[Rt-commit] rt branch, 4.2/smime, repushed
Alex Vandiver
alexmv at bestpractical.com
Tue Sep 3 21:33:53 EDT 2013
The branch 4.2/smime was deleted and repushed:
was 8b8fecc466395694b97f6cee1b246c69c119c8af
now 44484ab736e7426c5ee66092b41051e9a53c6557
1: 81da587 = 1: 528e0fa Process Sign/Encrypt values later on update
2: ac0d3a1 = 2: ea3c1d4 Refactor code which calls GPG::Interface to elimate duplicate code
3: bcb1f89 = 3: 494fbf4 Generalize CallGnuPG slightly more, allowing more code reuse
4: b0dba81 = 4: d92ddbd Minor cleanups to Probe, the one remaining non-CallGnuPG gpg interaction
5: 0da7281 = 5: e1d06ed Catch errors on close()
6: 80c0798 = 6: f599789 Rename Key to Signer for clarity and consistency
7: 1194665 = 7: 73dc50c Rename Method to Command for clarity; "--foo" is not a "method"
8: 079e3e1 = 8: 8a30301 Only set the default key if we actually have one
9: 8938e19 = 9: 806638c Only set the passphrase if we have one
10: 312cb6e = 10: a29dbbd Split IO::Handle::CRLF into its own file in RT::Crypt::GnuPG::CRLFHandle
11: 09d54d2 = 11: accd163 Switch out RT::Crypt::GnuPG function calls for class methods
12: 6b99048 = 12: 5be60ac Create a generic RT::Crypt class to dispatch methods from
13: 6d2312e = 13: 4308275 Move data-storage UseKeyFor... methods onto RT::Crypt
14: aad107d = 14: ac792ba Provide a RT::Crypt->LoadImplementation method to load RT::Crypt::...
15: 30ab442 = 15: e55e645 Add RT::Crypt->Protocols, to return the supported encryption protocols
16: 3ffc9fd = 16: aace3cc Make protocol loading case-insensitive
17: 217e572 = 17: 4a5b6b7 Add a role for encryption classes
18: 57c195c = 18: 10ea1b6 Move GetPassphrase onto the role
19: 967cfef = 19: 87db14b Move SignEncrypt to dispatch from RT::Crypt
20: d0ecfdc = 20: f75b641 Do not error if no From address is provided
21: b3a3025 = 21: 6f4d38b Turn FindProtectedParts into a two-step process
22: d24d92e = 22: eb04a21 Move FindProtectedParts into RT::Crypt
23: 621a397 = 23: ee3058e Unclaimed multipart/signed or multipart/encrypted parts should be skipped
24: 23c6432 = 24: 75f0426 Assume multipart/{signed,encrypted} parts may be GPG-encrypted
25: cf8ee45 = 25: 8b0a4f8 Move VerifyDecrypt to dispatch from RT::Crypt
26: acdfefb = 26: be12ed3 Fix which part is labelled "Top" in signature attachments
27: 9dca0e0 = 27: 33f6ba1 Remove Top argument from where it is not needed
28: f24b69f = 28: f2ea8dc Merge two identical AddStatus/SetStatus blocks into one
29: 24f5c2a = 29: 1905ecd Remove unused Detach argument
30: 8c935dc = 30: a0995b0 Remove unnecessary passing of SetStatus to VerifyRFC3156
31: bd32d0a = 31: 50e4550 Remove AddStatus/SetStatus arguments to VerifyDecrypt
32: e5db507 = 32: 805c39e Move status header setting into RT::Crypt
33: 73d06cf = 33: 1a0ff69 Move alteration of Top component into Verify/Decrypt methods
34: 5a31c00 = 34: 92e3e85 Move ParseStatus to dispatch from RT::Crypt
35: 084345c = 35: e8022f4 Move key retrieval to dispatch from RT::Crypt
36: a397c66 = 36: c3ebf18 Refactor UseKeyFor* and GetKeysFor* for generic use
37: 3522a04 = 37: e2b89d5 Add Protocol information to GetPublicKeyInfo call
38: f0a5142 = 38: f9f62d2 Move DrySign into RT::Crypt
39: b65c6eb = 39: f2cf11f move ParseDate method into RT::Crypt::Role to allow re-use
40: 30beaa8 = 40: d1b6028 Move CheckRecipients into RT::Crypt
41: 86d3d32 = 41: 14ebe18 Move logic from RT::Interface::Email::Auth::GnuPG into ::Crypt
42: 602dc5a = 42: 1c25ee9 Warn about Auth::GnuPG and Auth::SMIME MailPlugins, and switch to Auth::Crypt
43: f81211a = 43: 50a331f Remove unnecessary GnuPG disabling during testing
44: dad0e76 = 44: d5424a6 Generalize RT::Interface::Email::Auth::Crypt for multiple protocols
45: 64a9b43 = 45: 87a5565 By default, VerifyDecrypt should iterate to fixed-point
---: ------- > 46: 658dd3e Provide more specific explanations of decryption/verification failures
46: 1c68fcb = 47: 72857b0 Generalize GnuPG re-verification
47: 71a39b4 = 48: 1c27f06 Remove an unused variable
48: 45002d0 = 49: f64c751 Abstract out a general Crypt setting, and split incoming and outgoing
49: c6d664d = 50: 177d9de Handle if the incoming protocol is but a scalar
50: 32147d9 = 51: d9c9865 Move GnuPG enabling/disabling to GnuPG PostLoadCheck
51: b4b6f18 = 52: 3d1d362 Move canonicalization of GnuPG homedir to PostLoadCheck
52: 9aed02a = 53: f198fec Ensure that RT->Config->Options returns keys in consistent order
53: d5c6da1 = 54: 33729e0 Add "Probe" as a requirement of RT::Crypt::Role
54: e03e44b = 55: d64caa4 Allow safe_run_child to run before ConnectToDatabase runs
55: 8b9d934 = 56: ffe01c7 Genericize loading and ->Probe of RT::Crypt::* classes during PostLoadCheck
56: 9cf1908 = 57: 09b7398 Don't load crypt implementations upon RT::Crypt load
57: 12bd3b0 = 58: d6d0717 Drop extraneous "require RT::Crypt" lines
58: 66826e7 = 59: 0bbba1d Switch iterations over all protocols to merely enabled ones
59: 90d1eef = 60: 9024cb2 Place Passphrase configuration on individual configurations
60: a7b88b0 = 61: 8673fe8 Move RejectOnMissingPrivateKey and RejectOnBadData to generic Crypt settings
61: c0e3f4b = 62: f9d65d2 Ensure that ContentType is only updated after successful encryption/decryption
62: 086b633 = 63: 8a6b1bf Refactor encryption of attachment content into the role, and move config
63: c7cfc5a ! 64: 4bf116b Switch to generic Crypt checks instead of GnuPG
@@ -19,7 +19,7 @@
return wantarray ? %args : 0;
}
@@
- $TicketObj = $TransactionObj->Object;
+ $head->set( 'Content-Transfer-Encoding', '8bit' );
}
- if ( RT->Config->Get('GnuPG')->{'Enable'} ) {
64: 79e541e = 65: 9df5428 All outgoing defaults should default to UseForOutgoing, not GnuPG
65: f44e951 = 66: 1188cfe Fix a typo in a comment
66: 5dd001a = 67: a938b21 Don't report unsafe permissions on gpg tests
67: bc0e44b = 68: d1152b2 One entity may have information about multiple crypt runs
68: 34ac88b ! 69: de970e1 Rename "bad data" template to not be GnuPG-specific
@@ -22,10 +22,10 @@
$OUT .= "* $msg\n";
}
-diff --git a/etc/upgrade/4.1.20/content b/etc/upgrade/4.1.20/content
+diff --git a/etc/upgrade/4.1.22/content b/etc/upgrade/4.1.22/content
new file mode 100644
--- /dev/null
-+++ b/etc/upgrade/4.1.20/content
++++ b/etc/upgrade/4.1.22/content
@@
+use strict;
+use warnings;
69: 7f3785e = 70: 287160b Move non-GPG specific docs to RT::Crypt
70: 82e3e61 = 71: 6a04e1e Wording fixes for RT::Crypt::GnuPG documentation
71: e854b0c = 72: 1d45fb9 Add a 'configure' option to enable SMIME support
72: 782b13f = 73: 6179440 Add the skeleton of SMIME support, in RT::Crypt::SMIME
73: f751318 = 74: 33ebb23 SMIME: Store the path to openssl in a configuration option
74: 7825d71 = 75: fccb9b8 SMIME: probe for openssl existance, and smime subcommand
75: 5ccb49b = 76: 53a6f8e SMIME: part detection
76: 80e63c5 = 77: b1d3ac8 SMIME: Format status into headers
77: 2ad222d = 78: f8d3881 SMIME: Read and parse key content from a Keyring directory
78: c271d3b = 79: 795653b SMIME: Ensure that the keyring path is absolute, and exists
79: 9c1b6a4 ! 80: 2749361 SMIME: Store user keys in a user column
@@ -50,31 +50,31 @@
Creator integer NOT NULL DEFAULT 0 ,
Created DATETIME NULL ,
-diff --git a/etc/upgrade/4.1.20/schema.Oracle b/etc/upgrade/4.1.20/schema.Oracle
+diff --git a/etc/upgrade/4.1.22/schema.Oracle b/etc/upgrade/4.1.22/schema.Oracle
new file mode 100644
--- /dev/null
-+++ b/etc/upgrade/4.1.20/schema.Oracle
++++ b/etc/upgrade/4.1.22/schema.Oracle
@@
+ALTER TABLE Users ADD COLUMN SMIMECertificate CLOB;
-diff --git a/etc/upgrade/4.1.20/schema.Pg b/etc/upgrade/4.1.20/schema.Pg
+diff --git a/etc/upgrade/4.1.22/schema.Pg b/etc/upgrade/4.1.22/schema.Pg
new file mode 100644
--- /dev/null
-+++ b/etc/upgrade/4.1.20/schema.Pg
++++ b/etc/upgrade/4.1.22/schema.Pg
@@
+ALTER TABLE Users ADD COLUMN SMIMECertificate TEXT NULL;
-diff --git a/etc/upgrade/4.1.20/schema.SQLite b/etc/upgrade/4.1.20/schema.SQLite
+diff --git a/etc/upgrade/4.1.22/schema.SQLite b/etc/upgrade/4.1.22/schema.SQLite
new file mode 100644
--- /dev/null
-+++ b/etc/upgrade/4.1.20/schema.SQLite
++++ b/etc/upgrade/4.1.22/schema.SQLite
@@
+ALTER TABLE Users ADD COLUMN SMIMECertificate TEXT COLLATE NOCASE NULL;
-diff --git a/etc/upgrade/4.1.20/schema.mysql b/etc/upgrade/4.1.20/schema.mysql
+diff --git a/etc/upgrade/4.1.22/schema.mysql b/etc/upgrade/4.1.22/schema.mysql
new file mode 100644
--- /dev/null
-+++ b/etc/upgrade/4.1.20/schema.mysql
++++ b/etc/upgrade/4.1.22/schema.mysql
@@
+ALTER TABLE Users ADD COLUMN SMIMECertificate TEXT NULL;
80: 232ee2e = 81: 99634a0 SMIME: Message verification
81: fdd25ac = 82: ab342b5 SMIME: Import signing keys after verification
82: 0e2dab6 = 83: 4398591 SMIME: Verifying the signing entity of SMIME certificates
83: 3a1651d = 84: 48a0121 SMIME: Allow an insecure mode which accepts untrusted certificates
84: 1a0cefb = 85: a23c910 SMIME: Document passphrase loading
85: 88f4bf3 = 86: 54a72d4 Pass queue and actions into mail plugins, and thence to VerifyDecrypt
86: 41310a4 = 87: 2d56a5e SMIME: Message decryption
---: ------- > 88: 4a61e81 Work around failure of MIME-Tools to round-trip CRLF multiparts
87: fae26f6 = 89: 70034b4 SMIME: Testing keys and certificates
88: caa921e = 90: 13e25d7 Factor out find_relocatable_path
89: 220a37f = 91: 24d366c SMIME: Add a testing module
90: 7b1ac17 ! 92: 5af6f26 SMIME: Test incoming mail verification and encryption
@@ -203,7 +203,7 @@
+ "Message was not marked signed"
+ );
+ like( $attach->Content, qr/This is not the body/ );
-+ } qr/Had a problem during decrypting and verifying/;
++ } qr/Failure during SMIME verify: The signature did not verify/;
+
+}
+
@@ -296,7 +296,7 @@
+ is($status->{Status}, "BAD", "Verify was a failure");
+ is($status->{Trust}, "NONE", "Noted the no trust level");
+ like($status->{Message}, qr/not trusted/, "Verify was a failure");
-+} qr/Had a problem during decrypting and verifying/;
++} qr/Failure during SMIME verify: The signing CA was not trusted/;
+
+# Test with the correct CA path; marked as signed, trusted
+{
@@ -321,7 +321,7 @@
+ is($status->{Status}, "BAD", "Verify was a failure");
+ is($status->{Trust}, "NONE", "Noted the no trust level");
+ like($status->{Message}, qr/not trusted/, "Verify was a failure");
-+} qr/Had a problem during decrypting and verifying/;
++} qr/Failure during SMIME verify: The signing CA was not trusted/;
+
+# Other CA, but allow all CAs
+{
91: 277f7a9 = 93: 7916049 SMIME: Message signing and encryption
---: ------- > 94: b41b533 Apply MIME-Tools workaround from 4a61e81 to messages produced from signing
92: 0b0e047 = 95: 3ec294a SMIME: If passphrase is empty, then don't provide -passin
93: c82c041 = 96: 298fdb6 SMIME: Test outgoing mail
94: 2e75f53 = 97: bc26135 SMIME: Test parsing of real mail
95: 79c0f13 = 98: b7d903a Always pass Top entity when we detecting crypto parts
96: 4d10bf3 = 99: 86c07a2 SMIME: Improve recipient detection by examining all possibilities
97: 78d03d1 = 100: 94ac376 SMIME: Be more verbose on how it looks for, and fails to find, private keys
98: 6040ae1 ! 101: c101119 SMIME: Encrypting and decrypting attachments in the database
@@ -57,6 +57,12 @@
+ my $parser = MIME::Parser->new();
+ $parser->output_dir($tmpdir);
+ my $newmime = $parser->parse_data($$buf);
++
++ # Work around https://rt.cpan.org/Public/Bug/Display.html?id=87835
++ for my $part (grep {$_->is_multipart and $_->preamble and @{$_->preamble}} $newmime->parts_DFS) {
++ $part->preamble->[-1] .= "\n"
++ if $part->preamble->[-1] =~ /\r$/;
++ }
+
+ $entity->parts([$newmime]);
+ $entity->make_singlepart;
@@ -136,6 +142,12 @@
- $parser->output_dir($tmpdir);
- my $newmime = $parser->parse_data($buf);
-
+- # Work around https://rt.cpan.org/Public/Bug/Display.html?id=87835
+- for my $part (grep {$_->is_multipart and $_->preamble and @{$_->preamble}} $newmime->parts_DFS) {
+- $part->preamble->[-1] .= "\n"
+- if $part->preamble->[-1] =~ /\r$/;
+- }
+-
- $entity->parts([$newmime]);
- $entity->make_singlepart;
-
@@ -158,6 +170,12 @@
+
+ my $res_entity = _extract_msg_from_buf( $buf );
+ $res_entity->make_multipart( 'mixed', Force => 1 );
++
++ # Work around https://rt.cpan.org/Public/Bug/Display.html?id=87835
++ for my $part (grep {$_->is_multipart and $_->preamble and @{$_->preamble}} $res_entity->parts_DFS) {
++ $part->preamble->[-1] .= "\n"
++ if $part->preamble->[-1] =~ /\r$/;
++ }
+
+ $args{'Data'}->make_multipart( 'mixed', Force => 1 );
+ $args{'Data'}->parts([ $res_entity->parts ]);
@@ -207,12 +225,18 @@
KeyType => 'secret',
});
- return %res;
-+ return (undef, %res);
- }
-
+- }
+-
- my $res_entity = _extract_msg_from_buf( \$buf );
- $res_entity->make_multipart( 'mixed', Force => 1 );
-
+- # Work around https://rt.cpan.org/Public/Bug/Display.html?id=87835
+- for my $part (grep {$_->is_multipart and $_->preamble and @{$_->preamble}} $res_entity->parts_DFS) {
+- $part->preamble->[-1] .= "\n"
+- if $part->preamble->[-1] =~ /\r$/;
++ return (undef, %res);
+ }
+
- $args{'Data'}->make_multipart( 'mixed', Force => 1 );
- $args{'Data'}->parts([ $res_entity->parts ]);
- $args{'Data'}->make_singlepart;
99: 5727814 ! 102: 306d1a2 Upgrade script for users of RT::Extension::SMIME and ::Crypt
@@ -7,9 +7,9 @@
relied on user custom fields. Migrate the user custom fields onto the
new column.
-diff --git a/etc/upgrade/4.1.20/content b/etc/upgrade/4.1.20/content
---- a/etc/upgrade/4.1.20/content
-+++ b/etc/upgrade/4.1.20/content
+diff --git a/etc/upgrade/4.1.22/content b/etc/upgrade/4.1.22/content
+--- a/etc/upgrade/4.1.22/content
++++ b/etc/upgrade/4.1.22/content
@@
RT->Logger->error( "Couldn't update 'Error: bad encrypted data' template content: $msg")
unless $ok;
100: f5ecaa4 ! 103: 66850bd Factor out sending templated errors for convenient future use
@@ -30,8 +30,8 @@
sub CheckBadData {
@@
-
- $RT::Logger->error("Couldn't process a message: ". join ', ', @bad_data_messages );
+ @{ $args{'Status'} };
+ return 1 unless @bad_data_messages;
+ return EmailErrorToSender(
+ %args,
101: 4883f17 ! 104: 1c208da Add RejectOnUnencrypted to force all incoming messages to be encrypted
@@ -44,9 +44,9 @@
Description =>
"Inform user that he has problems with public key and couldn't recieve encrypted content", # loc
-diff --git a/etc/upgrade/4.1.20/content b/etc/upgrade/4.1.20/content
---- a/etc/upgrade/4.1.20/content
-+++ b/etc/upgrade/4.1.20/content
+diff --git a/etc/upgrade/4.1.22/content b/etc/upgrade/4.1.22/content
+--- a/etc/upgrade/4.1.22/content
++++ b/etc/upgrade/4.1.22/content
@@
return 1;
},
102: cadae6d = 105: a0f9a04 Allow encryption/signing of dashboards
103: 78f6d57 = 106: 2152e20 Refactor common delegation code
104: 1df8a47 = 107: 36d09d7 Only GnuPG supports multiple private keys per user; restrict PrivateKey
105: 1bb8662 = 108: 960ec99 SMIME: Admin interface for updating SMIME keys
106: 99aaf1d = 109: ef859a6 /Admin/Users/GnuPG.html is no longer just GPG, but all secret keys
107: 6fc86d6 = 110: 0afbd41 Rename GnuPG mason components to Crypt
108: ba0b4d6 = 111: 4ff92ee Reword UI messages implying the GnuPG is the only form of encryption
109: f5bd26b = 112: 1e0dce4 Display Created and Expire dates in the user's preferred format by setting CurrentUser
110: 50e51e2 = 113: b3b821a On UIDs with neither expiration nor created dates (SMIME), skip the dates
111: d4d986c = 114: beb06f8 Display GnuPG/SMIME issues box in yellow, much like results
112: b72dbaf = 115: 5bd1090 Resolve SMIME/GnuPG inconsistency when asking for non-existent keys
113: 8b8fecc = 116: 44484ab Visualize trust level of signing entity
More information about the Rt-commit
mailing list