[pkgsrc/trunk]: pkgsrc/mail/evolution-data-server add a patch from Gnome bug ...

[drochner <drochner%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/e29ea842ca36
branches:  trunk
changeset: 530362:e29ea842ca36
user:      drochner <drochner%pkgsrc.org@localhost>
date:      Tue Jun 26 17:24:10 2007 +0000

description:
add a patch from Gnome bug #447414 to fix CVE-2007-3257
(possible code injection by remote IMAP servers due to missing
validation of an integer value used as array index)
bump PKGREVISION

diffstat:

 mail/evolution-data-server/Makefile         |   4 ++--
 mail/evolution-data-server/distinfo         |   3 ++-
 mail/evolution-data-server/patches/patch-as |  22 ++++++++++++++++++++++
 3 files changed, 26 insertions(+), 3 deletions(-)

diffs (54 lines):

diff -r 088d342ae329 -r e29ea842ca36 mail/evolution-data-server/Makefile
--- a/mail/evolution-data-server/Makefile       Tue Jun 26 15:31:34 2007 +0000
+++ b/mail/evolution-data-server/Makefile       Tue Jun 26 17:24:10 2007 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.54 2007/06/05 05:37:08 wiz Exp $
+# $NetBSD: Makefile,v 1.55 2007/06/26 17:24:10 drochner Exp $
 #
 
 DISTNAME=      evolution-data-server-1.10.1
-PKGREVISION=   1
+PKGREVISION=   2
 CATEGORIES=    mail gnome
 MASTER_SITES=  ${MASTER_SITE_GNOME:=sources/evolution-data-server/1.10/}
 EXTRACT_SUFX=  .tar.bz2
diff -r 088d342ae329 -r e29ea842ca36 mail/evolution-data-server/distinfo
--- a/mail/evolution-data-server/distinfo       Tue Jun 26 15:31:34 2007 +0000
+++ b/mail/evolution-data-server/distinfo       Tue Jun 26 17:24:10 2007 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.35 2007/04/10 20:24:22 drochner Exp $
+$NetBSD: distinfo,v 1.36 2007/06/26 17:24:10 drochner Exp $
 
 SHA1 (evolution-data-server-1.10.1.tar.bz2) = 69691cf6fcbe43d5ff485c49755effd8fa8681be
 RMD160 (evolution-data-server-1.10.1.tar.bz2) = edf55c74c458ed849635ace52340615017ad6a6d
@@ -9,3 +9,4 @@
 SHA1 (patch-ao) = c98089bab9110eb29339e529fb88b01dbe454623
 SHA1 (patch-aq) = 375d592b72f59fa70160bf23aa260338d350c517
 SHA1 (patch-ar) = b6b92b068f94954d435cff11543a4de7d07712ac
+SHA1 (patch-as) = 509f9994f375f853a932ccd2bab5a028c1433a23
diff -r 088d342ae329 -r e29ea842ca36 mail/evolution-data-server/patches/patch-as
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/mail/evolution-data-server/patches/patch-as       Tue Jun 26 17:24:10 2007 +0000
@@ -0,0 +1,22 @@
+$NetBSD: patch-as,v 1.1 2007/06/26 17:24:11 drochner Exp $
+
+--- ./camel/providers/imap/camel-imap-folder.c.orig    2007-06-26 17:31:25.000000000 +0200
++++ ./camel/providers/imap/camel-imap-folder.c
+@@ -655,7 +655,7 @@ imap_rescan (CamelFolder *folder, int ex
+               uid = g_datalist_get_data (&data, "UID");
+               flags = GPOINTER_TO_UINT (g_datalist_get_data (&data, "FLAGS"));
+               
+-              if (!uid || !seq || seq > summary_len) {
++              if (!uid || !seq || seq > summary_len || seq < 0) {
+                       g_datalist_clear (&data);
+                       continue;
+               }
+@@ -2789,7 +2789,7 @@ parse_fetch_response (CamelImapFolder *i
+               
+               if (*response != '*' || *(response + 1) != ' ')
+                       return NULL;
+-              seq = strtol (response + 2, &response, 10);
++              seq = strtoul (response + 2, &response, 10);
+               if (seq == 0)
+                       return NULL;
+               if (g_ascii_strncasecmp (response, " FETCH (", 8) != 0)