devotedmystic . | 27 Jan 16:48 2016
Picon

Re: [RCD] [Roundcube Webmail] #1490633: Enigma: Mail containing text + PGP encrypted part is not decrypted (was: Mail containing text + PGP encrypted part is not decrypted)

I experimented with this as I added to enigma_engine.php self-encryption, if no valid key was found for the receiver.
So, I appended a message before the encrypted message, saying that, if he cannot read it (because he does not have the pgp key), he can click on a link which would decrypt the message, if he knows the password.

Now my sieve configuration broke and I am unable to test until I fix it again. But I saw that enigma was behaving correctly. The message was displayed before the decryption password was entered, followed by the ---PGP PART---. Once the password was entered, the message of course disappeared. Same behavior in enigmail.

For my use, I would mark this as resolved. If there is some other use, I don't know.

On Wed, Jan 27, 2016 at 10:00 AM, Roundcube Webmail <trac <at> roundcube.net> wrote:
#1490633: Enigma: Mail containing text + PGP encrypted part is not decrypted
---------------------------+-----------------------
 Reporter:  devotedmystic  |       Owner:
     Type:  Bugs           |      Status:  new
 Priority:  3              |   Milestone:  1.2-RC
Component:  Plugins        |     Version:  1.2-beta
 Severity:  major          |  Resolution:
 Keywords:                 |
---------------------------+-----------------------
\
\
\
\
\
\

Comment (by alec):

 I couldn't find any standard for this, but e.g. Enigmail can handle such
 messages (with warning that only part of the body was encrypted). So, we
 should support this too, I suppose.
\
\
\

--
Ticket URL: <http://trac.roundcube.net/ticket/1490633#comment:4>
Roundcube Webmail <http://www.roundcube.net/>
Roundcube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, spell checking, folder manipulation and plugins. Roundcube Webmail is written in PHP and requires a MySQL, Postgres, MSSql or SQlite database. The user interface is fully skinnable using HTML and CSS.

_______________________________________________
Roundcube Development discussion mailing list
dev <at> lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/dev
cor | 22 Jan 15:54 2016
Picon
Picon

[RCD] special-use

Hi all, im experimenting with the IMAP SPECIAL-USE setting.  Works fine, except for one thing.

I think it’s a little weird that you can actually set and save a different special folder in preferences if
that specific special folder is already set by IMAP SPECIAL-USE. Roundcube will detect a different
special-use folder on the next login, and modify it back. This can create confusing preference-setting
loops for the user, resulting in support request. 

Wouldn’t it be possible to detect this before allowing the user to modify the special folder? 

Cor

_______________________________________________
Roundcube Development discussion mailing list
dev <at> lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/dev
Picon

[RCD] S/MIME

Hello!
 
I want to thank all for found for me time and attention.
 
I don't plan any my further work on S/MIME encryption in RCube.
 
Good-bye.
    Vladimir Gorpenko
_______________________________________________
Roundcube Development discussion mailing list
dev <at> lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/dev
Devoted Mystic | 14 Jan 20:17 2016
Picon

[RCD] pgp encryption

Hello to all,
I found many bugs in the gpg encryption module.
The only working thing was with a plain mail. Attachments would block the parsing and display of the email.

I modified many points in enigma_engine.php and now everything works as expected (tested with text plain, text plain + attachments, html, html with attachments email).
I even added self-signing and private key export, but I don't advise to use them, as they should be further refined.
The only thing I did not implement is about signature for non text plain emails (but the signature needs to be removed for non text plain emails to be decrypted correctly).

I would like to contribute my fixes. Can somebody check them, or tell me how to do?

Thanks

_______________________________________________
Roundcube Development discussion mailing list
dev <at> lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/dev
Picon

[RCD] S/MIME

Hello!
 
I have some questions about RCube (1.2)
 
1. rcube_message.php, lines 114-120
 
         if (!empty($this->headers->structure)) {
            $this->get_mime_numbers($this->headers->structure);
            $this->parse_structure($this->headers->structure);
        }
        else {
            $this->body = $this->storage->get_body($uid);
        }
Is that the whole body of unstructured (not multipart) message is stored in memory? When you use S/MIME an encrypted email is unstructured and can be large (tens of megabytes). Of course, if the message is decrypted before this place (for example, in rcube_imap) the appearance of large unstructured letters unlikely.
 
2. What for is the function get_part_content in rcube_message.php? This function gets part body from the storage object (i.e. imap object) and not exec hook 'message_part_body'. Will it cause problems in message decryption?
 
3. The same questions about get_body in rcube_storage.php.
Also note that some plugins communicate directly with the rcube_imap, to get the text of the message part.
 
4. Yes, 'message_part_structure' can change the structure of the part of the message. But, function parse_structure in which is the challenge of this hook, not always called. I do not quite understand the logic of RC and I ask you to say whether the hook  'message_part_structure'  will provide normal work in these situations:
- S/MIME ecnrypted message is not multupart message. After decryption, it can be a multipart or not multipart message.
- S/MIME signed message is usually a multipart message. After decryption, it can be a multipart or not multipart message.
In both situations changing of part structure is not sufficient.
 
5. Some of message headers (Content*) have to be changed on decryption or sign verification. How it can be done?
 
Best regards,
     Vladimir Gorpenko
 
_______________________________________________
Roundcube Development discussion mailing list
dev <at> lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/dev
Michael Heydekamp | 11 Jan 15:19 2016
Picon

[RCD] Can't load mails and addressbook in 1.2-git anymore

Since yesterday evening, I can't load any mails and the addressbook anymore
in 1.2-git [GIT 20160110.1602]. Flags such as read/unread are still set,
though.

After attempting to load a mail, RC doesn't react anymore (can't even
logout). After a reload of the page, it does react again, but still doesn't
load mails.

The log is telling this:

-------------------------------------------------------------------------
[10-Jan-2016 21:57:17 Europe/Berlin] PHP Fatal error:  Can't use function
return value in write context in
/kunden/394333_40476/webseiten/webmail-beta/program/lib/Roundcube/rcube_addressbook.php
on line 553
[... and 20 or so times more till I gave up ...]
-------------------------------------------------------------------------

Any idea? As the -git is my production environment, a soon help would be
appreciated.

Cheers,
--

-- 
Michael Heydekamp
Co-Admin freexp.de
Düsseldorf/Germany
_______________________________________________
Roundcube Development discussion mailing list
dev <at> lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/dev
Picon

[RCD] S/MIME encryption and signing plugin

Hi!
 
I've prepared my plugins for the first publication.
 
You can (I hope) get .zip with all files by this link:
 
It is my working version in which I added and translated comments. Respectively, it is made for Rcube v.1.1.3.
In texts I kept some comments in Russian. Don't pay attention: always nearby there is their translation into English.

I think that this option will allow to understand better work of a plug-in and possibility of its use in other projects.
 
Soon I will begin work with the Rcube 1.2 version.
 
As as I understand, in this version essential changes for encryption of mail are made, I would be very grateful to receive recommendations about application of my algorithms in the new RCube version.
 
The README file contains more detailed comments to a plug-in.
 
Best regards,
   Vladimir Gorpenko,
       Moscow
 
_______________________________________________
Roundcube Development discussion mailing list
dev <at> lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/dev
Thomas Bruederli | 26 Dec 14:37 2015
Picon
Gravatar

[RCD] Security Updates 1.1.4 and 1.0.8 released

Dear Roundcube users

We just published updates to both stable versions 1.0 and 1.1
delivering important bug fixes one of which seals a potential path
traversal vulnerability [1] recently reported by High-Tech Bridge
Security Research Lab. Although the vulnerability is not fully
disclosed yet, the attack scenario requires an active Roundcube
account as well as write privileges on the same host Roundcube is
served from (without open_basedir protection).

A second security improvement adds some measures against brute-force attacks.
See the full changelog here:
http://trac.roundcube.net/wiki/Changelog#RELEASE1.1.4

Both versions are considered stable and we recommend to update all
productive installations of Roundcube with either of these versions.
Download them from https://roundcube.net/download

If you prefer to patch your installation for the path traversal
vulnerability only, we also published patches on our download mirrors
for versions 1.0 [2] and 1.1 [3].

As usual, don't forget to backup your data before updating!

Thanks for all your support and happy new year!

Thomas

[1] https://www.htbridge.com/advisory/HTB23283
[2] https://sourceforge.net/projects/roundcubemail/files/roundcubemail/1.0.8/
[3] https://sourceforge.net/projects/roundcubemail/files/roundcubemail/1.1.4/
_______________________________________________
Roundcube Development discussion mailing list
dev <at> lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/dev

Picon

[RCD] Hooks in plugin

Hello!
 
Is it correct to determine hooks in one plugin and use them from another plugin?
 
I am concerned that the plugin object is constructed and desructed many times. What happens with defined in this object hooks when the object is destructed?
 
Whether this will lead to errors, or a substantial decrease in performance?
 
   Vladimir Gorpenko
 
 
_______________________________________________
Roundcube Development discussion mailing list
dev <at> lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/dev
Md Firoz Kabir | 20 Dec 15:08 2015
Picon

[RCD] kjhfsd

Hi
_______________________________________________
Roundcube Development discussion mailing list
dev <at> lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/dev
Picon

[RCD] Hooks

Hello!
 
1. Is there any more recent information about hooks than http://trac.roundcube.net/wiki/Plugin_Hooks?
 
In particular, I found the following hooks are not mentioned in this source:
 
acl_rights_simple
acl_rights_supported
db_table_name
error_page
folder_create
folder_delete
folder_form
folder_rename
folder_update
imap_init
imap_search_before
keep_alive
managesieve_connect
message_saved
message_send_error
password_change
password_ldap_bind
preferences_section_header
secure_token
template_object_$object
unauthenticated
user_delete
user_delete_commit
user_delete_prepare
user_delete_rollback
 
2. What are the hooks can be used to completely replace the text and structure of the message for reading and quoting for a response?
 
Yours faithfully,
    Vladimir
_______________________________________________
Roundcube Development discussion mailing list
dev <at> lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/dev

Gmane