From 05e658bd492cdc90b11841d7a80940ecdab07c93 Mon Sep 17 00:00:00 2001 From: Oswald Buddenhagen Date: Sun, 24 May 2015 18:20:06 +0200 Subject: [PATCH 1/8] less technical info no point in listing IMAP extensions in the README --- README | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/README b/README index fba2770..8bac581 100644 --- a/README +++ b/README @@ -31,9 +31,8 @@ isync executable still exists; it is a compatibility wrapper around mbsync. * Partial mirrors possible: keep only the latest messages locally * Trash functionality: backup messages before removing them * IMAP features: - * Supports TLS/SSL via imaps: (port 993) and STARTTLS (RFC2595) - * Supports SASL (RFC4422) for authentication - * Supports NAMESPACE (RFC2342) for simplified configuration + * Supports TLS/SSL via imaps: (port 993) and STARTTLS + * Supports SASL for authentication * Pipelining for maximum speed * Compatibility From 570023c9a3aad2140598c45360bf6be22960bab6 Mon Sep 17 00:00:00 2001 From: Oswald Buddenhagen Date: Sun, 24 May 2015 18:20:18 +0200 Subject: [PATCH 2/8] list more deps (sasl and zlib) --- README | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README b/README index 8bac581..03890d1 100644 --- a/README +++ b/README @@ -62,6 +62,8 @@ isync executable still exists; it is a compatibility wrapper around mbsync. Berkeley DB 4.1+ (optional) OpenSSL for TLS/SSL support (optional) + Cyrus SASL (optional) + zlib (optional) * Installation From 57a0920fcbfb9201f0b9e898d66c3232545aae23 Mon Sep 17 00:00:00 2001 From: Oswald Buddenhagen Date: Sat, 18 Jul 2015 18:17:07 +0200 Subject: [PATCH 3/8] fix configure for static libdb, libnsl, and libsocket the right variable to put libraries into is LIBS, not LDFLAGS. REFMAIL: CAABPU68s3uy0Gv-vfAGzeNn0s5Ow--+p+y8W7xE7US_7iXpdjw@mail.gmail.com --- configure.ac | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/configure.ac b/configure.ac index aa6708d..1e46bd0 100644 --- a/configure.ac +++ b/configure.ac @@ -36,10 +36,10 @@ AC_CHECK_LIB(nsl, inet_ntoa, [SOCK_LIBS="$SOCK_LIBS -lnsl"]) AC_SUBST(SOCK_LIBS) have_ipv6=true -sav_LDFLAGS=$LDFLAGS -LDFLAGS="$LDFLAGS $SOCK_LIBS" +sav_LIBS=$LIBS +LIBS="$LIBS $SOCK_LIBS" AC_CHECK_FUNCS(getaddrinfo inet_ntop, , [have_ipv6=false]) -LDFLAGS=$sav_LDFLAGS +LIBS=$sav_LIBS if $have_ipv6; then AC_DEFINE(HAVE_IPV6, 1, [if your libc has IPv6 support]) fi @@ -141,15 +141,15 @@ AC_SUBST(SASL_LIBS) AC_CACHE_CHECK([for Berkeley DB >= 4.1], ac_cv_berkdb4, [ac_cv_berkdb4=no - sav_LDFLAGS=$LDFLAGS - LDFLAGS="$LDFLAGS -ldb" + sav_LIBS=$LIBS + LIBS="$LIBS -ldb" AC_TRY_LINK([#include ], [DB *db; db_create(&db, 0, 0); db->truncate(db, 0, 0, 0); db->open(db, 0, "foo", "foo", DB_HASH, DB_CREATE, 0)], [ac_cv_berkdb4=yes]) - LDFLAGS=$sav_LDFLAGS + LIBS=$sav_LIBS ]) if test "x$ac_cv_berkdb4" = xyes; then AC_SUBST([DB_LIBS], ["-ldb"]) From 8979ebbdf221f51290fffbf941f7c517c2bf7ae0 Mon Sep 17 00:00:00 2001 From: Oswald Buddenhagen Date: Tue, 1 Sep 2015 14:21:45 +0200 Subject: [PATCH 4/8] tolerate case changes in X-TUID header name it is legal for an email system to simply change the case of rfc2822 headers, and at least one imap server apparently does just that. this would lead to us not finding our own header, which is obviously not helpful. REFMAIL: CA+fD2U3hJEszmvwBsXEpTsaWgJ2Dh373mCESM3M0kg3ZwAYjaw@mail.gmail.com --- src/common.h | 1 + src/drv_imap.c | 2 +- src/sync.c | 2 +- src/util.c | 16 ++++++++++++++++ 4 files changed, 19 insertions(+), 2 deletions(-) diff --git a/src/common.h b/src/common.h index 238af79..18390f3 100644 --- a/src/common.h +++ b/src/common.h @@ -116,6 +116,7 @@ void *memrchr( const void *s, int c, size_t n ); #endif int starts_with( const char *str, int strl, const char *cmp, int cmpl ); +int starts_with_upper( const char *str, int strl, const char *cmp, int cmpl ); int equals( const char *str, int strl, const char *cmp, int cmpl ); #ifndef HAVE_TIMEGM diff --git a/src/drv_imap.c b/src/drv_imap.c index a0c13e0..608a2d3 100644 --- a/src/drv_imap.c +++ b/src/drv_imap.c @@ -967,7 +967,7 @@ parse_fetch_rsp( imap_store_t *ctx, list_t *list, char *s ATTR_UNUSED ) tmp = tmp->next; if (!is_atom( tmp )) goto bfail; - if (starts_with( tmp->val, tmp->len, "X-TUID: ", 8 )) + if (starts_with_upper( tmp->val, tmp->len, "X-TUID: ", 8 )) tuid = tmp->val + 8; } else { bfail: diff --git a/src/sync.c b/src/sync.c index eb444e0..4fb2026 100644 --- a/src/sync.c +++ b/src/sync.c @@ -338,7 +338,7 @@ msg_fetched( int sts, void *aux ) if (c == '\r') lcrs++; else if (c == '\n') { - if (starts_with( fmap + start, len - start, "X-TUID: ", 8 )) { + if (starts_with_upper( fmap + start, len - start, "X-TUID: ", 8 )) { extra = (sbreak = start) - (ebreak = i); goto oke; } diff --git a/src/util.c b/src/util.c index 6851c6f..f05eec6 100644 --- a/src/util.c +++ b/src/util.c @@ -27,6 +27,7 @@ #include #include #include +#include #include static int need_nl; @@ -241,6 +242,21 @@ starts_with( const char *str, int strl, const char *cmp, int cmpl ) return (strl >= cmpl) && !memcmp( str, cmp, cmpl ); } +int +starts_with_upper( const char *str, int strl, const char *cmp, int cmpl ) +{ + int i; + + if (strl < 0) + strl = strnlen( str, cmpl + 1 ); + if (strl < cmpl) + return 0; + for (i = 0; i < cmpl; i++) + if (str[i] != cmp[i] && toupper( str[i] ) != cmp[i]) + return 0; + return 1; +} + int equals( const char *str, int strl, const char *cmp, int cmpl ) { From 682a05a6765cf1f4a0c7b02bb58940ac0f60f632 Mon Sep 17 00:00:00 2001 From: Oswald Buddenhagen Date: Mon, 7 Sep 2015 12:23:12 +0200 Subject: [PATCH 5/8] mention safety of concurrent access; wording improvements --- README | 8 +++++--- src/mbsync.1 | 7 +++++-- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/README b/README index 03890d1..f04430f 100644 --- a/README +++ b/README @@ -14,11 +14,13 @@ currently Maildir and IMAP4 mailboxes are supported. New messages, message deletions and flag changes can be propagated both ways. ``mbsync'' is suitable for use in IMAP-disconnected mode. -Synchronization is based on unique message identifiers (UIDs), so no -identification conflicts can occur (as opposed to some other mail +Synchronization is based on unique message identifiers (UIDs), so +no identification conflicts can occur (unlike with some other mail synchronizers). Synchronization state is kept in one local text file per mailbox pair; -multiple replicas of a mailbox can be maintained. +these files are protected against concurrent ``mbsync'' processes. +Mailboxes can be safely modified while ``mbsync'' operates. +Multiple replicas of each mailbox can be maintained. isync is the project name, while mbsync is the current executable name; this change was necessary because of massive changes in the user interface. An diff --git a/src/mbsync.1 b/src/mbsync.1 index b24a854..fc572b2 100644 --- a/src/mbsync.1 +++ b/src/mbsync.1 @@ -35,11 +35,14 @@ New messages, message deletions and flag changes can be propagated both ways; the operation set can be selected in a fine-grained manner. .br Synchronization is based on unique message identifiers (UIDs), so no -identification conflicts can occur (as opposed to some other mail synchronizers). +identification conflicts can occur (unlike with some other mail synchronizers). OTOH, \fBmbsync\fR is susceptible to UID validity changes (that \fIshould\fR never happen, but see "Compatibility" in the README). Synchronization state is kept in one local text file per mailbox pair; -multiple replicas of a mailbox can be maintained. +these files are protected against concurrent \fBmbsync\fR processes. +Mailboxes can be safely modified while \fBmbsync\fR operates +(see \fBINHERENT PROBLEMS\fR below for a minor exception). +Multiple replicas of each mailbox can be maintained. .. .SH OPTIONS .TP From cda596d530c697e265d6de2ea66147a31a26c9b6 Mon Sep 17 00:00:00 2001 From: Oswald Buddenhagen Date: Sun, 27 Sep 2015 11:47:45 +0200 Subject: [PATCH 6/8] remove legacy (bsd-style) locking flock() may be implemented via fcntl(), which may cause the process to deadlock itself when trying to apply both types of locks. this is the case even on linux when the file lives on NFS. it's unlikely that anything except mbsync would try to access the .uidvalidity files anyway, so there is no point in trying to be compatible with anything else ... REFMAIL: uddy4g589ym.fsf@eismej-u14.spgear.lab.emc.com --- src/drv_maildir.c | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/src/drv_maildir.c b/src/drv_maildir.c index b9ed463..a94b01f 100644 --- a/src/drv_maildir.c +++ b/src/drv_maildir.c @@ -33,15 +33,10 @@ #include #include #include -#include #include #include #include -#ifdef __linux__ -# define LEGACY_FLOCK 1 -#endif - #if !defined(_POSIX_SYNCHRONIZED_IO) || _POSIX_SYNCHRONIZED_IO <= 0 # define fdatasync fsync #endif @@ -550,13 +545,6 @@ maildir_uidval_lock( maildir_store_t *ctx ) /* The unlock timer is active, so we are obviously already locked. */ return DRV_OK; } -#ifdef LEGACY_FLOCK - /* This is legacy only */ - if (flock( ctx->uvfd, LOCK_EX ) < 0) { - error( "Maildir error: cannot flock UIDVALIDITY.\n" ); - return DRV_BOX_BAD; - } -#endif /* This (theoretically) works over NFS. Let's hope nobody else did the same in the opposite order, as we'd deadlock then. */ #if SEEK_SET != 0 @@ -628,10 +616,6 @@ maildir_uidval_unlock( maildir_store_t *ctx ) #endif /* USE_DB */ lck.l_type = F_UNLCK; fcntl( ctx->uvfd, F_SETLK, &lck ); -#ifdef LEGACY_FLOCK - /* This is legacy only */ - flock( ctx->uvfd, LOCK_UN ); -#endif } static void From 89dc7592eea3f7b2804c2ec09f58c877ad096fef Mon Sep 17 00:00:00 2001 From: Oswald Buddenhagen Date: Sun, 27 Sep 2015 12:13:34 +0200 Subject: [PATCH 7/8] don't crash when dns lookup fails (ipv6 path) we call socket_connect_bail() when getaddrinfo() failed, so it must deal with no addrinfo being there yet. --- src/socket.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/socket.c b/src/socket.c index 5c1ce93..9fd6eca 100644 --- a/src/socket.c +++ b/src/socket.c @@ -520,7 +520,10 @@ static void socket_connect_bail( conn_t *conn ) { #ifdef HAVE_IPV6 - freeaddrinfo( conn->addrs ); + if (conn->addrs) { + freeaddrinfo( conn->addrs ); + conn->addrs = 0; + } #endif free( conn->name ); conn->name = 0; From e054c575ead9d5b640ef6987f16691cb9e71ede9 Mon Sep 17 00:00:00 2001 From: Oswald Buddenhagen Date: Fri, 6 Nov 2015 08:29:05 +0100 Subject: [PATCH 8/8] fix CertificateFile docs & samples the mbsync manual says explicitly that the system's default certificate store should *not* be specified. however, the isync manual talked about CA certificates, which is (and always was) exactly wrong. also adjust both .sample rc files. --- src/compat/isync.1 | 7 ++++++- src/compat/isyncrc.sample | 2 +- src/mbsyncrc.sample | 1 - 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/src/compat/isync.1 b/src/compat/isync.1 index 527ca6a..fb9900f 100644 --- a/src/compat/isync.1 +++ b/src/compat/isync.1 @@ -259,7 +259,12 @@ established with the IMAP server. (Default: \fIyes\fR) .. .TP \fBCertificateFile\fR \fIpath\fR -File containing X.509 CA certificates used to verify server identities. +File containing additional X.509 certificates used to verify server +identities. Directly matched peer certificates are always trusted, +regardless of validity. +.br +Note that the system's default certificate store is always used +and should not be specified here. .. .TP \fBUseSSLv2\fR \fIyes\fR|\fIno\fR diff --git a/src/compat/isyncrc.sample b/src/compat/isyncrc.sample index 5a6cf10..0bc5d35 100644 --- a/src/compat/isyncrc.sample +++ b/src/compat/isyncrc.sample @@ -3,7 +3,7 @@ # doesn't specify it. # SSL server certificate file -CertificateFile /etc/ssl/certs/ca-certificates.crt +CertificateFile ~/.isync.certs # by default, expunge deleted messages (same as -e on command line) Expunge yes diff --git a/src/mbsyncrc.sample b/src/mbsyncrc.sample index c7d61c7..d82d1b8 100644 --- a/src/mbsyncrc.sample +++ b/src/mbsyncrc.sample @@ -26,7 +26,6 @@ Pass xxxxxxxx # "Account Name" USERNAME # "Password" PASSWORD #PassCmd "/usr/bin/security find-internet-password -w -a USERNAME -s IMAPSERVER ~/Library/Keychains/login.keychain" -CertificateFile /etc/ssl/certs/ca-certificates.crt Channel work Master :work: