diff --git a/evolution.spec b/evolution.spec index 24c7182..d8a3cd2 100644 --- a/evolution.spec +++ b/evolution.spec @@ -15,7 +15,7 @@ ExcludeArch: ia64 alpha Name: evolution Version: 1.0.8 -Release: 10 +Release: 11 License: GPL BuildRoot: %{_tmppath}/%{name}-%{version}-root URL: http://www.ximian.com/ @@ -46,6 +46,14 @@ Patch50: evolution-1.0.8-ldapv3.diff # bugzilla.ximian.com 29784 Patch51: evolution-1.0.8-stackcorrupt.patch +# bug 82374 -- certiain mime text/plain messages cause evo to crash +Patch100: evolution-1.0.8-textcrash-82374.patch + +# security fixes backported from 1.2.2 for CORE-20030304 +Patch200: evolution-1.0.8-dont-use-bonobo-component.patch +Patch201: evolution-1.0.8-safer-contentid-parse.patch +Patch202: evolution-1.0.8-sanity-check-uue-header.patch + Summary: GNOME's next-generation groupware suite Group: Applications/Productivity @@ -123,6 +131,12 @@ personal information-management tool. %patch51 -p1 -b .stackcorrupt +%patch100 -p1 -b .textplain + +%patch200 -p1 -b .bonobocomponent +%patch201 -p1 -b .contentid +%patch202 -p1 -b .uueheader + %build ## build our db 3.1.17 @@ -226,6 +240,13 @@ rm -rf $RPM_BUILD_ROOT %endif %changelog +* Wed Mar 19 2003 Jeremy Katz 1.0.8-11 +- backport security patches from upstream (originally against 1.2.2) + - sanity check UUEncoding header before decoding (CAN-2003-0128) + - don't decode doubly UUEncoded content (CAN-2003-0129) + - don't use a bonobo component to display things without registered + handlers (CAN-2003-0130) + * Tue Sep 3 2002 Jeremy Katz 1.0.8-10 - add freetype-devel to build requires (#73319)