ports/133104: mail/squirrelmail-avelsieve-plugin TLS operation fix
Neil Darlow
neil at darlow.co.uk
Thu Mar 26 21:40:04 UTC 2009
>Number: 133104
>Category: ports
>Synopsis: mail/squirrelmail-avelsieve-plugin TLS operation fix
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Thu Mar 26 21:40:04 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator: Neil Darlow
>Release: FreeBSD 7.1-RELEASE-p4 i386
>Organization:
>Environment:
System: FreeBSD router.darlow.co.uk 7.1-RELEASE-p4 FreeBSD 7.1-RELEASE-p4 #0: Mon Mar 23 08:11:34 GMT 2009 root at router.darlow.co.uk:/usr/obj/usr/src/sys/ROUTER i386
>Description:
Fixes ports/132529
avelsieve-1.9.7 breaks for TLS encrypted sessions due to inability to handle auto-emitted capability strings
during authentication. A patch to managesieve.lib.php fixes this while leaving unencrypted sessions unaffected.
Tested with squirrelmail-1.4.17 and cyrus-imapd-2.3.14 for TLS/non-TLS sessions using SASL mechanisms:
CRAM-MD5, DIGEST-MD5, LOGIN and PLAIN i.e. all mechanisms supported by avelsieve.
Also modified port to use bsd.squirrelmail.mk build helper.
>How-To-Repeat:
N/A
>Fix:
Two attachments follow -
1) Patch for mail/squirrelmail-avelsieve-plugin/Makefile
2) New file mail/squirrelmail-avelsieve-plugin/files/patch-avelsieve::include::managesieve.lib.php
--- squirrelmail-avelsieve-plugin.orig/Makefile 2008-06-07 09:08:48.000000000 +0100
+++ squirrelmail-avelsieve-plugin/Makefile 2009-03-26 20:58:03.000000000 +0000
@@ -6,78 +6,18 @@
PORTNAME= avelsieve
PORTVERSION= 1.9.7
-PORTREVISION= 1
-CATEGORIES= mail www
-MASTER_SITES= http://www.squirrelmail.org/plugins/
-PKGNAMEPREFIX= squirrelmail-
-PKGNAMESUFFIX= -plugin
+PORTREVISION= 2
DIST_SUBDIR= squirrelmail
MAINTAINER= neil at darlow.co.uk
-COMMENT= Interface to create server-side Sieve scripts
-
-RUN_DEPENDS= ${SQUIRRELDIR}/index.php:${PORTSDIR}/mail/squirrelmail
-
-SQUIRREL_PLUGIN_NAME= ${PORTNAME}
-
-.ifdef SQUIRRELDIR
-PLIST_SUB+= SQUIRRELDIR=${SQUIRRELDIR}
-SUB_LIST+= SQUIRRELDIR=${SQUIRRELDIR}
-.else
-. ifndef WITHOUT_WWWDIR
-SQUIRRELDIR= ${PREFIX}/www/squirrelmail
-PLIST_SUB+= SQUIRRELDIR=www/squirrelmail
-SUB_LIST+= SQUIRRELDIR=www/squirrelmail
-. else
-SQUIRRELDIR= ${PREFIX}/squirrelmail
-PLIST_SUB+= SQUIRRELDIR=squirrelmail
-SUB_LIST+= SQUIRRELDIR=squirrelmail
-. endif
-.endif
-PLIST_SUB+= SQUIRREL_PLUGIN_NAME=${SQUIRREL_PLUGIN_NAME}
-SUB_LIST+= SQUIRREL_PLUGIN_NAME=${SQUIRREL_PLUGIN_NAME}
-
-SUB_FILES= pkg-message
-
-NO_BUILD= yes
-NO_WRKSUBDIR= yes
-USE_PERL5_BUILD= yes
-WANT_PHP_WEB= yes
+COMMENT= SquirrelMail plugin for Server-Side Mail Filtering management
.include <bsd.port.pre.mk>
-
-pre-everything::
- @${ECHO} ""
-.ifndef WITHOUT_ACTIVATE
- @${ECHO} "Activating plug-in in SquirrelMail after installation."
- @${ECHO} "If you don't want to automatically activate the plug-in set"
- @${ECHO} "WITHOUT_ACTIVATE=yes"
-.else
- @${ECHO} "NOT Activating plug-in in SquirrelMail after installation."
- @${ECHO} "If you want to automatically activate the plug-in unset"
- @${ECHO} "WITHOUT_ACTIVATE"
-.endif
- @${ECHO} ""
+.include "${PORTSDIR}/mail/squirrelmail/bsd.squirrelmail.mk"
pre-install:
${RM} -Rf ${WRKSRC}/${SQUIRREL_PLUGIN_NAME}/po
${FIND} ${WRKSRC}/${SQUIRREL_PLUGIN_NAME} -type f \
- \( -name '.cvsignore' -o -name '*.bak' \) -exec ${RM} '{}' ';'
-
-do-install:
- ${CP} -R ${WRKSRC}/${SQUIRREL_PLUGIN_NAME} ${SQUIRRELDIR}/plugins
- ${CHOWN} -R ${WWWOWN}:${WWWGRP} ${SQUIRRELDIR}/plugins/${SQUIRREL_PLUGIN_NAME}
-
-post-install:
-.ifndef WITHOUT_ACTIVATE
-.if exists( ${SQUIRRELDIR}/config/config.php )
- @${ECHO} "Activating plug-in in SquirrelMail"
- ${SQUIRRELDIR}/config/conf.pl --install-plugin ${SQUIRREL_PLUGIN_NAME}
-.endif
-.else
- @${ECHO} "To activate the plug-in in SquirrelMail use"
- @${ECHO} "${SQUIRRELDIR}/config/conf.pl --install-plugin ${SQUIRREL_PLUGIN_NAME}"
-.endif
- @${CAT} ${PKGMESSAGE}
+ \( -name '.cvsignore' -o -name '*.bak' -o -name '*.orig' \) -exec ${RM} {} \;
.include <bsd.port.post.mk>
--- avelsieve/include/managesieve.lib.php.orig 2006-07-24 14:48:27.000000000 +0100
+++ avelsieve/include/managesieve.lib.php 2009-03-26 20:36:33.000000000 +0000
@@ -686,6 +686,20 @@
}
/**
+ * Neil Darlow - 2009/03/26
+ * Changes to Sieve servers to be compliant with draft-managesieve-09.txt
+ * break authenticate() which cannot handle the capability strings received
+ * after AUTHENTICATE under a TLS encrypted session. We ignore capability
+ * strings for each SASL mechanism.
+ */
+ function ignore_capabilities()
+ {
+ if ($this->capabilities['starttls']) do {
+ $line = fgets($this->fp, 1024);
+ } while (strncmp($line, 'OK', 2));
+ }
+
+ /**
* Perform SASL authentication to SIEVE server.
*
* Attempts to authenticate to SIEVE, using some SASL authentication method
@@ -701,6 +715,7 @@
$this->len=strlen($auth);
fputs($this->fp, 'AUTHENTICATE "PLAIN" {' . $this->len . '+}' . "\r\n");
+ $this->ignore_capabilities();
fputs($this->fp, "$auth\r\n");
$this->line=fgets($this->fp,1024);
@@ -717,6 +732,7 @@
// SASL DIGEST-MD5 support works with timsieved 1.1.0
// follows rfc2831 for generating the $response to $challenge
fputs($this->fp, "AUTHENTICATE \"DIGEST-MD5\"\r\n");
+ $this->ignore_capabilities();
// $clen is length of server challenge, we ignore it.
$clen = fgets($this->fp, 1024);
// read for 2048, rfc2831 max length allowed
@@ -768,6 +784,7 @@
// CRAM-MD5 does not support proxy of $auth by $user
// requires php mhash extension
fputs($this->fp, "AUTHENTICATE \"CRAM-MD5\"\r\n");
+ $this->ignore_capabilities();
// $clen is the length of the challenge line the server gives us
$clen = fgets($this->fp, 1024);
// read for 1024, should be long enough?
@@ -793,6 +810,7 @@
$pass=base64_encode($this->pass);
fputs($this->fp, "AUTHENTICATE \"LOGIN\"\r\n");
+ $this->ignore_capabilities();
fputs($this->fp, "{".strlen($login)."+}\r\n");
fputs($this->fp, "$login\r\n");
fputs($this->fp, "{".strlen($pass)."+}\r\n");
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list