Commit Graph

1077 Commits

Author SHA1 Message Date
Oswald Buddenhagen
6a874b5877 error-check more openssl function calls 2019-09-10 13:26:42 +02:00
Oswald Buddenhagen
5f908b7672 attempt to improve ssl error handling (again)
the error queue may contain multiple errors, so make sure to drain it
completely. also, don't try to fall back to errno in case of
SSL_ERROR_SSL.
2019-09-10 13:26:42 +02:00
Oswald Buddenhagen
91abf2b830 modernize ssl context init
with openssl 1.1+, use TLS_client_method() instead of the deprecated
SSLv23_client_method().
2019-09-10 13:26:42 +02:00
Oswald Buddenhagen
f63e4338e8 fix leak of openssl X509 objects
SSL_get_peer_certificate() increments the refcount of the object.
2019-09-10 13:26:42 +02:00
Oswald Buddenhagen
8959c6b791 fix libcrypto detection in openssl 1.1+ without pkg-config
CRYPTO_lock() was removed. test for X509_cmp() instead, which we
actually use.

inspired by report from FX <coudert@users.sourceforge.net>.
2019-09-10 13:26:19 +02:00
Oswald Buddenhagen
36062c5220 wording fixes in mbsync.1
inspired by Ulrich Ölmann <u.oelmann@pengutronix.de>.
2019-09-10 13:18:49 +02:00
Oswald Buddenhagen
a310e7e2ba purge vestiges of the compat wrapper
amends cbac8aa75.
2019-08-30 13:13:30 +02:00
Caspar Schutijser
7607e53d56 Do not crash when using Tunnel in an IPv6-enabled build
socket_connected() is also called on the tunnel pipe.

amends 3ceb55310.
2019-08-19 13:23:03 +02:00
Dmitry Torokhov
bf14798700 Bump up PassCmd buffer size to 2KiB
While ordinary passwords are rarely longer than 80 bytes, XOAUTH2 tokens
easily exceed this limit. Let's bump it up to 2K to be really safe.
2019-07-19 12:58:04 +02:00
Oswald Buddenhagen
fbc432aace fix parsing of NIL hierarchy delimiters in IMAP LIST responses
a server which does not support hierarchical mailboxes (e.g., seznam.cz
as of oct 2018) can legitimately send NIL (rather than an empty string).
2019-05-28 17:27:09 +02:00
Oswald Buddenhagen
2e515bf842 make output of perl check more tidy
amends c75001aa.
2019-05-28 15:48:58 +02:00
Oswald Buddenhagen
702b6ec4a1 fix spacing in "SASL mechanism(s) not available" error message
amends fdb03b91.
2019-03-10 11:30:05 +01:00
Klemens Nanni
d61f462039 Fix CopyArrivalDate on platforms without glibc
strptime(3)'s "%d" day of the month conversion specifier does not accept
leading blanks in case of single digit numbers.  "%e" does that.

While implementation details and differences between the two
day-of-month conversion specifiers vary, none of the major libcs
(incl. OpenBSD, FreeBSD, Illumos, musl) consume a leading blank for "%d"
except glibc, which consumes any number of spaces like in the "%e" case.

Using "%e" ensures that date strings like " 4-Mar-2018 16:49:25 -0500"
are successfully parsed by all major implementations in compliance to
X/Open Portability Guide Issue 4, Version 2 ("XPG4.2").  musl is now the
only one that still treats "%d" and "%e" without stripping any space.

Issue analysed and reported by Evan Silberman <evan@jklol.net> who found
mbsync 1.3.0 on OpenBSD 6.4 to fail with `CopyArrivalDate' set when
syncing mails with the above mentioned timestamp.

See https://marc.info/?l=openbsd-tech&m=155044284526535 for details.
2019-02-20 23:02:02 +01:00
Gergely Risko
a8f6eebdd9 Work around useless SASL warnings
Ater sasl_client_step() is called and the Cyrus SASL library forwards
it to the client plugin, if the result value is OK (authentication
succeeded), the clientout is filled out to be an empty string, even if
the client plugin wanted to return NULL.

To avoid that mbsync complains at this point, check the returned length
instead of the pointer.
2019-02-05 11:29:13 +01:00
Oswald Buddenhagen
b72800944c fix formatting of uint in callback debug stubs
amends bb632d1c.
2019-01-05 00:00:10 +01:00
Oswald Buddenhagen
95d18e2778 Merge branch '1.3' 2018-11-27 00:51:03 +01:00
Oswald Buddenhagen
acfa3a2bbc sort messages from UID FETCH request
turns out that some IMAP servers (e.g., poczta.o2.pl) do not return
messages in ascending UID order in response to a UID FETCH request,
which makes the driver violate the API contract.

counter this by sorting the messages. this also addresses the
long-standing (but hypothetical) issue that parallel UID FETCH requests
could be handled out-of-order and thus also lead to mixed up results.

based on patch by Marcin Niestroj <macius1990w@gmail.com>.
2018-11-24 14:36:31 +01:00
Oswald Buddenhagen
f7cec3064d bump IMAP command buffer size to 4KiB
while only 1KiB is required by the IMAP spec, AUTHENTICATE GSSAPI with
Kerberos requires about 1700 bytes.
accomodate that, plus some reserve.

fix suggested by Tollef Fog Heen <tfheen@err.no> via Debian BTS.
2018-09-09 13:43:53 +02:00
Oswald Buddenhagen
17babc1695 use SNI when connecting with SSL
based on patch by Vincent Bernat <vincent@bernat.ch>.
2018-09-08 18:37:15 +02:00
Oswald Buddenhagen
37feeddbfb Merge branch '1.3' 2018-07-01 13:26:10 +02:00
Oswald Buddenhagen
f698f16967 fix type of 'port' and check its range in config reader 2018-07-01 13:25:16 +02:00
Klemens Nanni
470210fa86 Fix time_t format strings
For time_t, long long handles dates after Y2038 and should be safe on
32-bit architectures.

From Jeremie Courreges-Anglas <jca@openbsd.org>.
2018-07-01 13:24:59 +02:00
Klemens Nanni
8a40554f07 User functions provided by recent LibreSSL versions
At least on OpenBSD, this enables new APIs out of the box provided by
LibreSSL 2.7.1 and higher.

From Jeremie Courreges-Anglas <jca@openbsd.org>.
2018-07-01 12:44:19 +02:00
Michael J Gruber
c4d7f0189c implement Forwarded flag
maildir supports a 'P' flag which denotes the fact that a message has
been 'passed' on (forwarded, bounced). notmuch syncs this to the
'passed' tag.

Per https://tools.ietf.org/html/rfc5788, IMAP has a user-defined flag
(keyword) '$Forwarded' that is supported by many servers and clients
these days. (Technically, one should check for '$Forwarded' in the
server response.)

Restructure mbsync's flag parser to accept keywords (flags starting with
'$') but still bail out on unknown system flags (flags starting with '\').
Support '$Forwarded' as a first keyword since it maps to maildir's 'P'
and needs to be sorted in between the system flags.

Signed-off-by: Michael J Gruber <github@grubix.eu>
2018-07-01 12:36:28 +02:00
Michael J Gruber
e71f0ccc2a mark MAILBOX_DRIVER_FLAG locations in code
Mailbox driver flags are defined in several places. It is essential that
they are kept in sync, so mark them with the same string for easy
grepping with an alerting boiler plate.

Signed-off-by: Michael J Gruber <github@grubix.eu>
2018-07-01 12:30:59 +02:00
Oswald Buddenhagen
f82c172d2b fix IMAP UID sequence also in imap_find_new_msgs()
use just * instead of the rather nonsensical *:* (which davmail happens
to actually barf at).

amends 72be55b0 (and 0a5a8479).
2018-07-01 11:05:21 +02:00
Oswald Buddenhagen
904858365d Merge branch '1.3'
Conflicts:
	configure.ac
2018-04-08 18:17:10 +02:00
Oswald Buddenhagen
5072032939 fix uidvalidity recovery with really long message-id headers
re-using the file name buffer for the headers wasn't such a great idea,
as _POSIX_PATH_MAX is only 256, while RFC2822 permits lines up to 1000
chars. and sure enough, i have a message with a whopping 470-char
message-id header ...
2018-04-08 18:10:21 +02:00
Oswald Buddenhagen
0a5a847932 fix IMAP UID sequence in UIDNEXT determination fallback
use just * instead of the rather nonsensical *:* (which davmail happens
to actually barf at).

amends 72be55b0.
2017-11-18 09:59:34 +01:00
Oswald Buddenhagen
af1acdac97 make more use of equals() 2017-10-15 16:55:23 +02:00
Oswald Buddenhagen
c29eceaeed make map_name() interpret empty strings as "no separator"
empty strings were previously meaningless, and starting with 72c2d695a,
failure to handle them lead to bogus results when the IMAP hierarchy
separator is legitimately empty (when the server genuinely supports none
and none is manually configured). non-null can be asserted more cleanly
than null-or-non-empty, so change the api like that.
incidentally, this also removes the need to work around gcc's bogus
warning in -Os mode.

problem found by "Casper Ti. Vector" <caspervector@gmail.com>
2017-10-15 16:53:27 +02:00
Oswald Buddenhagen
53e8e79488 remove pointless conditional in assignment of ctx->delimiter
amends 72c2d695a.
2017-10-15 16:52:59 +02:00
Oswald Buddenhagen
c75001aa7d add check for perl and its version 2017-10-15 11:34:50 +02:00
Oswald Buddenhagen
094af8720c limit -Wmaybe-uninitialized suppression to gcc >= 4.3
apple gcc 4.2 complains about the use of the pragma inside a function.
clang also complains, but because the pragma is entirely unknown to it.

as neither compiler emits the bogus warning in the first place, there is
no point in suppressing it anyway.
2017-10-07 16:03:50 +02:00
Oswald Buddenhagen
5aab050198 don't forward-declare SSL types any more
our current project structure precludes the clash between some indirect
include of ssl.h and our definition of 'S' (or 'M', i don't remember)
that happened on some system, so there is no need to avoid including it
any more.

this avoids complaints from some more picky compilers, as re-defining
typedefs (even to the same thing) is illegal before C11.
2017-10-07 16:03:50 +02:00
Oswald Buddenhagen
c9cd1b59fb git-ignore tar ball signatures 2017-10-07 16:03:50 +02:00
Oswald Buddenhagen
5d5a0461ce bump version 2017-10-07 14:18:22 +02:00
Oswald Buddenhagen
cbac8aa75c delete the compat wrapper
it was deprecated in 1.2. until 1.4 gets released, enough time will have
passed for sure.
2017-10-01 15:30:07 +02:00
Oswald Buddenhagen
094bc883e8 bump version 2017-10-01 15:06:37 +02:00
Oswald Buddenhagen
aa617bb854 adjust dist-hook to syntax change in .gitignore
don't try to delete files in / ...

amends 46e792c3d.
2017-10-01 14:59:47 +02:00
Oswald Buddenhagen
380ccdd43a update TODO 2017-10-01 14:37:36 +02:00
Oswald Buddenhagen
cbc14ba032 rename get-cert => mbsync-get-cert
to avoid undue namespace pollution. inspired by debian.
2017-10-01 10:46:06 +02:00
Oswald Buddenhagen
0865977504 make NEWS more accurate 2017-10-01 10:42:00 +02:00
Oswald Buddenhagen
a5d4a0fe60 make sync records with stray TUID non-fatal
while the situation indicates an internal error, it is harmless in
itself. also, printing some more information may help identify the
problem.
2017-10-01 10:42:00 +02:00
Oswald Buddenhagen
3a2e6b3793 prune SSL 2 support
OpenSSL actually did that a while ago already, so this was dead code.
2017-10-01 10:42:00 +02:00
Oswald Buddenhagen
d2e5134ebd another fix for -Wimplicit-fallthrough (new on master) 2017-10-01 10:40:55 +02:00
Oswald Buddenhagen
1b354fa61a Merge branch '1.2'
Conflicts:
	Makefile.am
	configure.ac
	debian/.gitignore
2017-10-01 10:38:43 +02:00
Oswald Buddenhagen
f2524d082b update debian packaging 2017-10-01 10:04:31 +02:00
Alessandro Ghedini
a9feea71fe Fix spelling of error messages 2017-10-01 10:04:31 +02:00
Oswald Buddenhagen
33ee4a4ffe fixes for -Wimplicit-fallthrough 2017-10-01 10:04:31 +02:00