Bug#690277: marked as done (unblock: claws-mail/3.8.1-2)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Fri, 12 Oct 2012 05:51:26 +0100
with message-id <1350017486.10097.9.camel@jacala.jungle.funky-badger.org>
and subject line Re: Bug#690277: unblock: claws-mail/3.8.1-2
has caused the Debian Bug report #690277,
regarding unblock: claws-mail/3.8.1-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
690277: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690277
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: unblock: claws-mail/3.8.1-2
• From: Ricardo Mones <mones@debian.org>
• Date: Fri, 12 Oct 2012 00:44:34 +0200
• Message-id: <[🔎] 20121011224434.10523.77322.reportbug@busgosu.mones.org>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package claws-mail

This upload fixes CVE-2012-4507 (bug #690151) and includes
backported patches for 3 segfaults discovered after 3.8.1
release. Debdiff attached.

thanks in advance,

unblock claws-mail/3.8.1-2

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

diff -Nru claws-mail-3.8.1/debian/changelog claws-mail-3.8.1/debian/changelog
--- claws-mail-3.8.1/debian/changelog	2012-06-28 01:28:06.000000000 +0200
+++ claws-mail-3.8.1/debian/changelog	2012-10-12 00:13:21.000000000 +0200
@@ -1,3 +1,16 @@
+claws-mail (3.8.1-2) unstable; urgency=medium
+
+  * patches/99_fix_CVE-2012-4507.patch
+  - Added fix for CVE-2012-4507 from 3.8.1cvs82 (Closes: #690151),
+    raised urgency because of grave bug
+  * patches/98_fix_segfault_no_utf_gpgme_strerror.patch,
+    patches/97_fix_segfault_parse_parameters.patch,
+    patches/96_fix_segfault_viewing_signature_info.patch
+  - Backported patches from upstream CVS fixing segfaults discovered
+    after 3.8.1 release
+
+ -- Ricardo Mones <mones@debian.org>  Fri, 12 Oct 2012 00:04:03 +0200
+
 claws-mail (3.8.1-1) unstable; urgency=low
 
   * New upstream release
diff -Nru claws-mail-3.8.1/debian/patches/96_fix_segfault_viewing_signature_info.patch claws-mail-3.8.1/debian/patches/96_fix_segfault_viewing_signature_info.patch
--- claws-mail-3.8.1/debian/patches/96_fix_segfault_viewing_signature_info.patch	1970-01-01 01:00:00.000000000 +0100
+++ claws-mail-3.8.1/debian/patches/96_fix_segfault_viewing_signature_info.patch	2012-10-12 00:13:21.000000000 +0200
@@ -0,0 +1,17 @@
+Subject: fix segfault viewing PGP/SMIME signature information
+From: Ricardo Mones <ricardo@mones.org>
+Bug: http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=2689
+Applied-Upstream: 3.8.1cvs12
+
+diff -purN claws-mail-3.8.1.orig/src/plugins/pgpcore/sgpgme.c claws-mail-3.8.1/src/plugins/pgpcore/sgpgme.c
+--- claws-mail-3.8.1.orig/src/plugins/pgpcore/sgpgme.c	2012-06-27 11:05:23.000000000 +0200
++++ claws-mail-3.8.1/src/plugins/pgpcore/sgpgme.c	2012-10-11 23:34:46.000000000 +0200
+@@ -326,7 +326,7 @@ gchar *sgpgme_sigstat_info_full(gpgme_ct
+ 				j++;
+ 				user = user->next;
+ 			}
+-			g_string_append_printf(siginfo,
++			g_string_append(siginfo,
+ 				_("Primary key fingerprint:"));
+ 			const char* primary_fpr = NULL;
+ 			if (key && key->subkeys && key->subkeys->fpr)
diff -Nru claws-mail-3.8.1/debian/patches/97_fix_segfault_parse_parameters.patch claws-mail-3.8.1/debian/patches/97_fix_segfault_parse_parameters.patch
--- claws-mail-3.8.1/debian/patches/97_fix_segfault_parse_parameters.patch	1970-01-01 01:00:00.000000000 +0100
+++ claws-mail-3.8.1/debian/patches/97_fix_segfault_parse_parameters.patch	2012-10-12 00:13:21.000000000 +0200
@@ -0,0 +1,17 @@
+Subject: fix segfault in parse_parameters() for some attachments
+From: Mikhail Efremov <mikhefr@gmail.com>
+Bug: http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=2697
+Applied-Upstream: 3.8.1cvs15
+
+diff -purN claws-mail-3.8.1.orig/src/procmime.c claws-mail-3.8.1/src/procmime.c
+--- claws-mail-3.8.1.orig/src/procmime.c	2012-06-27 11:05:22.000000000 +0200
++++ claws-mail-3.8.1/src/procmime.c	2012-10-11 23:15:23.000000000 +0200
+@@ -1704,7 +1704,7 @@ static void parse_parameters(const gchar
+ 			    (g_slist_find_custom(concatlist, down_attr, g_strcmp0) == NULL))
+ 				concatlist = g_slist_prepend(concatlist, g_strdup(tmpattr));
+ 
+-			if (convert && (g_slist_find_custom(convlist, down_attr, g_strcmp0) == NULL))
++			if (convert && (g_slist_find_custom(convlist, tmpattr, g_strcmp0) == NULL))
+ 				convlist = g_slist_prepend(convlist, g_strdup(tmpattr));
+ 
+ 			g_free(tmpattr);
diff -Nru claws-mail-3.8.1/debian/patches/98_fix_segfault_no_utf_gpgme_strerror.patch claws-mail-3.8.1/debian/patches/98_fix_segfault_no_utf_gpgme_strerror.patch
--- claws-mail-3.8.1/debian/patches/98_fix_segfault_no_utf_gpgme_strerror.patch	1970-01-01 01:00:00.000000000 +0100
+++ claws-mail-3.8.1/debian/patches/98_fix_segfault_no_utf_gpgme_strerror.patch	2012-10-12 00:13:21.000000000 +0200
@@ -0,0 +1,47 @@
+Subject: fix segfault when gpgme_strerror() returns a non UTF-8 string
+From: Colin Leroy <colin@colino.net>
+Bug: http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=2650
+Applied-Upstream: 3.8.1cvs41
+ 
+diff -purN claws-mail-3.8.1.orig/src/plugins/pgpcore/sgpgme.c claws-mail-3.8.1/src/plugins/pgpcore/sgpgme.c
+--- claws-mail-3.8.1.orig/src/plugins/pgpcore/sgpgme.c	2012-06-27 11:05:23.000000000 +0200
++++ claws-mail-3.8.1/src/plugins/pgpcore/sgpgme.c	2012-10-11 23:04:52.000000000 +0200
+@@ -610,13 +610,36 @@ bail:
+ 
+ void sgpgme_init()
+ {
++	gchar *ctype_locale = NULL, *messages_locale = NULL;
++	gchar *ctype_utf8_locale = NULL, *messages_utf8_locale = NULL;
++
+ 	gpgme_engine_info_t engineInfo;
+ 	if (gpgme_check_version("1.0.0")) {
+ #ifdef LC_CTYPE
+-		gpgme_set_locale(NULL, LC_CTYPE, setlocale(LC_CTYPE, NULL));
++		ctype_locale = g_strdup(setlocale(LC_CTYPE, NULL));
++		if (strchr(ctype_locale, '.'))
++			*(strchr(ctype_locale, '.')) = '\0';
++		else if (strchr(ctype_locale, '@'))
++			*(strchr(ctype_locale, '@')) = '\0';
++		ctype_utf8_locale = g_strconcat(ctype_locale, ".UTF-8", NULL);
++
++		gpgme_set_locale(NULL, LC_CTYPE, ctype_utf8_locale);
++
++		g_free(ctype_utf8_locale);
++		g_free(ctype_locale);
+ #endif
+ #ifdef LC_MESSAGES
+-		gpgme_set_locale(NULL, LC_MESSAGES, setlocale(LC_MESSAGES, NULL));
++		messages_locale = g_strdup(setlocale(LC_MESSAGES, NULL));
++		if (strchr(messages_locale, '.'))
++			*(strchr(messages_locale, '.')) = '\0';
++		else if (strchr(messages_locale, '@'))
++			*(strchr(messages_locale, '@')) = '\0';
++		messages_utf8_locale = g_strconcat(messages_locale, ".UTF-8", NULL);
++
++		gpgme_set_locale(NULL, LC_MESSAGES, messages_utf8_locale);
++
++		g_free(messages_utf8_locale);
++		g_free(messages_locale);
+ #endif
+ 		if (!gpgme_get_engine_info(&engineInfo)) {
+ 			while (engineInfo) {
diff -Nru claws-mail-3.8.1/debian/patches/99_fix_CVE-2012-4507.patch claws-mail-3.8.1/debian/patches/99_fix_CVE-2012-4507.patch
--- claws-mail-3.8.1/debian/patches/99_fix_CVE-2012-4507.patch	1970-01-01 01:00:00.000000000 +0100
+++ claws-mail-3.8.1/debian/patches/99_fix_CVE-2012-4507.patch	2012-10-12 00:13:21.000000000 +0200
@@ -0,0 +1,19 @@
+Subject: fix for CVE-2012-4507 
+From: Michael Schwendt <mschwendt@gmail.com>
+Bug: http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=2743
+Bug-RedHat: https://bugzilla.redhat.com/862578
+Bug-Debian: http://bugs.debian.org/690151
+Applied-Upstream: 3.8.1cvs82
+
+diff -purN claws-mail-3.8.1.orig/src/procmime.c claws-mail-3.8.1/src/procmime.c
+--- claws-mail-3.8.1.orig/src/procmime.c	2012-06-27 11:05:22.000000000 +0200
++++ claws-mail-3.8.1/src/procmime.c	2012-10-11 18:40:13.000000000 +0200
+@@ -1753,6 +1753,8 @@ static void parse_parameters(const gchar
+ 			continue;
+ 
+ 		charset = value;
++		if (charset == NULL)
++			continue;
+ 		lang = strchr(charset, '\'');
+ 		if (lang == NULL)
+ 			continue;
diff -Nru claws-mail-3.8.1/debian/patches/series claws-mail-3.8.1/debian/patches/series
--- claws-mail-3.8.1/debian/patches/series	2012-06-28 01:28:06.000000000 +0200
+++ claws-mail-3.8.1/debian/patches/series	2012-10-12 00:13:21.000000000 +0200
@@ -1,2 +1,6 @@
 11mark_trashed_as_read.patch
 12fix_manpage_header.patch
+96_fix_segfault_viewing_signature_info.patch
+97_fix_segfault_parse_parameters.patch
+98_fix_segfault_no_utf_gpgme_strerror.patch
+99_fix_CVE-2012-4507.patch

--- End Message ---

--- Begin Message ---

• To: Ricardo Mones <mones@debian.org>, 690277-done@bugs.debian.org
• Subject: Re: Bug#690277: unblock: claws-mail/3.8.1-2
• From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
• Date: Fri, 12 Oct 2012 05:51:26 +0100
• Message-id: <1350017486.10097.9.camel@jacala.jungle.funky-badger.org>
• In-reply-to: <[🔎] 20121011224434.10523.77322.reportbug@busgosu.mones.org>
• References: <[🔎] 20121011224434.10523.77322.reportbug@busgosu.mones.org>

On Fri, 2012-10-12 at 00:44 +0200, Ricardo Mones wrote:
> Please unblock package claws-mail
> 
> This upload fixes CVE-2012-4507 (bug #690151) and includes
> backported patches for 3 segfaults discovered after 3.8.1
> release. Debdiff attached.

Unblocked; thanks.

Regards,

Adam

--- End Message ---