From a787119b1333e52653d3c394fcb0b56cbfd4d0ff Mon Sep 17 00:00:00 2001 From: Andreas Sturmlechner Date: Tue, 23 Nov 2021 16:55:49 +0100 Subject: kde-apps/kimap: Fix CVE-2021-38373 Upstream commit 5aed4138567934c3be20cddb60fe6d7d4a10da0f KDE-bug: https://bugs.kde.org/show_bug.cgi?id=423424 Bug: https://bugs.gentoo.org/807355 Package-Manager: Portage-3.0.28, Repoman-3.0.3 Signed-off-by: Andreas Sturmlechner --- .../kimap/files/kimap-21.08.3-CVE-2021-38373.patch | 51 ++++++++++++++++++++++ kde-apps/kimap/kimap-21.08.3-r1.ebuild | 42 ++++++++++++++++++ 2 files changed, 93 insertions(+) create mode 100644 kde-apps/kimap/files/kimap-21.08.3-CVE-2021-38373.patch create mode 100644 kde-apps/kimap/kimap-21.08.3-r1.ebuild (limited to 'kde-apps') diff --git a/kde-apps/kimap/files/kimap-21.08.3-CVE-2021-38373.patch b/kde-apps/kimap/files/kimap-21.08.3-CVE-2021-38373.patch new file mode 100644 index 000000000000..90d216b0b846 --- /dev/null +++ b/kde-apps/kimap/files/kimap-21.08.3-CVE-2021-38373.patch @@ -0,0 +1,51 @@ +From 5aed4138567934c3be20cddb60fe6d7d4a10da0f Mon Sep 17 00:00:00 2001 +From: Volker Krause +Date: Mon, 15 Nov 2021 18:18:28 +0100 +Subject: [PATCH] Treat SSL handshake errors as fatal also when using STARTTLS + +This fixes the infinite SSL error dialog loop also when using +STARTTLS, the previous fix was only effective for direct TLS +connections. + +CCBUG: 423424 +(cherry picked from commit cbd3a03bc1d2cec48bb97570633940bbf94c34fa) +--- + src/loginjob.cpp | 22 +++++++++------------- + 1 file changed, 9 insertions(+), 13 deletions(-) + +diff --git a/src/loginjob.cpp b/src/loginjob.cpp +index 7d53187..b5fbede 100644 +--- a/src/loginjob.cpp ++++ b/src/loginjob.cpp +@@ -552,19 +552,15 @@ void LoginJob::connectionLost() + { + Q_D(LoginJob); + +- // don't emit the result if the connection was lost before getting the tls result, as it can mean +- // the TLS handshake failed and the socket was reconnected in normal mode +- if (d->authState != LoginJobPrivate::StartTls) { +- qCWarning(KIMAP_LOG) << "Connection to server lost " << d->m_socketError; +- if (d->m_socketError == QAbstractSocket::SslHandshakeFailedError) { +- setError(KJob::UserDefinedError); +- setErrorText(i18n("SSL handshake failed.")); +- emitResult(); +- } else { +- setError(ERR_COULD_NOT_CONNECT); +- setErrorText(i18n("Connection to server lost.")); +- emitResult(); +- } ++ qCWarning(KIMAP_LOG) << "Connection to server lost " << d->m_socketError; ++ if (d->m_socketError == QAbstractSocket::SslHandshakeFailedError) { ++ setError(KJob::UserDefinedError); ++ setErrorText(i18n("SSL handshake failed.")); ++ emitResult(); ++ } else { ++ setError(ERR_COULD_NOT_CONNECT); ++ setErrorText(i18n("Connection to server lost.")); ++ emitResult(); + } + } + +-- +2.34.0 + diff --git a/kde-apps/kimap/kimap-21.08.3-r1.ebuild b/kde-apps/kimap/kimap-21.08.3-r1.ebuild new file mode 100644 index 000000000000..47f2ded2955a --- /dev/null +++ b/kde-apps/kimap/kimap-21.08.3-r1.ebuild @@ -0,0 +1,42 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +ECM_TEST="forceoptional" +PVCUT=$(ver_cut 1-3) +KFMIN=5.84.0 +QTMIN=5.15.2 +inherit ecm kde.org + +DESCRIPTION="Library for interacting with IMAP servers" +HOMEPAGE="https://api.kde.org/kdepim/kimap/html/index.html" + +LICENSE="GPL-2+" +SLOT="5" +KEYWORDS="~amd64 ~arm64 ~ppc64 ~x86" +IUSE="" + +RDEPEND=" + dev-libs/cyrus-sasl + >=dev-qt/qtgui-${QTMIN}:5 + >=kde-apps/kmime-${PVCUT}:5 + >=kde-frameworks/kcodecs-${KFMIN}:5 + >=kde-frameworks/kcoreaddons-${KFMIN}:5 + >=kde-frameworks/ki18n-${KFMIN}:5 + >=kde-frameworks/kio-${KFMIN}:5 +" +# TODO: Convince upstream not to install stuff with tests +DEPEND="${RDEPEND} + test? ( >=dev-qt/qtnetwork-${QTMIN}:5 ) +" + +PATCHES=( "${FILESDIR}/${P}-CVE-2021-38373.patch" ) + +src_test() { + # tests cannot be run in parallel #605586 + local myctestargs=( + -j1 + ) + ecm_src_test +} -- cgit v1.2.3-65-gdbad