Closed Bug 1531823 Opened 6 years ago Closed 6 years ago

Differential mail for a secure revision sometimes sent in plain text

Categories

(Conduit :: Phabricator, enhancement, P3)

Product:
Conduit
Component:
Phabricator
Type:
enhancement

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: mccr8, Assigned: dkl)

References

(
URL
)

Details

(Keywords: conduit-triaged, conduit-upstream)

Attachments

(2 files)

1529203.txt
9.18 KB, text/plain
Details
1530146.txt
9.48 KB, text/plain
Details

I got an email for a patch update for a secure bug (bug 1529203) that was being sent in plain text, instead of as a secure message.

The subject started with [Differential] [Updated] and here are some of the interesting tags from the header:

X-Phabricator-Mail-Tags: <differential-other>
X-Herald-Rules: <28>, <29>, <34>
X-Phabricator-Projects: <#bmo-javascript-core-security>, <#secure-revision>

Let me know if there's more info I can give.

This is the second time this has happened.

(In reply to Andrew McCreight [:mccr8] from comment #1)

This is the second time this has happened.

Can you please provide information on the email you saw where this happened as well? More data will make it easier to diagnose.

Flags: needinfo?(continuation)
Keywords: conduit-triaged, conduit-upstream
Priority: -- → P1

The other one also had a subject that started with [Differential] [Updated]. It was for bug 1529203. The patch is D21718. It looks like they both have [user name] "added a child revision: Restricted Differential Revision." in the body. The parts I mentioned above are basically the same. That patch has landed, so I think I can attach the full raw email if that would help.

Flags: needinfo?(continuation)

(In reply to Andrew McCreight [:mccr8] from comment #3)

The other one also had a subject that started with [Differential] [Updated]. It was for bug 1529203. The patch is D21718. It looks like they both have [user name] "added a child revision: Restricted Differential Revision." in the body. The parts I mentioned above are basically the same. That patch has landed, so I think I can attach the full raw email if that would help.

Seems like the emails received had to do with the linking of the revisions and not changes in the actual revisions themselves. Not sure if those types are secured by default but would need to investigate more. Do you by chance still have copies of those emails that you could attach the full source to this bug?

dkl

Flags: needinfo?(continuation)
Attached file 1529203.txt

(In reply to Andrew McCreight [:mccr8] from comment #3)

It was for bug 1529203. The patch is D21718.

This was actually bug 1530146.

Attached file 1530146.txt
Flags: needinfo?(continuation)
Assignee: nobody → dkl
Status: NEW → ASSIGNED

Sorry I cannot see the actual email body text since the attached emails are base64 encoded. Do you still have the ones that are not encoded?

Flags: needinfo?(continuation)

(In reply to David Lawrence [:dkl] from comment #8)

Sorry I cannot see the actual email body text since the attached emails are base64 encoded. Do you still have the ones that are not encoded?

You can just decode them.

text/plain:

bzbarsky added a child revision: D21482: Bug 1530146 part 2.  Back out the fix for bug 1526624, since it's no longer needed.  r=bholley.

REPOSITORY
  rMOZILLACENTRAL mozilla-central

CHANGES SINCE LAST ACTION
  https://phabricator.services.mozilla.com/D21481/new/

REVISION DETAIL
  https://phabricator.services.mozilla.com/D21481

EMAIL PREFERENCES
  https://phabricator.services.mozilla.com/settings/panel/emailpreferences/

To: bzbarsky, bholley
Cc: calixte, bzbarsky, bholley, mccr8, kmag, MarcoZ, jandem, jcristau, pascalc, jonco

text/html:

<table><tr><td style="">bzbarsky added a child revision: D21482: Bug 1530146 part 2.  Back out the fix for bug 1526624, since it&#039;s no longer needed.  r=bholley.
</td><a style="text-decoration: none; padding: 4px 8px; margin: 0 8px 8px; float: right; color: #464C5C; font-weight: bold; border-radius: 3px; background-color: #F7F7F9; background-image: linear-gradient(to bottom,#fff,#f1f0f1); display: inline-block; border: 1px solid rgba(71,87,120,.2);" href="https://phabricator.services.mozilla.com/D21481">View Revision</a></tr></table><br /><div><strong>REPOSITORY</strong><div><div>rMOZILLACENTRAL mozilla-central</div></div></div><br /><div><strong>CHANGES SINCE LAST ACTION</strong><div><a href="https://phabricator.services.mozilla.com/D21481/new/">https://phabricator.services.mozilla.com/D21481/new/</a></div></div><br /><div><strong>REVISION DETAIL</strong><div><a href="https://phabricator.services.mozilla.com/D21481">https://phabricator.services.mozilla.com/D21481</a></div></div><br /><div><strong>EMAIL PREFERENCES</strong><div><a href="https://phabricator.services.mozilla.com/settings/panel/emailpreferences/">https://phabricator.services.mozilla.com/settings/panel/emailpreferences/</a></div></div><br /><div><strong>To: </strong>bzbarsky, bholley<br /><strong>Cc: </strong>calixte, bzbarsky, bholley, mccr8, kmag, MarcoZ, jandem, jcristau, pascalc, jonco<br /></div>
Flags: needinfo?(continuation)

Ah thanks. I have filed upstream https://admin.phacility.com/PHI1134 for this issue.

Priority: P1 → P3
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: