diff --git a/evolution-data-server-1.10.2-camel-imap-folder.patch b/evolution-data-server-1.10.2-camel-imap-folder.patch new file mode 100644 index 0000000..d909750 --- /dev/null +++ b/evolution-data-server-1.10.2-camel-imap-folder.patch @@ -0,0 +1,20 @@ +--- evolution-data-server-1.10.2/camel/providers/imap/camel-imap-folder.c.camel-imap-folder 2007-04-09 08:42:39.000000000 -0400 ++++ evolution-data-server-1.10.2/camel/providers/imap/camel-imap-folder.c 2007-06-15 12:23:37.000000000 -0400 +@@ -655,7 +655,7 @@ imap_rescan (CamelFolder *folder, int ex + uid = g_datalist_get_data (&data, "UID"); + flags = GPOINTER_TO_UINT (g_datalist_get_data (&data, "FLAGS")); + +- if (!uid || !seq || seq > summary_len) { ++ if (!uid || !seq || seq > summary_len || seq < 0) { + g_datalist_clear (&data); + continue; + } +@@ -2789,7 +2789,7 @@ parse_fetch_response (CamelImapFolder *i + + if (*response != '*' || *(response + 1) != ' ') + return NULL; +- seq = strtol (response + 2, &response, 10); ++ seq = strtoul (response + 2, &response, 10); + if (seq == 0) + return NULL; + if (g_ascii_strncasecmp (response, " FETCH (", 8) != 0) diff --git a/evolution-data-server.spec b/evolution-data-server.spec index d1dee2b..8c2f822 100644 --- a/evolution-data-server.spec +++ b/evolution-data-server.spec @@ -26,7 +26,7 @@ Name: evolution-data-server Version: 1.10.2 -Release: 2%{?dist} +Release: 3%{?dist} License: LGPL Group: System Environment/Libraries Summary: Backend data server for Evolution @@ -87,6 +87,9 @@ Patch25: evolution-data-server-1.10.1-camel-certdb-nss-cert-get.patch # Fix implicit function declarations Patch26: evolution-data-server-1.10.2-implicit-function-declarations.patch +# RH bug #244283 / GNOME bug #447414 +Patch27: evolution-data-server-1.10.2-camel-imap-folder.patch + ### Dependencies ### Requires: GConf2 @@ -183,6 +186,7 @@ evolution-data-server. %patch24 -p1 -b .camel-folder-symmary-crash %patch25 -p1 -b .camel-certdb-nss-cert-get %patch26 -p1 -b .implicit-function-declarations +%patch27 -p1 -b .camel-imap-folder mkdir -p krb5-fakeprefix/include mkdir -p krb5-fakeprefix/lib @@ -400,6 +404,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/libexchange-storage-%{eds_api_version}.pc %changelog +* Fri Jun 15 2007 Matthew Barnes - 1.10.2-3.fc7 +- Add patch for RH bug #244283 (Camel IMAP security flaw). + * Fri Jun 01 2007 Matthew Barnes - 1.10.2-2.fc7 - Revise patch for GNOME bug #376991 to fix RH bug #241974.