[PATCH/2.0] some gpg fixes/extensions



Below is a patch against the balsa-2-0 cvs (last changelog entry 2004-05- 15 16:19 PeterB) with a security related gpg fix and a few small enhancements:

* I discovered a bug in gpgme which falsely returns "invalid crypto engine" when checking a signed message of which the key has been revoked. This has been fixed in the gpgme cvs, a new tarball (0.4.8) shall be released soon. The balsa fix catches the new signature status GPG_ERR_CERT_REVOKED and adds information about expired, revoked, disabled and invalid keys to the signature info block. Note that it is *not* necessary to upgrade gpgme in order to run balsa with the patch, but of course it's highly recommended. In the long run, we should IMHO require gpgme 0.4.8 or later (files libbalsa/rfc3156.[hc]);

* Do not set a gpgme passphrase callback when a gpg-agent is active. Otherwise, when clicking "cancel" in pinentry, gpgme will display balsa's passphrase entry (file libbalsa/rfc3156.c);

* Convert \r\n and \n\r line endings to just \n in decrypted RFC 2440 bodies (HEAD does this automagically thanks to gmime; file libbalsa/ rfc3156.c);

* As a backport from head, remove the visibility of the mailbox tabs with gtk+ 2.4.0 and above to avoid ugly rendering with some themes (file src/ main-window.c).

I'll prepare a similar patch, including some more enhancements, for HEAD within the next few days. Any comments?

Cheers,

Albrecht.


-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Albrecht Dreß - Johanna-Kirchner-Straße 13 - D-53123 Bonn (Germany) Phone (+49) 228 6199571 - mailto:albrecht dress arcor de _________________________________________________________________________

Attachment: balsa-rfc3156-patch-2004-05-22.gz
Description: GNU Zip compressed data

Attachment: pgp00022.pgp
Description: PGP signature



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]