Add fix for bug #261203

Package-Manager: portage-2.1.6.7/cvs/Linux x86_64
author: Daniel Gryniewicz <dang@gentoo.org> 2009-03-12 23:27:26 +0000
committer: Daniel Gryniewicz <dang@gentoo.org> 2009-03-12 23:27:26 +0000
commit: 2304c757e2df354d626fbb9d03296daf796322c2 (patch)
tree: 559cbe2b235979a5a42295b65d6a45035a41516c /gnome-extra
parent: Sparc stable, Bug #262327. (diff)
download: historical-2304c757e2df354d626fbb9d03296daf796322c2.tar.gz
historical-2304c757e2df354d626fbb9d03296daf796322c2.tar.bz2
historical-2304c757e2df354d626fbb9d03296daf796322c2.zip
4 files changed, 302 insertions, 2 deletions
diff --git a/gnome-extra/evolution-data-server/ChangeLog b/gnome-extra/evolution-data-server/ChangeLog
index eaa80a8ab9bb..2415c84ee70a 100644
--- a/gnome-extra/evolution-data-server/ChangeLog
+++ b/gnome-extra/evolution-data-server/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for gnome-extra/evolution-data-server
 # Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/gnome-extra/evolution-data-server/ChangeLog,v 1.214 2009/03/12 21:42:05 klausman Exp $
+# $Header: /var/cvsroot/gentoo-x86/gnome-extra/evolution-data-server/ChangeLog,v 1.215 2009/03/12 23:27:24 dang Exp $
+
+*evolution-data-server-2.24.5-r2 (12 Mar 2009)
+
+  12 Mar 2009; Daniel Gryniewicz <dang@gentoo.org>
+  +files/evolution-data-server-CVE-2009-0582.patch,
+  +evolution-data-server-2.24.5-r2.ebuild:
+  Add fix for bug #261203
 
   12 Mar 2009; Tobias Klausmann <klausman@gentoo.org>
   evolution-data-server-2.24.5-r1.ebuild:
diff --git a/gnome-extra/evolution-data-server/Manifest b/gnome-extra/evolution-data-server/Manifest
index a9ca7e7b468c..512306681af6 100644
--- a/gnome-extra/evolution-data-server/Manifest
+++ b/gnome-extra/evolution-data-server/Manifest
@@ -1,3 +1,6 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
 AUX calentry.schema 3661 RMD160 68dfc3a8bbf08a1cf2713727c6617b2de613cb7c SHA1 06ddcc64c3b2b3230fbbef21a7e2a682bd95788c SHA256 107d60463833d5ceb5f752335dd07fef303093c58a51fb03405fed5837999431
 AUX evolution-data-server-1.11.3-as-needed.patch 1942 RMD160 1db5815026e06a47c91295f4b502b94692dbe115 SHA1 0f94fb16e14ed685154cd0ad1211095431e179ca SHA256 95b1d4a23e801a36c7027080347e8fcb1ad90bc1d4040e9bdab8d00eb1f27986
 AUX evolution-data-server-1.11.3-no-libdb.patch 570 RMD160 404dfda7aac4e9ff6504ecd9ee5b7af6efafc969 SHA1 411f311317439bf20643491d2b7d1cbee99c561e SHA256 992602fd04cfa8afba084238f62f765b1d5caf29cc10ad739c7e63ea78291905
@@ -14,6 +17,7 @@ AUX evolution-data-server-2.22.3-mail-cleanup-delay.patch 2974 RMD160 b482fbd815
 AUX evolution-data-server-2.22.3-timezone-western.patch 2041 RMD160 8a0d9e308123ebc48a6ea9c7932c8639765a96b8 SHA1 963f7c7a0659a4ca6659f5983e8a47825c70b8e9 SHA256 56e3311334bac728db2c7afcd200e56acc3e0a9819659cdffb745c488bbb4126
 AUX evolution-data-server-2.23.6-as-needed.patch 3469 RMD160 43c48a35d0480a82db6cf131c0fdd0062353efc4 SHA1 96ef4dd901730ab2f77716646517a5ef40a5f982 SHA256 4899ffd8773229ecb43afbffdb91faa1fd433630395792998973f62aa54afb37
 AUX evolution-data-server-2.24.5-CVE-2009-0547.patch 3977 RMD160 24bd47ad13994f712bf4976fed06997e93130bf1 SHA1 624a3072eed233542829a557c1434a63ac9e64be SHA256 7aefaa4cf040efa4aca3fbf49910003a5368eb44d5e5b46f53f044495de7ff8d
+AUX evolution-data-server-CVE-2009-0582.patch 4651 RMD160 348f25abea3f513f170ca159923fc836ebafae42 SHA1 2d6b8ff93c43cf9e107de93c64be9df4d9b9a6d4 SHA256 b320f3efdbb19ddbf618be77cc4b52e5f422209b48273b5f62c7158b6efe618a
 AUX evolution-data-server-no_lazy_bindings.patch 551 RMD160 d86bf9a9ed25615bcb3dab23977ac01c341a799c SHA1 34aa3d902e0e704f67c6fceee820dad158d82be2 SHA256 772bdd99f3936d377cd0ce59c4f03789d227b79c4a2ca2d5e7e3165c378c6403
 DIST evolution-data-server-1.12.3.tar.bz2 7447166 RMD160 c7102c38af4888f3f8933c9d28981d1809d504f8 SHA1 12b8b23fb77ff6436def3cc5ea472886c8e0350e SHA256 e2d9038e3cd115ea5af2f3b7d381f5803c62d1ec36206e5a1bea0f823d25fab5
 DIST evolution-data-server-2.22.3.tar.bz2 7621470 RMD160 eed9c26fba0b69f0cbe44b01d698388c4ae44a0b SHA1 5d01b1248fcacef9c478787892f223338dff731b SHA256 6e9fa1258c8b4d1fd75a1da78ee637ad5b8a82bc58c93324d73afecf8d73fe87
@@ -29,6 +33,14 @@ EBUILD evolution-data-server-2.24.2.ebuild 3451 RMD160 99354f74976ce35c63f299b8b
 EBUILD evolution-data-server-2.24.3.ebuild 3301 RMD160 c84b5378dd51df2c438f579e5193be5999c8d8c9 SHA1 ffaac8310f590b7ef5b7ce50074e22afc2dc6144 SHA256 ec46d6d50c196d0adebea4012372a1b0256d176d9b8a596d71e58d4fee50f392
 EBUILD evolution-data-server-2.24.4.ebuild 3472 RMD160 bfd52e2916877c8fef535e1d165c647eb9cf74e6 SHA1 8954d1c0511612dbe2e06abdf3fc3f956d113430 SHA256 125d98acc684db29da51f887868c0cc4f8fd2342537855526d86891c683d9a98
 EBUILD evolution-data-server-2.24.5-r1.ebuild 3562 RMD160 e3ce3400f691f09106c93f5c2148abc35f26d3c3 SHA1 25e751ea290ae99e9acdea1704e4f4d80b5e8a7a SHA256 557a54637d84979edd1d34ee6aca9aa2310812a572bf7cf69a172d082679c80a
+EBUILD evolution-data-server-2.24.5-r2.ebuild 3654 RMD160 74afaa523082c14f032369424bf89a5625557f61 SHA1 645d2d5988b8f236cb43450ed3923256d6daacce SHA256 a733771af4576e684e809dd6cccbeaf3ce281084f98b857e3cb5dca01bcc3fd9
 EBUILD evolution-data-server-2.24.5.ebuild 3465 RMD160 aa553f2b26226bd3b6811b4b66e47aea3781226c SHA1 fd46bb6cbe80cfd11f70215716d0d9653a8b7b97 SHA256 8efaa5ba69f8e0393ef8649f8da92ded987552de6cbb37f06f89184361a79287
-MISC ChangeLog 40593 RMD160 954f00d1b1c7b14d0f1022c876e03e7ec18e5302 SHA1 8e897591661e429afc5e4c8a3fe3730c9894d8fc SHA256 8f26c40abfabd11007ef7fd7a08a7023b991fc985341a4dc990d750ea33d5c60
+MISC ChangeLog 40810 RMD160 65d25f940112a374fb7d950a69369e1c7f60b3c6 SHA1 83bab97b8d6c6fccac168e57fbbd370dc01cd251 SHA256 9851a623cbf01ac902d26e99c95c1afc6f299d4d296f68e9293bfb8cf68cf6eb
 MISC metadata.xml 158 RMD160 c0e2bae8e91bb6be8922bac5e4f597302e06587e SHA1 38f78e9790bcd4382b4a49aa226aa6dda1d3a3d7 SHA256 3a7dbca0fdc557de69783e0663e2d76ddab129ea8a19b2d0ef6d3e5d1b947ce1
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.10 (GNU/Linux)
+
+iD8DBQFJuZppomPajV0RnrERAmUrAJ9DQ3MBJ89S/eQcP8BWDzepBaSDCQCfWuz/
+ukYArYgT1ocyDM4uJk9kqY8=
+=6I92
+-----END PGP SIGNATURE-----
diff --git a/gnome-extra/evolution-data-server/evolution-data-server-2.24.5-r2.ebuild b/gnome-extra/evolution-data-server/evolution-data-server-2.24.5-r2.ebuild
new file mode 100644
index 000000000000..4145fe4f31a0
--- /dev/null
+++ b/gnome-extra/evolution-data-server/evolution-data-server-2.24.5-r2.ebuild
@@ -0,0 +1,137 @@
+# Copyright 1999-2009 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/gnome-extra/evolution-data-server/evolution-data-server-2.24.5-r2.ebuild,v 1.1 2009/03/12 23:27:24 dang Exp $
+
+inherit db-use eutils flag-o-matic gnome2 autotools versionator
+
+DESCRIPTION="Evolution groupware backend"
+HOMEPAGE="http://www.gnome.org/projects/evolution/"
+
+LICENSE="LGPL-2 Sleepycat"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd"
+IUSE="doc ipv6 kerberos gnome-keyring krb4 ldap ssl"
+
+RDEPEND=">=dev-libs/glib-2.16.1
+	>=x11-libs/gtk+-2.10
+	>=gnome-base/orbit-2.9.8
+	>=gnome-base/libbonobo-2.20.3
+	>=gnome-base/gconf-2
+	>=gnome-base/libglade-2
+	>=gnome-base/libgnome-2
+	>=dev-libs/libxml2-2
+	>=net-libs/libsoup-2.4
+	gnome-keyring? ( >=gnome-base/gnome-keyring-2.20.1 )
+	>=dev-db/sqlite-3.5
+	ssl? (
+		>=dev-libs/nspr-4.4
+		>=dev-libs/nss-3.9 )
+	>=gnome-base/libgnomeui-2
+	sys-libs/zlib
+	=sys-libs/db-4*
+	ldap? ( >=net-nds/openldap-2.0 )
+	kerberos? ( virtual/krb5 )
+	krb4? ( virtual/krb5 )"
+
+DEPEND="${RDEPEND}
+	>=dev-util/pkgconfig-0.9
+	>=dev-util/intltool-0.35.5
+	>=gnome-base/gnome-common-2
+	>=dev-util/gtk-doc-am-1.9
+	doc? ( >=dev-util/gtk-doc-1.9 )"
+
+DOCS="ChangeLog MAINTAINERS NEWS TODO"
+
+pkg_setup() {
+	G2CONF="${G2CONF}
+		$(use_with ldap openldap)
+		$(use_with kerberos krb5 /usr)
+		$(use_enable ssl nss)
+		$(use_enable ssl smime)
+		$(use_enable ipv6)
+		$(use_enable gnome-keyring)
+		--with-libdb=/usr/$(get_libdir)"
+
+	if use krb4 && ! built_with_use virtual/krb5 krb4; then
+		ewarn
+		ewarn "In order to add kerberos 4 support, you have to emerge"
+		ewarn "virtual/krb5 with the 'krb4' USE flag enabled as well."
+		ewarn
+		ewarn "Skipping for now."
+		ewarn
+		G2CONF="${G2CONF} --without-krb4"
+	else
+		G2CONF="${G2CONF} $(use_with krb4 krb4 /usr)"
+	fi
+
+}
+
+src_unpack() {
+	gnome2_src_unpack
+
+	# Adjust to gentoo's /etc/service
+	epatch "${FILESDIR}"/${PN}-1.2.0-gentoo_etc_services.patch
+
+	# Fix broken libdb build
+	epatch "${FILESDIR}"/${PN}-1.11.3-no-libdb.patch
+
+	# Rewind in camel-disco-diary to fix a crash
+	epatch "${FILESDIR}"/${PN}-1.8.0-camel-rewind.patch
+
+	# Fix building evo-exchange with --as-needed, upstream bug #342830
+	epatch "${FILESDIR}"/${PN}-2.23.6-as-needed.patch
+
+	# Fix S/MIME verification.  Bug #258867
+	epatch "${FILESDIR}"/${P}-CVE-2009-0547.patch
+
+	# Fix NTLM SASL authentication. Bug #261203
+	epatch "${FILESDIR}"/${PN}-CVE-2009-0582.patch
+
+	if use doc; then
+		sed "/^TARGET_DIR/i \GTKDOC_REBASE=/usr/bin/gtkdoc-rebase" -i gtk-doc.make
+	else
+		sed "/^TARGET_DIR/i \GTKDOC_REBASE=true" -i gtk-doc.make
+	fi
+
+	# gtk-doc-am and gnome-common needed for this
+	intltoolize --force --copy --automake || die "intltoolize failed"
+	eautoreconf
+}
+
+src_compile() {
+	# Use NSS/NSPR only if 'ssl' is enabled.
+	if use ssl ; then
+		sed -i -e "s|mozilla-nss|nss|
+		s|mozilla-nspr|nspr|" "${S}"/configure
+		G2CONF="${G2CONF} --enable-nss=yes"
+	else
+		G2CONF="${G2CONF} --without-nspr-libs --without-nspr-includes \
+		--without-nss-libs --without-nss-includes"
+	fi
+
+	# /usr/include/db.h is always db-1 on FreeBSD
+	# so include the right dir in CPPFLAGS
+	append-cppflags "-I$(db_includedir)"
+
+	cd "${S}"
+	gnome2_src_compile
+}
+
+src_install() {
+	gnome2_src_install
+
+	if use ldap; then
+		MY_MAJORV=$(get_version_component_range 1-2)
+		insinto /etc/openldap/schema
+		doins "${FILESDIR}"/calentry.schema
+		dosym "${D}"/usr/share/${PN}-${MY_MAJORV}/evolutionperson.schema /etc/openldap/schema/evolutionperson.schema
+	fi
+
+}
+
+pkg_postinst() {
+	if use ldap; then
+		elog ""
+		elog "LDAP schemas needed by evolution are installed in /etc/openldap/schema"
+	fi
+}
diff --git a/gnome-extra/evolution-data-server/files/evolution-data-server-CVE-2009-0582.patch b/gnome-extra/evolution-data-server/files/evolution-data-server-CVE-2009-0582.patch
new file mode 100644
index 000000000000..46231c0c0c39
--- /dev/null
+++ b/gnome-extra/evolution-data-server/files/evolution-data-server-CVE-2009-0582.patch
@@ -0,0 +1,144 @@
+Index: camel/camel-sasl-ntlm.c
+===================================================================
+--- camel/camel-sasl-ntlm.c	(revision 10105)
++++ camel/camel-sasl-ntlm.c	(working copy)
+@@ -74,9 +74,8 @@ camel_sasl_ntlm_get_type (void)
+ 
+ #define NTLM_REQUEST "NTLMSSP\x00\x01\x00\x00\x00\x06\x82\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x30\x00\x00\x00\x00\x00\x00\x00\x30\x00\x00\x00"
+ 
+-#define NTLM_CHALLENGE_NONCE_OFFSET      24
+-#define NTLM_CHALLENGE_DOMAIN_OFFSET     48
+-#define NTLM_CHALLENGE_DOMAIN_LEN_OFFSET 44
++#define NTLM_CHALLENGE_DOMAIN_OFFSET		12
++#define NTLM_CHALLENGE_NONCE_OFFSET		24
+ 
+ #define NTLM_RESPONSE_HEADER         "NTLMSSP\x00\x03\x00\x00\x00"
+ #define NTLM_RESPONSE_FLAGS          "\x82\x01"
+@@ -93,22 +92,60 @@ static void ntlm_calc_response   (const 
+ 				  guchar results[24]);
+ static void ntlm_lanmanager_hash (const char *password, char hash[21]);
+ static void ntlm_nt_hash         (const char *password, char hash[21]);
+-static void ntlm_set_string      (GByteArray *ba, int offset,
+-				  const char *data, int len);
++
++typedef struct {
++	guint16 length;
++	guint16 allocated;
++	guint32 offset;
++} SecurityBuffer;
++
++static GString *
++ntlm_get_string (GByteArray *ba, int offset)
++{
++	SecurityBuffer *secbuf;
++	GString *string;
++	gchar *buf_string;
++	guint16 buf_length;
++	guint32 buf_offset;
++
++	secbuf = (SecurityBuffer *) &ba->data[offset];
++	buf_length = GUINT16_FROM_LE (secbuf->length);
++	buf_offset = GUINT32_FROM_LE (secbuf->offset);
++
++	if (ba->len < buf_offset + buf_length)
++		return NULL;
++
++	string = g_string_sized_new (buf_length);
++	buf_string = (gchar *) &ba->data[buf_offset];
++	g_string_append_len (string, buf_string, buf_length);
++
++	return string;
++}
++
++static void
++ntlm_set_string (GByteArray *ba, int offset, const char *data, int len)
++{
++	SecurityBuffer *secbuf;
++
++	secbuf = (SecurityBuffer *) &ba->data[offset];
++	secbuf->length = GUINT16_TO_LE (len);
++	secbuf->offset = GUINT32_TO_LE (ba->len);
++	secbuf->allocated = secbuf->length;
++
++	g_byte_array_append (ba, (guint8 *) data, len);
++}
+ 
+ static GByteArray *
+ ntlm_challenge (CamelSasl *sasl, GByteArray *token, CamelException *ex)
+ {
+ 	GByteArray *ret;
+ 	guchar nonce[8], hash[21], lm_resp[24], nt_resp[24];
++	GString *domain;
+ 
+ 	ret = g_byte_array_new ();
+ 
+-	if (!token || !token->len) {
+-		g_byte_array_append (ret, (guint8 *) NTLM_REQUEST,
+-				     sizeof (NTLM_REQUEST) - 1);
+-		return ret;
+-	}
++	if (!token || token->len < NTLM_CHALLENGE_NONCE_OFFSET + 8)
++		goto fail;
+ 
+ 	memcpy (nonce, token->data + NTLM_CHALLENGE_NONCE_OFFSET, 8);
+ 	ntlm_lanmanager_hash (sasl->service->url->passwd, (char *) hash);
+@@ -116,7 +153,11 @@ ntlm_challenge (CamelSasl *sasl, GByteAr
+ 	ntlm_nt_hash (sasl->service->url->passwd, (char *) hash);
+ 	ntlm_calc_response (hash, nonce, nt_resp);
+ 
+-	ret = g_byte_array_new ();
++	domain = ntlm_get_string (token, NTLM_CHALLENGE_DOMAIN_OFFSET);
++	if (domain == NULL)
++		goto fail;
++
++	/* Don't jump to 'fail' label after this point. */
+ 	g_byte_array_set_size (ret, NTLM_RESPONSE_BASE_SIZE);
+ 	memset (ret->data, 0, NTLM_RESPONSE_BASE_SIZE);
+ 	memcpy (ret->data, NTLM_RESPONSE_HEADER,
+@@ -125,8 +166,7 @@ ntlm_challenge (CamelSasl *sasl, GByteAr
+ 		NTLM_RESPONSE_FLAGS, sizeof (NTLM_RESPONSE_FLAGS) - 1);
+ 
+ 	ntlm_set_string (ret, NTLM_RESPONSE_DOMAIN_OFFSET,
+-			 (const char *) token->data + NTLM_CHALLENGE_DOMAIN_OFFSET,
+-			 atoi ((char *) token->data + NTLM_CHALLENGE_DOMAIN_LEN_OFFSET));
++			 domain->str, domain->len);
+ 	ntlm_set_string (ret, NTLM_RESPONSE_USER_OFFSET,
+ 			 sasl->service->url->user,
+ 			 strlen (sasl->service->url->user));
+@@ -138,6 +178,18 @@ ntlm_challenge (CamelSasl *sasl, GByteAr
+ 			 (const char *) nt_resp, sizeof (nt_resp));
+ 
+ 	sasl->authenticated = TRUE;
++
++	g_string_free (domain, TRUE);
++
++	goto exit;
++
++fail:
++	/* If the challenge is malformed, restart authentication.
++	 * XXX A malicious server could make this loop indefinitely. */
++	g_byte_array_append (ret, (guint8 *) NTLM_REQUEST,
++			     sizeof (NTLM_REQUEST) - 1);
++
++exit:
+ 	return ret;
+ }
+ 
+@@ -201,17 +253,6 @@ ntlm_nt_hash (const char *password, char
+ 	g_free (buf);
+ }
+ 
+-static void
+-ntlm_set_string (GByteArray *ba, int offset, const char *data, int len)
+-{
+-	ba->data[offset    ] = ba->data[offset + 2] =  len       & 0xFF;
+-	ba->data[offset + 1] = ba->data[offset + 3] = (len >> 8) & 0xFF;
+-	ba->data[offset + 4] =  ba->len       & 0xFF;
+-	ba->data[offset + 5] = (ba->len >> 8) & 0xFF;
+-	g_byte_array_append (ba, (guint8 *) data, len);
+-}
+-
+-
+ #define KEYBITS(k,s) \
+         (((k[(s)/8] << ((s)%8)) & 0xFF) | (k[(s)/8+1] >> (8-(s)%8)))
+
author	Daniel Gryniewicz <dang@gentoo.org>	2009-03-12 23:27:26 +0000
committer	Daniel Gryniewicz <dang@gentoo.org>	2009-03-12 23:27:26 +0000
commit	2304c757e2df354d626fbb9d03296daf796322c2 (patch)
tree	559cbe2b235979a5a42295b65d6a45035a41516c /gnome-extra
parent	Sparc stable, Bug #262327. (diff)
download	historical-2304c757e2df354d626fbb9d03296daf796322c2.tar.gz historical-2304c757e2df354d626fbb9d03296daf796322c2.tar.bz2 historical-2304c757e2df354d626fbb9d03296daf796322c2.zip