[kmail2] [Bug 331991] New: GnuPG signatures broken by "Pipe Through" filter action

xor xor at gmx.li
Mon Mar 10 19:33:47 GMT 2014 

https://bugs.kde.org/show_bug.cgi?id=331991

            Bug ID: 331991
           Summary: GnuPG signatures broken by "Pipe Through" filter
                    action
    Classification: Unclassified
           Product: kmail2
           Version: 4.11.5
          Platform: Ubuntu Packages
                OS: Linux
            Status: UNCONFIRMED
          Severity: major
          Priority: NOR
         Component: general
          Assignee: kdepim-bugs at kde.org
          Reporter: xor at gmx.li

KMail modifies the mail on its when using "pipe through" filter action, even
though the only thing modifying it should be the software through which the
mail is piped.

This causes the GnuPG signed part of mails to be modified in a way which makes
the signature invalid.

Reproducible: Always

Steps to Reproduce:
Used Ubuntu (lsb_release -a): Kubuntu 13.10
Architecture (uname -a): x86_64
Used kmail (dpkg --status): Version: 4:4.11.5-0ubuntu0.1

Steps to reproduce:
- Generate a bogofilter spam filter using KMail's own wizard

- This will add a filter called "Bogofilter Check" which uses the "pipe
through" action to pipe the mail through "bogofilter -p -e"

- Now have someone send you a GnuPG signed mail (using OpenPGP/MIME, i.e. which
contains a text part which begins similar to this one (will try to upload an
attachment which contains a whole sample message):
'--nextPart4479402.yrgGCOTjb2
Content-Type: Text/Plain;
  charset="iso-8859-15"
Content-Transfer-Encoding: 7bit'
Actual Results:  
- After the mail has been piped through the filter, the text part will be
mangled to this:
'--nextPart4479402.yrgGCOTjb2
Content-Type: text/plain; charset="iso-8859-15"
Content-Transfer-Encoding: 7bit'

- As the header of the text part is part of the GnuPG signature, the signature
is broken now! There should not be ANY modifications on it for GPG signature
validation to succeed.

- If you pipe the same mail manually through "bogofilter -p -e" on the
terminal, and diff the before and after, you will notice that this does NOT
happen. This means that KMail is the one to blame for mangling the header of
the text part. In fact, it mangles a lot of more stuff about the mail. Check
the diff. 

Expected Results:  
The header of the text part should not be modified by KMail.
IMHO, when doing "pipe through", KMail itself should not do ANY modifications
on the mail at all.

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the Kdepim-bugs mailing list