Skip to content

Version 0.88
Compare
Choose a tag to compare
@philpennock philpennock released this 29 Aug 21:40
v0.88
This tag was signed with the committer’s verified signature.
philpennock Phil Pennock
GPG key ID: 13DAD99C7E41519C
Learn about vigilant mode.
bafc871

Version 0.88 of sieve-connect is now available.

Checksums below, detached PGP signature available.

This release has two BREAKING CHANGES.

BREAKING CHANGE 1: may, deliberately, cause connections to fail which previously succeeded.

If the Sieve server does not offer STARTTLS, then connections should now fail unless one of three scenarios is in play:

  1. --clearchan is explicitly passed on the command-line
  2. SIEVECONNECT_INSECURE_CLEARTEXT_FALLBACK is set non-empty in environ
  3. TLS verification is disabled, whether by packagers or command-line.

The stance now is: if you try for TLS, don't fall back to non-TLS, unless explicitly told that it's okay. I've explicitly and deliberately changed to handling MitM attacks stripping pre-TLS capabilities as part of the threat model, and breaking in that scenario is now more important than "just working". This is a pre-v1 tool, so I hope to be forgiven for this change. It's my belief that the world has changed enough that it's no longer socially acceptable to run services without TLS and without users knowing to disable TLS.

(POSSIBLY) BREAKING CHANGE 2: when deriving a remote script name from the local filename, use the basename and strip off directories.

Some widespread ManageSieve servers (eg, timsieved) disallow a directory separator in a sieve script name. So when deriving remote names, just use basename. This might cause issues for those with servers which allow directory separators and users who were relying upon this.

Mitigation: explicitly specify the remote script name to include the path, and things should work as before.

Other changes in v0.88:

  • Fail early if no CA trust anchors can be found but TLS verification is enabled.
  • Added --tlshostname option to override the hostname used for TLS host identity verification
  • If not interactive, various warnings in interactive at the application-level with the remote server will now trigger a final warning before exit and a non-zero exit code.
  • Kolab nocaps server compatibility, in the continuing saga of "feature-based negotiation, who needs it anyway?"
  • build-system fix to better isolate releaser tools from "just make the tarball", to let others make the unsigned tarball and compare.
  • Interactive command debug added when invoked with --debug to toggle debugging off/on, to reduce self-inflicted log-spam.
  • Handle local hostnames which lack real DNS better, avoid an undef dereference

Finally: this release is signed with PGP key 0x4D1E900E14C1CC04 where
previous releases were signed with 0x403043153903637F. For those who
wish to verify this transition:

  1. Commit 3e4d470 records the intent, in June 2015.
  2. New key 0x4D1E900E14C1CC04 is in the strong set (before it started being used) and is signed by old key 0x403043153903637F using a certificate signing policy which includes self in the URL and an explanation at that URL.
  3. The release announcement of v0.87 warned of this transition.
  4. Of course, use the web-of-trust to confirm the path
  5. I very recently added signing subkeys to the new key, so if the signature upon the tarball or this announcement does not verify, please gpg --refresh-key 0x4D1E900E14C1CC04 (or whatever your tooling's equivalent is).

Any problems, both email to me and GitHub Issues work.

Full ChangeLog at:

The software can be downloaded from:

SHA256(sieve-connect-0.88.tar.bz2)= b8b0146120d76de7407017573d695680b9cae5fc4d9974f4a7cbf166328a3872
SHA256(sieve-connect-0.88.tar.bz2.asc)= c3d8d0446c764146790c4f56eb8e068ae4b6f057b4356183338f26698759fe68

Regards,
-Phil Pennock

Assets 4
Loading