* Fix a remote code execution vulnerability in the IMAP provider [1]

* Fix maildir support [2] Submitted by: delphij [1] Yuri Pankov <yuri@darklight.org.ru> [2] Obtained from: GNOME SVN [1] http://bugzilla.gnome.org/show_bug.cgi?id=352346 [2] Security: This commit contains a fix for CVE-2007-3257 [1]
svn path=/head/; revision=194362
2007-06-28 03:49:36 +00:00 · 2007-06-28 03:49:36 +00:00 · 2e33212737 · 2021-03-31 03:12:20 +00:00
commit 2e33212737
parent 5dc74bcd3c
3 changed files with 162 additions and 0 deletions
--- a/databases/evolution-data-server/Makefile
+++ b/databases/evolution-data-server/Makefile
@ -8,6 +8,7 @@

 PORTNAME=	evolution-data-server
 PORTVERSION=	1.10.2
+PORTREVISION=	1
 CATEGORIES=	databases gnome
 MASTER_SITES=	${MASTER_SITE_GNOME}
 MASTER_SITE_SUBDIR=	sources/${PORTNAME}/${PORTVERSION:C/^([0-9]+\.[0-9]+).*/\1/}
--- a/databases/evolution-data-server/files/patch-CVE-2007-3257
+++ b/databases/evolution-data-server/files/patch-CVE-2007-3257
@ -0,0 +1,20 @@
+--- camel/providers/imap/camel-imap-folder.c.orig	2007-06-25 19:05:09.445434798 +0800
+++ camel/providers/imap/camel-imap-folder.c	2007-06-25 19:05:40.454607358 +0800
+@@ -655,7 +655,7 @@
+ 		uid = g_datalist_get_data (&data, "UID");
+ 		flags = GPOINTER_TO_UINT (g_datalist_get_data (&data, "FLAGS"));
+ 		
+-		if (!uid || !seq || seq > summary_len) {
+		if (!uid || !seq || seq > summary_len || seq < 0) {
+ 			g_datalist_clear (&data);
+ 			continue;
+ 		}
+@@ -2789,7 +2789,7 @@
+ 		
+ 		if (*response != '*' || *(response + 1) != ' ')
+ 			return NULL;
+-		seq = strtol (response + 2, &response, 10);
+		seq = strtoul (response + 2, &response, 10);
+ 		if (seq == 0)
+ 			return NULL;
+ 		if (g_ascii_strncasecmp (response, " FETCH (", 8) != 0)
--- a/databases/evolution-data-server/files/patch-fix-maildir
+++ b/databases/evolution-data-server/files/patch-fix-maildir
@ -0,0 +1,141 @@
+Index: camel/providers/local/camel-local-provider.c
+===================================================================
+--- camel/providers/local/camel-local-provider.c	(revision 7830)
+++ camel/providers/local/camel-local-provider.c	(working copy)
+@@ -56,7 +56,7 @@
+ 	N_("For storing local mail in MH-like mail directories."),
+ 	"mail",
+ 	CAMEL_PROVIDER_IS_SOURCE | CAMEL_PROVIDER_IS_STORAGE | CAMEL_PROVIDER_IS_LOCAL,
+-	CAMEL_URL_NEED_PATH | CAMEL_URL_PATH_IS_ABSOLUTE | CAMEL_URL_FRAGMENT_IS_PATH,
+	CAMEL_URL_NEED_PATH | CAMEL_URL_NEED_PATH_DIR | CAMEL_URL_PATH_IS_ABSOLUTE | CAMEL_URL_FRAGMENT_IS_PATH,
+ 	mh_conf_entries,
+ 	/* ... */
+ };
+@@ -74,7 +74,7 @@
+ 	N_("For retrieving (moving) local mail from standard mbox-formatted spools into folders managed by Evolution."),
+ 	"mail",
+ 	CAMEL_PROVIDER_IS_SOURCE | CAMEL_PROVIDER_IS_STORAGE | CAMEL_PROVIDER_IS_LOCAL,
+-	CAMEL_URL_NEED_PATH | CAMEL_URL_PATH_IS_ABSOLUTE | CAMEL_URL_FRAGMENT_IS_PATH,
+	CAMEL_URL_NEED_PATH | CAMEL_URL_NEED_PATH_DIR |CAMEL_URL_PATH_IS_ABSOLUTE | CAMEL_URL_FRAGMENT_IS_PATH,
+ 	mbox_conf_entries,
+ 	/* ... */
+ };
+@@ -96,7 +96,7 @@
+ 	N_("For storing local mail in maildir directories."),
+ 	"mail",
+ 	CAMEL_PROVIDER_IS_SOURCE | CAMEL_PROVIDER_IS_STORAGE | CAMEL_PROVIDER_IS_LOCAL,
+-	CAMEL_URL_NEED_PATH | CAMEL_URL_PATH_IS_ABSOLUTE | CAMEL_URL_FRAGMENT_IS_PATH,
+	CAMEL_URL_NEED_PATH | CAMEL_URL_NEED_PATH_DIR | CAMEL_URL_PATH_IS_ABSOLUTE | CAMEL_URL_FRAGMENT_IS_PATH,
+ 	maildir_conf_entries,
+ 	/* ... */
+ };
+@@ -110,9 +110,9 @@
+ 	{ CAMEL_PROVIDER_CONF_END }
+ };
+ 
+-static CamelProvider spool_provider = {
+static CamelProvider spool_file_provider = {
+ 	"spool",
+-	N_("Standard Unix mbox spool or directory"),
+	N_("Standard Unix mbox spool file"),
+ 	N_("For reading and storing local mail in external standard mbox spool files.\nMay also be used to read a tree of Elm, Pine, or Mutt style folders."),
+ 	"mail",
+ 	CAMEL_PROVIDER_IS_SOURCE | CAMEL_PROVIDER_IS_STORAGE,
+@@ -121,6 +121,17 @@
+ 	/* ... */
+ };
+ 
+static CamelProvider spool_directory_provider = {
+	"spooldir",
+	N_("Standard Unix mbox spool directory"),
+	N_("For reading and storing local mail in external standard mbox spool files.\nMay also be used to read a tree of Elm, Pine, or Mutt style folders."),
+	"mail",
+	CAMEL_PROVIDER_IS_SOURCE | CAMEL_PROVIDER_IS_STORAGE,
+	CAMEL_URL_NEED_PATH | CAMEL_URL_NEED_PATH_DIR | CAMEL_URL_PATH_IS_ABSOLUTE | CAMEL_URL_FRAGMENT_IS_PATH,
+	spool_conf_entries,
+	/* ... */
+};
+
+ #endif
+ 
+ /* build a canonical 'path' */
+@@ -234,13 +245,19 @@
+ 	camel_provider_register(&mbox_provider);
+ 
+ #ifndef G_OS_WIN32
+-	spool_conf_entries[0].value = path;  /* default path - same as mbox */
+-	spool_provider.object_types[CAMEL_PROVIDER_STORE] = camel_spool_store_get_type ();
+-	spool_provider.url_hash = local_url_hash;
+-	spool_provider.url_equal = local_url_equal;
+-	spool_provider.translation_domain = GETTEXT_PACKAGE;
+-	camel_provider_register(&spool_provider);
+-	
+	spool_conf_entries[0].value = path;  /* default path - same as mbox; it's for both file and directory */
+	spool_file_provider.object_types[CAMEL_PROVIDER_STORE] = camel_spool_store_get_type ();
+	spool_file_provider.url_hash = local_url_hash;
+	spool_file_provider.url_equal = local_url_equal;
+	spool_file_provider.translation_domain = GETTEXT_PACKAGE;
+	camel_provider_register(&spool_file_provider);
+
+	spool_directory_provider.object_types[CAMEL_PROVIDER_STORE] = camel_spool_store_get_type ();
+	spool_directory_provider.url_hash = local_url_hash;
+	spool_directory_provider.url_equal = local_url_equal;
+	spool_directory_provider.translation_domain = GETTEXT_PACKAGE;
+	camel_provider_register(&spool_directory_provider);
+
+ 	path = getenv("MAILDIR");
+ 	maildir_conf_entries[0].value = path ? path : "";  /* default path */
+ 	maildir_provider.object_types[CAMEL_PROVIDER_STORE] = camel_maildir_store_get_type ();
+Index: camel/providers/local/ChangeLog
+===================================================================
+--- camel/providers/local/ChangeLog	(revision 7830)
+++ camel/providers/local/ChangeLog	(working copy)
+@@ -1,3 +1,12 @@
+2007-06-18  Milan Crha  <mcrha@redhat.com>
+
+	** Fix for bug #352346
+
+	* camel-local-provider.c: (camel_provider_module_init):
+	New provider spool_file_provider with virtual protocol 'spooldir'
+	and set CAMEL_URL_NEED_PATH_DIR; registering this provider
+	as copy for spool files.
+
+ 2007-06-06  Jeffrey Stedfast  <fejj@novell.com>
+ 
+ 	Robustness fix while making sure the code would properly handle
+Index: camel/ChangeLog
+===================================================================
+--- camel/ChangeLog	(revision 7830)
+++ camel/ChangeLog	(working copy)
+@@ -1,3 +1,11 @@
+2007-06-18  Milan Crha  <mcrha@redhat.com>
+
+	** Fix for bug #352346
+
+	* camel-provider.h: Added new constants CAMEL_URL_PART_PATH_DIR and
+	CAMEL_URL_NEED_PATH_DIR; when CAMEL_URL_NEED_PATH_DIR is set, then
+	in editor dialog is choosing file, without it directory.
+
+ 2007-06-14  Philip Van Hoof  <pvanhoof@gnome.org>
+ 	
+ 	* camel-net-utils.c: Memory leak fix
+Index: camel/camel-provider.h
+===================================================================
+--- camel/camel-provider.h	(revision 7830)
+++ camel/camel-provider.h	(working copy)
+@@ -81,6 +81,7 @@
+ #define CAMEL_URL_PART_HOST	 (1 << 3)
+ #define CAMEL_URL_PART_PORT	 (1 << 4)
+ #define CAMEL_URL_PART_PATH	 (1 << 5)
+#define CAMEL_URL_PART_PATH_DIR  (1 << 6)
+ 
+ #define CAMEL_URL_PART_NEED	       8
+ #define CAMEL_URL_PART_HIDDEN	(CAMEL_URL_PART_NEED + 8)
+@@ -104,6 +105,7 @@
+ #define CAMEL_URL_NEED_HOST	 (CAMEL_URL_PART_HOST << CAMEL_URL_PART_NEED)
+ #define CAMEL_URL_NEED_PORT	 (CAMEL_URL_PART_PORT << CAMEL_URL_PART_NEED)
+ #define CAMEL_URL_NEED_PATH	 (CAMEL_URL_PART_PATH << CAMEL_URL_PART_NEED)
+#define CAMEL_URL_NEED_PATH_DIR  (CAMEL_URL_PART_PATH_DIR << CAMEL_URL_PART_NEED)
+ 
+ #define CAMEL_URL_HIDDEN_USER	 (CAMEL_URL_PART_USER << CAMEL_URL_PART_HIDDEN)
+ #define CAMEL_URL_HIDDEN_AUTH	 (CAMEL_URL_PART_AUTH << CAMEL_URL_PART_HIDDEN)