Hello, I am running mailman 2.1.5 with sendmail. One of my users sent in an attachment with a message to the list. When he signs with his PGP key, only the PGP signature remains in the message. I have yet to locate the rest of the message. It is necessary to disable the signature to allow his posts to go through properly. Is there a method to allow for secure signatures on messages? I have searched quite a bit and have yet to find relevant information. Any information/assistance would be greatly appreciated.
Thank you, Jeff D
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Jeff DeReus wrote:
I am running mailman 2.1.5 with sendmail. One of my users sent in an attachment with a message to the list. When he signs with his PGP key, only the PGP signature remains in the message. I have yet to locate the rest of the message. It is necessary to disable the signature to allow his posts to go through properly. Is there a method to allow for secure signatures on messages? I have searched quite a bit and have yet to find relevant information. Any information/assistance would be greatly appreciated.
There are a number of variables here. The two main ways that are used to sign messages with PGP are PGP/MIME and inline (or traditional) PGP (this message is signed using inline PGP).
Which method is the poster using? What settings do you have for pass_mime_types (on the Content filtering admin page)?
I send signed messages in both formats to various mailman lists without the text disappearing. I know that some mailman setups will break the signature, but I haven't had any eat the message body so far.
Todd OpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp
You will rue this day! Well, go on! Start ruing! -- Stewie Griffin
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl.
iG0EARECAC0FAkRrXa8mGGh0dHA6Ly93d3cucG9ib3guY29tL350bXovcGdwL3Rt ei5hc2MACgkQuv+09NZUB1pHigCffV5w8AatoVZYj3EewOzwG12Fz5EAoNsbJsy1 INl4aHzfFLmHxIG5hmWx =YOTq -----END PGP SIGNATURE-----
The poster uses an OpenPGP/MIME signature.
the pass_mime_types ==
multipart/mixed multipart/alternative text/plain
Thank you, Jeff D
On 5/17/06, Todd Zullinger tmz@pobox.com wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Jeff DeReus wrote:
I am running mailman 2.1.5 with sendmail. One of my users sent in an attachment with a message to the list. When he signs with his PGP key, only the PGP signature remains in the message. I have yet to locate the rest of the message. It is necessary to disable the signature to allow his posts to go through properly. Is there a method to allow for secure signatures on messages? I have searched quite a bit and have yet to find relevant information. Any information/assistance would be greatly appreciated.
There are a number of variables here. The two main ways that are used to sign messages with PGP are PGP/MIME and inline (or traditional) PGP (this message is signed using inline PGP).
Which method is the poster using? What settings do you have for pass_mime_types (on the Content filtering admin page)?
I send signed messages in both formats to various mailman lists without the text disappearing. I know that some mailman setups will break the signature, but I haven't had any eat the message body so far.
Todd OpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp
You will rue this day! Well, go on! Start ruing! -- Stewie Griffin
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl.
iG0EARECAC0FAkRrXa8mGGh0dHA6Ly93d3cucG9ib3guY29tL350bXovcGdwL3Rt ei5hc2MACgkQuv+09NZUB1pHigCffV5w8AatoVZYj3EewOzwG12Fz5EAoNsbJsy1 INl4aHzfFLmHxIG5hmWx =YOTq -----END PGP SIGNATURE-----
Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/jdereus%40gmail.com
Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Jeff DeReus wrote:
The poster uses an OpenPGP/MIME signature.
Okay.
the pass_mime_types ==
multipart/mixed multipart/alternative text/plain
I should have asked whether the filter_content setting was yes or no too. If it's no, then the pass_mime_types setting won't come into play (I believe, hopefully someone will correct me if I'm wrong).
Anyway, I just created a test list on a system running mailman 2.1.5 and left all settings at the defaults. Then I posted several messages signed with and without attachments using OpenPGP/MIME. I had no trouble receiving the messages and verifying the pgp signatures.
Does the message show up in the list archives? What happens if you open the list mbox in mutt?
In my test list the message body and attachment got scrubbed from the archives, but came through to the list intact. I'd have to search a bit to see what settings need to be changed to get the archiver to work right with these messages, but I believe it can be done. (Mark probably knows exactly how, perhaps he'll jump in with some wisdom.)
Todd OpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp
I don't mind arguing with myself. It's when I lose that it bothers me. -- Richard Powers
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl.
iG0EARECAC0FAkRrb/8mGGh0dHA6Ly93d3cucG9ib3guY29tL350bXovcGdwL3Rt ei5hc2MACgkQuv+09NZUB1pQnwCgpbDtc+ANQtFgtlPJNG6qIYtyGW4AoLn8lXnv t7w1LQqoa8r7cCvY8Ggy =L0Sj -----END PGP SIGNATURE-----
Unfortunately filter_content was not set to yes. I am assuming that would be fairly "handy". Although everything goes through properly with filter_content disabled and when unsigned. As to the message in the archives, the only piece that successfully arrived was
Skipped content of type multipart/mixed
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Jeff DeReus wrote:
Unfortunately filter_content was not set to yes. I am assuming that would be fairly "handy".
I'm not sure whether that will any effect on the archiving or not. It's been a long time since I tested that.
Although everything goes through properly with filter_content disabled and when unsigned.
To be clear, does the message arrive properly to list members or is the attachment and body stripped there as well as in the archives? In my testing only the archived copy was stripped.
As to the message in the archives, the only piece that successfully arrived was
Skipped content of type multipart/mixed-------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 186 bytes Desc: This is a digitally signed message part Url : http://www.blah.org/pipermail/developers/attachments/20060510/529c55f0/PGP.b... http://www.cactuscode.org/pipermail/developers/attachments/20060510/529c55f0...
The archiver bug is mentioned here, but I couldn't see any resolution to that part of the problem (and sourceforge isn't cooperating with me ATM):
http://mail.python.org/pipermail/mailman-coders/2005-March/001687.html
However, viewing the list mbox file the full message with the attachment ?flattened? is there.
Flattened? Reading the mbox of my test list with mutt the message and attachment were all normal and the signature verified properly.
Todd OpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp
A snooze button is a poor substitute for no alarm clock at all.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl.
iG0EARECAC0FAkRrgjomGGh0dHA6Ly93d3cucG9ib3guY29tL350bXovcGdwL3Rt ei5hc2MACgkQuv+09NZUB1qNiQCgyOLh8+FLr+VOhAM2smIW6VS7MyQAn2p27nQv /h16smlehbhCcMqyfV7/ =JTNq -----END PGP SIGNATURE-----
On 5/17/06, Todd Zullinger tmz@pobox.com wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Jeff DeReus wrote:
Unfortunately filter_content was not set to yes. I am assuming that would be fairly "handy".
I'm not sure whether that will any effect on the archiving or not. It's been a long time since I tested that.
Although everything goes through properly with filter_content disabled and when unsigned.
To be clear, does the message arrive properly to list members or is the attachment and body stripped there as well as in the archives? In my testing only the archived copy was stripped.
The actual text and key arrived to the mailing list. At this point I cannot verify from anyone if the attachment made it through correctly. my apologies.
I have enabled the content_filter and added mime_types to see if this will solve my little problem.
application/pgp-signature multipart/signed
As you might understand, losing patches is not a desirable outcome, so maybe in the meantime this will have some effect.
As to the message in the archives, the only piece that successfully
arrived was
Skipped content of type multipart/mixed-------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 186 bytes Desc: This is a digitally signed message part Url :
http://www.blah.org/pipermail/developers/attachments/20060510/529c55f0/PGP.b...
< http://www.cactuscode.org/pipermail/developers/attachments/20060510/529c55f0...
The archiver bug is mentioned here, but I couldn't see any resolution to that part of the problem (and sourceforge isn't cooperating with me ATM):
http://mail.python.org/pipermail/mailman-coders/2005-March/001687.html
However, viewing the list mbox file the full message with the attachment ?flattened? is there.
Flattened? Reading the mbox of my test list with mutt the message and attachment were all normal and the signature verified properly.
I am probably using the wrong word in the wrong place here. Everything is displayed properly in the mbox for the list. It is only the archive that is affected.
Thank you, Jeff D
Todd OpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp
A snooze button is a poor substitute for no alarm clock at all.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl.
iG0EARECAC0FAkRrgjomGGh0dHA6Ly93d3cucG9ib3guY29tL350bXovcGdwL3Rt ei5hc2MACgkQuv+09NZUB1qNiQCgyOLh8+FLr+VOhAM2smIW6VS7MyQAn2p27nQv /h16smlehbhCcMqyfV7/ =JTNq -----END PGP SIGNATURE-----
Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/jdereus%40gmail.com
Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Jeff DeReus wrote:
On 5/17/06, Todd Zullinger tmz@pobox.com wrote: [...]
To be clear, does the message arrive properly to list members or is the attachment and body stripped there as well as in the archives? In my testing only the archived copy was stripped.
The actual text and key arrived to the mailing list. At this point I cannot verify from anyone if the attachment made it through correctly. my apologies.
No problem. I'm betting the attachment did arrive, based on my own tests. I think this is a bug limited to the archiver.
I have enabled the content_filter and added mime_types to see if this will solve my little problem.
application/pgp-signature multipart/signed
Let us know if it does. I'm not really familiar enough with the code to know if it will help. I don't think it will, but I could easily be mistaken.
As you might understand, losing patches is not a desirable outcome, so maybe in the meantime this will have some effect.
Nope, losing important parts of messages in the archives isn't good. I wouldn't like any patches I took the time to create getting eaten.
Flattened? Reading the mbox of my test list with mutt the message and attachment were all normal and the signature verified properly.
I am probably using the wrong word in the wrong place here. Everything is displayed properly in the mbox for the list. It is only the archive that is affected.
That's good to know. Unfortunately, I don't know enough about how the archive scrubber code works to know how to solve the problem. Hopefully someone else can offer some help.
Todd OpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp
Whenever you find yourself on the side of the majority, it is time to pause and reflect. -- Mark Twain
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl.
iG0EARECAC0FAkRrqtImGGh0dHA6Ly93d3cucG9ib3guY29tL350bXovcGdwL3Rt ei5hc2MACgkQuv+09NZUB1r9MgCg4QbmxZZGqfU35L2PahHGQSihEUUAoP0iZ2Fr n9OZhrmM11OrM8S8ja5t =xTV6 -----END PGP SIGNATURE-----
Todd Zullinger wrote:
Jeff DeReus wrote:
I have enabled the content_filter and added mime_types to see if this will solve my little problem.
application/pgp-signature multipart/signed
Let us know if it does. I'm not really familiar enough with the code to know if it will help. I don't think it will, but I could easily be mistaken.
Depends on whether Content Filtering is on or off. If off, nothing in pass_mime_types has any effect - everything is passed. If on, these are necessary or the whole message will be filtered out.
I am probably using the wrong word in the wrong place here. Everything is displayed properly in the mbox for the list. It is only the archive that is affected.
That's good to know. Unfortunately, I don't know enough about how the archive scrubber code works to know how to solve the problem. Hopefully someone else can offer some help.
There are issues with the archiver with respect to certain, complex structures, but here are some points.
The entire message was in the .mbox file for the list. This means the entire message was delivered to message subscribers and MIME format digest subscribers. A scrubbed message is in the archive and was delivered to plain digest subscribers.
Before giving up on the archive, look at the 'source' html of the archive page and look at the 'source' of the scrubbed attachment(s). I've seen scrubbed attachments that look like X is missing when viewed in browser A and look like Y is missing when viewed in browser B, when in fact, if you look at the actual file, everything is there.
-- Mark Sapiro msapiro@value.net The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Mark Sapiro wrote:
Before giving up on the archive, look at the 'source' html of the archive page and look at the 'source' of the scrubbed attachment(s). I've seen scrubbed attachments that look like X is missing when viewed in browser A and look like Y is missing when viewed in browser B, when in fact, if you look at the actual file, everything is there.
In the bug report I found, there's a link to the archived message:
http://sablecc.org/lists/sablecc-user/2004-December/000159.html
and that looks just like the archived messages I have from testing.
It starts off with:
Skipped content of type multipart/mixed
which would mean that the message part was totally skipped in Handlers.Scrubber, right?
It seems to me that some part of the scrubber or message parsing code may just not be recursing into the multipart/mixed part, but I don't really know. Mark, perhaps you know the flow better and could say whether that's a possibility?
The structure of an OpenPGP/MIME signed message with an attachment is something like this (the parts inside the multipart/mixed part may vary, in my tests I used a plain text message and attached a patch file):
multipart/signed
multipart/mixed
text/plain
text/plain
application/pgp-signature
Around line 300 in Handlers.Scrubber, the comments say:
# All parts should be scrubbed to text/plain by now.
and then a simple test for a non text/plain ctype is made, replacing it with the "Skipped content" text from above. Somewhere before that, shouldn't the multipart/mixed message part have been handled?
Todd OpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp
Every normal man must be tempted at times to spit upon his hands, hoist the black flag and begin slitting throats. -- H.L. Mencken
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl.
iG0EARECAC0FAkRrtsMmGGh0dHA6Ly93d3cucG9ib3guY29tL350bXovcGdwL3Rt ei5hc2MACgkQuv+09NZUB1ptogCfWf3xbViDcFrObyDI/MAOU9ywnUsAnjfTtoDz DKoOdu0aojENPnN6N83I =cWxY -----END PGP SIGNATURE-----
Todd Zullinger wrote:
In the bug report I found, there's a link to the archived message:
http://sablecc.org/lists/sablecc-user/2004-December/000159.html
and that looks just like the archived messages I have from testing.
It starts off with:
Skipped content of type multipart/mixed
which would mean that the message part was totally skipped in Handlers.Scrubber, right?
That message is issued when we walk through the message parts after scrubbing and find a non-multipart sub part whose type is not text/plain.
It seems to me that some part of the scrubber or message parsing code may just not be recursing into the multipart/mixed part, but I don't really know. Mark, perhaps you know the flow better and could say whether that's a possibility?
Something is seriously wrong, either with Scrubber or with the original message. I.e. it is saying there is a multipart/mixed part that doesn't have sub-parts.
The structure of an OpenPGP/MIME signed message with an attachment is something like this (the parts inside the multipart/mixed part may vary, in my tests I used a plain text message and attached a patch file):
multipart/signed multipart/mixed text/plain text/plain application/pgp-signature
Around line 300 in Handlers.Scrubber, the comments say:
# All parts should be scrubbed to text/plain by now.
and then a simple test for a non text/plain ctype is made, replacing it with the "Skipped content" text from above. Somewhere before that, shouldn't the multipart/mixed message part have been handled?
Yup. Something is wrong here. Maybe in Scrubber, Maybe in Python's email parser. I probably won't have time to look at this in detail until Friday, but I will. Can you send me a copy of your test message off list? Thanks.
-- Mark Sapiro msapiro@value.net The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Mark Sapiro wrote:
Todd Zullinger wrote: [...]
Around line 300 in Handlers.Scrubber, the comments say:
# All parts should be scrubbed to text/plain by now.
and then a simple test for a non text/plain ctype is made, replacing it with the "Skipped content" text from above. Somewhere before that, shouldn't the multipart/mixed message part have been handled?
Yup. Something is wrong here. Maybe in Scrubber, Maybe in Python's email parser. I probably won't have time to look at this in detail until Friday, but I will. Can you send me a copy of your test message off list? Thanks.
Will do. And thank you.
Todd OpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp
The human race divides itself politically into those who want to be controlled, and those who have no such desire. -- Robert A. Heinlein
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl.
iG0EARECAC0FAkRrzNsmGGh0dHA6Ly93d3cucG9ib3guY29tL350bXovcGdwL3Rt ei5hc2MACgkQuv+09NZUB1o98gCeMYdZKBzLa0HnOr2ZIyAwCNZ1kSkAoMNNTpyw fSwV7UNIF7PNSmUyKU7T =8X0l -----END PGP SIGNATURE-----
It seems that adding the filter_types has one effect. When the list subscribers get a message that has been PGP signed, the signature is no longer valid.
When a patch is submitted (for developers) it is stripped from the message that is posted to one list and the entire message with the patch is then forwarded to another list (for the actual patches).
When one particular patch was submitted, it seems that the characters are being converted to either unicode or ascii. i.e.
============================ is now =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D etc, etc, for several more lines. this is in the mbox for the patches list. also there are miscellaneous characters tossed in there (just for good measure I suppose :) )
static int ShowStaticPage (const cGH *GH, httpRequest *request, void *u= nused); 494c496 (from the mbox)
One possibility for the character munging perhaps is the email client the submitter uses. One person is using thunderbird and the other is using the default "Mail" client on Mac OS X. the mac submitter patches at least arrive in the mbox correctly without munging.
Hope that helps.
Thank you, Jeff D
On 5/17/06, Todd Zullinger tmz@pobox.com wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Mark Sapiro wrote:
Todd Zullinger wrote: [...]
Around line 300 in Handlers.Scrubber, the comments say:
# All parts should be scrubbed to text/plain by now.
and then a simple test for a non text/plain ctype is made, replacing it with the "Skipped content" text from above. Somewhere before that, shouldn't the multipart/mixed message part have been handled?
Yup. Something is wrong here. Maybe in Scrubber, Maybe in Python's email parser. I probably won't have time to look at this in detail until Friday, but I will. Can you send me a copy of your test message off list? Thanks.
Will do. And thank you.
Todd OpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp
The human race divides itself politically into those who want to be controlled, and those who have no such desire. -- Robert A. Heinlein
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl.
iG0EARECAC0FAkRrzNsmGGh0dHA6Ly93d3cucG9ib3guY29tL350bXovcGdwL3Rt ei5hc2MACgkQuv+09NZUB1o98gCeMYdZKBzLa0HnOr2ZIyAwCNZ1kSkAoMNNTpyw fSwV7UNIF7PNSmUyKU7T =8X0l -----END PGP SIGNATURE-----
Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/jdereus%40gmail.com
Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
Jeff DeReus wrote:
It seems that adding the filter_types has one effect. When the list subscribers get a message that has been PGP signed, the signature is no longer valid.
I assume here that content filtering is On. There is not much Mailman can do in these cases. I'm not sure what the specific issue is in this case, but generally, anything that touches the message body will break the signature.
When a patch is submitted (for developers) it is stripped from the message that is posted to one list
Do you mean in the archive or in the message sent to subscribers?
and the entire message with the patch is then forwarded to another list (for the actual patches).
When one particular patch was submitted, it seems that the characters are being converted to either unicode or ascii. i.e.
============================ is now =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D etc, etc, for several more lines. this is in the mbox for the patches list. also there are miscellaneous characters tossed in there (just for good measure I suppose :) )
The transformation of '=' to '=3D' and the addition of other '=' and '=xx' things is the result of quoted printable encoding of the message. Prior to Mailman 2.1.7, there were cases where an encoded message body could be sent by Mailman without being indicated as such or an unencoded body could be indicated as being encoded. The underlying issue that caused this was avoided in 2.1.7 and fixed (in the email library) in 2.1.8.
This may be what's going on here, or it may be a case of a properly identified, encoded message being viewed with an MUA (client) that doesn't recognize it or a difference in how the poster's MUA encodes the message affecting the Mailman result.
Regarding the original problem of the message body and attached patch not being in the archive, I have done some testing with the latest Scrubber, and it works properly with all the test messages Todd sent me.
I note that the annotation "Skipped content of type multipart/mixed" will not appear in these cases in Mailman 2.1.6 and up, but the change that skips issuing that message is not what fixed the problem. I need to test with older versions of Scrubber to actually identify what the problem was and what fixed it.
-- Mark Sapiro msapiro@value.net The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Mark Sapiro wrote:
Regarding the original problem of the message body and attached patch not being in the archive, I have done some testing with the latest Scrubber, and it works properly with all the test messages Todd sent me.
I note that the annotation "Skipped content of type multipart/mixed" will not appear in these cases in Mailman 2.1.6 and up, but the change that skips issuing that message is not what fixed the problem. I need to test with older versions of Scrubber to actually identify what the problem was and what fixed it.
I have identified the problem with 2.1.5 and earlier. Basically, it has
nothing to do with PGP signed messages. The problem was if a message
contained a multipart MIME sub-part which in turn contained one or
more text/plain parts, these text plain parts would be lost. This
would happen with PGP signed messages with text/plain attachments
because the unsigned message is multipart/mixed with text/plain
sub-parts and when it is signed the entire message is wrapped in a
multipart/signed outer part and an application/pgp-signature part
added.
This problem was fixed in Mailman 2.1.6 by the following change (note
the line numbers are from the latest trunk, not 2.1.5 or 2.1.6)
--- Scrubberx.py 2006-05-19 11:08:25.562500000 -0700
+++ Scrubber.py 2006-05-19 10:59:25.609375000 -0700
@@ -309,7 +309,10 @@
# BAW: Martin's original patch suggested we might want to try
# generalizing to utf-8, and that's probably a good idea
(eventually).
text = []
- for part in msg.get_payload():
+ for part in msg.walk():
+ # TK: bug-id 1099138 and multipart
+ if not part or part.is_multipart():
+ continue
# All parts should be scrubbed to text/plain by now.
partctype = part.get_content_type()
if partctype <> 'text/plain':
--
Mark Sapiro
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Mark Sapiro wrote:
I have identified the problem with 2.1.5 and earlier. Basically, it has nothing to do with PGP signed messages. The problem was if a message contained a multipart MIME sub-part which in turn contained one or more text/plain parts, these text plain parts would be lost. This would happen with PGP signed messages with text/plain attachments because the unsigned message is multipart/mixed with text/plain sub-parts and when it is signed the entire message is wrapped in a multipart/signed outer part and an application/pgp-signature part added.
Thanks for the detective work Mark. I submitted this to the RH/Fedora bugzilla so that it may be fixed there with an update before it bites too many others.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=192625
Todd OpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp
The reward of energy, enterprise and thrift is taxes. -- William Feather
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl.
iG0EARECAC0FAkRw8DcmGGh0dHA6Ly93d3cucG9ib3guY29tL350bXovcGdwL3Rt ei5hc2MACgkQuv+09NZUB1pbLQCaAmL3McFCKneIojtSzfEQTdVp8MwAoMcMPkVd Nq+5gaA8jN4LTg3omDH3 =5Wi4 -----END PGP SIGNATURE-----
participants (3)
-
Jeff DeReus
-
Mark Sapiro
-
Todd Zullinger