From 835ed520d32ad8721f0fa83b81432f244a14f187 Mon Sep 17 00:00:00 2001
From: Andreas Sturmlechner <asturm@gentoo.org>
Date: Thu, 25 Jun 2020 14:08:06 +0200
Subject: mail-client/trojita: Fix improper certificate validation

Bug: https://bugs.gentoo.org/729596
Package-Manager: Portage-2.3.103, Repoman-2.3.23
Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>
---
 .../files/trojita-0.7-smtp-handle-tls-errors.patch | 82 +++++++++++++++++++++
 mail-client/trojita/trojita-0.7-r3.ebuild          | 83 ++++++++++++++++++++++
 2 files changed, 165 insertions(+)
 create mode 100644 mail-client/trojita/files/trojita-0.7-smtp-handle-tls-errors.patch
 create mode 100644 mail-client/trojita/trojita-0.7-r3.ebuild

(limited to 'mail-client/trojita')

diff --git a/mail-client/trojita/files/trojita-0.7-smtp-handle-tls-errors.patch b/mail-client/trojita/files/trojita-0.7-smtp-handle-tls-errors.patch
new file mode 100644
index 000000000000..44f1a5dab018
--- /dev/null
+++ b/mail-client/trojita/files/trojita-0.7-smtp-handle-tls-errors.patch
@@ -0,0 +1,82 @@
+From 77ddd5d44f2bf4155d0c9b6f7d05f01713b32d5d Mon Sep 17 00:00:00 2001
+From: Jan Kundrát <jkt@kde.org>
+Date: Thu, 25 Jun 2020 11:30:51 +0200
+Subject: [PATCH] SMTP: Do not ignore TLS errors
+
+This fixes a CVE-2020-15047 (category: CWE-295). Since commit 0083eea5ed
+which added initial, experimental support for SMTP message submission,
+we have apparently never implemented proper SSL/TLS error handling, and
+the code has ever since just kept silently ignoring any certificate
+verification errors.  As a result, Trojita was susceptible to a MITM
+attack when sending e-mails. The information leaked include user's
+authentication details, including the password, and the content of sent
+messages.
+
+Sorry for this :(.
+
+Now, this patch re-enabes proper TLS error handling. It was not possible
+to directly re-use our code for TLS key pinning which we are using for
+IMAP connections. In the Qt TLS code, the decision to accept or not
+accept a TLS connection is a blocking one, so the IMAP code relies upon
+the protocol state machine (i.e., another layer) for deciding whether to
+use or not to use the just-established TLS connection. Implementing an
+equivalent code in the SMTP library would be nice, but this hot-fix has
+a priority. As a result, SMTP connections to hosts with, e.g.,
+self-signed TLS certs, are no longer possible. Let's hope that this is
+not a practical problem with Lets Encrypt anymore.
+
+Thanks to Damian Poddebniak for reporting this bug.
+
+Change-Id: Icd6bbb2b0fb3e45159fc9699ebd07ab84262fe37
+CVE: CVE-2020-15047
+BUG: 423453
+---
+
+diff --git a/src/MSA/SMTP.cpp b/src/MSA/SMTP.cpp
+index 3a05451..ac1eefc 100644
+--- a/src/MSA/SMTP.cpp
++++ b/src/MSA/SMTP.cpp
+@@ -21,6 +21,7 @@
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+ #include "SMTP.h"
++#include "UiUtils/Formatting.h"
+ 
+ namespace MSA
+ {
+@@ -32,8 +33,8 @@
+     user(user), failed(false), isWaitingForPassword(false), sendingMode(MODE_SMTP_INVALID)
+ {
+     qwwSmtp = new QwwSmtpClient(this);
+-    // FIXME: handle SSL errors properly
+-    connect(qwwSmtp, &QwwSmtpClient::sslErrors, qwwSmtp, &QwwSmtpClient::ignoreSslErrors);
++    // FIXME: handle SSL errors in the same way as we handle IMAP TLS errors, with key pinning, etc.
++    connect(qwwSmtp, &QwwSmtpClient::sslErrors, this, &SMTP::handleSslErrors);
+     connect(qwwSmtp, &QwwSmtpClient::connected, this, &AbstractMSA::sending);
+     connect(qwwSmtp, &QwwSmtpClient::done, this, &SMTP::handleDone);
+     connect(qwwSmtp, &QwwSmtpClient::socketError, this, &SMTP::handleError);
+@@ -78,6 +79,12 @@
+     emit error(msg);
+ }
+ 
++void SMTP::handleSslErrors(const QList<QSslError>& errors)
++{
++    auto msg = UiUtils::Formatting::sslErrorsToHtml(errors);
++    emit error(tr("<p>Cannot send message due to an SSL/TLS error</p>\n%1").arg(msg));
++}
++
+ void SMTP::setPassword(const QString &password)
+ {
+     pass = password;
+diff --git a/src/MSA/SMTP.h b/src/MSA/SMTP.h
+index 453407d..913bb87 100644
+--- a/src/MSA/SMTP.h
++++ b/src/MSA/SMTP.h
+@@ -43,6 +43,7 @@
+     virtual void setPassword(const QString &password);
+     void handleDone(bool ok);
+     void handleError(QAbstractSocket::SocketError err, const QString &msg);
++    void handleSslErrors(const QList<QSslError>& errors);
+ private:
+     QwwSmtpClient *qwwSmtp;
+     QString host;
diff --git a/mail-client/trojita/trojita-0.7-r3.ebuild b/mail-client/trojita/trojita-0.7-r3.ebuild
new file mode 100644
index 000000000000..4d4f81542cbc
--- /dev/null
+++ b/mail-client/trojita/trojita-0.7-r3.ebuild
@@ -0,0 +1,83 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+if [[ ${PV} = *9999* ]]; then
+	EGIT_REPO_URI="https://anongit.kde.org/${PN}.git"
+	inherit git-r3
+else
+	SRC_URI="mirror://sourceforge/${PN}/${P}.tar.xz"
+	KEYWORDS="~amd64 ~x86"
+fi
+inherit cmake virtualx xdg
+
+DESCRIPTION="A Qt IMAP e-mail client"
+HOMEPAGE="http://trojita.flaska.net/"
+
+LICENSE="|| ( GPL-2 GPL-3 )"
+SLOT="0"
+IUSE="+crypt +dbus debug +password test +zlib"
+
+REQUIRED_USE="password? ( dbus )"
+RESTRICT="!test? ( test )"
+
+BDEPEND="
+	dev-qt/linguist-tools:5
+	zlib? ( virtual/pkgconfig )
+"
+RDEPEND="
+	dev-qt/qtcore:5
+	dev-qt/qtgui:5
+	dev-qt/qtnetwork:5[ssl]
+	dev-qt/qtsql:5[sqlite]
+	dev-qt/qtsvg:5
+	dev-qt/qtwebkit:5
+	dev-qt/qtwidgets:5
+	crypt? (
+		>=app-crypt/gpgme-1.8.0[cxx,qt5]
+		dev-libs/mimetic
+	)
+	dbus? ( dev-qt/qtdbus:5 )
+	password? ( dev-libs/qtkeychain[qt5(+)] )
+	zlib? ( sys-libs/zlib )
+"
+DEPEND="${RDEPEND}
+	test? ( dev-qt/qttest:5 )
+"
+
+DOCS=( README LICENSE )
+
+PATCHES=(
+	"${FILESDIR}/${P}-gpgme.patch"
+	"${FILESDIR}/${P}-gpg-tests.patch"
+	"${FILESDIR}/${P}-qt-5.11b3.patch"
+	"${FILESDIR}/${P}-qt-5.15.patch"
+	"${FILESDIR}/${P}-smtp-handle-tls-errors.patch" # bug 729596
+)
+
+src_prepare() {
+	cmake_src_prepare
+
+	# the build system is taking a look at `git describe ... --dirty` and
+	# gentoo's modifications to CMakeLists.txt break these
+	sed -e "s/--dirty//" -i cmake/TrojitaVersion.cmake || die "Cannot fix the version check"
+}
+
+src_configure() {
+	local mycmakeargs=(
+		-DWITH_CRYPTO_MESSAGES=$(usex crypt)
+		-DWITH_GPGMEPP=$(usex crypt)
+		-DWITH_MIMETIC=$(usex crypt)
+		-DWITH_DBUS=$(usex dbus)
+		-DWITH_QTKEYCHAIN_PLUGIN=$(usex password)
+		-DWITH_TESTS=$(usex test)
+		-DWITH_ZLIB=$(usex zlib)
+	)
+
+	cmake_src_configure
+}
+
+src_test() {
+	virtx cmake_src_test
+}
-- 
cgit v1.2.3-65-gdbad