Alpine 2.24 released

Discussion:

(too old to reply)

Eduardo Chappa

2020-10-10 20:47:07 UTC

Dear Alpiners,

it is my pleasure to announce the release of version 2.24 of Alpine.
The full list of new features and bug fixes can be read from the Release
Notes, which can be reached from the Main Menu, by pressing the "R" key.

New features include the addition of XOAUTH2 support for Yahoo!,
automatic renew of the access token before it expires, and improvements to
the privacy of Alpine users.

When starting up alpine, you will be given a welcome screen whose
default command is to read the Apache License. The same welcome screen
contains a link to Alpine's privacy policy. If you wish to exit that
screen press "E".

The configure option --disable-debug has been redefined to only not
compile debug symbols into Alpine. This means that Alpine will still
compile internal debug messages, and so the journal screen will be
available for all users. The .pine-debug files will not be created
automatically, unless Alpine is started with the "-d" option (e.g. a
command such as "alpine -d 2" or "alpine -d tcp")

Please test this release by yourself before putting it in a production
environment.

All binaries and source code can be downloaded from the main web site
at http://alpine.x10host.com/

The following are the relevant links:

* Source code:
http://alpine.x10host.com/alpine/release/src/alpine-2.24.tar.xz
MD5: 1c520c3a791b019772570674c7c17073
SHA256: 651a9ffa0a29e2b646a0a6e0d5a2c8c50f27a07a26a61640b7c783d06d0abcef

* Windows 64 bits
http://alpine.x10host.com/alpine/release/src/alpine-2.24.zip
MD5: 619b5b46c5630591f184091a22011583)<BR>
SHA256: 055a137e9aaa2e046c98de5809cc0d87eea7fcdd7f78d23ae26e1c276ff4424c

* Windows 32 bits
http://alpine.x10host.com/alpine/release/src/alpine-2.24_32bits.zip
MD5: 83e6bf25e07c07cad8a5efea2ec2dca2
SHA256: e64840734747b340ecdd581964a51c36956ae9b69ea3f4025b28b3cacf87a603

Thank you.

--
Eduardo

Allodoxaphobia

2020-10-10 21:03:55 UTC

Permalink

This post might be inappropriate. Click to display it.

Lucas Levrel

2020-10-19 15:42:10 UTC

Permalink

New features include the addition of XOAUTH2 support for Yahoo!, automatic
renew of the access token before it expires, and improvements to the privacy
of Alpine users.

Hi Eduardo,

Many thanks! I've just compiled an all-patched Alpine 2.24 because Yahoo
is discontinuing the "less secure" authentication method... tomorrow. In
.pinerc I see at the bottom:

# Your client-id and client-secret information to authenticate using XOAUTH2
xoauth2-info=

Do I have anything to do now to have Alpine use XOAUTH2 to connect to the
Yahoo servers (IMAP, and SMTP if applicable)?

Thanks again.

--
LL

Eduardo Chappa

2020-10-20 01:26:39 UTC

Permalink

Post by Lucas Levrel
Many thanks! I've just compiled an all-patched Alpine 2.24 because Yahoo
is discontinuing the "less secure" authentication method... tomorrow. In
# Your client-id and client-secret information to authenticate using XOAUTH2
xoauth2-info=
Do I have anything to do now to have Alpine use XOAUTH2 to connect to
the Yahoo servers (IMAP, and SMTP if applicable)?

Dear Lucas,

I dcumented how to follow this process here

http://alpine.x10host.com/alpine/alpine-info/misc/xoauth2.html#SettingUpYahoo

in essence what you need is

a) a version of Alpine compiled with password file support
b) a password file
c) edit your piner, and add "/auth=xoauth2" to the definition of the yahoo
servers
d) Attempt to open your yahoo account and follow the authorization
procedure.

Let me know if you have any questions. I will be happy to help you.

--
Eduardo
https://tinyurl.com/yc377wlh (web)
http://repo.or.cz/alpine.git (Git)

Lucas Levrel

2020-10-20 10:33:48 UTC

Permalink

Post by Eduardo Chappa
Dear Lucas,
I dcumented how to follow this process here
http://alpine.x10host.com/alpine/alpine-info/misc/xoauth2.html#SettingUpYahoo
in essence what you need is
a) a version of Alpine compiled with password file support
b) a password file
c) edit your piner, and add "/auth=xoauth2" to the definition of the yahoo
servers
d) Attempt to open your yahoo account and follow the authorization procedure.
Let me know if you have any questions. I will be happy to help you.

Thanks a lot Eduardo, it works like a charm! I'm really happy that Alpine
stays compatible with "modern" mail providers (irony included directed to
those providers :-) ).

Cheers,
Lucas

Adam H. Kerman

2020-11-18 16:50:19 UTC

Permalink

Post by Eduardo Chappa

Dear Lucas,
I dcumented how to follow this process here
http://alpine.x10host.com/alpine/alpine-info/misc/xoauth2.html#SettingUpYahoo
in essence what you need is
a) a version of Alpine compiled with password file support
b) a password file
c) edit your piner, and add "/auth=xoauth2" to the definition of the yhoo
servers
d) Attempt to open your yhoo account and follow the authorization
procedure.
Let me know if you have any questions. I will be happy to help you.

Thanks for the new version release of alpine, Eduardo.

I too can confirm that I was able to add xoauth2 support for a Yahoo
mail address I check with alpine. I also remembered to add it for the
Bulk Mail (spam) folder, and to the Role for SMTP support.
Interestingly, I didn't have to authenticate a second time in order to
send a test message with the Role, but I guess this doesn't affect
anything stored in the .passfile.

This isn't an alpine issue, but checking the Received headers for the
interaction between the Yahoo Mail server and my local Mail server

(using TLSv1.2 with cipher (128/128 bits))
(No client certificate requested)

it's not clear to me whether Yahoo didn't request the certificate on my
end or my server didn't request Yahoo's certificate. Is a certificate
required to be requested at this point?

Eduardo Chappa

2020-11-19 03:52:59 UTC

Permalink

Post by Adam H. Kerman
This isn't an alpine issue, but checking the Received headers for the
interaction between the Yahoo Mail server and my local Mail server
(using TLSv1.2 with cipher (128/128 bits))
(No client certificate requested)
it's not clear to me whether Yahoo didn't request the certificate on my
end or my server didn't request Yahoo's certificate. Is a certificate
required to be requested at this point?

My understanding is that this is an optional part of the ertification
process. A server can request a client to send a certificate, and is free
to do whatever it wants with the result of the validation of that
certificate (as in if the certificate is not sent or not valid, it can
either close of connection or continue it, just like clients do with
server certificates.)

I have never dealt with server that require certificates, so I do not have
use case for this.

--
Eduardo
https://tinyurl.com/yc377wlh (web)
http://repo.or.cz/alpine.git (Git)

Adam H. Kerman

2020-11-19 04:24:39 UTC

Permalink

Post by Eduardo Chappa

My understanding is that this is an optional part of the ertification
process. A server can request a client to send a certificate, and is free
to do whatever it wants with the result of the validation of that
certificate (as in if the certificate is not sent or not valid, it can
either close of connection or continue it, just like clients do with
server certificates.)
I have never dealt with server that require certificates, so I do not have
use case for this.

Thanks. I was wondering.

Holger Schieferdecker

2020-11-19 10:05:51 UTC

Permalink

Dear Eduardo,

Post by Eduardo Chappa
Dear Alpiners,
it is my pleasure to announce the release of version 2.24 of Alpine.
The full list of new features and bug fixes can be read from the Release
Notes, which can be reached from the Main Menu, by pressing the "R" key.

Thank you very much!

I installed the new version on 2 PCs with Windows 7 and 2 PCs with
Windows 10. One of the Windows 10 installations was almost clean. There
I had to install the Visual C++ Redistributable 2015 because of a
missing DLL.

One question: In which cases is the certs directory needed? For me it
seems to work without it.

Holger