- Add patch for RH bug #215634 (read NSS certificates more reliably).

evolution-data-server-1.10.1-camel-certdb-nss-cert-get.patch

@@ -0,0 +1,95 @@
+--- evolution-data-server-1.10.1/camel/camel-tcp-stream-ssl.c.camel-certdb-nss-cert-get	2007-04-09 08:42:48.000000000 -0400
++++ evolution-data-server-1.10.1/camel/camel-tcp-stream-ssl.c	2007-05-09 21:41:38.000000000 -0400
+@@ -679,63 +679,47 @@
+ CamelCert *
+ camel_certdb_nss_cert_get(CamelCertDB *certdb, CERTCertificate *cert)
+ {
+-	char *fingerprint, *path;
++	char *fingerprint;
+ 	CamelCert *ccert;
+-	struct stat st;
+-	size_t nread;
+-	ssize_t n;
+-	int fd;
+-	
++
+ 	fingerprint = cert_fingerprint (cert);
+ 	ccert = camel_certdb_get_cert (certdb, fingerprint);
+ 	if (ccert == NULL) {
+ 		g_free (fingerprint);
+ 		return ccert;
+ 	}
+-	
++
+ 	if (ccert->rawcert == NULL) {
+-#ifndef G_OS_WIN32
+-		path = g_strdup_printf ("%s/.camel_certs/%s", getenv ("HOME"), fingerprint);
+-#else
+-		path = g_build_filename (g_get_home_dir (), ".camel_certs", fingerprint, NULL);
+-#endif
+-		if (g_stat (path, &st) == -1
+-		    || (fd = g_open (path, O_RDONLY | O_BINARY, 0)) == -1) {
+-			g_warning ("could not load cert %s: %s", path, strerror (errno));
+-			g_free (fingerprint);
+-			g_free (path);
+-			camel_cert_set_trust (certdb, ccert, CAMEL_CERT_TRUST_UNKNOWN);
++		GByteArray *array;
++		gchar *filename;
++		gchar *contents;
++		gsize length;
++		GError *error = NULL;
++
++		filename = g_build_filename (
++			g_get_home_dir (), ".camel_certs", fingerprint, NULL);
++		g_file_get_contents (filename, &contents, &length, &error);
++		if (error != NULL) {
++			g_warning (
++				"Could not load cert %s: %s",
++				filename, error->message);
++			g_error_free (error);
++
++			camel_cert_set_trust (
++				certdb, ccert, CAMEL_CERT_TRUST_UNKNOWN);
+ 			camel_certdb_touch (certdb);
+-			
+-			return ccert;
+-		}
+-		g_free(path);
+-		
+-		ccert->rawcert = g_byte_array_new ();
+-		g_byte_array_set_size (ccert->rawcert, st.st_size);
+-		
+-		nread = 0;
+-		do {
+-			do {
+-				n = read (fd, ccert->rawcert->data + nread, st.st_size - nread);
+-			} while (n == -1 && errno == EINTR);
+-			
+-			if (n > 0)
+-				nread += n;
+-		} while (nread < st.st_size && n != -1);
+-		
+-		close (fd);
+-		
+-		if (nread != st.st_size) {
+-			g_warning ("cert size read truncated %s: %u != %ld", path, nread, st.st_size);
+-			g_byte_array_free(ccert->rawcert, TRUE);
+-			ccert->rawcert = NULL;
+-			g_free(fingerprint);
+-			camel_cert_set_trust(certdb, ccert, CAMEL_CERT_TRUST_UNKNOWN);
+-			camel_certdb_touch(certdb);
++			g_free (fingerprint);
++			g_free (filename);
+ 
+ 			return ccert;
+ 		}
++		g_free (filename);
++
++		array = g_byte_array_sized_new (length);
++		g_byte_array_append (array, (guint8 *) contents, length);
++		g_free (contents);
++
++		ccert->rawcert = array;
+ 	}
+ 
+ 	g_free(fingerprint);

evolution-data-server.spec

@@ -26,7 +26,7 @@
 
 Name: evolution-data-server
 Version: 1.10.1
-Release: 5%{?dist}
+Release: 6%{?dist}
 License: LGPL
 Group: System Environment/Libraries
 Summary: Backend data server for Evolution
@@ -87,6 +87,9 @@ Patch25: evolution-data-server-1.10.1-e-source-group.patch
 # GNOME bug #373146
 Patch26: evolution-data-server-1.10.1-camel-folder-summary-crash.patch
 
+# RH bug #215634
+Patch27: evolution-data-server-1.10.1-camel-certdb-nss-cert-get.patch
+
 ### Dependencies ###
 
 Requires: GConf2
@@ -183,6 +186,7 @@ evolution-data-server.
 %patch24 -p1 -b .apop-auth-vulnerability
 %patch25 -p1 -b .e-source-group
 %patch26 -p1 -b .camel-folder-symmary-crash
+%patch27 -p1 -b .camel-certdb-nss-cert-get
 
 mkdir -p krb5-fakeprefix/include
 mkdir -p krb5-fakeprefix/lib
@@ -400,6 +404,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/pkgconfig/libexchange-storage-%{eds_api_version}.pc
 
 %changelog
+* Wed May 09 2007 Matthew Barnes <mbarnes@redhat.com> - 1.10.1-6.fc7
+- Add patch for RH bug #215634 (read NSS certificates more reliably).
+
 * Tue May 08 2007 Matthew Barnes <mbarnes@redhat.com> - 1.10.1-5.fc7
 - Add patch for GNOME bug #373146 (spam message triggers crash).