1 |
commit: a787119b1333e52653d3c394fcb0b56cbfd4d0ff |
2 |
Author: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org> |
3 |
AuthorDate: Tue Nov 23 15:55:49 2021 +0000 |
4 |
Commit: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org> |
5 |
CommitDate: Tue Nov 23 20:04:52 2021 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a787119b |
7 |
|
8 |
kde-apps/kimap: Fix CVE-2021-38373 |
9 |
|
10 |
Upstream commit 5aed4138567934c3be20cddb60fe6d7d4a10da0f |
11 |
|
12 |
KDE-bug: https://bugs.kde.org/show_bug.cgi?id=423424 |
13 |
Bug: https://bugs.gentoo.org/807355 |
14 |
Package-Manager: Portage-3.0.28, Repoman-3.0.3 |
15 |
Signed-off-by: Andreas Sturmlechner <asturm <AT> gentoo.org> |
16 |
|
17 |
.../kimap/files/kimap-21.08.3-CVE-2021-38373.patch | 51 ++++++++++++++++++++++ |
18 |
kde-apps/kimap/kimap-21.08.3-r1.ebuild | 42 ++++++++++++++++++ |
19 |
2 files changed, 93 insertions(+) |
20 |
|
21 |
diff --git a/kde-apps/kimap/files/kimap-21.08.3-CVE-2021-38373.patch b/kde-apps/kimap/files/kimap-21.08.3-CVE-2021-38373.patch |
22 |
new file mode 100644 |
23 |
index 000000000000..90d216b0b846 |
24 |
--- /dev/null |
25 |
+++ b/kde-apps/kimap/files/kimap-21.08.3-CVE-2021-38373.patch |
26 |
@@ -0,0 +1,51 @@ |
27 |
+From 5aed4138567934c3be20cddb60fe6d7d4a10da0f Mon Sep 17 00:00:00 2001 |
28 |
+From: Volker Krause <vkrause@×××.org> |
29 |
+Date: Mon, 15 Nov 2021 18:18:28 +0100 |
30 |
+Subject: [PATCH] Treat SSL handshake errors as fatal also when using STARTTLS |
31 |
+ |
32 |
+This fixes the infinite SSL error dialog loop also when using |
33 |
+STARTTLS, the previous fix was only effective for direct TLS |
34 |
+connections. |
35 |
+ |
36 |
+CCBUG: 423424 |
37 |
+(cherry picked from commit cbd3a03bc1d2cec48bb97570633940bbf94c34fa) |
38 |
+--- |
39 |
+ src/loginjob.cpp | 22 +++++++++------------- |
40 |
+ 1 file changed, 9 insertions(+), 13 deletions(-) |
41 |
+ |
42 |
+diff --git a/src/loginjob.cpp b/src/loginjob.cpp |
43 |
+index 7d53187..b5fbede 100644 |
44 |
+--- a/src/loginjob.cpp |
45 |
++++ b/src/loginjob.cpp |
46 |
+@@ -552,19 +552,15 @@ void LoginJob::connectionLost() |
47 |
+ { |
48 |
+ Q_D(LoginJob); |
49 |
+ |
50 |
+- // don't emit the result if the connection was lost before getting the tls result, as it can mean |
51 |
+- // the TLS handshake failed and the socket was reconnected in normal mode |
52 |
+- if (d->authState != LoginJobPrivate::StartTls) { |
53 |
+- qCWarning(KIMAP_LOG) << "Connection to server lost " << d->m_socketError; |
54 |
+- if (d->m_socketError == QAbstractSocket::SslHandshakeFailedError) { |
55 |
+- setError(KJob::UserDefinedError); |
56 |
+- setErrorText(i18n("SSL handshake failed.")); |
57 |
+- emitResult(); |
58 |
+- } else { |
59 |
+- setError(ERR_COULD_NOT_CONNECT); |
60 |
+- setErrorText(i18n("Connection to server lost.")); |
61 |
+- emitResult(); |
62 |
+- } |
63 |
++ qCWarning(KIMAP_LOG) << "Connection to server lost " << d->m_socketError; |
64 |
++ if (d->m_socketError == QAbstractSocket::SslHandshakeFailedError) { |
65 |
++ setError(KJob::UserDefinedError); |
66 |
++ setErrorText(i18n("SSL handshake failed.")); |
67 |
++ emitResult(); |
68 |
++ } else { |
69 |
++ setError(ERR_COULD_NOT_CONNECT); |
70 |
++ setErrorText(i18n("Connection to server lost.")); |
71 |
++ emitResult(); |
72 |
+ } |
73 |
+ } |
74 |
+ |
75 |
+-- |
76 |
+2.34.0 |
77 |
+ |
78 |
|
79 |
diff --git a/kde-apps/kimap/kimap-21.08.3-r1.ebuild b/kde-apps/kimap/kimap-21.08.3-r1.ebuild |
80 |
new file mode 100644 |
81 |
index 000000000000..47f2ded2955a |
82 |
--- /dev/null |
83 |
+++ b/kde-apps/kimap/kimap-21.08.3-r1.ebuild |
84 |
@@ -0,0 +1,42 @@ |
85 |
+# Copyright 1999-2021 Gentoo Authors |
86 |
+# Distributed under the terms of the GNU General Public License v2 |
87 |
+ |
88 |
+EAPI=8 |
89 |
+ |
90 |
+ECM_TEST="forceoptional" |
91 |
+PVCUT=$(ver_cut 1-3) |
92 |
+KFMIN=5.84.0 |
93 |
+QTMIN=5.15.2 |
94 |
+inherit ecm kde.org |
95 |
+ |
96 |
+DESCRIPTION="Library for interacting with IMAP servers" |
97 |
+HOMEPAGE="https://api.kde.org/kdepim/kimap/html/index.html" |
98 |
+ |
99 |
+LICENSE="GPL-2+" |
100 |
+SLOT="5" |
101 |
+KEYWORDS="~amd64 ~arm64 ~ppc64 ~x86" |
102 |
+IUSE="" |
103 |
+ |
104 |
+RDEPEND=" |
105 |
+ dev-libs/cyrus-sasl |
106 |
+ >=dev-qt/qtgui-${QTMIN}:5 |
107 |
+ >=kde-apps/kmime-${PVCUT}:5 |
108 |
+ >=kde-frameworks/kcodecs-${KFMIN}:5 |
109 |
+ >=kde-frameworks/kcoreaddons-${KFMIN}:5 |
110 |
+ >=kde-frameworks/ki18n-${KFMIN}:5 |
111 |
+ >=kde-frameworks/kio-${KFMIN}:5 |
112 |
+" |
113 |
+# TODO: Convince upstream not to install stuff with tests |
114 |
+DEPEND="${RDEPEND} |
115 |
+ test? ( >=dev-qt/qtnetwork-${QTMIN}:5 ) |
116 |
+" |
117 |
+ |
118 |
+PATCHES=( "${FILESDIR}/${P}-CVE-2021-38373.patch" ) |
119 |
+ |
120 |
+src_test() { |
121 |
+ # tests cannot be run in parallel #605586 |
122 |
+ local myctestargs=( |
123 |
+ -j1 |
124 |
+ ) |
125 |
+ ecm_src_test |
126 |
+} |