From e4aff9cade987d79a1e3334dd763bf6eebd628d7 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Mar 31 2020 09:35:45 +0000 Subject: import evolution-data-server-3.28.5-4.el7 --- diff --git a/SOURCES/evolution-data-server-3.28.5-cve-2019-3890.patch b/SOURCES/evolution-data-server-3.28.5-cve-2019-3890.patch new file mode 100644 index 0000000..5a19759 --- /dev/null +++ b/SOURCES/evolution-data-server-3.28.5-cve-2019-3890.patch @@ -0,0 +1,18 @@ +diff -up evolution-data-server-3.28.5/src/libedataserver/e-data-server-util.c.cve-2019-3890 evolution-data-server-3.28.5/src/libedataserver/e-data-server-util.c +--- evolution-data-server-3.28.5/src/libedataserver/e-data-server-util.c.cve-2019-3890 2019-04-15 09:25:49.273786456 +0200 ++++ evolution-data-server-3.28.5/src/libedataserver/e-data-server-util.c 2019-04-15 09:35:00.784778830 +0200 +@@ -3147,11 +3147,13 @@ e_util_can_use_collection_as_credential_ + if (can_use_collection) { + gchar *method_source, *method_collection; + +- /* Also check the method; if different, then rather not use the collection */ ++ /* Also check the method; if different, then rather not use the collection. ++ Consider 'none' method on the child as the same as the collection method. */ + method_source = e_source_authentication_dup_method (auth_source); + method_collection = e_source_authentication_dup_method (auth_collection); + + can_use_collection = !method_source || !method_collection || ++ g_ascii_strcasecmp (method_source, "none") == 0 || + g_ascii_strcasecmp (method_source, method_collection) == 0; + + g_free (method_source); diff --git a/SPECS/evolution-data-server.spec b/SPECS/evolution-data-server.spec index 815dee2..7fe2c6b 100644 --- a/SPECS/evolution-data-server.spec +++ b/SPECS/evolution-data-server.spec @@ -32,7 +32,7 @@ Name: evolution-data-server Version: 3.28.5 -Release: 3%{?dist} +Release: 4%{?dist} Group: System Environment/Libraries Summary: Backend data server for Evolution License: LGPLv2+ @@ -58,6 +58,9 @@ Patch03: evolution-data-server-3.28.2-sqlite-deterministic.patch # RH bug #1610744 Patch04: evolution-data-server-3.28.5-test-cal-client-get-revision.patch +# RH bug #1696762 +Patch05: evolution-data-server-3.28.5-cve-2019-3890.patch + ### Dependencies ### Requires: dconf @@ -180,6 +183,7 @@ the functionality of the installed %{name} package. %patch02 -p1 -b .cmake-version %patch03 -p1 -b .sqlite-deterministic %patch04 -p1 -b .test-cal-client-get-revision +%patch05 -p1 -b .cve-2019-3890 %build @@ -441,6 +445,9 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &>/dev/null || : %{_datadir}/installed-tests %changelog +* Wed Aug 14 2019 Milan Crha - 3.28.5-4 +- Add patch related to evolution-ews' CVE-2019-3890 (RH bug #1696762) + * Thu May 23 2019 Milan Crha - 3.28.5-3 - Update patch for RH bug #1610744 (test-cal-client-get-revision could fail)