From 1eb19cbe2313f871278e10e796f82bafb26e7c5e Mon Sep 17 00:00:00 2001 From: Jesse Keating Date: Sun, 20 Apr 2008 17:21:24 +0000 Subject: [PATCH 01/11] Initialize branch F-9 for evolution --- branch | 1 + 1 file changed, 1 insertion(+) create mode 100644 branch diff --git a/branch b/branch new file mode 100644 index 0000000..1c26f78 --- /dev/null +++ b/branch @@ -0,0 +1 @@ +F-9 From 62beff29d7d570ccc87b4f3decf54fbfafd8cd4f Mon Sep 17 00:00:00 2001 From: Matthew Barnes Date: Tue, 29 Apr 2008 12:48:38 +0000 Subject: [PATCH 02/11] - Add patch for GNOME bug #524121 (double free). --- evolution-2.22.1-double-free.patch | 13 +++++++++++++ evolution.spec | 9 ++++++++- 2 files changed, 21 insertions(+), 1 deletion(-) create mode 100644 evolution-2.22.1-double-free.patch diff --git a/evolution-2.22.1-double-free.patch b/evolution-2.22.1-double-free.patch new file mode 100644 index 0000000..b21fa1d --- /dev/null +++ b/evolution-2.22.1-double-free.patch @@ -0,0 +1,13 @@ +diff -U0 evolution-2.22.1/calendar/ChangeLog.double-free evolution-2.22.1/calendar/ChangeLog +diff -up evolution-2.22.1/calendar/gui/e-calendar-table.c.double-free evolution-2.22.1/calendar/gui/e-calendar-table.c +--- evolution-2.22.1/calendar/gui/e-calendar-table.c.double-free 2008-04-04 05:18:00.000000000 -0400 ++++ evolution-2.22.1/calendar/gui/e-calendar-table.c 2008-04-29 08:46:17.000000000 -0400 +@@ -881,7 +881,7 @@ copy_row_cb (int model_row, gpointer dat + icalcomponent_new_clone (child)); + icalcomponent_free (child); + } +- g_free (child); ++ g_free (comp_str); + } + + /** diff --git a/evolution.spec b/evolution.spec index dcd0efe..3d01b38 100644 --- a/evolution.spec +++ b/evolution.spec @@ -46,7 +46,7 @@ Name: evolution Version: 2.22.1 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2 and GFDL+ Group: Applications/Productivity Summary: GNOME's next-generation groupware suite @@ -84,6 +84,9 @@ Patch15: evolution-2.9.1-im-context-reset.patch # RH bug #437208 / GNOME bug #518103 Patch16: evolution-2.22.0-line-status.patch +# GNOME bug #524121 +Patch17: evolution-2.22.1-double-free.patch + ## Dependencies ### Requires(post): GConf2 @@ -230,6 +233,7 @@ This package contains the plugin to filter junk mail using SpamAssassin. %patch14 -p1 -b .no-gnome-common %patch15 -p1 -b .im-context-reset %patch16 -p1 -b .line-status +%patch17 -p1 -b .double-free mkdir -p krb5-fakeprefix/include mkdir -p krb5-fakeprefix/lib @@ -657,6 +661,9 @@ rm -rf $RPM_BUILD_ROOT %{evo_plugin_dir}/liborg-gnome-sa-junk-plugin.so %changelog +* Tue Apr 29 2008 Matthew Barnes - 2.22.1-2.fc9 +- Add patch for GNOME bug #524121 (double free). + * Mon Apr 07 2008 Matthew Barnes - 2.22.1-1.fc9 - Update to 2.22.1 - Remove patch for GNOME bug #524310 (fixed upstream). From ba7867964915459fea70cc6e3efe54f4e2957299 Mon Sep 17 00:00:00 2001 From: Matthew Barnes Date: Fri, 2 May 2008 11:53:22 +0000 Subject: [PATCH 03/11] - Update to 2.22.1.1 - Remove patch for RH bug #437208 (fixed upstream). - Remove patch for GNOME bug #524121 (fixed upstream). --- .cvsignore | 2 +- evolution-2.21.92-CVE-2008-0072.patch | 48 ------- evolution-2.22.0-line-status.patch | 185 -------------------------- evolution-2.22.1-double-free.patch | 13 -- evolution.spec | 17 +-- sources | 2 +- 6 files changed, 9 insertions(+), 258 deletions(-) delete mode 100644 evolution-2.21.92-CVE-2008-0072.patch delete mode 100644 evolution-2.22.0-line-status.patch delete mode 100644 evolution-2.22.1-double-free.patch diff --git a/.cvsignore b/.cvsignore index 9b20597..c9f6104 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -evolution-2.22.1.tar.bz2 +evolution-2.22.1.1.tar.bz2 diff --git a/evolution-2.21.92-CVE-2008-0072.patch b/evolution-2.21.92-CVE-2008-0072.patch deleted file mode 100644 index 7183312..0000000 --- a/evolution-2.21.92-CVE-2008-0072.patch +++ /dev/null @@ -1,48 +0,0 @@ -diff -up evolution-2.21.92/mail/em-format.c.CVE-2008-0072 evolution-2.21.92/mail/em-format.c ---- evolution-2.21.92/mail/em-format.c.CVE-2008-0072 2008-01-27 22:59:48.000000000 -0500 -+++ evolution-2.21.92/mail/em-format.c 2008-03-04 15:40:29.000000000 -0500 -@@ -1193,7 +1193,7 @@ emf_application_xpkcs7mime(EMFormat *emf - opart = camel_mime_part_new(); - valid = camel_cipher_decrypt(context, part, opart, ex); - if (valid == NULL) { -- em_format_format_error(emf, stream, ex->desc?ex->desc:_("Could not parse S/MIME message: Unknown error")); -+ em_format_format_error(emf, stream, "%s", ex->desc?ex->desc:_("Could not parse S/MIME message: Unknown error")); - em_format_part_as(emf, stream, part, NULL); - } else { - if (emfc == NULL) -@@ -1350,7 +1350,7 @@ emf_multipart_encrypted(EMFormat *emf, C - if (valid == NULL) { - em_format_format_error(emf, stream, ex->desc?_("Could not parse PGP/MIME message"):_("Could not parse PGP/MIME message: Unknown error")); - if (ex->desc) -- em_format_format_error(emf, stream, ex->desc); -+ em_format_format_error(emf, stream, "%s", ex->desc); - em_format_part_as(emf, stream, part, "multipart/mixed"); - } else { - if (emfc == NULL) -@@ -1515,7 +1515,7 @@ emf_multipart_signed(EMFormat *emf, Came - if (valid == NULL) { - em_format_format_error(emf, stream, ex->desc?_("Error verifying signature"):_("Unknown error verifying signature")); - if (ex->desc) -- em_format_format_error(emf, stream, ex->desc); -+ em_format_format_error(emf, stream, "%s", ex->desc); - em_format_part_as(emf, stream, part, "multipart/mixed"); - } else { - if (emfc == NULL) -@@ -1586,7 +1586,7 @@ emf_inlinepgp_signed(EMFormat *emf, Came - if (!valid) { - em_format_format_error(emf, stream, ex->desc?_("Error verifying signature"):_("Unknown error verifying signature")); - if (ex->desc) -- em_format_format_error(emf, stream, ex->desc); -+ em_format_format_error(emf, stream, "%s", ex->desc); - em_format_format_source(emf, stream, ipart); - /* I think this will loop: em_format_part_as(emf, stream, part, "text/plain"); */ - camel_exception_free(ex); -@@ -1658,7 +1658,7 @@ emf_inlinepgp_encrypted(EMFormat *emf, C - if (!valid) { - em_format_format_error(emf, stream, ex->desc?_("Could not parse PGP message"):_("Could not parse PGP message: Unknown error")); - if (ex->desc) -- em_format_format_error(emf, stream, ex->desc); -+ em_format_format_error(emf, stream, "%s", ex->desc); - em_format_format_source(emf, stream, ipart); - /* I think this will loop: em_format_part_as(emf, stream, part, "text/plain"); */ - camel_exception_free(ex); diff --git a/evolution-2.22.0-line-status.patch b/evolution-2.22.0-line-status.patch deleted file mode 100644 index 8b13eb2..0000000 --- a/evolution-2.22.0-line-status.patch +++ /dev/null @@ -1,185 +0,0 @@ -diff -up evolution-2.22.0/shell/e-shell-nm-glib.c.line-status evolution-2.22.0/shell/e-shell-nm-glib.c ---- evolution-2.22.0/shell/e-shell-nm-glib.c.line-status 2007-11-29 23:23:59.000000000 -0500 -+++ evolution-2.22.0/shell/e-shell-nm-glib.c 2008-03-14 12:13:29.000000000 -0400 -@@ -33,23 +33,40 @@ - static libnm_glib_ctx *nm_ctx = NULL; - static guint id = 0; - --static void e_shell_glib_network_monitor (libnm_glib_ctx *ctx, gpointer user_data) -+static void -+e_shell_glib_network_monitor (libnm_glib_ctx *ctx, gpointer user_data) - { - libnm_glib_state state; -- EShellLineStatus line_status; - EShellWindow *window = E_SHELL_WINDOW (user_data); - EShell *shell = e_shell_window_peek_shell (window); - GNOME_Evolution_ShellState shell_state; -+ gboolean shell_is_online; -+ gboolean shell_is_offline; - - g_return_if_fail (ctx != NULL); - - state = libnm_glib_get_network_state (ctx); -- line_status = e_shell_get_line_status (shell); - -- if (line_status == E_SHELL_LINE_STATUS_ONLINE && state == LIBNM_NO_NETWORK_CONNECTION) { -+ switch (e_shell_get_line_status (shell)) { -+ case E_SHELL_LINE_STATUS_ONLINE: -+ shell_is_online = TRUE; -+ shell_is_offline = FALSE; -+ break; -+ case E_SHELL_LINE_STATUS_OFFLINE: -+ case E_SHELL_LINE_STATUS_FORCED_OFFLINE: -+ shell_is_online = FALSE; -+ shell_is_offline = TRUE; -+ break; -+ default: /* in-between states */ -+ shell_is_online = FALSE; -+ shell_is_offline = FALSE; -+ } -+ -+ if (shell_is_online && state == LIBNM_NO_NETWORK_CONNECTION) { - shell_state = GNOME_Evolution_FORCED_OFFLINE; - e_shell_go_offline (shell, window, shell_state); -- } else if (line_status == E_SHELL_LINE_STATUS_OFFLINE && state == LIBNM_ACTIVE_NETWORK_CONNECTION) { -+ -+ } else if (shell_is_offline && state == LIBNM_ACTIVE_NETWORK_CONNECTION) { - shell_state = GNOME_Evolution_USER_ONLINE; - e_shell_go_online (shell, window, shell_state); - } -@@ -58,15 +75,15 @@ static void e_shell_glib_network_monitor - int e_shell_nm_glib_initialise (EShellWindow *window); - void e_shell_nm_glib_dispose (EShellWindow *window); - --int e_shell_nm_glib_initialise (EShellWindow *window) -+int -+e_shell_nm_glib_initialise (EShellWindow *window) - { -- if (!nm_ctx) -- { -+ if (!nm_ctx) { - nm_ctx = libnm_glib_init (); - if (!nm_ctx) { -- fprintf (stderr, "Could not initialize libnm.\n"); -- return FALSE; -- } -+ g_warning ("Could not initialize libnm."); -+ return FALSE; -+ } - } - - id = libnm_glib_register_callback (nm_ctx, e_shell_glib_network_monitor, window, NULL); -@@ -74,7 +91,8 @@ int e_shell_nm_glib_initialise (EShellWi - return TRUE; - } - --void e_shell_nm_glib_dispose (EShellWindow *window) -+void -+e_shell_nm_glib_dispose (EShellWindow *window) - { - if (id != 0 && nm_ctx != NULL) { - libnm_glib_unregister_callback (nm_ctx, id); -@@ -83,4 +101,3 @@ void e_shell_nm_glib_dispose (EShellWind - id = 0; - } - } -- -diff -up evolution-2.22.0/shell/e-shell-nm.c.line-status evolution-2.22.0/shell/e-shell-nm.c ---- evolution-2.22.0/shell/e-shell-nm.c.line-status 2008-02-22 04:51:05.000000000 -0500 -+++ evolution-2.22.0/shell/e-shell-nm.c 2008-03-14 12:13:29.000000000 -0400 -@@ -35,17 +35,12 @@ - #include - #include - --typedef enum _ShellLineStatus { -- E_SHELL_LINE_DOWN, -- E_SHELL_LINE_UP --} ShellLineStatus; -- -- - static gboolean init_dbus (EShellWindow *window); -+int e_shell_dbus_initialise (EShellWindow *window); -+void e_shell_dbus_dispose (EShellWindow *window); - - static DBusConnection *dbus_connection = NULL; - -- - static gboolean - reinit_dbus (gpointer user_data) - { -@@ -63,11 +58,12 @@ e_shell_network_monitor (DBusConnection - { - DBusError error; - const char *object; -- ShellLineStatus status; - EShellWindow *window = NULL; - EShell *shell = NULL; - GNOME_Evolution_ShellState shell_state; -- EShellLineStatus line_status; -+ gboolean shell_is_online; -+ gboolean shell_is_offline; -+ gboolean network_device_active; - - if (!user_data || !E_IS_SHELL_WINDOW (user_data)) - return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; -@@ -89,9 +85,9 @@ e_shell_network_monitor (DBusConnection - } - - if (dbus_message_is_signal (message, NM_DBUS_INTERFACE, "DeviceNoLongerActive")) -- status = E_SHELL_LINE_DOWN; -+ network_device_active = FALSE; - else if (dbus_message_is_signal (message, NM_DBUS_INTERFACE, "DeviceNowActive")) -- status = E_SHELL_LINE_UP; -+ network_device_active = TRUE; - else - return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; - -@@ -99,12 +95,26 @@ e_shell_network_monitor (DBusConnection - &object, DBUS_TYPE_INVALID)) - return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; - -- line_status = e_shell_get_line_status (shell); -+ switch (e_shell_get_line_status (shell)) { -+ case E_SHELL_LINE_STATUS_ONLINE: -+ shell_is_online = TRUE; -+ shell_is_offline = FALSE; -+ break; -+ case E_SHELL_LINE_STATUS_OFFLINE: -+ case E_SHELL_LINE_STATUS_FORCED_OFFLINE: -+ shell_is_online = FALSE; -+ shell_is_offline = TRUE; -+ break; -+ default: /* in-between states */ -+ shell_is_online = FALSE; -+ shell_is_offline = FALSE; -+ } - -- if (line_status == E_SHELL_LINE_STATUS_ONLINE && status == E_SHELL_LINE_DOWN) { -+ if (shell_is_online && !network_device_active) { - shell_state = GNOME_Evolution_FORCED_OFFLINE; - e_shell_go_offline (shell, window, shell_state); -- } else if (line_status == E_SHELL_LINE_STATUS_OFFLINE && status == E_SHELL_LINE_UP) { -+ -+ } else if (shell_is_offline && network_device_active) { - shell_state = GNOME_Evolution_USER_ONLINE; - e_shell_go_online (shell, window, shell_state); - } -@@ -153,14 +163,16 @@ init_dbus (EShellWindow *window) - return FALSE; - } - --int e_shell_dbus_initialise (EShellWindow *window) -+int -+e_shell_dbus_initialise (EShellWindow *window) - { - g_type_init (); - - return init_dbus (window); - } - --void e_shell_dbus_dispose (EShellWindow *window) -+void -+e_shell_dbus_dispose (EShellWindow *window) - { - //FIXME - return; diff --git a/evolution-2.22.1-double-free.patch b/evolution-2.22.1-double-free.patch deleted file mode 100644 index b21fa1d..0000000 --- a/evolution-2.22.1-double-free.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff -U0 evolution-2.22.1/calendar/ChangeLog.double-free evolution-2.22.1/calendar/ChangeLog -diff -up evolution-2.22.1/calendar/gui/e-calendar-table.c.double-free evolution-2.22.1/calendar/gui/e-calendar-table.c ---- evolution-2.22.1/calendar/gui/e-calendar-table.c.double-free 2008-04-04 05:18:00.000000000 -0400 -+++ evolution-2.22.1/calendar/gui/e-calendar-table.c 2008-04-29 08:46:17.000000000 -0400 -@@ -881,7 +881,7 @@ copy_row_cb (int model_row, gpointer dat - icalcomponent_new_clone (child)); - icalcomponent_free (child); - } -- g_free (child); -+ g_free (comp_str); - } - - /** diff --git a/evolution.spec b/evolution.spec index 3d01b38..31e51a4 100644 --- a/evolution.spec +++ b/evolution.spec @@ -45,8 +45,8 @@ ### Abstract ### Name: evolution -Version: 2.22.1 -Release: 2%{?dist} +Version: 2.22.1.1 +Release: 1%{?dist} License: GPLv2 and GFDL+ Group: Applications/Productivity Summary: GNOME's next-generation groupware suite @@ -81,12 +81,6 @@ Patch14: evolution-2.7.1-no-gnome-common.patch # RH bug #176400 Patch15: evolution-2.9.1-im-context-reset.patch -# RH bug #437208 / GNOME bug #518103 -Patch16: evolution-2.22.0-line-status.patch - -# GNOME bug #524121 -Patch17: evolution-2.22.1-double-free.patch - ## Dependencies ### Requires(post): GConf2 @@ -232,8 +226,6 @@ This package contains the plugin to filter junk mail using SpamAssassin. %patch13 -p1 -b .fix-conduit-dir %patch14 -p1 -b .no-gnome-common %patch15 -p1 -b .im-context-reset -%patch16 -p1 -b .line-status -%patch17 -p1 -b .double-free mkdir -p krb5-fakeprefix/include mkdir -p krb5-fakeprefix/lib @@ -661,6 +653,11 @@ rm -rf $RPM_BUILD_ROOT %{evo_plugin_dir}/liborg-gnome-sa-junk-plugin.so %changelog +* Fri May 02 2008 Matthew Barnes - 2.22.1.1-1.fc9 +- Update to 2.22.1.1 +- Remove patch for RH bug #437208 (fixed upstream). +- Remove patch for GNOME bug #524121 (fixed upstream). + * Tue Apr 29 2008 Matthew Barnes - 2.22.1-2.fc9 - Add patch for GNOME bug #524121 (double free). diff --git a/sources b/sources index c17cad4..2468f3d 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -b8eddd6e26b59b1fe6ad0ae849916836 evolution-2.22.1.tar.bz2 +fa188ebbe6d5a5c8af0673101f464003 evolution-2.22.1.1.tar.bz2 From cb1e4099973ff5b1859e9ca787dd6e355b5e2395 Mon Sep 17 00:00:00 2001 From: Matthew Barnes Date: Mon, 26 May 2008 16:47:53 +0000 Subject: [PATCH 04/11] - Update to 2.22.2 --- .cvsignore | 2 +- evolution.spec | 5 ++++- sources | 2 +- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/.cvsignore b/.cvsignore index c9f6104..38c77f0 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -evolution-2.22.1.1.tar.bz2 +evolution-2.22.2.tar.bz2 diff --git a/evolution.spec b/evolution.spec index 31e51a4..7872602 100644 --- a/evolution.spec +++ b/evolution.spec @@ -45,7 +45,7 @@ ### Abstract ### Name: evolution -Version: 2.22.1.1 +Version: 2.22.2 Release: 1%{?dist} License: GPLv2 and GFDL+ Group: Applications/Productivity @@ -653,6 +653,9 @@ rm -rf $RPM_BUILD_ROOT %{evo_plugin_dir}/liborg-gnome-sa-junk-plugin.so %changelog +* Mon May 26 2008 Matthew Barnes - 2.22.2-1.fc9 +- Update to 2.22.2 + * Fri May 02 2008 Matthew Barnes - 2.22.1.1-1.fc9 - Update to 2.22.1.1 - Remove patch for RH bug #437208 (fixed upstream). diff --git a/sources b/sources index 2468f3d..a783bfe 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -fa188ebbe6d5a5c8af0673101f464003 evolution-2.22.1.1.tar.bz2 +9f93cad065a96e2daae618e16de893a4 evolution-2.22.2.tar.bz2 From 2ff3fe45314b09a170383c4a29a7553e799974e5 Mon Sep 17 00:00:00 2001 From: Matthew Barnes Date: Fri, 30 May 2008 12:29:35 +0000 Subject: [PATCH 05/11] Fix some minor rpmdiff complaints. --- evolution.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/evolution.spec b/evolution.spec index 7872602..f209742 100644 --- a/evolution.spec +++ b/evolution.spec @@ -170,7 +170,7 @@ personal information-management tool. %package devel Group: Development/Libraries Summary: Development files for building against %{name} -Requires: %{name} = %{version} +Requires: %{name} = %{version}-%{release} Requires: evolution-data-server-devel >= %{eds_version} Requires: gtkhtml3-devel >= %{gtkhtml_version} Requires: libsoup-devel >= %{soup_version} From 42abe45dd388af8692f21df02efa73c5d39ea289 Mon Sep 17 00:00:00 2001 From: Matthew Barnes Date: Wed, 4 Jun 2008 09:55:20 +0000 Subject: [PATCH 06/11] - Add patches for RH bug #449924 (buffer overflow vulnerabilities). --- evolution-2.22.2-CVE-2008-1108.patch | 310 +++++++++++++++++++++++++++ evolution-2.22.2-CVE-2008-1109.patch | 61 ++++++ evolution.spec | 13 +- 3 files changed, 383 insertions(+), 1 deletion(-) create mode 100644 evolution-2.22.2-CVE-2008-1108.patch create mode 100644 evolution-2.22.2-CVE-2008-1109.patch diff --git a/evolution-2.22.2-CVE-2008-1108.patch b/evolution-2.22.2-CVE-2008-1108.patch new file mode 100644 index 0000000..55262b2 --- /dev/null +++ b/evolution-2.22.2-CVE-2008-1108.patch @@ -0,0 +1,310 @@ +diff -up evolution-2.22.2/calendar/gui/e-itip-control.c.CVE-2008-1108 evolution-2.22.2/calendar/gui/e-itip-control.c +--- evolution-2.22.2/calendar/gui/e-itip-control.c.CVE-2008-1108 2008-04-04 05:18:00.000000000 -0400 ++++ evolution-2.22.2/calendar/gui/e-itip-control.c 2008-06-03 16:43:58.000000000 -0400 +@@ -660,7 +660,7 @@ find_attendee (icalcomponent *ical_comp, + + static void + write_label_piece (EItipControl *itip, ECalComponentDateTime *dt, +- char *buffer, int size, ++ GString *buffer, + const char *stext, const char *etext, + gboolean just_date) + { +@@ -685,13 +685,13 @@ write_label_piece (EItipControl *itip, E + tmp_tm.tm_hour = tmp_tm.tm_min = tmp_tm.tm_sec = 0; + + if (stext != NULL) +- strcat (buffer, stext); ++ g_string_append (buffer, stext); + + e_time_format_date_and_time (&tmp_tm, + calendar_config_get_24_hour_format (), + FALSE, FALSE, + time_buf, sizeof (time_buf)); +- strcat (buffer, time_buf); ++ g_string_append (buffer, time_buf); + + if (!dt->value->is_utc && dt->tzid) { + zone = icalcomponent_get_timezone (priv->top_level, dt->tzid); +@@ -703,21 +703,21 @@ write_label_piece (EItipControl *itip, E + UTF-8. But it probably is not translated. */ + display_name = icaltimezone_get_display_name (zone); + if (display_name && *display_name) { +- strcat (buffer, " ["); ++ g_string_append_len (buffer, " [", 16); + + /* We check if it is one of our builtin timezone names, + in which case we call gettext to translate it. */ + if (icaltimezone_get_builtin_timezone (display_name)) { +- strcat (buffer, _(display_name)); ++ g_string_append_printf (buffer, "%s", _(display_name)); + } else { +- strcat (buffer, display_name); ++ g_string_append_printf (buffer, "%s", display_name); + } +- strcat (buffer, "]"); ++ g_string_append_len (buffer, "]", 8); + } + } + + if (etext != NULL) +- strcat (buffer, etext); ++ g_string_append (buffer, etext); + } + + static const char * +@@ -754,19 +754,17 @@ get_dayname (struct icalrecurrencetype * + + static void + write_recurrence_piece (EItipControl *itip, ECalComponent *comp, +- char *buffer, int size) ++ GString *buffer) + { + GSList *rrules; + struct icalrecurrencetype *r; +- int len, i; ++ int i; + +- strcpy (buffer, "Recurring: "); +- len = strlen (buffer); +- buffer += len; +- size -= len; ++ g_string_append_len (buffer, "Recurring: ", 18); + + if (!e_cal_component_has_simple_recurrence (comp)) { +- strcpy (buffer, _("Yes. (Complex Recurrence)")); ++ g_string_append_printf ( ++ buffer, "%s", _("Yes. (Complex Recurrence)")); + return; + } + +@@ -782,7 +780,10 @@ write_recurrence_piece (EItipControl *it + Every %d day/days" */ + /* For Translators : 'Every day' is event Recurring every day */ + /* For Translators : 'Every %d days' is event Recurring every %d days. %d is a digit */ +- sprintf (buffer, ngettext("Every day", "Every %d days", r->interval), r->interval); ++ g_string_append_printf ( ++ buffer, ngettext ("Every day", ++ "Every %d days", r->interval), ++ r->interval); + break; + + case ICAL_WEEKLY_RECURRENCE: +@@ -792,29 +793,36 @@ write_recurrence_piece (EItipControl *it + Every %d week/weeks" */ + /* For Translators : 'Every week' is event Recurring every week */ + /* For Translators : 'Every %d weeks' is event Recurring every %d weeks. %d is a digit */ +- sprintf (buffer, ngettext("Every week", "Every %d weeks", r->interval), r->interval); ++ g_string_append_printf ( ++ buffer, ngettext ("Every week", ++ "Every %d weeks", r->interval), ++ r->interval); + } else { + /* For Translators : 'Every week on' is event Recurring every week on (dayname) and (dayname) and (dayname) */ + /* For Translators : 'Every %d weeks on' is event Recurring: every %d weeks on (dayname) and (dayname). %d is a digit */ +- sprintf (buffer, ngettext("Every week on ", "Every %d weeks on ", r->interval), r->interval); ++ g_string_append_printf ( ++ buffer, ngettext ("Every week on ", ++ "Every %d weeks on ", r->interval), ++ r->interval); + + for (i = 1; i < 8 && r->by_day[i] != ICAL_RECURRENCE_ARRAY_MAX; i++) { + if (i > 1) +- strcat (buffer, ", "); +- strcat (buffer, get_dayname (r, i - 1)); ++ g_string_append_len (buffer, ", ", 2); ++ g_string_append (buffer, get_dayname (r, i - 1)); + } + if (i > 1) + /* For Translators : 'and' is part of the sentence 'event recurring every week on (dayname) and (dayname)' */ +- strcat (buffer, _(" and ")); +- strcat (buffer, get_dayname (r, i - 1)); ++ g_string_append_printf (buffer, "%s", _(" and ")); ++ g_string_append (buffer, get_dayname (r, i - 1)); + } + break; + + case ICAL_MONTHLY_RECURRENCE: + if (r->by_month_day[0] != ICAL_RECURRENCE_ARRAY_MAX) { + /* For Translators : 'The %s day of' is part of the sentence 'event recurring on the (nth) day of every month.' */ +- sprintf (buffer, _("The %s day of "), +- nth (r->by_month_day[0])); ++ g_string_append_printf ( ++ buffer, _("The %s day of "), ++ nth (r->by_month_day[0])); + } else { + int pos; + +@@ -828,20 +836,21 @@ write_recurrence_piece (EItipControl *it + + /* For Translators : 'The %s %s of' is part of the sentence 'event recurring on the (nth) (dayname) of every month.' + eg,third monday of every month */ +- sprintf (buffer, _("The %s %s of "), +- nth (pos), get_dayname (r, 0)); ++ g_string_append_printf ( ++ buffer, _("The %s %s of "), ++ nth (pos), get_dayname (r, 0)); + } + +- len = strlen (buffer); +- buffer += len; +- size -= len; + /* For Translators: In this can also be translated as "With the period of %d + month/months", where %d is a number. The entire sentence is of the form "Recurring: + Every %d month/months" */ + /* For Translators : 'every month' is part of the sentence 'event recurring on the (nth) day of every month.' */ + /* For Translators : 'every %d months' is part of the sentence 'event recurring on the (nth) day of every %d months.' + %d is a digit */ +- sprintf (buffer, ngettext("every month","every %d months", r->interval), r->interval); ++ g_string_append_printf ( ++ buffer, ngettext ("every month", ++ "every %d months", r->interval), ++ r->interval); + break; + + case ICAL_YEARLY_RECURRENCE: +@@ -850,20 +859,22 @@ write_recurrence_piece (EItipControl *it + Every %d year/years" */ + /* For Translators : 'Every year' is event Recurring every year */ + /* For Translators : 'Every %d years' is event Recurring every %d years. %d is a digit */ +- sprintf (buffer, ngettext("Every year", "Every %d years", r->interval), r->interval); ++ g_string_append_printf ( ++ buffer, ngettext ("Every year", ++ "Every %d years", r->interval), ++ r->interval); + break; + + default: + g_return_if_reached (); + } + +- len = strlen (buffer); +- buffer += len; +- size -= len; + if (r->count) { + /* For Translators:'a total of %d time' is part of the sentence of the form 'event recurring every day,a total of % time.' %d is a digit*/ + /* For Translators:'a total of %d times' is part of the sentence of the form 'event recurring every day,a total of % times.' %d is a digit*/ +- sprintf (buffer, ngettext("a total of %d time", " a total of %d times", r->count), r->count); ++ g_string_append_printf ( ++ buffer, ngettext ("a total of %d time", ++ " a total of %d times", r->count), r->count); + } else if (!icaltime_is_null_time (r->until)) { + ECalComponentDateTime dt; + +@@ -871,12 +882,12 @@ write_recurrence_piece (EItipControl *it + dt.value = &r->until; + dt.tzid = icaltimezone_get_tzid ((icaltimezone *)r->until.zone); + +- write_label_piece (itip, &dt, buffer, size, ++ write_label_piece (itip, &dt, buffer, + /* For Translators : ', ending on' is part of the sentence of the form 'event recurring every day, ending on (date).'*/ + _(", ending on "), NULL, TRUE); + } + +- strcat (buffer, "
"); ++ g_string_append_len (buffer, "
", 4); + } + + static void +@@ -884,47 +895,51 @@ set_date_label (EItipControl *itip, GtkH + ECalComponent *comp) + { + ECalComponentDateTime datetime; +- static char buffer[1024]; ++ GString *buffer; + gchar *str; + gboolean wrote = FALSE, task_completed = FALSE; + ECalComponentVType type; + ++ buffer = g_string_sized_new (1024); + type = e_cal_component_get_vtype (comp); + +- buffer[0] = '\0'; + e_cal_component_get_dtstart (comp, &datetime); + if (datetime.value) { + /* For Translators : 'starts' is starts:date implying a task starts on what date */ + str = g_strdup_printf ("%s:", _("Starts")); +- write_label_piece (itip, &datetime, buffer, 1024, +- str, +- "
", FALSE); +- gtk_html_write (html, html_stream, buffer, strlen(buffer)); ++ write_label_piece (itip, &datetime, buffer, str, "
", FALSE); ++ gtk_html_write (html, html_stream, buffer->str, buffer->len); + wrote = TRUE; + g_free (str); + } + e_cal_component_free_datetime (&datetime); + +- buffer[0] = '\0'; ++ /* Reset the buffer. */ ++ g_string_truncate (buffer, 0); ++ + e_cal_component_get_dtend (comp, &datetime); + if (datetime.value){ + /* For Translators : 'ends' is ends:date implying a task ends on what date */ + str = g_strdup_printf ("%s:", _("Ends")); +- write_label_piece (itip, &datetime, buffer, 1024, str, "
", FALSE); +- gtk_html_write (html, html_stream, buffer, strlen (buffer)); ++ write_label_piece (itip, &datetime, buffer, str, "
", FALSE); ++ gtk_html_write (html, html_stream, buffer->str, buffer->len); + wrote = TRUE; + g_free (str); + } + e_cal_component_free_datetime (&datetime); + +- buffer[0] = '\0'; ++ /* Reset the buffer. */ ++ g_string_truncate (buffer, 0); ++ + if (e_cal_component_has_recurrences (comp)) { +- write_recurrence_piece (itip, comp, buffer, 1024); +- gtk_html_write (html, html_stream, buffer, strlen (buffer)); ++ write_recurrence_piece (itip, comp, buffer); ++ gtk_html_write (html, html_stream, buffer->str, buffer->len); + wrote = TRUE; + } + +- buffer[0] = '\0'; ++ /* Reset the buffer. */ ++ g_string_truncate (buffer, 0); ++ + datetime.tzid = NULL; + e_cal_component_get_completed (comp, &datetime.value); + if (type == E_CAL_COMPONENT_TODO && datetime.value) { +@@ -932,20 +947,22 @@ set_date_label (EItipControl *itip, GtkH + timezone. */ + str = g_strdup_printf ("%s:", _("Completed")); + datetime.value->is_utc = TRUE; +- write_label_piece (itip, &datetime, buffer, 1024, str, "
", FALSE); +- gtk_html_write (html, html_stream, buffer, strlen (buffer)); ++ write_label_piece (itip, &datetime, buffer, str, "
", FALSE); ++ gtk_html_write (html, html_stream, buffer->str, buffer->len); + wrote = TRUE; + task_completed = TRUE; + g_free (str); + } + e_cal_component_free_datetime (&datetime); + +- buffer[0] = '\0'; ++ /* Reset the buffer. */ ++ g_string_truncate (buffer, 0); ++ + e_cal_component_get_due (comp, &datetime); + if (type == E_CAL_COMPONENT_TODO && !task_completed && datetime.value) { + str = g_strdup_printf ("%s:", _("Due")); +- write_label_piece (itip, &datetime, buffer, 1024, str, "
", FALSE); +- gtk_html_write (html, html_stream, buffer, strlen (buffer)); ++ write_label_piece (itip, &datetime, buffer, str, "
", FALSE); ++ gtk_html_write (html, html_stream, buffer->str, buffer->len); + wrote = TRUE; + g_free (str); + } +@@ -954,6 +971,8 @@ set_date_label (EItipControl *itip, GtkH + + if (wrote) + gtk_html_stream_printf (html_stream, "
"); ++ ++ g_string_free (buffer, TRUE); + } + + static void diff --git a/evolution-2.22.2-CVE-2008-1109.patch b/evolution-2.22.2-CVE-2008-1109.patch new file mode 100644 index 0000000..6582d4d --- /dev/null +++ b/evolution-2.22.2-CVE-2008-1109.patch @@ -0,0 +1,61 @@ +diff -up evolution-2.22.2/calendar/gui/itip-utils.c.CVE-2008-1109 evolution-2.22.2/calendar/gui/itip-utils.c +--- evolution-2.22.2/calendar/gui/itip-utils.c.CVE-2008-1109 2008-04-04 05:18:00.000000000 -0400 ++++ evolution-2.22.2/calendar/gui/itip-utils.c 2008-06-03 16:44:04.000000000 -0400 +@@ -174,50 +174,16 @@ get_attendee_if_attendee_sentby_is_user + } + + static char * +-html_new_lines_for (char *string) ++html_new_lines_for (const char *string) + { +- char *html_string = (char *) malloc (sizeof (char)* (3500)); +- int length = strlen (string); +- int index = 0; +- char *index_ptr = string; +- char *temp = string; ++ gchar **lines; ++ gchar *joined; + +- /*Find the first occurence*/ +- index_ptr = strstr ((const char *)temp, "\n"); ++ lines = g_strsplit_set (string, "\n", -1); ++ joined = g_strjoinv ("
", lines); ++ g_strfreev (lines); + +- /*Doesn't occur*/ +- if (index_ptr == NULL) { +- strcpy (html_string, (const char *)string); +- html_string[length] = '\0'; +- return html_string; +- } +- +- /*Split into chunks inserting
for \n */ +- do{ +- while (temp != index_ptr){ +- html_string[index++] = *temp; +- temp++; +- } +- temp++; +- +- html_string[index++] = '<'; +- html_string[index++] = 'b'; +- html_string[index++] = 'r'; +- html_string[index++] = '>'; +- +- index_ptr = strstr ((const char *)temp, "\n"); +- +- } while (index_ptr); +- +- /*Don't leave out the last chunk*/ +- while (*temp != '\0'){ +- html_string[index++] = *temp; +- temp++; +- } +- +- html_string[index] = '\0'; +- +- return html_string; ++ return joined; + } + + char * diff --git a/evolution.spec b/evolution.spec index f209742..a524473 100644 --- a/evolution.spec +++ b/evolution.spec @@ -46,7 +46,7 @@ Name: evolution Version: 2.22.2 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2 and GFDL+ Group: Applications/Productivity Summary: GNOME's next-generation groupware suite @@ -81,6 +81,12 @@ Patch14: evolution-2.7.1-no-gnome-common.patch # RH bug #176400 Patch15: evolution-2.9.1-im-context-reset.patch +# RH bug #449924 / CVE-2008-1108 +Patch16: evolution-2.22.2-CVE-2008-1108.patch + +# RH bug #449924 / CVE-2008-1109 +Patch17: evolution-2.22.2-CVE-2008-1109.patch + ## Dependencies ### Requires(post): GConf2 @@ -226,6 +232,8 @@ This package contains the plugin to filter junk mail using SpamAssassin. %patch13 -p1 -b .fix-conduit-dir %patch14 -p1 -b .no-gnome-common %patch15 -p1 -b .im-context-reset +%patch16 -p1 -b .CVE-2008-1108 +%patch17 -p1 -b .CVE-2008-1109 mkdir -p krb5-fakeprefix/include mkdir -p krb5-fakeprefix/lib @@ -653,6 +661,9 @@ rm -rf $RPM_BUILD_ROOT %{evo_plugin_dir}/liborg-gnome-sa-junk-plugin.so %changelog +* Tue Jun 04 2008 Matthew Barnes - 2.22.2-2.fc9 +- Add patches for RH bug #449924 (buffer overflow vulnerabilities). + * Mon May 26 2008 Matthew Barnes - 2.22.2-1.fc9 - Update to 2.22.2 From 6e083589408e931b2e60bb0264477f7c83d2102c Mon Sep 17 00:00:00 2001 From: Matthew Barnes Date: Wed, 4 Jun 2008 10:04:03 +0000 Subject: [PATCH 07/11] Fix the date --- evolution.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/evolution.spec b/evolution.spec index a524473..e4a4a1d 100644 --- a/evolution.spec +++ b/evolution.spec @@ -661,7 +661,7 @@ rm -rf $RPM_BUILD_ROOT %{evo_plugin_dir}/liborg-gnome-sa-junk-plugin.so %changelog -* Tue Jun 04 2008 Matthew Barnes - 2.22.2-2.fc9 +* Wed Jun 04 2008 Matthew Barnes - 2.22.2-2.fc9 - Add patches for RH bug #449924 (buffer overflow vulnerabilities). * Mon May 26 2008 Matthew Barnes - 2.22.2-1.fc9 From 7dc38559cc36275a35b451c80c6e9ebfb4e9489f Mon Sep 17 00:00:00 2001 From: Matthew Barnes Date: Mon, 30 Jun 2008 12:04:26 +0000 Subject: [PATCH 08/11] - Update to 2.22.3 - Removed patches for RH bug #449924 (fixed upstream). --- .cvsignore | 2 +- evolution-2.22.2-CVE-2008-1108.patch | 310 --------------------------- evolution-2.22.2-CVE-2008-1109.patch | 61 ------ evolution.spec | 16 +- sources | 2 +- 5 files changed, 8 insertions(+), 383 deletions(-) delete mode 100644 evolution-2.22.2-CVE-2008-1108.patch delete mode 100644 evolution-2.22.2-CVE-2008-1109.patch diff --git a/.cvsignore b/.cvsignore index 38c77f0..9c798e3 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -evolution-2.22.2.tar.bz2 +evolution-2.22.3.tar.bz2 diff --git a/evolution-2.22.2-CVE-2008-1108.patch b/evolution-2.22.2-CVE-2008-1108.patch deleted file mode 100644 index 55262b2..0000000 --- a/evolution-2.22.2-CVE-2008-1108.patch +++ /dev/null @@ -1,310 +0,0 @@ -diff -up evolution-2.22.2/calendar/gui/e-itip-control.c.CVE-2008-1108 evolution-2.22.2/calendar/gui/e-itip-control.c ---- evolution-2.22.2/calendar/gui/e-itip-control.c.CVE-2008-1108 2008-04-04 05:18:00.000000000 -0400 -+++ evolution-2.22.2/calendar/gui/e-itip-control.c 2008-06-03 16:43:58.000000000 -0400 -@@ -660,7 +660,7 @@ find_attendee (icalcomponent *ical_comp, - - static void - write_label_piece (EItipControl *itip, ECalComponentDateTime *dt, -- char *buffer, int size, -+ GString *buffer, - const char *stext, const char *etext, - gboolean just_date) - { -@@ -685,13 +685,13 @@ write_label_piece (EItipControl *itip, E - tmp_tm.tm_hour = tmp_tm.tm_min = tmp_tm.tm_sec = 0; - - if (stext != NULL) -- strcat (buffer, stext); -+ g_string_append (buffer, stext); - - e_time_format_date_and_time (&tmp_tm, - calendar_config_get_24_hour_format (), - FALSE, FALSE, - time_buf, sizeof (time_buf)); -- strcat (buffer, time_buf); -+ g_string_append (buffer, time_buf); - - if (!dt->value->is_utc && dt->tzid) { - zone = icalcomponent_get_timezone (priv->top_level, dt->tzid); -@@ -703,21 +703,21 @@ write_label_piece (EItipControl *itip, E - UTF-8. But it probably is not translated. */ - display_name = icaltimezone_get_display_name (zone); - if (display_name && *display_name) { -- strcat (buffer, " ["); -+ g_string_append_len (buffer, " [", 16); - - /* We check if it is one of our builtin timezone names, - in which case we call gettext to translate it. */ - if (icaltimezone_get_builtin_timezone (display_name)) { -- strcat (buffer, _(display_name)); -+ g_string_append_printf (buffer, "%s", _(display_name)); - } else { -- strcat (buffer, display_name); -+ g_string_append_printf (buffer, "%s", display_name); - } -- strcat (buffer, "]"); -+ g_string_append_len (buffer, "]", 8); - } - } - - if (etext != NULL) -- strcat (buffer, etext); -+ g_string_append (buffer, etext); - } - - static const char * -@@ -754,19 +754,17 @@ get_dayname (struct icalrecurrencetype * - - static void - write_recurrence_piece (EItipControl *itip, ECalComponent *comp, -- char *buffer, int size) -+ GString *buffer) - { - GSList *rrules; - struct icalrecurrencetype *r; -- int len, i; -+ int i; - -- strcpy (buffer, "Recurring: "); -- len = strlen (buffer); -- buffer += len; -- size -= len; -+ g_string_append_len (buffer, "Recurring: ", 18); - - if (!e_cal_component_has_simple_recurrence (comp)) { -- strcpy (buffer, _("Yes. (Complex Recurrence)")); -+ g_string_append_printf ( -+ buffer, "%s", _("Yes. (Complex Recurrence)")); - return; - } - -@@ -782,7 +780,10 @@ write_recurrence_piece (EItipControl *it - Every %d day/days" */ - /* For Translators : 'Every day' is event Recurring every day */ - /* For Translators : 'Every %d days' is event Recurring every %d days. %d is a digit */ -- sprintf (buffer, ngettext("Every day", "Every %d days", r->interval), r->interval); -+ g_string_append_printf ( -+ buffer, ngettext ("Every day", -+ "Every %d days", r->interval), -+ r->interval); - break; - - case ICAL_WEEKLY_RECURRENCE: -@@ -792,29 +793,36 @@ write_recurrence_piece (EItipControl *it - Every %d week/weeks" */ - /* For Translators : 'Every week' is event Recurring every week */ - /* For Translators : 'Every %d weeks' is event Recurring every %d weeks. %d is a digit */ -- sprintf (buffer, ngettext("Every week", "Every %d weeks", r->interval), r->interval); -+ g_string_append_printf ( -+ buffer, ngettext ("Every week", -+ "Every %d weeks", r->interval), -+ r->interval); - } else { - /* For Translators : 'Every week on' is event Recurring every week on (dayname) and (dayname) and (dayname) */ - /* For Translators : 'Every %d weeks on' is event Recurring: every %d weeks on (dayname) and (dayname). %d is a digit */ -- sprintf (buffer, ngettext("Every week on ", "Every %d weeks on ", r->interval), r->interval); -+ g_string_append_printf ( -+ buffer, ngettext ("Every week on ", -+ "Every %d weeks on ", r->interval), -+ r->interval); - - for (i = 1; i < 8 && r->by_day[i] != ICAL_RECURRENCE_ARRAY_MAX; i++) { - if (i > 1) -- strcat (buffer, ", "); -- strcat (buffer, get_dayname (r, i - 1)); -+ g_string_append_len (buffer, ", ", 2); -+ g_string_append (buffer, get_dayname (r, i - 1)); - } - if (i > 1) - /* For Translators : 'and' is part of the sentence 'event recurring every week on (dayname) and (dayname)' */ -- strcat (buffer, _(" and ")); -- strcat (buffer, get_dayname (r, i - 1)); -+ g_string_append_printf (buffer, "%s", _(" and ")); -+ g_string_append (buffer, get_dayname (r, i - 1)); - } - break; - - case ICAL_MONTHLY_RECURRENCE: - if (r->by_month_day[0] != ICAL_RECURRENCE_ARRAY_MAX) { - /* For Translators : 'The %s day of' is part of the sentence 'event recurring on the (nth) day of every month.' */ -- sprintf (buffer, _("The %s day of "), -- nth (r->by_month_day[0])); -+ g_string_append_printf ( -+ buffer, _("The %s day of "), -+ nth (r->by_month_day[0])); - } else { - int pos; - -@@ -828,20 +836,21 @@ write_recurrence_piece (EItipControl *it - - /* For Translators : 'The %s %s of' is part of the sentence 'event recurring on the (nth) (dayname) of every month.' - eg,third monday of every month */ -- sprintf (buffer, _("The %s %s of "), -- nth (pos), get_dayname (r, 0)); -+ g_string_append_printf ( -+ buffer, _("The %s %s of "), -+ nth (pos), get_dayname (r, 0)); - } - -- len = strlen (buffer); -- buffer += len; -- size -= len; - /* For Translators: In this can also be translated as "With the period of %d - month/months", where %d is a number. The entire sentence is of the form "Recurring: - Every %d month/months" */ - /* For Translators : 'every month' is part of the sentence 'event recurring on the (nth) day of every month.' */ - /* For Translators : 'every %d months' is part of the sentence 'event recurring on the (nth) day of every %d months.' - %d is a digit */ -- sprintf (buffer, ngettext("every month","every %d months", r->interval), r->interval); -+ g_string_append_printf ( -+ buffer, ngettext ("every month", -+ "every %d months", r->interval), -+ r->interval); - break; - - case ICAL_YEARLY_RECURRENCE: -@@ -850,20 +859,22 @@ write_recurrence_piece (EItipControl *it - Every %d year/years" */ - /* For Translators : 'Every year' is event Recurring every year */ - /* For Translators : 'Every %d years' is event Recurring every %d years. %d is a digit */ -- sprintf (buffer, ngettext("Every year", "Every %d years", r->interval), r->interval); -+ g_string_append_printf ( -+ buffer, ngettext ("Every year", -+ "Every %d years", r->interval), -+ r->interval); - break; - - default: - g_return_if_reached (); - } - -- len = strlen (buffer); -- buffer += len; -- size -= len; - if (r->count) { - /* For Translators:'a total of %d time' is part of the sentence of the form 'event recurring every day,a total of % time.' %d is a digit*/ - /* For Translators:'a total of %d times' is part of the sentence of the form 'event recurring every day,a total of % times.' %d is a digit*/ -- sprintf (buffer, ngettext("a total of %d time", " a total of %d times", r->count), r->count); -+ g_string_append_printf ( -+ buffer, ngettext ("a total of %d time", -+ " a total of %d times", r->count), r->count); - } else if (!icaltime_is_null_time (r->until)) { - ECalComponentDateTime dt; - -@@ -871,12 +882,12 @@ write_recurrence_piece (EItipControl *it - dt.value = &r->until; - dt.tzid = icaltimezone_get_tzid ((icaltimezone *)r->until.zone); - -- write_label_piece (itip, &dt, buffer, size, -+ write_label_piece (itip, &dt, buffer, - /* For Translators : ', ending on' is part of the sentence of the form 'event recurring every day, ending on (date).'*/ - _(", ending on "), NULL, TRUE); - } - -- strcat (buffer, "
"); -+ g_string_append_len (buffer, "
", 4); - } - - static void -@@ -884,47 +895,51 @@ set_date_label (EItipControl *itip, GtkH - ECalComponent *comp) - { - ECalComponentDateTime datetime; -- static char buffer[1024]; -+ GString *buffer; - gchar *str; - gboolean wrote = FALSE, task_completed = FALSE; - ECalComponentVType type; - -+ buffer = g_string_sized_new (1024); - type = e_cal_component_get_vtype (comp); - -- buffer[0] = '\0'; - e_cal_component_get_dtstart (comp, &datetime); - if (datetime.value) { - /* For Translators : 'starts' is starts:date implying a task starts on what date */ - str = g_strdup_printf ("%s:", _("Starts")); -- write_label_piece (itip, &datetime, buffer, 1024, -- str, -- "
", FALSE); -- gtk_html_write (html, html_stream, buffer, strlen(buffer)); -+ write_label_piece (itip, &datetime, buffer, str, "
", FALSE); -+ gtk_html_write (html, html_stream, buffer->str, buffer->len); - wrote = TRUE; - g_free (str); - } - e_cal_component_free_datetime (&datetime); - -- buffer[0] = '\0'; -+ /* Reset the buffer. */ -+ g_string_truncate (buffer, 0); -+ - e_cal_component_get_dtend (comp, &datetime); - if (datetime.value){ - /* For Translators : 'ends' is ends:date implying a task ends on what date */ - str = g_strdup_printf ("%s:", _("Ends")); -- write_label_piece (itip, &datetime, buffer, 1024, str, "
", FALSE); -- gtk_html_write (html, html_stream, buffer, strlen (buffer)); -+ write_label_piece (itip, &datetime, buffer, str, "
", FALSE); -+ gtk_html_write (html, html_stream, buffer->str, buffer->len); - wrote = TRUE; - g_free (str); - } - e_cal_component_free_datetime (&datetime); - -- buffer[0] = '\0'; -+ /* Reset the buffer. */ -+ g_string_truncate (buffer, 0); -+ - if (e_cal_component_has_recurrences (comp)) { -- write_recurrence_piece (itip, comp, buffer, 1024); -- gtk_html_write (html, html_stream, buffer, strlen (buffer)); -+ write_recurrence_piece (itip, comp, buffer); -+ gtk_html_write (html, html_stream, buffer->str, buffer->len); - wrote = TRUE; - } - -- buffer[0] = '\0'; -+ /* Reset the buffer. */ -+ g_string_truncate (buffer, 0); -+ - datetime.tzid = NULL; - e_cal_component_get_completed (comp, &datetime.value); - if (type == E_CAL_COMPONENT_TODO && datetime.value) { -@@ -932,20 +947,22 @@ set_date_label (EItipControl *itip, GtkH - timezone. */ - str = g_strdup_printf ("%s:", _("Completed")); - datetime.value->is_utc = TRUE; -- write_label_piece (itip, &datetime, buffer, 1024, str, "
", FALSE); -- gtk_html_write (html, html_stream, buffer, strlen (buffer)); -+ write_label_piece (itip, &datetime, buffer, str, "
", FALSE); -+ gtk_html_write (html, html_stream, buffer->str, buffer->len); - wrote = TRUE; - task_completed = TRUE; - g_free (str); - } - e_cal_component_free_datetime (&datetime); - -- buffer[0] = '\0'; -+ /* Reset the buffer. */ -+ g_string_truncate (buffer, 0); -+ - e_cal_component_get_due (comp, &datetime); - if (type == E_CAL_COMPONENT_TODO && !task_completed && datetime.value) { - str = g_strdup_printf ("%s:", _("Due")); -- write_label_piece (itip, &datetime, buffer, 1024, str, "
", FALSE); -- gtk_html_write (html, html_stream, buffer, strlen (buffer)); -+ write_label_piece (itip, &datetime, buffer, str, "
", FALSE); -+ gtk_html_write (html, html_stream, buffer->str, buffer->len); - wrote = TRUE; - g_free (str); - } -@@ -954,6 +971,8 @@ set_date_label (EItipControl *itip, GtkH - - if (wrote) - gtk_html_stream_printf (html_stream, "
"); -+ -+ g_string_free (buffer, TRUE); - } - - static void diff --git a/evolution-2.22.2-CVE-2008-1109.patch b/evolution-2.22.2-CVE-2008-1109.patch deleted file mode 100644 index 6582d4d..0000000 --- a/evolution-2.22.2-CVE-2008-1109.patch +++ /dev/null @@ -1,61 +0,0 @@ -diff -up evolution-2.22.2/calendar/gui/itip-utils.c.CVE-2008-1109 evolution-2.22.2/calendar/gui/itip-utils.c ---- evolution-2.22.2/calendar/gui/itip-utils.c.CVE-2008-1109 2008-04-04 05:18:00.000000000 -0400 -+++ evolution-2.22.2/calendar/gui/itip-utils.c 2008-06-03 16:44:04.000000000 -0400 -@@ -174,50 +174,16 @@ get_attendee_if_attendee_sentby_is_user - } - - static char * --html_new_lines_for (char *string) -+html_new_lines_for (const char *string) - { -- char *html_string = (char *) malloc (sizeof (char)* (3500)); -- int length = strlen (string); -- int index = 0; -- char *index_ptr = string; -- char *temp = string; -+ gchar **lines; -+ gchar *joined; - -- /*Find the first occurence*/ -- index_ptr = strstr ((const char *)temp, "\n"); -+ lines = g_strsplit_set (string, "\n", -1); -+ joined = g_strjoinv ("
", lines); -+ g_strfreev (lines); - -- /*Doesn't occur*/ -- if (index_ptr == NULL) { -- strcpy (html_string, (const char *)string); -- html_string[length] = '\0'; -- return html_string; -- } -- -- /*Split into chunks inserting
for \n */ -- do{ -- while (temp != index_ptr){ -- html_string[index++] = *temp; -- temp++; -- } -- temp++; -- -- html_string[index++] = '<'; -- html_string[index++] = 'b'; -- html_string[index++] = 'r'; -- html_string[index++] = '>'; -- -- index_ptr = strstr ((const char *)temp, "\n"); -- -- } while (index_ptr); -- -- /*Don't leave out the last chunk*/ -- while (*temp != '\0'){ -- html_string[index++] = *temp; -- temp++; -- } -- -- html_string[index] = '\0'; -- -- return html_string; -+ return joined; - } - - char * diff --git a/evolution.spec b/evolution.spec index e4a4a1d..548bf0f 100644 --- a/evolution.spec +++ b/evolution.spec @@ -45,8 +45,8 @@ ### Abstract ### Name: evolution -Version: 2.22.2 -Release: 2%{?dist} +Version: 2.22.3 +Release: 1%{?dist} License: GPLv2 and GFDL+ Group: Applications/Productivity Summary: GNOME's next-generation groupware suite @@ -81,12 +81,6 @@ Patch14: evolution-2.7.1-no-gnome-common.patch # RH bug #176400 Patch15: evolution-2.9.1-im-context-reset.patch -# RH bug #449924 / CVE-2008-1108 -Patch16: evolution-2.22.2-CVE-2008-1108.patch - -# RH bug #449924 / CVE-2008-1109 -Patch17: evolution-2.22.2-CVE-2008-1109.patch - ## Dependencies ### Requires(post): GConf2 @@ -232,8 +226,6 @@ This package contains the plugin to filter junk mail using SpamAssassin. %patch13 -p1 -b .fix-conduit-dir %patch14 -p1 -b .no-gnome-common %patch15 -p1 -b .im-context-reset -%patch16 -p1 -b .CVE-2008-1108 -%patch17 -p1 -b .CVE-2008-1109 mkdir -p krb5-fakeprefix/include mkdir -p krb5-fakeprefix/lib @@ -661,6 +653,10 @@ rm -rf $RPM_BUILD_ROOT %{evo_plugin_dir}/liborg-gnome-sa-junk-plugin.so %changelog +* Mon Jun 30 2008 Matthew Barnes - 2.22.3-1.fc9 +- Update to 2.22.3 +- Removed patches for RH bug #449924 (fixed upstream). + * Wed Jun 04 2008 Matthew Barnes - 2.22.2-2.fc9 - Add patches for RH bug #449924 (buffer overflow vulnerabilities). diff --git a/sources b/sources index a783bfe..4596b52 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -9f93cad065a96e2daae618e16de893a4 evolution-2.22.2.tar.bz2 +5961f924a55f26e3dd174a2d29432632 evolution-2.22.3.tar.bz2 From 8ece8b301cfdac5ba302624abb32496108fea062 Mon Sep 17 00:00:00 2001 From: Matthew Barnes Date: Mon, 30 Jun 2008 16:13:34 +0000 Subject: [PATCH 09/11] - Update to 2.22.3.1 - Removed patches for RH bug #449924 (fixed upstream). --- .cvsignore | 2 +- evolution.spec | 6 +++--- sources | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.cvsignore b/.cvsignore index 9c798e3..f69f3eb 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -evolution-2.22.3.tar.bz2 +evolution-2.22.3.1.tar.bz2 diff --git a/evolution.spec b/evolution.spec index 548bf0f..66032b2 100644 --- a/evolution.spec +++ b/evolution.spec @@ -45,7 +45,7 @@ ### Abstract ### Name: evolution -Version: 2.22.3 +Version: 2.22.3.1 Release: 1%{?dist} License: GPLv2 and GFDL+ Group: Applications/Productivity @@ -653,8 +653,8 @@ rm -rf $RPM_BUILD_ROOT %{evo_plugin_dir}/liborg-gnome-sa-junk-plugin.so %changelog -* Mon Jun 30 2008 Matthew Barnes - 2.22.3-1.fc9 -- Update to 2.22.3 +* Mon Jun 30 2008 Matthew Barnes - 2.22.3.1-1.fc9 +- Update to 2.22.3.1 - Removed patches for RH bug #449924 (fixed upstream). * Wed Jun 04 2008 Matthew Barnes - 2.22.2-2.fc9 diff --git a/sources b/sources index 4596b52..9f9e6bb 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -5961f924a55f26e3dd174a2d29432632 evolution-2.22.3.tar.bz2 +5be2cb0584344cfe7bb4944c2fe468be evolution-2.22.3.1.tar.bz2 From db3d9655c422778f8f4a35c60b86c0b4cd768369 Mon Sep 17 00:00:00 2001 From: Bill Nottingham Date: Thu, 26 Nov 2009 01:25:59 +0000 Subject: [PATCH 10/11] Fix typo that causes a failure to update the common directory. (releng #2781) --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index dd23cb0..c22b7db 100644 --- a/Makefile +++ b/Makefile @@ -1,10 +1,10 @@ # Makefile for source rpm: evolution -# $Id: Makefile,v 1.1 2004/09/09 04:34:33 cvsdist Exp $ +# $Id: Makefile,v 1.2 2007/10/15 18:44:15 notting Exp $ NAME := evolution SPECFILE = $(firstword $(wildcard *.spec)) define find-makefile-common -for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done +for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$d/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done endef MAKEFILE_COMMON := $(shell $(find-makefile-common)) From bbcef938108b57475895920c684b33ceb734f2cd Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 28 Jul 2010 14:02:06 +0000 Subject: [PATCH 11/11] dist-git conversion --- .cvsignore => .gitignore | 0 Makefile | 21 --------------------- branch | 1 - 3 files changed, 22 deletions(-) rename .cvsignore => .gitignore (100%) delete mode 100644 Makefile delete mode 100644 branch diff --git a/.cvsignore b/.gitignore similarity index 100% rename from .cvsignore rename to .gitignore diff --git a/Makefile b/Makefile deleted file mode 100644 index c22b7db..0000000 --- a/Makefile +++ /dev/null @@ -1,21 +0,0 @@ -# Makefile for source rpm: evolution -# $Id: Makefile,v 1.2 2007/10/15 18:44:15 notting Exp $ -NAME := evolution -SPECFILE = $(firstword $(wildcard *.spec)) - -define find-makefile-common -for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$d/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done -endef - -MAKEFILE_COMMON := $(shell $(find-makefile-common)) - -ifeq ($(MAKEFILE_COMMON),) -# attempt a checkout -define checkout-makefile-common -test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2 -endef - -MAKEFILE_COMMON := $(shell $(checkout-makefile-common)) -endif - -include $(MAKEFILE_COMMON) diff --git a/branch b/branch deleted file mode 100644 index 1c26f78..0000000 --- a/branch +++ /dev/null @@ -1 +0,0 @@ -F-9