summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPeter Volkov <pva@gentoo.org>2007-05-01 16:44:48 +0000
committerPeter Volkov <pva@gentoo.org>2007-05-01 16:44:48 +0000
commit1de023fb618d9757d8c8789c9153900e140f570d (patch)
tree308cef911955472dcc2564e11baffa65b881e5ae /gnome-extra
parentInitial import. (diff)
downloadgentoo-2-1de023fb618d9757d8c8789c9153900e140f570d.tar.gz
gentoo-2-1de023fb618d9757d8c8789c9153900e140f570d.tar.bz2
gentoo-2-1de023fb618d9757d8c8789c9153900e140f570d.zip
Fixed APOP authentication vulnerability (CVE-2007-1558). Thank Sune Kloppenborg Jeppesen <jaervosz AT gentoo.org> for report. Removed vulnerable versions from 1.10 branch.
(Portage version: 2.1.2.2)
Diffstat (limited to 'gnome-extra')
-rw-r--r--gnome-extra/evolution-data-server/ChangeLog15
-rw-r--r--gnome-extra/evolution-data-server/evolution-data-server-1.10.1-r1.ebuild (renamed from gnome-extra/evolution-data-server/evolution-data-server-1.10.1.ebuild)5
-rw-r--r--gnome-extra/evolution-data-server/evolution-data-server-1.8.3-r3.ebuild (renamed from gnome-extra/evolution-data-server/evolution-data-server-1.10.0.ebuild)72
-rw-r--r--gnome-extra/evolution-data-server/files/digest-evolution-data-server-1.10.03
-rw-r--r--gnome-extra/evolution-data-server/files/digest-evolution-data-server-1.10.1-r1 (renamed from gnome-extra/evolution-data-server/files/digest-evolution-data-server-1.10.1)0
-rw-r--r--gnome-extra/evolution-data-server/files/digest-evolution-data-server-1.8.3-r33
-rw-r--r--gnome-extra/evolution-data-server/files/evolution-data-server-APOP-auth-fix.patch33
7 files changed, 104 insertions, 27 deletions
diff --git a/gnome-extra/evolution-data-server/ChangeLog b/gnome-extra/evolution-data-server/ChangeLog
index 409646e38101..abb655663ace 100644
--- a/gnome-extra/evolution-data-server/ChangeLog
+++ b/gnome-extra/evolution-data-server/ChangeLog
@@ -1,6 +1,19 @@
# ChangeLog for gnome-extra/evolution-data-server
# Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/gnome-extra/evolution-data-server/ChangeLog,v 1.114 2007/04/18 08:56:09 uberlord Exp $
+# $Header: /var/cvsroot/gentoo-x86/gnome-extra/evolution-data-server/ChangeLog,v 1.115 2007/05/01 16:44:48 pva Exp $
+
+*evolution-data-server-1.10.1-r1 (01 May 2007)
+*evolution-data-server-1.8.3-r3 (01 May 2007)
+
+ 01 May 2007; <pva@gentoo.org>
+ +files/evolution-data-server-APOP-auth-fix.patch,
+ +evolution-data-server-1.8.3-r3.ebuild,
+ -evolution-data-server-1.10.0.ebuild,
+ -evolution-data-server-1.10.1.ebuild,
+ +evolution-data-server-1.10.1-r1.ebuild:
+ Fixed APOP authentication vulnerability (CVE-2007-1558). Thank Sune
+ Kloppenborg Jeppesen <jaervosz AT gentoo.org> for report. Removed vulnerable
+ versions from 1.10 branch.
18 Apr 2007; Roy Marples <uberlord@gentoo.org>
evolution-data-server-1.8.3.ebuild, evolution-data-server-1.8.3-r1.ebuild,
diff --git a/gnome-extra/evolution-data-server/evolution-data-server-1.10.1.ebuild b/gnome-extra/evolution-data-server/evolution-data-server-1.10.1-r1.ebuild
index 3bb9585dc245..a28ca95cef39 100644
--- a/gnome-extra/evolution-data-server/evolution-data-server-1.10.1.ebuild
+++ b/gnome-extra/evolution-data-server/evolution-data-server-1.10.1-r1.ebuild
@@ -1,6 +1,6 @@
# Copyright 1999-2007 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/gnome-extra/evolution-data-server/evolution-data-server-1.10.1.ebuild,v 1.3 2007/04/19 12:07:58 uberlord Exp $
+# $Header: /var/cvsroot/gentoo-x86/gnome-extra/evolution-data-server/evolution-data-server-1.10.1-r1.ebuild,v 1.1 2007/05/01 16:44:48 pva Exp $
inherit db-use eutils flag-o-matic gnome2 autotools
@@ -80,6 +80,9 @@ src_unpack() {
# Rewind in camel-disco-diary to fix a crash
epatch "${FILESDIR}"/${PN}-1.8.0-camel-rewind.patch
+ # Fix vulnerability in APOP authentification; bug #174210
+ epatch "${FILESDIR}"/${PN}-APOP-auth-fix.patch
+
#-------------Upstream GNOME look here -----------------#
# --as-needed fixes
diff --git a/gnome-extra/evolution-data-server/evolution-data-server-1.10.0.ebuild b/gnome-extra/evolution-data-server/evolution-data-server-1.8.3-r3.ebuild
index 6aa64fa3ba79..f015b08f7107 100644
--- a/gnome-extra/evolution-data-server/evolution-data-server-1.10.0.ebuild
+++ b/gnome-extra/evolution-data-server/evolution-data-server-1.8.3-r3.ebuild
@@ -1,18 +1,20 @@
# Copyright 1999-2007 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/gnome-extra/evolution-data-server/evolution-data-server-1.10.0.ebuild,v 1.1 2007/03/27 15:04:38 dang Exp $
+# $Header: /var/cvsroot/gentoo-x86/gnome-extra/evolution-data-server/evolution-data-server-1.8.3-r3.ebuild,v 1.1 2007/05/01 16:44:48 pva Exp $
-inherit eutils gnome2 autotools
+WANT_AUTOMAKE="1.9"
+WANT_AUTOCONF="latest"
+inherit db-use eutils flag-o-matic gnome2 autotools
DESCRIPTION="Evolution groupware backend"
HOMEPAGE="http://www.gnome.org/projects/evolution/"
LICENSE="LGPL-2 Sleepycat"
SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86"
-IUSE="doc ipv6 kerberos keyring krb4 ldap ssl"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd"
+IUSE="doc ipv6 kerberos keyring krb4 ldap nntp ssl"
-RDEPEND=">=dev-libs/glib-2.10
+RDEPEND=">=dev-libs/glib-2.4
>=gnome-base/libbonobo-2.4.2
>=gnome-base/orbit-2.9.8
>=gnome-base/libgnomeui-2
@@ -36,20 +38,22 @@ RDEPEND=">=dev-libs/glib-2.10
DEPEND="${RDEPEND}
>=dev-util/pkgconfig-0.9
- >=dev-util/intltool-0.35.5
+ >=dev-util/intltool-0.35
doc? ( >=dev-util/gtk-doc-1.4 )"
+MAKEOPTS="${MAKEOPTS} -j1"
DOCS="ChangeLog MAINTAINERS NEWS TODO"
RESTRICT="confcache"
pkg_setup() {
- G2CONF="$(use_with ldap openldap) \
- $(use_with kerberos krb5 /usr) \
- $(use_enable ssl nss) \
- $(use_enable ssl smime) \
- $(use_enable ipv6) \
- $(use_enable keyring gnome-keyring) \
+ G2CONF="$(use_with ldap openldap) \
+ $(use_with kerberos krb5 /usr) \
+ $(use_enable ssl nss) \
+ $(use_enable ssl smime) \
+ $(use_enable ipv6) \
+ $(use_enable nntp) \
+ $(use_enable keyring gnome-keyring) \
--with-libdb=/usr/$(get_libdir)"
if use krb4 && ! built_with_use virtual/krb5 krb4; then
@@ -68,8 +72,7 @@ pkg_setup() {
src_unpack() {
gnome2_src_unpack
- # Fix what ?
- epatch ${FILESDIR}/${PN}-1.2.0-gentoo_etc_services.patch
+ epatch "${FILESDIR}"/${PN}-1.2.0-gentoo_etc_services.patch
# Fix broken libdb build
epatch "${FILESDIR}"/${PN}-1.7.3-libdb.patch
@@ -77,13 +80,24 @@ src_unpack() {
# Resolve symbols at execution time for setgid binaries
epatch "${FILESDIR}"/${PN}-no_lazy_bindings.patch
+ # exchange-storage --as-needed fixes
+ epatch "${FILESDIR}"/${PN}-1.7.3-exchange-storage.patch
+ epatch "${FILESDIR}"/${PN}-1.7.4-move-subdirs.patch
+
# Rewind in camel-disco-diary to fix a crash
epatch "${FILESDIR}"/${PN}-1.8.0-camel-rewind.patch
-#-------------Upstream GNOME look here -----------------#
+ # Fix non-english contact insertion. Upstream bug:
+ # http://bugzilla.gnome.org/show_bug.cgi?id=405531
+ epatch "${FILESDIR}"/${P}-category.patch
- # --as-needed fixes
- epatch "${FILESDIR}"/${PN}-1.9.91-as-needed.patch
+ # Fix DST changes; bug #172835
+ epatch "${FILESDIR}"/${P}-dst.patch.gz
+
+ # Fix vulnerability in APOP authentification; bug #174210
+ epatch "${FILESDIR}"/${PN}-APOP-auth-fix.patch
+
+#-------------Upstream GNOME look here -----------------#
# fix for dep ordering so we can add libedataserverui to libexchange-storage
# we need to do this or: undefined reference to `e_passwords_get_password'
@@ -108,9 +122,12 @@ src_unpack() {
# tack on the server.deps Makefile on our last edit
sed -i -e 's:calendar/backends/groupwise:server.deps/calendar/Makefile\nserver.deps:' configure.in
- # fix file includes
+ # fix file includes
sed -i -e 's:<backends/groupwise/e-book-backend-groupwise.h>:"server.deps/addressbook/e-book-backend-groupwise.h":' addressbook/libedata-book/e-data-book-factory.c
+ # Fix db version for FreeBSD users where -ldb is always db-1
+ sed -i -e "s:-ldb:-l$(db_libname):" configure.in
+
#---------------Upstream GNOME stop here---------------
eautoreconf
}
@@ -118,14 +135,25 @@ src_unpack() {
src_compile() {
# Use NSS/NSPR only if 'ssl' is enabled.
if use ssl ; then
- sed -i -e "s|mozilla-nss|nss|
- s|mozilla-nspr|nspr|" ${S}/configure
- G2CONF="${G2CONF} --enable-nss=yes"
+ NSS_LIB=/usr/$(get_libdir)/nss
+ NSS_INC=/usr/include/nss
+ NSPR_LIB=/usr/$(get_libdir)/nspr
+ NSPR_INC=/usr/include/nspr
+
+ G2CONF="${G2CONF} \
+ --with-nspr-includes=${NSPR_INC} \
+ --with-nspr-libs=${NSPR_LIB} \
+ --with-nss-includes=${NSS_INC} \
+ --with-nss-libs=${NSS_LIB}"
else
G2CONF="${G2CONF} --without-nspr-libs --without-nspr-includes \
- --without-nss-libs --without-nss-includes"
+ --without-nss-libs --without-nss-includes"
fi
+ # /usr/include/db.h is always db-1 on FreeBSD
+ # so include the right dir in CPPFLAGS
+ append-cppflags "-I$(db_includedir)"
+
cd "${S}"
gnome2_src_compile
}
diff --git a/gnome-extra/evolution-data-server/files/digest-evolution-data-server-1.10.0 b/gnome-extra/evolution-data-server/files/digest-evolution-data-server-1.10.0
deleted file mode 100644
index 7253efcd7ba7..000000000000
--- a/gnome-extra/evolution-data-server/files/digest-evolution-data-server-1.10.0
+++ /dev/null
@@ -1,3 +0,0 @@
-MD5 390ea134306b667a2d77b7e859c8cba0 evolution-data-server-1.10.0.tar.bz2 7095934
-RMD160 75ad8b846c35ff9a6cbf7f2e12d583fff899ae3d evolution-data-server-1.10.0.tar.bz2 7095934
-SHA256 0a2ee6540ffa767d3c841993300fb4320cffc3738230e2a2ad1c566de35b1214 evolution-data-server-1.10.0.tar.bz2 7095934
diff --git a/gnome-extra/evolution-data-server/files/digest-evolution-data-server-1.10.1 b/gnome-extra/evolution-data-server/files/digest-evolution-data-server-1.10.1-r1
index 031700144864..031700144864 100644
--- a/gnome-extra/evolution-data-server/files/digest-evolution-data-server-1.10.1
+++ b/gnome-extra/evolution-data-server/files/digest-evolution-data-server-1.10.1-r1
diff --git a/gnome-extra/evolution-data-server/files/digest-evolution-data-server-1.8.3-r3 b/gnome-extra/evolution-data-server/files/digest-evolution-data-server-1.8.3-r3
new file mode 100644
index 000000000000..0defb70b07af
--- /dev/null
+++ b/gnome-extra/evolution-data-server/files/digest-evolution-data-server-1.8.3-r3
@@ -0,0 +1,3 @@
+MD5 f6a824f2553fd97555b8785a452fb6ab evolution-data-server-1.8.3.tar.bz2 7024111
+RMD160 8051f35a0db514f919bf730cd35c37ea75029061 evolution-data-server-1.8.3.tar.bz2 7024111
+SHA256 cbc067d87722afef84e8c4914787d990015e0c69b3bf3576fc15c8193ffd2fcc evolution-data-server-1.8.3.tar.bz2 7024111
diff --git a/gnome-extra/evolution-data-server/files/evolution-data-server-APOP-auth-fix.patch b/gnome-extra/evolution-data-server/files/evolution-data-server-APOP-auth-fix.patch
new file mode 100644
index 000000000000..e1a814e008d9
--- /dev/null
+++ b/gnome-extra/evolution-data-server/files/evolution-data-server-APOP-auth-fix.patch
@@ -0,0 +1,33 @@
+--- branches/gnome-2-18/camel/providers/pop3/camel-pop3-store.c 2007/03/16 05:39:41 7656
++++ branches/gnome-2-18/camel/providers/pop3/camel-pop3-store.c 2007/04/30 11:04:28 7723
+@@ -34,6 +34,7 @@
+ #include <string.h>
+ #include <unistd.h>
+ #include <errno.h>
++#include <ctype.h>
+
+ #include "camel-operation.h"
+
+@@ -489,7 +490,21 @@
+ } else if (strcmp(service->url->authmech, "+APOP") == 0 && store->engine->apop) {
+ char *secret, md5asc[33], *d;
+ unsigned char md5sum[16], *s;
+-
++
++ d = store->engine->apop;
++
++ while (*d != '\0') {
++ if (!isascii((int)*d)) {
++
++ camel_exception_setv (ex, CAMEL_EXCEPTION_SERVICE_URL_INVALID,
++ _("Unable to connect to POP server %s: "),
++ CAMEL_SERVICE (store)->url->host);
++
++ return FALSE;
++ }
++ d++;
++ }
++
+ secret = g_alloca(strlen(store->engine->apop)+strlen(service->url->passwd)+1);
+ sprintf(secret, "%s%s", store->engine->apop, service->url->passwd);
+ md5_get_digest(secret, strlen (secret), md5sum);