From c2160b68157f78bb60b14ee998da6c4d3c809b3b Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: May 20 2020 14:48:56 +0000 Subject: import evolution-3.28.5-8.el7 --- diff --git a/SOURCES/evolution-3.28.5-cve-2018-15587-reposition-signature-bar.patch b/SOURCES/evolution-3.28.5-cve-2018-15587-reposition-signature-bar.patch new file mode 100644 index 0000000..de50995 --- /dev/null +++ b/SOURCES/evolution-3.28.5-cve-2018-15587-reposition-signature-bar.patch @@ -0,0 +1,383 @@ +diff -up evolution-3.28.5/src/em-format/e-mail-formatter-utils.c.cve-2018-15587-reposition-signature-bar evolution-3.28.5/src/em-format/e-mail-formatter-utils.c +--- evolution-3.28.5/src/em-format/e-mail-formatter-utils.c.cve-2018-15587-reposition-signature-bar 2018-07-30 15:37:05.000000000 +0200 ++++ evolution-3.28.5/src/em-format/e-mail-formatter-utils.c 2019-10-24 16:21:32.730944332 +0200 +@@ -549,71 +549,136 @@ e_mail_formatter_format_security_header + EMailPart *part, + guint32 flags) + { +- const gchar* part_id; +- gchar* part_id_prefix; +- GString* tmp; ++ struct _validity_flags { ++ guint32 flags; ++ const gchar *description_complete; ++ const gchar *description_partial; ++ } validity_flags[] = { ++ { E_MAIL_PART_VALIDITY_PGP | E_MAIL_PART_VALIDITY_SIGNED, N_("GPG signed"), N_("partially GPG signed") }, ++ { E_MAIL_PART_VALIDITY_PGP | E_MAIL_PART_VALIDITY_ENCRYPTED, N_("GPG encrypted"), N_("partially GPG encrypted") }, ++ { E_MAIL_PART_VALIDITY_SMIME | E_MAIL_PART_VALIDITY_SIGNED, N_("S/MIME signed"), N_("partially S/MIME signed") }, ++ { E_MAIL_PART_VALIDITY_SMIME | E_MAIL_PART_VALIDITY_ENCRYPTED, N_("S/MIME encrypted"), N_("partially S/MIME encrypted") } ++ }; ++ const gchar *part_id; ++ gchar *part_id_prefix; + GQueue queue = G_QUEUE_INIT; + GList *head, *link; ++ guint32 check_valid_flags = 0; ++ gint part_id_prefix_len; ++ gboolean is_partial = FALSE; ++ guint ii; + + g_return_if_fail (E_IS_MAIL_PART_HEADERS (part)); + + /* Get prefix of this PURI */ + part_id = e_mail_part_get_id (part); + part_id_prefix = g_strndup (part_id, g_strrstr (part_id, ".") - part_id); +- +- /* Add encryption/signature header */ +- tmp = g_string_new (""); ++ part_id_prefix_len = strlen (part_id_prefix); + + e_mail_part_list_queue_parts (context->part_list, NULL, &queue); + + head = g_queue_peek_head_link (&queue); + +- /* Find first secured part. */ +- for (link = head; link != NULL; link = g_list_next(link)) { ++ /* Ignore the main message, the headers and the end parts */ ++ #define should_skip_part(_id) \ ++ (g_strcmp0 (_id, part_id_prefix) == 0 || \ ++ (_id && g_str_has_suffix (_id, ".rfc822.end")) || \ ++ (_id && strlen (_id) == part_id_prefix_len + 8 /* strlen (".headers") */ && \ ++ g_strcmp0 (_id + part_id_prefix_len, ".headers") == 0)) ++ ++ /* Check parts for this ID. */ ++ for (link = head; link != NULL; link = g_list_next (link)) { + EMailPart *mail_part = link->data; ++ const gchar *id = e_mail_part_get_id (mail_part); + +- if (!e_mail_part_has_validity (mail_part)) ++ if (!e_mail_part_id_has_prefix (mail_part, part_id_prefix)) + continue; + +- if (!e_mail_part_id_has_prefix (mail_part, part_id_prefix)) ++ if (should_skip_part (id)) + continue; + +- if (e_mail_part_get_validity (mail_part, E_MAIL_PART_VALIDITY_PGP | E_MAIL_PART_VALIDITY_SIGNED)) { +- g_string_append (tmp, _("GPG signed")); ++ if (!e_mail_part_has_validity (mail_part)) { ++ /* A part without validity, thus it's partially signed/encrypted */ ++ is_partial = TRUE; ++ } else { ++ guint32 validies = 0; ++ for (ii = 0; ii < G_N_ELEMENTS (validity_flags); ii++) { ++ if (e_mail_part_get_validity (mail_part, validity_flags[ii].flags)) ++ validies |= validity_flags[ii].flags; ++ } ++ check_valid_flags |= validies; + } + +- if (e_mail_part_get_validity (mail_part, E_MAIL_PART_VALIDITY_PGP | E_MAIL_PART_VALIDITY_ENCRYPTED)) { +- if (tmp->len > 0) +- g_string_append (tmp, ", "); +- g_string_append (tmp, _("GPG encrypted")); +- } ++ /* Do not traverse sub-messages */ ++ if (g_str_has_suffix (e_mail_part_get_id (mail_part), ".rfc822") && ++ !g_str_equal (e_mail_part_get_id (mail_part), part_id_prefix)) ++ link = e_mail_formatter_find_rfc822_end_iter (link); ++ } + +- if (e_mail_part_get_validity (mail_part, E_MAIL_PART_VALIDITY_SMIME | E_MAIL_PART_VALIDITY_SIGNED)) { +- if (tmp->len > 0) +- g_string_append (tmp, ", "); +- g_string_append (tmp, _("S/MIME signed")); ++ if (check_valid_flags) { ++ GString *tmp; ++ ++ if (!is_partial) { ++ for (link = head; link != NULL && !is_partial; link = g_list_next (link)) { ++ EMailPart *mail_part = link->data; ++ const gchar *id = e_mail_part_get_id (mail_part); ++ ++ if (!e_mail_part_id_has_prefix (mail_part, part_id_prefix)) ++ continue; ++ ++ if (should_skip_part (id)) ++ continue; ++ ++ if (!e_mail_part_has_validity (mail_part)) { ++ /* A part without validity, thus it's partially signed/encrypted */ ++ is_partial = TRUE; ++ break; ++ } ++ ++ is_partial = !e_mail_part_get_validity (mail_part, check_valid_flags); ++ ++ /* Do not traverse sub-messages */ ++ if (g_str_has_suffix (e_mail_part_get_id (mail_part), ".rfc822") && ++ !g_str_equal (e_mail_part_get_id (mail_part), part_id_prefix)) ++ link = e_mail_formatter_find_rfc822_end_iter (link); ++ } + } + +- if (e_mail_part_get_validity (mail_part, E_MAIL_PART_VALIDITY_SMIME | E_MAIL_PART_VALIDITY_ENCRYPTED)) { +- if (tmp->len > 0) +- g_string_append (tmp, ", "); +- g_string_append (tmp, _("S/MIME encrypted")); ++ /* Add encryption/signature header */ ++ tmp = g_string_new (""); ++ ++ for (link = head; link; link = g_list_next (link)) { ++ EMailPart *mail_part = link->data; ++ const gchar *id = e_mail_part_get_id (mail_part); ++ ++ if (!e_mail_part_has_validity (mail_part) || ++ !e_mail_part_id_has_prefix (mail_part, part_id_prefix)) ++ continue; ++ ++ if (should_skip_part (id)) ++ continue; ++ ++ for (ii = 0; ii < G_N_ELEMENTS (validity_flags); ii++) { ++ if (e_mail_part_get_validity (mail_part, validity_flags[ii].flags)) { ++ if (tmp->len > 0) ++ g_string_append (tmp, ", "); ++ g_string_append (tmp, is_partial ? _(validity_flags[ii].description_partial) : _(validity_flags[ii].description_complete)); ++ } ++ } ++ ++ break; + } + +- break; +- } ++ if (tmp->len > 0) ++ e_mail_formatter_format_header (formatter, buffer, _("Security"), tmp->str, flags, "UTF-8"); + +- if (tmp->len > 0) { +- e_mail_formatter_format_header ( +- formatter, buffer, +- _("Security"), tmp->str, +- flags, +- "UTF-8"); ++ g_string_free (tmp, TRUE); + } + ++ #undef should_skip_part ++ + while (!g_queue_is_empty (&queue)) + g_object_unref (g_queue_pop_head (&queue)); + +- g_string_free (tmp, TRUE); + g_free (part_id_prefix); + } +diff -up evolution-3.28.5/src/em-format/e-mail-parser-application-smime.c.cve-2018-15587-reposition-signature-bar evolution-3.28.5/src/em-format/e-mail-parser-application-smime.c +--- evolution-3.28.5/src/em-format/e-mail-parser-application-smime.c.cve-2018-15587-reposition-signature-bar 2018-07-30 15:37:05.000000000 +0200 ++++ evolution-3.28.5/src/em-format/e-mail-parser-application-smime.c 2019-10-24 16:21:32.730944332 +0200 +@@ -22,6 +22,7 @@ + + #include + ++#include "e-mail-formatter-utils.h" + #include "e-mail-parser-extension.h" + #include "e-mail-part-utils.h" + +@@ -104,6 +105,10 @@ empe_app_smime_parse (EMailParserExtensi + mail_part, valid, + E_MAIL_PART_VALIDITY_ENCRYPTED | + E_MAIL_PART_VALIDITY_SMIME); ++ ++ /* Do not traverse sub-messages */ ++ if (g_str_has_suffix (e_mail_part_get_id (mail_part), ".rfc822")) ++ link = e_mail_formatter_find_rfc822_end_iter (link); + } + + e_queue_transfer (&work_queue, out_mail_parts); +diff -up evolution-3.28.5/src/em-format/e-mail-parser.c.cve-2018-15587-reposition-signature-bar evolution-3.28.5/src/em-format/e-mail-parser.c +--- evolution-3.28.5/src/em-format/e-mail-parser.c.cve-2018-15587-reposition-signature-bar 2018-07-30 15:37:05.000000000 +0200 ++++ evolution-3.28.5/src/em-format/e-mail-parser.c 2019-10-24 16:21:32.729944332 +0200 +@@ -79,6 +79,67 @@ GType e_mail_parser_application_smime_ge + static gpointer parent_class; + + static void ++mail_parser_move_security_before_headers (GQueue *part_queue) ++{ ++ GList *link, *last_headers = NULL; ++ GSList *headers_stack = NULL; ++ ++ link = g_queue_peek_head_link (part_queue); ++ while (link) { ++ EMailPart *part = link->data; ++ const gchar *id; ++ ++ if (!part) { ++ link = g_list_next (link); ++ continue; ++ } ++ ++ id = e_mail_part_get_id (part); ++ if (!id) { ++ link = g_list_next (link); ++ continue; ++ } ++ ++ if (g_str_has_suffix (id, ".rfc822")) { ++ headers_stack = g_slist_prepend (headers_stack, last_headers); ++ last_headers = NULL; ++ } else if (g_str_has_suffix (id, ".rfc822.end")) { ++ g_warn_if_fail (headers_stack != NULL); ++ ++ if (headers_stack) { ++ last_headers = headers_stack->data; ++ headers_stack = g_slist_remove (headers_stack, last_headers); ++ } else { ++ last_headers = NULL; ++ } ++ } ++ ++ if (g_strcmp0 (e_mail_part_get_mime_type (part), "application/vnd.evolution.headers") == 0) { ++ last_headers = link; ++ link = g_list_next (link); ++ } else if (g_strcmp0 (e_mail_part_get_mime_type (part), "application/vnd.evolution.secure-button") == 0) { ++ g_warn_if_fail (last_headers != NULL); ++ ++ if (last_headers) { ++ GList *next = g_list_next (link); ++ ++ g_warn_if_fail (g_queue_remove (part_queue, part)); ++ g_queue_insert_before (part_queue, last_headers, part); ++ ++ link = next; ++ } else { ++ link = g_list_next (link); ++ } ++ } else { ++ link = g_list_next (link); ++ } ++ } ++ ++ g_warn_if_fail (headers_stack == NULL); ++ g_slist_free (headers_stack); ++} ++ ++static void + mail_parser_run (EMailParser *parser, + EMailPartList *part_list, + GCancellable *cancellable) +@@ -132,6 +193,8 @@ mail_parser_run (EMailParser *parser, + break; + } + ++ mail_parser_move_security_before_headers (&mail_part_queue); ++ + while (!g_queue_is_empty (&mail_part_queue)) { + mail_part = g_queue_pop_head (&mail_part_queue); + e_mail_part_list_add_part (part_list, mail_part); +diff -up evolution-3.28.5/src/em-format/e-mail-parser-inlinepgp-encrypted.c.cve-2018-15587-reposition-signature-bar evolution-3.28.5/src/em-format/e-mail-parser-inlinepgp-encrypted.c +--- evolution-3.28.5/src/em-format/e-mail-parser-inlinepgp-encrypted.c.cve-2018-15587-reposition-signature-bar 2018-07-30 15:37:05.000000000 +0200 ++++ evolution-3.28.5/src/em-format/e-mail-parser-inlinepgp-encrypted.c 2019-10-24 16:21:32.730944332 +0200 +@@ -22,6 +22,7 @@ + + #include + ++#include "e-mail-formatter-utils.h" + #include "e-mail-parser-extension.h" + #include "e-mail-part-utils.h" + +@@ -135,6 +136,10 @@ empe_inlinepgp_encrypted_parse (EMailPar + mail_part, valid, + E_MAIL_PART_VALIDITY_ENCRYPTED | + E_MAIL_PART_VALIDITY_PGP); ++ ++ /* Do not traverse sub-messages */ ++ if (g_str_has_suffix (e_mail_part_get_id (mail_part), ".rfc822")) ++ link = e_mail_formatter_find_rfc822_end_iter (link); + } + + e_queue_transfer (&work_queue, out_mail_parts); +diff -up evolution-3.28.5/src/em-format/e-mail-parser-inlinepgp-signed.c.cve-2018-15587-reposition-signature-bar evolution-3.28.5/src/em-format/e-mail-parser-inlinepgp-signed.c +--- evolution-3.28.5/src/em-format/e-mail-parser-inlinepgp-signed.c.cve-2018-15587-reposition-signature-bar 2018-07-30 15:37:05.000000000 +0200 ++++ evolution-3.28.5/src/em-format/e-mail-parser-inlinepgp-signed.c 2019-10-24 16:21:32.731944332 +0200 +@@ -22,6 +22,7 @@ + + #include + ++#include "e-mail-formatter-utils.h" + #include "e-mail-parser-extension.h" + #include "e-mail-part-utils.h" + +@@ -142,6 +143,10 @@ empe_inlinepgp_signed_parse (EMailParser + mail_part, valid, + E_MAIL_PART_VALIDITY_SIGNED | + E_MAIL_PART_VALIDITY_PGP); ++ ++ /* Do not traverse sub-messages */ ++ if (g_str_has_suffix (e_mail_part_get_id (mail_part), ".rfc822")) ++ link = e_mail_formatter_find_rfc822_end_iter (link); + } + + e_queue_transfer (&work_queue, out_mail_parts); +diff -up evolution-3.28.5/src/em-format/e-mail-parser-multipart-encrypted.c.cve-2018-15587-reposition-signature-bar evolution-3.28.5/src/em-format/e-mail-parser-multipart-encrypted.c +--- evolution-3.28.5/src/em-format/e-mail-parser-multipart-encrypted.c.cve-2018-15587-reposition-signature-bar 2018-07-30 15:37:05.000000000 +0200 ++++ evolution-3.28.5/src/em-format/e-mail-parser-multipart-encrypted.c 2019-10-24 16:21:32.731944332 +0200 +@@ -21,6 +21,7 @@ + + #include + ++#include "e-mail-formatter-utils.h" + #include "e-mail-parser-extension.h" + #include "e-mail-part-utils.h" + +@@ -126,6 +127,10 @@ empe_mp_encrypted_parse (EMailParserExte + mail_part, valid, + E_MAIL_PART_VALIDITY_ENCRYPTED | + E_MAIL_PART_VALIDITY_PGP); ++ ++ /* Do not traverse sub-messages */ ++ if (g_str_has_suffix (e_mail_part_get_id (mail_part), ".rfc822")) ++ link = e_mail_formatter_find_rfc822_end_iter (link); + } + + e_queue_transfer (&work_queue, out_mail_parts); +diff -up evolution-3.28.5/src/em-format/e-mail-parser-multipart-signed.c.cve-2018-15587-reposition-signature-bar evolution-3.28.5/src/em-format/e-mail-parser-multipart-signed.c +--- evolution-3.28.5/src/em-format/e-mail-parser-multipart-signed.c.cve-2018-15587-reposition-signature-bar 2018-07-30 15:37:05.000000000 +0200 ++++ evolution-3.28.5/src/em-format/e-mail-parser-multipart-signed.c 2019-10-24 16:21:32.731944332 +0200 +@@ -21,6 +21,7 @@ + + #include + ++#include "e-mail-formatter-utils.h" + #include "e-mail-parser-extension.h" + #include "e-mail-part-utils.h" + +@@ -170,6 +171,10 @@ empe_mp_signed_parse (EMailParserExtensi + e_mail_part_update_validity ( + mail_part, valid, + validity_type | E_MAIL_PART_VALIDITY_SIGNED); ++ ++ /* Do not traverse sub-messages */ ++ if (g_str_has_suffix (e_mail_part_get_id (mail_part), ".rfc822")) ++ link = e_mail_formatter_find_rfc822_end_iter (link); + } + + e_queue_transfer (&work_queue, out_mail_parts); +diff -up evolution-3.28.5/src/em-format/e-mail-part.c.cve-2018-15587-reposition-signature-bar evolution-3.28.5/src/em-format/e-mail-part.c +--- evolution-3.28.5/src/em-format/e-mail-part.c.cve-2018-15587-reposition-signature-bar 2018-07-30 15:37:05.000000000 +0200 ++++ evolution-3.28.5/src/em-format/e-mail-part.c 2019-10-24 16:21:32.731944332 +0200 +@@ -662,6 +662,15 @@ e_mail_part_update_validity (EMailPart * + + mask = E_MAIL_PART_VALIDITY_PGP | E_MAIL_PART_VALIDITY_SMIME; + ++ /* Auto-add flags when the related part is present */ ++ if (!(validity_type & E_MAIL_PART_VALIDITY_SIGNED) && ++ validity->sign.status != CAMEL_CIPHER_VALIDITY_SIGN_NONE) ++ validity_type |= E_MAIL_PART_VALIDITY_SIGNED; ++ ++ if (!(validity_type & E_MAIL_PART_VALIDITY_ENCRYPTED) && ++ validity->encrypt.status != CAMEL_CIPHER_VALIDITY_ENCRYPT_NONE) ++ validity_type |= E_MAIL_PART_VALIDITY_ENCRYPTED; ++ + pair = mail_part_find_validity_pair (part, validity_type & mask); + if (pair != NULL) { + pair->validity_type |= validity_type; diff --git a/SPECS/evolution.spec b/SPECS/evolution.spec index 8e10827..2a0b9a1 100644 --- a/SPECS/evolution.spec +++ b/SPECS/evolution.spec @@ -31,7 +31,7 @@ Name: evolution Version: 3.28.5 -Release: 6%{?dist} +Release: 8%{?dist} Group: Applications/Productivity Summary: Mail and calendar client for GNOME License: GPLv2+ and GFDL @@ -71,6 +71,9 @@ Patch06: evolution-3.28.5-intltool-cache.patch # RH bug #1753122 Patch07: evolution-3.28.5-gala11yetableitem-ref-child.patch +# RH bug #1686408 +Patch08: evolution-3.28.5-cve-2018-15587-reposition-signature-bar.patch + ## Dependencies ### Requires: evolution-data-server >= %{eds_version} @@ -244,6 +247,7 @@ the functionality of the installed %{name} package. %patch05 -p1 -b .task-memo-list-deselect %patch06 -p1 -b .intltool-cache %patch07 -p1 -b .gala11yetableitem-ref-child +%patch08 -p1 -b .cve-2018-15587-reposition-signature-bar # Remove the welcome email from Novell for inbox in src/mail/default/*/Inbox; do @@ -558,6 +562,12 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &>/dev/null || : %endif %changelog +* Thu Oct 24 2019 Milan Crha - 3.28.5-8 +- Update patch for RH bug #1686408 (CVE-2018-15587: Reposition signature bar) + +* Wed Oct 23 2019 Milan Crha - 3.28.5-7 +- Add patch for RH bug #1686408 (CVE-2018-15587: Reposition signature bar) + * Wed Sep 18 2019 Milan Crha - 3.28.5-6 - Add patch for RH bug #1753122 (GalA11yETableItem: Incorrect implementation of AtkObjectClass::ref_child())