rpms/evolution-data-server/FC-5 evolution-data-server-1.6.3-apop-auth-vulnerability.patch, 1.1, 1.2 evolution-data-server.spec, 1.95, 1.96
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Mon Apr 30 21:07:32 UTC 2007
Author: mbarnes
Update of /cvs/dist/rpms/evolution-data-server/FC-5
In directory cvs.devel.redhat.com:/tmp/cvs-serv3154
Modified Files:
evolution-data-server-1.6.3-apop-auth-vulnerability.patch
evolution-data-server.spec
Log Message:
* Mon Apr 30 2007 Matthew Barnes <mbarnes at redhat.com> - 1.6.3-4.fc5
- Revise patch for RH bug #235290 to not break string freeze.
evolution-data-server-1.6.3-apop-auth-vulnerability.patch:
camel-pop3-store.c | 17 ++++++++++++++++-
1 files changed, 16 insertions(+), 1 deletion(-)
Index: evolution-data-server-1.6.3-apop-auth-vulnerability.patch
===================================================================
RCS file: /cvs/dist/rpms/evolution-data-server/FC-5/evolution-data-server-1.6.3-apop-auth-vulnerability.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- evolution-data-server-1.6.3-apop-auth-vulnerability.patch 24 Apr 2007 20:08:09 -0000 1.1
+++ evolution-data-server-1.6.3-apop-auth-vulnerability.patch 30 Apr 2007 21:07:30 -0000 1.2
@@ -1,5 +1,5 @@
--- evolution-data-server-1.6.3/camel/providers/pop3/camel-pop3-store.c.apop-auth-vulnerability 2006-05-03 09:59:27.000000000 -0400
-+++ evolution-data-server-1.6.3/camel/providers/pop3/camel-pop3-store.c 2007-04-24 16:05:15.000000000 -0400
++++ evolution-data-server-1.6.3/camel/providers/pop3/camel-pop3-store.c 2007-04-30 17:06:33.000000000 -0400
@@ -34,6 +34,7 @@
#include <string.h>
#include <unistd.h>
@@ -8,25 +8,26 @@
#include "camel-operation.h"
-@@ -485,6 +486,21 @@
+@@ -485,7 +486,21 @@
} else if (strcmp(service->url->authmech, "+APOP") == 0 && store->engine->apop) {
char *secret, md5asc[33], *d;
unsigned char md5sum[16], *s;
+-
+
+ d = store->engine->apop;
+
+ while (*d != '\0') {
+ if (!isascii((int)*d)) {
++
+ camel_exception_setv (ex, CAMEL_EXCEPTION_SERVICE_URL_INVALID,
-+ _("Unable to connect to POP server %s: "
-+ "Invalid APOP ID received. Impersonation attack "
-+ "suspected. Please contact your admin."),
++ _("Unable to connect to POP server %s: "),
+ CAMEL_SERVICE (store)->url->host);
+
+ return FALSE;
+ }
+ d++;
+ }
-
++
secret = g_alloca(strlen(store->engine->apop)+strlen(service->url->passwd)+1);
sprintf(secret, "%s%s", store->engine->apop, service->url->passwd);
+ md5_get_digest(secret, strlen (secret), md5sum);
Index: evolution-data-server.spec
===================================================================
RCS file: /cvs/dist/rpms/evolution-data-server/FC-5/evolution-data-server.spec,v
retrieving revision 1.95
retrieving revision 1.96
diff -u -r1.95 -r1.96
--- evolution-data-server.spec 24 Apr 2007 20:08:09 -0000 1.95
+++ evolution-data-server.spec 30 Apr 2007 21:07:30 -0000 1.96
@@ -22,7 +22,7 @@
Name: evolution-data-server
Version: 1.6.3
-Release: 3%{?dist}
+Release: 4%{?dist}
License: LGPL
Group: System Environment/Libraries
Summary: Backend data server for evolution
@@ -327,6 +327,9 @@
%changelog
+* Mon Apr 30 2007 Matthew Barnes <mbarnes at redhat.com> - 1.6.3-4.fc5
+- Revise patch for RH bug #235290 to not break string freeze.
+
* Tue Apr 24 2007 Matthew Barnes <mbarnes at redhat.com> - 1.6.3-3.fc5
- Add patch for RH bug #235290 (APOP authentication vulnerability).
More information about the fedora-cvs-commits
mailing list