On 2008-04-08 at 09:46 -0500, Graham Barr wrote: > This patch no longer applies clean against the repository due to ongoing > work. > > The SVN repository can be found at > http://svn.goingon.net/repos/Authen-SASL/trunk
I was rather surprised to read this, since I'm not submitting a feature
request; it's a security issue and normally, given a patch against the
latest released version, the people most familiar with the code should
port it forward, if going to merge security fixes with normal devel work
instead of branching a pure security-fix.
Nonetheless, I set aside some time to redo the patch; first step, build
the module before making any changes, to be sure that I have a clean
slate. Unfortunately, it fails to even configure for the platform.
----------------------------8< cut here >8------------------------------
% perl Makefile.PL
include /home/pdp/src/svn-cos/authen-sasl/build/inc/Module/Install.pm
include inc/Module/Install/Metadata.pm
include inc/Module/Install/Base.pm
include inc/Module/Install/Win32.pm
include inc/Module/Install/Can.pm
include inc/Module/Install/Fetch.pm
include inc/Module/Install/Include.pm
Please first specify a required perl version, like this:
requires( perl => '5.005' );
----------------------------8< cut here >8------------------------------
Perl 5.8.8/amd64, Module::Install 0.71.
I can take a look again, once this is fixed (or my error pointed out).
> Please also create a testcase which fails and shows the problem on the
> version you have so we can verify that new code has fixed it.
Attached, derived from existing DIGEST-MD5; my test user doesn't have
authorization rights and it'd be too much hassle to set up such a
privileged account, so this can just be a second t/ file. Test data
derived from Cyrus IMAP's MANAGESIEVE service (timsieved); server
behaviour confirmed against Isode's M-Box SIEVED server. Test program
used to obtain the data (with the help of a CNONCE hack) is
'sieve-connect', obtainable from:
http://people.spodhuis.org/phil.pennock/software/
Against working DIGEST-MD5:
----------------------------8< cut here >8------------------------------
1..8
ok 1 - new
ok 2 - sasl mechanism
ok 3 - conn mechanism
ok 4 - client_start
ok 5 - SASL error:
ok 6 - client_step
ok 7 - SASL error:
ok 8 - client_step verification
----------------------------8< cut here >8------------------------------
Against broken:
----------------------------8< cut here >8------------------------------
1..8
ok 1 - new
ok 2 - sasl mechanism
ok 3 - conn mechanism
ok 4 - client_start
ok 5 - SASL error:
ok 6 - client_step
not ok 7 - SASL error: Server did not provide required field(s): algorithm nonce
# Failed test 'SASL error: Server did not provide required field(s):
algorithm nonce'
# at ./tt line 56.
not ok 8 - client_step verification
# Failed test 'client_step verification'
# at ./tt line 58.
# got: undef
# expected: ''
# Looks like you failed 2 tests of 8.
----------------------------8< cut here >8------------------------------
This is the client demanding fields which should only be returned in the
first round.
digest_md5_verified.t
Description: Troff document
pgp3AePfyl5NJ.pgp
Description: PGP signature
