packages/evolution-data-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!15 [sync] PR-13: Fix CVE-2020-16117

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @small_leek 
Signed-off-by: @small_leek
This commit is contained in:
openeuler-ci-bot 2022-04-22 09:48:17 +00:00 committed by Gitee
commit 510aaf1ca9
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 35 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
CVE-2020-16117.patch Normal file
View File

@ -0,0 +1,28 @@
From 2cc39592b532cf0dc994fd3694b8e6bf924c9ab5 Mon Sep 17 00:00:00 2001
From: Milan Crha <mcrha@redhat.com>
Date: Mon, 10 Feb 2020 10:00:32 +0100
Subject: [PATCH] I#189 - Crash on malformed server response with minimal
capabilities
Closes https://gitlab.gnome.org/GNOME/evolution-data-server/issues/189
---
src/camel/providers/imapx/camel-imapx-server.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/camel/providers/imapx/camel-imapx-server.c b/src/camel/providers/imapx/camel-imapx-server.c
index 3c38fb1e9..3883321ec 100644
--- a/src/camel/providers/imapx/camel-imapx-server.c
+++ b/src/camel/providers/imapx/camel-imapx-server.c
@@ -3045,7 +3045,8 @@ connected:
/* See if we got new capabilities
* in the STARTTLS response. */
- imapx_free_capability (is->priv->cinfo);
+ if (is->priv->cinfo)
+ imapx_free_capability (is->priv->cinfo);
is->priv->cinfo = NULL;
if (ic->status->condition == IMAPX_CAPABILITY) {
is->priv->cinfo = ic->status->u.cinfo;
--
GitLab

8
evolution-data-server.spec
View File

@ -2,12 +2,15 @@
Name: evolution-data-server
Version: 3.30.1
Release: 3
Release: 4
Summary: Backend data server for Evolution
License: LGPLv2+
URL: https://wiki.gnome.org/Apps/Evolution
Source: http://download.gnome.org/sources/%{name}/3.30/%{name}-%{version}.tar.xz
#https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/2cc39592b532cf0dc994fd3694b8e6bf924c9ab5.patch
Patch0: CVE-2020-16117.patch
Provides: evolution-webcal = %{version}
Obsoletes: evolution-webcal < 2.24.0 compat-evolution-data-server310-libcamel < 3.12
@ -162,6 +165,9 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &>/dev/null || :
%{_libexecdir}/evolution-data-server/csv2vcard
%changelog
* Fri Apr 22 2022 yaoxin <yaoxin30@h-partners.com> - 3.30.1-4
- Fix CVE-2020-16117
* Tue Dec 24 2019 openEuler Buildteam <buildteam@openeuler.org> - 3.30.1-3
- delete redundant files