packages/evolution-data-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2020-14928

Browse Source 
(cherry picked from commit 43e5a0befde8c8d1538c4ab408548a95a59ec7f0)
This commit is contained in:
hundred-ci 2022-07-14 10:02:19 +08:00 committed by openeuler-sync-bot
parent 510aaf1ca9
commit 68da61bd64
2 changed files with 96 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

91
CVE-2020-14928.patch Normal file
View File

@ -0,0 +1,91 @@
diff -Naru evolution-data-server-3.30.1/src/camel/camel-stream-buffer.c evolution-data-server-3.30.1-new/src/camel/camel-stream-buffer.c
--- evolution-data-server-3.30.1/src/camel/camel-stream-buffer.c 2018-09-24 14:42:33.000000000 +0800
+++ evolution-data-server-3.30.1-new/src/camel/camel-stream-buffer.c 2022-07-13 19:27:13.796475000 +0800
@@ -524,3 +524,22 @@
return g_strdup ((gchar *) sbf->priv->linebuf);
}
+
+/**
+ * camel_stream_buffer_discard_cache:
+ * @sbf: a #CamelStreamBuffer
+ *
+ * Discards any cached data in the @sbf. The next read reads
+ * from the stream.
+ *
+ * Since: 3.38
+ **/
+void
+camel_stream_buffer_discard_cache (CamelStreamBuffer *sbf)
+{
+ g_return_if_fail (CAMEL_IS_STREAM_BUFFER (sbf));
+
+ sbf->priv->ptr = sbf->priv->buf;
+ sbf->priv->end = sbf->priv->buf;
+ sbf->priv->ptr[0] = '\0';
+}
\ No newline at end of file
diff -Naru evolution-data-server-3.30.1/src/camel/camel-stream-buffer.h evolution-data-server-3.30.1-new/src/camel/camel-stream-buffer.h
--- evolution-data-server-3.30.1/src/camel/camel-stream-buffer.h 2018-09-24 14:42:33.000000000 +0800
+++ evolution-data-server-3.30.1-new/src/camel/camel-stream-buffer.h 2022-07-13 19:27:11.436475000 +0800
@@ -93,6 +93,8 @@
gchar * camel_stream_buffer_read_line (CamelStreamBuffer *sbf,
GCancellable *cancellable,
GError **error);
+void camel_stream_buffer_discard_cache
+ (CamelStreamBuffer *sbf);
G_END_DECLS
diff -Naru evolution-data-server-3.30.1/src/camel/providers/pop3/camel-pop3-store.c evolution-data-server-3.30.1-new/src/camel/providers/pop3/camel-pop3-store.c
--- evolution-data-server-3.30.1/src/camel/providers/pop3/camel-pop3-store.c 2018-09-24 14:42:33.000000000 +0800
+++ evolution-data-server-3.30.1-new/src/camel/providers/pop3/camel-pop3-store.c 2022-07-13 19:29:24.216618000 +0800
@@ -208,6 +208,8 @@
if (tls_stream != NULL) {
camel_stream_set_base_stream (stream, tls_stream);
+ /* Truncate any left cached input from the insecure part of the session */
+ camel_pop3_stream_discard_cache (pop3_engine->stream);
g_object_unref (tls_stream);
} else {
g_prefix_error (
diff -Naru evolution-data-server-3.30.1/src/camel/providers/pop3/camel-pop3-stream.c evolution-data-server-3.30.1-new/src/camel/providers/pop3/camel-pop3-stream.c
--- evolution-data-server-3.30.1/src/camel/providers/pop3/camel-pop3-stream.c 2018-09-24 14:42:33.000000000 +0800
+++ evolution-data-server-3.30.1-new/src/camel/providers/pop3/camel-pop3-stream.c 2022-07-13 19:29:23.036618000 +0800
@@ -457,3 +457,13 @@
return 1;
}
+void
+camel_pop3_stream_discard_cache (CamelPOP3Stream *is)
+{
+ if (is) {
+ is->ptr = is->end = is->buf;
+ is->lineptr = is->linebuf;
+ is->lineend = is->linebuf + CAMEL_POP3_STREAM_LINE_SIZE;
+ is->ptr[0] = '\n';
+ }
+}
diff -Naru evolution-data-server-3.30.1/src/camel/providers/pop3/camel-pop3-stream.h evolution-data-server-3.30.1-new/src/camel/providers/pop3/camel-pop3-stream.h
--- evolution-data-server-3.30.1/src/camel/providers/pop3/camel-pop3-stream.h 2018-09-24 14:42:33.000000000 +0800
+++ evolution-data-server-3.30.1-new/src/camel/providers/pop3/camel-pop3-stream.h 2022-07-13 19:29:57.168129000 +0800
@@ -87,6 +87,7 @@
guint *len,
GCancellable *cancellable,
GError **error);
+void camel_pop3_stream_discard_cache (CamelPOP3Stream *is);
G_END_DECLS
diff -Naru evolution-data-server-3.30.1/src/camel/providers/smtp/camel-smtp-transport.c evolution-data-server-3.30.1-new/src/camel/providers/smtp/camel-smtp-transport.c
--- evolution-data-server-3.30.1/src/camel/providers/smtp/camel-smtp-transport.c 2018-09-24 14:42:33.000000000 +0800
+++ evolution-data-server-3.30.1-new/src/camel/providers/smtp/camel-smtp-transport.c 2022-07-13 19:30:27.920458000 +0800
@@ -319,6 +319,8 @@
if (tls_stream != NULL) {
camel_stream_set_base_stream (stream, tls_stream);
+ /* Truncate any left cached input from the insecure part of the session */
+ camel_stream_buffer_discard_cache (transport->istream);
g_object_unref (tls_stream);
} else {
g_prefix_error (

6
evolution-data-server.spec
View File

@ -2,7 +2,7 @@
Name: evolution-data-server Name: evolution-data-server
Version: 3.30.1 Version: 3.30.1
Release: 4 Release: 5
Summary: Backend data server for Evolution Summary: Backend data server for Evolution
License: LGPLv2+ License: LGPLv2+
URL: https://wiki.gnome.org/Apps/Evolution URL: https://wiki.gnome.org/Apps/Evolution
@ -10,6 +10,7 @@ Source: http://download.gnome.org/sources/%{name}/3.30/%{name}-%{version
#https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/2cc39592b532cf0dc994fd3694b8e6bf924c9ab5.patch #https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/2cc39592b532cf0dc994fd3694b8e6bf924c9ab5.patch
Patch0: CVE-2020-16117.patch Patch0: CVE-2020-16117.patch
Patch1: CVE-2020-14928.patch
Provides: evolution-webcal = %{version} Provides: evolution-webcal = %{version}
Obsoletes: evolution-webcal < 2.24.0 compat-evolution-data-server310-libcamel < 3.12 Obsoletes: evolution-webcal < 2.24.0 compat-evolution-data-server310-libcamel < 3.12
@ -165,6 +166,9 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &>/dev/null || :
%{_libexecdir}/evolution-data-server/csv2vcard %{_libexecdir}/evolution-data-server/csv2vcard
%changelog %changelog
* Thu Jul 14 2022 weichao.zhang <weichao.zhang@epro.com.cn> - 3.30.1-5
- Fix CVE-2020-14928
* Fri Apr 22 2022 yaoxin <yaoxin30@h-partners.com> - 3.30.1-4 * Fri Apr 22 2022 yaoxin <yaoxin30@h-partners.com> - 3.30.1-4
- Fix CVE-2020-16117 - Fix CVE-2020-16117