Hello community, here is the log from the commit of package claws-mail.4452 for openSUSE:13.1:Update checked in at 2016-01-01 21:50:08 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.1:Update/claws-mail.4452 (Old) and /work/SRC/openSUSE:13.1:Update/.claws-mail.4452.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "claws-mail.4452" Changes: -------- New Changes file: --- /dev/null 2015-12-29 16:09:11.912035506 +0100 +++ /work/SRC/openSUSE:13.1:Update/.claws-mail.4452.new/claws-mail.changes 2016-01-01 21:50:20.000000000 +0100 @@ -0,0 +1,1884 @@ +------------------------------------------------------------------- +Thu Dec 24 03:08:30 UTC 2015 - badshah400@gmail.com + +- Add claws-mail-dont-overshoot-output-buffer.patch to prevent + buffer overrun issues (boo#959993, CVE-2015-8614, claws#3557). + +------------------------------------------------------------------- +Mon Aug 4 00:40:21 UTC 2014 - malcolmlewis@opensuse.org + +- Update to version 3.10.1 (bnc#870858): + + Add an account preference to allow automatically accepting + unknown and changed SSL certificates, if they're valid (that + is, if the root CA is trusted by the distro). + + RFE 3196, 'When changing quicksearch Search Type, set focus to + search input box'. + + PGP/Core plugin: Generate 2048 bit RSA keys. + + Major code cleanup. + + Extended claws-mail.desktop with Compose and Receive actions. + + Fix GConf use with newer Glib. + + Fix the race fix, now preventing the compose window to be + closed. + + Fix "File (null) doesn't exist" error dialog, when attaching a + non-existing file via --attach + + Fix spacing in Folderview if the font is far from the system + font. + + RSSyl: + - When parsing RSS 2.0, ignore tags with a namespace prefix. + - Check for existence of xmlNode namespace, to prevent NULL + pointer crashes. + + Bugs fixed: claws#2728, claws#2981, claws#3170, claws#3179, + claws#3201, deb#730050. + + Updated translations. +- Drop claws-mail-3.10.0_uninitialized_variable_git51af19b.patch as + fixed upstream. + +------------------------------------------------------------------- +Mon May 26 16:11:13 UTC 2014 - mrueckert@suse.de + +- fix tarball url: + - not all occurences of the version were using the macro + - wrong SF project name + +------------------------------------------------------------------- +Mon May 26 13:56:35 UTC 2014 - mrueckert@suse.de + +- added claws-mail-3.10.0_uninitialized_variable_git51af19b.patch: + Patch taken from upstream. Fixes an uninitialized variable use. + +------------------------------------------------------------------- +Mon May 26 12:52:29 UTC 2014 - mrueckert@suse.de + +- update to 3.10.0 - (CVE-2014-2576) + - Complete SSL certificate chains are now saved, and if built with + Libetpan 1.4.1, the IMAP SSL connection's certificate chain is made + available. Both of these allow correct certificate verification + instead of a bogus 'No certificate issuer found' status. + - Auto-configuration of account email servers, based on SRV records, + is now possible. (GLib >= 2.22 is required.) + - Added a preference to avoid automatically drafting emails that are + to be sent encrypted, (Configuration/Preferences/Compose/Writing). + - Messages saved as Drafts are now saved as New, highlighting the + Drafts folder, in order to draw the attention to unfinished mails + there. + - It is now possible to add a 'Replace signature' button to the + Compose window toolbar. + - Quotation wrapping and undo/redo in the Compose window has been + improved. + - 'Reply to all' now excludes your own address. + - The 'Generate X-Mailer header' option has been renamed 'Add user + agent header' and applies to both X-Mailer and X-Newsreader headers. + - Added hidden preferences, 'address_search_wildcard' and + 'folder_search_wildcard', to choose between matching from start of + the folder name/address or any part of the name. (Activating these + options restores the previous behaviour.) + - Added hidden preference 'enable_avatars' to control the internal + capture/render process, and which allows disabling it by external + plugins for example. + - 'Check for new folders' now only updates the folder list, not + updating the contents of folders. If needed, it can be followed by + 'Check for new messages' + - When using Redirect, the redirecting account's address is used in + the SMTP MAIL FROM instead of the original sender's address. + - NEW: Libravatar plugin, which displays avatars from + https://www.libravatar.org/ + - Added support for an arbitrary number and sources of 'avatars' and + images for email senders, and migrated Face and X-Face headers. + - Avatars are now included when printing mails. + - The GPG keyring can now be used as the source for address auto- + completion. + - The vCalendar and RSSyl plugins now have an option to disable SSL + certificate verification (and check them by default). + - The ClamAV plugin now pops up an error message only once instead of + repeatedly + - Updated the man page and the manual. + - Updated Brazilian Portuguese, British English, Czech, Dutch, + Finnish, French, Hebrew, Hungarian, Indonesian, Lithuanian, Slovak, + Spanish, and Swedish translations. + - Added Esperanto translation. + - Bug fixes: + claws#1644, claws#2119, claws#2145, claws#2179, claws#2238, + claws#2389, claws#2398, claws#2447, claws#2643, claws#2875, + claws#2991, claws#3020, claws#3055, claws#3038, claws#3039, + claws#3040, claws#3050, claws#3094, claws#3100, claws#3105, + claws#3106, claws#3107, claws#3116, claws#3117, claws#3120, + claws#3131, claws#3138, claws#3139, claws#3145, claws#3146, + claws#3147, claws#3148, claws#3150, claws#3155, claws#3169, + claws#3964 +- package the provided appdate xml file +- enabled more features in the notification plugin: + new buildRequires: pkgconfig(libnotify) libcanberra-devel >= 0.6 + +------------------------------------------------------------------- +Mon Dec 16 19:07:49 UTC 2013 - zaitor@opensuse.org + +- Update to version 3.9.3: + + The TAB address completion in the Compose window now matches + any part of the address and not just the beginning. + + When copying or moving a message, the type-ahead search now + matches any part of a folder name and not just the beginning. + + It is now possible to replace the current signature in the + Compose window by using the '/Message/Replace signature' menu + item. + + It is now possible to disable the 'Subject is empty' warning + dialogue. See the option 'Warn when Subject is empty' option on + the '/Configuration/Preferences/Mail handling/Sending' page. + + When sending messages, if the hostname cannot be determined, + fallback to 'localhost' rather than 'unknown', as the latter is + rejected by some servers. + + Added better handling of messages from broken mailers, such as + yahoo groups. + + PDF plugin: the minimum required version of poppler is 0.12.0. + + PGP/* plugin: long key IDs are now displayed in the dialogues + instead of short IDs. + + PGP/* plugin: The automatic signature check is now + non-blocking. + + Python plugin: can now access accounts, mailboxes, folder + properties. + + vCalendar plugin: webcals:// URLs are now treated as https:// + + Support for Maemo has been removed. + + Bugs fixed: claws#2132, claws#2210, claws#2794, claws#2923, + claws#2940, claws#2954, claws#2957, claws#2960, claws#2961, + claws#2964, claws#2979, claws#2982, claws#2986, claws#2989, + claws#2994, claws#2995, claws#3002, claws#3004, claws#3009, + claws#3011, claws#3021, deb#711864. + + Quote all specials in name as defined on RFC, see + http://tools.ietf.org/html/rfc5322#section-3.2.3. + + Fix sensitivity and state of 'hide read threads'. + + Fancy plugin: disable DNS Prefetching when 'Enable loading of + remote content' is switched off. + + Bogofilter plugin: insert X-Bogosity header like the option + says, not X-Claws-Bogosity header. + + Updated translations. +- Drop claws-mail-missing-include.patch, fixed upstream. + +------------------------------------------------------------------- +Sun Nov 10 10:35:29 UTC 2013 - dimstar@opensuse.org + +- Drop claws-mail-fix-address-quotes.patch: This patch on its own + has negative side-effects. + +------------------------------------------------------------------- +Wed Nov 6 01:21:22 UTC 2013 - malcolmlewis@opensuse.org + +- Add claws-mail-fix-address-quotes.patch: Fix quotes all + addresses which need quoting just before writting the + message to the queue folder, claws#2210. + +------------------------------------------------------------------- +Thu Sep 5 17:13:51 CEST 2013 - mls@suse.de + +- Add libperl_requires, as we link against libperl and thus + need a specific version of perl. + +------------------------------------------------------------------- +Thu Jun 20 15:24:47 UTC 2013 - malcolmlewis@opensuse.org + +- Update to version 3.9.2 (bnc#816881). + + New big icon for compose windows. + + Never decode multipart/ or message/ parts, as RFC states. + + Add missing check for libperl. + + Fix check for libsoup - it is not obligatory. + + Do not try to destroy a NULL session after an unsuccesful NNTP + connect attempt. + + The extraheaderrc format doesn't allow data after the header + colon. Other OSes may insert extra characters other than \n, + so, remove them all. + + Fix undoing file insertion. + + Fix check for python. + + Fix detection of account in --compose and --compose-from-file + where the From value contains a name + email. + + Bugs fixed: claws#2923, claws#2927. + +------------------------------------------------------------------- +Wed May 15 09:26:24 UTC 2013 - dimstar@opensuse.org + +- Also obsolete claws-mail-extra-plugins-devel, as the plugins + package was merged upstream. ++++ 1687 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:13.1:Update/.claws-mail.4452.new/claws-mail.changes New: ---- claws-mail-3.10.1.tar.bz2 claws-mail-dont-overshoot-output-buffer.patch claws-mail.changes claws-mail.spec ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ claws-mail.spec ++++++ # # spec file for package claws-mail # # Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # %define gtk3_ready 0 %if !%{gtk3_ready} %define favor_gtk2 1 %endif Name: claws-mail Version: 3.10.1 Release: 0 Url: http://www.claws-mail.org/ Summary: A lightweight and highly configurable email client License: GPL-3.0+ Group: Productivity/Networking/Email/Clients Source0: http://sourceforge.net/projects/claws-mail/files/Claws%20Mail/%{version}/claws-mail-%{version}.tar.bz2 # PATCH-FIX-UPSTREAM claws-mail-dont-overshoot-output-buffer.patch boo#959993 CVE-2015-8614 claws#3557 badshah400@gmail.com -- Do not overshoot the output buffer Patch0: claws-mail-dont-overshoot-output-buffer.patch BuildRequires: NetworkManager-devel BuildRequires: compface BuildRequires: db-devel BuildRequires: docbook-utils BuildRequires: enchant-devel BuildRequires: fdupes BuildRequires: gettext BuildRequires: gmp-devel BuildRequires: gpgme-devel %if 0%{?favor_gtk2} BuildRequires: gtk2-devel %else BuildRequires: gtk3-devel %endif BuildRequires: libarchive-devel BuildRequires: libcanberra-devel >= 0.6 BuildRequires: libcurl-devel BuildRequires: libetpan-devel >= 0.57 BuildRequires: libgcrypt-devel BuildRequires: libpoppler-glib-devel BuildRequires: libwebkit-devel BuildRequires: openldap2-devel BuildRequires: pilot-link-devel BuildRequires: pkgconfig BuildRequires: python-gtk-devel BuildRequires: startup-notification-devel BuildRequires: update-desktop-files BuildRequires: pkgconfig(dbus-1) >= 0.60 BuildRequires: pkgconfig(dbus-glib-1) >= 0.60 BuildRequires: pkgconfig(gnutls) >= 2.2 BuildRequires: pkgconfig(libgdata) >= 0.6 BuildRequires: pkgconfig(libnotify) BuildRequires: pkgconfig(libsoup-2.4) BuildRequires: pkgconfig(sm) BuildRoot: %{_tmppath}/%{name}-%{version}-build Requires: pinentry-gtk2 %{?libperl_requires} Recommends: %{name}-lang Provides: sylpheed-claws = %{version} Obsoletes: sylpheed-claws < %{version} # The extra-plugin package was merged with version 3.9.1 Obsoletes: claws-mail-extra-plugins < %{version} Provides: claws-mail-extra-plugins = %{version} # The extra-plugin package was merged with version 3.9.1, also merge the -lang package Obsoletes: claws-mail-extra-plugins-lang < %{version} Provides: claws-mail-extra-plugins-lang = %{version} %description Claws Mail (previously known as Sylpheed-Claws) is a lightweight and highly configurable email client and news reader based on the GTK+ GUI toolkit, it runs on the X Window System. Claws Mail is free software distributed under the GNU GPL. To run Claws Mail use 'claws-mail' on the command line. When claws-mail is executed for the first time a configuration 'Wizard' will appear prompting you for the minimum information necessary to create a new account. %package devel Summary: A lightweight and highly configurable email client License: GPL-2.0+ Group: Development/Libraries/Other Provides: claws-mail:/usr/include/claws-mail/main.h # The extra-plugin package was merged with version 3.9.1; as such, also the -devel package merged Obsoletes: claws-mail-extra-plugins-devel < %{version} Provides: claws-mail-extra-plugins-devel = %{version} Requires: claws-mail = %{version} Requires: enchant-devel Requires: glib2-devel Requires: gnutls-devel Requires: gpgme-devel Requires: gtk2-devel Requires: libetpan-devel Requires: openldap2-devel %description devel Claws Mail (previously known as Sylpheed-Claws) is a lightweight and highly configurable email client and news reader based on the GTK+ GUI toolkit, it runs on the X Window System. Claws Mail is free software distributed under the GNU GPL. To run Claws Mail use 'claws-mail' on the command line. When claws-mail is executed for the first time a configuration 'Wizard' will appear prompting you for the minimum information necessary to create a new account. %lang_package %prep %setup -q %patch0 -p1 %build %configure \ --docdir=%{_datadir}/claws-mail \ --disable-static \ %if !(0%{?favor_gtk2}) --enable-gtk3 \ %endif --enable-ldap \ --enable-ipv6 \ --enable-jpilot \ --enable-acpi_notifier-plugin \ --enable-address_keeper-plugin \ --enable-archive-plugin \ --enable-att_remover-plugin \ --enable-attachwarner-plugin \ --enable-bogofilter-plugin \ --enable-bsfilter-plugin \ --enable-clamd-plugin \ --enable-fancy-plugin \ --enable-fetchinfo-plugin \ --enable-gdata-plugin \ --enable-mailmbox-plugin \ --enable-newmail-plugin \ --enable-notification-plugin \ --enable-pdf_viewer-plugin \ --enable-perl-plugin \ --enable-python-plugin \ --enable-pgpcore-plugin \ --enable-pgpmime-plugin \ --enable-pgpinline-plugin \ --enable-rssyl-plugin \ --enable-smime-plugin \ --enable-spamassassin-plugin \ --enable-spam_report-plugin \ --enable-tnef_parse-plugin \ --enable-vcalendar-plugin \ --disable-demo-plugin \ --enable-crash-dialog \ --enable-startup-notification \ --enable-compface \ --enable-libetpan make %{?_smp_mflags} %install %makeinstall # Clean up rm %{buildroot}%{_libdir}/claws-mail/plugins/*.la # install desktop file %suse_update_desktop_file claws-mail # we want to have the icon installed in /usr/share/pixmaps mkdir -p %{buildroot}%{_datadir}/pixmaps/ cp claws-mail-64x64.png %{buildroot}%{_datadir}/pixmaps/ # Tools cp -r tools %{buildroot}%{_datadir}/%{name} rm %{buildroot}%{_datadir}/claws-mail/tools/Makefile* # The ca-certificates are meant for windows. On Linux, it is not used and should not be distributed. rm %{buildroot}%{_datadir}/claws-mail/tools/ca-certificates.crt mv %{buildroot}%{_datadir}/claws-mail/tools/README ./README.tools # fixing permissions chmod 755 %{buildroot}%{_datadir}/claws-mail/tools/* chmod 644 %{buildroot}%{_datadir}/claws-mail/tools/multiwebsearch.conf %find_lang %{name} %{?no_lang_C} %fdupes %{buildroot}%{_libdir}/%{name}/plugins/ install -d %{buildroot}%{_sysconfdir}/skel/.claws-mail/ cat <<EOF > %{buildroot}%{_sysconfdir}/skel/.claws-mail/clawsrc [Plugins_GTK2] %{_libdir}/claws-mail/plugins/pgpcore.so %{_libdir}/claws-mail/plugins/pgpinline.so %{_libdir}/claws-mail/plugins/pgpmime.so %{_libdir}/claws-mail/plugins/smime.so EOF %if 0%{?suse_version} > 1130 %post %desktop_database_post %icon_theme_cache_post %endif %if 0%{?suse_version} > 1130 %postun %desktop_database_postun %icon_theme_cache_postun %endif %files %defattr(-,root,root) %doc AUTHORS COPYING ChangeLog NEWS README README.tools TODO %{_bindir}/claws-mail %{_bindir}/sylpheed-claws %dir %{_libdir}/claws-mail %dir %{_libdir}/claws-mail/plugins %{_libdir}/claws-mail/plugins/*.so %{_libdir}/claws-mail/plugins/*.deps %{_datadir}/applications/claws-mail.desktop %{_datadir}/icons/hicolor/*/apps/claws-mail.png %{_datadir}/pixmaps/claws-mail-64x64.png %dir %{_datadir}/claws-mail %doc %{_datadir}/claws-mail/RELEASE_NOTES %doc %{_datadir}/claws-mail/manual/ %dir %{_datadir}/claws-mail/tools %{_datadir}/claws-mail/tools/*.sh %{_datadir}/claws-mail/tools/*.pl %{_datadir}/claws-mail/tools/*.py %{_datadir}/claws-mail/tools/*.conf %{_datadir}/claws-mail/tools/tb2claws-mail %{_datadir}/claws-mail/tools/u* %{_datadir}/claws-mail/tools/kdeservicemenu/ %{_mandir}/man1/claws-mail.1.gz %config(noreplace) %{_sysconfdir}/skel/.claws-mail/ %dir %{_datadir}/appdata/ %{_datadir}/appdata/claws-mail.appdata.xml %files devel %defattr(-,root,root) %{_includedir}/claws-mail/ %{_libdir}/pkgconfig/claws-mail.pc %files lang -f %{name}.lang %changelog ++++++ claws-mail-dont-overshoot-output-buffer.patch ++++++ http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3557
From d390fa07f5548f3173dd9cc13b233db5ce934c82 Mon Sep 17 00:00:00 2001 From: Colin Leroy
Date: Wed, 4 Nov 2015 22:40:32 +0100 Subject: [PATCH] Make sure we don't run out of the output buffer. Maybe fixes bug #3557
--- src/codeconv.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/codeconv.c b/src/codeconv.c index 42ac01c..39e259f 100644 --- a/src/codeconv.c +++ b/src/codeconv.c @@ -155,10 +155,10 @@ void codeconv_set_strict(gboolean mode) static gint conv_jistoeuc(gchar *outbuf, gint outlen, const gchar *inbuf) { const guchar *in = inbuf; - guchar *out = outbuf; + gchar *out = outbuf; JISState state = JIS_ASCII; - while (*in != '\0') { + while (*in != '\0' && (out - outbuf) > outlen - 3) { if (*in == ESC) { in++; if (*in == '$') { @@ -291,10 +291,10 @@ static gint conv_jis_hantozen(guchar *outbuf, guchar jis_code, guchar sound_sym) static gint conv_euctojis(gchar *outbuf, gint outlen, const gchar *inbuf) { const guchar *in = inbuf; - guchar *out = outbuf; + gchar *out = outbuf; JISState state = JIS_ASCII; - while (*in != '\0') { + while (*in != '\0' && (out - outbuf) < outlen - 3) { if (IS_ASCII(*in)) { K_OUT(); *out++ = *in++; @@ -380,9 +380,9 @@ static gint conv_euctojis(gchar *outbuf, gint outlen, const gchar *inbuf) static gint conv_sjistoeuc(gchar *outbuf, gint outlen, const gchar *inbuf) { const guchar *in = inbuf; - guchar *out = outbuf; + gchar *out = outbuf; - while (*in != '\0') { + while (*in != '\0' && (out - outbuf) < outlen - 3) { if (IS_ASCII(*in)) { *out++ = *in++; } else if (issjiskanji1(*in)) { -- 1.7.10.4