pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2008Q1]: pkgsrc/mail/evolution Pullup ticket #2423 - requested...
details: https://anonhg.NetBSD.org/pkgsrc/rev/a96f0297f570
branches: pkgsrc-2008Q1
changeset: 540422:a96f0297f570
user: tron <tron%pkgsrc.org@localhost>
date: Tue Jun 17 17:36:45 2008 +0000
description:
Pullup ticket #2423 - requested by drochner
Security patch for evolution
Revisions pulled up (via patch):
- mail/evolution/Makefile 1.134
- mail/evolution/distinfo 1.58
- mail/evolution/patches/patch-ac 1.18
- mail/evolution/patches/patch-ad 1.10
---
Module Name: pkgsrc
Committed By: drochner
Date: Thu Jun 5 11:08:08 UTC 2008
Modified Files:
pkgsrc/mail/evolution: Makefile distinfo
Added Files:
pkgsrc/mail/evolution/patches: patch-ac patch-ad
Log Message:
fix two buffer overflows in iCalendar code (CVE-2008-1108, CVE-2008-1109),
patches from upstream CVS, bump PKGREVISION
diffstat:
mail/evolution/Makefile | 4 +-
mail/evolution/distinfo | 4 +-
mail/evolution/patches/patch-ad | 311 ++++++++++++++++++++++++++++++++++++++++
mail/evolution/patches/patch-ae | 62 +++++++
4 files changed, 378 insertions(+), 3 deletions(-)
diffs (truncated from 409 to 300 lines):
diff -r d962e2f979ea -r a96f0297f570 mail/evolution/Makefile
--- a/mail/evolution/Makefile Tue Jun 17 14:58:14 2008 +0000
+++ b/mail/evolution/Makefile Tue Jun 17 17:36:45 2008 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.128 2008/03/05 19:08:05 drochner Exp $
+# $NetBSD: Makefile,v 1.128.2.1 2008/06/17 17:36:45 tron Exp $
DISTNAME= evolution-2.12.3
-PKGREVISION= 2
+PKGREVISION= 3
CATEGORIES= mail time gnome
MASTER_SITES= ${MASTER_SITE_GNOME:=sources/evolution/2.12/}
EXTRACT_SUFX= .tar.bz2
diff -r d962e2f979ea -r a96f0297f570 mail/evolution/distinfo
--- a/mail/evolution/distinfo Tue Jun 17 14:58:14 2008 +0000
+++ b/mail/evolution/distinfo Tue Jun 17 17:36:45 2008 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.54 2008/03/06 14:20:30 drochner Exp $
+$NetBSD: distinfo,v 1.54.2.1 2008/06/17 17:36:45 tron Exp $
SHA1 (evolution-2.12.3.tar.bz2) = 14861dd497e935074424269f2d1e6c11be56abfe
RMD160 (evolution-2.12.3.tar.bz2) = afe803833e213387fde3c180afc91bfc1e792262
@@ -6,3 +6,5 @@
SHA1 (patch-aa) = 6b7a9364a71ee8b9c8bd9084ceded06c7e384a7f
SHA1 (patch-ab) = 871a322eefd1a42e7197da764d49cd1d24f6535d
SHA1 (patch-ac) = 000f7074415772aebc9137277ba45aef6b75ae25
+SHA1 (patch-ad) = bee4e85e901b0cfcbceb27f9abb1df3793a860c9
+SHA1 (patch-ae) = 9841842bf3a9a6dbde27ec4daea05b21ec69f850
diff -r d962e2f979ea -r a96f0297f570 mail/evolution/patches/patch-ad
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/mail/evolution/patches/patch-ad Tue Jun 17 17:36:45 2008 +0000
@@ -0,0 +1,311 @@
+$NetBSD: patch-ad,v 1.9.20.1 2008/06/17 17:36:45 tron Exp $
+
+--- calendar/gui/e-itip-control.c.orig 2007-10-12 09:04:17.000000000 +0200
++++ calendar/gui/e-itip-control.c
+@@ -650,7 +650,7 @@ find_attendee (icalcomponent *ical_comp,
+
+ static void
+ write_label_piece (EItipControl *itip, ECalComponentDateTime *dt,
+- char *buffer, int size,
++ GString *buffer,
+ const char *stext, const char *etext,
+ gboolean just_date)
+ {
+@@ -675,13 +675,13 @@ write_label_piece (EItipControl *itip, E
+ tmp_tm.tm_hour = tmp_tm.tm_min = tmp_tm.tm_sec = 0;
+
+ if (stext != NULL)
+- strcat (buffer, stext);
++ g_string_append (buffer, stext);
+
+ e_time_format_date_and_time (&tmp_tm,
+ calendar_config_get_24_hour_format (),
+ FALSE, FALSE,
+ time_buf, sizeof (time_buf));
+- strcat (buffer, time_buf);
++ g_string_append (buffer, time_buf);
+
+ if (!dt->value->is_utc && dt->tzid) {
+ zone = icalcomponent_get_timezone (priv->top_level, dt->tzid);
+@@ -693,21 +693,21 @@ write_label_piece (EItipControl *itip, E
+ UTF-8. But it probably is not translated. */
+ display_name = icaltimezone_get_display_name (zone);
+ if (display_name && *display_name) {
+- strcat (buffer, " <font size=-1>[");
++ g_string_append_len (buffer, " <font size=-1>[", 16);
+
+ /* We check if it is one of our builtin timezone names,
+ in which case we call gettext to translate it. */
+ if (icaltimezone_get_builtin_timezone (display_name)) {
+- strcat (buffer, _(display_name));
++ g_string_append_printf (buffer, "%s", _(display_name));
+ } else {
+- strcat (buffer, display_name);
++ g_string_append_printf (buffer, "%s", display_name);
+ }
+- strcat (buffer, "]</font>");
++ g_string_append_len (buffer, "]</font>", 8);
+ }
+ }
+
+ if (etext != NULL)
+- strcat (buffer, etext);
++ g_string_append (buffer, etext);
+ }
+
+ static const char *
+@@ -744,19 +744,17 @@ get_dayname (struct icalrecurrencetype *
+
+ static void
+ write_recurrence_piece (EItipControl *itip, ECalComponent *comp,
+- char *buffer, int size)
++ GString *buffer)
+ {
+ GSList *rrules;
+ struct icalrecurrencetype *r;
+- int len, i;
++ int i;
+
+- strcpy (buffer, "<b>Recurring:</b> ");
+- len = strlen (buffer);
+- buffer += len;
+- size -= len;
++ g_string_append_len (buffer, "<b>Recurring:</b> ", 18);
+
+ if (!e_cal_component_has_simple_recurrence (comp)) {
+- strcpy (buffer, _("Yes. (Complex Recurrence)"));
++ g_string_append_printf (
++ buffer, "%s", _("Yes. (Complex Recurrence)"));
+ return;
+ }
+
+@@ -772,7 +770,10 @@ write_recurrence_piece (EItipControl *it
+ Every %d day/days" */
+ /* For Translators : 'Every day' is event Recurring every day */
+ /* For Translators : 'Every %d days' is event Recurring every %d days. %d is a digit */
+- sprintf (buffer, ngettext("Every day", "Every %d days", r->interval), r->interval);
++ g_string_append_printf (
++ buffer, ngettext ("Every day",
++ "Every %d days", r->interval),
++ r->interval);
+ break;
+
+ case ICAL_WEEKLY_RECURRENCE:
+@@ -782,29 +783,36 @@ write_recurrence_piece (EItipControl *it
+ Every %d week/weeks" */
+ /* For Translators : 'Every week' is event Recurring every week */
+ /* For Translators : 'Every %d weeks' is event Recurring every %d weeks. %d is a digit */
+- sprintf (buffer, ngettext("Every week", "Every %d weeks", r->interval), r->interval);
++ g_string_append_printf (
++ buffer, ngettext ("Every week",
++ "Every %d weeks", r->interval),
++ r->interval);
+ } else {
+ /* For Translators : 'Every week on' is event Recurring every week on (dayname) and (dayname) and (dayname) */
+ /* For Translators : 'Every %d weeks on' is event Recurring: every %d weeks on (dayname) and (dayname). %d is a digit */
+- sprintf (buffer, ngettext("Every week on ", "Every %d weeks on ", r->interval), r->interval);
++ g_string_append_printf (
++ buffer, ngettext ("Every week on ",
++ "Every %d weeks on ", r->interval),
++ r->interval);
+
+ for (i = 1; i < 8 && r->by_day[i] != ICAL_RECURRENCE_ARRAY_MAX; i++) {
+ if (i > 1)
+- strcat (buffer, ", ");
+- strcat (buffer, get_dayname (r, i - 1));
++ g_string_append_len (buffer, ", ", 2);
++ g_string_append (buffer, get_dayname (r, i - 1));
+ }
+ if (i > 1)
+ /* For Translators : 'and' is part of the sentence 'event recurring every week on (dayname) and (dayname)' */
+- strcat (buffer, _(" and "));
+- strcat (buffer, get_dayname (r, i - 1));
++ g_string_append_printf (buffer, "%s", _(" and "));
++ g_string_append (buffer, get_dayname (r, i - 1));
+ }
+ break;
+
+ case ICAL_MONTHLY_RECURRENCE:
+ if (r->by_month_day[0] != ICAL_RECURRENCE_ARRAY_MAX) {
+ /* For Translators : 'The %s day of' is part of the sentence 'event recurring on the (nth) day of every month.' */
+- sprintf (buffer, _("The %s day of "),
+- nth (r->by_month_day[0]));
++ g_string_append_printf (
++ buffer, _("The %s day of "),
++ nth (r->by_month_day[0]));
+ } else {
+ int pos;
+
+@@ -818,20 +826,21 @@ write_recurrence_piece (EItipControl *it
+
+ /* For Translators : 'The %s %s of' is part of the sentence 'event recurring on the (nth) (dayname) of every month.'
+ eg,third monday of every month */
+- sprintf (buffer, _("The %s %s of "),
+- nth (pos), get_dayname (r, 0));
++ g_string_append_printf (
++ buffer, _("The %s %s of "),
++ nth (pos), get_dayname (r, 0));
+ }
+
+- len = strlen (buffer);
+- buffer += len;
+- size -= len;
+ /* For Translators: In this can also be translated as "With the period of %d
+ month/months", where %d is a number. The entire sentence is of the form "Recurring:
+ Every %d month/months" */
+ /* For Translators : 'every month' is part of the sentence 'event recurring on the (nth) day of every month.' */
+ /* For Translators : 'every %d months' is part of the sentence 'event recurring on the (nth) day of every %d months.'
+ %d is a digit */
+- sprintf (buffer, ngettext("every month","every %d months", r->interval), r->interval);
++ g_string_append_printf (
++ buffer, ngettext ("every month",
++ "every %d months", r->interval),
++ r->interval);
+ break;
+
+ case ICAL_YEARLY_RECURRENCE:
+@@ -840,20 +849,22 @@ write_recurrence_piece (EItipControl *it
+ Every %d year/years" */
+ /* For Translators : 'Every year' is event Recurring every year */
+ /* For Translators : 'Every %d years' is event Recurring every %d years. %d is a digit */
+- sprintf (buffer, ngettext("Every year", "Every %d years", r->interval), r->interval);
++ g_string_append_printf (
++ buffer, ngettext ("Every year",
++ "Every %d years", r->interval),
++ r->interval);
+ break;
+
+ default:
+ g_return_if_reached ();
+ }
+
+- len = strlen (buffer);
+- buffer += len;
+- size -= len;
+ if (r->count) {
+ /* For Translators:'a total of %d time' is part of the sentence of the form 'event recurring every day,a total of % time.' %d is a digit*/
+ /* For Translators:'a total of %d times' is part of the sentence of the form 'event recurring every day,a total of % times.' %d is a digit*/
+- sprintf (buffer, ngettext("a total of %d time", " a total of %d times", r->count), r->count);
++ g_string_append_printf (
++ buffer, ngettext ("a total of %d time",
++ " a total of %d times", r->count), r->count);
+ } else if (!icaltime_is_null_time (r->until)) {
+ ECalComponentDateTime dt;
+
+@@ -861,12 +872,12 @@ write_recurrence_piece (EItipControl *it
+ dt.value = &r->until;
+ dt.tzid = icaltimezone_get_tzid ((icaltimezone *)r->until.zone);
+
+- write_label_piece (itip, &dt, buffer, size,
++ write_label_piece (itip, &dt, buffer,
+ /* For Translators : ', ending on' is part of the sentence of the form 'event recurring every day, ending on (date).'*/
+ _(", ending on "), NULL, TRUE);
+ }
+
+- strcat (buffer, "<br>");
++ g_string_append_len (buffer, "<br>", 4);
+ }
+
+ static void
+@@ -874,47 +885,51 @@ set_date_label (EItipControl *itip, GtkH
+ ECalComponent *comp)
+ {
+ ECalComponentDateTime datetime;
+- static char buffer[1024];
++ GString *buffer;
+ gchar *str;
+ gboolean wrote = FALSE, task_completed = FALSE;
+ ECalComponentVType type;
+
++ buffer = g_string_sized_new (1024);
+ type = e_cal_component_get_vtype (comp);
+
+- buffer[0] = '\0';
+ e_cal_component_get_dtstart (comp, &datetime);
+ if (datetime.value) {
+ /* For Translators : 'starts' is starts:date implying a task starts on what date */
+ str = g_strdup_printf ("<b>%s:</b>", _("Starts"));
+- write_label_piece (itip, &datetime, buffer, 1024,
+- str,
+- "<br>", FALSE);
+- gtk_html_write (html, html_stream, buffer, strlen(buffer));
++ write_label_piece (itip, &datetime, buffer, str, "<br>", FALSE);
++ gtk_html_write (html, html_stream, buffer->str, buffer->len);
+ wrote = TRUE;
+ g_free (str);
+ }
+ e_cal_component_free_datetime (&datetime);
+
+- buffer[0] = '\0';
++ /* Reset the buffer. */
++ g_string_truncate (buffer, 0);
++
+ e_cal_component_get_dtend (comp, &datetime);
+ if (datetime.value){
+ /* For Translators : 'ends' is ends:date implying a task ends on what date */
+ str = g_strdup_printf ("<b>%s:</b>", _("Ends"));
+- write_label_piece (itip, &datetime, buffer, 1024, str, "<br>", FALSE);
+- gtk_html_write (html, html_stream, buffer, strlen (buffer));
++ write_label_piece (itip, &datetime, buffer, str, "<br>", FALSE);
++ gtk_html_write (html, html_stream, buffer->str, buffer->len);
+ wrote = TRUE;
+ g_free (str);
+ }
+ e_cal_component_free_datetime (&datetime);
+
+- buffer[0] = '\0';
++ /* Reset the buffer. */
++ g_string_truncate (buffer, 0);
++
+ if (e_cal_component_has_recurrences (comp)) {
+- write_recurrence_piece (itip, comp, buffer, 1024);
+- gtk_html_write (html, html_stream, buffer, strlen (buffer));
++ write_recurrence_piece (itip, comp, buffer);
++ gtk_html_write (html, html_stream, buffer->str, buffer->len);
+ wrote = TRUE;
+ }
+
+- buffer[0] = '\0';
Home |
Main Index |
Thread Index |
Old Index