diff --git a/evolution-data-server-1.10.1-apop-auth-vulnerability.patch b/evolution-data-server-1.10.1-apop-auth-vulnerability.patch new file mode 100644 index 0000000..85c86a7 --- /dev/null +++ b/evolution-data-server-1.10.1-apop-auth-vulnerability.patch @@ -0,0 +1,32 @@ +--- evolution-data-server-1.10.1/camel/providers/pop3/camel-pop3-store.c.apop-auth-vulnerability 2007-04-09 08:42:37.000000000 -0400 ++++ evolution-data-server-1.10.1/camel/providers/pop3/camel-pop3-store.c 2007-04-24 16:12:28.000000000 -0400 +@@ -34,6 +34,7 @@ + #include + #include + #include ++#include + + #include "camel-operation.h" + +@@ -489,6 +490,21 @@ + } else if (strcmp(service->url->authmech, "+APOP") == 0 && store->engine->apop) { + char *secret, md5asc[33], *d; + unsigned char md5sum[16], *s; ++ ++ d = store->engine->apop; ++ ++ while (*d != '\0') { ++ if (!isascii((int)*d)) { ++ camel_exception_setv (ex, CAMEL_EXCEPTION_SERVICE_URL_INVALID, ++ _("Unable to connect to POP server %s: " ++ "Invalid APOP ID received. Impersonation attack " ++ "suspected. Please contact your admin."), ++ CAMEL_SERVICE (store)->url->host); ++ ++ return FALSE; ++ } ++ d++; ++ } + + secret = g_alloca(strlen(store->engine->apop)+strlen(service->url->passwd)+1); + sprintf(secret, "%s%s", store->engine->apop, service->url->passwd); diff --git a/evolution-data-server.spec b/evolution-data-server.spec index 58b6b88..8c3726a 100644 --- a/evolution-data-server.spec +++ b/evolution-data-server.spec @@ -26,7 +26,7 @@ Name: evolution-data-server Version: 1.10.1 -Release: 1%{?dist} +Release: 2%{?dist} License: LGPL Group: System Environment/Libraries Summary: Backend data server for Evolution @@ -78,6 +78,9 @@ Patch22: evolution-data-server-1.9.92-isa-support.patch # GNOME bug #417999 Patch23: evolution-data-server-1.10.0-code-cleanup.patch +# RH bug #235290 / GNOME bug #424373 +Patch24: evolution-data-server-1.10.1-apop-auth-vulnerability.patch + ### Dependencies ### Requires: GConf2 @@ -171,6 +174,7 @@ evolution-data-server. %patch21 -p1 -b .e-passwords %patch22 -p1 -b .isa-support %patch23 -p1 -b .code-cleanup +%patch24 -p1 -b .apop-auth-vulnerability mkdir -p krb5-fakeprefix/include mkdir -p krb5-fakeprefix/lib @@ -388,6 +392,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/libexchange-storage-%{eds_api_version}.pc %changelog +* Tue Apr 24 2007 Matthew Barnes - 1.10.1-2.fc7 +- Add patch for RH bug #235290 (APOP authentication vulnerability). + * Mon Apr 09 2007 Matthew Barnes - 1.10.1-1.fc7 - Update to 1.10.1 - Remove evolution-data-server-1.10.0-no-more-beeps.patch (fixed upstream).