summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMart Raudsepp <leio@gentoo.org>2008-03-05 09:04:30 +0000
committerMart Raudsepp <leio@gentoo.org>2008-03-05 09:04:30 +0000
commit05d6784ce3704e53d5a07864964c80f0382b0bcd (patch)
treeb09f24b1438630688c22be66b08fac6aa6a77126 /mail-client/evolution
parentversion bump (diff)
downloadgentoo-2-05d6784ce3704e53d5a07864964c80f0382b0bcd.tar.gz
gentoo-2-05d6784ce3704e53d5a07864964c80f0382b0bcd.tar.bz2
gentoo-2-05d6784ce3704e53d5a07864964c80f0382b0bcd.zip
Security fix for "Encrypted Message Version Format String Vulnerability". Stable on alpha, amd64, hppa, ia64, ppc64, sparc and x86
(Portage version: 2.1.4.4, RepoMan options: --force)
Diffstat (limited to 'mail-client/evolution')
-rw-r--r--mail-client/evolution/ChangeLog9
-rw-r--r--mail-client/evolution/evolution-2.12.3-r1.ebuild175
-rw-r--r--mail-client/evolution/files/evolution-CVE-2008-0072.patch61
3 files changed, 244 insertions, 1 deletions
diff --git a/mail-client/evolution/ChangeLog b/mail-client/evolution/ChangeLog
index f76e3033227f..26b3a6021173 100644
--- a/mail-client/evolution/ChangeLog
+++ b/mail-client/evolution/ChangeLog
@@ -1,6 +1,13 @@
# ChangeLog for mail-client/evolution
# Copyright 2002-2008 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/mail-client/evolution/ChangeLog,v 1.225 2008/02/04 04:09:08 jer Exp $
+# $Header: /var/cvsroot/gentoo-x86/mail-client/evolution/ChangeLog,v 1.226 2008/03/05 09:04:29 leio Exp $
+
+*evolution-2.12.3-r1 (05 Mar 2008)
+
+ 05 Mar 2008; Mart Raudsepp <leio@gentoo.org>
+ +files/evolution-CVE-2008-0072.patch, +evolution-2.12.3-r1.ebuild:
+ Security fix for "Encrypted Message Version Format String Vulnerability".
+ Stable on alpha, amd64, hppa, ia64, ppc64, sparc and x86
04 Feb 2008; Jeroen Roovers <jer@gentoo.org> evolution-2.12.2.ebuild:
Stable for HPPA (bug #208366).
diff --git a/mail-client/evolution/evolution-2.12.3-r1.ebuild b/mail-client/evolution/evolution-2.12.3-r1.ebuild
new file mode 100644
index 000000000000..4b428818adea
--- /dev/null
+++ b/mail-client/evolution/evolution-2.12.3-r1.ebuild
@@ -0,0 +1,175 @@
+# Copyright 1999-2008 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/mail-client/evolution/evolution-2.12.3-r1.ebuild,v 1.1 2008/03/05 09:04:29 leio Exp $
+EAPI="1"
+
+inherit gnome2 flag-o-matic
+
+DESCRIPTION="Integrated mail, addressbook and calendaring functionality"
+HOMEPAGE="http://www.gnome.org/projects/evolution/"
+SRC_URI="${SRC_URI}"
+
+LICENSE="GPL-2 FDL-1.1"
+SLOT="2.0"
+KEYWORDS="alpha amd64 hppa ia64 ~ppc ppc64 sparc x86 ~x86-fbsd"
+# gstreamer for audio-inline, when it uses 0.10
+IUSE="crypt dbus debug doc hal ipv6 kerberos krb4 ldap mono networkmanager nntp pda profile spell ssl"
+
+# Pango dependency required to avoid font rendering problems
+RDEPEND="
+ >=x11-libs/gtk+-2.10
+ >=gnome-extra/evolution-data-server-1.11.90
+ >=x11-themes/gnome-icon-theme-1.2
+ >=gnome-base/gnome-vfs-2.4
+ >=gnome-base/libbonoboui-2.4.2
+ >=gnome-base/libbonobo-2.16
+ >=gnome-extra/gtkhtml-3.16
+ >=gnome-base/gconf-2
+ >=gnome-base/libglade-2
+ >=gnome-base/libgnomecanvas-2
+ >=gnome-base/libgnomeui-2
+ >=dev-libs/libxml2-2
+ dbus? ( dev-libs/dbus-glib )
+ hal? ( >=sys-apps/hal-0.5.4 )
+ x11-libs/libnotify
+ pda? (
+ >=app-pda/gnome-pilot-2.0.15
+ >=app-pda/gnome-pilot-conduits-2 )
+ dev-libs/atk
+ ssl? (
+ >=dev-libs/nspr-4.6.1
+ >=dev-libs/nss-3.11 )
+ networkmanager? ( net-misc/networkmanager )
+ >=net-libs/libsoup-2.2.96:2.2
+ kerberos? ( virtual/krb5 )
+ krb4? ( virtual/krb5 )
+ >=dev-libs/glib-2.10
+ >=gnome-base/orbit-2.9.8
+ spell? ( >=app-text/gnome-spell-1.0.5 )
+ crypt? ( || ( >=app-crypt/gnupg-2.0.1-r2 =app-crypt/gnupg-1.4* ) )
+ ldap? ( >=net-nds/openldap-2 )
+ mono? ( >=dev-lang/mono-1 )"
+# gstreamer? (
+# >=media-libs/gstreamer-0.10
+# >=media-libs/gst-plugins-base-0.10 )
+
+DEPEND="${RDEPEND}
+ >=dev-util/pkgconfig-0.16
+ >=dev-util/intltool-0.35.5
+ sys-devel/gettext
+ sys-devel/bison
+ app-text/scrollkeeper
+ >=gnome-base/gnome-common-2.12.0
+ >=app-text/gnome-doc-utils-0.9.1
+ doc? ( >=dev-util/gtk-doc-0.6 )"
+
+DOCS="AUTHORS ChangeLog* HACKING MAINTAINERS NEWS* README"
+ELTCONF="--reverse-deps"
+
+pkg_setup() {
+ G2CONF="--without-kde-applnk-path \
+ --enable-plugins=experimental \
+ $(use_enable ssl nss) \
+ $(use_enable ssl smime) \
+ $(use_enable ipv6) \
+ $(use_enable mono) \
+ $(use_enable nntp) \
+ $(use_enable pda pilot-conduits) \
+ $(use_enable profile profiling) \
+ $(use_with ldap openldap) \
+ $(use_with kerberos krb5 /usr)"
+
+ # We need a graphical pinentry frontend to be able to ask for the GPG
+ # password from inside evolution, bug 160302
+ if use crypt && has_version '>=app-crypt/gnupg-2.0.1-r2'; then
+ if ! built_with_use -o app-crypt/pinentry gtk qt3; then
+ die "You must build app-crypt/pinentry with GTK or QT3 support"
+ fi
+ fi
+
+ if use krb4 && ! built_with_use virtual/krb5 krb4; then
+ ewarn
+ ewarn "In order to add kerberos 4 support, you have to emerge"
+ ewarn "virtual/krb5 with the 'krb4' USE flag enabled as well."
+ ewarn
+ ewarn "Skipping for now."
+ ewarn
+ G2CONF="${G2CONF} --without-krb4"
+ else
+ G2CONF="${G2CONF} $(use_with krb4 krb4 /usr)"
+ fi
+
+ # dang - I've changed this to do --enable-plugins=experimental. This will autodetect
+ # new-mail-notify and exchange, but that cannot be helped for the moment.
+ # They should be changed to depend on a --enable-<foo> like mono is. This
+ # cleans up a ton of crap from this ebuild.
+}
+
+src_unpack() {
+ gnome2_src_unpack
+
+ # Mail-remote doesn't build
+ epatch "${FILESDIR}"/${PN}-2.12.1-mail-remote-broken.patch
+
+ # Fix timezone offsets on fbsd. bug #183708
+ epatch "${FILESDIR}"/${PN}-2.10.2-fbsd.patch
+
+ # Fix CVE-2008-0072
+ epatch "${FILESDIR}"/${PN}-CVE-2008-0072.patch
+
+ # Fix tests (again)
+ echo "evolution-addressbook.xml" >> "${S}"/po/POTFILES.in
+ echo "evolution-calendar.xml" >> "${S}"/po/POTFILES.in
+ echo "evolution-composer-entries.xml" >> "${S}"/po/POTFILES.in
+ echo "evolution-editor.xml" >> "${S}"/po/POTFILES.in
+ echo "evolution-event-editor.xml" >> "${S}"/po/POTFILES.in
+ echo "evolution-mail-global.xml" >> "${S}"/po/POTFILES.in
+ echo "evolution-mail-list.xml" >> "${S}"/po/POTFILES.in
+ echo "evolution-mail-message.xml" >> "${S}"/po/POTFILES.in
+ echo "evolution-mail-messagedisplay.xml" >> "${S}"/po/POTFILES.in
+ echo "evolution-memo-editor.xml" >> "${S}"/po/POTFILES.in
+ echo "evolution-memos.xml" >> "${S}"/po/POTFILES.in
+ echo "evolution-message-composer.xml" >> "${S}"/po/POTFILES.in
+ echo "evolution-signature-editor.xml" >> "${S}"/po/POTFILES.in
+ echo "evolution-subscribe.xml" >> "${S}"/po/POTFILES.in
+ echo "evolution-task-editor.xml" >> "${S}"/po/POTFILES.in
+ echo "evolution-tasks.xml" >> "${S}"/po/POTFILES.in
+ echo "evolution.xml" >> "${S}"/po/POTFILES.in
+}
+
+src_compile() {
+ # Use NSS/NSPR only if 'ssl' is enabled.
+ if use ssl ; then
+ sed -i -e "s|mozilla-nss|nss|
+ s|mozilla-nspr|nspr|" "${S}"/configure
+ G2CONF="${G2CONF} --enable-nss=yes"
+ else
+ G2CONF="${G2CONF} --without-nspr-libs --without-nspr-includes \
+ --without-nss-libs --without-nss-includes"
+ fi
+
+ # problems with -O3 on gcc-3.3.1
+ replace-flags -O3 -O2
+
+ if [ "${ARCH}" = "hppa" ]; then
+ append-flags "-fPIC -ffunction-sections"
+ export LDFLAGS="-ffunction-sections -Wl,--stub-group-size=25000"
+ fi
+
+ gnome2_src_compile
+}
+
+pkg_postinst() {
+ gnome2_pkg_postinst
+
+ elog "To change the default browser if you are not using GNOME, do:"
+ elog "gconftool-2 --set /desktop/gnome/url-handlers/http/command -t string 'mozilla %s'"
+ elog "gconftool-2 --set /desktop/gnome/url-handlers/https/command -t string 'mozilla %s'"
+ elog ""
+ elog "Replace 'mozilla %s' with which ever browser you use."
+ elog ""
+ elog "Junk filters are now a run-time choice. You will get a choice of"
+ elog "bogofilter or spamassassin based on which you have installed"
+ elog ""
+ elog "You have to install one of these for the spam filtering to actually work"
+}
diff --git a/mail-client/evolution/files/evolution-CVE-2008-0072.patch b/mail-client/evolution/files/evolution-CVE-2008-0072.patch
new file mode 100644
index 000000000000..7c371189c486
--- /dev/null
+++ b/mail-client/evolution/files/evolution-CVE-2008-0072.patch
@@ -0,0 +1,61 @@
+A format string error in the "emf_multipart_encrypted()" function in
+mail/em-format.c when displaying the "Version:" field from an encrypted
+e-mail message can be exploited to execute arbitrary code via a
+specially crafted e-mail message.
+
+Successful exploitation requires that the user opens a malicious e-mail
+message.
+
+Ulf Harnhammar, Secunia Research.
+
+SA29057 and CVE-2008-0072
+
+Index: mail/em-format.c
+===================================================================
+--- mail/em-format.c (revision 35096)
++++ mail/em-format.c (working copy)
+@@ -1193,7 +1193,7 @@ emf_application_xpkcs7mime(EMFormat *emf
+ opart = camel_mime_part_new();
+ valid = camel_cipher_decrypt(context, part, opart, ex);
+ if (valid == NULL) {
+- em_format_format_error(emf, stream, ex->desc?ex->desc:_("Could not parse S/MIME message: Unknown error"));
++ em_format_format_error(emf, stream, "%s", ex->desc?ex->desc:_("Could not parse S/MIME message: Unknown error"));
+ em_format_part_as(emf, stream, part, NULL);
+ } else {
+ if (emfc == NULL)
+@@ -1350,7 +1350,7 @@ emf_multipart_encrypted(EMFormat *emf, C
+ if (valid == NULL) {
+ em_format_format_error(emf, stream, ex->desc?_("Could not parse PGP/MIME message"):_("Could not parse PGP/MIME message: Unknown error"));
+ if (ex->desc)
+- em_format_format_error(emf, stream, ex->desc);
++ em_format_format_error(emf, stream, "%s", ex->desc);
+ em_format_part_as(emf, stream, part, "multipart/mixed");
+ } else {
+ if (emfc == NULL)
+@@ -1515,7 +1515,7 @@ emf_multipart_signed(EMFormat *emf, Came
+ if (valid == NULL) {
+ em_format_format_error(emf, stream, ex->desc?_("Error verifying signature"):_("Unknown error verifying signature"));
+ if (ex->desc)
+- em_format_format_error(emf, stream, ex->desc);
++ em_format_format_error(emf, stream, "%s", ex->desc);
+ em_format_part_as(emf, stream, part, "multipart/mixed");
+ } else {
+ if (emfc == NULL)
+@@ -1586,7 +1586,7 @@ emf_inlinepgp_signed(EMFormat *emf, Came
+ if (!valid) {
+ em_format_format_error(emf, stream, ex->desc?_("Error verifying signature"):_("Unknown error verifying signature"));
+ if (ex->desc)
+- em_format_format_error(emf, stream, ex->desc);
++ em_format_format_error(emf, stream, "%s", ex->desc);
+ em_format_format_source(emf, stream, ipart);
+ /* I think this will loop: em_format_part_as(emf, stream, part, "text/plain"); */
+ camel_exception_free(ex);
+@@ -1658,7 +1658,7 @@ emf_inlinepgp_encrypted(EMFormat *emf, C
+ if (!valid) {
+ em_format_format_error(emf, stream, ex->desc?_("Could not parse PGP message"):_("Could not parse PGP message: Unknown error"));
+ if (ex->desc)
+- em_format_format_error(emf, stream, ex->desc);
++ em_format_format_error(emf, stream, "%s", ex->desc);
+ em_format_format_source(emf, stream, ipart);
+ /* I think this will loop: em_format_part_as(emf, stream, part, "text/plain"); */
+ camel_exception_free(ex);