If an organizer sends me a weekly meeting and I accept it the meeting gets added to my calendar but the recurrence does not. If I then go into my calendar and set the recurrence, korganizer tries to send an e-mail from the organizer (spoofs the organizer's address in the from field) to all attendees. Fortunately my ISP blocks messages that are sent from any address but my registered from addresses so the send fails and I can delete the message from my outbox to prevent it from being sent to all invitees. Reproducible: Always Steps to Reproduce: (my email address would be invitee@meeting.com) 1. Receive e-mail meeting invite from organizer@meeting.com for a weekly meeting 2. Click Accept 3. Go into calendar and open meeting 4. Notice recurrence is not set. 5. Edit meeting manually and set recurrence to weekly Actual Results: Korganizer tries to send a meeting update to all attendees and spoofs the from address as organizer@meeting.com (my address is attendee@meeting.com) Expected Results: Expected result: Add meeting with recurrence. Acceptable result: Add meeting without recurrence, manually add recurrence but do NOT send update from the organizer to all attendees. I'm tagging this as Major because it's would have been real embarrassing if my update had been successfully sent to all attendees. Not to mention it's probably illegal to spoof email addresses in some countries ;)
I can confirm that with kdepim-4.11.1-1.fc19.x86_64. It happens even when I accept invitation to an event. Upon accepting, two emails are being sent - one confirmation to the organizer (OK) and other senseless "meeting summary" to all participants with the spoofed "From" field. It happens even after disabling the "Use Groupware communication" feature in the korganizer settings. This makes korganizer de-facto useless in a corporate environment, as accepting company-wide meeting spams several hundreds / thousands mailboxes with senseless junk - hiding the sender.
I can confirm this behaviour for the KDE 4.11 packages on Kubuntu. (Kontact 4.11.2) Whenever I accept an invitation, two emails are being sent: - One with me as the sender containing the "Accept" answer - One with the Organizer as the sender, which is being sent using my credentials (and works as it is the same domain) to all participants, including myself. This 2nd email actually is a new event invitation that shows up in the inbox of everybody As Martin commented, this renders the groupware communication basically useless -I can't resend all invitations to all participants! Benni
(In reply to comment #2) > I can confirm this behaviour for the KDE 4.11 packages on Kubuntu. (Kontact > 4.11.2) > Whenever I accept an invitation, two emails are being sent: > - One with me as the sender containing the "Accept" answer > - One with the Organizer as the sender, which is being sent using my > credentials (and works as it is the same domain) to all participants, > including myself. This 2nd email actually is a new event invitation that > shows up in the inbox of everybody > > As Martin commented, this renders the groupware communication basically > useless -I can't resend all invitations to all participants! > > Benni That doesn't sound quite like the bug reported here, but another bug. The fact that another e-mail was sent when accepting is fixed for 4.11.3 Changing events which we don't organizer is however buggy, will try to look at it today so it can go in 4.11.3, but most probably it will go into 4.11.4
Git commit 1a8fa1ac755ecd71991116ffffa3362d25126e85 by Sergio Martins. Committed on 31/10/2013 at 01:36. Pushed by smartins into branch 'KDE/4.11'. Don't send CANCEL to attendees when deleting an event we didn't organize. When deleting something that's not ours, only a REPLY with PartStat=Declined must be sent, and to the organizer only. Due to a bug, CANCEL was being sent to everybody, as if we were the organizer. Unit-test will go in master. Bug 318394 should be similar, but for modification instead of deletion. Related: bug 217211, bug 306755 FIXED-IN: 4.11.3 M +12 -7 akonadi/calendar/incidencechanger.cpp http://commits.kde.org/kdepimlibs/1a8fa1ac755ecd71991116ffffa3362d25126e85
Git commit 5efe6da97ced262603b1b5b50798c5df76cc0f0d by Sergio Martins. Committed on 31/10/2013 at 21:48. Pushed by smartins into branch 'KDE/4.11'. Fix bug where we would send an e-mail with a forged From: This case happened when we were not the organizer and then modified the event. An e-mail would be sent with From: <organizer>, with *all* participants in CC. The correct is to not send anything, because the user was already warned via message boz that the event will become out of sync with the organizer's. Related: bug 289533 FIXED-IN: 4.11.3 M +4 -3 akonadi/calendar/incidencechanger.cpp M +11 -0 akonadi/calendar/tests/itiphandlertest.cpp http://commits.kde.org/kdepimlibs/5efe6da97ced262603b1b5b50798c5df76cc0f0d