kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

fix two buffer overflows in iCalendar code (CVE-2008-1108, CVE-2008-1109),

Browse source 
patches from upstream CVS, bump PKGREVISION
This commit is contained in:
drochner 2008-06-05 11:08:08 +00:00
parent 15e69f8927
commit b3e8740165
4 changed files with 378 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
mail/evolution/Makefile
View file

@ -1,6 +1,7 @@
# $NetBSD: Makefile,v 1.133 2008/05/29 16:59:47 drochner Exp $
# $NetBSD: Makefile,v 1.134 2008/06/05 11:08:08 drochner Exp $
DISTNAME= evolution-2.22.2
PKGREVISION= 1
CATEGORIES= mail time gnome
MASTER_SITES= ${MASTER_SITE_GNOME:=sources/evolution/2.22/}
EXTRACT_SUFX= .tar.bz2

4
mail/evolution/distinfo
View file

@ -1,7 +1,9 @@
$NetBSD: distinfo,v 1.57 2008/05/29 16:59:47 drochner Exp $
$NetBSD: distinfo,v 1.58 2008/06/05 11:08:08 drochner Exp $
SHA1 (evolution-2.22.2.tar.bz2) = ec52b816c95daaa694a0116d32d03832dc95d707
RMD160 (evolution-2.22.2.tar.bz2) = 47c1813d564e97a7eca679a9e6c607bd6ac951ee
Size (evolution-2.22.2.tar.bz2) = 30989731 bytes
SHA1 (patch-aa) = d490839edcbb4893086750e052ca41bfff487bfa
SHA1 (patch-ab) = b56533feb1bf7d3c3eabf905a50a54e7f27f5b1c
SHA1 (patch-ac) = 70905604bee881a2d22b8ff9b855ebd1faeec210
SHA1 (patch-ad) = f1fe62eba78fbb734b1f0bfe256e8a8c2455ca95

311
mail/evolution/patches/patch-ac Normal file
View file

@ -0,0 +1,311 @@
$NetBSD: patch-ac,v 1.18 2008/06/05 11:08:08 drochner Exp $
--- calendar/gui/e-itip-control.c.orig 2008-04-04 11:18:00.000000000 +0200
+++ calendar/gui/e-itip-control.c
@@ -660,7 +660,7 @@ find_attendee (icalcomponent *ical_comp,
static void
write_label_piece (EItipControl *itip, ECalComponentDateTime *dt,
- char *buffer, int size,
+ GString *buffer,
const char *stext, const char *etext,
gboolean just_date)
{
@@ -685,13 +685,13 @@ write_label_piece (EItipControl *itip, E
tmp_tm.tm_hour = tmp_tm.tm_min = tmp_tm.tm_sec = 0;
if (stext != NULL)
- strcat (buffer, stext);
+ g_string_append (buffer, stext);
e_time_format_date_and_time (&tmp_tm,
calendar_config_get_24_hour_format (),
FALSE, FALSE,
time_buf, sizeof (time_buf));
- strcat (buffer, time_buf);
+ g_string_append (buffer, time_buf);
if (!dt->value->is_utc && dt->tzid) {
zone = icalcomponent_get_timezone (priv->top_level, dt->tzid);
@@ -703,21 +703,21 @@ write_label_piece (EItipControl *itip, E
UTF-8. But it probably is not translated. */
display_name = icaltimezone_get_display_name (zone);
if (display_name && *display_name) {
- strcat (buffer, " <font size=-1>[");
+ g_string_append_len (buffer, " <font size=-1>[", 16);
/* We check if it is one of our builtin timezone names,
in which case we call gettext to translate it. */
if (icaltimezone_get_builtin_timezone (display_name)) {
- strcat (buffer, _(display_name));
+ g_string_append_printf (buffer, "%s", _(display_name));
} else {
- strcat (buffer, display_name);
+ g_string_append_printf (buffer, "%s", display_name);
}
- strcat (buffer, "]</font>");
+ g_string_append_len (buffer, "]</font>", 8);
}
}
if (etext != NULL)
- strcat (buffer, etext);
+ g_string_append (buffer, etext);
}
static const char *
@@ -754,19 +754,17 @@ get_dayname (struct icalrecurrencetype *
static void
write_recurrence_piece (EItipControl *itip, ECalComponent *comp,
- char *buffer, int size)
+ GString *buffer)
{
GSList *rrules;
struct icalrecurrencetype *r;
- int len, i;
+ int i;
- strcpy (buffer, "<b>Recurring:</b> ");
- len = strlen (buffer);
- buffer += len;
- size -= len;
+ g_string_append_len (buffer, "<b>Recurring:</b> ", 18);
if (!e_cal_component_has_simple_recurrence (comp)) {
- strcpy (buffer, _("Yes. (Complex Recurrence)"));
+ g_string_append_printf (
+ buffer, "%s", _("Yes. (Complex Recurrence)"));
return;
}
@@ -782,7 +780,10 @@ write_recurrence_piece (EItipControl *it
Every %d day/days" */
/* For Translators : 'Every day' is event Recurring every day */
/* For Translators : 'Every %d days' is event Recurring every %d days. %d is a digit */
- sprintf (buffer, ngettext("Every day", "Every %d days", r->interval), r->interval);
+ g_string_append_printf (
+ buffer, ngettext ("Every day",
+ "Every %d days", r->interval),
+ r->interval);
break;
case ICAL_WEEKLY_RECURRENCE:
@@ -792,29 +793,36 @@ write_recurrence_piece (EItipControl *it
Every %d week/weeks" */
/* For Translators : 'Every week' is event Recurring every week */
/* For Translators : 'Every %d weeks' is event Recurring every %d weeks. %d is a digit */
- sprintf (buffer, ngettext("Every week", "Every %d weeks", r->interval), r->interval);
+ g_string_append_printf (
+ buffer, ngettext ("Every week",
+ "Every %d weeks", r->interval),
+ r->interval);
} else {
/* For Translators : 'Every week on' is event Recurring every week on (dayname) and (dayname) and (dayname) */
/* For Translators : 'Every %d weeks on' is event Recurring: every %d weeks on (dayname) and (dayname). %d is a digit */
- sprintf (buffer, ngettext("Every week on ", "Every %d weeks on ", r->interval), r->interval);
+ g_string_append_printf (
+ buffer, ngettext ("Every week on ",
+ "Every %d weeks on ", r->interval),
+ r->interval);
for (i = 1; i < 8 && r->by_day[i] != ICAL_RECURRENCE_ARRAY_MAX; i++) {
if (i > 1)
- strcat (buffer, ", ");
- strcat (buffer, get_dayname (r, i - 1));
+ g_string_append_len (buffer, ", ", 2);
+ g_string_append (buffer, get_dayname (r, i - 1));
}
if (i > 1)
/* For Translators : 'and' is part of the sentence 'event recurring every week on (dayname) and (dayname)' */
- strcat (buffer, _(" and "));
- strcat (buffer, get_dayname (r, i - 1));
+ g_string_append_printf (buffer, "%s", _(" and "));
+ g_string_append (buffer, get_dayname (r, i - 1));
}
break;
case ICAL_MONTHLY_RECURRENCE:
if (r->by_month_day[0] != ICAL_RECURRENCE_ARRAY_MAX) {
/* For Translators : 'The %s day of' is part of the sentence 'event recurring on the (nth) day of every month.' */
- sprintf (buffer, _("The %s day of "),
- nth (r->by_month_day[0]));
+ g_string_append_printf (
+ buffer, _("The %s day of "),
+ nth (r->by_month_day[0]));
} else {
int pos;
@@ -828,20 +836,21 @@ write_recurrence_piece (EItipControl *it
/* For Translators : 'The %s %s of' is part of the sentence 'event recurring on the (nth) (dayname) of every month.'
eg,third monday of every month */
- sprintf (buffer, _("The %s %s of "),
- nth (pos), get_dayname (r, 0));
+ g_string_append_printf (
+ buffer, _("The %s %s of "),
+ nth (pos), get_dayname (r, 0));
}
- len = strlen (buffer);
- buffer += len;
- size -= len;
/* For Translators: In this can also be translated as "With the period of %d
month/months", where %d is a number. The entire sentence is of the form "Recurring:
Every %d month/months" */
/* For Translators : 'every month' is part of the sentence 'event recurring on the (nth) day of every month.' */
/* For Translators : 'every %d months' is part of the sentence 'event recurring on the (nth) day of every %d months.'
%d is a digit */
- sprintf (buffer, ngettext("every month","every %d months", r->interval), r->interval);
+ g_string_append_printf (
+ buffer, ngettext ("every month",
+ "every %d months", r->interval),
+ r->interval);
break;
case ICAL_YEARLY_RECURRENCE:
@@ -850,20 +859,22 @@ write_recurrence_piece (EItipControl *it
Every %d year/years" */
/* For Translators : 'Every year' is event Recurring every year */
/* For Translators : 'Every %d years' is event Recurring every %d years. %d is a digit */
- sprintf (buffer, ngettext("Every year", "Every %d years", r->interval), r->interval);
+ g_string_append_printf (
+ buffer, ngettext ("Every year",
+ "Every %d years", r->interval),
+ r->interval);
break;
default:
g_return_if_reached ();
}
- len = strlen (buffer);
- buffer += len;
- size -= len;
if (r->count) {
/* For Translators:'a total of %d time' is part of the sentence of the form 'event recurring every day,a total of % time.' %d is a digit*/
/* For Translators:'a total of %d times' is part of the sentence of the form 'event recurring every day,a total of % times.' %d is a digit*/
- sprintf (buffer, ngettext("a total of %d time", " a total of %d times", r->count), r->count);
+ g_string_append_printf (
+ buffer, ngettext ("a total of %d time",
+ " a total of %d times", r->count), r->count);
} else if (!icaltime_is_null_time (r->until)) {
ECalComponentDateTime dt;
@@ -871,12 +882,12 @@ write_recurrence_piece (EItipControl *it
dt.value = &r->until;
dt.tzid = icaltimezone_get_tzid ((icaltimezone *)r->until.zone);
- write_label_piece (itip, &dt, buffer, size,
+ write_label_piece (itip, &dt, buffer,
/* For Translators : ', ending on' is part of the sentence of the form 'event recurring every day, ending on (date).'*/
_(", ending on "), NULL, TRUE);
}
- strcat (buffer, "<br>");
+ g_string_append_len (buffer, "<br>", 4);
}
static void
@@ -884,47 +895,51 @@ set_date_label (EItipControl *itip, GtkH
ECalComponent *comp)
{
ECalComponentDateTime datetime;
- static char buffer[1024];
+ GString *buffer;
gchar *str;
gboolean wrote = FALSE, task_completed = FALSE;
ECalComponentVType type;
+ buffer = g_string_sized_new (1024);
type = e_cal_component_get_vtype (comp);
- buffer[0] = '\0';
e_cal_component_get_dtstart (comp, &datetime);
if (datetime.value) {
/* For Translators : 'starts' is starts:date implying a task starts on what date */
str = g_strdup_printf ("<b>%s:</b>", _("Starts"));
- write_label_piece (itip, &datetime, buffer, 1024,
- str,
- "<br>", FALSE);
- gtk_html_write (html, html_stream, buffer, strlen(buffer));
+ write_label_piece (itip, &datetime, buffer, str, "<br>", FALSE);
+ gtk_html_write (html, html_stream, buffer->str, buffer->len);
wrote = TRUE;
g_free (str);
}
e_cal_component_free_datetime (&datetime);
- buffer[0] = '\0';
+ /* Reset the buffer. */
+ g_string_truncate (buffer, 0);
+
e_cal_component_get_dtend (comp, &datetime);
if (datetime.value){
/* For Translators : 'ends' is ends:date implying a task ends on what date */
str = g_strdup_printf ("<b>%s:</b>", _("Ends"));
- write_label_piece (itip, &datetime, buffer, 1024, str, "<br>", FALSE);
- gtk_html_write (html, html_stream, buffer, strlen (buffer));
+ write_label_piece (itip, &datetime, buffer, str, "<br>", FALSE);
+ gtk_html_write (html, html_stream, buffer->str, buffer->len);
wrote = TRUE;
g_free (str);
}
e_cal_component_free_datetime (&datetime);
- buffer[0] = '\0';
+ /* Reset the buffer. */
+ g_string_truncate (buffer, 0);
+
if (e_cal_component_has_recurrences (comp)) {
- write_recurrence_piece (itip, comp, buffer, 1024);
- gtk_html_write (html, html_stream, buffer, strlen (buffer));
+ write_recurrence_piece (itip, comp, buffer);
+ gtk_html_write (html, html_stream, buffer->str, buffer->len);
wrote = TRUE;
}
- buffer[0] = '\0';
+ /* Reset the buffer. */
+ g_string_truncate (buffer, 0);
+
datetime.tzid = NULL;
e_cal_component_get_completed (comp, &datetime.value);
if (type == E_CAL_COMPONENT_TODO && datetime.value) {
@@ -932,20 +947,22 @@ set_date_label (EItipControl *itip, GtkH
timezone. */
str = g_strdup_printf ("<b>%s:</b>", _("Completed"));
datetime.value->is_utc = TRUE;
- write_label_piece (itip, &datetime, buffer, 1024, str, "<br>", FALSE);
- gtk_html_write (html, html_stream, buffer, strlen (buffer));
+ write_label_piece (itip, &datetime, buffer, str, "<br>", FALSE);
+ gtk_html_write (html, html_stream, buffer->str, buffer->len);
wrote = TRUE;
task_completed = TRUE;
g_free (str);
}
e_cal_component_free_datetime (&datetime);
- buffer[0] = '\0';
+ /* Reset the buffer. */
+ g_string_truncate (buffer, 0);
+
e_cal_component_get_due (comp, &datetime);
if (type == E_CAL_COMPONENT_TODO && !task_completed && datetime.value) {
str = g_strdup_printf ("<b>%s:</b>", _("Due"));
- write_label_piece (itip, &datetime, buffer, 1024, str, "<br>", FALSE);
- gtk_html_write (html, html_stream, buffer, strlen (buffer));
+ write_label_piece (itip, &datetime, buffer, str, "<br>", FALSE);
+ gtk_html_write (html, html_stream, buffer->str, buffer->len);
wrote = TRUE;
g_free (str);
}
@@ -954,6 +971,8 @@ set_date_label (EItipControl *itip, GtkH
if (wrote)
gtk_html_stream_printf (html_stream, "<br>");
+
+ g_string_free (buffer, TRUE);
}
static void

62
mail/evolution/patches/patch-ad Normal file
View file

@ -0,0 +1,62 @@
$NetBSD: patch-ad,v 1.10 2008/06/05 11:08:08 drochner Exp $
--- calendar/gui/itip-utils.c.orig 2008-04-04 11:18:00.000000000 +0200
+++ calendar/gui/itip-utils.c
@@ -174,50 +174,16 @@ get_attendee_if_attendee_sentby_is_user
}
static char *
-html_new_lines_for (char *string)
+html_new_lines_for (const char *string)
{
- char *html_string = (char *) malloc (sizeof (char)* (3500));
- int length = strlen (string);
- int index = 0;
- char *index_ptr = string;
- char *temp = string;
+ gchar **lines;
+ gchar *joined;
- /*Find the first occurence*/
- index_ptr = strstr ((const char *)temp, "\n");
+ lines = g_strsplit_set (string, "\n", -1);
+ joined = g_strjoinv ("<br>", lines);
+ g_strfreev (lines);
- /*Doesn't occur*/
- if (index_ptr == NULL) {
- strcpy (html_string, (const char *)string);
- html_string[length] = '\0';
- return html_string;
- }
-
- /*Split into chunks inserting <br> for \n */
- do{
- while (temp != index_ptr){
- html_string[index++] = *temp;
- temp++;
- }
- temp++;
-
- html_string[index++] = '<';
- html_string[index++] = 'b';
- html_string[index++] = 'r';
- html_string[index++] = '>';
-
- index_ptr = strstr ((const char *)temp, "\n");
-
- } while (index_ptr);
-
- /*Don't leave out the last chunk*/
- while (*temp != '\0'){
- html_string[index++] = *temp;
- temp++;
- }
-
- html_string[index] = '\0';
-
- return html_string;
+ return joined;
}
char *