Bug#710386: kmail: KMail cannot verify signatures for PGP/MIME messages (fixed upstream)
Package: kmail
Version: 4:4.4.11.1+l10n-3+b1
Severity: normal
Tags: patch
Dear Maintainer,
KMail (1.3.7) is unable to verify signatures for PGP/MIME encrypted
messages. This bug was fixed upstream in
https://projects.kde.org/projects/kde/kdepim/repository/revisions/44a3eb070b74414256f8f8ef58f73fd67678f5e4
-- System Information:
Debian Release: jessie/sid
APT prefers testing
APT policy: (650, 'testing'), (600, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.7.1 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages kmail depends on:
ii kde-runtime 4:4.8.4-2
ii kdepim-runtime 4:4.4.11.1-6
ii kdepimlibs-kio-plugins 4:4.8.4-2
ii libakonadi-contact4 4:4.8.4-2
ii libakonadi-kde4 4:4.8.4-2
ii libc6 2.17-3
ii libgcc1 1:4.8.0-7
ii libgpgme++2 4:4.8.4-2
ii libkabc4 4:4.8.4-2
ii libkcal4 4:4.8.4-2
ii libkcmutils4 4:4.8.4-4
ii libkde3support4 4:4.8.4-4
ii libkdecore5 4:4.8.4-4
ii libkdepim4 4:4.4.11.1+l10n-3+b1
ii libkdeui5 4:4.8.4-4
ii libkhtml5 4:4.8.4-4
ii libkimap4 4:4.8.4-2
ii libkio5 4:4.8.4-4
ii libkldap4 4:4.8.4-2
ii libkleo4 4:4.4.11.1+l10n-3+b1
ii libkmime4 4:4.8.4-2
ii libknotifyconfig4 4:4.8.4-4
ii libkontactinterface4 4:4.8.4-2
ii libkparts4 4:4.8.4-4
ii libkpgp4 4:4.4.11.1+l10n-3+b1
ii libkpimidentities4 4:4.8.4-2
ii libkpimtextedit4 4:4.8.4-2
ii libkpimutils4 4:4.8.4-2
ii libkresources4 4:4.8.4-2
ii libksieve4 4:4.4.11.1+l10n-3+b1
ii libktnef4 4:4.8.4-2
ii libmailtransport4 4:4.8.4-2
ii libmessagecore4 4:4.4.11.1+l10n-3+b1
ii libmessagelist4 4:4.4.11.1+l10n-3+b1
ii libmimelib4 4:4.4.11.1+l10n-3+b1
ii libnepomuk4 4:4.8.4-4
ii libphonon4 4:4.6.0.0-3
ii libqt4-dbus 4:4.8.2+dfsg-11
ii libqt4-network 4:4.8.2+dfsg-11
ii libqt4-qt3support 4:4.8.2+dfsg-11
ii libqt4-xml 4:4.8.2+dfsg-11
ii libqtcore4 4:4.8.2+dfsg-11
ii libqtgui4 4:4.8.2+dfsg-11
ii libstdc++6 4.8.0-7
ii libthreadweaver4 4:4.8.4-4
ii perl 5.14.2-21
ii phonon 4:4.6.0.0-3
Versions of packages kmail recommends:
ii gnupg-agent 2.0.20-1
ii gnupg2 2.0.20-1
ii pinentry-gtk2 [pinentry-x11] 0.8.1-1
ii pinentry-qt4 [pinentry-x11] 0.8.1-1
Versions of packages kmail suggests:
ii bogofilter 1.2.2+dfsg1-3
pn clamav | f-prot-installer <none>
ii kaddressbook 4:4.4.11.1+l10n-3+b1
pn kleopatra <none>
ii procmail 3.22-20
-- no debconf information
diff -Nru kdepim-4.4.11.1+l10n/debian/changelog kdepim-4.4.11.1+l10n/debian/changelog
--- kdepim-4.4.11.1+l10n/debian/changelog 2012-06-10 13:12:30.000000000 +0100
+++ kdepim-4.4.11.1+l10n/debian/changelog 2013-05-30 09:48:18.000000000 +0100
@@ -1,3 +1,11 @@
+kdepim (4:4.4.11.1+l10n-3.1) UNRELEASED; urgency=low
+
+ * Non-maintainer upload.
+ * Backport upstream commit 44a3eb070b74414256f8f8ef58f73fd67678f5e4 to fix
+ OpenPGP signaure verification
+
+ -- Martin Albrecht <martinralbrecht@googlemail.com> Thu, 30 May 2013 09:46:38 +0100
+
kdepim (4:4.4.11.1+l10n-3) unstable; urgency=low
* Team upload.
diff -Nru kdepim-4.4.11.1+l10n/debian/patches/series kdepim-4.4.11.1+l10n/debian/patches/series
--- kdepim-4.4.11.1+l10n/debian/patches/series 2012-06-10 12:56:33.000000000 +0100
+++ kdepim-4.4.11.1+l10n/debian/patches/series 2013-05-30 09:39:23.000000000 +0100
@@ -6,3 +6,4 @@
upstream_Build-with-clang.patch
upstream_Fix-crash-in-Folder-destructor.patch
upstream_in-c4_String-c4_String-only-call-memset-if-the-numbe.patch
+upstream-verify-signature-rfc-3156.patch
diff -Nru kdepim-4.4.11.1+l10n/debian/patches/upstream-verify-signature-rfc-3156.patch kdepim-4.4.11.1+l10n/debian/patches/upstream-verify-signature-rfc-3156.patch
--- kdepim-4.4.11.1+l10n/debian/patches/upstream-verify-signature-rfc-3156.patch 1970-01-01 01:00:00.000000000 +0100
+++ kdepim-4.4.11.1+l10n/debian/patches/upstream-verify-signature-rfc-3156.patch 2013-05-30 09:43:01.000000000 +0100
@@ -0,0 +1,46 @@
+Index: kdepim-4.4.11.1+l10n/kmail/objecttreeparser.cpp
+===================================================================
+--- kdepim-4.4.11.1+l10n.orig/kmail/objecttreeparser.cpp 2011-04-20 21:03:31.000000000 +0100
++++ kdepim-4.4.11.1+l10n/kmail/objecttreeparser.cpp 2013-05-30 09:42:58.466795851 +0100
+@@ -605,8 +605,40 @@
+ messagePart.status = i18n("Different results for signatures");
+ }
+ }
+- if ( messagePart.status_code & GPGME_SIG_STAT_GOOD )
++ if ( messagePart.status_code & GPGME_SIG_STAT_GOOD ) {
+ messagePart.isGoodSignature = true;
++ if ( !doCheck ) {
++ // We have a good signature but did not do a verify,
++ // this means the signature was already validated before by
++ // decryptverify for example.
++ Q_ASSERT( !key.keyID() ); // There should be no key set without doCheck
++ // Search for the key by it's fingerprint so that we can check for
++ // trust etc.
++
++ Kleo::KeyListJob * job = cryptProto->keyListJob( false ); // local, no sigs
++
++ if ( !job ) {
++ kDebug() << "The Crypto backend does not support listing keys. ";
++ } else {
++ std::vector<GpgME::Key> found_keys;
++ // As we are local it is ok to make this synchronous
++ GpgME::KeyListResult res = job->exec( QStringList( signature.fingerprint() ), false, found_keys );
++ if ( res.error() ) {
++ kDebug() << "Error while searching key for Fingerprint: " << signature.fingerprint();
++ }
++ if ( found_keys.size() > 1 ) {
++ // Should not Happen
++ kDebug() << "Oops: Found more then one Key for Fingerprint: " << signature.fingerprint();
++ }
++ if ( found_keys.size() != 1 ) {
++ // Should not Happen at this point
++ kDebug() << "Oops: Found no Key for Fingerprint: " << signature.fingerprint();
++ } else {
++ key = found_keys[0];
++ }
++ }
++ }
++ }
+
+ // save extended signature status flags
+ messagePart.sigSummary = signature.summary();
diff -Nru kdepim-4.4.11.1+l10n/debian/changelog kdepim-4.4.11.1+l10n/debian/changelog
--- kdepim-4.4.11.1+l10n/debian/changelog 2012-06-10 13:12:30.000000000 +0100
+++ kdepim-4.4.11.1+l10n/debian/changelog 2013-05-30 09:48:18.000000000 +0100
@@ -1,3 +1,11 @@
+kdepim (4:4.4.11.1+l10n-3.1) UNRELEASED; urgency=low
+
+ * Non-maintainer upload.
+ * Backport upstream commit 44a3eb070b74414256f8f8ef58f73fd67678f5e4 to fix
+ OpenPGP signaure verification
+
+ -- Martin Albrecht <martinralbrecht@googlemail.com> Thu, 30 May 2013 09:46:38 +0100
+
kdepim (4:4.4.11.1+l10n-3) unstable; urgency=low
* Team upload.
diff -Nru kdepim-4.4.11.1+l10n/debian/patches/series kdepim-4.4.11.1+l10n/debian/patches/series
--- kdepim-4.4.11.1+l10n/debian/patches/series 2012-06-10 12:56:33.000000000 +0100
+++ kdepim-4.4.11.1+l10n/debian/patches/series 2013-05-30 09:39:23.000000000 +0100
@@ -6,3 +6,4 @@
upstream_Build-with-clang.patch
upstream_Fix-crash-in-Folder-destructor.patch
upstream_in-c4_String-c4_String-only-call-memset-if-the-numbe.patch
+upstream-verify-signature-rfc-3156.patch
diff -Nru kdepim-4.4.11.1+l10n/debian/patches/upstream-verify-signature-rfc-3156.patch kdepim-4.4.11.1+l10n/debian/patches/upstream-verify-signature-rfc-3156.patch
--- kdepim-4.4.11.1+l10n/debian/patches/upstream-verify-signature-rfc-3156.patch 1970-01-01 01:00:00.000000000 +0100
+++ kdepim-4.4.11.1+l10n/debian/patches/upstream-verify-signature-rfc-3156.patch 2013-05-30 09:43:01.000000000 +0100
@@ -0,0 +1,46 @@
+Index: kdepim-4.4.11.1+l10n/kmail/objecttreeparser.cpp
+===================================================================
+--- kdepim-4.4.11.1+l10n.orig/kmail/objecttreeparser.cpp 2011-04-20 21:03:31.000000000 +0100
++++ kdepim-4.4.11.1+l10n/kmail/objecttreeparser.cpp 2013-05-30 09:42:58.466795851 +0100
+@@ -605,8 +605,40 @@
+ messagePart.status = i18n("Different results for signatures");
+ }
+ }
+- if ( messagePart.status_code & GPGME_SIG_STAT_GOOD )
++ if ( messagePart.status_code & GPGME_SIG_STAT_GOOD ) {
+ messagePart.isGoodSignature = true;
++ if ( !doCheck ) {
++ // We have a good signature but did not do a verify,
++ // this means the signature was already validated before by
++ // decryptverify for example.
++ Q_ASSERT( !key.keyID() ); // There should be no key set without doCheck
++ // Search for the key by it's fingerprint so that we can check for
++ // trust etc.
++
++ Kleo::KeyListJob * job = cryptProto->keyListJob( false ); // local, no sigs
++
++ if ( !job ) {
++ kDebug() << "The Crypto backend does not support listing keys. ";
++ } else {
++ std::vector<GpgME::Key> found_keys;
++ // As we are local it is ok to make this synchronous
++ GpgME::KeyListResult res = job->exec( QStringList( signature.fingerprint() ), false, found_keys );
++ if ( res.error() ) {
++ kDebug() << "Error while searching key for Fingerprint: " << signature.fingerprint();
++ }
++ if ( found_keys.size() > 1 ) {
++ // Should not Happen
++ kDebug() << "Oops: Found more then one Key for Fingerprint: " << signature.fingerprint();
++ }
++ if ( found_keys.size() != 1 ) {
++ // Should not Happen at this point
++ kDebug() << "Oops: Found no Key for Fingerprint: " << signature.fingerprint();
++ } else {
++ key = found_keys[0];
++ }
++ }
++ }
++ }
+
+ // save extended signature status flags
+ messagePart.sigSummary = signature.summary();
Reply to: