Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package imapfilter for openSUSE:Factory checked in at 2022-10-25 11:19:42 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/imapfilter (Old) and /work/SRC/openSUSE:Factory/.imapfilter.new.2275 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "imapfilter" Tue Oct 25 11:19:42 2022 rev:48 rq:1030869 version:2.7.6 Changes: -------- --- /work/SRC/openSUSE:Factory/imapfilter/imapfilter.changes 2020-12-21 10:27:11.780236941 +0100 +++ /work/SRC/openSUSE:Factory/.imapfilter.new.2275/imapfilter.changes 2022-10-25 11:19:45.382103263 +0200 @@ -1,0 +2,10 @@ +Sat Oct 22 18:45:40 UTC 2022 - Arun Persaud <arun@gmx.de> + +- update to 2.7.6: + * Support building with OpenSSL 3.0.0 and later. + * Several minor improvements to documentation and example code. + * Removed deprecated CRAM-MD5 mechanism. + * Bug fix; session was destroyed incorrectly on login failures. + * Bug fix; potential session management problems. + +------------------------------------------------------------------- Old: ---- imapfilter-2.7.5.tar.gz New: ---- imapfilter-2.7.6.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ imapfilter.spec ++++++ --- /var/tmp/diff_new_pack.ULg5FV/_old 2022-10-25 11:19:45.938104495 +0200 +++ /var/tmp/diff_new_pack.ULg5FV/_new 2022-10-25 11:19:45.942104504 +0200 @@ -1,7 +1,7 @@ # # spec file for package imapfilter # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: imapfilter -Version: 2.7.5 +Version: 2.7.6 Release: 0 Summary: A mail filtering utility License: MIT ++++++ imapfilter-2.7.5.tar.gz -> imapfilter-2.7.6.tar.gz ++++++ Binary files old/imapfilter-2.7.5/.DS_Store and new/imapfilter-2.7.6/.DS_Store differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/imapfilter-2.7.5/LICENSE new/imapfilter-2.7.6/LICENSE --- old/imapfilter-2.7.5/LICENSE 2020-12-05 22:35:02.000000000 +0100 +++ new/imapfilter-2.7.6/LICENSE 2022-08-06 15:50:59.000000000 +0200 @@ -1,4 +1,4 @@ -Copyright (c) 2001-2020 Eleftherios Chatzimparmpas +Copyright (c) 2001-2022 Eleftherios Chatzimparmpas Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/imapfilter-2.7.5/NEWS new/imapfilter-2.7.6/NEWS --- old/imapfilter-2.7.5/NEWS 2020-12-05 22:35:02.000000000 +0100 +++ new/imapfilter-2.7.6/NEWS 2022-08-06 15:50:59.000000000 +0200 @@ -1,3 +1,10 @@ +IMAPFilter 2.7.6 - 6 Aug 2022 + - Support building with OpenSSL 3.0.0 and later. + - Several minor improvements to documentation and example code. + - Removed deprecated CRAM-MD5 mechanism. + - Bug fix; session was destroyed incorrectly on login failures. + - Bug fix; potential session management problems. + IMAPFilter 2.7.5 - 5 Dec 2020 - New "hostnames" option can be used to disable hostname validation. - Bug fix; "certificates" option incorrectly controlled hostname validation. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/imapfilter-2.7.5/doc/imapfilter.1 new/imapfilter-2.7.6/doc/imapfilter.1 --- old/imapfilter-2.7.5/doc/imapfilter.1 2020-12-05 22:35:02.000000000 +0100 +++ new/imapfilter-2.7.6/doc/imapfilter.1 2022-08-06 15:50:59.000000000 +0200 @@ -14,11 +14,11 @@ .Op Fl t Ar truststore .Sh DESCRIPTION .Nm -is a mail filtering utility. It connects to remote mail servers using the +is a mail filtering utility. It connects to remote mail servers using the Internet Message Access Protocol (IMAP), sends searching queries to the server -and processes mailboxes based on the results. It can be used to delete, copy, -move, flag, etc. messages residing in mailboxes at the same or different mail -servers. The 4rev1 and 4 versions of the IMAP protocol are supported. +and processes mailboxes based on the results. It can be used to delete, copy, +move, flag, etc. messages residing in mailboxes at the same or different mail +servers. The 4rev1 and 4 versions of the IMAP protocol are supported. .Pp The command line options of .Xr imapfilter 1 @@ -45,19 +45,19 @@ File that contains logs of error messages produced. .It Fl n This option enables the so called dry-run mode, and any actions that would -result in changes to the server do not actually take place. So the requests +result in changes to the server do not actually take place. So the requests that would modify any data are not sent to the server, even though informational messages about these actions are still printed. Any other methods, that only receive data from the server, are performed as -normal, such as for example the searching methods. Note, that the number of +normal, such as for example the searching methods. Note, that the number of messages an action is reported to be applied upon, might differ between dry-run mode and the normal execution, and this is expected as in the latter case the -data on the server are continuesly altered by subsequent actions. +data on the server are continuously altered by subsequent actions. .It Fl t Ar truststore The path to the system's SSL CA TrustStore directory or file. SSL connections will be validated using the CA certificates found in this directory or file, -and when this is not possible the local +and when this is not possible, the local .Pa $HOME/.imapfilter/certificates file will be used. The default CA directory is .Pa /etc/ssl/certs/ , @@ -79,7 +79,7 @@ .Sh FILES .Bl -tag -width Ds .It Pa $HOME/.imapfilter/config.lua -Default configuration file. Because this file may contain sensitive data such +Default configuration file. Because this file may contain sensitive data such as user passwords, the recommended permissions are read/write for the user, and not accessible by others. .It Pa $HOME/.imapfilter/certificates diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/imapfilter-2.7.5/doc/imapfilter_config.5 new/imapfilter-2.7.6/doc/imapfilter_config.5 --- old/imapfilter-2.7.5/doc/imapfilter_config.5 2020-12-05 22:35:02.000000000 +0100 +++ new/imapfilter-2.7.6/doc/imapfilter_config.5 2022-08-06 15:50:59.000000000 +0200 @@ -1,4 +1,4 @@ -.Dd Dec 5, 2020 +.Dd Jul 8, 2022 .Dt IMAPFILTER_CONFIG 5 .Os .Sh NAME @@ -9,11 +9,11 @@ .Sh DESCRIPTION .Xr imapfilter 1 uses the Lua programming language as a configuration and extension language, -therefore the configuration file is a Lua script. +therefore, the configuration file is a Lua script. .Pp Although knowledge of Lua is not required to use .Xr imapfilter 1 , -it is nonetheless recommended, especially if one wants to extend it. For more +it is nonetheless recommended, especially if one wants to extend it. For more information on Lua see .Ad http://www.lua.org/docs.html . .Sh CONVENTIONS @@ -83,7 +83,7 @@ .Dq true . .It Va certificates When this option is enabled, the server certificate can be accepted and stored, -in order to validate the authenticity of the server in future connections. This +to validate the authenticity of the server in future connections. This variable takes a .Vt boolean as a value. Default is @@ -92,12 +92,12 @@ Indicates to the server the character set of the strings for the searching methods. This variable takes a .Vt string -as a value. By default no character set is set, and thus plain ASCII should be +as a value. By default, no character set is set, and thus plain ASCII should be assumed by the server. .It Va create According to the IMAP specification, when trying to write a message to a non-existent mailbox, the server must send a hint to the client, whether it -should create the mailbox and try again or not. However some IMAP servers don't +should create the mailbox and try again or not. However, some IMAP servers don't follow the specification and don't send the correct response code to the client. By enabling this option the client tries to create the mailbox, despite of the server's response. This variable takes a @@ -111,14 +111,6 @@ .Vt boolean as a value. Default is .Dq false . -.It Va crammd5 -When this option is enabled and the server supports the Challenge-Response -Authentication Mechanism (specifically CRAM-MD5), this method will be used for -user authentication instead of a plaintext password LOGIN. This variable -takes a -.Vt boolean -as a value. Default is -.Dq true . .It Va expunge Normally, messages are marked for deletion and are actually deleted when the mailbox is closed. When this option is enabled, messages are expunged @@ -134,7 +126,7 @@ as a value. Default is .Dq true . .It Va info -When this options is enabled, a summary of the program's actions is printed, +When this option is enabled, a summary of the program's actions is printed, while processing mailboxes. This variable takes a .Vt boolean as a value. Default is @@ -143,7 +135,7 @@ The time in minutes before terminating and re-issuing the IDLE command, in order to keep alive the connection, by resetting the inactivity timeout of the server. A standards compliant server must have an inactivity timeout of at -least 30 minutes. But it may happen that some IMAP servers don't respect that, +least 30 minutes. But some IMAP servers might not respect that, or some intermediary network device has a shorter timeout. By setting this option the above problem can be worked around. This variable takes a .Vt number @@ -152,7 +144,7 @@ minutes. .It Va limit Some servers have problems handling very long requests, but some of the -requests that need to be sent can become quite long, because they apply an +requests that need to be sent can become quite long because they apply an action for many messages at once. When this option is set, the client will try to break up these requests into smaller requests, that each operates on fewer messages at a time. A good value for this would be @@ -171,9 +163,9 @@ .Sq / character as the delimiter and .Dq -(ie. nothing) as the prefix, regardless of the folder +(i.e. nothing) as the prefix, regardless of the folder format of the mail server. This must be disabled, if the user wants to -manually specify mailbox names (eg. because they are not part of the user's +manually specify mailbox names (e.g. because they are not part of the user's personal namespace mailboxes). This variable takes a .Vt boolean as a value. Default is @@ -182,14 +174,14 @@ When the .Va recover option is enabled, the recovery function tries to restore the lost session, but -if it fails to do so it gives up with an error. In some cases a temporary +if it fails to do so, it gives up with an error. In some cases, a temporary network problem might cause the recovery function to fail, but the connection could be reestablished when trying a bit later. By enabling this option, the recovery function will be called repeatedly after a timeout, thus it will -persist when trying to restore the session. Note, that this will case the +persist when trying to restore the session. Note, that this will cause the execution of the configuration file to be halted at the point of failure until the session is restored, which can have side effects to other established -sessions, for example they might get dropped by the server after a while. This +sessions, for example, they might get dropped by the server after a while. This variable takes a .Vt boolean @@ -202,13 +194,13 @@ .Dq 50 . This variable takes a .Vt number -as a value. By default no such limit is imposed. See also the +as a value. By default, no such limit is imposed. See also the .Va limit option which is related. .It Va recover -With this option it is possible to control the recovery functionality, which +With this option, it is possible to control the recovery functionality, which restores a session (the connection to the server and the IMAP state at the -time), after some unexpected event takes place. Currently there are two types +time), after some unexpected event takes place. Currently, there are two types of events that can end abnormally a session, and finally cause the program to terminate: network errors, and the IMAP BYE response which a server can send anytime. When this option is set to @@ -226,7 +218,7 @@ option), the client will re-enter IDLE mode. But when this option is disabled, and after the connection is recovered, the client will not re-enter IDLE mode, and instead will continue to execute the next line in the configuration file, -ie. the one after +i.e. the one after .Fn enter_idle . Default is .Dq true . @@ -252,7 +244,7 @@ .Dq 60 seconds. .It Va wakeonany -By enabling this option the IDLE command will return on any event that is +By enabling this option, the IDLE command will return on any event that is received from the server, and not just on the .Dq RECENT and @@ -260,7 +252,7 @@ events, that normally indicate the arrival of a new message. Examples of other events are .Dq FETCH , -which indicates that the details of a message (eg. its flags) have been +which indicates that the details of a message (e.g. its flags) have been modified, or .Dq EXPUNGE , which indicates that a message has been deleted. This variable takes a @@ -301,13 +293,18 @@ can also have the following optional elements: .Bl -tag -width Ds .It Va password -User's secret keyword. If a password wasn't supplied the user will be asked to +User's secret keyword. If a password wasn't supplied, the user will be asked to enter one interactively the first time it will be needed (unless .Vt oauth2 has been set). It takes a .Vt string as a value. .Pp +Passwords can also be extracted during execution time from an encrypted +password vault. The +.Pa samples/extend.lua +file contains such an example. +.Pp Note that due to Lua using backslash .Sq \e as an escape character for its strings, one has to use double backslashes in @@ -317,7 +314,7 @@ The OAuth2 string to use to authenticate if the server supports the XOAUTH2 authentication mechanism. If the server does not support it and a .Vt password -has been also set, authentication will be attempted using the +has also been set, authentication will be attempted using the .Vt password . It takes a .Vt string @@ -328,8 +325,12 @@ has been generated using the refresh token if the last access token has expired, and an OAuth2 string has been generated from the access token. The aforementioned OAuth2 string is a Base64 encoded string that should be set -here. For more information see +here. For more information, see .Ad https://developers.google.com/gmail/xoauth2_protocol . +.Pp +The +.Pa samples/extend.lua +file contains an example of authentication using OAuth2. .It Va port The port to connect to. It takes a .Vt number @@ -350,7 +351,7 @@ .Dq ssl3 . .Pp Note that the latest versions of the OpenSSL library have deprecated -version specific methods, and the actual protocol version used will be +version specific methods, and the actual protocol version used, will be negotiated to be the highest version mutually supported by the client and the server. This is also what the .Dq auto @@ -398,7 +399,7 @@ .Sq * wildcard, matches any character and the .Sq % -matches any character except the folder delimiter, ie. non-recursively: +matches any character except the folder delimiter, i.e. non-recursively: .Pp .Bl -tag -width Ds -compact .It Fn list_all folder mailbox @@ -510,7 +511,7 @@ myaccount['myfolder/mymailbox'] .Ed .Pp -The methods that are available for an account (eg. +The methods that are available for an account (e.g. .Fn list_all , .Fn create_mailbox , etc.) , are considered keywords and must not be used as mailbox names, and the @@ -534,11 +535,11 @@ The .Fn enter_idle method implements the IMAP IDLE (RFC 2177) extension. By using this extension -it's not necessary to poll the server for changes to the selected mailbox (ie. +it's not necessary to poll the server for changes to the selected mailbox (i.e. using the .Fn check_status method), but instead the server sends an update when there is a change -in the mailbox (eg. in case of new mail). When the +in the mailbox (e.g. in case of new mail). When the .Fn enter_idle method has been called no more commands in the configuration file are executed until an update is received, at which point the @@ -552,7 +553,7 @@ method returns a value of type .Vt boolean : .Dq true -if the IDLE extension is supported and there was a update in the mailbox, and +if the IDLE extension is supported and there was an update in the mailbox, and .Dq false if the IDLE extension is not supported, in which case the method returns immediately. When the aforementioned return value was @@ -568,7 +569,7 @@ also interrupt the IDLE mode at any time, and the execution of the configuration file will then continue from the next line after the .Fn enter_idle . -In this case only the value +In this case, only the value .Dq true is returned. .El @@ -649,7 +650,7 @@ of the searching methods can also be stored in variables and then further processed: .Bd -literal -offset 4n -unseen = myaccount.myaccount:is_unseen() +unseen = myaccount.mymailbox:is_unseen() larger = myaccount.mymailbox:is_larger(100000) subject = myaccount.mymailbox:contain_subject('test') results = unseen + larger * subject @@ -826,7 +827,7 @@ .Dq Oct , .Dq Nov , .Dq Dec ) -and year is the year as decimal number including the century (eg. 2007): +and year is the year as decimal number including the century (e.g. 2007): .Pp .Bl -tag -width Ds -compact .It Fn arrived_before date @@ -1159,7 +1160,7 @@ .Dq \eDraft , .Dq \eFlagged , .Dq \eSeen , -while if the server supports it, new user keywords may be defined: +while, if the server supports it, new user keywords may be defined: .Pp .Bl -tag -width Ds -compact .It Fn add_flags flags @@ -1206,7 +1207,7 @@ results:move_messages(myotheraccount['myfolder/mymailbox']) .Ed .Sh MESSAGES -The messages that are residing in any mailbox can be also accessed, as a whole +The messages that are residing in any mailbox can also be accessed, as a whole or in parts. Messages can be accessed using their unique identifier (UID): .Bd -literal -offset 4n myaccount.mymailbox[22] @@ -1423,6 +1424,12 @@ order to insert a single backslash inside a regular expression pattern. For more information on PCRE see .Ad http://pcre.org/original/doc/html/ . +.Pp +.It Fn sleep interval +Delay for the specified +.Fa interval +.Pq Vt number +in seconds. .El .Pp Examples: @@ -1433,7 +1440,12 @@ status = pipe_to('mycommandline', 'mydata') status, data = pipe_from('mycommandline') success, capture = regex_search('^(?i)pcre: (\e\ew)$', 'mystring') +sleep(300) +.Pp .Ed +For more examples, see the +.Pa samples/extend.lua +file. .Sh EXAMPLES See .Pa samples/config.lua diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/imapfilter-2.7.5/samples/extend.lua new/imapfilter-2.7.6/samples/extend.lua --- old/imapfilter-2.7.5/samples/extend.lua 2020-12-05 22:35:02.000000000 +0100 +++ new/imapfilter-2.7.6/samples/extend.lua 2022-08-06 15:50:59.000000000 +0200 @@ -33,6 +33,25 @@ end +-- The previous example can be further improved to consider whether new +-- messages arrived while filtering took place, and also somewhat work on +-- servers that have no IDLE support. + +function custom_idle(mbox) + if #mbox:is_unseen() == 0 then + if not mbox:enter_idle() then + sleep(300) + end + end +end + +while true do + custom_idle(myaccount.mymailbox) + results = myaccount.mymailbox:is_unread() + results:move_messages(myaccount.myothermailbox) +end + + -- IMAPFilter can take advantage of all those filtering utilities that -- are available and use a wide range of heuristic tests, text analysis, -- internet-based realtime blacklists, advanced learning algorithms, @@ -100,75 +119,11 @@ -- Passwords could be extracted during execution time from an encrypted --- file. --- --- The file is encrypted using the openssl(1) command line tool. For --- example the "passwords.txt" file: --- --- secret1 --- secret2 --- --- ... is encrypted and saved to a file named "passwords.enc" with the --- command: --- --- $ openssl bf -in passwords.txt -out passwords.enc --- --- The auxiliary function pipe_from() is supplied for conveniency. The --- user is prompted to enter the decryption password, the file is --- decrypted and the account passwords are set accordingly: - -status, output = pipe_from('openssl bf -d -in ~/passwords.enc') - -_, _, password1, password2 = string.find(output, '([%w%p]+)\n([%w%p]+)') +-- password vault. Here's an example using pass. +status, password = pipe_from('pass Email/imap1.mail.server') account1 = IMAP { server = 'imap1.mail.server', username = 'user1', - password = password1 -} - -account2 = IMAP { - server = 'imap2.mail.server', - username = 'user2', - password = password2 -} - - --- An alternative way to authenticate to a server is by using a OAuth2 string, --- if the server supports the XOAUTH2 authentication mechanism. --- --- In order to generate an OAuth2 string the oauth2.py script and library can --- be used, and instructions on how to use it and where to download it are --- available at: --- --- https://github.com/google/gmail-oauth2-tools/wiki/OAuth2DotPyRunThrough --- --- The generated OAuth2 string is then supplied to imapfilter in order to --- authenticate to the IMAP server using it instead of a login --- username/password pair. --- --- Here we assume that imapfilter has the user, the cliend id, the client --- secret and the refresh token, and uses them to generate a new access token --- (access tokens expire after one hour), and then from the new access token to --- generate the OAuth2 string that is used with the IMAP server: -user = 'xoauth@gmail.com' -clientid = '364545978226.apps.googleusercontent.com' -clientsecret = 'zNrNsBzOOnQy8_O-8LkofeTR' -refreshtoken = '1/q4SaB2JMQB9I-an6F1rxJE9OkOMtfjaz1bPm1tfDpQM' - -status, output = pipe_from('oauth2.py --client_id=' .. clientid .. - ' --client_secret=' .. clientsecret .. - ' --refresh_token=' .. refreshtoken) -_, _, accesstoken = string.find(output, 'Access Token: ([%w%p]+)\n') - -status, output = pipe_from('oauth2.py --generate_oauth2_string' .. - ' --access_token=' .. accesstoken .. - ' --user=' .. user) -_, _, oauth2string = string.find(output, 'OAuth2 argument:\n([%w%p]+)\n') - -account3 = IMAP { - server = 'imap.gmail.com', - ssl = 'tls1.2', - username = user, - oauth2 = oauth2string + password = password } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/imapfilter-2.7.5/src/Makefile new/imapfilter-2.7.6/src/Makefile --- old/imapfilter-2.7.5/src/Makefile 2020-12-05 22:35:02.000000000 +0100 +++ new/imapfilter-2.7.6/src/Makefile 2022-08-06 15:50:59.000000000 +0200 @@ -34,7 +34,7 @@ options.lua auxiliary.lua BIN = imapfilter -OBJ = auth.o buffer.o cert.o core.o file.o imapfilter.o list.o log.o lua.o \ +OBJ = buffer.o cert.o core.o file.o imapfilter.o list.o log.o lua.o \ memory.o misc.o namespace.o pcre.o regexp.o request.o response.o \ session.o signal.o socket.o system.o diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/imapfilter-2.7.5/src/auth.c new/imapfilter-2.7.6/src/auth.c --- old/imapfilter-2.7.5/src/auth.c 2020-12-05 22:35:02.000000000 +0100 +++ new/imapfilter-2.7.6/src/auth.c 1970-01-01 01:00:00.000000000 +0100 @@ -1,73 +0,0 @@ -#include <stdio.h> -#include <string.h> - -#include <openssl/hmac.h> -#include <openssl/evp.h> - -#include "imapfilter.h" - - -/* - * Authenticate to the server with the Challenge-Response Authentication - * Mechanism (CRAM). The authentication type associated with CRAM is - * "CRAM-MD5". - */ -unsigned char * -auth_cram_md5(const char *user, const char *pass, unsigned char *chal) -{ - size_t n; - unsigned int i; - unsigned char *resp, *buf, *out; - unsigned char md[EVP_MAX_MD_SIZE], mdhex[EVP_MAX_MD_SIZE * 2 + 1]; - unsigned int mdlen; -#if OPENSSL_VERSION_NUMBER >= 0x1010000fL && !defined(LIBRESSL_VERSION_NUMBER) - HMAC_CTX *ctx; -#else - HMAC_CTX ctx; -#endif - - n = strlen((char *)(chal)) * 3 / 4 + 1; - resp = (unsigned char *)xmalloc(n * sizeof(char)); - memset(resp, 0, n); - - EVP_DecodeBlock(resp, chal, strlen((char *)(chal))); - -#if OPENSSL_VERSION_NUMBER >= 0x1010000fL && !defined(LIBRESSL_VERSION_NUMBER) - ctx = HMAC_CTX_new(); - HMAC_Init_ex(ctx, (const unsigned char *)pass, strlen(pass), - EVP_md5(), NULL); - HMAC_Update(ctx, resp, strlen((char *)(resp))); - HMAC_Final(ctx, md, &mdlen); - HMAC_CTX_free(ctx); -#else - HMAC_CTX_init(&ctx); - HMAC_Init(&ctx, (const unsigned char *)pass, strlen(pass), EVP_md5()); - HMAC_Update(&ctx, resp, strlen((char *)(resp))); - HMAC_Final(&ctx, md, &mdlen); - HMAC_CTX_cleanup(&ctx); -#endif - - xfree(chal); - xfree(resp); - - for (i = 0; i < mdlen; i++) - snprintf((char *)(mdhex) + i * 2, mdlen * 2 - i * 2 + 1, - "%02x", md[i]); - mdhex[mdlen * 2] = '\0'; - - n = strlen(user) + 1 + strlen((char *)(mdhex)) + 1; - buf = (unsigned char *)xmalloc(n * sizeof(unsigned char)); - memset(buf, 0, n); - - snprintf((char *)(buf), n, "%s %s", user, mdhex); - - n = (strlen((char *)(buf)) + 3) * 4 / 3 + 1; - out = (unsigned char *)xmalloc(n * sizeof(unsigned char)); - memset(out, 0, n); - - EVP_EncodeBlock(out, buf, strlen((char *)(buf))); - - xfree(buf); - - return out; -} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/imapfilter-2.7.5/src/cert.c new/imapfilter-2.7.6/src/cert.c --- old/imapfilter-2.7.5/src/cert.c 2020-12-05 22:35:02.000000000 +0100 +++ new/imapfilter-2.7.6/src/cert.c 2022-08-06 15:50:59.000000000 +0200 @@ -37,7 +37,11 @@ mdlen = 0; +#if OPENSSL_VERSION_NUMBER >= 0x30000000L + if (!(cert = SSL_get1_peer_certificate(ssn->sslconn))) +#else if (!(cert = SSL_get_peer_certificate(ssn->sslconn))) +#endif return -1; verify = SSL_get_verify_result(ssn->sslconn); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/imapfilter-2.7.5/src/imapfilter.h new/imapfilter-2.7.6/src/imapfilter.h --- old/imapfilter-2.7.5/src/imapfilter.h 2020-12-05 22:35:02.000000000 +0100 +++ new/imapfilter-2.7.6/src/imapfilter.h 2022-08-06 15:50:59.000000000 +0200 @@ -29,11 +29,10 @@ /* Capabilities of mail server. */ #define CAPABILITY_NONE 0x00 #define CAPABILITY_NAMESPACE 0x01 -#define CAPABILITY_CRAMMD5 0x02 -#define CAPABILITY_STARTTLS 0x04 -#define CAPABILITY_CHILDREN 0x08 -#define CAPABILITY_IDLE 0x10 -#define CAPABILITY_XOAUTH2 0x20 +#define CAPABILITY_STARTTLS 0x02 +#define CAPABILITY_CHILDREN 0x04 +#define CAPABILITY_IDLE 0x08 +#define CAPABILITY_XOAUTH2 0x10 /* Status responses and response codes. */ #define STATUS_NONE 0 @@ -85,10 +84,6 @@ } environment; -/* auth.c */ -unsigned char *auth_cram_md5(const char *user, const char *pass, - unsigned char *chal); - /* cert.c */ int get_cert(session *ssn); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/imapfilter-2.7.5/src/lua.c new/imapfilter-2.7.6/src/lua.c --- old/imapfilter-2.7.5/src/lua.c 2020-12-05 22:35:02.000000000 +0100 +++ new/imapfilter-2.7.6/src/lua.c 2022-08-06 15:50:59.000000000 +0200 @@ -133,7 +133,6 @@ lua_newtable(lua); set_table_boolean("certificates", 1); - set_table_boolean("crammd5", 1); set_table_boolean("create", 0); set_table_boolean("expunge", 1); set_table_boolean("hostnames", 1); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/imapfilter-2.7.5/src/request.c new/imapfilter-2.7.6/src/request.c --- old/imapfilter-2.7.5/src/request.c 2020-12-05 22:35:02.000000000 +0100 +++ new/imapfilter-2.7.6/src/request.c 2022-08-06 15:50:59.000000000 +0200 @@ -54,9 +54,10 @@ if (request_login(&ssn, NULL, NULL, NULL, NULL, \ NULL, NULL) != -1) \ return STATUS_NONE; \ - } else \ + } else { \ session_destroy(ssn); \ ssn = NULL; \ + } \ return -1; \ } @@ -238,23 +239,6 @@ ssn = NULL; return STATUS_NO; } - if (rl != STATUS_OK && ssn->password && - ssn->capabilities & CAPABILITY_CRAMMD5 && - get_option_boolean("crammd5")) { - unsigned char *in, *out; - CHECK(t = send_request(ssn, "AUTHENTICATE CRAM-MD5")); - CHECK(r = response_authenticate(ssn, t, &in)); - if (r == STATUS_CONTINUE) { - if ((out = auth_cram_md5(ssn->username, - ssn->password, in)) == NULL) - goto abort; - CHECK(send_continuation(ssn, (char *)(out), - strlen((char *)(out)))); - xfree(out); - CHECK(rl = response_generic(ssn, t)); - } else - goto abort; - } if (rl != STATUS_OK && ssn->password) { CHECK(t = send_request(ssn, "LOGIN \"%s\" \"%s\"", ssn->username, ssn->password)); @@ -292,8 +276,10 @@ abort: close_connection(ssn); fail: - session_destroy(ssn); - ssn = NULL; + if (!*ssnptr) { + session_destroy(ssn); + ssn = NULL; + } return -1; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/imapfilter-2.7.5/src/response.c new/imapfilter-2.7.6/src/response.c --- old/imapfilter-2.7.5/src/response.c 2020-12-05 22:35:02.000000000 +0100 +++ new/imapfilter-2.7.6/src/response.c 2022-08-06 15:50:59.000000000 +0200 @@ -330,8 +330,6 @@ if (xstrcasestr(s, "NAMESPACE")) ssn->capabilities |= CAPABILITY_NAMESPACE; - if (xstrcasestr(s, "AUTH=CRAM-MD5")) - ssn->capabilities |= CAPABILITY_CRAMMD5; if (xstrcasestr(s, "STARTTLS")) ssn->capabilities |= CAPABILITY_STARTTLS; if (xstrcasestr(s, "CHILDREN")) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/imapfilter-2.7.5/src/version.h new/imapfilter-2.7.6/src/version.h --- old/imapfilter-2.7.5/src/version.h 2020-12-05 22:35:02.000000000 +0100 +++ new/imapfilter-2.7.6/src/version.h 2022-08-06 15:50:59.000000000 +0200 @@ -3,10 +3,10 @@ /* Program's version number. */ -#define VERSION "2.7.5" +#define VERSION "2.7.6" /* Program's copyright. */ -#define COPYRIGHT "Copyright (c) 2001-2020 Eleftherios Chatzimparmpas" +#define COPYRIGHT "Copyright (c) 2001-2022 Eleftherios Chatzimparmpas" #endif /* VERSION_H */