[Mailman-Developers] mailman breaking PGP/MIME-signed messages (was: Re: My First Signed email)

Fri May 27 19:49:13 CEST 2011

On Sun, 15 May 2011 13:11:36 -0400, "Robert J. Hansen" <rjh at sixdemonbag.org> wrote:
> http://sixdemonbag.org/pgpmime.zip
> 
> Contains the good message (taken from my outbox), the bad message (as
> received from the list), and a diff between the two (as computed by
> Cygwin's diff).  Knock yourself out.

This is clearly a problem with mailman; mailman is not treating the
content within the multipart/signed message as an immmutable text.  In
particular, it's re-formatting multi-line headers within the signed
part.

This is apparently known upstream, reported many moons ago, when mailman
used sourceforge as a bugtracker:

 http://sourceforge.net/tracker/?func=detail&aid=815297&group_id=103&atid=100103

And it appears to now be tracked upstream here:

 https://bugs.launchpad.net/mailman/+bug/558123

Below you can see the change: the additional wrapping block (with the
mailing list footer) is totally fine.  the error is in swapping the
leading space for a tab before the boundary attribute for the
Content-Type of the signed part.

------------------------------------------------------------
0 dkg at pip:/tmp/cdtemp.4pvdgA$ wget -q http://sixdemonbag.org/pgpmime.zip
0 dkg at pip:/tmp/cdtemp.4pvdgA$ unzip -q -a pgpmime.zip 
0 dkg at pip:/tmp/cdtemp.4pvdgA$ strip_headers() { 
> awk '{ if (X) {print $0} } /^$/{ X=1 }'
> }
0 dkg at pip:/tmp/cdtemp.4pvdgA$ diff -u <(strip_headers < good_pgpmime.eml) <(strip_headers < bad_pgpmime.eml)

--- /dev/fd/63	2011-05-27 13:01:37.705397276 -0400
+++ /dev/fd/62	2011-05-27 13:01:37.705397276 -0400
@@ -1,7 +1,13 @@
 This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
+--===============1388267379==
+Content-Type: multipart/signed; micalg=pgp-sha256;
+	protocol="application/pgp-signature";
+	boundary="------------enigA22A6723C9B8F9F9E4CFB403"
+
+This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
 --------------enigA22A6723C9B8F9F9E4CFB403
 Content-Type: multipart/alternative;
- boundary="------------020209060504060800050601"
+	boundary="------------020209060504060800050601"
 
 This is a multi-part message in MIME format.
 --------------020209060504060800050601
@@ -89,3 +95,16 @@
 -----END PGP SIGNATURE-----
 
 --------------enigA22A6723C9B8F9F9E4CFB403--
+
+--===============1388267379==
+Content-Type: text/plain; charset="us-ascii"
+MIME-Version: 1.0
+Content-Transfer-Encoding: 7bit
+Content-Disposition: inline
+
+_______________________________________________
+Enigmail mailing list
+Enigmail at mozdev.org
+https://www.mozdev.org/mailman/listinfo/enigmail
+
+--===============1388267379==--
1 dkg at pip:/tmp/cdtemp.4pvdgA$ grep -i mailman-version *.eml
bad_pgpmime.eml:X-Mailman-Version: 2.1.12
0 dkg at pip:/tmp/cdtemp.4pvdgA$ 
------------------------------------------------------------

The right thing to do is to fix mailman to not tamper with the message
body.  Perhaps it has already been fixed since 2.1.12?

Please follow up via mailman-developers@ (you may need to subscribe
first) if you have patches to offer.  If you don't want to subscribe,
i'd be happy to forward patches to the list if they seem plausible.

Regards,

        --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 965 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/mailman-developers/attachments/20110527/d39c8c09/attachment.pgp>
