Resolves: #1677651 (CVE-2018-15587 reposition signature bar)

With this `evolution --force-shutdown`, alias killev, will find it
and will be able to stop evolution(-data-server) processes. It could
look also for 'pkill', but none of these seems to be part of build
root anymore. Having explicit dependency is better anyway.

.gitignore

@@ -141,3 +141,10 @@ evolution-2.31.5.tar.bz2
 /evolution-3.27.4.tar.xz
 /evolution-3.27.90.tar.xz
 /evolution-3.27.91.tar.xz
+/evolution-3.27.92.tar.xz
+/evolution-3.28.0.tar.xz
+/evolution-3.28.1.tar.xz
+/evolution-3.28.2.tar.xz
+/evolution-3.28.3.tar.xz
+/evolution-3.28.4.tar.xz
+/evolution-3.28.5.tar.xz

evolution-3.28.5-cve-2018-15587-reposition-signature-bar.patch

@@ -0,0 +1,80 @@
+diff -up evolution-3.28.5/src/em-format/e-mail-parser.c.cve-2018-15587-reposition-signature-bar evolution-3.28.5/src/em-format/e-mail-parser.c
+--- evolution-3.28.5/src/em-format/e-mail-parser.c.cve-2018-15587-reposition-signature-bar	2018-07-30 15:37:05.000000000 +0200
++++ evolution-3.28.5/src/em-format/e-mail-parser.c	2019-02-18 12:14:59.352466607 +0100
+@@ -79,6 +79,67 @@ GType e_mail_parser_application_smime_ge
+ static gpointer parent_class;
+ 
+ static void
++mail_parser_move_security_before_headers (GQueue *part_queue)
++{
++	GList *link, *last_headers = NULL;
++	GSList *headers_stack = NULL;
++
++	link = g_queue_peek_head_link (part_queue);
++	while (link) {
++		EMailPart *part = link->data;
++		const gchar *id;
++
++		if (!part) {
++			link = g_list_next (link);
++			continue;
++		}
++
++		id = e_mail_part_get_id (part);
++		if (!id) {
++			link = g_list_next (link);
++			continue;
++		}
++
++		if (g_str_has_suffix (id, ".rfc822")) {
++			headers_stack = g_slist_prepend (headers_stack, last_headers);
++			last_headers = NULL;
++		} else if (g_str_has_suffix (id, ".rfc822.end")) {
++			g_warn_if_fail (headers_stack != NULL);
++
++			if (headers_stack) {
++				last_headers = headers_stack->data;
++				headers_stack = g_slist_remove (headers_stack, last_headers);
++			} else {
++				last_headers = NULL;
++			}
++		}
++
++		if (g_strcmp0 (e_mail_part_get_mime_type (part), "application/vnd.evolution.headers") == 0) {
++			last_headers = link;
++			link = g_list_next (link);
++		} else if (g_strcmp0 (e_mail_part_get_mime_type (part), "application/vnd.evolution.secure-button") == 0) {
++			g_warn_if_fail (last_headers != NULL);
++
++			if (last_headers) {
++				GList *next = g_list_next (link);
++
++				g_warn_if_fail (g_queue_remove (part_queue, part));
++				g_queue_insert_before (part_queue, last_headers, part);
++
++				link = next;
++			} else {
++				link = g_list_next (link);
++			}
++		} else {
++			link = g_list_next (link);
++		}
++	}
++
++	g_warn_if_fail (headers_stack == NULL);
++	g_slist_free (headers_stack);
++}
++
++static void
+ mail_parser_run (EMailParser *parser,
+                  EMailPartList *part_list,
+                  GCancellable *cancellable)
+@@ -132,6 +193,8 @@ mail_parser_run (EMailParser *parser,
+ 			break;
+ 	}
+ 
++	mail_parser_move_security_before_headers (&mail_part_queue);
++
+ 	while (!g_queue_is_empty (&mail_part_queue)) {
+ 		mail_part = g_queue_pop_head (&mail_part_queue);
+ 		e_mail_part_list_add_part (part_list, mail_part);

evolution.spec

@@ -27,13 +27,13 @@
 ### Abstract ###
 
 Name: evolution
-Version: 3.27.91
-Release: 1%{?dist}
+Version: 3.28.5
+Release: 3%{?dist}
 Group: Applications/Productivity
 Summary: Mail and calendar client for GNOME
 License: GPLv2+ and GFDL
 URL: https://wiki.gnome.org/Apps/Evolution
-Source: http://download.gnome.org/sources/%{name}/3.27/%{name}-%{version}.tar.xz
+Source: http://download.gnome.org/sources/%{name}/3.28/%{name}-%{version}.tar.xz
 
 Obsoletes: anjal <= %{last_anjal_version}
 Obsoletes: libgal2 <= %{last_libgal2_version}
@@ -44,11 +44,12 @@ Obsoletes: evolution-perl < %{last_evo_perl_version}
 
 ### Patches ###
 
-# RH bug #
-#Patch01: evolution-3.17.1-doc-e-cell-renderer-color.patch
+# RH bug #1677651
+Patch01: evolution-3.28.5-cve-2018-15587-reposition-signature-bar.patch
 
 ## Dependencies ###
 
+Requires: %{_bindir}/killall
 Requires: evolution-data-server >= %{eds_version}
 Requires: gvfs
 Requires: gtkspell3
@@ -57,6 +58,7 @@ Requires: %{name}-langpacks = %{version}-%{release}
 
 ### Build Dependencies ###
 
+BuildRequires: %{_bindir}/killall
 BuildRequires: cmake
 BuildRequires: gcc
 BuildRequires: gettext
@@ -70,7 +72,6 @@ BuildRequires: yelp-tools
 BuildRequires: pkgconfig(atk)
 BuildRequires: pkgconfig(cairo-gobject)
 BuildRequires: pkgconfig(camel-1.2) >= %{eds_version}
-BuildRequires: pkgconfig(cryptui-0.0)
 BuildRequires: pkgconfig(enchant)
 BuildRequires: pkgconfig(gail-3.0) >= %{gtk3_version}
 BuildRequires: pkgconfig(gcr-3)
@@ -123,7 +124,6 @@ Group: Development/Libraries
 Summary: Development files for building against %{name}
 Requires: %{name} = %{version}-%{release}
 Requires: pkgconfig(camel-1.2) >= %{eds_version}
-Requires: pkgconfig(cryptui-0.0)
 Requires: pkgconfig(enchant)
 Requires: pkgconfig(gtk+-3.0) >= %{gtk3_version}
 Requires: pkgconfig(gtkspell3-3.0)
@@ -212,7 +212,8 @@ the functionality of the installed %{name} package.
 
 %prep
 %setup -q -n evolution-%{version}
-#%patch01 -p1 -b .doc-e-cell-renderer-color
+
+%patch01 -p1 -b .cve-2018-15587-reposition-signature-bar
 
 # Remove the welcome email from Novell
 for inbox in src/mail/default/*/Inbox; do
@@ -505,6 +506,36 @@ grep -v "/usr/share/locale" evolution.lang > help.lang
 %{_datadir}/installed-tests
 
 %changelog
+* Mon Feb 18 2019 Milan Crha <mcrha@redhat.com> - 3.28.5-3
+- Add patch for RH bug #1677651 (CVE-2018-15587 reposition signature bar)
+
+* Fri Oct 26 2018 Milan Crha <mcrha@redhat.com> - 3.28.5-2
+- Add BuildRequires/Requires for 'killall' binary
+
+* Mon Jul 30 2018 Milan Crha <mcrha@redhat.com> - 3.28.5-1
+- Update to 3.28.5
+
+* Mon Jul 16 2018 Milan Crha <mcrha@redhat.com> - 3.28.4-1
+- Update to 3.28.4
+
+* Mon Jun 18 2018 Milan Crha <mcrha@redhat.com> - 3.28.3-1
+- Update to 3.28.3
+
+* Mon May 07 2018 Milan Crha <mcrha@redhat.com> - 3.28.2-1
+- Update to 3.28.2
+
+* Tue Apr 10 2018 Adam Williamson <awilliam@redhat.com> - 3.28.1-2
+- Backport fix to strip closing > from URLs when linkifying (BGO#795108)
+
+* Mon Apr 09 2018 Milan Crha <mcrha@redhat.com> - 3.28.1-1
+- Update to 3.28.1
+
+* Mon Mar 12 2018 Milan Crha <mcrha@redhat.com> - 3.28.0-1
+- Update to 3.28.0
+
+* Mon Mar 05 2018 Milan Crha <mcrha@redhat.com> - 3.27.92-1
+- Update to 3.27.92
+
 * Mon Feb 19 2018 Milan Crha <mcrha@redhat.com> - 3.27.91-1
 - Update to 3.27.91
 

sources

@@ -1 +1 @@
-SHA512 (evolution-3.27.91.tar.xz) = d78ffb6fdcf67e177f6ffefda3543d41abfbd73dcbd8940b0680f386393ff2a9836a39d69339bdac3995f5dfcdf561d73d71d20ac27f6dea1322827b1e2168f5
+SHA512 (evolution-3.28.5.tar.xz) = a8c844afeefe3fd92f9414703222a514ac31f56ed9d8bafd5b04fd2e668720c665179d5bbc878c03bc4c886dc3171fbec181f12faea72bf2b144726bb13e01c7