[Pkg-sympa-devel] Bug#826119: sympa: Sympa changes content of email, breaking PGP/Mime

Hanne Moa hanne.moa at uninett.no
Thu Jun 2 11:54:28 UTC 2016 

Package: sympa
Version: 6.1.23~dfsg-2
Severity: normal

Dear Maintainer,

As reported in sympa's bug tracker as bug #10573
(see https://sourcesup.renater.fr/tracker/?aid=10573)

When sending an email as PGP/Mime from Thunderbird+Enigmail, sympa
breaks a line differently than the quoted-printable in Thunderbird,
leading to different line-lengths and a broken PGP signature:

(If an intermediate MTA breaks the examples, the bug report at sympa.org
has unbroken ones.)

The source of the mail sent from Thunderbird looks like this, between '---':

---
1234567890123456789012345678901234567890123456789012345678901234567890123=
4567890
---

The source in sympa's archive and sent from sympa looks like this, between
'---':

---
123456789012345678901234567890123456789012345678901234567890123456789012345=
67890
---

Note "123=" versus "12345=" and "4567890" versus "67890".

RFC3156 states that "Multipart/signed and multipart/encrypted are to be
treated by agents as opaque, meaning that the data is not to be altered
in any way."

That the signature is correct is important to our security team when
they report security issues to other security teams.

The same problem affects S/Mime.

Upstream reported that newer sympas, 6.2.x and on, "probably may not
break them" and to try 6.2.x, which does not have a debian package.

You have backported fixes from 6.2 before, can you do it in this case or
make a package for 6.2?


-- System Information:
Debian Release: 8.2
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=locale: Cannot
set LC_ALL to default locale: No such file or directory UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages sympa depends on:
ii  adduser                           3.113+nmu3
ii  ca-certificates                   20141019
ii  dbconfig-common                   1.8.47+nmu3
ii  debconf [debconf-2.0]             1.5.56
ii  libarchive-zip-perl               1.39-1
ii  libc6                             2.19-18+deb8u3
ii  libcgi-fast-perl                  1:2.04-1
ii  libcgi-pm-perl                    4.09-1
ii  libdbd-mysql-perl                 4.028-2+b1
ii  libdbd-pg-perl                    3.4.2-1
ii  libdbd-sqlite3-perl               1.44-1
ii  libdbd-sybase-perl                1.14-1+b2
ii  libdbi-perl                       1.631-3+b1
ii  libfcgi-perl                      0.77-1+b1
ii  libfile-copy-recursive-perl       0.38-1
ii  libhtml-format-perl               2.11-1
ii  libhtml-stripscripts-parser-perl  1.03-1
ii  libhtml-tree-perl                 5.03-1
ii  libintl-perl                      1.23-1
ii  libio-stringy-perl                2.110-5
ii  libmailtools-perl                 2.13-1
ii  libmime-charset-perl              1.011.1-1
ii  libmime-encwords-perl             1.014.3-1
ii  libmime-lite-html-perl            1.24-1
ii  libmime-tools-perl                5.505-1
ii  libmsgcat-perl                    1.03-6+b1
ii  libnet-ldap-perl                  1:0.6400+dfsg-2
ii  libnet-netmask-perl               1.9021-1
ii  libregexp-common-perl             2013031301-1
ii  libsoap-lite-perl                 1.11-1
ii  libtemplate-perl                  2.24-1.2+b1
ii  libterm-progressbar-perl          2.16-1
ii  libunicode-linebreak-perl         0.0.20140601-2
ii  libxml-libxml-perl                2.0116+dfsg-1+deb8u1
ii  lsb-base                          4.1+Debian13+nmu1
ii  mhonarc                           2.6.19-1
ii  perl                              5.20.2-3+deb8u4
ii  perl-modules                      5.20.2-3+deb8u4
ii  postfix [mail-transport-agent]    2.11.3-1
ii  rsyslog [system-log-daemon]       8.4.2-1+deb8u2
ii  sqlite3                           3.8.7.1-1+deb8u1

Versions of packages sympa recommends:
pn  apache2-suexec             <none>
pn  doc-base                   <none>
ii  libapache2-mod-fcgid       1:2.3.9-1+b1
pn  libcrypt-ciphersaber-perl  <none>
pn  libfile-nfslock-perl       <none>
ii  libio-socket-ssl-perl      2.002-2+deb8u1
pn  libmail-dkim-perl          <none>
ii  locales                    2.19-18+deb8u3
ii  logrotate                  3.8.7-1+b1
pn  mysql-server | postgresql  <none>

Versions of packages sympa suggests:
ii  apache2 [httpd-cgi]  2.4.10-10+deb8u3
pn  libauthcas-perl      <none>
pn  libdbd-oracle-perl   <none>
pn  libtext-wrap-perl    <none>
ii  openssl              1.0.1k-3+deb8u5

-- Configuration Files:
/etc/sympa/auth.conf changed [not included]
/etc/sympa/sympa.conf-smime.in [Errno 13] Permission denied:
u'/etc/sympa/sympa.conf-smime.in'

-- debconf information excluded


-- 
HM
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x2D8F71E5.asc
Type: application/pgp-keys
Size: 81400 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-sympa-devel/attachments/20160602/c506f55f/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-sympa-devel/attachments/20160602/c506f55f/attachment-0001.sig>

More information about the Pkg-sympa-devel mailing list