Bug#864804: CVE-2017-9604: Send Later with Delay bypasses OpenPGP

To: Salvatore Bonaccorso <carnil@debian.org>, team@security.debian.org, 864804@bugs.debian.org
Subject: Bug#864804: CVE-2017-9604: Send Later with Delay bypasses OpenPGP
From: Sandro Knauß <hefee@debian.org>
Date: Sat, 17 Jun 2017 11:00:26 +0200
Message-id: <[🔎] 9046554.SNbWEWLXf3@tuxin>
Reply-to: Sandro Knauß <hefee@debian.org>, 864804@bugs.debian.org
In-reply-to: <[🔎] 149750521053.30877.8811369600356414282.reportbug@eldamar.local>
References: <[🔎] 149750521053.30877.8811369600356414282.reportbug@eldamar.local>

Hey,

I backported the patch for jessie. I attached a debdiff and waiting for your 
response to upload.

Regards,

sandro

diff -Nru kdepim-4.14.1/debian/changelog kdepim-4.14.1/debian/changelog
--- kdepim-4.14.1/debian/changelog	2014-09-20 11:40:58.000000000 +0200
+++ kdepim-4.14.1/debian/changelog	2017-06-17 09:37:20.000000000 +0200
@@ -1,3 +1,12 @@
+kdepim (4:4.14.1-1+deb8u1) jessie-security; urgency=high
+
+  * Team upload.
+  * Fix CVE-2017-9604: Send Later with Delay bypasses OpenPGP (Closes: #864804)
+    - Added upstream patch 78c5552be2f00a4ac25bd77ca39386522fca70a8 in file
+      fix-CVE-2017-9604.patch
+
+ -- Sandro Knauß <hefee@debian.org>  Sat, 17 Jun 2017 09:37:20 +0200
+
 kdepim (4:4.14.1-1) unstable; urgency=medium
 
   * Remove old Breaks/Replaces (for versions older than oldstable).
diff -Nru kdepim-4.14.1/debian/patches/fix-CVE-2017-9604.patch kdepim-4.14.1/debian/patches/fix-CVE-2017-9604.patch
--- kdepim-4.14.1/debian/patches/fix-CVE-2017-9604.patch	1970-01-01 01:00:00.000000000 +0100
+++ kdepim-4.14.1/debian/patches/fix-CVE-2017-9604.patch	2017-06-17 09:37:20.000000000 +0200
@@ -0,0 +1,62 @@
+From 78c5552be2f00a4ac25bd77ca39386522fca70a8 Mon Sep 17 00:00:00 2001
+From: Montel Laurent <montel@kde.org>
+Date: Fri, 2 Jun 2017 13:59:02 +0200
+Subject: Make sure that we use plugin when we use sendlater feature
+
+---
+ kmail/editor/kmcomposewin.cpp | 9 +++++----
+ kmail/editor/kmcomposewin.h   | 3 ++-
+ 2 files changed, 7 insertions(+), 5 deletions(-)
+
+--- a/kmail/editor/kmcomposewin.cpp
++++ b/kmail/editor/kmcomposewin.cpp
+@@ -2671,7 +2671,7 @@ void KMComposeWin::printComposeResult( K
+ 
+ //----------------------------------------------------------------------------
+ void KMComposeWin::doSend( MessageComposer::MessageSender::SendMethod method,
+-                           MessageComposer::MessageSender::SaveIn saveIn )
++                           MessageComposer::MessageSender::SaveIn saveIn, bool willSendItWithoutReediting)
+ {
+     if ( mStorageService->numProgressUpdateFile() > 0) {
+         KMessageBox::sorry( this, i18np( "There is %1 file upload in progress.",
+@@ -2687,7 +2687,7 @@ void KMComposeWin::doSend( MessageCompos
+     }
+ 
+ 
+-    if ( saveIn == MessageComposer::MessageSender::SaveInNone ) { // don't save as draft or template, send immediately
++    if ( saveIn == MessageComposer::MessageSender::SaveInNone || willSendItWithoutReediting) { // don't save as draft or template, send immediately
+         if ( KPIMUtils::firstEmailAddress( from() ).isEmpty() ) {
+             if ( !( mShowHeaders & HDR_FROM ) ) {
+                 mShowHeaders |= HDR_FROM;
+@@ -2854,6 +2854,7 @@ void KMComposeWin::slotSendLater()
+         return;
+     if ( !checkRecipientNumber() )
+         return;
++    mComposerBase->setSendLaterInfo(0);
+     if ( mComposerBase->editor()->checkExternalEditorFinished() ) {
+         const bool wasRegistered = (SendLater::SendLaterUtil::sentLaterAgentWasRegistered() && SendLater::SendLaterUtil::sentLaterAgentEnabled());
+         if (wasRegistered) {
+@@ -2877,9 +2878,9 @@ void KMComposeWin::slotSendLater()
+                 {
+                     mComposerBase->setSendLaterInfo(info);
+                     if (info->isRecurrence()) {
+-                        doSend( MessageComposer::MessageSender::SendLater, MessageComposer::MessageSender::SaveInTemplates );
++                        doSend( MessageComposer::MessageSender::SendLater, MessageComposer::MessageSender::SaveInTemplates, true);
+                     } else {
+-                        doSend( MessageComposer::MessageSender::SendLater, MessageComposer::MessageSender::SaveInDrafts );
++                        doSend( MessageComposer::MessageSender::SendLater, MessageComposer::MessageSender::SaveInDrafts, true);
+                     }
+                     break;
+                 }
+--- a/kmail/editor/kmcomposewin.h
++++ b/kmail/editor/kmcomposewin.h
+@@ -575,7 +575,8 @@ private:
+      * Send the message.
+      */
+     void doSend( MessageComposer::MessageSender::SendMethod method=MessageComposer::MessageSender::SendDefault,
+-                 MessageComposer::MessageSender::SaveIn saveIn = MessageComposer::MessageSender::SaveInNone );
++                 MessageComposer::MessageSender::SaveIn saveIn = MessageComposer::MessageSender::SaveInNone,
++                 bool willSendItWithoutReediting = false);
+ 
+     void doDelayedSend( MessageComposer::MessageSender::SendMethod method, MessageComposer::MessageSender::SaveIn saveIn );
+ 
diff -Nru kdepim-4.14.1/debian/patches/series kdepim-4.14.1/debian/patches/series
--- kdepim-4.14.1/debian/patches/series	2014-09-20 11:40:58.000000000 +0200
+++ kdepim-4.14.1/debian/patches/series	2017-06-17 09:31:27.000000000 +0200
@@ -2,3 +2,4 @@
 spambayes.patch
 disable_test_verify
 disable_has_focus_tests_failed_in_xvfb.patch
+fix-CVE-2017-9604.patch

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to:

Follow-Ups:
- Bug#864804: CVE-2017-9604: Send Later with Delay bypasses OpenPGP
  - From: Sandro Knauß <bugs@sandroknauss.de>

References:
- Bug#864803: CVE-2017-9604: Send Later with Delay bypasses OpenPGP
  - From: Salvatore Bonaccorso <carnil@debian.org>

Prev by Date: Processing of kf5-messagelib_16.04.3-3_source.changes
Next by Date: Bug#864927: kde-l10n-sr and plasma-desktop-data: error when trying to install together
Previous by thread: Bug#864803: CVE-2017-9604: Send Later with Delay bypasses OpenPGP
Next by thread: Bug#864804: CVE-2017-9604: Send Later with Delay bypasses OpenPGP
Index(es):
- Date
- Thread