Red Hat Bugzilla – Bug 492852
Patch to Evolution breaks display of Encrypted & Signed S/MIME messages
Last modified: 2009-05-13 22:58:36 EDT
Description of problem:
This patch to evolution data server:
# RH bug #484925 / CVE-2009-0547
* Tue Mar 17 2009 Matthew Barnes <email@example.com> - 2.22.3-3.fc9
- Add patch for RH bug #484925 (CVE-2009-0547, S/MIME signatures).
breaks display of encrypted and signed S/MIME emails with a "Digests missing from enveloped data" message. Yet, saving away the message part, saves away a mixed binary and plaintext decrypted message (so the decryption worked).
Here is the format of some of the relevant headers from "View message source" for messages that don't display properly with the patch applied:
Content-Type: application/x-pkcs7-mime; smime-type=enveloped-data; name="smime.p7m"
Content-Disposition: attachment; filename="smime.p7m"
Version-Release number of selected component (if applicable):
100% AFAICT. The only requirements are a receiving party and a transmitting party both with valid certificates and the receiving party to have Evolution.
Steps to Reproduce:
1. Receive an encrypted and signed S/MIME email generated by MS Outlook
2. Open message & enter password
3. Curse the "upgrade" that causes the message to be unreadable.
Messages window shows "Digests missing from enveloped data" and an "Encrypted" button with a shield, and also a button to save away the message.
Message should be readable.
I suspect that the new mechanism for verifying signatures in the patch only works for unencrypted email, where the plaintext headers are available for
running digests(?). Perhaps digests on the wrong material are being checked when the signature is in an encrypted email.
Thanks for the bug report. Confirmed and fixed upstream within bug 
evolution-data-server-2.24.5-5.fc10 has been submitted as an update for Fedora 10.
evolution-data-server-2.24.5-5.fc10 has been pushed to the Fedora 10 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
su -c 'yum --enablerepo=updates-testing update evolution-data-server'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F10/FEDORA-2009-3413
Experiencing same problem with evolution-data-server-2.22.3-3.fc9. Will there be a patched package forthcoming for F9? I could not even get a test package from the F9 "updates-testing" repo. Myself and those with whom I work send and receive signed and encrypted messages regularly so this is having a significant impact on us.
Oops, right, F9 package wasn't updated yet.
evolution-data-server-2.24.5-5.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
What about Fedora 9? If there won't be an update, whether testing or stable, could we at least roll-back to the working version?
evolution-data-server-2.22.3-4.fc9 has been submitted as an update for Fedora 9.
evolution-data-server-2.22.3-4.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.