summaryrefslogtreecommitdiff
path: root/imap
AgeCommit message (Collapse)Author
2020-06-26 * Expansion of the configuration screen for XOAUTH2 to includeEduardo Chappa
username, and tenant. * If a user has more than one client-id for a service, Alpine tries to asks the user which client-id to use and associates that client-id to the credentials in the XOAUTH2 configuration screen.
2020-06-18 * Crash if Privacy Policy is not accessible.Eduardo Chappa
2020-06-18 * Compilation error in Alpine when using the ntlm authenticator.Eduardo Chappa
Reported by Marco Beishuizen.
2020-06-18 * Security Bug: Alpine can be configured to start a secure connection ↵Eduardo Chappa
using /tls on an insecure connection. However, if the connection is PREAUTH, Alpine will not upgrade the connection to a secure connection, because a client must not issue a STARTTLS to a server that supports it in authenticated state. This makes Alpine continue to use an insecure connection with the server, exposing user data. Reported by Damian Poddebniak and Fabian Ising, from Münster University of Applied Sciences.
2020-06-13 * Promote the login authentication method higher thanEduardo Chappa
OAUTHBEARER and XOAUTH2. This avoids using these authentication methods when other authentication methods are still working.
2020-06-12 * Additional addition of doucmentation for XOAUTH2, some fixes in the ↵Eduardo Chappa
documentation, fixes in the configuration screen, and documentation on what is needed in each structure defining each service.
2020-06-12 * Initial implementation of XOAUTH2 authentication support for Outlook.Eduardo Chappa
Based on documentation suggested by Andrew C Aitchison.
2020-06-08 * Corrections to spelling errors, contributed by Jens Schleusener.Eduardo Chappa
2020-06-08 * Remove some compilation warnings given by clang7.Eduardo Chappa
2020-06-08 * Remove some compilation warnings given by gcc9.Eduardo Chappa
2020-05-21 * Update to some http_* functions to return status code returned by server.Eduardo Chappa
2020-05-18 * Further modifications to http.c to account for differences in which ↵Eduardo Chappa
http replies can come, so that http_* functions return the body and not the headers of a reply.
2020-05-18 * A few improvements to the http code, which make the http_* functions not ↵Eduardo Chappa
return the headers of a http reply. So, http_get returns the text retrieved retrieverd, without headers. This allows for simplification of the mm_login_oauth2_c_client function.
2020-05-14 * Create /starttls as a synonym of /tls. Update the documentation to useEduardo Chappa
/starttls instead of /tls. This should cause less confusion in Alpine users in the future.
2020-05-13 * Avoid error messages or tcp timeouts when cancelling imap authentication.Eduardo Chappa
2020-05-13 * Clear a few compilations warnings, produced by gcc.Eduardo Chappa
2020-05-11 * When using single trip authenticators, still report we used them,Eduardo Chappa
even though we do not report the full command used.
2020-05-10 * Remove CC=cc from Makefiles under the imap/ directory. Also redefineEduardo Chappa
ARRC, as these are inherited from values set in the configure script, which in turn can be inherited from environment variables. This implies that to build c-client one needs to specify these variables, and since this is not being built as a stand-alone library anymore, we take these values from the configure script. Submitted by Robert Siebeck.
2020-05-09 * Several improvements to Alpine's support of XOAUTH2. In the case of Gmail,Eduardo Chappa
a text explaining the basic steps on how to configure fully Alpine with Gmail was added. In addition, some issues introduced while included OAUTHBEARER were also fixed.
2020-05-08 * Bug prevented development version from establishing a XOAUTH2 ↵Eduardo Chappa
authentication.
2020-02-20 * Remove debug information in net_soutr(), which makes Alpine printEduardo Chappa
extra debug information as messages in the screen.
2020-02-19 * Correct the NTLM authenticator to make sure Alpine compiles whenEduardo Chappa
support for the NTLM authenticator is compiled into Alpine.
2020-02-19 * Added support for SALS-IR (rfc 4959) and similar support for otherEduardo Chappa
protocols (SMTP, NNTP, POP3) as some SMTP servers do not support a round-trip two step authentication. For example, davmail does not support PLAIN authentication in SMTP using the challenge-response scheme. Implemented after a report by Geoffrey Bodwin.
2020-02-09 * Creation of port wxp to build Alpine in Windows XP. At the timeEduardo Chappa
of this writing, the port w32 is the same as the port wxp, but it is intended to target other 32 bit operating systems.
2020-02-03 * Add variable system-certs-file to indicate the location of a containerEduardo Chappa
of CA certificates. This complements the variable system-certs-path that gives the location the directory that containes CA certificates.
2020-01-26 * Add the file imap/src/c-client/auth_bea.c, needed for the compilationEduardo Chappa
of Alpine. Reported by Bob Bernstein.
2020-01-26 * Add support for the OAUTHBEARER authentication method in Gmail. Thanks toEduardo Chappa
Alexander Perlis for suggesting it and explaining how the method works.
2020-01-25 * New variable system-certs-path that allows users to indicate theEduardo Chappa
location of the directory where folders are located. In PC-Alpine this must be C:\libressl\ssl\certs. The C: drive can be replaced by the name of the drive where the binary and DLL files are located.
2020-01-19 * Initial release of Alpine version 2.22.Eduardo Chappa
2020-01-19 * Creating w32 port for compilation of Alpine. This is intended for oldEduardo Chappa
machines that cannot be updated. Long story short: Always use the command "build wnt" to build Alpine. If that does not work, try "build w32", which is for machines that are too old and do not have any way to use modern encryption protocols such as TLSv1.2. The version of Alpine built in modern machines will be called alpine.exe, and the binary built with the port w32 will be called alpine32 in the repository. All other binaries can be downloaded from the main web site, and they will not have the suffix "32" there.
2020-01-18 * Adding pith_ssl_encryption function to linkage.h.Eduardo Chappa
2020-01-18 * Various fixes to copyright notices, make sure we allocate enoughEduardo Chappa
memory in file http.c, and move Pico version to 5.10.
2020-01-17 * Add file imap/src/osdep/nt/nt_libressl.c, which is useful to buildEduardo Chappa
the windows version of Alpine in a 32-bit environment.
2020-01-16 * Fix a few more misspellings in the source code of Alpine.Eduardo Chappa
List contributed by Jens Schleusener.
2020-01-15 * Fix a number of misspellings in the source code of Alpine. I hav onlyEduardo Chappa
fixed those that belong to the source code of Alpine and do not come from an external source. List contributed by Jens Schleusener.
2020-01-15 * Add configuration screen for XOAUTH, so users can configure their ownEduardo Chappa
client-id and client-secret information.
2020-01-10 * Add file ssl_win.c, which is necessary for the compilation ofEduardo Chappa
PC-Alpine.
2020-01-09 * When Alpine is built with the option --with-bundled-tools, the "makeEduardo Chappa
install" command will also install the mailutil program. Feature contributed by Professor Ryan Elliot.
2020-01-04 * The feature that stopped alpine from saving passwords in the passwordEduardo Chappa
file prevented users from actually saving their passwords in Windows and MAC OS. Fix the code so that passwords will be saved. Also, update the documentation of this feature. * Fix a buffer overflow bug in the XOAUTH2 code (off by one error). * Update PC-Alpine to work with Libressl version 3.0.2 instead of version 2.5.5 (update build.bat and lib files from the LibreSSL build). * Erase SSLXXXXXX file. * ssl_nt.c actually directs the code to ssl_libressl.c or ssl_win.c. The file ssl_libressl.c is the file ssl_unix.c from the unix osdep directory. The file ssl_win.c is the native SSL windows code. The Unix side provides S/MIME support for Alpine and the latest encryption protocols support for Alpine when connecting to a secure server, while the windows side provide TLSv1_3 support for Alpine, but not S/MIME support. In order to provide unix code for TLSv1_3 (once LibreSSL supports it) edit the file os_nt.c and remove the comments on the #ifdef section. This would provide both TLSv1_3 and S/MIME support with unix code. On the other hand, when we provide TLSv1_3 with the Windows code we need to undefine DF_ENCRYPTION_RANGE, and this is done in the file include/config.wnt.h. The way this is done as of this moment is by commenting an #else directive that preceedes this #undefine. * Update makefile.nt and friends in the windows side to account for the addition of XOAUTH2, and the use of only ssl_nt.c when dealing with Alpine. * Define SMIME_SSLCERTS as c:\libressl\ssl\certs, so that these certificates be considered while checking a digital S/MIME signature. * Improvements to the SMARTTIME24 token to account for changes in year.
2019-11-25 * Add lnpno port to imap/src/osdep/unix/Makefile to account for ports that doEduardo Chappa
not need/want to build using pam. Add more robustness to the configure process, to add -lcrypt to the build flags when --with-bundled-tools=no is given.
2019-11-23 * Change in build process. Now Alpine will not build the imap tools byEduardo Chappa
default. In order to build the imap tools (such as mtest, imapd, etc.) the configure script must be given the --with-bundled-tools option. Similarly, libpam is not required anymore, unless the option --with-bundled-tools is used.
2019-10-27 * Fix a bug in commit 418e8bc5789d... which made Alpine ignore a challengeEduardo Chappa
during authentication using CRAM-MD5. The intention was to ignore the challenge in the PLAIN authentication. This made Alpine fail to authenticate when using the CRAM-MD5 authenticator. Reported by Stefan Mueller.
2019-10-08 * Compilation problem and error in logic in function ssl_validate_cert.Eduardo Chappa
The issue with logic was that of the two checks for validation of if the first one was not done, the second one would not be done. The intention was to do the second check if the first check failed. Reported by Erich Ecknet.
2019-10-06 * Check for name of server in "server validation code" in more places.Eduardo Chappa
* Document request message for first time use reports IMAP for any remote connection. Report the correct type of service instead.
2019-09-26 * Return a read() to be a read of one byte. The current code has a codeEduardo Chappa
for a read of zero bytes, but this causes problems. Reported by Greg Oster.
2019-09-06 * Fixes so that Alpine will build in the Windows operating system. ThisEduardo Chappa
update takes care of building with LibreSSL.
2019-09-01 * Improvements to documentation and behavior of Alpine when users get aEduardo Chappa
non-empty challenge in a smtp server.
2019-08-22 * Ignore extra text in challenge from smtp server during authentication.Eduardo Chappa
2019-08-20 * Improve code that determines the type of encryption that is used accordingEduardo Chappa
to user's request.
2019-07-11 * Alpine crashes when trying to post an article in a newsgroup and theEduardo Chappa
connection is closed while the post is being composed, but later the post is attempted to be sent. In some instances, the stream may be open and closed during this time, but Alpine does not realize the connection was closed and attempts the post without a netstream, producing a crash.