Bug 492852 - Patch to Evolution breaks display of Encrypted & Signed S/MIME messages
Summary: Patch to Evolution breaks display of Encrypted & Signed S/MIME messages
Keywords:
Status: CLOSED NEXTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: evolution-data-server
Version: 9
Hardware: All
OS: Linux
low
high
Target Milestone: ---
Assignee: Matthew Barnes
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-03-30 12:17 UTC by Andy Walls
Modified: 2009-05-14 02:58 UTC (History)
4 users (show)

Fixed In Version: 2.22.3-4.fc9
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-04-24 19:54:24 UTC
Type: ---


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
GNOME Bugzilla 564465 None None None Never

Description Andy Walls 2009-03-30 12:17:02 UTC
Description of problem:

This patch to evolution data server:

...
# RH bug #484925 / CVE-2009-0547
Patch17: evolution-data-server-2.22.3-CVE-2009-0547.patch
...
%changelog
* Tue Mar 17 2009 Matthew Barnes <mbarnes@redhat.com> - 2.22.3-3.fc9
- Add patch for RH bug #484925 (CVE-2009-0547, S/MIME signatures).
...

breaks display of encrypted and signed S/MIME emails with a "Digests missing from enveloped data" message.  Yet, saving away the message part, saves away a mixed binary and plaintext decrypted message (so the decryption worked).

Here is the format of some of the relevant headers from "View message source" for messages that don't display properly with the patch applied:

...
Accept-Language: en-US
Content-Language: en-US
acceptlanguage: en-US
Content-Type: application/x-pkcs7-mime; smime-type=enveloped-data; name="smime.p7m"
Content-Disposition: attachment; filename="smime.p7m"
Content-Transfer-Encoding: base64
MIME-Version: 1.0

MIAGCSqGSIb3DQEHA6CAMIACAQAxggH6MIH6AgEAMGMwXTESMBAGA1UEChMJbWl0cmUub3JnMR4w
HAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxJzAlBgNVBAMTHk1JVFJFIENvcnBvcmF0aW9u
...


Version-Release number of selected component (if applicable):

evolution-data-server-2.23.3-3 FC9

How reproducible:

100% AFAICT. The only requirements are a receiving party and a transmitting party both with valid certificates and the receiving party to have Evolution.

Steps to Reproduce:
1. Receive an encrypted and signed S/MIME email generated by MS Outlook
2. Open message & enter password
3. Curse the "upgrade" that causes the message to be unreadable.
  
Actual results:

Messages window shows "Digests missing from enveloped data" and an "Encrypted" button with a shield, and also a button to save away the message.

Expected results:

Message should be readable.

Additional info:

I suspect that the new mechanism for verifying signatures in the patch only works for unencrypted email, where the plaintext headers are available for
running digests(?).  Perhaps digests on the wrong material are being checked when the signature is in an encrypted email.

Comment 1 Milan Crha 2009-03-31 11:53:40 UTC
Thanks for the bug report. Confirmed and fixed upstream within bug [1]
[1] http://bugzilla.gnome.org/show_bug.cgi?id=564465

Comment 2 Fedora Update System 2009-04-06 18:38:54 UTC
evolution-data-server-2.24.5-5.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/evolution-data-server-2.24.5-5.fc10

Comment 3 Fedora Update System 2009-04-07 15:49:26 UTC
evolution-data-server-2.24.5-5.fc10 has been pushed to the Fedora 10 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update evolution-data-server'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F10/FEDORA-2009-3413

Comment 4 Calvin Webster 2009-04-17 17:38:42 UTC
Experiencing same problem with evolution-data-server-2.22.3-3.fc9. Will there be a patched package forthcoming for F9? I could not even get a test package from the F9 "updates-testing" repo. Myself and those with whom I work send and receive signed and encrypted messages regularly so this is having a significant impact on us.

Comment 5 Milan Crha 2009-04-20 12:07:04 UTC
Oops, right, F9 package wasn't updated yet.

Comment 6 Fedora Update System 2009-04-24 19:54:20 UTC
evolution-data-server-2.24.5-5.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 7 Calvin Webster 2009-04-24 20:59:09 UTC
What about Fedora 9? If there won't be an update, whether testing or stable, could we at least roll-back to the working version?

Comment 8 Fedora Update System 2009-04-27 15:53:14 UTC
evolution-data-server-2.22.3-4.fc9 has been submitted as an update for Fedora 9.
http://admin.fedoraproject.org/updates/evolution-data-server-2.22.3-4.fc9

Comment 9 Fedora Update System 2009-05-14 02:58:31 UTC
evolution-data-server-2.22.3-4.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.