schleuder 3.2.2 → 3.5.2

data/lib/schleuder/gpgme/ctx.rb

@@ -19,7 +19,7 @@ module GPGME
       case import_result.imports.size
       when 1
         import_status = import_result.imports.first
-        if import_status.action == 'not imported'
+        if import_status.action == 'error'
           [nil, "Key #{import_status.fpr} could not be imported!"]
         else
           [import_status.fpr, nil]
@@ -103,7 +103,7 @@ module GPGME
     end
 
     def refresh_key(fingerprint)
-      args = "#{keyserver_arg} --refresh-keys #{fingerprint}"
+      args = "#{keyserver_arg} #{import_filter_arg} --refresh-keys #{fingerprint}"
       gpgerr, gpgout, exitcode = self.class.gpgcli(args)
 
       if exitcode > 0
@@ -136,7 +136,8 @@ module GPGME
       arguments, error = fetch_key_gpg_arguments_for(input)
       return error if error
 
-      gpgerr, gpgout, exitcode = self.class.gpgcli(arguments)
+      self.class.send_notice_if_gpg_does_not_know_import_filter
+      gpgerr, gpgout, exitcode = self.class.gpgcli("#{import_filter_arg} #{arguments}")
 
       # Unfortunately gpg doesn't exit with code > 0 if `--fetch-key` fails.
       if exitcode > 0 || gpgerr.grep(/ unable to fetch /).presence
@@ -270,5 +271,25 @@ module GPGME
         ""
       end
     end
+
+    def self.gpg_knows_import_filter?
+      sufficient_gpg_version?('2.1.15')
+    end
+
+    def import_filter_arg
+      if self.class.gpg_knows_import_filter?
+        %{ --import-filter drop-sig='sig_created_d > 0000-00-00'}
+      end
+    end
+
+    def self.send_notice_if_gpg_does_not_know_import_filter
+      if ! gpg_knows_import_filter?
+        Schleuder.logger.notify_superadmin(
+            subject: 'Schleuder installation problem',
+            message: "Your version of GnuPG is very old, please update!\n\nWith your version of GnuPG we can not protect your setup against signature flooding. Please update to at least version 2.1.15 to fix this problem. See <https://dkg.fifthhorseman.net/blog/openpgp-certificate-flooding.html> for details on the background."
+          )
+        ''
+      end
+    end
   end
 end

data/lib/schleuder/gpgme/import_status.rb

@@ -2,17 +2,23 @@ module GPGME
   class ImportStatus
     attr_reader :action
 
-    # Unfortunately in initialize() @status and @result are not yet intialized.
+    # Unfortunately in initialize() @status and @result are not yet initialized.
     def set_action
-      @action ||= if self.status > 0
-                    'imported'
-                  elsif self.result == 0
-                    'unchanged'
-                  else
+      @action ||= if self.result > 0
                     # An error happened.
                     # TODO: Give details by going through the list of errors in
                     # "gpg-errors.h" and find out which is present here.
-                    'not imported'
+                    'error'
+                  else
+                    # TODO: refactor with Ctx#translate_import_data
+                    case self.status
+                    when 0
+                      'unchanged'
+                    when IMPORT_NEW
+                      'imported'
+                    else
+                      'updated'
+                    end
                   end
       self
     end

data/lib/schleuder/gpgme/key.rb

@@ -57,6 +57,10 @@ module GPGME
       "#{self.to_s}\n\n#{export(armor: true).read}"
     end
 
+    def minimal
+      export(minimal: true).to_s
+    end
+
     # Force encoding, some databases save "ASCII-8BIT" as binary data.
     alias_method :orig_fingerprint, :fingerprint
     def fingerprint
@@ -208,5 +212,9 @@ module GPGME
       pinentry = File.join(ENV['SCHLEUDER_ROOT'], 'bin', 'pinentry-clearpassphrase')
       GPGME::Ctx.spawn_daemon('gpg-agent', "--use-standard-socket --pinentry-program #{pinentry}")
     end
+
+    def self.valid_fingerprint?(fp)
+      fp =~ Schleuder::Conf::FINGERPRINT_REGEXP
+    end
   end
 end

data/lib/schleuder/list.rb

@@ -19,6 +19,7 @@ module Schleuder
         :receive_admin_only,
         :keep_msgid,
         :bounces_drop_all,
+        :deliver_selfsent,
         :bounces_notify_admins,
         :include_list_headers,
         :include_openpgp_header,
@@ -124,7 +125,7 @@ module Schleuder
 
     def import_key_and_find_fingerprint(key_material)
       return nil if key_material.blank?
-      
+
       import_result = import_key(key_material)
       gpg.interpret_import_result(import_result)
     end
@@ -146,6 +147,16 @@ module Schleuder
       key.armored
     end
 
+    def key_minimal_base64_encoded(fingerprint=self.fingerprint)
+      key = keys(fingerprint).first
+      
+      if key.blank?
+        return false
+      end
+      
+      Base64.strict_encode64(key.minimal)
+    end
+
     def check_keys
       now = Time.now
       checkdate = now + (60 * 60 * 24 * 14) # two weeks
@@ -251,9 +262,8 @@ module Schleuder
     end
 
     def fingerprint=(arg)
-      # Strip whitespace from incoming arg.
       if arg
-        write_attribute(:fingerprint, arg.gsub(/\s*/, '').chomp)
+        write_attribute(:fingerprint, arg.gsub(/\s*/, '').gsub(/^0x/, '').chomp.upcase)
       end
     end
 
@@ -341,12 +351,24 @@ module Schleuder
       true
     end
 
-    def send_to_subscriptions(mail)
+    def send_to_subscriptions(mail, incoming_mail=nil)
       logger.debug "Sending to subscriptions."
       mail.add_internal_footer!
       self.subscriptions.each do |subscription|
         begin
+          
+          if ! subscription.delivery_enabled
+            logger.info "Not sending to #{subscription.email}: delivery is disabled."
+            next
+          end
+          
+          if ! self.deliver_selfsent && incoming_mail.was_validly_signed? && ( subscription == incoming_mail.signer )
+            logger.info "Not sending to #{subscription.email}: delivery of self sent is disabled."
+            next
+          end
+          
           subscription.send_mail(mail)
+          
         rescue => exc
           msg = I18n.t('errors.delivery_error',
                        { email: subscription.email, error: exc.to_s })

data/lib/schleuder/logger_notifications.rb

@@ -18,9 +18,14 @@ module Schleuder
       notify_admin(string, original_message)
     end
 
-    def notify_admin(thing, original_message=nil, subject='Error')
+    def notify_superadmin(message:, original_message: nil, subject: 'Error')
+      notify_admin(message, original_message, subject, superadmin)
+    end
+
+    def notify_admin(thing, original_message=nil, subject='Error', recipients=nil)
       # Minimize using other classes here, we don't know what caused the error.
       msg_parts = convert_to_msg_parts(thing, original_message)
+      recipients ||= adminaddresses
       Array(adminaddresses).each do |address, key|
         mail = Mail.new
         mail.from = @from
@@ -37,6 +42,8 @@ module Schleuder
             gpg_opts.merge!(encrypt: true, keys: { address => key.fingerprint })
           end
           mail.gpg gpg_opts
+
+          mail.header['List-Id'] = "<#{@list.email.gsub('@', '.')}>"
         end
         mail.deliver
       end

data/lib/schleuder/mail/encrypted_part.rb

@@ -0,0 +1,14 @@
+module Mail                                                                                                                                            
+  module Gpg                                                                                                                                           
+    class EncryptedPart < Mail::Part                                                                                                                   
+      alias_method :initialize_mailgpg, :initialize
+
+      def initialize(cleartext_mail, options = {})
+        if cleartext_mail.protected_headers_subject
+          cleartext_mail.content_type_parameters['protected-headers'] = 'v1'                                                                       
+        end
+        initialize_mailgpg(cleartext_mail, options)
+      end
+    end
+  end
+end

data/lib/schleuder/mail/gpg.rb

@@ -0,0 +1,15 @@
+module Mail
+  module Gpg
+    class << self  
+      alias_method :encrypt_mailgpg, :encrypt
+
+      def encrypt(cleartext_mail, options={})
+        encrypted_mail = encrypt_mailgpg(cleartext_mail, options)
+        if cleartext_mail.protected_headers_subject
+          encrypted_mail.subject = cleartext_mail.protected_headers_subject
+        end
+        encrypted_mail
+      end
+    end  
+  end
+end

data/lib/schleuder/mail/message.rb

@@ -16,6 +16,8 @@ module Mail
     attr_accessor :recipient
     attr_accessor :original_message
     attr_accessor :list
+    attr_accessor :protected_headers_subject
+    attr_writer :dynamic_pseudoheaders
 
     # TODO: This should be in initialize(), but I couldn't understand the
     # strange errors about wrong number of arguments when overriding
@@ -23,12 +25,9 @@ module Mail
     def setup
       if self.encrypted?
         new = self.decrypt(verify: true)
-        ## Work around a bug in mail-gpg: when decrypting pgp/mime the
-        ## Date-header is not copied.
-        #new.date ||= self.date
         # Test if there's a signed multipart inside the ciphertext
         # ("encapsulated" format of pgp/mime).
-        if new.signed?
+        if encapsulated_signed?(new)
           new = new.verify
         end
       elsif self.signed?
@@ -46,9 +45,20 @@ module Mail
       # might be gone (e.g. request-keywords that delete subscriptions or
       # keys).
       new.signer
-      self.dynamic_pseudoheaders.each do |str|
-        new.add_pseudoheader(str)
+      new.dynamic_pseudoheaders = self.dynamic_pseudoheaders.dup
+
+      # Store previously protected subject for later access.
+      # mail-gpg pulls headers from the decrypted mime parts "up" into the main
+      # headers, which reveals protected subjects.
+      if self.subject != new.subject
+        new.protected_headers_subject = self.subject.dup
+      end
+
+      # Delete the protected headers which might leak information.
+      if new.parts.first && new.parts.first.content_type == "text/rfc822-headers; protected-headers=v1"
+        new.parts.shift
       end
+
       new
     end
 
@@ -58,6 +68,7 @@ module Mail
       clean.gpg self.list.gpg_sign_options
       clean.from = list.email
       clean.subject = self.subject
+      clean.protected_headers_subject = self.protected_headers_subject
 
       clean.add_msgids(list, self)
       clean.add_list_headers(list)
@@ -69,6 +80,13 @@ module Mail
         clean.add_part new_part
       end
 
+      if self.protected_headers_subject.present?
+        new_part = Mail::Part.new
+        new_part.content_type = "text/rfc822-headers; protected-headers=v1"
+        new_part.body = "Subject: #{self.subject}\n"
+        clean.add_part new_part
+      end
+
       # Attach body or mime-parts in a new wrapper-part, to preserve the
       # original mime-structure.
       # We can't use self.to_s here — that includes all the headers we *don't*
@@ -187,11 +205,15 @@ module Mail
       @recipient.match(/-bounce@/).present? ||
           # Empty Return-Path
           self.return_path.to_s == '<>' ||
-          # Auto-Submitted exists and does not equal 'no' and no cron header
-          # present, as cron emails have the auto-submitted header.
+          # Auto-Submitted exists and does not equal 'no' and:
+          #  - no cron header is present
+          #  - no Jenkins job notification header is present
+          # as these emails have the auto-submitted header.
           ( self['Auto-Submitted'].present? && \
             self['Auto-Submitted'].to_s.downcase != 'no' && \
-            !self['X-Cron-Env'].present?)
+            !self['X-Cron-Env'].present? && \
+            !self['X-Jenkins-Job'].present? && \
+            self.subject.to_s !~ /\A\*\*\* SECURITY information.*\*\*\*\Z/)
     end
 
     def keywords
@@ -203,15 +225,19 @@ module Mail
       end
 
       @keywords = []
+      look_for_keywords = true
       lines = part.decoded.lines.map do |line|
         # TODO: Find multiline arguments (add-key). Currently add-key has to
         # read the whole body and hope for the best.
-        if line.match(/^x-([^:\s]*)[:\s]*(.*)/i)
-          command = $1.strip.downcase
-          arguments = $2.to_s.strip.downcase.split(/[,; ]{1,}/)
+        if look_for_keywords && (m = line.match(/^x-([^:\s]*)[:\s]*(.*)/i))
+          command = m[1].strip.downcase
+          arguments = m[2].to_s.strip.downcase.split(/[,; ]{1,}/)
           @keywords << [command, arguments]
           nil
         else
+          if look_for_keywords && line.match(/\S+/i)
+            look_for_keywords = false
+          end
           line
         end
       end
@@ -221,11 +247,11 @@ module Mail
       # decide itself how to encode, it works. If we don't, some
       # character-sequences are not properly re-encoded.
       part.content_transfer_encoding = nil
-      # Make the converted strings (now UTF-8) match what mime-part's headers say,
-      # fall back to US-ASCII if none is set.
-      # https://tools.ietf.org/html/rfc2046#section-4.1.2
-      # -> Default charset is US-ASCII
-      part.body = lines.compact.join.encode(part.charset||'US-ASCII')
+
+      # Set the right charset on the now parsed body
+      new_body = lines.compact.join
+      part.charset = new_body.encoding.to_s
+      part.body = new_body
 
       @keywords
     end
@@ -243,33 +269,20 @@ module Mail
     end
 
     def add_pseudoheader(string_or_key, value=nil)
-      @dynamic_pseudoheaders ||= []
-      if value.present?
-        @dynamic_pseudoheaders << make_pseudoheader(string_or_key, value)
-      else
-        @dynamic_pseudoheaders << string_or_key.to_s
-      end
+      dynamic_pseudoheaders << make_pseudoheader(string_or_key, value)
     end
 
     def make_pseudoheader(key, value)
-      "#{key.to_s.camelize}: #{value.to_s}"
+      output = "#{key.to_s.camelize}: #{value.to_s}"
+      # wrap lines after 76 with 2 indents
+      output.gsub(/(.{1,76})( +|$)\n?/, "  \\1\n").chomp.lstrip
     end
 
     def dynamic_pseudoheaders
-      @dynamic_pseudoheaders || []
+      @dynamic_pseudoheaders ||= []
     end
 
-    def standard_pseudoheaders(list)
-      if @standard_pseudoheaders.present?
-        return @standard_pseudoheaders
-      else
-        @standard_pseudoheaders = []
-      end
-
-      Array(list.headers_to_meta).each do |field|
-        @standard_pseudoheaders << make_pseudoheader(field.to_s, self.header[field.to_s])
-      end
-
+    def signature_state
       # Careful to add information about the incoming signature. GPGME
       # throws exceptions if it doesn't know the key.
       if self.signature.present?
@@ -277,28 +290,48 @@ module Mail
         # for that manually and provide our own fallback. (Calling
         # `signature.key` results in an EOFError in that case.)
         if signing_key.present?
-          msg = signature.to_s
+          signature_state = signature.to_s
         else
-          # TODO: I18n
-          msg = "Unknown signature by unknown key 0x#{self.signature.fingerprint}"
+          signature_state = I18n.t("signature_states.unknown", fingerprint: self.signature.fingerprint)
         end
       else
-        # TODO: I18n
-        msg = "Unsigned"
+        signature_state = I18n.t("signature_states.unsigned")
+      end
+      signature_state
+    end
+
+    def encryption_state
+      if was_encrypted?
+        encryption_state = I18n.t("encryption_states.encrypted")
+      else
+        encryption_state = I18n.t("encryption_states.unencrypted")
+      end
+      encryption_state
+    end
+
+    def standard_pseudoheaders(list)
+      if @standard_pseudoheaders.present?
+        return @standard_pseudoheaders
+      else
+        @standard_pseudoheaders = []
+      end
+
+      Array(list.headers_to_meta).each do |field|
+        value = case field.to_s
+          when 'sig' then signature_state
+          when 'enc' then encryption_state
+          else self.header[field.to_s]
+        end
+        @standard_pseudoheaders << make_pseudoheader(field.to_s, value)
       end
-      @standard_pseudoheaders << make_pseudoheader(:sig, msg)
 
-      # TODO: I18n
-      @standard_pseudoheaders << make_pseudoheader(
-            :enc,
-            was_encrypted? ? 'Encrypted' : 'Unencrypted'
-        )
 
       @standard_pseudoheaders
     end
 
     def pseudoheaders(list)
-      (standard_pseudoheaders(list) + dynamic_pseudoheaders).flatten.join("\n") + "\n"
+      separator = '------------------------------------------------------------------------------'
+      (standard_pseudoheaders(list) + dynamic_pseudoheaders).flatten.join("\n") + "\n" + separator + "\n"
     end
 
     def add_msgids(list, orig)
@@ -313,10 +346,18 @@ module Mail
     end
 
     def add_list_headers(list)
+      if list.include_autocrypt_header
+        # Inject whitespaces, to let Mail break the string at these points
+        # leading to correct wrapping.
+        keydata = list.key_minimal_base64_encoded.gsub(/(.{78})/, '\1 ')
+        
+        self['Autocrypt'] = "addr=#{list.email}; prefer-encrypt=mutual; keydata=#{keydata}"
+      end
+
       if list.include_list_headers
         self['List-Id'] = "<#{list.email.gsub('@', '.')}>"
         self['List-Owner'] = "<mailto:#{list.owner_address}> (Use list's public key)"
-        self['List-Help'] = '<https://schleuder.nadir.org/>'
+        self['List-Help'] = '<https://schleuder.org/>'
 
         postmsg = if list.receive_admin_only
                     "NO (Admins only)"
@@ -410,6 +451,13 @@ module Mail
 
     private
 
+    # mail.signed? throws an error if it finds
+    # pgp boundaries, so we must use the Mail::Gpg
+    # methods.
+    def encapsulated_signed?(mail)
+      (mail.verify_result.nil? || mail.verify_result.signatures.empty?) && \
+        (Mail::Gpg.signed_mime?(mail) || Mail::Gpg.signed_inline?(mail))
+    end
 
     def add_footer!(footer_attribute)
       if self.list.blank? || self.list.send(footer_attribute).to_s.empty?