Bug 133652

Summary: [Patch] squirrelmail-1.4.17: non-ascii text handling for "Subject:" field and attached filenames.
Product: Ports & Packages Reporter: dohzono
Component: Individual Port(s)Assignee: Thomas Abthorpe <tabthorpe>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
file.diff
none
file.diff none

Description dohzono 2009-04-12 10:40:04 UTC 
There are 2 problems. 

1) Subject/filename folding problem.

In some situation, squirrelmail ruins non-ascii text in Subject
field and filenames. 

When I write Subject: with ascii and non-ascii text (English and
Japanese, for example), squirrelmail turns them into MIME-encoded
text, and then fold it to 78 colums.

1> Subject: SOME_JAPANESE_TEXT

2> Subject: SOME_MIME_ENCODED_JAPANESE_TEXT_..._LONGER_THAN_78_COLUMNS

3> Subject: SOME_MIME_ENCODED_JAPANESE_TEXT_..._LONGER_THAN_78(carriage return)
3> (tab)_COLUMNS

When mail reader reconizes, 3 would be decoded as:

3'> Subject: SOME_MIME_ENCODED_JAPANESE_TEXT_..._LONGER_THAN_78(single-space)_COLUMNS

and if such single-space is appeared in MIME-encoded-word, most mail
reader can't decode the text. 

2) attached filename problem. 

When I try to save attached file, Windows browser (firefox3) can't
handle its non-ascii filename correctly.

Fix: Deliver.class.php:

This patch forces squirrelmail not to fold in Subject field and
attached filename. This is not a correct way, though. If you want to
solve this problem, 

1) count column with MIME-encoded text length, and
2) separate RAW text (before MIME-encode), and
3) encode separated texts. 

Note that some spaces still have to be prepared for MIME-encoded-word
terminators.

i18n.php:

Squirrelmail will treat Japanese filename as UTF-8 (it was SJIS which
was used until Windows-9x). I would like someone to test this with
Macintosh's browser. 

How-To-Repeat: 1) Write Subject in ascii/non-ascii combination, and send it to
yourself (in any environment).

2) Write filename in ascii/non-ascii combination, and send it to
yourself, and try to save them (in Japanese-Windows environment). 

In both case, you may have to change the combination pattern in order
to reproduce the problem.
Comment 1 Thomas Abthorpe freebsd_committer freebsd_triage 2009-04-13 20:36:10 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->tabthorpe

I'll take it.
Comment 2 Thomas Abthorpe freebsd_committer freebsd_triage 2009-04-26 04:43:48 UTC 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi

The patch provided does not apply cleanly, can you please recreate and 
resbumit it?

Thanks.


Thomas
- -- 
Thomas Abthorpe		| FreeBSD Committer
tabthorpe@FreeBSD.org	| http://people.freebsd.org/~tabthorpe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.11 (FreeBSD)

iEYEARECAAYFAknz2HoACgkQ5Gm/jNBp8qAWHgCfevhOMEVO8zWeG4vvUgsw9wCB
E9gAn30cYGBLHKR1MhacIhVRGSVtFeeH
=QVNf
-----END PGP SIGNATURE-----
Comment 3 Thomas Abthorpe freebsd_committer freebsd_triage 2009-04-26 04:44:51 UTC 
State Changed
From-To: open->feedback

Ask for submitter fix.
Comment 4 dohzono 2009-04-28 03:31:55 UTC 
> The patch provided does not apply cleanly, can you please recreate and
> resbumit it?

Hmmm... It may be not so hard to apply patch manually, but I'll
recreate them, anyway.

# assume that squirrelmail is installed into /usr/local/www/squirrelmail/.

$ export WRKDIRPREFIX=/usr/local/tmp/
$ cd /usr/ports/mail/squirrelmail/
$ make configure
$ cd /usr/local/tmp/usr/ports/mail/squirrelmail/work/squirrelmail-1.4.17/
$ for d in ./class ./functions; do for f in `find $d -type f`; do diff
-cb $f /usr/local/www/squirrelmail/$f; done; done
*** ./class/deliver/Deliver.class.php        Mon Apr 28 11:18:58 2008
--- /usr/local/www/squirrelmail/./class/deliver/Deliver.class.php
  Tue Apr 14
11:23:12 2009
***************
*** 488,494 ****
--- 488,499 ----
          $cnt = count($header);
          $hdr_s = '';
          for ($i = 0 ; $i < $cnt ; $i++)    {
+             // do not fold a line if it contains some name field.
e.g. 'filename',
'name'
+             if (strstr($header[$i], 'name') === false) {
                 $hdr_s .= $this->foldLine($header[$i], 78,str_pad('',4));
+             } else {
+                $hdr_s .= $header[$i];
+             }
          }
          $header = $hdr_s;
          $header .= $rn; /* One blank line to separate mimeheader and
body-entity */
***************
*** 719,724 ****
--- 724,730 ----
              case 'Cc':
              case 'Bcc':
              case 'From':
+             case 'Subject':
                  $hdr_s .= $header[$i];
                  break;
              default: $hdr_s .= $this->foldLine($header[$i], 78,
str_pad('',4));
break;
*** ./functions/i18n.php        Tue Oct 28 08:11:38 2008
--- /usr/local/www/squirrelmail/./functions/i18n.php        Tue Apr 14
11:24:21 2009
***************
*** 638,644 ****
              $useragent = func_get_arg(2);
              if (strstr($useragent, 'Windows') !== false ||
                  strstr($useragent, 'Mac_') !== false) {
!                 $ret = mb_convert_encoding($ret, 'SJIS', 'AUTO');
              } else {
                  $ret = mb_convert_encoding($ret, 'EUC-JP', 'AUTO');
  }
--- 638,644 ----
              $useragent = func_get_arg(2);
              if (strstr($useragent, 'Windows') !== false ||
                  strstr($useragent, 'Mac_') !== false) {
!                 $ret = mb_convert_encoding($ret, 'UTF-8', 'AUTO');
              } else {
                  $ret = mb_convert_encoding($ret, 'EUC-JP', 'AUTO');
  }
Comment 5 Pav Lucistnik freebsd_committer freebsd_triage 2009-05-12 12:06:02 UTC 
State Changed
From-To: feedback->open

Feedback received
Comment 6 dfilter service freebsd_committer freebsd_triage 2009-05-20 17:21:14 UTC 
tabthorpe    2009-05-20 16:21:01 UTC

  FreeBSD ports repository

  Modified files:
    mail/squirrelmail    Makefile distinfo pkg-plist 
  Added files:
    mail/squirrelmail/files 
                            patch-class__deliver__Deliver.class.php 
                            patch-functions__i18n.php 
  Log:
  - Update to 1.4.18
  - Fix Subject/filename/non-ascii filename issue [1]
  
  PR:             ports/133652 [1]
  Submitted by:   Kazuo Dohzono <dohzono gmail.com> [1]
  Security:       CVE-2009-1581 CVE-2009-1578 CVE-2009-1579 CVE-2009-1580
  
  Revision  Changes    Path
  1.55      +9 -7      ports/mail/squirrelmail/Makefile
  1.27      +3 -3      ports/mail/squirrelmail/distinfo
  1.1       +31 -0     ports/mail/squirrelmail/files/patch-class__deliver__Deliver.class.php (new)
  1.1       +12 -0     ports/mail/squirrelmail/files/patch-functions__i18n.php (new)
  1.27      +38 -31    ports/mail/squirrelmail/pkg-plist
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 7 Thomas Abthorpe freebsd_committer freebsd_triage 2009-05-20 17:22:59 UTC 
State Changed
From-To: open->closed

Committed. Thanks!