[kmail2] [Bug 404219] kmail crashes on exit
https://bugs.kde.org/show_bug.cgi?id=404219 kwanza.p...@virginmedia.com changed: What|Removed |Added Status|REPORTED|RESOLVED Resolution|--- |INTENTIONAL --- Comment #1 from kwanza.p...@virginmedia.com --- This seems to be harmless/intentional (but strange), so I'm closing it. -- You are receiving this mail because: You are the assignee for the bug.
[kmail2] [Bug 393421] No ability to hide the HTML Message Status Bar
https://bugs.kde.org/show_bug.cgi?id=393421 Martin Steigerwald changed: What|Removed |Added CC||mar...@lichtvoll.de --- Comment #57 from Martin Steigerwald --- Nate, I agree that the current solution looks quite out of place. There is the writing "no HTML message" black on white when the message just has no HTML part. There is the writing "clear text message" black on white, when it has one but the cleartext part is shown. There is the writing "HTML message" white on black when the HTML part is shown. And then there is a bug when switching from HTML part back to clear text part, it still display "HTML message" white on black. So first the choice of colors IMHO is just ugly. The colors do not blend well with Breeze Dark theme. The white on black "HTML message" bar totally looks out of place. Second it has three states, while for the user only one information is important: Is what is currently viewed HTML or is it not. With the option that when both clear text and HTML are available, that HTML status bar allows to toggle. In addition in my KMail configuration for security reason I do not even let it render HTML without my prior confirmation. Thus I have a box with red frame at the top of the mail with "Note: This is an HTML message. For security reasons, only the raw HTML code is shown. […]" giving me the option to enable HTML rendering in case I trust the sender. In case KMail is configured like this the vertical bar is completely superfluous. I believe with good user interface design it might be possible to merge both this box and the HTML status bar into one and make it less intrusive. Laurent, Christoph, I kindly ask you to reconsider and at ask for input from VDG team. And if on it, it might be good when VDG people look through the rest of the application as well. Thus I'd reopen the bug and set usability tag. -- You are receiving this mail because: You are the assignee for the bug.
[kmail2] [Bug 392219] Add function for message "Edit as new"
https://bugs.kde.org/show_bug.cgi?id=392219 sun...@hotmail.ru changed: What|Removed |Added Status|REPORTED|RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are the assignee for the bug.
[kmail2] [Bug 393421] No ability to hide the HTML Message Status Bar
https://bugs.kde.org/show_bug.cgi?id=393421 --- Comment #56 from Nate Graham --- I think most people don't object to real security. What people object to here is the following: - It's not clear how this thing actually generates any security. HTML emails are not commonly understood by the average user to be potentially insecure, so warning them than an HTML email is in fact an HTML email is not perceived as a warning of potential danger but rather as a pointless annoyance. - It can't be disabled at the user's preference. Risk is an everyday part of life, but there is no way for a knowledgeable or confident user to knowingly accept the risk of HTML emails in KMail they way they can knowingly accept the risk of driving a car, participating in sports, etc. It feels insulting when the software says, "you can't handle this risk". Imagine how infuriating it would be if your car told you "Warning! Driving a car is dangerous! Please drive safely!" every time you turned it on. - It's ugly. There are many ways to communicate this information in ways that are not so visually objectionable. Thunderbird uses a horizontal bar with a yellow background that looks much better, for example. -- You are receiving this mail because: You are the assignee for the bug.
[kmail2] [Bug 400717] Kmail hangs when clicking on mail
https://bugs.kde.org/show_bug.cgi?id=400717 Christoph Feck changed: What|Removed |Added Status|REPORTED|NEEDSINFO Resolution|--- |WAITINGFORINFO --- Comment #3 from Christoph Feck --- Could you please check if this works with KMail 5.8.0 (from KDE Applications 18.04.0) or newer? It is probably a duplicate of bug 387177. -- You are receiving this mail because: You are the assignee for the bug.
[kmail2] [Bug 387177] KMail crashes on exit - accessing KMMainWindow status bar during destruction?
https://bugs.kde.org/show_bug.cgi?id=387177 Christoph Feck changed: What|Removed |Added CC||jamesseit...@gmail.com --- Comment #5 from Christoph Feck --- *** Bug 404118 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are the assignee for the bug.
[kmail2] [Bug 404118] Kmail crashes when exiting after hanging while moving message to trash gmail account
https://bugs.kde.org/show_bug.cgi?id=404118 Christoph Feck changed: What|Removed |Added Resolution|--- |DUPLICATE Status|REPORTED|RESOLVED --- Comment #1 from Christoph Feck --- *** This bug has been marked as a duplicate of bug 387177 *** -- You are receiving this mail because: You are the assignee for the bug.
[kmail2] [Bug 393421] No ability to hide the HTML Message Status Bar
https://bugs.kde.org/show_bug.cgi?id=393421 --- Comment #55 from Christoph Feck --- It is a security reason. You could receive an HTML mail that looks like a plain text mail, and with HTML you have the ability to embed malicious links everywhere. If you have no way to see that the message is actually an HTML message, i.e. _outside_ the message viewer, you could click those links without being aware that they link to sites that you don't see in the text. I agree, though, that there could be other possibilities to inform the user of HTML mails, e.g. via statusbar or toolbar icons. But if they are too non-obvious, you could miss them. In other words, if the security bar is in your face, it actually works as intended. Also, the message viewer doesn't know about other UI elements. If you find a different way that doesn't compromise security, please let us know. Patches to https://phabricator.kde.org/differential/diff/create/ -- You are receiving this mail because: You are the assignee for the bug.
[kmail2] [Bug 404704] New: Kmail has no option to show complete message header
https://bugs.kde.org/show_bug.cgi?id=404704 Bug ID: 404704 Summary: Kmail has no option to show complete message header Product: kmail2 Version: unspecified Platform: Chakra OS: Linux Status: REPORTED Severity: normal Priority: NOR Component: UI Assignee: kdepim-bugs@kde.org Reporter: knut.hildebra...@gmx.de Target Milestone: --- SUMMARY Under "/View/Headers" there is a bunch of options available to display the message header in different ways. I'm not sure if there was an option "Complete Headers" or not, but if so it's gone. The closest I see is "Long Headers", which only changes the design of the headers section, but not the amount of information shown. In older versions of Kmail there was a way to display the complete header information of a message. Where do I find it now? STEPS TO REPRODUCE 1. go to "/View/Headers" 2. choose new header OBSERVED RESULT minor changes in design of header section EXPECTED RESULT at least one option should show complete header information in a simple manner SOFTWARE/OS VERSIONS Linux/KDE Plasma: Chakra Linux Plasma: 5.15.0 Framworks: 5.55.0 Applications: 18.12.2 QT: 5.12.0 Kmail: 5.10.2 -- You are receiving this mail because: You are the assignee for the bug.
[akregator] [Bug 202370] closing tab sets focus to search instead of content
https://bugs.kde.org/show_bug.cgi?id=202370 --- Comment #17 from frank --- seems fixed to me (v5.10.2) -- You are receiving this mail because: You are the assignee for the bug.
[akregator] [Bug 387898] high cpu usage on QtWebEngineProcess when using akregator's internal browser
https://bugs.kde.org/show_bug.cgi?id=387898 frank changed: What|Removed |Added Resolution|--- |FIXED Status|REPORTED|RESOLVED --- Comment #1 from frank --- not true anymore with akregator 5.10.2 -- You are receiving this mail because: You are the assignee for the bug.
[kmail2] [Bug 404700] New: Unable to select GPG key not matching identity email
https://bugs.kde.org/show_bug.cgi?id=404700 Bug ID: 404700 Summary: Unable to select GPG key not matching identity email Product: kmail2 Version: unspecified Platform: Archlinux Packages OS: Linux Status: REPORTED Severity: normal Priority: NOR Component: crypto Assignee: kdepim-bugs@kde.org Reporter: ae...@imirhil.fr Target Milestone: --- Previously (version unknown, will try to find a working one later), when creating a kmail identity, you can choose a GPG key not matching your email identity. This is useful at least for alias identity using a foo+...@example.org email address but a f...@example.org GPG identity. In new version (18.12.2-1 arch package), the GPG key drop-down only selects GPG key with a identity matching the given email, and no entry to manually select another key. -- You are receiving this mail because: You are the assignee for the bug.
[Akonadi] [Bug 404517] crash of akonadi_birthdays_resource
https://bugs.kde.org/show_bug.cgi?id=404517 --- Comment #1 from Wolfgang Bauer --- *** Bug 404689 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are the assignee for the bug.
[Akonadi] [Bug 404689] crash of akonadi_birthdays_resource
https://bugs.kde.org/show_bug.cgi?id=404689 Wolfgang Bauer changed: What|Removed |Added Status|REPORTED|RESOLVED CC||wba...@tmo.at Resolution|--- |DUPLICATE --- Comment #1 from Wolfgang Bauer --- Same backtrace as in your previous report. *** This bug has been marked as a duplicate of bug 404517 *** -- You are receiving this mail because: You are the assignee for the bug.
[kmail2] [Bug 360194] Archiving takes current date, not date of messages
https://bugs.kde.org/show_bug.cgi?id=360194 --- Comment #3 from totte --- This is reproducible with KMail 5.10.2 in Chakra. -- You are receiving this mail because: You are the assignee for the bug.
[kmail2] [Bug 360194] Archiving takes current date, not date of messages
https://bugs.kde.org/show_bug.cgi?id=360194 totte changed: What|Removed |Added CC||to...@chakralinux.org -- You are receiving this mail because: You are the assignee for the bug.
[kmail2] [Bug 404698] Decryption Oracle based on replying to PGP or S/MIME encrypted emails
https://bugs.kde.org/show_bug.cgi?id=404698 --- Comment #2 from Jens Mueller --- Created attachment 118289 --> https://bugs.kde.org/attachment.cgi?id=118289=edit Proof-of-concept S/MIME -- You are receiving this mail because: You are the assignee for the bug.
[kmail2] [Bug 404698] Decryption Oracle based on replying to PGP or S/MIME encrypted emails
https://bugs.kde.org/show_bug.cgi?id=404698 --- Comment #1 from Jens Mueller --- Created attachment 118288 --> https://bugs.kde.org/attachment.cgi?id=118288=edit Proof-of-concept PGP -- You are receiving this mail because: You are the assignee for the bug.
[kmail2] [Bug 404698] New: Decryption Oracle based on replying to PGP or S/MIME encrypted emails
https://bugs.kde.org/show_bug.cgi?id=404698 Bug ID: 404698 Summary: Decryption Oracle based on replying to PGP or S/MIME encrypted emails Product: kmail2 Version: unspecified Platform: Debian stable OS: Linux Status: REPORTED Severity: normal Priority: NOR Component: crypto Assignee: kdepim-bugs@kde.org Reporter: jens.a.mueller+...@rub.de Target Milestone: --- In the scope of academic research in cooperation with Ruhr-Uni Bochum and FH Münster, Germany we discovered a security issue in KMail: An attacker who is in possession of PGP or S/MIME encrypted messages can embed them into a multipart message and re-send them to the intended receiver. When the message is read and decrypted by the receiver, the attacker's content is shown. If the victim replies, the plaintext is leaked to an attacker's email address. The root cause for these vulnerabilities lies in the way KMail (and many other mail clients) handle partially encrypted multipart messages. - *Leaking plaintext through reply/forward* - /Attacker model/: Attacker is in possession of PGP or S/MIME encrypted messages, which she may have obtained as passive man-in-the-middle or by actively hacking into the victim's mail server or gateway /Attacker's goal/: Leak the plaintext by wrapping the ciphertext part within a benign-looking MIME mail sent to and decrypted+replied to by the victim /Attack outline:/ If KMail receives a multipart email, as depicted below, it decrypt the ciphertext part(s), together with the attacker-controlled text (which may be prepended and/or appended). multipart/mixed |--- Attacker's part |--- [encrypted part to leak] +--- [Attacker's encrypted part] A benign-looking attacker's text may lure the victim into replying. Because the decrypted part is also quoted in the reply, the user unintentionally acts as a decryption oracle. To obfuscate the existence of the encrypted part(s), the attacker may add a lot of newlines or hide it within a long conversation history. A user replying to such a ‘mixed content’ conversation thereby leaks the plaintext of encrypted messages wrapped within attacker-controlled text. Please find attached a raw .eml file which depicts the issue. --- Countermeasures --- Do not decrypt emails unless the PGP or S/MIME encrypted part is the root node -- and therefore the only part -- in the MIME tree (exception: multipart/signed for encrypted-then-signed S/MIME messages). Another, potentially less secure, option would be to quote only the very first MIME part in replies. -- You are receiving this mail because: You are the assignee for the bug.
[libkgapi] [Bug 342369] akonadi google contacts5 does not respect view
https://bugs.kde.org/show_bug.cgi?id=342369 --- Comment #12 from Daniel Vrátil --- The problem is that if we keep some data only locally because we cannot sync them to Google, it goes against the principle of Akonadi being only a cache and it can also lead to data loss - if you would delete your Akonadi database, you would lose all this information that we couldn't upload to Google. We should encode the custom fields that Google does not support out-of-the-box into some "extra" fields that we can sync to Google (but unfortunately no other clients will likely be able to understand them), and eventually have the feature where the Contact Editor would only allow changing fields that the respective backend supports (so if Google does not support Contact name ordering, we would simply not make it configurable when creating a new contact in Google Contacts addressbook). For now, I'll look into the first step - encoding everything into the extra fields. -- You are receiving this mail because: You are on the CC list for the bug.
[Akonadi] [Bug 381636] Clicking Server->Start, the program crash
https://bugs.kde.org/show_bug.cgi?id=381636 David E. Narvaez changed: What|Removed |Added Resolution|--- |FIXED Latest Commit||https://commits.kde.org/ako ||nadi/a9570303d08a1b2099d862 ||f115c8f2b99fe0fbc7 Status|REPORTED|RESOLVED --- Comment #7 from David E. Narvaez --- Git commit a9570303d08a1b2099d862f115c8f2b99fe0fbc7 by David E. Narváez. Committed on 22/02/2019 at 09:53. Pushed by narvaez into branch 'Applications/18.12'. Destroy the Connection Through the Session Thread Summary: This is the proper way to destroy a server connection. Reviewers: #kde_pim, dvratil Reviewed By: #kde_pim, dvratil Subscribers: dvratil, kde-pim Tags: #kde_pim Differential Revision: https://phabricator.kde.org/D19212 M +1-1src/core/session.cpp https://commits.kde.org/akonadi/a9570303d08a1b2099d862f115c8f2b99fe0fbc7 -- You are receiving this mail because: You are the assignee for the bug.
[libkgapi] [Bug 342369] akonadi google contacts5 does not respect view
https://bugs.kde.org/show_bug.cgi?id=342369 --- Comment #11 from Philippe ROUBACH --- i think generaly a contact item must be a merge of a kaddress contact item and a google contact item. this is a general rule for syncing. sync must not lead to lost. -- You are receiving this mail because: You are on the CC list for the bug.
[libkgapi] [Bug 342369] akonadi google contacts5 does not respect view
https://bugs.kde.org/show_bug.cgi?id=342369 --- Comment #10 from Philippe ROUBACH --- also kaddressbook tags are deleted by sync. -- You are receiving this mail because: You are on the CC list for the bug.
[libkgapi] [Bug 342369] akonadi google contacts5 does not respect view
https://bugs.kde.org/show_bug.cgi?id=342369 --- Comment #9 from Daniel Vrátil --- Also, let's keep this bug only about the name order, I saw the other reports about photo issues :) Please report the problem with the country separately. -- You are receiving this mail because: You are on the CC list for the bug.
[Akonadi] [Bug 404517] crash of akonadi_birthdays_resource
https://bugs.kde.org/show_bug.cgi?id=404517 Freek de Kruijf changed: What|Removed |Added Summary|crash of|crash of |akonadi_birthdaus_resource |akonadi_birthdays_resource -- You are receiving this mail because: You are the assignee for the bug.
[Akonadi] [Bug 404689] New: crash of akonadi_birthdays_resource
https://bugs.kde.org/show_bug.cgi?id=404689 Bug ID: 404689 Summary: crash of akonadi_birthdays_resource Product: Akonadi Version: unspecified Platform: openSUSE RPMs OS: Linux Status: REPORTED Severity: normal Priority: NOR Component: Birthdays Resource Assignee: kdepim-bugs@kde.org Reporter: freekdekru...@kde.nl Target Milestone: --- Created attachment 118284 --> https://bugs.kde.org/attachment.cgi?id=118284=edit akonadi_birthdays_resource-20190222-103009.kcrash.txt SUMMARY crash of akonadi_birthdays_resource STEPS TO REPRODUCE 1. not really possible 2. 3. OBSERVED RESULT crash of akonadi_birthdays_resource right after start of Plasma session. DrKonqi backtrace attached. EXPECTED RESULT SOFTWARE/OS VERSIONS Windows: MacOS: Linux/KDE Plasma: (available in About System) KDE Plasma Version: KDE Frameworks Version: Qt Version: ADDITIONAL INFORMATION -- You are receiving this mail because: You are the assignee for the bug.
[libkgapi] [Bug 342369] akonadi google contacts5 does not respect view
https://bugs.kde.org/show_bug.cgi?id=342369 --- Comment #8 from Daniel Vrátil --- I see - this is an attribute that is stored in the contact itself, very likely gets lost on next sync because Google doesn't support it. I'll see if we can be more clever about keeping local information during contact sync, only overwrite things that Google actually supports. -- You are receiving this mail because: You are on the CC list for the bug.
