summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndreas Sturmlechner <asturm@gentoo.org>2020-06-28 22:47:13 +0200
committerAndreas Sturmlechner <asturm@gentoo.org>2020-06-28 23:55:22 +0200
commita89ecdd740bdd213af85f03950fdcdaeef4a12ec (patch)
tree0d94bcf86b82731bf47140a6a37ceb1cca7a253b /mail-client/trojita
parentmail-client/trojita: Use CVE-2020-15047 upstream commit for patch (diff)
downloadgentoo-a89ecdd740bdd213af85f03950fdcdaeef4a12ec.tar.gz
gentoo-a89ecdd740bdd213af85f03950fdcdaeef4a12ec.tar.bz2
gentoo-a89ecdd740bdd213af85f03950fdcdaeef4a12ec.zip
mail-client/trojita: Fix CVE-2019-10734
KDE-bug: https://bugs.kde.org/show_bug.cgi?id=404697 Bug: https://bugs.gentoo.org/729596 Package-Manager: Portage-2.3.103, Repoman-2.3.23 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>
Diffstat (limited to 'mail-client/trojita')
-rw-r--r--mail-client/trojita/files/trojita-0.7-CVE-2019-10734.patch104
-rw-r--r--mail-client/trojita/trojita-0.7-r4.ebuild84
2 files changed, 188 insertions, 0 deletions
diff --git a/mail-client/trojita/files/trojita-0.7-CVE-2019-10734.patch b/mail-client/trojita/files/trojita-0.7-CVE-2019-10734.patch
new file mode 100644
index 000000000000..d52edb042ad8
--- /dev/null
+++ b/mail-client/trojita/files/trojita-0.7-CVE-2019-10734.patch
@@ -0,0 +1,104 @@
+From 8db7f450d52539b4c72ee968384911b6813ad1e7 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jan=20Kundr=C3=A1t?= <jkt@kde.org>
+Date: Thu, 25 Jun 2020 21:39:34 +0200
+Subject: [PATCH] Prevent a possible decryption oracle attack
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Thanks to Jens Mueller (Ruhr-Uni Bochum and FH Münster) for reporting
+this. The gist is that an attacker can embed arbitrary ciphertext into
+their messages. Trojita decrypts that, and when we hit reply, the
+original *cleartext* gets quoted and put into a reply for the attacker
+to see.
+
+Fix this by not quoting any plaintext which originated in an encrypted
+message. That's pretty draconian, but hey, it works and we never came up
+with any better patch. Also, given that Trojita does not encrypt
+outgoing messages yet, this is probably also a conservative thing to do.
+
+Change-Id: I84c45b9e707eb7c99eb7183c6ef59ef41cd62c43
+CVE: CVE-2019-10734
+BUG: 404697
+---
+ src/Cryptography/GpgMe++.cpp | 2 ++
+ src/Gui/MessageView.cpp | 9 ++++++++-
+ src/Gui/PartWidget.cpp | 8 ++++++++
+ src/Imap/Model/ItemRoles.h | 2 +-
+ 4 files changed, 19 insertions(+), 2 deletions(-)
+
+diff --git a/src/Cryptography/GpgMe++.cpp b/src/Cryptography/GpgMe++.cpp
+index e012f603..716b8aff 100644
+--- a/src/Cryptography/GpgMe++.cpp
++++ b/src/Cryptography/GpgMe++.cpp
+@@ -267,6 +267,8 @@ QVariant GpgMePart::data(int role) const
+ switch (role) {
+ case Imap::Mailbox::RolePartSignatureVerifySupported:
+ return m_wasSigned;
++ case RolePartDecryptionSupported:
++ return m_isAllegedlyEncrypted;
+ case RolePartCryptoNotFinishedYet:
+ return m_waitingForData ||
+ (m_crypto.valid() &&
+diff --git a/src/Gui/MessageView.cpp b/src/Gui/MessageView.cpp
+index 7d649308..c95e0878 100644
+--- a/src/Gui/MessageView.cpp
++++ b/src/Gui/MessageView.cpp
+@@ -354,7 +354,6 @@ bool MessageView::eventFilter(QObject *object, QEvent *event)
+ QString MessageView::quoteText() const
+ {
+ if (auto w = bodyWidget()) {
+- QStringList quote = Composer::quoteText(w->quoteMe().split(QLatin1Char('\n')));
+ const Imap::Message::Envelope &e = message.data(Imap::Mailbox::RoleMessageEnvelope).value<Imap::Message::Envelope>();
+ QString sender;
+ if (!e.from.isEmpty())
+@@ -362,6 +361,14 @@ QString MessageView::quoteText() const
+ if (e.from.isEmpty())
+ sender = tr("you");
+
++ if (messageModel->index(0, 0) /* fake message root */.child(0, 0) /* first MIME part */.data(Imap::Mailbox::RolePartDecryptionSupported).toBool()) {
++ // This is just an UX improvement shortcut: real filtering for CVE-2019-10734 is in
++ // MultipartSignedEncryptedWidget::quoteMe().
++ // That is required because the encrypted part might not be the root part of the message.
++ return tr("On %1, %2 sent an encrypted message:\n> ...\n\n").arg(e.date.toLocalTime().toString(Qt::SystemLocaleLongDate), sender);
++ }
++
++ QStringList quote = Composer::quoteText(w->quoteMe().split(QLatin1Char('\n')));
+ // One extra newline at the end of the quoted text to separate the response
+ quote << QString();
+
+diff --git a/src/Gui/PartWidget.cpp b/src/Gui/PartWidget.cpp
+index bb27604d..96eff338 100644
+--- a/src/Gui/PartWidget.cpp
++++ b/src/Gui/PartWidget.cpp
+@@ -378,6 +378,14 @@ void MultipartSignedEncryptedWidget::updateStatusIndicator()
+
+ QString MultipartSignedEncryptedWidget::quoteMe() const
+ {
++ if (m_partIndex.data(Imap::Mailbox::RolePartDecryptionSupported).toBool()) {
++ // See CVE-2019-10734, the point is not to leak cleartext from encrypted content. Even when Trojita starts supporting
++ // encryption of outgoing mail, we will have to check whether the encrypted cleartext is from the same sender, whether
++ // it matches the list of recipients (which is dynamic and can be set later on), etc etc.
++ // TL;DR, this is a can of worms.
++ return tr("[Encrypted message]");
++ }
++
+ return quoteMeHelper(children());
+ }
+
+diff --git a/src/Imap/Model/ItemRoles.h b/src/Imap/Model/ItemRoles.h
+index 4588d4d0..00adb3bb 100644
+--- a/src/Imap/Model/ItemRoles.h
++++ b/src/Imap/Model/ItemRoles.h
+@@ -193,7 +193,7 @@ enum {
+ RolePartSignatureVerifySupported,
+ /** @short Is the format of this particular multipart/encrypted supported and recognized?
+
+- See RolePartSignatureVerifySupported, this is an equivalent.
++ If true, this message part represents content of an encrypted message that Trojita can attempt to decrypt.
+ */
+ RolePartDecryptionSupported,
+ /** @short Is there any point in waiting longer?
+--
+GitLab
+
diff --git a/mail-client/trojita/trojita-0.7-r4.ebuild b/mail-client/trojita/trojita-0.7-r4.ebuild
new file mode 100644
index 000000000000..8583ee49efd3
--- /dev/null
+++ b/mail-client/trojita/trojita-0.7-r4.ebuild
@@ -0,0 +1,84 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+if [[ ${PV} = *9999* ]]; then
+ EGIT_REPO_URI="https://anongit.kde.org/${PN}.git"
+ inherit git-r3
+else
+ SRC_URI="mirror://sourceforge/${PN}/${P}.tar.xz"
+ KEYWORDS="~amd64 ~x86"
+fi
+inherit cmake virtualx xdg
+
+DESCRIPTION="A Qt IMAP e-mail client"
+HOMEPAGE="http://trojita.flaska.net/"
+
+LICENSE="|| ( GPL-2 GPL-3 )"
+SLOT="0"
+IUSE="+crypt +dbus debug +password test +zlib"
+
+REQUIRED_USE="password? ( dbus )"
+RESTRICT="!test? ( test )"
+
+BDEPEND="
+ dev-qt/linguist-tools:5
+ zlib? ( virtual/pkgconfig )
+"
+RDEPEND="
+ dev-qt/qtcore:5
+ dev-qt/qtgui:5
+ dev-qt/qtnetwork:5[ssl]
+ dev-qt/qtsql:5[sqlite]
+ dev-qt/qtsvg:5
+ dev-qt/qtwebkit:5
+ dev-qt/qtwidgets:5
+ crypt? (
+ >=app-crypt/gpgme-1.8.0[cxx,qt5]
+ dev-libs/mimetic
+ )
+ dbus? ( dev-qt/qtdbus:5 )
+ password? ( dev-libs/qtkeychain[qt5(+)] )
+ zlib? ( sys-libs/zlib )
+"
+DEPEND="${RDEPEND}
+ test? ( dev-qt/qttest:5 )
+"
+
+DOCS=( README LICENSE )
+
+PATCHES=(
+ "${FILESDIR}/${P}-gpgme.patch"
+ "${FILESDIR}/${P}-gpg-tests.patch"
+ "${FILESDIR}/${P}-qt-5.11b3.patch"
+ "${FILESDIR}/${P}-qt-5.15.patch"
+ "${FILESDIR}/${P}-CVE-2019-10734.patch" # KDE-bug 404697
+ "${FILESDIR}/${P}-CVE-2020-15047.patch" # bug 729596
+)
+
+src_prepare() {
+ cmake_src_prepare
+
+ # the build system is taking a look at `git describe ... --dirty` and
+ # gentoo's modifications to CMakeLists.txt break these
+ sed -e "s/--dirty//" -i cmake/TrojitaVersion.cmake || die "Cannot fix the version check"
+}
+
+src_configure() {
+ local mycmakeargs=(
+ -DWITH_CRYPTO_MESSAGES=$(usex crypt)
+ -DWITH_GPGMEPP=$(usex crypt)
+ -DWITH_MIMETIC=$(usex crypt)
+ -DWITH_DBUS=$(usex dbus)
+ -DWITH_QTKEYCHAIN_PLUGIN=$(usex password)
+ -DWITH_TESTS=$(usex test)
+ -DWITH_ZLIB=$(usex zlib)
+ )
+
+ cmake_src_configure
+}
+
+src_test() {
+ virtx cmake_src_test
+}