Package: sylpheed Version: 3.0.2-1 Severity: normal Hi!
As suggested by Sylpheed's manual [1], I use the following action in order to verify inline GPG signatures in messages: |gpg --no-tty --verify This action works well for most cases, where the inline signed message is encoded in ASCII charset, or in UTF-8 charset with quoted printable escaping. This is so, because the message body either needs no conversion, or is decoded from the quoted printable escaping to its UTF-8 encoding, before being sent to GnuPG through the pipe. Please note that the inline signature is performed *before* the quoted printable escaping, and hence it has be verified on the unescaped message body. However, for some messages, the above mentioned action fails to correctly verify the inline signature, since the message is encoded in, say, ISO-8859-1 charset, signed, and then escaped in a quoted printable manner. Here, Sylpheed decodes the message body from the quoted printable escaping, and then seems to convert it to UTF-8 charset, before sending it to GnuPG through the pipe. The choice of the charset (UTF-8) seems to be dictated by my locale settings, but completely fails to take into account that the message headers specify, among other fields: Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable An example of such messages is DSA-2040-1 [2]: see the thread where I thought the signature was actually bad [3], while the problem is in Sylpheed, instead. In order to check the validity of my reasoning, I configured the following action: | iconv -f utf-8 -t latin1 | gpg --no-tty --verify This action is able to correctly verify the inline signature of that ISO-8859-1 charset message. Now, what I think is that Sylpheed should take headers into account when sending the message body through the pipe, in order to choose the original charset when decoding quoted printable escaped messages. I took a look at src/action.c and I cannot find where the quoted printable unescaping is performed. If I understand correctly, the message body is sent through the pipe as displayed by GTK+ widgets: if this is the case, then the charset is chosen as the locale settings require, I guess... But this causes the above described issue. How can this mess be fixed? [1] http://sylpheeddoc.sourceforge.net/en/manual/manual-13.html [2] http://lists.debian.org/debian-security-announce/2010/msg00081.html [3] http://lists.debian.org/debian-security/2010/05/msg00001.html -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (800, 'testing'), (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-3-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages sylpheed depends on: ii libatk1.0-0 1.30.0-1 The ATK accessibility toolkit ii libc6 2.10.2-6 Embedded GNU C Library: Shared lib ii libcairo2 1.8.10-4 The Cairo 2D vector graphics libra ii libcompfaceg1 1:1.5.2-5 Compress/decompress images for mai ii libdbus-1-3 1.2.24-1 simple interprocess messaging syst ii libdbus-glib-1-2 0.86-1 simple interprocess messaging syst ii libenchant1c2a 1.4.2-3.6 a wrapper library for various spel ii libfontconfig1 2.8.0-2.1 generic font configuration library ii libfreetype6 2.3.11-1 FreeType 2 font engine, shared lib ii libglib2.0-0 2.24.0-1 The GLib library of C routines ii libgpg-error0 1.6-1 library for common error values an ii libgpgme11 1.2.0-1.2 GPGME - GnuPG Made Easy ii libgtk2.0-0 2.20.0-3 The GTK+ graphical user interface ii libgtkspell0 2.0.16-1 a spell-checking addon for GTK's T ii libldap-2.4-2 2.4.17-2.1 OpenLDAP libraries ii libonig2 5.9.1-1 Oniguruma regular expressions libr ii libpango1.0-0 1.28.0-1 Layout and rendering of internatio ii libpisock9 0.12.5-2 library for communicating with a P ii libssl0.9.8 0.9.8n-1 SSL shared libraries Versions of packages sylpheed recommends: ii aspell-en [aspell-dicti 6.0-0-6 English dictionary for GNU Aspell ii aspell-it [aspell-dicti 2.4-20070901-0-2 The Italian dictionary for GNU Asp ii ca-certificates 20090814 Common CA certificates ii sylpheed-i18n 3.0.2-1 Locale data for Sylpheed (i18n sup ii xfonts-100dpi 1:1.0.1 100 dpi fonts for X ii xfonts-75dpi 1:1.0.1 75 dpi fonts for X Versions of packages sylpheed suggests: pn bogofilter <none> (no description available) pn bsfilter <none> (no description available) pn claws-mail-tools <none> (no description available) pn jpilot <none> (no description available) pn sylpheed-doc <none> (no description available) -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
