fix CVE-2020-14928

(cherry picked from commit 43e5a0befde8c8d1538c4ab408548a95a59ec7f0)
2022-07-14 10:02:19 +08:00 · 2022-07-14 10:02:19 +08:00 · 68da61bd64
commit 68da61bd64
parent 510aaf1ca9
2 changed files with 96 additions and 1 deletions
--- a/CVE-2020-14928.patch
+++ b/CVE-2020-14928.patch
@ -0,0 +1,91 @@
+diff -Naru evolution-data-server-3.30.1/src/camel/camel-stream-buffer.c evolution-data-server-3.30.1-new/src/camel/camel-stream-buffer.c
+--- evolution-data-server-3.30.1/src/camel/camel-stream-buffer.c	2018-09-24 14:42:33.000000000 +0800
+++ evolution-data-server-3.30.1-new/src/camel/camel-stream-buffer.c	2022-07-13 19:27:13.796475000 +0800
+@@ -524,3 +524,22 @@
+ 
+ 	return g_strdup ((gchar *) sbf->priv->linebuf);
+ }
+
+/**
+ * camel_stream_buffer_discard_cache:
+ * @sbf: a #CamelStreamBuffer
+ *
+ * Discards any cached data in the @sbf. The next read reads
+ * from the stream.
+ *
+ * Since: 3.38
+ **/
+void
+camel_stream_buffer_discard_cache (CamelStreamBuffer *sbf)
+{
+	g_return_if_fail (CAMEL_IS_STREAM_BUFFER (sbf));
+
+	sbf->priv->ptr = sbf->priv->buf;
+	sbf->priv->end = sbf->priv->buf;
+	sbf->priv->ptr[0] = '\0';
+}
+\ No newline at end of file
+diff -Naru evolution-data-server-3.30.1/src/camel/camel-stream-buffer.h evolution-data-server-3.30.1-new/src/camel/camel-stream-buffer.h
+--- evolution-data-server-3.30.1/src/camel/camel-stream-buffer.h	2018-09-24 14:42:33.000000000 +0800
+++ evolution-data-server-3.30.1-new/src/camel/camel-stream-buffer.h	2022-07-13 19:27:11.436475000 +0800
+@@ -93,6 +93,8 @@
+ gchar *		camel_stream_buffer_read_line	(CamelStreamBuffer *sbf,
+ 						 GCancellable *cancellable,
+ 						 GError **error);
+void		camel_stream_buffer_discard_cache
+						(CamelStreamBuffer *sbf);
+ 
+ G_END_DECLS
+ 
+diff -Naru evolution-data-server-3.30.1/src/camel/providers/pop3/camel-pop3-store.c evolution-data-server-3.30.1-new/src/camel/providers/pop3/camel-pop3-store.c
+--- evolution-data-server-3.30.1/src/camel/providers/pop3/camel-pop3-store.c	2018-09-24 14:42:33.000000000 +0800
+++ evolution-data-server-3.30.1-new/src/camel/providers/pop3/camel-pop3-store.c	2022-07-13 19:29:24.216618000 +0800
+@@ -208,6 +208,8 @@
+ 
+ 	if (tls_stream != NULL) {
+ 		camel_stream_set_base_stream (stream, tls_stream);
+		/* Truncate any left cached input from the insecure part of the session */
+		camel_pop3_stream_discard_cache (pop3_engine->stream);
+ 		g_object_unref (tls_stream);
+ 	} else {
+ 		g_prefix_error (
+diff -Naru evolution-data-server-3.30.1/src/camel/providers/pop3/camel-pop3-stream.c evolution-data-server-3.30.1-new/src/camel/providers/pop3/camel-pop3-stream.c
+--- evolution-data-server-3.30.1/src/camel/providers/pop3/camel-pop3-stream.c	2018-09-24 14:42:33.000000000 +0800
+++ evolution-data-server-3.30.1-new/src/camel/providers/pop3/camel-pop3-stream.c	2022-07-13 19:29:23.036618000 +0800
+@@ -457,3 +457,13 @@
+ 
+ 	return 1;
+ }
+void
+camel_pop3_stream_discard_cache (CamelPOP3Stream *is)
+{
+	if (is) {
+		is->ptr = is->end = is->buf;
+		is->lineptr = is->linebuf;
+		is->lineend = is->linebuf + CAMEL_POP3_STREAM_LINE_SIZE;
+		is->ptr[0] = '\n';
+	}
+}
+diff -Naru evolution-data-server-3.30.1/src/camel/providers/pop3/camel-pop3-stream.h evolution-data-server-3.30.1-new/src/camel/providers/pop3/camel-pop3-stream.h
+--- evolution-data-server-3.30.1/src/camel/providers/pop3/camel-pop3-stream.h	2018-09-24 14:42:33.000000000 +0800
+++ evolution-data-server-3.30.1-new/src/camel/providers/pop3/camel-pop3-stream.h	2022-07-13 19:29:57.168129000 +0800
+@@ -87,6 +87,7 @@
+ 						 guint *len,
+ 						 GCancellable *cancellable,
+ 						 GError **error);
+void		camel_pop3_stream_discard_cache	(CamelPOP3Stream *is);
+ 
+ G_END_DECLS
+ 
+diff -Naru evolution-data-server-3.30.1/src/camel/providers/smtp/camel-smtp-transport.c evolution-data-server-3.30.1-new/src/camel/providers/smtp/camel-smtp-transport.c
+--- evolution-data-server-3.30.1/src/camel/providers/smtp/camel-smtp-transport.c	2018-09-24 14:42:33.000000000 +0800
+++ evolution-data-server-3.30.1-new/src/camel/providers/smtp/camel-smtp-transport.c	2022-07-13 19:30:27.920458000 +0800
+@@ -319,6 +319,8 @@
+ 
+ 	if (tls_stream != NULL) {
+ 		camel_stream_set_base_stream (stream, tls_stream);
+		/* Truncate any left cached input from the insecure part of the session */
+		camel_stream_buffer_discard_cache (transport->istream);
+ 		g_object_unref (tls_stream);
+ 	} else {
+ 		g_prefix_error (
--- a/evolution-data-server.spec
+++ b/evolution-data-server.spec
@ -2,7 +2,7 @@

 Name:           evolution-data-server
 Version:        3.30.1
-Release:        4
+Release:        5
 Summary:        Backend data server for Evolution
 License:        LGPLv2+
 URL:            https://wiki.gnome.org/Apps/Evolution
@ -10,6 +10,7 @@ Source:         http://download.gnome.org/sources/%{name}/3.30/%{name}-%{version

 #https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/2cc39592b532cf0dc994fd3694b8e6bf924c9ab5.patch
 Patch0:         CVE-2020-16117.patch
+Patch1:         CVE-2020-14928.patch

 Provides:       evolution-webcal = %{version}
 Obsoletes:      evolution-webcal < 2.24.0 compat-evolution-data-server310-libcamel < 3.12
@ -165,6 +166,9 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &>/dev/null || :
 %{_libexecdir}/evolution-data-server/csv2vcard

 %changelog
+* Thu Jul 14 2022 weichao.zhang <weichao.zhang@epro.com.cn> - 3.30.1-5
+- Fix CVE-2020-14928
+
 * Fri Apr 22 2022 yaoxin <yaoxin30@h-partners.com> - 3.30.1-4
 - Fix CVE-2020-16117