From URL: The setup wizard in kmail defaults to unencrypted connections. When the user clicks on "Check Mail" after the setup, the username and password are sent in the clear. I have not found a way to tell kmail in the manual configuration to use implicit TLS or STARTTLS. What is even worse: assuming you know about that and try to configure STARTTLS directly after the setup. In this case it happens that future connections still happen unencrypted, even though the UI tells otherwise. I clicked on "Restart" in the UI several times and also restarted Akonadi and KMail. In this case, I found that POP3 was once even reset back to "Unencrypted". After few more tries it seems to have settled down to use STARTTLS. Relatively minor issue, but bug appears unfixed.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=532434ebeb2f497074e85ce7babad5e12abf2f21 commit 532434ebeb2f497074e85ce7babad5e12abf2f21 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2020-08-01 15:50:09 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2020-08-01 22:57:18 +0000 kde-apps/kmail-account-wizard: Fix CVE-2020-15954 Bug: https://bugs.gentoo.org/734126 Package-Manager: Portage-3.0.1, Repoman-2.3.23 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> ...ail-account-wizard-20.04.3-CVE-2020-15954.patch | 81 ++++++++++++++++++++++ .../kmail-account-wizard-20.04.3-r1.ebuild | 55 +++++++++++++++ 2 files changed, 136 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b890132492bdf7f2a8de0156c370574a4ab5f13a commit b890132492bdf7f2a8de0156c370574a4ab5f13a Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2020-08-01 15:46:33 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2020-08-01 22:57:17 +0000 kde-apps/kdepim-runtime: Fix CVE-2020-15954 Bug: https://bugs.gentoo.org/734126 Package-Manager: Portage-3.0.1, Repoman-2.3.23 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> .../kdepim-runtime-20.04.3-CVE-2020-15954.patch | 28 +++++++ .../kdepim-runtime-20.04.3-r1.ebuild | 91 ++++++++++++++++++++++ 2 files changed, 119 insertions(+)
Thanks. Tell us when ready to stable.
Sanity check failed: > kde-apps/kmail-account-wizard-20.04.3-r1 > depend arm64 stable profile default/linux/arm64/17.0 (9 total) > >=kde-apps/akonadi-20.04.3:5 > >=kde-apps/kidentitymanagement-20.04.3:5 > >=kde-apps/kldap-20.04.3:5 > >=kde-apps/kmailtransport-20.04.3:5 > >=kde-apps/libkdepim-20.04.3:5 > >=kde-apps/libkleo-20.04.3:5 > >=kde-apps/pimcommon-20.04.3:5 > rdepend arm64 stable profile default/linux/arm64/17.0 (9 total) > >=kde-apps/akonadi-20.04.3:5 > >=kde-apps/kidentitymanagement-20.04.3:5 > >=kde-apps/kldap-20.04.3:5 > >=kde-apps/kmailtransport-20.04.3:5 > >=kde-apps/libkdepim-20.04.3:5 > >=kde-apps/libkleo-20.04.3:5 > >=kde-apps/pimcommon-20.04.3:5 > kde-apps/kdepim-runtime-20.04.3-r1 > depend arm64 stable profile default/linux/arm64/17.0 (9 total) > >=kde-apps/akonadi-20.04.3:5 > >=kde-apps/akonadi-calendar-20.04.3:5 > >=kde-apps/akonadi-contacts-20.04.3:5 > >=kde-apps/akonadi-mime-20.04.3:5 > >=kde-apps/akonadi-notes-20.04.3:5 > >=kde-apps/kalarmcal-20.04.3:5 > >=kde-apps/kcalutils-20.04.3:5 > >=kde-apps/kdav-20.04.3:5 > >=kde-apps/kidentitymanagement-20.04.3:5 > >=kde-apps/kimap-20.04.3:5 > >=kde-apps/kimap-20.04.3:5[test] > >=kde-apps/kmailtransport-20.04.3:5 > >=kde-apps/kmbox-20.04.3:5 > >=kde-apps/kmime-20.04.3:5 > >=kde-apps/libkgapi-20.04.3:5 > >=kde-apps/pimcommon-20.04.3:5 > >=kde-frameworks/kdav-5.70.0:5 > rdepend arm64 stable profile default/linux/arm64/17.0 (9 total) > >=kde-apps/akonadi-20.04.3:5 > >=kde-apps/akonadi-calendar-20.04.3:5 > >=kde-apps/akonadi-contacts-20.04.3:5 > >=kde-apps/akonadi-mime-20.04.3:5 > >=kde-apps/akonadi-notes-20.04.3:5 > >=kde-apps/kalarmcal-20.04.3:5 > >=kde-apps/kcalutils-20.04.3:5 > >=kde-apps/kdav-20.04.3:5 > >=kde-apps/kidentitymanagement-20.04.3:5 > >=kde-apps/kimap-20.04.3:5 > >=kde-apps/kmailtransport-20.04.3:5 > >=kde-apps/kmbox-20.04.3:5 > >=kde-apps/kmime-20.04.3:5 > >=kde-apps/libkgapi-20.04.3:5 > >=kde-apps/pimcommon-20.04.3:5 > >=kde-frameworks/kdav-5.70.0:5
All sanity-check issues have been resolved
arm64 stable
x86 stable
amd64 stable. Maintainer(s), please cleanup. Security, please vote.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fe9566dbf9ea137ebcf317597dda48f9659ccd18 commit fe9566dbf9ea137ebcf317597dda48f9659ccd18 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2020-08-05 14:31:09 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2020-08-06 15:04:36 +0000 kde-apps/kmail-account-wizard: Drop 20.04.3 (r0) Bug: https://bugs.gentoo.org/734126 Package-Manager: Portage-3.0.1, Repoman-2.3.23 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> .../kmail-account-wizard-20.04.3.ebuild | 53 ---------------------- 1 file changed, 53 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=75be503641bfc5f16b7a96492229aa145321ca2c commit 75be503641bfc5f16b7a96492229aa145321ca2c Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2020-08-05 14:30:48 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2020-08-06 15:04:36 +0000 kde-apps/kdepim-runtime: Drop 20.04.3 (r0) Bug: https://bugs.gentoo.org/734126 Package-Manager: Portage-3.0.1, Repoman-2.3.23 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> .../kdepim-runtime/kdepim-runtime-20.04.3.ebuild | 89 ---------------------- 1 file changed, 89 deletions(-)
Thanks. Cleanup done.
GLSA vote: no Closing.
Reopened upstream. https://bugs.kde.org/show_bug.cgi?id=423426#c8
Resetting sanity check; package list is empty or all packages are done.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c480e1e4a9dff1f0ef70c19ab791ec1a202e9734 commit c480e1e4a9dff1f0ef70c19ab791ec1a202e9734 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2021-11-13 17:40:29 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2021-11-13 19:50:48 +0000 kde-apps/kdepim-runtime: Make POP3 setup wizard check encrypt support Upstream commit 35447bd04e8c12afac524e1c4556ef3db088e014 KDE-bug: https://bugs.kde.org/show_bug.cgi?id=423426 Bug: https://bugs.gentoo.org/734126 Package-Manager: Portage-3.0.28, Repoman-3.0.3 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> .../kdepim-runtime-21.08.3-CVE-2020-15954.patch | 110 +++++++++++++++++++++ .../kdepim-runtime-21.08.3-r1.ebuild | 90 +++++++++++++++++ 2 files changed, 200 insertions(+)
No further change to kde-apps/kmail-account-wizard necessary in 21.08.3.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9a799563f477ed02c84d96781931e9e4ff218232 commit 9a799563f477ed02c84d96781931e9e4ff218232 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2021-11-28 13:08:31 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2021-11-29 13:51:54 +0000 kde-apps/kdepim-runtime: drop 21.04.3* Bug: https://bugs.gentoo.org/734126 Bug: https://bugs.gentoo.org/807355 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> kde-apps/kdepim-runtime/Manifest | 1 - .../kdepim-runtime/kdepim-runtime-21.04.3.ebuild | 88 ---------------------- 2 files changed, 89 deletions(-)
cleanup done
Thanks! All done, again.
