[evolution/f15] CVE-2011-3201

Wed Nov 30 13:34:50 UTC 2011

commit a8ddb02e4cacd72b50f6c03d082755e573ad9391
Author: Matthew Barnes <mbarnes at redhat.com>
Date:   Wed Nov 30 07:34:36 2011 -0600

    CVE-2011-3201

 evolution-3.0.3-CVE-2011-3201.patch |   56 +++++++++++++++++++++++++++++++++++
 evolution.spec                      |    9 +++++-
 2 files changed, 64 insertions(+), 1 deletions(-)
---

diff --git a/evolution-3.0.3-CVE-2011-3201.patch b/evolution-3.0.3-CVE-2011-3201.patch
new file mode 100644
index 0000000..6ab1aab
--- /dev/null
+++ b/evolution-3.0.3-CVE-2011-3201.patch
@@ -0,0 +1,56 @@
+diff -up evolution-3.0.3/composer/e-msg-composer.c.CVE-2011-3201 evolution-3.0.3/composer/e-msg-composer.c
+--- evolution-3.0.3/composer/e-msg-composer.c.CVE-2011-3201	2011-07-15 02:42:06.000000000 -0500
++++ evolution-3.0.3/composer/e-msg-composer.c	2011-11-30 07:32:33.485560137 -0600
+@@ -3893,6 +3893,35 @@ add_recipients (GList *list, const gchar
+ 	return list;
+ }
+ 
++static const gchar *blacklist[] = { ".", "etc", ".." };
++
++static gboolean
++file_is_blacklisted (const gchar *filename)
++{
++	gboolean blacklisted = FALSE;
++	guint ii, jj, n_parts;
++	gchar **parts;
++
++	parts = g_strsplit (filename, G_DIR_SEPARATOR_S, -1);
++	n_parts = g_strv_length (parts);
++
++	for (ii = 0; ii < G_N_ELEMENTS (blacklist); ii++) {
++		for (jj = 0; jj < n_parts; jj++) {
++			if (g_str_has_prefix (parts[jj], blacklist[ii])) {
++				blacklisted = TRUE;
++				break;
++			}
++		}
++	}
++
++	g_strfreev (parts);
++
++	if (blacklisted)
++		g_message ("Skipping suspicious attachment: %s", filename);
++
++	return blacklisted;
++}
++
+ static void
+ handle_mailto (EMsgComposer *composer, const gchar *mailto)
+ {
+@@ -3985,6 +4014,8 @@ handle_mailto (EMsgComposer *composer, c
+ 				EAttachment *attachment;
+ 
+ 				camel_url_decode (content);
++				if (file_is_blacklisted (content))
++					goto next;
+ 				if (g_ascii_strncasecmp (content, "file:", 5) == 0)
+ 					attachment = e_attachment_new_for_uri (content);
+ 				else
+@@ -4004,6 +4035,7 @@ handle_mailto (EMsgComposer *composer, c
+ 				e_msg_composer_add_header (composer, header, content);
+ 			}
+ 
++next:
+ 			g_free (content);
+ 
+ 			p += clen;
diff --git a/evolution.spec b/evolution.spec
index f2b0c8f..9bae3de 100644
--- a/evolution.spec
+++ b/evolution.spec
@@ -28,7 +28,7 @@
 
 Name: evolution
 Version: 3.0.3
-Release: 1%{?dist}
+Release: 2%{?dist}
 Group: Applications/Productivity
 Summary: Mail and calendar client for GNOME
 License: GPLv2+ and GFDL
@@ -49,6 +49,9 @@ Patch13: evolution-2.30.1-help-contents.patch
 
 Patch14: evolution-help-gl.patch
 
+# CVE-2011-3201
+Patch15: evolution-3.0.3-CVE-2011-3201.patch
+
 ## Dependencies ###
 
 Requires(pre): GConf2
@@ -205,6 +208,7 @@ This package contains the plugin to import Microsoft Personal Storage Table
 %patch10 -p1 -b .ldaphack
 %patch13 -p1 -b .help-contents
 %patch14 -p1 -b .help-gl
+%patch15 -p1 -b .CVE-2011-3201
 
 mkdir -p krb5-fakeprefix/include
 mkdir -p krb5-fakeprefix/lib
@@ -594,6 +598,9 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
 %endif
 
 %changelog
+* Wed Nov 30 2011 Matthew Barnes <mbarnes at redhat.com> - 3.0.3-2
+- Add patch for RH bug #757164 (CVE-2011-3201).
+
 * Wed Aug 31 2011 Milan Crha <mcrha at redhat.com> - 3.0.3-1
 - Update to 3.0.3
 - Remove patch for Red Hat bug #707578 (fixed upstream)
