From owner-freebsd-ports-bugs@FreeBSD.ORG Thu Mar 26 21:40:04 2009 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A07551065672 for ; Thu, 26 Mar 2009 21:40:04 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 6F2C58FC17 for ; Thu, 26 Mar 2009 21:40:04 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n2QLe4IR022695 for ; Thu, 26 Mar 2009 21:40:04 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n2QLe47s022694; Thu, 26 Mar 2009 21:40:04 GMT (envelope-from gnats) Resent-Date: Thu, 26 Mar 2009 21:40:04 GMT Resent-Message-Id: <200903262140.n2QLe47s022694@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Neil Darlow Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6764810656D1 for ; Thu, 26 Mar 2009 21:31:14 +0000 (UTC) (envelope-from neil@darlow.co.uk) Received: from mtaout01-winn.ispmail.ntl.com (mtaout01-winn.ispmail.ntl.com [81.103.221.47]) by mx1.freebsd.org (Postfix) with ESMTP id DEAE08FC1C for ; Thu, 26 Mar 2009 21:31:13 +0000 (UTC) (envelope-from neil@darlow.co.uk) Received: from aamtaout02-winn.ispmail.ntl.com ([81.103.221.35]) by mtaout01-winn.ispmail.ntl.com (InterMail vM.7.08.04.00 201-2186-134-20080326) with ESMTP id <20090326213112.OJGR2989.mtaout01-winn.ispmail.ntl.com@aamtaout02-winn.ispmail.ntl.com> for ; Thu, 26 Mar 2009 21:31:12 +0000 Received: from router.darlow.co.uk ([82.14.34.195]) by aamtaout02-winn.ispmail.ntl.com (InterMail vG.2.02.00.01 201-2161-120-102-20060912) with ESMTP id <20090326213112.RZNG21638.aamtaout02-winn.ispmail.ntl.com@router.darlow.co.uk> for ; Thu, 26 Mar 2009 21:31:12 +0000 Received: from router.darlow.co.uk (localhost [127.0.0.1]) by router.darlow.co.uk (Postfix) with ESMTP id 07830103157 for ; Thu, 26 Mar 2009 21:31:12 +0000 (GMT) Received: by router.darlow.co.uk (Postfix, from userid 1001) id 717F3103155; Thu, 26 Mar 2009 21:31:11 +0000 (GMT) Message-Id: <20090326213111.717F3103155@router.darlow.co.uk> Date: Thu, 26 Mar 2009 21:31:11 +0000 (GMT) From: Neil Darlow To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Subject: ports/133104: mail/squirrelmail-avelsieve-plugin TLS operation fix X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Neil Darlow List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Mar 2009 21:40:04 -0000 >Number: 133104 >Category: ports >Synopsis: mail/squirrelmail-avelsieve-plugin TLS operation fix >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Thu Mar 26 21:40:04 UTC 2009 >Closed-Date: >Last-Modified: >Originator: Neil Darlow >Release: FreeBSD 7.1-RELEASE-p4 i386 >Organization: >Environment: System: FreeBSD router.darlow.co.uk 7.1-RELEASE-p4 FreeBSD 7.1-RELEASE-p4 #0: Mon Mar 23 08:11:34 GMT 2009 root@router.darlow.co.uk:/usr/obj/usr/src/sys/ROUTER i386 >Description: Fixes ports/132529 avelsieve-1.9.7 breaks for TLS encrypted sessions due to inability to handle auto-emitted capability strings during authentication. A patch to managesieve.lib.php fixes this while leaving unencrypted sessions unaffected. Tested with squirrelmail-1.4.17 and cyrus-imapd-2.3.14 for TLS/non-TLS sessions using SASL mechanisms: CRAM-MD5, DIGEST-MD5, LOGIN and PLAIN i.e. all mechanisms supported by avelsieve. Also modified port to use bsd.squirrelmail.mk build helper. >How-To-Repeat: N/A >Fix: Two attachments follow - 1) Patch for mail/squirrelmail-avelsieve-plugin/Makefile 2) New file mail/squirrelmail-avelsieve-plugin/files/patch-avelsieve::include::managesieve.lib.php --- squirrelmail-avelsieve-plugin.orig/Makefile 2008-06-07 09:08:48.000000000 +0100 +++ squirrelmail-avelsieve-plugin/Makefile 2009-03-26 20:58:03.000000000 +0000 @@ -6,78 +6,18 @@ PORTNAME= avelsieve PORTVERSION= 1.9.7 -PORTREVISION= 1 -CATEGORIES= mail www -MASTER_SITES= http://www.squirrelmail.org/plugins/ -PKGNAMEPREFIX= squirrelmail- -PKGNAMESUFFIX= -plugin +PORTREVISION= 2 DIST_SUBDIR= squirrelmail MAINTAINER= neil@darlow.co.uk -COMMENT= Interface to create server-side Sieve scripts - -RUN_DEPENDS= ${SQUIRRELDIR}/index.php:${PORTSDIR}/mail/squirrelmail - -SQUIRREL_PLUGIN_NAME= ${PORTNAME} - -.ifdef SQUIRRELDIR -PLIST_SUB+= SQUIRRELDIR=${SQUIRRELDIR} -SUB_LIST+= SQUIRRELDIR=${SQUIRRELDIR} -.else -. ifndef WITHOUT_WWWDIR -SQUIRRELDIR= ${PREFIX}/www/squirrelmail -PLIST_SUB+= SQUIRRELDIR=www/squirrelmail -SUB_LIST+= SQUIRRELDIR=www/squirrelmail -. else -SQUIRRELDIR= ${PREFIX}/squirrelmail -PLIST_SUB+= SQUIRRELDIR=squirrelmail -SUB_LIST+= SQUIRRELDIR=squirrelmail -. endif -.endif -PLIST_SUB+= SQUIRREL_PLUGIN_NAME=${SQUIRREL_PLUGIN_NAME} -SUB_LIST+= SQUIRREL_PLUGIN_NAME=${SQUIRREL_PLUGIN_NAME} - -SUB_FILES= pkg-message - -NO_BUILD= yes -NO_WRKSUBDIR= yes -USE_PERL5_BUILD= yes -WANT_PHP_WEB= yes +COMMENT= SquirrelMail plugin for Server-Side Mail Filtering management .include - -pre-everything:: - @${ECHO} "" -.ifndef WITHOUT_ACTIVATE - @${ECHO} "Activating plug-in in SquirrelMail after installation." - @${ECHO} "If you don't want to automatically activate the plug-in set" - @${ECHO} "WITHOUT_ACTIVATE=yes" -.else - @${ECHO} "NOT Activating plug-in in SquirrelMail after installation." - @${ECHO} "If you want to automatically activate the plug-in unset" - @${ECHO} "WITHOUT_ACTIVATE" -.endif - @${ECHO} "" +.include "${PORTSDIR}/mail/squirrelmail/bsd.squirrelmail.mk" pre-install: ${RM} -Rf ${WRKSRC}/${SQUIRREL_PLUGIN_NAME}/po ${FIND} ${WRKSRC}/${SQUIRREL_PLUGIN_NAME} -type f \ - \( -name '.cvsignore' -o -name '*.bak' \) -exec ${RM} '{}' ';' - -do-install: - ${CP} -R ${WRKSRC}/${SQUIRREL_PLUGIN_NAME} ${SQUIRRELDIR}/plugins - ${CHOWN} -R ${WWWOWN}:${WWWGRP} ${SQUIRRELDIR}/plugins/${SQUIRREL_PLUGIN_NAME} - -post-install: -.ifndef WITHOUT_ACTIVATE -.if exists( ${SQUIRRELDIR}/config/config.php ) - @${ECHO} "Activating plug-in in SquirrelMail" - ${SQUIRRELDIR}/config/conf.pl --install-plugin ${SQUIRREL_PLUGIN_NAME} -.endif -.else - @${ECHO} "To activate the plug-in in SquirrelMail use" - @${ECHO} "${SQUIRRELDIR}/config/conf.pl --install-plugin ${SQUIRREL_PLUGIN_NAME}" -.endif - @${CAT} ${PKGMESSAGE} + \( -name '.cvsignore' -o -name '*.bak' -o -name '*.orig' \) -exec ${RM} {} \; .include --- avelsieve/include/managesieve.lib.php.orig 2006-07-24 14:48:27.000000000 +0100 +++ avelsieve/include/managesieve.lib.php 2009-03-26 20:36:33.000000000 +0000 @@ -686,6 +686,20 @@ } /** + * Neil Darlow - 2009/03/26 + * Changes to Sieve servers to be compliant with draft-managesieve-09.txt + * break authenticate() which cannot handle the capability strings received + * after AUTHENTICATE under a TLS encrypted session. We ignore capability + * strings for each SASL mechanism. + */ + function ignore_capabilities() + { + if ($this->capabilities['starttls']) do { + $line = fgets($this->fp, 1024); + } while (strncmp($line, 'OK', 2)); + } + + /** * Perform SASL authentication to SIEVE server. * * Attempts to authenticate to SIEVE, using some SASL authentication method @@ -701,6 +715,7 @@ $this->len=strlen($auth); fputs($this->fp, 'AUTHENTICATE "PLAIN" {' . $this->len . '+}' . "\r\n"); + $this->ignore_capabilities(); fputs($this->fp, "$auth\r\n"); $this->line=fgets($this->fp,1024); @@ -717,6 +732,7 @@ // SASL DIGEST-MD5 support works with timsieved 1.1.0 // follows rfc2831 for generating the $response to $challenge fputs($this->fp, "AUTHENTICATE \"DIGEST-MD5\"\r\n"); + $this->ignore_capabilities(); // $clen is length of server challenge, we ignore it. $clen = fgets($this->fp, 1024); // read for 2048, rfc2831 max length allowed @@ -768,6 +784,7 @@ // CRAM-MD5 does not support proxy of $auth by $user // requires php mhash extension fputs($this->fp, "AUTHENTICATE \"CRAM-MD5\"\r\n"); + $this->ignore_capabilities(); // $clen is the length of the challenge line the server gives us $clen = fgets($this->fp, 1024); // read for 1024, should be long enough? @@ -793,6 +810,7 @@ $pass=base64_encode($this->pass); fputs($this->fp, "AUTHENTICATE \"LOGIN\"\r\n"); + $this->ignore_capabilities(); fputs($this->fp, "{".strlen($login)."+}\r\n"); fputs($this->fp, "$login\r\n"); fputs($this->fp, "{".strlen($pass)."+}\r\n"); >Release-Note: >Audit-Trail: >Unformatted: