summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndreas Sturmlechner <asturm@gentoo.org>2020-06-25 14:08:06 +0200
committerAndreas Sturmlechner <asturm@gentoo.org>2020-06-25 14:11:30 +0200
commit835ed520d32ad8721f0fa83b81432f244a14f187 (patch)
tree3d1ab4900121660dd8480250b986f4be3394dd6a /mail-client/trojita
parentdev-libs/newt: drop old (diff)
downloadgentoo-835ed520d32ad8721f0fa83b81432f244a14f187.tar.gz
gentoo-835ed520d32ad8721f0fa83b81432f244a14f187.tar.bz2
gentoo-835ed520d32ad8721f0fa83b81432f244a14f187.zip
mail-client/trojita: Fix improper certificate validation
Bug: https://bugs.gentoo.org/729596 Package-Manager: Portage-2.3.103, Repoman-2.3.23 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>
Diffstat (limited to 'mail-client/trojita')
-rw-r--r--mail-client/trojita/files/trojita-0.7-smtp-handle-tls-errors.patch82
-rw-r--r--mail-client/trojita/trojita-0.7-r3.ebuild83
2 files changed, 165 insertions, 0 deletions
diff --git a/mail-client/trojita/files/trojita-0.7-smtp-handle-tls-errors.patch b/mail-client/trojita/files/trojita-0.7-smtp-handle-tls-errors.patch
new file mode 100644
index 000000000000..44f1a5dab018
--- /dev/null
+++ b/mail-client/trojita/files/trojita-0.7-smtp-handle-tls-errors.patch
@@ -0,0 +1,82 @@
+From 77ddd5d44f2bf4155d0c9b6f7d05f01713b32d5d Mon Sep 17 00:00:00 2001
+From: Jan Kundrát <jkt@kde.org>
+Date: Thu, 25 Jun 2020 11:30:51 +0200
+Subject: [PATCH] SMTP: Do not ignore TLS errors
+
+This fixes a CVE-2020-15047 (category: CWE-295). Since commit 0083eea5ed
+which added initial, experimental support for SMTP message submission,
+we have apparently never implemented proper SSL/TLS error handling, and
+the code has ever since just kept silently ignoring any certificate
+verification errors. As a result, Trojita was susceptible to a MITM
+attack when sending e-mails. The information leaked include user's
+authentication details, including the password, and the content of sent
+messages.
+
+Sorry for this :(.
+
+Now, this patch re-enabes proper TLS error handling. It was not possible
+to directly re-use our code for TLS key pinning which we are using for
+IMAP connections. In the Qt TLS code, the decision to accept or not
+accept a TLS connection is a blocking one, so the IMAP code relies upon
+the protocol state machine (i.e., another layer) for deciding whether to
+use or not to use the just-established TLS connection. Implementing an
+equivalent code in the SMTP library would be nice, but this hot-fix has
+a priority. As a result, SMTP connections to hosts with, e.g.,
+self-signed TLS certs, are no longer possible. Let's hope that this is
+not a practical problem with Lets Encrypt anymore.
+
+Thanks to Damian Poddebniak for reporting this bug.
+
+Change-Id: Icd6bbb2b0fb3e45159fc9699ebd07ab84262fe37
+CVE: CVE-2020-15047
+BUG: 423453
+---
+
+diff --git a/src/MSA/SMTP.cpp b/src/MSA/SMTP.cpp
+index 3a05451..ac1eefc 100644
+--- a/src/MSA/SMTP.cpp
++++ b/src/MSA/SMTP.cpp
+@@ -21,6 +21,7 @@
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+ #include "SMTP.h"
++#include "UiUtils/Formatting.h"
+
+ namespace MSA
+ {
+@@ -32,8 +33,8 @@
+ user(user), failed(false), isWaitingForPassword(false), sendingMode(MODE_SMTP_INVALID)
+ {
+ qwwSmtp = new QwwSmtpClient(this);
+- // FIXME: handle SSL errors properly
+- connect(qwwSmtp, &QwwSmtpClient::sslErrors, qwwSmtp, &QwwSmtpClient::ignoreSslErrors);
++ // FIXME: handle SSL errors in the same way as we handle IMAP TLS errors, with key pinning, etc.
++ connect(qwwSmtp, &QwwSmtpClient::sslErrors, this, &SMTP::handleSslErrors);
+ connect(qwwSmtp, &QwwSmtpClient::connected, this, &AbstractMSA::sending);
+ connect(qwwSmtp, &QwwSmtpClient::done, this, &SMTP::handleDone);
+ connect(qwwSmtp, &QwwSmtpClient::socketError, this, &SMTP::handleError);
+@@ -78,6 +79,12 @@
+ emit error(msg);
+ }
+
++void SMTP::handleSslErrors(const QList<QSslError>& errors)
++{
++ auto msg = UiUtils::Formatting::sslErrorsToHtml(errors);
++ emit error(tr("<p>Cannot send message due to an SSL/TLS error</p>\n%1").arg(msg));
++}
++
+ void SMTP::setPassword(const QString &password)
+ {
+ pass = password;
+diff --git a/src/MSA/SMTP.h b/src/MSA/SMTP.h
+index 453407d..913bb87 100644
+--- a/src/MSA/SMTP.h
++++ b/src/MSA/SMTP.h
+@@ -43,6 +43,7 @@
+ virtual void setPassword(const QString &password);
+ void handleDone(bool ok);
+ void handleError(QAbstractSocket::SocketError err, const QString &msg);
++ void handleSslErrors(const QList<QSslError>& errors);
+ private:
+ QwwSmtpClient *qwwSmtp;
+ QString host;
diff --git a/mail-client/trojita/trojita-0.7-r3.ebuild b/mail-client/trojita/trojita-0.7-r3.ebuild
new file mode 100644
index 000000000000..4d4f81542cbc
--- /dev/null
+++ b/mail-client/trojita/trojita-0.7-r3.ebuild
@@ -0,0 +1,83 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+if [[ ${PV} = *9999* ]]; then
+ EGIT_REPO_URI="https://anongit.kde.org/${PN}.git"
+ inherit git-r3
+else
+ SRC_URI="mirror://sourceforge/${PN}/${P}.tar.xz"
+ KEYWORDS="~amd64 ~x86"
+fi
+inherit cmake virtualx xdg
+
+DESCRIPTION="A Qt IMAP e-mail client"
+HOMEPAGE="http://trojita.flaska.net/"
+
+LICENSE="|| ( GPL-2 GPL-3 )"
+SLOT="0"
+IUSE="+crypt +dbus debug +password test +zlib"
+
+REQUIRED_USE="password? ( dbus )"
+RESTRICT="!test? ( test )"
+
+BDEPEND="
+ dev-qt/linguist-tools:5
+ zlib? ( virtual/pkgconfig )
+"
+RDEPEND="
+ dev-qt/qtcore:5
+ dev-qt/qtgui:5
+ dev-qt/qtnetwork:5[ssl]
+ dev-qt/qtsql:5[sqlite]
+ dev-qt/qtsvg:5
+ dev-qt/qtwebkit:5
+ dev-qt/qtwidgets:5
+ crypt? (
+ >=app-crypt/gpgme-1.8.0[cxx,qt5]
+ dev-libs/mimetic
+ )
+ dbus? ( dev-qt/qtdbus:5 )
+ password? ( dev-libs/qtkeychain[qt5(+)] )
+ zlib? ( sys-libs/zlib )
+"
+DEPEND="${RDEPEND}
+ test? ( dev-qt/qttest:5 )
+"
+
+DOCS=( README LICENSE )
+
+PATCHES=(
+ "${FILESDIR}/${P}-gpgme.patch"
+ "${FILESDIR}/${P}-gpg-tests.patch"
+ "${FILESDIR}/${P}-qt-5.11b3.patch"
+ "${FILESDIR}/${P}-qt-5.15.patch"
+ "${FILESDIR}/${P}-smtp-handle-tls-errors.patch" # bug 729596
+)
+
+src_prepare() {
+ cmake_src_prepare
+
+ # the build system is taking a look at `git describe ... --dirty` and
+ # gentoo's modifications to CMakeLists.txt break these
+ sed -e "s/--dirty//" -i cmake/TrojitaVersion.cmake || die "Cannot fix the version check"
+}
+
+src_configure() {
+ local mycmakeargs=(
+ -DWITH_CRYPTO_MESSAGES=$(usex crypt)
+ -DWITH_GPGMEPP=$(usex crypt)
+ -DWITH_MIMETIC=$(usex crypt)
+ -DWITH_DBUS=$(usex dbus)
+ -DWITH_QTKEYCHAIN_PLUGIN=$(usex password)
+ -DWITH_TESTS=$(usex test)
+ -DWITH_ZLIB=$(usex zlib)
+ )
+
+ cmake_src_configure
+}
+
+src_test() {
+ virtx cmake_src_test
+}