[sylpheed:33988] Fw: Bug#580896: sylpheed: actions fail to provide message body in the appropriate charset for gpg to verify

Ricardo Mones mones at debian.org
Mon May 24 15:58:05 JST 2010 

  Hi Hiroyuki,

  Seems a Debian user has found a bug when passing a message to actions.
  Any comment, fix or workaround welcomed :)

  Original URL: http://bugs.debian.org/580896

------- Begin forwarded message:
[...]
Subject: Bug#580896: sylpheed: actions fail to provide message body in the
appropriate charset for gpg to verify


Package: sylpheed
Version: 3.0.2-1
Severity: normal

Hi!

As suggested by Sylpheed's manual [1], I use the following action in
order to verify inline GPG signatures in messages:

  |gpg --no-tty --verify

This action works well for most cases, where the inline signed
message is encoded in ASCII charset, or in UTF-8 charset with quoted
printable escaping.
This is so, because the message body either needs no conversion, or
is decoded from the quoted printable escaping to its UTF-8 encoding,
before being sent to GnuPG through the pipe.
Please note that the inline signature is performed *before* the
quoted printable escaping, and hence it has be verified on
the unescaped message body.

However, for some messages, the above mentioned action fails to
correctly verify the inline signature, since the message is encoded
in, say, ISO-8859-1 charset, signed, and then escaped in a quoted
printable manner.
Here, Sylpheed decodes the message body from the quoted printable
escaping, and then seems to convert it to UTF-8 charset, before
sending it to GnuPG through the pipe.
The choice of the charset (UTF-8) seems to be dictated by my locale
settings, but completely fails to take into account that the message
headers specify, among other fields:

  Content-Type: text/plain; charset=iso-8859-1
  Content-Disposition: inline
  Content-Transfer-Encoding: quoted-printable

An example of such messages is DSA-2040-1 [2]: see the thread where
I thought the signature was actually bad [3], while the problem is
in Sylpheed, instead.

In order to check the validity of my reasoning, I configured the
following action:

  | iconv -f utf-8 -t latin1 | gpg --no-tty --verify

This action is able to correctly verify the inline signature of
that ISO-8859-1 charset message.

Now, what I think is that Sylpheed should take headers into
account when sending the message body through the pipe, in order
to choose the original charset when decoding quoted printable
escaped messages.

I took a look at  src/action.c  and I cannot find where the
quoted printable unescaping is performed. If I understand correctly,
the message body is sent through the pipe as displayed by GTK+
widgets: if this is the case, then the charset is chosen as the
locale settings require, I guess... But this causes the above
described issue.

How can this mess be fixed?


[1] http://sylpheeddoc.sourceforge.net/en/manual/manual-13.html
[2] http://lists.debian.org/debian-security-announce/2010/msg00081.html
[3] http://lists.debian.org/debian-security/2010/05/msg00001.html

[reportbug info removed]
------- End forwarded message.

  regards,
-- 
 Ricardo Mones
 http://people.debian.org/~mones
 «Q: What do you call a boomerang that doesn't come back? A: A stick.»
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://www.sraoss.jp/pipermail/sylpheed/attachments/20100524/ab9f9232/attachment.bin

More information about the Sylpheed mailing list