Fix DoS on certain email content (CVE-2006-0040) bug #124826 and format string error (CVE-2007-1002) bug #170879.

(Portage version: 2.1.2.2)

5 files changed, 246 insertions, 1 deletions

diff --git a/mail-client/evolution/ChangeLog b/mail-client/evolution/ChangeLog
index 838d84cde549..211fa3f4dc36 100644
--- a/mail-client/evolution/ChangeLog
+++ b/mail-client/evolution/ChangeLog
@@ -1,6 +1,14 @@
 # ChangeLog for mail-client/evolution
 # Copyright 2002-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/mail-client/evolution/ChangeLog,v 1.169 2007/04/16 22:14:02 dang Exp $
+# $Header: /var/cvsroot/gentoo-x86/mail-client/evolution/ChangeLog,v 1.170 2007/04/22 09:48:28 pva Exp $
+
+*evolution-2.8.3-r2 (22 Apr 2007)
+
+  22 Apr 2007; <pva@gentoo.org>
+  +files/evolution-2.8.3-show-plain-if-rendered-message-exceed-limit.patch.g
+  z, +files/evolution-2.8.3-write_html.diff, +evolution-2.8.3-r2.ebuild:
+  Fix DoS on certain email content (CVE-2006-0040) bug #124826 and format
+  string error (CVE-2007-1002) bug #170879.
 
 *evolution-2.10.1 (16 Apr 2007)
 
diff --git a/mail-client/evolution/evolution-2.8.3-r2.ebuild b/mail-client/evolution/evolution-2.8.3-r2.ebuild
new file mode 100644
index 000000000000..88dd8139b104
--- /dev/null
+++ b/mail-client/evolution/evolution-2.8.3-r2.ebuild
@@ -0,0 +1,220 @@
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/mail-client/evolution/evolution-2.8.3-r2.ebuild,v 1.1 2007/04/22 09:48:28 pva Exp $
+
+inherit eutils flag-o-matic alternatives gnome2 autotools
+
+DESCRIPTION="Integrated mail, addressbook and calendaring functionality"
+HOMEPAGE="http://www.gnome.org/projects/evolution/"
+SRC_URI="${SRC_URI}
+	bogofilter? ( mirror://gentoo/${PN}-2.5.5.1-bf-junk.tar.bz2 )"
+
+LICENSE="GPL-2 FDL-1.1"
+SLOT="2.0"
+KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86"
+# gstreamer for audio-inline, when it uses 0.10
+IUSE="bogofilter crypt dbus debug doc hal ipv6 kerberos krb4 ldap mono nntp pda profile spell ssl"
+
+# Pango dependency required to avoid font rendering problems
+RDEPEND=">=x11-themes/gnome-icon-theme-1.2
+	dev-libs/atk
+	>=gnome-extra/gtkhtml-3.9.90
+	>=dev-libs/glib-2.10
+	>=gnome-base/orbit-2.9.8
+	>=gnome-base/libbonobo-2
+	>=gnome-extra/evolution-data-server-1.7.90
+	>=gnome-base/libbonoboui-2.4.2
+	>=gnome-base/gnome-vfs-2.4
+	>=gnome-base/libgnomeui-2
+	>=gnome-base/libglade-2
+	>=gnome-base/libgnomecanvas-2
+	>=dev-libs/libxml2-2
+	>=gnome-base/gconf-2
+	>=gnome-base/libgnomeprint-2.7
+	>=gnome-base/libgnomeprintui-2.2.1
+	>=x11-libs/gtk+-2
+	>=gnome-base/libgnome-2
+	>=net-libs/libsoup-2.2.96
+	>=x11-libs/pango-1.8.1
+	x11-libs/libnotify
+	hal? ( >=sys-apps/hal-0.5.4 )
+	pda? (
+		>=app-pda/gnome-pilot-2
+		>=app-pda/gnome-pilot-conduits-2 )
+	spell? ( >=app-text/gnome-spell-1.0.5 )
+	crypt? ( || ( >=app-crypt/gnupg-2.0.1-r2 =app-crypt/gnupg-1.4* ) )
+	ssl? (
+		>=dev-libs/nspr-4.6.1
+		>=dev-libs/nss-3.11 )
+	ldap? ( >=net-nds/openldap-2 )
+	kerberos? ( virtual/krb5 )
+	krb4? ( virtual/krb5 )
+	dbus? ( || (
+		dev-libs/dbus-glib
+		~sys-apps/dbus-0.62 ) )
+	mono? ( >=dev-lang/mono-1 )
+	bogofilter? ( mail-filter/bogofilter )
+	!bogofilter? ( mail-filter/spamassassin )"
+#	gstreamer? (
+#		>=media-libs/gstreamer-0.10
+#		>=media-libs/gst-plugins-base-0.10 )
+
+DEPEND="${RDEPEND}
+	>=dev-util/pkgconfig-0.9
+	>=dev-util/intltool-0.35
+	sys-devel/gettext
+	sys-devel/bison
+	app-text/scrollkeeper
+	>=gnome-base/gnome-common-2.12.0
+	doc? ( >=dev-util/gtk-doc-0.6 )"
+
+DOCS="AUTHORS ChangeLog* HACKING MAINTAINERS NEWS* README"
+ELTCONF="--reverse-deps"
+
+
+pkg_setup() {
+	G2CONF="--disable-default-binary \
+		--without-kde-applnk-path        \
+		$(use_enable ssl nss)            \
+		$(use_enable ssl smime)          \
+		$(use_enable ipv6)               \
+		$(use_enable mono)               \
+		$(use_enable nntp)               \
+		$(use_enable pda pilot-conduits) \
+		$(use_enable profile profiling)  \
+		$(use_with ldap openldap)        \
+		$(use_with kerberos krb5 /usr)"
+
+	# We need a graphical pinentry frontend to be able to ask for the GPG
+	# password from inside evolution, bug 160302
+	if use crypt && has_version '>=app-crypt/gnupg-2.0.1-r2'; then
+		if ! built_with_use -o app-crypt/pinentry gtk qt3; then
+			die "You must build app-crypt/pinentry with GTK or QT3 support"
+		fi
+	fi
+
+	if use krb4 && ! built_with_use virtual/krb5 krb4; then
+		ewarn
+		ewarn "In order to add kerberos 4 support, you have to emerge"
+		ewarn "virtual/krb5 with the 'krb4' USE flag enabled as well."
+		ewarn
+		ewarn "Skipping for now."
+		ewarn
+		G2CONF="${G2CONF} --without-krb4"
+	else
+		G2CONF="${G2CONF} $(use_with krb4 krb4 /usr)"
+	fi
+
+	# Plug-ins to install. Normally we would want something similar to
+	# --enable-plugins=all (plugins_base + plugins_standard), except for some
+	# special cases.
+	local plugins="calendar-file calendar-http calendar-weather \
+		itip-formatter plugin-manager default-source addressbook-file \
+		startup-wizard print-message mark-all-read groupwise-features \
+		groupwise-account-setup hula-account-setup mail-account-disable \
+		publish-calendar caldav \
+		bbdb subject-thread save-calendar select-one-source copy-tool \
+		mail-to-task mark-calendar-offline mailing-list-actions \
+		new-mail-notify default-mailer import-ics-attachments"
+
+	# For dev releases, add experimental plugins
+	plugins="${plugins} backup-restore folder-unsubscribe mail-to-meeting \
+		prefer-plain save-attachments"
+
+	if use bogofilter; then
+		plugins="${plugins} bf-junk-plugin"
+	else
+		plugins="${plugins} sa-junk-plugin"
+	fi
+
+	# The special cases
+
+	# remove this due to bug #128035 re-enable later if it doesn't dep on
+	# gstreamer-0.8
+	# use gstreamer && plugins="${plugins} audio-inline"
+	use dbus && plugins="${plugins} new-mail-notify"
+	use mono && plugins="${plugins} mono"
+
+	if built_with_use gnome-extra/evolution-data-server ldap; then
+		plugins="${plugins} exchange-operations"
+	fi
+
+	local pluginlist=""
+	for p in $plugins; do
+		[ "x$pluginlist" != "x" ] && pluginlist="${pluginlist},"
+		pluginlist="${pluginlist}${p}"
+	done
+
+	G2CONF="${G2CONF} --enable-plugins=${pluginlist}"
+}
+
+src_unpack() {
+	unpack ${P}.tar.bz2
+	cd "${S}"
+
+	gnome2_omf_fix help/omf.make
+
+	# Accept the list of plugins separated by commas instead of spaces.
+	epatch "${FILESDIR}"/${PN}-2.3.7-configure_plugins.patch
+
+	# Move evo to URI-based saving
+	epatch "${FILESDIR}"/${PN}-2.8.0-uri.patch.gz
+
+	# Fix 64-bit warnings
+	epatch "${FILESDIR}"/${PN}-2.8.1.1-64-bit.patch
+
+	# Fix settings OK button.  Bug #166740
+	epatch "${FILESDIR}"/${P}-missing-groupwise-feature.patch
+
+	# Fix linking against pilot-link wiht --as-needed; bug #154453
+	epatch "${FILESDIR}"/${PN}-2.8.2.1-pilot-link-as-needed.patch
+
+	# Fix DoS on certain email content (CVE-2006-0040) bug #124826
+	epatch "${FILESDIR}"/${P}-show-plain-if-rendered-message-exceed-limit.patch.gz
+
+	# Fix format string error (CVE-2007-1002) bug #170879
+	epatch "${FILESDIR}"/${P}-write_html.diff
+
+	# Add bogofilter junk plugin source
+	use bogofilter && epatch "${FILESDIR}"/${PN}-2.8.2.1-bf-junk.patch.gz
+
+	eaclocal || die
+	_elibtoolize --copy --force || die
+	eautoheader || die
+	eautomake || die
+	intltoolize --force || die
+	eautoconf || die
+}
+
+src_compile() {
+	# Use NSS/NSPR only if 'ssl' is enabled.
+	if use ssl ; then
+		sed -i -e "s|mozilla-nss|nss|
+			s|mozilla-nspr|nspr|" ${S}/configure
+		G2CONF="${G2CONF} --enable-nss=yes"
+	else
+		G2CONF="${G2CONF} --without-nspr-libs --without-nspr-includes \
+			--without-nss-libs --without-nss-includes"
+	fi
+
+	# problems with -O3 on gcc-3.3.1
+	replace-flags -O3 -O2
+
+	if [ "${ARCH}" = "hppa" ]; then
+		append-flags "-fPIC -ffunction-sections"
+		export LDFLAGS="-ffunction-sections -Wl,--stub-group-size=25000"
+	fi
+
+	gnome2_src_compile
+}
+
+pkg_postinst() {
+	gnome2_pkg_postinst
+
+	alternatives_auto_makesym "/usr/bin/evolution" "/usr/bin/evolution-[0-9].[0-9]"
+	elog "To change the default browser if you are not using GNOME, do:"
+	elog "gconftool-2 --set /desktop/gnome/url-handlers/http/command -t string 'mozilla %s'"
+	elog "gconftool-2 --set /desktop/gnome/url-handlers/https/command -t string 'mozilla %s'"
+	elog ""
+	elog "Replace 'mozilla %s' with which ever browser you use."
+}
diff --git a/mail-client/evolution/files/digest-evolution-2.8.3-r2 b/mail-client/evolution/files/digest-evolution-2.8.3-r2
new file mode 100644
index 000000000000..4d2af2ebbaa9
--- /dev/null
+++ b/mail-client/evolution/files/digest-evolution-2.8.3-r2
@@ -0,0 +1,6 @@
+MD5 31456188591167083628df719adc8f22 evolution-2.5.5.1-bf-junk.tar.bz2 10771
+RMD160 7ae764761607d50024fbec32680bc57e04ac7879 evolution-2.5.5.1-bf-junk.tar.bz2 10771
+SHA256 b8988b28836a201606d8fa651f48722ebac8c984dcc171f7f7a3b860d0f7a045 evolution-2.5.5.1-bf-junk.tar.bz2 10771
+MD5 099876b347b114ec08ce6998b4a48d8c evolution-2.8.3.tar.bz2 12931527
+RMD160 cbf86ecbee7619f54ea6e60780d5c182208c5bf3 evolution-2.8.3.tar.bz2 12931527
+SHA256 08819f459185de7f36ac43702bb5314d1b2a9fae33db9ac4c5d9dfb3aaabca90 evolution-2.8.3.tar.bz2 12931527
diff --git a/mail-client/evolution/files/evolution-2.8.3-show-plain-if-rendered-message-exceed-limit.patch.gz b/mail-client/evolution/files/evolution-2.8.3-show-plain-if-rendered-message-exceed-limit.patch.gz
new file mode 100644
index 000000000000..e9e6023ca30d
--- /dev/null
+++ b/mail-client/evolution/files/evolution-2.8.3-show-plain-if-rendered-message-exceed-limit.patch.gz
diff --git a/mail-client/evolution/files/evolution-2.8.3-write_html.diff b/mail-client/evolution/files/evolution-2.8.3-write_html.diff
new file mode 100644
index 000000000000..9f6edad5ab73
--- /dev/null
+++ b/mail-client/evolution/files/evolution-2.8.3-write_html.diff
@@ -0,0 +1,11 @@
+--- ./calendar/gui/e-cal-component-memo-preview.c.orig	2007-04-01 22:14:15.000000000 +0400
++++ ./calendar/gui/e-cal-component-memo-preview.c	2007-04-01 22:14:47.000000000 +0400
+@@ -185,7 +185,7 @@
+ 			}
+ 		}
+ 		
+-		gtk_html_stream_printf(stream, string->str);
++		gtk_html_stream_printf(stream, "%s", string->str);
+ 
+ 		g_string_free (string, TRUE);
+