[gentoo-commits] repo/gentoo:master commit in: mail-client/trojita/files/, mail-client/trojita/ - gentoo-commits

From:	Andreas Sturmlechner <asturm@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: mail-client/trojita/files/, mail-client/trojita/
Date:	Thu, 25 Jun 2020 12:12:12
Message-Id:	`1593087090.835ed520d32ad8721f0fa83b81432f244a14f187.asturm@gentoo`

1

commit:     835ed520d32ad8721f0fa83b81432f244a14f187

2

Author:     Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>

3

AuthorDate: Thu Jun 25 12:08:06 2020 +0000

4

Commit:     Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>

5

CommitDate: Thu Jun 25 12:11:30 2020 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=835ed520

7

8

mail-client/trojita: Fix improper certificate validation

9

10

Bug: https://bugs.gentoo.org/729596

11

Package-Manager: Portage-2.3.103, Repoman-2.3.23

12

Signed-off-by: Andreas Sturmlechner <asturm <AT> gentoo.org>

13

14

 .../files/trojita-0.7-smtp-handle-tls-errors.patch | 82 +++++++++++++++++++++

15

 mail-client/trojita/trojita-0.7-r3.ebuild          | 83 ++++++++++++++++++++++

16

 2 files changed, 165 insertions(+)

17

18

diff --git a/mail-client/trojita/files/trojita-0.7-smtp-handle-tls-errors.patch b/mail-client/trojita/files/trojita-0.7-smtp-handle-tls-errors.patch

19

new file mode 100644

20

index 00000000000..44f1a5dab01

21

--- /dev/null

22

+++ b/mail-client/trojita/files/trojita-0.7-smtp-handle-tls-errors.patch

23

@@ -0,0 +1,82 @@

24

+From 77ddd5d44f2bf4155d0c9b6f7d05f01713b32d5d Mon Sep 17 00:00:00 2001

25

+From: Jan Kundrát <jkt@×××.org>

26

+Date: Thu, 25 Jun 2020 11:30:51 +0200

27

+Subject: [PATCH] SMTP: Do not ignore TLS errors

28

+

29

+This fixes a CVE-2020-15047 (category: CWE-295). Since commit 0083eea5ed

30

+which added initial, experimental support for SMTP message submission,

31

+we have apparently never implemented proper SSL/TLS error handling, and

32

+the code has ever since just kept silently ignoring any certificate

33

+verification errors.  As a result, Trojita was susceptible to a MITM

34

+attack when sending e-mails. The information leaked include user's

35

+authentication details, including the password, and the content of sent

36

+messages.

37

+

38

+Sorry for this :(.

39

+

40

+Now, this patch re-enabes proper TLS error handling. It was not possible

41

+to directly re-use our code for TLS key pinning which we are using for

42

+IMAP connections. In the Qt TLS code, the decision to accept or not

43

+accept a TLS connection is a blocking one, so the IMAP code relies upon

44

+the protocol state machine (i.e., another layer) for deciding whether to

45

+use or not to use the just-established TLS connection. Implementing an

46

+equivalent code in the SMTP library would be nice, but this hot-fix has

47

+a priority. As a result, SMTP connections to hosts with, e.g.,

48

+self-signed TLS certs, are no longer possible. Let's hope that this is

49

+not a practical problem with Lets Encrypt anymore.

50

+

51

+Thanks to Damian Poddebniak for reporting this bug.

52

+

53

+Change-Id: Icd6bbb2b0fb3e45159fc9699ebd07ab84262fe37

54

+CVE: CVE-2020-15047

55

+BUG: 423453

56

+---

57

+

58

+diff --git a/src/MSA/SMTP.cpp b/src/MSA/SMTP.cpp

59

+index 3a05451..ac1eefc 100644

60

+--- a/src/MSA/SMTP.cpp

61

++++ b/src/MSA/SMTP.cpp

62

+@@ -21,6 +21,7 @@

63

+    along with this program.  If not, see <http://www.gnu.org/licenses/>.

64

+ */

65

+ #include "SMTP.h"

66

++#include "UiUtils/Formatting.h"

67

+

68

+ namespace MSA

69

+ {

70

+@@ -32,8 +33,8 @@

71

+     user(user), failed(false), isWaitingForPassword(false), sendingMode(MODE_SMTP_INVALID)

72

+ {

73

+     qwwSmtp = new QwwSmtpClient(this);

74

+-    // FIXME: handle SSL errors properly

75

+-    connect(qwwSmtp, &QwwSmtpClient::sslErrors, qwwSmtp, &QwwSmtpClient::ignoreSslErrors);

76

++    // FIXME: handle SSL errors in the same way as we handle IMAP TLS errors, with key pinning, etc.

77

++    connect(qwwSmtp, &QwwSmtpClient::sslErrors, this, &SMTP::handleSslErrors);

78

+     connect(qwwSmtp, &QwwSmtpClient::connected, this, &AbstractMSA::sending);

79

+     connect(qwwSmtp, &QwwSmtpClient::done, this, &SMTP::handleDone);

80

+     connect(qwwSmtp, &QwwSmtpClient::socketError, this, &SMTP::handleError);

81

+@@ -78,6 +79,12 @@

82

+     emit error(msg);

83

+ }

84

+

85

++void SMTP::handleSslErrors(const QList<QSslError>& errors)

86

++{

87

++    auto msg = UiUtils::Formatting::sslErrorsToHtml(errors);

88

++    emit error(tr("<p>Cannot send message due to an SSL/TLS error</p>\n%1").arg(msg));

89

++}

90

++

91

+ void SMTP::setPassword(const QString &password)

92

+ {

93

+     pass = password;

94

+diff --git a/src/MSA/SMTP.h b/src/MSA/SMTP.h

95

+index 453407d..913bb87 100644

96

+--- a/src/MSA/SMTP.h

97

++++ b/src/MSA/SMTP.h

98

+@@ -43,6 +43,7 @@

99

+     virtual void setPassword(const QString &password);

100

+     void handleDone(bool ok);

101

+     void handleError(QAbstractSocket::SocketError err, const QString &msg);

102

++    void handleSslErrors(const QList<QSslError>& errors);

103

+ private:

104

+     QwwSmtpClient *qwwSmtp;

105

+     QString host;

106

107

diff --git a/mail-client/trojita/trojita-0.7-r3.ebuild b/mail-client/trojita/trojita-0.7-r3.ebuild

108

new file mode 100644

109

index 00000000000..4d4f81542cb

110

--- /dev/null

111

+++ b/mail-client/trojita/trojita-0.7-r3.ebuild

112

@@ -0,0 +1,83 @@

113

+# Copyright 1999-2020 Gentoo Authors

114

+# Distributed under the terms of the GNU General Public License v2

115

+

116

+EAPI=7

117

+

118

+if [[ ${PV} = *9999* ]]; then

119

+	EGIT_REPO_URI="https://anongit.kde.org/${PN}.git"

120

+	inherit git-r3

121

+else

122

+	SRC_URI="mirror://sourceforge/${PN}/${P}.tar.xz"

123

+	KEYWORDS="~amd64 ~x86"

124

+fi

125

+inherit cmake virtualx xdg

126

+

127

+DESCRIPTION="A Qt IMAP e-mail client"

128

+HOMEPAGE="http://trojita.flaska.net/"

129

+

130

+LICENSE="|| ( GPL-2 GPL-3 )"

131

+SLOT="0"

132

+IUSE="+crypt +dbus debug +password test +zlib"

133

+

134

+REQUIRED_USE="password? ( dbus )"

135

+RESTRICT="!test? ( test )"

136

+

137

+BDEPEND="

138

+	dev-qt/linguist-tools:5

139

+	zlib? ( virtual/pkgconfig )

140

+"

141

+RDEPEND="

142

+	dev-qt/qtcore:5

143

+	dev-qt/qtgui:5

144

+	dev-qt/qtnetwork:5[ssl]

145

+	dev-qt/qtsql:5[sqlite]

146

+	dev-qt/qtsvg:5

147

+	dev-qt/qtwebkit:5

148

+	dev-qt/qtwidgets:5

149

+	crypt? (

150

+		>=app-crypt/gpgme-1.8.0[cxx,qt5]

151

+		dev-libs/mimetic

152

+	)

153

+	dbus? ( dev-qt/qtdbus:5 )

154

+	password? ( dev-libs/qtkeychain[qt5(+)] )

155

+	zlib? ( sys-libs/zlib )

156

+"

157

+DEPEND="${RDEPEND}

158

+	test? ( dev-qt/qttest:5 )

159

+"

160

+

161

+DOCS=( README LICENSE )

162

+

163

+PATCHES=(

164

+	"${FILESDIR}/${P}-gpgme.patch"

165

+	"${FILESDIR}/${P}-gpg-tests.patch"

166

+	"${FILESDIR}/${P}-qt-5.11b3.patch"

167

+	"${FILESDIR}/${P}-qt-5.15.patch"

168

+	"${FILESDIR}/${P}-smtp-handle-tls-errors.patch" # bug 729596

169

+)

170

+

171

+src_prepare() {

172

+	cmake_src_prepare

173

+

174

+	# the build system is taking a look at `git describe ... --dirty` and

175

+	# gentoo's modifications to CMakeLists.txt break these

176

+	sed -e "s/--dirty//" -i cmake/TrojitaVersion.cmake || die "Cannot fix the version check"

177

+}

178

+

179

+src_configure() {

180

+	local mycmakeargs=(

181

+		-DWITH_CRYPTO_MESSAGES=$(usex crypt)

182

+		-DWITH_GPGMEPP=$(usex crypt)

183

+		-DWITH_MIMETIC=$(usex crypt)

184

+		-DWITH_DBUS=$(usex dbus)

185

+		-DWITH_QTKEYCHAIN_PLUGIN=$(usex password)

186

+		-DWITH_TESTS=$(usex test)

187

+		-DWITH_ZLIB=$(usex zlib)

188

+	)

189

+

190

+	cmake_src_configure

191

+}

192

+

193

+src_test() {

194

+	virtx cmake_src_test

195

+}

1	commit: 835ed520d32ad8721f0fa83b81432f244a14f187
2	Author: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
3	AuthorDate: Thu Jun 25 12:08:06 2020 +0000
4	Commit: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
5	CommitDate: Thu Jun 25 12:11:30 2020 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=835ed520
7
8	mail-client/trojita: Fix improper certificate validation
9
10	Bug: https://bugs.gentoo.org/729596
11	Package-Manager: Portage-2.3.103, Repoman-2.3.23
12	Signed-off-by: Andreas Sturmlechner <asturm <AT> gentoo.org>
13
14	.../files/trojita-0.7-smtp-handle-tls-errors.patch \| 82 +++++++++++++++++++++
15	mail-client/trojita/trojita-0.7-r3.ebuild \| 83 ++++++++++++++++++++++
16	2 files changed, 165 insertions(+)
17
18	diff --git a/mail-client/trojita/files/trojita-0.7-smtp-handle-tls-errors.patch b/mail-client/trojita/files/trojita-0.7-smtp-handle-tls-errors.patch
19	new file mode 100644
20	index 00000000000..44f1a5dab01
21	--- /dev/null
22	+++ b/mail-client/trojita/files/trojita-0.7-smtp-handle-tls-errors.patch
23	@@ -0,0 +1,82 @@
24	+From 77ddd5d44f2bf4155d0c9b6f7d05f01713b32d5d Mon Sep 17 00:00:00 2001
25	+From: Jan Kundrát <jkt@×××.org>
26	+Date: Thu, 25 Jun 2020 11:30:51 +0200
27	+Subject: [PATCH] SMTP: Do not ignore TLS errors
28	+
29	+This fixes a CVE-2020-15047 (category: CWE-295). Since commit 0083eea5ed
30	+which added initial, experimental support for SMTP message submission,
31	+we have apparently never implemented proper SSL/TLS error handling, and
32	+the code has ever since just kept silently ignoring any certificate
33	+verification errors. As a result, Trojita was susceptible to a MITM
34	+attack when sending e-mails. The information leaked include user's
35	+authentication details, including the password, and the content of sent
36	+messages.
37	+
38	+Sorry for this :(.
39	+
40	+Now, this patch re-enabes proper TLS error handling. It was not possible
41	+to directly re-use our code for TLS key pinning which we are using for
42	+IMAP connections. In the Qt TLS code, the decision to accept or not
43	+accept a TLS connection is a blocking one, so the IMAP code relies upon
44	+the protocol state machine (i.e., another layer) for deciding whether to
45	+use or not to use the just-established TLS connection. Implementing an
46	+equivalent code in the SMTP library would be nice, but this hot-fix has
47	+a priority. As a result, SMTP connections to hosts with, e.g.,
48	+self-signed TLS certs, are no longer possible. Let's hope that this is
49	+not a practical problem with Lets Encrypt anymore.
50	+
51	+Thanks to Damian Poddebniak for reporting this bug.
52	+
53	+Change-Id: Icd6bbb2b0fb3e45159fc9699ebd07ab84262fe37
54	+CVE: CVE-2020-15047
55	+BUG: 423453
56	+---
57	+
58	+diff --git a/src/MSA/SMTP.cpp b/src/MSA/SMTP.cpp
59	+index 3a05451..ac1eefc 100644
60	+--- a/src/MSA/SMTP.cpp
61	++++ b/src/MSA/SMTP.cpp
62	+@@ -21,6 +21,7 @@
63	+ along with this program. If not, see <http://www.gnu.org/licenses/>.
64	+ */
65	+ #include "SMTP.h"
66	++#include "UiUtils/Formatting.h"
67	+
68	+ namespace MSA
69	+ {
70	+@@ -32,8 +33,8 @@
71	+ user(user), failed(false), isWaitingForPassword(false), sendingMode(MODE_SMTP_INVALID)
72	+ {
73	+ qwwSmtp = new QwwSmtpClient(this);
74	+- // FIXME: handle SSL errors properly
75	+- connect(qwwSmtp, &QwwSmtpClient::sslErrors, qwwSmtp, &QwwSmtpClient::ignoreSslErrors);
76	++ // FIXME: handle SSL errors in the same way as we handle IMAP TLS errors, with key pinning, etc.
77	++ connect(qwwSmtp, &QwwSmtpClient::sslErrors, this, &SMTP::handleSslErrors);
78	+ connect(qwwSmtp, &QwwSmtpClient::connected, this, &AbstractMSA::sending);
79	+ connect(qwwSmtp, &QwwSmtpClient::done, this, &SMTP::handleDone);
80	+ connect(qwwSmtp, &QwwSmtpClient::socketError, this, &SMTP::handleError);
81	+@@ -78,6 +79,12 @@
82	+ emit error(msg);
83	+ }
84	+
85	++void SMTP::handleSslErrors(const QList<QSslError>& errors)
86	++{
87	++ auto msg = UiUtils::Formatting::sslErrorsToHtml(errors);
88	++ emit error(tr("<p>Cannot send message due to an SSL/TLS error</p>\n%1").arg(msg));
89	++}
90	++
91	+ void SMTP::setPassword(const QString &password)
92	+ {
93	+ pass = password;
94	+diff --git a/src/MSA/SMTP.h b/src/MSA/SMTP.h
95	+index 453407d..913bb87 100644
96	+--- a/src/MSA/SMTP.h
97	++++ b/src/MSA/SMTP.h
98	+@@ -43,6 +43,7 @@
99	+ virtual void setPassword(const QString &password);
100	+ void handleDone(bool ok);
101	+ void handleError(QAbstractSocket::SocketError err, const QString &msg);
102	++ void handleSslErrors(const QList<QSslError>& errors);
103	+ private:
104	+ QwwSmtpClient *qwwSmtp;
105	+ QString host;
106
107	diff --git a/mail-client/trojita/trojita-0.7-r3.ebuild b/mail-client/trojita/trojita-0.7-r3.ebuild
108	new file mode 100644
109	index 00000000000..4d4f81542cb
110	--- /dev/null
111	+++ b/mail-client/trojita/trojita-0.7-r3.ebuild
112	@@ -0,0 +1,83 @@
113	+# Copyright 1999-2020 Gentoo Authors
114	+# Distributed under the terms of the GNU General Public License v2
115	+
116	+EAPI=7
117	+
118	+if [[ ${PV} = 9999 ]]; then
119	+ EGIT_REPO_URI="https://anongit.kde.org/${PN}.git"
120	+ inherit git-r3
121	+else
122	+ SRC_URI="mirror://sourceforge/${PN}/${P}.tar.xz"
123	+ KEYWORDS="~amd64 ~x86"
124	+fi
125	+inherit cmake virtualx xdg
126	+
127	+DESCRIPTION="A Qt IMAP e-mail client"
128	+HOMEPAGE="http://trojita.flaska.net/"
129	+
130	+LICENSE="\|\| ( GPL-2 GPL-3 )"
131	+SLOT="0"
132	+IUSE="+crypt +dbus debug +password test +zlib"
133	+
134	+REQUIRED_USE="password? ( dbus )"
135	+RESTRICT="!test? ( test )"
136	+
137	+BDEPEND="
138	+ dev-qt/linguist-tools:5
139	+ zlib? ( virtual/pkgconfig )
140	+"
141	+RDEPEND="
142	+ dev-qt/qtcore:5
143	+ dev-qt/qtgui:5
144	+ dev-qt/qtnetwork:5[ssl]
145	+ dev-qt/qtsql:5[sqlite]
146	+ dev-qt/qtsvg:5
147	+ dev-qt/qtwebkit:5
148	+ dev-qt/qtwidgets:5
149	+ crypt? (
150	+ >=app-crypt/gpgme-1.8.0[cxx,qt5]
151	+ dev-libs/mimetic
152	+ )
153	+ dbus? ( dev-qt/qtdbus:5 )
154	+ password? ( dev-libs/qtkeychain[qt5(+)] )
155	+ zlib? ( sys-libs/zlib )
156	+"
157	+DEPEND="${RDEPEND}
158	+ test? ( dev-qt/qttest:5 )
159	+"
160	+
161	+DOCS=( README LICENSE )
162	+
163	+PATCHES=(
164	+ "${FILESDIR}/${P}-gpgme.patch"
165	+ "${FILESDIR}/${P}-gpg-tests.patch"
166	+ "${FILESDIR}/${P}-qt-5.11b3.patch"
167	+ "${FILESDIR}/${P}-qt-5.15.patch"
168	+ "${FILESDIR}/${P}-smtp-handle-tls-errors.patch" # bug 729596
169	+)
170	+
171	+src_prepare() {
172	+ cmake_src_prepare
173	+
174	+ # the build system is taking a look at `git describe ... --dirty` and
175	+ # gentoo's modifications to CMakeLists.txt break these
176	+ sed -e "s/--dirty//" -i cmake/TrojitaVersion.cmake \|\| die "Cannot fix the version check"
177	+}
178	+
179	+src_configure() {
180	+ local mycmakeargs=(
181	+ -DWITH_CRYPTO_MESSAGES=$(usex crypt)
182	+ -DWITH_GPGMEPP=$(usex crypt)
183	+ -DWITH_MIMETIC=$(usex crypt)
184	+ -DWITH_DBUS=$(usex dbus)
185	+ -DWITH_QTKEYCHAIN_PLUGIN=$(usex password)
186	+ -DWITH_TESTS=$(usex test)
187	+ -DWITH_ZLIB=$(usex zlib)
188	+ )
189	+
190	+ cmake_src_configure
191	+}
192	+
193	+src_test() {
194	+ virtx cmake_src_test
195	+}

Gentoo Archives: gentoo-commits