claws-mail: stop using encrypt()

Wed, 17 Dec 2014 05:58:36 -0800 

claws-mail uses encrypt() for password obfuscation in the saved config
file (.claws-mail/accountrc), which was removed from libc.

I attempted switching to blowfish-ebc, along similar lines to their
existing FreeBSD code for des-ebc, and had it working for some passwords,
but it needs 8-byte blocks and I didn't manage to change things enough
to handle padding (the encrypted password is returned in the same
buffer as the original password so it's fiddly). Actually I believe
the FreeBSD des-ebc code is also supposed to use 8-byte blocks
but apparently it works anyway...?

So an alternative diff below. It isn't particularly nice but does
unbreak the port... Does anyone have a better idea?

Index: Makefile
===================================================================
RCS file: /cvs/ports/mail/claws-mail/Makefile,v
retrieving revision 1.73
diff -u -p -r1.73 Makefile
--- Makefile    25 Oct 2014 14:53:04 -0000      1.73
+++ Makefile    17 Dec 2014 13:53:36 -0000
@@ -13,6 +13,7 @@ COMMENT-gdata=                gdata plugin
 V=                     3.9.3
 REVISION=              1
 REVISION-htmlviewer=   2
+REVISION-main=         2
 DISTNAME=              claws-mail-${V}
 PKGNAME-main=          ${DISTNAME}
 PKGNAME-bogofilter=    claws-mail-bogofilter-${V}
Index: patches/patch-configure_ac
===================================================================
RCS file: /cvs/ports/mail/claws-mail/patches/patch-configure_ac,v
retrieving revision 1.9
diff -u -p -r1.9 patch-configure_ac
--- patches/patch-configure_ac  21 Apr 2014 17:40:19 -0000      1.9
+++ patches/patch-configure_ac  17 Dec 2014 13:53:36 -0000
@@ -1,6 +1,6 @@
 $OpenBSD: patch-configure_ac,v 1.9 2014/04/21 17:40:19 sthen Exp $
 --- configure.ac.orig  Sat Dec 14 10:14:50 2013
-+++ configure.ac       Mon Apr 21 18:40:04 2014
++++ configure.ac       Wed Dec 17 12:00:37 2014
 @@ -152,7 +152,7 @@ AM_CONDITIONAL(CYGWIN, test x"$env_cygwin" = x"yes")
  
  if test "$GCC" = "yes"
@@ -10,7 +10,16 @@ $OpenBSD: patch-configure_ac,v 1.9 2014/
        #CFLAGS="-g -Wall -Wno-unused-function"
  fi
  
-@@ -737,6 +737,7 @@ if test x"$enable_new_addrbook" = xno; then
+@@ -494,6 +494,8 @@ dnl password encryption
+ OLDLIBS=$LIBS
+ LIBS=
+ case $host_os in
++      *openbsd*)
++      ;;
+       *dragonfly*)
+               AC_SEARCH_LIBS(encrypt, cipher, [], 
AC_MSG_ERROR(['encrypt'-function not found.]))
+       ;;
+@@ -737,6 +739,7 @@ if test x"$enable_new_addrbook" = xno; then
                AC_CHECK_LIB(resolv, res_query, LDAP_LIBS="$LDAP_LIBS -lresolv")
                AC_CHECK_LIB(socket, bind, LDAP_LIBS="$LDAP_LIBS -lsocket")
                AC_CHECK_LIB(nsl, gethostbyaddr, LDAP_LIBS="$LDAP_LIBS -lnsl")
@@ -18,7 +27,7 @@ $OpenBSD: patch-configure_ac,v 1.9 2014/
                AC_CHECK_LIB(lber, ber_get_tag, LDAP_LIBS="$LDAP_LIBS -llber",,
                                 $LDAP_LIBS)
  
-@@ -809,7 +810,7 @@ if test x"$enable_new_addrbook" = xno; then
+@@ -809,7 +812,7 @@ if test x"$enable_new_addrbook" = xno; then
                                           AC_DEFINE(USE_JPILOT, 1, Define if 
you want JPilot support in addressbook.) ])
                fi
  
Index: patches/patch-src_common_passcrypt_c
===================================================================
RCS file: patches/patch-src_common_passcrypt_c
diff -N patches/patch-src_common_passcrypt_c
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_common_passcrypt_c        17 Dec 2014 13:53:36 -0000
@@ -0,0 +1,26 @@
+$OpenBSD$
+
+encrypt(), as used for password obfuscation, was removed from libc.
+Switch to storing unencrypted instead.
+
+--- src/common/passcrypt.c.orig        Sat Dec 14 10:15:06 2013
++++ src/common/passcrypt.c     Wed Dec 17 13:04:03 2014
+@@ -57,7 +57,19 @@ void passcrypt_decrypt(gchar *password, guint len)
+ unsigned char crypt_cfb_iv[64];
+ int crypt_cfb_blocksize = 8;  /* 8 for DES */
+ 
+-#if defined (__FreeBSD__)
++#if defined (__OpenBSD__)
++static void
++crypt_cfb_buf(const char key[8], unsigned char *buf, unsigned len,
++            unsigned chunksize, int decrypt)
++{
++      /*
++       * XXX do nothing, just store it unencrypted
++       */
++      ;
++}
++#elif defined (__FreeBSD__)
+ static void
+ crypt_cfb_buf(const char key[8], unsigned char *buf, unsigned len,
+             unsigned chunksize, int decrypt)



... for completeness, here's the semi-working blf code.

#include <blf.h>
static void
crypt_cfb_buf(const char key[8], unsigned char *buf, unsigned len,
              unsigned chunksize, int decrypt)
{
        blf_ctx state;

        blf_key(&state, PASSCRYPT_KEY, 8);
        if (decrypt)
                blf_ecb_decrypt(&state, buf, len);
        else
                blf_ecb_encrypt(&state, buf, len);
}

Reply via email to