evolution-data-server/SOURCES/evolution-data-server-3.28.5-cve-2019-3890.patch

19 lines
1.1 KiB
Diff
Raw Permalink Normal View History

diff -up evolution-data-server-3.28.5/src/libedataserver/e-data-server-util.c.cve-2019-3890 evolution-data-server-3.28.5/src/libedataserver/e-data-server-util.c
--- evolution-data-server-3.28.5/src/libedataserver/e-data-server-util.c.cve-2019-3890 2019-04-15 09:25:49.273786456 +0200
+++ evolution-data-server-3.28.5/src/libedataserver/e-data-server-util.c 2019-04-15 09:35:00.784778830 +0200
@@ -3147,11 +3147,13 @@ e_util_can_use_collection_as_credential_
if (can_use_collection) {
gchar *method_source, *method_collection;
- /* Also check the method; if different, then rather not use the collection */
+ /* Also check the method; if different, then rather not use the collection.
+ Consider 'none' method on the child as the same as the collection method. */
method_source = e_source_authentication_dup_method (auth_source);
method_collection = e_source_authentication_dup_method (auth_collection);
can_use_collection = !method_source || !method_collection ||
+ g_ascii_strcasecmp (method_source, "none") == 0 ||
g_ascii_strcasecmp (method_source, method_collection) == 0;
g_free (method_source);