summaryrefslogtreecommitdiff
path: root/imap/src/c-client/imap4r1.c
AgeCommit message (Collapse)Author
2021-10-10 * Alpine might delete all passwords from the password file if theEduardo Chappa
password file is not unlocked by cancellation, or the authentication for an XOAUTH2 server is cancelled, or the password of an account is changed.
2021-09-12 * Additional code so that passwords are not deleted when connectionsEduardo Chappa
are lost.
2021-09-09 * Alpine will delete passwords that do not work from internal memoryEduardo Chappa
and the local password cache (password file or system local cache.)
2021-08-19 * Clear out some warnings given by gcc-10.Eduardo Chappa
2021-08-15 * The c-client library parses information from an IMAP server duringEduardo Chappa
non-authenticated state which could lead to denial of service. Reported by Damian Poddebniak from Münster University of Applied Sciences.
2020-11-01 * The previous commit does not allow clients to login using xoauth2, soEduardo Chappa
this commit fixes that.
2020-11-01 * Improvements to the cancel authentication logic to not to make itEduardo Chappa
have a delay when cancelling authentication.
2020-07-28 * XOAUTH2: automatic renew of access token and connection to a serverEduardo Chappa
within 60 seconds of expiration of the access token.
2020-06-26 * When Alpine starts a PREAUTH connection, it might still ask the userEduardo Chappa
to login. Reported by Frank Tobin.
2020-06-18 * Security Bug: Alpine can be configured to start a secure connection ↵Eduardo Chappa
using /tls on an insecure connection. However, if the connection is PREAUTH, Alpine will not upgrade the connection to a secure connection, because a client must not issue a STARTTLS to a server that supports it in authenticated state. This makes Alpine continue to use an insecure connection with the server, exposing user data. Reported by Damian Poddebniak and Fabian Ising, from Münster University of Applied Sciences.
2020-06-08 * Remove some compilation warnings given by gcc9.Eduardo Chappa
2020-05-14 * Create /starttls as a synonym of /tls. Update the documentation to useEduardo Chappa
/starttls instead of /tls. This should cause less confusion in Alpine users in the future.
2020-05-13 * Avoid error messages or tcp timeouts when cancelling imap authentication.Eduardo Chappa
2020-05-11 * When using single trip authenticators, still report we used them,Eduardo Chappa
even though we do not report the full command used.
2020-02-19 * Added support for SALS-IR (rfc 4959) and similar support for otherEduardo Chappa
protocols (SMTP, NNTP, POP3) as some SMTP servers do not support a round-trip two step authentication. For example, davmail does not support PLAIN authentication in SMTP using the challenge-response scheme. Implemented after a report by Geoffrey Bodwin.
2020-01-26 * Add support for the OAUTHBEARER authentication method in Gmail. Thanks toEduardo Chappa
Alexander Perlis for suggesting it and explaining how the method works.
2020-01-15 * Fix a number of misspellings in the source code of Alpine. I hav onlyEduardo Chappa
fixed those that belong to the source code of Alpine and do not come from an external source. List contributed by Jens Schleusener.
2019-05-04 * Initial release of XOAUTH2 authentication support in Alpine forEduardo Chappa
Gmail.
2019-02-17 * Rewrite support for specific SSL encryption protocols, includingEduardo Chappa
a. Add a new variable: encryption-protocol-range, which can be used to specify the minimum and maximum versions of the TLS protocol that Alpine will attempt to use to encrypt its communication with the server. b. Add support for the Server Name Identification (SNI) extension needed for TLSv1.3. c. Remove the DTLS code. It was not being used.
2019-02-15 * Restore recognition of empty directories. It was deleted by mistakeEduardo Chappa
when added support for internationalization in folders. Based on a report by Michael Rutter.
2019-01-26 * Ignore errors coming from errors in parsing the ID from an IMAPEduardo Chappa
server. Based on a report by Stefan in the Alpine-info mailing list.
2018-08-12 * Several changes to the compilation of Alpine in Windows to useEduardo Chappa
LibreSSL in connecting to external servers. This complements the changes to support S/MIME. In particular, we add support for validation of certificates by using C:\\libressl\ssl\certs as the place to save CA certificates. In order to help users, some certificates are distributed. TODO: Kerberos port, w2k.
2018-06-14 * More changes to make Valgrind happy.Eduardo Chappa
2018-05-21 * Add the "g" option to the select command that works in IMAPEduardo Chappa
servers that implement the X-GM-EXT-1 capability (such as the one offered by Gmail.) This allows users to do selection in Alpine as if they were doing a search in the web interface for Gmail.
2018-01-14 * Change to imap4r1.c to ignore text after a reply to a STATUSEduardo Chappa
command. The Exchange server adds a white space (US-ASCII 32) at the end of the reply to a STATUS command, making the parser fail, and ignoring the reply of the STATUS command.
2016-02-10 * Add support to c-client of special-use mailboxes for client use.Eduardo Chappa
2016-02-01 * Added support for RFC 2971 - IMAP ID extension.Eduardo Chappa
2015-07-24 * new version 2.20.9.Eduardo Chappa
* Add command line argument -smimedir, which allows to specify the default path for a directory that contains the public, private, and ca directories. This is useful in case a user has a backup of old certificates that cannot be installed in the ~/.alpine-smime dir. * Update to alpine man page to include documentation on missing command line options such as -nowrite_password_cache, -passfile, -pwdcertdir, and -smimedir. * Various changes in the code to quell some compiler issued warnings in Mac OSX. Reported by Joe St Sauver. This includes the removing deprecated ldap functions from the code and the test in the configure script. The switch to not deprecated functions is done by the use of the belvar structure, which is not completely appropriate for what we are doing, but it is sufficient for our needs. The berval structure is more appropriate for binary data, but it works well with string data, which is what we need. * Various changes in the code to quell some warnings issued by clang 3.5.
2014-02-02 * Update to version 2.19.5Eduardo Chappa
* check bounds and tie strings off to improve security. Contributed by James Jerkins. * Alpine crashed when a user attempted to add a folder collection, due to bug in GET_NAMESPACE in imap4r1.c.
2013-11-02 * Update to version 2.19.1Eduardo Chappa
* Upgrade UW-IMAP to Panda IMAP from https://github.com/jonabbey/panda-imap. * Replace tabs by spaces in From and Subject fields to control for size in screen of these fields. Change only in index screen display.
2013-10-06 * new version 2.11.8Eduardo Chappa
* Fix in configure script for recognition of SSL files in Ubuntu 12.04 * Alpine does not attempt to automatically reopen a collection that was not opened due to cancellation by the user. Instead, the user must try to open it explicitly. * few improvements on new /tls1, /tls1_1, etc. options.
2013-09-21 * Version 2.11.6Eduardo Chappa
* Add /tls1, /tls1_1, /tls1_2 and /dtls1 to the definition of a server to use different ways to connect using ssl, for example {server.com/tls1} will attempt to connect to server.com at the ssl imap port (port 993) and establish a connection using TLSv1. These flags can be used in conjunction with the /ssl flag, the ssl flag is redundant. Conversely, however, the /ssl flag does not imply any of these flags; the /ssl flag means SSLv3 or, if not available, SSLv2 in the SSL port. * WebAlpine: add _GNU_SOURCE to make pubcookie build. * On my way to make 'make dist' and 'make distcheck' actually work.
2013-05-31 * somehow all.patch got here. Reversing.Eduardo Chappa
2013-05-31 * Fix not allow remote execution by adding PIPE_NOSHELL to the opening of ↵Eduardo Chappa
a url by a browser.
2013-02-03Initial Alpine VersionEduardo Chappa