Enigmail / Bugs / #258 PGP/MIME signature verification displayed in wrong message window

jmorahan - 2014-02-23

Oops, ignore that bit about PGP/MIME vs inline, it happens with both (I was confused because I forgot to rebuild the xpi after reverting my failed attempt to fix it. doh).

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

summary: Receiveing PGP/MIME encrypted message wrongly displays notification ribbon --> Receiveing encrypted message wrongly displays notification ribbon
Description has changed:

Diff:

--- old
+++ new
@@ -1,3 +1,3 @@
-If I receive a PGP/MIME encrypted message while viewing another message, the "Decrypted message" notification ribbon for the incoming message is displayed in the header of the other message that I am viewing.  This happens whether the incoming message is signed or not. It does not seem to happen if it is only signed and not encrypted, and it does not seem to happen with inline PGP.
+If I receive an encrypted message while viewing another message, the "Decrypted message" notification ribbon for the incoming message is displayed in the header of the other message that I am viewing.  This happens whether the incoming message is signed or not, and whether it uses inline PGP or PGP/MIME. It does not seem to happen if it is only signed and not encrypted.

 I've marked this as private on the grounds that displaying a false signature verification (which it does if the incoming message is signed) could be considered a security issue, so feel free to change that if you disagree.

jmorahan - 2014-02-26

Attaching a log from when this happens.

When I subsequently click to view the incoming message, I get an almost identical log, but these two lines are different:

2014-02-26 20:57:43.243 [DEBUG] enigmailMsgHdrViewOverlay.js: EnigMimeHeaderSink.updateSecurityStatus: uriSpec=imap-message://john.morahan%40gmail.com@imap.googlemail.com/INBOX#28107
2014-02-26 20:57:43.243 [DEBUG] enigmailMsgHdrViewOverlay.js: EnigMimeHeaderSink.updateSecurityStatus: msgUriSpec=imap-message://john.morahan%40gmail.com@imap.googlemail.com/INBOX#28107

wrong-log.txt

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

jmorahan - 2014-02-26

summary: Receiveing encrypted message wrongly displays notification ribbon --> Receiving encrypted message wrongly displays notification ribbon
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

jmorahan - 2014-02-26

Hmm.

So I originally found this in 1.5.2, then checked out master from git (which reported as 1.6.0) in the hope it would be fixed. Now, I think I've found the source of the problem in this branch, but the code in question - commit 9b4d9a9c96b0c0a992ee4df35939e13480a31926 - was only committed on Feb 22 2014 so I have no idea what was happening in 1.5.2 ?!?!

But anyways. Reading the mozilla bug 966807 referenced in that commit, the behaviour described there does not match what's implemented. Jonathan Protzenko suggests an obviously wrong change and then suggests fixing it by adding "< 0". However it would seem that you also need to remove the "!".

enigmail.patch

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

jmorahan - 2014-02-26

to save you looking it up, https://bugzilla.mozilla.org/show_bug.cgi?id=966807

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

summary: Receiving encrypted message wrongly displays notification ribbon --> PGP/MIME signature verification displayed in wrong message window
Description has changed:

Diff:

--- old
+++ new
@@ -1,3 +1 @@
-If I receive an encrypted message while viewing another message, the "Decrypted message" notification ribbon for the incoming message is displayed in the header of the other message that I am viewing.  This happens whether the incoming message is signed or not, and whether it uses inline PGP or PGP/MIME. It does not seem to happen if it is only signed and not encrypted.
-
-I've marked this as private on the grounds that displaying a false signature verification (which it does if the incoming message is signed) could be considered a security issue, so feel free to change that if you disagree.
+PGP/MIME encrypted messages are decrypted when they are received, and the corresponding signature verification ribbon displayed on the message window, even if a different message is being viewed at the time.

private: Yes --> No
Found in Version: 1.6.0 --> nightly

jmorahan - 2014-02-27

I can't reproduce the bug in the actual 1.6 release (unsurprisingly, in light of the above). So I guess there's no reason to keep this bug private.

I can no longer reproduce it with inline PGP either. I'm now guessing I was confused by Gmail's "All Mail" folder re-downloading the original PGP/MIME message while I wasn't paying close attention.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Patrick Brunschwig - 2014-02-27

status: open --> fixed

Fixed in version: --- --> 1.6.1
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Patrick Brunschwig - 2014-02-27

Thanks for the patch.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Patrick Brunschwig - 2014-07-10

Fixed in version: 1.6.1 --> 1.7.0
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

PGP/MIME signature verification displayed in wrong message window

OpenPGP addon for Mozilla Thunderbird

Searches

Help

#258 PGP/MIME signature verification displayed in wrong message window

Discussion