From: Peter Volkov Date: Sun, 22 Apr 2007 09:48:28 +0000 (+0000) Subject: Fix DoS on certain email content (CVE-2006-0040) bug #124826 and format string error... X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=061047af294517888d2479f14f84adc954233460;p=gentoo.git Fix DoS on certain email content (CVE-2006-0040) bug #124826 and format string error (CVE-2007-1002) bug #170879. Package-Manager: portage-2.1.2.2 --- diff --git a/mail-client/evolution/ChangeLog b/mail-client/evolution/ChangeLog index 838d84cde549..211fa3f4dc36 100644 --- a/mail-client/evolution/ChangeLog +++ b/mail-client/evolution/ChangeLog @@ -1,6 +1,14 @@ # ChangeLog for mail-client/evolution # Copyright 2002-2007 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/mail-client/evolution/ChangeLog,v 1.169 2007/04/16 22:14:02 dang Exp $ +# $Header: /var/cvsroot/gentoo-x86/mail-client/evolution/ChangeLog,v 1.170 2007/04/22 09:48:28 pva Exp $ + +*evolution-2.8.3-r2 (22 Apr 2007) + + 22 Apr 2007; + +files/evolution-2.8.3-show-plain-if-rendered-message-exceed-limit.patch.g + z, +files/evolution-2.8.3-write_html.diff, +evolution-2.8.3-r2.ebuild: + Fix DoS on certain email content (CVE-2006-0040) bug #124826 and format + string error (CVE-2007-1002) bug #170879. *evolution-2.10.1 (16 Apr 2007) diff --git a/mail-client/evolution/Manifest b/mail-client/evolution/Manifest index 4cb8aadf9c7e..9fc5794e48f4 100644 --- a/mail-client/evolution/Manifest +++ b/mail-client/evolution/Manifest @@ -1,6 +1,3 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA1 - AUX evolution-2.3.7-configure_plugins.patch 3010 RMD160 9ae69aa76db215f6c9dcaf251ed03369131d86d8 SHA1 8b996b3a578dcc593c752e240c01516d5ee5c2f9 SHA256 c7aa48137fff3e4f8d8fe0d466ff70e6feadb95ed07402273318d111b8ee3c70 MD5 b5eaa2e30f75b8ec2df29cfd90a1e1f0 files/evolution-2.3.7-configure_plugins.patch 3010 RMD160 9ae69aa76db215f6c9dcaf251ed03369131d86d8 files/evolution-2.3.7-configure_plugins.patch 3010 @@ -41,6 +38,14 @@ AUX evolution-2.8.3-missing-groupwise-feature.patch 429 RMD160 2ca3bfa4bce41eb1e MD5 4431d899b1e6fff9d8ea9e3b23f33af7 files/evolution-2.8.3-missing-groupwise-feature.patch 429 RMD160 2ca3bfa4bce41eb1e7fa4f298dfd000fe6f4cb6b files/evolution-2.8.3-missing-groupwise-feature.patch 429 SHA256 88a4e262ef67d3465e4a06b11be2f23e7872b445f85a3c4e9ef41436b20182b4 files/evolution-2.8.3-missing-groupwise-feature.patch 429 +AUX evolution-2.8.3-show-plain-if-rendered-message-exceed-limit.patch.gz 7401 RMD160 2470960bc75ca237f327e22ce48542e523ba0bde SHA1 bab4d2102cf7c6a80afeb6ae0b1f745448822d7b SHA256 1945a9b65621bcaaf42afa24682732fd2d5e8bb09bc371566e1f18478b66e522 +MD5 7d8e2d1bd787aa41fb7df329a198ddaa files/evolution-2.8.3-show-plain-if-rendered-message-exceed-limit.patch.gz 7401 +RMD160 2470960bc75ca237f327e22ce48542e523ba0bde files/evolution-2.8.3-show-plain-if-rendered-message-exceed-limit.patch.gz 7401 +SHA256 1945a9b65621bcaaf42afa24682732fd2d5e8bb09bc371566e1f18478b66e522 files/evolution-2.8.3-show-plain-if-rendered-message-exceed-limit.patch.gz 7401 +AUX evolution-2.8.3-write_html.diff 352 RMD160 ffb0aafa6710a47f397761151113f1a4d566ca1b SHA1 7761e853d6f7807e0a9fcd604407f965ccbf4c50 SHA256 f8b6130e87fd081f6ffeb9ff87fd29d665b31ac49c0702e8969b40089a77a434 +MD5 3116a9f26a8048fc5d4730120ba8d45b files/evolution-2.8.3-write_html.diff 352 +RMD160 ffb0aafa6710a47f397761151113f1a4d566ca1b files/evolution-2.8.3-write_html.diff 352 +SHA256 f8b6130e87fd081f6ffeb9ff87fd29d665b31ac49c0702e8969b40089a77a434 files/evolution-2.8.3-write_html.diff 352 AUX evolution-2.9.2-bf-junk.patch.gz 10431 RMD160 26825a37ca603267293a8a063b3499f4c3535376 SHA1 974dbe1870d92cd4ad3d75b682f36a899bcff71b SHA256 f9de9826bd2acfaf79af15e7f41c73289693c1f77c6811f80bce1f6027de1493 MD5 ca5ce673002b921efb90cc6df8c4872e files/evolution-2.9.2-bf-junk.patch.gz 10431 RMD160 26825a37ca603267293a8a063b3499f4c3535376 files/evolution-2.9.2-bf-junk.patch.gz 10431 @@ -79,10 +84,14 @@ EBUILD evolution-2.8.3-r1.ebuild 6622 RMD160 26988b75fcd8264975701cad78bc69b8ddc MD5 f2a3101c8a4999257d8a994cb2c87f71 evolution-2.8.3-r1.ebuild 6622 RMD160 26988b75fcd8264975701cad78bc69b8ddc6c4b3 evolution-2.8.3-r1.ebuild 6622 SHA256 f7c1cc01084ef119d5bca42345c90943ff99826f92d7afa9a04a1dd0adcace4b evolution-2.8.3-r1.ebuild 6622 -MISC ChangeLog 42179 RMD160 b4b6469425040a8ed63d13094bdfd0f082f86296 SHA1 6de591fc2d2f861100daf8823f2086cf9b8bbc69 SHA256 83850be228f973eab0168e9b44c7eacadee423d9430d951431934a63be5d1ec0 -MD5 c9be59b44775468189cc421810e77bbe ChangeLog 42179 -RMD160 b4b6469425040a8ed63d13094bdfd0f082f86296 ChangeLog 42179 -SHA256 83850be228f973eab0168e9b44c7eacadee423d9430d951431934a63be5d1ec0 ChangeLog 42179 +EBUILD evolution-2.8.3-r2.ebuild 6869 RMD160 d04314d3f221f9f69c1798ac92344cb1bb86d8a9 SHA1 6196ee0a621cd8d05fd9794ddf31598b2de77797 SHA256 88a2af457025c6dd4ea669fe5635410efef414b6220af600d6de8bc27d31fc7b +MD5 e7ee1027b99a5e898145fcdf63386c1c evolution-2.8.3-r2.ebuild 6869 +RMD160 d04314d3f221f9f69c1798ac92344cb1bb86d8a9 evolution-2.8.3-r2.ebuild 6869 +SHA256 88a2af457025c6dd4ea669fe5635410efef414b6220af600d6de8bc27d31fc7b evolution-2.8.3-r2.ebuild 6869 +MISC ChangeLog 42514 RMD160 22e6569cb29ed7ccb70f2ad314333aaa136f2be2 SHA1 df2fc3c3b2687af09b0986c9355b96f8db11125b SHA256 4b99ca588f271b84d1fd2a0b0c733c37e7cd858b331a8557338fdc3cc048b872 +MD5 19751ddf14e20f19f62beb08524d4943 ChangeLog 42514 +RMD160 22e6569cb29ed7ccb70f2ad314333aaa136f2be2 ChangeLog 42514 +SHA256 4b99ca588f271b84d1fd2a0b0c733c37e7cd858b331a8557338fdc3cc048b872 ChangeLog 42514 MISC metadata.xml 228 RMD160 56f093a5237fbe1d26c6914d47d4092d9de0cbcf SHA1 a7000d8d92e63e8b0bcb2531adea06af0fb4ceac SHA256 2f477aca2b0940f4b8d5a5817f1def0daa79846e5d3cb9b6c832a02ee7be298a MD5 adc1e2cec38f3e23b706de11a2ac0d92 metadata.xml 228 RMD160 56f093a5237fbe1d26c6914d47d4092d9de0cbcf metadata.xml 228 @@ -105,10 +114,6 @@ SHA256 d973eab10ec33eb05052ae144c088a0a9ee7c983c5c9d62a9096c1dcbc780561 files/di MD5 4baf69f8a0985f0b493a39c1e5f2920e files/digest-evolution-2.8.3-r1 533 RMD160 0aca45717cdcb1e57839b1826d465c3f96ebd8b5 files/digest-evolution-2.8.3-r1 533 SHA256 4a580168c5f139e4e65dec026d9c27358a0caad314d78b403d51b38e6fb7a424 files/digest-evolution-2.8.3-r1 533 ------BEGIN PGP SIGNATURE----- -Version: GnuPG v2.0.3 (GNU/Linux) - -iD8DBQFGI/UtomPajV0RnrERAjglAJ9cYT1yV4fCChZFqm43OL0TEckzoQCfU7R7 -Sb2Jz20yy2YyHfPSs5aVwDk= -=ujdg ------END PGP SIGNATURE----- +MD5 4baf69f8a0985f0b493a39c1e5f2920e files/digest-evolution-2.8.3-r2 533 +RMD160 0aca45717cdcb1e57839b1826d465c3f96ebd8b5 files/digest-evolution-2.8.3-r2 533 +SHA256 4a580168c5f139e4e65dec026d9c27358a0caad314d78b403d51b38e6fb7a424 files/digest-evolution-2.8.3-r2 533 diff --git a/mail-client/evolution/evolution-2.8.3-r2.ebuild b/mail-client/evolution/evolution-2.8.3-r2.ebuild new file mode 100644 index 000000000000..88dd8139b104 --- /dev/null +++ b/mail-client/evolution/evolution-2.8.3-r2.ebuild @@ -0,0 +1,220 @@ +# Copyright 1999-2007 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/mail-client/evolution/evolution-2.8.3-r2.ebuild,v 1.1 2007/04/22 09:48:28 pva Exp $ + +inherit eutils flag-o-matic alternatives gnome2 autotools + +DESCRIPTION="Integrated mail, addressbook and calendaring functionality" +HOMEPAGE="http://www.gnome.org/projects/evolution/" +SRC_URI="${SRC_URI} + bogofilter? ( mirror://gentoo/${PN}-2.5.5.1-bf-junk.tar.bz2 )" + +LICENSE="GPL-2 FDL-1.1" +SLOT="2.0" +KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86" +# gstreamer for audio-inline, when it uses 0.10 +IUSE="bogofilter crypt dbus debug doc hal ipv6 kerberos krb4 ldap mono nntp pda profile spell ssl" + +# Pango dependency required to avoid font rendering problems +RDEPEND=">=x11-themes/gnome-icon-theme-1.2 + dev-libs/atk + >=gnome-extra/gtkhtml-3.9.90 + >=dev-libs/glib-2.10 + >=gnome-base/orbit-2.9.8 + >=gnome-base/libbonobo-2 + >=gnome-extra/evolution-data-server-1.7.90 + >=gnome-base/libbonoboui-2.4.2 + >=gnome-base/gnome-vfs-2.4 + >=gnome-base/libgnomeui-2 + >=gnome-base/libglade-2 + >=gnome-base/libgnomecanvas-2 + >=dev-libs/libxml2-2 + >=gnome-base/gconf-2 + >=gnome-base/libgnomeprint-2.7 + >=gnome-base/libgnomeprintui-2.2.1 + >=x11-libs/gtk+-2 + >=gnome-base/libgnome-2 + >=net-libs/libsoup-2.2.96 + >=x11-libs/pango-1.8.1 + x11-libs/libnotify + hal? ( >=sys-apps/hal-0.5.4 ) + pda? ( + >=app-pda/gnome-pilot-2 + >=app-pda/gnome-pilot-conduits-2 ) + spell? ( >=app-text/gnome-spell-1.0.5 ) + crypt? ( || ( >=app-crypt/gnupg-2.0.1-r2 =app-crypt/gnupg-1.4* ) ) + ssl? ( + >=dev-libs/nspr-4.6.1 + >=dev-libs/nss-3.11 ) + ldap? ( >=net-nds/openldap-2 ) + kerberos? ( virtual/krb5 ) + krb4? ( virtual/krb5 ) + dbus? ( || ( + dev-libs/dbus-glib + ~sys-apps/dbus-0.62 ) ) + mono? ( >=dev-lang/mono-1 ) + bogofilter? ( mail-filter/bogofilter ) + !bogofilter? ( mail-filter/spamassassin )" +# gstreamer? ( +# >=media-libs/gstreamer-0.10 +# >=media-libs/gst-plugins-base-0.10 ) + +DEPEND="${RDEPEND} + >=dev-util/pkgconfig-0.9 + >=dev-util/intltool-0.35 + sys-devel/gettext + sys-devel/bison + app-text/scrollkeeper + >=gnome-base/gnome-common-2.12.0 + doc? ( >=dev-util/gtk-doc-0.6 )" + +DOCS="AUTHORS ChangeLog* HACKING MAINTAINERS NEWS* README" +ELTCONF="--reverse-deps" + + +pkg_setup() { + G2CONF="--disable-default-binary \ + --without-kde-applnk-path \ + $(use_enable ssl nss) \ + $(use_enable ssl smime) \ + $(use_enable ipv6) \ + $(use_enable mono) \ + $(use_enable nntp) \ + $(use_enable pda pilot-conduits) \ + $(use_enable profile profiling) \ + $(use_with ldap openldap) \ + $(use_with kerberos krb5 /usr)" + + # We need a graphical pinentry frontend to be able to ask for the GPG + # password from inside evolution, bug 160302 + if use crypt && has_version '>=app-crypt/gnupg-2.0.1-r2'; then + if ! built_with_use -o app-crypt/pinentry gtk qt3; then + die "You must build app-crypt/pinentry with GTK or QT3 support" + fi + fi + + if use krb4 && ! built_with_use virtual/krb5 krb4; then + ewarn + ewarn "In order to add kerberos 4 support, you have to emerge" + ewarn "virtual/krb5 with the 'krb4' USE flag enabled as well." + ewarn + ewarn "Skipping for now." + ewarn + G2CONF="${G2CONF} --without-krb4" + else + G2CONF="${G2CONF} $(use_with krb4 krb4 /usr)" + fi + + # Plug-ins to install. Normally we would want something similar to + # --enable-plugins=all (plugins_base + plugins_standard), except for some + # special cases. + local plugins="calendar-file calendar-http calendar-weather \ + itip-formatter plugin-manager default-source addressbook-file \ + startup-wizard print-message mark-all-read groupwise-features \ + groupwise-account-setup hula-account-setup mail-account-disable \ + publish-calendar caldav \ + bbdb subject-thread save-calendar select-one-source copy-tool \ + mail-to-task mark-calendar-offline mailing-list-actions \ + new-mail-notify default-mailer import-ics-attachments" + + # For dev releases, add experimental plugins + plugins="${plugins} backup-restore folder-unsubscribe mail-to-meeting \ + prefer-plain save-attachments" + + if use bogofilter; then + plugins="${plugins} bf-junk-plugin" + else + plugins="${plugins} sa-junk-plugin" + fi + + # The special cases + + # remove this due to bug #128035 re-enable later if it doesn't dep on + # gstreamer-0.8 + # use gstreamer && plugins="${plugins} audio-inline" + use dbus && plugins="${plugins} new-mail-notify" + use mono && plugins="${plugins} mono" + + if built_with_use gnome-extra/evolution-data-server ldap; then + plugins="${plugins} exchange-operations" + fi + + local pluginlist="" + for p in $plugins; do + [ "x$pluginlist" != "x" ] && pluginlist="${pluginlist}," + pluginlist="${pluginlist}${p}" + done + + G2CONF="${G2CONF} --enable-plugins=${pluginlist}" +} + +src_unpack() { + unpack ${P}.tar.bz2 + cd "${S}" + + gnome2_omf_fix help/omf.make + + # Accept the list of plugins separated by commas instead of spaces. + epatch "${FILESDIR}"/${PN}-2.3.7-configure_plugins.patch + + # Move evo to URI-based saving + epatch "${FILESDIR}"/${PN}-2.8.0-uri.patch.gz + + # Fix 64-bit warnings + epatch "${FILESDIR}"/${PN}-2.8.1.1-64-bit.patch + + # Fix settings OK button. Bug #166740 + epatch "${FILESDIR}"/${P}-missing-groupwise-feature.patch + + # Fix linking against pilot-link wiht --as-needed; bug #154453 + epatch "${FILESDIR}"/${PN}-2.8.2.1-pilot-link-as-needed.patch + + # Fix DoS on certain email content (CVE-2006-0040) bug #124826 + epatch "${FILESDIR}"/${P}-show-plain-if-rendered-message-exceed-limit.patch.gz + + # Fix format string error (CVE-2007-1002) bug #170879 + epatch "${FILESDIR}"/${P}-write_html.diff + + # Add bogofilter junk plugin source + use bogofilter && epatch "${FILESDIR}"/${PN}-2.8.2.1-bf-junk.patch.gz + + eaclocal || die + _elibtoolize --copy --force || die + eautoheader || die + eautomake || die + intltoolize --force || die + eautoconf || die +} + +src_compile() { + # Use NSS/NSPR only if 'ssl' is enabled. + if use ssl ; then + sed -i -e "s|mozilla-nss|nss| + s|mozilla-nspr|nspr|" ${S}/configure + G2CONF="${G2CONF} --enable-nss=yes" + else + G2CONF="${G2CONF} --without-nspr-libs --without-nspr-includes \ + --without-nss-libs --without-nss-includes" + fi + + # problems with -O3 on gcc-3.3.1 + replace-flags -O3 -O2 + + if [ "${ARCH}" = "hppa" ]; then + append-flags "-fPIC -ffunction-sections" + export LDFLAGS="-ffunction-sections -Wl,--stub-group-size=25000" + fi + + gnome2_src_compile +} + +pkg_postinst() { + gnome2_pkg_postinst + + alternatives_auto_makesym "/usr/bin/evolution" "/usr/bin/evolution-[0-9].[0-9]" + elog "To change the default browser if you are not using GNOME, do:" + elog "gconftool-2 --set /desktop/gnome/url-handlers/http/command -t string 'mozilla %s'" + elog "gconftool-2 --set /desktop/gnome/url-handlers/https/command -t string 'mozilla %s'" + elog "" + elog "Replace 'mozilla %s' with which ever browser you use." +} diff --git a/mail-client/evolution/files/digest-evolution-2.8.3-r2 b/mail-client/evolution/files/digest-evolution-2.8.3-r2 new file mode 100644 index 000000000000..4d2af2ebbaa9 --- /dev/null +++ b/mail-client/evolution/files/digest-evolution-2.8.3-r2 @@ -0,0 +1,6 @@ +MD5 31456188591167083628df719adc8f22 evolution-2.5.5.1-bf-junk.tar.bz2 10771 +RMD160 7ae764761607d50024fbec32680bc57e04ac7879 evolution-2.5.5.1-bf-junk.tar.bz2 10771 +SHA256 b8988b28836a201606d8fa651f48722ebac8c984dcc171f7f7a3b860d0f7a045 evolution-2.5.5.1-bf-junk.tar.bz2 10771 +MD5 099876b347b114ec08ce6998b4a48d8c evolution-2.8.3.tar.bz2 12931527 +RMD160 cbf86ecbee7619f54ea6e60780d5c182208c5bf3 evolution-2.8.3.tar.bz2 12931527 +SHA256 08819f459185de7f36ac43702bb5314d1b2a9fae33db9ac4c5d9dfb3aaabca90 evolution-2.8.3.tar.bz2 12931527 diff --git a/mail-client/evolution/files/evolution-2.8.3-show-plain-if-rendered-message-exceed-limit.patch.gz b/mail-client/evolution/files/evolution-2.8.3-show-plain-if-rendered-message-exceed-limit.patch.gz new file mode 100644 index 000000000000..e9e6023ca30d Binary files /dev/null and b/mail-client/evolution/files/evolution-2.8.3-show-plain-if-rendered-message-exceed-limit.patch.gz differ diff --git a/mail-client/evolution/files/evolution-2.8.3-write_html.diff b/mail-client/evolution/files/evolution-2.8.3-write_html.diff new file mode 100644 index 000000000000..9f6edad5ab73 --- /dev/null +++ b/mail-client/evolution/files/evolution-2.8.3-write_html.diff @@ -0,0 +1,11 @@ +--- ./calendar/gui/e-cal-component-memo-preview.c.orig 2007-04-01 22:14:15.000000000 +0400 ++++ ./calendar/gui/e-cal-component-memo-preview.c 2007-04-01 22:14:47.000000000 +0400 +@@ -185,7 +185,7 @@ + } + } + +- gtk_html_stream_printf(stream, string->str); ++ gtk_html_stream_printf(stream, "%s", string->str); + + g_string_free (string, TRUE); +