File: ChangeLog

package info (click to toggle)
sieve-connect 0.90-1.1
links: PTS
area: main
in suites: bookworm, bullseye, forky, sid, trixie
size: 220 kB
sloc: perl: 1,719; makefile: 41; sh: 26
file content (715 lines) | stat: -rw-r--r-- 24,901 bytes
commit 7cbf58df31dca41e13d04b801117acf187b88b7a (HEAD, tag: v0.90, master)
Author: Phil Pennock
Date:   2019-03-29 17:07:23 -0400

    Update copyright years; correct README re license

commit 00a60e60bd73f11238d2898196c2e8b0f98bbe98
Author: Vincent Breitmoser
Date:   2018-10-23 16:50:19 +0200

    use .sieve extension for temporary file
    
    This helps editors recognize the file type, and start in the appropriate
    editing mode.

commit 82f614b00b6a50b2e211db7593027c1323a8c1e3
Author: Johan Vromans
Date:   2018-07-24 10:04:13 +0200

    Fix RE errors (will be fatal in perl 5.30).

commit f7cf58fb68013e4f0bfb0506502155b113e25e6f (tag: v0.89)
Author: Phil Pennock
Date:   2017-02-14 19:06:15 -0500

    Security robustness stance: drop . from @INC

commit 0d3dedfc479018eef4d76502edfb42dc0416f75d
Author: Phil Pennock
Date:   2017-01-07 23:32:55 +0000

    much shorter --help; --passwordfd example in docs
    
    * There is so much help text in the options section that the pod2usage
      defaults are unfriendly in this command; drop to just the synopsis,
      with prelude text hinting at `--man`.
    * Supply an example of using `--passwordfd` in shell, using here-strings.

commit 1ef355448d3f3d216956b8561777b727085397d3
Author: Phil Pennock
Date:   2016-08-29 17:05:46 -0400

    Update copyright year

commit 92ae1c107a75732382b70968e767bd319c2cdca2
Author: Gernot Schulz
Date:   2016-05-25 15:26:16 +0200

    Version-based CAPA munging: handle Kolab/nocaps
    
    This patch adds support for the special case of patched Cyrus servers
    which behave differently from what sieve-connect would infer from their
    version numbers.
    
    Some modern servers get patched to not resend their capabilities after
    STARTTLS.  For example, Kolab's Cyrus gets patched this way to ensure
    compatibility with older Kontact versions (Cyrus timsieved
    v2.3.16-kolab-nocaps).
    
    sieve-connect simply needs to do nothing in regards to compatibilities
    after STARTTLS in this case.  This patch applies this behavior to any
    Cyrus servers which carry "nocaps" in their version string.
    
    Approved-By: Phil Pennock

commit f245a4c621f4b866978d7a74dbdca8c9025cae6a
Author: Phil Pennock
Date:   2016-08-29 16:40:49 -0400

    Exit 1 if warnings seen if non-interactive
    
    If used interactively, humans make silly typos and recover.  If not
    interactive, those problems are actual errors which should cause us to
    exit non-zero for tooling to be able to rely upon `$?`.
    
    (I'm embarrassed to have let this slip through, but it's a result of the
     history: initially interactive, then scriptability added.)
    
    To avoid missing some corner case, we just capture all calls to warn()
    if non-interactive, and track things that way, instead of introducing a
    new function.  Ah Perl, ♡ you so.

commit df005a607db10e488a62e0fada425da6d7ac84a8
Author: Phil Pennock
Date:   2016-08-29 16:21:22 -0400

    nit: brace placement

commit 8ec2d1d5d0bd4bee1e96f23322f20edbd5dbee5d
Author: Phil Pennock
Date:   2016-08-29 15:52:24 -0400

    Require TLS verification to work
    
    Philipp Erbelding filed a bug-report and PR to fix that if TLS
    verification was requested but no CA file or path is available,
    sieve-connect should die.  Which was good, but not enough.
    
    Our handling here was to silently fall back to non-TLS cleartext if the
    server did not advertise the STARTTLS capability.  That was an unhappy
    compromise back when many did not configure TLS and the difficulty of
    persuading that TLS should be configured was high(er).  But the world
    has moved on, so let's try to fix this.  Hey, our major number is still
    0.
    
    With this:
     * unless `--clearchan` is passed on the command-line, if TLS
       verification is enabled then `--noclearchan` is implicitly assumed
       + unless `$SIEVECONNECT_INSECURE_CLEARTEXT_FALLBACK` set non-empty
         in environment
       + so, can change invocation, or set an obnoxious educational
         environment variable, but the default is better
     * Failure to find CA information means verification must fail, so abort
       before even trying to connect (unless `--clearchan` enabled per
       above)
     * slightly better debug logging for when this bites people
    
    Tested via temporarily commenting out `tls_cert_file` in `imapd.conf`
    for Cyrus IMAP.

commit 00b7487a4caec7af4a64ef502a3a54bcffd9d46e
Author: Phil Pennock
Date:   2015-06-28 01:41:12 +0000

    Remote sieve name should be basename of local
    
    *POSSIBLY BREAKING CHANGE*
    
    If user specifies a path to a local sieve script, then we were using the
    full path for upload to the remote sieve server.  Now we use the
    basename, so everything after the last directory separator.
    
    RFC 5804 does not disallow a directory separator, but timsieved does.
    It seems likely that most servers will.
    
    A remote name with directory separators can still be explicitly
    specified.  This change tries to make the inferred name choice smarter.
    
    Folks using `/` or `\` in path-names, where the remote server allows
    this, may be affected.  In practice, I believe that breakage is
    unlikely.

commit 3e4d4707ab119f0a3800fc16a0cb8d6ac4e585b3
Author: Phil Pennock
Date:   2015-06-28 01:13:06 +0000

    Docs: provide EXAMPLES & AVAILABILITY sections

commit 8af70c68574ecb0dbc5dfb0055233f75973d6d03
Author: Phil Pennock
Date:   2014-02-04 19:59:14 -0800

    Interactive 'debug' command if --debug
    
    It can be useful to toggle debug off after connection has been
    established and authenticated, etc.  So at the REPL, provide a `debug`
    command, but only if invoked with `--debug`.

commit 23ac5922d0ca50c016e999efa4ead460ab62ff95
Author: Phil Pennock
Date:   2014-02-04 19:47:37 -0800

    Support --tlshostname option
    
    Useful for confirming behaviour when using a different hostname to any
    found in the certificate -- ideally, fix the certificates.  But we're a
    tool used by admins debugging, so let people debug!

commit 5ec0bcbeaeff1542d639de4723a3cd89654a8def
Author: Phil Pennock
Date:   2013-12-05 03:36:27 -0500

    Handle .local in domains better (undef fix)
    
    The public domain search can return undef, if the current host is not in
    a public domain at all (ie, `foo.local`).  Deal with the consequences.

commit a82c683050183d2eb501cc5a34513cb17d11454d (tag: v0.87)
Author: Phil Pennock
Date:   2013-12-03 20:27:30 -0500

    Various documentation cleanups.
    
    Options are shortest unique prefices, so say so.  Then fix the
    documented `--check` to be its full `--checkscript`.
    
    Describe in the _docs_ what's meant by a Perl port specification and
    what the implications are.
    
    Drop the patronising text around the action options; how embarrassing,
    that I once wrote such garbage.  Instead, actually bother documenting
    the options.
    
    Fix the ENVIRONMENT section to reference all the vars now honoured.
    
    Reference Mozilla::PublicSuffix in PREREQUISITES.
    
    Various typos cleaned.

commit af2059adec380652f5802e92ebf39bfade061864
Author: Phil Pennock
Date:   2013-11-18 09:04:54 -0800

    Give --tlscertfingerprint with explicit digest alg
    
    Embedding a hard-coded choice of SHA1 violates algorithmic agility;
    rather than constrain to my preferred choice, this should be given as
    part of the option.
    
    Also switched the option name to contain `cert` because there are
    multiple digest types available in this situation and we're matching the
    certificate digest (everything issued), not the public key digest (which
    would be constant as new certificates are issued for the same key).  We
    might add support for pubkey-based fingerprints later.
    
    Explicitly pull in Net::SSLeay, with a version constraint, since we now
    rely upon it for a top-level feature.  We require v1.37.  Debian
    oldstable (wheezy) is on 1.36, RHEL6 appears to be on 1.35.  Those are
    old enough that we can't reasonably sustain support for them while
    providing useful modern security features.
    
    Make sure to debug-log when the FP check succeeds, so the user can see
    feedback indicating that validation did actually occur.

commit e0213504886f0d8283a51ee1846400e3409e97f4
Author: lukas227
Date:   2013-11-18 11:46:44 +0100

    add support for fingerprint pinning via parameter

commit bd2230acc24fdf06f6c8b03c2505f303c6758b99
Author: Phil Pennock
Date:   2013-10-29 17:58:51 -0400

    Be clearer about port specification meaning
    
    The debug messages understandably led a user astray, because when seeing
    `sieve(4190)` they thought that meant port 4190, not that this was the
    port specification being passed down ("try to find 'sieve' in
    /etc/services (or other getservent source) and use 4190 as a fallback").
    
    Fix the debug message to notice when the port is being given in this
    form and tack on an explanation.  Issue a debug warning, the first time
    evaluating this, if services lists a different value, to highlight the
    conflict and aid in debugging.
    
    Fix the debug message for SRV records to not use the previous port
    definition in the 'old' status logging, because the port number did not
    factor into the SRV lookup and the claim was slightly off.
    
    Thanks to Daniel Schulte for his patience when using the tool to debug.

commit 1f25d45a8b6a555147ff12deae6a4c9ccc4a0ee5
Author: Phil Pennock
Date:   2013-10-29 17:29:36 -0400

    Honor SSL_CERT_DIR & SSL_CERT_FILE env vars
    
    The Perl IO::Socket::SSL keeps us from benefitting from OpenSSL defaults
    initialisation for CA certificates location.  Before we ask the OpenSSL
    binary for locations, we now do the same thing that the library init
    would do, and preferentially honour `$SSL_CERT_DIR` and then
    `$SSL_CERT_FILE` as locations.
    
    I've also corrected the POD documentation on this topic, which was out
    of date.

commit 3c93d73443a2e94bb8393c0b354a279a02059040
Author: Phil Pennock
Date:   2013-07-27 16:28:27 -0400

    SSL certs location: bugfixes, check more places.
    
    Issue #1 is a report from LEVAI Daniel that the recent certs-finding
    functionality is broken on OpenBSD, because of an assumption that if
    we can find OPENSSLDIR from openssl(1), then certs/ within that must
    be valid.
    
    Made a validity check for a given dir; not existing is silent, but
    existing and unusable triggers debug messages.  It checks for being
    a dir and having filenames ending ".0" inside that directory.
    
    Bug-fixed stderr-handling around the search.
    
    If openssl doesn't give us a location, and none of the file candidates
    exist, then check a few locations for SSL_ca_path directory candidacy.
    
    Fixes #1

commit b3ebacea45b92dc1c67e393371b380391c209fb7
Author: Phil Pennock
Date:   2013-06-02 05:09:41 -0400

    "edit" functionality, some stability cleanups.
    
    Ian Campbell contributed code to add an "edit" command, which downloads
    a script, invokes a text editor, checks it and then uploads it.
    
    I've mutilated his contribution; first, to not just use sensible-editor
    but check for environment variables $VISUAL then $EDITOR, then try
    sensible-editor, then vi (because it's the classic default, not because
    it's good for newcomers -- if you don't like it, use env or implement
    the sensible-editor system).
    
    Then I made it dependent upon having VERSION capability because it uses
    CHECKSCRIPT which is also dependent upon having VERSION.  Alas, my
    server is old and does not support CHECKSCRIPT, so I can't be 100% sure
    this works, but "correct by inspection".  *cough*
    
    Added a SIGPIPE handler to abort a little more cleanly.  Tracked lost
    connections better, to abort cleanly.
    
    Uncovered that when getting a response from a server with a string
    literal, I was not reading the CRLF which follows the string, so was
    ending up unsynchronized.  Fixed.
    
    Better return codes from functions.

commit 416e1bb126c26e397c23a24b53548d7bfbb45581
Author: Phil Pennock
Date:   2013-06-02 03:42:54 -0400

    Ask OpenSSL for certs location, fallback fixed list
    
    Invoke the openssl command, handle failure, fallback to checking some
    paths for certs; the default paths are taken from golang's TLS support.

commit d843bb5a010c8145ed10ebbf2c89a75bbb0aff9a (tag: v0.85.1)
Author: Phil Pennock
Date:   2013-04-21 23:34:35 -0400

    Plumbing for git instead of svn
    
    Use git tags for version numbers

commit 1dd818b5f087966d9bdecc44dcc60f9b0350635e (tag: v0.85)
Author: Phil Pennock
Date:   2013-04-14 00:29:13 +0000

    Fix TLS verification; find server by own hostname & SRV.
    
    * TLS hostname verification was not actually happening.  I'm mortified.
    
      * IO::Socket::SSL requirement bumped to 1.14 (was 0.97).
    
    * By default, if no server specified, before falling back to localhost try to
      use the current hostname and SRV records in DNS to figure out if Sieve is
      available.  Checks for sieve, imaps & imap protocol SRV records and honours
      target==. to mean "no".
    
      * This works better with the Mozilla::PublicSuffix module installed.
    
    * Added ability to blacklist authentication mechanisms

commit 0602a3462403d3b9f0f0dab3d572215dcf49bff9 (tag: v0.84)
Author: Phil Pennock
Date:   2012-11-29 06:09:01 +0000

    Command-line options for TLS CA cert locations [Till Maas]
    
    Till Maas provided a patch adding --tlscapath and --tlscafile options.
    
    I've adjusted that so that, for debugging clarity, if --tlscafile is
    specified then the --tlscapath equivalent configuration is removed from
    the SSL options, so that we only pass one or the other to SSL setup.
    
    Removed some tabs from the POD text.
    Minor POD cleanups.
    
    Debug-log where we'll be grabbing SSL CA certs from.
    Use -T- for all TLS-specific debug logging.

commit c3f7d3588d4bd2dffe4602d370e6bef3ae8661cf
Author: Phil Pennock
Date:   2012-05-24 00:13:26 +0000

    Negotiate any TLSv1.0+ protocol.
    
    If /etc/ssl/certs does not exist, try to find a certs dir by asking OpenSSL.

commit 4a21c9c14342497395161d408828a2e375b0fa70
Author: Phil Pennock
Date:   2011-04-02 10:08:47 +0000

    Update copyright year. Note that spec is in an RFC, not a draft.

commit 77dff4a70537ce63448ede21d3f6dab368eb4249
Author: Phil Pennock
Date:   2011-04-02 10:05:16 +0000

    Accept a STARTTLS response of >OK<, not just >OK "some text"<.
    
    Reported by: Piotr Sikora (patch provided, not used but trivially similar)

commit d5cd06dcd740b3230f3f5fdc6578a73658cc7e2f
Author: Phil Pennock
Date:   2011-01-10 09:07:12 +0000

    Version display includes Net::DNS
    [deferred commit; Aug 5th 2010]

commit 19504d06dc7a201a905fa3814ca6adec6c976b0d (tag: v0.77)
Author: Phil Pennock
Date:   2010-08-05 07:57:28 +0000

    Mailing-list.
    Update README to better reflect current state of affairs.  Likewise TODO.

commit a765fbdfb6a424513ad00ff55678325ea4f1bf76 (tag: v0.76)
Author: Phil Pennock
Date:   2010-08-05 07:18:05 +0000

    Use SRV records for _sieve._tcp.
    
    Add --nosrv to inhibit this.
    
    Try multiple hosts, iterating through SRV results.
    
    [Adds Net::DNS dependency, and SRV weighted prioritised sorting is not supported]

commit 292470e2ddd462f6a9766c6b1bc41fd7cbccd137 (tag: v0.75)
Author: Phil Pennock
Date:   2010-08-05 06:20:06 +0000

    Change default port to 4190 for RFC 5804.
    
    Move default port to (top of) user-serviceable area.
    
    Provide a BUGS-section discussion of this.
    
    Make the --debug message for connection establishment report the port
    connected to.

commit fc53c5a00bb34ba92cb2dc13fca033818b59b967 (tag: v0.74)
Author: Phil Pennock
Date:   2010-08-05 06:05:06 +0000

    Implement CHECKSCRIPT.
    WARNING: UNTESTED (need to find a test server that actually supports this)
    
    Add version-checking and --ignoreserverversion to override that.
    
    Fix hostname check to permit a colon, for IPv6 addresses;
      reported-by: Alexander Sulfrian

commit d04d21eaf8a798e262f3fa6f2055aa0f962207b4
Author: Phil Pennock
Date:   2010-04-29 00:13:32 +0000

    Fix copyright year.

commit 548dcf14d02861520c984a28423c9104c804d8e5
Author: Phil Pennock
Date:   2010-04-29 00:12:44 +0000

    Provide --notlsverify option, based on patch from Heiko Schlittermann.

commit ee8553963ccfb5e693c705cd635129f3e0d4d9a6
Author: Phil Pennock
Date:   2009-12-01 20:18:35 +0000

    Pod::Text does not have the methods I used.  It looks like I was using
    interfaces from Pod::Simple::Text, thus the "man" command could never have
    worked.  That, or the API changed significantly.
    
    Make "man" work again.  Make it optional, conditional upon Pod::Simple::Text
    being available.
    
    When showing command aliases in "help", sort them.

commit df98a9f931fa3a5e5ebd361d681b2893d3cbd4bb (tag: v0.69)
Author: Phil Pennock
Date:   2009-03-29 23:29:08 +0000

    For Gnu readline, when debugging, force a call to display-readline-version.
    localise the $| setting in the non-RL prompter.
    
    Add notes to the README about the perl segfault issue (Term::ReadLine::Gnu).

commit b6f5aa626233db59f6917ca75e095f213d542e46
Author: Phil Pennock
Date:   2009-03-29 18:56:04 +0000

    Copyright update (make dist caught it)

commit 10258cb723b7903495708c191637c3b50991cf0b
Author: Phil Pennock
Date:   2009-03-29 18:53:54 +0000

    Cyrus timsieved workaround for 2.3.13 to 2.3.x where x >= 13.

commit 1377837b977376987bedecd88db300348742cec1 (tag: v0.65)
Author: Phil Pennock
Date:   2008-11-15 02:16:38 +0000

    Version-dependent server-IMPLEMENTATION check for NOOP.  :-(
    --debugsasl option to split off that debugging.
    Simplified --debug --version with no strict refs.

commit 5ec209549938d20ba94d6dbec849476e8f9f7af6
Author: Phil Pennock
Date:   2008-11-15 01:41:20 +0000

    Debug bit-length, set externalssf for SASL.

commit d5e923a0d18948b80d0da657a6b4cf94c066359a
Author: Phil Pennock
Date:   2008-11-15 01:04:12 +0000

    Allow --debug --version to reveal more.

commit c1322a44ff55d89b9b7f07e5600a652242abda98
Author: Phil Pennock
Date:   2008-09-15 05:11:04 +0000

    draft-martin-managesieve-12.txt is out, NOOP response changed.
    Handle it (by making into a calling error something we weren't doing).

commit f845032bba6df92d7ffc05df405fb0e8f57fc624
Author: Phil Pennock
Date:   2008-07-22 05:28:43 +0000

    WARNING: UNTESTED because there's not a server I know of to test this against.
    
    Implement NOOP as an official command which might return OK.
    
    Various comment fixes.

commit 413a508baba34bca9704310fda7df2be671ecdef
Author: Phil Pennock
Date:   2008-05-22 22:00:14 +0000

    Comment fix re STARTTLS->CAPABILITY reality.

commit 595d95157dff2f25b7b8bda1f77a946f3ff09f9a (tag: v0.57)
Author: Phil Pennock
Date:   2008-04-23 05:45:51 +0000

    Authen::SASL 2.11 is out.  Adjust to use it.

commit 2ae662f05c69edc847f15e4abff785350f94919d (tag: v0.56)
Author: Phil Pennock
Date:   2008-03-28 05:36:36 +0000

    Yves is using the older Cyrus setup which doesn't automatically send
    a capability response and noted that the NOOP->NO logic was broken
    by the new checks on capabilities.
    
    Attempted to fix it.  Will publicly release this fix if this is
    confirmed to work.

commit dfb59fca7f23fff7b28377f20ae77774f479434b
Author: Phil Pennock
Date:   2008-03-24 07:10:14 +0000

    Condense copyright years.
    
    Confirms that grep pattern in Makefile works. :^)

commit 65f44ba336b4ae6723a081f4e562d3de0c6c54c3
Author: Phil Pennock
Date:   2008-03-24 07:00:08 +0000

    Copyright update: it's 2008 now and there have been logic changes.

commit 18a4b7a59ba50fd10cf4e8aabc5ab9db52d0824e (tag: v0.52)
Author: Phil Pennock
Date:   2008-03-24 06:10:07 +0000

    Do final server verification if Authen::SASL::Perl is newer than the
    current version.  Revisit this?

commit 691575e7e552cc2839b9ea8f6f2443002c32c775
Author: Phil Pennock
Date:   2008-03-24 04:53:57 +0000

    When repeating parameters, strip off to basename so that can put a pathname
    and end up uploading a filename.

commit c20cc3dedcc53b8bcbe1ba6feb3123e106a07a8e
Author: Phil Pennock
Date:   2008-03-24 03:21:08 +0000

    Skip aNULL TLS ciphers too.
    Documentation update re GSSAPI and added a TODO

commit 1a1a633f9655820adb255f5cee2ae94f1e4fdb3d
Author: Phil Pennock
Date:   2008-03-24 02:37:32 +0000

    Handle OK followed by data at end of capability response.  Is legit.
    Reported by Can Burak Cilingir to Debian.
    
    Support empty capability value "" in some special cases.  Noted in debug
    output in Can's bug-report.
    
    Capability names are case-insensitive, deal accordingly.
    
    More robustness against dropped connections (debugging against pysieved).
    Handle a + in a literal length in a place where it was missed.

commit d9b4d31b7c55d88f91efa7486d2318b0edb764e5
Author: Phil Pennock
Date:   2008-01-03 08:32:29 +0000

    Renamed --dumpsslinfo to --dumptlsinfo but kept old name too since
    it's as likely to be used by someone going from memory.
    Documented --dumptlsinfo.  Sent the PEM to stderr ipv stdout.

commit 0a250164e0fea825402e109173588c2811b4dfff
Author: Phil Pennock
Date:   2008-01-03 08:24:18 +0000

    --dumpsslinfo to show the SSL cert info and, if debugging, the PEM cert.

commit 647a14cd716dda1d769f2cf438fc55dc3f8e321f
Author: Phil Pennock
Date:   2008-01-03 00:54:15 +0000

    Debug traces now include trailing \r\n etc.

commit 4b8e7b9db24e87dd138ec78c4d8a7c88f27aafdf (tag: v0.44)
Author: Phil Pennock
Date:   2008-01-02 01:18:19 +0000

    MultiHomed => 1
    (try multiple IPs, incl. IPv4 when service not listening on IPv6)

commit da01f86159893b564ca352d0eaf33ee9a7af2b6a (tag: v0.43)
Author: Phil Pennock
Date:   2007-12-27 02:31:10 +0000

    Cyrus 2.3.11 broke sieve-connect by sending an unrequested CAPABILITY
    response after finishing TLS negotiations.  This leads to protocol
    ambiguity; work around it by sending a non-existent command (NOOP),
    expecting to see a NO response; if we get a CAPABILITY response first
    then use that, otherwise issue a CAPABILITY command as per normal.

commit 5a3c992ccd28716d0b2f46a2d32ca251e1a3014d (tag: v0.42)
Author: Phil Pennock
Date:   2007-12-06 07:14:19 +0000

    Properly restrict the tab-completion stuff to only be set up if
    Term::ReadLine is Term::ReadLine::Gnu.
    
    Fixes warnings on MacOS X from uninitialised variables ($quote,
    from $rl_attribs->{completion_quote_character} at what was
    line 1008, now 1010).

commit 22cd88948f3c194a448b3fbe5c91c1837b718f9b (tag: v0.41)
Author: Phil Pennock
Date:   2007-11-24 14:57:45 +0000

    Comment explaining why $authconversation->code() not checked in final verification.

commit 0394947c02947f7faa44653ca7dd85a7c77788a6
Author: Phil Pennock
Date:   2007-11-24 14:30:13 +0000

    Version

commit 7d7d72f69af14a2399eb449a922751a8d75c23b6 (tag: v0.39)
Author: Phil Pennock
Date:   2007-11-20 02:40:36 +0000

    Put the new SASL error checking in after the client_step() too.

commit 44a873f42fa68c49abc914a631a2c58c147c3a53
Author: Phil Pennock
Date:   2007-11-20 02:38:43 +0000

    Turns out, can use methods on the SASL client object to detect an error
    and report it.  Do so.  Now highlights when GSSAPI fails because there's
    no server principal (which raises questions as to why the mechanism would
    be advertised in that case).
    
    bugfix a die() -> closedie() (audited for other occurences, none found)

commit c43a8a3ce1db33ca81a691db57f7a132fa444029 (tag: v0.33)
Author: Phil Pennock
Date:   2007-06-09 00:58:49 +0000

    Moved the defaults for $forbid_* up to the user-configurable section.

commit e19bdd90070aa2073c1f107547dd22f5b5a134dd
Author: Phil Pennock
Date:   2007-06-07 08:39:23 +0000

    --noclearauth, --noclearchan
    Makefile: install-* targets dependent upon files being installed.

commit 3c02835329288f86bc6883136241bc46516e3b61 (tag: v0.30)
Author: Phil Pennock
Date:   2007-06-05 07:52:50 +0000

    Make generated man-page slightly cleaner syntactically.
    Should make whatis indices correct.

commit 71be07951849dff0f4f8f54649960416ffff86a5
Author: Phil Pennock
Date:   2007-06-05 07:15:13 +0000

    Make manpage & PGP sig; change title line in man-page.

commit df2aa74788a90f68e88abfe7e37cd5d8f7d7a7c8
Author: Phil Pennock
Date:   2007-06-05 06:48:08 +0000

    Started packaging up sieve-connect.

commit 0ab03c1cc5cad24e88b4c7901e5172020db8a478
Author: Phil Pennock
Date:   2007-06-05 05:44:52 +0000

    sieve_connect -> sieve-connect