Your message dated Wed, 14 Nov 2007 21:02:02 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#449324: fixed in dovecot 1:1.0.7-3
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: dovecot-imapd
Version: 1:1.0.7-1
Severity: minor
Tags: patch
When attempting to use an unsupported SASL mechanism, Dovecot responds:
BAD Unsupported authentication mechanism.
whereas it SHOULD (according to RFC 3501 6.2.2) use NO instead.
One solution is to change client-authenticate.c:211 to
msg = reply = "NO ";
since the only possible cases for BAD to occur are that the command is
unknown, which is not permitted because AUTH=PLAIN is required to be
supported; the arguments are invalid, which is already handled in
cmd_authenticate by returning -1; or the authentication exchange was
somehow cancelled, which I see no code for (which is probably a separate
bug).
Note that this also occurs when using LOGIN when it is not supported
because no password database is enabled.
Transcript of a session with unsupported SASL mechanism:
lakeview ok % imtest -m DIGEST-MD5 -u bmc crustytoothpaste.ath.cx
S: * OK Dovecot ready.
C: C01 CAPABILITY
S: * CAPABILITY IMAP4rev1 SASL-IR SORT THREAD=REFERENCES MULTIAPPEND UNSELECT
LITERAL+ IDLE CHILDREN NAMESPACE LOGIN-REFERRALS STARTTLS LOGINDISABLED
AUTH=GSSAPI
S: C01 OK Capability completed.
C: A01 AUTHENTICATE DIGEST-MD5
S: A01 BAD Unsupported authentication mechanism.
base64 decoding error
Authentication failed. generic failure
Security strength factor: 0
* LOGOUT
* BYE Logging out
* OK Logout completed.
Connection closed.
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.23-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL
set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/bash
--
brian m. carlson / brian with sandals: Houston, Texas, US
+1 713 440 7475 | http://crustytoothpaste.ath.cx/~bmc | My opinion only
a typesetting engine: http://crustytoothpaste.ath.cx/~bmc/code/thwack
OpenPGP: RSA v4 4096b 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Source: dovecot
Source-Version: 1:1.0.7-3
We believe that the bug you reported is fixed in the latest version of
dovecot, which is due to be installed in the Debian FTP archive:
dovecot-common_1.0.7-3_amd64.deb
to pool/main/d/dovecot/dovecot-common_1.0.7-3_amd64.deb
dovecot-imapd_1.0.7-3_amd64.deb
to pool/main/d/dovecot/dovecot-imapd_1.0.7-3_amd64.deb
dovecot-pop3d_1.0.7-3_amd64.deb
to pool/main/d/dovecot/dovecot-pop3d_1.0.7-3_amd64.deb
dovecot_1.0.7-3.diff.gz
to pool/main/d/dovecot/dovecot_1.0.7-3.diff.gz
dovecot_1.0.7-3.dsc
to pool/main/d/dovecot/dovecot_1.0.7-3.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Fabio Tranchitella <[EMAIL PROTECTED]> (supplier of updated dovecot package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 14 Nov 2007 21:33:55 +0100
Source: dovecot
Binary: dovecot-common dovecot-pop3d dovecot-imapd
Architecture: source amd64
Version: 1:1.0.7-3
Distribution: unstable
Urgency: low
Maintainer: Dovecot Maintainers <[EMAIL PROTECTED]>
Changed-By: Fabio Tranchitella <[EMAIL PROTECTED]>
Description:
dovecot-common - secure mail server that supports mbox and maildir mailboxes
dovecot-imapd - secure IMAP server that supports mbox and maildir mailboxes
dovecot-pop3d - secure POP3 server that supports mbox and maildir mailboxes
Closes: 439246 446555 449324
Changes:
dovecot (1:1.0.7-3) unstable; urgency=low
.
* debian/patches/dovecot-ssl.dpatch: provide mechanism to discover if ssl
client certificate is verified, patch from Stephen Gran. (Closes: #446555)
* debian/patches/pam-error-information.dpatch: fill auth information in pam
error, patch backported from upstream RCS . (Closes: #439246)
* debian/patches/unsupported-sasl-mech.dpatch: should use NO (not BAD) for
unsupported SASL mech, patch backported from upstream RCS. (Closes:
#449324)
Files:
48bbd67b61b8f1361ff0595c769adae4 1013 mail optional dovecot_1.0.7-3.dsc
e898a53bb3e7eabc7e165e45975fc915 104337 mail optional dovecot_1.0.7-3.diff.gz
86ee66cf4b7e73e00767079e8bc24e6d 1800056 mail optional
dovecot-common_1.0.7-3_amd64.deb
87ff936abb9538f0f97a538f29c52188 651304 mail optional
dovecot-imapd_1.0.7-3_amd64.deb
cf7ed8e5cbaf1ac738853764b5214bb1 614774 mail optional
dovecot-pop3d_1.0.7-3_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHO176K/juK3+WFWQRAj5AAJ9MxRPsZ12efZm6Wt5f7mcPTTnRbgCgjira
O2OkwERabRS7Rm9NGuJcbX8=
=Lui9
-----END PGP SIGNATURE-----
--- End Message ---
