!24 fix CVE-2020-14093

From: @wang_yue111 Reviewed-by: @small_leek Signed-off-by: @small_leek
2021-07-27 09:25:26 +00:00 · 2021-07-27 09:25:26 +00:00 · e67a82bb0b
commit e67a82bb0b
parent ab6f70ce29 939f5a0df2
3 changed files with 34 additions and 2 deletions
--- a/backport-CVE-2020-14093-1.patch
+++ b/backport-CVE-2020-14093-1.patch
--- a/backport-CVE-2020-14093-2.patch
+++ b/backport-CVE-2020-14093-2.patch
@ -0,0 +1,28 @@
+From bfb4ba6e6e742d3ca1a23697228fdddc957819a6 Mon Sep 17 00:00:00 2001
+From: Kevin McCarthy <kevin@8t8.us>
+Date: Sat, 20 Jun 2020 06:35:35 -0700
+Subject: [PATCH] Don't check IMAP PREAUTH encryption if $tunnel is in use.
+
+$tunnel is used to create an external encrypted connection.  The default of $ssl_starttls is yes, meaning those kinds of connections will be broken by the CVE-2020-14093 fix.
+---
+ imap/imap.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/imap/imap.c b/imap/imap.c
+index 17d1411..a41ed46 100644
+--- a/imap/imap.c
+++ b/imap/imap.c
+@@ -495,8 +495,8 @@ int imap_open_connection (IMAP_DATA* idata)
+   {
+ #if defined(USE_SSL)
+     /* An unencrypted PREAUTH response is most likely a MITM attack.
+-     * Require a confirmation. */
+-    if (!idata->conn->ssf)
+     * Require a confirmation unless using $tunnel. */
+    if (!idata->conn->ssf && !Tunnel)
+     {
+       if (option(OPTSSLFORCETLS) ||
+           (query_quadoption (OPT_SSLSTARTTLS,
+-- 
+2.23.0
+
--- a/mutt.spec
+++ b/mutt.spec
@ -1,6 +1,6 @@
 Name:           mutt
 Version:        1.10.1
-Release:        5
+Release:        6
 Epoch:          5
 Summary:        Text-based mail client
 License:        GPLv2+ and Public Domain
@ -17,7 +17,8 @@ Patch8:         mutt-1.5.23-system_certs.patch
 Patch9:         mutt-1.9.0-ssl_ciphers.patch
 Patch13:        CVE-2020-28896.patch
 Patch14:        CVE-2021-3181.patch
-Patch15:        CVE-2020-14093.patch
+Patch15:        backport-CVE-2020-14093-1.patch
+Patch16:        backport-CVE-2020-14093-2.patch

 BuildRequires:  gcc ncurses-devel gettext automake /usr/bin/xsltproc
 BuildRequires:  lynx docbook-style-xsl perl-interpreter perl-generators
@ -122,6 +123,9 @@ ln -sf ./muttrc.5 %{buildroot}%{_mandir}/man5/muttrc.local.5
 %{_mandir}/man5/muttrc.*

 %changelog
+- Tue Jul 27 2021 wangyue<wangyue92@huawei.com> - 1.10.1-6
+- fix CVE-2020-14093
+
 * Fri Jul 23 2021 yaoxin<yaoxin30@huawei.com> - 1.10.1-5
 - fix CVE-2020-14093