From nobody@FreeBSD.org  Sun Apr 12 09:35:16 2009
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id B1532106564A
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 12 Apr 2009 09:35:16 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 954818FC14
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 12 Apr 2009 09:35:16 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.3/8.14.3) with ESMTP id n3C9ZGBH034024
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 12 Apr 2009 09:35:16 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.3/8.14.3/Submit) id n3C9ZGZm034023;
	Sun, 12 Apr 2009 09:35:16 GMT
	(envelope-from nobody)
Message-Id: <200904120935.n3C9ZGZm034023@www.freebsd.org>
Date: Sun, 12 Apr 2009 09:35:16 GMT
From: Kazuo Dohzono <dohzono@gmail.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: [Patch] squirrelmail-1.4.17: non-ascii text handling for "Subject:" field and attached filenames. 
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         133652
>Category:       ports
>Synopsis:       [Patch] squirrelmail-1.4.17: non-ascii text handling for "Subject:" field and attached filenames.
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    tabthorpe
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Apr 12 09:40:04 UTC 2009
>Closed-Date:    Wed May 20 16:23:00 UTC 2009
>Last-Modified:  Wed May 20 16:30:01 UTC 2009
>Originator:     Kazuo Dohzono
>Release:        6.4-RELEASE-p1
>Organization:
>Environment:
FreeBSD platinum 6.4-RELEASE-p1 FreeBSD 6.4-RELEASE-p1 #0: Sun Dec 21 08:13:10 UTC 2008    
root@i386-builder.daemonology.net:/usr/obj/usr/src/sys/SMP  i386
>Description:
There are 2 problems. 

1) Subject/filename folding problem.

In some situation, squirrelmail ruins non-ascii text in Subject
field and filenames. 

When I write Subject: with ascii and non-ascii text (English and
Japanese, for example), squirrelmail turns them into MIME-encoded
text, and then fold it to 78 colums.

1> Subject: SOME_JAPANESE_TEXT

2> Subject: SOME_MIME_ENCODED_JAPANESE_TEXT_..._LONGER_THAN_78_COLUMNS

3> Subject: SOME_MIME_ENCODED_JAPANESE_TEXT_..._LONGER_THAN_78(carriage return)
3> (tab)_COLUMNS

When mail reader reconizes, 3 would be decoded as:

3'> Subject: SOME_MIME_ENCODED_JAPANESE_TEXT_..._LONGER_THAN_78(single-space)_COLUMNS

and if such single-space is appeared in MIME-encoded-word, most mail
reader can't decode the text. 

2) attached filename problem. 

When I try to save attached file, Windows browser (firefox3) can't
handle its non-ascii filename correctly. 

>How-To-Repeat:
1) Write Subject in ascii/non-ascii combination, and send it to
yourself (in any environment).

2) Write filename in ascii/non-ascii combination, and send it to
yourself, and try to save them (in Japanese-Windows environment). 

In both case, you may have to change the combination pattern in order
to reproduce the problem. 
>Fix:
Deliver.class.php:

This patch forces squirrelmail not to fold in Subject field and
attached filename. This is not a correct way, though. If you want to
solve this problem, 

1) count column with MIME-encoded text length, and
2) separate RAW text (before MIME-encode), and
3) encode separated texts. 

Note that some spaces still have to be prepared for MIME-encoded-word
terminators.

i18n.php:

Squirrelmail will treat Japanese filename as UTF-8 (it was SJIS which
was used until Windows-9x). I would like someone to test this with
Macintosh's browser. 


*** Deliver.class.php.orig        Mon Apr 28 11:18:58 2008
--- Deliver.class.php        Sun Apr 12 17:11:32 2009
***************
*** 488,494 ****
--- 488,499 ----
          $cnt = count($header);
          $hdr_s = '';
          for ($i = 0 ; $i < $cnt ; $i++)    {
+             // do not fold a line if it contains some name field. e.g. 'filename', 'name'
+             if (strstr($header[$i], 'name') === false) {
                 $hdr_s .= $this->foldLine($header[$i], 78,str_pad('',4));
+             } else {
+                $hdr_s .= $header[$i];
+             }
          }
          $header = $hdr_s;
          $header .= $rn; /* One blank line to separate mimeheader and body-entity */
***************
*** 719,724 ****
--- 724,730 ----
              case 'Cc':
              case 'Bcc':
              case 'From':
+             case 'Subject':
                  $hdr_s .= $header[$i];
                  break;
              default: $hdr_s .= $this->foldLine($header[$i], 78, str_pad('',4));
break;

*** i18n.php.orig        Tue Oct 28 08:11:38 2008
--- i18n.php        Sun Apr 12 17:30:32 2009
***************
*** 638,644 ****
              $useragent = func_get_arg(2);
              if (strstr($useragent, 'Windows') !== false ||
                  strstr($useragent, 'Mac_') !== false) {
!                 $ret = mb_convert_encoding($ret, 'SJIS', 'AUTO');
              } else {
                  $ret = mb_convert_encoding($ret, 'EUC-JP', 'AUTO');
  }
--- 638,644 ----
              $useragent = func_get_arg(2);
              if (strstr($useragent, 'Windows') !== false ||
                  strstr($useragent, 'Mac_') !== false) {
!                 $ret = mb_convert_encoding($ret, 'UTF-8', 'AUTO');
              } else {
                  $ret = mb_convert_encoding($ret, 'EUC-JP', 'AUTO');
  }



>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->tabthorpe 
Responsible-Changed-By: tabthorpe 
Responsible-Changed-When: Mon Apr 13 19:36:10 UTC 2009 
Responsible-Changed-Why:  
I'll take it. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=133652 
State-Changed-From-To: open->feedback 
State-Changed-By: tabthorpe 
State-Changed-When: Sun Apr 26 03:44:51 UTC 2009 
State-Changed-Why:  
Ask for submitter fix. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=133652 

From: Thomas Abthorpe <tabthorpe@freebsd.org>
To: bug-followup@freebsd.org,
 dohzono@gmail.com
Cc:  
Subject: Re: ports/133652: [Patch] squirrelmail-1.4.17: non-ascii text handling for "Subject:" field and attached filenames.
Date: Sat, 25 Apr 2009 23:43:48 -0400

 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA1
 
 Hi
 
 The patch provided does not apply cleanly, can you please recreate and 
 resbumit it?
 
 Thanks.
 
 
 Thomas
 - -- 
 Thomas Abthorpe		| FreeBSD Committer
 tabthorpe@FreeBSD.org	| http://people.freebsd.org/~tabthorpe
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.11 (FreeBSD)
 
 iEYEARECAAYFAknz2HoACgkQ5Gm/jNBp8qAWHgCfevhOMEVO8zWeG4vvUgsw9wCB
 E9gAn30cYGBLHKR1MhacIhVRGSVtFeeH
 =QVNf
 -----END PGP SIGNATURE-----

From: Kazuo Dohzono <dohzono@gmail.com>
To: bug-followup@FreeBSD.org, dohzono@gmail.com
Cc:  
Subject: Re: ports/133652: [Patch] squirrelmail-1.4.17: non-ascii text 
	handling for "Subject:" field and attached filenames.
Date: Tue, 28 Apr 2009 11:31:55 +0900

 > The patch provided does not apply cleanly, can you please recreate and
 > resbumit it?
 
 Hmmm... It may be not so hard to apply patch manually, but I'll
 recreate them, anyway.
 
 # assume that squirrelmail is installed into /usr/local/www/squirrelmail/.
 
 $ export WRKDIRPREFIX=/usr/local/tmp/
 $ cd /usr/ports/mail/squirrelmail/
 $ make configure
 $ cd /usr/local/tmp/usr/ports/mail/squirrelmail/work/squirrelmail-1.4.17/
 $ for d in ./class ./functions; do for f in `find $d -type f`; do diff
 -cb $f /usr/local/www/squirrelmail/$f; done; done
 *** ./class/deliver/Deliver.class.php        Mon Apr 28 11:18:58 2008
 --- /usr/local/www/squirrelmail/./class/deliver/Deliver.class.php
   Tue Apr 14
 11:23:12 2009
 ***************
 *** 488,494 ****
 --- 488,499 ----
           $cnt = count($header);
           $hdr_s = '';
           for ($i = 0 ; $i < $cnt ; $i++)    {
 +             // do not fold a line if it contains some name field.
 e.g. 'filename',
 'name'
 +             if (strstr($header[$i], 'name') === false) {
                  $hdr_s .= $this->foldLine($header[$i], 78,str_pad('',4));
 +             } else {
 +                $hdr_s .= $header[$i];
 +             }
           }
           $header = $hdr_s;
           $header .= $rn; /* One blank line to separate mimeheader and
 body-entity */
 ***************
 *** 719,724 ****
 --- 724,730 ----
               case 'Cc':
               case 'Bcc':
               case 'From':
 +             case 'Subject':
                   $hdr_s .= $header[$i];
                   break;
               default: $hdr_s .= $this->foldLine($header[$i], 78,
 str_pad('',4));
 break;
 *** ./functions/i18n.php        Tue Oct 28 08:11:38 2008
 --- /usr/local/www/squirrelmail/./functions/i18n.php        Tue Apr 14
 11:24:21 2009
 ***************
 *** 638,644 ****
               $useragent = func_get_arg(2);
               if (strstr($useragent, 'Windows') !== false ||
                   strstr($useragent, 'Mac_') !== false) {
 !                 $ret = mb_convert_encoding($ret, 'SJIS', 'AUTO');
               } else {
                   $ret = mb_convert_encoding($ret, 'EUC-JP', 'AUTO');
   }
 --- 638,644 ----
               $useragent = func_get_arg(2);
               if (strstr($useragent, 'Windows') !== false ||
                   strstr($useragent, 'Mac_') !== false) {
 !                 $ret = mb_convert_encoding($ret, 'UTF-8', 'AUTO');
               } else {
                   $ret = mb_convert_encoding($ret, 'EUC-JP', 'AUTO');
   }
State-Changed-From-To: feedback->open 
State-Changed-By: pav 
State-Changed-When: Tue May 12 11:06:02 UTC 2009 
State-Changed-Why:  
Feedback received 

http://www.freebsd.org/cgi/query-pr.cgi?pr=133652 
State-Changed-From-To: open->closed 
State-Changed-By: tabthorpe 
State-Changed-When: Wed May 20 16:22:59 UTC 2009 
State-Changed-Why:  
Committed. Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=133652 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/133652: commit references a PR
Date: Wed, 20 May 2009 16:21:14 +0000 (UTC)

 tabthorpe    2009-05-20 16:21:01 UTC
 
   FreeBSD ports repository
 
   Modified files:
     mail/squirrelmail    Makefile distinfo pkg-plist 
   Added files:
     mail/squirrelmail/files 
                             patch-class__deliver__Deliver.class.php 
                             patch-functions__i18n.php 
   Log:
   - Update to 1.4.18
   - Fix Subject/filename/non-ascii filename issue [1]
   
   PR:             ports/133652 [1]
   Submitted by:   Kazuo Dohzono <dohzono gmail.com> [1]
   Security:       CVE-2009-1581 CVE-2009-1578 CVE-2009-1579 CVE-2009-1580
   
   Revision  Changes    Path
   1.55      +9 -7      ports/mail/squirrelmail/Makefile
   1.27      +3 -3      ports/mail/squirrelmail/distinfo
   1.1       +31 -0     ports/mail/squirrelmail/files/patch-class__deliver__Deliver.class.php (new)
   1.1       +12 -0     ports/mail/squirrelmail/files/patch-functions__i18n.php (new)
   1.27      +38 -31    ports/mail/squirrelmail/pkg-plist
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
>Unformatted:
