Hello community, here is the log from the commit of package imapfilter for openSUSE:Factory checked in at 2013-08-04 16:49:57 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/imapfilter (Old) and /work/SRC/openSUSE:Factory/.imapfilter.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "imapfilter" Changes: -------- --- /work/SRC/openSUSE:Factory/imapfilter/imapfilter.changes 2013-04-22 14:07:10.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.imapfilter.new/imapfilter.changes 2013-08-04 16:49:59.000000000 +0200 @@ -1,0 +2,11 @@ +Mon Jul 15 15:39:19 UTC 2013 - a...@gmx.de + +- updated to IMAPFilter 2.5.5 - 8 Jun 2013 + - Work-around for some servers that send an unexpected APPEND response. + - The serial number of the certificates is taken into account, because some + servers send different certificates with the same subject and issuer. + - Details of the stored certificates are written to the certificates file, in + order to make it easier to distinguish each of them. + - Support for TLS versions 1.1 and 1.2 for secure connections. + +------------------------------------------------------------------- Old: ---- imapfilter-2.5.4.tar.gz New: ---- imapfilter-2.5.5.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ imapfilter.spec ++++++ --- /var/tmp/diff_new_pack.PYZN89/_old 2013-08-04 16:50:00.000000000 +0200 +++ /var/tmp/diff_new_pack.PYZN89/_new 2013-08-04 16:50:00.000000000 +0200 @@ -21,7 +21,7 @@ License: MIT Group: Productivity/Networking/Email/Utilities Url: https://github.com/lefcha/imapfilter -Version: 2.5.4 +Version: 2.5.5 Release: 0 Source: %{name}-%{version}.tar.gz BuildRoot: %{_tmppath}/%{name}-%{version}-build ++++++ imapfilter-2.5.4.tar.gz -> imapfilter-2.5.5.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/imapfilter-2.5.4/NEWS new/imapfilter-2.5.5/NEWS --- old/imapfilter-2.5.4/NEWS 2013-04-09 21:45:51.000000000 +0200 +++ new/imapfilter-2.5.5/NEWS 2013-06-08 11:25:04.000000000 +0200 @@ -1,3 +1,11 @@ +IMAPFilter 2.5.5 - 8 Jun 2013 + - Work-around for some servers that send an unexpected APPEND response. + - The serial number of the certificates is taken into account, because some + servers send different certificates with the same subject and issuer. + - Details of the stored certificates are written to the certificates file, in + order to make it easier to distinguish each of them. + - Support for TLS versions 1.1 and 1.2 for secure connections. + IMAPFilter 2.5.4 - 9 Apr 2013 - Some server responses are now parsed less stricly. - More detailed information is now printed when there's an error. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/imapfilter-2.5.4/doc/imapfilter.1 new/imapfilter-2.5.5/doc/imapfilter.1 --- old/imapfilter-2.5.4/doc/imapfilter.1 2013-04-09 21:45:51.000000000 +0200 +++ new/imapfilter-2.5.5/doc/imapfilter.1 2013-06-08 11:25:04.000000000 +0200 @@ -1,4 +1,4 @@ -.Dd February 19, 2011 +.Dd May 20, 2013 .Dt IMAPFILTER 1 .Os .Sh NAME @@ -48,6 +48,9 @@ .Bl -tag -width Ds .It Ev HOME User's home directory. +.It Ev IMAPFILTER_HOME +Program's configuration directory, which overrides the default +.Pa $HOME/.imapfilter/ . .El .Sh FILES .Bl -tag -width Ds diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/imapfilter-2.5.4/doc/imapfilter_config.5 new/imapfilter-2.5.5/doc/imapfilter_config.5 --- old/imapfilter-2.5.4/doc/imapfilter_config.5 2013-04-09 21:45:51.000000000 +0200 +++ new/imapfilter-2.5.5/doc/imapfilter_config.5 2013-06-08 11:25:04.000000000 +0200 @@ -1,4 +1,4 @@ -.Dd April 25, 2012 +.Dd May 20, 2013 .Dt IMAPFILTER_CONFIG 5 .Os .Sh NAME @@ -201,7 +201,7 @@ server = 'imap.mail.server', username = 'me', password = 'secret', - ssl = 'ssl3' + ssl = 'ssl23' } .Ed .Pp @@ -237,13 +237,15 @@ .Dq 993 for imaps. .It Va ssl -Forces an imaps connection and specifies the SSL/TLS protocol to be used. It -takes a +Forces an imaps connection and specifies the SSL/TLS protocol/version to be +used. It takes a .Vt string as a value, specifically one of: -.Dq ssl2 , .Dq ssl3 , -.Dq tls1 . +.Dq ssl23 , +.Dq tls1 , +.Dq tls1.1 , +.Dq tls1.2 . .El .Pp .Ss LISTING diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/imapfilter-2.5.4/samples/config.lua new/imapfilter-2.5.5/samples/config.lua --- old/imapfilter-2.5.4/samples/config.lua 2013-04-09 21:45:51.000000000 +0200 +++ new/imapfilter-2.5.5/samples/config.lua 2013-06-08 11:25:04.000000000 +0200 @@ -24,7 +24,7 @@ server = 'imap2.mail.server', username = 'user2', password = 'secret2', - ssl = 'ssl3', + ssl = 'ssl23', } -- Get a list of the available mailboxes and folders diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/imapfilter-2.5.4/src/cert.c new/imapfilter-2.5.5/src/cert.c --- old/imapfilter-2.5.4/src/cert.c 2013-04-09 21:45:51.000000000 +0200 +++ new/imapfilter-2.5.5/src/cert.c 2013-06-08 11:25:04.000000000 +0200 @@ -19,6 +19,7 @@ int check_cert(X509 *pcert, unsigned char *pmd, unsigned int *pmdlen); void print_cert(X509 *cert, unsigned char *md, unsigned int *mdlen); +char *get_serial(X509 *cert); int write_cert(X509 *cert); int mismatch_cert(void); @@ -100,7 +101,7 @@ while ((cert = PEM_read_X509(fd, &cert, NULL, NULL)) != NULL) { if (X509_subject_name_cmp(cert, pcert) != 0 || - X509_issuer_name_cmp(cert, pcert) != 0) + X509_issuer_and_serial_cmp(cert, pcert) != 0) continue; if (!X509_digest(cert, EVP_md5(), md, &mdlen) || @@ -129,15 +130,19 @@ print_cert(X509 *cert, unsigned char *md, unsigned int *mdlen) { unsigned int i; - char *c; + char *s; - c = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0); - printf("Server certificate subject: %s\n", c); - xfree(c); - - c = X509_NAME_oneline(X509_get_issuer_name(cert), NULL, 0); - printf("Server certificate issuer: %s\n", c); - xfree(c); + s = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0); + printf("Server certificate subject: %s\n", s); + xfree(s); + + s = X509_NAME_oneline(X509_get_issuer_name(cert), NULL, 0); + printf("Server certificate issuer: %s\n", s); + xfree(s); + + s = get_serial(cert); + printf("Server certificate serial: %s\n", s); + xfree(s); printf("Server key fingerprint: "); for (i = 0; i < *mdlen; i++) @@ -146,19 +151,56 @@ /* + * Extract certificate serial number as a string. + */ +char * +get_serial(X509 *cert) +{ + ASN1_INTEGER* serial; + char *buf; + long num; + int i; + size_t len; + + serial = X509_get_serialNumber(cert); + buf = xmalloc(LINE_MAX); + *buf = '\0'; + if (serial->length <= (int)sizeof(long)) { + num = ASN1_INTEGER_get(serial); + if (serial->type == V_ASN1_NEG_INTEGER) { + snprintf(buf, LINE_MAX, "-%lX", -num); + } else { + snprintf(buf, LINE_MAX, "%lX", num); + } + } else { + if (serial->type == V_ASN1_NEG_INTEGER) { + snprintf(buf, LINE_MAX, "-"); + } + for (i = 0; i < serial->length; i++) { + len = strlen(buf); + snprintf(buf + len, LINE_MAX - len, "%02X", + serial->data[i]); + } + } + return buf; +} + + +/* * Write the SSL/TLS certificate after asking the user to accept/reject it. */ int write_cert(X509 *cert) { FILE *fd; - char c, buf[64]; + char c, buf[LINE_MAX]; char *certf; + char *s; do { printf("(R)eject, accept (t)emporarily or " "accept (p)ermanently? "); - if (fgets(buf, sizeof(buf), stdin) == NULL) + if (fgets(buf, LINE_MAX, stdin) == NULL) return -1; c = tolower((int)(*buf)); } while (c != 'r' && c != 't' && c != 'p'); @@ -175,8 +217,19 @@ if (fd == NULL) return -1; + s = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0); + fprintf(fd, "Subject: %s\n", s); + xfree(s); + s = X509_NAME_oneline(X509_get_issuer_name(cert), NULL, 0); + fprintf(fd, "Issuer: %s\n", s); + xfree(s); + s = get_serial(cert); + fprintf(fd, "Serial: %s\n", s); + xfree(s); + PEM_write_X509(fd, cert); + fprintf(fd, "\n"); fclose(fd); return 0; @@ -190,12 +243,12 @@ int mismatch_cert(void) { - char c, buf[64]; + char c, buf[LINE_MAX]; do { printf("ATTENTION: SSL/TLS certificate fingerprint mismatch.\n" "Proceed with the connection (y/n)? "); - if (fgets(buf, sizeof(buf), stdin) == NULL) + if (fgets(buf, LINE_MAX, stdin) == NULL) return -1; c = tolower((int)(*buf)); } while (c != 'y' && c != 'n'); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/imapfilter-2.5.4/src/imapfilter.c new/imapfilter-2.5.5/src/imapfilter.c --- old/imapfilter-2.5.4/src/imapfilter.c 2013-04-09 21:45:51.000000000 +0200 +++ new/imapfilter-2.5.5/src/imapfilter.c 2013-06-08 11:25:04.000000000 +0200 @@ -21,6 +21,7 @@ extern buffer ibuf, obuf, nbuf, cbuf; extern regexp responses[]; +extern SSL_CTX *ssl3ctx, *ssl23ctx, *tls1ctx, *tls11ctx, *tls12ctx; options opts; /* Program options. */ environment env; /* Environment variables. */ @@ -100,6 +101,11 @@ SSL_library_init(); SSL_load_error_strings(); + ssl3ctx = SSL_CTX_new(SSLv3_client_method()); + ssl23ctx = SSL_CTX_new(SSLv23_client_method()); + tls1ctx = SSL_CTX_new(TLSv1_client_method()); + tls11ctx = SSL_CTX_new(TLSv1_1_client_method()); + tls12ctx = SSL_CTX_new(TLSv1_2_client_method()); start_lua(); #if LUA_VERSION_NUM < 502 @@ -118,6 +124,11 @@ #endif stop_lua(); + SSL_CTX_free(ssl3ctx); + SSL_CTX_free(ssl23ctx); + SSL_CTX_free(tls1ctx); + SSL_CTX_free(tls11ctx); + SSL_CTX_free(tls12ctx); ERR_free_strings(); regexp_free(responses); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/imapfilter-2.5.4/src/request.c new/imapfilter-2.5.5/src/request.c --- old/imapfilter-2.5.4/src/request.c 2013-04-09 21:45:51.000000000 +0200 +++ new/imapfilter-2.5.5/src/request.c 2013-06-08 11:25:04.000000000 +0200 @@ -167,9 +167,7 @@ ssn->username = user; ssn->password = pass; - if ((!strncasecmp(ssl, "tls1", 4) || - !strncasecmp(ssl, "ssl3", 4) || - !strncasecmp(ssl, "ssl2", 4))) + if (strlen(ssl) != 0) ssn->sslproto = ssl; } else { debug("recovering connection: %s://%s@%s:%s/%s\n", @@ -636,10 +634,14 @@ m = apply_namespace(mbox, ssn->ns.prefix, ssn->ns.delim); TRY(t = send_request(ssn, "APPEND \"%s\"%s%s%s%s%s%s {%d}", m, - (flags ? " (" : ""), (flags ? flags : ""), - (flags ? ")" : ""), (date ? " \"" : ""), - (date ? date : ""), (date ? "\"" : ""), mesglen)); + (flags ? " (" : ""), (flags ? flags : ""), + (flags ? ")" : ""), (date ? " \"" : ""), + (date ? date : ""), (date ? "\"" : ""), mesglen)); TRY(r = response_continuation(ssn, t)); + if (r == STATUS_CONTINUE) { + TRY(send_continuation(ssn, mesg, mesglen)); + TRY(r = response_generic(ssn, t)); + } if (r == STATUS_TRYCREATE) { TRY(t = send_request(ssn, "CREATE \"%s\"", m)); @@ -649,15 +651,14 @@ TRY(response_generic(ssn, t)); } TRY(t = send_request(ssn, "APPEND \"%s\"%s%s%s%s%s%s {%d}", m, - (flags ? " (" : ""), (flags ? flags : ""), - (flags ? ")" : ""), (date ? " \"" : ""), - (date ? date : ""), (date ? "\"" : ""), mesglen)); + (flags ? " (" : ""), (flags ? flags : ""), + (flags ? ")" : ""), (date ? " \"" : ""), + (date ? date : ""), (date ? "\"" : ""), mesglen)); TRY(r = response_continuation(ssn, t)); - } - - if (r == STATUS_CONTINUE) { - TRY(send_continuation(ssn, mesg, mesglen)); - TRY(r = response_generic(ssn, t)); + if (r == STATUS_CONTINUE) { + TRY(send_continuation(ssn, mesg, mesglen)); + TRY(r = response_generic(ssn, t)); + } } return r; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/imapfilter-2.5.4/src/socket.c new/imapfilter-2.5.5/src/socket.c --- old/imapfilter-2.5.4/src/socket.c 2013-04-09 21:45:51.000000000 +0200 +++ new/imapfilter-2.5.5/src/socket.c 2013-06-08 11:25:04.000000000 +0200 @@ -17,6 +17,9 @@ #include "session.h" +SSL_CTX *ssl3ctx, *ssl23ctx, *tls1ctx, *tls11ctx, *tls12ctx; + + /* * Connect to mail server. */ @@ -85,22 +88,20 @@ { int r, e; SSL_CTX *ctx; -#if OPENSSL_VERSION_NUMBER >= 0x1000000fL - const SSL_METHOD *method; -#else - SSL_METHOD *method; -#endif - - method = NULL; - - if (ssn->sslproto && (!strncasecmp(ssn->sslproto, "ssl3", 4) || - !strncasecmp(ssn->sslproto, "ssl2", 4))) - method = SSLv23_client_method(); - else - method = TLSv1_client_method(); - if (!(ctx = SSL_CTX_new(method))) - goto fail; + if (!ssn->sslproto) { + ctx = ssl23ctx; + } else if (!strcasecmp(ssn->sslproto, "ssl3")) { + ctx = ssl3ctx; + } else if (!strcasecmp(ssn->sslproto, "tls1")) { + ctx = tls1ctx; + } else if (!strcasecmp(ssn->sslproto, "tls1.1")) { + ctx = tls11ctx; + } else if (!strcasecmp(ssn->sslproto, "tls1.2")) { + ctx = tls12ctx; + } else { + ctx = ssl23ctx; + } if (!(ssn->sslconn = SSL_new(ctx))) goto fail; @@ -148,13 +149,10 @@ if (get_option_boolean("certificates") && get_cert(ssn) == -1) goto fail; - SSL_CTX_free(ctx); - return 0; fail: ssn->sslconn = NULL; - SSL_CTX_free(ctx); return -1; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/imapfilter-2.5.4/src/version.h new/imapfilter-2.5.5/src/version.h --- old/imapfilter-2.5.4/src/version.h 2013-04-09 21:45:51.000000000 +0200 +++ new/imapfilter-2.5.5/src/version.h 2013-06-08 11:25:04.000000000 +0200 @@ -3,7 +3,7 @@ /* Program's version number. */ -#define VERSION "2.5.4" +#define VERSION "2.5.5" /* Program's copyright. */ #define COPYRIGHT "Copyright (c) 2001-2013 Eleftherios Chatzimparmpas" -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org