1. 28 Oct, 2018 1 commit
  2. 07 Oct, 2018 1 commit
  3. 04 Sep, 2018 1 commit
  4. 19 Jul, 2018 2 commits
    • ng's avatar
      Introduce `UNSET-FINGERPRINT` keyword - Implements second part of #260 · 21ca3b3a
      ng authored
      Using the new introduced keyword an admin can now remove the linked
      fingerprint from a subscription. A subscription can only remove
      the fingerprint of themselves.
      
      To unset their own fingerprint admins must additionally pass the
      argument `force`.
      21ca3b3a
    • ng's avatar
      Fix #360 - do not allow setting an empty fingerprint through `SET-FINGERPRINT` · c52b970d
      ng authored
      Check for a valid fingerprint as argument and do not accept an empty
      fingerprint. This will not anymore allow to unset a fingerprint
      through the `SET-FINGERPRINT`. This functionality will be superseeded
      by another keyword.
      
      As part of that fix, wie centralize checking for a valid fingerpint
      and constrain the check to be either 32 (v3) or 40 (v4) characters
      long.
      c52b970d
  5. 16 Jul, 2018 1 commit
  6. 13 Jul, 2018 2 commits
    • ng's avatar
      Improve parsing of keywords - first part of #249 · bc7f412a
      ng authored
      This changes the way how we parse for keywords to the following
      approach:
      
        1. Ignore any empty/pure-whitespace lines at the beginning of
           the first plain_text_part message.
        2. If you match something /^X\-.*/ start matching for plugins,
           else abort.
        3. Once you matched a plugin, but you have a new
           non-empty/pure-whitespace line starting with something
           different than /^X\-.*/ abort looking for plugin names.
      
      This fixes the most common problems with lines starting with `X-`
      further down in the body of an email, while keeping all of the
      existing behavior and functionality.
      
      Any further improvements to the code base and the parsing of
      mails as discussed in #249 is postponed to future work. Tis work
      should go together with work in #359 which will allow to change
      the structure of plugins.
      bc7f412a
    • paz's avatar
      d103f0bb
  7. 10 Jul, 2018 1 commit
  8. 21 Jun, 2018 1 commit
  9. 07 Jun, 2018 2 commits
  10. 28 May, 2018 1 commit
  11. 17 May, 2018 1 commit
  12. 14 May, 2018 1 commit
  13. 30 Apr, 2018 1 commit
  14. 29 Apr, 2018 1 commit
  15. 23 Apr, 2018 1 commit
  16. 19 Apr, 2018 1 commit
  17. 17 Apr, 2018 1 commit
  18. 15 Apr, 2018 1 commit
  19. 14 Apr, 2018 2 commits
    • paz's avatar
      Fix handling protected subject. · 097ff8e6
      paz authored
      Enigmail sends a "protected subject" since v2.0, which leaked due to the
      way mail-gpg copies headers from and to mime-parts.
      Also since the first mime-part in those messages is always a "protected
      headers" part, request-messages were bounced as empty because we only
      look into the first mime part.
      
      This fix still has one shortcoming: the real, "protected" subject is not
      included into the primary mime-headers of the encrypted content. It is
      only contained in the "protected headers" mime-part which people get to
      read as part of the body. We need a change in mail-gpg to fix this.
      097ff8e6
    • ng's avatar
      Close #334 - test mails with broken header encoding · f28b3b88
      ng authored
      The mail gem below 2.7.0 is not able to handle emails with broken
      charset encoding in headers.
      
      This is an issue that must be fixed in the mail gem, but we are
      adding a test to document this and be sure to not have regressions
      with future versions of mail.
      f28b3b88
  20. 05 Apr, 2018 1 commit
  21. 27 Mar, 2018 1 commit
    • ng's avatar
      Fix #261 - do not fail on encrypted content in plaintext · ff264ef8
      ng authored
      The `Mail::Gpg.signed?` method raises an error if it didn't
      detect any signature, but detects the PGP boundaries in the
      body.
      
      This becomes a problem if folks include any kind of PGP
      boundaries for an encrypted message in their body. This can
      e.g. happen if you try to describe how PGP works, include
      another PGP signed message in your mail (e.g. don't want to
      have even schleuder access to your mail content), you
      have a MUA with problematic quoting behavior or you simply
      forward an email with PGP boundaries, which you e.g. might
      have received through Schleuder's admin notification.
      
      This patch addresses these cases by a) checking if the
      decrypted mail had any signatures on it and so we already
      verified signatures and b) using the detection methods
      directly, so we don't run into raising the encryption of
      better using `.decrypt`.
      
      2 tests are included to demonstrate the problematic behavior
      and which should cover the 2 main cases described in the bug
      report.
      
      These changes have the side effect, that we won't anymore verify
      any signatures within an email that already had a signature as
      part of the encrypted blob. This can be seen, e.g. that we need
      to change the test for the `x-sign-this` keyword, as a side-effect
      of using schleuder to decrypt the mail sent by schleuder, we had
      also the signature of the signed blob stripped away. Actually,
      we were testing for the wrong thing in this test anyway.
      ff264ef8
  22. 20 Mar, 2018 2 commits
  23. 10 Mar, 2018 1 commit
  24. 20 Feb, 2018 1 commit
    • paz's avatar
      Fix reading fingerprint from keyword-arguments. · 2e73a5f2
      paz authored
      Previously the regexp would match "false" (because "fa" are valid
      characters in a fingerprint) and thus invalidate the fingerprint and
      "steal" the next argument.
      Now the regexp requires that the whole sub-string be valid characters.
      2e73a5f2
  25. 06 Feb, 2018 1 commit
  26. 04 Feb, 2018 2 commits
  27. 29 Jan, 2018 3 commits
    • ng's avatar
      fix #309 - be more robust when dirmngr fails while refreshing keys · 13088bab
      ng authored
      It can happen that a single failure in dirmngr makes all
      subsequent key refreshes of that run also failing. E.g. as it
      marked the keyserver internally as dead, although it might not be.
      See #309 for background.
      
      By killing dirmngr on any error that we don't filter out anyways,
      we make sure that any subsequent run won't inherit any problem
      that might persist over a dirmngr session. E.g. this helps with
      the most prominent case, when dirmngr marks a onionservice keyserver
      as dead, although it was just the tor connection that had once a
      problem and subsequent runs will succeed.
      13088bab
    • ng's avatar
      shuffle keys to make update pattern random · 9ed4423a
      ng authored
      9ed4423a
    • ng's avatar
      fix #289 - make sure dirmngr exits · 2b6ed754
      ng authored
      We need to kill dirmngr, otherwise it might linger around and
      consume memory. Which can become a problem on servers with many
      lists, as dirmngr uses way more memory than the agent.
      2b6ed754
  28. 28 Jan, 2018 2 commits
    • paz's avatar
      Clarify x-list-name error messages. · 6d446b3f
      paz authored
      Hat tip to anarcat!
      6d446b3f
    • paz's avatar
      Don't reveal list-errors to the public. · 58a4068b
      paz authored
      Previously errors about list-config etc. would have been included in
      bounces. Now only the admins get to know the details, bounces only tell
      about a fatal error.
      Except ListNotFound, that error is still put into the bounce.
      58a4068b
  29. 22 Jan, 2018 1 commit
  30. 21 Jan, 2018 1 commit
  31. 27 Nov, 2017 1 commit