[gentoo-commits] repo/gentoo:master commit in: kde-apps/kmailtransport/files/, kde-apps/kmailtransport/

[gentoo-commits] repo/gentoo:master commit in: kde-apps/kmailtransport/files/, kde-apps/kmailtransport/

[Andreas Sturmlechner]

commit:     4754456d4c60b3dc562a7d32de2ff6bf66ab6679
Author:     Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
AuthorDate: Tue Nov 23 15:21:55 2021 +0000
Commit:     Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
CommitDate: Tue Nov 23 20:04:51 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4754456d

kde-apps/kmailtransport: Adapt to kde-apps/ksmtp CVE-2021-38373 fix

Upstream commit cc4907eba8e16c319fb837b5ec85393b118c4ab6

KDE-bug: https://bugs.kde.org/show_bug.cgi?id=423423
Bug: https://bugs.gentoo.org/807355
Package-Manager: Portage-3.0.28, Repoman-3.0.3
Signed-off-by: Andreas Sturmlechner <asturm <AT> gentoo.org>

 .../kmailtransport-21.08.3-CVE-2021-38373.patch    | 63 ++++++++++++++++++++++
 .../kmailtransport-21.08.3-r2.ebuild               | 49 +++++++++++++++++
 2 files changed, 112 insertions(+)

diff --git a/kde-apps/kmailtransport/files/kmailtransport-21.08.3-CVE-2021-38373.patch b/kde-apps/kmailtransport/files/kmailtransport-21.08.3-CVE-2021-38373.patch
new file mode 100644
index 000000000000..e83449e4e32a
--- /dev/null
+++ b/kde-apps/kmailtransport/files/kmailtransport-21.08.3-CVE-2021-38373.patch
@@ -0,0 +1,63 @@
+From cc4907eba8e16c319fb837b5ec85393b118c4ab6 Mon Sep 17 00:00:00 2001
+From: Volker Krause <vkrause@kde.org>
+Date: Thu, 16 Sep 2021 17:07:08 +0200
+Subject: [PATCH] Adapt to KSmtp moving encryption settings from LoginJob to
+ Session
+
+See https://invent.kde.org/pim/ksmtp/-/merge_requests/5.
+
+(cherry picked from commit b49ee72009620f152aaab1f592704e56e3be01f5)
+---
+ src/kmailtransport/plugins/smtp/smtpjob.cpp | 29 ++++++++++-----------
+ 1 file changed, 14 insertions(+), 15 deletions(-)
+
+diff --git a/src/kmailtransport/plugins/smtp/smtpjob.cpp b/src/kmailtransport/plugins/smtp/smtpjob.cpp
+index 7ad0124..5a08dfd 100644
+--- a/src/kmailtransport/plugins/smtp/smtpjob.cpp
++++ b/src/kmailtransport/plugins/smtp/smtpjob.cpp
+@@ -134,6 +134,20 @@ void SmtpJob::startSmtpJob()
+         d->session = new KSmtp::Session(transport()->host(), transport()->port());
+         d->session->setUseNetworkProxy(transport()->useProxy());
+         d->session->setUiProxy(d->uiProxy);
++        switch (transport()->encryption()) {
++        case Transport::EnumEncryption::None:
++            d->session->setEncryptionMode(KSmtp::Session::Unencrypted);
++            break;
++        case Transport::EnumEncryption::TLS:
++            d->session->setEncryptionMode(KSmtp::Session::STARTTLS);
++            break;
++        case Transport::EnumEncryption::SSL:
++            d->session->setEncryptionMode(KSmtp::Session::TLS);
++            break;
++        default:
++            qCWarning(MAILTRANSPORT_SMTP_LOG) << "Unknown encryption mode" << transport()->encryption();
++            break;
++        }
+         if (transport()->specifyHostname()) {
+             d->session->setCustomHostname(transport()->localHostname());
+         }
+@@ -298,21 +312,6 @@ void SmtpJobPrivate::doLogin()
+         break;
+     }
+ 
+-    switch (q->transport()->encryption()) {
+-    case Transport::EnumEncryption::None:
+-        login->setEncryptionMode(KSmtp::LoginJob::Unencrypted);
+-        break;
+-    case Transport::EnumEncryption::TLS:
+-        login->setEncryptionMode(KSmtp::LoginJob::STARTTLS);
+-        break;
+-    case Transport::EnumEncryption::SSL:
+-        login->setEncryptionMode(KSmtp::LoginJob::SSLorTLS);
+-        break;
+-    default:
+-        qCWarning(MAILTRANSPORT_SMTP_LOG) << "Unknown encryption mode" << q->transport()->encryption();
+-        break;
+-    }
+-
+     q->connect(login, &KJob::result, q, &SmtpJob::slotResult);
+     q->addSubjob(login);
+     login->start();
+-- 
+2.34.0
+

diff --git a/kde-apps/kmailtransport/kmailtransport-21.08.3-r2.ebuild b/kde-apps/kmailtransport/kmailtransport-21.08.3-r2.ebuild
new file mode 100644
index 000000000000..c9317630cf43
--- /dev/null
+++ b/kde-apps/kmailtransport/kmailtransport-21.08.3-r2.ebuild
@@ -0,0 +1,49 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+ECM_TEST="true"
+PVCUT=$(ver_cut 1-3)
+KFMIN=5.84.0
+QTMIN=5.15.2
+inherit ecm kde.org
+
+DESCRIPTION="Mail transport service"
+
+LICENSE="LGPL-2.1+"
+SLOT="5"
+KEYWORDS="~amd64 ~arm64 ~ppc64 ~x86"
+IUSE=""
+
+RESTRICT="test"
+
+RDEPEND="
+	dev-libs/qtkeychain:=
+	>=dev-qt/qtdbus-${QTMIN}:5
+	>=dev-qt/qtgui-${QTMIN}:5
+	>=dev-qt/qtnetwork-${QTMIN}:5
+	>=dev-qt/qtwidgets-${QTMIN}:5
+	>=kde-apps/akonadi-${PVCUT}:5
+	>=kde-apps/akonadi-mime-${PVCUT}:5
+	>=kde-apps/kmime-${PVCUT}:5
+	>=kde-apps/ksmtp-21.08.3-r1:5
+	>=kde-apps/libkgapi-${PVCUT}:5
+	>=kde-frameworks/kcmutils-${KFMIN}:5
+	>=kde-frameworks/kcompletion-${KFMIN}:5
+	>=kde-frameworks/kconfig-${KFMIN}:5
+	>=kde-frameworks/kconfigwidgets-${KFMIN}:5
+	>=kde-frameworks/kcoreaddons-${KFMIN}:5
+	>=kde-frameworks/ki18n-${KFMIN}:5
+	>=kde-frameworks/kio-${KFMIN}:5
+	>=kde-frameworks/kwallet-${KFMIN}:5
+	>=kde-frameworks/kwidgetsaddons-${KFMIN}:5
+"
+DEPEND="${RDEPEND}
+	test? ( >=kde-frameworks/ktextwidgets-${KFMIN}:5 )
+"
+
+PATCHES=(
+	"${FILESDIR}/${P}-fix-crash-when-response-empty.patch"
+	"${FILESDIR}/${P}-CVE-2021-38373.patch"
+)

[gentoo-commits] repo/gentoo:master commit in: kde-apps/kmailtransport/files/, kde-apps/kmailtransport/

[Andreas Sturmlechner]

commit:     653d0304fe180fb030803e36552cff2f15656a65
Author:     Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
AuthorDate: Sat Jan 28 21:40:16 2023 +0000
Commit:     Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
CommitDate: Sat Jan 28 22:32:25 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=653d0304

kde-apps/kmailtransport: SmtpJob: Fix use of KCompositeJob

Upstream commit 7b2a5ccea0c54b81245acdbbea77a13e570bba2b
KDE-bug: https://bugs.kde.org/show_bug.cgi?id=406839
KDE-bug: https://bugs.kde.org/show_bug.cgi?id=409122
KDE-bug: https://bugs.kde.org/show_bug.cgi?id=421664
KDE-bug: https://bugs.kde.org/show_bug.cgi?id=456923

Signed-off-by: Andreas Sturmlechner <asturm <AT> gentoo.org>

 ...-22.08.3-SmtpJob-fix-use-of-KCompositeJob.patch | 49 ++++++++++++++++++++++
 .../kmailtransport-22.08.3-r1.ebuild               | 47 +++++++++++++++++++++
 2 files changed, 96 insertions(+)

diff --git a/kde-apps/kmailtransport/files/kmailtransport-22.08.3-SmtpJob-fix-use-of-KCompositeJob.patch b/kde-apps/kmailtransport/files/kmailtransport-22.08.3-SmtpJob-fix-use-of-KCompositeJob.patch
new file mode 100644
index 000000000000..4140cb77d21b
--- /dev/null
+++ b/kde-apps/kmailtransport/files/kmailtransport-22.08.3-SmtpJob-fix-use-of-KCompositeJob.patch
@@ -0,0 +1,49 @@
+From 7b2a5ccea0c54b81245acdbbea77a13e570bba2b Mon Sep 17 00:00:00 2001
+From: Fabian Vogt <fabian@ritter-vogt.de>
+Date: Mon, 21 Nov 2022 11:57:51 +0100
+Subject: [PATCH] SmtpJob: Fix use of KCompositeJob
+
+SmtpJob overrides slotResult, but this had two issues. First, it connected
+to LoginJob::result itself, though addJob already does that. Second, in two
+cases it did not remove finished jobs from the list of subjobs, leading to
+dangling pointers and messing up state. This was most likely only reached
+in the case of an expired XOAUTH2 access_token and caused the job to fail
+after a successful refresh.
+
+BUG: 406839
+BUG: 409122
+BUG: 421664
+BUG: 456923
+---
+ src/kmailtransport/plugins/smtp/smtpjob.cpp | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/kmailtransport/plugins/smtp/smtpjob.cpp b/src/kmailtransport/plugins/smtp/smtpjob.cpp
+index 9d565af..5be220a 100644
+--- a/src/kmailtransport/plugins/smtp/smtpjob.cpp
++++ b/src/kmailtransport/plugins/smtp/smtpjob.cpp
+@@ -308,7 +308,6 @@ void SmtpJobPrivate::doLogin()
+         break;
+     }
+ 
+-    q->connect(login, &KJob::result, q, &SmtpJob::slotResult);
+     q->addSubjob(login);
+     login->start();
+     qCDebug(MAILTRANSPORT_SMTP_LOG) << "Login started";
+@@ -352,11 +351,12 @@ bool SmtpJob::doKill()
+ void SmtpJob::slotResult(KJob *job)
+ {
+     if (s_sessionPool.isDestroyed()) {
++        removeSubjob(job);
+         return;
+     }
+-
+     if (qobject_cast<KSmtp::LoginJob *>(job)) {
+         if (job->error() == KSmtp::LoginJob::TokenExpired) {
++            removeSubjob(job);
+             startPasswordRetrieval(/*force refresh */ true);
+             return;
+         }
+-- 
+GitLab
+

diff --git a/kde-apps/kmailtransport/kmailtransport-22.08.3-r1.ebuild b/kde-apps/kmailtransport/kmailtransport-22.08.3-r1.ebuild
new file mode 100644
index 000000000000..1a304ab97eb3
--- /dev/null
+++ b/kde-apps/kmailtransport/kmailtransport-22.08.3-r1.ebuild
@@ -0,0 +1,47 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+ECM_QTHELP="true"
+ECM_TEST="true"
+PVCUT=$(ver_cut 1-3)
+KFMIN=5.96.0
+QTMIN=5.15.5
+inherit ecm gear.kde.org
+
+DESCRIPTION="Mail transport service"
+
+LICENSE="LGPL-2.1+"
+SLOT="5"
+KEYWORDS="~amd64 ~arm64 ~ppc64 ~riscv ~x86"
+IUSE=""
+
+RESTRICT="test"
+
+RDEPEND="
+	dev-libs/qtkeychain:=[qt5(+)]
+	>=dev-qt/qtdbus-${QTMIN}:5
+	>=dev-qt/qtgui-${QTMIN}:5
+	>=dev-qt/qtnetwork-${QTMIN}:5
+	>=dev-qt/qtwidgets-${QTMIN}:5
+	>=kde-apps/akonadi-${PVCUT}:5
+	>=kde-apps/akonadi-mime-${PVCUT}:5
+	>=kde-apps/kmime-${PVCUT}:5
+	>=kde-apps/ksmtp-${PVCUT}:5
+	>=kde-apps/libkgapi-${PVCUT}:5
+	>=kde-frameworks/kcmutils-${KFMIN}:5
+	>=kde-frameworks/kcompletion-${KFMIN}:5
+	>=kde-frameworks/kconfig-${KFMIN}:5
+	>=kde-frameworks/kconfigwidgets-${KFMIN}:5
+	>=kde-frameworks/kcoreaddons-${KFMIN}:5
+	>=kde-frameworks/ki18n-${KFMIN}:5
+	>=kde-frameworks/kio-${KFMIN}:5
+	>=kde-frameworks/kwallet-${KFMIN}:5
+	>=kde-frameworks/kwidgetsaddons-${KFMIN}:5
+"
+DEPEND="${RDEPEND}
+	test? ( >=kde-frameworks/ktextwidgets-${KFMIN}:5 )
+"
+
+PATCHES=( "${FILESDIR}/${P}-SmtpJob-fix-use-of-KCompositeJob.patch" )