SECURITY: IMAP: PREAUTH->abort if STARTTLS needed

On --sslproto auto (or other nonempty values), when
receiving IMAP PREAUTH state, abort the connection,
rather than continuing with cleartext.

--ssl is unaffected because it always negotiates TLS.

See fetchmail-SA-2021-02.txt for details.

1 files changed, 17 insertions, 0 deletions

diff --git a/NEWS b/NEWS
index 2add2b6a..2d51b6e7 100644
--- a/NEWS
+++ b/NEWS
@@ -82,6 +82,23 @@ removed from a 6.5.0 or newer release.)
   server to test against. Use GSSAPI.
 
 --------------------------------------------------------------------------------
+fetchmail-6.4.22 (not yet released):
+
+# SECURITY FIX:
+* On IMAP connections, without --ssl and with nonempty --sslproto, meaning that 
+  fetchmail is to enforce TLS, and when the server or an attacker sends 
+  a PREAUTH greeting, fetchmail used to continue an unencrypted connection.
+  Now, log the error and abort the connection.
+
+  Recommendation for servers that support SSL/TLS-wrapped or "implicit" mode on
+  a dedicated port (default 993): use --ssl.
+
+  Reported by: Andrew C. Aitchison, based on the USENIX Security 21 paper "Why 
+  TLS is better without STARTTLS - A Security Analysis of STARTTLS in the Email 
+  Context" by Damian Poddebniak, Fabian Ising, Hanno Böck, and Sebastian 
+  Schinzel.  The paper did not mention fetchmail.
+
+--------------------------------------------------------------------------------
 fetchmail-6.4.21 (released 2021-08-09, 30042 LoC):
 
 # REGRESSION FIX: