Aldo Reset | 1 May 20:16 2011

[RCU] DIGEST-MD5 broken on 0.5.2

hi,

i use roundcube 0.5.1-DEP and i upgrade to 0.5.2-dep and now digest-md5
is broken.

i use: debian 6.0 (stable/squeeze).

$rcmail_config['imap_auth_type'] = 'DIGEST-MD5';
$rcmail_config['imap_auth_type'] = null;

do not work.

PHP5-IMAP and PHP-NET-imap are installed.

i use dovecot. i must put
$rcmail_config['imap_auth_type'] = 'CRAM-MD5';
to work.

bst regards
--

-- 
List info: http://lists.roundcube.net/users/
BT/d79c1da0

A.L.E.C | 2 May 08:11 2011
Picon

Re: [RCU] DIGEST-MD5 broken on 0.5.2

W dniu 2011-05-01 20:16, Aldo Reset pisze:
> i use roundcube 0.5.1-DEP and i upgrade to 0.5.2-dep and now digest-md5
> is broken.
> 
> i use: debian 6.0 (stable/squeeze).
> 
> $rcmail_config['imap_auth_type'] = 'DIGEST-MD5';
> $rcmail_config['imap_auth_type'] = null;
> 
> do not work.

Any errors in log? Auth_SASL package is required. Enable imap_debug and
provide the log.

-- 
Aleksander 'A.L.E.C' Machniak http://alec.pl gg:2275252
LAN Management System Developer http://lms.org.pl
Roundcube Webmail Developer http://roundcube.net
--

-- 
List info: http://lists.roundcube.net/users/
BT/d79c1da0

Aldo Reset | 2 May 08:21 2011

Re: [RCU] DIGEST-MD5 broken on 0.5.2

ii  php-auth                                   1.6.2-1
    PHP PEAR modules for creating an authentication system
ii  php-auth-sasl                              1.0.4-1
    Abstraction of various SASL mechanism responses

May  1 20:07:50 vil roundcube: S: * OK [CAPABILITY IMAP4rev1 LITERAL+
SASL-IR LOGIN-REFERRALS ID ENABLE AUTH=DIGEST-MD5 AUTH=CRAM-MD5] Hi,
mail.xxxx.tld Ready.
May  1 20:07:50 vil roundcube: C: A0001 ID (name "Roundcube Webmail"
version 0.5.2 php 5.3.3-7+squeeze1 os Linux command /webemail/)
May  1 20:07:50 vilr roundcube: S: * ID NIL
May  1 20:07:50 vil roundcube: S: A0001 OK ID completed.
May  1 20:07:50 vil roundcube: C: A0002 AUTHENTICATE DIGEST-MD5
May  1 20:07:50 vil roundcube: S: +
cmVhbG09IiIsbm9uY2U9IkNWSko0VjhRMGh3ZTZhZ3hlS1BrUkE9PSIscW9wPShdXRoIix....
May  1 20:07:50 vil roundcube: C:
dXNlcm5hbWU9ImZyZWRlcmljQHBsYWNlbmV0Lm9yZyIsYXV0aHppZD0iZnJlZGVaWNAcGx...
May  1 20:07:52 vil roundcube: S: A0002 NO [AUTHENTICATIONFAILED]
Authentication failed.
May  1 20:07:52 vil roundcube: C: A0003 LOGOUT
May  1 20:07:57 vil roundcube: S: * BYE Logging out
May  1 20:07:57 vil roundcube: S: A0003 OK Logout completed.
May  1 20:07:57 vil roundcube: IMAP Error: Login failed

if i force CRAM-MD5 all is ok.

bst regards

Le 02/05/2011 08:11, A.L.E.C a écrit :
> W dniu 2011-05-01 20:16, Aldo Reset pisze:
(Continue reading)

A.L.E.C | 2 May 09:13 2011
Picon

Re: [RCU] DIGEST-MD5 broken on 0.5.2

W dniu 2011-05-02 08:21, Aldo Reset pisze:

> May  1 20:07:50 vil roundcube: C: A0002 AUTHENTICATE DIGEST-MD5
> May  1 20:07:50 vil roundcube: S: +
> cmVhbG09IiIsbm9uY2U9IkNWSko0VjhRMGh3ZTZhZ3hlS1BrUkE9PSIscW9wPShdXRoIix....
> May  1 20:07:50 vil roundcube: C:
> dXNlcm5hbWU9ImZyZWRlcmljQHBsYWNlbmV0Lm9yZyIsYXV0aHppZD0iZnJlZGVaWNAcGx...
> May  1 20:07:52 vil roundcube: S: A0002 NO [AUTHENTICATIONFAILED]
> Authentication failed.

So, it tries to authenticate. The difference between 0.5.2 and 0.5.1 is
that now it doesn't try to use other methods (which is intended
behaviour). As you see, authentication fails and this can be IMAP server
config issue.

-- 
Aleksander 'A.L.E.C' Machniak http://alec.pl gg:2275252
LAN Management System Developer http://lms.org.pl
Roundcube Webmail Developer http://roundcube.net
--

-- 
List info: http://lists.roundcube.net/users/
BT/d79c1da0

Stan Hoeppner | 2 May 09:16 2011

Re: [RCU] RESOLVED: problems after Debian 5 to 6 upgrade

On 4/30/2011 1:03 PM, Stan Hoeppner wrote:

> Back to the original problem...  My lighttpd, RC 0.3.1, PHP5, sqlite
> packages are part of stock Debian 6.0 AFAIK.  I've just posted a message
> on debian-user about this RC problem; hoping to hear something soon.

Changing the following in /etc/php5/conf.d/suhosin.ini fixed the problem.

; Transparent Encryption Options
;suhosin.session.encrypt = on    <-- default
suhosin.session.encrypt = off

I'm not absolutely certain of the cause, and can't verify my hypothesis 
as I no longer have a Debian 5 system to test, but, that said...

Apparently the php5 binary shipped w/ Debian 5 did not have the suhosin 
module compiled into it, thus the 'on' setting above was simply ignored, 
and I did not have the RC login redirection problem.  Debian 6 php5 does 
have suhosin compiled in

PHP 5.3.3-7+squeeze1 with Suhosin-Patch (cli) (built: Mar 18 2011 17:22:52)
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies
     with Suhosin v0.9.32.1, Copyright (c) 2007-2010, by SektionEins GmbH

and thus the 'on' setting above was in effect, causing the login 
redirection problem.  I'm surprised that the Debian teams allowed this 
situation to occur.  If my hypothesis is correct, not just mine, but 
every Debian 6 RC 0.3.1 server was down after the distribution upgrade, 
with no relevant log entries whatsoever, an no warnings in documentation 
(Continue reading)

A.L.E.C | 2 May 09:19 2011
Picon

Re: [RCU] RESOLVED: problems after Debian 5 to 6 upgrade

W dniu 2011-05-02 09:16, Stan Hoeppner pisze:

> and thus the 'on' setting above was in effect, causing the login 
> redirection problem.  I'm surprised that the Debian teams allowed this 
> situation to occur.  If my hypothesis is correct, not just mine, but 
> every Debian 6 RC 0.3.1 server was down after the distribution upgrade, 
> with no relevant log entries whatsoever, an no warnings in documentation 
> prior to the upgrade.
> 
> Apparently I'm the only Debian+RC user on the planet?

Newer Roundcube versions will print an error in this case. So, maybe
you're the only Debian+RC-0.3.1 user ;) Time to update.

-- 
Aleksander 'A.L.E.C' Machniak http://alec.pl gg:2275252
LAN Management System Developer http://lms.org.pl
Roundcube Webmail Developer http://roundcube.net
--

-- 
List info: http://lists.roundcube.net/users/
BT/d79c1da0

Aldo Reset | 2 May 13:05 2011

Re: [RCU] DIGEST-MD5 broken on 0.5.2


It seems not:

May  2 12:59:56  dovecot: imap-login: Login: user=<aldo <at> ..,
method=DIGEST-MD5, rip=XX.XXX, lip=XX.XXX.

it ok with evolution in the same server.

Roundcube
ay  2 13:03:07 t dovecot: imap-login: Aborted login (auth
failed, 1 attempts): method=DIGEST-MD5, rip=XX.XX, lip=XX.XXX

it seems special caractère in password or login name do not work with
php-auth or roundcube function...

bst regards.

Le 02/05/2011 09:13, A.L.E.C a écrit :
> W dniu 2011-05-02 08:21, Aldo Reset pisze:
> 
>> May  1 20:07:50 vil roundcube: C: A0002 AUTHENTICATE DIGEST-MD5
>> May  1 20:07:50 vil roundcube: S: +
>> cmVhbG09IiIsbm9uY2U9IkNWSko0VjhRMGh3ZTZhZ3hlS1BrUkE9PSIscW9wPShdXRoIix....
>> May  1 20:07:50 vil roundcube: C:
>> dXNlcm5hbWU9ImZyZWRlcmljQHBsYWNlbmV0Lm9yZyIsYXV0aHppZD0iZnJlZGVaWNAcGx...
>> May  1 20:07:52 vil roundcube: S: A0002 NO [AUTHENTICATIONFAILED]
>> Authentication failed.
> 
> So, it tries to authenticate. The difference between 0.5.2 and 0.5.1 is
> that now it doesn't try to use other methods (which is intended
(Continue reading)

A.L.E.C | 2 May 14:27 2011
Picon

Re: [RCU] DIGEST-MD5 broken on 0.5.2

W dniu 2011-05-02 13:05, Aldo Reset pisze:

> it seems special caractère in password or login name do not work with
> php-auth or roundcube function...

What character? It's possible. You can change password_charset config
option, which is by default set to 'ISO-8859-1'.

-- 
Aleksander 'A.L.E.C' Machniak http://alec.pl gg:2275252
LAN Management System Developer http://lms.org.pl
Roundcube Webmail Developer http://roundcube.net
--

-- 
List info: http://lists.roundcube.net/users/
BT/d79c1da0
Aldo Reset | 2 May 14:55 2011

Re: [RCU] DIGEST-MD5 broken on 0.5.2


With client like evolution and icedove in digest-md5 that works.

i check with 0.5.1 option null in $rcmail_config['imap_auth_type'] work
because after digest-md5 fails it try cram-md5.

i will try other web mail client to check what's happen.

bst regards.

Le 02/05/2011 14:27, A.L.E.C a écrit :
> W dniu 2011-05-02 13:05, Aldo Reset pisze:
> 
>> it seems special caractère in password or login name do not work with
>> php-auth or roundcube function...
> 
> What character? It's possible. You can change password_charset config
> option, which is by default set to 'ISO-8859-1'.
> 

--

-- 
List info: http://lists.roundcube.net/users/
BT/d79c1da0
Julien Vehent | 2 May 16:14 2011

[RCU] Corrupted attached PDF files

 Hi list,

 I have a 0.5.2 running in a small company and users have been 
 complaining that attached PDF files don't open properly.
 I tried to open one of those emails with thunderbird, the PDFs display 
 properly. But with roundcube, I get a blank page.

 I saved both PDFs (from tbird and roundcube) and it appears that the 
 one from Roundcube is slightly bigger (by 118 bytes):

 $ ls -al
 -rw-r--r--  1 jvehent jvehent 11392 May  2  2011 MicroGate chges avril 
 2011 -rcube.pdf
 -rw-------  1 jvehent jvehent 11274 May  2 09:52 MicroGate chges avril 
 2011 -tbrid.pdf

 $ md5sum *
 bfb27d3a439fd4d38a2b6d9bcd827582  MicroGate chges avril 2011.pdf
 2fd9859443dfa3696b6e86de9fc0b2d2  MicroGate chges avril 2011 -tbrid.pdf

 I opened both documents in Vim, and noticed that the one coming from 
 Roundcube contains trailing "^M" that don't exist in the PDF coming from 
 Thunderbird (see attached screenshot, the document from roundcube is on 
 the right).

 I observed this behavior in 0.5.1 and upgraded to 0.5.2 without any 
 change. I tried deactivated ALL the plugins on my instalation, without 
 any change. So before feeling a bug ticket, I'd like to confirm there is 
 not already a solution for this.

(Continue reading)


Gmane