- Add patch for RH bug #235290 (APOP authentication vulnerability).

18 years ago · ec880f9f66
parent 921a69f9a4
commit ec880f9f66
2 changed files with 40 additions and 1 deletions
--- a/evolution-data-server-1.10.1-apop-auth-vulnerability.patch
+++ b/evolution-data-server-1.10.1-apop-auth-vulnerability.patch
@ -0,0 +1,32 @@
+--- evolution-data-server-1.10.1/camel/providers/pop3/camel-pop3-store.c.apop-auth-vulnerability	2007-04-09 08:42:37.000000000 -0400
+++ evolution-data-server-1.10.1/camel/providers/pop3/camel-pop3-store.c	2007-04-24 16:12:28.000000000 -0400
+@@ -34,6 +34,7 @@
+ #include <string.h>
+ #include <unistd.h>
+ #include <errno.h>
+#include <ctype.h>
+ 
+ #include "camel-operation.h"
+ 
+@@ -489,6 +490,21 @@
+ 	} else if (strcmp(service->url->authmech, "+APOP") == 0 && store->engine->apop) {
+ 		char *secret, md5asc[33], *d;
+ 		unsigned char md5sum[16], *s;
+
+		d = store->engine->apop;
+
+		while (*d != '\0') {
+			if (!isascii((int)*d)) {
+				camel_exception_setv (ex, CAMEL_EXCEPTION_SERVICE_URL_INVALID,
+						_("Unable to connect to POP server %s: "
+						"Invalid APOP ID received. Impersonation attack "
+						"suspected. Please contact your admin."),
+						CAMEL_SERVICE (store)->url->host);
+
+				return FALSE;
+			}
+			d++;
+		}
+ 		
+ 		secret = g_alloca(strlen(store->engine->apop)+strlen(service->url->passwd)+1);
+ 		sprintf(secret, "%s%s",  store->engine->apop, service->url->passwd);
--- a/evolution-data-server.spec
+++ b/evolution-data-server.spec
@ -26,7 +26,7 @@

 Name: evolution-data-server
 Version: 1.10.1
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: LGPL
 Group: System Environment/Libraries
 Summary: Backend data server for Evolution
@ -78,6 +78,9 @@ Patch22: evolution-data-server-1.9.92-isa-support.patch
 # GNOME bug #417999
 Patch23: evolution-data-server-1.10.0-code-cleanup.patch

+# RH bug #235290 / GNOME bug #424373
+Patch24: evolution-data-server-1.10.1-apop-auth-vulnerability.patch
+
 ### Dependencies ###

 Requires: GConf2
@ -171,6 +174,7 @@ evolution-data-server.
 %patch21 -p1 -b .e-passwords
 %patch22 -p1 -b .isa-support
 %patch23 -p1 -b .code-cleanup
+%patch24 -p1 -b .apop-auth-vulnerability

 mkdir -p krb5-fakeprefix/include
 mkdir -p krb5-fakeprefix/lib
@ -388,6 +392,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/pkgconfig/libexchange-storage-%{eds_api_version}.pc

 %changelog
+* Tue Apr 24 2007 Matthew Barnes <mbarnes@redhat.com> - 1.10.1-2.fc7
+- Add patch for RH bug #235290 (APOP authentication vulnerability).
+
 * Mon Apr 09 2007 Matthew Barnes <mbarnes@redhat.com> - 1.10.1-1.fc7
 - Update to 1.10.1
 - Remove evolution-data-server-1.10.0-no-more-beeps.patch (fixed upstream).