Age | Commit message (Collapse) | Author | |
---|---|---|---|
2021-08-28 | * Changes to auth_bea.c similar to those of auth_oa2.c. | Eduardo Chappa | |
2021-08-28 | * Fix of more memory leaks and a crash due to incorrect freeing of memory, ↵ | Eduardo Chappa | |
introduced in commit 8961761e0b3c7b3cc11a00f6ac6ebf7a29bc5a10 | |||
2021-08-23 | * Crash due to incorrect freeing of memory, introduced in commit | Eduardo Chappa | |
8961761e0b3c7b3cc11a00f6ac6ebf7a29bc5a10 | |||
2021-08-23 | * Fix some memory leaks reported by Valgrind. | Eduardo Chappa | |
2021-08-19 | * Clear out some warnings given by gcc-10. | Eduardo Chappa | |
2021-08-15 | * The c-client library parses information from an IMAP server during | Eduardo Chappa | |
non-authenticated state which could lead to denial of service. Reported by Damian Poddebniak from Münster University of Applied Sciences. | |||
2021-08-10 | * Improvements to http.c and json.c for support of future code. | Eduardo Chappa | |
2021-08-09 | * Update to json code to simplify it. | Eduardo Chappa | |
2021-07-31 | * Clear more warnings given by gcc-10. Work in progress. | Eduardo Chappa | |
2021-07-30 | * Improvements to the http and json code. | Eduardo Chappa | |
2021-07-28 | * Print error when trying to authenticate using XOAUTH2, when available. | Eduardo Chappa | |
2021-06-10 | * Rewrite of http code to keep connections alive after GET and POST | Eduardo Chappa | |
commands. | |||
2021-06-06 | * Clear some warnings given by gcc-10. | Eduardo Chappa | |
2021-05-15 | * Eliminate no timeout from https connection. | Eduardo Chappa | |
2021-05-08 | * Clear out some gcc warnings, and code improvement. Work in progress. | Eduardo Chappa | |
2021-04-29 | * Crash in the ntlm authenticator when no domain was specified in the | Eduardo Chappa | |
username. Reported and fixed by Anders Skargren. | |||
2021-04-18 | * Fixes to the support for ssl ciphers (variable could be set | Eduardo Chappa | |
in alpine, but never seen by c-client.) | |||
2021-04-17 | * This code was not committed earlier, and is part of support of the | Eduardo Chappa | |
ssl-ciphers configuration option. | |||
2021-04-17 | * Add new variable ssl-ciphers to list the ciphers that will be used when | Eduardo Chappa | |
negotiating a secure connection with a SSL server. Work in collaboration with professor Martin Trusler. | |||
2021-04-10 | * New alpha version 2.24.1 | Eduardo Chappa | |
2021-04-04 | * http debug support sets debug flag before checking if stream is open and ↵ | Eduardo Chappa | |
might be closed. | |||
2021-03-30 | * Added line "#include <time.h>" to file imap/src/osdep/unix/os_osx.h | Eduardo Chappa | |
to fix a compilation error in mac, reported by several people. The fix was tested successfuly by Steven Michaud in the following systems: macOS 11.2.3 XCode 12.4 macOS 10.15.7 XCode 11.1 macOS 10.14.6 XCode 10.3 macOS 10.13.6 XCode 9.1 macOS 10.12.6 XCode 8.3.3 OS X 10.11.6 XCode 7.3.1 OS X 10.10.5 XCode 6.1.1 OS X 10.9.5 XCode 6.1.1 See https://trac.macports.org/ticket/61590 | |||
2021-03-28 | * Many spelling errors corrected by Jens Schleusener. Thank you! | Eduardo Chappa | |
2021-03-27 | * Remove the ability to choose between the device and authorize methods | Eduardo Chappa | |
to login to outlook, since the original client-id can only be used for the device method. One needs a special client-id and client-secret to use the authorize method in Outlook. | |||
2021-03-27 | * new http option for debug. This is mostly useful to debug XOAUTH2 | Eduardo Chappa | |
autentication and reveals sensitive login information. Use with care. Remove your .pine-debug file after using this option. | |||
2021-03-07 | * Some minor fixes for the Roman8 in the file charset/ibm.c. | Eduardo Chappa | |
2021-02-25 | * Updates to old port for HP-UX 9.X, after work with Martin Trusler. | Eduardo Chappa | |
2020-11-23 | * Add support for the base64 URL encoding. | Eduardo Chappa | |
2020-11-01 | * The previous commit does not allow clients to login using xoauth2, so | Eduardo Chappa | |
this commit fixes that. | |||
2020-11-01 | * Improvements to the cancel authentication logic to not to make it | Eduardo Chappa | |
have a delay when cancelling authentication. | |||
2020-10-03 | * Set up the IMAP ID at the moment of loging in to the server, rather than | Eduardo Chappa | |
as a one time option, in case we need to use a special IMAP ID. | |||
2020-09-27 | * remove warning compilation about safe_flock not defined in compilation | Eduardo Chappa | |
in Linux. | |||
2020-08-29 | * When a server expires a refresh token, Alpine needs to cancel it | Eduardo Chappa | |
internally. * Fixes to some prototyping for code related to authentication. * Fixes to documentation contributed by Dennis Davis. | |||
2020-08-27 | * Ignore non-empty initial challenge in the GSSAPI authenticator. | Eduardo Chappa | |
Some SMTP servers send a non-empty initial challenge, causing Alpine to cancel the authentication (in accordance to RFC). Patch was submitted by Ignacio Reguero, but written by Jarek Polok, to the re-alpine project (see https://sourceforge.net/p/re-alpine/bugs/16/) Patch was resubmitted here, but the code was modified in an equivalent but different way. | |||
2020-08-06 | * Clear a compilation issue in PC-Alpine. | Eduardo Chappa | |
2020-08-05 | * When Alpine opens a folder in a server whose address is given numerically | Eduardo Chappa | |
it might crash due to an incorrect freeing of memory. Reported by Wang Kang. | |||
2020-07-28 | * XOAUTH2: automatic renew of access token and connection to a server | Eduardo Chappa | |
within 60 seconds of expiration of the access token. | |||
2020-07-19 | * Remove the line "#define fork vfork" in imap/src/osdep/unix/os_osx.c, ↵ | Eduardo Chappa | |
because the call to vfork inside a vfork causes an error EINVAL; however, the same calls are not causing trouble in other systems, so they are going to stay there. Reported and asisted by Wang Kang. | |||
2020-07-18 | * Addition of the variables User Certs Dir and User Certs File, which allow | Eduardo Chappa | |
a user to specify the location of server certificates that the user trusts. | |||
2020-07-17 | * Experimental: Attempt to implement the Encryption Range in Windows. It works | Eduardo Chappa | |
in Windows 10, and it should work in Windows 8.1. It needs testing in Windows 7 and Windows Vista. | |||
2020-07-09 | * Add choice of Authorization flow to Alpine. Alpine supports two ways to get | Eduardo Chappa | |
authorization to read email. One is called "Authorize" and the other "Device". Some servers support both, some only one. For servers that support both, Alpine will ask if it does not know which method to choose. Inspired by a conversation with Pieter Jacques. | |||
2020-07-03 | * Experimental: Elimination of the w32 build code for PC-Alpine. | Eduardo Chappa | |
Now w32 and wnt are the same code, so we are only left with wnt and wxp. | |||
2020-07-02 | * Fix some compilation warnings in Windows. Reported by Barry Landy. | Eduardo Chappa | |
2020-06-29 | * Modifications to protect the privacy of users: | Eduardo Chappa | |
+ Alpine does not generate Sender or X-X-Sender by default by making [X] Do Not Generate Sender Header the default. + Alpine does not disclose User Agent by default by making [X] Suppress User Agent When Sending the default. + Alpine uses the domain in the From: header of a message to generate a message-id and suppresses all information about Alpine, version, revision, and time of generation of the message-id from this header. This information is replaced by a random string. | |||
2020-06-26 | * When Alpine starts a PREAUTH connection, it might still ask the user | Eduardo Chappa | |
to login. Reported by Frank Tobin. | |||
2020-06-26 | * Expansion of the configuration screen for XOAUTH2 to include | Eduardo Chappa | |
username, and tenant. * If a user has more than one client-id for a service, Alpine tries to asks the user which client-id to use and associates that client-id to the credentials in the XOAUTH2 configuration screen. | |||
2020-06-18 | * Crash if Privacy Policy is not accessible. | Eduardo Chappa | |
2020-06-18 | * Compilation error in Alpine when using the ntlm authenticator. | Eduardo Chappa | |
Reported by Marco Beishuizen. | |||
2020-06-18 | * Security Bug: Alpine can be configured to start a secure connection ↵ | Eduardo Chappa | |
using /tls on an insecure connection. However, if the connection is PREAUTH, Alpine will not upgrade the connection to a secure connection, because a client must not issue a STARTTLS to a server that supports it in authenticated state. This makes Alpine continue to use an insecure connection with the server, exposing user data. Reported by Damian Poddebniak and Fabian Ising, from Münster University of Applied Sciences. | |||
2020-06-13 | * Promote the login authentication method higher than | Eduardo Chappa | |
OAUTHBEARER and XOAUTH2. This avoids using these authentication methods when other authentication methods are still working. |