Bugs item #1085651, was opened at 2004-12-15 18:54 Message generated for change (Comment added) made by sjlongland You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1085651&group_id=103 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: mail delivery Group: 2.1 (stable) Status: Open Resolution: None Priority: 5 Private: No Submitted By: Etienne M. Gagnon (egagnon) Assigned to: Nobody/Anonymous (nobody) Summary: Broken PGP/MIME signature of messages with attachments Initial Comment: Hi, When I send a PGP/MIME signed message *with* attachments (in addition to the PGP signature) to a Mailman-based mailing list, Firefox/Enigmail fails to verify the signature of the message forwarded by mailman. I have uploaded an example message with a broken signature as attachment to this bug. You can also see how Mailman's automatic archives don't even handle such messages correctly by looking at how it archived that message at: http://sablecc.org/lists/sablecc-user/2004-December/000159.html I've looked in the bugs database and found that a somewhat related problem was reported a while ago, but note that the current bug is different. The original bug was about PGP/MIME signed messages without attachments that were handled incorrectly by Enigmail. This one is about messages with attachments, and it is likely that the bug is Mailman's, at least accroding to the reply I got in: http://bugzilla.mozdev.org/show_bug.cgi?id=8466 Thanks for your help (and for the magnificient software)! Etienne ---------------------------------------------------------------------- Comment By: Stuart Longland (sjlongland) Date: 2007-03-17 14:52 Message: Logged In: YES user_id=777641 Originator: NO I'm noticing this behaviour myself on a mailing list I set up for a group at uni. HTML emails signed using PGP/MIME and plaintext emails with attachments, both fail signature tests when checked in Enigmail 0.94.0.0 (20060110) on Thunderbird 1.5.0.10 (20070310). I'm running Mailman 2.1.9_rc1 (Gentoo ebuild) on Linux, with the Qmail MTA. ---------------------------------------------------------------------- Comment By: Magnus Holmgren (proffe) Date: 2006-05-11 20:02 Message: Logged In: YES user_id=669310 This is a duplicate of bug #815297. ---------------------------------------------------------------------- Comment By: Bas Wijnen (shevek) Date: 2005-03-20 23:51 Message: Logged In: YES user_id=42389 That function does indeed not conserve whitespace. E-mail doesn't say whitespace in headers (or even the message) must be preserved, so strictly speaking it's not a bug. However, it is a missing feature, and I think python is the place to implement it, not mailman. The point is that signed e-mails with attachments are sent as two parts: One which is a complete e-mail by itself, and one which holds the signature for that e-mail. This is because in attachments whitespace must be preserved (as opposed to the situation in the message itself). It would be very convenient if such e-mail can be handled by python programs without rewriting the things which work fine for non-signed e-mails. If the attachment is really changed, of course the signature will be broken. However, if it is not, it should not be hard to write out the same message (with whitespace preserved) as was read in. If this is not possible, it is quite hard to do it in the program, as python doesn't seem to support loading a part of an e-mail which has headers of its own as a binary attachment (without touching whitespace, in particular). ---------------------------------------------------------------------- Comment By: Jonas Berlin (xkr47) Date: 2005-03-19 22:21 Message: Logged In: YES user_id=66259 from python's Message.py: def _get_params_preserve(self, failobj, header): # Like get_params() but preserves the quoting of values. BAW: # should this be part of the public interface? According to my analysis of the comment, the function in question does _not_ guarantee to preserve the header as-is, it only preserves _quoting_. Thus, I don't think we can call this a bug in python. If there's more official documentation elsewhere that states that it should preserve everything as-is, then ignore this comment altogether :). I didn't have time to grasp how mailman actually uses that Message class, but I think mailman should be changed to use functions that don't alter the message, and/or re-implement that work according to the requirements of mailman (or, users of mailman :). Anyway, an alternative could be to continue to use the Message.py functions to parse the values while analyzing the contents of the message, and then copypaste the original headers as-is after checking. - xkr47 ---------------------------------------------------------------------- Comment By: Etienne M. Gagnon (egagnon) Date: 2005-01-30 03:08 Message: Logged In: YES user_id=15365 Dear Bas, Thanks a lot for identifying the source of this bug and flagging an upstream bug on Python. Etienne ---------------------------------------------------------------------- Comment By: Bas Wijnen (shevek) Date: 2005-01-24 21:35 Message: Logged In: YES user_id=42389 I checked the source, and this appears to be a bug in Python. It can read and write e-mails, including headers, and they are interpreted. However, it doesn't preserve their whitespace, which is of course fatal for pgp signatures. The bug is filed for python here: http://sourceforge.net/tracker/index.php?func=detail&aid=968430&group_id=5470&atid=105470 ---------------------------------------------------------------------- Comment By: Etienne M. Gagnon (egagnon) Date: 2005-01-19 03:30 Message: Logged In: YES user_id=15365 I am attaching a screen shot of the content filtering settings (see the options.png attachment I have added to this bug report). In short, content filtering is disabled, so I don't think it is the cause of the problem. :-/ Etienne ---------------------------------------------------------------------- Comment By: Brad Knowles (shub) Date: 2005-01-17 10:37 Message: Logged In: YES user_id=18417 Look at your content filter settings. What MIME-types are you configured to pass? At the very least, you should be configured to pass the following: multipart/mixed multipart/alternative text/plain application/pgp-signature multipart/signed ---------------------------------------------------------------------- Comment By: Toni Willberg (toniw) Date: 2005-01-08 11:23 Message: Logged In: YES user_id=190645 I can reproduce this bug also. Here's a diff what happened to me: diff -u mail.valid mail.invalid Content-Disposition: attachment; filename=configure.in.pre-pkgconfig.patch -Content-Type: text/x-patch; name=configure.in.pre-pkgconfig.patch; charset=UTF-8 +Content-Type: text/x-patch; name=configure.in.pre-pkgconfig.patch; + charset=UTF-8 Content-Transfer-Encoding: base64 And this was _inside_ gpg-signed block. Mailman should not alter that section at all, right? X-Mailman-Version: 2.1.4 Yours, Toni Willberg <toniw@iki.fi> ---------------------------------------------------------------------- Comment By: Etienne M. Gagnon (egagnon) Date: 2004-12-30 14:03 Message: Logged In: YES user_id=15365 Any update? ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1085651&group_id=103