Commit 34e3a1a3 authored by Kevin J. McCarthy's avatar Kevin J. McCarthy

automatic post-release commit for mutt-1.14.3

parent 3e88866d
Pipeline #156106210 passed with stage
in 1 minute and 43 seconds
2020-06-14 11:30:00 -0700 Kevin McCarthy <[email protected]> (3e88866d)
* Prevent possible IMAP MITM via PREAUTH response.
This is similar to CVE-2014-2567 and CVE-2020-12398. STARTTLS is not
allowed in the Authenticated state, so previously Mutt would
implicitly mark the connection as authenticated and skip any
encryption checking/enabling.
No credentials are exposed, but it does allow messages to be sent to
an attacker, via postpone or fcc'ing for instance.
Reuse the $ssl_starttls quadoption "in reverse" to prompt to abort the
connection if it is unencrypted.
Thanks very much to Damian Poddebniak and Fabian Ising from the
Münster University of Applied Sciences for reporting this issue, and
their help in testing the fix.
M imap/imap.c
2020-06-06 20:03:56 -0700 Kevin McCarthy <[email protected]> (f64ec1de)
* Fix GnuTLS interactive prompt short-circuiting.
tls_verify_peers() doesn't verify expiration dates. So aborting early
because of a 0 certstat and the leaf passing tls_check_preauth() does
not mean subsequent intermediate certs are okay: they could be
expired.
In the saved-cert preauth loop, instead of just noting the
tls_check_preauth() rc for the leaf, note the highest cert that passes
preauth.
Then, in the interactive loop (which goes in the opposite order, from
CA to leaf) check that value instead. Since we are trusting certs one
by one, anything that passed in the previous loop will certainly pass
the preauth check at the beginning of tls_check_one_certificate().
M mutt_ssl_gnutls.c
2020-06-05 18:16:31 -0700 Kevin McCarthy <[email protected]> (5fccf603)
* Abort GnuTLS certificate check if a cert in the chain is rejected.
GnuTLS is not checking dates because we disabled that in
tls_negotiate().
So if we don't do this, rejecting an expired intermediate cert will
have no effect. Certstat won't contain an expiration error, and
tls_check_preauth() will only look at each subsequent cert in the
chain's dates.
M mutt_ssl_gnutls.c
2020-06-05 15:21:03 -0700 Kevin McCarthy <[email protected]> (bb0e6277)
* Fix GnuTLS tls_verify_peers() checking.
* Change the function to pass the certstatus parameter by reference,
and indicate success/failure of the function via the return value. It
was previously returning the certstatus, but was also returning 0 or
the *unset* certstatus on error too. Since a 0 certstatus means
"success", this meant a gnutls_certificate_verify_peers2() failure
would be regarded as a valid cert.
* The gnutls_certificate_type_get() inside tls_verify_peers() checks
the *client* certificate type. Since it was only called if
gnutls_certificate_verify_peers2() failed, I assume was either a
mistake, or perhaps an attempt to give a special error message if the
client cert was OpenPGP. In either case, the error message was not
very informative, so just remove the call and special error message.
* Fix GNUTLS_E_NO_CERTIFICATE_FOUND check to be against verify_ret
instead of certstat.
* Fix gnutls_strerror() call to use verify_ret instead of certstat.
* gnutls_certificate_verify_peers2() already calls and checks
gnutls_auth_get_type(), so remove call at the beginning of
tls_check_certificate().
* gnutls_certificate_verify_peers2() also verifies the certificate
type for the *server* is GNUTLS_CRT_X509. Add a comment about that.
M mutt_ssl_gnutls.c
2020-05-27 14:33:58 -0700 Kevin McCarthy <[email protected]> (5ea51e88)
* Fix doc install to check builddir first for bundled files.
Although some of the built files are bundled in the tarball, someone
could still try to build/install from a git checkout with a separate
build directory. There might be other circumstances too, so better to
just add the check for now.
M doc/Makefile.am
2020-05-26 13:51:56 -0700 Kevin McCarthy <[email protected]> (0136dbd1)
* Remove Muttrc and manual.txt from dist tarball files.
The Muttrc needs to be generated because of docdir substitution. The
manual.txt may traditionally be generated by a different tool than the
one on my machine (lynx), so force that to be regenerated too.
It may still be necessary to just rebuild everything, but let's see if
this will do for stable for now.
M doc/Makefile.am
2020-05-25 13:37:20 -0700 Kevin McCarthy <[email protected]> (6feaec02)
* automatic post-release commit for mutt-1.14.2
M ChangeLog
M VERSION
2020-05-25 13:29:22 -0700 Kevin McCarthy <[email protected]> (642a1cfd)
* Update UPDATING file for release.
......@@ -9,6 +9,11 @@ http://www.mutt.org/relnotes/
The keys used are:
!: modified feature, -: deleted feature, +: new feature
1.14.3 (2020-06-14):
! Bug fix release.
! $ssl_starttls also controls aborting an unencrypted IMAP PREAUTH connection.
1.14.2 (2020-05-25):
! Bug fix release.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment