).

 -- Guilhem Moulin <guilhem@fripost.org>  Fri, 11 Dec 2020 14:55:53 +0100

interimap (0.5.4) upstream;

 * libinterimap: make SSL_verify also checks that the certificate
   Subject Alternative Name (SAN) or Subject CommonName (CN) matches the
   hostname or IP literal specified by the 'host' option.  Previously it
   was only checking the chain of trust.  This bumps the minimum
   Net::SSLeay version to 1.83 and OpenSSL version to 1.0.2 (when
   SSL_verify is used).
 * libinterimap: add support for the TLS SNI (Server Name Indication)
   extension, controlled by the new 'SSL_hostname' option.  The default
   value of that option is the value of the 'host' option when it is
   hostname, and the empty string (which disables SNI) when it is an IP
   literal.
 + libinterimap: show the matching pinned SPKI in --debug mode.
 + test suite: always generate new certificates on `make test`.
 + test suite: sign all test certificates with the same root CA.
 + libinterimap: factor out hostname/IP parsing.
 + document that enclosing 'host' value in square brackets forces its
   interpretation as an IP literal (hence skips name resolution).
 + Makefile: new 'release' target; also, change the tag format from
   upstream/$VERSION to v$VERSION.
 - documentation: replace example.org with example.net for consistency.
 - rename 'debian' branch to 'debian/latest' for DEP-14 compliance.

 -- Guilhem Moulin <guilhem@fripost.org>  Fri, 11 Dec 2020 11:21:17 +0100

interimap (0.5.3) upstream;

 * libinterimap: SSL_fingerprint now supports a space-separated list of
   digests to pin, and succeeds if, and only if, the peer certificate
   SPKI matches one of the pinned digest values.  Specifying multiple
   digest values can key useful in key rollover scenarios and/or when
   the server supports certificates of different types (for instance
   RSA+ECDSA).
 - libinterimap: 'null-stderr' is now ignored when the 'debug' flag is
    set (the standard error is never sent to /dev/null).
 - test suite: use a RSA certificate rather than ECDSA.
 - test suite: new test with a server offering both RSA+ECDSA
   certificates.  This test requires dovecot-imapd 2.2.31 or later.

 -- Guilhem Moulin <guilhem@fripost.org>  Wed, 09 Dec 2020 15:32:01 +0100

interimap (0.5.2) upstream;

 - Makefile: remove 'smart' extension from pandoc call to generate
   manuals (it's no longer supported by pandoc 2.9 which generates \[lq]
   and \[rq] in the groff output anyway).
 - libinterimap: fix response injection vulnerability after STARTTLS.
   For background see https://gitlab.com/muttmua/mutt/-/issues/248 .
 - libinterimap: abort on PREAUTH greeting received on plaintext
   connections (set "STARTTLS = NO" to ignore).  This is similar to
   CVE-2020-12398 and CVE-2020-14093.
 * libinterimap: fail when a capability to ENABLE is missing from the
   server's CAPABILITY listing.

 -- Guilhem Moulin <guilhem@fripost.org>  Mon, 03 Aug 2020 20:50:41 +0200

interimap (0.5.1) upstream;

 + pullimap: also compare RFC 5322 date and envelope information in
   mailbox comparison tests.
 + interimap, pullimap: remove `use lib` statement.
 * Makefile: major refactoring, add install and uninstall targets, honor
   BUILD_DOCDIR and DESTDIR variables.

 -- Guilhem Moulin <guilhem@fripost.org>  Thu, 02 Jul 2020 00:15:03 +0200

interimap (0.5) upstream;

 Breaking changes:
 * interimap: when matching mailbox names against the 'ignore-mailbox'
   pattern, the hierarchy delimiter is substituted with a null character
   before hand.  For instance one should now use '^virtual(?:\x00|$)' to
   exclude the mailbox named 'virtual' as well as its descendants
   (regardless of the hierarchy delimiter in use).

 Other changes:
 * interimap: the space-separated list of names and/or patterns in
   'list-mailbox' can now contain C-style escape sequences (backslash
   and hexadecimal escape).
 * interimap: fail when two non-INBOX LIST replies return different
   separators.  This never happens for a single LIST command, but may
   happen if mailboxes from different namespaces are being listed.  The
   workaround here is to run a new interimap instance for each
   namespace.
 * libinterimap: in tunnel mode, use a socket pair rather than two pipes
   for IPC between the interimap and the IMAP server.  Also, use
   SOCK_CLOEXEC to save an fcntl() call when setting the close-on-exec
   flag on the socket.
 * interimap: new option 'list-reference' to specify a reference name.
   This is useful for synchronizing multiple remote servers against
   different namespaces belonging to the same local IMAP server (using a
   different InterIMAP instance for each local namespace <-> remote
   synchronization, for instance with the newly provided systemd
   template unit file).
 * Add a test-suite.  (Requires dovecot-imapd, pkill(1) and xxd(1).)
 * Completely refactor the documentation.  In particular, move manpages
   to a new 'doc' directory, and generate HTML documentation  with `make
   html`.
 + interimap: write which --target to use in --delete command
   suggestions.
 + interimap: avoid caching hierarchy delimiters forever in the
   database.  Instead, use null characters internally, and substitute
   them with the local and remote hierarchy delimiters (which thus no
   longer need to match) for IMAP commands.  This require a database
   schema upgrade to alter the mailbox name column type from TEXT to
   BLOB.
 + interimap: use the 'user_version' SQLite PRAGMA for database schema
   version.
 + interimap, pullimap: in the manpage, clarify that the tunnel command
   is run following Perl's `exec` semantics: it is passed to `/bin/sh -c`
   when it contains shell metacharacters; and split into words and passed
   to execvp(3) otherwise.
 + interimap, pullimap: redact AUTHENTICATE and LOGIN commands in
   --debug mode in order to avoid inadvertently receiving credentials in
   bug reports.  --debug can be set twice to spell out these commands in
   full.
 + interimap: new option 'log-prefix' to control the prefix of each log
   entry, depending on the component name and relevant mailbox.
 + interimap: raise SELECT sample range size from 64 to 256 bytes.
 - libinterimap: bugfix: hierarchy delimiters in LIST responses were
   returned as an escaped quoted special, like "\\", not as a single
   character (backslash in this case).
 - libinterimap: the parser choked on responses with non-quoted/literal
   astring containing ']' characters.  And LIST responses with
   non-quoted/literal list-mailbox names containing '%', '*' or ']'
   characters.
 - libinterimap: quote() the empty string as "" instead of a 0-length
   literal.  (This saves 3 bytes + one round-trip on servers not
   supporting non-synchronizing literals, and 4 bytes otherwise.)
 - interimap: unlike what the documentation said, spaces where not
   allowed in the 'list-select-opts' configuration option, so at maximum
   one selector could be used for the initial LIST command.
 - interimap: unlike what the documentation said, 'ignore-mailbox' was
   not ignored when names were specified as command line arguments.
 - interimap: accept comma-separated values for --target.
 - interimap: --rename of a \NonExistent mailbox didn't trigger a RENAME
   command on the local/remote IMAP servers, nor an update of the
   'mailboxes' table.
 - interimap: don't try to delete \NoSelect mailboxes (it's an error per
   RFC 3501 sec. 6.3.4).
 - interimap: SQLite were not enforcing foreign key constraints (setting
   the 'foreign_keys' PRAGMA during a transaction is a documented no-op).
 - interimap: fix handling of mod-sequence values greater or equal than
   2 << 63.
 - libinterimap: use directories relative to $HOME for the XDG
   environment variables default values.  Previously getpwuid() was
   called to determine the user's home directory, while the XDG
   specification explicitly mentions $HOME.  Conveniently our docs
   always mentioned ~/, which on POSIX-compliant systems expands to the
   value of the variable HOME.  (Cf. Shell and Utilities volume of
   POSIX.1-2017, sec. 2.6.1.)
 - libinterimap: don't panic() when inflate() reports the end of the
   compression stream is reached.
 - libinterimap: the 'compress' boolean wasn't honored.
 - libinterimap: fix STARTTLS directive, broken since 0.2.
 - libinterimap: push_flag_updates(): the UNCHANGEDSINCE test from
   the CONDSTORE extension was incorrectly placed after the flag list in
   UID STORE commands.
 - libinterimap: push_flag_updates(): ignore UIDs for which no untagged
   FETCH response was received.
 - libinterimap: push_flag_updates(): don't ignores received updates (by
   another client) to a superset of the desired flag list.
 - libinterimap: avoid sending large UID EXPUNGE|FETCH|STORE commands as
   they might exceed the server's max acceptable command size; these
   commands are now split into multiple (sequential) commands when their
   set representation exceeds 4096 bytes in size.  Performance could be
   improved by pipelining but given the scope of this software
   (synchronization) it's unlikely to make any difference in practice.
   This is a also a workaround for a bug in Dovecot 2.3.4:
   https://dovecot.org/pipermail/dovecot/2019-November/117522.html
 - interimap: for the reason explained above, limit number of messages
   to 128 per APPEND command (only on servers advertising MULTIAPPEND,
   for other servers the number remains 1).
 - interimap: gracefully ignore messages with a NIL RFC822 attribute.
 - pullimap: treat messages with a NIL RFC822 attribute as empty.
 - pullimap: fix mangling of data lines starting with a dot (when an RFC
   5322 line starts with a '.', double it).

 -- Guilhem Moulin <guilhem@fripost.org>  Sat, 14 Dec 2019 18:42:25 +0100

interimap (0.4) upstream;

  * pullimap: replace non RFC 5321-compliant envelope sender addresses
    (received by the IMAP FETCH ENVELOPE command) with the null address
    <>.
  * pullimap, interimap: take configuration filename (default: "config")
    relative to $XDG_CONFIG_HOME/$NAME (or ~/.config/$NAME), to comply
    with the XDG specification.  Thus the previous default config file
    $XDG_CONFIG_HOME/$NAME should become $XDG_CONFIG_HOME/$NAME/config.
  * Library: add support for TLSv1.3 (on recent enough Net::SSLeay), and
    change "SSL_protocols" default value from "!SSLv2 !SSLv3" to "!SSLv2
    !SSLv3 !TLSv1 !TLSv1.1".
  + Library: new API idle_start() and idle_stop().
  + Add support for untagged ESEARCH responses from RFC 4731.
  + pullimap: Use extended SEARCH commands (RFC 4731) if supported by
    the server to search old mail and EXPUNGE them.
  + pullimap, interimap: don't autocreate statefile or database in
    long-lived mode (when --watch or --idle is set).  Instead, an error
    is raised if the statefile or database doesn't exist.
  - Ensure the lower bound of UID ranges is at least 1.
  - Fix manpage generation with pandoc >=2.1.
  - Specify minimum Perl and Net::SSLeay versions.
  - interimap.service: use --watch=60 rather than --notify, because
    dovecot's NOTIFY extension doesn't seem to work so well as of 2.2.27.

 -- Guilhem Moulin <guilhem@fripost.org>  Sun, 20 Jan 2019 20:30:08 +0100

interimap (0.3) upstream;

  + New script 'pullimap', to pull mails from an IMAP mailbox and
    deliver them to an SMTP session.
  + Convert manpage format from groff to pandoc.
  + interimap: Add support for IMAP NOTIFY [RFC 5465].
  + 'fingerprint' now only pins the cert's SPKI, not the cert itself
    (require Net::SSLeay >=1.73).
  - Fix byte count for compression streams.
  - Add an option 'SSL_protocols' to list SSL protocols to enable or
    disable.  The default value, "!SSLv2 !SSLv3", enables only TLSv1
    and above.
  - Ensure "inbox" is always used in upper-case internally.
  - Ensure the FD_CLOEXEC bit is 1 on sockets, logger and state files.
  - Try again if connect(2) was interrupted.
  - interimap: fix memory leak.
  - interimap: use SQLite's own locking mechanism (instead of rolling
    our own).
  - interimap: when resuming a sync, only consider UIDs greater than a
    known UIDNEXT.

 -- Guilhem Moulin <guilhem@fripost.org>  Thu, 01 Dec 2016 14:37:50 +0100

interimap (0.2) upstream;

  * Add support for the IMAP COMPRESS extension [RFC4978].  By default
    enabled for the remote server, and disabled for the local server.
  * Add traffic statistics after closing the connection to the IMAP
    server.
  * Add a configuration option 'null-stderr=YES' to send STDERR to
    /dev/null for type=tunnel.
  * Exit with return value 0 when receiving a SIGTERM.
  * Add SSL options SINGLE_ECDH_USE, SINGLE_DH_USE, NO_SSLv2, NO_SSLv3
    and NO_COMPRESSION to the compiled-in CTX options.
  * Use SSL_MODE_AUTO_RETRY to avoid SSL_read failures during a
    handshake.
  * Rename the 'SSL_verify_trusted_peer', 'SSL_ca_path', and
    'SSL_cipher_list' options to 'SSL_CApath', 'SSL_verify' and
    'SSL_cipherlist', respectively.
  * Add an option 'SSL_CAfile' to specify a file containing trusted
    certificates to use during server certificate authentication.
  * Replace IO::Socket::SSL dependency by the lower level Net::SSLeay.
  * Accept non-fully qualified commands.
  * Replace IO::Socket::INET dependency by the lower lever Socket to enable
    IPv6.  (Both are core Perl module.)
  * Add a configuration option 'proxy' to proxy TCP connections to the
    IMAP server.
  * Set X.509 certificate purpose to 'SSL Server' for SSL_verify=YES.
  * Display the certificate chain, SSL protocol and cipher in debug
    mode.
  * Bug fix: don't delete the lockfile if another instance of interimap
    is running.
  * Display source UIDs upon APPEND.  Previously only target UIDs where
    displayed in non-debug mode.

 -- Guilhem Moulin <guilhem@fripost.org>  Wed, 09 Sep 2015 00:44:35 +0200

interimap (0.1) upstream;

  * Initial public release.  Development was started in July 2015.

 -- Guilhem Moulin <guilhem@fripost.org>  Mon, 07 Sep 2015 17:14:42 +0200