pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2008Q1]: pkgsrc/mail/evolution Pullup ticket #2423 - requested...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/a96f0297f570
branches:  pkgsrc-2008Q1
changeset: 540422:a96f0297f570
user:      tron <tron%pkgsrc.org@localhost>
date:      Tue Jun 17 17:36:45 2008 +0000

description:
Pullup ticket #2423 - requested by drochner
Security patch for evolution

Revisions pulled up (via patch):
- mail/evolution/Makefile               1.134
- mail/evolution/distinfo               1.58
- mail/evolution/patches/patch-ac       1.18
- mail/evolution/patches/patch-ad       1.10
---
    Module Name:    pkgsrc
    Committed By:   drochner
    Date:           Thu Jun  5 11:08:08 UTC 2008

    Modified Files:
            pkgsrc/mail/evolution: Makefile distinfo
    Added Files:
            pkgsrc/mail/evolution/patches: patch-ac patch-ad

    Log Message:
    fix two buffer overflows in iCalendar code (CVE-2008-1108, CVE-2008-1109),
    patches from upstream CVS, bump PKGREVISION

diffstat:

 mail/evolution/Makefile         |    4 +-
 mail/evolution/distinfo         |    4 +-
 mail/evolution/patches/patch-ad |  311 ++++++++++++++++++++++++++++++++++++++++
 mail/evolution/patches/patch-ae |   62 +++++++
 4 files changed, 378 insertions(+), 3 deletions(-)

diffs (truncated from 409 to 300 lines):

diff -r d962e2f979ea -r a96f0297f570 mail/evolution/Makefile
--- a/mail/evolution/Makefile   Tue Jun 17 14:58:14 2008 +0000
+++ b/mail/evolution/Makefile   Tue Jun 17 17:36:45 2008 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.128 2008/03/05 19:08:05 drochner Exp $
+# $NetBSD: Makefile,v 1.128.2.1 2008/06/17 17:36:45 tron Exp $
 
 DISTNAME=              evolution-2.12.3
-PKGREVISION=           2
+PKGREVISION=           3
 CATEGORIES=            mail time gnome
 MASTER_SITES=          ${MASTER_SITE_GNOME:=sources/evolution/2.12/}
 EXTRACT_SUFX=          .tar.bz2
diff -r d962e2f979ea -r a96f0297f570 mail/evolution/distinfo
--- a/mail/evolution/distinfo   Tue Jun 17 14:58:14 2008 +0000
+++ b/mail/evolution/distinfo   Tue Jun 17 17:36:45 2008 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.54 2008/03/06 14:20:30 drochner Exp $
+$NetBSD: distinfo,v 1.54.2.1 2008/06/17 17:36:45 tron Exp $
 
 SHA1 (evolution-2.12.3.tar.bz2) = 14861dd497e935074424269f2d1e6c11be56abfe
 RMD160 (evolution-2.12.3.tar.bz2) = afe803833e213387fde3c180afc91bfc1e792262
@@ -6,3 +6,5 @@
 SHA1 (patch-aa) = 6b7a9364a71ee8b9c8bd9084ceded06c7e384a7f
 SHA1 (patch-ab) = 871a322eefd1a42e7197da764d49cd1d24f6535d
 SHA1 (patch-ac) = 000f7074415772aebc9137277ba45aef6b75ae25
+SHA1 (patch-ad) = bee4e85e901b0cfcbceb27f9abb1df3793a860c9
+SHA1 (patch-ae) = 9841842bf3a9a6dbde27ec4daea05b21ec69f850
diff -r d962e2f979ea -r a96f0297f570 mail/evolution/patches/patch-ad
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/mail/evolution/patches/patch-ad   Tue Jun 17 17:36:45 2008 +0000
@@ -0,0 +1,311 @@
+$NetBSD: patch-ad,v 1.9.20.1 2008/06/17 17:36:45 tron Exp $
+
+--- calendar/gui/e-itip-control.c.orig 2007-10-12 09:04:17.000000000 +0200
++++ calendar/gui/e-itip-control.c
+@@ -650,7 +650,7 @@ find_attendee (icalcomponent *ical_comp,
+ 
+ static void
+ write_label_piece (EItipControl *itip, ECalComponentDateTime *dt,
+-                 char *buffer, int size,
++                   GString *buffer,
+                  const char *stext, const char *etext,
+                  gboolean just_date)
+ {
+@@ -675,13 +675,13 @@ write_label_piece (EItipControl *itip, E
+               tmp_tm.tm_hour = tmp_tm.tm_min = tmp_tm.tm_sec = 0;
+ 
+       if (stext != NULL)
+-              strcat (buffer, stext);
++              g_string_append (buffer, stext);
+ 
+       e_time_format_date_and_time (&tmp_tm,
+                                    calendar_config_get_24_hour_format (),
+                                    FALSE, FALSE,
+                                    time_buf, sizeof (time_buf));
+-      strcat (buffer, time_buf);
++      g_string_append (buffer, time_buf);
+ 
+       if (!dt->value->is_utc && dt->tzid) {
+               zone = icalcomponent_get_timezone (priv->top_level, dt->tzid);
+@@ -693,21 +693,21 @@ write_label_piece (EItipControl *itip, E
+                  UTF-8. But it probably is not translated. */
+               display_name = icaltimezone_get_display_name (zone);
+               if (display_name && *display_name) {
+-                      strcat (buffer, " <font size=-1>[");
++                      g_string_append_len (buffer, " <font size=-1>[", 16);
+ 
+                       /* We check if it is one of our builtin timezone names,
+                          in which case we call gettext to translate it. */
+                       if (icaltimezone_get_builtin_timezone (display_name)) {
+-                              strcat (buffer, _(display_name));
++                              g_string_append_printf (buffer, "%s", _(display_name));
+                       } else {
+-                              strcat (buffer, display_name);
++                              g_string_append_printf (buffer, "%s", display_name);
+                       }
+-                      strcat (buffer, "]</font>");
++                      g_string_append_len (buffer, "]</font>", 8);
+               }
+       }
+ 
+       if (etext != NULL)
+-              strcat (buffer, etext);
++              g_string_append (buffer, etext);
+ }
+ 
+ static const char *
+@@ -744,19 +744,17 @@ get_dayname (struct icalrecurrencetype *
+ 
+ static void
+ write_recurrence_piece (EItipControl *itip, ECalComponent *comp,
+-                      char *buffer, int size)
++                        GString *buffer)
+ {
+       GSList *rrules;
+       struct icalrecurrencetype *r;
+-      int len, i;
++      int i;
+ 
+-      strcpy (buffer, "<b>Recurring:</b> ");
+-      len = strlen (buffer);
+-      buffer += len;
+-      size -= len;
++      g_string_append_len (buffer, "<b>Recurring:</b> ", 18);
+ 
+       if (!e_cal_component_has_simple_recurrence (comp)) {
+-              strcpy (buffer, _("Yes. (Complex Recurrence)"));
++              g_string_append_printf (
++                      buffer, "%s", _("Yes. (Complex Recurrence)"));
+               return;
+       }
+ 
+@@ -772,7 +770,10 @@ write_recurrence_piece (EItipControl *it
+                  Every %d day/days" */
+               /* For Translators : 'Every day' is event Recurring every day */
+               /* For Translators : 'Every %d days' is event Recurring every %d days. %d is a digit */
+-              sprintf (buffer, ngettext("Every day", "Every %d days", r->interval), r->interval);
++              g_string_append_printf (
++                      buffer, ngettext ("Every day",
++                      "Every %d days", r->interval),
++                      r->interval);
+               break;
+ 
+       case ICAL_WEEKLY_RECURRENCE:
+@@ -782,29 +783,36 @@ write_recurrence_piece (EItipControl *it
+                          Every %d week/weeks" */                      
+                       /* For Translators : 'Every week' is event Recurring every week */
+                       /* For Translators : 'Every %d weeks' is event Recurring every %d weeks. %d is a digit */
+-                      sprintf (buffer, ngettext("Every week", "Every %d weeks", r->interval), r->interval);
++                      g_string_append_printf (
++                              buffer, ngettext ("Every week",
++                              "Every %d weeks", r->interval),
++                              r->interval);
+               } else {
+                       /* For Translators : 'Every week on' is event Recurring every week on (dayname) and (dayname) and (dayname) */
+                       /* For Translators : 'Every %d weeks on' is event Recurring: every %d weeks on (dayname) and (dayname). %d is a digit */
+-                      sprintf (buffer, ngettext("Every week on ", "Every %d weeks on ", r->interval), r->interval);
++                      g_string_append_printf (
++                              buffer, ngettext ("Every week on ",
++                              "Every %d weeks on ", r->interval),
++                              r->interval);
+ 
+                       for (i = 1; i < 8 && r->by_day[i] != ICAL_RECURRENCE_ARRAY_MAX; i++) {
+                               if (i > 1)
+-                                      strcat (buffer, ", ");
+-                              strcat (buffer, get_dayname (r, i - 1));
++                                      g_string_append_len (buffer, ", ", 2);
++                              g_string_append (buffer, get_dayname (r, i - 1));
+                       }
+                       if (i > 1)
+                               /* For Translators : 'and' is part of the sentence 'event recurring every week on (dayname) and (dayname)' */
+-                              strcat (buffer, _(" and "));
+-                      strcat (buffer, get_dayname (r, i - 1));
++                              g_string_append_printf (buffer, "%s", _(" and "));
++                      g_string_append (buffer, get_dayname (r, i - 1));
+               }
+               break;
+ 
+       case ICAL_MONTHLY_RECURRENCE:
+               if (r->by_month_day[0] != ICAL_RECURRENCE_ARRAY_MAX) {
+                       /* For Translators : 'The %s day of' is part of the sentence 'event recurring on the (nth) day of every month.' */
+-                      sprintf (buffer, _("The %s day of "),
+-                               nth (r->by_month_day[0]));
++                      g_string_append_printf (
++                              buffer, _("The %s day of "),
++                              nth (r->by_month_day[0]));
+               } else {
+                       int pos;
+ 
+@@ -818,20 +826,21 @@ write_recurrence_piece (EItipControl *it
+ 
+                       /* For Translators : 'The %s %s of' is part of the sentence 'event recurring on the (nth) (dayname) of every month.'
+                          eg,third monday of every month */
+-                      sprintf (buffer, _("The %s %s of "),
+-                               nth (pos), get_dayname (r, 0));
++                      g_string_append_printf (
++                              buffer, _("The %s %s of "),
++                              nth (pos), get_dayname (r, 0));
+               }
+ 
+-              len = strlen (buffer);
+-              buffer += len;
+-              size -= len;
+               /* For Translators: In this can also be translated as "With the period of %d
+                  month/months", where %d is a number. The entire sentence is of the form "Recurring:
+                  Every %d month/months" */            
+               /* For Translators : 'every month' is part of the sentence 'event recurring on the (nth) day of every month.' */
+               /* For Translators : 'every %d months' is part of the sentence 'event recurring on the (nth) day of every %d months.'
+                %d is a digit */
+-              sprintf (buffer, ngettext("every month","every %d months", r->interval), r->interval);
++              g_string_append_printf (
++                      buffer, ngettext ("every month",
++                      "every %d months", r->interval),
++                      r->interval);
+               break;
+ 
+       case ICAL_YEARLY_RECURRENCE:
+@@ -840,20 +849,22 @@ write_recurrence_piece (EItipControl *it
+                  Every %d year/years" */              
+               /* For Translators : 'Every year' is event Recurring every year */
+               /* For Translators : 'Every %d years' is event Recurring every %d years. %d is a digit */
+-              sprintf (buffer, ngettext("Every year", "Every %d years", r->interval), r->interval);
++              g_string_append_printf (
++                      buffer, ngettext ("Every year",
++                      "Every %d years", r->interval),
++                      r->interval);
+               break;
+ 
+       default:
+               g_return_if_reached ();
+       }
+ 
+-      len = strlen (buffer);
+-      buffer += len;
+-      size -= len;
+       if (r->count) {
+             /* For Translators:'a total of %d time' is part of the sentence of the form 'event recurring every day,a total of % time.' %d is a digit*/
+             /* For Translators:'a total of %d times' is part of the sentence of the form 'event recurring every day,a total of % times.' %d is a digit*/
+-              sprintf (buffer, ngettext("a total of %d time", " a total of %d times", r->count), r->count);
++              g_string_append_printf (
++                      buffer, ngettext ("a total of %d time",
++                      " a total of %d times", r->count), r->count);
+       } else if (!icaltime_is_null_time (r->until)) {
+               ECalComponentDateTime dt;
+ 
+@@ -861,12 +872,12 @@ write_recurrence_piece (EItipControl *it
+               dt.value = &r->until;
+               dt.tzid = icaltimezone_get_tzid ((icaltimezone *)r->until.zone);
+ 
+-              write_label_piece (itip, &dt, buffer, size,
++              write_label_piece (itip, &dt, buffer, 
+                                  /* For Translators : ', ending on' is part of the sentence of the form 'event recurring every day, ending on (date).'*/
+                                  _(", ending on "), NULL, TRUE);
+       }
+ 
+-      strcat (buffer, "<br>");
++      g_string_append_len (buffer, "<br>", 4);
+ }
+ 
+ static void
+@@ -874,47 +885,51 @@ set_date_label (EItipControl *itip, GtkH
+               ECalComponent *comp)
+ {
+       ECalComponentDateTime datetime;
+-      static char buffer[1024];
++      GString *buffer;
+       gchar *str;
+       gboolean wrote = FALSE, task_completed = FALSE;
+       ECalComponentVType type;
+ 
++      buffer = g_string_sized_new (1024);
+       type = e_cal_component_get_vtype (comp);
+ 
+-      buffer[0] = '\0';
+       e_cal_component_get_dtstart (comp, &datetime);
+       if (datetime.value) {
+               /* For Translators : 'starts' is starts:date implying a task starts on what date */
+               str = g_strdup_printf ("<b>%s:</b>", _("Starts"));
+-              write_label_piece (itip, &datetime, buffer, 1024,
+-                                str,
+-                                 "<br>", FALSE);
+-              gtk_html_write (html, html_stream, buffer, strlen(buffer));
++              write_label_piece (itip, &datetime, buffer, str, "<br>", FALSE);
++              gtk_html_write (html, html_stream, buffer->str, buffer->len);
+               wrote = TRUE;
+               g_free (str);
+       }
+       e_cal_component_free_datetime (&datetime);
+ 
+-      buffer[0] = '\0';
++      /* Reset the buffer. */
++      g_string_truncate (buffer, 0);
++
+       e_cal_component_get_dtend (comp, &datetime);
+       if (datetime.value){
+               /* For Translators : 'ends' is ends:date implying a task ends on what date */
+               str = g_strdup_printf ("<b>%s:</b>", _("Ends"));
+-              write_label_piece (itip, &datetime, buffer, 1024, str, "<br>", FALSE);
+-              gtk_html_write (html, html_stream, buffer, strlen (buffer));
++              write_label_piece (itip, &datetime, buffer, str, "<br>", FALSE);
++              gtk_html_write (html, html_stream, buffer->str, buffer->len);
+               wrote = TRUE;
+               g_free (str);
+       }
+       e_cal_component_free_datetime (&datetime);
+ 
+-      buffer[0] = '\0';
++      /* Reset the buffer. */
++      g_string_truncate (buffer, 0);
++
+       if (e_cal_component_has_recurrences (comp)) {
+-              write_recurrence_piece (itip, comp, buffer, 1024);
+-              gtk_html_write (html, html_stream, buffer, strlen (buffer));
++              write_recurrence_piece (itip, comp, buffer);
++              gtk_html_write (html, html_stream, buffer->str, buffer->len);
+               wrote = TRUE;
+       }
+ 
+-      buffer[0] = '\0';



Home | Main Index | Thread Index | Old Index