rpms/sylpheed/devel sylpheed-2.3.1-apop-cve-2007-1558.patch, NONE, 1.1 sylpheed-2.3.1-certsdir.patch, NONE, 1.1 sylpheed.spec, 1.46, 1.47
Michael Schwendt (mschwendt)
fedora-extras-commits at redhat.com
Sat Apr 21 08:29:17 UTC 2007
- Previous message: rpms/php-pear-Services-Weather/devel .cvsignore, 1.2, 1.3 php-pear-Services-Weather.spec, 1.1, 1.2 sources, 1.2, 1.3
- Next message: rpms/sylpheed/FC-6 sylpheed-2.3.1-apop-cve-2007-1558.patch, NONE, 1.1 sylpheed-2.3.1-certsdir.patch, NONE, 1.1 .cvsignore, 1.23, 1.24 sources, 1.23, 1.24 sylpheed.spec, 1.42, 1.43
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: mschwendt
Update of /cvs/extras/rpms/sylpheed/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv16335
Modified Files:
sylpheed.spec
Added Files:
sylpheed-2.3.1-apop-cve-2007-1558.patch
sylpheed-2.3.1-certsdir.patch
Log Message:
* Sat Apr 21 2007 Michael Schwendt <mschwendt[AT]users.sf.net> - 2.3.1-2
- Patch APOP vulnerability (CVE-2007-1558) as in 2.4.0.
- Patch default directory for SSL/TLS certificates.
sylpheed-2.3.1-apop-cve-2007-1558.patch:
--- NEW FILE sylpheed-2.3.1-apop-cve-2007-1558.patch ---
diff -urN sylpheed-2.4.0rc/libsylph/pop.c sylpheed-2.4.0/libsylph/pop.c
--- sylpheed-2.4.0rc/libsylph/pop.c 2006-10-30 15:11:12.000000000 +0900
+++ sylpheed-2.4.0/libsylph/pop.c 2007-04-19 13:19:34.000000000 +0900
@@ -166,6 +166,12 @@
*(end + 1) = '\0';
+ if (!is_ascii_str(start) || strchr(start, '@') == NULL) {
+ log_warning(_("Invalid timestamp in greeting\n"));
+ session->error_val = PS_PROTOCOL;
+ return -1;
+ }
+
apop_str = g_strconcat(start, session->pass, NULL);
md5 = s_gnet_md5_new((guchar *)apop_str, strlen(apop_str));
md5sum = s_gnet_md5_get_string(md5);
@@ -707,7 +713,7 @@
static gint pop3_session_recv_msg(Session *session, const gchar *msg)
{
Pop3Session *pop3_session = POP3_SESSION(session);
- Pop3ErrorValue val = PS_SUCCESS;
+ gint val = PS_SUCCESS;
const gchar *body;
body = msg;
@@ -732,76 +738,77 @@
switch (pop3_session->state) {
case POP3_READY:
case POP3_GREETING:
- pop3_greeting_recv(pop3_session, body);
+ val = pop3_greeting_recv(pop3_session, body);
#if USE_SSL
if (pop3_session->ac_prefs->ssl_pop == SSL_STARTTLS)
- pop3_stls_send(pop3_session);
+ val = pop3_stls_send(pop3_session);
else
#endif
if (pop3_session->ac_prefs->use_apop_auth)
- pop3_getauth_apop_send(pop3_session);
+ val = pop3_getauth_apop_send(pop3_session);
else
- pop3_getauth_user_send(pop3_session);
+ val = pop3_getauth_user_send(pop3_session);
break;
#if USE_SSL
case POP3_STLS:
- if (pop3_stls_recv(pop3_session) != PS_SUCCESS)
+ if ((val = pop3_stls_recv(pop3_session)) != PS_SUCCESS)
return -1;
if (pop3_session->ac_prefs->use_apop_auth)
- pop3_getauth_apop_send(pop3_session);
+ val = pop3_getauth_apop_send(pop3_session);
else
- pop3_getauth_user_send(pop3_session);
+ val = pop3_getauth_user_send(pop3_session);
break;
#endif
case POP3_GETAUTH_USER:
- pop3_getauth_pass_send(pop3_session);
+ val = pop3_getauth_pass_send(pop3_session);
break;
case POP3_GETAUTH_PASS:
case POP3_GETAUTH_APOP:
if (pop3_session->auth_only)
- pop3_logout_send(pop3_session);
+ val = pop3_logout_send(pop3_session);
else
- pop3_getrange_stat_send(pop3_session);
+ val = pop3_getrange_stat_send(pop3_session);
break;
case POP3_GETRANGE_STAT:
- if (pop3_getrange_stat_recv(pop3_session, body) < 0)
+ if ((val = pop3_getrange_stat_recv(pop3_session, body)) < 0)
return -1;
if (pop3_session->count > 0)
- pop3_getrange_uidl_send(pop3_session);
+ val = pop3_getrange_uidl_send(pop3_session);
else
- pop3_logout_send(pop3_session);
+ val = pop3_logout_send(pop3_session);
break;
case POP3_GETRANGE_LAST:
if (val == PS_NOTSUPPORTED)
pop3_session->error_val = PS_SUCCESS;
- else if (pop3_getrange_last_recv(pop3_session, body) < 0)
+ else if ((val = pop3_getrange_last_recv
+ (pop3_session, body)) < 0)
return -1;
if (pop3_session->cur_msg > 0)
- pop3_getsize_list_send(pop3_session);
+ val = pop3_getsize_list_send(pop3_session);
else
- pop3_logout_send(pop3_session);
+ val = pop3_logout_send(pop3_session);
break;
case POP3_GETRANGE_UIDL:
if (val == PS_NOTSUPPORTED) {
pop3_session->error_val = PS_SUCCESS;
- pop3_getrange_last_send(pop3_session);
+ val = pop3_getrange_last_send(pop3_session);
} else {
pop3_session->state = POP3_GETRANGE_UIDL_RECV;
- session_recv_data(session, 0, ".\r\n");
+ val = session_recv_data(session, 0, ".\r\n");
}
break;
case POP3_GETSIZE_LIST:
pop3_session->state = POP3_GETSIZE_LIST_RECV;
- session_recv_data(session, 0, ".\r\n");
+ val = session_recv_data(session, 0, ".\r\n");
break;
case POP3_RETR:
pop3_session->state = POP3_RETR_RECV;
- session_recv_data_as_file(session, 0, ".\r\n");
+ val = session_recv_data_as_file(session, 0, ".\r\n");
break;
case POP3_DELETE:
- pop3_delete_recv(pop3_session);
+ val = pop3_delete_recv(pop3_session);
if (pop3_session->cur_msg == pop3_session->count)
- pop3_logout_send(pop3_session);
+ val = pop3_logout_send(pop3_session);
else {
pop3_session->cur_msg++;
if (pop3_lookup_next(pop3_session) == POP3_ERROR)
@@ -817,7 +824,10 @@
return -1;
}
- return 0;
+ if (val == PS_SUCCESS)
+ return 0;
+ else
+ return -1;
}
static gint pop3_session_recv_data_finished(Session *session, guchar *data,
sylpheed-2.3.1-certsdir.patch:
--- NEW FILE sylpheed-2.3.1-certsdir.patch ---
diff -Nur sylpheed-2.3.1-orig/libsylph/ssl.c sylpheed-2.3.1/libsylph/ssl.c
--- sylpheed-2.3.1-orig/libsylph/ssl.c 2007-01-12 07:21:48.000000000 +0100
+++ sylpheed-2.3.1/libsylph/ssl.c 2007-04-21 10:22:44.000000000 +0200
@@ -81,7 +81,7 @@
"etc" G_DIR_SEPARATOR_S
"ssl" G_DIR_SEPARATOR_S "certs", NULL);
#else
- certs_dir = g_strdup("/etc/ssl/certs");
+ certs_dir = g_strdup("/etc/pki/tls/certs");
#endif
if (!is_dir_exist(certs_dir)) {
debug_print("ssl_init(): %s doesn't exist, or not a directory.\n",
Index: sylpheed.spec
===================================================================
RCS file: /cvs/extras/rpms/sylpheed/devel/sylpheed.spec,v
retrieving revision 1.46
retrieving revision 1.47
diff -u -r1.46 -r1.47
--- sylpheed.spec 29 Jan 2007 21:40:18 -0000 1.46
+++ sylpheed.spec 21 Apr 2007 08:28:42 -0000 1.47
@@ -5,7 +5,7 @@
Summary: GTK+ based, lightweight, and fast email client
Name: sylpheed
Version: 2.3.1
-Release: 1%{?dist}
+Release: 2%{?dist}
License: GPL
URL: http://sylpheed.sraoss.jp/
Group: Applications/Internet
@@ -22,7 +22,9 @@
Patch1: sylpheed-2.2.3-defs.h.patch
Patch2: sylpheed-2.2.7-desktop.patch
+Patch3: sylpheed-2.3.1-certsdir.patch
Patch4: sylpheed-2.2.5-prefs_common.patch
+Patch5: sylpheed-2.3.1-apop-cve-2007-1558.patch
%description
This program is an X based fast email client which has features
@@ -43,7 +45,9 @@
%setup -q
%patch1 -p1 -b .defs.h
%patch2 -p1 -b .desktop
+%patch3 -p1 -b .certsdir
%patch4 -p1 -b .prefs_common
+%patch5 -p1 -b .apop
%build
%configure --enable-ssl %{!?_without_gpgme:--enable-gpgme} \
@@ -84,6 +88,10 @@
%{_mandir}/man1/*
%changelog
+* Sat Apr 21 2007 Michael Schwendt <mschwendt[AT]users.sf.net> - 2.3.1-2
+- Patch APOP vulnerability (CVE-2007-1558) as in 2.4.0.
+- Patch default directory for SSL/TLS certificates.
+
* Wed Jan 17 2007 Michael Schwendt <mschwendt[AT]users.sf.net> - 2.3.1-1
- Update to 2.3.1.
- Previous message: rpms/php-pear-Services-Weather/devel .cvsignore, 1.2, 1.3 php-pear-Services-Weather.spec, 1.1, 1.2 sources, 1.2, 1.3
- Next message: rpms/sylpheed/FC-6 sylpheed-2.3.1-apop-cve-2007-1558.patch, NONE, 1.1 sylpheed-2.3.1-certsdir.patch, NONE, 1.1 .cvsignore, 1.23, 1.24 sources, 1.23, 1.24 sylpheed.spec, 1.42, 1.43
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list