Commit Graph

773 Commits

Author SHA1 Message Date
Oswald Buddenhagen
47bdbb4aab enable TLS 1.1 and 1.2 by default
there is no reason not to, and debian even disabled 1.0 globally,
because it's (theoretically) too insecure in some contexts (BEAST
attack).

in the compat wrapper, the UseTLSv1 option has been re-interpreted as
v1.x, to avoid adding new options.
2017-08-19 13:15:19 +02:00
Oswald Buddenhagen
fed0dcc60e bump version 2017-08-05 20:28:52 +02:00
Oswald Buddenhagen
906dc989e4 mention the need for renaming Maildir files upon move
mu4e config line offered by Ben Maughan <benmaughan@gmail.com>.
2017-08-05 20:24:11 +02:00
Oswald Buddenhagen
ada0ae4b8e fix spurious decompression errors
while that's just bad api, inflate() can return Z_BUF_ERROR during
normal operation.

contrary to the zpipe example and what the documentation implies,
deflate() actually isn't that braindead. add respective comments.

REFMAIL: CALA3aExMjtRL0tAmgUANpDTnn-_HJ0sYkOEXWzoO6DVaiNFUHQ@mail.gmail.com
2017-07-30 18:47:30 +02:00
Oswald Buddenhagen
366ed7d762 improve zlib error reporting
zlib is not exactly thorough about always populating z_stream->msg, so
fall back to the error code if necessary.
2017-07-30 13:47:51 +02:00
Patrick Steinhardt
56515abe94 socket: use next addrinfo if opening socket fails
The `socket_connect_one` function previously did an `exit(1)` when
encountering any errors with opening the socket. This would break
connecting to a host where multiple possible addrinfos are returned,
where the leading addrinfos are in fact impossible to connect to. E.g.
with a kernel configured without support for IPv6, the `getaddrinfo`
call may still return a hint containing an IPv6 address alongside
another hint with an IPv4 address. Creating the socket with the IPv6
address, which will cause an error, lead us to exiting early without
even trying remaining hints.

While one can argue that the user should have compiled without HAVE_IPV6
or used an appropriate DNS configuration, we can do better by simply
skipping over the current addrinfo causing an error. To do so, we split
out a new function `socket_connect_next`, which selects the next
available address info and subsequently calls `socket_connect_one`
again. When no hints remain, `sock_connect_one` will error out at that
point.
2017-06-22 09:23:56 +02:00
Oswald Buddenhagen
62808c9003 autotest: use warnings 2017-04-01 20:25:58 +02:00
Oswald Buddenhagen
b45e711da5 autotest: remove stray close() call from printstate() 2017-04-01 20:25:53 +02:00
Oswald Buddenhagen
f934e995d6 don't populate sync record map with invalid UIDs
this would obviously just bloat the hash with nonsense, slowing down the
actual lookup later.
2017-03-14 11:36:25 +01:00
Oswald Buddenhagen
f62b3c7be9 fix mislabeling of test 2017-02-15 17:44:35 +01:00
Oswald Buddenhagen
3ebb066aba make -DN print also the sent data 2017-02-15 17:30:15 +01:00
Oswald Buddenhagen
2457b2baa3 don't arbitrarily limit UIDs to a billion, part 2
imap_find_new_msgs() had the same fixed limit as imap_load_box().

amends 815822d8.
2017-02-15 17:25:59 +01:00
Oswald Buddenhagen
67f4aeff1f standardize on 'int' for message sizes
that's what the sources already assumed anyway. size_t is total
overkill, as No Email Ever (TM) will exceed 2GiB.

this also fixes a harmless format string warning in 32 bit builds.
2016-12-29 14:10:35 +01:00
Oswald Buddenhagen
743968737c silence bogus [-Wmaybe-uninitialized] with -O0/-O1/-Os 2016-12-11 12:51:47 +01:00
Oswald Buddenhagen
ef0e7fdd3e accept NAMESPACE responses without hierarchy delimiter
RFC2342 states that the delimiter may be NIL, which some servers
apparently actually make use of.

REFMAIL: CAM0xXk_FQ83CPrd37iQCMKtc1B2P8=u-r5jX0n2WE5Y+3483nQ@mail.gmail.com
2016-12-04 11:26:06 +01:00
Oswald Buddenhagen
03e25db3b8 validate NAMESPACE response earlier
... and don't silently fail later on.
2016-12-04 11:14:34 +01:00
Oswald Buddenhagen
1a707ab156 inform user if LOGIN was skipped because of missing SSL
'AuthMechs *' technically includes LOGIN, so it is a bit unintuitive
when it's still not used.
2016-12-03 21:17:25 +01:00
Oswald Buddenhagen
1b235d3d46 make * not match LOGIN even in non-SSL builds
this is consistent with the plain text transmission warning below.
2016-12-03 21:13:49 +01:00
Oswald Buddenhagen
fdb03b91f2 be more helpful when no SASL mechanisms are available 2016-12-03 21:13:44 +01:00
Oswald Buddenhagen
2f91e22371 fix LOGIN in SASL builds
if AuthMechs includes more than just LOGIN and the server announces any
AUTH= mechanism, we try SASL. but that can still fail to find any
suitable authentication mechanism, and we must not error out in that
case if we are supposed to fall back to LOGIN.
2016-12-03 20:58:16 +01:00
Oswald Buddenhagen
bc51d0206a fix LOGIN in non-SASL builds
specifically, if AuthMechs included more than just LOGIN (which would be
the case for '*') and the server announced any AUTH= mechanism, we'd
immediately error out upon seeing it, thus failing to actually try
LOGIN.
2016-12-03 14:32:51 +01:00
Oswald Buddenhagen
815822d81c don't arbitrarily limit UIDs to a billion
the number was chosen to make queries more comprehensible when the
server sends no UIDNEXT, but it appears that such insanely large UIDs
actually show up in the wild. so send 32-bit INT_MAX instead.

note that this is again making an assumption: that no server uses
unsigned ints for UIDs. but we can't sent UINT_MAX, as that would break
with servers which use signed ints. also, *we* use signed ints (which is
actually a clear violation of the spec).

it would be possible to special-case the range [1,inf] to 1:*, thus
entirely removing arbitrary limits. however, when the range doesn't
start at 1, we may actually get a single message instead of none due to
the imap uid range limits being unordered. this gets really nasty when
we need to issue multiple queries, as we may list the same message
twice.

a reliable way around this would be issuing a separate query to find the
actual value of UID '*', to make up for the server not sending UIDNEXT
in the first place. this would obviously imply an additional round-trip
per mailbox ...
2016-11-20 13:05:08 +01:00
Oswald Buddenhagen
41308e4814 fix build with openssl 1.1
they finally made their structs opaque, and provided proper getters.
2016-07-24 11:58:57 +02:00
Oswald Buddenhagen
719d4a2437 prune obsolete #include
hmac.h was needed only for the cram-md5 implementation.
2016-07-24 11:58:09 +02:00
Oswald Buddenhagen
2648ef578f fix server certificate validation error reporting
use the right function to decode the error code.

found by Andrés Ramírez <sunshavi@fastmail.fm>.
2016-05-21 13:09:56 +02:00
Oswald Buddenhagen
e054c575ea fix CertificateFile docs & samples
the mbsync manual says explicitly that the system's default certificate
store should *not* be specified.
however, the isync manual talked about CA certificates, which is (and
always was) exactly wrong.
also adjust both .sample rc files.
2015-11-06 22:37:58 +01:00
Oswald Buddenhagen
89dc7592ee don't crash when dns lookup fails (ipv6 path)
we call socket_connect_bail() when getaddrinfo() failed, so it must deal
with no addrinfo being there yet.
2015-09-27 12:13:34 +02:00
Oswald Buddenhagen
cda596d530 remove legacy (bsd-style) locking
flock() may be implemented via fcntl(), which may cause the process to
deadlock itself when trying to apply both types of locks. this is the
case even on linux when the file lives on NFS.

it's unlikely that anything except mbsync would try to access the
.uidvalidity files anyway, so there is no point in trying to be
compatible with anything else ...

REFMAIL: uddy4g589ym.fsf@eismej-u14.spgear.lab.emc.com
2015-09-27 11:47:45 +02:00
Oswald Buddenhagen
682a05a676 mention safety of concurrent access; wording improvements 2015-09-07 12:35:12 +02:00
Oswald Buddenhagen
8979ebbdf2 tolerate case changes in X-TUID header name
it is legal for an email system to simply change the case of rfc2822
headers, and at least one imap server apparently does just that.
this would lead to us not finding our own header, which is obviously not
helpful.

REFMAIL: CA+fD2U3hJEszmvwBsXEpTsaWgJ2Dh373mCESM3M0kg3ZwAYjaw@mail.gmail.com
2015-09-01 15:40:54 +02:00
Oswald Buddenhagen
57a0920fcb fix configure for static libdb, libnsl, and libsocket
the right variable to put libraries into is LIBS, not LDFLAGS.

REFMAIL: CAABPU68s3uy0Gv-vfAGzeNn0s5Ow--+p+y8W7xE7US_7iXpdjw@mail.gmail.com
2015-07-18 18:17:07 +02:00
Oswald Buddenhagen
570023c9a3 list more deps (sasl and zlib) 2015-05-24 18:20:18 +02:00
Oswald Buddenhagen
05e658bd49 less technical info
no point in listing IMAP extensions in the README
2015-05-24 18:20:06 +02:00
Oswald Buddenhagen
a3b131b6e8 don't make bogus attempts at enabling compression
recycling server connections skips everything up to setting up the
prefix (Path/NAMESPACE). "everything" should obviously include enabling
compression, as that must be done at most once per connection.
2015-05-24 14:45:50 +02:00
Oswald Buddenhagen
4106de5c14 bump version 2015-05-09 19:25:51 +02:00
Oswald Buddenhagen
2013e50b1c rename misnamed functions concerning sending imap commands
cmd_submittable() => cmd_sendable()
cancel_submitted_imap_cmds() => cancel_sent_imap_cmds()

the sequence is exec -> submit -> send.
2015-05-09 19:25:51 +02:00
Oswald Buddenhagen
02af3f4c73 ensure direct exit after calling back
any structures may be invalid after callback invocation.

this has the side effect that the socket write callback now returns
void, like all other callbacks do.
2015-05-09 19:18:40 +02:00
Oswald Buddenhagen
6c08f568d0 fix socket_write() recursion
the synchronous writing to the socket would have typically invoked the
write callback, which would flush further commands, thus recursing.

we take the easy way out and make it fully asynchronous, i.e., no data
is sent before (re-)entering the event loop.

this also has the effect that socket_write() cannot fail any more, and
any errors will be reported asynchronously. this is consistent with
socket_read(), and produces cleaner code.

this introduces a marginal performance regression: the maildir driver is
synchronous, so all messages (which fit into memory) will be read before
any data is sent. this is not considered relevant.
2015-05-09 19:17:41 +02:00
Oswald Buddenhagen
2f7e60a3ed fix #ifdefs around AuthMech & RequireCRAM
these options don't depend on HAVE_LIBSSL.
2015-05-09 18:57:30 +02:00
Oswald Buddenhagen
16aa17053d mask AUTHENTICATE PLAIN commands in error output as well
amends bd0f3af5.
2015-05-09 18:57:30 +02:00
Felix Janda
9ce90dfe01 Add configure option for zlib 2015-05-09 18:57:30 +02:00
Oswald Buddenhagen
d0494fef43 remove obsolete TODO item
amends 74c78c70+b85153f8.
2015-05-01 19:23:46 +02:00
Oswald Buddenhagen
ea9f4f0b96 use \fB and \fI consistently, take 2
\fB means literal, while \fI means placeholder, value for placeholder,
or emphasis.
2015-05-01 18:53:08 +02:00
Oswald Buddenhagen
ef1f80abe3 fix consistent misspelling of Berkeley 2015-05-01 11:55:27 +02:00
Oswald Buddenhagen
79ef2ab360 the minimum required bdb version is in fact 4.1
this is the one that introduced the transaction argument to db->open().
2015-05-01 11:48:55 +02:00
Oswald Buddenhagen
825041fc8c make the bdb check actually check for a linkable library
it only checked whether the header is compilable.

amends e1d0ea8a1.
2015-05-01 11:47:30 +02:00
Oswald Buddenhagen
b85153f8eb make skipping of failed stores more thorough
in the case of imap stores, the failure is bound to the server config,
not just the store config.

that means that the storage of the failure state needs to be private to
the driver, accessible only through a function.
2015-04-26 20:58:43 +02:00
Oswald Buddenhagen
ac7cd86c73 fix -DN not implying -Dn 2015-04-26 18:39:09 +02:00
Oswald Buddenhagen
98bd2b115d make it possible to nest maildir Path under Inbox
simply make the code symmetrical to the inverse case.

note that the result will be sort of awkward, as the folders under Path
(and thus the subfolders of Inbox) don't start with a dot, while the
subfolders of these folders do. this needs to be addressed separately.
2015-04-18 12:01:35 +02:00
Oswald Buddenhagen
2d4ce72a8b make handling of Inbox-in-Path nesting less obfuscated
when we run into Inbox while listing Path, check whether Inbox is being
listed anyway, and just skip it if so, instead of listing it right away
and resetting LIST_INBOX (and thus having a calling order dependency).
2015-04-18 11:58:05 +02:00