[Rt-commit] rt branch 5.0/verify-gnupg-original-decrypted-content created. rt-5.0.2-57-ga8aebb8f92
BPS Git Server
git at git.bestpractical.com
Thu Jan 6 18:41:45 UTC 2022
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "rt".
The branch, 5.0/verify-gnupg-original-decrypted-content has been created
at a8aebb8f924d5ce5b4f9b98ee42091f5904f5e4a (commit)
- Log -----------------------------------------------------------------
commit a8aebb8f924d5ce5b4f9b98ee42091f5904f5e4a
Author: sunnavy <sunnavy at bestpractical.com>
Date: Thu Jan 6 23:53:04 2022 +0800
Test GnuPG encrypted+signed+pubkey emails composed by Thunderbird
diff --git a/t/data/gnupg/emails/20-signed-encrypted-MIME-plain.txt b/t/data/gnupg/emails/20-signed-encrypted-MIME-plain.txt
new file mode 100644
index 0000000000..cdc0b121b1
--- /dev/null
+++ b/t/data/gnupg/emails/20-signed-encrypted-MIME-plain.txt
@@ -0,0 +1,116 @@
+X-Mozilla-Status: 0801
+X-Mozilla-Status2: 00000000
+Message-ID: <024f13ec-83f1-eb57-90a8-750deaada938 at example.com>
+Date: Thu, 6 Jan 2022 23:50:20 +0800
+MIME-Version: 1.0
+User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0)
+ Gecko/20100101 Thunderbird/91.4.1
+From: rt-test <rt-test at example.com>
+Subject: Test Email ID:20
+To: rt-recipient at example.com
+Content-Language: en-US
+X-Mozilla-Draft-Info: internal/draft; vcard=0; receipt=0; DSN=0; uuencode=0;
+ attachmentreminder=0; deliveryformat=4
+X-Identity-Key: id2
+Fcc: imap://rt-test%40example.com@mail.example.com/Sent
+Content-Type: multipart/encrypted;
+ protocol="application/pgp-encrypted";
+ boundary="------------m2QKmBvg0V3QUqtaLN9pEzxI"
+
+This is an OpenPGP/MIME encrypted message (RFC 4880 and 3156)
+--------------m2QKmBvg0V3QUqtaLN9pEzxI
+Content-Type: application/pgp-encrypted
+Content-Description: PGP/MIME version identification
+
+Version: 1
+
+--------------m2QKmBvg0V3QUqtaLN9pEzxI
+Content-Type: application/octet-stream; name="encrypted.asc"
+Content-Description: OpenPGP encrypted message
+Content-Disposition: inline; filename="encrypted.asc"
+
+-----BEGIN PGP MESSAGE-----
+
+wcFOA7Fog/J0+v7vEAf+Jyc60hYrpXmOQJC75T9NbcgM8EbPIVhOyqMV5WS+Xn5PTOLxyYzecSxt
+fEycyERIUfse3jvV9pgr6e+jcZ5pGEt81n+YX7EG1PjtTucMqCPvOWvzmCDo8SjwUqh+Gm3g+iul
+GVtmA5ZvVaTMB85jhflSAp1/rrbz9lCQYa7brfu9N/vhCQVn/oR9iFuIJBIY7L56JfSudvK7O0xu
+tsanStI7IzhnQSJeAtWN3p3FyuBerf13juuIcrh//WIS/WxVRt/OjS1yEWZ1tQk3crPxCcfnT5Hi
+2LQ+fHMeNAe0gAPfsKmlUHQ25u1lDmp9AH2sXEV8OBfwllWaF+doB2rPjwf9EEHWorgy23Cctjby
+BDk1ETysQWjKMvdPWVp2oz9b5L5ClQvRWmurP3Yi/bX3LU9EY133EnIMF3vgjWFFg1Y543b5Icum
+cQ+JJ68Kh0SXFkRG6qvnFeqlRDVnu23varyZiYEuaP06hvl5nI5M5MwVNOiGdAPMxW/WwHpEJztl
+srIasQk+n70eqdNVtbrld218d2MhwGTgR8wpb4lc7uCFTmez6G2jy+xr2YFvFWDeQkqAzjQ1hZdO
+Kg/yUXczTGoqww30Tipp1GEX22B79SrdDVC8ZaHiKosNvG/TBhsP6sluEAbdwj4s69l52czhTApQ
+FoN1OxQpHpHbblms0EKkKsHBTgNO+oOTrsHyDhAIAMhDaORJAe0pp+3dfifNXzrI9+GMwMJuBd+G
+D/IbIevAJeDwmk7AItaZ3zRtGbW6cyRHg3yDh1mLc7ZUYtelBhTNIYGPnCeOrOUI6iiwOVAeJ/tE
+LUw/PhhNmNw0MwDtQUbzVIpUbpZQkbtozcLTxDD2fcfYoQqWRAJTUVH6kjXHXyhwp5pyUuC0fqEr
+irFyoJEuJQpgqyeljFRssDkdVqxco7MUMPUOOdFfAs0OyaNYY+Hzrgk+NkYhwBtFNo1OJy9LNoa9
+6+E4bk3Vx2vjw2jexCJwu77hgRKdD6X2F6BbqlIEUX+hEewBqx5x+D3y8WhVe2oNGgBqIB/U+3k6
+BVsIAITrcVI+enMzCfVP4253a7jV+fhp1OlZS+8J239AGkLTI7XMYxhLPajERQO1Km+QEib4Rzvt
+BQPtj54a+DVQBklgnk7V2BSIYPf6dNjK6rpYxhhMz0lf8g0nmrG+OsvOUS7k5ench/GPZfzrCub0
+1GOtk6Dd9t7VoFXg4qVVVanSomgLEoyLPq6Nkv+l0eiRoHHnN4T8M+d56WiWA5xHQddx/CtUhS4G
+gdcRmoRrGboF7c6DGy5+KB8hTWURonIQNIa6iUT3Yj5rVaeSclquwRH1hVqbsxtkU6cPWuPHQpAm
++Kg0AM2+Zi0zB5CJgA6NV+OOoqnd9R1sw5ItF6j0bjLSzKoBX6jmqkxb08aczlufCsfZXMPde4z/
+93+ZgUyFjMdz2nFSJGtJ2zdDp9T2JoOAxZnQarEDPCFqNr60fcKwPOeleNvRE4GoyxYiGi/0yhU+
+7bjCilzdm3K/ARcodDVO5IQWFm6aFF0B1MLdrlMUKPa+KusJsd+TG6LVauO4Il2FuAlaZw4AFjv0
+RS2RCIV1pjufYjUgcoR4wZuk80Byj7caIHXFX0kwbDji94Qty23jpi1SGq0kfPF04t5PQQRcKywV
+9MjotdcfsAjMWaPhb9XkDECIkJ4KSd8jdrEByH0bW3BeElGGkDOmZOCmEO5W0X5aikePjrCoy4aX
+OurBQEJmvRhTZg5rYUAasIyV65TFufrqty0YxrI9spNWZ4RQL44SdLjtUWgUnUOPcw3aUcwtRI80
+OEaHHr8j8TlX266fMQPsIzH2DMI33sAvfufjEWVHh9fAthvWihJjKzwrnALzJ8xTXpsTWA40SxKI
++kRNRLVUr7c9KJTID2FebBLT5JrUGLtsFL/VITbQDTSJrKk5Lazongu1HiNSCa/rKbGSfKCn0thd
+IyMj8KNjr8KxA9PKPIlMP49mnGFYZCXpTIAUyPhTJiaJnXuQwJMZbFS0/aqguYQo/X7Bn7iqmZqv
+j5vMp31iLa0lLJ9k1sJCulRIy6KytdmXWX+88azp+YkNUr3lkBwo6QasHkPf2c+i+psOukpo4OvD
+Dlra58q+t2m0agW9thSLpiFw345C9UGj88zJ29ry3nb7rw+KfXprwxVChdilmWUf/W12q1j7uEJv
+I2/6fohB2ru/p69CdZpUnuZafhJQDBaxlxWHkoTATsYvlVybXb6kfENFTXOR0PvyFOsjOZppdYt7
+KcJgJxUqMDJeHi3pmjKjblwggG/Zt5iLRfLBt6RGIJvr6dCa02JTtcUiZjeytNCh7K4dNgpRa9Bk
+LVwQNc+MoNFVBn189zmbiU61tVYey2XGt57E4UDe7zdbN/mOHiyYaLVuvdKlsGu4z/ygf/NPM+rh
+RmyP/OQpToHPtLGfoAmfbhMxmXvHYOmSpUjHXm/tsusN0PtK3A4kjvnILX/fGJFbTvMqgcZceh5Z
+DaK53w8K30PNsC45nlydkvuPZG4u8hbOR1zXC3/ACGL9LXdEPsgIFEqQhmgSG3UtaJG/CVI8DrKz
+jPzjXJ0/zAHlQx9qyW9tnMThpaWHGm3IkQpdiffaPcivHav8wPWCEzAOnmtNDoqsxTbHeAf8XPJZ
+fOoAVq0iZjLUkB/GQXE0iJhopoPJWghNufXH8UXJpCn9NvW18C96/7BHdoobWg4nw78rFpWPn87w
+LnT4SMRSkY0UdsESmguniNEyxiC/oHtAmfkI20XXa1swvNdDyFOZ0+e6W7KbfVSBje5m6MvmjZY4
+34t0yczo/UERF7j3cU4u/0xNAHk+kWnrmq4TdLW0nLogUce/tgjO+Jo/uOrE1b8j/bb/t0Z3iPOI
+UnKqUcOuasaSw0+T3tJFOhAj0DH2jvXzdCxNxt2WR6pevyJdU6F3geWMz7sJYtJUQcNdK0KoFSMJ
+tyRUJIphIBLVBONEsjllPcS9Do5Yhq9uzZhJ0bHULgdSF0zLYoyhNH8x47ZnbwVtdUuoO1/ENota
+boryQlszXpuM+2rmK1zXJ1TjdffHgW8gLLEwzrmHhfHmm7mUfEU2ww3C5Ie9rmjiX+aok08TrqAg
+txcMlD8cTCLgLdvh6uoWPbCYOQc+0O1XwmEoT5YFYzzGgJAL4VVzrMwWVT1yQfkG0MqQVfsNUo56
+l7/Eve5yovL2X8SxPcS+Grj7XBw2j6X2Gh865o0DnxadUe2TnwM4CUaqFzjqKD+b+TlVaYBTLuOB
+o1cvjieqwhcneZLF5xWmx+mJ0Z4inAoY+M0+9eIj1Ygwn4ay5jILV+qbD5m2BLha6Sf6W+7iyilj
+xwMWoTMHPMX7rrOzP4CYc/FH5aYeunYe7aGfrfB03Pykv0Sz7ylJpFz35Mrh4zODnQSuJNH8wCv+
+kf2mPcSnTx7ALYOLUUyCbR6/cbPh7WGbZHCM00t7lIYjFky6pdxR91t92thazy/zjWtl/Vlw+dTG
+ug+nCMoJLIFIe5meqZYNBERF8aFm5OLnW9bBGx7cHxoib2bEZkW7uVPnxovE5FRUcI/RMvVLqg8g
+5NjghR8HTr38S/HZNs3fEax4h5cdzyBTsprzatvP1kxF7mWOdcQNTLBoLqZa63cvK6m0VzyZzbK+
+Hc3KMgmx6+/qFfeZQbPqKUE2uDUI69zB3rhbSaoHD5kdMg/00m5Hc2Vx+jzI2Rz/jojg6miLYmC6
+9AVEp6115fdT5d6z71USriaHtNqQ170YLq7a9k5x67cVOIHGLH8T9TZABhBSm8G+o8wSNLxrt/Mc
+kcmaHAg+VDX/iyLgJLTRCCfh0WAalq5xQhnpWDB3Oj1KC7OF6YF8R0o+YZhsBpVH3QabKyiDPIvP
+S/Zq92AhnubceX1b9eO1tWw0lWYVWc4Jq3d0eQm7ClafUJfyK+w75Zd2+Uaz70iOQFFSoLQLzVbV
+iOJudLXrJov4M4hhzbz5lfW1090/FkKKOegezgu3I7/6Qybud8dDaOHlgDeMFfOoIhOErPgVEtUt
+7skOLGMM+guuEF7TFe2wFwYgLjNvFbTvduyaY9cVG8toe3SD1zXOUEr8XRDG4DulXuJ4KRYBGIoJ
+T16CILU/LL9getFAqoj2W3F03WoVT8xQkrXHzVLtgHmZCkL/fR42GXOnItlWmeui0hFoso/jhFTb
+uFC3ZyJ5YgodCrbGoZTGyxuWzkvM/m8ssfTweksg+16G/AVXiSQDtxxHrapipqQuJ1DqYQXZCGwm
+u8fEFMxNl1bvgX32xQCNvTV1OLBJw02HeT35dLchL/qKV6BYdHZR43+KgR/Okdoj3V/7ZSBWucWK
+VM3ZK1jZUxLCJVoUv8/l7+jpOdA2eMLHOfY3A4fzvPpoNZzu0/JwppfxDJSNElwt5JA9gfSni3rs
+eRnOG3fgDUPvTwmR1xDKUzC/LmLCLw0Zg0pcssUP1MfAAT8MsbfWWMfjVB0/hHd2O25fTvrW3wLD
+KvKQFt+Hobd1X1f8SMY6ZXL/7NzyEni5EAJS/yW/gHIFd0zlPDGyXkMRQNPdYoYEf36HbU1G67vL
+tpZ5bTPMY7naO6ygCqNQHVlM5ktaJy53q/TsCp3IxTQjUDcf7fIMUoG23C4q81v+bT3y/gyDdx1v
+YG9TVObXtij7WkJi3b8CfOQ+YBIKvj7yUTHoHT9IRuC9ML0TtSUCrGr/Rk/x6aS8/pC8AGw2ncN/
+iPr+VM+kdZp9d8s04vc2y11r3BuAaLDUiBlbZBAg24W+BZpi3QPCj2xvFML5D7Rysrxk4BKH5tJt
+sHVLXYfjeePHunT0dvgCEutwQJg2Dz6cUmQ9iNIyP3KRLizHaMGWj5TGmhrWSSgwPiXT1B0ksdIx
+PecPDPD0clf/DK4f/rEIJ6VO+Tzl8dLBTDUJ+sb8NHUf0NOA2BfzrFcPvMf3ht9RSZsBuKuZikxZ
+phOlpmnhuMt0oomjrTyHQlgT+rokyROVwfANkjSGjuVRFVcbJ1WhNTmWqISGU53JHRkSb9qB0GTM
+4ULFhj+oy+SPVmEavS7H2z9r0cHCCk5EGEWucqfR2CofsFK18a/XybGy4LJacdwFiUP/9RYWaxJz
+z4GKD7Fi2OlF3yI1nPMs1kXVdR6lTDcr4GM9u/S9kxGqC5n99C6fkehrjcySwU83jTcvIY/Q9ye5
+OpMtdQeorIZKrl+3w2nRKvQsxjpcsZ6Se2quK1Breo87Zmlms7oZ4dh8KAevkyYR7IAiiuJTVpem
+wOot2oBBrRp/5DpsmzPd5XE+hTXifW7BlStCzYlhjJYxIyz5EvgjByi+xhK2hUf5QwpaFCLhneri
+slOAS087Mk7dk8lBDsEEn3d9HKQcvWXIYnesRPlJZ2523m1pUst2aOPVYBNJGmWIzrZIDVXZsS0j
+9iw4DwA/ODP86m0VW5ie4bITvJULUyoha9sr9LC0a7kLVlnTlUfMDQYYD+hKk/0AGfLfT87iMV83
+3hp8/AQp0RVN46haUppQUklyTrktXNAbi0C1HnlTg+saTGFEKnlr+2NQdM/C/966/VKKpYh9Bx+1
+bRi3FoamXJ5I0XnEFTE+eZnD6EwjGP3COO51O1Iel/zdnTuG5wkRokyV61/2Dem9omlRpap+nF13
+QAILlFaC0sikx/OzLA6F6OY6T8YnsUBN7huSjMSEB687XivINa+D/QcdeD7JBE7SpXy9r/LjM2OR
+0TM9Ta9Inej+YCtrTCclO92j3KG+zAu33pvy4XkG2v7+wuP6XHTWdvXs6i1L4Rq8P+dCGz19UEz4
+frCjFT844JvprQxVEx23hOI7P0MSUnhg1W1tfSUxGuovm4dj84LtVYmpjvkOhiS+Le/f07kfql5v
+sgWsuQ+cPRdTqv+PLxHvV/Pxd4XaZs7vs2vDLp7fX+OD3+PCKcDaAdtVtUufvKfcC7bAXLomgwHx
+G7ObnUKPCkmMhwoRXpxTCSze+4aRkoPXytuDPRh6uU4CRZ7w1661YHloOw1DtRrNDQ==
+=+2QS
+-----END PGP MESSAGE-----
+
+--------------m2QKmBvg0V3QUqtaLN9pEzxI--
diff --git a/t/mail/gnupg-realmail.t b/t/mail/gnupg-realmail.t
index eab0425187..8c3863582d 100644
--- a/t/mail/gnupg-realmail.t
+++ b/t/mail/gnupg-realmail.t
@@ -1,7 +1,7 @@
use strict;
use warnings;
-use RT::Test::Crypt GnuPG => 1, tests => 198, gnupg_options => { passphrase => 'rt-test' };
+use RT::Test::Crypt GnuPG => 1, tests => undef, gnupg_options => { passphrase => 'rt-test' };
use Digest::MD5 qw(md5_hex);
@@ -36,6 +36,13 @@ $eid = 18;
eval { email_ok($eid, $usage, $format, $attachment) };
}
+{
+ my ($usage, $format, $attachment) = ('signed&encrypted', 'MIME', 'plain');
+ ++$eid;
+ diag "Email $eid: $usage, $attachment email with $format format";
+ eval { email_ok($eid, $usage, $format, $attachment) };
+}
+
sub email_ok {
my ($eid, $usage, $format, $attachment) = @_;
diag "email_ok $eid: $usage, $format, $attachment";
@@ -148,3 +155,4 @@ sub email_ok {
return 0;
}
+done_testing;
commit dd4501a6368a5db9abb777a01a00cdbe8719da95
Author: sunnavy <sunnavy at bestpractical.com>
Date: Fri Jan 7 02:09:26 2022 +0800
Don't warn if mixed newlines are found
GnuPG's decrypted content could have mixed newlines(e.g from
encrypt+signed+pubkey emails composed by Thunderbird), this commit mutes
related "Mixed newlines" warnings.
diff --git a/lib/RT/Crypt/GnuPG.pm b/lib/RT/Crypt/GnuPG.pm
index 5a036d8446..96b2a3a673 100644
--- a/lib/RT/Crypt/GnuPG.pm
+++ b/lib/RT/Crypt/GnuPG.pm
@@ -1007,7 +1007,7 @@ sub VerifyRFC3156 {
my %args = ( Data => undef, Signature => undef, @_ );
my ($tmp_fh, $tmp_fn) = File::Temp::tempfile( UNLINK => 1 );
- binmode $tmp_fh, ':raw:eol(CRLF?)';
+ binmode $tmp_fh, ':raw:eol(CRLF)';
$args{'Data'}->print( $tmp_fh );
$tmp_fh->flush;
commit 19001e60f42aa3e690cd37218d95b1a938d13185
Author: sunnavy <sunnavy at bestpractical.com>
Date: Fri Jan 7 02:08:28 2022 +0800
Do not try to decrypt PGP public keys
PGP keys could have ".asc" file extension(e.g. Thunderbird does that),
which is one of the extensions("FileExtensions" in %GnuPG config) we
support to decrypt by default.
"application/pgp-keys" is PGP public key's content type specified in
RFC3156.
diff --git a/lib/RT/Crypt/GnuPG.pm b/lib/RT/Crypt/GnuPG.pm
index 72999eccd7..5a036d8446 100644
--- a/lib/RT/Crypt/GnuPG.pm
+++ b/lib/RT/Crypt/GnuPG.pm
@@ -843,6 +843,9 @@ sub FindScatteredParts {
my $fname = $part->head->recommended_filename || '';
next unless $fname =~ /\.(?:$file_extension_regex)$/;
+ # skip pgp keys, which could have .asc file extension
+ next if ( $part->head->mime_type // '' ) eq 'application/pgp-keys';
+
$RT::Logger->debug("Found encrypted attachment '$fname'");
$args{'Skip'}{$part} = 1;
commit d1255ecf61daa303c98c01d2ebaad4b034d94b7d
Author: sunnavy <sunnavy at bestpractical.com>
Date: Thu Jan 6 22:08:52 2022 +0800
Verify PGP signatures on the original decrypted content
Previously we decoded decrypted content and then re-encoded it before
verifying PGP signatures, which could cause verification to fail if the
decode-encode step changed something, e.g. if original content doesn't
respect encoding header(e.g. "Content-Transfer-Encoding").
This commit gets rid of this issue by asking parser to skip the
decode-encode step.
See also perldoc of MIME::Parser::decode_bodies.
diff --git a/lib/RT/Crypt/GnuPG.pm b/lib/RT/Crypt/GnuPG.pm
index 1005492648..72999eccd7 100644
--- a/lib/RT/Crypt/GnuPG.pm
+++ b/lib/RT/Crypt/GnuPG.pm
@@ -1055,7 +1055,7 @@ sub DecryptRFC3156 {
seek $tmp_fh, 0, 0;
my $parser = RT::EmailParser->new();
- my $decrypted = $parser->ParseMIMEEntityFromFileHandle( $tmp_fh, 0 );
+ my $decrypted = $parser->ParseMIMEEntityFromFileHandle( $tmp_fh, 0, 1 );
$decrypted->{'__store_link_to_object_to_avoid_early_cleanup'} = $parser;
$args{'Top'}->parts( [$decrypted] );
-----------------------------------------------------------------------
hooks/post-receive
--
rt
More information about the rt-commit
mailing list