[evolution/f16] CVE-2011-3201

Wed Nov 30 13:32:18 UTC 2011

commit b9461f095dd558e7ca83a2f29946559a6f4ea272
Author: Matthew Barnes <mbarnes at redhat.com>
Date:   Wed Nov 30 07:32:03 2011 -0600

    CVE-2011-3201

 evolution-3.2.2-CVE-2011-3201.patch |   56 +++++++++++++++++++++++++++++++++++
 evolution.spec                      |    9 +++++-
 2 files changed, 64 insertions(+), 1 deletions(-)
---

diff --git a/evolution-3.2.2-CVE-2011-3201.patch b/evolution-3.2.2-CVE-2011-3201.patch
new file mode 100644
index 0000000..7b6ce55
--- /dev/null
+++ b/evolution-3.2.2-CVE-2011-3201.patch
@@ -0,0 +1,56 @@
+diff -up evolution-3.2.2/composer/e-msg-composer.c.CVE-2011-3201 evolution-3.2.2/composer/e-msg-composer.c
+--- evolution-3.2.2/composer/e-msg-composer.c.CVE-2011-3201	2011-10-20 05:38:02.000000000 -0500
++++ evolution-3.2.2/composer/e-msg-composer.c	2011-11-30 07:30:00.504101491 -0600
+@@ -4003,6 +4003,35 @@ merge_always_cc_and_bcc (EComposerHeader
+ 	e_destination_freev (addrv);
+ }
+ 
++static const gchar *blacklist[] = { ".", "etc", ".." };
++
++static gboolean
++file_is_blacklisted (const gchar *filename)
++{
++	gboolean blacklisted = FALSE;
++	guint ii, jj, n_parts;
++	gchar **parts;
++
++	parts = g_strsplit (filename, G_DIR_SEPARATOR_S, -1);
++	n_parts = g_strv_length (parts);
++
++	for (ii = 0; ii < G_N_ELEMENTS (blacklist); ii++) {
++		for (jj = 0; jj < n_parts; jj++) {
++			if (g_str_has_prefix (parts[jj], blacklist[ii])) {
++				blacklisted = TRUE;
++				break;
++			}
++		}
++	}
++
++	g_strfreev (parts);
++
++	if (blacklisted)
++		g_message ("Skipping suspicious attachment: %s", filename);
++
++	return blacklisted;
++}
++
+ static void
+ handle_mailto (EMsgComposer *composer,
+                const gchar *mailto)
+@@ -4096,6 +4125,8 @@ handle_mailto (EMsgComposer *composer,
+ 				EAttachment *attachment;
+ 
+ 				camel_url_decode (content);
++				if (file_is_blacklisted (content))
++					goto next;
+ 				if (g_ascii_strncasecmp (content, "file:", 5) == 0)
+ 					attachment = e_attachment_new_for_uri (content);
+ 				else
+@@ -4115,6 +4146,7 @@ handle_mailto (EMsgComposer *composer,
+ 				e_msg_composer_add_header (composer, header, content);
+ 			}
+ 
++next:
+ 			g_free (content);
+ 
+ 			p += clen;
diff --git a/evolution.spec b/evolution.spec
index 23e18c8..3d75169 100644
--- a/evolution.spec
+++ b/evolution.spec
@@ -28,7 +28,7 @@
 
 Name: evolution
 Version: 3.2.2
-Release: 1%{?dist}
+Release: 2%{?dist}
 Group: Applications/Productivity
 Summary: Mail and calendar client for GNOME
 License: GPLv2+ and GFDL
@@ -47,6 +47,9 @@ Patch10: evolution-1.4.4-ldap-x86_64-hack.patch
 # RH bug #589555
 Patch11: evolution-2.30.1-help-contents.patch
 
+# CVE-2011-3201
+Patch12: evolution-3.2.2-CVE-2011-3201.patch
+
 ## Dependencies ###
 
 Requires(pre): GConf2
@@ -203,6 +206,7 @@ This package contains the plugin to import Microsoft Personal Storage Table
 %setup -q -n evolution-%{version}
 %patch10 -p1 -b .ldaphack
 %patch11 -p1 -b .help-contents
+%patch12 -p1 -b .CVE-2011-3201
 
 mkdir -p krb5-fakeprefix/include
 mkdir -p krb5-fakeprefix/lib
@@ -648,6 +652,9 @@ rm -rf $RPM_BUILD_ROOT
 %endif
 
 %changelog
+* Wed Nov 30 2011 Matthew Barnes <mbarnes at redhat.com> - 3.2.2-2
+- Add patch for RH bug #757164 (CVE-2011-3201).
+
 * Mon Nov 14 2011 Milan Crha <mcrha at redhat.com> - 3.2.2-1
 - Update to 3.2.2
 
