[ mailman-Bugs-1085651 ] Broken PGP/MIME signature of messages with attachments

SourceForge.net noreply at sourceforge.net
Sun Mar 20 14:51:06 CET 2005 

Bugs item #1085651, was opened at 2004-12-15 09:54
Message generated for change (Comment added) made by shevek
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1085651&group_id=103

Category: mail delivery
Group: 2.1 (stable)
Status: Open
Resolution: None
Priority: 5
Submitted By: Etienne M. Gagnon (egagnon)
Assigned to: Nobody/Anonymous (nobody)
Summary: Broken PGP/MIME signature of messages with attachments

Initial Comment:
Hi,

When I send a PGP/MIME signed message *with*
attachments (in addition to the PGP signature) to a
Mailman-based mailing list, Firefox/Enigmail fails to
verify the signature of the message forwarded by mailman.

I have uploaded an example message with a broken
signature as attachment to this bug.

You can also see how Mailman's automatic archives don't
even handle such messages correctly by looking at how
it archived that message at:

http://sablecc.org/lists/sablecc-user/2004-December/000159.html

I've looked in the bugs database and found that a
somewhat related problem was reported a while ago, but
note that the current bug is different.  The original
bug was about PGP/MIME signed messages without
attachments that were handled incorrectly by Enigmail.
 This one is about messages with attachments, and it is
likely that the bug is Mailman's, at least accroding to
the reply I got in:

http://bugzilla.mozdev.org/show_bug.cgi?id=8466

Thanks for your help (and for the magnificient software)!

Etienne


----------------------------------------------------------------------

Comment By: Bas Wijnen (shevek)
Date: 2005-03-20 14:51

Message:
Logged In: YES 
user_id=42389

That function does indeed not conserve whitespace.  E-mail
doesn't say whitespace in headers (or even the message) must
be preserved, so strictly speaking it's not a bug.  However,
it is a missing feature, and I think python is the place to
implement it, not mailman.

The point is that signed e-mails with attachments are sent
as two parts: One which is a complete e-mail by itself, and
one which holds the signature for that e-mail.  This is
because in attachments whitespace must be preserved (as
opposed to the situation in the message itself).

It would be very convenient if such e-mail can be handled by
python programs without rewriting the things which work fine
for non-signed e-mails.  If the attachment is really
changed, of course the signature will be broken.  However,
if it is not, it should not be hard to write out the same
message (with whitespace preserved) as was read in.  If this
is not possible, it is quite hard to do it in the program,
as python doesn't seem to support loading a part of an
e-mail which has headers of its own as a binary attachment
(without touching whitespace, in particular).

----------------------------------------------------------------------

Comment By: Jonas Berlin (xkr47)
Date: 2005-03-19 13:21

Message:
Logged In: YES 
user_id=66259

from python's Message.py:

    def _get_params_preserve(self, failobj, header):
        # Like get_params() but preserves the quoting of values.  BAW:
        # should this be part of the public interface?

According to my analysis of the comment, the function in question does _not_ 
guarantee to preserve the header as-is, it only preserves _quoting_. Thus, I 
don't think we can call this a bug in python. If there's more official 
documentation elsewhere that states that it should preserve everything as-is, 
then ignore this comment altogether :).

I didn't have time to grasp how mailman actually uses that Message class, 
but I think mailman should be changed to use functions that don't alter the 
message, and/or re-implement that work according to the requirements of 
mailman (or, users of mailman :).

Anyway, an alternative could be to continue to use the Message.py functions 
to parse the values while analyzing the contents of the message, and then 
copypaste the original headers as-is after checking.

- xkr47

----------------------------------------------------------------------

Comment By: Etienne M. Gagnon (egagnon)
Date: 2005-01-29 18:08

Message:
Logged In: YES 
user_id=15365

Dear Bas,

Thanks a lot for identifying the source of this bug and
flagging an upstream bug on Python.

Etienne

----------------------------------------------------------------------

Comment By: Bas Wijnen (shevek)
Date: 2005-01-24 12:35

Message:
Logged In: YES 
user_id=42389

I checked the source, and this appears to be a bug in
Python.  It can read and write e-mails, including headers,
and they are interpreted.  However, it doesn't preserve
their whitespace, which is of course fatal for pgp signatures.

The bug is filed for python here:
http://sourceforge.net/tracker/index.php?func=detail&aid=968430&group_id=5470&atid=105470


----------------------------------------------------------------------

Comment By: Etienne M. Gagnon (egagnon)
Date: 2005-01-18 18:30

Message:
Logged In: YES 
user_id=15365

I am attaching a screen shot of the content filtering
settings (see the options.png attachment I have added to
this bug report).  In short, content filtering is disabled,
so I don't think it is the cause of the problem. :-/

Etienne


----------------------------------------------------------------------

Comment By: Brad Knowles (shub)
Date: 2005-01-17 01:37

Message:
Logged In: YES 
user_id=18417

Look at your content filter settings.  What MIME-types are you configured 
to pass?  At the very least, you should be configured to pass the 
following:

multipart/mixed
multipart/alternative
text/plain
application/pgp-signature
multipart/signed

----------------------------------------------------------------------

Comment By: Toni Willberg (toniw)
Date: 2005-01-08 02:23

Message:
Logged In: YES 
user_id=190645

I can reproduce this bug also.

Here's a diff what happened to me:
diff -u mail.valid mail.invalid

 Content-Disposition: attachment;
filename=configure.in.pre-pkgconfig.patch
-Content-Type: text/x-patch;
name=configure.in.pre-pkgconfig.patch; charset=UTF-8
+Content-Type: text/x-patch;
name=configure.in.pre-pkgconfig.patch;
+       charset=UTF-8
 Content-Transfer-Encoding: base64

And this was _inside_ gpg-signed block.
Mailman should not alter that section at all, right?
X-Mailman-Version: 2.1.4

Yours,
 Toni Willberg <toniw at iki.fi>


----------------------------------------------------------------------

Comment By: Etienne M. Gagnon (egagnon)
Date: 2004-12-30 05:03

Message:
Logged In: YES 
user_id=15365

Any update?

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1085651&group_id=103

More information about the Mailman-coders mailing list