Troy Dawson wrote: > A patch for the spec file too. :) Thank You. You are making it very easy to > put in. Don't mention it ;) > I had just hoped that this latest errata had the fix in it. > Have you filed this bug with the upstream vendor too? Yes, of course: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=242957 http://bugzilla.gnome.org/show_bug.cgi?id=444807 > Troy --Oleg > Oleg Sadov wrote: > > Hi, Troy! > > > > No, the latest evolution-data-server update is not fix it. Only one new > > patch (evolution-data-server-1.8.0-apop-auth-vulnerability.patch) > > included to this one and just fix only APOP authentication security bug. > > > > I hope, our patches (attached) will be helpful. > > > > --Oleg > > > > Troy Dawson wrote: > >> Hi Oleg, > >> Did the latest release of the evolution-data-server fix this problem? > >> Troy > >> > >> Troy Dawson wrote: > >>> Hi Oleg, > >>> I'm hoping that The Upstream Vendor know's about the problem so that it > >>> get's fixed upstream. But I definatly like simple one line fixes. If > >>> it looks like RedHat isn't going to put it in anytime soon, then we'll > >>> put it in testing for a short time, then into errata. > >>> > >>> As for building it. we used the 1.4.8 version of m4. There was several > >>> rpm's that wouldn't build without it. That isn't the version that we > >>> shipped, but we thought we had put the src.rpm in our SRPMS/SL area so > >>> that others could use it. > >>> After checking we saw that it wasn't there, so Connie just put it up > >>> there right now. > >>> ftp://ftp.scientificlinux.org/linux/scientific/5x/SRPMS/SL/m4-1.4.8-1.src.rpm > >>> > >>> > >>> Troy > >>> > >>> Oleg Sadov wrote: > >>>> At Sunday Time we spent a lot of time for testing of desktop environment > >>>> in a fresh installation from SL50 and was slightly frustrated by > >>>> crushing of Evolution during startup. In CentOS Evolution started > >>>> without problems (but it has version 2.8.0-33, not 2.8.0-33.0.1). > >>>> > >>>> Further analisys shows dependency of this problem of last evolution- > >>>> data-server timezone description changes. This bug may be reproduced by > >>>> setting TZ environment variable, for example: > >>>> > >>>> TZ=Europe/Moscow evolution > >>>> > >>>> Some of bug-sensitive timezones: > >>>> Russia -- Europe/Moscow, Europe/Volgograd, Asia/Irkutsk > >>>> Indonesia -- Asia/Makassar, Asia/Ujung_Pandang > >>>> Mongolia -- Asia/Ulaanbaatar, Asia/Ulan_Bator > >>>> > >>>> After looking to backtrace & source code debugging I found the root of > >>>> evil -- into the last changes of data-server zoneinfo descriptions > >>>> (evolution-data-server-1.8.0-updated-zoneinfo.patch) removed TZNAME tags > >>>> from Australia/Perth.ics and Asia/Jerusalem.ics. As a consequence -- > >>>> NULL pointer for TZ name string references, string comparison with NULL > >>>> pointers an so on... > >>>> > >>>> Because, evolution-data-server is important infrastructure component not > >>>> only for Evolution, but for some other GNOME components too, I think, > >>>> this problem must be resolved. Given above, we have three ways for that: > >>>> 1) quick&dirty -- setting up corresponding UTC-relative TZ (not exactly > >>>> equivalent) or starting of evolution with --disable-eplugin option > >>>> 2) orthodox -- downgrading of evolution-data-server package, or setting > >>>> up TZNAME tags in Australia/Perth and Asia/Jerusalem timezones > >>>> 3) hackers way -- source patching by single line of code (the patch is > >>>> attached) > >>>> > >>>> Of course, further testing will be helpfull and, may be, escalating this > >>>> problem to the upstream vendor will be reasonably. > >>>> > >>>> Apropos, Connie or/and Troy, which procedure was used for evolution- > >>>> data-server package building? My rpmbuild on SL50 was finished with some > >>>> error messages: > >>>> > >>>> ================================================== > >>>> + aclocal > >>>> configure.in:706: /usr/bin/m4: builtin `mkstemp' requested by frozen > >>>> file is not supported > >>>> autom4te: /usr/bin/m4 failed with exit status: 1 > >>>> aclocal: autom4te failed with exit status: 1 > >>>> ================================================== > >>>> > >>>> Seems like your package built by previous version of automake tool box. > >>>> Package was rebuilded on SL50 only after removing `mkstemp' function > >>>> checking directive in a line 706 of configure.in. > >>>> > >>>> --Oleg > >>>> > >>>> > >>>> ------------------------------------------------------------------------ > >>>> > >>>> --- > >>>> evolution-data-server-1.8.0/calendar/libical/src/libical/icaltimezone.c.orig > >>>> 2007-05-25 01:20:43.000000000 +0400 > >>>> +++ > >>>> evolution-data-server-1.8.0/calendar/libical/src/libical/icaltimezone.c > >>>> 2007-05-25 01:23:01.000000000 +0400 > >>>> @@ -1433,6 +1433,8 @@ > >>>> > >>>> z_offset = get_offset(zone); > >>>> > >>>> + if (zone->tznames == NULL) continue; > >>>> + > >>>> if (z_offset == offset && !strcmp(tzname, zone->tznames)) > >>>> return zone; > >>>> } > >>> > >> > >> -- > >> __________________________________________________ > >> Troy Dawson [log in to unmask] (630)840-6468 > >> Fermilab ComputingDivision/LCSI/CSI DSS Group > >> __________________________________________________ > >> > >> ------------------------------------------------------------------------ > >> > >> --- evolution-data-server-1.8.0/calendar/libical/src/libical/icaltimezone.c.orig 2007-05-25 01:20:43.000000000 +0400 > >> +++ evolution-data-server-1.8.0/calendar/libical/src/libical/icaltimezone.c 2007-05-25 01:23:01.000000000 +0400 > >> @@ -1433,6 +1433,8 @@ > >> > >> z_offset = get_offset(zone); > >> > >> + if (zone->tznames == NULL) continue; > >> + > >> if (z_offset == offset && !strcmp(tzname, zone->tznames)) > >> return zone; > >> } > >> > >> ------------------------------------------------------------------------ > >> > >> --- evolution-data-server.spec 2007-05-01 21:05:48.000000000 +0400 > >> +++ evolution-data-server-1.8.0-15.0.3.1.spec 2007-06-07 13:33:39.000000000 +0400 > >> @@ -25,7 +25,7 @@ > >> > >> Name: evolution-data-server > >> Version: 1.8.0 > >> -Release: 15.0.3%{?dist} > >> +Release: 15.0.3.1%{?dist} > >> License: LGPL > >> Group: System Environment/Libraries > >> Summary: Backend data server for Evolution > >> @@ -87,6 +87,9 @@ > >> # RH bug #235290 / GNOME bug #424373 > >> Patch28: evolution-data-server-1.8.0-apop-auth-vulnerability.patch > >> > >> +# zone->tznames NULL pointer crash fix (ICS decsription without TZNAME tag) > >> +Patch100: evolution-data-server-1.8.0-fix-timezone-crash.patch > >> + > >> ### Dependencies ### > >> > >> Requires: GConf2 > >> @@ -184,6 +187,7 @@ > >> %patch26 -p1 -b .emsgport-fix > >> %patch27 -p1 -b .updated-zoneinfo > >> %patch28 -p1 -b .apop-auth-vulnerability > >> +%patch100 -p1 -b .icaltimezone > >> > >> mkdir -p krb5-fakeprefix/include > >> mkdir -p krb5-fakeprefix/lib > >> @@ -401,6 +405,9 @@ > >> %{_libdir}/pkgconfig/libexchange-storage-%{eds_api_version}.pc > >> > >> %changelog > >> +* Thu May 25 2007 Oleg Sadov <sadov at linux-ink dot ru> - 1.8.0-15.0.3.1.sl5 > >> +- Fixed NULL-pointer tznames crash for timezone ICS VCARDs without TZNAME tag. > >> + > >> * Tue May 01 2007 Matthew Barnes <[log in to unmask]> - 1.8.0-15.0.3.el5 > >> - Add patch for RH bug #235289 (APOP authentication vulnerability). > >> > >