SCIENTIFIC-LINUX-DEVEL Archives

June 2007

SCIENTIFIC-LINUX-DEVEL@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: SL50 Evolutions "Monkey Process"...
From:
Troy Dawson <[log in to unmask]>
Reply To:
Troy Dawson <[log in to unmask]>
Date:
Wed, 6 Jun 2007 08:39:19 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (184 lines) 
A patch for the spec file too. :)  Thank You.  You are making it very easy to 
put in.  I had just hoped that this latest errata had the fix in it.
Have you filed this bug with the upstream vendor too?

Troy

Oleg Sadov wrote:
> Hi, Troy!
> 
> No, the latest evolution-data-server update is not fix it. Only one new
> patch (evolution-data-server-1.8.0-apop-auth-vulnerability.patch)
> included to this one and just fix only APOP authentication security bug.
> 
> I hope, our patches (attached) will be helpful.
> 
> --Oleg
> 
> Troy Dawson wrote:
>> Hi Oleg,
>> Did the latest release of the evolution-data-server fix this problem?
>> Troy
>>
>> Troy Dawson wrote:
>>> Hi Oleg,
>>> I'm hoping that The Upstream Vendor know's about the problem so that it 
>>> get's fixed upstream.  But I definatly like simple one line fixes.  If 
>>> it looks like RedHat isn't going to put it in anytime soon, then we'll 
>>> put it in testing for a short time, then into errata.
>>>
>>> As for building it. we used the 1.4.8 version of m4.  There was several 
>>>  rpm's that wouldn't build without it.   That isn't the version that we 
>>> shipped, but we thought we had put the src.rpm in our SRPMS/SL area so 
>>> that others could use it.
>>> After checking we saw that it wasn't there, so Connie just put it up 
>>> there right now.
>>> ftp://ftp.scientificlinux.org/linux/scientific/5x/SRPMS/SL/m4-1.4.8-1.src.rpm 
>>>
>>>
>>> Troy
>>>
>>> Oleg Sadov wrote:
>>>> At Sunday Time we spent a lot of time for testing of desktop environment
>>>> in a fresh installation from SL50 and was slightly frustrated by
>>>> crushing of Evolution during startup. In CentOS Evolution started
>>>> without problems (but it has version 2.8.0-33, not 2.8.0-33.0.1).
>>>>
>>>> Further analisys shows dependency of this problem of last evolution-
>>>> data-server timezone description changes. This bug may be reproduced by
>>>> setting TZ environment variable, for example:
>>>>
>>>> TZ=Europe/Moscow evolution
>>>>
>>>> Some of bug-sensitive timezones:
>>>>  Russia -- Europe/Moscow, Europe/Volgograd, Asia/Irkutsk
>>>>  Indonesia -- Asia/Makassar, Asia/Ujung_Pandang
>>>>  Mongolia -- Asia/Ulaanbaatar, Asia/Ulan_Bator
>>>>
>>>> After looking to backtrace & source code debugging I found the root of
>>>> evil -- into the last changes of data-server zoneinfo descriptions
>>>> (evolution-data-server-1.8.0-updated-zoneinfo.patch) removed TZNAME tags
>>>> from Australia/Perth.ics and Asia/Jerusalem.ics. As a consequence --
>>>> NULL pointer for TZ name string references, string comparison with NULL
>>>> pointers an so on...
>>>>
>>>> Because, evolution-data-server is important infrastructure component not
>>>> only for Evolution, but for some other GNOME components too, I think,
>>>> this problem must be resolved. Given above, we have three ways for that:
>>>> 1) quick&dirty -- setting up corresponding UTC-relative TZ (not exactly
>>>> equivalent) or starting of evolution with --disable-eplugin option
>>>> 2) orthodox -- downgrading of evolution-data-server package, or setting
>>>> up TZNAME tags in Australia/Perth and Asia/Jerusalem timezones
>>>> 3) hackers way -- source patching by single line of code (the patch is
>>>> attached)
>>>>
>>>> Of course, further testing will be helpfull and, may be, escalating this
>>>> problem to the upstream vendor will be reasonably.
>>>>
>>>> Apropos, Connie or/and Troy, which procedure was used for evolution-
>>>> data-server package building? My rpmbuild on SL50 was finished with some
>>>> error messages:
>>>>
>>>> ==================================================
>>>> + aclocal
>>>> configure.in:706: /usr/bin/m4: builtin `mkstemp' requested by frozen
>>>> file is not supported
>>>> autom4te: /usr/bin/m4 failed with exit status: 1
>>>> aclocal: autom4te failed with exit status: 1
>>>> ==================================================
>>>>
>>>> Seems like your package built by previous version of automake tool box.
>>>> Package was rebuilded on SL50 only after removing `mkstemp' function
>>>> checking directive in a line 706 of configure.in.
>>>>
>>>> --Oleg
>>>>
>>>>
>>>> ------------------------------------------------------------------------
>>>>
>>>> --- 
>>>> evolution-data-server-1.8.0/calendar/libical/src/libical/icaltimezone.c.orig    
>>>> 2007-05-25 01:20:43.000000000 +0400
>>>> +++ 
>>>> evolution-data-server-1.8.0/calendar/libical/src/libical/icaltimezone.c    
>>>> 2007-05-25 01:23:01.000000000 +0400
>>>> @@ -1433,6 +1433,8 @@
>>>>     
>>>>      z_offset = get_offset(zone);
>>>>  
>>>> +        if (zone->tznames == NULL) continue;
>>>> +
>>>>      if (z_offset == offset && !strcmp(tzname, zone->tznames))
>>>>          return zone;
>>>>      }
>>>
>>
>> -- 
>> __________________________________________________
>> Troy Dawson  [log in to unmask]  (630)840-6468
>> Fermilab  ComputingDivision/LCSI/CSI DSS Group
>> __________________________________________________
>>
>> ------------------------------------------------------------------------
>>
>> --- evolution-data-server-1.8.0/calendar/libical/src/libical/icaltimezone.c.orig	2007-05-25 01:20:43.000000000 +0400
>> +++ evolution-data-server-1.8.0/calendar/libical/src/libical/icaltimezone.c	2007-05-25 01:23:01.000000000 +0400
>> @@ -1433,6 +1433,8 @@
>>  	
>>  	z_offset = get_offset(zone);
>>  
>> +        if (zone->tznames == NULL) continue;
>> +
>>  	if (z_offset == offset && !strcmp(tzname, zone->tznames))
>>  	    return zone;
>>      }
>>
>> ------------------------------------------------------------------------
>>
>> --- evolution-data-server.spec	2007-05-01 21:05:48.000000000 +0400
>> +++ evolution-data-server-1.8.0-15.0.3.1.spec	2007-06-07 13:33:39.000000000 +0400
>> @@ -25,7 +25,7 @@
>>  
>>  Name: evolution-data-server
>>  Version: 1.8.0
>> -Release: 15.0.3%{?dist}
>> +Release: 15.0.3.1%{?dist}
>>  License: LGPL
>>  Group: System Environment/Libraries
>>  Summary: Backend data server for Evolution
>> @@ -87,6 +87,9 @@
>>  # RH bug #235290 / GNOME bug #424373
>>  Patch28: evolution-data-server-1.8.0-apop-auth-vulnerability.patch
>>  
>> +# zone->tznames NULL pointer crash fix (ICS decsription without TZNAME tag)
>> +Patch100: evolution-data-server-1.8.0-fix-timezone-crash.patch
>> +
>>  ### Dependencies ###
>>  
>>  Requires: GConf2
>> @@ -184,6 +187,7 @@
>>  %patch26 -p1 -b .emsgport-fix
>>  %patch27 -p1 -b .updated-zoneinfo
>>  %patch28 -p1 -b .apop-auth-vulnerability
>> +%patch100 -p1 -b .icaltimezone
>>  
>>  mkdir -p krb5-fakeprefix/include
>>  mkdir -p krb5-fakeprefix/lib
>> @@ -401,6 +405,9 @@
>>  %{_libdir}/pkgconfig/libexchange-storage-%{eds_api_version}.pc
>>  
>>  %changelog
>> +* Thu May 25 2007 Oleg Sadov <sadov at linux-ink dot ru> - 1.8.0-15.0.3.1.sl5
>> +- Fixed NULL-pointer tznames crash for timezone ICS VCARDs without TZNAME tag.
>> +
>>  * Tue May 01 2007 Matthew Barnes <[log in to unmask]> - 1.8.0-15.0.3.el5
>>  - Add patch for RH bug #235289 (APOP authentication vulnerability).
>>  


-- 
__________________________________________________
Troy Dawson  [log in to unmask]  (630)840-6468
Fermilab  ComputingDivision/LCSI/CSI DSS Group
__________________________________________________

ATOM RSS1 RSS2