GNU bug report logs - #40397
28.0.50; epg decrypt does not verify signed content in smime encrypted and signed message

Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.

Package: emacs,gnus; Reported by: Sebastian Fieber <sebastian.fieber@HIDDEN>; Keywords: moreinfo patch; dated Thu, 2 Apr 2020 23:38:03 UTC; Maintainer for emacs is bug-gnu-emacs@HIDDEN.

Message received at 40397 <at> debbugs.gnu.org:


Received: (at 40397) by debbugs.gnu.org; 3 Aug 2020 06:06:31 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Aug 03 02:06:31 2020
Received: from localhost ([127.0.0.1]:43907 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1k2TcE-0001tc-Sr
	for submit <at> debbugs.gnu.org; Mon, 03 Aug 2020 02:06:31 -0400
Received: from quimby.gnus.org ([95.216.78.240]:41010)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <larsi@HIDDEN>) id 1k2TcC-0001tO-B0
 for 40397 <at> debbugs.gnu.org; Mon, 03 Aug 2020 02:06:29 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnus.org;
 s=20200322; h=Content-Type:MIME-Version:Message-ID:In-Reply-To:Date:
 References:Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding:
 Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
 Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=qtRP5B0SuEANjFkqQqrtTTN4HSfrXQ84ip/NTCjJf7U=; b=XH22Wst8KFUt5BlEPRFijwpjJI
 dk5K5TjTRQqPcpnGb6CeGaSekr7BPQa0G4McSb+BqJVqOU8LmB7n+40evmvKPaJ2D60frbNCqj2DZ
 sEqByzhDm7BlvIYZEVpVFXLaOd3Hrymvi0w/25CwS28/QJjN3ux+Ztft+6LDrWy70kUU=;
Received: from cm-84.212.202.86.getinternet.no ([84.212.202.86] helo=xo)
 by quimby with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.92) (envelope-from <larsi@HIDDEN>)
 id 1k2Tc3-0004tU-Ul; Mon, 03 Aug 2020 08:06:22 +0200
From: Lars Ingebrigtsen <larsi@HIDDEN>
To: Sebastian Fieber <sebastian.fieber@HIDDEN>
Subject: Re: bug#40397: 28.0.50; epg decrypt does not verify signed content
 in smime
References: <87imih5am2.fsf@HIDDEN> <87r1x4dujl.fsf@HIDDEN>
 <87lfna22eh.fsf@HIDDEN> <874ktxtr6d.fsf@HIDDEN>
 <87d08lh0qa.fsf@HIDDEN> <87wo6tayhy.fsf@HIDDEN>
 <85r1x0mv6q.fsf@HIDDEN> <87h7xv9k3x.fsf@HIDDEN>
 <873655oaa5.fsf@HIDDEN> <87bljsajvb.fsf@HIDDEN>
Date: Mon, 03 Aug 2020 08:06:18 +0200
In-Reply-To: <87bljsajvb.fsf@HIDDEN> (Sebastian Fieber's message of "Sun, 02
 Aug 2020 22:11:20 +0200")
Message-ID: <87sgd4e011.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.0.50 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Report: Spam detection software, running on the system "quimby.gnus.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 @@CONTACT_ADDRESS@@ for details.
 Content preview:  Sebastian Fieber <sebastian.fieber@HIDDEN> writes: > There
 are some untested and unimplemented stuff in my implementation. > If I
 remember
 correct there is no real handling of error cases which I > wanted to add
 so it is on par with the other security [...] 
 Content analysis details:   (-2.9 points, 5.0 required)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -1.0 ALL_TRUSTED            Passed through trusted hosts only via SMTP
 -1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%
 [score: 0.0000]
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 40397
Cc: 40397 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Sebastian Fieber <sebastian.fieber@HIDDEN> writes:

> There are some untested and unimplemented stuff in my implementation.
> If I remember correct there is no real handling of error cases which I
> wanted to add so it is on par with the other security buttons
> implementations.

Sure, that sounds good.  Error handling is something that's lacking in
many parts of the Emacs handling of signing/encryption, unfortunately.

> So I'd like to work on this a bit more and provide a
> more fully featured patch.  But I'm pretty busy right now with real
> life, so this may take a few months as I'd need to find some time.

Sure, no hurry.  :-)

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no




Information forwarded to bug-gnu-emacs@HIDDEN, bugs@HIDDEN:
bug#40397; Package emacs,gnus. Full text available.

Message received at 40397 <at> debbugs.gnu.org:


Received: (at 40397) by debbugs.gnu.org; 3 Aug 2020 02:27:22 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Aug 02 22:27:22 2020
Received: from localhost ([127.0.0.1]:43755 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1k2QCA-0002fR-3N
	for submit <at> debbugs.gnu.org; Sun, 02 Aug 2020 22:27:22 -0400
Received: from eggs.gnu.org ([209.51.188.92]:57522)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <eliz@HIDDEN>) id 1k2QC5-0002fA-0R
 for 40397 <at> debbugs.gnu.org; Sun, 02 Aug 2020 22:27:20 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:60500)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <eliz@HIDDEN>)
 id 1k2QBz-0005fI-Mx; Sun, 02 Aug 2020 22:27:11 -0400
Received: from [176.228.60.248] (port=2627 helo=home-c4e4a596f7)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <eliz@HIDDEN>)
 id 1k2QBy-0007bu-GT; Sun, 02 Aug 2020 22:27:11 -0400
Date: Mon, 03 Aug 2020 05:26:56 +0300
Message-Id: <83h7tkbh1r.fsf@HIDDEN>
From: Eli Zaretskii <eliz@HIDDEN>
To: Sebastian Fieber <sebastian.fieber@HIDDEN>
In-Reply-To: <87bljsajvb.fsf@HIDDEN> (message from Sebastian Fieber on Sun, 02
 Aug 2020 22:11:20 +0200)
Subject: Re: bug#40397: 28.0.50;
 epg decrypt does not verify signed content in smime
References: <87imih5am2.fsf@HIDDEN> <87r1x4dujl.fsf@HIDDEN>
 <87lfna22eh.fsf@HIDDEN> <874ktxtr6d.fsf@HIDDEN>
 <87d08lh0qa.fsf@HIDDEN> <87wo6tayhy.fsf@HIDDEN>
 <85r1x0mv6q.fsf@HIDDEN> <87h7xv9k3x.fsf@HIDDEN>
 <873655oaa5.fsf@HIDDEN> <87bljsajvb.fsf@HIDDEN>
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 40397
Cc: larsi@HIDDEN, 40397 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

> From: Sebastian Fieber <sebastian.fieber@HIDDEN>
> Date: Sun, 02 Aug 2020 22:11:20 +0200
> Cc: 40397 <at> debbugs.gnu.org
> 
> Yes, I haven't done any copyright assignment yet but I'd be willing to
> do so if someone can guide me a bit or point me to where I can find info
> about what I have to do.

Thanks, form sent off-list.




Information forwarded to bug-gnu-emacs@HIDDEN, bugs@HIDDEN:
bug#40397; Package emacs,gnus. Full text available.

Message received at 40397 <at> debbugs.gnu.org:


Received: (at 40397) by debbugs.gnu.org; 2 Aug 2020 20:11:32 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Aug 02 16:11:32 2020
Received: from localhost ([127.0.0.1]:43552 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1k2KKS-00029i-EG
	for submit <at> debbugs.gnu.org; Sun, 02 Aug 2020 16:11:32 -0400
Received: from mout.web.de ([212.227.17.11]:49613)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <sebastian.fieber@HIDDEN>) id 1k2KKO-00029S-GH
 for 40397 <at> debbugs.gnu.org; Sun, 02 Aug 2020 16:11:30 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=web.de;
 s=dbaedf251592; t=1596399081;
 bh=F8ZKzFGz5WQKLKwWzgpikpok6mAhWVsg6yX6dRxqhd4=;
 h=X-UI-Sender-Class:From:To:Cc:Subject:References:Date:In-Reply-To;
 b=O0jRj8miG4HqFkX12bl7Fmos1WfnA5LA0o6Vwn2/POQ7v64ZMMyrI/O4FVeOgKRnv
 QOx1WjwMnjaZQDkobdgz4uCQzDviRNiz3EDcGJVBqDTCXleus0pe8hBC+ejFrBKi/E
 JwyLzn3lO/Z0BtL37jZsZiQ6OHm/pQgZ7uxEPaf8=
X-UI-Sender-Class: c548c8c5-30a9-4db5-a2e7-cb6cb037b8f9
Received: from comedian ([80.187.110.190]) by smtp.web.de (mrweb105
 [213.165.67.124]) with ESMTPSA (Nemesis) id 1N62uQ-1kr8aX2L72-016UpT; Sun, 02
 Aug 2020 22:11:21 +0200
From: Sebastian Fieber <sebastian.fieber@HIDDEN>
To: Lars Ingebrigtsen <larsi@HIDDEN>
Subject: Re: bug#40397: 28.0.50; epg decrypt does not verify signed content
 in smime
References: <87imih5am2.fsf@HIDDEN> <87r1x4dujl.fsf@HIDDEN>
 <87lfna22eh.fsf@HIDDEN> <874ktxtr6d.fsf@HIDDEN>
 <87d08lh0qa.fsf@HIDDEN> <87wo6tayhy.fsf@HIDDEN>
 <85r1x0mv6q.fsf@HIDDEN> <87h7xv9k3x.fsf@HIDDEN>
 <873655oaa5.fsf@HIDDEN>
Date: Sun, 02 Aug 2020 22:11:20 +0200
In-Reply-To: <873655oaa5.fsf@HIDDEN> (Lars Ingebrigtsen's message of "Sun,
 02 Aug 2020 08:02:26 +0200")
Message-ID: <87bljsajvb.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.0.50 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Provags-ID: V03:K1:RKGYAGkpekoJlYVx7ccxhZWNpR2vknkFpS7u5Xw8Jcnr9HswUB+
 Vt7X85B3DiQykchNRk3XZ3G7QxdpV2pZvnNLMEqzadFhC2VmfzPzMipdOxbYzlmJDr++hFO
 zk+wTVi+wfBJ6p5Iyl4qSqjSBJo1E41NqkOx5XbKL1PciA8MUhSGyJ18Hohg+ont1Wq4qYc
 1Zu/gaXEToBqvCOzg1erA==
X-Spam-Flag: NO
X-UI-Out-Filterresults: notjunk:1;V03:K0:4u3gXgoLdJs=:3I5Qx7eg36xgqOhwyZD6Uf
 tWJRB+tm/B8BTQ9AQiMABkvx6ErcTSYtLk/t9wHYXmt3trZ1T52Z0FiUlni2fdfzZ1lFAmmnG
 Uz9LmnAjHgNL+y8ya2ElxtQpvlK/4+09yiH8WEmhLNAnvIkzchJ3FYMJo/6QYbrVNR4vaYQ6q
 JO4xSIEdsSF+rqge38mZXnub80SKnG8VjfRu8j/bP+woyIZ+/pTnHjsBHzFlS8qy/wu0Z90PX
 GzI1ywFFBekM4X/uD8KRgSpOmjusKPOA0oDXH26wDsCUgqf0/F2MdTBvXWxAHFWlFpNr+EGtf
 wfl6b2/d34Su/ArxrzMOQnZ6OUcTJOKgzw5KEq6qKkqZZ/EGc0qrAslYCiGby3aZItcVKw7yW
 /xBAnnYGm3JJuk7bWdaxvT0pR8rk0EDyQ1jryfBxX0pSAt5g8FuQxjup0YcsqTrc6e35iicB5
 hqKH6+Hm7vfrk9xKia3VU1ie06DEd6mCYx+GC6LqmIt7o9CHbt8bOH/IPqxqAL8wBukqAR6E5
 wnSvNBkYHfpzZ7UNRrZjxCDLpSLy+j9NQsdpV3SIdPhta0ZyqLgA0GIbh5wugU7D4akjMoOtc
 /fDYFMdjvgo/uqqtlSBUaWcKY/f6b3JkyiMDUCnMSyFe8gRenkCveVjqsqIfJ+AQgo6rhz2mq
 i9TI5Ij0HiWsPUIKkCoTYg+1x8Rvo8P6rKcMKHClOPGxsCDPfCi7Np/pXirOl+tTnTLxNf2R/
 zMW5z6iwy7yaY96UKbCFsCibGPgXhIV+ALg6jKAU2G+C482qok4vCLA0rCbWPuAXoE3wsTCBY
 m2pFlfu78duiFgLyDvNVih24XJ2zFX6VE4uuroUta40ULiW/PIhEXotSoJtEihiuWXqcnp5K/
 ivfeeH9CP/qREZlMhuKfTgWTU+mJPKzqiDcalve5cCs3SuqRXgHkthef7xnR+v87OQAN1KF0b
 4378XkQnleaiiuUfkpm5JTVWUg4C+7G8V+p6d5yYDd+FvNX5oOXPZtndMNmiHKd6KnYmbep9P
 z0KxnFU8T+LBTCu9DRQp5vxmbL5lVrwUYgWzN8Qx2MWGRoVgfGUFnDP51b+0QF8xJE1EqN5TX
 GlRtK0P2hnTbY+KxlgPOs8iAeNH1Aki6m1xlOaaeY9oR7fN2dBnjESqhoZ5Oyi9+VCezDgIVc
 f1iAMwOa0F5kcaQ71HLVm+fCW1MqjZs3R082PU5gljW5f11UwIjsqDOhvjYZXpWVhBDEzbozz
 rLzUbHx8CDlmpMOE2DtKIZCcGMojwXxt1yX1rOw==
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 40397
Cc: 40397 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)

On So, Aug 02 2020, Lars Ingebrigtsen <larsi@HIDDEN> wrote:

>> and also does
>> implement support for the security buttons for application/pkcs7-mime
>> parts.  This is quite nice as application/pkcs7-mime parts are not
>> handled automatically by default in gnus.  ATM you have to set
>> mm-decrypt-option and mm-verify-option at least to 'ask.  So with this
>> supported it should now work out of the box even without setting
>> mm-decrypt-option and mm-verify-option because now gnus shows the
>> buttons properly and one can click on them and decrypt/verify the part
>> "manually".
>
> This sounds like a good addition to me, and would like to apply the
> patch to Emacs 28.  It's a large patch, though, and you don't seem to
> have copyright FSF assignment on file -- is that correct?  If it is,
> would you be willing to sign such paperwork, and we can then apply the
> patch?

Yes, I haven't done any copyright assignment yet but I'd be willing to
do so if someone can guide me a bit or point me to where I can find info
about what I have to do.

There are some untested and unimplemented stuff in my implementation.
If I remember correct there is no real handling of error cases which I
wanted to add so it is on par with the other security buttons
implementations.  So I'd like to work on this a bit more and provide a
more fully featured patch.  But I'm pretty busy right now with real
life, so this may take a few months as I'd need to find some time.

Nontheless I will check if I have done any changes to my provided patch
and resubmit it if I have any work pending - if you don't want to wait
for me and want to apply the patch anyway even without proper error
handling.




Information forwarded to bug-gnu-emacs@HIDDEN, bugs@HIDDEN:
bug#40397; Package emacs,gnus. Full text available.
Added tag(s) moreinfo. Request was from Lars Ingebrigtsen <larsi@HIDDEN> to control <at> debbugs.gnu.org. Full text available.
Added tag(s) patch. Request was from Lars Ingebrigtsen <larsi@HIDDEN> to control <at> debbugs.gnu.org. Full text available.

Message received at 40397 <at> debbugs.gnu.org:


Received: (at 40397) by debbugs.gnu.org; 2 Aug 2020 06:02:39 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Aug 02 02:02:38 2020
Received: from localhost ([127.0.0.1]:41455 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1k274w-0006cH-H1
	for submit <at> debbugs.gnu.org; Sun, 02 Aug 2020 02:02:38 -0400
Received: from quimby.gnus.org ([95.216.78.240]:58060)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <larsi@HIDDEN>) id 1k274u-0006Wo-77
 for 40397 <at> debbugs.gnu.org; Sun, 02 Aug 2020 02:02:37 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnus.org;
 s=20200322; h=Content-Type:MIME-Version:Message-ID:In-Reply-To:Date:
 References:Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding:
 Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
 Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=35f+Kvx+bWIfNI4Jj4Nn1JSQLAYxHTII97YfzMlArNQ=; b=tPKtSOcE+WYvfgSqejv/Dcoc3Z
 tBUjgSRrLOySCUYAe/paLrIkNuVIKFFj7K1wtp6iz3cZHWpTm78N/1Rkc3ns4b9bh9Qr1B4Rdhx3J
 rHmwjj03e82jEBYPXxtZM2lFd0CmBtBdlx3wcf+QMRWvq4h6ZUXB4mm/25H4youiUH/s=;
Received: from cm-84.212.202.86.getinternet.no ([84.212.202.86] helo=xo)
 by quimby with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.92) (envelope-from <larsi@HIDDEN>)
 id 1k274l-0005ZJ-9k; Sun, 02 Aug 2020 08:02:30 +0200
From: Lars Ingebrigtsen <larsi@HIDDEN>
To: Sebastian Fieber <sebastian.fieber@HIDDEN>
Subject: Re: bug#40397: 28.0.50; epg decrypt does not verify signed content
 in smime
References: <87imih5am2.fsf@HIDDEN> <87r1x4dujl.fsf@HIDDEN>
 <87lfna22eh.fsf@HIDDEN> <874ktxtr6d.fsf@HIDDEN>
 <87d08lh0qa.fsf@HIDDEN> <87wo6tayhy.fsf@HIDDEN>
 <85r1x0mv6q.fsf@HIDDEN> <87h7xv9k3x.fsf@HIDDEN>
Date: Sun, 02 Aug 2020 08:02:26 +0200
In-Reply-To: <87h7xv9k3x.fsf@HIDDEN> (Sebastian Fieber's message of "Tue, 07
 Apr 2020 21:22:26 +0200")
Message-ID: <873655oaa5.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.0.50 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Report: Spam detection software, running on the system "quimby.gnus.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 @@CONTACT_ADDRESS@@ for details.
 Content preview: Sebastian Fieber <sebastian.fieber@HIDDEN> writes: > I have
 attached a new patch which fixes the problem Thanks; I didn't see this bug
 report before I fixed the text/plain thing in a different way. (So I think
 s/mime should basically work again now in Emacs 27.) 
 Content analysis details:   (-2.9 points, 5.0 required)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -1.0 ALL_TRUSTED            Passed through trusted hosts only via SMTP
 -1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%
 [score: 0.0000]
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 40397
Cc: 40397 <at> debbugs.gnu.org, Noam Postavsky <npostavs@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Sebastian Fieber <sebastian.fieber@HIDDEN> writes:

> I have attached a new patch which fixes the problem

Thanks; I didn't see this bug report before I fixed the text/plain thing
in a different way.  (So I think s/mime should basically work again now
in Emacs 27.)

> and also does
> implement support for the security buttons for application/pkcs7-mime
> parts.  This is quite nice as application/pkcs7-mime parts are not
> handled automatically by default in gnus.  ATM you have to set
> mm-decrypt-option and mm-verify-option at least to 'ask.  So with this
> supported it should now work out of the box even without setting
> mm-decrypt-option and mm-verify-option because now gnus shows the
> buttons properly and one can click on them and decrypt/verify the part
> "manually".

This sounds like a good addition to me, and would like to apply the
patch to Emacs 28.  It's a large patch, though, and you don't seem to
have copyright FSF assignment on file -- is that correct?  If it is,
would you be willing to sign such paperwork, and we can then apply the
patch?

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no




Information forwarded to bug-gnu-emacs@HIDDEN, bugs@HIDDEN:
bug#40397; Package emacs,gnus. Full text available.

Message received at 40397 <at> debbugs.gnu.org:


Received: (at 40397) by debbugs.gnu.org; 19 Apr 2020 12:16:23 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Apr 19 08:16:23 2020
Received: from localhost ([127.0.0.1]:44204 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jQ8s3-0004Wb-AO
	for submit <at> debbugs.gnu.org; Sun, 19 Apr 2020 08:16:23 -0400
Received: from mail-qv1-f44.google.com ([209.85.219.44]:42669)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <npostavs@HIDDEN>) id 1jQ8s1-0004WP-Df
 for 40397 <at> debbugs.gnu.org; Sun, 19 Apr 2020 08:16:21 -0400
Received: by mail-qv1-f44.google.com with SMTP id v18so3273132qvx.9
 for <40397 <at> debbugs.gnu.org>; Sun, 19 Apr 2020 05:16:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:in-reply-to:references:user-agent:date
 :message-id:mime-version;
 bh=XbglJOAEdQJH/ueEuB478HdJ97dM+KKKoPcRiUd9SJo=;
 b=axtbh2twAQAGsnmVjWor+4b4XXOKuqaOX+TzdQPt+MI9vI5xUrQFI+2mVI2Ywy5mcL
 g/YlHCLt3cOJxnGhOCRsbL1YOgzFb2JbpzGV9wJfstmVWjV+veRJrns3VZinMJuT1z59
 24kTvjmG6GgqM1xYG2PgXrU2h++Ja8SZsTigLu8WVVXobSRAE8Joi/v3ksOkBJKx5DuY
 FTiHkp4z+TkUEUo4PaxGYgwnUVNj9Eift/pV4Fhqmgx44V/ciSOV8vEHiyYBBweP+3+S
 L83pAjbg3q5PQnJgTqyfAZwGiaHh3g3Hq0cElTKUX2flXVjRzRf/2z5578YdejPsvGNK
 GTsA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:in-reply-to:references
 :user-agent:date:message-id:mime-version;
 bh=XbglJOAEdQJH/ueEuB478HdJ97dM+KKKoPcRiUd9SJo=;
 b=jGqRnYe1hPev1nE6QKwsrvyGl4u4U43/KGVOZn9vIB2ae5BNbkxsbJ96G37mMPXKuC
 bHzzOlGph64l2MpMyZokxPva4oPzrYSkNUZyC/O59jEZxsTpLLD8UG6WjvpLUtqTUFDV
 9/+ZQerbAlaceqix4mCEuR1ZpyYMbGumdZxyg7j5aoHuhJFRYMgHRWztvAGM6saTGNxV
 7ffz3RmpPk3fD8+mHt64HKmMkErQufe9/8X0kRIRm3/TW3mIeaOij/AGwC24+qI7bzh4
 4bZ97/vqTrvnMj47Y6HgYUu11VgJkz4yEPJMnMI56hiGO63eixRLAHj6J6ojS5X7BUDg
 BHxg==
X-Gm-Message-State: AGi0PuYP6T862eF8RZXwnpp4rTCplmCRZwiaXApZTaWm/E9OVPQl8pym
 AWek5ZM7PqFM56TMvsH06HgrdadM
X-Google-Smtp-Source: APiQypLZKpdJFVprSSqQsUTUTE6o2fT+S7Fx4UQd+4tFPny7Koef4VqK5x39JmCfeWWPbbzQdBH+WQ==
X-Received: by 2002:ad4:4f0e:: with SMTP id fb14mr7915337qvb.160.1587298575789; 
 Sun, 19 Apr 2020 05:16:15 -0700 (PDT)
Received: from LAPTOP-5NDQIUP9 (cbl-45-2-119-47.yyz.frontiernetworks.ca.
 [45.2.119.47])
 by smtp.gmail.com with ESMTPSA id u190sm8572257qkb.102.2020.04.19.05.16.14
 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256);
 Sun, 19 Apr 2020 05:16:15 -0700 (PDT)
From: Noam Postavsky <npostavs@HIDDEN>
To: Sebastian Fieber <sebastian.fieber@HIDDEN>
Subject: Re: bug#40397: 28.0.50;
 epg decrypt does not verify signed content in smime
In-Reply-To: <87h7xv9k3x.fsf@HIDDEN> (Sebastian Fieber's message of "Tue, 07
 Apr 2020 21:22:26 +0200")
References: <87imih5am2.fsf@HIDDEN> <87r1x4dujl.fsf@HIDDEN>
 <87lfna22eh.fsf@HIDDEN> <874ktxtr6d.fsf@HIDDEN> <87d08lh0qa.fsf@HIDDEN>
 <87wo6tayhy.fsf@HIDDEN> <85r1x0mv6q.fsf@HIDDEN> <87h7xv9k3x.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (windows-nt)
Date: Sun, 19 Apr 2020 08:16:10 -0400
Message-ID: <86blnn8yd1.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 40397
Cc: 40397 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

As I mentioned previously, I'm not really familiar enough with the code
to give a proper review, but I have a couple of minor comments.

Sebastian Fieber <sebastian.fieber@HIDDEN> writes:

> +               (setq intermediate-result (cons (car ctl) (list intermediate-result))))

Or just

    (setq intermediate-result (list (car ctl) intermediate-result))

> @@ -1672,17 +1701,27 @@ mm-possibly-verify-or-decrypt
> -      (with-temp-buffer
> -	(when (and (cond
> -		    ((eq mm-decrypt-option 'never) nil)
> -		    ((eq mm-decrypt-option 'always) t)
> -		    ((eq mm-decrypt-option 'known) t)
> -		    (t (y-or-n-p
> -			(format "Decrypt (S/MIME) part? "))))
> -		   (mm-view-pkcs7 parts from))
> -	  (goto-char (point-min))
> -	  (insert "Content-type: text/plain\n\n")
> -	  (setq parts (mm-dissect-buffer t)))))
> +      (add-text-properties 0 (length (car ctl))
> +			   (list 'buffer (car parts))
> +			   (car ctl))
> +      (let* ((smime-type (cdr (assoc 'smime-type ctl)))
> +             (envelope-p (string= smime-type "enveloped-data"))
> +             (decrypt-or-sign-option (if envelope-p
> +                                         mm-decrypt-option
> +                                       mm-verify-option))
> +             (question (if envelope-p
> +                           "Decrypt (S/MIME) part? "
> +                         "Verify signed (S/MIME) part? ")))
> +        (with-temp-buffer
> +	  (when (and (cond
> +		      ((eq decrypt-or-sign-option 'never) nil)
> +		      ((eq decrypt-or-sign-option 'always) t)
> +		      ((eq decrypt-or-sign-option 'known) t)
> +		      (t (y-or-n-p
> +			  (format question)))))
> +	    (mm-view-pkcs7 parts from)
> +	    (goto-char (point-min))
> +	    (setq parts (mm-dissect-buffer t))))))

You moved the 'mm-view-pkcs7' call out of the condition.  If that was on
purpose, then you should remove the 'and', since it's now redundant.




Information forwarded to bug-gnu-emacs@HIDDEN, bugs@HIDDEN:
bug#40397; Package emacs,gnus. Full text available.

Message received at 40397 <at> debbugs.gnu.org:


Received: (at 40397) by debbugs.gnu.org; 7 Apr 2020 19:22:39 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Apr 07 15:22:39 2020
Received: from localhost ([127.0.0.1]:50907 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jLtnz-0008Oh-2K
	for submit <at> debbugs.gnu.org; Tue, 07 Apr 2020 15:22:39 -0400
Received: from mout.web.de ([212.227.15.14]:35579)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <sebastian.fieber@HIDDEN>) id 1jLtnw-0008OS-9q
 for 40397 <at> debbugs.gnu.org; Tue, 07 Apr 2020 15:22:37 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=web.de;
 s=dbaedf251592; t=1586287348;
 bh=xuyE6rDgs9o68zhK8FJp0SO3YQJ8/uiidNYY5EIrMOI=;
 h=X-UI-Sender-Class:From:To:Cc:Subject:References:Date;
 b=FUTBV6r9fBD0ESljQb9t4fKtQAlEvF4g5bWyngpSWLmOQb8g08PLy/J66vMpkNHup
 w+Gfd3beeWoKKNid6KFSMqbzEOvN6WTjPg5QzjMwxsRXG9p4IUn146aVJg9WLQw3iI
 8WFMhBLYnv7O5Uwy8HPw1CkM8SuPbjf2MrC9dXQ8=
X-UI-Sender-Class: c548c8c5-30a9-4db5-a2e7-cb6cb037b8f9
Received: from comedian ([79.202.68.127]) by smtp.web.de (mrweb004
 [213.165.67.108]) with ESMTPSA (Nemesis) id 0Lx2Wv-1jFOUn0hsv-016eCz; Tue, 07
 Apr 2020 21:22:28 +0200
From: Sebastian Fieber <sebastian.fieber@HIDDEN>
To: Noam Postavsky <npostavs@HIDDEN>
Subject: Re: bug#40397: 28.0.50; epg decrypt does not verify signed content
 in smime
References: <87imih5am2.fsf@HIDDEN> <87r1x4dujl.fsf@HIDDEN>
 <87lfna22eh.fsf@HIDDEN> <874ktxtr6d.fsf@HIDDEN>
 <87d08lh0qa.fsf@HIDDEN> <87wo6tayhy.fsf@HIDDEN>
 <85r1x0mv6q.fsf@HIDDEN>
Date: Tue, 07 Apr 2020 21:22:26 +0200
Message-ID: <87h7xv9k3x.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.0.50 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
X-Provags-ID: V03:K1:O9qUJpAwcOcVNFfOb5kVRq/0SAH8euWGHTvRHLre60YPyfPzc5T
 5tS5D5JU26k7BRpRgquWXFcFhISZDUH1tgfbYMkDOvFEVNJWmbANdBO6K0IXjZa6Q8/S3BP
 jbgJ1O9iGxonQOo48T19OiJKP4kEOOrOA0gHWAv/1D4uGY0fnGw5qXLnOqKJl89VOZ0QA7L
 lcVZEWD0jgU95Qpxgi3jg==
X-Spam-Flag: NO
X-UI-Out-Filterresults: notjunk:1;V03:K0:wC0DoX3rcv8=:FfznE5E451mns2ORSo/o/h
 fCmlzAuFIkDQ1uaGXJ+R3155ts6BcoK2aZK13uRq/U9I/zfjO7Z1cxcEVxxHH+ZBLngCyJhrt
 62xFWMmeN/Tb7ueMhrfE9evoh8kop2xhIUjrUk/qLA2jx+sINPAx7DfqzzqoinHY2jRWjJkhg
 bzCk6fLeTngh1bHwP/9O4vuJJKIl4NHuN8ljct1Nu4PvVnANqli2q8fEsdQn951paAO2v7Hpy
 O/NjN9oHBkz/B0v7xN5Fd++J4ENOaLPx8aFIx+DPinajqO8RpBz9ZTBJRxUpBiSczwiRHoG8q
 cmVm9K6GIulBopQqnqA6YKcOOsqmg9KH3RaU35VvLAIXTksZySM6mHqVtUo6OGAHMfjGYCMYL
 GSgjf5L+8WocMBPQMKceMb17+B3o9+32Zn3ljdaD1DriGAM52uxWIg0LeSlMjPeuQ2iuUhUtQ
 Q0QizmUv/JE2IVQ9q71bP2sJYbrN+mxFh5ox0mh4zdS7eKndH6tBs/vWBLWiIF1xMSyNatlza
 d1rzZQVP/i34OmjUsCv09e7zwiITIDLTcepfgOP6Unbgib63uARrV/QxeRVBnn1dfE1JkaylR
 CyLOJDp1nY2GMZgiThO8e5bAgXYFkczs9HGFyw30JMT1kRYPpH3KYCUEOl+9lYuveuRYU8zIG
 0pWVCzpH2rfz33aPsIQtSGz3l69CkNJmU79bVX6YbFlOHKf95WGmiJo3e4CKo/eZbkIhgoy40
 PdssCzCAF/oC65AV/Vp5BPCAzDrwBIwOCpHQOLkWc74LQpXn7U3Rq4LTeMRi/i/VcRcwvKXjv
 +FuOkQdEFndx/aYCv7ktc1GC+H0w5Pr3hbrTbpFBC4eaO+bYNVhcYAu/lHfpbX3qLbEwK/C5x
 zfMURAkiCMe88kSRPdnpxD2+iGD7Bts5c2EKyuu30vc4l99u1k0SIQDKi2hu7o2fdUWVYgCBK
 2oVD6q5LRT7VDPXVSXix5e/PgjaKAfCS4I1krmcksZJXwxhghCF/dmdlYXNoHZXbXsqxMuEQv
 MuYRGOaucWMzW+bgqjkVrDkbjQWJk1cxQgfbpXs8c00R9/OI0v2rVMzOJ1avxFbYJ95rXAJuA
 J0U0ZWAS86DZHJzz2rvtKcEuryCEX7ToeN93eKMMCxf1xkbW1lk4tCGuPI18f76UCsBxjUwr7
 kftAZGOxAFvXaj1RFlwDAi7ACyRzaCRqFJ0cS+jWCIpbqG8UCFDomIg7u1wENZrg917CYmfSn
 IFdV/3wdo6JhKV9jm
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 40397
Cc: 40397 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)

--=-=-=
Content-Type: text/plain

On Mo, Apr 06 2020, Noam Postavsky <npostavs@HIDDEN> wrote:

> This hunk looks a bit suspicious to me as well, I don't think you can
> apply operators like "?" to anchors.
>
> @@ -759,7 +782,7 @@ MIME-Version header before proceeding."
>          (mb enable-multibyte-characters)
>          beg)
>      (goto-char (point-min))
> -    (search-forward-regexp "^\n" nil 'move) ;; There might be no body.
> +    (search-forward-regexp "^?\n" nil 'move) ;; There might be no body.
>      (setq beg (point))
>      (with-current-buffer
>            (generate-new-buffer " *mm*")
>

Yes, this sections is also wrong.

>> Since you have looked over the patch: What do you think about the
>> approach to internally structure application/pkcs7-mime parts like
>> multipart parts containing the mime type with text properties until the
>> decrypted, maybe verified singlepart in the car of the handle?
> Sorry, I'm not familiar enough with how this code is currently
> structured to say anything intelligent about that.

No problem :)

I have attached a new patch which fixes the problem and also does
implement support for the security buttons for application/pkcs7-mime
parts.  This is quite nice as application/pkcs7-mime parts are not
handled automatically by default in gnus.  ATM you have to set
mm-decrypt-option and mm-verify-option at least to 'ask.  So with this
supported it should now work out of the box even without setting
mm-decrypt-option and mm-verify-option because now gnus shows the
buttons properly and one can click on them and decrypt/verify the part
"manually".

This time the patch should be clean and was tested properly at least
with mml-smime-use 'epg.  I'm not quite sure if the patch breaks using
openssl as I didn't get this running.  Maybe someone can test this? If
this does break using openssl modifying mm-views decrypt and verify
function should suffice to fix any problems.

The gist of the patch is: treat application/pkcs7-mime like multipart
mails and especially multipart/encrypted with protocol
application/pgp-encrypted and change not more stuff than necessary.

Here is the commit message which is a bit more detailed (also found in
the patch):

"This fixes S/MIME encrypted AND signed mails where in the encrypted
pkcs7 envelope is a signed pkcs7 structure.

Also this patch enables proper security-buttons for pkcs7-mime
encrypted and/or signed mails.

Changes:
- don't force Content-type header to text/plain in front of decrypted
  content for smime decryption using mm-view-pkcs7.  This fixes the
  initial bug where the signed part was not verified due to the wrong
  content type header.

- structure the result of mm-dissect-buffer of application/pkcs7-mime
  like a multipart mail so there is no loosing of information of
  verification and decryption results which can now be displayed by
  gnus-mime-display-security

- adjust gnus-mime-display-part to handle application/pkcs7-mime like
  multipart/encrypted or multipart/signed

- add dummy entries to mm-verify-function-alist and
  mm-decrypt-function-alist so gnus-mime-display-security correctly
  displays "S/MIME" and not "unknown protocol"

- don't just check for multipart/signed in
  gnus-insert-mime-security-button but also for the pkcs7-mime mimetypes
  to print "Encrypted" or "Signed" accordingly in the security button

- adjust mm-possibly-verify-or-decrypt to check for smime-type to ask
  wether to verify or decrypt the part and not to always ask to decrypt

- adjust mm-view-pkcs7-decrypt and verify to call mm-sec-status so
  success information can be displayed by gnus-mime-display-security

- in mm-view-pkcs7-verify also remove carriage returns like in
  mm-view-pkcs7-decrypt

- adjust gnus-mime-security-verify-or-decrypt to handle pkcs7-mime
  right with the done changes

TODO: mm-view-pkcs7-decrypt and verify error handling and
reporting. ATM there is only the good case implemented - at least for
reporting with gnus-mime-display-security."


--=-=-=
Content-Type: text/x-patch
Content-Disposition: attachment; filename=0001-fix-bug-40397.patch

From 3f85a1a72953f0877d2edcf56e872e7fe760b9f9 Mon Sep 17 00:00:00 2001
From: Sebastian Fieber <sebastian.fieber@HIDDEN>
Date: Mon, 6 Apr 2020 20:45:05 +0200
Subject: [PATCH] fix bug #40397

This fixes S/MIME encrypted AND signed mails where in the encrypted
pkcs7 envelope is a signed pkcs7 structure.

Also this patch enables proper security-buttons for pkcs7-mime
encrypted and/or signed mails.

Changes:
- don't force Content-type header to text/plain in front of decrypted
  content for smime decryption using mm-view-pkcs7. This fixes the
  initial bug where the signed part was not verified due to the wrong
  content type header.

- structure the result of mm-dissect-buffer of application/pkcs7-mime
  like a multipart mail so there is no loosing of information of
  verification and decryption results which can now be displayed by
  gnus-mime-display-security

- adjust gnus-mime-display-part to handle application/pkcs7-mime like
  multipart/encrypted or multipart/signed

- add dummy entries to mm-verify-function-alist and
  mm-decrypt-function-alist so gnus-mime-display-security correctly
  displays "S/MIME" and not "unknown protocol"

- don't just check for multipart/signed in
  gnus-insert-mime-security-button but also for the pkcs7-mime mimetypes
  to print "Encrypted" or "Signed" accordingly in the security button

- adjust mm-possibly-verify-or-decrypt to check for smime-type to ask
  wether to verify or decrypt the part and not to always ask to decrypt

- adjust mm-view-pkcs7-decrypt and verify to call mm-sec-status so
  success information can be displayed by gnus-mime-display-security

- in mm-view-pkcs7-verify also remove carriage returns like in
  mm-view-pkcs7-decrypt

- adjust gnus-mime-security-verify-or-decrypt to handle pkcs7-mime
  right with the done changes

TODO: mm-view-pkcs7-decrypt and verify error handling and
reporting. ATM there is only the good case implemented - at least for
reporting with gnus-mime-display-security.
---
 lisp/gnus/gnus-art.el  | 60 ++++++++++++++++++++++++++++---
 lisp/gnus/mm-decode.el | 81 +++++++++++++++++++++++++++++++-----------
 lisp/gnus/mm-view.el   | 25 +++++++++++--
 3 files changed, 138 insertions(+), 28 deletions(-)

diff --git a/lisp/gnus/gnus-art.el b/lisp/gnus/gnus-art.el
index 6b9610d312..b130650df6 100644
--- a/lisp/gnus/gnus-art.el
+++ b/lisp/gnus/gnus-art.el
@@ -5986,6 +5986,34 @@ gnus-mime-display-part
    ((equal (car handle) "multipart/encrypted")
     (gnus-add-wash-type 'encrypted)
     (gnus-mime-display-security handle))
+   ;; pkcs7-mime handling:
+   ;;
+   ;; although not really multipart these are structured internally by
+   ;; mm-dissect-buffer like multipart to not discard the decryption
+   ;; and verification results
+   ;;
+   ;; application/pkcs7-mime
+   ((and (equal (car handle) "application/pkcs7-mime")
+         (equal (mm-handle-multipart-ctl-parameter handle 'protocol)
+                "application/pkcs7-mime_signed-data"))
+    (gnus-add-wash-type 'signed)
+    (gnus-mime-display-security handle))
+   ((and (equal (car handle) "application/pkcs7-mime")
+         (equal (mm-handle-multipart-ctl-parameter handle 'protocol)
+                "application/pkcs7-mime_enveloped-data"))
+    (gnus-add-wash-type 'encrypted)
+    (gnus-mime-display-security handle))
+   ;; application/x-pkcs7-mime
+   ((and (equal (car handle) "application/x-pkcs7-mime")
+         (equal (mm-handle-multipart-ctl-parameter handle 'protocol)
+                "application/x-pkcs7-mime_signed-data"))
+    (gnus-add-wash-type 'signed)
+    (gnus-mime-display-security handle))
+   ((and (equal (car handle) "application/x-pkcs7-mime")
+         (equal (mm-handle-multipart-ctl-parameter handle 'protocol)
+                "application/x-pkcs7-mime_enveloped-data"))
+    (gnus-add-wash-type 'encrypted)
+    (gnus-mime-display-security handle))
    ;; Other multiparts are handled like multipart/mixed.
    (t
     (gnus-mime-display-mixed (cdr handle)))))
@@ -8733,9 +8761,16 @@ gnus-mime-security-verify-or-decrypt
     (with-current-buffer (mm-handle-multipart-original-buffer handle)
       (let* ((mm-verify-option 'known)
 	     (mm-decrypt-option 'known)
-	     (nparts (mm-possibly-verify-or-decrypt (cdr handle) handle)))
+             (pkcs7-mime-p (or (equal (car handle) "application/pkcs7-mime")
+                               (equal (car handle) "application/x-pkcs7-mime")))
+	     (nparts (if pkcs7-mime-p
+                         (list (mm-possibly-verify-or-decrypt (cadr handle) (cadadr handle)))
+                       (mm-possibly-verify-or-decrypt (cdr handle) handle))))
 	(unless (eq nparts (cdr handle))
-	  (mm-destroy-parts (cdr handle))
+          ;; if pkcs7-mime don't destroy the parts as the buffer in
+          ;; the cdr still needs to be accessible
+          (when (not pkcs7-mime-p)
+	    (mm-destroy-parts (cdr handle)))
 	  (setcdr handle nparts))))
     (gnus-mime-display-security handle)
     (when region
@@ -8793,8 +8828,25 @@ gnus-insert-mime-security-button
 	   (or (nth 2 (assoc protocol mm-verify-function-alist))
 	       (nth 2 (assoc protocol mm-decrypt-function-alist))
 	       "Unknown")
-	   (if (equal (car handle) "multipart/signed")
-	       " Signed" " Encrypted")
+	   (cond ((equal (car handle) "multipart/signed") " Signed")
+	         ((equal (car handle) "multipart/encrypted") " Encrypted")
+                 ((and (equal (car handle) "application/pkcs7-mime")
+                       (equal (mm-handle-multipart-ctl-parameter handle 'protocol)
+                              "application/pkcs7-mime_signed-data"))
+                  " Signed")
+                 ((and (equal (car handle) "application/pkcs7-mime")
+                       (equal (mm-handle-multipart-ctl-parameter handle 'protocol)
+                              "application/pkcs7-mime_enveloped-data"))
+                  " Encrypted")
+                 ;; application/x-pkcs7-mime
+                 ((and (equal (car handle) "application/x-pkcs7-mime")
+                       (equal (mm-handle-multipart-ctl-parameter handle 'protocol)
+                              "application/x-pkcs7-mime_signed-data"))
+                  " Signed")
+                 ((and (equal (car handle) "application/x-pkcs7-mime")
+                       (equal (mm-handle-multipart-ctl-parameter handle 'protocol)
+                              "application/x-pkcs7-mime_enveloped-data"))
+                  " Encrypted"))
 	   " Part"))
 	 (gnus-tmp-info
 	  (or (mm-handle-multipart-ctl-parameter handle 'gnus-info)
diff --git a/lisp/gnus/mm-decode.el b/lisp/gnus/mm-decode.el
index 96695aabfd..da1a7c36a5 100644
--- a/lisp/gnus/mm-decode.el
+++ b/lisp/gnus/mm-decode.el
@@ -473,6 +473,7 @@ mm-dissect-default-type
 (autoload 'mml2015-verify-test "mml2015")
 (autoload 'mml-smime-verify "mml-smime")
 (autoload 'mml-smime-verify-test "mml-smime")
+(autoload 'mm-view-pkcs7-verify "mm-view")

 (defvar mm-verify-function-alist
   '(("application/pgp-signature" mml2015-verify "PGP" mml2015-verify-test)
@@ -481,7 +482,15 @@ mm-verify-function-alist
     ("application/pkcs7-signature" mml-smime-verify "S/MIME"
      mml-smime-verify-test)
     ("application/x-pkcs7-signature" mml-smime-verify "S/MIME"
-     mml-smime-verify-test)))
+     mml-smime-verify-test)
+    ("application/x-pkcs7-signature" mml-smime-verify "S/MIME"
+     mml-smime-verify-test)
+    ;; these are only used for security-buttons and contain the
+    ;; smime-type after the underscore
+    ("application/pkcs7-mime_signed-data" mm-view-pkcs7-verify "S/MIME"
+     nil)
+    ("application/x-pkcs7-mime_signed-data" mml-view-pkcs7-verify "S/MIME"
+     nil)))

 (defcustom mm-verify-option 'never
   "Option of verifying signed parts.
@@ -500,11 +509,16 @@ mm-verify-option

 (autoload 'mml2015-decrypt "mml2015")
 (autoload 'mml2015-decrypt-test "mml2015")
+(autoload 'mm-view-pkcs7-decrypt "mm-view")

 (defvar mm-decrypt-function-alist
   '(("application/pgp-encrypted" mml2015-decrypt "PGP" mml2015-decrypt-test)
     ("application/x-gnus-pgp-encrypted" mm-uu-pgp-encrypted-extract-1 "PGP"
-     mm-uu-pgp-encrypted-test)))
+     mm-uu-pgp-encrypted-test)
+    ;; these are only used for security-buttons and contain the
+    ;; smime-type after the underscore
+    ("application/pkcs7-mime_enveloped-data" mm-view-pkcs7-decrypt "S/MIME" nil)
+    ("application/x-pkcs7-mime_enveloped-data" mm-view-pkcs7-decrypt "S/MIME" nil)))

 (defcustom mm-decrypt-option nil
   "Option of decrypting encrypted parts.
@@ -682,14 +696,29 @@ mm-dissect-buffer
 				  (car ctl))
 	     (cons (car ctl) (mm-dissect-multipart ctl from))))
 	  (t
-	   (mm-possibly-verify-or-decrypt
-	    (mm-dissect-singlepart
-	     ctl
-	     (and cte (intern (downcase (mail-header-strip-cte cte))))
-	     no-strict-mime
-	     (and cd (mail-header-parse-content-disposition cd))
-	     description id)
-	    ctl from))))
+	   (let* ((handle
+                   (mm-dissect-singlepart
+	            ctl
+	            (and cte (intern (downcase (mail-header-strip-cte cte))))
+	            no-strict-mime
+	            (and cd (mail-header-parse-content-disposition cd))
+	            description id))
+                  (intermediate-result (mm-possibly-verify-or-decrypt handle ctl from)))
+             (when (and (equal type "application")
+                        (or (equal subtype "pkcs7-mime")
+                            (equal subtype "x-pkcs7-mime")))
+               (add-text-properties 0
+                                    (length (car ctl))
+                                    (list 'protocol
+                                          (concat (substring-no-properties (car ctl))
+                                                  "_"
+                                                  (cdr (assoc 'smime-type ctl))))
+                                    (car ctl))
+               ;; if this is a pkcs7-mime lets treat this special and
+               ;; more like multipart so the pkcs7-mime part does not
+               ;; get ignored
+               (setq intermediate-result (cons (car ctl) (list intermediate-result))))
+             intermediate-result))))
 	(when id
 	  (when (string-match " *<\\(.*\\)> *" id)
 	    (setq id (match-string 1 id)))
@@ -1672,17 +1701,27 @@ mm-possibly-verify-or-decrypt
     (cond
      ((or (equal type "application/x-pkcs7-mime")
 	  (equal type "application/pkcs7-mime"))
-      (with-temp-buffer
-	(when (and (cond
-		    ((eq mm-decrypt-option 'never) nil)
-		    ((eq mm-decrypt-option 'always) t)
-		    ((eq mm-decrypt-option 'known) t)
-		    (t (y-or-n-p
-			(format "Decrypt (S/MIME) part? "))))
-		   (mm-view-pkcs7 parts from))
-	  (goto-char (point-min))
-	  (insert "Content-type: text/plain\n\n")
-	  (setq parts (mm-dissect-buffer t)))))
+      (add-text-properties 0 (length (car ctl))
+			   (list 'buffer (car parts))
+			   (car ctl))
+      (let* ((smime-type (cdr (assoc 'smime-type ctl)))
+             (envelope-p (string= smime-type "enveloped-data"))
+             (decrypt-or-sign-option (if envelope-p
+                                         mm-decrypt-option
+                                       mm-verify-option))
+             (question (if envelope-p
+                           "Decrypt (S/MIME) part? "
+                         "Verify signed (S/MIME) part? ")))
+        (with-temp-buffer
+	  (when (and (cond
+		      ((eq decrypt-or-sign-option 'never) nil)
+		      ((eq decrypt-or-sign-option 'always) t)
+		      ((eq decrypt-or-sign-option 'known) t)
+		      (t (y-or-n-p
+			  (format question)))))
+	    (mm-view-pkcs7 parts from)
+	    (goto-char (point-min))
+	    (setq parts (mm-dissect-buffer t))))))
      ((equal subtype "signed")
       (unless (and (setq protocol
 			 (mm-handle-multipart-ctl-parameter ctl 'protocol))
diff --git a/lisp/gnus/mm-view.el b/lisp/gnus/mm-view.el
index 828ac633dc..34da9464ce 100644
--- a/lisp/gnus/mm-view.el
+++ b/lisp/gnus/mm-view.el
@@ -591,8 +591,15 @@ mm-view-pkcs7-verify
 	 (with-temp-buffer
 	   (insert-buffer-substring (mm-handle-buffer handle))
 	   (goto-char (point-min))
-	   (let ((part (base64-decode-string (buffer-string))))
-	     (epg-verify-string (epg-make-context 'CMS) part))))
+           (let* ((part (base64-decode-string (buffer-string)))
+                  (context (epg-make-context 'CMS))
+                  (plain (epg-verify-string context part)))
+             (mm-sec-status
+              'gnus-info
+              (epg-verify-result-to-string (epg-context-result-for context 'verify))
+              'gnus-details
+              nil)
+             plain)))
       (with-temp-buffer
 	(insert "MIME-Version: 1.0\n")
 	(mm-insert-headers "application/pkcs7-mime" "base64" "smime.p7m")
@@ -601,6 +608,10 @@ mm-view-pkcs7-verify
       (if verified
 	  (insert verified)
 	(insert-buffer-substring smime-details-buffer)))
+    (goto-char (point-min))
+    (while (search-forward "\r\n" nil t)
+      (replace-match "\n"))
+    (goto-char (point-min))
     t))

 (autoload 'epg-decrypt-string "epg")
@@ -612,7 +623,15 @@ mm-view-pkcs7-decrypt
       ;; Use EPG/gpgsm
       (let ((part (base64-decode-string (buffer-string))))
 	(erase-buffer)
-	(insert (epg-decrypt-string (epg-make-context 'CMS) part)))
+	(insert
+         (let* ((context (epg-make-context 'CMS))
+                (plain (epg-decrypt-string context part)))
+           (mm-sec-status
+            'gnus-info
+            "OK"
+            'gnus-details
+            nil)
+           plain)))
     ;; Use openssl
     (insert "MIME-Version: 1.0\n")
     (mm-insert-headers "application/pkcs7-mime" "base64" "smime.p7m")
--
2.25.2


--=-=-=--




Information forwarded to bug-gnu-emacs@HIDDEN, bugs@HIDDEN:
bug#40397; Package emacs,gnus. Full text available.

Message received at 40397 <at> debbugs.gnu.org:


Received: (at 40397) by debbugs.gnu.org; 6 Apr 2020 16:32:42 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Apr 06 12:32:42 2020
Received: from localhost ([127.0.0.1]:49135 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jLUfx-0007pq-QN
	for submit <at> debbugs.gnu.org; Mon, 06 Apr 2020 12:32:42 -0400
Received: from mail-qk1-f174.google.com ([209.85.222.174]:34420)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <npostavs@HIDDEN>) id 1jLUfu-0007pK-Ke
 for 40397 <at> debbugs.gnu.org; Mon, 06 Apr 2020 12:32:39 -0400
Received: by mail-qk1-f174.google.com with SMTP id i186so7870078qke.1
 for <40397 <at> debbugs.gnu.org>; Mon, 06 Apr 2020 09:32:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:references:date:in-reply-to:message-id
 :user-agent:mime-version;
 bh=vc6aPsFIcTf0jrI2JPtzGTIZalkFlSX8B8KtB3qEmrw=;
 b=tinejAI/SDOLMEFjlsgSqqiIzNABZSo6ywiskfeLc6t317TU5LGnI7F3kaV8NGfNSg
 8VuQJcff9/5/YHPXRiQXTIIZ2IbTbJ65mnecr4vpmx9dqhK5EKI5Tbsfpq/2bNih/2OP
 egUETqUCxy4/gnPKEhgA37P97YT6E/q134l7mBQAW5k6TDOnbsbIGWlHl+psq2foAYzj
 3KN6tJAKW5W6hcTfjqmf7256P3pBW9O5yENgnRJig44Irsec580y6kLlewCgGfvDaZj4
 yrv+RfwRrnA/jCqr3DlhuBCymHRbnrsqCFZ8Iki7+9LO3fX4zTHTuZwh6xBRUPGefGUY
 MvIw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to
 :message-id:user-agent:mime-version;
 bh=vc6aPsFIcTf0jrI2JPtzGTIZalkFlSX8B8KtB3qEmrw=;
 b=VEh+4HJlqxSOXJidHj0BqnPppJUM+uToGMxqa5WOtYdXnvl/hgfsxGQp6k0hThFpUr
 DQq9X/4G2OtaS5+SgZ4DZ+wsaWIezjFZb1312K4hmPtQI/gKSw4UbRUdFYD1RIrmF1S8
 4H6Y/YXHh6DZWNOh7tzdDoVUTvdVTIP54vbfCLFexYTisNhDhqKWlEqfCg6eHedWezSz
 cie6qGbY1jtbxH633jHySKm40AVx8SVgEGAA45nbhu3xWC1i3qVCeCA3WAEyCE2DE6PB
 s7jderQd88FpaN4GMSnoo0XphIohx3B8ExAtAbNGzJpU4r6p4YIziXF56+gd6+E+vHiS
 wICQ==
X-Gm-Message-State: AGi0PuYhmDH/X60kU1mUN9XPTDu7/BuCt/B8IWkal6jFzEs/QenURU+l
 9IfYkJmqhK4IYPde703jnBPOCmzmWdc=
X-Google-Smtp-Source: APiQypLspWGuOUH2NQswMngmiiJhlVPTr5VkIaHszaCQ+Vo5Ub+kryIgq9Nu3cuZud3mivQMtmZ53g==
X-Received: by 2002:a05:620a:668:: with SMTP id
 a8mr11880860qkh.307.1586190752420; 
 Mon, 06 Apr 2020 09:32:32 -0700 (PDT)
Received: from vhost2
 (CPE001143542e1f-CMf81d0f809fa0.cpe.net.cable.rogers.com. [99.230.38.42])
 by smtp.gmail.com with ESMTPSA id z40sm4824929qtj.45.2020.04.06.09.32.31
 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
 Mon, 06 Apr 2020 09:32:31 -0700 (PDT)
From: Noam Postavsky <npostavs@HIDDEN>
To: Sebastian Fieber <sebastian.fieber@HIDDEN>
Subject: Re: bug#40397: 28.0.50;
 epg decrypt does not verify signed content in smime
References: <87imih5am2.fsf@HIDDEN> <87r1x4dujl.fsf@HIDDEN>
 <87lfna22eh.fsf@HIDDEN> <874ktxtr6d.fsf@HIDDEN> <87d08lh0qa.fsf@HIDDEN>
 <87wo6tayhy.fsf@HIDDEN>
Date: Mon, 06 Apr 2020 12:32:29 -0400
In-Reply-To: <87wo6tayhy.fsf@HIDDEN> (Sebastian Fieber's message of "Mon, 06
 Apr 2020 09:01:45 +0200")
Message-ID: <85r1x0mv6q.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (windows-nt)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 40397
Cc: 40397 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Sebastian Fieber <sebastian.fieber@HIDDEN> writes:

> On So, Apr 05 2020, Noam Postavsky <npostavs@HIDDEN> wrote:
>
>> Sebastian Fieber <sebastian.fieber@HIDDEN> writes:
>>
>>> -  (while (search-forward "\r\n" nil t)
>>> +  (while (search-forward-regexp "\r\n|\^M\n" nil t)
>>
>> This can't be right, it would search for a literal "|" on an otherwise
>> empty line.  And if you put "\\|" which is what I think you meant, then
>> both alternatives would be the same, so it still doesn't make sense.
>
> Yes, and there is another problem with this. Should have tested this mit
> emacs -Q. Let me fix that and prepare a new patch.

This hunk looks a bit suspicious to me as well, I don't think you can
apply operators like "?" to anchors.

@@ -759,7 +782,7 @@ MIME-Version header before proceeding."
         (mb enable-multibyte-characters)
         beg)
     (goto-char (point-min))
-    (search-forward-regexp "^\n" nil 'move) ;; There might be no body.
+    (search-forward-regexp "^?\n" nil 'move) ;; There might be no body.
     (setq beg (point))
     (with-current-buffer
           (generate-new-buffer " *mm*")

> Since you have looked over the patch: What do you think about the
> approach to internally structure application/pkcs7-mime parts like
> multipart parts containing the mime type with text properties until the
> decrypted, maybe verified singlepart in the car of the handle?

Sorry, I'm not familiar enough with how this code is currently
structured to say anything intelligent about that.




Information forwarded to bug-gnu-emacs@HIDDEN, bugs@HIDDEN:
bug#40397; Package emacs,gnus. Full text available.

Message received at 40397 <at> debbugs.gnu.org:


Received: (at 40397) by debbugs.gnu.org; 6 Apr 2020 07:01:56 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Apr 06 03:01:56 2020
Received: from localhost ([127.0.0.1]:47088 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jLLlc-0006OR-Gr
	for submit <at> debbugs.gnu.org; Mon, 06 Apr 2020 03:01:56 -0400
Received: from mout.web.de ([212.227.17.11]:38651)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <sebastian.fieber@HIDDEN>) id 1jLLla-0006Ns-Bh
 for 40397 <at> debbugs.gnu.org; Mon, 06 Apr 2020 03:01:55 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=web.de;
 s=dbaedf251592; t=1586156507;
 bh=NPRFjhZGocO2lGUrbrZvWylpmnU/1ihYDltpk+jBPP8=;
 h=X-UI-Sender-Class:From:To:Cc:Subject:References:Date:In-Reply-To;
 b=bcaA32bE28zeU04dkPjG7vYOpJ6WkGUAIqL6VOwu/G+xsoG24DD4YlV5wPZtGobLo
 UJhjmUL/J106HrSr09cHNU8A8URel0M9dhIRTNx8M8pubuGXZN6bFSUQdrYQ7i1nPt
 HcOA9dKEQsSgE4sw5ByAYfEZsZdWhpmFabH+2U2c=
X-UI-Sender-Class: c548c8c5-30a9-4db5-a2e7-cb6cb037b8f9
Received: from comedian ([93.202.167.161]) by smtp.web.de (mrweb101
 [213.165.67.124]) with ESMTPSA (Nemesis) id 0MQvsg-1jk4gv1KwQ-00ULYJ; Mon, 06
 Apr 2020 09:01:47 +0200
From: Sebastian Fieber <sebastian.fieber@HIDDEN>
To: Noam Postavsky <npostavs@HIDDEN>
Subject: Re: bug#40397: 28.0.50; epg decrypt does not verify signed content
 in smime
References: <87imih5am2.fsf@HIDDEN> <87r1x4dujl.fsf@HIDDEN>
 <87lfna22eh.fsf@HIDDEN> <874ktxtr6d.fsf@HIDDEN>
 <87d08lh0qa.fsf@HIDDEN>
Date: Mon, 06 Apr 2020 09:01:45 +0200
In-Reply-To: <87d08lh0qa.fsf@HIDDEN> (Noam Postavsky's message of "Sun, 05
 Apr 2020 21:17:01 -0400")
Message-ID: <87wo6tayhy.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.0.50 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Provags-ID: V03:K1:3rUMwJnPokteLbiz3GjKsblcBMBCKfg3/gSzlw7CrbOy3r1Akkr
 UHh+jihu8725UPzZTJKCZQHV5VG+TfrJcWf8shiyZy+neS+KIW2MYEaNIwXtkwv1sHA0Hsz
 HdaBUhX7ybFQTABL3FSG9kBKbQztQetxUV0cfsH8NMCzRP3FGCCZ4Zr189odHpPvwQCOfId
 2Qqqxnc0ASYNgQHrDpDAg==
X-Spam-Flag: NO
X-UI-Out-Filterresults: notjunk:1;V03:K0:LpYynqDoJVk=:t/ATLJnA23DGoY87DFT/tK
 6wB8yyfrTirqpcWUtmxgtvtJbduu8qvf6WWWXEjj0fIhPd6SNHkfcFMUXKUYqp7GARbc5xjri
 kgqApvLHw238QwS2AAhL73IinZ5/mV1RbsKiS7RjBj4Y9u5L6QLSVXMOU2SMfFrOg9aBAlXYX
 ls3gcOM3wLBrULELDhwgDuHSCL4P7OHcMADJ2/qzSAHmb04EMZH/kR+x5wNAfZirziBCuvqxG
 2JC2PIlNuUipjQ394iE9PHkH8UIzaqJbRR9hy24BjzvQqb/9F/4WwawrOLvULE9LAAg8sDvdV
 Az2a1uOt6to6/U/dPH0n8z0OJWr0nhcxqMmsEsFFUMSueU4Z4L6c7g6U7OqCW0MVNlPQlMe8I
 RmFXtYDXLBUKkbNuPw0U2w2+6O/7HrKm5AyAwUPaTUNUXrA6VisHhesAYS48JrQY+8w0+PL9b
 5tG4SSmhpoAtrCMzhHPmOJQsBSfe7SvdzqP3Hn0NOjxOqtNQx+vtfaardom5dTpuh2Fhk7yM1
 jotk6fdfwkd1urcyeo5+CIDCrM2r14btGRCdFCvLiIob72xcczEUhcvgbbr+F0xniee7gVHj5
 bLBca0aJ8cXT5eZFpa+YieifM+Mq7iajarCQxCaCrDFRy+qjYvpyOWq4zc4ttHwUuNkywProd
 9d1PK32kjUCorfjq/U3ftHeC63ZM9PoLUPfGLgebP9kumfUgLIzq1p4CallIuEwxcOxxT6X0P
 F7kiDgcOUKNHudQuJAU4rP4OSQfpXrN8Xe2UlQHdmmoyXcoYZTB6bTLqFF0VtHsTADF6wS+5i
 /KeR/bZo0Ne1qI3Xd5CROhyY9sS+iWw+9TSudiEiVImXwNZCsmD4o/mOB/vx5DemrCGsklhgy
 8JUDtXp1Z3KDiMI0+1XlZd8GpbU9TlPjdL+l6gbTLRLQzNiWKqK1D4a+pS3Le7CR304EHManS
 IGMm5ucOtTK9HvMOHxsfiOZYYLz9UwikcPh1MUHF/4QrQij74huH+8DRdAaNypKdv3CYtvTdX
 KVFFVFAz0zwblXY8fouHdKD6FA7ffBG/8ePNXbhQAtENPEByYqeTzqTFTs6PMnH196RQrzmSR
 9ck72I+X/ip4a8R4XjeeSrnkupG0dVzbfeZXQGqD32is9bIusjmuDsDTkCCGtfiNB872uhtJ+
 rV9/HSVE4px+pqumfr/7ubHThKjEDaPzchq6skSPupv5KCJazwNMXVgel5V8s15VyzH4ahzrb
 /mj+0HpfXk8NGODyA
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 40397
Cc: 40397 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)


On So, Apr 05 2020, Noam Postavsky <npostavs@HIDDEN> wrote:

> Sebastian Fieber <sebastian.fieber@HIDDEN> writes:
>
>> -  (while (search-forward "\r\n" nil t)
>> +  (while (search-forward-regexp "\r\n|\^M\n" nil t)
>
> This can't be right, it would search for a literal "|" on an otherwise
> empty line.  And if you put "\\|" which is what I think you meant, then
> both alternatives would be the same, so it still doesn't make sense.

Yes, and there is another problem with this. Should have tested this mit
emacs -Q. Let me fix that and prepare a new patch.

Since you have looked over the patch: What do you think about the
approach to internally structure application/pkcs7-mime parts like
multipart parts containing the mime type with text properties until the
decrypted, maybe verified singlepart in the car of the handle?




Information forwarded to bug-gnu-emacs@HIDDEN, bugs@HIDDEN:
bug#40397; Package emacs,gnus. Full text available.

Message received at 40397 <at> debbugs.gnu.org:


Received: (at 40397) by debbugs.gnu.org; 6 Apr 2020 01:17:13 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Apr 05 21:17:13 2020
Received: from localhost ([127.0.0.1]:46944 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jLGO0-0001yY-PT
	for submit <at> debbugs.gnu.org; Sun, 05 Apr 2020 21:17:13 -0400
Received: from mail-qt1-f169.google.com ([209.85.160.169]:37712)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <npostavs@HIDDEN>) id 1jLGNx-0001y0-Im
 for 40397 <at> debbugs.gnu.org; Sun, 05 Apr 2020 21:17:11 -0400
Received: by mail-qt1-f169.google.com with SMTP id n17so1547409qtv.4
 for <40397 <at> debbugs.gnu.org>; Sun, 05 Apr 2020 18:17:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:references:date:in-reply-to:message-id
 :user-agent:mime-version;
 bh=axICZTAdKzRxcwlN1iJyBaxt06jeh5WZJYbdYNpCrKw=;
 b=EAXyfC31ZizODjmGT4pAd2NK2jX2a8mSSsITGYsrORDy9Bul9UF5aZ0e87/UYlffn/
 e2pSy3QVEcdBOwb66SbnafI24KTfuBM02lZS3otuE5HbqgvqnWakag8q2iP9+bPHGXeM
 QwYcD+qRpivs+2U+QpRqsC5rXnQ+aUgYmupVsPasPiPyrZuTuNS8UfFYPGalfsIKiq7C
 B9lE4xgSjTZCF/SmZkRRGPfcnAbqqNK1TfMJ4rUKaFnJ7/Rt+Xy7fjPW3yiBxbfel719
 qY4MltnwwkIy7ObhL5oRVbV7EehP9bz1cFs1j2L1pGHSQVhF67kDpTTXG2ttvKCZw7Qp
 krEQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to
 :message-id:user-agent:mime-version;
 bh=axICZTAdKzRxcwlN1iJyBaxt06jeh5WZJYbdYNpCrKw=;
 b=qEK2zqWvo76sovDsKRy1Q33oNEoQwYLELbqWMgOLQpPsKXRpSkAeyRcJyGfJmkkGJx
 j61rGbl2MkhvalaYqsTib24CwopC8c8Iytt1aoRKJLLyHhVL6p0vvSQDdXx+v2p8f4jx
 JkXkXvwY1J1xzF4mNMQyk1d3WSJznYL5TFKUbUPaRKdt+4bl60dNl0juhwe9WgGdce9n
 lg29qO3fMm8mnwkwmX8xOSF6w5sMxFowq6mFQvAtSQrV0jiyKMkZpVhlyqklhwnoGrV+
 Y0HZAtRUktr4CEi93B9TIlUqfXV9m0m6gfsRynguEZR45hpVpngcHAt1e/3QXLbITzf3
 surQ==
X-Gm-Message-State: AGi0PuYtmCNZLsQOVfxA0Bi7RZINkU0pIQGaRru5vTX50mhrgu8NYyrA
 r+2fiwHpziHsLx3FOucJjBwqL3sZ
X-Google-Smtp-Source: APiQypJbEOmcRIX0ueoTpmijQlQtbUf20I5owhvLEyGTeqTiBtaP8nTAJoLz1oQuI0PONFLFZXDEgQ==
X-Received: by 2002:ac8:fcf:: with SMTP id f15mr18557097qtk.233.1586135823759; 
 Sun, 05 Apr 2020 18:17:03 -0700 (PDT)
Received: from minid (cbl-45-2-119-47.yyz.frontiernetworks.ca. [45.2.119.47])
 by smtp.gmail.com with ESMTPSA id
 q13sm3961676qki.136.2020.04.05.18.17.02
 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
 Sun, 05 Apr 2020 18:17:02 -0700 (PDT)
From: Noam Postavsky <npostavs@HIDDEN>
To: Sebastian Fieber <sebastian.fieber@HIDDEN>
Subject: Re: bug#40397: 28.0.50; epg decrypt does not verify signed content
 in smime
References: <87imih5am2.fsf@HIDDEN> <87r1x4dujl.fsf@HIDDEN>
 <87lfna22eh.fsf@HIDDEN> <874ktxtr6d.fsf@HIDDEN>
Date: Sun, 05 Apr 2020 21:17:01 -0400
In-Reply-To: <874ktxtr6d.fsf@HIDDEN> (Sebastian Fieber's message of "Mon, 06
 Apr 2020 02:04:58 +0200")
Message-ID: <87d08lh0qa.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.90 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 40397
Cc: 40397 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Sebastian Fieber <sebastian.fieber@HIDDEN> writes:

> -  (while (search-forward "\r\n" nil t)
> +  (while (search-forward-regexp "\r\n|\^M\n" nil t)

This can't be right, it would search for a literal "|" on an otherwise
empty line.  And if you put "\\|" which is what I think you meant, then
both alternatives would be the same, so it still doesn't make sense.




Information forwarded to bug-gnu-emacs@HIDDEN, bugs@HIDDEN:
bug#40397; Package emacs,gnus. Full text available.

Message received at 40397 <at> debbugs.gnu.org:


Received: (at 40397) by debbugs.gnu.org; 6 Apr 2020 00:05:10 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Apr 05 20:05:10 2020
Received: from localhost ([127.0.0.1]:46911 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jLFGH-0006SY-WF
	for submit <at> debbugs.gnu.org; Sun, 05 Apr 2020 20:05:10 -0400
Received: from mout.web.de ([212.227.15.3]:50995)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <sebastian.fieber@HIDDEN>) id 1jLFGE-0006Rc-6z
 for 40397 <at> debbugs.gnu.org; Sun, 05 Apr 2020 20:05:07 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=web.de;
 s=dbaedf251592; t=1586131500;
 bh=Pwq65vujkK3dLEd6Dcu2bxsO/NZ+4Q3gA2z4p9hQT2I=;
 h=X-UI-Sender-Class:From:To:Subject:References:Date:In-Reply-To;
 b=eELMsddVZt8Hc7rw4W8K6BQcFKMQTiIa0ZpuPfQdTS3x1bYP2S+8RiBp4U0gwMRxS
 rzdpd/uqDLOJjmFhfFMkCzxHOpJESIkI+k/mfErt4e5/4lRlGwPHe/NyH/7cI0c60E
 uSSK40NsBMSgtD43My5fvlKAagklWFpaSuCTNWLo=
X-UI-Sender-Class: c548c8c5-30a9-4db5-a2e7-cb6cb037b8f9
Received: from comedian ([93.202.163.134]) by smtp.web.de (mrweb004
 [213.165.67.108]) with ESMTPSA (Nemesis) id 0LZkTs-1itraJ3JlM-00lYow for
 <40397 <at> debbugs.gnu.org>; Mon, 06 Apr 2020 02:04:59 +0200
From: Sebastian Fieber <sebastian.fieber@HIDDEN>
To: 40397 <at> debbugs.gnu.org
Subject: bug#40397: 28.0.50; epg decrypt does not verify signed content in
 smime
References: <87imih5am2.fsf@HIDDEN> <87r1x4dujl.fsf@HIDDEN>
 <87lfna22eh.fsf@HIDDEN>
Date: Mon, 06 Apr 2020 02:04:58 +0200
In-Reply-To: <87lfna22eh.fsf@HIDDEN> (Sebastian Fieber's message of "Sun, 05
 Apr 2020 02:37:42 +0200")
Message-ID: <874ktxtr6d.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.0.50 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
X-Provags-ID: V03:K1:bi0vJKYnNYvH2BLAtF1sKsUvaPF5CYlmm2lFN+EkMA7C5jzLxwX
 vBuBpr7H8cVEHwtXbZTN6VTynbDpR9OFmJaqQ9zBAm9nynBjPIZ49TU9ZkKQqMDWEArn4Yd
 GbyiBp2VV2JsbG7dAi6nl7uvfIEipxbRVhwPHWkR2hPeF0l2mOSXNleOTSYewG8VL8XOzRV
 duVetDtcFQMhBcDDlF+zA==
X-Spam-Flag: NO
X-UI-Out-Filterresults: notjunk:1;V03:K0:8WjlaBr1JT0=:m95iiRoZ3ZV06Ry8eAKybO
 yYnXj3llcR+oZMzEHcMHNDPTawS3nXJuFA/BPXOrzw33i0HkeA7DrhiAec/Xyamc6JZL7Ispn
 0Ph5Ur+tbQ/19pglgeIehXDmh/z+Qiea7XK0dmivgHO2lQF9qFAIaEco7kJ1/gfOh+4djJnSO
 bf0W9HOzh3yBquitNSDWN6COHinwpSqAg+AbXzvwjaQ5vDOxjqOxqCm+PItfbOis/mWaIrVEi
 ZD2voPGIDtnf8qvE5ubmmDrlXrzhCWulVuETSTQDRwSJ/6XLzlKLVPOAIyAl6Y5fs7WegyUZc
 RMbmIUFSFZoUbh0Vz2hETXWf+WsRAcrBarP/AVhSE/sXTh/rw4EwIjI1ayO8MDhA+C2+gPGDL
 I4hyI+xmNXDx8uQqf4EUDC5KiFTk3yxQDCh5hoGChwv+O0xR9PzzjYMaGbDpfV9uwZ2hWXPve
 i4+AzPLhclLQQtB510vMVIzCoZnPO3sa/hW0ltoPAzViqbacMhoZu7ybBg22tkCOtC0r4Yb6q
 KCNhJpaprHBx78IoldGKoVLAZSLSOnuVG9I9PByL3tLdsVdnPDToXoSHkC4wJqcSNdGrcI7Te
 qP5pNYJKnlbq1Xa6TMY/UK2j+PhR6LoUVuchKnL8K5RmshAAv3Qfhc0k9rbSHIcvEw6OL+sNx
 IumDwwh13DHpPxSQOjBRS4+MwIXDGVTNXyenv68M9fmAPPKjb5HH/qjNW5Ny8I6KSk/VGaV4w
 H62Vry3x0y6g2G+0chB9nopM64yySs7tphVFYZGpyLWbcCO0ih3sClg/6Ep94yh7XTkiKez+D
 sM3ujX8k4FQYHHs1Gcq8d5b/vDddcr+y0tBUCM9LsA3kwgwiYAz3G6WzSgs04RurRM3bZuCNG
 s7klgz4U6iCr/wXjgx9i5TSDs3t+e/6bbQkNH7F8/HMh6pcl/Go1FxyRNyn8FWGH4Tz/JyiBn
 aq5yheIC2712jnXyZXDqkhuA6YvqbFks8wnIp5MD9uBEF81wEG2ZE8X8zBTVo6nvTvspYZWZs
 /f9tlFpKpXgz+Bh73CBmDd/ypHSailDmoZuZXOFh4NLguh7i9sw5zSludgmK54Ap62EB8MO6e
 qQqDf/JrlKLcfAumQzJB8a6OilOCnDrdd+4X+ThuO0kMc109D8xCazlssuYWh38rWIk2z5M8S
 bZ6BQHWDlAhiN5fW6j5M35wE0f+s9k6EakVsXvNjPRdK5KzI8/1y/FBVPRkbaGNA2jqlGHWwD
 BTNT+JmiqWxLVJd0o
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 40397
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)

--=-=-=
Content-Type: text/plain


On So, Apr 05 2020, Sebastian Fieber <sebastian.fieber@HIDDEN> wrote:

> I just had some time to look into this even further and I noticed that
> the mm-sec buttons for signatures/encryption are not displayed for the
> whole application/pkcs7-mime stuff, too.  I am working on a patch to fix
> this.
>
> I think most of the code would look like the one in mml-smime.el (the
> calls to mm-sec-* and getting error/success messages from epg).  The
> hard part is to get the mm-security-handle or better the information
> added about the pkcs7-mime signature by the mm-sec-* calls to some
> function that will add these (which is gnus-mime-display-security ?).
> The problem here is that the part is lost when the signature is verified
> as the actual signed content parts will have replace it.
>
> Best regards
> Sebastian

Hey,

here is the resulting more thorough patch replacing the one before.

It's not finished completely as error handling and reporting via
mm-sec-error is still missing in mm-view-pkcs7-[decrypt/verify].

But displaying verification and encryption information via
gnus-mime-display-security does work (at least in the good case).

See the patch for more information.

I'd welcome any comments :)


--=-=-=
Content-Type: text/x-patch
Content-Disposition: attachment; filename=0001-fix-bug-40397.patch
Content-Transfer-Encoding: quoted-printable

=46rom 2d623b52c7810a293ad8309018ebc4973f1ff2e3 Mon Sep 17 00:00:00 2001
From: fallchildren <sebastian.fieber@HIDDEN>
Date: Sat, 4 Apr 2020 01:16:12 +0200
Subject: [PATCH] fix bug #40397

This fixes S/MIME encrypted AND signed mails where in the encrypted
pkcs7 envelope is a signed pkcs7 structure.

- don't force Content-type header to text/plain in front of decrypted
  content for smime decryption using mm-view-pkcs7

- structure the result of mm-dissect-buffer of application/pkcs7-mime
  like a multipart mail so there is no loosing of information of
  verification and decryption results which can now be displayed by
  gnus-mime-display-security

- adjust gnus-mime-display-part to handle application/pkcs7-mime like
  multipart/encrypted or multipart/signed

- add dummy entries to mm-verify-function-alist and
  mm-decrypt-function-alist so gnus-mime-display-security correctly
  displays "S/MIME" and not "unknown protocol"

- adjust mm-possibly-verify-or-decrypt to check for smime-type to ask
  wether to verfiy or decrypt part and not to ask to decrypt either
  way

- adjust mm-view-pkcs7-decrypt and verify to call mm-sec-status so
  success information can be displayed by gnus-mime-display-security

- in mm-view-pkcs7-decrypt also replace "^M\n" with newline and not only
  "\r\n" - I have no idea why this is needed

TODO: mm-view-pkcs7-decrypt and verify error handling and
reporting. ATM there is only the good case implemented - at least for
reporting with gnus-mime-display-security.
=2D--
 lisp/gnus/gnus-art.el  | 28 ++++++++++++++++
 lisp/gnus/mm-decode.el | 74 +++++++++++++++++++++++++++++-------------
 lisp/gnus/mm-view.el   | 32 +++++++++++++++---
 3 files changed, 108 insertions(+), 26 deletions(-)

diff --git a/lisp/gnus/gnus-art.el b/lisp/gnus/gnus-art.el
index 6b9610d312..4ab629eda0 100644
=2D-- a/lisp/gnus/gnus-art.el
+++ b/lisp/gnus/gnus-art.el
@@ -5986,6 +5986,34 @@ If nil, don't show those extra buttons."
    ((equal (car handle) "multipart/encrypted")
     (gnus-add-wash-type 'encrypted)
     (gnus-mime-display-security handle))
+   ;; pkcs7-mime handling:
+   ;;
+   ;; although not really multipart these are structured internally by
+   ;; mm-dissect-buffer like multipart to not discard the decryption
+   ;; and verification results
+   ;;
+   ;; application/pkcs7-mime
+   ((and (equal (car handle) "application/pkcs7-mime")
+         (equal (mm-handle-multipart-ctl-parameter handle 'protocol)
+                "application/pkcs7-mime_signed-data"))
+    (gnus-add-wash-type 'signed)
+    (gnus-mime-display-security handle))
+   ((and (equal (car handle) "application/pkcs7-mime")
+         (equal (mm-handle-multipart-ctl-parameter handle 'protocol)
+                "application/pkcs7-mime_enveloped-data"))
+    (gnus-add-wash-type 'encrypted)
+    (gnus-mime-display-security handle))
+   ;; application/x-pkcs7-mime
+   ((and (equal (car handle) "application/x-pkcs7-mime")
+         (equal (mm-handle-multipart-ctl-parameter handle 'protocol)
+                "application/x-pkcs7-mime_signed-data"))
+    (gnus-add-wash-type 'signed)
+    (gnus-mime-display-security handle))
+   ((and (equal (car handle) "application/x-pkcs7-mime")
+         (equal (mm-handle-multipart-ctl-parameter handle 'protocol)
+                "application/x-pkcs7-mime_enveloped-data"))
+    (gnus-add-wash-type 'encrypted)
+    (gnus-mime-display-security handle))
    ;; Other multiparts are handled like multipart/mixed.
    (t
     (gnus-mime-display-mixed (cdr handle)))))
diff --git a/lisp/gnus/mm-decode.el b/lisp/gnus/mm-decode.el
index 96695aabfd..5af2e50f66 100644
=2D-- a/lisp/gnus/mm-decode.el
+++ b/lisp/gnus/mm-decode.el
@@ -473,6 +473,7 @@ The file will be saved in the directory `mm-tmp-direct=
ory'.")
 (autoload 'mml2015-verify-test "mml2015")
 (autoload 'mml-smime-verify "mml-smime")
 (autoload 'mml-smime-verify-test "mml-smime")
+(autoload 'mm-view-pkcs7-verify "mm-view")

 (defvar mm-verify-function-alist
   '(("application/pgp-signature" mml2015-verify "PGP" mml2015-verify-test=
)
@@ -481,7 +482,15 @@ The file will be saved in the directory `mm-tmp-direc=
tory'.")
     ("application/pkcs7-signature" mml-smime-verify "S/MIME"
      mml-smime-verify-test)
     ("application/x-pkcs7-signature" mml-smime-verify "S/MIME"
-     mml-smime-verify-test)))
+     mml-smime-verify-test)
+    ("application/x-pkcs7-signature" mml-smime-verify "S/MIME"
+     mml-smime-verify-test)
+    ;; these are only used for security-buttons and contain the
+    ;; smime-type after the underscore
+    ("application/pkcs7-mime_signed-data" mm-view-pkcs7-verify "S/MIME"
+     nil)
+    ("application/x-pkcs7-mime_signed-data" mml-view-pkcs7-verify "S/MIME=
"
+     nil)))

 (defcustom mm-verify-option 'never
   "Option of verifying signed parts.
@@ -500,11 +509,16 @@ result of the verification."

 (autoload 'mml2015-decrypt "mml2015")
 (autoload 'mml2015-decrypt-test "mml2015")
+(autoload 'mm-view-pkcs7-decrypt "mm-view")

 (defvar mm-decrypt-function-alist
   '(("application/pgp-encrypted" mml2015-decrypt "PGP" mml2015-decrypt-te=
st)
     ("application/x-gnus-pgp-encrypted" mm-uu-pgp-encrypted-extract-1 "PG=
P"
-     mm-uu-pgp-encrypted-test)))
+     mm-uu-pgp-encrypted-test)
+    ;; these are only used for security-buttons and contain the
+    ;; smime-type after the underscore
+    ("application/pkcs7-mime_enveloped-data" mm-view-pkcs7-decrypt "S/MIM=
E" nil)
+    ("application/x-pkcs7-mime_enveloped-data" mm-view-pkcs7-decrypt "S/M=
IME" nil)))

 (defcustom mm-decrypt-option nil
   "Option of decrypting encrypted parts.
@@ -682,14 +696,23 @@ MIME-Version header before proceeding."
 				  (car ctl))
 	     (cons (car ctl) (mm-dissect-multipart ctl from))))
 	  (t
-	   (mm-possibly-verify-or-decrypt
-	    (mm-dissect-singlepart
-	     ctl
-	     (and cte (intern (downcase (mail-header-strip-cte cte))))
-	     no-strict-mime
-	     (and cd (mail-header-parse-content-disposition cd))
-	     description id)
-	    ctl from))))
+	   (let* ((intermediate-result
+                   (mm-possibly-verify-or-decrypt
+                    (mm-dissect-singlepart
+	             ctl
+	             (and cte (intern (downcase (mail-header-strip-cte cte))))
+	             no-strict-mime
+	             (and cd (mail-header-parse-content-disposition cd))
+	             description id)
+                    ctl from)))
+             (when (and (equal type "application")
+                        (or (equal subtype "pkcs7-mime")
+                            (equal subtype "x-pkcs7-mime")))
+               ;; if this is a pkcs7-mime lets treat this special and
+               ;; more like multipart so the pkcs7-mime part does not
+               ;; get ignored
+               (setq intermediate-result (list (car ctl) intermediate-res=
ult)))
+             intermediate-result))))
 	(when id
 	  (when (string-match " *<\\(.*\\)> *" id)
 	    (setq id (match-string 1 id)))
@@ -759,7 +782,7 @@ MIME-Version header before proceeding."
         (mb enable-multibyte-characters)
         beg)
     (goto-char (point-min))
-    (search-forward-regexp "^\n" nil 'move) ;; There might be no body.
+    (search-forward-regexp "^?\n" nil 'move) ;; There might be no body.
     (setq beg (point))
     (with-current-buffer
           (generate-new-buffer " *mm*")
@@ -1672,17 +1695,24 @@ If RECURSIVE, search recursively."
     (cond
      ((or (equal type "application/x-pkcs7-mime")
 	  (equal type "application/pkcs7-mime"))
-      (with-temp-buffer
-	(when (and (cond
-		    ((eq mm-decrypt-option 'never) nil)
-		    ((eq mm-decrypt-option 'always) t)
-		    ((eq mm-decrypt-option 'known) t)
-		    (t (y-or-n-p
-			(format "Decrypt (S/MIME) part? "))))
-		   (mm-view-pkcs7 parts from))
-	  (goto-char (point-min))
-	  (insert "Content-type: text/plain\n\n")
-	  (setq parts (mm-dissect-buffer t)))))
+      (let* ((smime-type (cdr (assoc 'smime-type ctl)))
+             (envelope-p (string=3D smime-type "enveloped-data"))
+             (decrypt-or-sign-option (if envelope-p
+                                         mm-decrypt-option
+                                       mm-sign-option))
+             (question (if envelope-p
+                           "Decrypt (S/MIME) part? "
+                         "Verify signed (S/MIME) part? ")))
+        (with-temp-buffer
+	  (when (and (cond
+		      ((eq decrypt-or-sign-option 'never) nil)
+		      ((eq decrypt-or-sign-option 'always) t)
+		      ((eq decrypt-or-sign-option 'known) t)
+		      (t (y-or-n-p
+			  (format question))))
+		     (mm-view-pkcs7 parts from))
+	    (goto-char (point-min))
+	    (setq parts (mm-dissect-buffer t))))))
      ((equal subtype "signed")
       (unless (and (setq protocol
 			 (mm-handle-multipart-ctl-parameter ctl 'protocol))
diff --git a/lisp/gnus/mm-view.el b/lisp/gnus/mm-view.el
index 828ac633dc..4c7350b55a 100644
=2D-- a/lisp/gnus/mm-view.el
+++ b/lisp/gnus/mm-view.el
@@ -591,8 +591,20 @@ If MODE is not set, try to find mode automatically."
 	 (with-temp-buffer
 	   (insert-buffer-substring (mm-handle-buffer handle))
 	   (goto-char (point-min))
-	   (let ((part (base64-decode-string (buffer-string))))
-	     (epg-verify-string (epg-make-context 'CMS) part))))
+           (let* ((part (base64-decode-string (buffer-string)))
+                  (context (epg-make-context 'CMS))
+                  (plain (epg-verify-string context part)))
+             (mm-sec-status
+              'gnus-info
+              (epg-verify-result-to-string (epg-context-result-for contex=
t 'verify))
+              'gnus-details
+              nil
+              'protocol
+              ;; just mimik pkcs7-signature actually we are in pkcs7-mime
+              (concat (substring-no-properties (caadr handle))
+                      "_"
+                      (cdr (assoc 'smime-type (cadr handle)))))
+             plain)))
       (with-temp-buffer
 	(insert "MIME-Version: 1.0\n")
 	(mm-insert-headers "application/pkcs7-mime" "base64" "smime.p7m")
@@ -612,7 +624,19 @@ If MODE is not set, try to find mode automatically."
       ;; Use EPG/gpgsm
       (let ((part (base64-decode-string (buffer-string))))
 	(erase-buffer)
-	(insert (epg-decrypt-string (epg-make-context 'CMS) part)))
+	(insert
+         (let* ((context (epg-make-context 'CMS))
+                (plain (epg-decrypt-string context part)))
+           (mm-sec-status
+            'gnus-info
+            "OK"
+            'gnus-details
+            nil
+            'protocol
+            (concat (substring-no-properties (caadr handle))
+                    "_"
+                    (cdr (assoc 'smime-type (cadr handle)))))
+           plain)))
     ;; Use openssl
     (insert "MIME-Version: 1.0\n")
     (mm-insert-headers "application/pkcs7-mime" "base64" "smime.p7m")
@@ -626,7 +650,7 @@ If MODE is not set, try to find mode automatically."
 	 smime-keys nil nil nil (car-safe (car-safe smime-keys)))))
      from))
   (goto-char (point-min))
-  (while (search-forward "\r\n" nil t)
+  (while (search-forward-regexp "\r\n|=0D\n" nil t)
     (replace-match "\n"))
   (goto-char (point-min)))

=2D-
2.25.2


--=-=-=--




Information forwarded to bug-gnu-emacs@HIDDEN, bugs@HIDDEN:
bug#40397; Package emacs,gnus. Full text available.

Message received at 40397 <at> debbugs.gnu.org:


Received: (at 40397) by debbugs.gnu.org; 5 Apr 2020 00:37:51 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Apr 04 20:37:51 2020
Received: from localhost ([127.0.0.1]:44994 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jKtIN-0003Xe-3t
	for submit <at> debbugs.gnu.org; Sat, 04 Apr 2020 20:37:51 -0400
Received: from mout.web.de ([212.227.17.12]:60197)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <sebastian.fieber@HIDDEN>) id 1jKtIL-0003XC-KH
 for 40397 <at> debbugs.gnu.org; Sat, 04 Apr 2020 20:37:50 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=web.de;
 s=dbaedf251592; t=1586047063;
 bh=234XrRTNhixHwgu3+61FAo6WLtbbnPtFBiPExxQeMd8=;
 h=X-UI-Sender-Class:From:To:Subject:References:Date:In-Reply-To;
 b=Sk31qHCyjoFKgK1WXCajlB6/sAcfm/FZTvASXdDLHbxoiYwjPk9xwnOgEw/B1fsz4
 6zBst3eGrj1fK0yme+aTDtngKNRuM0KKecAmei08YisLtntQZVRpyJQbOdVdAfM4YD
 xpeZCjMQN0BPlO4uo7SrDaA43zMcATuCQrbSMjTA=
X-UI-Sender-Class: c548c8c5-30a9-4db5-a2e7-cb6cb037b8f9
Received: from comedian ([79.202.68.80]) by smtp.web.de (mrweb103
 [213.165.67.124]) with ESMTPSA (Nemesis) id 0LgHPM-1j07L10S9M-00niQe for
 <40397 <at> debbugs.gnu.org>; Sun, 05 Apr 2020 02:37:43 +0200
From: Sebastian Fieber <sebastian.fieber@HIDDEN>
To: 40397 <at> debbugs.gnu.org
Subject: bug#40397: 28.0.50; epg decrypt does not verify signed content in
 smime
References: <87imih5am2.fsf@HIDDEN> <87r1x4dujl.fsf@HIDDEN>
Date: Sun, 05 Apr 2020 02:37:42 +0200
In-Reply-To: <87r1x4dujl.fsf@HIDDEN> (Sebastian Fieber's message of "Sat, 04
 Apr 2020 01:22:06 +0200")
Message-ID: <87lfna22eh.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.0.50 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Provags-ID: V03:K1:A7o9SpDrSHY+IpI62jRwVarGsNE1LRxD6LtRwkx7dPl4IhDrVjg
 2MF0wb6j5HWuX5FCLBWIDFI4BT1pvg/CMxitVxpTVDJHsug6kZNqZj48OOlUOofSnjbQBgy
 wkhZyigGAToCTGbILzP56v2O/vRD7nccT8vAW0w5Xaikkn6KFf2kFy/NEx7KU2RmhIPAAs2
 KQ0iyth+LXWJH1UA328EQ==
X-Spam-Flag: NO
X-UI-Out-Filterresults: notjunk:1;V03:K0:1mPOxmclUdI=:IOTdfiHnHCeMLeJkICggsc
 5URjvA+PTtMSjSpJH7nAh5mOeCkDyBQT74rjZ9XgE6K1V/ZpQsnzU5dpPlc+Tr98zonGZkz4B
 UobQpyIXhMY4AyLGzT/pBDcCRAGHou8sF+ae41lq2sfYiBqod8Zv5bDeRTqVsIkS1khUQioF6
 7tdOM0Spxw5AWrupGLuJc2CccQrGdMlmC7ClVEa4/dgJ/5C6mQUuRvtUYzNV0p3wdAIB0hQrR
 JnM6n9w6cTZCFIqGf6JSpX0XARovN+5Hm0N+/jfIAbZ2WKlP0fu/BdBcpNUaM07qkBSvxjVFj
 6JO25NA1wjmNtUhFv7fF8RWAtegaCn9lSXKzOi+l/XdnZ5M1UjGvOWdW/m78vISvIk6SpND0z
 Npqp183BPMaUflrnBeNAuXiTtW9YH2j8+juFTS++2HOgIdsI57xKdCIjgLklRyNLp/o7Hq5r8
 2zZoFdD742ZiichedSHqohcBnCyOtzZ4NwCsBl1QJf++rvnyz80YoNjsPMiPW2CnvsO2osmTX
 o4pvS7qR19tKNXmpEctPeGGeZI/ejgCRLnHEjIgQCnNj6JlLuTpM0kDrpigB87k/sMTQz5IIe
 n4OhTojx6F2PnJubUYkC1wzYa7AtxlihSESB1ldC0resS8OnwPyPESXb+87ehUdLlK0u8I+tE
 FfeSyi0T7eVu1ytbKT2OGtvoJZE2i4dy0hjwiQ3Gmd7Nw5A7/HCNp/ZpY0+PoZBuROhnTxrRJ
 UBGjACNLXoa7B/Jk+2K3+uzXOWGkkuJ+OULT7Oa27lEhwSbs6gV4QjABrU8fhfgkDCMMmmMA7
 xPpqUfDmGRdYhl2g5IA3aA2GdS6jQnJb9OUZ0SOSwTlh7rTEIMIW8hEkTboK88ziFthgJiG5h
 UI8al/zLTij4/p4r4cCsVtC6tCJF4tbfCQlpeTZ0SNCIG41/YOjCWGtZ6HqIjnYUVGtaKqld3
 NeqqFIxuDxQsK0EKza4Q/ZBX/iJBPypkV2TFCP62lwbp3hdgBkM6fBmWy09TLrzwxEcxPRdNP
 /nWRDsGF+L8Uxiqag70flGUWlNcFv/dkTaoRKO1HyYvTFlEtFyXYQA5Ly4LXTIxOEQNrqmzz7
 FPPAPqZRICg5yWJyp0IZ6wM0lU88oQjx/QC8icl6CKBK4Ec/BonU8YCsDyM3T1OhJGqIgHO/3
 Iw0lezVdprzdOAyiWvRrOF7BvlLzb6DJoss3zsUFBLjBfJ3RbgYFzC1rSvj/u9huQpGNeur5d
 98AtIaIz2WIKdqMfM
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 40397
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)

On Sa, Apr 04 2020, Sebastian Fieber <sebastian.fieber@HIDDEN> wrote:

> In such a case the "Decrypt (S/MIME) part?" is asked too times. But hey
> that isn't too bad I think.

I just had some time to look into this even further and I noticed that
the mm-sec buttons for signatures/encryption are not displayed for the
whole application/pkcs7-mime stuff, too.  I am working on a patch to fix
this.

I think most of the code would look like the one in mml-smime.el (the
calls to mm-sec-* and getting error/success messages from epg).  The
hard part is to get the mm-security-handle or better the information
added about the pkcs7-mime signature by the mm-sec-* calls to some
function that will add these (which is gnus-mime-display-security ?).
The problem here is that the part is lost when the signature is verified
as the actual signed content parts will have replace it.

Best regards
Sebastian




Information forwarded to bug-gnu-emacs@HIDDEN, bugs@HIDDEN:
bug#40397; Package emacs,gnus. Full text available.

Message received at 40397 <at> debbugs.gnu.org:


Received: (at 40397) by debbugs.gnu.org; 4 Apr 2020 00:02:17 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Apr 03 20:02:17 2020
Received: from localhost ([127.0.0.1]:43345 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jKWGP-0003R0-12
	for submit <at> debbugs.gnu.org; Fri, 03 Apr 2020 20:02:17 -0400
Received: from mout.web.de ([212.227.15.3]:56307)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <sebastian.fieber@HIDDEN>) id 1jKVde-0000LB-Kd
 for 40397 <at> debbugs.gnu.org; Fri, 03 Apr 2020 19:22:15 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=web.de;
 s=dbaedf251592; t=1585956128;
 bh=yLQpmzSn1KXhFG4rMovR28nDuB/s49PKs2xJbdmi7SI=;
 h=X-UI-Sender-Class:From:To:Subject:References:Date:In-Reply-To;
 b=QsGDgUAdxbqdxnr50GSbmcpSyZFBE0Q+zX6m7HhawMeQVqzPqNp14ZsBt4cun3YHV
 kpLEoWeiy/2IdxEkNTAqQ/IZeDVVWq0C3DnR8+9WAx1cXVHl06h6DmT2i5Faituj06
 Amyxia5NXWyu7oEuEgRg8mlXRz0eGcOqo5L4lLio=
X-UI-Sender-Class: c548c8c5-30a9-4db5-a2e7-cb6cb037b8f9
Received: from comedian ([93.202.160.233]) by smtp.web.de (mrweb004
 [213.165.67.108]) with ESMTPSA (Nemesis) id 0MZzln-1jcJuJ0AwR-00Lk8T for
 <40397 <at> debbugs.gnu.org>; Sat, 04 Apr 2020 01:22:08 +0200
From: Sebastian Fieber <sebastian.fieber@HIDDEN>
To: 40397 <at> debbugs.gnu.org
Subject: bug#40397: 28.0.50; epg decrypt does not verify signed content in
 smime
References: <87imih5am2.fsf@HIDDEN>
Date: Sat, 04 Apr 2020 01:22:06 +0200
In-Reply-To: <87imih5am2.fsf@HIDDEN> (Sebastian Fieber's message of "Fri, 03
 Apr 2020 08:47:33 +0200")
Message-ID: <87r1x4dujl.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.0.50 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
X-Provags-ID: V03:K1:v1V8aHiL/N3wCfkHtoXMyd2VpFPpYTUQifxYoln69gcT3AQW74y
 +5yzq6H0/o4Q68QfekyKkHzPb9Vb8cxgmNzUSicVofAISO5iTbix8Im2Gko5C+FYqknz9Ii
 cY+hm9K3HJKO/wt5lxx5dJ+igsVbtWjmm3TURa/d4jNz6Pvgn3wD/3cOlmM2sWcsmFJWmDQ
 qjZ/GSkvwygivRJPPf8rQ==
X-Spam-Flag: NO
X-UI-Out-Filterresults: notjunk:1;V03:K0:E1M/tLn6xQg=:eTmrHv6ele2tzAuCxAdwnZ
 FLXCE8KMbBN79Ykbmc6b0Yra6YYpST7TXSJzQDSHBu0ftp39wNgMxABllyMVfHuojK7xpb/90
 SGSV4Z9g7IRIbBWPAu1KPRZulD5CGc18dNNv/W7HgBR9J7ajJP/heIo/PDa4LMMEKikK+Q/Ys
 RsOe1etDqdD0UoQoKgfB/dNbBLylySmuht9JWoX2vOmMcnKenWLeg+K3VqpC8+hJa3mDAGJEi
 e256XqG1+cwrjT5j+yz16Y5LGKPy31ttqGRlM1YbjxlT7gGtVn1ll5/rnfHLCHzL9i507l1+7
 YQrt/cCOILtnX4cX/P5o+FrVuyIv4JtrgOdANYr43ftoVQAvL6ZyWy+dG5sqeJokRDEjisMlZ
 iYPaIkTCS5vh1TnHo3DyNEfZg5MVx6q7lmbHE6/bT0kyfggRjHAvqiKrnV7Sry7KLYVMRV5wO
 H9YFnYDcjov6zihgDOFp19Fo445lf+5uWSJpBO8ps89OhHV9tkkVUdqqqMeCYEQJewEHOwUtc
 0MnvWbwTOKo5H6cp9ni5eqEiMwc+ZWjNu4AIwvcZhKrXL1mIRJI6WKQPkVd7ApFk8G+ePakfx
 kZc21hMMhs11/Q/3RBKJ0GFbf3xF3lmP9TLXVZp5u8vruRSM768ddEp3xRhIcW2V4Lt23fu34
 +59mZYlQxZv0785pTr0sVlZwRcHxBWJ/o5JThWvKVH2upTWmK9+7+CaS+DHSw2Hro3A6asAfD
 VOFcP6F6uPyS90PbuAAfxkoSb0yFakF8hgDZr51+/obeECXY67rTzPcX3PUzqaeGEuORkSrED
 aUVCWssgCpaz78O0tKb7tdAaXkRtxhBTdU+Xnr29AsuKNLhBPowcMr5vJL/AUu9aXtzrQ3fLf
 RkXPuVr13czOUmQfMZTSGHyXe0/S4sJGVAuGazNwVHBUVCHpuZEHknxYzwEvMj5Cd8Ng84c18
 J4q3F8qnmlXABQHM2Lsv0nnQRHW3GpVBb6b6jGTRDGh7RBk9KVcr8RA0b4umOmQebO0Cnz8p1
 0bRclFmn1fK8BhTUhS+Oaxp8a0+iKaocIZlDFHRPBheN5sSrNtKDw+osCNHWmtQiB4GG98V8/
 SlMc0ue0RRqveXFjc/BzK/sTUwmgMl+zaz5g0aZ5ecGzyKFSaucyq6hwjCqI2P3QRqqKJ/g+D
 zI1HwSM02GDv3Xpyk+s6muIlQ2qQSUFP/hoQ2Yf1SSl9slXi65hkGcbmftLr8E5DTHpAzj2pT
 Sgumf7dJ60L7b4cW3
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 40397
X-Mailman-Approved-At: Fri, 03 Apr 2020 20:02:15 -0400
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)

--=-=-=
Content-Type: text/plain

Hey,

Just forget my last mail. I just dug a bit deeper and found the culprit
I think.

With commit 84ef1ea8b524f8998fc8674b99cf8069e38dce4f these lines were
added:

--8<---------------cut here---------------start------------->8---
modified   lisp/gnus/mm-decode.el
@@ -1672,6 +1672,8 @@ If RECURSIVE, search recursively."
                    (t (y-or-n-p
                        (format "Decrypt (S/MIME) part? "))))
                   (mm-view-pkcs7 parts from))
+         (goto-char (point-min))
+         (insert "Content-type: text/plain\n\n")
          (setq parts (mm-dissect-buffer t)))))
      ((equal subtype "signed")
       (unless (and (setq protocol
@@ -1739,6 +1741,7 @@ If RECURSIVE, search recursively."
--8<---------------cut here---------------end--------------->8---

I don't quite know why the content-type is forced here to text/plain. So
if this line is removed the mm-dissect-buffer call does it's thing and
returns correctly whats inside the envelope (the real content-type
header in the decrypted envelope is parsed). Well almost...

I wrote in my last mail that I had to adjust mm-copy-to-buffer:

> and also mm-copy-to-buffer to check for carriage returns like this:
>
> (search-forward-regexp "^\r\n" nil 'move)
>
> (can't send the carriage return properly so \r it is here instead of ^M)

This is still needed as the decrypted content may still have carriage
returns in it. One could also remove the carriage returns in
mm-view-pkcs7-decrypt function of course. I'm not quite sure which is
the better approach.

In such a case the "Decrypt (S/MIME) part?" is asked too times. But hey
that isn't too bad I think.

I have attached a patch with the explained fix.

Best regards
Sebastian


--=-=-=
Content-Type: text/x-patch
Content-Disposition: attachment; filename=0001-fix-bug-40397.patch
Content-Transfer-Encoding: quoted-printable

=46rom ee7ff9a8a083860d39d011c7e4df30cb63490fb9 Mon Sep 17 00:00:00 2001
From: fallchildren <sebastian.fieber@HIDDEN>
Date: Sat, 4 Apr 2020 01:16:12 +0200
Subject: [PATCH] fix bug #40397

This fixes S/MIME encrypted AND signed mails where in the encrypted
pkcs7 envelope is a signed pkcs7 structure.

- don't insert Content-type header in front of decrypted content for
  smime decryption using mm-view-pkcs7
- also check for carriage return in mm-copy-to-buffer
=2D--
 lisp/gnus/mm-decode.el | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/lisp/gnus/mm-decode.el b/lisp/gnus/mm-decode.el
index 96695aabfd..d321fbeaaa 100644
=2D-- a/lisp/gnus/mm-decode.el
+++ b/lisp/gnus/mm-decode.el
@@ -759,7 +759,7 @@ MIME-Version header before proceeding."
         (mb enable-multibyte-characters)
         beg)
     (goto-char (point-min))
-    (search-forward-regexp "^\n" nil 'move) ;; There might be no body.
+    (search-forward-regexp "^=0D?\n" nil 'move) ;; There might be no body=
.
     (setq beg (point))
     (with-current-buffer
           (generate-new-buffer " *mm*")
@@ -1681,7 +1681,6 @@ If RECURSIVE, search recursively."
 			(format "Decrypt (S/MIME) part? "))))
 		   (mm-view-pkcs7 parts from))
 	  (goto-char (point-min))
-	  (insert "Content-type: text/plain\n\n")
 	  (setq parts (mm-dissect-buffer t)))))
      ((equal subtype "signed")
       (unless (and (setq protocol
=2D-
2.25.2


--=-=-=--




Information forwarded to bug-gnu-emacs@HIDDEN, bugs@HIDDEN:
bug#40397; Package emacs,gnus. Full text available.

Message received at 40397 <at> debbugs.gnu.org:


Received: (at 40397) by debbugs.gnu.org; 3 Apr 2020 07:28:58 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Apr 03 03:28:58 2020
Received: from localhost ([127.0.0.1]:41120 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jKGl7-0007uO-Vy
	for submit <at> debbugs.gnu.org; Fri, 03 Apr 2020 03:28:58 -0400
Received: from mout.web.de ([212.227.15.3]:41923)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <sebastian.fieber@HIDDEN>) id 1jKG7A-0005gK-Vl
 for 40397 <at> debbugs.gnu.org; Fri, 03 Apr 2020 02:47:42 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=web.de;
 s=dbaedf251592; t=1585896454;
 bh=UVXnrRrJMD2YwBhaS7luz3P8atFu5y9RVL28ti/+u6Q=;
 h=X-UI-Sender-Class:From:To:Subject:Date;
 b=GYmDiM8sFCW2K2A9NMgpwrpLZn0uHaac3dQS+YnJDf9Rw5fvueoLG77G0GUwX5DdO
 L8JuuN/fv4i9PCBQvOzTMmAcjyZ09jI2SXvRoGVg4bC7UUIBLIYiy9oRkhM7H7Gjr3
 U3VQel5fW+1xOFlGEWHShxwyxKZCnCHoZRTC1xZ4=
X-UI-Sender-Class: c548c8c5-30a9-4db5-a2e7-cb6cb037b8f9
Received: from comedian ([93.202.160.233]) by smtp.web.de (mrweb001
 [213.165.67.108]) with ESMTPSA (Nemesis) id 0MX0lw-1jntxa1dem-00VwzU for
 <40397 <at> debbugs.gnu.org>; Fri, 03 Apr 2020 08:47:34 +0200
From: Sebastian Fieber <sebastian.fieber@HIDDEN>
To: 40397 <at> debbugs.gnu.org
Subject: bug#40397: 28.0.50; epg decrypt does not verify signed content in
 smime
Date: Fri, 03 Apr 2020 08:47:33 +0200
Message-ID: <87imih5am2.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.0.50 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
X-Provags-ID: V03:K1:yj2jaJRgDYJvKAYT9KMbvoNiJSMe6agjc9vastoQD0sVqijtxCs
 yWA0HPMbeZ6uSb2VWCTOLPoKxYT/LRmDzrP2zIdo5OspwD5EhNSQ1ll+QWUUevr5wWb+3Jj
 gKVLIhTMNJ4pzrQjmKFJOfgybDFT3R1mdt+MpzH0Am56vXmEYezVICV/A5Ry06BGZYQSuND
 4CW7h1njW++IudDYrmkuA==
X-Spam-Flag: NO
X-UI-Out-Filterresults: notjunk:1;V03:K0:1yH+YQ2n65E=:J+Bh4GabwpVhs9fGB8+Skz
 gzR9OvC7jKyQlPadxdS3wwk66qLIegWhmCX5OxU0tW65DNFRMI5FNZtSxgOwrkjhyJpzHQfVZ
 8kq8F4MnCAGglWt7BOuPXwKcQ5RgYCgop05uRH/nB4lDEz9bNaSsW6McnTOqUTAGuXw15rfE5
 TiFujs34UlsHsSCCP15ZsI5Dspodzpaukjtn49B3C4NeZYsZ640PRsh6qOUNBdxBCVlgMjuG7
 VvnB2PL91p3mwCgzj9gBwkez2gtumrKWTpgCG05Qk3EHH/e0XljJE83CezrYVcmB/EDVlHeLe
 qDIbASmdzP7QyJpTRPF+4pOcd8BRt/6zslwoEjf2ciWlDX9OdleC0tPM7ONDUDJCarHcor8nJ
 InqaU2aWmAfhShD0d7xszNDTdA2EmGeh0zsDJ726xpB75ryJ6txJgdQoNj4Atoele+ufY0mUF
 OY1SAum1WMjJd7RptfyertKiDlqgZHU+eGLRGXS0zH6RRpL5+NMtvmsKWlGoRCM7HcOkyKHrk
 xzWEylkfjaulbHXCU1vIQPFh5o8I64I991y2smP6AYdf3N4g3Jof1q4xtgS5eYni6nHAWq5d/
 RaO9wzlybJZqKyRYYF9f/Mo0IRLBZJ0v4zy+UHw8HRnwfa9HSSZUKXXsAiLUzjZl4jAv2pZYW
 UzXS7kP8SnFOZgeau7KjaskKOJY3kFz/SqA+upJi1N6JzzbF162o4Ab4s52Z3qRi3ToB2pXSr
 DeNrAO4etZUB89jzT5X09JhZbiIlo+k6WFqlV17TZrYPBhQV3g2C/bNGrhAIgFySnf/9MSMI1
 XXy8WQX6bYbxizddndI+h4FY/IOYpfET3ucvCUG0spizH424oEkMpubWbJuM5zli2DQMj6eij
 u2XxXJ2xqcL3iGRJnnn3nVjE+kQTq8d1vFJYjvQ/7R4PNPevT29F5Oqie9H5t/Wc/RiVUXxva
 Dzg4d3hXFTnn1+G55fqgo6Z2SLYUEkD065QMQdN5BkwSG8aJD0yAs4txBm1683rTYh/hdqyVW
 ALifi7ULRKeTNkFORv2qzX4rjqwdqEXS12REmNsIhLo5LpUQfM0iqclC+ctkhvK+jdXdLcPiK
 hNLTBM9rBwOhola0hiWvaA3e8mMTyVcFwzoWkLWaQAqOb/6OMVyzq3ZSAO8onxpY+tYxDJFPt
 6R81WsuJ4RL2HJvVONTz+gHS1//NW7qbumb5da0KAckYE5I+DqHwJsdsF+xBlKOUSgzKpLU7D
 Pgamg4O1oAuNzR7zD
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 40397
X-Mailman-Approved-At: Fri, 03 Apr 2020 03:28:56 -0400
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)

--=-=-=
Content-Type: text/plain

Hey there,

I just thought this may be hard to test as one has to have a smime
certificate to properly receive an encrypted mail.

If someone can point me to the right approach how to fix this I may be
able to dive a bit deeper into the gnus code and submit a bug report.

This is what I have tried now just to get something:

If I alter mm-view-pkcs7-decrypt after the insert epg-decrypt-string to
call something like this:


--=-=-=
Content-Type: application/emacs-lisp
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

(point-min)
(gnus-mime-display-part (mm-dissect-buffer t t))

--=-=-=
Content-Type: text/plain


and adjust mm-view-pkcs7-get-type to handle a third case


--=-=-=
Content-Type: application/emacs-lisp
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

((string-match-p mm-pkcs7-signed-magic (base64-decode-string (buffer-string=
)))
'signed)

--=-=-=
Content-Type: text/plain


and also mm-copy-to-buffer to check for carriage returns like this:


--=-=-=
Content-Type: application/emacs-lisp
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

(search-forward-regexp "^\r\n" nil 'move)

--=-=-=
Content-Type: text/plain

(can't send the carriage return properly so \r it is here instead of ^M)

I am able to get an article buffer that still has the base64 encoded
signed blob in it but after it the verified content.

I have no idea where gnus normalizes the line endings to just newlines
and why the mm-view-pkcs7-get-type adjustment is needed. But calling
gnus-ime-display-part is of course not the right approach here. First
there should be some check if the decrypted content needs to be parsed
and handled again but I have no idea which function to write or feed the
decrypted content to.

I hope this may be helpful

Best regards
Sebastian



--=-=-=--




Information forwarded to bug-gnu-emacs@HIDDEN, bugs@HIDDEN:
bug#40397; Package emacs,gnus. Full text available.

Message received at submit <at> debbugs.gnu.org:


Received: (at submit) by debbugs.gnu.org; 2 Apr 2020 23:37:58 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Apr 02 19:37:58 2020
Received: from localhost ([127.0.0.1]:40968 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jK9PJ-0005B6-Tk
	for submit <at> debbugs.gnu.org; Thu, 02 Apr 2020 19:37:58 -0400
Received: from lists.gnu.org ([209.51.188.17]:36336)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <sebastian.fieber@HIDDEN>) id 1jK9Ob-00058I-6I
 for submit <at> debbugs.gnu.org; Thu, 02 Apr 2020 19:37:13 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:43552)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <sebastian.fieber@HIDDEN>) id 1jK9OY-0004Hs-Vp
 for bug-gnu-emacs@HIDDEN; Thu, 02 Apr 2020 19:37:13 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: **
X-Spam-Status: No, score=2.1 required=5.0 tests=BAYES_50,FREEMAIL_FROM,
 RCVD_IN_DNSWL_LOW,SPOOFED_FREEMAIL,URIBL_BLOCKED autolearn=disabled
 version=3.3.2
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <sebastian.fieber@HIDDEN>) id 1jK9OX-0000Wh-32
 for bug-gnu-emacs@HIDDEN; Thu, 02 Apr 2020 19:37:10 -0400
Received: from mout.web.de ([212.227.17.12]:54615)
 by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16)
 (Exim 4.71) (envelope-from <sebastian.fieber@HIDDEN>)
 id 1jK9OW-0000VY-KT
 for bug-gnu-emacs@HIDDEN; Thu, 02 Apr 2020 19:37:09 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=web.de;
 s=dbaedf251592; t=1585870626;
 bh=WXwwSpyMdQI/LRgnqRbcMBCaFUk6/rbnO8zoXdDx5iA=;
 h=X-UI-Sender-Class:From:To:Subject:Date;
 b=AMtSVYqWD9+z5cLDE+dUbynX4okbzj/pt30va0ErUKG8vwGiN0qTdbaxDlVkEIukn
 PLNc9ZW8cn4A95suuzWrJNPIQv7B1kXLxTkLVaaFwzSKO3W+B+IWIgDt1Y/6RB8cC+
 7QMilH0lB8dppiXMRDPg1RG2k0lgZ2kLMCmSJSNI=
X-UI-Sender-Class: c548c8c5-30a9-4db5-a2e7-cb6cb037b8f9
Received: from comedian ([93.202.164.254]) by smtp.web.de (mrweb103
 [213.165.67.124]) with ESMTPSA (Nemesis) id 0MS2D8-1jm6Op2vlq-00TB4R for
 <bug-gnu-emacs@HIDDEN>; Fri, 03 Apr 2020 01:37:05 +0200
From: Sebastian Fieber <sebastian.fieber@HIDDEN>
To: bug-gnu-emacs@HIDDEN
Subject: 28.0.50; epg decrypt does not verify signed content in smime
 encrypted and signed message 
X-Debbugs-Package: emacs,gnus
Date: Fri, 03 Apr 2020 01:37:04 +0200
Message-ID: <87o8s9cvdr.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Provags-ID: V03:K1:ct27pkZWmmdHx0OY1qd0RC/a81U6Y1MvboaLOcoVc9gPnF0YKYF
 bkjhKNL9F8ZJcg936bS0KWn+Ckz/Gt4IoZeSojaB5QIlFLTiwOsGXhtLiJeZzD5FjxFZaG8
 U7YovBlVoeDHHp7bFOYGtMYBcv0JDX5Nknu7xqGeFfpfQOCcDSHjSRDerwzX5m0fQRZdaBe
 h5T4MZUKUWDJgX0G7nBCA==
X-UI-Out-Filterresults: notjunk:1;V03:K0:SXRqKOTHW3g=:HujRtTMPYpI6GKBCRR03Qq
 /Dx9Q89XydR8sxWGiVA2Vcl9Ut6Y2k7Rj3CLLjghLARFIvUXywNV7pB7mGhB1Kdbjeihr6frr
 4KPsXWkXKXaopHZt7q+P+CPmPg2rplZ/P8yPeD22eCUawXGLHhpmwzjhe4QRXtMsi0MVEK72v
 lZcAQtLqN3eDcvCn2hsRP/92XhoQ0xWFPmeRB/y9JusGEs4tprHQnmVbTLVXFEiDs6XL0EHvo
 K47WvRW8yFIRhFQDva5h6+w2gSRK6t8zodPlqXhY7sFCe+x8hvs+aS2S+FeUeDYDx+33hXjR7
 JaGDJ6V+V2SEXQ7RzbgrA1h1pXfWtTD7iue616BfpQ1r0uB4IeDVlTXBqy8+syhrFWF/Y6lZM
 tLFR9YY8CGhq5I8ajQmETatrB6/GpGUel1oaMxcwMsuGgM6A9i4oDg+1lXrXyMl7yh3f/R0Ip
 GViKO1riQbVR188Q+0U89wvAEloCNEbWvN9oEc6T2W6hiXZlQiuv4/f0IkMoHxT/KfSZ9fH2+
 fNB9fvG7JgxqGxmHd+vvlnWD3tw7ipDQsJoe636aPh0retT3adCnjPW9POUKfxCYIA8jrA1ZN
 QX2xJZxsnjIefSPJOvXQq6TyOhFdnBMHg05AoHkCzBCs8SsJNnR0/D3iZOZCPuouaqJ17ZEdf
 Qti/FJT/PR72P1wNwrU2Qcux/NxCazd0cHLf5iQizCZwiajgmt1YOks4+ipjoVnHyw96jjGkx
 lvi9EA4appz6BDn2oLGjK8+2TT6a4IIuNWfLcLDoIaCa1NpCCHqLd44IX9ulUnlUypyOv9UXj
 lOv9GFErH5LxJ2s8iUrPoNf4kPCcg9h6Yk2YyNW0nA2vqURL+yOcWhnaUADopQn927PooH5iO
 g+xBL/LkKXbGyCAIPnqOHpNQPOuQ0/g9KHc417yR4Ngdh+IF1AkU5z0hvFp5SqheLdDwmfO92
 +ADwxyjE74AJMsftnxgvU4907BHm3JNZrTh56i3Akcs5JrE6AnZwVNkJKkPxE9yxuzLPHveKw
 56HyH5HlXut8py5lCiXmqS+2z0lccGdzDxUq4pOQvjNL6xMGV1294A+0/611qhU9jDniFs/uz
 LJdAIIgCeiPleZu7F4678scHIbuanIlN3PWlWbwSwiGAzJ5vKcdRHNzwoLYi9boE1Z5vmfkGJ
 ymIt5fou24WLlRQJbrF62GDh2FVPnBwJVGOvumSjbpyvsKh7QOGRagZCXuQ/noEtrJmuDMosG
 NbnorPrlI7LwPK6Jm
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 212.227.17.12
X-Spam-Score: 2.2 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  Hey there,
 I'm currently running master on commit
 1242ae904a9b7871658f11fb98da5730ea8838c9.
 When I open an smime encrypted AND signed message in gnus with a content
 type looking like this: 
 Content analysis details:   (2.2 points, 10.0 required)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 0.0 URIBL_BLOCKED          ADMINISTRATOR NOTICE: The query to URIBL was
 blocked.  See
 http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
 for more information. [URIs: disroot.org]
 0.9 SPF_FAIL               SPF: sender does not match SPF record (fail)
 [SPF failed: Please see http://www.openspf.org/Why?s=mfrom;
 id=sebastian.fieber%40web.de; ip=209.51.188.17; r=debbugs.gnu.org]
 0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail
 provider (sebastian.fieber[at]web.de)
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 -0.7 RCVD_IN_DNSWL_LOW      RBL: Sender listed at https://www.dnswl.org/,
 low trust [209.51.188.17 listed in list.dnswl.org]
 2.0 SPOOFED_FREEMAIL       No description available.
X-Debbugs-Envelope-To: submit
X-Mailman-Approved-At: Thu, 02 Apr 2020 19:37:57 -0400
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.8 (/)


Hey there,

I'm currently running master on commit
1242ae904a9b7871658f11fb98da5730ea8838c9.

When I open an smime encrypted AND signed message in gnus with a content
type looking like this:

Content-Type: application/pkcs7-mime; smime-type=3Denveloped-data;
	name=3D"smime.p7m"

I end up with a buffer looking like this:

Content-Type: application/x-pkcs7-mime; name=3Dsmime.p7m; smime-type=3Dsign=
ed-data
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=3Dsmime.p7m

[base64 encoded smime.p7m]

This is the signed content which would have to be verified again. I
tried to fix this myself but are really unfamiliar with the gnus
codebase. I tried to run mm-dissect-buffer on this content alone which
gives some results. I think a fix would look like this: there just needs
to be some checking whats inside the enveloped data that is being
correctly decrypted and if its another application/(x-)pkcs7-mime just
handle this one too.

Best regards
Sebastian


In GNU Emacs 28.0.50 (build 1, x86_64-pc-linux-gnu, GTK+ Version 3.24.14, c=
airo version 1.17.3)
 of 2020-03-21 built on comedian
Repository revision: 1242ae904a9b7871658f11fb98da5730ea8838c9
Repository branch: makepkg
Windowing system distributor 'The X.Org Foundation', version 11.0.12007000
System Description: Arch Linux

Recent messages:
nnimap web splitting mail...done
nnimap read 2k from disroot.org
Reading active file via nndraft...done
Checking new news...done
Auto-saving...
Outdated usage of =E2=80=98bbdb-search=E2=80=99
Parsing BBDB file =E2=80=98~/.emacs.d/bbdb=E2=80=99...done
Buffer *unsent mail* modified; kill anyway? (y or n) y
next-line: End of buffer
<s-backspace> is undefined

Configured using:
 'configure --prefix=3D/usr --sysconfdir=3D/etc --libexecdir=3D/usr/lib
 --localstatedir=3D/var --mandir=3D/usr/share/man
 --pdfdir=3D/usr/share/doc/emacs/pdf --without-gconf --with-sound=3Dalsa
 --with-x-toolkit=3Dgtk3 --without-toolkit-scroll-bars --with-mailutils
 --with-gameuser=3Dyes --with-xft 'CFLAGS=3D-march=3Dx86-64 -mtune=3Dgeneri=
c -O2
 -pipe -fstack-protector-strong -fno-plt'
 LDFLAGS=3D-Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now
 CPPFLAGS=3D-D_FORTIFY_SOURCE=3D2'

Configured features:
XPM JPEG TIFF GIF PNG RSVG CAIRO SOUND GPM DBUS GSETTINGS GLIB NOTIFY
INOTIFY ACL GNUTLS LIBXML2 FREETYPE HARFBUZZ M17N_FLT LIBOTF ZLIB GTK3
X11 XDBE XIM MODULES THREADS LIBSYSTEMD JSON PDUMPER LCMS2 GMP

Important settings:
  value of $LC_MONETARY: de_DE.utf8
  value of $LC_NUMERIC: de_DE.utf8
  value of $LC_TIME: de_DE.utf8
  value of $LANG: en_US.utf8
  locale-coding-system: utf-8-unix

Major mode: Group

Minor modes in effect:
  gnus-agent-group-mode: t
  shell-dirtrack-mode: t
  gnus-undo-mode: t
  auto-insert-mode: t
  yas-global-mode: t
  yas-minor-mode: t
  global-company-mode: t
  company-mode: t
  global-morlock-mode: t
  eval-sexp-fu-flash-mode: t
  persistent-scratch-autosave-mode: t
  smartparens-global-mode: t
  guru-global-mode: t
  guru-mode: t
  show-paren-mode: t
  editorconfig-mode: t
  solaire-global-mode: t
  minibuffer-depth-indicate-mode: t
  save-place-mode: t
  guide-key-mode: t
  immortal-scratch-mode: t
  winner-mode: t
  diff-hl-flydiff-mode: t
  global-diff-hl-mode: t
  doom-modeline-mode: t
  projectile-mode: t
  savehist-mode: t
  tooltip-mode: t
  global-eldoc-mode: t
  electric-indent-mode: t
  mouse-wheel-mode: t
  file-name-shadow-mode: t
  global-font-lock-mode: t
  font-lock-mode: t
  blink-cursor-mode: t
  auto-composition-mode: t
  auto-encryption-mode: t
  auto-compression-mode: t
  temp-buffer-resize-mode: t
  buffer-read-only: t
  column-number-mode: t
  line-number-mode: t

Load-path shadows:
/home/judas/.emacs.d/elpa/cmake-mode-20190710.1319/cmake-mode hides /usr/sh=
are/emacs/site-lisp/cmake-mode
/home/judas/.emacs.d/elpa/less-css-mode-20161001.453/less-css-mode hides /u=
sr/share/emacs/28.0.50/lisp/textmodes/less-css-mode

Features:
(shadow emacsbug bbdb-message sendmail nnir finder finder-inf lisp-mnt
skeleton gnus-html url-queue url-cache mm-url expand-region
subword-mode-expansions text-mode-expansions the-org-mode-expansions
er-basic-expansions expand-region-core expand-region-custom pulse sort
smiley gnus-cite pp cl-print debug magit-utils mule-util jka-compr
misearch multi-isearch info-colors eieio-opt speedbar ezimage dframe
help-fns radix-tree mm-archive mail-extr gnus-async gnus-bcklg qp
gnus-ml disp-table nndraft nnmh utf-7 nnfolder tabify editorconfig-core
editorconfig-core-handle editorconfig-fnmatch bbdb-gnus bbdb-mua
bbdb-com crm gnutls network-stream nsm gnus-agent gnus-srvr gnus-score
score-mode nnvirtual gnus-msg nntp gnus-cache vc-git edebug backtrace
lisp-extra-font-lock local-layer personal gnus-icalendar org-capture
ob-plantuml ob-ditaa ob-python ob-shell shell ob-json sound-wav deferred
notifications dbus ox-md ox-odt rng-loc rng-uri rng-parse rng-match
rng-dt rng-util rng-pttrn nxml-parse nxml-ns nxml-enc xmltok nxml-util
ox-latex ox-icalendar ox-html table ox-ascii ox-publish ox org-element
avl-tree org ob ob-tangle ob-ref ob-lob ob-table ob-exp org-macro
org-footnote org-src ob-comint org-pcomplete pcomplete org-list
org-faces org-entities noutline outline org-version ob-emacs-lisp
ob-core ob-eval org-table ol org-keys org-compat org-macs org-loaddefs
find-func gnus-art mm-uu mml2015 mm-view mml-smime smime dig gnus-sum
url url-proxy url-privacy url-expand url-methods url-history mailcap shr
url-cookie url-domsuf url-util svg xml dom gnus-group gnus-undo
gnus-start gnus-cloud nnimap nnmail mail-source utf7 netrc nnoo
parse-time iso8601 gnus-spec gnus-int gnus-range message rmc puny dired
dired-loaddefs format-spec rfc822 mml mml-sec mailabbrev mailheader
gnus-win mm-decode mm-bodies mm-encode mail-parse rfc2231 gmm-utils
icalendar diary-lib diary-loaddefs cal-menu calendar cal-loaddefs
epa-file epa derived epg epg-config bbdb bbdb-site timezone gnus
nnheader gnus-util rmail rmail-loaddefs rfc2047 rfc2045 ietf-drums
text-property-search time-date mail-utils mm-util mail-prsvr wid-edit
ansible-layer dotnet-layer mark-layer visible-mark sf-kbd sf-guix
haskell-layer cc-layer js-layer eglot-layer latex-layer org-layer
python-layer perl-layer php-layer web-layer gnus-layer convenience-layer
yatemplate autoinsert auto-complete-layer string-inflection
clojure-snippets cl-extra yasnippet company-oddmuse company-keywords
company-etags etags fileloop generator company-gtags
company-dabbrev-code company-dabbrev company-files company-capf
company-cmake company-xcode company-clang company-semantic company-eclim
company-template company-bbdb company pcase elisp-layer morlock paxedit
rainbow-delimiters paredit eval-sexp-fu std-layer server
display-line-numbers cap-words superword subword highlight-symbol
persistent-scratch smartparens help-mode xref project guru-mode edmacro
kmacro paren editorconfig face-remap solaire-mode mb-depth saveplace
guide-key advice popwin ace-window avy immortal-scratch cc-styles
cc-align cc-engine cc-vars cc-defs winner diff-hl-flydiff diff diff-hl
vc-dir ewoc vc vc-dispatcher diff-mode easy-mmode doom-modeline
doom-modeline-segments doom-modeline-env doom-modeline-core shrink-path
f s all-the-icons all-the-icons-faces data-material data-weathericons
data-octicons data-fileicons data-faicons data-alltheicons memoize dash
projectile grep ibuf-ext ibuffer ibuffer-loaddefs thingatpt savehist
diminish sf-autoloads loader cerbere-mode-autoloads
docblock-mode-autoloads warnings compile comint ansi-color ring
hyperlight-theme rx tex-site info package easymenu browse-url
url-handlers url-parse auth-source cl-seq eieio eieio-core cl-macs
eieio-loaddefs password-cache json subr-x map url-vars seq byte-opt gv
bytecomp byte-compile cconv cl-loaddefs cl-lib early-init tooltip eldoc
electric uniquify ediff-hook vc-hooks lisp-float-type mwheel term/x-win
x-win term/common-win x-dnd tool-bar dnd fontset image regexp-opt fringe
tabulated-list replace newcomment text-mode elisp-mode lisp-mode
prog-mode register page tab-bar menu-bar rfn-eshadow isearch timer
select scroll-bar mouse jit-lock font-lock syntax facemenu font-core
term/tty-colors frame minibuffer cl-generic cham georgian utf-8-lang
misc-lang vietnamese tibetan thai tai-viet lao korean japanese eucjp-ms
cp51932 hebrew greek romanian slovak czech european ethiopic indian
cyrillic chinese composite charscript charprop case-table epa-hook
jka-cmpr-hook help simple abbrev obarray cl-preloaded nadvice loaddefs
button faces cus-face macroexp files text-properties overlay sha1 md5
base64 format env code-pages mule custom widget hashtable-print-readable
backquote threads dbusbind inotify lcms2 dynamic-setting
system-font-setting font-render-setting cairo move-toolbar gtk x-toolkit
x multi-tty make-network-process emacs)

Memory information:
((conses 16 550291 213990)
 (symbols 48 39611 1)
 (strings 32 198004 26591)
 (string-bytes 1 7496295)
 (vectors 16 68196)
 (vector-slots 8 1612421 168866)
 (floats 8 876 1697)
 (intervals 56 23869 2698)
 (buffers 1000 68))




Acknowledgement sent to Sebastian Fieber <sebastian.fieber@HIDDEN>:
New bug report received and forwarded. Copy sent to bug-gnu-emacs@HIDDEN, bugs@HIDDEN. Full text available.
Report forwarded to bug-gnu-emacs@HIDDEN, bugs@HIDDEN:
bug#40397; Package emacs,gnus. Full text available.
Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Last modified: Mon, 3 Aug 2020 06:15:02 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.