Site Navigation

Date:      Wed, 20 Sep 2000 21:51:17 -0700 (PDT)
From:      tweten@nas.nasa.gov
To:        FreeBSD-gnats-submit@freebsd.org
Cc:        markm@freebsd.org, welch@acm.org
Subject:   ports/21437: port update to correct mail/exmh2 support of security/pgp5
Message-ID:  <200009210451.e8L4pH746576@gilmore.nas.nasa.gov>

---

next in thread | raw e-mail | index | archive | help

---

>Number:         21437
>Category:       ports
>Synopsis:       port update to correct mail/exmh2 support of security/pgp5
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Sep 20 22:00:00 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator:     Dave Tweten
>Release:        FreeBSD 4.1-STABLE i386
>Organization:
NASA Ames Research Center
>Environment:

FreeBSD gilmore.nas.nasa.gov 4.1-STABLE FreeBSD 4.1-STABLE #0: Sun Sep 10 11:54:56 PDT 2000     root@gilmore.nas.nasa.gov:/usr/obj/usr/src/sys/GILMORE  i386

Exmh 2.1.1

PGP 5.0i

Tk 8.2 Tcl 8.2

>Description:

There are four problems with support of the pgp5 port by the exmh2 port:

1. Exmh will not use pgpv to check a Multipart/MIME Clear signature.
   Since the call to pgpv is in batch mode, there is nobody to ask if
   the user would like to overwrite /dev/null. (!)

2. It will not make any kind of Application/PGP message.  If you try,
   it will fail with an error message about not finding a variable
   named "typeparams."

3. When asked to make a Plain Detached signature, instead it generates
   a Plain Encrypted and Signed message.

4. Generated MIME headers violate RFC-1341 in that they contain double
   semicolons.  RFC-1341 makes it clear that a parameter must fit
   between each pair of semicolons and that a minimal parameter
   contains three characters, the middle one being an equal sign.

>How-To-Repeat:

Try to send yourself messages of the above types, or in the case of
Multipart/MIME with Clear signature, try to read one you've already sent.

>Fix:

For each of the above problems, there is a fix:

1. Make batch mode PGP 5.0i calls use the "+force" option, thereby
   eliminating the dubious need to request confirmation for
   overwriting /dev/null.

2. Add the "typeparams" variable as an argument in the call to
   Pgp_ProcessAP.  That way it will be defined when it is used in that
   routine.

3. For some bizzarre reason, the code in pgpMain.tcl goes out of its
   way to convert a request for a Plain Detached signature into a
   request for a Plain Standard signature.  Eliminate that code.

4. When the "typeparams" variable is given its initial value, it is
   defined with a trailing semicolon.  Everywhere anything is
   concatenated onto the end of typeparams, the added value starts
   with a semicolon.  Trailing or doubled semicolons are therefore
   inevitable.  Just get rid of the initial trailing semicolon.

The following two files worth of patches take care of all problems.

--- lib/pgpMain.tcl.orig	Tue Oct 12 14:04:42 1999
+++ lib/pgpMain.tcl	Wed Sep 20 20:29:30 2000
@@ -589,13 +589,13 @@
     if {$pgp(format,$id) == "app"} {
 	Exmh_Debug app format
 	if {$pgp(encrypt,$id)} {
-	    set typeparams "; x-action=encrypt;"
+	    set typeparams "; x-action=encrypt"
 	} else {
 	    switch $pgp(sign,$id) {
 		detached -
-		standard {set typeparams "; x-action=signbinary;"}
-		clearsign {set typeparams "; x-action=signclear;"}
-		encryptsign {set typeparams "; x-action=encryptsign;"}
+		standard {set typeparams "; x-action=signbinary"}
+		clearsign {set typeparams "; x-action=signclear"}
+		encryptsign {set typeparams "; x-action=encryptsign"}
 	    }
 	}
     }
@@ -655,11 +655,7 @@
     # write the message to be encrypted
     set msgfile [Mime_TempFile "msg"]
     set msg [open $msgfile w 0600]
-    if {$pgp(format,$id) == "plain" && $pgp(sign,$id) == "detached"} {
-	set pgp(sign,$id) "standard"
-    } else {
-	foreach line $pgpheaders { puts $msg [Pgp_Misc_FixHeader $line] }
-    }
+    foreach line $pgpheaders { puts $msg [Pgp_Misc_FixHeader $line] }
     puts $msg ""
     puts -nonewline $msg [read $orig]
     close $orig
@@ -693,7 +689,7 @@
 	
     switch $pgp(format,$id) {
         app { 
-	    Pgp_ProcessAP $v $dstfile $pgpfile $mailheaders
+	    Pgp_ProcessAP $v $dstfile $pgpfile $mailheaders $typeparams
         }
         pm { 
             Pgp_ProcessPM $v $dstfile $pgpfile $mailheaders $msgfile $id
@@ -706,7 +702,7 @@
     File_Delete $msgfile $pgpfile
 }
 
-proc Pgp_ProcessAP {v dstfile pgpfile mailheaders} {
+proc Pgp_ProcessAP {v dstfile pgpfile mailheaders typeparams} {
     global pgp
 
     lappend mailheaders \
--- lib/pgpPgp5.tcl.orig	Tue Oct 12 14:04:43 1999
+++ lib/pgpPgp5.tcl	Wed Sep 20 19:36:48 2000
@@ -85,7 +85,7 @@
 #############
 # Exec_Batch
 # Batchmode flags
-set pgp(pgp5,flags_batch) {+armorlines=0 +batchmode=on +verbose=0}
+set pgp(pgp5,flags_batch) {+armorlines=0 +batchmode=on +force +verbose=0}
 #
 proc Pgp_pgp5_PassFdSet {} {
     global env

>Release-Note:
>Audit-Trail:
>Unformatted:


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200009210451.e8L4pH746576>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact