From f33b1a0e929da62b927a109e12994fc4443e0a32 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Mar 31 2020 09:34:41 +0000 Subject: import evolution-3.28.5-8.el7 --- diff --git a/SOURCES/evolution-3.28.5-cve-2018-15587-reposition-signature-bar.patch b/SOURCES/evolution-3.28.5-cve-2018-15587-reposition-signature-bar.patch new file mode 100644 index 0000000..de50995 --- /dev/null +++ b/SOURCES/evolution-3.28.5-cve-2018-15587-reposition-signature-bar.patch @@ -0,0 +1,383 @@ +diff -up evolution-3.28.5/src/em-format/e-mail-formatter-utils.c.cve-2018-15587-reposition-signature-bar evolution-3.28.5/src/em-format/e-mail-formatter-utils.c +--- evolution-3.28.5/src/em-format/e-mail-formatter-utils.c.cve-2018-15587-reposition-signature-bar 2018-07-30 15:37:05.000000000 +0200 ++++ evolution-3.28.5/src/em-format/e-mail-formatter-utils.c 2019-10-24 16:21:32.730944332 +0200 +@@ -549,71 +549,136 @@ e_mail_formatter_format_security_header + EMailPart *part, + guint32 flags) + { +- const gchar* part_id; +- gchar* part_id_prefix; +- GString* tmp; ++ struct _validity_flags { ++ guint32 flags; ++ const gchar *description_complete; ++ const gchar *description_partial; ++ } validity_flags[] = { ++ { E_MAIL_PART_VALIDITY_PGP | E_MAIL_PART_VALIDITY_SIGNED, N_("GPG signed"), N_("partially GPG signed") }, ++ { E_MAIL_PART_VALIDITY_PGP | E_MAIL_PART_VALIDITY_ENCRYPTED, N_("GPG encrypted"), N_("partially GPG encrypted") }, ++ { E_MAIL_PART_VALIDITY_SMIME | E_MAIL_PART_VALIDITY_SIGNED, N_("S/MIME signed"), N_("partially S/MIME signed") }, ++ { E_MAIL_PART_VALIDITY_SMIME | E_MAIL_PART_VALIDITY_ENCRYPTED, N_("S/MIME encrypted"), N_("partially S/MIME encrypted") } ++ }; ++ const gchar *part_id; ++ gchar *part_id_prefix; + GQueue queue = G_QUEUE_INIT; + GList *head, *link; ++ guint32 check_valid_flags = 0; ++ gint part_id_prefix_len; ++ gboolean is_partial = FALSE; ++ guint ii; + + g_return_if_fail (E_IS_MAIL_PART_HEADERS (part)); + + /* Get prefix of this PURI */ + part_id = e_mail_part_get_id (part); + part_id_prefix = g_strndup (part_id, g_strrstr (part_id, ".") - part_id); +- +- /* Add encryption/signature header */ +- tmp = g_string_new (""); ++ part_id_prefix_len = strlen (part_id_prefix); + + e_mail_part_list_queue_parts (context->part_list, NULL, &queue); + + head = g_queue_peek_head_link (&queue); + +- /* Find first secured part. */ +- for (link = head; link != NULL; link = g_list_next(link)) { ++ /* Ignore the main message, the headers and the end parts */ ++ #define should_skip_part(_id) \ ++ (g_strcmp0 (_id, part_id_prefix) == 0 || \ ++ (_id && g_str_has_suffix (_id, ".rfc822.end")) || \ ++ (_id && strlen (_id) == part_id_prefix_len + 8 /* strlen (".headers") */ && \ ++ g_strcmp0 (_id + part_id_prefix_len, ".headers") == 0)) ++ ++ /* Check parts for this ID. */ ++ for (link = head; link != NULL; link = g_list_next (link)) { + EMailPart *mail_part = link->data; ++ const gchar *id = e_mail_part_get_id (mail_part); + +- if (!e_mail_part_has_validity (mail_part)) ++ if (!e_mail_part_id_has_prefix (mail_part, part_id_prefix)) + continue; + +- if (!e_mail_part_id_has_prefix (mail_part, part_id_prefix)) ++ if (should_skip_part (id)) + continue; + +- if (e_mail_part_get_validity (mail_part, E_MAIL_PART_VALIDITY_PGP | E_MAIL_PART_VALIDITY_SIGNED)) { +- g_string_append (tmp, _("GPG signed")); ++ if (!e_mail_part_has_validity (mail_part)) { ++ /* A part without validity, thus it's partially signed/encrypted */ ++ is_partial = TRUE; ++ } else { ++ guint32 validies = 0; ++ for (ii = 0; ii < G_N_ELEMENTS (validity_flags); ii++) { ++ if (e_mail_part_get_validity (mail_part, validity_flags[ii].flags)) ++ validies |= validity_flags[ii].flags; ++ } ++ check_valid_flags |= validies; + } + +- if (e_mail_part_get_validity (mail_part, E_MAIL_PART_VALIDITY_PGP | E_MAIL_PART_VALIDITY_ENCRYPTED)) { +- if (tmp->len > 0) +- g_string_append (tmp, ", "); +- g_string_append (tmp, _("GPG encrypted")); +- } ++ /* Do not traverse sub-messages */ ++ if (g_str_has_suffix (e_mail_part_get_id (mail_part), ".rfc822") && ++ !g_str_equal (e_mail_part_get_id (mail_part), part_id_prefix)) ++ link = e_mail_formatter_find_rfc822_end_iter (link); ++ } + +- if (e_mail_part_get_validity (mail_part, E_MAIL_PART_VALIDITY_SMIME | E_MAIL_PART_VALIDITY_SIGNED)) { +- if (tmp->len > 0) +- g_string_append (tmp, ", "); +- g_string_append (tmp, _("S/MIME signed")); ++ if (check_valid_flags) { ++ GString *tmp; ++ ++ if (!is_partial) { ++ for (link = head; link != NULL && !is_partial; link = g_list_next (link)) { ++ EMailPart *mail_part = link->data; ++ const gchar *id = e_mail_part_get_id (mail_part); ++ ++ if (!e_mail_part_id_has_prefix (mail_part, part_id_prefix)) ++ continue; ++ ++ if (should_skip_part (id)) ++ continue; ++ ++ if (!e_mail_part_has_validity (mail_part)) { ++ /* A part without validity, thus it's partially signed/encrypted */ ++ is_partial = TRUE; ++ break; ++ } ++ ++ is_partial = !e_mail_part_get_validity (mail_part, check_valid_flags); ++ ++ /* Do not traverse sub-messages */ ++ if (g_str_has_suffix (e_mail_part_get_id (mail_part), ".rfc822") && ++ !g_str_equal (e_mail_part_get_id (mail_part), part_id_prefix)) ++ link = e_mail_formatter_find_rfc822_end_iter (link); ++ } + } + +- if (e_mail_part_get_validity (mail_part, E_MAIL_PART_VALIDITY_SMIME | E_MAIL_PART_VALIDITY_ENCRYPTED)) { +- if (tmp->len > 0) +- g_string_append (tmp, ", "); +- g_string_append (tmp, _("S/MIME encrypted")); ++ /* Add encryption/signature header */ ++ tmp = g_string_new (""); ++ ++ for (link = head; link; link = g_list_next (link)) { ++ EMailPart *mail_part = link->data; ++ const gchar *id = e_mail_part_get_id (mail_part); ++ ++ if (!e_mail_part_has_validity (mail_part) || ++ !e_mail_part_id_has_prefix (mail_part, part_id_prefix)) ++ continue; ++ ++ if (should_skip_part (id)) ++ continue; ++ ++ for (ii = 0; ii < G_N_ELEMENTS (validity_flags); ii++) { ++ if (e_mail_part_get_validity (mail_part, validity_flags[ii].flags)) { ++ if (tmp->len > 0) ++ g_string_append (tmp, ", "); ++ g_string_append (tmp, is_partial ? _(validity_flags[ii].description_partial) : _(validity_flags[ii].description_complete)); ++ } ++ } ++ ++ break; + } + +- break; +- } ++ if (tmp->len > 0) ++ e_mail_formatter_format_header (formatter, buffer, _("Security"), tmp->str, flags, "UTF-8"); + +- if (tmp->len > 0) { +- e_mail_formatter_format_header ( +- formatter, buffer, +- _("Security"), tmp->str, +- flags, +- "UTF-8"); ++ g_string_free (tmp, TRUE); + } + ++ #undef should_skip_part ++ + while (!g_queue_is_empty (&queue)) + g_object_unref (g_queue_pop_head (&queue)); + +- g_string_free (tmp, TRUE); + g_free (part_id_prefix); + } +diff -up evolution-3.28.5/src/em-format/e-mail-parser-application-smime.c.cve-2018-15587-reposition-signature-bar evolution-3.28.5/src/em-format/e-mail-parser-application-smime.c +--- evolution-3.28.5/src/em-format/e-mail-parser-application-smime.c.cve-2018-15587-reposition-signature-bar 2018-07-30 15:37:05.000000000 +0200 ++++ evolution-3.28.5/src/em-format/e-mail-parser-application-smime.c 2019-10-24 16:21:32.730944332 +0200 +@@ -22,6 +22,7 @@ + + #include + ++#include "e-mail-formatter-utils.h" + #include "e-mail-parser-extension.h" + #include "e-mail-part-utils.h" + +@@ -104,6 +105,10 @@ empe_app_smime_parse (EMailParserExtensi + mail_part, valid, + E_MAIL_PART_VALIDITY_ENCRYPTED | + E_MAIL_PART_VALIDITY_SMIME); ++ ++ /* Do not traverse sub-messages */ ++ if (g_str_has_suffix (e_mail_part_get_id (mail_part), ".rfc822")) ++ link = e_mail_formatter_find_rfc822_end_iter (link); + } + + e_queue_transfer (&work_queue, out_mail_parts); +diff -up evolution-3.28.5/src/em-format/e-mail-parser.c.cve-2018-15587-reposition-signature-bar evolution-3.28.5/src/em-format/e-mail-parser.c +--- evolution-3.28.5/src/em-format/e-mail-parser.c.cve-2018-15587-reposition-signature-bar 2018-07-30 15:37:05.000000000 +0200 ++++ evolution-3.28.5/src/em-format/e-mail-parser.c 2019-10-24 16:21:32.729944332 +0200 +@@ -79,6 +79,67 @@ GType e_mail_parser_application_smime_ge + static gpointer parent_class; + + static void ++mail_parser_move_security_before_headers (GQueue *part_queue) ++{ ++ GList *link, *last_headers = NULL; ++ GSList *headers_stack = NULL; ++ ++ link = g_queue_peek_head_link (part_queue); ++ while (link) { ++ EMailPart *part = link->data; ++ const gchar *id; ++ ++ if (!part) { ++ link = g_list_next (link); ++ continue; ++ } ++ ++ id = e_mail_part_get_id (part); ++ if (!id) { ++ link = g_list_next (link); ++ continue; ++ } ++ ++ if (g_str_has_suffix (id, ".rfc822")) { ++ headers_stack = g_slist_prepend (headers_stack, last_headers); ++ last_headers = NULL; ++ } else if (g_str_has_suffix (id, ".rfc822.end")) { ++ g_warn_if_fail (headers_stack != NULL); ++ ++ if (headers_stack) { ++ last_headers = headers_stack->data; ++ headers_stack = g_slist_remove (headers_stack, last_headers); ++ } else { ++ last_headers = NULL; ++ } ++ } ++ ++ if (g_strcmp0 (e_mail_part_get_mime_type (part), "application/vnd.evolution.headers") == 0) { ++ last_headers = link; ++ link = g_list_next (link); ++ } else if (g_strcmp0 (e_mail_part_get_mime_type (part), "application/vnd.evolution.secure-button") == 0) { ++ g_warn_if_fail (last_headers != NULL); ++ ++ if (last_headers) { ++ GList *next = g_list_next (link); ++ ++ g_warn_if_fail (g_queue_remove (part_queue, part)); ++ g_queue_insert_before (part_queue, last_headers, part); ++ ++ link = next; ++ } else { ++ link = g_list_next (link); ++ } ++ } else { ++ link = g_list_next (link); ++ } ++ } ++ ++ g_warn_if_fail (headers_stack == NULL); ++ g_slist_free (headers_stack); ++} ++ ++static void + mail_parser_run (EMailParser *parser, + EMailPartList *part_list, + GCancellable *cancellable) +@@ -132,6 +193,8 @@ mail_parser_run (EMailParser *parser, + break; + } + ++ mail_parser_move_security_before_headers (&mail_part_queue); ++ + while (!g_queue_is_empty (&mail_part_queue)) { + mail_part = g_queue_pop_head (&mail_part_queue); + e_mail_part_list_add_part (part_list, mail_part); +diff -up evolution-3.28.5/src/em-format/e-mail-parser-inlinepgp-encrypted.c.cve-2018-15587-reposition-signature-bar evolution-3.28.5/src/em-format/e-mail-parser-inlinepgp-encrypted.c +--- evolution-3.28.5/src/em-format/e-mail-parser-inlinepgp-encrypted.c.cve-2018-15587-reposition-signature-bar 2018-07-30 15:37:05.000000000 +0200 ++++ evolution-3.28.5/src/em-format/e-mail-parser-inlinepgp-encrypted.c 2019-10-24 16:21:32.730944332 +0200 +@@ -22,6 +22,7 @@ + + #include + ++#include "e-mail-formatter-utils.h" + #include "e-mail-parser-extension.h" + #include "e-mail-part-utils.h" + +@@ -135,6 +136,10 @@ empe_inlinepgp_encrypted_parse (EMailPar + mail_part, valid, + E_MAIL_PART_VALIDITY_ENCRYPTED | + E_MAIL_PART_VALIDITY_PGP); ++ ++ /* Do not traverse sub-messages */ ++ if (g_str_has_suffix (e_mail_part_get_id (mail_part), ".rfc822")) ++ link = e_mail_formatter_find_rfc822_end_iter (link); + } + + e_queue_transfer (&work_queue, out_mail_parts); +diff -up evolution-3.28.5/src/em-format/e-mail-parser-inlinepgp-signed.c.cve-2018-15587-reposition-signature-bar evolution-3.28.5/src/em-format/e-mail-parser-inlinepgp-signed.c +--- evolution-3.28.5/src/em-format/e-mail-parser-inlinepgp-signed.c.cve-2018-15587-reposition-signature-bar 2018-07-30 15:37:05.000000000 +0200 ++++ evolution-3.28.5/src/em-format/e-mail-parser-inlinepgp-signed.c 2019-10-24 16:21:32.731944332 +0200 +@@ -22,6 +22,7 @@ + + #include + ++#include "e-mail-formatter-utils.h" + #include "e-mail-parser-extension.h" + #include "e-mail-part-utils.h" + +@@ -142,6 +143,10 @@ empe_inlinepgp_signed_parse (EMailParser + mail_part, valid, + E_MAIL_PART_VALIDITY_SIGNED | + E_MAIL_PART_VALIDITY_PGP); ++ ++ /* Do not traverse sub-messages */ ++ if (g_str_has_suffix (e_mail_part_get_id (mail_part), ".rfc822")) ++ link = e_mail_formatter_find_rfc822_end_iter (link); + } + + e_queue_transfer (&work_queue, out_mail_parts); +diff -up evolution-3.28.5/src/em-format/e-mail-parser-multipart-encrypted.c.cve-2018-15587-reposition-signature-bar evolution-3.28.5/src/em-format/e-mail-parser-multipart-encrypted.c +--- evolution-3.28.5/src/em-format/e-mail-parser-multipart-encrypted.c.cve-2018-15587-reposition-signature-bar 2018-07-30 15:37:05.000000000 +0200 ++++ evolution-3.28.5/src/em-format/e-mail-parser-multipart-encrypted.c 2019-10-24 16:21:32.731944332 +0200 +@@ -21,6 +21,7 @@ + + #include + ++#include "e-mail-formatter-utils.h" + #include "e-mail-parser-extension.h" + #include "e-mail-part-utils.h" + +@@ -126,6 +127,10 @@ empe_mp_encrypted_parse (EMailParserExte + mail_part, valid, + E_MAIL_PART_VALIDITY_ENCRYPTED | + E_MAIL_PART_VALIDITY_PGP); ++ ++ /* Do not traverse sub-messages */ ++ if (g_str_has_suffix (e_mail_part_get_id (mail_part), ".rfc822")) ++ link = e_mail_formatter_find_rfc822_end_iter (link); + } + + e_queue_transfer (&work_queue, out_mail_parts); +diff -up evolution-3.28.5/src/em-format/e-mail-parser-multipart-signed.c.cve-2018-15587-reposition-signature-bar evolution-3.28.5/src/em-format/e-mail-parser-multipart-signed.c +--- evolution-3.28.5/src/em-format/e-mail-parser-multipart-signed.c.cve-2018-15587-reposition-signature-bar 2018-07-30 15:37:05.000000000 +0200 ++++ evolution-3.28.5/src/em-format/e-mail-parser-multipart-signed.c 2019-10-24 16:21:32.731944332 +0200 +@@ -21,6 +21,7 @@ + + #include + ++#include "e-mail-formatter-utils.h" + #include "e-mail-parser-extension.h" + #include "e-mail-part-utils.h" + +@@ -170,6 +171,10 @@ empe_mp_signed_parse (EMailParserExtensi + e_mail_part_update_validity ( + mail_part, valid, + validity_type | E_MAIL_PART_VALIDITY_SIGNED); ++ ++ /* Do not traverse sub-messages */ ++ if (g_str_has_suffix (e_mail_part_get_id (mail_part), ".rfc822")) ++ link = e_mail_formatter_find_rfc822_end_iter (link); + } + + e_queue_transfer (&work_queue, out_mail_parts); +diff -up evolution-3.28.5/src/em-format/e-mail-part.c.cve-2018-15587-reposition-signature-bar evolution-3.28.5/src/em-format/e-mail-part.c +--- evolution-3.28.5/src/em-format/e-mail-part.c.cve-2018-15587-reposition-signature-bar 2018-07-30 15:37:05.000000000 +0200 ++++ evolution-3.28.5/src/em-format/e-mail-part.c 2019-10-24 16:21:32.731944332 +0200 +@@ -662,6 +662,15 @@ e_mail_part_update_validity (EMailPart * + + mask = E_MAIL_PART_VALIDITY_PGP | E_MAIL_PART_VALIDITY_SMIME; + ++ /* Auto-add flags when the related part is present */ ++ if (!(validity_type & E_MAIL_PART_VALIDITY_SIGNED) && ++ validity->sign.status != CAMEL_CIPHER_VALIDITY_SIGN_NONE) ++ validity_type |= E_MAIL_PART_VALIDITY_SIGNED; ++ ++ if (!(validity_type & E_MAIL_PART_VALIDITY_ENCRYPTED) && ++ validity->encrypt.status != CAMEL_CIPHER_VALIDITY_ENCRYPT_NONE) ++ validity_type |= E_MAIL_PART_VALIDITY_ENCRYPTED; ++ + pair = mail_part_find_validity_pair (part, validity_type & mask); + if (pair != NULL) { + pair->validity_type |= validity_type; diff --git a/SOURCES/evolution-3.28.5-gala11yetableitem-ref-child.patch b/SOURCES/evolution-3.28.5-gala11yetableitem-ref-child.patch new file mode 100644 index 0000000..d4ecebf --- /dev/null +++ b/SOURCES/evolution-3.28.5-gala11yetableitem-ref-child.patch @@ -0,0 +1,200 @@ +From d928258bb4f3e21973089183463c4dab11558b73 Mon Sep 17 00:00:00 2001 +From: Milan Crha +Date: Wed, 18 Sep 2019 14:12:44 +0200 +Subject: I#624 - GalA11yETableItem: Incorrect implementation of + AtkObjectClass::ref_child() + +Closes https://gitlab.gnome.org/GNOME/evolution/issues/624 + +diff --git a/src/e-util/gal-a11y-e-table-item.c b/src/e-util/gal-a11y-e-table-item.c +index cf06fb3f4f..be302ed09d 100644 +--- a/src/e-util/gal-a11y-e-table-item.c ++++ b/src/e-util/gal-a11y-e-table-item.c +@@ -61,6 +61,7 @@ struct _GalA11yETableItemPrivate { + ESelectionModel *selection; + AtkStateSet *state_set; + GtkWidget *widget; ++ GHashTable *a11y_column_headers; /* ETableCol * ~> GalA11yETableColumnHeader * */ + }; + + static gboolean gal_a11y_e_table_item_ref_selection (GalA11yETableItem *a11y, +@@ -124,6 +125,11 @@ item_finalized (gpointer user_data, + if (priv->selection) + gal_a11y_e_table_item_unref_selection (a11y); + ++ if (priv->columns) { ++ free_columns (priv->columns); ++ priv->columns = NULL; ++ } ++ + g_object_unref (a11y); + } + +@@ -273,11 +279,60 @@ eti_a11y_reset_focus_object (GalA11yETableItem *a11y, + g_signal_emit_by_name (a11y, "active-descendant-changed", cell); + } + ++static void eti_column_header_a11y_gone (gpointer user_data, GObject *a11y_col_header); ++ ++static void ++eti_table_column_gone (gpointer user_data, ++ GObject *col) ++{ ++ GalA11yETableItem *a11y = user_data; ++ GalA11yETableItemPrivate *priv; ++ GalA11yETableColumnHeader *a11y_col_header; ++ ++ g_return_if_fail (GAL_A11Y_IS_E_TABLE_ITEM (a11y)); ++ ++ priv = GET_PRIVATE (a11y); ++ ++ a11y_col_header = g_hash_table_lookup (priv->a11y_column_headers, col); ++ g_hash_table_remove (priv->a11y_column_headers, col); ++ ++ if (a11y_col_header) ++ g_object_weak_unref (G_OBJECT (a11y_col_header), eti_column_header_a11y_gone, a11y); ++} ++ ++static void ++eti_column_header_a11y_gone (gpointer user_data, ++ GObject *a11y_col_header) ++{ ++ GalA11yETableItem *a11y = user_data; ++ GalA11yETableItemPrivate *priv; ++ GHashTableIter iter; ++ gpointer key, value; ++ ++ g_return_if_fail (GAL_A11Y_IS_E_TABLE_ITEM (a11y)); ++ ++ priv = GET_PRIVATE (a11y); ++ ++ g_hash_table_iter_init (&iter, priv->a11y_column_headers); ++ while (g_hash_table_iter_next (&iter, &key, &value)) { ++ ETableCol *col = key; ++ GalA11yETableColumnHeader *stored_a11y_col_header = value; ++ ++ if (((GObject *) stored_a11y_col_header) == a11y_col_header) { ++ g_object_weak_unref (G_OBJECT (col), eti_table_column_gone, a11y); ++ g_hash_table_remove (priv->a11y_column_headers, col); ++ break; ++ } ++ } ++} ++ + static void + eti_dispose (GObject *object) + { + GalA11yETableItem *a11y = GAL_A11Y_E_TABLE_ITEM (object); + GalA11yETableItemPrivate *priv = GET_PRIVATE (a11y); ++ GHashTableIter iter; ++ gpointer key, value; + + if (priv->columns) { + free_columns (priv->columns); +@@ -289,10 +344,35 @@ eti_dispose (GObject *object) + priv->item = NULL; + } + ++ g_clear_object (&priv->state_set); ++ ++ g_hash_table_iter_init (&iter, priv->a11y_column_headers); ++ while (g_hash_table_iter_next (&iter, &key, &value)) { ++ ETableCol *col = key; ++ GalA11yETableColumnHeader *a11y_col_header = value; ++ ++ g_object_weak_unref (G_OBJECT (col), eti_table_column_gone, a11y); ++ g_object_weak_unref (G_OBJECT (a11y_col_header), eti_column_header_a11y_gone, a11y); ++ } ++ ++ g_hash_table_remove_all (priv->a11y_column_headers); ++ + if (parent_class->dispose) + parent_class->dispose (object); + } + ++static void ++eti_finalize (GObject *object) ++{ ++ GalA11yETableItem *a11y = GAL_A11Y_E_TABLE_ITEM (object); ++ GalA11yETableItemPrivate *priv = GET_PRIVATE (a11y); ++ ++ g_hash_table_destroy (priv->a11y_column_headers); ++ ++ if (parent_class->finalize) ++ parent_class->finalize (object); ++} ++ + /* Static functions */ + static gint + eti_get_n_children (AtkObject *accessible) +@@ -318,12 +398,24 @@ eti_ref_child (AtkObject *accessible, + return NULL; + + if (index < item->cols) { ++ GalA11yETableItemPrivate *priv = GET_PRIVATE (accessible); + ETableCol *ecol; + AtkObject *child; + + ecol = e_table_header_get_column (item->header, index); +- child = gal_a11y_e_table_column_header_new (ecol, item, accessible); +- return child; ++ child = g_hash_table_lookup (priv->a11y_column_headers, ecol); ++ ++ if (!child) { ++ child = gal_a11y_e_table_column_header_new (ecol, item, accessible); ++ if (child) { ++ g_hash_table_insert (priv->a11y_column_headers, ecol, child); ++ ++ g_object_weak_ref (G_OBJECT (ecol), eti_table_column_gone, accessible); ++ g_object_weak_ref (G_OBJECT (child), eti_column_header_a11y_gone, accessible); ++ } ++ } ++ ++ return child ? g_object_ref (child) : NULL; + } + index -= item->cols; + +@@ -966,6 +1058,7 @@ eti_header_structure_changed (ETableHeader *eth, + g_free (state); + g_free (reorder); + g_free (prev_state); ++ free_columns (cols); + return; + } + +@@ -1051,6 +1144,7 @@ eti_class_init (GalA11yETableItemClass *class) + parent_class = g_type_class_ref (PARENT_TYPE); + + object_class->dispose = eti_dispose; ++ object_class->finalize = eti_finalize; + + atk_object_class->get_n_children = eti_get_n_children; + atk_object_class->ref_child = eti_ref_child; +@@ -1069,6 +1163,7 @@ eti_init (GalA11yETableItem *a11y) + priv->selection_row_changed_id = 0; + priv->cursor_changed_id = 0; + priv->selection = NULL; ++ priv->a11y_column_headers = g_hash_table_new (g_direct_hash, g_direct_equal); + } + + /* atk selection */ +@@ -1189,14 +1284,17 @@ gal_a11y_e_table_item_new (ETableItem *item) + + accessible = ATK_OBJECT (a11y); + +- GET_PRIVATE (a11y)->item = item; + /* Initialize cell data. */ + GET_PRIVATE (a11y)->cols = item->cols; + GET_PRIVATE (a11y)->rows = item->rows >= 0 ? item->rows : 0; + + GET_PRIVATE (a11y)->columns = e_table_header_get_columns (item->header); +- if (GET_PRIVATE (a11y)->columns == NULL) ++ if (GET_PRIVATE (a11y)->columns == NULL) { ++ g_clear_object (&a11y); + return NULL; ++ } ++ ++ GET_PRIVATE (a11y)->item = item; + + g_signal_connect ( + item, "selection_model_removed", diff --git a/SPECS/evolution.spec b/SPECS/evolution.spec index 6dc3805..2a0b9a1 100644 --- a/SPECS/evolution.spec +++ b/SPECS/evolution.spec @@ -31,7 +31,7 @@ Name: evolution Version: 3.28.5 -Release: 5%{?dist} +Release: 8%{?dist} Group: Applications/Productivity Summary: Mail and calendar client for GNOME License: GPLv2+ and GFDL @@ -68,6 +68,12 @@ Patch05: evolution-3.28.5-task-memo-list-deselect.patch # RH bug #1686614 Patch06: evolution-3.28.5-intltool-cache.patch +# RH bug #1753122 +Patch07: evolution-3.28.5-gala11yetableitem-ref-child.patch + +# RH bug #1686408 +Patch08: evolution-3.28.5-cve-2018-15587-reposition-signature-bar.patch + ## Dependencies ### Requires: evolution-data-server >= %{eds_version} @@ -240,6 +246,8 @@ the functionality of the installed %{name} package. %patch04 -p1 -b .composer-extra-nl-url %patch05 -p1 -b .task-memo-list-deselect %patch06 -p1 -b .intltool-cache +%patch07 -p1 -b .gala11yetableitem-ref-child +%patch08 -p1 -b .cve-2018-15587-reposition-signature-bar # Remove the welcome email from Novell for inbox in src/mail/default/*/Inbox; do @@ -554,6 +562,15 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &>/dev/null || : %endif %changelog +* Thu Oct 24 2019 Milan Crha - 3.28.5-8 +- Update patch for RH bug #1686408 (CVE-2018-15587: Reposition signature bar) + +* Wed Oct 23 2019 Milan Crha - 3.28.5-7 +- Add patch for RH bug #1686408 (CVE-2018-15587: Reposition signature bar) + +* Wed Sep 18 2019 Milan Crha - 3.28.5-6 +- Add patch for RH bug #1753122 (GalA11yETableItem: Incorrect implementation of AtkObjectClass::ref_child()) + * Fri Mar 08 2019 Milan Crha - 3.28.5-5 - Add patch for RH bug #1686614 (Make sure intltool-merge cache is created only once)