Fix DoS on certain email content (CVE-2006-0040) bug #124826 and format string error...

author Peter Volkov <pva@gentoo.org>

Sun, 22 Apr 2007 09:48:28 +0000 (09:48 +0000)

committer Peter Volkov <pva@gentoo.org>

Sun, 22 Apr 2007 09:48:28 +0000 (09:48 +0000)
author Peter Volkov <pva@gentoo.org>
Sun, 22 Apr 2007 09:48:28 +0000 (09:48 +0000)
committer Peter Volkov <pva@gentoo.org>
Sun, 22 Apr 2007 09:48:28 +0000 (09:48 +0000)
diff --git a/mail-client/evolution/ChangeLog b/mail-client/evolution/ChangeLog

index 838d84cde5492f49eea7069f69496d52356be04e..211fa3f4dc36bec77b0456d81b1a58d15a1dda22 100644 (file)
--- a/mail-client/evolution/ChangeLog
+++ b/mail-client/evolution/ChangeLog
@@ -1,6 +1,14 @@
  # ChangeLog for mail-client/evolution
  # Copyright 2002-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/mail-client/evolution/ChangeLog,v 1.169 2007/04/16 22:14:02 dang Exp $
+# $Header: /var/cvsroot/gentoo-x86/mail-client/evolution/ChangeLog,v 1.170 2007/04/22 09:48:28 pva Exp $
+
+*evolution-2.8.3-r2 (22 Apr 2007)
+
+  22 Apr 2007; <pva@gentoo.org>
+  +files/evolution-2.8.3-show-plain-if-rendered-message-exceed-limit.patch.g
+  z, +files/evolution-2.8.3-write_html.diff, +evolution-2.8.3-r2.ebuild:
+  Fix DoS on certain email content (CVE-2006-0040) bug #124826 and format
+  string error (CVE-2007-1002) bug #170879.
  
  *evolution-2.10.1 (16 Apr 2007)
  
diff --git a/mail-client/evolution/Manifest b/mail-client/evolution/Manifest

index 4cb8aadf9c7eb12742e1482ba744b2534916aa77..9fc5794e48f4208618c24807200821c6a725a171 100644 (file)
--- a/mail-client/evolution/Manifest
+++ b/mail-client/evolution/Manifest
@@ -1,6 +1,3 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
-
  AUX evolution-2.3.7-configure_plugins.patch 3010 RMD160 9ae69aa76db215f6c9dcaf251ed03369131d86d8 SHA1 8b996b3a578dcc593c752e240c01516d5ee5c2f9 SHA256 c7aa48137fff3e4f8d8fe0d466ff70e6feadb95ed07402273318d111b8ee3c70
  MD5 b5eaa2e30f75b8ec2df29cfd90a1e1f0 files/evolution-2.3.7-configure_plugins.patch 3010
  RMD160 9ae69aa76db215f6c9dcaf251ed03369131d86d8 files/evolution-2.3.7-configure_plugins.patch 3010
@@ -41,6 +38,14 @@ AUX evolution-2.8.3-missing-groupwise-feature.patch 429 RMD160 2ca3bfa4bce41eb1e
  MD5 4431d899b1e6fff9d8ea9e3b23f33af7 files/evolution-2.8.3-missing-groupwise-feature.patch 429
  RMD160 2ca3bfa4bce41eb1e7fa4f298dfd000fe6f4cb6b files/evolution-2.8.3-missing-groupwise-feature.patch 429
  SHA256 88a4e262ef67d3465e4a06b11be2f23e7872b445f85a3c4e9ef41436b20182b4 files/evolution-2.8.3-missing-groupwise-feature.patch 429
+AUX evolution-2.8.3-show-plain-if-rendered-message-exceed-limit.patch.gz 7401 RMD160 2470960bc75ca237f327e22ce48542e523ba0bde SHA1 bab4d2102cf7c6a80afeb6ae0b1f745448822d7b SHA256 1945a9b65621bcaaf42afa24682732fd2d5e8bb09bc371566e1f18478b66e522
+MD5 7d8e2d1bd787aa41fb7df329a198ddaa files/evolution-2.8.3-show-plain-if-rendered-message-exceed-limit.patch.gz 7401
+RMD160 2470960bc75ca237f327e22ce48542e523ba0bde files/evolution-2.8.3-show-plain-if-rendered-message-exceed-limit.patch.gz 7401
+SHA256 1945a9b65621bcaaf42afa24682732fd2d5e8bb09bc371566e1f18478b66e522 files/evolution-2.8.3-show-plain-if-rendered-message-exceed-limit.patch.gz 7401
+AUX evolution-2.8.3-write_html.diff 352 RMD160 ffb0aafa6710a47f397761151113f1a4d566ca1b SHA1 7761e853d6f7807e0a9fcd604407f965ccbf4c50 SHA256 f8b6130e87fd081f6ffeb9ff87fd29d665b31ac49c0702e8969b40089a77a434
+MD5 3116a9f26a8048fc5d4730120ba8d45b files/evolution-2.8.3-write_html.diff 352
+RMD160 ffb0aafa6710a47f397761151113f1a4d566ca1b files/evolution-2.8.3-write_html.diff 352
+SHA256 f8b6130e87fd081f6ffeb9ff87fd29d665b31ac49c0702e8969b40089a77a434 files/evolution-2.8.3-write_html.diff 352
  AUX evolution-2.9.2-bf-junk.patch.gz 10431 RMD160 26825a37ca603267293a8a063b3499f4c3535376 SHA1 974dbe1870d92cd4ad3d75b682f36a899bcff71b SHA256 f9de9826bd2acfaf79af15e7f41c73289693c1f77c6811f80bce1f6027de1493
  MD5 ca5ce673002b921efb90cc6df8c4872e files/evolution-2.9.2-bf-junk.patch.gz 10431
  RMD160 26825a37ca603267293a8a063b3499f4c3535376 files/evolution-2.9.2-bf-junk.patch.gz 10431
@@ -79,10 +84,14 @@ EBUILD evolution-2.8.3-r1.ebuild 6622 RMD160 26988b75fcd8264975701cad78bc69b8ddc
  MD5 f2a3101c8a4999257d8a994cb2c87f71 evolution-2.8.3-r1.ebuild 6622
  RMD160 26988b75fcd8264975701cad78bc69b8ddc6c4b3 evolution-2.8.3-r1.ebuild 6622
  SHA256 f7c1cc01084ef119d5bca42345c90943ff99826f92d7afa9a04a1dd0adcace4b evolution-2.8.3-r1.ebuild 6622
-MISC ChangeLog 42179 RMD160 b4b6469425040a8ed63d13094bdfd0f082f86296 SHA1 6de591fc2d2f861100daf8823f2086cf9b8bbc69 SHA256 83850be228f973eab0168e9b44c7eacadee423d9430d951431934a63be5d1ec0
-MD5 c9be59b44775468189cc421810e77bbe ChangeLog 42179
-RMD160 b4b6469425040a8ed63d13094bdfd0f082f86296 ChangeLog 42179
-SHA256 83850be228f973eab0168e9b44c7eacadee423d9430d951431934a63be5d1ec0 ChangeLog 42179
+EBUILD evolution-2.8.3-r2.ebuild 6869 RMD160 d04314d3f221f9f69c1798ac92344cb1bb86d8a9 SHA1 6196ee0a621cd8d05fd9794ddf31598b2de77797 SHA256 88a2af457025c6dd4ea669fe5635410efef414b6220af600d6de8bc27d31fc7b
+MD5 e7ee1027b99a5e898145fcdf63386c1c evolution-2.8.3-r2.ebuild 6869
+RMD160 d04314d3f221f9f69c1798ac92344cb1bb86d8a9 evolution-2.8.3-r2.ebuild 6869
+SHA256 88a2af457025c6dd4ea669fe5635410efef414b6220af600d6de8bc27d31fc7b evolution-2.8.3-r2.ebuild 6869
+MISC ChangeLog 42514 RMD160 22e6569cb29ed7ccb70f2ad314333aaa136f2be2 SHA1 df2fc3c3b2687af09b0986c9355b96f8db11125b SHA256 4b99ca588f271b84d1fd2a0b0c733c37e7cd858b331a8557338fdc3cc048b872
+MD5 19751ddf14e20f19f62beb08524d4943 ChangeLog 42514
+RMD160 22e6569cb29ed7ccb70f2ad314333aaa136f2be2 ChangeLog 42514
+SHA256 4b99ca588f271b84d1fd2a0b0c733c37e7cd858b331a8557338fdc3cc048b872 ChangeLog 42514
  MISC metadata.xml 228 RMD160 56f093a5237fbe1d26c6914d47d4092d9de0cbcf SHA1 a7000d8d92e63e8b0bcb2531adea06af0fb4ceac SHA256 2f477aca2b0940f4b8d5a5817f1def0daa79846e5d3cb9b6c832a02ee7be298a
  MD5 adc1e2cec38f3e23b706de11a2ac0d92 metadata.xml 228
  RMD160 56f093a5237fbe1d26c6914d47d4092d9de0cbcf metadata.xml 228
@@ -105,10 +114,6 @@ SHA256 d973eab10ec33eb05052ae144c088a0a9ee7c983c5c9d62a9096c1dcbc780561 files/di
  MD5 4baf69f8a0985f0b493a39c1e5f2920e files/digest-evolution-2.8.3-r1 533
  RMD160 0aca45717cdcb1e57839b1826d465c3f96ebd8b5 files/digest-evolution-2.8.3-r1 533
  SHA256 4a580168c5f139e4e65dec026d9c27358a0caad314d78b403d51b38e6fb7a424 files/digest-evolution-2.8.3-r1 533
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.3 (GNU/Linux)
-
-iD8DBQFGI/UtomPajV0RnrERAjglAJ9cYT1yV4fCChZFqm43OL0TEckzoQCfU7R7
-Sb2Jz20yy2YyHfPSs5aVwDk=
-=ujdg
------END PGP SIGNATURE-----
+MD5 4baf69f8a0985f0b493a39c1e5f2920e files/digest-evolution-2.8.3-r2 533
+RMD160 0aca45717cdcb1e57839b1826d465c3f96ebd8b5 files/digest-evolution-2.8.3-r2 533
+SHA256 4a580168c5f139e4e65dec026d9c27358a0caad314d78b403d51b38e6fb7a424 files/digest-evolution-2.8.3-r2 533
diff --git a/mail-client/evolution/evolution-2.8.3-r2.ebuild b/mail-client/evolution/evolution-2.8.3-r2.ebuild

new file mode 100644 (file)

index 0000000..88dd813
--- /dev/null
+++ b/mail-client/evolution/evolution-2.8.3-r2.ebuild
@@ -0,0 +1,220 @@
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/mail-client/evolution/evolution-2.8.3-r2.ebuild,v 1.1 2007/04/22 09:48:28 pva Exp $
+
+inherit eutils flag-o-matic alternatives gnome2 autotools
+
+DESCRIPTION="Integrated mail, addressbook and calendaring functionality"
+HOMEPAGE="http://www.gnome.org/projects/evolution/"
+SRC_URI="${SRC_URI}
+       bogofilter? ( mirror://gentoo/${PN}-2.5.5.1-bf-junk.tar.bz2 )"
+
+LICENSE="GPL-2 FDL-1.1"
+SLOT="2.0"
+KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86"
+# gstreamer for audio-inline, when it uses 0.10
+IUSE="bogofilter crypt dbus debug doc hal ipv6 kerberos krb4 ldap mono nntp pda profile spell ssl"
+
+# Pango dependency required to avoid font rendering problems
+RDEPEND=">=x11-themes/gnome-icon-theme-1.2
+       dev-libs/atk
+       >=gnome-extra/gtkhtml-3.9.90
+       >=dev-libs/glib-2.10
+       >=gnome-base/orbit-2.9.8
+       >=gnome-base/libbonobo-2
+       >=gnome-extra/evolution-data-server-1.7.90
+       >=gnome-base/libbonoboui-2.4.2
+       >=gnome-base/gnome-vfs-2.4
+       >=gnome-base/libgnomeui-2
+       >=gnome-base/libglade-2
+       >=gnome-base/libgnomecanvas-2
+       >=dev-libs/libxml2-2
+       >=gnome-base/gconf-2
+       >=gnome-base/libgnomeprint-2.7
+       >=gnome-base/libgnomeprintui-2.2.1
+       >=x11-libs/gtk+-2
+       >=gnome-base/libgnome-2
+       >=net-libs/libsoup-2.2.96
+       >=x11-libs/pango-1.8.1
+       x11-libs/libnotify
+       hal? ( >=sys-apps/hal-0.5.4 )
+       pda? (
+               >=app-pda/gnome-pilot-2
+               >=app-pda/gnome-pilot-conduits-2 )
+       spell? ( >=app-text/gnome-spell-1.0.5 )
+       crypt? ( || ( >=app-crypt/gnupg-2.0.1-r2 =app-crypt/gnupg-1.4* ) )
+       ssl? (
+               >=dev-libs/nspr-4.6.1
+               >=dev-libs/nss-3.11 )
+       ldap? ( >=net-nds/openldap-2 )
+       kerberos? ( virtual/krb5 )
+       krb4? ( virtual/krb5 )
+       dbus? ( || (
+               dev-libs/dbus-glib
+               ~sys-apps/dbus-0.62 ) )
+       mono? ( >=dev-lang/mono-1 )
+       bogofilter? ( mail-filter/bogofilter )
+       !bogofilter? ( mail-filter/spamassassin )"
+#      gstreamer? (
+#              >=media-libs/gstreamer-0.10
+#              >=media-libs/gst-plugins-base-0.10 )
+
+DEPEND="${RDEPEND}
+       >=dev-util/pkgconfig-0.9
+       >=dev-util/intltool-0.35
+       sys-devel/gettext
+       sys-devel/bison
+       app-text/scrollkeeper
+       >=gnome-base/gnome-common-2.12.0
+       doc? ( >=dev-util/gtk-doc-0.6 )"
+
+DOCS="AUTHORS ChangeLog* HACKING MAINTAINERS NEWS* README"
+ELTCONF="--reverse-deps"
+
+
+pkg_setup() {
+       G2CONF="--disable-default-binary \
+               --without-kde-applnk-path        \
+               $(use_enable ssl nss)            \
+               $(use_enable ssl smime)          \
+               $(use_enable ipv6)               \
+               $(use_enable mono)               \
+               $(use_enable nntp)               \
+               $(use_enable pda pilot-conduits) \
+               $(use_enable profile profiling)  \
+               $(use_with ldap openldap)        \
+               $(use_with kerberos krb5 /usr)"
+
+       # We need a graphical pinentry frontend to be able to ask for the GPG
+       # password from inside evolution, bug 160302
+       if use crypt && has_version '>=app-crypt/gnupg-2.0.1-r2'; then
+               if ! built_with_use -o app-crypt/pinentry gtk qt3; then
+                       die "You must build app-crypt/pinentry with GTK or QT3 support"
+               fi
+       fi
+
+       if use krb4 && ! built_with_use virtual/krb5 krb4; then
+               ewarn
+               ewarn "In order to add kerberos 4 support, you have to emerge"
+               ewarn "virtual/krb5 with the 'krb4' USE flag enabled as well."
+               ewarn
+               ewarn "Skipping for now."
+               ewarn
+               G2CONF="${G2CONF} --without-krb4"
+       else
+               G2CONF="${G2CONF} $(use_with krb4 krb4 /usr)"
+       fi
+
+       # Plug-ins to install. Normally we would want something similar to
+       # --enable-plugins=all (plugins_base + plugins_standard), except for some
+       # special cases.
+       local plugins="calendar-file calendar-http calendar-weather \
+               itip-formatter plugin-manager default-source addressbook-file \
+               startup-wizard print-message mark-all-read groupwise-features \
+               groupwise-account-setup hula-account-setup mail-account-disable \
+               publish-calendar caldav \
+               bbdb subject-thread save-calendar select-one-source copy-tool \
+               mail-to-task mark-calendar-offline mailing-list-actions \
+               new-mail-notify default-mailer import-ics-attachments"
+
+       # For dev releases, add experimental plugins
+       plugins="${plugins} backup-restore folder-unsubscribe mail-to-meeting \
+               prefer-plain save-attachments"
+
+       if use bogofilter; then
+               plugins="${plugins} bf-junk-plugin"
+       else
+               plugins="${plugins} sa-junk-plugin"
+       fi
+
+       # The special cases
+
+       # remove this due to bug #128035 re-enable later if it doesn't dep on
+       # gstreamer-0.8
+       # use gstreamer && plugins="${plugins} audio-inline"
+       use dbus && plugins="${plugins} new-mail-notify"
+       use mono && plugins="${plugins} mono"
+
+       if built_with_use gnome-extra/evolution-data-server ldap; then
+               plugins="${plugins} exchange-operations"
+       fi
+
+       local pluginlist=""
+       for p in $plugins; do
+               [ "x$pluginlist" != "x" ] && pluginlist="${pluginlist},"
+               pluginlist="${pluginlist}${p}"
+       done
+
+       G2CONF="${G2CONF} --enable-plugins=${pluginlist}"
+}
+
+src_unpack() {
+       unpack ${P}.tar.bz2
+       cd "${S}"
+
+       gnome2_omf_fix help/omf.make
+
+       # Accept the list of plugins separated by commas instead of spaces.
+       epatch "${FILESDIR}"/${PN}-2.3.7-configure_plugins.patch
+
+       # Move evo to URI-based saving
+       epatch "${FILESDIR}"/${PN}-2.8.0-uri.patch.gz
+
+       # Fix 64-bit warnings
+       epatch "${FILESDIR}"/${PN}-2.8.1.1-64-bit.patch
+
+       # Fix settings OK button.  Bug #166740
+       epatch "${FILESDIR}"/${P}-missing-groupwise-feature.patch
+
+       # Fix linking against pilot-link wiht --as-needed; bug #154453
+       epatch "${FILESDIR}"/${PN}-2.8.2.1-pilot-link-as-needed.patch
+
+       # Fix DoS on certain email content (CVE-2006-0040) bug #124826
+       epatch "${FILESDIR}"/${P}-show-plain-if-rendered-message-exceed-limit.patch.gz
+
+       # Fix format string error (CVE-2007-1002) bug #170879
+       epatch "${FILESDIR}"/${P}-write_html.diff
+
+       # Add bogofilter junk plugin source
+       use bogofilter && epatch "${FILESDIR}"/${PN}-2.8.2.1-bf-junk.patch.gz
+
+       eaclocal || die
+       _elibtoolize --copy --force || die
+       eautoheader || die
+       eautomake || die
+       intltoolize --force || die
+       eautoconf || die
+}
+
+src_compile() {
+       # Use NSS/NSPR only if 'ssl' is enabled.
+       if use ssl ; then
+               sed -i -e "s|mozilla-nss|nss|
+                       s|mozilla-nspr|nspr|" ${S}/configure
+               G2CONF="${G2CONF} --enable-nss=yes"
+       else
+               G2CONF="${G2CONF} --without-nspr-libs --without-nspr-includes \
+                       --without-nss-libs --without-nss-includes"
+       fi
+
+       # problems with -O3 on gcc-3.3.1
+       replace-flags -O3 -O2
+
+       if [ "${ARCH}" = "hppa" ]; then
+               append-flags "-fPIC -ffunction-sections"
+               export LDFLAGS="-ffunction-sections -Wl,--stub-group-size=25000"
+       fi
+
+       gnome2_src_compile
+}
+
+pkg_postinst() {
+       gnome2_pkg_postinst
+
+       alternatives_auto_makesym "/usr/bin/evolution" "/usr/bin/evolution-[0-9].[0-9]"
+       elog "To change the default browser if you are not using GNOME, do:"
+       elog "gconftool-2 --set /desktop/gnome/url-handlers/http/command -t string 'mozilla %s'"
+       elog "gconftool-2 --set /desktop/gnome/url-handlers/https/command -t string 'mozilla %s'"
+       elog ""
+       elog "Replace 'mozilla %s' with which ever browser you use."
+}
diff --git a/mail-client/evolution/files/digest-evolution-2.8.3-r2 b/mail-client/evolution/files/digest-evolution-2.8.3-r2

new file mode 100644 (file)

index 0000000..4d2af2e
--- /dev/null
+++ b/mail-client/evolution/files/digest-evolution-2.8.3-r2
@@ -0,0 +1,6 @@
+MD5 31456188591167083628df719adc8f22 evolution-2.5.5.1-bf-junk.tar.bz2 10771
+RMD160 7ae764761607d50024fbec32680bc57e04ac7879 evolution-2.5.5.1-bf-junk.tar.bz2 10771
+SHA256 b8988b28836a201606d8fa651f48722ebac8c984dcc171f7f7a3b860d0f7a045 evolution-2.5.5.1-bf-junk.tar.bz2 10771
+MD5 099876b347b114ec08ce6998b4a48d8c evolution-2.8.3.tar.bz2 12931527
+RMD160 cbf86ecbee7619f54ea6e60780d5c182208c5bf3 evolution-2.8.3.tar.bz2 12931527
+SHA256 08819f459185de7f36ac43702bb5314d1b2a9fae33db9ac4c5d9dfb3aaabca90 evolution-2.8.3.tar.bz2 12931527
diff --git a/mail-client/evolution/files/evolution-2.8.3-show-plain-if-rendered-message-exceed-limit.patch.gz b/mail-client/evolution/files/evolution-2.8.3-show-plain-if-rendered-message-exceed-limit.patch.gz

new file mode 100644 (file)

index 0000000..e9e6023

Binary files /dev/null and b/mail-client/evolution/files/evolution-2.8.3-show-plain-if-rendered-message-exceed-limit.patch.gz differ
diff --git a/mail-client/evolution/files/evolution-2.8.3-write_html.diff b/mail-client/evolution/files/evolution-2.8.3-write_html.diff

new file mode 100644 (file)

index 0000000..9f6edad
--- /dev/null
+++ b/mail-client/evolution/files/evolution-2.8.3-write_html.diff
@@ -0,0 +1,11 @@
+--- ./calendar/gui/e-cal-component-memo-preview.c.orig 2007-04-01 22:14:15.000000000 +0400
++++ ./calendar/gui/e-cal-component-memo-preview.c      2007-04-01 22:14:47.000000000 +0400
+@@ -185,7 +185,7 @@
+                       }
+               }
+               
+-              gtk_html_stream_printf(stream, string->str);
++              gtk_html_stream_printf(stream, "%s", string->str);
+ 
+               g_string_free (string, TRUE);
+
author	Peter Volkov <pva@gentoo.org>
	Sun, 22 Apr 2007 09:48:28 +0000 (09:48 +0000)
committer	Peter Volkov <pva@gentoo.org>
	Sun, 22 Apr 2007 09:48:28 +0000 (09:48 +0000)
mail-client/evolution/ChangeLog		patch \| blob \| history
mail-client/evolution/Manifest		patch \| blob \| history
mail-client/evolution/evolution-2.8.3-r2.ebuild	[new file with mode: 0644]	patch \| blob
mail-client/evolution/files/digest-evolution-2.8.3-r2	[new file with mode: 0644]	patch \| blob
mail-client/evolution/files/evolution-2.8.3-show-plain-if-rendered-message-exceed-limit.patch.gz	[new file with mode: 0644]	patch \| blob
mail-client/evolution/files/evolution-2.8.3-write_html.diff	[new file with mode: 0644]	patch \| blob