Description of problem: This patch to evolution data server: ... # RH bug #484925 / CVE-2009-0547 Patch17: evolution-data-server-2.22.3-CVE-2009-0547.patch ... %changelog * Tue Mar 17 2009 Matthew Barnes <mbarnes> - 2.22.3-3.fc9 - Add patch for RH bug #484925 (CVE-2009-0547, S/MIME signatures). ... breaks display of encrypted and signed S/MIME emails with a "Digests missing from enveloped data" message. Yet, saving away the message part, saves away a mixed binary and plaintext decrypted message (so the decryption worked). Here is the format of some of the relevant headers from "View message source" for messages that don't display properly with the patch applied: ... Accept-Language: en-US Content-Language: en-US acceptlanguage: en-US Content-Type: application/x-pkcs7-mime; smime-type=enveloped-data; name="smime.p7m" Content-Disposition: attachment; filename="smime.p7m" Content-Transfer-Encoding: base64 MIME-Version: 1.0 MIAGCSqGSIb3DQEHA6CAMIACAQAxggH6MIH6AgEAMGMwXTESMBAGA1UEChMJbWl0cmUub3JnMR4w HAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxJzAlBgNVBAMTHk1JVFJFIENvcnBvcmF0aW9u ... Version-Release number of selected component (if applicable): evolution-data-server-2.23.3-3 FC9 How reproducible: 100% AFAICT. The only requirements are a receiving party and a transmitting party both with valid certificates and the receiving party to have Evolution. Steps to Reproduce: 1. Receive an encrypted and signed S/MIME email generated by MS Outlook 2. Open message & enter password 3. Curse the "upgrade" that causes the message to be unreadable. Actual results: Messages window shows "Digests missing from enveloped data" and an "Encrypted" button with a shield, and also a button to save away the message. Expected results: Message should be readable. Additional info: I suspect that the new mechanism for verifying signatures in the patch only works for unencrypted email, where the plaintext headers are available for running digests(?). Perhaps digests on the wrong material are being checked when the signature is in an encrypted email.
Thanks for the bug report. Confirmed and fixed upstream within bug [1] [1] http://bugzilla.gnome.org/show_bug.cgi?id=564465
evolution-data-server-2.24.5-5.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/evolution-data-server-2.24.5-5.fc10
evolution-data-server-2.24.5-5.fc10 has been pushed to the Fedora 10 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update evolution-data-server'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F10/FEDORA-2009-3413
Experiencing same problem with evolution-data-server-2.22.3-3.fc9. Will there be a patched package forthcoming for F9? I could not even get a test package from the F9 "updates-testing" repo. Myself and those with whom I work send and receive signed and encrypted messages regularly so this is having a significant impact on us.
Oops, right, F9 package wasn't updated yet.
evolution-data-server-2.24.5-5.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
What about Fedora 9? If there won't be an update, whether testing or stable, could we at least roll-back to the working version?
evolution-data-server-2.22.3-4.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/evolution-data-server-2.22.3-4.fc9
evolution-data-server-2.22.3-4.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.