Bug#864804: CVE-2017-9604: Send Later with Delay bypasses OpenPGP

To: 864804@bugs.debian.org
Cc: Salvatore Bonaccorso <carnil@debian.org>, team@security.debian.org
Subject: Bug#864804: CVE-2017-9604: Send Later with Delay bypasses OpenPGP
From: Sandro Knauß <bugs@sandroknauss.de>
Date: Sat, 17 Jun 2017 12:31:17 +0200
Message-id: <[🔎] 2615493.IMBijPyMnp@tuxin>
Reply-to: Sandro Knauß <bugs@sandroknauss.de>, 864804@bugs.debian.org
In-reply-to: <[🔎] 9046554.SNbWEWLXf3@tuxin>
References: <[🔎] 149750521053.30877.8811369600356414282.reportbug@eldamar.local> <[🔎] 9046554.SNbWEWLXf3@tuxin>

Hey,

sorry a lot for more notice. I overseen, that for jessie the patches are both 
in the same repository. So I need to add both patches :)

Regards,

sandro

--
On Samstag, 17. Juni 2017 11:00:26 CEST Sandro Knauß wrote:
> Hey,
> 
> I backported the patch for jessie. I attached a debdiff and waiting for your
> response to upload.
> 
> Regards,
> 
> sandro

diff -Nru kdepim-4.14.1/debian/changelog kdepim-4.14.1/debian/changelog
--- kdepim-4.14.1/debian/changelog	2014-09-20 11:40:58.000000000 +0200
+++ kdepim-4.14.1/debian/changelog	2017-06-17 09:37:20.000000000 +0200
@@ -1,3 +1,14 @@
+kdepim (4:4.14.1-1+deb8u1) jessie-security; urgency=high
+
+  * Team upload.
+  * Fix CVE-2017-9604: Send Later with Delay bypasses OpenPGP (Closes: #864804)
+    - Added upstream patch 78c5552be2f00a4ac25bd77ca39386522fca70a8 in file
+      fix-CVE-2017-9604.patch
+    - Added upstream patch c54706e990bbd6498e7b1597ec7900bc809e8197 in file
+      fix-CVE-2017-9604.p2.patch (nowadays messagelib)
+
+ -- Sandro Knauß <hefee@debian.org>  Sat, 17 Jun 2017 09:37:20 +0200
+
 kdepim (4:4.14.1-1) unstable; urgency=medium
 
   * Remove old Breaks/Replaces (for versions older than oldstable).
diff -Nru kdepim-4.14.1/debian/patches/fix-CVE-2017-9604.p2.patch kdepim-4.14.1/debian/patches/fix-CVE-2017-9604.p2.patch
--- kdepim-4.14.1/debian/patches/fix-CVE-2017-9604.p2.patch	1970-01-01 01:00:00.000000000 +0100
+++ kdepim-4.14.1/debian/patches/fix-CVE-2017-9604.p2.patch	2017-06-17 09:37:20.000000000 +0200
@@ -0,0 +1,21 @@
+From c54706e990bbd6498e7b1597ec7900bc809e8197 Mon Sep 17 00:00:00 2001
+From: Montel Laurent <montel@kde.org>
+Date: Fri, 2 Jun 2017 13:56:41 +0200
+Subject: Make sure to sign/encrypt message when we send later
+
+(cherry picked from commit 4048f5e46d0a7d62d93d74fd2861dd70fb2ad660)
+---
+ messagecomposer/composer/composerviewbase.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/messagecomposer/composer/composerviewbase.cpp
++++ b/messagecomposer/composer/composerviewbase.cpp
+@@ -288,7 +288,7 @@ void MessageComposer::ComposerViewBase::
+         }
+     }
+ 
+-    if ( m_neverEncrypt && saveIn != MessageComposer::MessageSender::SaveInNone ) {
++    if ( m_neverEncrypt && saveIn != MessageComposer::MessageSender::SaveInNone && !mSendLaterInfo) {
+         // we can't use the state of the mail itself, to remember the
+         // signing and encryption state, so let's add a header instead
+         m_msg->setHeader( new KMime::Headers::Generic( "X-KMail-SignatureActionEnabled", m_msg.get(),
diff -Nru kdepim-4.14.1/debian/patches/fix-CVE-2017-9604.patch kdepim-4.14.1/debian/patches/fix-CVE-2017-9604.patch
--- kdepim-4.14.1/debian/patches/fix-CVE-2017-9604.patch	1970-01-01 01:00:00.000000000 +0100
+++ kdepim-4.14.1/debian/patches/fix-CVE-2017-9604.patch	2017-06-17 09:37:20.000000000 +0200
@@ -0,0 +1,62 @@
+From 78c5552be2f00a4ac25bd77ca39386522fca70a8 Mon Sep 17 00:00:00 2001
+From: Montel Laurent <montel@kde.org>
+Date: Fri, 2 Jun 2017 13:59:02 +0200
+Subject: Make sure that we use plugin when we use sendlater feature
+
+---
+ kmail/editor/kmcomposewin.cpp | 9 +++++----
+ kmail/editor/kmcomposewin.h   | 3 ++-
+ 2 files changed, 7 insertions(+), 5 deletions(-)
+
+--- a/kmail/editor/kmcomposewin.cpp
++++ b/kmail/editor/kmcomposewin.cpp
+@@ -2671,7 +2671,7 @@ void KMComposeWin::printComposeResult( K
+ 
+ //----------------------------------------------------------------------------
+ void KMComposeWin::doSend( MessageComposer::MessageSender::SendMethod method,
+-                           MessageComposer::MessageSender::SaveIn saveIn )
++                           MessageComposer::MessageSender::SaveIn saveIn, bool willSendItWithoutReediting)
+ {
+     if ( mStorageService->numProgressUpdateFile() > 0) {
+         KMessageBox::sorry( this, i18np( "There is %1 file upload in progress.",
+@@ -2687,7 +2687,7 @@ void KMComposeWin::doSend( MessageCompos
+     }
+ 
+ 
+-    if ( saveIn == MessageComposer::MessageSender::SaveInNone ) { // don't save as draft or template, send immediately
++    if ( saveIn == MessageComposer::MessageSender::SaveInNone || willSendItWithoutReediting) { // don't save as draft or template, send immediately
+         if ( KPIMUtils::firstEmailAddress( from() ).isEmpty() ) {
+             if ( !( mShowHeaders & HDR_FROM ) ) {
+                 mShowHeaders |= HDR_FROM;
+@@ -2854,6 +2854,7 @@ void KMComposeWin::slotSendLater()
+         return;
+     if ( !checkRecipientNumber() )
+         return;
++    mComposerBase->setSendLaterInfo(0);
+     if ( mComposerBase->editor()->checkExternalEditorFinished() ) {
+         const bool wasRegistered = (SendLater::SendLaterUtil::sentLaterAgentWasRegistered() && SendLater::SendLaterUtil::sentLaterAgentEnabled());
+         if (wasRegistered) {
+@@ -2877,9 +2878,9 @@ void KMComposeWin::slotSendLater()
+                 {
+                     mComposerBase->setSendLaterInfo(info);
+                     if (info->isRecurrence()) {
+-                        doSend( MessageComposer::MessageSender::SendLater, MessageComposer::MessageSender::SaveInTemplates );
++                        doSend( MessageComposer::MessageSender::SendLater, MessageComposer::MessageSender::SaveInTemplates, true);
+                     } else {
+-                        doSend( MessageComposer::MessageSender::SendLater, MessageComposer::MessageSender::SaveInDrafts );
++                        doSend( MessageComposer::MessageSender::SendLater, MessageComposer::MessageSender::SaveInDrafts, true);
+                     }
+                     break;
+                 }
+--- a/kmail/editor/kmcomposewin.h
++++ b/kmail/editor/kmcomposewin.h
+@@ -575,7 +575,8 @@ private:
+      * Send the message.
+      */
+     void doSend( MessageComposer::MessageSender::SendMethod method=MessageComposer::MessageSender::SendDefault,
+-                 MessageComposer::MessageSender::SaveIn saveIn = MessageComposer::MessageSender::SaveInNone );
++                 MessageComposer::MessageSender::SaveIn saveIn = MessageComposer::MessageSender::SaveInNone,
++                 bool willSendItWithoutReediting = false);
+ 
+     void doDelayedSend( MessageComposer::MessageSender::SendMethod method, MessageComposer::MessageSender::SaveIn saveIn );
+ 
diff -Nru kdepim-4.14.1/debian/patches/series kdepim-4.14.1/debian/patches/series
--- kdepim-4.14.1/debian/patches/series	2014-09-20 11:40:58.000000000 +0200
+++ kdepim-4.14.1/debian/patches/series	2017-06-17 09:37:20.000000000 +0200
@@ -2,3 +2,5 @@
 spambayes.patch
 disable_test_verify
 disable_has_focus_tests_failed_in_xvfb.patch
+fix-CVE-2017-9604.patch
+fix-CVE-2017-9604.p2.patch

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to:

References:
- Bug#864803: CVE-2017-9604: Send Later with Delay bypasses OpenPGP
  - From: Salvatore Bonaccorso <carnil@debian.org>
- Bug#864804: CVE-2017-9604: Send Later with Delay bypasses OpenPGP
  - From: Sandro Knauß <hefee@debian.org>

Prev by Date: Bug#864927: kde-l10n-sr and plasma-desktop-data: error when trying to install together
Next by Date: Processing of qtmultimedia-opensource-src_5.9.0-2_source.changes
Previous by thread: Bug#864804: CVE-2017-9604: Send Later with Delay bypasses OpenPGP
Next by thread: Bug#864803: marked as done (CVE-2017-9604: Send Later with Delay bypasses OpenPGP)
Index(es):
- Date
- Thread