import evolution-data-server-3.28.5-15.el8
This commit is contained in:
parent
bf4b6c4f20
commit
77730962d9
91
SOURCES/evolution-data-server-3.28.5-CVE-2020-14928.patch
Normal file
91
SOURCES/evolution-data-server-3.28.5-CVE-2020-14928.patch
Normal file
@ -0,0 +1,91 @@
|
||||
diff -up evolution-data-server-3.28.5/src/camel/camel-stream-buffer.c.CVE-2020-14928 evolution-data-server-3.28.5/src/camel/camel-stream-buffer.c
|
||||
--- evolution-data-server-3.28.5/src/camel/camel-stream-buffer.c.CVE-2020-14928 2018-07-30 15:17:06.000000000 +0200
|
||||
+++ evolution-data-server-3.28.5/src/camel/camel-stream-buffer.c 2020-07-23 10:26:57.962555350 +0200
|
||||
@@ -524,3 +524,22 @@ camel_stream_buffer_read_line (CamelStre
|
||||
|
||||
return g_strdup ((gchar *) sbf->priv->linebuf);
|
||||
}
|
||||
+
|
||||
+/*
|
||||
+ * camel_stream_buffer_discard_cache:
|
||||
+ * @sbf: a #CamelStreamBuffer
|
||||
+ *
|
||||
+ * Discards any cached data in the @sbf. The next read reads
|
||||
+ * from the stream.
|
||||
+ *
|
||||
+ * Since: 3.28.5-14
|
||||
+ */
|
||||
+void
|
||||
+camel_stream_buffer_discard_cache (CamelStreamBuffer *sbf)
|
||||
+{
|
||||
+ g_return_if_fail (CAMEL_IS_STREAM_BUFFER (sbf));
|
||||
+
|
||||
+ sbf->priv->ptr = sbf->priv->buf;
|
||||
+ sbf->priv->end = sbf->priv->buf;
|
||||
+ sbf->priv->ptr[0] = '\0';
|
||||
+}
|
||||
diff -up evolution-data-server-3.28.5/src/camel/camel-stream-buffer.h.CVE-2020-14928 evolution-data-server-3.28.5/src/camel/camel-stream-buffer.h
|
||||
--- evolution-data-server-3.28.5/src/camel/camel-stream-buffer.h.CVE-2020-14928 2018-07-30 15:17:06.000000000 +0200
|
||||
+++ evolution-data-server-3.28.5/src/camel/camel-stream-buffer.h 2020-07-23 10:26:57.963555348 +0200
|
||||
@@ -93,6 +93,8 @@ gint camel_stream_buffer_gets (CamelStr
|
||||
gchar * camel_stream_buffer_read_line (CamelStreamBuffer *sbf,
|
||||
GCancellable *cancellable,
|
||||
GError **error);
|
||||
+void camel_stream_buffer_discard_cache
|
||||
+ (CamelStreamBuffer *sbf);
|
||||
|
||||
G_END_DECLS
|
||||
|
||||
diff -up evolution-data-server-3.28.5/src/camel/providers/pop3/camel-pop3-store.c.CVE-2020-14928 evolution-data-server-3.28.5/src/camel/providers/pop3/camel-pop3-store.c
|
||||
--- evolution-data-server-3.28.5/src/camel/providers/pop3/camel-pop3-store.c.CVE-2020-14928 2018-07-30 15:17:06.000000000 +0200
|
||||
+++ evolution-data-server-3.28.5/src/camel/providers/pop3/camel-pop3-store.c 2020-07-23 10:26:57.963555348 +0200
|
||||
@@ -208,6 +208,8 @@ connect_to_server (CamelService *service
|
||||
|
||||
if (tls_stream != NULL) {
|
||||
camel_stream_set_base_stream (stream, tls_stream);
|
||||
+ /* Truncate any left cached input from the insecure part of the session */
|
||||
+ camel_pop3_stream_discard_cache (pop3_engine->stream);
|
||||
g_object_unref (tls_stream);
|
||||
} else {
|
||||
g_prefix_error (
|
||||
diff -up evolution-data-server-3.28.5/src/camel/providers/pop3/camel-pop3-stream.c.CVE-2020-14928 evolution-data-server-3.28.5/src/camel/providers/pop3/camel-pop3-stream.c
|
||||
--- evolution-data-server-3.28.5/src/camel/providers/pop3/camel-pop3-stream.c.CVE-2020-14928 2018-07-30 15:17:06.000000000 +0200
|
||||
+++ evolution-data-server-3.28.5/src/camel/providers/pop3/camel-pop3-stream.c 2020-07-23 10:26:57.963555348 +0200
|
||||
@@ -457,3 +457,14 @@ camel_pop3_stream_getd (CamelPOP3Stream
|
||||
|
||||
return 1;
|
||||
}
|
||||
+
|
||||
+void
|
||||
+camel_pop3_stream_discard_cache (CamelPOP3Stream *is)
|
||||
+{
|
||||
+ if (is) {
|
||||
+ is->ptr = is->end = is->buf;
|
||||
+ is->lineptr = is->linebuf;
|
||||
+ is->lineend = is->linebuf + CAMEL_POP3_STREAM_LINE_SIZE;
|
||||
+ is->ptr[0] = '\n';
|
||||
+ }
|
||||
+}
|
||||
diff -up evolution-data-server-3.28.5/src/camel/providers/pop3/camel-pop3-stream.h.CVE-2020-14928 evolution-data-server-3.28.5/src/camel/providers/pop3/camel-pop3-stream.h
|
||||
--- evolution-data-server-3.28.5/src/camel/providers/pop3/camel-pop3-stream.h.CVE-2020-14928 2018-07-30 15:17:06.000000000 +0200
|
||||
+++ evolution-data-server-3.28.5/src/camel/providers/pop3/camel-pop3-stream.h 2020-07-23 10:26:57.963555348 +0200
|
||||
@@ -87,6 +87,7 @@ gint camel_pop3_stream_getd (CamelPOP3
|
||||
guint *len,
|
||||
GCancellable *cancellable,
|
||||
GError **error);
|
||||
+void camel_pop3_stream_discard_cache (CamelPOP3Stream *is);
|
||||
|
||||
G_END_DECLS
|
||||
|
||||
diff -up evolution-data-server-3.28.5/src/camel/providers/smtp/camel-smtp-transport.c.CVE-2020-14928 evolution-data-server-3.28.5/src/camel/providers/smtp/camel-smtp-transport.c
|
||||
--- evolution-data-server-3.28.5/src/camel/providers/smtp/camel-smtp-transport.c.CVE-2020-14928 2018-07-30 15:17:06.000000000 +0200
|
||||
+++ evolution-data-server-3.28.5/src/camel/providers/smtp/camel-smtp-transport.c 2020-07-23 10:26:57.963555348 +0200
|
||||
@@ -319,6 +319,8 @@ connect_to_server (CamelService *service
|
||||
|
||||
if (tls_stream != NULL) {
|
||||
camel_stream_set_base_stream (stream, tls_stream);
|
||||
+ /* Truncate any left cached input from the insecure part of the session */
|
||||
+ camel_stream_buffer_discard_cache (transport->istream);
|
||||
g_object_unref (tls_stream);
|
||||
} else {
|
||||
g_prefix_error (
|
13
SOURCES/evolution-data-server-3.28.5-CVE-2020-16117.patch
Normal file
13
SOURCES/evolution-data-server-3.28.5-CVE-2020-16117.patch
Normal file
@ -0,0 +1,13 @@
|
||||
diff -up evolution-data-server-3.28.5/src/camel/providers/imapx/camel-imapx-server.c.CVE-2020-16117 evolution-data-server-3.28.5/src/camel/providers/imapx/camel-imapx-server.c
|
||||
--- evolution-data-server-3.28.5/src/camel/providers/imapx/camel-imapx-server.c.CVE-2020-16117 2018-07-30 15:17:06.000000000 +0200
|
||||
+++ evolution-data-server-3.28.5/src/camel/providers/imapx/camel-imapx-server.c 2020-09-30 09:10:32.240788043 +0200
|
||||
@@ -2979,7 +2979,8 @@ connected:
|
||||
|
||||
/* See if we got new capabilities
|
||||
* in the STARTTLS response. */
|
||||
- imapx_free_capability (is->priv->cinfo);
|
||||
+ if (is->priv->cinfo)
|
||||
+ imapx_free_capability (is->priv->cinfo);
|
||||
is->priv->cinfo = NULL;
|
||||
if (ic->status->condition == IMAPX_CAPABILITY) {
|
||||
is->priv->cinfo = ic->status->u.cinfo;
|
@ -32,7 +32,7 @@
|
||||
|
||||
Name: evolution-data-server
|
||||
Version: 3.28.5
|
||||
Release: 13%{?dist}
|
||||
Release: 15%{?dist}
|
||||
Group: System Environment/Libraries
|
||||
Summary: Backend data server for Evolution
|
||||
License: LGPLv2+
|
||||
@ -82,6 +82,12 @@ Patch09: evolution-data-server-3.28.5-delay-new-module-load.patch
|
||||
# RH bug #1791547
|
||||
Patch10: evolution-data-server-3.28.5-test-cal-meta-backend-without-evolution.patch
|
||||
|
||||
# RH bug #1859141
|
||||
Patch11: evolution-data-server-3.28.5-CVE-2020-14928.patch
|
||||
|
||||
# RH bug #1862403
|
||||
Patch12: evolution-data-server-3.28.5-CVE-2020-16117.patch
|
||||
|
||||
### Dependencies ###
|
||||
|
||||
Requires: dconf
|
||||
@ -211,6 +217,8 @@ the functionality of the installed %{name} package.
|
||||
%patch08 -p1 -b .cve-2019-3890
|
||||
%patch09 -p1 -b .delay-new-module-load
|
||||
%patch10 -p1 -b .test-cal-meta-backend-without-evolution
|
||||
%patch11 -p1 -b .CVE-2020-14928
|
||||
%patch12 -p1 -b .CVE-2020-16117
|
||||
|
||||
%build
|
||||
|
||||
@ -472,6 +480,12 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &>/dev/null || :
|
||||
%{_datadir}/installed-tests
|
||||
|
||||
%changelog
|
||||
* Wed Sep 30 2020 Milan Crha <mcrha@redhat.com> - 3.28.5-15
|
||||
- Resolves: #1862403 (CVE-2020-16117: Crash on malformed server response with minimal capabilities)
|
||||
|
||||
* Thu Jul 23 2020 Milan Crha <mcrha@redhat.com> - 3.28.5-14
|
||||
- Resolves: #1859141 (CVE-2020-14928: Response Injection via STARTTLS in SMTP and POP3)
|
||||
|
||||
* Thu Jan 16 2020 Milan Crha <mcrha@redhat.com> - 3.28.5-13
|
||||
- Resolves: #1791547 (test-cal-meta-backend cannot run without installed Evolution)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user