diff options
author | Andreas Sturmlechner <asturm@gentoo.org> | 2020-06-28 22:47:13 +0200 |
---|---|---|
committer | Andreas Sturmlechner <asturm@gentoo.org> | 2020-06-28 23:55:22 +0200 |
commit | a89ecdd740bdd213af85f03950fdcdaeef4a12ec (patch) | |
tree | 0d94bcf86b82731bf47140a6a37ceb1cca7a253b /mail-client/trojita | |
parent | mail-client/trojita: Use CVE-2020-15047 upstream commit for patch (diff) | |
download | gentoo-a89ecdd740bdd213af85f03950fdcdaeef4a12ec.tar.gz gentoo-a89ecdd740bdd213af85f03950fdcdaeef4a12ec.tar.bz2 gentoo-a89ecdd740bdd213af85f03950fdcdaeef4a12ec.zip |
mail-client/trojita: Fix CVE-2019-10734
KDE-bug: https://bugs.kde.org/show_bug.cgi?id=404697
Bug: https://bugs.gentoo.org/729596
Package-Manager: Portage-2.3.103, Repoman-2.3.23
Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>
Diffstat (limited to 'mail-client/trojita')
-rw-r--r-- | mail-client/trojita/files/trojita-0.7-CVE-2019-10734.patch | 104 | ||||
-rw-r--r-- | mail-client/trojita/trojita-0.7-r4.ebuild | 84 |
2 files changed, 188 insertions, 0 deletions
diff --git a/mail-client/trojita/files/trojita-0.7-CVE-2019-10734.patch b/mail-client/trojita/files/trojita-0.7-CVE-2019-10734.patch new file mode 100644 index 000000000000..d52edb042ad8 --- /dev/null +++ b/mail-client/trojita/files/trojita-0.7-CVE-2019-10734.patch @@ -0,0 +1,104 @@ +From 8db7f450d52539b4c72ee968384911b6813ad1e7 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jan=20Kundr=C3=A1t?= <jkt@kde.org> +Date: Thu, 25 Jun 2020 21:39:34 +0200 +Subject: [PATCH] Prevent a possible decryption oracle attack +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Thanks to Jens Mueller (Ruhr-Uni Bochum and FH Münster) for reporting +this. The gist is that an attacker can embed arbitrary ciphertext into +their messages. Trojita decrypts that, and when we hit reply, the +original *cleartext* gets quoted and put into a reply for the attacker +to see. + +Fix this by not quoting any plaintext which originated in an encrypted +message. That's pretty draconian, but hey, it works and we never came up +with any better patch. Also, given that Trojita does not encrypt +outgoing messages yet, this is probably also a conservative thing to do. + +Change-Id: I84c45b9e707eb7c99eb7183c6ef59ef41cd62c43 +CVE: CVE-2019-10734 +BUG: 404697 +--- + src/Cryptography/GpgMe++.cpp | 2 ++ + src/Gui/MessageView.cpp | 9 ++++++++- + src/Gui/PartWidget.cpp | 8 ++++++++ + src/Imap/Model/ItemRoles.h | 2 +- + 4 files changed, 19 insertions(+), 2 deletions(-) + +diff --git a/src/Cryptography/GpgMe++.cpp b/src/Cryptography/GpgMe++.cpp +index e012f603..716b8aff 100644 +--- a/src/Cryptography/GpgMe++.cpp ++++ b/src/Cryptography/GpgMe++.cpp +@@ -267,6 +267,8 @@ QVariant GpgMePart::data(int role) const + switch (role) { + case Imap::Mailbox::RolePartSignatureVerifySupported: + return m_wasSigned; ++ case RolePartDecryptionSupported: ++ return m_isAllegedlyEncrypted; + case RolePartCryptoNotFinishedYet: + return m_waitingForData || + (m_crypto.valid() && +diff --git a/src/Gui/MessageView.cpp b/src/Gui/MessageView.cpp +index 7d649308..c95e0878 100644 +--- a/src/Gui/MessageView.cpp ++++ b/src/Gui/MessageView.cpp +@@ -354,7 +354,6 @@ bool MessageView::eventFilter(QObject *object, QEvent *event) + QString MessageView::quoteText() const + { + if (auto w = bodyWidget()) { +- QStringList quote = Composer::quoteText(w->quoteMe().split(QLatin1Char('\n'))); + const Imap::Message::Envelope &e = message.data(Imap::Mailbox::RoleMessageEnvelope).value<Imap::Message::Envelope>(); + QString sender; + if (!e.from.isEmpty()) +@@ -362,6 +361,14 @@ QString MessageView::quoteText() const + if (e.from.isEmpty()) + sender = tr("you"); + ++ if (messageModel->index(0, 0) /* fake message root */.child(0, 0) /* first MIME part */.data(Imap::Mailbox::RolePartDecryptionSupported).toBool()) { ++ // This is just an UX improvement shortcut: real filtering for CVE-2019-10734 is in ++ // MultipartSignedEncryptedWidget::quoteMe(). ++ // That is required because the encrypted part might not be the root part of the message. ++ return tr("On %1, %2 sent an encrypted message:\n> ...\n\n").arg(e.date.toLocalTime().toString(Qt::SystemLocaleLongDate), sender); ++ } ++ ++ QStringList quote = Composer::quoteText(w->quoteMe().split(QLatin1Char('\n'))); + // One extra newline at the end of the quoted text to separate the response + quote << QString(); + +diff --git a/src/Gui/PartWidget.cpp b/src/Gui/PartWidget.cpp +index bb27604d..96eff338 100644 +--- a/src/Gui/PartWidget.cpp ++++ b/src/Gui/PartWidget.cpp +@@ -378,6 +378,14 @@ void MultipartSignedEncryptedWidget::updateStatusIndicator() + + QString MultipartSignedEncryptedWidget::quoteMe() const + { ++ if (m_partIndex.data(Imap::Mailbox::RolePartDecryptionSupported).toBool()) { ++ // See CVE-2019-10734, the point is not to leak cleartext from encrypted content. Even when Trojita starts supporting ++ // encryption of outgoing mail, we will have to check whether the encrypted cleartext is from the same sender, whether ++ // it matches the list of recipients (which is dynamic and can be set later on), etc etc. ++ // TL;DR, this is a can of worms. ++ return tr("[Encrypted message]"); ++ } ++ + return quoteMeHelper(children()); + } + +diff --git a/src/Imap/Model/ItemRoles.h b/src/Imap/Model/ItemRoles.h +index 4588d4d0..00adb3bb 100644 +--- a/src/Imap/Model/ItemRoles.h ++++ b/src/Imap/Model/ItemRoles.h +@@ -193,7 +193,7 @@ enum { + RolePartSignatureVerifySupported, + /** @short Is the format of this particular multipart/encrypted supported and recognized? + +- See RolePartSignatureVerifySupported, this is an equivalent. ++ If true, this message part represents content of an encrypted message that Trojita can attempt to decrypt. + */ + RolePartDecryptionSupported, + /** @short Is there any point in waiting longer? +-- +GitLab + diff --git a/mail-client/trojita/trojita-0.7-r4.ebuild b/mail-client/trojita/trojita-0.7-r4.ebuild new file mode 100644 index 000000000000..8583ee49efd3 --- /dev/null +++ b/mail-client/trojita/trojita-0.7-r4.ebuild @@ -0,0 +1,84 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +if [[ ${PV} = *9999* ]]; then + EGIT_REPO_URI="https://anongit.kde.org/${PN}.git" + inherit git-r3 +else + SRC_URI="mirror://sourceforge/${PN}/${P}.tar.xz" + KEYWORDS="~amd64 ~x86" +fi +inherit cmake virtualx xdg + +DESCRIPTION="A Qt IMAP e-mail client" +HOMEPAGE="http://trojita.flaska.net/" + +LICENSE="|| ( GPL-2 GPL-3 )" +SLOT="0" +IUSE="+crypt +dbus debug +password test +zlib" + +REQUIRED_USE="password? ( dbus )" +RESTRICT="!test? ( test )" + +BDEPEND=" + dev-qt/linguist-tools:5 + zlib? ( virtual/pkgconfig ) +" +RDEPEND=" + dev-qt/qtcore:5 + dev-qt/qtgui:5 + dev-qt/qtnetwork:5[ssl] + dev-qt/qtsql:5[sqlite] + dev-qt/qtsvg:5 + dev-qt/qtwebkit:5 + dev-qt/qtwidgets:5 + crypt? ( + >=app-crypt/gpgme-1.8.0[cxx,qt5] + dev-libs/mimetic + ) + dbus? ( dev-qt/qtdbus:5 ) + password? ( dev-libs/qtkeychain[qt5(+)] ) + zlib? ( sys-libs/zlib ) +" +DEPEND="${RDEPEND} + test? ( dev-qt/qttest:5 ) +" + +DOCS=( README LICENSE ) + +PATCHES=( + "${FILESDIR}/${P}-gpgme.patch" + "${FILESDIR}/${P}-gpg-tests.patch" + "${FILESDIR}/${P}-qt-5.11b3.patch" + "${FILESDIR}/${P}-qt-5.15.patch" + "${FILESDIR}/${P}-CVE-2019-10734.patch" # KDE-bug 404697 + "${FILESDIR}/${P}-CVE-2020-15047.patch" # bug 729596 +) + +src_prepare() { + cmake_src_prepare + + # the build system is taking a look at `git describe ... --dirty` and + # gentoo's modifications to CMakeLists.txt break these + sed -e "s/--dirty//" -i cmake/TrojitaVersion.cmake || die "Cannot fix the version check" +} + +src_configure() { + local mycmakeargs=( + -DWITH_CRYPTO_MESSAGES=$(usex crypt) + -DWITH_GPGMEPP=$(usex crypt) + -DWITH_MIMETIC=$(usex crypt) + -DWITH_DBUS=$(usex dbus) + -DWITH_QTKEYCHAIN_PLUGIN=$(usex password) + -DWITH_TESTS=$(usex test) + -DWITH_ZLIB=$(usex zlib) + ) + + cmake_src_configure +} + +src_test() { + virtx cmake_src_test +} |