From owner-freebsd-ports Wed Sep 20 22: 0: 8 2000 Delivered-To: freebsd-ports@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id C2D1737B424 for ; Wed, 20 Sep 2000 22:00:00 -0700 (PDT) Received: (from gnats@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id WAA38847; Wed, 20 Sep 2000 22:00:00 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from gilmore.nas.nasa.gov (gilmore.nas.nasa.gov [129.99.32.17]) by hub.freebsd.org (Postfix) with ESMTP id 066C537B422; Wed, 20 Sep 2000 21:51:24 -0700 (PDT) Received: (from tweten@localhost) by gilmore.nas.nasa.gov (8.11.0/8.11.0) id e8L4pH746576; Wed, 20 Sep 2000 21:51:17 -0700 (PDT) (envelope-from tweten) Message-Id: <200009210451.e8L4pH746576@gilmore.nas.nasa.gov> Date: Wed, 20 Sep 2000 21:51:17 -0700 (PDT) From: tweten@nas.nasa.gov Reply-To: tweten@nas.nasa.gov To: FreeBSD-gnats-submit@freebsd.org Cc: markm@freebsd.org, welch@acm.org X-Send-Pr-Version: 3.2 Subject: ports/21437: port update to correct mail/exmh2 support of security/pgp5 Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 21437 >Category: ports >Synopsis: port update to correct mail/exmh2 support of security/pgp5 >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Sep 20 22:00:00 PDT 2000 >Closed-Date: >Last-Modified: >Originator: Dave Tweten >Release: FreeBSD 4.1-STABLE i386 >Organization: NASA Ames Research Center >Environment: FreeBSD gilmore.nas.nasa.gov 4.1-STABLE FreeBSD 4.1-STABLE #0: Sun Sep 10 11:54:56 PDT 2000 root@gilmore.nas.nasa.gov:/usr/obj/usr/src/sys/GILMORE i386 Exmh 2.1.1 PGP 5.0i Tk 8.2 Tcl 8.2 >Description: There are four problems with support of the pgp5 port by the exmh2 port: 1. Exmh will not use pgpv to check a Multipart/MIME Clear signature. Since the call to pgpv is in batch mode, there is nobody to ask if the user would like to overwrite /dev/null. (!) 2. It will not make any kind of Application/PGP message. If you try, it will fail with an error message about not finding a variable named "typeparams." 3. When asked to make a Plain Detached signature, instead it generates a Plain Encrypted and Signed message. 4. Generated MIME headers violate RFC-1341 in that they contain double semicolons. RFC-1341 makes it clear that a parameter must fit between each pair of semicolons and that a minimal parameter contains three characters, the middle one being an equal sign. >How-To-Repeat: Try to send yourself messages of the above types, or in the case of Multipart/MIME with Clear signature, try to read one you've already sent. >Fix: For each of the above problems, there is a fix: 1. Make batch mode PGP 5.0i calls use the "+force" option, thereby eliminating the dubious need to request confirmation for overwriting /dev/null. 2. Add the "typeparams" variable as an argument in the call to Pgp_ProcessAP. That way it will be defined when it is used in that routine. 3. For some bizzarre reason, the code in pgpMain.tcl goes out of its way to convert a request for a Plain Detached signature into a request for a Plain Standard signature. Eliminate that code. 4. When the "typeparams" variable is given its initial value, it is defined with a trailing semicolon. Everywhere anything is concatenated onto the end of typeparams, the added value starts with a semicolon. Trailing or doubled semicolons are therefore inevitable. Just get rid of the initial trailing semicolon. The following two files worth of patches take care of all problems. --- lib/pgpMain.tcl.orig Tue Oct 12 14:04:42 1999 +++ lib/pgpMain.tcl Wed Sep 20 20:29:30 2000 @@ -589,13 +589,13 @@ if {$pgp(format,$id) == "app"} { Exmh_Debug app format if {$pgp(encrypt,$id)} { - set typeparams "; x-action=encrypt;" + set typeparams "; x-action=encrypt" } else { switch $pgp(sign,$id) { detached - - standard {set typeparams "; x-action=signbinary;"} - clearsign {set typeparams "; x-action=signclear;"} - encryptsign {set typeparams "; x-action=encryptsign;"} + standard {set typeparams "; x-action=signbinary"} + clearsign {set typeparams "; x-action=signclear"} + encryptsign {set typeparams "; x-action=encryptsign"} } } } @@ -655,11 +655,7 @@ # write the message to be encrypted set msgfile [Mime_TempFile "msg"] set msg [open $msgfile w 0600] - if {$pgp(format,$id) == "plain" && $pgp(sign,$id) == "detached"} { - set pgp(sign,$id) "standard" - } else { - foreach line $pgpheaders { puts $msg [Pgp_Misc_FixHeader $line] } - } + foreach line $pgpheaders { puts $msg [Pgp_Misc_FixHeader $line] } puts $msg "" puts -nonewline $msg [read $orig] close $orig @@ -693,7 +689,7 @@ switch $pgp(format,$id) { app { - Pgp_ProcessAP $v $dstfile $pgpfile $mailheaders + Pgp_ProcessAP $v $dstfile $pgpfile $mailheaders $typeparams } pm { Pgp_ProcessPM $v $dstfile $pgpfile $mailheaders $msgfile $id @@ -706,7 +702,7 @@ File_Delete $msgfile $pgpfile } -proc Pgp_ProcessAP {v dstfile pgpfile mailheaders} { +proc Pgp_ProcessAP {v dstfile pgpfile mailheaders typeparams} { global pgp lappend mailheaders \ --- lib/pgpPgp5.tcl.orig Tue Oct 12 14:04:43 1999 +++ lib/pgpPgp5.tcl Wed Sep 20 19:36:48 2000 @@ -85,7 +85,7 @@ ############# # Exec_Batch # Batchmode flags -set pgp(pgp5,flags_batch) {+armorlines=0 +batchmode=on +verbose=0} +set pgp(pgp5,flags_batch) {+armorlines=0 +batchmode=on +force +verbose=0} # proc Pgp_pgp5_PassFdSet {} { global env >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message