From 1bf66b857a27855a241dbb7cd10958018a1959b2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philipp=20H=C3=B6rist?= <forenjunkie@chello.at>
Date: Thu, 8 Jun 2017 19:33:01 +0200
Subject: [PATCH] Always pass utf8 encoded strings to python-gnupg
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

self.encoding which we set in the init is only intended
to decode gpg´s stderr which uses a system specific encoding.

if we dont encode the data we pass to python-gnupg ourself, it will fallback and use self.encoding.
This might be of no concern if self.encoding is set to 'utf8' and when we are on Linux
which has a preferred encoding of 'utf8'.

But if we are on Windows the preferred encoding for stderr
is most of the time not 'utf8'. If python-gnupg tries to decode a stderr stream that is for example
encoded with 'cp1252' with our set encoding of 'utf8' this will fail.

The solution is to pre-encode the data before we pass it to python-gnupg, so it does not have to
use self.encoding as a fallback. And set self.encoding='latin1' because latin1 will not yield exceptions
on decoding errors. Also gpg itself will fallback to latin1 as stderr encoding when it cant determine the
preferred encoding of a system.

self.decode_errors is used for something differently, and has no influence on the situation.

Fixes #8644
---
 src/common/gpg.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/common/gpg.py b/src/common/gpg.py
index f57b0ba23..dc7f695cb 100644
--- a/src/common/gpg.py
+++ b/src/common/gpg.py
@@ -59,7 +59,7 @@ if HAVE_GPG:
                             return '', 'NOT_TRUSTED ' + key['keyid'][-8:]
                         else:
                             trust = True
-            result = super(GnuPG, self).encrypt(str_, recipients,
+            result = super(GnuPG, self).encrypt(str_.encode('utf8'), recipients,
                 always_trust=trust, passphrase=self.passphrase)
 
             if result.ok:
@@ -71,13 +71,13 @@ if HAVE_GPG:
 
         def decrypt(self, str_, keyID):
             data = self._addHeaderFooter(str_, 'MESSAGE')
-            result = super(GnuPG, self).decrypt(data,
+            result = super(GnuPG, self).decrypt(data.encode('utf8'),
                 passphrase=self.passphrase)
 
             return str(result)
 
         def sign(self, str_, keyID):
-            result = super(GnuPG, self).sign(str_, keyid=keyID, detach=True,
+            result = super(GnuPG, self).sign(str_.encode('utf8'), keyid=keyID, detach=True,
                 passphrase=self.passphrase)
 
             if result.fingerprint:
@@ -100,7 +100,7 @@ if HAVE_GPG:
                      str_,
                      self._addHeaderFooter(sign, 'SIGNATURE')]
                     )
-                result = super(GnuPG, self).verify(data)
+                result = super(GnuPG, self).verify(data.encode('utf8'))
                 if result.valid:
                     return result.key_id