Bug#618569: hiya :)
Hiya ! I ended up seeing your actual pics on Facebook. I quite like you a lot. Why don't we communicate ! I can send you my pics as well if you want... Sending you all my love, -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#618569: avelsieve: diff for NMU version 1.9.9-2.3
tags 618569 + pending thanks Dear maintainer, I've prepared an NMU for avelsieve (versioned as 1.9.9-2.3) and uploaded it to DELAYED/2. Please feel free to tell me if I should delay it longer. Regards. -- .''`. Homepage: http://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06 : :' : Debian GNU/Linux user, admin, and developer - http://www.debian.org/ `. `' Member of VIBE!AT SPI, fellow of the Free Software Foundation Europe `- NP: Wolf Biermann: Du lass Dich nicht verhärten diff -Nru avelsieve-1.9.9/debian/changelog avelsieve-1.9.9/debian/changelog --- avelsieve-1.9.9/debian/changelog 2012-04-30 09:44:29.0 +0200 +++ avelsieve-1.9.9/debian/changelog 2012-09-09 17:57:18.0 +0200 @@ -1,3 +1,14 @@ +avelsieve (1.9.9-2.3) unstable; urgency=low + + * Non-maintainer upload. + * Fix Failure of authentication on TLS connections: +new patch avelsieve-changeset-1144.patch, taken from upstream svn, that +unifies uppercase/lowercase usage. +Thanks to Alex Owen for his bug triage! +(Closes: #618569, LP: #498921) + + -- gregor herrmann gre...@debian.org Sun, 09 Sep 2012 17:57:16 +0200 + avelsieve (1.9.9-2.2) unstable; urgency=low * Non-maintainer upload. diff -Nru avelsieve-1.9.9/debian/patches/avelsieve-changeset-1144.patch avelsieve-1.9.9/debian/patches/avelsieve-changeset-1144.patch --- avelsieve-1.9.9/debian/patches/avelsieve-changeset-1144.patch 1970-01-01 01:00:00.0 +0100 +++ avelsieve-1.9.9/debian/patches/avelsieve-changeset-1144.patch 2012-09-09 17:35:58.0 +0200 @@ -0,0 +1,77 @@ +Description: fix auth failure due to uppercase/lowercase mix +Origin: upstream, http://email.uoa.gr/avelsieve/changeset/1144 +Bug: http://email.uoa.gr/avelsieve/ticket/275 +Bug-Debian: http://bugs.debian.org/618569 +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+bug/498921 +Author: avel +Reviewed-by: gregor herrmann gre...@debian.org +Last-Update: 2012-09-09 +Applied-Upstream: yes, cf. Origin + +--- a/include/managesieve.lib.php b/include/managesieve.lib.php +@@ -321,7 +321,7 @@ + $this-auth = $this-user; + else + $this-auth = $auth; +-$this-auth_types=$auth_types;/* Allowed authentication types */ ++$this-auth_types = strtolower($auth_types);/* Allowed authentication types */ + + $this-broken_tls = false; + +@@ -456,8 +456,8 @@ + } + $this-modules = split( , $this-item[1]); + if(is_array($this-modules)){ +- foreach($this-modules as $this-module) +- $this-capabilities[$this-cap_type][$this-module]=true; ++ foreach($this-modules as $m) ++ $this-capabilities[$this-cap_type][strtolower($m)]=true; + } /* end if */ + elseif(is_string($this-modules)) + $this-capabilites[$this-cap_type][$this-modules]=true; +@@ -535,7 +535,7 @@ + + /* Loop through each allowed authentication type and see if the server allows the type */ + foreach(explode( , $this-auth_types) as $auth_type) { +-if ($this-capabilities[auth][$auth_type]) { ++if (isset($this-capabilities[auth][$auth_type])) { + /* We found an auth type that is allowed. */ + $this-auth_in_use = $auth_type; + } +@@ -724,7 +724,7 @@ + + switch ($this-auth_in_use) { + +-case PLAIN: ++case plain: + $auth=base64_encode($this-user.\0.$this-auth.\0.$this-pass); + + $this-len=strlen($auth); +@@ -741,7 +741,7 @@ +return true; + break; + +-case DIGEST-MD5: ++case digest-md5: + // SASL DIGEST-MD5 support works with timsieved 1.1.0 + // follows rfc2831 for generating the $response to $challenge + fputs($this-fp, AUTHENTICATE \DIGEST-MD5\\r\n); +@@ -790,7 +790,7 @@ +return TRUE; + break; + +-case CRAM-MD5: ++case cram-md5: +// SASL CRAM-MD5 support works with timsieved 1.1.0 + // follows rfc2195 for generating the $response to $challenge + // CRAM-MD5 does not support proxy of $auth by $user +@@ -816,7 +816,7 @@ +return TRUE; + break; + +-case LOGIN: ++case login: + $login=base64_encode($this-user); + $pass=base64_encode($this-pass); + diff -Nru avelsieve-1.9.9/debian/patches/series avelsieve-1.9.9/debian/patches/series --- avelsieve-1.9.9/debian/patches/series 2012-04-30 09:37:10.0 +0200 +++ avelsieve-1.9.9/debian/patches/series 2012-09-09 17:32:02.0 +0200 @@ -5,3 +5,4 @@ js_function_bugfix sieve-default-port fixes-call-time-pass-by-reference +avelsieve-changeset-1144.patch signature.asc Description: Digital signature
Bug#618569: bug introduced in upstream SVN revision 851
On 30 June 2012 23:34, Alex Owen r.alex.o...@gmail.com wrote: Upstream have accepted upstream bug: http://email.uoa.gr/avelsieve/ticket/275. Upstream changeset 1144 is a Possible fix for #275: http://email.uoa.gr/avelsieve/changeset/1144 The approach is to lowercase the auth strings at all points in the code so that the result is a case insensitive match. https://email.uoa.gr/avelsieve/changeset?reponame=new=1144%40main_pluginold=1143%40main_plugin Attached is the diff found at the above link. I have patched my production avelsieve (squeeze) and test show it works. I believe that it will also benefit avelsieve in wheezy. If I can find the BTS commands to do so I will un-mark this bug as squeeze as I believe it affects wheezy too. Regards Alex Owen avelsieve-changeset-1144.patch Description: Binary data
Bug#618569: bug introduced in upstream SVN revision 851
Upstream have accepted upstream bug: http://email.uoa.gr/avelsieve/ticket/275. Upstream changeset 1144 is a Possible fix for #275: http://email.uoa.gr/avelsieve/changeset/1144 The approach is to lowercase the auth strings at all points in the code so that the result is a case insensitive match. Regards Alex Owen -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#618569: bug introduced in upstream SVN revision 851
Looking at the upstream code it would appear that upstream svn revision 851 is to blame for this bug. http://email.uoa.gr/avelsieve/changeset/851 Changeset 851 is titled: Ignore case for Sieve capabilities list. There are 3(or 4) places the code needs to be changed to have the desired effect but r851 only changes 1 place, so I think that this only ever appeared to work by accident. Regards Alex Owen -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#618569: bug introduced in upstream SVN revision 851
I have taken the liberty of open upstream bug #275 to track this upstream https://email.uoa.gr/avelsieve/ticket/275 Regards Alex Owen -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#618569: [PATCH] regenerated patch.. this time right way round!
As you have probably noticed in my submission to this bug yesterday the patch is the wrong way round. oops! Here is the correct patch: --- managesieve.lib.php.orig2012-06-07 15:09:28.0 +0100 +++ managesieve.lib.php 2012-06-07 17:20:30.0 +0100 @@ -887,10 +887,10 @@ $this-modules = split(' ', $this-item[1]); if(is_array($this-modules)){ foreach($this-modules as $m) { - $this-capabilities[$cap_type][strtolower($m)]=true; + $this-capabilities[$cap_type][$m]=true; } } elseif(is_string($this-modules)) { - $this-capabilites[$cap_type][strtolower($this-modules)]=true; + $this-capabilites[$cap_type][$this-modules]=true; } } else { $this-capabilities[unknown][]=$this-line; Regards Alex Owen -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#618569: avelsieve: lowercaseing reported auth mechanisms after TLS breaks auth
Package: avelsieve Version: 1.9.9-2 Severity: normal Guido Günther's analysis is only half the story so his patch is NOT the fix. On fist connection dovecot (with TLS configured) will correctly NOT advertise PLAIN authentication (unless you have configured it to allow non-TLS login). avelsieve sees that STARTTLS is available and negotiates the encryption. Dovecot then sends the capabilities AGAIN, but this time with PLAIN. avelsieve lower cases PLAIN and stores plain avelsieve then compares the stored plain with the list of UPPERCASE auth mechanisms which is probably just PLAIN As plain not equal PLAIN so no authtication can contiue and errors are logged in dovecote log and on squirrelmail webinterface. I have fixed this by patching /usr/share/squirrelmail/plugins/avelsieve/include/managesieve.lib.php to remove the offending strtolower() calls: --- /usr/share/squirrelmail/plugins/avelsieve/include/managesieve.lib.php 2012-06-07 17:20:30.0 +0100 +++ /usr/share/squirrelmail/plugins/avelsieve/include/managesieve.lib.php.orig 2012-06-07 15:09:28.0 +0100 @@ -887,10 +887,10 @@ $this-modules = split(' ', $this-item[1]); if(is_array($this-modules)){ foreach($this-modules as $m) { - $this-capabilities[$cap_type][$m]=true; + $this-capabilities[$cap_type][strtolower($m)]=true; } } elseif(is_string($this-modules)) { - $this-capabilites[$cap_type][$this-modules]=true; + $this-capabilites[$cap_type][strtolower($this-modules)]=true; } } else { $this-capabilities[unknown][]=$this-line; managesieve.lib.php really needs refactoring to use the same parsing routine for pre and post STARTTLS to avoid this sort of bug. If case insensitive matching is wanted then I'd suggest converting everything to uppercase as that seems to be what the code and protocol really expects. Maintainer: please report upstream Regards Alex Owen -- System Information: Debian Release: 6.0.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages avelsieve depends on: ii debconf [debconf-2.0] 1.5.36.1 Debian configuration management sy ii libjs-scriptaculous 1.8.3-1JavaScript library for dynamic web ii squirrelmail 2:1.4.21-2 Webmail for nuts avelsieve recommends no packages. Versions of packages avelsieve suggests: pn cyrus-imapd-2.2 | dovecot-ima none (no description available) -- Configuration Files: /etc/squirrelmail/avelsieve-config.php changed [not included] -- debconf information excluded -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#618569: [PATCH] work around dovecot not advertising PLAIN auth
tags 618569 +patch thanks Hi, I was seeing the same problem. The attached patch fixes this for me. The issue here is that dovecot isn't properly advertising PLAIN. Details can be found in the patch. Cheers, -- Guido From 8dec6396b8744f88a7bfc44bb1217d12c385a769 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Guido=20G=C3=BCnther?= a...@sigxcpu.org Date: Sun, 15 Jan 2012 14:58:12 +0100 Subject: [PATCH] Interpret an empty auth mechanism as PLAIN When enabling PLAIN and GSSAPI auth in dovecot (at least) 1.0.15 the response looks like: Trying 127.0.0.2... Connected to imap.example.com. Escape character is '^]'. IMPLEMENTATION dovecot SASL GSSAPI SIEVE fileinto reject envelope vacation imapflags notify subaddress relational comparator-i;ascii-numeric regex STARTTLS OK Dovecot ready. Note the extra space in front of the GSSAPI. Dovecot is configured to allow for PLAIN and GSSAPI but PLAIN is missing from the list. --- include/managesieve.lib.php |5 - 1 files changed, 4 insertions(+), 1 deletions(-) diff --git a/include/managesieve.lib.php b/include/managesieve.lib.php index 13240be..5c4d05e 100644 --- a/include/managesieve.lib.php +++ b/include/managesieve.lib.php @@ -456,8 +456,11 @@ class sieve { } $this-modules = split( , $this-item[1]); if(is_array($this-modules)){ - foreach($this-modules as $this-module) + foreach($this-modules as $this-module) { + if(strlen($this-module) == 0) + $this-module = PLAIN; $this-capabilities[$this-cap_type][$this-module]=true; + } } /* end if */ elseif(is_string($this-modules)) $this-capabilites[$this-cap_type][$this-modules]=true; -- 1.7.7.3
Bug#618569: After upgrade to squeeze (1.9.9-2) avelsieve does not connect to dovecot
Hi all, maybe I can shed some light on the issue. Some hours ago I tried to setup squirrel-avelsieve against dovecot with STARTTLS and 'plaintext auth' turned off on both sides. Following the logfiles (see below /var/log/apache/error.log) I decided playing around with the auth-mechanisms and the php code in /usr/share/squirrelmail/plugins/avelsieve/include/managesieve.lib.php (diff see below). Result: The edited code works for 'PLAIN' only auth, so proposing a case problem ('plain' vs. 'PLAIN') -- but I did not figure out where exactly to correct it yet (I might have more time next weekend).. Note: This is just a very dirty and dangerous workaround to explain the problem and not a fix! Hope it helps.. mic -- dovecot version 1.2.15 avelsieve Version: 1.9.9-2 --$ tail /var/log/apache/error.log .. [Thu Jul 14 00:03:01 2011] [error] [client 87.160.213.70] PHP Notice: Undefined index: PLAIN in /usr/share/squirrelmail/plugins/avelsieve/include/managesieve.lib.php on line 538, referer: https://www.inofix.net/mail/src/webmail.php --$ diff -Naur /usr/share/squirrelmail/plugins/avelsieve/include/managesieve.lib.php new.managesieve.lib.php --- /usr/share/squirrelmail/plugins/avelsieve/include/managesieve.lib.php 2011-07-14 17:40:13.0 +0200 +++ managesieve.lib.php 2011-07-14 17:40:02.0 +0200 @@ -535,8 +535,10 @@ /* Loop through each allowed authentication type and see if the server allows the type */ foreach(explode( , $this-auth_types) as $auth_type) { +$auth_type = plain; if ($this-capabilities[auth][$auth_type]) { /* We found an auth type that is allowed. */ +$auth_type = PLAIN; $this-auth_in_use = $auth_type; } } -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#618569:
Hi, After upgrade to squeeze (1.9.9-2) avelsieve does not connect to dovecot (pidgenhole) sieve implementation any more: cannot connect to timsieve server. I had this as well and it is because avelsieve tries to connect to port 4190 instead of 2000 (see below), which dovecot uses by default. Changing the port in avelsieve config.php back to 2000 solves the problem. What is the reason for this change ? /** DEBIAN CHANGE: Depsite upstream's intention Debian changed this default * distribution wide to 4190 which is thus default here. */ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#618569:
On 03/21/11 08:54, Tom Jägermeister wrote: Hi, After upgrade to squeeze (1.9.9-2) avelsieve does not connect to dovecot (pidgenhole) sieve implementation any more: cannot connect to timsieve server. I had this as well and it is because avelsieve tries to connect to port 4190 instead of 2000 (see below), which dovecot uses by default. Changing the port in avelsieve config.php back to 2000 solves the problem. What is the reason for this change ? /** DEBIAN CHANGE: Depsite upstream's intention Debian changed this default * distribution wide to 4190 which is thus default here. */ Hello, just for clarity: The port change is _NOT_ the issue with my installation. I am using the dovecot pidgenhole sieve implementation which defaults do port 4190. I used this port in Lenny and I am using it now with Squeeze. Nevertheless I cannot connect to sieve using the latest avelsieve ... Cheers Jan -- MAX-PLANCK-INSTITUT fuer Radioastronomie Jan Behrend - Rechenzentrum Auf dem Huegel 69, D-53121 Bonn Tel: +49 (228) 525 359, Fax: +49 (228) 525 229 jbehr...@mpifr-bonn.mpg.de http://www.mpifr-bonn.mpg.de smime.p7s Description: S/MIME Cryptographic Signature
Bug#618569: After upgrade to squeeze (1.9.9-2) avelsieve does not connect to dovecot
Package: avelsieve Version: 1.9.7-6+lenny1 Severity: normal Tags: squeeze upstream After upgrade to squeeze (1.9.9-2) avelsieve does not connect to dovecot (pidgenhole) sieve implementation any more: cannot connect to timsieve server. After downgrading to the lenny (1.9.7-6+lenny1) version again makes everything perfect again. If you need more information please let me know. Cheers Jan MAX-PLANCK-INSTITUT fuer Radioastronomie Jan Behrend - Rechenzentrum Auf dem Huegel 69, D-53121 Bonn Tel: +49 (228) 525 359, Fax: +49 (228) 525 229 jbehr...@mpifr-bonn.mpg.de http://www.mpifr-bonn.mpg.de -- System Information: Debian Release: 6.0 APT prefers oldstable APT policy: (500, 'oldstable'), (500, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/1 CPU core) Locale: LANG=, LC_CTYPE= (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/bash Versions of packages avelsieve depends on: ii debconf 1.5.36.1 Debian configuration management sy ii squirrelmail 2:1.4.21-1 Webmail for nuts avelsieve recommends no packages. Versions of packages avelsieve suggests: pn cyrus-imapd-2.2 | dovecot-ima none (no description available) -- Configuration Files: /etc/squirrelmail/avelsieve-config.php changed: ?php /** * User-friendly interface to SIEVE server-side mail filtering. * Plugin for Squirrelmail 1.4+ * * Licensed under the GNU GPL. For full terms see the file COPYING that came * with the Squirrelmail distribution. * * This file contains configuration parameters for SIEVE mail filters plugin * (aka avelsieve) * * @version $Id: config_sample.php 1025 2009-05-21 08:35:24Z avel $ * @author Alexandros Vellis a...@users.sourceforge.net * @copyright 2002-2004 Alexandros Vellis * @package plugins * @subpackage avelsieve */ /** * Debug Mode. Enable this (change to 1) if you need to send a bug report, * or to 2 or 3 if you are a developer! * * Valid values: * 0 = No debugging output * 1 = Normal debugging output * 2 = Firebug-enhanced debugging output * 3 = Enhanced debugging output and no Sieve capabilities checks - enables * all UI features! */ if(!defined('AVELSIEVE_DEBUG')) { define('AVELSIEVE_DEBUG', 1); } /* */ /* === IMAP Server / SIEVE Setup = */ /* */ /** @var string Backend to use. Available backends are: * 'ManageSieve': Uses the ManageSieve protocol. e.g. Cyrus * 'File': Writes files straight to disk. e.g. Exim4, Dovecot LDA. */ global $avelsieve_backend; $avelsieve_backend = 'ManageSieve'; /* */ /* === ManageSieve Backend Options */ /* */ /* Port where timsieved listens on the Cyrus IMAP server. Default is 2000. */ /** DEBIAN CHANGE: Depsite upstream's intention Debian changed this default * distribution wide to 4190 which is thus default here. */ global $sieveport; $sieveport = 4190; /** * @var string Space separated list of preferred SASL mechanisms for the * authentication to timsieved. e.g. PLAIN DIGEST-MD5;*/ global $sieve_preferred_sasl_mech; $sieve_preferred_sasl_mech = 'PLAIN'; /** * @var boolean Disable STARTTLS for ManageSieve. You can set this to true, * if you do not wish to use encryption via TLS mechanisms (i.e. the server * is not configured properly, or this is a local connection and TLS is not * needed. * Note that STARTTLS is supported only in PHP5+. In PHP4 this option will * have no effect and STARTTLS will be disabled anyway. * * DEBIAN CHANGE: * To properly work with a default cyrus installation on the same host as * SquirrelMail $avelsieve_disabletls defaults to true. */ global $avelsieve_disabletls; $avelsieve_disabletls = false; /* */ /* === File Backend Options === */ /* */ global $avelsieve_file_backend_options, $data_dir, $username; $avelsieve_file_backend_options = array( 'avelsieve_default_file' = $data_dir/$username.sievesource ); /* */ /* == Implementation- and Server-Specific Options */ /* */ /* In Cyrus 2.3+, the notification action is a bit more complex than the * others. The oldcyrus variable is for supporting the partially implemented * notify extension implementation of Cyrus 2.3. If you have Cyrus 2.3, * just set this to