Debian Bug report logs - #342645
Mailman: header sanitizing

Reply or subscribe to this bug.

Display info messages

Message #5 received at [email protected] (full text, mbox, reply):

From: Adrian von Bidder <[email protected]>

To: [email protected]

Subject: Mailman: header sanitizing

Date: Fri, 9 Dec 2005 09:52:36 +0100

[Message part 1 (text/plain, inline)]

Package: mailman
Version: 2.1.5-8

Yo!

The MIME parser mailman seems to do some header sanitizing, at least for 
message/rfc822 attachments.  This is problematic as it breaks the PGP 
signature on the mail:

My case: mail was 
  multipart/signed [ text/plain message/rfc822 [
      multipart/signed [ text/plain application/pgp-signature ] 
  ] ]

when it was fed to mailman.  mailman of course wrapps that in 
multipart/mixed to add the unsubscribe instructions, and additionally 
breaks long header lines of the inner message/rfc822 (IIRC the outer 
headers where similarly sanitized, but as they're not signed it doesn't 
matter.)

mailman has been identified as the culprit imho - I've sent a mail with the 
same structure over the same server, but directly to an account instead of 
mailman, and the signature arrived intact.

greetings
-- vbi


-- 
get my gpg key here: http://fortytwo.ch/gpg/92082481

[Message part 2 (application/pgp-signature, inline)]

Message #10 received at [email protected] (full text, mbox, reply):

From: Lionel Elie Mamane <[email protected]>

To: Adrian von Bidder <[email protected]>, [email protected]

Cc: [email protected]

Subject: Re: [Pkg-mailman-hackers] Bug#342645: Mailman: header sanitizing

Date: Fri, 9 Dec 2005 22:13:31 +0100

merge 244673 342645
thanks

On Fri, Dec 09, 2005 at 09:52:36AM +0100, Adrian von Bidder wrote:

> The MIME parser mailman seems to do some header sanitizing, at least
> for message/rfc822 attachments.  This is problematic as it breaks
> the PGP signature on the mail:

Yes. The "wrapping header lines in message/rfc822 attachements part"
is often the culprit. It is known both in the Debian BTS (#244673) and
upstream (815297). Fixing this completely needs a redesign of some
internals. I have good hope of having a good solution for the header
wrapping soonish.

-- 
Lionel

Message #15 received at [email protected] (full text, mbox, reply):

From: Thijs Kinkhorst <[email protected]>

To: [email protected]

Cc: Adrian von Bidder <[email protected]>

Subject: Re: Bug#342645: Mailman: header sanitizing

Date: Wed, 09 Aug 2006 16:27:57 +0200

[Message part 1 (text/plain, inline)]

Hello Adrian,

> On Fri, Dec 09, 2005 at 09:52:36AM +0100, Adrian von Bidder wrote:
> 
> > The MIME parser mailman seems to do some header sanitizing, at least
> > for message/rfc822 attachments.  This is problematic as it breaks
> > the PGP signature on the mail:
> 
> Yes. The "wrapping header lines in message/rfc822 attachements part"
> is often the culprit. It is known both in the Debian BTS (#244673) and
> upstream (815297). Fixing this completely needs a redesign of some
> internals. I have good hope of having a good solution for the header
> wrapping soonish.

Well, bug 244673 was fixed in the upload of 2.1.6-1. Could you please
tell us if you can still reproduce the issue? That would really help us.


Thanks.
Thijs

[signature.asc (application/pgp-signature, inline)]

Message #20 received at [email protected] (full text, mbox, reply):

From: Adrian von Bidder <[email protected]>

To: [email protected]

Subject: Fwd: [Testlist] Fwd: Re: Bug#342645: Mailman: header sanitizing

Date: Sun, 13 Aug 2006 17:42:50 +0200

[Message part 1 (text/plain, inline)]

Yo!

Sorry, I don't have a test system set up for mail and don't want to upgrade 
my productive server to etch at this time.

The bug is easy to reproduce: just take a PGP/MIME signed message and 
forward it to a list, PGP/MIME signing the message to the list.  if both 
(the inner and the outer) signatures come through, the bug was fixed.  
Beware of MUA bugs, they're not rare in this area, especially if you also 
add html into the mix.

(the attached message passed through 2.1.5-8sarge2 and shows the bug, but I 
guess this information is useless to you.)

cheers
-- vbi

-- 
featured link: http://fortytwo.ch/gpg/subkeys

[forwarded message (message/rfc822, inline)]

From: Adrian von Bidder <[email protected]>

To: [email protected]

Subject: [Testlist] Fwd: Re: Bug#342645: Mailman: header sanitizing

Date: Sun, 13 Aug 2006 17:36:21 +0200

[Message part 3 (text/plain, inline)]

Test test test
-- 
P'tang!

[forwarded message (message/rfc822, inline)]

From: Thijs Kinkhorst <[email protected]>

To: [email protected]

Cc: Adrian von Bidder <[email protected]>

Subject: Re: Bug#342645: Mailman: header sanitizing

Date: Wed, 09 Aug 2006 16:27:57 +0200

[Message part 5 (text/plain, inline)]

Hello Adrian,

> On Fri, Dec 09, 2005 at 09:52:36AM +0100, Adrian von Bidder wrote:
> 
> > The MIME parser mailman seems to do some header sanitizing, at least
> > for message/rfc822 attachments.  This is problematic as it breaks
> > the PGP signature on the mail:
> 
> Yes. The "wrapping header lines in message/rfc822 attachements part"
> is often the culprit. It is known both in the Debian BTS (#244673) and
> upstream (815297). Fixing this completely needs a redesign of some
> internals. I have good hope of having a good solution for the header
> wrapping soonish.

Well, bug 244673 was fixed in the upload of 2.1.6-1. Could you please
tell us if you can still reproduce the issue? That would really help us.


Thanks.
Thijs

[signature.asc (application/pgp-signature, inline)]

[Message part 7 (application/pgp-signature, inline)]

[Message part 8 (text/plain, inline)]

_______________________________________________
testlist mailing list
[email protected]
https://fortytwo.ch/mailman/cgi-bin/listinfo/testlist

[Message part 9 (application/pgp-signature, inline)]

Send a report that this bug log contains spam.