1 |
commit: 835ed520d32ad8721f0fa83b81432f244a14f187 |
2 |
Author: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org> |
3 |
AuthorDate: Thu Jun 25 12:08:06 2020 +0000 |
4 |
Commit: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu Jun 25 12:11:30 2020 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=835ed520 |
7 |
|
8 |
mail-client/trojita: Fix improper certificate validation |
9 |
|
10 |
Bug: https://bugs.gentoo.org/729596 |
11 |
Package-Manager: Portage-2.3.103, Repoman-2.3.23 |
12 |
Signed-off-by: Andreas Sturmlechner <asturm <AT> gentoo.org> |
13 |
|
14 |
.../files/trojita-0.7-smtp-handle-tls-errors.patch | 82 +++++++++++++++++++++ |
15 |
mail-client/trojita/trojita-0.7-r3.ebuild | 83 ++++++++++++++++++++++ |
16 |
2 files changed, 165 insertions(+) |
17 |
|
18 |
diff --git a/mail-client/trojita/files/trojita-0.7-smtp-handle-tls-errors.patch b/mail-client/trojita/files/trojita-0.7-smtp-handle-tls-errors.patch |
19 |
new file mode 100644 |
20 |
index 00000000000..44f1a5dab01 |
21 |
--- /dev/null |
22 |
+++ b/mail-client/trojita/files/trojita-0.7-smtp-handle-tls-errors.patch |
23 |
@@ -0,0 +1,82 @@ |
24 |
+From 77ddd5d44f2bf4155d0c9b6f7d05f01713b32d5d Mon Sep 17 00:00:00 2001 |
25 |
+From: Jan Kundrát <jkt@×××.org> |
26 |
+Date: Thu, 25 Jun 2020 11:30:51 +0200 |
27 |
+Subject: [PATCH] SMTP: Do not ignore TLS errors |
28 |
+ |
29 |
+This fixes a CVE-2020-15047 (category: CWE-295). Since commit 0083eea5ed |
30 |
+which added initial, experimental support for SMTP message submission, |
31 |
+we have apparently never implemented proper SSL/TLS error handling, and |
32 |
+the code has ever since just kept silently ignoring any certificate |
33 |
+verification errors. As a result, Trojita was susceptible to a MITM |
34 |
+attack when sending e-mails. The information leaked include user's |
35 |
+authentication details, including the password, and the content of sent |
36 |
+messages. |
37 |
+ |
38 |
+Sorry for this :(. |
39 |
+ |
40 |
+Now, this patch re-enabes proper TLS error handling. It was not possible |
41 |
+to directly re-use our code for TLS key pinning which we are using for |
42 |
+IMAP connections. In the Qt TLS code, the decision to accept or not |
43 |
+accept a TLS connection is a blocking one, so the IMAP code relies upon |
44 |
+the protocol state machine (i.e., another layer) for deciding whether to |
45 |
+use or not to use the just-established TLS connection. Implementing an |
46 |
+equivalent code in the SMTP library would be nice, but this hot-fix has |
47 |
+a priority. As a result, SMTP connections to hosts with, e.g., |
48 |
+self-signed TLS certs, are no longer possible. Let's hope that this is |
49 |
+not a practical problem with Lets Encrypt anymore. |
50 |
+ |
51 |
+Thanks to Damian Poddebniak for reporting this bug. |
52 |
+ |
53 |
+Change-Id: Icd6bbb2b0fb3e45159fc9699ebd07ab84262fe37 |
54 |
+CVE: CVE-2020-15047 |
55 |
+BUG: 423453 |
56 |
+--- |
57 |
+ |
58 |
+diff --git a/src/MSA/SMTP.cpp b/src/MSA/SMTP.cpp |
59 |
+index 3a05451..ac1eefc 100644 |
60 |
+--- a/src/MSA/SMTP.cpp |
61 |
++++ b/src/MSA/SMTP.cpp |
62 |
+@@ -21,6 +21,7 @@ |
63 |
+ along with this program. If not, see <http://www.gnu.org/licenses/>. |
64 |
+ */ |
65 |
+ #include "SMTP.h" |
66 |
++#include "UiUtils/Formatting.h" |
67 |
+ |
68 |
+ namespace MSA |
69 |
+ { |
70 |
+@@ -32,8 +33,8 @@ |
71 |
+ user(user), failed(false), isWaitingForPassword(false), sendingMode(MODE_SMTP_INVALID) |
72 |
+ { |
73 |
+ qwwSmtp = new QwwSmtpClient(this); |
74 |
+- // FIXME: handle SSL errors properly |
75 |
+- connect(qwwSmtp, &QwwSmtpClient::sslErrors, qwwSmtp, &QwwSmtpClient::ignoreSslErrors); |
76 |
++ // FIXME: handle SSL errors in the same way as we handle IMAP TLS errors, with key pinning, etc. |
77 |
++ connect(qwwSmtp, &QwwSmtpClient::sslErrors, this, &SMTP::handleSslErrors); |
78 |
+ connect(qwwSmtp, &QwwSmtpClient::connected, this, &AbstractMSA::sending); |
79 |
+ connect(qwwSmtp, &QwwSmtpClient::done, this, &SMTP::handleDone); |
80 |
+ connect(qwwSmtp, &QwwSmtpClient::socketError, this, &SMTP::handleError); |
81 |
+@@ -78,6 +79,12 @@ |
82 |
+ emit error(msg); |
83 |
+ } |
84 |
+ |
85 |
++void SMTP::handleSslErrors(const QList<QSslError>& errors) |
86 |
++{ |
87 |
++ auto msg = UiUtils::Formatting::sslErrorsToHtml(errors); |
88 |
++ emit error(tr("<p>Cannot send message due to an SSL/TLS error</p>\n%1").arg(msg)); |
89 |
++} |
90 |
++ |
91 |
+ void SMTP::setPassword(const QString &password) |
92 |
+ { |
93 |
+ pass = password; |
94 |
+diff --git a/src/MSA/SMTP.h b/src/MSA/SMTP.h |
95 |
+index 453407d..913bb87 100644 |
96 |
+--- a/src/MSA/SMTP.h |
97 |
++++ b/src/MSA/SMTP.h |
98 |
+@@ -43,6 +43,7 @@ |
99 |
+ virtual void setPassword(const QString &password); |
100 |
+ void handleDone(bool ok); |
101 |
+ void handleError(QAbstractSocket::SocketError err, const QString &msg); |
102 |
++ void handleSslErrors(const QList<QSslError>& errors); |
103 |
+ private: |
104 |
+ QwwSmtpClient *qwwSmtp; |
105 |
+ QString host; |
106 |
|
107 |
diff --git a/mail-client/trojita/trojita-0.7-r3.ebuild b/mail-client/trojita/trojita-0.7-r3.ebuild |
108 |
new file mode 100644 |
109 |
index 00000000000..4d4f81542cb |
110 |
--- /dev/null |
111 |
+++ b/mail-client/trojita/trojita-0.7-r3.ebuild |
112 |
@@ -0,0 +1,83 @@ |
113 |
+# Copyright 1999-2020 Gentoo Authors |
114 |
+# Distributed under the terms of the GNU General Public License v2 |
115 |
+ |
116 |
+EAPI=7 |
117 |
+ |
118 |
+if [[ ${PV} = *9999* ]]; then |
119 |
+ EGIT_REPO_URI="https://anongit.kde.org/${PN}.git" |
120 |
+ inherit git-r3 |
121 |
+else |
122 |
+ SRC_URI="mirror://sourceforge/${PN}/${P}.tar.xz" |
123 |
+ KEYWORDS="~amd64 ~x86" |
124 |
+fi |
125 |
+inherit cmake virtualx xdg |
126 |
+ |
127 |
+DESCRIPTION="A Qt IMAP e-mail client" |
128 |
+HOMEPAGE="http://trojita.flaska.net/" |
129 |
+ |
130 |
+LICENSE="|| ( GPL-2 GPL-3 )" |
131 |
+SLOT="0" |
132 |
+IUSE="+crypt +dbus debug +password test +zlib" |
133 |
+ |
134 |
+REQUIRED_USE="password? ( dbus )" |
135 |
+RESTRICT="!test? ( test )" |
136 |
+ |
137 |
+BDEPEND=" |
138 |
+ dev-qt/linguist-tools:5 |
139 |
+ zlib? ( virtual/pkgconfig ) |
140 |
+" |
141 |
+RDEPEND=" |
142 |
+ dev-qt/qtcore:5 |
143 |
+ dev-qt/qtgui:5 |
144 |
+ dev-qt/qtnetwork:5[ssl] |
145 |
+ dev-qt/qtsql:5[sqlite] |
146 |
+ dev-qt/qtsvg:5 |
147 |
+ dev-qt/qtwebkit:5 |
148 |
+ dev-qt/qtwidgets:5 |
149 |
+ crypt? ( |
150 |
+ >=app-crypt/gpgme-1.8.0[cxx,qt5] |
151 |
+ dev-libs/mimetic |
152 |
+ ) |
153 |
+ dbus? ( dev-qt/qtdbus:5 ) |
154 |
+ password? ( dev-libs/qtkeychain[qt5(+)] ) |
155 |
+ zlib? ( sys-libs/zlib ) |
156 |
+" |
157 |
+DEPEND="${RDEPEND} |
158 |
+ test? ( dev-qt/qttest:5 ) |
159 |
+" |
160 |
+ |
161 |
+DOCS=( README LICENSE ) |
162 |
+ |
163 |
+PATCHES=( |
164 |
+ "${FILESDIR}/${P}-gpgme.patch" |
165 |
+ "${FILESDIR}/${P}-gpg-tests.patch" |
166 |
+ "${FILESDIR}/${P}-qt-5.11b3.patch" |
167 |
+ "${FILESDIR}/${P}-qt-5.15.patch" |
168 |
+ "${FILESDIR}/${P}-smtp-handle-tls-errors.patch" # bug 729596 |
169 |
+) |
170 |
+ |
171 |
+src_prepare() { |
172 |
+ cmake_src_prepare |
173 |
+ |
174 |
+ # the build system is taking a look at `git describe ... --dirty` and |
175 |
+ # gentoo's modifications to CMakeLists.txt break these |
176 |
+ sed -e "s/--dirty//" -i cmake/TrojitaVersion.cmake || die "Cannot fix the version check" |
177 |
+} |
178 |
+ |
179 |
+src_configure() { |
180 |
+ local mycmakeargs=( |
181 |
+ -DWITH_CRYPTO_MESSAGES=$(usex crypt) |
182 |
+ -DWITH_GPGMEPP=$(usex crypt) |
183 |
+ -DWITH_MIMETIC=$(usex crypt) |
184 |
+ -DWITH_DBUS=$(usex dbus) |
185 |
+ -DWITH_QTKEYCHAIN_PLUGIN=$(usex password) |
186 |
+ -DWITH_TESTS=$(usex test) |
187 |
+ -DWITH_ZLIB=$(usex zlib) |
188 |
+ ) |
189 |
+ |
190 |
+ cmake_src_configure |
191 |
+} |
192 |
+ |
193 |
+src_test() { |
194 |
+ virtx cmake_src_test |
195 |
+} |