GNU bug report logs -
#40397
28.0.50; epg decrypt does not verify signed content in smime encrypted and signed message
Previous Next
Reported by: Sebastian Fieber <sebastian.fieber <at> web.de>
Date: Thu, 2 Apr 2020 23:38:03 UTC
Severity: normal
Tags: patch
Found in version 28.0.50
Fixed in version 29.1
Done: Lars Ingebrigtsen <larsi <at> gnus.org>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 40397 in the body.
You can then email your comments to 40397 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-gnu-emacs <at> gnu.org, bugs <at> gnus.org:
bug#40397; Package
emacs,gnus.
(Thu, 02 Apr 2020 23:38:03 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Sebastian Fieber <sebastian.fieber <at> web.de>:
New bug report received and forwarded. Copy sent to
bug-gnu-emacs <at> gnu.org, bugs <at> gnus.org.
(Thu, 02 Apr 2020 23:38:03 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
Hey there,
I'm currently running master on commit
1242ae904a9b7871658f11fb98da5730ea8838c9.
When I open an smime encrypted AND signed message in gnus with a content
type looking like this:
Content-Type: application/pkcs7-mime; smime-type=enveloped-data;
name="smime.p7m"
I end up with a buffer looking like this:
Content-Type: application/x-pkcs7-mime; name=smime.p7m; smime-type=signed-data
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=smime.p7m
[base64 encoded smime.p7m]
This is the signed content which would have to be verified again. I
tried to fix this myself but are really unfamiliar with the gnus
codebase. I tried to run mm-dissect-buffer on this content alone which
gives some results. I think a fix would look like this: there just needs
to be some checking whats inside the enveloped data that is being
correctly decrypted and if its another application/(x-)pkcs7-mime just
handle this one too.
Best regards
Sebastian
In GNU Emacs 28.0.50 (build 1, x86_64-pc-linux-gnu, GTK+ Version 3.24.14, cairo version 1.17.3)
of 2020-03-21 built on comedian
Repository revision: 1242ae904a9b7871658f11fb98da5730ea8838c9
Repository branch: makepkg
Windowing system distributor 'The X.Org Foundation', version 11.0.12007000
System Description: Arch Linux
Recent messages:
nnimap web splitting mail...done
nnimap read 2k from disroot.org
Reading active file via nndraft...done
Checking new news...done
Auto-saving...
Outdated usage of ‘bbdb-search’
Parsing BBDB file ‘~/.emacs.d/bbdb’...done
Buffer *unsent mail* modified; kill anyway? (y or n) y
next-line: End of buffer
<s-backspace> is undefined
Configured using:
'configure --prefix=/usr --sysconfdir=/etc --libexecdir=/usr/lib
--localstatedir=/var --mandir=/usr/share/man
--pdfdir=/usr/share/doc/emacs/pdf --without-gconf --with-sound=alsa
--with-x-toolkit=gtk3 --without-toolkit-scroll-bars --with-mailutils
--with-gameuser=yes --with-xft 'CFLAGS=-march=x86-64 -mtune=generic -O2
-pipe -fstack-protector-strong -fno-plt'
LDFLAGS=-Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now
CPPFLAGS=-D_FORTIFY_SOURCE=2'
Configured features:
XPM JPEG TIFF GIF PNG RSVG CAIRO SOUND GPM DBUS GSETTINGS GLIB NOTIFY
INOTIFY ACL GNUTLS LIBXML2 FREETYPE HARFBUZZ M17N_FLT LIBOTF ZLIB GTK3
X11 XDBE XIM MODULES THREADS LIBSYSTEMD JSON PDUMPER LCMS2 GMP
Important settings:
value of $LC_MONETARY: de_DE.utf8
value of $LC_NUMERIC: de_DE.utf8
value of $LC_TIME: de_DE.utf8
value of $LANG: en_US.utf8
locale-coding-system: utf-8-unix
Major mode: Group
Minor modes in effect:
gnus-agent-group-mode: t
shell-dirtrack-mode: t
gnus-undo-mode: t
auto-insert-mode: t
yas-global-mode: t
yas-minor-mode: t
global-company-mode: t
company-mode: t
global-morlock-mode: t
eval-sexp-fu-flash-mode: t
persistent-scratch-autosave-mode: t
smartparens-global-mode: t
guru-global-mode: t
guru-mode: t
show-paren-mode: t
editorconfig-mode: t
solaire-global-mode: t
minibuffer-depth-indicate-mode: t
save-place-mode: t
guide-key-mode: t
immortal-scratch-mode: t
winner-mode: t
diff-hl-flydiff-mode: t
global-diff-hl-mode: t
doom-modeline-mode: t
projectile-mode: t
savehist-mode: t
tooltip-mode: t
global-eldoc-mode: t
electric-indent-mode: t
mouse-wheel-mode: t
file-name-shadow-mode: t
global-font-lock-mode: t
font-lock-mode: t
blink-cursor-mode: t
auto-composition-mode: t
auto-encryption-mode: t
auto-compression-mode: t
temp-buffer-resize-mode: t
buffer-read-only: t
column-number-mode: t
line-number-mode: t
Load-path shadows:
/home/judas/.emacs.d/elpa/cmake-mode-20190710.1319/cmake-mode hides /usr/share/emacs/site-lisp/cmake-mode
/home/judas/.emacs.d/elpa/less-css-mode-20161001.453/less-css-mode hides /usr/share/emacs/28.0.50/lisp/textmodes/less-css-mode
Features:
(shadow emacsbug bbdb-message sendmail nnir finder finder-inf lisp-mnt
skeleton gnus-html url-queue url-cache mm-url expand-region
subword-mode-expansions text-mode-expansions the-org-mode-expansions
er-basic-expansions expand-region-core expand-region-custom pulse sort
smiley gnus-cite pp cl-print debug magit-utils mule-util jka-compr
misearch multi-isearch info-colors eieio-opt speedbar ezimage dframe
help-fns radix-tree mm-archive mail-extr gnus-async gnus-bcklg qp
gnus-ml disp-table nndraft nnmh utf-7 nnfolder tabify editorconfig-core
editorconfig-core-handle editorconfig-fnmatch bbdb-gnus bbdb-mua
bbdb-com crm gnutls network-stream nsm gnus-agent gnus-srvr gnus-score
score-mode nnvirtual gnus-msg nntp gnus-cache vc-git edebug backtrace
lisp-extra-font-lock local-layer personal gnus-icalendar org-capture
ob-plantuml ob-ditaa ob-python ob-shell shell ob-json sound-wav deferred
notifications dbus ox-md ox-odt rng-loc rng-uri rng-parse rng-match
rng-dt rng-util rng-pttrn nxml-parse nxml-ns nxml-enc xmltok nxml-util
ox-latex ox-icalendar ox-html table ox-ascii ox-publish ox org-element
avl-tree org ob ob-tangle ob-ref ob-lob ob-table ob-exp org-macro
org-footnote org-src ob-comint org-pcomplete pcomplete org-list
org-faces org-entities noutline outline org-version ob-emacs-lisp
ob-core ob-eval org-table ol org-keys org-compat org-macs org-loaddefs
find-func gnus-art mm-uu mml2015 mm-view mml-smime smime dig gnus-sum
url url-proxy url-privacy url-expand url-methods url-history mailcap shr
url-cookie url-domsuf url-util svg xml dom gnus-group gnus-undo
gnus-start gnus-cloud nnimap nnmail mail-source utf7 netrc nnoo
parse-time iso8601 gnus-spec gnus-int gnus-range message rmc puny dired
dired-loaddefs format-spec rfc822 mml mml-sec mailabbrev mailheader
gnus-win mm-decode mm-bodies mm-encode mail-parse rfc2231 gmm-utils
icalendar diary-lib diary-loaddefs cal-menu calendar cal-loaddefs
epa-file epa derived epg epg-config bbdb bbdb-site timezone gnus
nnheader gnus-util rmail rmail-loaddefs rfc2047 rfc2045 ietf-drums
text-property-search time-date mail-utils mm-util mail-prsvr wid-edit
ansible-layer dotnet-layer mark-layer visible-mark sf-kbd sf-guix
haskell-layer cc-layer js-layer eglot-layer latex-layer org-layer
python-layer perl-layer php-layer web-layer gnus-layer convenience-layer
yatemplate autoinsert auto-complete-layer string-inflection
clojure-snippets cl-extra yasnippet company-oddmuse company-keywords
company-etags etags fileloop generator company-gtags
company-dabbrev-code company-dabbrev company-files company-capf
company-cmake company-xcode company-clang company-semantic company-eclim
company-template company-bbdb company pcase elisp-layer morlock paxedit
rainbow-delimiters paredit eval-sexp-fu std-layer server
display-line-numbers cap-words superword subword highlight-symbol
persistent-scratch smartparens help-mode xref project guru-mode edmacro
kmacro paren editorconfig face-remap solaire-mode mb-depth saveplace
guide-key advice popwin ace-window avy immortal-scratch cc-styles
cc-align cc-engine cc-vars cc-defs winner diff-hl-flydiff diff diff-hl
vc-dir ewoc vc vc-dispatcher diff-mode easy-mmode doom-modeline
doom-modeline-segments doom-modeline-env doom-modeline-core shrink-path
f s all-the-icons all-the-icons-faces data-material data-weathericons
data-octicons data-fileicons data-faicons data-alltheicons memoize dash
projectile grep ibuf-ext ibuffer ibuffer-loaddefs thingatpt savehist
diminish sf-autoloads loader cerbere-mode-autoloads
docblock-mode-autoloads warnings compile comint ansi-color ring
hyperlight-theme rx tex-site info package easymenu browse-url
url-handlers url-parse auth-source cl-seq eieio eieio-core cl-macs
eieio-loaddefs password-cache json subr-x map url-vars seq byte-opt gv
bytecomp byte-compile cconv cl-loaddefs cl-lib early-init tooltip eldoc
electric uniquify ediff-hook vc-hooks lisp-float-type mwheel term/x-win
x-win term/common-win x-dnd tool-bar dnd fontset image regexp-opt fringe
tabulated-list replace newcomment text-mode elisp-mode lisp-mode
prog-mode register page tab-bar menu-bar rfn-eshadow isearch timer
select scroll-bar mouse jit-lock font-lock syntax facemenu font-core
term/tty-colors frame minibuffer cl-generic cham georgian utf-8-lang
misc-lang vietnamese tibetan thai tai-viet lao korean japanese eucjp-ms
cp51932 hebrew greek romanian slovak czech european ethiopic indian
cyrillic chinese composite charscript charprop case-table epa-hook
jka-cmpr-hook help simple abbrev obarray cl-preloaded nadvice loaddefs
button faces cus-face macroexp files text-properties overlay sha1 md5
base64 format env code-pages mule custom widget hashtable-print-readable
backquote threads dbusbind inotify lcms2 dynamic-setting
system-font-setting font-render-setting cairo move-toolbar gtk x-toolkit
x multi-tty make-network-process emacs)
Memory information:
((conses 16 550291 213990)
(symbols 48 39611 1)
(strings 32 198004 26591)
(string-bytes 1 7496295)
(vectors 16 68196)
(vector-slots 8 1612421 168866)
(floats 8 876 1697)
(intervals 56 23869 2698)
(buffers 1000 68))
Information forwarded
to
bug-gnu-emacs <at> gnu.org, bugs <at> gnus.org:
bug#40397; Package
emacs,gnus.
(Fri, 03 Apr 2020 07:29:02 GMT)
Full text and
rfc822 format available.
Message #8 received at 40397 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Hey there,
I just thought this may be hard to test as one has to have a smime
certificate to properly receive an encrypted mail.
If someone can point me to the right approach how to fix this I may be
able to dive a bit deeper into the gnus code and submit a bug report.
This is what I have tried now just to get something:
If I alter mm-view-pkcs7-decrypt after the insert epg-decrypt-string to
call something like this:
[Message part 2 (application/emacs-lisp, inline)]
[Message part 3 (text/plain, inline)]
and adjust mm-view-pkcs7-get-type to handle a third case
[Message part 4 (application/emacs-lisp, inline)]
[Message part 5 (text/plain, inline)]
and also mm-copy-to-buffer to check for carriage returns like this:
[Message part 6 (application/emacs-lisp, inline)]
[Message part 7 (text/plain, inline)]
(can't send the carriage return properly so \r it is here instead of ^M)
I am able to get an article buffer that still has the base64 encoded
signed blob in it but after it the verified content.
I have no idea where gnus normalizes the line endings to just newlines
and why the mm-view-pkcs7-get-type adjustment is needed. But calling
gnus-ime-display-part is of course not the right approach here. First
there should be some check if the decrypted content needs to be parsed
and handled again but I have no idea which function to write or feed the
decrypted content to.
I hope this may be helpful
Best regards
Sebastian
Information forwarded
to
bug-gnu-emacs <at> gnu.org, bugs <at> gnus.org:
bug#40397; Package
emacs,gnus.
(Sat, 04 Apr 2020 00:03:02 GMT)
Full text and
rfc822 format available.
Message #11 received at 40397 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Hey,
Just forget my last mail. I just dug a bit deeper and found the culprit
I think.
With commit 84ef1ea8b524f8998fc8674b99cf8069e38dce4f these lines were
added:
--8<---------------cut here---------------start------------->8---
modified lisp/gnus/mm-decode.el
@@ -1672,6 +1672,8 @@ If RECURSIVE, search recursively."
(t (y-or-n-p
(format "Decrypt (S/MIME) part? "))))
(mm-view-pkcs7 parts from))
+ (goto-char (point-min))
+ (insert "Content-type: text/plain\n\n")
(setq parts (mm-dissect-buffer t)))))
((equal subtype "signed")
(unless (and (setq protocol
@@ -1739,6 +1741,7 @@ If RECURSIVE, search recursively."
--8<---------------cut here---------------end--------------->8---
I don't quite know why the content-type is forced here to text/plain. So
if this line is removed the mm-dissect-buffer call does it's thing and
returns correctly whats inside the envelope (the real content-type
header in the decrypted envelope is parsed). Well almost...
I wrote in my last mail that I had to adjust mm-copy-to-buffer:
> and also mm-copy-to-buffer to check for carriage returns like this:
>
> (search-forward-regexp "^\r\n" nil 'move)
>
> (can't send the carriage return properly so \r it is here instead of ^M)
This is still needed as the decrypted content may still have carriage
returns in it. One could also remove the carriage returns in
mm-view-pkcs7-decrypt function of course. I'm not quite sure which is
the better approach.
In such a case the "Decrypt (S/MIME) part?" is asked too times. But hey
that isn't too bad I think.
I have attached a patch with the explained fix.
Best regards
Sebastian
[0001-fix-bug-40397.patch (text/x-patch, attachment)]
Information forwarded
to
bug-gnu-emacs <at> gnu.org, bugs <at> gnus.org:
bug#40397; Package
emacs,gnus.
(Sun, 05 Apr 2020 00:38:01 GMT)
Full text and
rfc822 format available.
Message #14 received at 40397 <at> debbugs.gnu.org (full text, mbox):
On Sa, Apr 04 2020, Sebastian Fieber <sebastian.fieber <at> web.de> wrote:
> In such a case the "Decrypt (S/MIME) part?" is asked too times. But hey
> that isn't too bad I think.
I just had some time to look into this even further and I noticed that
the mm-sec buttons for signatures/encryption are not displayed for the
whole application/pkcs7-mime stuff, too. I am working on a patch to fix
this.
I think most of the code would look like the one in mml-smime.el (the
calls to mm-sec-* and getting error/success messages from epg). The
hard part is to get the mm-security-handle or better the information
added about the pkcs7-mime signature by the mm-sec-* calls to some
function that will add these (which is gnus-mime-display-security ?).
The problem here is that the part is lost when the signature is verified
as the actual signed content parts will have replace it.
Best regards
Sebastian
Information forwarded
to
bug-gnu-emacs <at> gnu.org, bugs <at> gnus.org:
bug#40397; Package
emacs,gnus.
(Mon, 06 Apr 2020 00:06:01 GMT)
Full text and
rfc822 format available.
Message #17 received at 40397 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On So, Apr 05 2020, Sebastian Fieber <sebastian.fieber <at> web.de> wrote:
> I just had some time to look into this even further and I noticed that
> the mm-sec buttons for signatures/encryption are not displayed for the
> whole application/pkcs7-mime stuff, too. I am working on a patch to fix
> this.
>
> I think most of the code would look like the one in mml-smime.el (the
> calls to mm-sec-* and getting error/success messages from epg). The
> hard part is to get the mm-security-handle or better the information
> added about the pkcs7-mime signature by the mm-sec-* calls to some
> function that will add these (which is gnus-mime-display-security ?).
> The problem here is that the part is lost when the signature is verified
> as the actual signed content parts will have replace it.
>
> Best regards
> Sebastian
Hey,
here is the resulting more thorough patch replacing the one before.
It's not finished completely as error handling and reporting via
mm-sec-error is still missing in mm-view-pkcs7-[decrypt/verify].
But displaying verification and encryption information via
gnus-mime-display-security does work (at least in the good case).
See the patch for more information.
I'd welcome any comments :)
[0001-fix-bug-40397.patch (text/x-patch, attachment)]
Information forwarded
to
bug-gnu-emacs <at> gnu.org, bugs <at> gnus.org:
bug#40397; Package
emacs,gnus.
(Mon, 06 Apr 2020 01:18:02 GMT)
Full text and
rfc822 format available.
Message #20 received at 40397 <at> debbugs.gnu.org (full text, mbox):
Sebastian Fieber <sebastian.fieber <at> web.de> writes:
> - (while (search-forward "\r\n" nil t)
> + (while (search-forward-regexp "\r\n|\^M\n" nil t)
This can't be right, it would search for a literal "|" on an otherwise
empty line. And if you put "\\|" which is what I think you meant, then
both alternatives would be the same, so it still doesn't make sense.
Information forwarded
to
bug-gnu-emacs <at> gnu.org, bugs <at> gnus.org:
bug#40397; Package
emacs,gnus.
(Mon, 06 Apr 2020 07:02:01 GMT)
Full text and
rfc822 format available.
Message #23 received at 40397 <at> debbugs.gnu.org (full text, mbox):
On So, Apr 05 2020, Noam Postavsky <npostavs <at> gmail.com> wrote:
> Sebastian Fieber <sebastian.fieber <at> web.de> writes:
>
>> - (while (search-forward "\r\n" nil t)
>> + (while (search-forward-regexp "\r\n|\^M\n" nil t)
>
> This can't be right, it would search for a literal "|" on an otherwise
> empty line. And if you put "\\|" which is what I think you meant, then
> both alternatives would be the same, so it still doesn't make sense.
Yes, and there is another problem with this. Should have tested this mit
emacs -Q. Let me fix that and prepare a new patch.
Since you have looked over the patch: What do you think about the
approach to internally structure application/pkcs7-mime parts like
multipart parts containing the mime type with text properties until the
decrypted, maybe verified singlepart in the car of the handle?
Information forwarded
to
bug-gnu-emacs <at> gnu.org, bugs <at> gnus.org:
bug#40397; Package
emacs,gnus.
(Mon, 06 Apr 2020 16:33:01 GMT)
Full text and
rfc822 format available.
Message #26 received at 40397 <at> debbugs.gnu.org (full text, mbox):
Sebastian Fieber <sebastian.fieber <at> web.de> writes:
> On So, Apr 05 2020, Noam Postavsky <npostavs <at> gmail.com> wrote:
>
>> Sebastian Fieber <sebastian.fieber <at> web.de> writes:
>>
>>> - (while (search-forward "\r\n" nil t)
>>> + (while (search-forward-regexp "\r\n|\^M\n" nil t)
>>
>> This can't be right, it would search for a literal "|" on an otherwise
>> empty line. And if you put "\\|" which is what I think you meant, then
>> both alternatives would be the same, so it still doesn't make sense.
>
> Yes, and there is another problem with this. Should have tested this mit
> emacs -Q. Let me fix that and prepare a new patch.
This hunk looks a bit suspicious to me as well, I don't think you can
apply operators like "?" to anchors.
@@ -759,7 +782,7 @@ MIME-Version header before proceeding."
(mb enable-multibyte-characters)
beg)
(goto-char (point-min))
- (search-forward-regexp "^\n" nil 'move) ;; There might be no body.
+ (search-forward-regexp "^?\n" nil 'move) ;; There might be no body.
(setq beg (point))
(with-current-buffer
(generate-new-buffer " *mm*")
> Since you have looked over the patch: What do you think about the
> approach to internally structure application/pkcs7-mime parts like
> multipart parts containing the mime type with text properties until the
> decrypted, maybe verified singlepart in the car of the handle?
Sorry, I'm not familiar enough with how this code is currently
structured to say anything intelligent about that.
Information forwarded
to
bug-gnu-emacs <at> gnu.org, bugs <at> gnus.org:
bug#40397; Package
emacs,gnus.
(Tue, 07 Apr 2020 19:23:02 GMT)
Full text and
rfc822 format available.
Message #29 received at 40397 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On Mo, Apr 06 2020, Noam Postavsky <npostavs <at> gmail.com> wrote:
> This hunk looks a bit suspicious to me as well, I don't think you can
> apply operators like "?" to anchors.
>
> @@ -759,7 +782,7 @@ MIME-Version header before proceeding."
> (mb enable-multibyte-characters)
> beg)
> (goto-char (point-min))
> - (search-forward-regexp "^\n" nil 'move) ;; There might be no body.
> + (search-forward-regexp "^?\n" nil 'move) ;; There might be no body.
> (setq beg (point))
> (with-current-buffer
> (generate-new-buffer " *mm*")
>
Yes, this sections is also wrong.
>> Since you have looked over the patch: What do you think about the
>> approach to internally structure application/pkcs7-mime parts like
>> multipart parts containing the mime type with text properties until the
>> decrypted, maybe verified singlepart in the car of the handle?
> Sorry, I'm not familiar enough with how this code is currently
> structured to say anything intelligent about that.
No problem :)
I have attached a new patch which fixes the problem and also does
implement support for the security buttons for application/pkcs7-mime
parts. This is quite nice as application/pkcs7-mime parts are not
handled automatically by default in gnus. ATM you have to set
mm-decrypt-option and mm-verify-option at least to 'ask. So with this
supported it should now work out of the box even without setting
mm-decrypt-option and mm-verify-option because now gnus shows the
buttons properly and one can click on them and decrypt/verify the part
"manually".
This time the patch should be clean and was tested properly at least
with mml-smime-use 'epg. I'm not quite sure if the patch breaks using
openssl as I didn't get this running. Maybe someone can test this? If
this does break using openssl modifying mm-views decrypt and verify
function should suffice to fix any problems.
The gist of the patch is: treat application/pkcs7-mime like multipart
mails and especially multipart/encrypted with protocol
application/pgp-encrypted and change not more stuff than necessary.
Here is the commit message which is a bit more detailed (also found in
the patch):
"This fixes S/MIME encrypted AND signed mails where in the encrypted
pkcs7 envelope is a signed pkcs7 structure.
Also this patch enables proper security-buttons for pkcs7-mime
encrypted and/or signed mails.
Changes:
- don't force Content-type header to text/plain in front of decrypted
content for smime decryption using mm-view-pkcs7. This fixes the
initial bug where the signed part was not verified due to the wrong
content type header.
- structure the result of mm-dissect-buffer of application/pkcs7-mime
like a multipart mail so there is no loosing of information of
verification and decryption results which can now be displayed by
gnus-mime-display-security
- adjust gnus-mime-display-part to handle application/pkcs7-mime like
multipart/encrypted or multipart/signed
- add dummy entries to mm-verify-function-alist and
mm-decrypt-function-alist so gnus-mime-display-security correctly
displays "S/MIME" and not "unknown protocol"
- don't just check for multipart/signed in
gnus-insert-mime-security-button but also for the pkcs7-mime mimetypes
to print "Encrypted" or "Signed" accordingly in the security button
- adjust mm-possibly-verify-or-decrypt to check for smime-type to ask
wether to verify or decrypt the part and not to always ask to decrypt
- adjust mm-view-pkcs7-decrypt and verify to call mm-sec-status so
success information can be displayed by gnus-mime-display-security
- in mm-view-pkcs7-verify also remove carriage returns like in
mm-view-pkcs7-decrypt
- adjust gnus-mime-security-verify-or-decrypt to handle pkcs7-mime
right with the done changes
TODO: mm-view-pkcs7-decrypt and verify error handling and
reporting. ATM there is only the good case implemented - at least for
reporting with gnus-mime-display-security."
[0001-fix-bug-40397.patch (text/x-patch, attachment)]
Information forwarded
to
bug-gnu-emacs <at> gnu.org, bugs <at> gnus.org:
bug#40397; Package
emacs,gnus.
(Sun, 19 Apr 2020 12:17:01 GMT)
Full text and
rfc822 format available.
Message #32 received at 40397 <at> debbugs.gnu.org (full text, mbox):
As I mentioned previously, I'm not really familiar enough with the code
to give a proper review, but I have a couple of minor comments.
Sebastian Fieber <sebastian.fieber <at> web.de> writes:
> + (setq intermediate-result (cons (car ctl) (list intermediate-result))))
Or just
(setq intermediate-result (list (car ctl) intermediate-result))
> @@ -1672,17 +1701,27 @@ mm-possibly-verify-or-decrypt
> - (with-temp-buffer
> - (when (and (cond
> - ((eq mm-decrypt-option 'never) nil)
> - ((eq mm-decrypt-option 'always) t)
> - ((eq mm-decrypt-option 'known) t)
> - (t (y-or-n-p
> - (format "Decrypt (S/MIME) part? "))))
> - (mm-view-pkcs7 parts from))
> - (goto-char (point-min))
> - (insert "Content-type: text/plain\n\n")
> - (setq parts (mm-dissect-buffer t)))))
> + (add-text-properties 0 (length (car ctl))
> + (list 'buffer (car parts))
> + (car ctl))
> + (let* ((smime-type (cdr (assoc 'smime-type ctl)))
> + (envelope-p (string= smime-type "enveloped-data"))
> + (decrypt-or-sign-option (if envelope-p
> + mm-decrypt-option
> + mm-verify-option))
> + (question (if envelope-p
> + "Decrypt (S/MIME) part? "
> + "Verify signed (S/MIME) part? ")))
> + (with-temp-buffer
> + (when (and (cond
> + ((eq decrypt-or-sign-option 'never) nil)
> + ((eq decrypt-or-sign-option 'always) t)
> + ((eq decrypt-or-sign-option 'known) t)
> + (t (y-or-n-p
> + (format question)))))
> + (mm-view-pkcs7 parts from)
> + (goto-char (point-min))
> + (setq parts (mm-dissect-buffer t))))))
You moved the 'mm-view-pkcs7' call out of the condition. If that was on
purpose, then you should remove the 'and', since it's now redundant.
Information forwarded
to
bug-gnu-emacs <at> gnu.org, bugs <at> gnus.org:
bug#40397; Package
emacs,gnus.
(Sun, 02 Aug 2020 06:03:02 GMT)
Full text and
rfc822 format available.
Message #35 received at 40397 <at> debbugs.gnu.org (full text, mbox):
Sebastian Fieber <sebastian.fieber <at> web.de> writes:
> I have attached a new patch which fixes the problem
Thanks; I didn't see this bug report before I fixed the text/plain thing
in a different way. (So I think s/mime should basically work again now
in Emacs 27.)
> and also does
> implement support for the security buttons for application/pkcs7-mime
> parts. This is quite nice as application/pkcs7-mime parts are not
> handled automatically by default in gnus. ATM you have to set
> mm-decrypt-option and mm-verify-option at least to 'ask. So with this
> supported it should now work out of the box even without setting
> mm-decrypt-option and mm-verify-option because now gnus shows the
> buttons properly and one can click on them and decrypt/verify the part
> "manually".
This sounds like a good addition to me, and would like to apply the
patch to Emacs 28. It's a large patch, though, and you don't seem to
have copyright FSF assignment on file -- is that correct? If it is,
would you be willing to sign such paperwork, and we can then apply the
patch?
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
Added tag(s) patch.
Request was from
Lars Ingebrigtsen <larsi <at> gnus.org>
to
control <at> debbugs.gnu.org.
(Sun, 02 Aug 2020 06:03:02 GMT)
Full text and
rfc822 format available.
Added tag(s) moreinfo.
Request was from
Lars Ingebrigtsen <larsi <at> gnus.org>
to
control <at> debbugs.gnu.org.
(Sun, 02 Aug 2020 06:03:03 GMT)
Full text and
rfc822 format available.
Information forwarded
to
bug-gnu-emacs <at> gnu.org, bugs <at> gnus.org:
bug#40397; Package
emacs,gnus.
(Sun, 02 Aug 2020 20:12:01 GMT)
Full text and
rfc822 format available.
Message #42 received at 40397 <at> debbugs.gnu.org (full text, mbox):
On So, Aug 02 2020, Lars Ingebrigtsen <larsi <at> gnus.org> wrote:
>> and also does
>> implement support for the security buttons for application/pkcs7-mime
>> parts. This is quite nice as application/pkcs7-mime parts are not
>> handled automatically by default in gnus. ATM you have to set
>> mm-decrypt-option and mm-verify-option at least to 'ask. So with this
>> supported it should now work out of the box even without setting
>> mm-decrypt-option and mm-verify-option because now gnus shows the
>> buttons properly and one can click on them and decrypt/verify the part
>> "manually".
>
> This sounds like a good addition to me, and would like to apply the
> patch to Emacs 28. It's a large patch, though, and you don't seem to
> have copyright FSF assignment on file -- is that correct? If it is,
> would you be willing to sign such paperwork, and we can then apply the
> patch?
Yes, I haven't done any copyright assignment yet but I'd be willing to
do so if someone can guide me a bit or point me to where I can find info
about what I have to do.
There are some untested and unimplemented stuff in my implementation.
If I remember correct there is no real handling of error cases which I
wanted to add so it is on par with the other security buttons
implementations. So I'd like to work on this a bit more and provide a
more fully featured patch. But I'm pretty busy right now with real
life, so this may take a few months as I'd need to find some time.
Nontheless I will check if I have done any changes to my provided patch
and resubmit it if I have any work pending - if you don't want to wait
for me and want to apply the patch anyway even without proper error
handling.
Information forwarded
to
bug-gnu-emacs <at> gnu.org, bugs <at> gnus.org:
bug#40397; Package
emacs,gnus.
(Mon, 03 Aug 2020 02:28:02 GMT)
Full text and
rfc822 format available.
Message #45 received at 40397 <at> debbugs.gnu.org (full text, mbox):
> From: Sebastian Fieber <sebastian.fieber <at> web.de>
> Date: Sun, 02 Aug 2020 22:11:20 +0200
> Cc: 40397 <at> debbugs.gnu.org
>
> Yes, I haven't done any copyright assignment yet but I'd be willing to
> do so if someone can guide me a bit or point me to where I can find info
> about what I have to do.
Thanks, form sent off-list.
Information forwarded
to
bug-gnu-emacs <at> gnu.org, bugs <at> gnus.org:
bug#40397; Package
emacs,gnus.
(Mon, 03 Aug 2020 06:07:02 GMT)
Full text and
rfc822 format available.
Message #48 received at 40397 <at> debbugs.gnu.org (full text, mbox):
Sebastian Fieber <sebastian.fieber <at> web.de> writes:
> There are some untested and unimplemented stuff in my implementation.
> If I remember correct there is no real handling of error cases which I
> wanted to add so it is on par with the other security buttons
> implementations.
Sure, that sounds good. Error handling is something that's lacking in
many parts of the Emacs handling of signing/encryption, unfortunately.
> So I'd like to work on this a bit more and provide a
> more fully featured patch. But I'm pretty busy right now with real
> life, so this may take a few months as I'd need to find some time.
Sure, no hurry. :-)
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
Removed tag(s) moreinfo.
Request was from
Lars Ingebrigtsen <larsi <at> gnus.org>
to
control <at> debbugs.gnu.org.
(Mon, 14 Sep 2020 15:00:04 GMT)
Full text and
rfc822 format available.
Information forwarded
to
bug-gnu-emacs <at> gnu.org, bugs <at> gnus.org:
bug#40397; Package
emacs,gnus.
(Wed, 21 Jul 2021 15:42:02 GMT)
Full text and
rfc822 format available.
Message #53 received at 40397 <at> debbugs.gnu.org (full text, mbox):
Lars Ingebrigtsen <larsi <at> gnus.org> writes:
>> So I'd like to work on this a bit more and provide a
>> more fully featured patch. But I'm pretty busy right now with real
>> life, so this may take a few months as I'd need to find some time.
>
> Sure, no hurry. :-)
This was a year ago -- has there been any progress here?
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
Information forwarded
to
bug-gnu-emacs <at> gnu.org, bugs <at> gnus.org:
bug#40397; Package
emacs,gnus.
(Wed, 21 Jul 2021 18:08:02 GMT)
Full text and
rfc822 format available.
Message #56 received at 40397 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On Mi, Jul 21 2021, Lars Ingebrigtsen <larsi <at> gnus.org> wrote:
> Lars Ingebrigtsen <larsi <at> gnus.org> writes:
>
>>> So I'd like to work on this a bit more and provide a
>>> more fully featured patch. But I'm pretty busy right now with real
>>> life, so this may take a few months as I'd need to find some time.
>>
>> Sure, no hurry. :-)
>
> This was a year ago -- has there been any progress here?
Sorry, haven't got to it yet, but it's still on my TODO list. Also the
paper work for the FSF from my employer is still not finished.
I will try my best to get some traction at my employer so the paperwork
gets done soon and the patch, as it is now, can at least be accepted.
I'd still like to work on it, but maybe that would be better as another
patch building upon this one? What do you think?
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
bug-gnu-emacs <at> gnu.org, bugs <at> gnus.org:
bug#40397; Package
emacs,gnus.
(Wed, 21 Jul 2021 22:03:02 GMT)
Full text and
rfc822 format available.
Message #59 received at 40397 <at> debbugs.gnu.org (full text, mbox):
Sebastian Fieber <sebastian.fieber <at> web.de> writes:
> I will try my best to get some traction at my employer so the paperwork
> gets done soon and the patch, as it is now, can at least be accepted.
> I'd still like to work on it, but maybe that would be better as another
> patch building upon this one? What do you think?
Sure; whatever is most convenient for you.
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
Information forwarded
to
bug-gnu-emacs <at> gnu.org, bugs <at> gnus.org:
bug#40397; Package
emacs,gnus.
(Tue, 21 Dec 2021 19:40:01 GMT)
Full text and
rfc822 format available.
Message #62 received at 40397 <at> debbugs.gnu.org (full text, mbox):
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Do, Jul 22 2021, Lars Ingebrigtsen <larsi <at> gnus.org> wrote:
> Sebastian Fieber <sebastian.fieber <at> web.de> writes:
>
>> I will try my best to get some traction at my employer so the paperwork
>> gets done soon and the patch, as it is now, can at least be accepted.
>> I'd still like to work on it, but maybe that would be better as another
>> patch building upon this one? What do you think?
>
> Sure; whatever is most convenient for you.
And another half of a year later the paper work is done, yay!
*sigh*
You can now apply the patch, if it's still relevant. Please let me know
if there are any problems or any help is needed.
-----BEGIN PGP SIGNATURE-----
iQFMBAEBCAA2FiEExRi5b+8xM5Vpvu7L3jJw+EOyhogFAmHCLXgYHHNlYmFzdGlh
bi5maWViZXJAd2ViLmRlAAoJEN4ycPhDsoaIguYH/2JRFOUJRl7aXfQLtKDOEl4T
O5eifGFE+95HcqUE9/zoL6vVZcSFAbCKW4sP/KmhLhtXgiiO5aTbwYmru9OcfjaC
mzCe0z5mvfUNsK/87jdKWv4StfeoiGyZwyaRSqB9u1A+nCyqc/fxKQObpbSAlOPv
Jh+5I6fhYRRe1GANaMpJkV/Zy2ijqwhDUFT+oGF79jtzj1HBw/0R2o7bhEx/a3f/
nueAMrkIDvVpsw2rlL0m6XqccVJH8rKlNh1gBnz3wWQMzUmi45hovtS3lWeiQLKl
DCWoJcyZi/CCbiWpR22KdBXFz6Uj9UXaZTD0cyUlsWy1WTJS8bTU6MmAwG5A0CA=
=MYNd
-----END PGP SIGNATURE-----
Information forwarded
to
bug-gnu-emacs <at> gnu.org, bugs <at> gnus.org:
bug#40397; Package
emacs,gnus.
(Wed, 22 Dec 2021 12:45:02 GMT)
Full text and
rfc822 format available.
Message #65 received at 40397 <at> debbugs.gnu.org (full text, mbox):
Sebastian Fieber <sebastian.fieber <at> web.de> writes:
> And another half of a year later the paper work is done, yay!
Yay. 😀
> *sigh*
>
> You can now apply the patch, if it's still relevant. Please let me know
> if there are any problems or any help is needed.
Still seems relevant to me, but the patch no longer applies due to other
changes in Gnus. Can you re-spin the patch for Emacs 29, and then I'll
get it committed.
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
Information forwarded
to
bug-gnu-emacs <at> gnu.org, bugs <at> gnus.org:
bug#40397; Package
emacs,gnus.
(Thu, 23 Dec 2021 18:15:01 GMT)
Full text and
rfc822 format available.
Message #68 received at 40397 <at> debbugs.gnu.org (full text, mbox):
Information forwarded
to
bug-gnu-emacs <at> gnu.org, bugs <at> gnus.org:
bug#40397; Package
emacs,gnus.
(Thu, 23 Dec 2021 18:18:02 GMT)
Full text and
rfc822 format available.
Message #71 received at 40397 <at> debbugs.gnu.org (full text, mbox):
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Do, Dez 23 2021, Sebastian Fieber <sebastian.fieber <at> web.de> wrote:
> This one should apply :)
Wait, this was the wrong one. I'll send the right one during the day!
-----BEGIN PGP SIGNATURE-----
iQFMBAEBCAA2FiEExRi5b+8xM5Vpvu7L3jJw+EOyhogFAmHEvTgYHHNlYmFzdGlh
bi5maWViZXJAd2ViLmRlAAoJEN4ycPhDsoaI9YAIAKjmNi3mDtze0QwDU5vIA8AC
vvtofx7euJu1cxzm8H8bRg4XbtXWUYWXJF9LSDApwQZHqDohDGCLL2AlplOvy3Y4
tdZ7kjGxd7u20CwPPUC9/ILK9h3u+S03svUZrHyQnVseaL83r/z1NjjdLvzD18jz
MCa7j/knnsUnXmt/uWaXbudgh11L4FhdoJuttZmIdQ4UksnIKj0dJ5MflIDoIWEU
7dL3DOV6RYl+ntl8cdPyEdeY8r97uEW22NZawp5rVgXxrIz+kNuwgGAMcWNnytzw
se7h2O/Q8jtura+tPz4A7T19dZOcOtKFnoQWBnQUpJtkevSCqPgmjvTc+B1H+mw=
=43kN
-----END PGP SIGNATURE-----
Information forwarded
to
bug-gnu-emacs <at> gnu.org, bugs <at> gnus.org:
bug#40397; Package
emacs,gnus.
(Thu, 23 Dec 2021 18:26:02 GMT)
Full text and
rfc822 format available.
Message #74 received at 40397 <at> debbugs.gnu.org (full text, mbox):
Information forwarded
to
bug-gnu-emacs <at> gnu.org, bugs <at> gnus.org:
bug#40397; Package
emacs,gnus.
(Thu, 23 Dec 2021 21:07:02 GMT)
Full text and
rfc822 format available.
Message #77 received at 40397 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On Do, Dez 23 2021, Sebastian Fieber <sebastian.fieber <at> web.de> wrote:
> On Do, Dez 23 2021, Sebastian Fieber <sebastian.fieber <at> web.de> wrote:
>
>> This one should apply :)
>
> Wait, this was the wrong one. I'll send the right one during the day!
Last mail seems to be broken. Here is the correct patch again.
[0001-PATCH-fix-bug-40397.patch (text/x-patch, attachment)]
Information forwarded
to
bug-gnu-emacs <at> gnu.org, bugs <at> gnus.org:
bug#40397; Package
emacs,gnus.
(Fri, 24 Dec 2021 09:45:02 GMT)
Full text and
rfc822 format available.
Message #80 received at 40397 <at> debbugs.gnu.org (full text, mbox):
Sebastian Fieber <sebastian.fieber <at> web.de> writes:
> Last mail seems to be broken. Here is the correct patch again.
Thanks; applied to Emacs 29.
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
bug marked as fixed in version 29.1, send any further explanations to
40397 <at> debbugs.gnu.org and Sebastian Fieber <sebastian.fieber <at> web.de>
Request was from
Lars Ingebrigtsen <larsi <at> gnus.org>
to
control <at> debbugs.gnu.org.
(Fri, 24 Dec 2021 09:45:02 GMT)
Full text and
rfc822 format available.
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Fri, 21 Jan 2022 12:24:10 GMT)
Full text and
rfc822 format available.
This bug report was last modified 2 years and 88 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.