Summary | IMP shows the "valid signature icon" on messages with invalid pgp signature while using non-english locale |
Queue | Horde Framework Packages |
Queue Version | Git master |
Type | Bug |
State | Resolved |
Priority | 2. Medium |
Owners | jan (at) horde (dot) org |
Requester | ezequiel (at) df (dot) uba (dot) ar |
Created | 06/24/2011 (5147 days ago) |
Due | |
Updated | 08/27/2013 (4352 days ago) |
Assigned | 06/28/2011 (5143 days ago) |
Resolved | 08/27/2013 (4352 days ago) |
Github Issue Link | |
Github Pull Request | |
Milestone | |
Patch | No |
Queue ⇒ Horde Framework Packages
commit c8a03b61c71dea3ab6bb45c2175c47ccf34c881b
Author: Jan Schneider <jan@horde.org>
Date: Tue Aug 27 14:04:07 2013 +0200
[jan] Fix detecting bad PGP signatures on some systems with
non-English locales (
Bug #10273).framework/Crypt/lib/Horde/Crypt/Pgp.php | 12 ++++++------
framework/Crypt/package.xml | 4 ++--
2 files changed, 8 insertions(+), 8 deletions(-)
http://git.horde.org/horde-git/-/commit/c8a03b61c71dea3ab6bb45c2175c47ccf34c881b
on signatures, so there is no need to compare with english strings
and loss the localized output of gpg...
Without forcing LC_ALL="C" on the wrapper, gpg still returns spanish messages.
I guess there should be a locale indepenent way of checking errors on
signatures, so there is no need to compare with english strings and
loss the localized output of gpg...
Fix constant name (
Bug #10273).1 files changed, 6 insertions(+), 6 deletions(-)
http://git.horde.org/horde-git/-/commit/f55ef80819417d2ad6cd37b799d237608ca6349d
I have set my wrapper to log LC_ALL, LC_MESSAGE and LANG environment
variables before calling gpg.
Jun 28 17:04:14 xyz logger: gpg-wrapper: LC_ALL = es_ES.UTF-8
Jun 28 17:04:14 xyz logger: gpg-wrapper: LC_MESSAGE =
Jun 28 17:04:14 xyz logger: gpg-wrapper: LANG =
Here's the script:
#!/bin/bash
logger "gpg-wrapper: LC_ALL = $LC_ALL"
logger "gpg-wrapper: LC_MESSAGE = $LC_MESSAGE"
logger "gpg-wrapper: LANG = $LANG"
LC_ALL="C"
/usr/bin/gpg "$@"
exit $?
Replacing LC_MESSAGE with LC_ALL in the patch doesn't work either.
Maybe php setlocale function is independent of environment variables
passed to called executables.
State ⇒ Feedback
Assigned to Jan Schneider
Enforce C locale when verifying messages (
Bug #10273).1 files changed, 6 insertions(+), 0 deletions(-)
http://git.horde.org/horde-git/-/commit/a123d077535c4a56bcfe6acef4dd0b3bf52b729f
Horde/IMP compares with the textual strings "BAD" and "Good" without
realizing it is calling /usr/bin/gpg with LC_ALL environment variable
set for the locale of the webmail user.
As a simple workaround I made a gpg-wrapper shell script which sets
LC_ALL="C" and then calls /usr/bin/gpg with arguments provided.
above using the english locale
below using the spanish locale (where the bug is present)
New Attachment: imp-pgp-bug.png
State ⇒ Unconfirmed
Patch ⇒ No
Milestone ⇒
Queue ⇒ IMP
Summary ⇒ IMP shows the "valid signature icon" on messages with invalid pgp signature while using non-english locale
Type ⇒ Bug
Priority ⇒ 2. Medium
invalid signature, it shows:
1) "error-like icon"
2) description, "BAD signature data from...".
However reading the same message using the Spanish locale shows
1) "ok-like" icon (like in GOOD signature)
2) description, "firma INCORRECTA"...
Please note that "INCORRECTA" in spanish means "BAD".
So, IMP should show the "bad" or error-like icon in Spanish too.
Any user, guided by the icon shown, could be decepted into believing a
forefeited message is from the pretended sender.