| 1 |
commit: a89ecdd740bdd213af85f03950fdcdaeef4a12ec |
| 2 |
Author: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Sun Jun 28 20:47:13 2020 +0000 |
| 4 |
Commit: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Sun Jun 28 21:55:22 2020 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a89ecdd7 |
| 7 |
|
| 8 |
mail-client/trojita: Fix CVE-2019-10734 |
| 9 |
|
| 10 |
KDE-bug: https://bugs.kde.org/show_bug.cgi?id=404697 |
| 11 |
Bug: https://bugs.gentoo.org/729596 |
| 12 |
Package-Manager: Portage-2.3.103, Repoman-2.3.23 |
| 13 |
Signed-off-by: Andreas Sturmlechner <asturm <AT> gentoo.org> |
| 14 |
|
| 15 |
.../trojita/files/trojita-0.7-CVE-2019-10734.patch | 104 +++++++++++++++++++++ |
| 16 |
mail-client/trojita/trojita-0.7-r4.ebuild | 84 +++++++++++++++++ |
| 17 |
2 files changed, 188 insertions(+) |
| 18 |
|
| 19 |
diff --git a/mail-client/trojita/files/trojita-0.7-CVE-2019-10734.patch b/mail-client/trojita/files/trojita-0.7-CVE-2019-10734.patch |
| 20 |
new file mode 100644 |
| 21 |
index 00000000000..d52edb042ad |
| 22 |
--- /dev/null |
| 23 |
+++ b/mail-client/trojita/files/trojita-0.7-CVE-2019-10734.patch |
| 24 |
@@ -0,0 +1,104 @@ |
| 25 |
+From 8db7f450d52539b4c72ee968384911b6813ad1e7 Mon Sep 17 00:00:00 2001 |
| 26 |
+From: =?UTF-8?q?Jan=20Kundr=C3=A1t?= <jkt@×××.org> |
| 27 |
+Date: Thu, 25 Jun 2020 21:39:34 +0200 |
| 28 |
+Subject: [PATCH] Prevent a possible decryption oracle attack |
| 29 |
+MIME-Version: 1.0 |
| 30 |
+Content-Type: text/plain; charset=UTF-8 |
| 31 |
+Content-Transfer-Encoding: 8bit |
| 32 |
+ |
| 33 |
+Thanks to Jens Mueller (Ruhr-Uni Bochum and FH Münster) for reporting |
| 34 |
+this. The gist is that an attacker can embed arbitrary ciphertext into |
| 35 |
+their messages. Trojita decrypts that, and when we hit reply, the |
| 36 |
+original *cleartext* gets quoted and put into a reply for the attacker |
| 37 |
+to see. |
| 38 |
+ |
| 39 |
+Fix this by not quoting any plaintext which originated in an encrypted |
| 40 |
+message. That's pretty draconian, but hey, it works and we never came up |
| 41 |
+with any better patch. Also, given that Trojita does not encrypt |
| 42 |
+outgoing messages yet, this is probably also a conservative thing to do. |
| 43 |
+ |
| 44 |
+Change-Id: I84c45b9e707eb7c99eb7183c6ef59ef41cd62c43 |
| 45 |
+CVE: CVE-2019-10734 |
| 46 |
+BUG: 404697 |
| 47 |
+--- |
| 48 |
+ src/Cryptography/GpgMe++.cpp | 2 ++ |
| 49 |
+ src/Gui/MessageView.cpp | 9 ++++++++- |
| 50 |
+ src/Gui/PartWidget.cpp | 8 ++++++++ |
| 51 |
+ src/Imap/Model/ItemRoles.h | 2 +- |
| 52 |
+ 4 files changed, 19 insertions(+), 2 deletions(-) |
| 53 |
+ |
| 54 |
+diff --git a/src/Cryptography/GpgMe++.cpp b/src/Cryptography/GpgMe++.cpp |
| 55 |
+index e012f603..716b8aff 100644 |
| 56 |
+--- a/src/Cryptography/GpgMe++.cpp |
| 57 |
++++ b/src/Cryptography/GpgMe++.cpp |
| 58 |
+@@ -267,6 +267,8 @@ QVariant GpgMePart::data(int role) const |
| 59 |
+ switch (role) { |
| 60 |
+ case Imap::Mailbox::RolePartSignatureVerifySupported: |
| 61 |
+ return m_wasSigned; |
| 62 |
++ case RolePartDecryptionSupported: |
| 63 |
++ return m_isAllegedlyEncrypted; |
| 64 |
+ case RolePartCryptoNotFinishedYet: |
| 65 |
+ return m_waitingForData || |
| 66 |
+ (m_crypto.valid() && |
| 67 |
+diff --git a/src/Gui/MessageView.cpp b/src/Gui/MessageView.cpp |
| 68 |
+index 7d649308..c95e0878 100644 |
| 69 |
+--- a/src/Gui/MessageView.cpp |
| 70 |
++++ b/src/Gui/MessageView.cpp |
| 71 |
+@@ -354,7 +354,6 @@ bool MessageView::eventFilter(QObject *object, QEvent *event) |
| 72 |
+ QString MessageView::quoteText() const |
| 73 |
+ { |
| 74 |
+ if (auto w = bodyWidget()) { |
| 75 |
+- QStringList quote = Composer::quoteText(w->quoteMe().split(QLatin1Char('\n'))); |
| 76 |
+ const Imap::Message::Envelope &e = message.data(Imap::Mailbox::RoleMessageEnvelope).value<Imap::Message::Envelope>(); |
| 77 |
+ QString sender; |
| 78 |
+ if (!e.from.isEmpty()) |
| 79 |
+@@ -362,6 +361,14 @@ QString MessageView::quoteText() const |
| 80 |
+ if (e.from.isEmpty()) |
| 81 |
+ sender = tr("you"); |
| 82 |
+ |
| 83 |
++ if (messageModel->index(0, 0) /* fake message root */.child(0, 0) /* first MIME part */.data(Imap::Mailbox::RolePartDecryptionSupported).toBool()) { |
| 84 |
++ // This is just an UX improvement shortcut: real filtering for CVE-2019-10734 is in |
| 85 |
++ // MultipartSignedEncryptedWidget::quoteMe(). |
| 86 |
++ // That is required because the encrypted part might not be the root part of the message. |
| 87 |
++ return tr("On %1, %2 sent an encrypted message:\n> ...\n\n").arg(e.date.toLocalTime().toString(Qt::SystemLocaleLongDate), sender); |
| 88 |
++ } |
| 89 |
++ |
| 90 |
++ QStringList quote = Composer::quoteText(w->quoteMe().split(QLatin1Char('\n'))); |
| 91 |
+ // One extra newline at the end of the quoted text to separate the response |
| 92 |
+ quote << QString(); |
| 93 |
+ |
| 94 |
+diff --git a/src/Gui/PartWidget.cpp b/src/Gui/PartWidget.cpp |
| 95 |
+index bb27604d..96eff338 100644 |
| 96 |
+--- a/src/Gui/PartWidget.cpp |
| 97 |
++++ b/src/Gui/PartWidget.cpp |
| 98 |
+@@ -378,6 +378,14 @@ void MultipartSignedEncryptedWidget::updateStatusIndicator() |
| 99 |
+ |
| 100 |
+ QString MultipartSignedEncryptedWidget::quoteMe() const |
| 101 |
+ { |
| 102 |
++ if (m_partIndex.data(Imap::Mailbox::RolePartDecryptionSupported).toBool()) { |
| 103 |
++ // See CVE-2019-10734, the point is not to leak cleartext from encrypted content. Even when Trojita starts supporting |
| 104 |
++ // encryption of outgoing mail, we will have to check whether the encrypted cleartext is from the same sender, whether |
| 105 |
++ // it matches the list of recipients (which is dynamic and can be set later on), etc etc. |
| 106 |
++ // TL;DR, this is a can of worms. |
| 107 |
++ return tr("[Encrypted message]"); |
| 108 |
++ } |
| 109 |
++ |
| 110 |
+ return quoteMeHelper(children()); |
| 111 |
+ } |
| 112 |
+ |
| 113 |
+diff --git a/src/Imap/Model/ItemRoles.h b/src/Imap/Model/ItemRoles.h |
| 114 |
+index 4588d4d0..00adb3bb 100644 |
| 115 |
+--- a/src/Imap/Model/ItemRoles.h |
| 116 |
++++ b/src/Imap/Model/ItemRoles.h |
| 117 |
+@@ -193,7 +193,7 @@ enum { |
| 118 |
+ RolePartSignatureVerifySupported, |
| 119 |
+ /** @short Is the format of this particular multipart/encrypted supported and recognized? |
| 120 |
+ |
| 121 |
+- See RolePartSignatureVerifySupported, this is an equivalent. |
| 122 |
++ If true, this message part represents content of an encrypted message that Trojita can attempt to decrypt. |
| 123 |
+ */ |
| 124 |
+ RolePartDecryptionSupported, |
| 125 |
+ /** @short Is there any point in waiting longer? |
| 126 |
+-- |
| 127 |
+GitLab |
| 128 |
+ |
| 129 |
|
| 130 |
diff --git a/mail-client/trojita/trojita-0.7-r4.ebuild b/mail-client/trojita/trojita-0.7-r4.ebuild |
| 131 |
new file mode 100644 |
| 132 |
index 00000000000..8583ee49efd |
| 133 |
--- /dev/null |
| 134 |
+++ b/mail-client/trojita/trojita-0.7-r4.ebuild |
| 135 |
@@ -0,0 +1,84 @@ |
| 136 |
+# Copyright 1999-2020 Gentoo Authors |
| 137 |
+# Distributed under the terms of the GNU General Public License v2 |
| 138 |
+ |
| 139 |
+EAPI=7 |
| 140 |
+ |
| 141 |
+if [[ ${PV} = *9999* ]]; then |
| 142 |
+ EGIT_REPO_URI="https://anongit.kde.org/${PN}.git" |
| 143 |
+ inherit git-r3 |
| 144 |
+else |
| 145 |
+ SRC_URI="mirror://sourceforge/${PN}/${P}.tar.xz" |
| 146 |
+ KEYWORDS="~amd64 ~x86" |
| 147 |
+fi |
| 148 |
+inherit cmake virtualx xdg |
| 149 |
+ |
| 150 |
+DESCRIPTION="A Qt IMAP e-mail client" |
| 151 |
+HOMEPAGE="http://trojita.flaska.net/" |
| 152 |
+ |
| 153 |
+LICENSE="|| ( GPL-2 GPL-3 )" |
| 154 |
+SLOT="0" |
| 155 |
+IUSE="+crypt +dbus debug +password test +zlib" |
| 156 |
+ |
| 157 |
+REQUIRED_USE="password? ( dbus )" |
| 158 |
+RESTRICT="!test? ( test )" |
| 159 |
+ |
| 160 |
+BDEPEND=" |
| 161 |
+ dev-qt/linguist-tools:5 |
| 162 |
+ zlib? ( virtual/pkgconfig ) |
| 163 |
+" |
| 164 |
+RDEPEND=" |
| 165 |
+ dev-qt/qtcore:5 |
| 166 |
+ dev-qt/qtgui:5 |
| 167 |
+ dev-qt/qtnetwork:5[ssl] |
| 168 |
+ dev-qt/qtsql:5[sqlite] |
| 169 |
+ dev-qt/qtsvg:5 |
| 170 |
+ dev-qt/qtwebkit:5 |
| 171 |
+ dev-qt/qtwidgets:5 |
| 172 |
+ crypt? ( |
| 173 |
+ >=app-crypt/gpgme-1.8.0[cxx,qt5] |
| 174 |
+ dev-libs/mimetic |
| 175 |
+ ) |
| 176 |
+ dbus? ( dev-qt/qtdbus:5 ) |
| 177 |
+ password? ( dev-libs/qtkeychain[qt5(+)] ) |
| 178 |
+ zlib? ( sys-libs/zlib ) |
| 179 |
+" |
| 180 |
+DEPEND="${RDEPEND} |
| 181 |
+ test? ( dev-qt/qttest:5 ) |
| 182 |
+" |
| 183 |
+ |
| 184 |
+DOCS=( README LICENSE ) |
| 185 |
+ |
| 186 |
+PATCHES=( |
| 187 |
+ "${FILESDIR}/${P}-gpgme.patch" |
| 188 |
+ "${FILESDIR}/${P}-gpg-tests.patch" |
| 189 |
+ "${FILESDIR}/${P}-qt-5.11b3.patch" |
| 190 |
+ "${FILESDIR}/${P}-qt-5.15.patch" |
| 191 |
+ "${FILESDIR}/${P}-CVE-2019-10734.patch" # KDE-bug 404697 |
| 192 |
+ "${FILESDIR}/${P}-CVE-2020-15047.patch" # bug 729596 |
| 193 |
+) |
| 194 |
+ |
| 195 |
+src_prepare() { |
| 196 |
+ cmake_src_prepare |
| 197 |
+ |
| 198 |
+ # the build system is taking a look at `git describe ... --dirty` and |
| 199 |
+ # gentoo's modifications to CMakeLists.txt break these |
| 200 |
+ sed -e "s/--dirty//" -i cmake/TrojitaVersion.cmake || die "Cannot fix the version check" |
| 201 |
+} |
| 202 |
+ |
| 203 |
+src_configure() { |
| 204 |
+ local mycmakeargs=( |
| 205 |
+ -DWITH_CRYPTO_MESSAGES=$(usex crypt) |
| 206 |
+ -DWITH_GPGMEPP=$(usex crypt) |
| 207 |
+ -DWITH_MIMETIC=$(usex crypt) |
| 208 |
+ -DWITH_DBUS=$(usex dbus) |
| 209 |
+ -DWITH_QTKEYCHAIN_PLUGIN=$(usex password) |
| 210 |
+ -DWITH_TESTS=$(usex test) |
| 211 |
+ -DWITH_ZLIB=$(usex zlib) |
| 212 |
+ ) |
| 213 |
+ |
| 214 |
+ cmake_src_configure |
| 215 |
+} |
| 216 |
+ |
| 217 |
+src_test() { |
| 218 |
+ virtx cmake_src_test |
| 219 |
+} |
Archives