Tickets :: [#10273] IMP shows the "valid signature icon" on messages with invalid pgp signature while using non-english locale

5.1.5-git

12/07/2013

Summary	IMP shows the "valid signature icon" on messages with invalid pgp signature while using non-english locale
Queue	Horde Framework Packages
Queue Version	Git master
Type	Bug
State	Resolved
Priority	2. Medium
Owners	jan (at) horde (dot) org
Requester	ezequiel (at) df (dot) uba (dot) ar
Created	06/24/2011 (897 days ago)
Due
Updated	08/27/2013 (102 days ago)
Assigned	06/28/2011 (893 days ago)
Resolved	08/27/2013 (102 days ago)
Milestone
Patch	No

08/27/2013 12:07:37 PM	Jan Schneider	State ⇒ Resolved

08/27/2013 12:07:24 PM	Jan Schneider	Queue ⇒ Horde Framework Packages Version ⇒ Git master

08/27/2013 12:06:21 PM	Git Commit	Comment #11	Reply to this comment
Changes have been made in Git (master): commit c8a03b61c71dea3ab6bb45c2175c47ccf34c881b Author: Jan Schneider <jan@horde.org> Date: Tue Aug 27 14:04:07 2013 +0200 [jan] Fix detecting bad PGP signatures on some systems with non-English locales (~~Bug #10273~~). framework/Crypt/lib/Horde/Crypt/Pgp.php \| 12 ++++++------ framework/Crypt/package.xml \| 4 ++-- 2 files changed, 8 insertions(+), 8 deletions(-) http://git.horde.org/horde-git/-/commit/c8a03b61c71dea3ab6bb45c2175c47ccf34c881b

12/06/2011 06:55:12 AM	Michael Slusarz	Comment #10	Reply to this comment
I guess there should be a locale indepenent way of checking errors on signatures, so there is no need to compare with english strings and loss the localized output of gpg... Except there isn't (at least using the command line binary).

06/28/2011 08:29:09 PM	ezequiel (at) df (dot) uba (dot) ar	Comment #9	Reply to this comment
It should have been LC_MESSAGES not LC_MESSAGE. How about now? No. I'm sorry, it doesn't fix it, at least not on my host... Without forcing LC_ALL="C" on the wrapper, gpg still returns spanish messages. I guess there should be a locale indepenent way of checking errors on signatures, so there is no need to compare with english strings and loss the localized output of gpg...

06/28/2011 08:20:14 PM	Jan Schneider	Comment #8	Reply to this comment
It should have been LC_MESSAGES not LC_MESSAGE. How about now?

06/28/2011 08:16:14 PM	Git Commit	Comment #7	Reply to this comment
Changes have been made in Git for this ticket: Fix constant name (~~Bug #10273~~). 1 files changed, 6 insertions(+), 6 deletions(-) http://git.horde.org/horde-git/-/commit/f55ef80819417d2ad6cd37b799d237608ca6349d

06/28/2011 08:09:12 PM	ezequiel (at) df (dot) uba (dot) ar	Comment #6	Reply to this comment
Does this fix it? I can't get my GPG to output translated error messages. No. It seems the patch doesn't fix it. I have set my wrapper to log LC_ALL, LC_MESSAGE and LANG environment variables before calling gpg. Jun 28 17:04:14 xyz logger: gpg-wrapper: LC_ALL = es_ES.UTF-8 Jun 28 17:04:14 xyz logger: gpg-wrapper: LC_MESSAGE = Jun 28 17:04:14 xyz logger: gpg-wrapper: LANG = Here's the script: #!/bin/bash logger "gpg-wrapper: LC_ALL = $LC_ALL" logger "gpg-wrapper: LC_MESSAGE = $LC_MESSAGE" logger "gpg-wrapper: LANG = $LANG" LC_ALL="C" /usr/bin/gpg "$@" exit $? Replacing LC_MESSAGE with LC_ALL in the patch doesn't work either. Maybe php setlocale function is independent of environment variables passed to called executables.

06/28/2011 05:04:13 PM	Jan Schneider	Comment #5 State ⇒ Feedback Assigned to Jan Schneider	Reply to this comment
Does this fix it? I can't get my GPG to output translated error messages.

06/28/2011 05:03:42 PM	Git Commit	Comment #4	Reply to this comment
Changes have been made in Git for this ticket: Enforce C locale when verifying messages (~~Bug #10273~~). 1 files changed, 6 insertions(+), 0 deletions(-) http://git.horde.org/horde-git/-/commit/a123d077535c4a56bcfe6acef4dd0b3bf52b729f

06/24/2011 10:24:53 PM	ezequiel (at) df (dot) uba (dot) ar	Comment #3	Reply to this comment
I see that the problem is string the comparison of the output of gpg. Horde/IMP compares with the textual strings "BAD" and "Good" without realizing it is calling /usr/bin/gpg with LC_ALL environment variable set for the locale of the webmail user. As a simple workaround I made a gpg-wrapper shell script which sets LC_ALL="C" and then calls /usr/bin/gpg with arguments provided.

06/24/2011 09:38:05 PM	ezequiel (at) df (dot) uba (dot) ar	Comment #2	Reply to this comment
The attachment displays the IMP message view, above using the english locale below using the spanish locale (where the bug is present)

06/24/2011 09:36:18 PM	ezequiel (at) df (dot) uba (dot) ar	Comment #1 State ⇒ Unconfirmed New Attachment: imp-pgp-bug.png Patch ⇒ No Milestone ⇒ Queue ⇒ IMP Summary ⇒ IMP shows the "valid signature icon" on messages with invalid pgp signature while using non-english locale Type ⇒ Bug Priority ⇒ 2. Medium	Reply to this comment
While viewing a message which contains a pgp signed message with an invalid signature, it shows: 1) "error-like icon" 2) description, "BAD signature data from...". However reading the same message using the Spanish locale shows 1) "ok-like" icon (like in GOOD signature) 2) description, "firma INCORRECTA"... Please note that "INCORRECTA" in spanish means "BAD". So, IMP should show the "bad" or error-like icon in Spanish too. Any user, guided by the icon shown, could be decepted into believing a forefeited message is from the pretended sender.