From 2304c757e2df354d626fbb9d03296daf796322c2 Mon Sep 17 00:00:00 2001 From: Daniel Gryniewicz Date: Thu, 12 Mar 2009 23:27:26 +0000 Subject: Add fix for bug #261203 Package-Manager: portage-2.1.6.7/cvs/Linux x86_64 --- gnome-extra/evolution-data-server/ChangeLog | 9 +- gnome-extra/evolution-data-server/Manifest | 14 +- .../evolution-data-server-2.24.5-r2.ebuild | 137 ++++++++++++++++++++ .../evolution-data-server-CVE-2009-0582.patch | 144 +++++++++++++++++++++ 4 files changed, 302 insertions(+), 2 deletions(-) create mode 100644 gnome-extra/evolution-data-server/evolution-data-server-2.24.5-r2.ebuild create mode 100644 gnome-extra/evolution-data-server/files/evolution-data-server-CVE-2009-0582.patch (limited to 'gnome-extra') diff --git a/gnome-extra/evolution-data-server/ChangeLog b/gnome-extra/evolution-data-server/ChangeLog index eaa80a8ab9bb..2415c84ee70a 100644 --- a/gnome-extra/evolution-data-server/ChangeLog +++ b/gnome-extra/evolution-data-server/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for gnome-extra/evolution-data-server # Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/gnome-extra/evolution-data-server/ChangeLog,v 1.214 2009/03/12 21:42:05 klausman Exp $ +# $Header: /var/cvsroot/gentoo-x86/gnome-extra/evolution-data-server/ChangeLog,v 1.215 2009/03/12 23:27:24 dang Exp $ + +*evolution-data-server-2.24.5-r2 (12 Mar 2009) + + 12 Mar 2009; Daniel Gryniewicz + +files/evolution-data-server-CVE-2009-0582.patch, + +evolution-data-server-2.24.5-r2.ebuild: + Add fix for bug #261203 12 Mar 2009; Tobias Klausmann evolution-data-server-2.24.5-r1.ebuild: diff --git a/gnome-extra/evolution-data-server/Manifest b/gnome-extra/evolution-data-server/Manifest index a9ca7e7b468c..512306681af6 100644 --- a/gnome-extra/evolution-data-server/Manifest +++ b/gnome-extra/evolution-data-server/Manifest @@ -1,3 +1,6 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + AUX calentry.schema 3661 RMD160 68dfc3a8bbf08a1cf2713727c6617b2de613cb7c SHA1 06ddcc64c3b2b3230fbbef21a7e2a682bd95788c SHA256 107d60463833d5ceb5f752335dd07fef303093c58a51fb03405fed5837999431 AUX evolution-data-server-1.11.3-as-needed.patch 1942 RMD160 1db5815026e06a47c91295f4b502b94692dbe115 SHA1 0f94fb16e14ed685154cd0ad1211095431e179ca SHA256 95b1d4a23e801a36c7027080347e8fcb1ad90bc1d4040e9bdab8d00eb1f27986 AUX evolution-data-server-1.11.3-no-libdb.patch 570 RMD160 404dfda7aac4e9ff6504ecd9ee5b7af6efafc969 SHA1 411f311317439bf20643491d2b7d1cbee99c561e SHA256 992602fd04cfa8afba084238f62f765b1d5caf29cc10ad739c7e63ea78291905 @@ -14,6 +17,7 @@ AUX evolution-data-server-2.22.3-mail-cleanup-delay.patch 2974 RMD160 b482fbd815 AUX evolution-data-server-2.22.3-timezone-western.patch 2041 RMD160 8a0d9e308123ebc48a6ea9c7932c8639765a96b8 SHA1 963f7c7a0659a4ca6659f5983e8a47825c70b8e9 SHA256 56e3311334bac728db2c7afcd200e56acc3e0a9819659cdffb745c488bbb4126 AUX evolution-data-server-2.23.6-as-needed.patch 3469 RMD160 43c48a35d0480a82db6cf131c0fdd0062353efc4 SHA1 96ef4dd901730ab2f77716646517a5ef40a5f982 SHA256 4899ffd8773229ecb43afbffdb91faa1fd433630395792998973f62aa54afb37 AUX evolution-data-server-2.24.5-CVE-2009-0547.patch 3977 RMD160 24bd47ad13994f712bf4976fed06997e93130bf1 SHA1 624a3072eed233542829a557c1434a63ac9e64be SHA256 7aefaa4cf040efa4aca3fbf49910003a5368eb44d5e5b46f53f044495de7ff8d +AUX evolution-data-server-CVE-2009-0582.patch 4651 RMD160 348f25abea3f513f170ca159923fc836ebafae42 SHA1 2d6b8ff93c43cf9e107de93c64be9df4d9b9a6d4 SHA256 b320f3efdbb19ddbf618be77cc4b52e5f422209b48273b5f62c7158b6efe618a AUX evolution-data-server-no_lazy_bindings.patch 551 RMD160 d86bf9a9ed25615bcb3dab23977ac01c341a799c SHA1 34aa3d902e0e704f67c6fceee820dad158d82be2 SHA256 772bdd99f3936d377cd0ce59c4f03789d227b79c4a2ca2d5e7e3165c378c6403 DIST evolution-data-server-1.12.3.tar.bz2 7447166 RMD160 c7102c38af4888f3f8933c9d28981d1809d504f8 SHA1 12b8b23fb77ff6436def3cc5ea472886c8e0350e SHA256 e2d9038e3cd115ea5af2f3b7d381f5803c62d1ec36206e5a1bea0f823d25fab5 DIST evolution-data-server-2.22.3.tar.bz2 7621470 RMD160 eed9c26fba0b69f0cbe44b01d698388c4ae44a0b SHA1 5d01b1248fcacef9c478787892f223338dff731b SHA256 6e9fa1258c8b4d1fd75a1da78ee637ad5b8a82bc58c93324d73afecf8d73fe87 @@ -29,6 +33,14 @@ EBUILD evolution-data-server-2.24.2.ebuild 3451 RMD160 99354f74976ce35c63f299b8b EBUILD evolution-data-server-2.24.3.ebuild 3301 RMD160 c84b5378dd51df2c438f579e5193be5999c8d8c9 SHA1 ffaac8310f590b7ef5b7ce50074e22afc2dc6144 SHA256 ec46d6d50c196d0adebea4012372a1b0256d176d9b8a596d71e58d4fee50f392 EBUILD evolution-data-server-2.24.4.ebuild 3472 RMD160 bfd52e2916877c8fef535e1d165c647eb9cf74e6 SHA1 8954d1c0511612dbe2e06abdf3fc3f956d113430 SHA256 125d98acc684db29da51f887868c0cc4f8fd2342537855526d86891c683d9a98 EBUILD evolution-data-server-2.24.5-r1.ebuild 3562 RMD160 e3ce3400f691f09106c93f5c2148abc35f26d3c3 SHA1 25e751ea290ae99e9acdea1704e4f4d80b5e8a7a SHA256 557a54637d84979edd1d34ee6aca9aa2310812a572bf7cf69a172d082679c80a +EBUILD evolution-data-server-2.24.5-r2.ebuild 3654 RMD160 74afaa523082c14f032369424bf89a5625557f61 SHA1 645d2d5988b8f236cb43450ed3923256d6daacce SHA256 a733771af4576e684e809dd6cccbeaf3ce281084f98b857e3cb5dca01bcc3fd9 EBUILD evolution-data-server-2.24.5.ebuild 3465 RMD160 aa553f2b26226bd3b6811b4b66e47aea3781226c SHA1 fd46bb6cbe80cfd11f70215716d0d9653a8b7b97 SHA256 8efaa5ba69f8e0393ef8649f8da92ded987552de6cbb37f06f89184361a79287 -MISC ChangeLog 40593 RMD160 954f00d1b1c7b14d0f1022c876e03e7ec18e5302 SHA1 8e897591661e429afc5e4c8a3fe3730c9894d8fc SHA256 8f26c40abfabd11007ef7fd7a08a7023b991fc985341a4dc990d750ea33d5c60 +MISC ChangeLog 40810 RMD160 65d25f940112a374fb7d950a69369e1c7f60b3c6 SHA1 83bab97b8d6c6fccac168e57fbbd370dc01cd251 SHA256 9851a623cbf01ac902d26e99c95c1afc6f299d4d296f68e9293bfb8cf68cf6eb MISC metadata.xml 158 RMD160 c0e2bae8e91bb6be8922bac5e4f597302e06587e SHA1 38f78e9790bcd4382b4a49aa226aa6dda1d3a3d7 SHA256 3a7dbca0fdc557de69783e0663e2d76ddab129ea8a19b2d0ef6d3e5d1b947ce1 +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.0.10 (GNU/Linux) + +iD8DBQFJuZppomPajV0RnrERAmUrAJ9DQ3MBJ89S/eQcP8BWDzepBaSDCQCfWuz/ +ukYArYgT1ocyDM4uJk9kqY8= +=6I92 +-----END PGP SIGNATURE----- diff --git a/gnome-extra/evolution-data-server/evolution-data-server-2.24.5-r2.ebuild b/gnome-extra/evolution-data-server/evolution-data-server-2.24.5-r2.ebuild new file mode 100644 index 000000000000..4145fe4f31a0 --- /dev/null +++ b/gnome-extra/evolution-data-server/evolution-data-server-2.24.5-r2.ebuild @@ -0,0 +1,137 @@ +# Copyright 1999-2009 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/gnome-extra/evolution-data-server/evolution-data-server-2.24.5-r2.ebuild,v 1.1 2009/03/12 23:27:24 dang Exp $ + +inherit db-use eutils flag-o-matic gnome2 autotools versionator + +DESCRIPTION="Evolution groupware backend" +HOMEPAGE="http://www.gnome.org/projects/evolution/" + +LICENSE="LGPL-2 Sleepycat" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd" +IUSE="doc ipv6 kerberos gnome-keyring krb4 ldap ssl" + +RDEPEND=">=dev-libs/glib-2.16.1 + >=x11-libs/gtk+-2.10 + >=gnome-base/orbit-2.9.8 + >=gnome-base/libbonobo-2.20.3 + >=gnome-base/gconf-2 + >=gnome-base/libglade-2 + >=gnome-base/libgnome-2 + >=dev-libs/libxml2-2 + >=net-libs/libsoup-2.4 + gnome-keyring? ( >=gnome-base/gnome-keyring-2.20.1 ) + >=dev-db/sqlite-3.5 + ssl? ( + >=dev-libs/nspr-4.4 + >=dev-libs/nss-3.9 ) + >=gnome-base/libgnomeui-2 + sys-libs/zlib + =sys-libs/db-4* + ldap? ( >=net-nds/openldap-2.0 ) + kerberos? ( virtual/krb5 ) + krb4? ( virtual/krb5 )" + +DEPEND="${RDEPEND} + >=dev-util/pkgconfig-0.9 + >=dev-util/intltool-0.35.5 + >=gnome-base/gnome-common-2 + >=dev-util/gtk-doc-am-1.9 + doc? ( >=dev-util/gtk-doc-1.9 )" + +DOCS="ChangeLog MAINTAINERS NEWS TODO" + +pkg_setup() { + G2CONF="${G2CONF} + $(use_with ldap openldap) + $(use_with kerberos krb5 /usr) + $(use_enable ssl nss) + $(use_enable ssl smime) + $(use_enable ipv6) + $(use_enable gnome-keyring) + --with-libdb=/usr/$(get_libdir)" + + if use krb4 && ! built_with_use virtual/krb5 krb4; then + ewarn + ewarn "In order to add kerberos 4 support, you have to emerge" + ewarn "virtual/krb5 with the 'krb4' USE flag enabled as well." + ewarn + ewarn "Skipping for now." + ewarn + G2CONF="${G2CONF} --without-krb4" + else + G2CONF="${G2CONF} $(use_with krb4 krb4 /usr)" + fi + +} + +src_unpack() { + gnome2_src_unpack + + # Adjust to gentoo's /etc/service + epatch "${FILESDIR}"/${PN}-1.2.0-gentoo_etc_services.patch + + # Fix broken libdb build + epatch "${FILESDIR}"/${PN}-1.11.3-no-libdb.patch + + # Rewind in camel-disco-diary to fix a crash + epatch "${FILESDIR}"/${PN}-1.8.0-camel-rewind.patch + + # Fix building evo-exchange with --as-needed, upstream bug #342830 + epatch "${FILESDIR}"/${PN}-2.23.6-as-needed.patch + + # Fix S/MIME verification. Bug #258867 + epatch "${FILESDIR}"/${P}-CVE-2009-0547.patch + + # Fix NTLM SASL authentication. Bug #261203 + epatch "${FILESDIR}"/${PN}-CVE-2009-0582.patch + + if use doc; then + sed "/^TARGET_DIR/i \GTKDOC_REBASE=/usr/bin/gtkdoc-rebase" -i gtk-doc.make + else + sed "/^TARGET_DIR/i \GTKDOC_REBASE=true" -i gtk-doc.make + fi + + # gtk-doc-am and gnome-common needed for this + intltoolize --force --copy --automake || die "intltoolize failed" + eautoreconf +} + +src_compile() { + # Use NSS/NSPR only if 'ssl' is enabled. + if use ssl ; then + sed -i -e "s|mozilla-nss|nss| + s|mozilla-nspr|nspr|" "${S}"/configure + G2CONF="${G2CONF} --enable-nss=yes" + else + G2CONF="${G2CONF} --without-nspr-libs --without-nspr-includes \ + --without-nss-libs --without-nss-includes" + fi + + # /usr/include/db.h is always db-1 on FreeBSD + # so include the right dir in CPPFLAGS + append-cppflags "-I$(db_includedir)" + + cd "${S}" + gnome2_src_compile +} + +src_install() { + gnome2_src_install + + if use ldap; then + MY_MAJORV=$(get_version_component_range 1-2) + insinto /etc/openldap/schema + doins "${FILESDIR}"/calentry.schema + dosym "${D}"/usr/share/${PN}-${MY_MAJORV}/evolutionperson.schema /etc/openldap/schema/evolutionperson.schema + fi + +} + +pkg_postinst() { + if use ldap; then + elog "" + elog "LDAP schemas needed by evolution are installed in /etc/openldap/schema" + fi +} diff --git a/gnome-extra/evolution-data-server/files/evolution-data-server-CVE-2009-0582.patch b/gnome-extra/evolution-data-server/files/evolution-data-server-CVE-2009-0582.patch new file mode 100644 index 000000000000..46231c0c0c39 --- /dev/null +++ b/gnome-extra/evolution-data-server/files/evolution-data-server-CVE-2009-0582.patch @@ -0,0 +1,144 @@ +Index: camel/camel-sasl-ntlm.c +=================================================================== +--- camel/camel-sasl-ntlm.c (revision 10105) ++++ camel/camel-sasl-ntlm.c (working copy) +@@ -74,9 +74,8 @@ camel_sasl_ntlm_get_type (void) + + #define NTLM_REQUEST "NTLMSSP\x00\x01\x00\x00\x00\x06\x82\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x30\x00\x00\x00\x00\x00\x00\x00\x30\x00\x00\x00" + +-#define NTLM_CHALLENGE_NONCE_OFFSET 24 +-#define NTLM_CHALLENGE_DOMAIN_OFFSET 48 +-#define NTLM_CHALLENGE_DOMAIN_LEN_OFFSET 44 ++#define NTLM_CHALLENGE_DOMAIN_OFFSET 12 ++#define NTLM_CHALLENGE_NONCE_OFFSET 24 + + #define NTLM_RESPONSE_HEADER "NTLMSSP\x00\x03\x00\x00\x00" + #define NTLM_RESPONSE_FLAGS "\x82\x01" +@@ -93,22 +92,60 @@ static void ntlm_calc_response (const + guchar results[24]); + static void ntlm_lanmanager_hash (const char *password, char hash[21]); + static void ntlm_nt_hash (const char *password, char hash[21]); +-static void ntlm_set_string (GByteArray *ba, int offset, +- const char *data, int len); ++ ++typedef struct { ++ guint16 length; ++ guint16 allocated; ++ guint32 offset; ++} SecurityBuffer; ++ ++static GString * ++ntlm_get_string (GByteArray *ba, int offset) ++{ ++ SecurityBuffer *secbuf; ++ GString *string; ++ gchar *buf_string; ++ guint16 buf_length; ++ guint32 buf_offset; ++ ++ secbuf = (SecurityBuffer *) &ba->data[offset]; ++ buf_length = GUINT16_FROM_LE (secbuf->length); ++ buf_offset = GUINT32_FROM_LE (secbuf->offset); ++ ++ if (ba->len < buf_offset + buf_length) ++ return NULL; ++ ++ string = g_string_sized_new (buf_length); ++ buf_string = (gchar *) &ba->data[buf_offset]; ++ g_string_append_len (string, buf_string, buf_length); ++ ++ return string; ++} ++ ++static void ++ntlm_set_string (GByteArray *ba, int offset, const char *data, int len) ++{ ++ SecurityBuffer *secbuf; ++ ++ secbuf = (SecurityBuffer *) &ba->data[offset]; ++ secbuf->length = GUINT16_TO_LE (len); ++ secbuf->offset = GUINT32_TO_LE (ba->len); ++ secbuf->allocated = secbuf->length; ++ ++ g_byte_array_append (ba, (guint8 *) data, len); ++} + + static GByteArray * + ntlm_challenge (CamelSasl *sasl, GByteArray *token, CamelException *ex) + { + GByteArray *ret; + guchar nonce[8], hash[21], lm_resp[24], nt_resp[24]; ++ GString *domain; + + ret = g_byte_array_new (); + +- if (!token || !token->len) { +- g_byte_array_append (ret, (guint8 *) NTLM_REQUEST, +- sizeof (NTLM_REQUEST) - 1); +- return ret; +- } ++ if (!token || token->len < NTLM_CHALLENGE_NONCE_OFFSET + 8) ++ goto fail; + + memcpy (nonce, token->data + NTLM_CHALLENGE_NONCE_OFFSET, 8); + ntlm_lanmanager_hash (sasl->service->url->passwd, (char *) hash); +@@ -116,7 +153,11 @@ ntlm_challenge (CamelSasl *sasl, GByteAr + ntlm_nt_hash (sasl->service->url->passwd, (char *) hash); + ntlm_calc_response (hash, nonce, nt_resp); + +- ret = g_byte_array_new (); ++ domain = ntlm_get_string (token, NTLM_CHALLENGE_DOMAIN_OFFSET); ++ if (domain == NULL) ++ goto fail; ++ ++ /* Don't jump to 'fail' label after this point. */ + g_byte_array_set_size (ret, NTLM_RESPONSE_BASE_SIZE); + memset (ret->data, 0, NTLM_RESPONSE_BASE_SIZE); + memcpy (ret->data, NTLM_RESPONSE_HEADER, +@@ -125,8 +166,7 @@ ntlm_challenge (CamelSasl *sasl, GByteAr + NTLM_RESPONSE_FLAGS, sizeof (NTLM_RESPONSE_FLAGS) - 1); + + ntlm_set_string (ret, NTLM_RESPONSE_DOMAIN_OFFSET, +- (const char *) token->data + NTLM_CHALLENGE_DOMAIN_OFFSET, +- atoi ((char *) token->data + NTLM_CHALLENGE_DOMAIN_LEN_OFFSET)); ++ domain->str, domain->len); + ntlm_set_string (ret, NTLM_RESPONSE_USER_OFFSET, + sasl->service->url->user, + strlen (sasl->service->url->user)); +@@ -138,6 +178,18 @@ ntlm_challenge (CamelSasl *sasl, GByteAr + (const char *) nt_resp, sizeof (nt_resp)); + + sasl->authenticated = TRUE; ++ ++ g_string_free (domain, TRUE); ++ ++ goto exit; ++ ++fail: ++ /* If the challenge is malformed, restart authentication. ++ * XXX A malicious server could make this loop indefinitely. */ ++ g_byte_array_append (ret, (guint8 *) NTLM_REQUEST, ++ sizeof (NTLM_REQUEST) - 1); ++ ++exit: + return ret; + } + +@@ -201,17 +253,6 @@ ntlm_nt_hash (const char *password, char + g_free (buf); + } + +-static void +-ntlm_set_string (GByteArray *ba, int offset, const char *data, int len) +-{ +- ba->data[offset ] = ba->data[offset + 2] = len & 0xFF; +- ba->data[offset + 1] = ba->data[offset + 3] = (len >> 8) & 0xFF; +- ba->data[offset + 4] = ba->len & 0xFF; +- ba->data[offset + 5] = (ba->len >> 8) & 0xFF; +- g_byte_array_append (ba, (guint8 *) data, len); +-} +- +- + #define KEYBITS(k,s) \ + (((k[(s)/8] << ((s)%8)) & 0xFF) | (k[(s)/8+1] >> (8-(s)%8))) + -- cgit v1.2.3-65-gdbad