Hello community, here is the log from the commit of package imapfilter for openSUSE:Leap:15.2 checked in at 2020-05-23 16:07:46 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2/imapfilter (Old) and /work/SRC/openSUSE:Leap:15.2/.imapfilter.new.2738 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "imapfilter" Sat May 23 16:07:46 2020 rev:17 rq:808296 version:2.6.16 Changes: -------- --- /work/SRC/openSUSE:Leap:15.2/imapfilter/imapfilter.changes 2020-01-15 15:12:08.814131431 +0100 +++ /work/SRC/openSUSE:Leap:15.2/.imapfilter.new.2738/imapfilter.changes 2020-05-23 16:07:50.837108019 +0200 @@ -1,0 +2,35 @@ +Sun Dec 29 22:16:03 UTC 2019 - Arun Persaud <[email protected]> + +- update to version 2.6.16: + * Bug fix; escape the double-quote character in passwords. + +- changes from version 2.6.15: + * Bug fix; try to setup both a CA file and path for SSL validations. + +------------------------------------------------------------------- +Sat Nov 9 16:12:41 UTC 2019 - Arun Persaud <[email protected]> + +- update to version 2.6.14 + * Bug fix; OpenSSL version mess up for SSL hostname validation. + +------------------------------------------------------------------- +Sat Sep 21 20:25:30 UTC 2019 - Arun Persaud <[email protected]> + +- update to version 2.6.13: + * Support for SSL hostname validation (CVE-2016-10937, boo#1149931) + +------------------------------------------------------------------- +Sat Nov 3 16:38:13 UTC 2018 - Arun Persaud <[email protected]> + +- specfile: + * added README AUTHORS LICENSE NEWS to %doc + * ran spec-cleaner + +- update to version 2.6.12: + * Support for Server Name Indication (SNI). + * The searching methods return values are described in the config + man page. + * Example of using the enter_idle() function in the sample extend + file. + +------------------------------------------------------------------- Old: ---- imapfilter-2.6.11.tar.gz New: ---- imapfilter-2.6.16.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ imapfilter.spec ++++++ --- /var/tmp/diff_new_pack.dzu767/_old 2020-05-23 16:07:51.165108723 +0200 +++ /var/tmp/diff_new_pack.dzu767/_new 2020-05-23 16:07:51.165108723 +0200 @@ -1,7 +1,7 @@ # # spec file for package imapfilter # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,19 +12,18 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # Name: imapfilter +Version: 2.6.16 +Release: 0 Summary: A mail filtering utility License: MIT Group: Productivity/Networking/Email/Utilities -Url: https://github.com/lefcha/imapfilter -Version: 2.6.11 -Release: 0 +URL: https://github.com/lefcha/imapfilter Source: %{name}-%{version}.tar.gz -BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: lua-devel >= 5.1 BuildRequires: openssl-devel BuildRequires: pcre-devel @@ -41,7 +40,6 @@ IMAPFilter uses the Lua programming language as a configuration and extension language. - %prep %setup -q @@ -52,11 +50,12 @@ %make_install PREFIX="%{_prefix}" MANDIR="%{_mandir}" %files -%defattr(-, root, root) %{_bindir}/imapfilter %dir %{_datadir}/imapfilter %{_datadir}/imapfilter/*.lua -%{_mandir}/man1/imapfilter.1* -%{_mandir}/man5/imapfilter_config.5* +%{_mandir}/man1/imapfilter.1%{?ext_man} +%{_mandir}/man5/imapfilter_config.5%{?ext_man} +%license LICENSE +%doc README AUTHORS NEWS %changelog ++++++ imapfilter-2.6.11.tar.gz -> imapfilter-2.6.16.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/imapfilter-2.6.11/LICENSE new/imapfilter-2.6.16/LICENSE --- old/imapfilter-2.6.11/LICENSE 2017-11-19 10:38:24.000000000 +0100 +++ new/imapfilter-2.6.16/LICENSE 2019-11-22 23:07:11.000000000 +0100 @@ -1,4 +1,4 @@ -Copyright (c) 2001-2017 Eleftherios Chatzimparmpas +Copyright (c) 2001-2019 Eleftherios Chatzimparmpas Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/imapfilter-2.6.11/NEWS new/imapfilter-2.6.16/NEWS --- old/imapfilter-2.6.11/NEWS 2017-11-19 10:38:24.000000000 +0100 +++ new/imapfilter-2.6.16/NEWS 2019-11-22 23:07:11.000000000 +0100 @@ -1,3 +1,20 @@ +IMAPFilter 2.6.16 - 23 Nov 2019 + - Bug fix; escape the double-quote character in passwords. + +IMAPFilter 2.6.15 - 14 Nov 2019 + - Bug fix; try to setup both a CA file and path for SSL validations. + +IMAPFilter 2.6.14 - 1 Nov 2019 + - Bug fix; OpenSSL version mess up for SSL hostname validation. + +IMAPFilter 2.6.13 - 17 Sep 2019 + - Support for SSL hostname validation. + +IMAPFilter 2.6.12 - 3 Oct 2018 + - Support for Server Name Indication (SNI). + - The searching methods return values are described in the config man page. + - Example of using the enter_idle() function in the sample extend file. + IMAPFilter 2.6.11 - 19 Nov 2017 - Support for interrupting IDLE mode with SIGUSR1/SIGUSR2. - New "persist" option to try to recover a connection indefinitely. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/imapfilter-2.6.11/README new/imapfilter-2.6.16/README --- old/imapfilter-2.6.11/README 2017-11-19 10:38:24.000000000 +0100 +++ new/imapfilter-2.6.16/README 2019-11-22 23:07:11.000000000 +0100 @@ -26,7 +26,7 @@ Installation Compile time requirements are Lua (version 5.3 or 5.2 or 5.1), the PCRE - library, and the OpenSSL library. + library, and the OpenSSL library (version 1.0.2 and later). Compile and install the program: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/imapfilter-2.6.11/doc/imapfilter.1 new/imapfilter-2.6.16/doc/imapfilter.1 --- old/imapfilter-2.6.11/doc/imapfilter.1 2017-11-19 10:38:24.000000000 +0100 +++ new/imapfilter-2.6.16/doc/imapfilter.1 2019-11-22 23:07:11.000000000 +0100 @@ -1,4 +1,4 @@ -.Dd Apr 27, 2016 +.Dd Nov 13, 2019 .Dt IMAPFILTER 1 .Os .Sh NAME @@ -59,11 +59,10 @@ will be validated using the CA certificates found in this directory or file, and when this is not possible the local .Pa $HOME/.imapfilter/certificates -file will be used. The default is either the -.Pa /etc/ssl/certs -directory or the -.Pa /etc/ssl/cert.pem -file, whichever is found. +file will be used. The default CA directory is +.Pa /etc/ssl/certs/ , +and the default CA file is +.Pa /etc/ssl/cert.pem . .It Fl V Displays version and copyright information. .It Fl v diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/imapfilter-2.6.11/doc/imapfilter_config.5 new/imapfilter-2.6.16/doc/imapfilter_config.5 --- old/imapfilter-2.6.11/doc/imapfilter_config.5 2017-11-19 10:38:24.000000000 +0100 +++ new/imapfilter-2.6.16/doc/imapfilter_config.5 2019-11-22 23:07:11.000000000 +0100 @@ -1,4 +1,4 @@ -.Dd Nov 11, 2017 +.Dd Aug 26, 2018 .Dt IMAPFILTER_CONFIG 5 .Os .Sh NAME @@ -9,7 +9,7 @@ .Sh DESCRIPTION .Xr imapfilter 1 uses the Lua programming language as a configuration and extension language, -therefore the configuration file is a Lua script. +therefore the configuration file is a Lua script. .Pp Although knowledge of Lua is not required to use .Xr imapfilter 1 , @@ -115,7 +115,7 @@ When this option is enabled and the server supports the Challenge-Response Authentication Mechanism (specifically CRAM-MD5), this method will be used for user authentication instead of a plaintext password LOGIN. This variable -takes a +takes a .Vt boolean as a value. Default is .Dq true . @@ -226,7 +226,7 @@ .It Va starttls When this option is enabled and the server supports the IMAP STARTTLS extension, a TLS connection will be negotiated with the mail server in the -beginning of the session. This variable takes a +beginning of the session. This variable takes a .Vt boolean as value. Default is .Dq true . @@ -300,6 +300,12 @@ has been set). It takes a .Vt string as a value. +.Pp +Note that due to Lua using backslash +.Sq \e +as an escape character for its strings, one has to use double backslashes in +order to insert a single backslash, and thus a backslash +character inside a password might require four backslashes. .It Va oauth2 The OAuth2 string to use to authenticate if the server supports the XOAUTH2 authentication mechanism. If the server does not support it and a @@ -391,10 +397,10 @@ .It Fn list_all folder mailbox Lists all the available mailboxes in the .Fa folder -.Pq Vt string +.Pq Vt string with the name .Fa mailbox -.Pq Vt string , +.Pq Vt string , and returns a .Vt table that contains @@ -405,7 +411,7 @@ that contains .Vt strings , the available folders. Wildcards may only be used in the -.Fa mailbox +.Fa mailbox argument. .Pp .It Fn list_subscribed folder mailbox @@ -425,7 +431,7 @@ that contains .Vt strings , the subscribed folders. Wildcards may only be used in the -.Fa mailbox +.Fa mailbox argument. .El .Pp @@ -502,7 +508,7 @@ .Fn create_mailbox , etc.) , are considered keywords and must not be used as mailbox names, and the same also applies for any string starting with an underscore, as they are -considered reserved. +considered reserved. .Ss CHECKING The following methods can be used to check the status of a mailbox: .Pp @@ -673,6 +679,31 @@ myotheraccount.myothermailbox:contain_subject('test') .Ed .Pp +And for those that want to know more about the return values of the following +methods, it is a +.Vt table +which contains +.Vt tables +with two values: the mailbox +.Pq Vt table +the message belongs to, and the message UID +.Pq Vt number +which points to the matching message. For examples on iterating these +returned tables, or creating new tables of this format (they are actually +metatables implementing sets), see the +.Va samples/extend.lua +file. +.Bd -literal -offset 4n +{ + { <myaccount.mymailbox>, 1 }, + { <myaccount.mymailbox>, 3 }, + { <myaccount.myothermailbox>, 5 }, + { <myothermailbox.myothermailbox>, 7}, + { ... }, + ... +} +.Ed +.Pp The following method can be used to get all messages in a mailbox: .Pp .Bl -tag -width Ds -compact @@ -688,7 +719,7 @@ Messages that have been answered. .Pp .It Fn is_deleted -Messages that are marked for later removal. +Messages that are marked for later removal. .Pp .It Fn is_draft Messages that have not completed composition. @@ -715,7 +746,7 @@ Messages that have not been answered. .Pp .It Fn is_undeleted -Messages that are not marked for later removal. +Messages that are not marked for later removal. .Pp .It Fn is_undraft Messages that have completed composition. @@ -811,7 +842,7 @@ .Dq day-month-year form. .Pp -.It Fn arrived_since date +.It Fn arrived_since date Messages that have arrived within or later than the .Fa date .Pq Vt string , @@ -900,7 +931,7 @@ Messages that contain the .Fa string .Pq Vt string -in the +in the .Fa field .Pq Vt string header field. @@ -934,8 +965,8 @@ .Pp Note that due to Lua using backslash .Sq \e -as an escape character for its strings, one has to double backslashes in order -to insert a single backslash inside a regular expression pattern: +as an escape character for its strings, one has to use double backslashes in +order to insert a single backslash inside a regular expression pattern: .Pp .Bl -tag -width Ds -compact .It Fn match_bcc pattern @@ -1381,9 +1412,9 @@ .Vt string type. Note that due to Lua using backslash .Sq \e -as an escape character for its strings, one has to double backslashes in order -to insert a single backslash inside a regular expression pattern. For more -information on PCRE see +as an escape character for its strings, one has to use double backslashes in +order to insert a single backslash inside a regular expression pattern. For +more information on PCRE see .Ad http://pcre.org/original/doc/html/ . .El .Pp diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/imapfilter-2.6.11/samples/extend.lua new/imapfilter-2.6.16/samples/extend.lua --- old/imapfilter-2.6.11/samples/extend.lua 2017-11-19 10:38:24.000000000 +0100 +++ new/imapfilter-2.6.16/samples/extend.lua 2019-11-22 23:07:11.000000000 +0100 @@ -20,6 +20,19 @@ become_daemon(600, forever) +-- The previous example uses polling in order to search specific messages and +-- process them. Another more efficient alternative is using the IMAP IDLE +-- extension. This is implemented by the enter_idle() method, which waits for +-- a notification by the server when new messages arrive in the monitored +-- mailbox. + +while true do + myaccount.mymailbox:enter_idle() + results = myaccount.mymailbox:is_unread() + results:move_messages(myaccount.myothermailbox) +end + + -- IMAPFilter can take advantage of all those filtering utilities that -- are available and use a wide range of heuristic tests, text analysis, -- internet-based realtime blacklists, advanced learning algorithms, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/imapfilter-2.6.11/src/Makefile new/imapfilter-2.6.16/src/Makefile --- old/imapfilter-2.6.11/src/Makefile 2017-11-19 10:38:24.000000000 +0100 +++ new/imapfilter-2.6.16/src/Makefile 2019-11-22 23:07:11.000000000 +0100 @@ -4,6 +4,9 @@ SHAREDIR = $(PREFIX)/share/imapfilter MANDIR = $(PREFIX)/man +SSLCAPATH = /etc/ssl/certs +SSLCAFILE = /etc/ssl/cert.pem + MYCFLAGS = MYLDFLAGS = MYLIBS = @@ -16,7 +19,11 @@ LIBSSL = -lssl LIBCRYPTO = -lcrypto -CFLAGS = -Wall -Wextra -O -DCONFIG_SHAREDIR='"$(SHAREDIR)"' $(INCDIRS) $(MYCFLAGS) +CFLAGS = -Wall -Wextra -O \ + -DCONFIG_SHAREDIR='"$(SHAREDIR)"' \ + -DCONFIG_SSL_CAPATH='"$(SSLCAPATH)"' \ + -DCONFIG_SSL_CAFILE='"$(SSLCAFILE)"' \ + $(INCDIRS) $(MYCFLAGS) LDFLAGS = $(LIBDIRS) $(MYLDFLAGS) LIBS = -lm -ldl $(LIBLUA) $(LIBPCRE) $(LIBSSL) $(LIBCRYPTO) $(MYLIBS) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/imapfilter-2.6.11/src/account.lua new/imapfilter-2.6.16/src/account.lua --- old/imapfilter-2.6.11/src/account.lua 2017-11-19 10:38:24.000000000 +0100 +++ new/imapfilter-2.6.16/src/account.lua 2019-11-22 23:07:11.000000000 +0100 @@ -89,6 +89,9 @@ self._account.password = get_password('Enter password for ' .. self._string .. ': ') end + if type(self._account.password) == 'string' then + self._account.password = string.gsub(self._account.password, '"', '\\"') + end if self._account.session then return true end local r, s = ifcore.login(self._account.server, self._account.port, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/imapfilter-2.6.11/src/imapfilter.c new/imapfilter-2.6.16/src/imapfilter.c --- old/imapfilter-2.6.11/src/imapfilter.c 2017-11-19 10:38:24.000000000 +0100 +++ new/imapfilter-2.6.16/src/imapfilter.c 2019-11-22 23:07:11.000000000 +0100 @@ -68,10 +68,10 @@ opts.debug = NULL; opts.truststore = NULL; - if (exists_dir("/etc/ssl/certs")) - opts.truststore = "/etc/ssl/certs"; - else if (exists_file("/etc/ssl/cert.pem")) - opts.truststore = "/etc/ssl/cert.pem"; + if (exists_dir(CONFIG_SSL_CAPATH)) + capath = CONFIG_SSL_CAPATH; + if (exists_file(CONFIG_SSL_CAFILE)) + cafile = CONFIG_SSL_CAFILE; env.home = NULL; env.pathmax = -1; @@ -149,10 +149,13 @@ tls12ctx = SSL_CTX_new(TLSv1_2_client_method()); #endif #endif - if (exists_dir(opts.truststore)) + if (exists_dir(opts.truststore)) { capath = opts.truststore; - else if (exists_file(opts.truststore)) + cafile = NULL; + } else if (exists_file(opts.truststore)) { cafile = opts.truststore; + capath = NULL; + } #if OPENSSL_VERSION_NUMBER >= 0x1010000fL if (sslctx) SSL_CTX_load_verify_locations(sslctx, cafile, capath); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/imapfilter-2.6.11/src/lua.c new/imapfilter-2.6.16/src/lua.c --- old/imapfilter-2.6.11/src/lua.c 2017-11-19 10:38:24.000000000 +0100 +++ new/imapfilter-2.6.16/src/lua.c 2019-11-22 23:07:11.000000000 +0100 @@ -146,6 +146,8 @@ set_table_number("timeout", 60); set_table_boolean("wakeonany", 0); + set_table_boolean("dryrun", opts.dryrun); + lua_setglobal(lua, "options"); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/imapfilter-2.6.11/src/request.c new/imapfilter-2.6.16/src/request.c --- old/imapfilter-2.6.11/src/request.c 2017-11-19 10:38:24.000000000 +0100 +++ new/imapfilter-2.6.16/src/request.c 2019-11-22 23:07:11.000000000 +0100 @@ -52,6 +52,7 @@ return STATUS_NONE; \ } else \ session_destroy(ssn); \ + ssn = NULL; \ return -1; \ } @@ -217,6 +218,7 @@ ssn->server); close_connection(ssn); session_destroy(ssn); + ssn = NULL; return STATUS_NO; } if (ssn->capabilities & CAPABILITY_XOAUTH2 && ssn->oauth2) { @@ -229,6 +231,7 @@ ssn->username, ssn->server); close_connection(ssn); session_destroy(ssn); + ssn = NULL; return STATUS_NO; } if (rl != STATUS_OK && ssn->password && @@ -258,6 +261,7 @@ ssn->username, ssn->server); close_connection(ssn); session_destroy(ssn); + ssn = NULL; return STATUS_NO; } } else { @@ -285,6 +289,7 @@ close_connection(ssn); fail: session_destroy(ssn); + ssn = NULL; return -1; } @@ -299,9 +304,11 @@ if (response_generic(ssn, send_request(ssn, "LOGOUT")) == -1) { session_destroy(ssn); + ssn = NULL; } else { close_connection(ssn); session_destroy(ssn); + ssn = NULL; } return STATUS_OK; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/imapfilter-2.6.11/src/session.c new/imapfilter-2.6.16/src/session.c --- old/imapfilter-2.6.11/src/session.c 2017-11-19 10:38:24.000000000 +0100 +++ new/imapfilter-2.6.16/src/session.c 2019-11-22 23:07:11.000000000 +0100 @@ -63,9 +63,13 @@ sessions = list_remove(sessions, ssn); - if (ssn->ns.prefix) + if (ssn->ns.prefix) { xfree(ssn->ns.prefix); - if (ssn->selected) + ssn->ns.prefix = NULL; + } + if (ssn->selected) { xfree(ssn->selected); + ssn->selected = NULL; + } xfree(ssn); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/imapfilter-2.6.11/src/socket.c new/imapfilter-2.6.16/src/socket.c --- old/imapfilter-2.6.11/src/socket.c 2017-11-19 10:38:24.000000000 +0100 +++ new/imapfilter-2.6.16/src/socket.c 2019-11-22 23:07:11.000000000 +0100 @@ -12,6 +12,7 @@ #include <openssl/ssl.h> #include <openssl/err.h> +#include <openssl/x509v3.h> #include "imapfilter.h" #include "session.h" @@ -141,6 +142,44 @@ if (!(ssn->sslconn = SSL_new(ctx))) goto fail; + if (get_option_boolean("certificates")) { +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + SSL_set_hostflags(ssn->sslconn, + X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); + if (!SSL_set1_host(ssn->sslconn, ssn->server)) { + error("failed setting hostname validation to " + "%s; %s\n ", ssn->server, + ERR_error_string(ERR_get_error(), NULL)); + goto fail; + } + + r = SSL_set_tlsext_host_name(ssn->sslconn, ssn->server); + if (r == 0) { + error("failed setting the Server Name Indication (SNI)" + " to %s; %s\n", ssn->server, + ERR_error_string(ERR_get_error(), NULL)); + goto fail; + } + + SSL_set_verify(ssn->sslconn, SSL_VERIFY_PEER, NULL); +#elif OPENSSL_VERSION_NUMBER >= 0x10002000L + X509_VERIFY_PARAM *param = SSL_get0_param(ssn->sslconn); + X509_VERIFY_PARAM_set_hostflags(param, + X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); + if (!X509_VERIFY_PARAM_set1_host(param, ssn->server, + strlen(ssn->server))) { + error("failed setting hostname validation to " + "%s; %s\n ", ssn->server, + ERR_error_string(ERR_get_error(), NULL)); + goto fail; + } + + SSL_set_verify(ssn->sslconn, SSL_VERIFY_PEER, NULL); +#else +#error "hostname validation supported in OpenSSL version 1.0.2 and later" +#endif + } + SSL_set_fd(ssn->sslconn, ssn->socket); for (;;) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/imapfilter-2.6.11/src/version.h new/imapfilter-2.6.16/src/version.h --- old/imapfilter-2.6.11/src/version.h 2017-11-19 10:38:24.000000000 +0100 +++ new/imapfilter-2.6.16/src/version.h 2019-11-22 23:07:11.000000000 +0100 @@ -3,10 +3,10 @@ /* Program's version number. */ -#define VERSION "2.6.11" +#define VERSION "2.6.16" /* Program's copyright. */ -#define COPYRIGHT "Copyright (c) 2001-2017 Eleftherios Chatzimparmpas" +#define COPYRIGHT "Copyright (c) 2001-2019 Eleftherios Chatzimparmpas" #endif /* VERSION_H */
