rpms/evolution-data-server/FC-6 evolution-data-server-1.8.3-apop-auth-vulnerability.patch, 1.1, 1.2 evolution-data-server.spec, 1.141, 1.142

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Mon Apr 30 21:03:32 UTC 2007 

Author: mbarnes

Update of /cvs/dist/rpms/evolution-data-server/FC-6
In directory cvs.devel.redhat.com:/tmp/cvs-serv32439

Modified Files:
	evolution-data-server-1.8.3-apop-auth-vulnerability.patch 
	evolution-data-server.spec 
Log Message:

* Mon Apr 30 2007 Matthew Barnes <mbarnes at redhat.com> - 1.8.3-6.fc6
- Revise patch for RH bug #235290 to not break string freeze.


evolution-data-server-1.8.3-apop-auth-vulnerability.patch:
 camel-pop3-store.c |   17 ++++++++++++++++-
 1 files changed, 16 insertions(+), 1 deletion(-)

Index: evolution-data-server-1.8.3-apop-auth-vulnerability.patch
===================================================================
RCS file: /cvs/dist/rpms/evolution-data-server/FC-6/evolution-data-server-1.8.3-apop-auth-vulnerability.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- evolution-data-server-1.8.3-apop-auth-vulnerability.patch	24 Apr 2007 20:02:51 -0000	1.1
+++ evolution-data-server-1.8.3-apop-auth-vulnerability.patch	30 Apr 2007 21:03:29 -0000	1.2
@@ -1,5 +1,5 @@
 --- evolution-data-server-1.8.3/camel/providers/pop3/camel-pop3-store.c.apop-auth-vulnerability	2007-01-29 04:44:18.000000000 -0500
-+++ evolution-data-server-1.8.3/camel/providers/pop3/camel-pop3-store.c	2007-04-24 15:58:21.000000000 -0400
++++ evolution-data-server-1.8.3/camel/providers/pop3/camel-pop3-store.c	2007-04-30 17:02:31.000000000 -0400
 @@ -34,6 +34,7 @@
  #include <string.h>
  #include <unistd.h>
@@ -8,25 +8,26 @@
  
  #include "camel-operation.h"
  
-@@ -489,6 +490,21 @@
+@@ -489,7 +490,21 @@
  	} else if (strcmp(service->url->authmech, "+APOP") == 0 && store->engine->apop) {
  		char *secret, md5asc[33], *d;
  		unsigned char md5sum[16], *s;
+-		
 +
 +		d = store->engine->apop;
 +
 +		while (*d != '\0') {
 +			if (!isascii((int)*d)) {
++
 +				camel_exception_setv (ex, CAMEL_EXCEPTION_SERVICE_URL_INVALID,
-+						_("Unable to connect to POP server %s: "
-+						"Invalid APOP ID received. Impersonation attack "
-+						"suspected. Please contact your admin."),
++						_("Unable to connect to POP server %s: "),
 +						CAMEL_SERVICE (store)->url->host);
 +
 +				return FALSE;
 +			}
 +			d++;
 +		}
- 		
++
  		secret = g_alloca(strlen(store->engine->apop)+strlen(service->url->passwd)+1);
  		sprintf(secret, "%s%s",  store->engine->apop, service->url->passwd);
+ 		md5_get_digest(secret, strlen (secret), md5sum);


Index: evolution-data-server.spec
===================================================================
RCS file: /cvs/dist/rpms/evolution-data-server/FC-6/evolution-data-server.spec,v
retrieving revision 1.141
retrieving revision 1.142
diff -u -r1.141 -r1.142
--- evolution-data-server.spec	24 Apr 2007 20:02:51 -0000	1.141
+++ evolution-data-server.spec	30 Apr 2007 21:03:29 -0000	1.142
@@ -25,7 +25,7 @@
 
 Name: evolution-data-server
 Version: 1.8.3
-Release: 5%{?dist}
+Release: 6%{?dist}
 License: LGPL
 Group: System Environment/Libraries
 Summary: Backend data server for Evolution
@@ -379,6 +379,9 @@
 %{_libdir}/pkgconfig/libexchange-storage-%{eds_api_version}.pc
 
 %changelog
+* Mon Apr 30 2007 Matthew Barnes <mbarnes at redhat.com> - 1.8.3-6.fc6
+- Revise patch for RH bug #235290 to not break string freeze.
+
 * Tue Apr 24 2007 Matthew Barnes <mbarnes at redhat.com> - 1.8.3-5.fc6
 - Add patch for RH bug #235290 (APOP authentication vulnerability).

More information about the fedora-cvs-commits mailing list