commit: 835ed520d32ad8721f0fa83b81432f244a14f187 Author: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org> AuthorDate: Thu Jun 25 12:08:06 2020 +0000 Commit: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org> CommitDate: Thu Jun 25 12:11:30 2020 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=835ed520
mail-client/trojita: Fix improper certificate validation Bug: https://bugs.gentoo.org/729596 Package-Manager: Portage-2.3.103, Repoman-2.3.23 Signed-off-by: Andreas Sturmlechner <asturm <AT> gentoo.org> .../files/trojita-0.7-smtp-handle-tls-errors.patch | 82 +++++++++++++++++++++ mail-client/trojita/trojita-0.7-r3.ebuild | 83 ++++++++++++++++++++++ 2 files changed, 165 insertions(+) diff --git a/mail-client/trojita/files/trojita-0.7-smtp-handle-tls-errors.patch b/mail-client/trojita/files/trojita-0.7-smtp-handle-tls-errors.patch new file mode 100644 index 00000000000..44f1a5dab01 --- /dev/null +++ b/mail-client/trojita/files/trojita-0.7-smtp-handle-tls-errors.patch @@ -0,0 +1,82 @@ +From 77ddd5d44f2bf4155d0c9b6f7d05f01713b32d5d Mon Sep 17 00:00:00 2001 +From: Jan Kundrát <[email protected]> +Date: Thu, 25 Jun 2020 11:30:51 +0200 +Subject: [PATCH] SMTP: Do not ignore TLS errors + +This fixes a CVE-2020-15047 (category: CWE-295). Since commit 0083eea5ed +which added initial, experimental support for SMTP message submission, +we have apparently never implemented proper SSL/TLS error handling, and +the code has ever since just kept silently ignoring any certificate +verification errors. As a result, Trojita was susceptible to a MITM +attack when sending e-mails. The information leaked include user's +authentication details, including the password, and the content of sent +messages. + +Sorry for this :(. + +Now, this patch re-enabes proper TLS error handling. It was not possible +to directly re-use our code for TLS key pinning which we are using for +IMAP connections. In the Qt TLS code, the decision to accept or not +accept a TLS connection is a blocking one, so the IMAP code relies upon +the protocol state machine (i.e., another layer) for deciding whether to +use or not to use the just-established TLS connection. Implementing an +equivalent code in the SMTP library would be nice, but this hot-fix has +a priority. As a result, SMTP connections to hosts with, e.g., +self-signed TLS certs, are no longer possible. Let's hope that this is +not a practical problem with Lets Encrypt anymore. + +Thanks to Damian Poddebniak for reporting this bug. + +Change-Id: Icd6bbb2b0fb3e45159fc9699ebd07ab84262fe37 +CVE: CVE-2020-15047 +BUG: 423453 +--- + +diff --git a/src/MSA/SMTP.cpp b/src/MSA/SMTP.cpp +index 3a05451..ac1eefc 100644 +--- a/src/MSA/SMTP.cpp ++++ b/src/MSA/SMTP.cpp +@@ -21,6 +21,7 @@ + along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + #include "SMTP.h" ++#include "UiUtils/Formatting.h" + + namespace MSA + { +@@ -32,8 +33,8 @@ + user(user), failed(false), isWaitingForPassword(false), sendingMode(MODE_SMTP_INVALID) + { + qwwSmtp = new QwwSmtpClient(this); +- // FIXME: handle SSL errors properly +- connect(qwwSmtp, &QwwSmtpClient::sslErrors, qwwSmtp, &QwwSmtpClient::ignoreSslErrors); ++ // FIXME: handle SSL errors in the same way as we handle IMAP TLS errors, with key pinning, etc. ++ connect(qwwSmtp, &QwwSmtpClient::sslErrors, this, &SMTP::handleSslErrors); + connect(qwwSmtp, &QwwSmtpClient::connected, this, &AbstractMSA::sending); + connect(qwwSmtp, &QwwSmtpClient::done, this, &SMTP::handleDone); + connect(qwwSmtp, &QwwSmtpClient::socketError, this, &SMTP::handleError); +@@ -78,6 +79,12 @@ + emit error(msg); + } + ++void SMTP::handleSslErrors(const QList<QSslError>& errors) ++{ ++ auto msg = UiUtils::Formatting::sslErrorsToHtml(errors); ++ emit error(tr("<p>Cannot send message due to an SSL/TLS error</p>\n%1").arg(msg)); ++} ++ + void SMTP::setPassword(const QString &password) + { + pass = password; +diff --git a/src/MSA/SMTP.h b/src/MSA/SMTP.h +index 453407d..913bb87 100644 +--- a/src/MSA/SMTP.h ++++ b/src/MSA/SMTP.h +@@ -43,6 +43,7 @@ + virtual void setPassword(const QString &password); + void handleDone(bool ok); + void handleError(QAbstractSocket::SocketError err, const QString &msg); ++ void handleSslErrors(const QList<QSslError>& errors); + private: + QwwSmtpClient *qwwSmtp; + QString host; diff --git a/mail-client/trojita/trojita-0.7-r3.ebuild b/mail-client/trojita/trojita-0.7-r3.ebuild new file mode 100644 index 00000000000..4d4f81542cb --- /dev/null +++ b/mail-client/trojita/trojita-0.7-r3.ebuild @@ -0,0 +1,83 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +if [[ ${PV} = *9999* ]]; then + EGIT_REPO_URI="https://anongit.kde.org/${PN}.git"; + inherit git-r3 +else + SRC_URI="mirror://sourceforge/${PN}/${P}.tar.xz" + KEYWORDS="~amd64 ~x86" +fi +inherit cmake virtualx xdg + +DESCRIPTION="A Qt IMAP e-mail client" +HOMEPAGE="http://trojita.flaska.net/"; + +LICENSE="|| ( GPL-2 GPL-3 )" +SLOT="0" +IUSE="+crypt +dbus debug +password test +zlib" + +REQUIRED_USE="password? ( dbus )" +RESTRICT="!test? ( test )" + +BDEPEND=" + dev-qt/linguist-tools:5 + zlib? ( virtual/pkgconfig ) +" +RDEPEND=" + dev-qt/qtcore:5 + dev-qt/qtgui:5 + dev-qt/qtnetwork:5[ssl] + dev-qt/qtsql:5[sqlite] + dev-qt/qtsvg:5 + dev-qt/qtwebkit:5 + dev-qt/qtwidgets:5 + crypt? ( + >=app-crypt/gpgme-1.8.0[cxx,qt5] + dev-libs/mimetic + ) + dbus? ( dev-qt/qtdbus:5 ) + password? ( dev-libs/qtkeychain[qt5(+)] ) + zlib? ( sys-libs/zlib ) +" +DEPEND="${RDEPEND} + test? ( dev-qt/qttest:5 ) +" + +DOCS=( README LICENSE ) + +PATCHES=( + "${FILESDIR}/${P}-gpgme.patch" + "${FILESDIR}/${P}-gpg-tests.patch" + "${FILESDIR}/${P}-qt-5.11b3.patch" + "${FILESDIR}/${P}-qt-5.15.patch" + "${FILESDIR}/${P}-smtp-handle-tls-errors.patch" # bug 729596 +) + +src_prepare() { + cmake_src_prepare + + # the build system is taking a look at `git describe ... --dirty` and + # gentoo's modifications to CMakeLists.txt break these + sed -e "s/--dirty//" -i cmake/TrojitaVersion.cmake || die "Cannot fix the version check" +} + +src_configure() { + local mycmakeargs=( + -DWITH_CRYPTO_MESSAGES=$(usex crypt) + -DWITH_GPGMEPP=$(usex crypt) + -DWITH_MIMETIC=$(usex crypt) + -DWITH_DBUS=$(usex dbus) + -DWITH_QTKEYCHAIN_PLUGIN=$(usex password) + -DWITH_TESTS=$(usex test) + -DWITH_ZLIB=$(usex zlib) + ) + + cmake_src_configure +} + +src_test() { + virtx cmake_src_test +}
