rpms/evolution-data-server/FC-5 evolution-data-server-1.6.3-apop-auth-vulnerability.patch, 1.1, 1.2 evolution-data-server.spec, 1.95, 1.96

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Mon Apr 30 21:07:32 UTC 2007 

Author: mbarnes

Update of /cvs/dist/rpms/evolution-data-server/FC-5
In directory cvs.devel.redhat.com:/tmp/cvs-serv3154

Modified Files:
	evolution-data-server-1.6.3-apop-auth-vulnerability.patch 
	evolution-data-server.spec 
Log Message:

* Mon Apr 30 2007 Matthew Barnes <mbarnes at redhat.com> - 1.6.3-4.fc5
- Revise patch for RH bug #235290 to not break string freeze.


evolution-data-server-1.6.3-apop-auth-vulnerability.patch:
 camel-pop3-store.c |   17 ++++++++++++++++-
 1 files changed, 16 insertions(+), 1 deletion(-)

Index: evolution-data-server-1.6.3-apop-auth-vulnerability.patch
===================================================================
RCS file: /cvs/dist/rpms/evolution-data-server/FC-5/evolution-data-server-1.6.3-apop-auth-vulnerability.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- evolution-data-server-1.6.3-apop-auth-vulnerability.patch	24 Apr 2007 20:08:09 -0000	1.1
+++ evolution-data-server-1.6.3-apop-auth-vulnerability.patch	30 Apr 2007 21:07:30 -0000	1.2
@@ -1,5 +1,5 @@
 --- evolution-data-server-1.6.3/camel/providers/pop3/camel-pop3-store.c.apop-auth-vulnerability	2006-05-03 09:59:27.000000000 -0400
-+++ evolution-data-server-1.6.3/camel/providers/pop3/camel-pop3-store.c	2007-04-24 16:05:15.000000000 -0400
++++ evolution-data-server-1.6.3/camel/providers/pop3/camel-pop3-store.c	2007-04-30 17:06:33.000000000 -0400
 @@ -34,6 +34,7 @@
  #include <string.h>
  #include <unistd.h>
@@ -8,25 +8,26 @@
  
  #include "camel-operation.h"
  
-@@ -485,6 +486,21 @@
+@@ -485,7 +486,21 @@
  	} else if (strcmp(service->url->authmech, "+APOP") == 0 && store->engine->apop) {
  		char *secret, md5asc[33], *d;
  		unsigned char md5sum[16], *s;
+-		
 +
 +		d = store->engine->apop;
 +
 +		while (*d != '\0') {
 +			if (!isascii((int)*d)) {
++
 +				camel_exception_setv (ex, CAMEL_EXCEPTION_SERVICE_URL_INVALID,
-+						_("Unable to connect to POP server %s: "
-+						"Invalid APOP ID received. Impersonation attack "
-+						"suspected. Please contact your admin."),
++						_("Unable to connect to POP server %s: "),
 +						CAMEL_SERVICE (store)->url->host);
 +
 +				return FALSE;
 +			}
 +			d++;
 +		}
- 		
++
  		secret = g_alloca(strlen(store->engine->apop)+strlen(service->url->passwd)+1);
  		sprintf(secret, "%s%s",  store->engine->apop, service->url->passwd);
+ 		md5_get_digest(secret, strlen (secret), md5sum);


Index: evolution-data-server.spec
===================================================================
RCS file: /cvs/dist/rpms/evolution-data-server/FC-5/evolution-data-server.spec,v
retrieving revision 1.95
retrieving revision 1.96
diff -u -r1.95 -r1.96
--- evolution-data-server.spec	24 Apr 2007 20:08:09 -0000	1.95
+++ evolution-data-server.spec	30 Apr 2007 21:07:30 -0000	1.96
@@ -22,7 +22,7 @@
 
 Name: evolution-data-server
 Version: 1.6.3
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: LGPL
 Group: System Environment/Libraries
 Summary: Backend data server for evolution
@@ -327,6 +327,9 @@
 
 
 %changelog
+* Mon Apr 30 2007 Matthew Barnes <mbarnes at redhat.com> - 1.6.3-4.fc5
+- Revise patch for RH bug #235290 to not break string freeze.
+
 * Tue Apr 24 2007 Matthew Barnes <mbarnes at redhat.com> - 1.6.3-3.fc5
 - Add patch for RH bug #235290 (APOP authentication vulnerability).

More information about the fedora-cvs-commits mailing list