summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'gnome-extra/evolution-data-server/files/evolution-data-server-2.24.5-CVE-2009-0547.patch')
-rw-r--r--gnome-extra/evolution-data-server/files/evolution-data-server-2.24.5-CVE-2009-0547.patch105
1 files changed, 105 insertions, 0 deletions
diff --git a/gnome-extra/evolution-data-server/files/evolution-data-server-2.24.5-CVE-2009-0547.patch b/gnome-extra/evolution-data-server/files/evolution-data-server-2.24.5-CVE-2009-0547.patch
new file mode 100644
index 000000000000..b527c8021ba1
--- /dev/null
+++ b/gnome-extra/evolution-data-server/files/evolution-data-server-2.24.5-CVE-2009-0547.patch
@@ -0,0 +1,105 @@
+diff --exclude-from=/home/dang/.scripts/diffrc -up -ruN evolution-data-server-2.24.5.orig/camel/camel-smime-context.c evolution-data-server-2.24.5/camel/camel-smime-context.c
+--- evolution-data-server-2.24.5.orig/camel/camel-smime-context.c 2008-09-22 06:53:58.000000000 -0400
++++ evolution-data-server-2.24.5/camel/camel-smime-context.c 2009-03-07 14:52:57.000000000 -0500
+@@ -40,6 +40,7 @@
+ #include <smime.h>
+ #include <pkcs11t.h>
+ #include <pk11func.h>
++#include <secoid.h>
+
+ #include <errno.h>
+
+@@ -534,6 +535,7 @@ sm_verify_cmsg(CamelCipherContext *conte
+ for (i = 0; i < count; i++) {
+ NSSCMSContentInfo *cinfo = NSS_CMSMessage_ContentLevel(cmsg, i);
+ SECOidTag typetag = NSS_CMSContentInfo_GetContentTypeTag(cinfo);
++ int which_digest;
+
+ switch (typetag) {
+ case SEC_OID_PKCS7_SIGNED_DATA:
+@@ -543,44 +545,49 @@ sm_verify_cmsg(CamelCipherContext *conte
+ goto fail;
+ }
+
+- /* need to build digests of the content */
+- if (!NSS_CMSSignedData_HasDigests(sigd)) {
+- if (extstream == NULL) {
+- camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM, _("Digests missing from enveloped data"));
+- goto fail;
+- }
+-
+- if ((poolp = PORT_NewArena(1024)) == NULL) {
+- camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM, g_strerror (ENOMEM));
+- goto fail;
+- }
+-
+- digestalgs = NSS_CMSSignedData_GetDigestAlgs(sigd);
+-
+- digcx = NSS_CMSDigestContext_StartMultiple(digestalgs);
+- if (digcx == NULL) {
+- camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM, _("Cannot calculate digests"));
+- goto fail;
+- }
+-
+- mem = (CamelStreamMem *)camel_stream_mem_new();
+- camel_stream_write_to_stream(extstream, (CamelStream *)mem);
+- NSS_CMSDigestContext_Update(digcx, mem->buffer->data, mem->buffer->len);
+- camel_object_unref(mem);
+-
+- if (NSS_CMSDigestContext_FinishMultiple(digcx, poolp, &digests) != SECSuccess) {
+- camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM, _("Cannot calculate digests"));
+- goto fail;
+- }
+-
+- if (NSS_CMSSignedData_SetDigests(sigd, digestalgs, digests) != SECSuccess) {
+- camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM, _("Cannot set message digests"));
+- goto fail;
+- }
+
+- PORT_FreeArena(poolp, PR_FALSE);
+- poolp = NULL;
++ if (extstream == NULL) {
++ camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM, _("Digests missing from enveloped data"));
++ goto fail;
++ }
++
++ if ((poolp = PORT_NewArena(1024)) == NULL) {
++ camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM, g_strerror (ENOMEM));
++ goto fail;
+ }
++
++ digestalgs = NSS_CMSSignedData_GetDigestAlgs(sigd);
++
++ digcx = NSS_CMSDigestContext_StartMultiple(digestalgs);
++ if (digcx == NULL) {
++ camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM, _("Cannot calculate digests"));
++ goto fail;
++ }
++
++ mem = (CamelStreamMem *)camel_stream_mem_new();
++ camel_stream_write_to_stream(extstream, (CamelStream *)mem);
++ NSS_CMSDigestContext_Update(digcx, mem->buffer->data, mem->buffer->len);
++ camel_object_unref(mem);
++
++ if (NSS_CMSDigestContext_FinishMultiple(digcx, poolp, &digests) != SECSuccess) {
++ camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM, _("Cannot calculate digests"));
++ goto fail;
++ }
++
++ for (which_digest = 0; digests[which_digest] != NULL; which_digest++) {
++ SECOidData *digest_alg = SECOID_FindOID (&digestalgs[which_digest]->algorithm);
++ if (digest_alg == NULL) {
++ camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM, _("Cannot set message digests"));
++ goto fail;
++ }
++ if (NSS_CMSSignedData_SetDigestValue (sigd, digest_alg->offset, digests[which_digest]) != SECSuccess) {
++ camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM, _("Cannot set message digests"));
++ goto fail;
++ }
++ }
++
++ PORT_FreeArena(poolp, PR_FALSE);
++ poolp = NULL;
+
+ /* import all certificates present */
+ if (NSS_CMSSignedData_ImportCerts(sigd, p->certdb, certUsageEmailSigner, PR_TRUE) != SECSuccess) {