diff options
author | Peter Volkov <pva@gentoo.org> | 2007-05-01 16:44:48 +0000 |
---|---|---|
committer | Peter Volkov <pva@gentoo.org> | 2007-05-01 16:44:48 +0000 |
commit | 1de023fb618d9757d8c8789c9153900e140f570d (patch) | |
tree | 308cef911955472dcc2564e11baffa65b881e5ae /gnome-extra | |
parent | Initial import. (diff) | |
download | gentoo-2-1de023fb618d9757d8c8789c9153900e140f570d.tar.gz gentoo-2-1de023fb618d9757d8c8789c9153900e140f570d.tar.bz2 gentoo-2-1de023fb618d9757d8c8789c9153900e140f570d.zip |
Fixed APOP authentication vulnerability (CVE-2007-1558). Thank Sune Kloppenborg Jeppesen <jaervosz AT gentoo.org> for report. Removed vulnerable versions from 1.10 branch.
(Portage version: 2.1.2.2)
Diffstat (limited to 'gnome-extra')
-rw-r--r-- | gnome-extra/evolution-data-server/ChangeLog | 15 | ||||
-rw-r--r-- | gnome-extra/evolution-data-server/evolution-data-server-1.10.1-r1.ebuild (renamed from gnome-extra/evolution-data-server/evolution-data-server-1.10.1.ebuild) | 5 | ||||
-rw-r--r-- | gnome-extra/evolution-data-server/evolution-data-server-1.8.3-r3.ebuild (renamed from gnome-extra/evolution-data-server/evolution-data-server-1.10.0.ebuild) | 72 | ||||
-rw-r--r-- | gnome-extra/evolution-data-server/files/digest-evolution-data-server-1.10.0 | 3 | ||||
-rw-r--r-- | gnome-extra/evolution-data-server/files/digest-evolution-data-server-1.10.1-r1 (renamed from gnome-extra/evolution-data-server/files/digest-evolution-data-server-1.10.1) | 0 | ||||
-rw-r--r-- | gnome-extra/evolution-data-server/files/digest-evolution-data-server-1.8.3-r3 | 3 | ||||
-rw-r--r-- | gnome-extra/evolution-data-server/files/evolution-data-server-APOP-auth-fix.patch | 33 |
7 files changed, 104 insertions, 27 deletions
diff --git a/gnome-extra/evolution-data-server/ChangeLog b/gnome-extra/evolution-data-server/ChangeLog index 409646e38101..abb655663ace 100644 --- a/gnome-extra/evolution-data-server/ChangeLog +++ b/gnome-extra/evolution-data-server/ChangeLog @@ -1,6 +1,19 @@ # ChangeLog for gnome-extra/evolution-data-server # Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/gnome-extra/evolution-data-server/ChangeLog,v 1.114 2007/04/18 08:56:09 uberlord Exp $ +# $Header: /var/cvsroot/gentoo-x86/gnome-extra/evolution-data-server/ChangeLog,v 1.115 2007/05/01 16:44:48 pva Exp $ + +*evolution-data-server-1.10.1-r1 (01 May 2007) +*evolution-data-server-1.8.3-r3 (01 May 2007) + + 01 May 2007; <pva@gentoo.org> + +files/evolution-data-server-APOP-auth-fix.patch, + +evolution-data-server-1.8.3-r3.ebuild, + -evolution-data-server-1.10.0.ebuild, + -evolution-data-server-1.10.1.ebuild, + +evolution-data-server-1.10.1-r1.ebuild: + Fixed APOP authentication vulnerability (CVE-2007-1558). Thank Sune + Kloppenborg Jeppesen <jaervosz AT gentoo.org> for report. Removed vulnerable + versions from 1.10 branch. 18 Apr 2007; Roy Marples <uberlord@gentoo.org> evolution-data-server-1.8.3.ebuild, evolution-data-server-1.8.3-r1.ebuild, diff --git a/gnome-extra/evolution-data-server/evolution-data-server-1.10.1.ebuild b/gnome-extra/evolution-data-server/evolution-data-server-1.10.1-r1.ebuild index 3bb9585dc245..a28ca95cef39 100644 --- a/gnome-extra/evolution-data-server/evolution-data-server-1.10.1.ebuild +++ b/gnome-extra/evolution-data-server/evolution-data-server-1.10.1-r1.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2007 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/gnome-extra/evolution-data-server/evolution-data-server-1.10.1.ebuild,v 1.3 2007/04/19 12:07:58 uberlord Exp $ +# $Header: /var/cvsroot/gentoo-x86/gnome-extra/evolution-data-server/evolution-data-server-1.10.1-r1.ebuild,v 1.1 2007/05/01 16:44:48 pva Exp $ inherit db-use eutils flag-o-matic gnome2 autotools @@ -80,6 +80,9 @@ src_unpack() { # Rewind in camel-disco-diary to fix a crash epatch "${FILESDIR}"/${PN}-1.8.0-camel-rewind.patch + # Fix vulnerability in APOP authentification; bug #174210 + epatch "${FILESDIR}"/${PN}-APOP-auth-fix.patch + #-------------Upstream GNOME look here -----------------# # --as-needed fixes diff --git a/gnome-extra/evolution-data-server/evolution-data-server-1.10.0.ebuild b/gnome-extra/evolution-data-server/evolution-data-server-1.8.3-r3.ebuild index 6aa64fa3ba79..f015b08f7107 100644 --- a/gnome-extra/evolution-data-server/evolution-data-server-1.10.0.ebuild +++ b/gnome-extra/evolution-data-server/evolution-data-server-1.8.3-r3.ebuild @@ -1,18 +1,20 @@ # Copyright 1999-2007 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/gnome-extra/evolution-data-server/evolution-data-server-1.10.0.ebuild,v 1.1 2007/03/27 15:04:38 dang Exp $ +# $Header: /var/cvsroot/gentoo-x86/gnome-extra/evolution-data-server/evolution-data-server-1.8.3-r3.ebuild,v 1.1 2007/05/01 16:44:48 pva Exp $ -inherit eutils gnome2 autotools +WANT_AUTOMAKE="1.9" +WANT_AUTOCONF="latest" +inherit db-use eutils flag-o-matic gnome2 autotools DESCRIPTION="Evolution groupware backend" HOMEPAGE="http://www.gnome.org/projects/evolution/" LICENSE="LGPL-2 Sleepycat" SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86" -IUSE="doc ipv6 kerberos keyring krb4 ldap ssl" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd" +IUSE="doc ipv6 kerberos keyring krb4 ldap nntp ssl" -RDEPEND=">=dev-libs/glib-2.10 +RDEPEND=">=dev-libs/glib-2.4 >=gnome-base/libbonobo-2.4.2 >=gnome-base/orbit-2.9.8 >=gnome-base/libgnomeui-2 @@ -36,20 +38,22 @@ RDEPEND=">=dev-libs/glib-2.10 DEPEND="${RDEPEND} >=dev-util/pkgconfig-0.9 - >=dev-util/intltool-0.35.5 + >=dev-util/intltool-0.35 doc? ( >=dev-util/gtk-doc-1.4 )" +MAKEOPTS="${MAKEOPTS} -j1" DOCS="ChangeLog MAINTAINERS NEWS TODO" RESTRICT="confcache" pkg_setup() { - G2CONF="$(use_with ldap openldap) \ - $(use_with kerberos krb5 /usr) \ - $(use_enable ssl nss) \ - $(use_enable ssl smime) \ - $(use_enable ipv6) \ - $(use_enable keyring gnome-keyring) \ + G2CONF="$(use_with ldap openldap) \ + $(use_with kerberos krb5 /usr) \ + $(use_enable ssl nss) \ + $(use_enable ssl smime) \ + $(use_enable ipv6) \ + $(use_enable nntp) \ + $(use_enable keyring gnome-keyring) \ --with-libdb=/usr/$(get_libdir)" if use krb4 && ! built_with_use virtual/krb5 krb4; then @@ -68,8 +72,7 @@ pkg_setup() { src_unpack() { gnome2_src_unpack - # Fix what ? - epatch ${FILESDIR}/${PN}-1.2.0-gentoo_etc_services.patch + epatch "${FILESDIR}"/${PN}-1.2.0-gentoo_etc_services.patch # Fix broken libdb build epatch "${FILESDIR}"/${PN}-1.7.3-libdb.patch @@ -77,13 +80,24 @@ src_unpack() { # Resolve symbols at execution time for setgid binaries epatch "${FILESDIR}"/${PN}-no_lazy_bindings.patch + # exchange-storage --as-needed fixes + epatch "${FILESDIR}"/${PN}-1.7.3-exchange-storage.patch + epatch "${FILESDIR}"/${PN}-1.7.4-move-subdirs.patch + # Rewind in camel-disco-diary to fix a crash epatch "${FILESDIR}"/${PN}-1.8.0-camel-rewind.patch -#-------------Upstream GNOME look here -----------------# + # Fix non-english contact insertion. Upstream bug: + # http://bugzilla.gnome.org/show_bug.cgi?id=405531 + epatch "${FILESDIR}"/${P}-category.patch - # --as-needed fixes - epatch "${FILESDIR}"/${PN}-1.9.91-as-needed.patch + # Fix DST changes; bug #172835 + epatch "${FILESDIR}"/${P}-dst.patch.gz + + # Fix vulnerability in APOP authentification; bug #174210 + epatch "${FILESDIR}"/${PN}-APOP-auth-fix.patch + +#-------------Upstream GNOME look here -----------------# # fix for dep ordering so we can add libedataserverui to libexchange-storage # we need to do this or: undefined reference to `e_passwords_get_password' @@ -108,9 +122,12 @@ src_unpack() { # tack on the server.deps Makefile on our last edit sed -i -e 's:calendar/backends/groupwise:server.deps/calendar/Makefile\nserver.deps:' configure.in - # fix file includes + # fix file includes sed -i -e 's:<backends/groupwise/e-book-backend-groupwise.h>:"server.deps/addressbook/e-book-backend-groupwise.h":' addressbook/libedata-book/e-data-book-factory.c + # Fix db version for FreeBSD users where -ldb is always db-1 + sed -i -e "s:-ldb:-l$(db_libname):" configure.in + #---------------Upstream GNOME stop here--------------- eautoreconf } @@ -118,14 +135,25 @@ src_unpack() { src_compile() { # Use NSS/NSPR only if 'ssl' is enabled. if use ssl ; then - sed -i -e "s|mozilla-nss|nss| - s|mozilla-nspr|nspr|" ${S}/configure - G2CONF="${G2CONF} --enable-nss=yes" + NSS_LIB=/usr/$(get_libdir)/nss + NSS_INC=/usr/include/nss + NSPR_LIB=/usr/$(get_libdir)/nspr + NSPR_INC=/usr/include/nspr + + G2CONF="${G2CONF} \ + --with-nspr-includes=${NSPR_INC} \ + --with-nspr-libs=${NSPR_LIB} \ + --with-nss-includes=${NSS_INC} \ + --with-nss-libs=${NSS_LIB}" else G2CONF="${G2CONF} --without-nspr-libs --without-nspr-includes \ - --without-nss-libs --without-nss-includes" + --without-nss-libs --without-nss-includes" fi + # /usr/include/db.h is always db-1 on FreeBSD + # so include the right dir in CPPFLAGS + append-cppflags "-I$(db_includedir)" + cd "${S}" gnome2_src_compile } diff --git a/gnome-extra/evolution-data-server/files/digest-evolution-data-server-1.10.0 b/gnome-extra/evolution-data-server/files/digest-evolution-data-server-1.10.0 deleted file mode 100644 index 7253efcd7ba7..000000000000 --- a/gnome-extra/evolution-data-server/files/digest-evolution-data-server-1.10.0 +++ /dev/null @@ -1,3 +0,0 @@ -MD5 390ea134306b667a2d77b7e859c8cba0 evolution-data-server-1.10.0.tar.bz2 7095934 -RMD160 75ad8b846c35ff9a6cbf7f2e12d583fff899ae3d evolution-data-server-1.10.0.tar.bz2 7095934 -SHA256 0a2ee6540ffa767d3c841993300fb4320cffc3738230e2a2ad1c566de35b1214 evolution-data-server-1.10.0.tar.bz2 7095934 diff --git a/gnome-extra/evolution-data-server/files/digest-evolution-data-server-1.10.1 b/gnome-extra/evolution-data-server/files/digest-evolution-data-server-1.10.1-r1 index 031700144864..031700144864 100644 --- a/gnome-extra/evolution-data-server/files/digest-evolution-data-server-1.10.1 +++ b/gnome-extra/evolution-data-server/files/digest-evolution-data-server-1.10.1-r1 diff --git a/gnome-extra/evolution-data-server/files/digest-evolution-data-server-1.8.3-r3 b/gnome-extra/evolution-data-server/files/digest-evolution-data-server-1.8.3-r3 new file mode 100644 index 000000000000..0defb70b07af --- /dev/null +++ b/gnome-extra/evolution-data-server/files/digest-evolution-data-server-1.8.3-r3 @@ -0,0 +1,3 @@ +MD5 f6a824f2553fd97555b8785a452fb6ab evolution-data-server-1.8.3.tar.bz2 7024111 +RMD160 8051f35a0db514f919bf730cd35c37ea75029061 evolution-data-server-1.8.3.tar.bz2 7024111 +SHA256 cbc067d87722afef84e8c4914787d990015e0c69b3bf3576fc15c8193ffd2fcc evolution-data-server-1.8.3.tar.bz2 7024111 diff --git a/gnome-extra/evolution-data-server/files/evolution-data-server-APOP-auth-fix.patch b/gnome-extra/evolution-data-server/files/evolution-data-server-APOP-auth-fix.patch new file mode 100644 index 000000000000..e1a814e008d9 --- /dev/null +++ b/gnome-extra/evolution-data-server/files/evolution-data-server-APOP-auth-fix.patch @@ -0,0 +1,33 @@ +--- branches/gnome-2-18/camel/providers/pop3/camel-pop3-store.c 2007/03/16 05:39:41 7656 ++++ branches/gnome-2-18/camel/providers/pop3/camel-pop3-store.c 2007/04/30 11:04:28 7723 +@@ -34,6 +34,7 @@ + #include <string.h> + #include <unistd.h> + #include <errno.h> ++#include <ctype.h> + + #include "camel-operation.h" + +@@ -489,7 +490,21 @@ + } else if (strcmp(service->url->authmech, "+APOP") == 0 && store->engine->apop) { + char *secret, md5asc[33], *d; + unsigned char md5sum[16], *s; +- ++ ++ d = store->engine->apop; ++ ++ while (*d != '\0') { ++ if (!isascii((int)*d)) { ++ ++ camel_exception_setv (ex, CAMEL_EXCEPTION_SERVICE_URL_INVALID, ++ _("Unable to connect to POP server %s: "), ++ CAMEL_SERVICE (store)->url->host); ++ ++ return FALSE; ++ } ++ d++; ++ } ++ + secret = g_alloca(strlen(store->engine->apop)+strlen(service->url->passwd)+1); + sprintf(secret, "%s%s", store->engine->apop, service->url->passwd); + md5_get_digest(secret, strlen (secret), md5sum); |