1 |
commit: a89ecdd740bdd213af85f03950fdcdaeef4a12ec |
2 |
Author: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sun Jun 28 20:47:13 2020 +0000 |
4 |
Commit: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org> |
5 |
CommitDate: Sun Jun 28 21:55:22 2020 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a89ecdd7 |
7 |
|
8 |
mail-client/trojita: Fix CVE-2019-10734 |
9 |
|
10 |
KDE-bug: https://bugs.kde.org/show_bug.cgi?id=404697 |
11 |
Bug: https://bugs.gentoo.org/729596 |
12 |
Package-Manager: Portage-2.3.103, Repoman-2.3.23 |
13 |
Signed-off-by: Andreas Sturmlechner <asturm <AT> gentoo.org> |
14 |
|
15 |
.../trojita/files/trojita-0.7-CVE-2019-10734.patch | 104 +++++++++++++++++++++ |
16 |
mail-client/trojita/trojita-0.7-r4.ebuild | 84 +++++++++++++++++ |
17 |
2 files changed, 188 insertions(+) |
18 |
|
19 |
diff --git a/mail-client/trojita/files/trojita-0.7-CVE-2019-10734.patch b/mail-client/trojita/files/trojita-0.7-CVE-2019-10734.patch |
20 |
new file mode 100644 |
21 |
index 00000000000..d52edb042ad |
22 |
--- /dev/null |
23 |
+++ b/mail-client/trojita/files/trojita-0.7-CVE-2019-10734.patch |
24 |
@@ -0,0 +1,104 @@ |
25 |
+From 8db7f450d52539b4c72ee968384911b6813ad1e7 Mon Sep 17 00:00:00 2001 |
26 |
+From: =?UTF-8?q?Jan=20Kundr=C3=A1t?= <jkt@×××.org> |
27 |
+Date: Thu, 25 Jun 2020 21:39:34 +0200 |
28 |
+Subject: [PATCH] Prevent a possible decryption oracle attack |
29 |
+MIME-Version: 1.0 |
30 |
+Content-Type: text/plain; charset=UTF-8 |
31 |
+Content-Transfer-Encoding: 8bit |
32 |
+ |
33 |
+Thanks to Jens Mueller (Ruhr-Uni Bochum and FH Münster) for reporting |
34 |
+this. The gist is that an attacker can embed arbitrary ciphertext into |
35 |
+their messages. Trojita decrypts that, and when we hit reply, the |
36 |
+original *cleartext* gets quoted and put into a reply for the attacker |
37 |
+to see. |
38 |
+ |
39 |
+Fix this by not quoting any plaintext which originated in an encrypted |
40 |
+message. That's pretty draconian, but hey, it works and we never came up |
41 |
+with any better patch. Also, given that Trojita does not encrypt |
42 |
+outgoing messages yet, this is probably also a conservative thing to do. |
43 |
+ |
44 |
+Change-Id: I84c45b9e707eb7c99eb7183c6ef59ef41cd62c43 |
45 |
+CVE: CVE-2019-10734 |
46 |
+BUG: 404697 |
47 |
+--- |
48 |
+ src/Cryptography/GpgMe++.cpp | 2 ++ |
49 |
+ src/Gui/MessageView.cpp | 9 ++++++++- |
50 |
+ src/Gui/PartWidget.cpp | 8 ++++++++ |
51 |
+ src/Imap/Model/ItemRoles.h | 2 +- |
52 |
+ 4 files changed, 19 insertions(+), 2 deletions(-) |
53 |
+ |
54 |
+diff --git a/src/Cryptography/GpgMe++.cpp b/src/Cryptography/GpgMe++.cpp |
55 |
+index e012f603..716b8aff 100644 |
56 |
+--- a/src/Cryptography/GpgMe++.cpp |
57 |
++++ b/src/Cryptography/GpgMe++.cpp |
58 |
+@@ -267,6 +267,8 @@ QVariant GpgMePart::data(int role) const |
59 |
+ switch (role) { |
60 |
+ case Imap::Mailbox::RolePartSignatureVerifySupported: |
61 |
+ return m_wasSigned; |
62 |
++ case RolePartDecryptionSupported: |
63 |
++ return m_isAllegedlyEncrypted; |
64 |
+ case RolePartCryptoNotFinishedYet: |
65 |
+ return m_waitingForData || |
66 |
+ (m_crypto.valid() && |
67 |
+diff --git a/src/Gui/MessageView.cpp b/src/Gui/MessageView.cpp |
68 |
+index 7d649308..c95e0878 100644 |
69 |
+--- a/src/Gui/MessageView.cpp |
70 |
++++ b/src/Gui/MessageView.cpp |
71 |
+@@ -354,7 +354,6 @@ bool MessageView::eventFilter(QObject *object, QEvent *event) |
72 |
+ QString MessageView::quoteText() const |
73 |
+ { |
74 |
+ if (auto w = bodyWidget()) { |
75 |
+- QStringList quote = Composer::quoteText(w->quoteMe().split(QLatin1Char('\n'))); |
76 |
+ const Imap::Message::Envelope &e = message.data(Imap::Mailbox::RoleMessageEnvelope).value<Imap::Message::Envelope>(); |
77 |
+ QString sender; |
78 |
+ if (!e.from.isEmpty()) |
79 |
+@@ -362,6 +361,14 @@ QString MessageView::quoteText() const |
80 |
+ if (e.from.isEmpty()) |
81 |
+ sender = tr("you"); |
82 |
+ |
83 |
++ if (messageModel->index(0, 0) /* fake message root */.child(0, 0) /* first MIME part */.data(Imap::Mailbox::RolePartDecryptionSupported).toBool()) { |
84 |
++ // This is just an UX improvement shortcut: real filtering for CVE-2019-10734 is in |
85 |
++ // MultipartSignedEncryptedWidget::quoteMe(). |
86 |
++ // That is required because the encrypted part might not be the root part of the message. |
87 |
++ return tr("On %1, %2 sent an encrypted message:\n> ...\n\n").arg(e.date.toLocalTime().toString(Qt::SystemLocaleLongDate), sender); |
88 |
++ } |
89 |
++ |
90 |
++ QStringList quote = Composer::quoteText(w->quoteMe().split(QLatin1Char('\n'))); |
91 |
+ // One extra newline at the end of the quoted text to separate the response |
92 |
+ quote << QString(); |
93 |
+ |
94 |
+diff --git a/src/Gui/PartWidget.cpp b/src/Gui/PartWidget.cpp |
95 |
+index bb27604d..96eff338 100644 |
96 |
+--- a/src/Gui/PartWidget.cpp |
97 |
++++ b/src/Gui/PartWidget.cpp |
98 |
+@@ -378,6 +378,14 @@ void MultipartSignedEncryptedWidget::updateStatusIndicator() |
99 |
+ |
100 |
+ QString MultipartSignedEncryptedWidget::quoteMe() const |
101 |
+ { |
102 |
++ if (m_partIndex.data(Imap::Mailbox::RolePartDecryptionSupported).toBool()) { |
103 |
++ // See CVE-2019-10734, the point is not to leak cleartext from encrypted content. Even when Trojita starts supporting |
104 |
++ // encryption of outgoing mail, we will have to check whether the encrypted cleartext is from the same sender, whether |
105 |
++ // it matches the list of recipients (which is dynamic and can be set later on), etc etc. |
106 |
++ // TL;DR, this is a can of worms. |
107 |
++ return tr("[Encrypted message]"); |
108 |
++ } |
109 |
++ |
110 |
+ return quoteMeHelper(children()); |
111 |
+ } |
112 |
+ |
113 |
+diff --git a/src/Imap/Model/ItemRoles.h b/src/Imap/Model/ItemRoles.h |
114 |
+index 4588d4d0..00adb3bb 100644 |
115 |
+--- a/src/Imap/Model/ItemRoles.h |
116 |
++++ b/src/Imap/Model/ItemRoles.h |
117 |
+@@ -193,7 +193,7 @@ enum { |
118 |
+ RolePartSignatureVerifySupported, |
119 |
+ /** @short Is the format of this particular multipart/encrypted supported and recognized? |
120 |
+ |
121 |
+- See RolePartSignatureVerifySupported, this is an equivalent. |
122 |
++ If true, this message part represents content of an encrypted message that Trojita can attempt to decrypt. |
123 |
+ */ |
124 |
+ RolePartDecryptionSupported, |
125 |
+ /** @short Is there any point in waiting longer? |
126 |
+-- |
127 |
+GitLab |
128 |
+ |
129 |
|
130 |
diff --git a/mail-client/trojita/trojita-0.7-r4.ebuild b/mail-client/trojita/trojita-0.7-r4.ebuild |
131 |
new file mode 100644 |
132 |
index 00000000000..8583ee49efd |
133 |
--- /dev/null |
134 |
+++ b/mail-client/trojita/trojita-0.7-r4.ebuild |
135 |
@@ -0,0 +1,84 @@ |
136 |
+# Copyright 1999-2020 Gentoo Authors |
137 |
+# Distributed under the terms of the GNU General Public License v2 |
138 |
+ |
139 |
+EAPI=7 |
140 |
+ |
141 |
+if [[ ${PV} = *9999* ]]; then |
142 |
+ EGIT_REPO_URI="https://anongit.kde.org/${PN}.git" |
143 |
+ inherit git-r3 |
144 |
+else |
145 |
+ SRC_URI="mirror://sourceforge/${PN}/${P}.tar.xz" |
146 |
+ KEYWORDS="~amd64 ~x86" |
147 |
+fi |
148 |
+inherit cmake virtualx xdg |
149 |
+ |
150 |
+DESCRIPTION="A Qt IMAP e-mail client" |
151 |
+HOMEPAGE="http://trojita.flaska.net/" |
152 |
+ |
153 |
+LICENSE="|| ( GPL-2 GPL-3 )" |
154 |
+SLOT="0" |
155 |
+IUSE="+crypt +dbus debug +password test +zlib" |
156 |
+ |
157 |
+REQUIRED_USE="password? ( dbus )" |
158 |
+RESTRICT="!test? ( test )" |
159 |
+ |
160 |
+BDEPEND=" |
161 |
+ dev-qt/linguist-tools:5 |
162 |
+ zlib? ( virtual/pkgconfig ) |
163 |
+" |
164 |
+RDEPEND=" |
165 |
+ dev-qt/qtcore:5 |
166 |
+ dev-qt/qtgui:5 |
167 |
+ dev-qt/qtnetwork:5[ssl] |
168 |
+ dev-qt/qtsql:5[sqlite] |
169 |
+ dev-qt/qtsvg:5 |
170 |
+ dev-qt/qtwebkit:5 |
171 |
+ dev-qt/qtwidgets:5 |
172 |
+ crypt? ( |
173 |
+ >=app-crypt/gpgme-1.8.0[cxx,qt5] |
174 |
+ dev-libs/mimetic |
175 |
+ ) |
176 |
+ dbus? ( dev-qt/qtdbus:5 ) |
177 |
+ password? ( dev-libs/qtkeychain[qt5(+)] ) |
178 |
+ zlib? ( sys-libs/zlib ) |
179 |
+" |
180 |
+DEPEND="${RDEPEND} |
181 |
+ test? ( dev-qt/qttest:5 ) |
182 |
+" |
183 |
+ |
184 |
+DOCS=( README LICENSE ) |
185 |
+ |
186 |
+PATCHES=( |
187 |
+ "${FILESDIR}/${P}-gpgme.patch" |
188 |
+ "${FILESDIR}/${P}-gpg-tests.patch" |
189 |
+ "${FILESDIR}/${P}-qt-5.11b3.patch" |
190 |
+ "${FILESDIR}/${P}-qt-5.15.patch" |
191 |
+ "${FILESDIR}/${P}-CVE-2019-10734.patch" # KDE-bug 404697 |
192 |
+ "${FILESDIR}/${P}-CVE-2020-15047.patch" # bug 729596 |
193 |
+) |
194 |
+ |
195 |
+src_prepare() { |
196 |
+ cmake_src_prepare |
197 |
+ |
198 |
+ # the build system is taking a look at `git describe ... --dirty` and |
199 |
+ # gentoo's modifications to CMakeLists.txt break these |
200 |
+ sed -e "s/--dirty//" -i cmake/TrojitaVersion.cmake || die "Cannot fix the version check" |
201 |
+} |
202 |
+ |
203 |
+src_configure() { |
204 |
+ local mycmakeargs=( |
205 |
+ -DWITH_CRYPTO_MESSAGES=$(usex crypt) |
206 |
+ -DWITH_GPGMEPP=$(usex crypt) |
207 |
+ -DWITH_MIMETIC=$(usex crypt) |
208 |
+ -DWITH_DBUS=$(usex dbus) |
209 |
+ -DWITH_QTKEYCHAIN_PLUGIN=$(usex password) |
210 |
+ -DWITH_TESTS=$(usex test) |
211 |
+ -DWITH_ZLIB=$(usex zlib) |
212 |
+ ) |
213 |
+ |
214 |
+ cmake_src_configure |
215 |
+} |
216 |
+ |
217 |
+src_test() { |
218 |
+ virtx cmake_src_test |
219 |
+} |