diff options
| author |   Mart Raudsepp <leio@gentoo.org> | 2008-06-04 13:24:36 +0000 |
|---|---|---|
| committer | Mart Raudsepp <leio@gentoo.org> | 2008-06-04 13:24:36 +0000 |
| commit | 9fabade9c8a9062f7931fe79a90105b0149a7219 (patch) | |
| tree | 6dbb714f0d9a86dc0e0ce4b53f4bfa4cd0e4ff2a /mail-client | |
| parent | Changed python_mod_cleanup to actually clean up the proper location (diff) | |
| download | historical-9fabade9c8a9062f7931fe79a90105b0149a7219.tar.gz historical-9fabade9c8a9062f7931fe79a90105b0149a7219.tar.bz2 historical-9fabade9c8a9062f7931fe79a90105b0149a7219.zip | |
Fix iCalendar buffer overflow vulnerabilities, bug #223963
Package-Manager: portage-2.1.5.3
RepoMan-Options: --force
Diffstat (limited to 'mail-client')
| -rw-r--r-- | mail-client/evolution/ChangeLog | 13 | ||||
| -rw-r--r-- | mail-client/evolution/Manifest | 18 | ||||
| -rw-r--r-- | mail-client/evolution/evolution-2.12.3-r2.ebuild | 182 | ||||
| -rw-r--r-- | mail-client/evolution/evolution-2.22.2-r1.ebuild | 153 | ||||
| -rw-r--r-- | mail-client/evolution/files/evolution-2.12.3-CVE-2008-1108.patch | 311 | ||||
| -rw-r--r-- | mail-client/evolution/files/evolution-2.12.3-CVE-2008-1109.patch | 62 | ||||
| -rw-r--r-- | mail-client/evolution/files/evolution-2.22.2-CVE-2008-1108.patch | 311 | ||||
| -rw-r--r-- | mail-client/evolution/files/evolution-2.22.2-CVE-2008-1109.patch | 62 |
8 files changed, 1100 insertions, 12 deletions
diff --git a/mail-client/evolution/ChangeLog b/mail-client/evolution/ChangeLog index bde1c9115989..7e6a628fe385 100644 --- a/mail-client/evolution/ChangeLog +++ b/mail-client/evolution/ChangeLog @@ -1,6 +1,17 @@ # ChangeLog for mail-client/evolution # Copyright 2002-2008 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/mail-client/evolution/ChangeLog,v 1.236 2008/06/02 20:33:48 eva Exp $ +# $Header: /var/cvsroot/gentoo-x86/mail-client/evolution/ChangeLog,v 1.237 2008/06/04 13:24:36 leio Exp $ + +*evolution-2.22.2-r1 (04 Jun 2008) +*evolution-2.12.3-r2 (04 Jun 2008) + + 04 Jun 2008; Mart Raudsepp <leio@gentoo.org> + +files/evolution-2.12.3-CVE-2008-1108.patch, + +files/evolution-2.12.3-CVE-2008-1109.patch, + +files/evolution-2.22.2-CVE-2008-1108.patch, + +files/evolution-2.22.2-CVE-2008-1109.patch, +evolution-2.12.3-r2.ebuild, + +evolution-2.22.2-r1.ebuild: + Fix iCalendar buffer overflow vulnerabilities, bug #223963 02 Jun 2008; Gilles Dartiguelongue <eva@gentoo.org> +files/evolution-2.22.0-mk-doc.patch, evolution-2.22.2.ebuild: diff --git a/mail-client/evolution/Manifest b/mail-client/evolution/Manifest index 59b983784183..7e8bba5cfd3c 100644 --- a/mail-client/evolution/Manifest +++ b/mail-client/evolution/Manifest @@ -1,27 +1,23 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA1 - AUX evolution-2.10.2-fbsd.patch 1094 RMD160 d1e2ff1fe20f39ea7b2f812ae655f6782485de93 SHA1 74963e72dc0926bb714990432590ff0a1b1bfdba SHA256 226e248ce85db7f6eec28b31e8b69b2adf82e93a11672ee82e0599623247f092 AUX evolution-2.12.1-mail-remote-broken.patch 563 RMD160 994638aa50c3b1170fb1a70de2999b490f472724 SHA1 58b37ac3463a96789173dbdd55bb72d4e78178a1 SHA256 3d3bc2ab0de5fe6ace2cddad6503287becbeea78e354fbf28337f0af383cb7b4 +AUX evolution-2.12.3-CVE-2008-1108.patch 11469 RMD160 6262f7c3b849a5f1696829a23f2d7ea5e8bfc917 SHA1 fb73dbf2e30efc8b2ece7ac9cab62385d1a1315f SHA256 a51877f82683337d0cccc5e0d94cde8cac17c643ec5be59415dec1cddd06d036 +AUX evolution-2.12.3-CVE-2008-1109.patch 1421 RMD160 225b0443a1363f71271af4705fea97a959451387 SHA1 d4100b8ea67e41960d8eea8e24c1b5fd9e14c4ec SHA256 2cb819c4366240cb3e2ed6a3bac550caf80ff04008e21b41012312c21ba4e05f AUX evolution-2.12.3-no-libsoup24.patch 3790 RMD160 8a2f44545f5b394c590bda637aa01975443a1e40 SHA1 adbaf7e6d1d9ead80ca19a28cf4c47f4019a224e SHA256 f08bfd5974bf577af059544ae15309cbe410509394f4eab3ee4ec0d90851d25c AUX evolution-2.21.3-fbsd.patch 1107 RMD160 7dbbf08ed68124a398b9db64bac6a4b0cecfa9ef SHA1 05f581d030bb81aad2e0f734f432dd23add4b3c2 SHA256 942b81689f9e4b5a1896ec7c810c323bfaeb74d40c6c6683d8dfd8b670236e77 AUX evolution-2.22.0-e_profile_event_emit.patch 456 RMD160 cceb720be546d6fe16ee71f888d58b2ea7014eac SHA1 d0941ff1a1bf5b425bb36a08b3ddcf03f90dd8cb SHA256 103b0277386398c41e9d6dde3ad1330fb74b429a377554744d2b6d763e9fa2f6 AUX evolution-2.22.0-mk-doc.patch 2421 RMD160 3dceeab9349e7ded977e521bc700190d125ed94a SHA1 3916a3751f3057badc2d2af50a9a8079167a9214 SHA256 711cd0c2cc72fa4a0e5306175b411e9862f110a4fe85703a535edcc80bf933a8 +AUX evolution-2.22.2-CVE-2008-1108.patch 11489 RMD160 93873e431e6d1bc12f2b59d6d3df22ac27870487 SHA1 92afb3317e6a9d7f740cceac53d4f5303fae8fea SHA256 fa2b87fb587c68d02544a82711b0ebafaf929f2a5bff3ed61686730bd9358af2 +AUX evolution-2.22.2-CVE-2008-1109.patch 1441 RMD160 01973241d615cb013dc03a053f0bb9b43a9b7707 SHA1 d9d8bd18f189aef40996a6247622a248ec3c0d52 SHA256 41b90cd2fdae7da61fa1fdfeb4c173272184ff1d89e6cb582863f6c52aefb3f0 AUX evolution-CVE-2008-0072.patch 2890 RMD160 8911d13efd9c86d1b95cd844ebeab695e2e80ab6 SHA1 f040da832c681efe7ac85c281ec54f3b991ff6bf SHA256 28a7cda8c1a3aab284d69a7142e74fc345f7130627e180b6de0ae8389e8adbc1 DIST evolution-2.12.3.tar.bz2 25938535 RMD160 afe803833e213387fde3c180afc91bfc1e792262 SHA1 14861dd497e935074424269f2d1e6c11be56abfe SHA256 1703f6888c1549a1b9b89112bed73504f4ae2db5b2fb8f926adb5cf3a490d6bf DIST evolution-2.22.0.tar.bz2 29556434 RMD160 59b1ff729846e61b81e6957635d115485c3817ce SHA1 887cb6d261633508ba2d31ff9f90d4163f69c533 SHA256 03a6842c195d950b1273f7d492b274b40e03311161d5f68ef87f9c45bf2d1e63 DIST evolution-2.22.1.1.tar.bz2 30907929 RMD160 6331696fcb67dcf0ba9ded5da4dda2fa038f3732 SHA1 ea058e3b0885246bdf6628c47d807b49f14b4abd SHA256 5c5d387a9bdd8f89f46a49bbf2b7bf63b2a117e15e2c7472fe4dc365cbb2c1f9 DIST evolution-2.22.2.tar.bz2 30989731 RMD160 47c1813d564e97a7eca679a9e6c607bd6ac951ee SHA1 ec52b816c95daaa694a0116d32d03832dc95d707 SHA256 5aca34588601ba46f8ec4d81760ca950466eb8a05fc5bf760596a8c7243b1247 EBUILD evolution-2.12.3-r1.ebuild 5969 RMD160 8cf10d034ef92e4b986e9b9a15ad766d33584ed0 SHA1 d3e88be18390a08ba1e894bdaa1a3617524557a5 SHA256 189b8bdbeb7b0403f2bb29122ae89ed90b66e434f64cf26427814295cf910c21 +EBUILD evolution-2.12.3-r2.ebuild 6110 RMD160 521fb22abbadca1cf34339827fc47381f96d6bfe SHA1 ba379b2844be7192495cfe04caf0f647ecf33851 SHA256 f6bcb227286252fc01be707d32e5cfb064ca2466f67695f696f143f18caf05fd EBUILD evolution-2.22.0.ebuild 4608 RMD160 a76079d938ee0587d5e020e9a5be904616808913 SHA1 b3d6e99624d27fc0eb0befa1114f40081996374c SHA256 ae9560b145c31a5c584ebfb8323e2ca8657bc1382f84e68a8f8f41d00d60f672 EBUILD evolution-2.22.1.1.ebuild 4512 RMD160 3a10e014946c3dc9688aa51e7e983ccfa11137d2 SHA1 694543a37711603d6cd3a653385103f6b2d6b59f SHA256 dd30e7165d0bc74e2030c571f013af9edadebb9fa671c30bbf8a675673fcc90c +EBUILD evolution-2.22.2-r1.ebuild 4719 RMD160 b1b66e529b766a9eccdafb1e87d62c1a1b65fbfc SHA1 8cb974c771126a16e226c72079a398ffa5bc4b2d SHA256 a1a6a6c05f4ede00084a378d39f779665174297a4cf44dd664fe8940fdf9fd04 EBUILD evolution-2.22.2.ebuild 4584 RMD160 ddc03bf632c93338871a114c4cbee4ae241ea6e6 SHA1 13db59bb92424d6fe13dda8b3f075ccd8f65bc03 SHA256 34115e767e83890ecc6bb36eb9ba0370bcc102df9839f463287e8fd2f35b795e -MISC ChangeLog 57853 RMD160 90fbfab3e1d8ad16a42bdae95a3347983aed8af3 SHA1 ece09f5b64f0056e5423622763cb15498189a70d SHA256 49613094e469ceb5af1084f26f9390bc9471df3dac6a50852c29cd6dedcc1ea6 +MISC ChangeLog 58282 RMD160 f0db23829392d31e6b5c009ecf1f9e779b287e92 SHA1 a41f470d5205bd80575af7f907f0607c261fb779 SHA256 72aae71dcf64ff6705db12fac9bdf46a7fca9617eca1fd93e6a6cc5f6891887d MISC metadata.xml 1403 RMD160 46bbe02ca00c865d3f90dd778d2b55cd7583cd42 SHA1 3d67fab1a280a4bf0fe6aad1a5784aeeebf8f1c3 SHA256 98257898dba7e207b5b929feccd3701a932adfe3fc48a9c2ed1abf9d0717dd5e ------BEGIN PGP SIGNATURE----- -Version: GnuPG v2.0.9 (GNU/Linux) - -iEYEARECAAYFAkhEWTIACgkQ1fmVwcYIWAYrugCgsoqMmJK1uqbjlIlelOzXx6f+ -gckAoLRTWk9RnWgGnLOcXK/EWYbnxEjB -=X6S5 ------END PGP SIGNATURE----- diff --git a/mail-client/evolution/evolution-2.12.3-r2.ebuild b/mail-client/evolution/evolution-2.12.3-r2.ebuild new file mode 100644 index 000000000000..0fb795132616 --- /dev/null +++ b/mail-client/evolution/evolution-2.12.3-r2.ebuild @@ -0,0 +1,182 @@ +# Copyright 1999-2008 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/mail-client/evolution/evolution-2.12.3-r2.ebuild,v 1.1 2008/06/04 13:24:36 leio Exp $ +EAPI="1" + +inherit gnome2 flag-o-matic + +DESCRIPTION="Integrated mail, addressbook and calendaring functionality" +HOMEPAGE="http://www.gnome.org/projects/evolution/" +SRC_URI="${SRC_URI}" + +LICENSE="GPL-2 FDL-1.1" +SLOT="2.0" +KEYWORDS="alpha amd64 hppa ia64 ppc ppc64 sparc x86 ~x86-fbsd" +# gstreamer for audio-inline, when it uses 0.10 +IUSE="crypt dbus debug doc hal ipv6 kerberos krb4 ldap mono networkmanager nntp pda profile spell ssl" + +# Pango dependency required to avoid font rendering problems +RDEPEND=" + >=x11-libs/gtk+-2.10 + >=gnome-extra/evolution-data-server-1.11.90 + >=x11-themes/gnome-icon-theme-1.2 + >=gnome-base/gnome-vfs-2.4 + >=gnome-base/libbonoboui-2.4.2 + >=gnome-base/libbonobo-2.16 + >=gnome-extra/gtkhtml-3.16 + >=gnome-base/gconf-2 + >=gnome-base/libglade-2 + >=gnome-base/libgnomecanvas-2 + >=gnome-base/libgnomeui-2 + >=dev-libs/libxml2-2 + dbus? ( dev-libs/dbus-glib ) + hal? ( >=sys-apps/hal-0.5.4 ) + x11-libs/libnotify + pda? ( + >=app-pda/gnome-pilot-2.0.15 + >=app-pda/gnome-pilot-conduits-2 ) + dev-libs/atk + ssl? ( + >=dev-libs/nspr-4.6.1 + >=dev-libs/nss-3.11 ) + networkmanager? ( net-misc/networkmanager ) + >=net-libs/libsoup-2.2.96:2.2 + kerberos? ( virtual/krb5 ) + krb4? ( virtual/krb5 ) + >=dev-libs/glib-2.10 + >=gnome-base/orbit-2.9.8 + spell? ( >=app-text/gnome-spell-1.0.5 ) + crypt? ( || ( >=app-crypt/gnupg-2.0.1-r2 =app-crypt/gnupg-1.4* ) ) + ldap? ( >=net-nds/openldap-2 ) + mono? ( >=dev-lang/mono-1 )" +# gstreamer? ( +# >=media-libs/gstreamer-0.10 +# >=media-libs/gst-plugins-base-0.10 ) + +DEPEND="${RDEPEND} + >=dev-util/pkgconfig-0.16 + >=dev-util/intltool-0.35.5 + sys-devel/gettext + sys-devel/bison + app-text/scrollkeeper + >=gnome-base/gnome-common-2.12.0 + >=app-text/gnome-doc-utils-0.9.1 + doc? ( >=dev-util/gtk-doc-0.6 )" + +DOCS="AUTHORS ChangeLog* HACKING MAINTAINERS NEWS* README" +ELTCONF="--reverse-deps" + +pkg_setup() { + G2CONF="--without-kde-applnk-path \ + --enable-plugins=experimental \ + $(use_enable ssl nss) \ + $(use_enable ssl smime) \ + $(use_enable ipv6) \ + $(use_enable mono) \ + $(use_enable nntp) \ + $(use_enable pda pilot-conduits) \ + $(use_enable profile profiling) \ + $(use_with ldap openldap) \ + $(use_with kerberos krb5 /usr)" + + # We need a graphical pinentry frontend to be able to ask for the GPG + # password from inside evolution, bug 160302 + if use crypt && has_version '>=app-crypt/gnupg-2.0.1-r2'; then + if ! built_with_use -o app-crypt/pinentry gtk qt3; then + die "You must build app-crypt/pinentry with GTK or QT3 support" + fi + fi + + if use krb4 && ! built_with_use virtual/krb5 krb4; then + ewarn + ewarn "In order to add kerberos 4 support, you have to emerge" + ewarn "virtual/krb5 with the 'krb4' USE flag enabled as well." + ewarn + ewarn "Skipping for now." + ewarn + G2CONF="${G2CONF} --without-krb4" + else + G2CONF="${G2CONF} $(use_with krb4 krb4 /usr)" + fi + + # dang - I've changed this to do --enable-plugins=experimental. This will autodetect + # new-mail-notify and exchange, but that cannot be helped for the moment. + # They should be changed to depend on a --enable-<foo> like mono is. This + # cleans up a ton of crap from this ebuild. +} + +src_unpack() { + gnome2_src_unpack + + # Mail-remote doesn't build + epatch "${FILESDIR}"/${PN}-2.12.1-mail-remote-broken.patch + + # Fix timezone offsets on fbsd. bug #183708 + epatch "${FILESDIR}"/${PN}-2.10.2-fbsd.patch + + # Fix CVE-2008-0072 + epatch "${FILESDIR}"/${PN}-CVE-2008-0072.patch + + # Fix iCalendar security issues, bug #223963 + epatch "${FILESDIR}/${P}-CVE-2008-1108.patch" + epatch "${FILESDIR}/${P}-CVE-2008-1109.patch" + + # Fix build with libsoup-2.4 present on system + epatch "${FILESDIR}"/${P}-no-libsoup24.patch + + # Fix tests (again) + echo "evolution-addressbook.xml" >> "${S}"/po/POTFILES.in + echo "evolution-calendar.xml" >> "${S}"/po/POTFILES.in + echo "evolution-composer-entries.xml" >> "${S}"/po/POTFILES.in + echo "evolution-editor.xml" >> "${S}"/po/POTFILES.in + echo "evolution-event-editor.xml" >> "${S}"/po/POTFILES.in + echo "evolution-mail-global.xml" >> "${S}"/po/POTFILES.in + echo "evolution-mail-list.xml" >> "${S}"/po/POTFILES.in + echo "evolution-mail-message.xml" >> "${S}"/po/POTFILES.in + echo "evolution-mail-messagedisplay.xml" >> "${S}"/po/POTFILES.in + echo "evolution-memo-editor.xml" >> "${S}"/po/POTFILES.in + echo "evolution-memos.xml" >> "${S}"/po/POTFILES.in + echo "evolution-message-composer.xml" >> "${S}"/po/POTFILES.in + echo "evolution-signature-editor.xml" >> "${S}"/po/POTFILES.in + echo "evolution-subscribe.xml" >> "${S}"/po/POTFILES.in + echo "evolution-task-editor.xml" >> "${S}"/po/POTFILES.in + echo "evolution-tasks.xml" >> "${S}"/po/POTFILES.in + echo "evolution.xml" >> "${S}"/po/POTFILES.in +} + +src_compile() { + # Use NSS/NSPR only if 'ssl' is enabled. + if use ssl ; then + sed -i -e "s|mozilla-nss|nss| + s|mozilla-nspr|nspr|" "${S}"/configure + G2CONF="${G2CONF} --enable-nss=yes" + else + G2CONF="${G2CONF} --without-nspr-libs --without-nspr-includes \ + --without-nss-libs --without-nss-includes" + fi + + # problems with -O3 on gcc-3.3.1 + replace-flags -O3 -O2 + + if [ "${ARCH}" = "hppa" ]; then + append-flags "-fPIC -ffunction-sections" + export LDFLAGS="-ffunction-sections -Wl,--stub-group-size=25000" + fi + + gnome2_src_compile +} + +pkg_postinst() { + gnome2_pkg_postinst + + elog "To change the default browser if you are not using GNOME, do:" + elog "gconftool-2 --set /desktop/gnome/url-handlers/http/command -t string 'mozilla %s'" + elog "gconftool-2 --set /desktop/gnome/url-handlers/https/command -t string 'mozilla %s'" + elog "" + elog "Replace 'mozilla %s' with which ever browser you use." + elog "" + elog "Junk filters are now a run-time choice. You will get a choice of" + elog "bogofilter or spamassassin based on which you have installed" + elog "" + elog "You have to install one of these for the spam filtering to actually work" +} diff --git a/mail-client/evolution/evolution-2.22.2-r1.ebuild b/mail-client/evolution/evolution-2.22.2-r1.ebuild new file mode 100644 index 000000000000..19e96a9e82a2 --- /dev/null +++ b/mail-client/evolution/evolution-2.22.2-r1.ebuild @@ -0,0 +1,153 @@ +# Copyright 1999-2008 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/mail-client/evolution/evolution-2.22.2-r1.ebuild,v 1.1 2008/06/04 13:24:36 leio Exp $ + +inherit gnome2 flag-o-matic + +DESCRIPTION="Integrated mail, addressbook and calendaring functionality" +HOMEPAGE="http://www.gnome.org/projects/evolution/" +SRC_URI="${SRC_URI}" + +LICENSE="GPL-2 FDL-1.1" +SLOT="2.0" +KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd" +IUSE="crypt dbus debug hal ipv6 kerberos krb4 ldap mono networkmanager nntp pda profile spell ssl" + +# Pango dependency required to avoid font rendering problems +RDEPEND=">=dev-libs/glib-2.15.3 + >=x11-libs/gtk+-2.12 + >=gnome-extra/evolution-data-server-2.21.92 + >=x11-themes/gnome-icon-theme-2.20 + >=gnome-base/gnome-vfs-2.4 + >=gnome-base/libbonobo-2.20.3 + >=gnome-base/libbonoboui-2.4.2 + >=gnome-extra/gtkhtml-3.17.5 + >=gnome-base/gconf-2 + >=gnome-base/libglade-2 + >=gnome-base/libgnomecanvas-2 + >=gnome-base/libgnomeui-2 + >=dev-libs/libxml2-2 + dbus? ( dev-libs/dbus-glib ) + hal? ( >=sys-apps/hal-0.5.4 ) + x11-libs/libnotify + pda? ( + >=app-pda/gnome-pilot-2.0.15 + >=app-pda/gnome-pilot-conduits-2 ) + dev-libs/atk + ssl? ( + >=dev-libs/nspr-4.6.1 + >=dev-libs/nss-3.11 ) + networkmanager? ( net-misc/networkmanager ) + >=net-libs/libsoup-2.4 + kerberos? ( virtual/krb5 ) + krb4? ( virtual/krb5 ) + >=gnome-base/orbit-2.9.8 + spell? ( >=app-text/gnome-spell-1.0.5 ) + crypt? ( || ( >=app-crypt/gnupg-2.0.1-r2 =app-crypt/gnupg-1.4* ) ) + ldap? ( >=net-nds/openldap-2 ) + mono? ( >=dev-lang/mono-1 )" +# gstreamer? ( +# >=media-libs/gstreamer-0.10 +# >=media-libs/gst-plugins-base-0.10 ) + +DEPEND="${RDEPEND} + >=dev-util/pkgconfig-0.16 + >=dev-util/intltool-0.35.5 + sys-devel/gettext + sys-devel/bison + app-text/scrollkeeper + >=gnome-base/gnome-common-2.12.0 + >=app-text/gnome-doc-utils-0.9.1" + +DOCS="AUTHORS ChangeLog* HACKING MAINTAINERS NEWS* README" +ELTCONF="--reverse-deps" + +pkg_setup() { + G2CONF="--without-kde-applnk-path + --enable-plugins=experimental + $(use_enable ssl nss) + $(use_enable ssl smime) + $(use_enable ipv6) + $(use_enable mono) + $(use_enable nntp) + $(use_enable pda pilot-conduits) + $(use_enable profile profiling) + $(use_with ldap openldap) + $(use_with kerberos krb5 /usr)" + + # We need a graphical pinentry frontend to be able to ask for the GPG + # password from inside evolution, bug 160302 + if use crypt && has_version '>=app-crypt/gnupg-2.0.1-r2'; then + if ! built_with_use -o app-crypt/pinentry gtk qt3; then + die "You must build app-crypt/pinentry with GTK or QT3 support" + fi + fi + + if use krb4 && ! built_with_use virtual/krb5 krb4; then + ewarn + ewarn "In order to add kerberos 4 support, you have to emerge" + ewarn "virtual/krb5 with the 'krb4' USE flag enabled as well." + ewarn + ewarn "Skipping for now." + ewarn + G2CONF="${G2CONF} --without-krb4" + else + G2CONF="${G2CONF} $(use_with krb4 krb4 /usr)" + fi + + # dang - I've changed this to do --enable-plugins=experimental. This will + # autodetect new-mail-notify and exchange, but that cannot be helped for the + # moment. They should be changed to depend on a --enable-<foo> like mono + # is. This cleans up a ton of crap from this ebuild. +} + +src_unpack() { + gnome2_src_unpack + + # Fix timezone offsets on fbsd. bug #183708 + epatch "${FILESDIR}"/${PN}-2.21.3-fbsd.patch + + # Fix tests, bug #216478 + epatch "${FILESDIR}/${PN}-2.22.0-mk-doc.patch" + + # Fix security issues, bug #223963 + epatch "${FILESDIR}/${P}-CVE-2008-1108.patch" + epatch "${FILESDIR}/${P}-CVE-2008-1109.patch" +} + +src_compile() { + # Use NSS/NSPR only if 'ssl' is enabled. + if use ssl ; then + sed -i -e "s|mozilla-nss|nss| + s|mozilla-nspr|nspr|" "${S}"/configure + G2CONF="${G2CONF} --enable-nss=yes" + else + G2CONF="${G2CONF} --without-nspr-libs --without-nspr-includes \ + --without-nss-libs --without-nss-includes" + fi + + # problems with -O3 on gcc-3.3.1 + replace-flags -O3 -O2 + + if [ "${ARCH}" = "hppa" ]; then + append-flags "-fPIC -ffunction-sections" + export LDFLAGS="-ffunction-sections -Wl,--stub-group-size=25000" + fi + + gnome2_src_compile +} + +pkg_postinst() { + gnome2_pkg_postinst + + elog "To change the default browser if you are not using GNOME, do:" + elog "gconftool-2 --set /desktop/gnome/url-handlers/http/command -t string 'mozilla %s'" + elog "gconftool-2 --set /desktop/gnome/url-handlers/https/command -t string 'mozilla %s'" + elog "" + elog "Replace 'mozilla %s' with which ever browser you use." + elog "" + elog "Junk filters are now a run-time choice. You will get a choice of" + elog "bogofilter or spamassassin based on which you have installed" + elog "" + elog "You have to install one of these for the spam filtering to actually work" +} diff --git a/mail-client/evolution/files/evolution-2.12.3-CVE-2008-1108.patch b/mail-client/evolution/files/evolution-2.12.3-CVE-2008-1108.patch new file mode 100644 index 000000000000..d529e6c9d723 --- /dev/null +++ b/mail-client/evolution/files/evolution-2.12.3-CVE-2008-1108.patch @@ -0,0 +1,311 @@ +Index: calendar/gui/e-itip-control.c +=================================================================== +--- calendar/gui/e-itip-control.c.orig ++++ calendar/gui/e-itip-control.c +@@ -650,7 +650,7 @@ find_attendee (icalcomponent *ical_comp, + + static void + write_label_piece (EItipControl *itip, ECalComponentDateTime *dt, +- char *buffer, int size, ++ GString *buffer, + const char *stext, const char *etext, + gboolean just_date) + { +@@ -675,13 +675,13 @@ write_label_piece (EItipControl *itip, E + tmp_tm.tm_hour = tmp_tm.tm_min = tmp_tm.tm_sec = 0; + + if (stext != NULL) +- strcat (buffer, stext); ++ g_string_append (buffer, stext); + + e_time_format_date_and_time (&tmp_tm, + calendar_config_get_24_hour_format (), + FALSE, FALSE, + time_buf, sizeof (time_buf)); +- strcat (buffer, time_buf); ++ g_string_append (buffer, time_buf); + + if (!dt->value->is_utc && dt->tzid) { + zone = icalcomponent_get_timezone (priv->top_level, dt->tzid); +@@ -693,21 +693,21 @@ write_label_piece (EItipControl *itip, E + UTF-8. But it probably is not translated. */ + display_name = icaltimezone_get_display_name (zone); + if (display_name && *display_name) { +- strcat (buffer, " <font size=-1>["); ++ g_string_append_len (buffer, " <font size=-1>[", 16); + + /* We check if it is one of our builtin timezone names, + in which case we call gettext to translate it. */ + if (icaltimezone_get_builtin_timezone (display_name)) { +- strcat (buffer, _(display_name)); ++ g_string_append_printf (buffer, "%s", _(display_name)); + } else { +- strcat (buffer, display_name); ++ g_string_append_printf (buffer, "%s", display_name); + } +- strcat (buffer, "]</font>"); ++ g_string_append_len (buffer, "]</font>", 8); + } + } + + if (etext != NULL) +- strcat (buffer, etext); ++ g_string_append (buffer, etext); + } + + static const char * +@@ -744,19 +744,17 @@ get_dayname (struct icalrecurrencetype * + + static void + write_recurrence_piece (EItipControl *itip, ECalComponent *comp, +- char *buffer, int size) ++ GString *buffer) + { + GSList *rrules; + struct icalrecurrencetype *r; +- int len, i; ++ int i; + +- strcpy (buffer, "<b>Recurring:</b> "); +- len = strlen (buffer); +- buffer += len; +- size -= len; ++ g_string_append_len (buffer, "<b>Recurring:</b> ", 18); + + if (!e_cal_component_has_simple_recurrence (comp)) { +- strcpy (buffer, _("Yes. (Complex Recurrence)")); ++ g_string_append_printf ( ++ buffer, "%s", _("Yes. (Complex Recurrence)")); + return; + } + +@@ -772,7 +770,10 @@ write_recurrence_piece (EItipControl *it + Every %d day/days" */ + /* For Translators : 'Every day' is event Recurring every day */ + /* For Translators : 'Every %d days' is event Recurring every %d days. %d is a digit */ +- sprintf (buffer, ngettext("Every day", "Every %d days", r->interval), r->interval); ++ g_string_append_printf ( ++ buffer, ngettext ("Every day", ++ "Every %d days", r->interval), ++ r->interval); + break; + + case ICAL_WEEKLY_RECURRENCE: +@@ -782,29 +783,36 @@ write_recurrence_piece (EItipControl *it + Every %d week/weeks" */ + /* For Translators : 'Every week' is event Recurring every week */ + /* For Translators : 'Every %d weeks' is event Recurring every %d weeks. %d is a digit */ +- sprintf (buffer, ngettext("Every week", "Every %d weeks", r->interval), r->interval); ++ g_string_append_printf ( ++ buffer, ngettext ("Every week", ++ "Every %d weeks", r->interval), ++ r->interval); + } else { + /* For Translators : 'Every week on' is event Recurring every week on (dayname) and (dayname) and (dayname) */ + /* For Translators : 'Every %d weeks on' is event Recurring: every %d weeks on (dayname) and (dayname). %d is a digit */ +- sprintf (buffer, ngettext("Every week on ", "Every %d weeks on ", r->interval), r->interval); ++ g_string_append_printf ( ++ buffer, ngettext ("Every week on ", ++ "Every %d weeks on ", r->interval), ++ r->interval); + + for (i = 1; i < 8 && r->by_day[i] != ICAL_RECURRENCE_ARRAY_MAX; i++) { + if (i > 1) +- strcat (buffer, ", "); +- strcat (buffer, get_dayname (r, i - 1)); ++ g_string_append_len (buffer, ", ", 2); ++ g_string_append (buffer, get_dayname (r, i - 1)); + } + if (i > 1) + /* For Translators : 'and' is part of the sentence 'event recurring every week on (dayname) and (dayname)' */ +- strcat (buffer, _(" and ")); +- strcat (buffer, get_dayname (r, i - 1)); ++ g_string_append_printf (buffer, "%s", _(" and ")); ++ g_string_append (buffer, get_dayname (r, i - 1)); + } + break; + + case ICAL_MONTHLY_RECURRENCE: + if (r->by_month_day[0] != ICAL_RECURRENCE_ARRAY_MAX) { + /* For Translators : 'The %s day of' is part of the sentence 'event recurring on the (nth) day of every month.' */ +- sprintf (buffer, _("The %s day of "), +- nth (r->by_month_day[0])); ++ g_string_append_printf ( ++ buffer, _("The %s day of "), ++ nth (r->by_month_day[0])); + } else { + int pos; + +@@ -818,20 +826,21 @@ write_recurrence_piece (EItipControl *it + + /* For Translators : 'The %s %s of' is part of the sentence 'event recurring on the (nth) (dayname) of every month.' + eg,third monday of every month */ +- sprintf (buffer, _("The %s %s of "), +- nth (pos), get_dayname (r, 0)); ++ g_string_append_printf ( ++ buffer, _("The %s %s of "), ++ nth (pos), get_dayname (r, 0)); + } + +- len = strlen (buffer); +- buffer += len; +- size -= len; + /* For Translators: In this can also be translated as "With the period of %d + month/months", where %d is a number. The entire sentence is of the form "Recurring: + Every %d month/months" */ + /* For Translators : 'every month' is part of the sentence 'event recurring on the (nth) day of every month.' */ + /* For Translators : 'every %d months' is part of the sentence 'event recurring on the (nth) day of every %d months.' + %d is a digit */ +- sprintf (buffer, ngettext("every month","every %d months", r->interval), r->interval); ++ g_string_append_printf ( ++ buffer, ngettext ("every month", ++ "every %d months", r->interval), ++ r->interval); + break; + + case ICAL_YEARLY_RECURRENCE: +@@ -840,20 +849,22 @@ write_recurrence_piece (EItipControl *it + Every %d year/years" */ + /* For Translators : 'Every year' is event Recurring every year */ + /* For Translators : 'Every %d years' is event Recurring every %d years. %d is a digit */ +- sprintf (buffer, ngettext("Every year", "Every %d years", r->interval), r->interval); ++ g_string_append_printf ( ++ buffer, ngettext ("Every year", ++ "Every %d years", r->interval), ++ r->interval); + break; + + default: + g_return_if_reached (); + } + +- len = strlen (buffer); +- buffer += len; +- size -= len; + if (r->count) { + /* For Translators:'a total of %d time' is part of the sentence of the form 'event recurring every day,a total of % time.' %d is a digit*/ + /* For Translators:'a total of %d times' is part of the sentence of the form 'event recurring every day,a total of % times.' %d is a digit*/ +- sprintf (buffer, ngettext("a total of %d time", " a total of %d times", r->count), r->count); ++ g_string_append_printf ( ++ buffer, ngettext ("a total of %d time", ++ " a total of %d times", r->count), r->count); + } else if (!icaltime_is_null_time (r->until)) { + ECalComponentDateTime dt; + +@@ -861,12 +872,12 @@ write_recurrence_piece (EItipControl *it + dt.value = &r->until; + dt.tzid = icaltimezone_get_tzid ((icaltimezone *)r->until.zone); + +- write_label_piece (itip, &dt, buffer, size, ++ write_label_piece (itip, &dt, buffer, + /* For Translators : ', ending on' is part of the sentence of the form 'event recurring every day, ending on (date).'*/ + _(", ending on "), NULL, TRUE); + } + +- strcat (buffer, "<br>"); ++ g_string_append_len (buffer, "<br>", 4); + } + + static void +@@ -874,47 +885,51 @@ set_date_label (EItipControl *itip, GtkH + ECalComponent *comp) + { + ECalComponentDateTime datetime; +- static char buffer[1024]; ++ GString *buffer; + gchar *str; + gboolean wrote = FALSE, task_completed = FALSE; + ECalComponentVType type; + ++ buffer = g_string_sized_new (1024); + type = e_cal_component_get_vtype (comp); + +- buffer[0] = '\0'; + e_cal_component_get_dtstart (comp, &datetime); + if (datetime.value) { + /* For Translators : 'starts' is starts:date implying a task starts on what date */ + str = g_strdup_printf ("<b>%s:</b>", _("Starts")); +- write_label_piece (itip, &datetime, buffer, 1024, +- str, +- "<br>", FALSE); +- gtk_html_write (html, html_stream, buffer, strlen(buffer)); ++ write_label_piece (itip, &datetime, buffer, str, "<br>", FALSE); ++ gtk_html_write (html, html_stream, buffer->str, buffer->len); + wrote = TRUE; + g_free (str); + } + e_cal_component_free_datetime (&datetime); + +- buffer[0] = '\0'; ++ /* Reset the buffer. */ ++ g_string_truncate (buffer, 0); ++ + e_cal_component_get_dtend (comp, &datetime); + if (datetime.value){ + /* For Translators : 'ends' is ends:date implying a task ends on what date */ + str = g_strdup_printf ("<b>%s:</b>", _("Ends")); +- write_label_piece (itip, &datetime, buffer, 1024, str, "<br>", FALSE); +- gtk_html_write (html, html_stream, buffer, strlen (buffer)); ++ write_label_piece (itip, &datetime, buffer, str, "<br>", FALSE); ++ gtk_html_write (html, html_stream, buffer->str, buffer->len); + wrote = TRUE; + g_free (str); + } + e_cal_component_free_datetime (&datetime); + +- buffer[0] = '\0'; ++ /* Reset the buffer. */ ++ g_string_truncate (buffer, 0); ++ + if (e_cal_component_has_recurrences (comp)) { +- write_recurrence_piece (itip, comp, buffer, 1024); +- gtk_html_write (html, html_stream, buffer, strlen (buffer)); ++ write_recurrence_piece (itip, comp, buffer); ++ gtk_html_write (html, html_stream, buffer->str, buffer->len); + wrote = TRUE; + } + +- buffer[0] = '\0'; ++ /* Reset the buffer. */ ++ g_string_truncate (buffer, 0); ++ + datetime.tzid = NULL; + e_cal_component_get_completed (comp, &datetime.value); + if (type == E_CAL_COMPONENT_TODO && datetime.value) { +@@ -922,20 +937,22 @@ set_date_label (EItipControl *itip, GtkH + timezone. */ + str = g_strdup_printf ("<b>%s:</b>", _("Completed")); + datetime.value->is_utc = TRUE; +- write_label_piece (itip, &datetime, buffer, 1024, str, "<br>", FALSE); +- gtk_html_write (html, html_stream, buffer, strlen (buffer)); ++ write_label_piece (itip, &datetime, buffer, str, "<br>", FALSE); ++ gtk_html_write (html, html_stream, buffer->str, buffer->len); + wrote = TRUE; + task_completed = TRUE; + g_free (str); + } + e_cal_component_free_datetime (&datetime); + +- buffer[0] = '\0'; ++ /* Reset the buffer. */ ++ g_string_truncate (buffer, 0); ++ + e_cal_component_get_due (comp, &datetime); + if (type == E_CAL_COMPONENT_TODO && !task_completed && datetime.value) { + str = g_strdup_printf ("<b>%s:</b>", _("Due")); +- write_label_piece (itip, &datetime, buffer, 1024, str, "<br>", FALSE); +- gtk_html_write (html, html_stream, buffer, strlen (buffer)); ++ write_label_piece (itip, &datetime, buffer, str, "<br>", FALSE); ++ gtk_html_write (html, html_stream, buffer->str, buffer->len); + wrote = TRUE; + g_free (str); + } +@@ -944,6 +961,8 @@ set_date_label (EItipControl *itip, GtkH + + if (wrote) + gtk_html_stream_printf (html_stream, "<br>"); ++ ++ g_string_free (buffer, TRUE); + } + + static void diff --git a/mail-client/evolution/files/evolution-2.12.3-CVE-2008-1109.patch b/mail-client/evolution/files/evolution-2.12.3-CVE-2008-1109.patch new file mode 100644 index 000000000000..27645564656d --- /dev/null +++ b/mail-client/evolution/files/evolution-2.12.3-CVE-2008-1109.patch @@ -0,0 +1,62 @@ +Index: calendar/gui/itip-utils.c +=================================================================== +--- calendar/gui/itip-utils.c.orig ++++ calendar/gui/itip-utils.c +@@ -176,50 +176,16 @@ get_attendee_if_attendee_sentby_is_user + } + + static char * +-html_new_lines_for (char *string) ++html_new_lines_for (const char *string) + { +- char *html_string = (char *) malloc (sizeof (char)* (3500)); +- int length = strlen (string); +- int index = 0; +- char *index_ptr = string; +- char *temp = string; ++ gchar **lines; ++ gchar *joined; + +- /*Find the first occurence*/ +- index_ptr = strstr ((const char *)temp, "\n"); ++ lines = g_strsplit_set (string, "\n", -1); ++ joined = g_strjoinv ("<br>", lines); ++ g_strfreev (lines); + +- /*Doesn't occur*/ +- if (index_ptr == NULL) { +- strcpy (html_string, (const char *)string); +- html_string[length] = '\0'; +- return html_string; +- } +- +- /*Split into chunks inserting <br> for \n */ +- do{ +- while (temp != index_ptr){ +- html_string[index++] = *temp; +- temp++; +- } +- temp++; +- +- html_string[index++] = '<'; +- html_string[index++] = 'b'; +- html_string[index++] = 'r'; +- html_string[index++] = '>'; +- +- index_ptr = strstr ((const char *)temp, "\n"); +- +- } while (index_ptr); +- +- /*Don't leave out the last chunk*/ +- while (*temp != '\0'){ +- html_string[index++] = *temp; +- temp++; +- } +- +- html_string[index] = '\0'; +- +- return html_string; ++ return joined; + } + + char * diff --git a/mail-client/evolution/files/evolution-2.22.2-CVE-2008-1108.patch b/mail-client/evolution/files/evolution-2.22.2-CVE-2008-1108.patch new file mode 100644 index 000000000000..c53d17f8328f --- /dev/null +++ b/mail-client/evolution/files/evolution-2.22.2-CVE-2008-1108.patch @@ -0,0 +1,311 @@ +Index: calendar/gui/e-itip-control.c +=================================================================== +--- calendar/gui/e-itip-control.c (revision 35555) ++++ calendar/gui/e-itip-control.c (working copy) +@@ -660,7 +660,7 @@ find_attendee (icalcomponent *ical_comp, + + static void + write_label_piece (EItipControl *itip, ECalComponentDateTime *dt, +- char *buffer, int size, ++ GString *buffer, + const char *stext, const char *etext, + gboolean just_date) + { +@@ -685,13 +685,13 @@ write_label_piece (EItipControl *itip, E + tmp_tm.tm_hour = tmp_tm.tm_min = tmp_tm.tm_sec = 0; + + if (stext != NULL) +- strcat (buffer, stext); ++ g_string_append (buffer, stext); + + e_time_format_date_and_time (&tmp_tm, + calendar_config_get_24_hour_format (), + FALSE, FALSE, + time_buf, sizeof (time_buf)); +- strcat (buffer, time_buf); ++ g_string_append (buffer, time_buf); + + if (!dt->value->is_utc && dt->tzid) { + zone = icalcomponent_get_timezone (priv->top_level, dt->tzid); +@@ -703,21 +703,21 @@ write_label_piece (EItipControl *itip, E + UTF-8. But it probably is not translated. */ + display_name = icaltimezone_get_display_name (zone); + if (display_name && *display_name) { +- strcat (buffer, " <font size=-1>["); ++ g_string_append_len (buffer, " <font size=-1>[", 16); + + /* We check if it is one of our builtin timezone names, + in which case we call gettext to translate it. */ + if (icaltimezone_get_builtin_timezone (display_name)) { +- strcat (buffer, _(display_name)); ++ g_string_append_printf (buffer, "%s", _(display_name)); + } else { +- strcat (buffer, display_name); ++ g_string_append_printf (buffer, "%s", display_name); + } +- strcat (buffer, "]</font>"); ++ g_string_append_len (buffer, "]</font>", 8); + } + } + + if (etext != NULL) +- strcat (buffer, etext); ++ g_string_append (buffer, etext); + } + + static const char * +@@ -754,19 +754,17 @@ get_dayname (struct icalrecurrencetype * + + static void + write_recurrence_piece (EItipControl *itip, ECalComponent *comp, +- char *buffer, int size) ++ GString *buffer) + { + GSList *rrules; + struct icalrecurrencetype *r; +- int len, i; ++ int i; + +- strcpy (buffer, "<b>Recurring:</b> "); +- len = strlen (buffer); +- buffer += len; +- size -= len; ++ g_string_append_len (buffer, "<b>Recurring:</b> ", 18); + + if (!e_cal_component_has_simple_recurrence (comp)) { +- strcpy (buffer, _("Yes. (Complex Recurrence)")); ++ g_string_append_printf ( ++ buffer, "%s", _("Yes. (Complex Recurrence)")); + return; + } + +@@ -782,7 +780,10 @@ write_recurrence_piece (EItipControl *it + Every %d day/days" */ + /* For Translators : 'Every day' is event Recurring every day */ + /* For Translators : 'Every %d days' is event Recurring every %d days. %d is a digit */ +- sprintf (buffer, ngettext("Every day", "Every %d days", r->interval), r->interval); ++ g_string_append_printf ( ++ buffer, ngettext ("Every day", ++ "Every %d days", r->interval), ++ r->interval); + break; + + case ICAL_WEEKLY_RECURRENCE: +@@ -792,29 +793,36 @@ write_recurrence_piece (EItipControl *it + Every %d week/weeks" */ + /* For Translators : 'Every week' is event Recurring every week */ + /* For Translators : 'Every %d weeks' is event Recurring every %d weeks. %d is a digit */ +- sprintf (buffer, ngettext("Every week", "Every %d weeks", r->interval), r->interval); ++ g_string_append_printf ( ++ buffer, ngettext ("Every week", ++ "Every %d weeks", r->interval), ++ r->interval); + } else { + /* For Translators : 'Every week on' is event Recurring every week on (dayname) and (dayname) and (dayname) */ + /* For Translators : 'Every %d weeks on' is event Recurring: every %d weeks on (dayname) and (dayname). %d is a digit */ +- sprintf (buffer, ngettext("Every week on ", "Every %d weeks on ", r->interval), r->interval); ++ g_string_append_printf ( ++ buffer, ngettext ("Every week on ", ++ "Every %d weeks on ", r->interval), ++ r->interval); + + for (i = 1; i < 8 && r->by_day[i] != ICAL_RECURRENCE_ARRAY_MAX; i++) { + if (i > 1) +- strcat (buffer, ", "); +- strcat (buffer, get_dayname (r, i - 1)); ++ g_string_append_len (buffer, ", ", 2); ++ g_string_append (buffer, get_dayname (r, i - 1)); + } + if (i > 1) + /* For Translators : 'and' is part of the sentence 'event recurring every week on (dayname) and (dayname)' */ +- strcat (buffer, _(" and ")); +- strcat (buffer, get_dayname (r, i - 1)); ++ g_string_append_printf (buffer, "%s", _(" and ")); ++ g_string_append (buffer, get_dayname (r, i - 1)); + } + break; + + case ICAL_MONTHLY_RECURRENCE: + if (r->by_month_day[0] != ICAL_RECURRENCE_ARRAY_MAX) { + /* For Translators : 'The %s day of' is part of the sentence 'event recurring on the (nth) day of every month.' */ +- sprintf (buffer, _("The %s day of "), +- nth (r->by_month_day[0])); ++ g_string_append_printf ( ++ buffer, _("The %s day of "), ++ nth (r->by_month_day[0])); + } else { + int pos; + +@@ -828,20 +836,21 @@ write_recurrence_piece (EItipControl *it + + /* For Translators : 'The %s %s of' is part of the sentence 'event recurring on the (nth) (dayname) of every month.' + eg,third monday of every month */ +- sprintf (buffer, _("The %s %s of "), +- nth (pos), get_dayname (r, 0)); ++ g_string_append_printf ( ++ buffer, _("The %s %s of "), ++ nth (pos), get_dayname (r, 0)); + } + +- len = strlen (buffer); +- buffer += len; +- size -= len; + /* For Translators: In this can also be translated as "With the period of %d + month/months", where %d is a number. The entire sentence is of the form "Recurring: + Every %d month/months" */ + /* For Translators : 'every month' is part of the sentence 'event recurring on the (nth) day of every month.' */ + /* For Translators : 'every %d months' is part of the sentence 'event recurring on the (nth) day of every %d months.' + %d is a digit */ +- sprintf (buffer, ngettext("every month","every %d months", r->interval), r->interval); ++ g_string_append_printf ( ++ buffer, ngettext ("every month", ++ "every %d months", r->interval), ++ r->interval); + break; + + case ICAL_YEARLY_RECURRENCE: +@@ -850,20 +859,22 @@ write_recurrence_piece (EItipControl *it + Every %d year/years" */ + /* For Translators : 'Every year' is event Recurring every year */ + /* For Translators : 'Every %d years' is event Recurring every %d years. %d is a digit */ +- sprintf (buffer, ngettext("Every year", "Every %d years", r->interval), r->interval); ++ g_string_append_printf ( ++ buffer, ngettext ("Every year", ++ "Every %d years", r->interval), ++ r->interval); + break; + + default: + g_return_if_reached (); + } + +- len = strlen (buffer); +- buffer += len; +- size -= len; + if (r->count) { + /* For Translators:'a total of %d time' is part of the sentence of the form 'event recurring every day,a total of % time.' %d is a digit*/ + /* For Translators:'a total of %d times' is part of the sentence of the form 'event recurring every day,a total of % times.' %d is a digit*/ +- sprintf (buffer, ngettext("a total of %d time", " a total of %d times", r->count), r->count); ++ g_string_append_printf ( ++ buffer, ngettext ("a total of %d time", ++ " a total of %d times", r->count), r->count); + } else if (!icaltime_is_null_time (r->until)) { + ECalComponentDateTime dt; + +@@ -871,12 +882,12 @@ write_recurrence_piece (EItipControl *it + dt.value = &r->until; + dt.tzid = icaltimezone_get_tzid ((icaltimezone *)r->until.zone); + +- write_label_piece (itip, &dt, buffer, size, ++ write_label_piece (itip, &dt, buffer, + /* For Translators : ', ending on' is part of the sentence of the form 'event recurring every day, ending on (date).'*/ + _(", ending on "), NULL, TRUE); + } + +- strcat (buffer, "<br>"); ++ g_string_append_len (buffer, "<br>", 4); + } + + static void +@@ -884,47 +895,51 @@ set_date_label (EItipControl *itip, GtkH + ECalComponent *comp) + { + ECalComponentDateTime datetime; +- static char buffer[1024]; ++ GString *buffer; + gchar *str; + gboolean wrote = FALSE, task_completed = FALSE; + ECalComponentVType type; + ++ buffer = g_string_sized_new (1024); + type = e_cal_component_get_vtype (comp); + +- buffer[0] = '\0'; + e_cal_component_get_dtstart (comp, &datetime); + if (datetime.value) { + /* For Translators : 'starts' is starts:date implying a task starts on what date */ + str = g_strdup_printf ("<b>%s:</b>", _("Starts")); +- write_label_piece (itip, &datetime, buffer, 1024, +- str, +- "<br>", FALSE); +- gtk_html_write (html, html_stream, buffer, strlen(buffer)); ++ write_label_piece (itip, &datetime, buffer, str, "<br>", FALSE); ++ gtk_html_write (html, html_stream, buffer->str, buffer->len); + wrote = TRUE; + g_free (str); + } + e_cal_component_free_datetime (&datetime); + +- buffer[0] = '\0'; ++ /* Reset the buffer. */ ++ g_string_truncate (buffer, 0); ++ + e_cal_component_get_dtend (comp, &datetime); + if (datetime.value){ + /* For Translators : 'ends' is ends:date implying a task ends on what date */ + str = g_strdup_printf ("<b>%s:</b>", _("Ends")); +- write_label_piece (itip, &datetime, buffer, 1024, str, "<br>", FALSE); +- gtk_html_write (html, html_stream, buffer, strlen (buffer)); ++ write_label_piece (itip, &datetime, buffer, str, "<br>", FALSE); ++ gtk_html_write (html, html_stream, buffer->str, buffer->len); + wrote = TRUE; + g_free (str); + } + e_cal_component_free_datetime (&datetime); + +- buffer[0] = '\0'; ++ /* Reset the buffer. */ ++ g_string_truncate (buffer, 0); ++ + if (e_cal_component_has_recurrences (comp)) { +- write_recurrence_piece (itip, comp, buffer, 1024); +- gtk_html_write (html, html_stream, buffer, strlen (buffer)); ++ write_recurrence_piece (itip, comp, buffer); ++ gtk_html_write (html, html_stream, buffer->str, buffer->len); + wrote = TRUE; + } + +- buffer[0] = '\0'; ++ /* Reset the buffer. */ ++ g_string_truncate (buffer, 0); ++ + datetime.tzid = NULL; + e_cal_component_get_completed (comp, &datetime.value); + if (type == E_CAL_COMPONENT_TODO && datetime.value) { +@@ -932,20 +947,22 @@ set_date_label (EItipControl *itip, GtkH + timezone. */ + str = g_strdup_printf ("<b>%s:</b>", _("Completed")); + datetime.value->is_utc = TRUE; +- write_label_piece (itip, &datetime, buffer, 1024, str, "<br>", FALSE); +- gtk_html_write (html, html_stream, buffer, strlen (buffer)); ++ write_label_piece (itip, &datetime, buffer, str, "<br>", FALSE); ++ gtk_html_write (html, html_stream, buffer->str, buffer->len); + wrote = TRUE; + task_completed = TRUE; + g_free (str); + } + e_cal_component_free_datetime (&datetime); + +- buffer[0] = '\0'; ++ /* Reset the buffer. */ ++ g_string_truncate (buffer, 0); ++ + e_cal_component_get_due (comp, &datetime); + if (type == E_CAL_COMPONENT_TODO && !task_completed && datetime.value) { + str = g_strdup_printf ("<b>%s:</b>", _("Due")); +- write_label_piece (itip, &datetime, buffer, 1024, str, "<br>", FALSE); +- gtk_html_write (html, html_stream, buffer, strlen (buffer)); ++ write_label_piece (itip, &datetime, buffer, str, "<br>", FALSE); ++ gtk_html_write (html, html_stream, buffer->str, buffer->len); + wrote = TRUE; + g_free (str); + } +@@ -954,6 +971,8 @@ set_date_label (EItipControl *itip, GtkH + + if (wrote) + gtk_html_stream_printf (html_stream, "<br>"); ++ ++ g_string_free (buffer, TRUE); + } + + static void diff --git a/mail-client/evolution/files/evolution-2.22.2-CVE-2008-1109.patch b/mail-client/evolution/files/evolution-2.22.2-CVE-2008-1109.patch new file mode 100644 index 000000000000..c8b5c2c64cb8 --- /dev/null +++ b/mail-client/evolution/files/evolution-2.22.2-CVE-2008-1109.patch @@ -0,0 +1,62 @@ +Index: calendar/gui/itip-utils.c +=================================================================== +--- calendar/gui/itip-utils.c (revision 35555) ++++ calendar/gui/itip-utils.c (working copy) +@@ -172,50 +172,16 @@ get_attendee_if_attendee_sentby_is_user + } + + static char * +-html_new_lines_for (char *string) ++html_new_lines_for (const char *string) + { +- char *html_string = (char *) malloc (sizeof (char)* (3500)); +- int length = strlen (string); +- int index = 0; +- char *index_ptr = string; +- char *temp = string; ++ gchar **lines; ++ gchar *joined; + +- /*Find the first occurence*/ +- index_ptr = strstr ((const char *)temp, "\n"); ++ lines = g_strsplit_set (string, "\n", -1); ++ joined = g_strjoinv ("<br>", lines); ++ g_strfreev (lines); + +- /*Doesn't occur*/ +- if (index_ptr == NULL) { +- strcpy (html_string, (const char *)string); +- html_string[length] = '\0'; +- return html_string; +- } +- +- /*Split into chunks inserting <br> for \n */ +- do{ +- while (temp != index_ptr){ +- html_string[index++] = *temp; +- temp++; +- } +- temp++; +- +- html_string[index++] = '<'; +- html_string[index++] = 'b'; +- html_string[index++] = 'r'; +- html_string[index++] = '>'; +- +- index_ptr = strstr ((const char *)temp, "\n"); +- +- } while (index_ptr); +- +- /*Don't leave out the last chunk*/ +- while (*temp != '\0'){ +- html_string[index++] = *temp; +- temp++; +- } +- +- html_string[index] = '\0'; +- +- return html_string; ++ return joined; + } + + char * |