Date: Thu, 26 Mar 2009 21:31:11 +0000 (GMT) From: Neil Darlow <neil@darlow.co.uk> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/133104: mail/squirrelmail-avelsieve-plugin TLS operation fix Message-ID: <20090326213111.717F3103155@router.darlow.co.uk> Resent-Message-ID: <200903262140.n2QLe47s022694@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 133104 >Category: ports >Synopsis: mail/squirrelmail-avelsieve-plugin TLS operation fix >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Thu Mar 26 21:40:04 UTC 2009 >Closed-Date: >Last-Modified: >Originator: Neil Darlow >Release: FreeBSD 7.1-RELEASE-p4 i386 >Organization: >Environment: System: FreeBSD router.darlow.co.uk 7.1-RELEASE-p4 FreeBSD 7.1-RELEASE-p4 #0: Mon Mar 23 08:11:34 GMT 2009 root@router.darlow.co.uk:/usr/obj/usr/src/sys/ROUTER i386 >Description: Fixes ports/132529 avelsieve-1.9.7 breaks for TLS encrypted sessions due to inability to handle auto-emitted capability strings during authentication. A patch to managesieve.lib.php fixes this while leaving unencrypted sessions unaffected. Tested with squirrelmail-1.4.17 and cyrus-imapd-2.3.14 for TLS/non-TLS sessions using SASL mechanisms: CRAM-MD5, DIGEST-MD5, LOGIN and PLAIN i.e. all mechanisms supported by avelsieve. Also modified port to use bsd.squirrelmail.mk build helper. >How-To-Repeat: N/A >Fix: Two attachments follow - 1) Patch for mail/squirrelmail-avelsieve-plugin/Makefile 2) New file mail/squirrelmail-avelsieve-plugin/files/patch-avelsieve::include::managesieve.lib.php --- squirrelmail-avelsieve-plugin.orig/Makefile 2008-06-07 09:08:48.000000000 +0100 +++ squirrelmail-avelsieve-plugin/Makefile 2009-03-26 20:58:03.000000000 +0000 @@ -6,78 +6,18 @@ PORTNAME= avelsieve PORTVERSION= 1.9.7 -PORTREVISION= 1 -CATEGORIES= mail www -MASTER_SITES= http://www.squirrelmail.org/plugins/ -PKGNAMEPREFIX= squirrelmail- -PKGNAMESUFFIX= -plugin +PORTREVISION= 2 DIST_SUBDIR= squirrelmail MAINTAINER= neil@darlow.co.uk -COMMENT= Interface to create server-side Sieve scripts - -RUN_DEPENDS= ${SQUIRRELDIR}/index.php:${PORTSDIR}/mail/squirrelmail - -SQUIRREL_PLUGIN_NAME= ${PORTNAME} - -.ifdef SQUIRRELDIR -PLIST_SUB+= SQUIRRELDIR=${SQUIRRELDIR} -SUB_LIST+= SQUIRRELDIR=${SQUIRRELDIR} -.else -. ifndef WITHOUT_WWWDIR -SQUIRRELDIR= ${PREFIX}/www/squirrelmail -PLIST_SUB+= SQUIRRELDIR=www/squirrelmail -SUB_LIST+= SQUIRRELDIR=www/squirrelmail -. else -SQUIRRELDIR= ${PREFIX}/squirrelmail -PLIST_SUB+= SQUIRRELDIR=squirrelmail -SUB_LIST+= SQUIRRELDIR=squirrelmail -. endif -.endif -PLIST_SUB+= SQUIRREL_PLUGIN_NAME=${SQUIRREL_PLUGIN_NAME} -SUB_LIST+= SQUIRREL_PLUGIN_NAME=${SQUIRREL_PLUGIN_NAME} - -SUB_FILES= pkg-message - -NO_BUILD= yes -NO_WRKSUBDIR= yes -USE_PERL5_BUILD= yes -WANT_PHP_WEB= yes +COMMENT= SquirrelMail plugin for Server-Side Mail Filtering management .include <bsd.port.pre.mk> - -pre-everything:: - @${ECHO} "" -.ifndef WITHOUT_ACTIVATE - @${ECHO} "Activating plug-in in SquirrelMail after installation." - @${ECHO} "If you don't want to automatically activate the plug-in set" - @${ECHO} "WITHOUT_ACTIVATE=yes" -.else - @${ECHO} "NOT Activating plug-in in SquirrelMail after installation." - @${ECHO} "If you want to automatically activate the plug-in unset" - @${ECHO} "WITHOUT_ACTIVATE" -.endif - @${ECHO} "" +.include "${PORTSDIR}/mail/squirrelmail/bsd.squirrelmail.mk" pre-install: ${RM} -Rf ${WRKSRC}/${SQUIRREL_PLUGIN_NAME}/po ${FIND} ${WRKSRC}/${SQUIRREL_PLUGIN_NAME} -type f \ - \( -name '.cvsignore' -o -name '*.bak' \) -exec ${RM} '{}' ';' - -do-install: - ${CP} -R ${WRKSRC}/${SQUIRREL_PLUGIN_NAME} ${SQUIRRELDIR}/plugins - ${CHOWN} -R ${WWWOWN}:${WWWGRP} ${SQUIRRELDIR}/plugins/${SQUIRREL_PLUGIN_NAME} - -post-install: -.ifndef WITHOUT_ACTIVATE -.if exists( ${SQUIRRELDIR}/config/config.php ) - @${ECHO} "Activating plug-in in SquirrelMail" - ${SQUIRRELDIR}/config/conf.pl --install-plugin ${SQUIRREL_PLUGIN_NAME} -.endif -.else - @${ECHO} "To activate the plug-in in SquirrelMail use" - @${ECHO} "${SQUIRRELDIR}/config/conf.pl --install-plugin ${SQUIRREL_PLUGIN_NAME}" -.endif - @${CAT} ${PKGMESSAGE} + \( -name '.cvsignore' -o -name '*.bak' -o -name '*.orig' \) -exec ${RM} {} \; .include <bsd.port.post.mk> --- avelsieve/include/managesieve.lib.php.orig 2006-07-24 14:48:27.000000000 +0100 +++ avelsieve/include/managesieve.lib.php 2009-03-26 20:36:33.000000000 +0000 @@ -686,6 +686,20 @@ } /** + * Neil Darlow - 2009/03/26 + * Changes to Sieve servers to be compliant with draft-managesieve-09.txt + * break authenticate() which cannot handle the capability strings received + * after AUTHENTICATE under a TLS encrypted session. We ignore capability + * strings for each SASL mechanism. + */ + function ignore_capabilities() + { + if ($this->capabilities['starttls']) do { + $line = fgets($this->fp, 1024); + } while (strncmp($line, 'OK', 2)); + } + + /** * Perform SASL authentication to SIEVE server. * * Attempts to authenticate to SIEVE, using some SASL authentication method @@ -701,6 +715,7 @@ $this->len=strlen($auth); fputs($this->fp, 'AUTHENTICATE "PLAIN" {' . $this->len . '+}' . "\r\n"); + $this->ignore_capabilities(); fputs($this->fp, "$auth\r\n"); $this->line=fgets($this->fp,1024); @@ -717,6 +732,7 @@ // SASL DIGEST-MD5 support works with timsieved 1.1.0 // follows rfc2831 for generating the $response to $challenge fputs($this->fp, "AUTHENTICATE \"DIGEST-MD5\"\r\n"); + $this->ignore_capabilities(); // $clen is length of server challenge, we ignore it. $clen = fgets($this->fp, 1024); // read for 2048, rfc2831 max length allowed @@ -768,6 +784,7 @@ // CRAM-MD5 does not support proxy of $auth by $user // requires php mhash extension fputs($this->fp, "AUTHENTICATE \"CRAM-MD5\"\r\n"); + $this->ignore_capabilities(); // $clen is the length of the challenge line the server gives us $clen = fgets($this->fp, 1024); // read for 1024, should be long enough? @@ -793,6 +810,7 @@ $pass=base64_encode($this->pass); fputs($this->fp, "AUTHENTICATE \"LOGIN\"\r\n"); + $this->ignore_capabilities(); fputs($this->fp, "{".strlen($login)."+}\r\n"); fputs($this->fp, "$login\r\n"); fputs($this->fp, "{".strlen($pass)."+}\r\n"); >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090326213111.717F3103155>