From 19841a0e3a1bbe19f2e360f20e1d66de16909452 Mon Sep 17 00:00:00 2001
From: Robert Scheck <robert@fedoraproject.org>
Date: Feb 23 2010 21:24:36 +0000
Subject: - Backported a patch from trunk to avoid the crash of zarafa-server when

    creating new user with db or unix plugin (#564282, #567262)
- Backported another patch from trunk to avoid the crash of httpd caused by
    PHP mapi.so during the logon in the webaccess (#564129)

---

diff --git a/zarafa-6.30.10-fortify.patch b/zarafa-6.30.10-fortify.patch
new file mode 100644
index 0000000..3a4a4a1
--- /dev/null
+++ b/zarafa-6.30.10-fortify.patch
@@ -0,0 +1,36 @@
+Remerged changeset of Subversion Revision 18952 from 6.40.0 (trunk) to 6.30.10
+
+--- zarafa-6.30.10/provider/common/ZarafaUtil.cpp			2010-01-26 17:34:51.000000000 +0100
++++ zarafa-6.30.10/provider/common/ZarafaUtil.cpp.fortify		2010-02-22 15:52:11.000000000 +0100
+@@ -355,7 +355,8 @@
+ 	if (!strExternId.empty())
+ 	{
+ 		lpUserEid->ulVersion = 1;
+-		lstrcpy(lpUserEid->szExId, strEncExId.c_str());
++		// avoid FORTIFY_SOURCE checks in strcpy to an address that the compiler thinks is 1 size large
++		memcpy(lpUserEid->szExId, strEncExId.c_str(), strEncExId.length()+1);
+ 	}
+ 
+ 	lpsEntryId->__size = ulLen;
+--- zarafa-6.30.10/provider/libserver/ECUserManagement.cpp		2010-01-26 17:34:51.000000000 +0100
++++ zarafa-6.30.10/provider/libserver/ECUserManagement.cpp.fortify	2010-02-22 16:03:33.000000000 +0100
+@@ -4152,7 +4152,8 @@
+ 	if (!strEncExId.empty())
+ 	{
+ 		lpAbeid->ulVersion = 1;
+-		strcpy(lpAbeid->szExId, strEncExId.c_str());
++		// avoid FORTIFY_SOURCE checks in strcpy to an address that the compiler thinks is 1 size large
++		memcpy(lpAbeid->szExId, strEncExId.c_str(), strEncExId.length()+1);
+ 	}
+ 
+ 	*lpsSourceKey = SOURCEKEY(ulLen, (char*)lpAbeid);
+@@ -4190,7 +4191,8 @@
+ 		memset(lpEid, 0, CbNewABEID(strEncExId.c_str()));
+ 
+ 		lpEid->ulVersion = 1;
+-		lstrcpy(lpEid->szExId, strEncExId.c_str());
++		// avoid FORTIFY_SOURCE checks in strcpy to an address that the compiler thinks is 1 size large
++		memcpy(lpEid->szExId, strEncExId.c_str(), strEncExId.length()+1);
+ 
+ 	}
+ 
diff --git a/zarafa-6.30.10-long-ulong.patch b/zarafa-6.30.10-long-ulong.patch
new file mode 100644
index 0000000..97e07e0
--- /dev/null
+++ b/zarafa-6.30.10-long-ulong.patch
@@ -0,0 +1,123 @@
+Remerged changeset of Subversion Revision 18968 from 6.40.0 (trunk) to 6.30.10
+
+--- zarafa-6.30.10/php-ext/main.cpp					2010-01-26 17:34:48.000000000 +0100
++++ zarafa-6.30.10/php-ext/main.cpp.php.long-ulong			2010-02-23 20:39:15.000000000 +0100
+@@ -2125,10 +2125,11 @@
+ {
+ 	// params
+ 	zval * res;
+-	LPMAPITABLE	lpTable				= NULL;
+ 	zval * sortArray;
++	long ulFlags = 0;
++	// local
++	LPMAPITABLE	lpTable				= NULL;
+ 	LPSSortOrderSet lpSortCriteria	= NULL;
+-	ULONG ulFlags = 0;
+ 
+ 	RETVAL_FALSE;
+ 	MAPI_G(hr) = hrSuccess;
+@@ -2189,10 +2190,11 @@
+ {
+ 	// params
+ 	zval			*res;
++	zval			*restrictionArray;
++	ulong			ulFlags = 0;
++	// local
+ 	LPMAPITABLE		lpTable = NULL;
+-	zval			*restrictionArray;
+ 	LPSRestriction	lpRestrict = NULL;
+-	ULONG			ulFlags = 0;
+ 
+ 	RETVAL_FALSE;
+ 	MAPI_G(hr) = hrSuccess;
+@@ -2213,7 +2215,7 @@
+ 		}
+ 	}
+ 
+-	MAPI_G(hr) = lpTable->Restrict(lpRestrict, ulFlags); // TODO: set flags from php?
++	MAPI_G(hr) = lpTable->Restrict(lpRestrict, ulFlags);
+ 	if(MAPI_G(hr) != hrSuccess)
+ 		goto exit;
+ 
+@@ -3696,11 +3698,13 @@
+ }
+ 
+ ZEND_FUNCTION(mapi_folder_getsearchcriteria) {
++	// params
+ 	zval *res = NULL;
+ 	zval *restriction = NULL;
+ 	zval *folderlist = NULL;
+ 	LPMAPIFOLDER lpFolder = NULL;
+ 	long ulFlags = 0;
++	// local
+ 	LPSRestriction lpRestriction = NULL;
+ 	LPENTRYLIST lpFolderList = NULL;
+ 	ULONG ulSearchState = 0;
+@@ -3734,13 +3738,15 @@
+ }
+ 
+ ZEND_FUNCTION(mapi_folder_setsearchcriteria) {
+-	LPMAPIFOLDER lpFolder = NULL;
+-	LPENTRYLIST lpFolderList = NULL;
+-	LPSRestriction lpRestriction = NULL;
+-	long ulFlags = 0;
++	// param
+ 	zval *res = NULL;
+ 	zval *restriction = NULL;
+ 	zval *folderlist = NULL;
++	long ulFlags = 0;
++	// local
++	LPMAPIFOLDER lpFolder = NULL;
++	LPENTRYLIST lpFolderList = NULL;
++	LPSRestriction lpRestriction = NULL;
+ 
+ 	RETVAL_FALSE;
+ 	MAPI_G(hr) = hrSuccess;
+@@ -6396,9 +6402,11 @@
+ 
+ ZEND_FUNCTION(mapi_freebusyupdate_publish)
+ {
++	// params
++	zval*				resFBUpdate = NULL;
+ 	zval*				aBlocks = NULL;
+ 	IFreeBusyUpdate*	lpFBUpdate = NULL;
+-	zval*				resFBUpdate = NULL;
++	// local
+ 	FBBlock_1*			lpBlocks = NULL;
+ 	ULONG				cBlocks = 0;
+ 	HashTable*			target_hash = NULL;
+@@ -6495,12 +6503,14 @@
+ 
+ ZEND_FUNCTION(mapi_freebusyupdate_savechanges)
+ {
+-	IFreeBusyUpdate*	lpFBUpdate = NULL;
++	// params
+ 	zval*				resFBUpdate = NULL;
+-	FILETIME			ftmStart;
+-	FILETIME			ftmEnd;
+ 	time_t				ulUnixStart = 0;
+ 	time_t				ulUnixEnd = 0;
++	IFreeBusyUpdate*	lpFBUpdate = NULL;
++	// local
++	FILETIME			ftmStart;
++	FILETIME			ftmEnd;
+ 
+ 	RETVAL_FALSE;
+ 	MAPI_G(hr) = hrSuccess;
+@@ -6523,13 +6533,14 @@
+ 
+ ZEND_FUNCTION(mapi_favorite_add)
+ {
++	// params
+ 	zval *				resSession = NULL;
+ 	zval *				resFolder = NULL;
+ 	Session				*lpSession = NULL;
+-	LPMAPIFOLDER		lpShortCutFolder = NULL;
+-
+ 	LPMAPIFOLDER		lpFolder = NULL;
+ 	long				ulFlags = 0;
++	// local
++	LPMAPIFOLDER			lpShortCutFolder = NULL;
+ 	ULONG				cbAliasName = 0;
+ 	LPSTR				lpszAliasName = NULL;
+ 
diff --git a/zarafa.spec b/zarafa.spec
index a034b78..fae8eb8 100644
--- a/zarafa.spec
+++ b/zarafa.spec
@@ -116,7 +116,7 @@
 #
 
 %define beta_or_rc      0
-%define actual_release  1
+%define actual_release  2
 %define svnrevision     18495
 %define with_ldap       1
 %define with_xmlto      1
@@ -146,6 +146,9 @@ Patch0:             zarafa-6.30.4-package.patch
 Patch1:             zarafa-6.30.4-perl.patch
 Patch2:             zarafa-6.30.10-undefined-symbol.patch
 Patch3:             zarafa-6.30.10-chmod.patch
+# Patch 4 and 5 are backports from upstream
+Patch4:             zarafa-6.30.10-fortify.patch
+Patch5:             zarafa-6.30.10-long-ulong.patch
 # http://www.brodowski.org/zarafa/php-mapi/6.30.10.18495/18495_patch.diff
 Patch10:            zarafa-6.30.4-brodowski.patch
 
@@ -198,7 +201,7 @@ BuildRoot:          %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -
 %description
 Zarafa Outlook Sharing is a Microsoft Exchange replacement. The Open Source
 Collaboration provides an integration with your existing Linux mail server,
-native mobile phone support by ActiveSync compatiblity and a webaccess with
+native mobile phone support by ActiveSync compatibility and a webaccess with
 'Look & Feel' similar to Outlook using Ajax. Including an IMAP4 and a POP3
 gateway as well as an iCal/CalDAV gateway, Zarafa can combine the usability
 with the stability and flexibility of a Linux server.
@@ -442,6 +445,8 @@ PHP MAPI extension by Zarafa to enable MAPI communication in PHP.
 %patch1 -p1 -b .perl
 %patch2 -p1 -b .symbol
 %patch3 -p1 -b .chmod
+%patch4 -p1 -b .fortify
+%patch5 -p1 -b .long-ulong
 #%%patch10 -p5 -b .brodowski
 
 # Needed to get rid of rpath
@@ -818,6 +823,12 @@ fi
 %endif
 
 %changelog
+* Tue Feb 23 2010 Robert Scheck <robert@fedoraproject.org> 6.30.10-2
+- Backported a patch from trunk to avoid the crash of zarafa-server
+  when creating new user with db or unix plugin (#564282, #567262)
+- Backported another patch from trunk to avoid the crash of httpd
+  caused by PHP mapi.so during the logon in the webaccess (#564129)
+
 * Sat Feb 06 2010 Robert Scheck <robert@fedoraproject.org> 6.30.10-1
 - Upgrade to 6.30.10 (#498194)
 - Initial spec file for Fedora and Red Hat Enterprise Linux (thanks