From d23282a2f559ff4860e2b58e210cc7779c65d1ee Mon Sep 17 00:00:00 2001
From: Peder Bergebakken Sundt <pbsds@hotmail.com>
Date: Sat, 23 Jul 2022 05:45:24 +0200
Subject: rainloop-{community,standard}: patch CVE-2022-29360

---
 pkgs/servers/rainloop/default.nix              | 18 +++++++++++++++---
 pkgs/servers/rainloop/fix-cve-2022-29360.patch | 23 +++++++++++++++++++++++
 2 files changed, 38 insertions(+), 3 deletions(-)
 create mode 100644 pkgs/servers/rainloop/fix-cve-2022-29360.patch

(limited to 'pkgs')

diff --git a/pkgs/servers/rainloop/default.nix b/pkgs/servers/rainloop/default.nix
index bc1f0905c6b..1c7c76b2bd4 100644
--- a/pkgs/servers/rainloop/default.nix
+++ b/pkgs/servers/rainloop/default.nix
@@ -1,10 +1,10 @@
-{ lib, stdenv, fetchurl, unzip, pkgs, dataPath ? "/var/lib/rainloop" }: let
+{ lib, stdenv, fetchurl, unzip, writeText, dos2unix, dataPath ? "/var/lib/rainloop" }: let
   common = { edition, sha256 }:
     stdenv.mkDerivation (rec {
       pname = "rainloop${lib.optionalString (edition != "") "-${edition}"}";
       version = "1.16.0";
 
-      nativeBuildInputs = [ unzip ];
+      nativeBuildInputs = [ unzip dos2unix ];
 
       unpackPhase = ''
         mkdir rainloop
@@ -16,7 +16,19 @@
         sha256 = sha256;
       };
 
-      includeScript = pkgs.writeText "include.php" ''
+      prePatch = ''
+        dos2unix ./rainloop/rainloop/v/1.16.0/app/libraries/MailSo/Base/HtmlUtils.php
+      '';
+
+      patches = [
+        ./fix-cve-2022-29360.patch
+      ];
+
+      postPatch = ''
+        unix2dos ./rainloop/rainloop/v/1.16.0/app/libraries/MailSo/Base/HtmlUtils.php
+      '';
+
+      includeScript = writeText "include.php" ''
         <?php
 
         /**
diff --git a/pkgs/servers/rainloop/fix-cve-2022-29360.patch b/pkgs/servers/rainloop/fix-cve-2022-29360.patch
new file mode 100644
index 00000000000..5ee7ad1103d
--- /dev/null
+++ b/pkgs/servers/rainloop/fix-cve-2022-29360.patch
@@ -0,0 +1,23 @@
+Fetched from https://blog.sonarsource.com/rainloop-emails-at-risk-due-to-code-flaw/
+
+--- a/rainloop/rainloop/v/1.16.0/app/libraries/MailSo/Base/HtmlUtils.php
++++ b/rainloop/rainloop/v/1.16.0/app/libraries/MailSo/Base/HtmlUtils.php
+@@ -239,7 +239,8 @@ class HtmlUtils
+ 				$oWrapHtml->setAttribute($sKey, $sValue);
+ 			}
+ 
+-			$oWrapDom = $oDom->createElement('div', '___xxx___');
++			$rand_str = base64_encode(random_bytes(32));
++			$oWrapDom = $oDom->createElement('div', $rand_str);
+ 			$oWrapDom->setAttribute('data-x-div-type', 'body');
+ 			foreach ($aBodylAttrs as $sKey => $sValue)
+ 			{
+@@ -250,7 +251,7 @@ class HtmlUtils
+ 
+ 			$sWrp = $oDom->saveHTML($oWrapHtml);
+ 
+-			$sResult = \str_replace('___xxx___', $sResult, $sWrp);
++			$sResult = \str_replace($rand_str, $sResult, $sWrp);
+ 		}
+ 
+ 		$sResult = \str_replace(\MailSo\Base\HtmlUtils::$KOS, ':', $sResult);
-- 
cgit 1.4.1