commit 7cbf58df31dca41e13d04b801117acf187b88b7a (HEAD -> master, tag: v0.90, origin/master, origin/HEAD) Author: Phil Pennock Date: 2019-03-29 17:07:23 -0400 Update copyright years; correct README re license commit 00a60e60bd73f11238d2898196c2e8b0f98bbe98 (origin/pr/10) Author: Vincent Breitmoser Date: 2018-10-23 16:50:19 +0200 use .sieve extension for temporary file This helps editors recognize the file type, and start in the appropriate editing mode. commit 82f614b00b6a50b2e211db7593027c1323a8c1e3 (origin/pr/9) Author: Johan Vromans Date: 2018-07-24 10:04:13 +0200 Fix RE errors (will be fatal in perl 5.30). commit f7cf58fb68013e4f0bfb0506502155b113e25e6f (tag: v0.89) Author: Phil Pennock Date: 2017-02-14 19:06:15 -0500 Security robustness stance: drop . from @INC commit 0d3dedfc479018eef4d76502edfb42dc0416f75d Author: Phil Pennock Date: 2017-01-07 23:32:55 +0000 much shorter --help; --passwordfd example in docs * There is so much help text in the options section that the pod2usage defaults are unfriendly in this command; drop to just the synopsis, with prelude text hinting at `--man`. * Supply an example of using `--passwordfd` in shell, using here-strings. commit 1ef355448d3f3d216956b8561777b727085397d3 Author: Phil Pennock Date: 2016-08-29 17:05:46 -0400 Update copyright year commit 92ae1c107a75732382b70968e767bd319c2cdca2 Author: Gernot Schulz gernot@intevation.de Date: 2016-05-25 15:26:16 +0200 Version-based CAPA munging: handle Kolab/nocaps This patch adds support for the special case of patched Cyrus servers which behave differently from what sieve-connect would infer from their version numbers. Some modern servers get patched to not resend their capabilities after STARTTLS. For example, Kolab's Cyrus gets patched this way to ensure compatibility with older Kontact versions (Cyrus timsieved v2.3.16-kolab-nocaps). sieve-connect simply needs to do nothing in regards to compatibilities after STARTTLS in this case. This patch applies this behavior to any Cyrus servers which carry "nocaps" in their version string. Approved-By: Phil Pennock commit f245a4c621f4b866978d7a74dbdca8c9025cae6a Author: Phil Pennock Date: 2016-08-29 16:40:49 -0400 Exit 1 if warnings seen if non-interactive If used interactively, humans make silly typos and recover. If not interactive, those problems are actual errors which should cause us to exit non-zero for tooling to be able to rely upon `$?`. (I'm embarrassed to have let this slip through, but it's a result of the history: initially interactive, then scriptability added.) To avoid missing some corner case, we just capture all calls to warn() if non-interactive, and track things that way, instead of introducing a new function. Ah Perl, ♡ you so. commit df005a607db10e488a62e0fada425da6d7ac84a8 Author: Phil Pennock Date: 2016-08-29 16:21:22 -0400 nit: brace placement commit 8ec2d1d5d0bd4bee1e96f23322f20edbd5dbee5d Author: Phil Pennock Date: 2016-08-29 15:52:24 -0400 Require TLS verification to work Philipp Erbelding filed a bug-report and PR to fix that if TLS verification was requested but no CA file or path is available, sieve-connect should die. Which was good, but not enough. Our handling here was to silently fall back to non-TLS cleartext if the server did not advertise the STARTTLS capability. That was an unhappy compromise back when many did not configure TLS and the difficulty of persuading that TLS should be configured was high(er). But the world has moved on, so let's try to fix this. Hey, our major number is still 0. With this: * unless `--clearchan` is passed on the command-line, if TLS verification is enabled then `--noclearchan` is implicitly assumed + unless `$SIEVECONNECT_INSECURE_CLEARTEXT_FALLBACK` set non-empty in environment + so, can change invocation, or set an obnoxious educational environment variable, but the default is better * Failure to find CA information means verification must fail, so abort before even trying to connect (unless `--clearchan` enabled per above) * slightly better debug logging for when this bites people Tested via temporarily commenting out `tls_cert_file` in `imapd.conf` for Cyrus IMAP. commit 00b7487a4caec7af4a64ef502a3a54bcffd9d46e Author: Phil Pennock Date: 2015-06-28 01:41:12 +0000 Remote sieve name should be basename of local *POSSIBLY BREAKING CHANGE* If user specifies a path to a local sieve script, then we were using the full path for upload to the remote sieve server. Now we use the basename, so everything after the last directory separator. RFC 5804 does not disallow a directory separator, but timsieved does. It seems likely that most servers will. A remote name with directory separators can still be explicitly specified. This change tries to make the inferred name choice smarter. Folks using `/` or `\` in path-names, where the remote server allows this, may be affected. In practice, I believe that breakage is unlikely. commit 3e4d4707ab119f0a3800fc16a0cb8d6ac4e585b3 Author: Phil Pennock Date: 2015-06-28 01:13:06 +0000 Docs: provide EXAMPLES & AVAILABILITY sections commit 8af70c68574ecb0dbc5dfb0055233f75973d6d03 Author: Phil Pennock Date: 2014-02-04 19:59:14 -0800 Interactive 'debug' command if --debug It can be useful to toggle debug off after connection has been established and authenticated, etc. So at the REPL, provide a `debug` command, but only if invoked with `--debug`. commit 23ac5922d0ca50c016e999efa4ead460ab62ff95 Author: Phil Pennock Date: 2014-02-04 19:47:37 -0800 Support --tlshostname option Useful for confirming behaviour when using a different hostname to any found in the certificate -- ideally, fix the certificates. But we're a tool used by admins debugging, so let people debug! commit 5ec0bcbeaeff1542d639de4723a3cd89654a8def Author: Phil Pennock Date: 2013-12-05 03:36:27 -0500 Handle .local in domains better (undef fix) The public domain search can return undef, if the current host is not in a public domain at all (ie, `foo.local`). Deal with the consequences. commit a82c683050183d2eb501cc5a34513cb17d11454d (tag: v0.87) Author: Phil Pennock Date: 2013-12-03 20:27:30 -0500 Various documentation cleanups. Options are shortest unique prefices, so say so. Then fix the documented `--check` to be its full `--checkscript`. Describe in the _docs_ what's meant by a Perl port specification and what the implications are. Drop the patronising text around the action options; how embarrassing, that I once wrote such garbage. Instead, actually bother documenting the options. Fix the ENVIRONMENT section to reference all the vars now honoured. Reference Mozilla::PublicSuffix in PREREQUISITES. Various typos cleaned. commit af2059adec380652f5802e92ebf39bfade061864 Author: Phil Pennock Date: 2013-11-18 09:04:54 -0800 Give --tlscertfingerprint with explicit digest alg Embedding a hard-coded choice of SHA1 violates algorithmic agility; rather than constrain to my preferred choice, this should be given as part of the option. Also switched the option name to contain `cert` because there are multiple digest types available in this situation and we're matching the certificate digest (everything issued), not the public key digest (which would be constant as new certificates are issued for the same key). We might add support for pubkey-based fingerprints later. Explicitly pull in Net::SSLeay, with a version constraint, since we now rely upon it for a top-level feature. We require v1.37. Debian oldstable (wheezy) is on 1.36, RHEL6 appears to be on 1.35. Those are old enough that we can't reasonably sustain support for them while providing useful modern security features. Make sure to debug-log when the FP check succeeds, so the user can see feedback indicating that validation did actually occur. commit e0213504886f0d8283a51ee1846400e3409e97f4 (origin/pr/2) Author: lukas227 Date: 2013-11-18 11:46:44 +0100 add support for fingerprint pinning via parameter commit bd2230acc24fdf06f6c8b03c2505f303c6758b99 Author: Phil Pennock Date: 2013-10-29 17:58:51 -0400 Be clearer about port specification meaning The debug messages understandably led a user astray, because when seeing `sieve(4190)` they thought that meant port 4190, not that this was the port specification being passed down ("try to find 'sieve' in /etc/services (or other getservent source) and use 4190 as a fallback"). Fix the debug message to notice when the port is being given in this form and tack on an explanation. Issue a debug warning, the first time evaluating this, if services lists a different value, to highlight the conflict and aid in debugging. Fix the debug message for SRV records to not use the previous port definition in the 'old' status logging, because the port number did not factor into the SRV lookup and the claim was slightly off. Thanks to Daniel Schulte for his patience when using the tool to debug. commit 1f25d45a8b6a555147ff12deae6a4c9ccc4a0ee5 Author: Phil Pennock Date: 2013-10-29 17:29:36 -0400 Honor SSL_CERT_DIR & SSL_CERT_FILE env vars The Perl IO::Socket::SSL keeps us from benefitting from OpenSSL defaults initialisation for CA certificates location. Before we ask the OpenSSL binary for locations, we now do the same thing that the library init would do, and preferentially honour `$SSL_CERT_DIR` and then `$SSL_CERT_FILE` as locations. I've also corrected the POD documentation on this topic, which was out of date. commit 3c93d73443a2e94bb8393c0b354a279a02059040 Author: Phil Pennock Date: 2013-07-27 16:28:27 -0400 SSL certs location: bugfixes, check more places. Issue #1 is a report from LEVAI Daniel that the recent certs-finding functionality is broken on OpenBSD, because of an assumption that if we can find OPENSSLDIR from openssl(1), then certs/ within that must be valid. Made a validity check for a given dir; not existing is silent, but existing and unusable triggers debug messages. It checks for being a dir and having filenames ending ".0" inside that directory. Bug-fixed stderr-handling around the search. If openssl doesn't give us a location, and none of the file candidates exist, then check a few locations for SSL_ca_path directory candidacy. Fixes #1 commit b3ebacea45b92dc1c67e393371b380391c209fb7 Author: Phil Pennock Date: 2013-06-02 05:09:41 -0400 "edit" functionality, some stability cleanups. Ian Campbell contributed code to add an "edit" command, which downloads a script, invokes a text editor, checks it and then uploads it. I've mutilated his contribution; first, to not just use sensible-editor but check for environment variables $VISUAL then $EDITOR, then try sensible-editor, then vi (because it's the classic default, not because it's good for newcomers -- if you don't like it, use env or implement the sensible-editor system). Then I made it dependent upon having VERSION capability because it uses CHECKSCRIPT which is also dependent upon having VERSION. Alas, my server is old and does not support CHECKSCRIPT, so I can't be 100% sure this works, but "correct by inspection". *cough* Added a SIGPIPE handler to abort a little more cleanly. Tracked lost connections better, to abort cleanly. Uncovered that when getting a response from a server with a string literal, I was not reading the CRLF which follows the string, so was ending up unsynchronized. Fixed. Better return codes from functions. commit 416e1bb126c26e397c23a24b53548d7bfbb45581 Author: Phil Pennock Date: 2013-06-02 03:42:54 -0400 Ask OpenSSL for certs location, fallback fixed list Invoke the openssl command, handle failure, fallback to checking some paths for certs; the default paths are taken from golang's TLS support. commit d843bb5a010c8145ed10ebbf2c89a75bbb0aff9a (tag: v0.85.1) Author: Phil Pennock Date: 2013-04-21 23:34:35 -0400 Plumbing for git instead of svn Use git tags for version numbers commit 1dd818b5f087966d9bdecc44dcc60f9b0350635e (tag: v0.85) Author: Phil Pennock Date: 2013-04-14 00:29:13 +0000 Fix TLS verification; find server by own hostname & SRV. * TLS hostname verification was not actually happening. I'm mortified. * IO::Socket::SSL requirement bumped to 1.14 (was 0.97). * By default, if no server specified, before falling back to localhost try to use the current hostname and SRV records in DNS to figure out if Sieve is available. Checks for sieve, imaps & imap protocol SRV records and honours target==. to mean "no". * This works better with the Mozilla::PublicSuffix module installed. * Added ability to blacklist authentication mechanisms commit 0602a3462403d3b9f0f0dab3d572215dcf49bff9 (tag: v0.84) Author: Phil Pennock Date: 2012-11-29 06:09:01 +0000 Command-line options for TLS CA cert locations [Till Maas] Till Maas provided a patch adding --tlscapath and --tlscafile options. I've adjusted that so that, for debugging clarity, if --tlscafile is specified then the --tlscapath equivalent configuration is removed from the SSL options, so that we only pass one or the other to SSL setup. Removed some tabs from the POD text. Minor POD cleanups. Debug-log where we'll be grabbing SSL CA certs from. Use -T- for all TLS-specific debug logging. commit c3f7d3588d4bd2dffe4602d370e6bef3ae8661cf Author: Phil Pennock Date: 2012-05-24 00:13:26 +0000 Negotiate any TLSv1.0+ protocol. If /etc/ssl/certs does not exist, try to find a certs dir by asking OpenSSL. commit 4a21c9c14342497395161d408828a2e375b0fa70 Author: Phil Pennock Date: 2011-04-02 10:08:47 +0000 Update copyright year. Note that spec is in an RFC, not a draft. commit 77dff4a70537ce63448ede21d3f6dab368eb4249 Author: Phil Pennock Date: 2011-04-02 10:05:16 +0000 Accept a STARTTLS response of >OK<, not just >OK "some text"<. Reported by: Piotr Sikora (patch provided, not used but trivially similar) commit d5cd06dcd740b3230f3f5fdc6578a73658cc7e2f Author: Phil Pennock Date: 2011-01-10 09:07:12 +0000 Version display includes Net::DNS [deferred commit; Aug 5th 2010] commit 19504d06dc7a201a905fa3814ca6adec6c976b0d (tag: v0.77) Author: Phil Pennock Date: 2010-08-05 07:57:28 +0000 Mailing-list. Update README to better reflect current state of affairs. Likewise TODO. commit a765fbdfb6a424513ad00ff55678325ea4f1bf76 (tag: v0.76) Author: Phil Pennock Date: 2010-08-05 07:18:05 +0000 Use SRV records for _sieve._tcp. Add --nosrv to inhibit this. Try multiple hosts, iterating through SRV results. [Adds Net::DNS dependency, and SRV weighted prioritised sorting is not supported] commit 292470e2ddd462f6a9766c6b1bc41fd7cbccd137 (tag: v0.75) Author: Phil Pennock Date: 2010-08-05 06:20:06 +0000 Change default port to 4190 for RFC 5804. Move default port to (top of) user-serviceable area. Provide a BUGS-section discussion of this. Make the --debug message for connection establishment report the port connected to. commit fc53c5a00bb34ba92cb2dc13fca033818b59b967 (tag: v0.74) Author: Phil Pennock Date: 2010-08-05 06:05:06 +0000 Implement CHECKSCRIPT. WARNING: UNTESTED (need to find a test server that actually supports this) Add version-checking and --ignoreserverversion to override that. Fix hostname check to permit a colon, for IPv6 addresses; reported-by: Alexander Sulfrian commit d04d21eaf8a798e262f3fa6f2055aa0f962207b4 Author: Phil Pennock Date: 2010-04-29 00:13:32 +0000 Fix copyright year. commit 548dcf14d02861520c984a28423c9104c804d8e5 Author: Phil Pennock Date: 2010-04-29 00:12:44 +0000 Provide --notlsverify option, based on patch from Heiko Schlittermann. commit ee8553963ccfb5e693c705cd635129f3e0d4d9a6 Author: Phil Pennock Date: 2009-12-01 20:18:35 +0000 Pod::Text does not have the methods I used. It looks like I was using interfaces from Pod::Simple::Text, thus the "man" command could never have worked. That, or the API changed significantly. Make "man" work again. Make it optional, conditional upon Pod::Simple::Text being available. When showing command aliases in "help", sort them. commit df98a9f931fa3a5e5ebd361d681b2893d3cbd4bb (tag: v0.69) Author: Phil Pennock Date: 2009-03-29 23:29:08 +0000 For Gnu readline, when debugging, force a call to display-readline-version. localise the $| setting in the non-RL prompter. Add notes to the README about the perl segfault issue (Term::ReadLine::Gnu). commit b6f5aa626233db59f6917ca75e095f213d542e46 Author: Phil Pennock Date: 2009-03-29 18:56:04 +0000 Copyright update (make dist caught it) commit 10258cb723b7903495708c191637c3b50991cf0b Author: Phil Pennock Date: 2009-03-29 18:53:54 +0000 Cyrus timsieved workaround for 2.3.13 to 2.3.x where x >= 13. commit 1377837b977376987bedecd88db300348742cec1 (tag: v0.65) Author: Phil Pennock Date: 2008-11-15 02:16:38 +0000 Version-dependent server-IMPLEMENTATION check for NOOP. :-( --debugsasl option to split off that debugging. Simplified --debug --version with no strict refs. commit 5ec209549938d20ba94d6dbec849476e8f9f7af6 Author: Phil Pennock Date: 2008-11-15 01:41:20 +0000 Debug bit-length, set externalssf for SASL. commit d5e923a0d18948b80d0da657a6b4cf94c066359a Author: Phil Pennock Date: 2008-11-15 01:04:12 +0000 Allow --debug --version to reveal more. commit c1322a44ff55d89b9b7f07e5600a652242abda98 Author: Phil Pennock Date: 2008-09-15 05:11:04 +0000 draft-martin-managesieve-12.txt is out, NOOP response changed. Handle it (by making into a calling error something we weren't doing). commit f845032bba6df92d7ffc05df405fb0e8f57fc624 Author: Phil Pennock Date: 2008-07-22 05:28:43 +0000 WARNING: UNTESTED because there's not a server I know of to test this against. Implement NOOP as an official command which might return OK. Various comment fixes. commit 413a508baba34bca9704310fda7df2be671ecdef Author: Phil Pennock Date: 2008-05-22 22:00:14 +0000 Comment fix re STARTTLS->CAPABILITY reality. commit 595d95157dff2f25b7b8bda1f77a946f3ff09f9a (tag: v0.57) Author: Phil Pennock Date: 2008-04-23 05:45:51 +0000 Authen::SASL 2.11 is out. Adjust to use it. commit 2ae662f05c69edc847f15e4abff785350f94919d (tag: v0.56) Author: Phil Pennock Date: 2008-03-28 05:36:36 +0000 Yves is using the older Cyrus setup which doesn't automatically send a capability response and noted that the NOOP->NO logic was broken by the new checks on capabilities. Attempted to fix it. Will publicly release this fix if this is confirmed to work. commit dfb59fca7f23fff7b28377f20ae77774f479434b Author: Phil Pennock Date: 2008-03-24 07:10:14 +0000 Condense copyright years. Confirms that grep pattern in Makefile works. :^) commit 65f44ba336b4ae6723a081f4e562d3de0c6c54c3 Author: Phil Pennock Date: 2008-03-24 07:00:08 +0000 Copyright update: it's 2008 now and there have been logic changes. commit 18a4b7a59ba50fd10cf4e8aabc5ab9db52d0824e (tag: v0.52) Author: Phil Pennock Date: 2008-03-24 06:10:07 +0000 Do final server verification if Authen::SASL::Perl is newer than the current version. Revisit this? commit 691575e7e552cc2839b9ea8f6f2443002c32c775 Author: Phil Pennock Date: 2008-03-24 04:53:57 +0000 When repeating parameters, strip off to basename so that can put a pathname and end up uploading a filename. commit c20cc3dedcc53b8bcbe1ba6feb3123e106a07a8e Author: Phil Pennock Date: 2008-03-24 03:21:08 +0000 Skip aNULL TLS ciphers too. Documentation update re GSSAPI and added a TODO commit 1a1a633f9655820adb255f5cee2ae94f1e4fdb3d Author: Phil Pennock Date: 2008-03-24 02:37:32 +0000 Handle OK followed by data at end of capability response. Is legit. Reported by Can Burak Cilingir to Debian. Support empty capability value "" in some special cases. Noted in debug output in Can's bug-report. Capability names are case-insensitive, deal accordingly. More robustness against dropped connections (debugging against pysieved). Handle a + in a literal length in a place where it was missed. commit d9b4d31b7c55d88f91efa7486d2318b0edb764e5 Author: Phil Pennock Date: 2008-01-03 08:32:29 +0000 Renamed --dumpsslinfo to --dumptlsinfo but kept old name too since it's as likely to be used by someone going from memory. Documented --dumptlsinfo. Sent the PEM to stderr ipv stdout. commit 0a250164e0fea825402e109173588c2811b4dfff Author: Phil Pennock Date: 2008-01-03 08:24:18 +0000 --dumpsslinfo to show the SSL cert info and, if debugging, the PEM cert. commit 647a14cd716dda1d769f2cf438fc55dc3f8e321f Author: Phil Pennock Date: 2008-01-03 00:54:15 +0000 Debug traces now include trailing \r\n etc. commit 4b8e7b9db24e87dd138ec78c4d8a7c88f27aafdf (tag: v0.44) Author: Phil Pennock Date: 2008-01-02 01:18:19 +0000 MultiHomed => 1 (try multiple IPs, incl. IPv4 when service not listening on IPv6) commit da01f86159893b564ca352d0eaf33ee9a7af2b6a (tag: v0.43) Author: Phil Pennock Date: 2007-12-27 02:31:10 +0000 Cyrus 2.3.11 broke sieve-connect by sending an unrequested CAPABILITY response after finishing TLS negotiations. This leads to protocol ambiguity; work around it by sending a non-existent command (NOOP), expecting to see a NO response; if we get a CAPABILITY response first then use that, otherwise issue a CAPABILITY command as per normal. commit 5a3c992ccd28716d0b2f46a2d32ca251e1a3014d (tag: v0.42) Author: Phil Pennock Date: 2007-12-06 07:14:19 +0000 Properly restrict the tab-completion stuff to only be set up if Term::ReadLine is Term::ReadLine::Gnu. Fixes warnings on MacOS X from uninitialised variables ($quote, from $rl_attribs->{completion_quote_character} at what was line 1008, now 1010). commit 22cd88948f3c194a448b3fbe5c91c1837b718f9b (tag: v0.41) Author: Phil Pennock Date: 2007-11-24 14:57:45 +0000 Comment explaining why $authconversation->code() not checked in final verification. commit 0394947c02947f7faa44653ca7dd85a7c77788a6 Author: Phil Pennock Date: 2007-11-24 14:30:13 +0000 Version commit 7d7d72f69af14a2399eb449a922751a8d75c23b6 (tag: v0.39) Author: Phil Pennock Date: 2007-11-20 02:40:36 +0000 Put the new SASL error checking in after the client_step() too. commit 44a873f42fa68c49abc914a631a2c58c147c3a53 Author: Phil Pennock Date: 2007-11-20 02:38:43 +0000 Turns out, can use methods on the SASL client object to detect an error and report it. Do so. Now highlights when GSSAPI fails because there's no server principal (which raises questions as to why the mechanism would be advertised in that case). bugfix a die() -> closedie() (audited for other occurences, none found) commit c43a8a3ce1db33ca81a691db57f7a132fa444029 (tag: v0.33) Author: Phil Pennock Date: 2007-06-09 00:58:49 +0000 Moved the defaults for $forbid_* up to the user-configurable section. commit e19bdd90070aa2073c1f107547dd22f5b5a134dd Author: Phil Pennock Date: 2007-06-07 08:39:23 +0000 --noclearauth, --noclearchan Makefile: install-* targets dependent upon files being installed. commit 3c02835329288f86bc6883136241bc46516e3b61 (tag: v0.30) Author: Phil Pennock Date: 2007-06-05 07:52:50 +0000 Make generated man-page slightly cleaner syntactically. Should make whatis indices correct. commit 71be07951849dff0f4f8f54649960416ffff86a5 Author: Phil Pennock Date: 2007-06-05 07:15:13 +0000 Make manpage & PGP sig; change title line in man-page. commit df2aa74788a90f68e88abfe7e37cd5d8f7d7a7c8 Author: Phil Pennock Date: 2007-06-05 06:48:08 +0000 Started packaging up sieve-connect. commit 0ab03c1cc5cad24e88b4c7901e5172020db8a478 Author: Phil Pennock Date: 2007-06-05 05:44:52 +0000 sieve_connect -> sieve-connect