Sophie

Sophie

distrib > Mageia > 3 > i586 > media > core-release-src > by-pkgid > 224d70bb4e7b44be3b3a22cdcabb4a4e > files > 4

claws-mail-extra-plugins-3.9.0-6.mga3.src.rpm

Subject: fix CVE-2012-5527: credentials exposed on interface
Author: Colin Leroy <colin@colino.net>
Bug: http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=2782
Bug-Debian: http://bugs.debian.org/693391
Applied-Upstream: 2.0.14cvs3

diff -urN claws-mail-extra-plugins-3.9.0.orig/vcalendar-2.0.14/src/vcal_folder.c claws-mail-extra-plugins-3.9.0/vcalendar-2.0.14/src/vcal_folder.c
--- claws-mail-extra-plugins-3.9.0.orig/vcalendar-2.0.14/src/vcal_folder.c	2011-11-16 06:41:53.000000000 +0100
+++ claws-mail-extra-plugins-3.9.0/vcalendar-2.0.14/src/vcal_folder.c	2012-11-17 18:10:24.000000000 +0100
@@ -1609,7 +1609,7 @@
 	return GINT_TO_POINTER(0);
 }
 
-gchar *vcal_curl_read(const char *url, gboolean verbose, 
+gchar *vcal_curl_read(const char *url, const gchar *label, gboolean verbose, 
 	void (*callback)(const gchar *url, gchar *data, gboolean verbose, gchar *error))
 {
 	gchar *result;
@@ -1618,25 +1618,19 @@
 	pthread_t pt;
 	pthread_attr_t pta;
 #endif
-	gchar *msg;
 	void *res;
 	gboolean killed;
 	gchar *error = NULL;
 	result = NULL;
 	td = g_new0(thread_data, 1);
-	msg = NULL;
 	res = NULL;
 	killed = FALSE;
-	
+
 	td->url  = url;
 	td->result  = NULL;
 	td->done = FALSE;
-	
-	msg = g_strdup_printf(_("Fetching '%s'..."), url);
-	
-	STATUSBAR_PUSH(mainwindow_get_mainwindow(), msg);
-	
-	g_free(msg);
+
+	STATUSBAR_PUSH(mainwindow_get_mainwindow(), label);
 
 #ifdef USE_PTHREAD
 	if (pthread_attr_init(&pta) != 0 ||
@@ -1868,7 +1862,8 @@
 static void update_subscription(const gchar *uri, gboolean verbose)
 {
 	FolderItem *item = get_folder_item_for_uri(uri);
-	
+	gchar *label;
+
 	if (prefs_common_get_prefs()->work_offline) {
 		if (!verbose || 
 		!inc_offline_should_override(TRUE,
@@ -1882,7 +1877,11 @@
 			return;
 	}
 	main_window_cursor_wait(mainwindow_get_mainwindow());
-	vcal_curl_read(uri, verbose, update_subscription_finish);
+
+	label = g_strdup_printf(_("Fetching calendar for %s..."), 
+			item && item->name ? item->name : _("new subscription"));
+	vcal_curl_read(uri, label, verbose, update_subscription_finish);
+	g_free(label);
 }
 
 static void check_subs_cb(GtkAction *action, gpointer data)
diff -urN claws-mail-extra-plugins-3.9.0.orig/vcalendar-2.0.14/src/vcal_folder.h claws-mail-extra-plugins-3.9.0/vcalendar-2.0.14/src/vcal_folder.h
--- claws-mail-extra-plugins-3.9.0.orig/vcalendar-2.0.14/src/vcal_folder.h	2011-11-16 06:41:53.000000000 +0100
+++ claws-mail-extra-plugins-3.9.0/vcalendar-2.0.14/src/vcal_folder.h	2012-11-17 18:10:24.000000000 +0100
@@ -36,7 +36,7 @@
 void vcal_folder_export(Folder *folder);
 
 gboolean vcal_curl_put(gchar *url, FILE *fp, gint filesize, const gchar *user, const gchar *pass);
-gchar *vcal_curl_read(const char *url, gboolean verbose, 
+gchar *vcal_curl_read(const char *url, const gchar *label, gboolean verbose, 
 	void (*callback)(const gchar *url, gchar *data, gboolean verbose, gchar
 		*error));
 gchar* get_item_event_list_for_date(FolderItem *item, EventTime date);
diff -urN claws-mail-extra-plugins-3.9.0.orig/vcalendar-2.0.14/src/vcal_meeting_gtk.c claws-mail-extra-plugins-3.9.0/vcalendar-2.0.14/src/vcal_meeting_gtk.c
--- claws-mail-extra-plugins-3.9.0.orig/vcalendar-2.0.14/src/vcal_meeting_gtk.c	2011-10-30 22:24:29.000000000 +0100
+++ claws-mail-extra-plugins-3.9.0/vcalendar-2.0.14/src/vcal_meeting_gtk.c	2012-11-17 18:10:24.000000000 +0100
@@ -1085,7 +1085,7 @@
 
 		if (!local_only) {
 			remail = g_strdup(email);
-			g_free(email);
+
 			extract_address(remail);
 			if (strrchr(remail, ' '))
 				user = g_strdup(strrchr(remail, ' ')+1);
@@ -1125,17 +1125,22 @@
 			&& strncmp(tmp, "ftp://", 6))
 				contents = file_read_to_str(tmp);
 			else {
+				gchar *label = g_strdup_printf(_("Fetching planning for %s..."), email);
 				if (!strncmp(tmp, "webcal://", 9)) {
 					gchar *tmp2 = g_strdup_printf("http://%s", tmp+9);
 					g_free(tmp);
 					tmp = tmp2;
 				}
-				contents = vcal_curl_read(tmp, FALSE, NULL);
+				contents = vcal_curl_read(tmp, label, FALSE, NULL);
+				g_free(label);
 			}
 		} else {
 			contents = NULL;
 		}
+
+		g_free(email);
 		g_free(tmp);
+
 		if (contents == NULL) {
 			uncertain = TRUE;
 			att_update_icon(meet, attendee, 2, _("Free/busy retrieval failed"));

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional