Hello community, here is the log from the commit of package claws-mail.4646 for openSUSE:13.2:Update checked in at 2016-02-16 17:41:05 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.2:Update/claws-mail.4646 (Old) and /work/SRC/openSUSE:13.2:Update/.claws-mail.4646.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "claws-mail.4646" Changes: -------- New Changes file: --- /dev/null 2016-01-27 19:41:03.648095915 +0100 +++ /work/SRC/openSUSE:13.2:Update/.claws-mail.4646.new/claws-mail.changes 2016-02-16 17:41:06.000000000 +0100 @@ -0,0 +1,1955 @@ +------------------------------------------------------------------- +Wed Feb 3 13:44:45 UTC 2016 - badshah...@gmail.com + +- Update claws-mail-dont-overshoot-output-buffer.patch with patch + from upstream (rebased for current version) to finally fix + buffer overrun issues (boo#959993, CVE-2015-8614, claws#3557). + +------------------------------------------------------------------- +Thu Dec 24 03:08:30 UTC 2015 - badshah...@gmail.com + +- Add claws-mail-dont-overshoot-output-buffer.patch to prevent + buffer overrun issues (boo#959993, CVE-2015-8614, claws#3557). + +------------------------------------------------------------------- +Wed Oct 29 16:43:40 UTC 2014 - kiel...@gmail.com + +- Add libexpat-devel BuildRequires: new dependency for the RSSyl + plugin, which was completely rewritten in 3.11.0. + +------------------------------------------------------------------- +Wed Oct 22 13:47:10 UTC 2014 - lchiqui...@suse.com + +- Pass --enable-appdata to %configure. + +------------------------------------------------------------------- +Wed Oct 22 13:16:59 UTC 2014 - lchiqui...@suse.com + +- New build requirement: intltool. + +------------------------------------------------------------------- +Wed Oct 22 12:29:24 UTC 2014 - lchiqui...@suse.com + +- Update to version 3.11.0 (boo#903276): + + SSLv3 server connections are now disabled by default, in + response to the POODLE vulnerability (CVE-2014-3566). + + Several PGP/Core plugin improvements: + - Indicate when a key has been revoked or has expired when + displaying signature status. + - When displaying the full information, show the Validity, and + the Owner Trust level. Also indicate expired and revoked + keys, and revoked UIDs. + - The "Content-Disposition: attachment" flag in PGP/MIME signed + messages has been removed. It was confusing for cetain MUAs. + + A new version of the RSSyl plugin, completely redesigned and + rewritten. + + The results of TAB address completion in the Compose window + have improved ordering. + + Due to popular demand, use of the Up key in the message body in + the Compose window stops at the top of the message body and + does not continue up to the header fields. This reverts the + behaviour introduced in version 3.10.0. + + In the Compose window, when navigating with the arrow keys, + selecting, and thus modifying, the Account selector is now + prevented. + + In the Compose window, a mnemonic (s) has been added to the + Subject line. + + The Queue folder is highlighted if there are messages in its + sub-folders and the tree is collapsed. + + When sorting messages by 'thread date', clicking the 'Date' + column header will now toggle between ascending/descending and + will not switch to 'date' sorting. + + A new QuickSearch filter has been added that searches a + header's content only. + + A Reply-To field has been added to the main Template + configuration. + + The menubar can now be hidden, default hotkey: F12. + + Fancy plugin: A user-controlled stylesheet can now be used. + + Python plugin: Add flag attributes to MessageInfo object. + + Python plugin: Make 'account' property of ComposeWindow + read/write. + + Libravatar plugin: a network timeout option has been added. + + The tbird2claws.py script, for converting a Thunderbird mailbox + to a Claws Mail mailbox, now handles sub-directory recursion. + + Bugs fixed: claws#3173, claws#3211, claws#3212, claws#3221, + claws#3235, claws#3236, claws#3246, claws#3265, claws#3300. + + Updated translations:. + +------------------------------------------------------------------- +Mon Aug 4 00:40:21 UTC 2014 - malcolmle...@opensuse.org + +- Update to version 3.10.1: + + Add an account preference to allow automatically accepting + unknown and changed SSL certificates, if they're valid (that + is, if the root CA is trusted by the distro). + + RFE 3196, 'When changing quicksearch Search Type, set focus to + search input box'. + + PGP/Core plugin: Generate 2048 bit RSA keys. + + Major code cleanup. + + Extended claws-mail.desktop with Compose and Receive actions. + + Fix GConf use with newer Glib. + + Fix the race fix, now preventing the compose window to be + closed. + + Fix "File (null) doesn't exist" error dialog, when attaching a + non-existing file via --attach + + Fix spacing in Folderview if the font is far from the system + font. + + RSSyl: + - When parsing RSS 2.0, ignore tags with a namespace prefix. + - Check for existence of xmlNode namespace, to prevent NULL + pointer crashes. + + Bugs fixed: claws#2728, claws#2981, claws#3170, claws#3179, + claws#3201, deb#730050. + + Updated translations. +- Drop claws-mail-3.10.0_uninitialized_variable_git51af19b.patch as + fixed upstream. + +------------------------------------------------------------------- +Mon May 26 16:11:13 UTC 2014 - mrueck...@suse.de + +- fix tarball url: + - not all occurences of the version were using the macro + - wrong SF project name + +------------------------------------------------------------------- +Mon May 26 13:56:35 UTC 2014 - mrueck...@suse.de + +- added claws-mail-3.10.0_uninitialized_variable_git51af19b.patch: + Patch taken from upstream. Fixes an uninitialized variable use. + +------------------------------------------------------------------- +Mon May 26 12:52:29 UTC 2014 - mrueck...@suse.de + +- update to 3.10.0 + - Complete SSL certificate chains are now saved, and if built with + Libetpan 1.4.1, the IMAP SSL connection's certificate chain is made + available. Both of these allow correct certificate verification + instead of a bogus 'No certificate issuer found' status. + - Auto-configuration of account email servers, based on SRV records, + is now possible. (GLib >= 2.22 is required.) + - Added a preference to avoid automatically drafting emails that are + to be sent encrypted, (Configuration/Preferences/Compose/Writing). + - Messages saved as Drafts are now saved as New, highlighting the + Drafts folder, in order to draw the attention to unfinished mails + there. + - It is now possible to add a 'Replace signature' button to the + Compose window toolbar. + - Quotation wrapping and undo/redo in the Compose window has been + improved. + - 'Reply to all' now excludes your own address. + - The 'Generate X-Mailer header' option has been renamed 'Add user + agent header' and applies to both X-Mailer and X-Newsreader headers. + - Added hidden preferences, 'address_search_wildcard' and + 'folder_search_wildcard', to choose between matching from start of + the folder name/address or any part of the name. (Activating these + options restores the previous behaviour.) + - Added hidden preference 'enable_avatars' to control the internal + capture/render process, and which allows disabling it by external + plugins for example. + - 'Check for new folders' now only updates the folder list, not + updating the contents of folders. If needed, it can be followed by + 'Check for new messages' + - When using Redirect, the redirecting account's address is used in + the SMTP MAIL FROM instead of the original sender's address. + - NEW: Libravatar plugin, which displays avatars from + https://www.libravatar.org/ + - Added support for an arbitrary number and sources of 'avatars' and + images for email senders, and migrated Face and X-Face headers. + - Avatars are now included when printing mails. + - The GPG keyring can now be used as the source for address auto- + completion. + - The vCalendar and RSSyl plugins now have an option to disable SSL + certificate verification (and check them by default). + - The ClamAV plugin now pops up an error message only once instead of + repeatedly + - Updated the man page and the manual. + - Updated Brazilian Portuguese, British English, Czech, Dutch, + Finnish, French, Hebrew, Hungarian, Indonesian, Lithuanian, Slovak, + Spanish, and Swedish translations. + - Added Esperanto translation. + - Bug fixes: + claws#1644, claws#2119, claws#2145, claws#2179, claws#2238, + claws#2389, claws#2398, claws#2447, claws#2643, claws#2875, + claws#2991, claws#3020, claws#3055, claws#3038, claws#3039, + claws#3040, claws#3050, claws#3094, claws#3100, claws#3105, + claws#3106, claws#3107, claws#3116, claws#3117, claws#3120, + claws#3131, claws#3138, claws#3139, claws#3145, claws#3146, + claws#3147, claws#3148, claws#3150, claws#3155, claws#3169, + claws#3964 +- package the provided appdate xml file +- enabled more features in the notification plugin: + new buildRequires: pkgconfig(libnotify) libcanberra-devel >= 0.6 + +------------------------------------------------------------------- +Mon Dec 16 19:07:49 UTC 2013 - zai...@opensuse.org + +- Update to version 3.9.3: + + The TAB address completion in the Compose window now matches + any part of the address and not just the beginning. + + When copying or moving a message, the type-ahead search now + matches any part of a folder name and not just the beginning. + + It is now possible to replace the current signature in the + Compose window by using the '/Message/Replace signature' menu + item. + + It is now possible to disable the 'Subject is empty' warning + dialogue. See the option 'Warn when Subject is empty' option on + the '/Configuration/Preferences/Mail handling/Sending' page. + + When sending messages, if the hostname cannot be determined, ++++ 1758 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:13.2:Update/.claws-mail.4646.new/claws-mail.changes New: ---- claws-mail-3.11.0.tar.xz claws-mail-dont-overshoot-output-buffer.patch claws-mail.changes claws-mail.spec ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ claws-mail.spec ++++++ # # spec file for package claws-mail # # Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # %define gtk3_ready 0 %if !%{gtk3_ready} %define favor_gtk2 1 %endif Name: claws-mail Version: 3.11.0 Release: 0 Url: http://www.claws-mail.org/ Summary: A lightweight and highly configurable email client License: GPL-3.0+ Group: Productivity/Networking/Email/Clients Source0: http://sourceforge.net/projects/claws-mail/files/Claws%20Mail/%{version}/claws-mail-%{version}.tar.xz # PATCH-FIX-UPSTREAM claws-mail-dont-overshoot-output-buffer.patch boo#959993 CVE-2015-8614 claws#3557 badshah...@gmail.com -- Do not overshoot the output buffer Patch0: claws-mail-dont-overshoot-output-buffer.patch BuildRequires: NetworkManager-devel BuildRequires: compface BuildRequires: db-devel BuildRequires: docbook-utils BuildRequires: enchant-devel BuildRequires: fdupes BuildRequires: gettext BuildRequires: gmp-devel BuildRequires: gpgme-devel %if 0%{?favor_gtk2} BuildRequires: gtk2-devel %else BuildRequires: gtk3-devel %endif BuildRequires: intltool BuildRequires: libarchive-devel BuildRequires: libcanberra-devel >= 0.6 BuildRequires: libcurl-devel BuildRequires: libetpan-devel >= 0.57 BuildRequires: libexpat-devel BuildRequires: libgcrypt-devel BuildRequires: libpoppler-glib-devel BuildRequires: libwebkit-devel BuildRequires: openldap2-devel BuildRequires: pilot-link-devel BuildRequires: pkgconfig BuildRequires: python-gtk-devel BuildRequires: startup-notification-devel BuildRequires: update-desktop-files BuildRequires: pkgconfig(dbus-1) >= 0.60 BuildRequires: pkgconfig(dbus-glib-1) >= 0.60 BuildRequires: pkgconfig(gnutls) >= 2.2 BuildRequires: pkgconfig(libgdata) >= 0.6 BuildRequires: pkgconfig(libnotify) BuildRequires: pkgconfig(libsoup-2.4) BuildRequires: pkgconfig(sm) BuildRoot: %{_tmppath}/%{name}-%{version}-build Requires: pinentry-gtk2 %{?libperl_requires} Recommends: %{name}-lang Provides: sylpheed-claws = %{version} Obsoletes: sylpheed-claws < %{version} # The extra-plugin package was merged with version 3.9.1 Obsoletes: claws-mail-extra-plugins < %{version} Provides: claws-mail-extra-plugins = %{version} # The extra-plugin package was merged with version 3.9.1, also merge the -lang package Obsoletes: claws-mail-extra-plugins-lang < %{version} Provides: claws-mail-extra-plugins-lang = %{version} %description Claws Mail (previously known as Sylpheed-Claws) is a lightweight and highly configurable email client and news reader based on the GTK+ GUI toolkit, it runs on the X Window System. Claws Mail is free software distributed under the GNU GPL. To run Claws Mail use 'claws-mail' on the command line. When claws-mail is executed for the first time a configuration 'Wizard' will appear prompting you for the minimum information necessary to create a new account. %package devel Summary: A lightweight and highly configurable email client License: GPL-2.0+ Group: Development/Libraries/Other Provides: claws-mail:/usr/include/claws-mail/main.h # The extra-plugin package was merged with version 3.9.1; as such, also the -devel package merged Obsoletes: claws-mail-extra-plugins-devel < %{version} Provides: claws-mail-extra-plugins-devel = %{version} Requires: claws-mail = %{version} Requires: enchant-devel Requires: glib2-devel Requires: gnutls-devel Requires: gpgme-devel Requires: gtk2-devel Requires: libetpan-devel Requires: openldap2-devel %description devel Claws Mail (previously known as Sylpheed-Claws) is a lightweight and highly configurable email client and news reader based on the GTK+ GUI toolkit, it runs on the X Window System. Claws Mail is free software distributed under the GNU GPL. To run Claws Mail use 'claws-mail' on the command line. When claws-mail is executed for the first time a configuration 'Wizard' will appear prompting you for the minimum information necessary to create a new account. %lang_package %prep %setup -q %patch0 -p1 %build %configure \ --docdir=%{_datadir}/claws-mail \ --disable-static \ %if !(0%{?favor_gtk2}) --enable-gtk3 \ %endif --enable-ldap \ --enable-ipv6 \ --enable-jpilot \ --enable-acpi_notifier-plugin \ --enable-address_keeper-plugin \ --enable-archive-plugin \ --enable-att_remover-plugin \ --enable-attachwarner-plugin \ --enable-bogofilter-plugin \ --enable-bsfilter-plugin \ --enable-clamd-plugin \ --enable-fancy-plugin \ --enable-fetchinfo-plugin \ --enable-gdata-plugin \ --enable-mailmbox-plugin \ --enable-newmail-plugin \ --enable-notification-plugin \ --enable-pdf_viewer-plugin \ --enable-perl-plugin \ --enable-python-plugin \ --enable-pgpcore-plugin \ --enable-pgpmime-plugin \ --enable-pgpinline-plugin \ --enable-rssyl-plugin \ --enable-smime-plugin \ --enable-spamassassin-plugin \ --enable-spam_report-plugin \ --enable-tnef_parse-plugin \ --enable-vcalendar-plugin \ --disable-demo-plugin \ --enable-crash-dialog \ --enable-startup-notification \ --enable-compface \ --enable-libetpan \ --enable-appdata make %{?_smp_mflags} %install %makeinstall # Clean up rm %{buildroot}%{_libdir}/claws-mail/plugins/*.la # install desktop file %suse_update_desktop_file claws-mail # we want to have the icon installed in /usr/share/pixmaps mkdir -p %{buildroot}%{_datadir}/pixmaps/ cp claws-mail-64x64.png %{buildroot}%{_datadir}/pixmaps/ # Tools cp -r tools %{buildroot}%{_datadir}/%{name} rm %{buildroot}%{_datadir}/claws-mail/tools/Makefile* # The ca-certificates are meant for windows. On Linux, it is not used and should not be distributed. rm %{buildroot}%{_datadir}/claws-mail/tools/ca-certificates.crt mv %{buildroot}%{_datadir}/claws-mail/tools/README ./README.tools # fixing permissions chmod 755 %{buildroot}%{_datadir}/claws-mail/tools/* chmod 644 %{buildroot}%{_datadir}/claws-mail/tools/multiwebsearch.conf %find_lang %{name} %{?no_lang_C} %fdupes %{buildroot}%{_libdir}/%{name}/plugins/ install -d %{buildroot}%{_sysconfdir}/skel/.claws-mail/ cat <<EOF > %{buildroot}%{_sysconfdir}/skel/.claws-mail/clawsrc [Plugins_GTK2] %{_libdir}/claws-mail/plugins/pgpcore.so %{_libdir}/claws-mail/plugins/pgpinline.so %{_libdir}/claws-mail/plugins/pgpmime.so %{_libdir}/claws-mail/plugins/smime.so EOF %if 0%{?suse_version} > 1130 %post %desktop_database_post %icon_theme_cache_post %endif %if 0%{?suse_version} > 1130 %postun %desktop_database_postun %icon_theme_cache_postun %endif %files %defattr(-,root,root) %doc AUTHORS COPYING ChangeLog NEWS README README.tools TODO %{_bindir}/claws-mail %{_bindir}/sylpheed-claws %dir %{_libdir}/claws-mail %dir %{_libdir}/claws-mail/plugins %{_libdir}/claws-mail/plugins/*.so %{_libdir}/claws-mail/plugins/*.deps %{_datadir}/applications/claws-mail.desktop %{_datadir}/icons/hicolor/*/apps/claws-mail.png %{_datadir}/pixmaps/claws-mail-64x64.png %dir %{_datadir}/claws-mail %doc %{_datadir}/claws-mail/RELEASE_NOTES %doc %{_datadir}/claws-mail/manual/ %dir %{_datadir}/claws-mail/tools %{_datadir}/claws-mail/tools/*.sh %{_datadir}/claws-mail/tools/*.pl %{_datadir}/claws-mail/tools/*.py %{_datadir}/claws-mail/tools/*.conf %{_datadir}/claws-mail/tools/tb2claws-mail %{_datadir}/claws-mail/tools/u* %{_datadir}/claws-mail/tools/kdeservicemenu/ %{_mandir}/man1/claws-mail.1.gz %config(noreplace) %{_sysconfdir}/skel/.claws-mail/ %dir %{_datadir}/appdata/ %{_datadir}/appdata/*.xml %files devel %defattr(-,root,root) %{_includedir}/claws-mail/ %{_libdir}/pkgconfig/claws-mail.pc %files lang -f %{name}.lang %changelog ++++++ claws-mail-dont-overshoot-output-buffer.patch ++++++ X-Git-Url: http://git.claws-mail.org/?p=claws.git;a=blobdiff_plain;f=src%2Fcodeconv.c;h=d0fbf70da2cd4d8622ef07ada35252fd62a2e1e4;hp=f0ed61677072db919f235117263ac208132b26f6;hb=8b2aff884d97dcfe5cc70478fecc7c87ce023c95;hpb=fc42499ce0b3d1dc84914d5b15c9b5d19c904cd9 Index: claws-mail-3.12.0/src/codeconv.c =================================================================== --- claws-mail-3.12.0.orig/src/codeconv.c +++ claws-mail-3.12.0/src/codeconv.c @@ -155,10 +155,14 @@ void codeconv_set_strict(gboolean mode) static gint conv_jistoeuc(gchar *outbuf, gint outlen, const gchar *inbuf) { const guchar *in = inbuf; - guchar *out = outbuf; + gchar *out = outbuf; JISState state = JIS_ASCII; - while (*in != '\0') { + /* + * Loop outputs up to 3 bytes in each pass (aux kanji) and we + * need 1 byte to terminate the output + */ + while (*in != '\0' && (out - outbuf) < outlen - 4) { if (*in == ESC) { in++; if (*in == '$') { @@ -291,10 +295,15 @@ static gint conv_jis_hantozen(guchar *ou static gint conv_euctojis(gchar *outbuf, gint outlen, const gchar *inbuf) { const guchar *in = inbuf; - guchar *out = outbuf; + gchar *out = outbuf; JISState state = JIS_ASCII; - while (*in != '\0') { + /* + * Loop outputs up to 6 bytes in each pass (aux shift + aux + * kanji) and we need up to 4 bytes to terminate the output + * (ASCII shift + null) + */ + while (*in != '\0' && (out - outbuf) < outlen - 10) { if (IS_ASCII(*in)) { K_OUT(); *out++ = *in++; @@ -380,9 +389,13 @@ static gint conv_euctojis(gchar *outbuf, static gint conv_sjistoeuc(gchar *outbuf, gint outlen, const gchar *inbuf) { const guchar *in = inbuf; - guchar *out = outbuf; + gchar *out = outbuf; - while (*in != '\0') { + /* + * Loop outputs up to 2 bytes in each pass and we need 1 byte + * to terminate the output + */ + while (*in != '\0' && (out - outbuf) < outlen - 3) { if (IS_ASCII(*in)) { *out++ = *in++; } else if (issjiskanji1(*in)) {