Date: Sun, 1 Nov 2009 22:04:09 GMT From: Aragon Gouveia <aragon@phat.za.net> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/140175: [patch] mail/ssmtp CRAM-MD5 broken Message-ID: <200911012204.nA1M49Wn080445@www.freebsd.org> Resent-Message-ID: <200911012210.nA1MA1tA019710@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 140175 >Category: ports >Synopsis: [patch] mail/ssmtp CRAM-MD5 broken >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Nov 01 22:10:01 UTC 2009 >Closed-Date: >Last-Modified: >Originator: Aragon Gouveia >Release: 8.0-BETA3 >Organization: >Environment: FreeBSD igor.geek.sh 8.0-BETA3 FreeBSD 8.0-BETA3 #0: Thu Sep 17 14:02:41 SAST 2009 root@igor.geek.sh:/usr/obj/usr/src/sys/IGOR amd64 >Description: SSMTP bundles MD5 code with it (md5auth/md5c.c) instead of linking against system libraries, and this bundled code seems to generate broken HMAC-MD5 hashes, which breaks SSMTP's support for CRAM-MD5 SMTP authentication, at least on FreeBSD 8.0. Attached is a patch to the port that unlinks md5auth/md5c.c from the build, and links ssmtp against the system -lmd. >How-To-Repeat: >Fix: Patch attached with submission follows: diff -uNr ssmtp.orig/files/patch-configure ssmtp/files/patch-configure --- ssmtp.orig/files/patch-configure 2003-10-02 01:08:01.000000000 +0200 +++ ssmtp/files/patch-configure 2009-11-01 23:54:36.000000000 +0200 @@ -9,3 +9,16 @@ fi enableval="" +--- configure.orig 2009-11-01 23:52:55.000000000 +0200 ++++ configure 2009-11-01 23:53:42.000000000 +0200 +@@ -1591,7 +1591,8 @@ + #define MD5AUTH 1 + EOF + +- SRCS="$SRCS md5auth/md5c.c md5auth/hmac_md5.c" ++ SRCS="$SRCS md5auth/hmac_md5.c" ++ LIBS="$LIBS -lmd" + fi + enableval="" + + diff -uNr ssmtp.orig/files/patch-md5auth-hmac_md5.c ssmtp/files/patch-md5auth-hmac_md5.c --- ssmtp.orig/files/patch-md5auth-hmac_md5.c 1970-01-01 02:00:00.000000000 +0200 +++ ssmtp/files/patch-md5auth-hmac_md5.c 2009-11-01 23:56:00.000000000 +0200 @@ -0,0 +1,12 @@ +--- md5auth/hmac_md5.c.orig 2009-11-01 23:54:54.000000000 +0200 ++++ md5auth/hmac_md5.c 2009-11-01 23:55:07.000000000 +0200 +@@ -1,7 +1,7 @@ + #include "global.h" +-#include "md5.h" + #include <string.h> + #include <sys/types.h> ++#include <md5.h> + + /* + ** Function: hmac_md5 (RFC 2104) + >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200911012204.nA1M49Wn080445>