Version 0.90: minor cleanups

Version 0.90 of sieve-connect is now available.

Checksums below, detached PGP signature available.

There are two changes since version 0.89:

• Update various regular expressions to not break under a future Perl 5.30 release;
• Use a .sieve filename extension for temporary files, to assist text-editors with mode selection.

This release is being cut because it's been a while since the regexp fix went in and we should get a proper release out before the next Perl comes along.

Full ChangeLog at:
https://people.spodhuis.org/phil.pennock/software/sieve-connect.ChangeLog.txt

The software can be downloaded from:

• https://people.spodhuis.org/phil.pennock/software/
• https://github.com/philpennock/sieve-connect/releases/tag/v0.90

SHA256(sieve-connect-0.90.tar.bz2)= 4a188ba50009170b5a7a51cbd0dbaab972eb1e42a3ad7c2d8d22fb63f2f77603
SHA256(sieve-connect-0.90.tar.bz2.asc)= bebddb618e6b5a0a3380b6b29af08e3879a0d042cda804fd5faa81f00c41f603

Version 0.89: @INC sanitization

Version 0.89 of sieve-connect is now available.

Checksums below, detached PGP signature available.

There are two changes since version 0.88:

• Drop . from @INC because this is Perl and we should be a little more
  cautious; note that this script has optional dependencies.
• Documentation output changes; default --help is now much shorter, use --man or the man-page, as before, to get full output; minor updates, including examples of how to use --passwordfd

The first change is why I'm pushing out a new release; the copyright year has not been updated for this.

Finally: the master distribution website has https available, from Let's Encrypt, and I'm committed to ensuring that it has publicly verifiable https going forward. (Historically it was a cert issued by my private
CA).

Full ChangeLog at:
https://people.spodhuis.org/phil.pennock/software/sieve-connect.ChangeLog.txt

The software can be downloaded from:

• https://people.spodhuis.org/phil.pennock/software/
• https://github.com/philpennock/sieve-connect/releases/tag/v0.89

SHA256(sieve-connect-0.89.tar.bz2)= 6d8962516458a27d4d904cfb370db01ca7e495e61c966f236ba6b65f5b4caa5f
SHA256(sieve-connect-0.89.tar.bz2.asc)= 87a7626f029d7cb0edc777d85e87c0d70f897b5d9f2d98e576c0cb7a58a8932b

Version 0.88

Version 0.88 of sieve-connect is now available.

Checksums below, detached PGP signature available.

This release has two BREAKING CHANGES.

BREAKING CHANGE 1: may, deliberately, cause connections to fail which previously succeeded.

If the Sieve server does not offer STARTTLS, then connections should now fail unless one of three scenarios is in play:

1. --clearchan is explicitly passed on the command-line
2. SIEVECONNECT_INSECURE_CLEARTEXT_FALLBACK is set non-empty in environ
3. TLS verification is disabled, whether by packagers or command-line.

The stance now is: if you try for TLS, don't fall back to non-TLS, unless explicitly told that it's okay. I've explicitly and deliberately changed to handling MitM attacks stripping pre-TLS capabilities as part of the threat model, and breaking in that scenario is now more important than "just working". This is a pre-v1 tool, so I hope to be forgiven for this change. It's my belief that the world has changed enough that it's no longer socially acceptable to run services without TLS and without users knowing to disable TLS.

(POSSIBLY) BREAKING CHANGE 2: when deriving a remote script name from the local filename, use the basename and strip off directories.

Some widespread ManageSieve servers (eg, timsieved) disallow a directory separator in a sieve script name. So when deriving remote names, just use basename. This might cause issues for those with servers which allow directory separators and users who were relying upon this.

Mitigation: explicitly specify the remote script name to include the path, and things should work as before.

Other changes in v0.88:

• Fail early if no CA trust anchors can be found but TLS verification is enabled.
• Added --tlshostname option to override the hostname used for TLS host identity verification
• If not interactive, various warnings in interactive at the application-level with the remote server will now trigger a final warning before exit and a non-zero exit code.
• Kolab nocaps server compatibility, in the continuing saga of "feature-based negotiation, who needs it anyway?"
• build-system fix to better isolate releaser tools from "just make the tarball", to let others make the unsigned tarball and compare.
• Interactive command debug added when invoked with --debug to toggle debugging off/on, to reduce self-inflicted log-spam.
• Handle local hostnames which lack real DNS better, avoid an undef dereference

Finally: this release is signed with PGP key 0x4D1E900E14C1CC04 where
previous releases were signed with 0x403043153903637F. For those who
wish to verify this transition:

1. Commit 3e4d470 records the intent, in June 2015.
2. New key 0x4D1E900E14C1CC04 is in the strong set (before it started being used) and is signed by old key 0x403043153903637F using a certificate signing policy which includes self in the URL and an explanation at that URL.
3. The release announcement of v0.87 warned of this transition.
4. Of course, use the web-of-trust to confirm the path
5. I very recently added signing subkeys to the new key, so if the signature upon the tarball or this announcement does not verify, please gpg --refresh-key 0x4D1E900E14C1CC04 (or whatever your tooling's equivalent is).

Any problems, both email to me and GitHub Issues work.

Full ChangeLog at:

• http://people.spodhuis.org/phil.pennock/software/sieve-connect.ChangeLog.txt

The software can be downloaded from:

• http://people.spodhuis.org/phil.pennock/software/
• https://github.com/philpennock/sieve-connect/releases/tag/v0.88

SHA256(sieve-connect-0.88.tar.bz2)= b8b0146120d76de7407017573d695680b9cae5fc4d9974f4a7cbf166328a3872
SHA256(sieve-connect-0.88.tar.bz2.asc)= c3d8d0446c764146790c4f56eb8e068ae4b6f057b4356183338f26698759fe68

Regards,
-Phil Pennock

Version 0.87

Version 0.87 of sieve-connect is now available. This is a "time has passed" release, with one contributed new feature and various cleanups.

This adds a new --tlscertfingerprint option, which permits "certificate pinning" for the sieve server, in a crude but effective way. In doing this, we now explicitly require Net::SSLeay of at least version 1.37. This makes sieve-connect incompatible with stock Debian Wheezy (oldstable) and with RHEL6.

My thanks to Lukas S (https://github.com/lukas227) for this feature.

Diagnostics around port numbers, and relevant documentation, has been cleaned up to be much clearer about the interaction with /etc/services and to be clear that /etc/services takes precedence. My thanks to Daniel Schulte for his patience as he encountered issues arising from my
unclear diagnostic messages.

We now honour the $SSL_CERT_DIR and $SSL_CERT_FILE environment variables, which are common to C language clients of OpenSSL (but which are blocked by the Perl bindings, so we now reimplement the support manually).

The documentation is a bit less patronising and has been brushed up to correctly reference all relevant environment variables, etc.

Full ChangeLog at:
http://people.spodhuis.org/phil.pennock/software/sieve-connect.ChangeLog.txt

The software can be downloaded from:

• http://people.spodhuis.org/phil.pennock/software/
• https://github.com/philpennock/sieve-connect/releases/tag/v0.87

Checksums:

SHA256(sieve-connect-0.87.tar.bz2)= e3de80ab34994de0277fc7bf53b7c08e82db1a1f2762ddac4311d8191cea6c49
SHA256(sieve-connect-0.87.tar.bz2.asc)= b9fff441c76f720a07c98550deadf96fbd8e42131c5b3ec00df52626d73f12a7

SHA3-224(sieve-connect-0.87.tar.bz2)= 037d7a1c09b6802afc78ecfbd81f7306e776574a70d9393a0014ab68
SHA3-224(sieve-connect-0.87.tar.bz2.asc)= 3cef5614972f21132175250f36a660bd072ba397f9fd80aadaa301cb

Finally, administrivia: I expect future releases (and announcements) to be signed with a new PGP key 0x4D1E900E14C1CC04 which is now in the Strong Set of keys.

Regards,
-Phil

v0.86

This adds "edit" support, to invoke a text-editor directly upon a script that is on the sieve-server, providing a fetch/edit/check/push workflow, based on a patch from Ian Campbell.

This also fixes the search for X.509 SSL/TLS certificates, so that just because openssl(1) reports OPENSSLDIR, that doesn't mean we believe that certs/ inside that directory must exist and be usable. Instead, we check; if that fails, we try the existing list of file locations, and if that still fails, we try a list of directory locations instead. This follows a bug report from LEVAI Daniel.

0.85 from Git, with bonus feature: it works

I failed to adequately test v0.85.1 install from outside the git repo; make(1) would complain of missing source to make the script as distributed.

Fixed, and tested that install works from tarball, as I should have done for the .1 release.

However : there are other changes in this repository since then, changing functionality, and in a rush I forgot that and so this should not have been tagged as a release.

So: 0.85 was SVN; 0.85.1 was Git but broken. 0.85.2 is Git and working, but with other functionality not matching 0.85. This is just repeated fail on my part. Giving up on 0.85.x and will just cut 0.86.

0.85.1: 0.85 recut from Git

This is the 0.85 release codebase, but re-cut from Git after switching over from Subversion.

0.85 / 0.85.1

Fix TLS verification; find server by own hostname & SRV.

• TLS hostname verification was not actually happening. I'm mortified.
  • IO::Socket::SSL requirement bumped to 1.14 (was 0.97).
• By default, if no server specified, before falling back to localhost try to
  use the current hostname and SRV records in DNS to figure out if Sieve is
  available. Checks for sieve, imaps & imap protocol SRV records and honours
  target==. to mean "no".
  • This works better with the Mozilla::PublicSuffix module installed.
• Added ability to blacklist authentication mechanisms

In addition, TLS SNI should now be sent, with the expected hostname. This hostname is not the hostname connected to, but the last hostname found before going into DNS.

Since verification wasn't happening before, any hostname verification broken by this change gets treated the same as hostname verification broken by "turning on verification".

Packagers should note that this software should now recommend whichever package provides the Mozilla::PublicSuffix Perl module. It's not required, but automatic sieve hostname derivation works better/safer with it.

v0.85

 (see release 0.85.1)