Bug 492852 - Patch to Evolution breaks display of Encrypted & Signed S/MIME messages
Patch to Evolution breaks display of Encrypted & Signed S/MIME messages
Status: CLOSED NEXTRELEASE
Product: Fedora
Classification: Fedora
Component: evolution-data-server (Show other bugs)
9
All Linux
low Severity high
: ---
: ---
Assigned To: Matthew Barnes
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-03-30 08:17 EDT by Andy Walls
Modified: 2009-05-13 22:58 EDT (History)
4 users (show)

See Also:
Fixed In Version: 2.22.3-4.fc9
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-04-24 15:54:24 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
GNOME Desktop 564465 None None None Never

  None (edit)
Description Andy Walls 2009-03-30 08:17:02 EDT
Description of problem:

This patch to evolution data server:

...
# RH bug #484925 / CVE-2009-0547
Patch17: evolution-data-server-2.22.3-CVE-2009-0547.patch
...
%changelog
* Tue Mar 17 2009 Matthew Barnes <mbarnes@redhat.com> - 2.22.3-3.fc9
- Add patch for RH bug #484925 (CVE-2009-0547, S/MIME signatures).
...

breaks display of encrypted and signed S/MIME emails with a "Digests missing from enveloped data" message.  Yet, saving away the message part, saves away a mixed binary and plaintext decrypted message (so the decryption worked).

Here is the format of some of the relevant headers from "View message source" for messages that don't display properly with the patch applied:

...
Accept-Language: en-US
Content-Language: en-US
acceptlanguage: en-US
Content-Type: application/x-pkcs7-mime; smime-type=enveloped-data; name="smime.p7m"
Content-Disposition: attachment; filename="smime.p7m"
Content-Transfer-Encoding: base64
MIME-Version: 1.0

MIAGCSqGSIb3DQEHA6CAMIACAQAxggH6MIH6AgEAMGMwXTESMBAGA1UEChMJbWl0cmUub3JnMR4w
HAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxJzAlBgNVBAMTHk1JVFJFIENvcnBvcmF0aW9u
...


Version-Release number of selected component (if applicable):

evolution-data-server-2.23.3-3 FC9

How reproducible:

100% AFAICT. The only requirements are a receiving party and a transmitting party both with valid certificates and the receiving party to have Evolution.

Steps to Reproduce:
1. Receive an encrypted and signed S/MIME email generated by MS Outlook
2. Open message & enter password
3. Curse the "upgrade" that causes the message to be unreadable.
  
Actual results:

Messages window shows "Digests missing from enveloped data" and an "Encrypted" button with a shield, and also a button to save away the message.

Expected results:

Message should be readable.

Additional info:

I suspect that the new mechanism for verifying signatures in the patch only works for unencrypted email, where the plaintext headers are available for
running digests(?).  Perhaps digests on the wrong material are being checked when the signature is in an encrypted email.
Comment 1 Milan Crha 2009-03-31 07:53:40 EDT
Thanks for the bug report. Confirmed and fixed upstream within bug [1]
[1] http://bugzilla.gnome.org/show_bug.cgi?id=564465
Comment 2 Fedora Update System 2009-04-06 14:38:54 EDT
evolution-data-server-2.24.5-5.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/evolution-data-server-2.24.5-5.fc10
Comment 3 Fedora Update System 2009-04-07 11:49:26 EDT
evolution-data-server-2.24.5-5.fc10 has been pushed to the Fedora 10 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update evolution-data-server'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F10/FEDORA-2009-3413
Comment 4 Calvin Webster 2009-04-17 13:38:42 EDT
Experiencing same problem with evolution-data-server-2.22.3-3.fc9. Will there be a patched package forthcoming for F9? I could not even get a test package from the F9 "updates-testing" repo. Myself and those with whom I work send and receive signed and encrypted messages regularly so this is having a significant impact on us.
Comment 5 Milan Crha 2009-04-20 08:07:04 EDT
Oops, right, F9 package wasn't updated yet.
Comment 6 Fedora Update System 2009-04-24 15:54:20 EDT
evolution-data-server-2.24.5-5.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 7 Calvin Webster 2009-04-24 16:59:09 EDT
What about Fedora 9? If there won't be an update, whether testing or stable, could we at least roll-back to the working version?
Comment 8 Fedora Update System 2009-04-27 11:53:14 EDT
evolution-data-server-2.22.3-4.fc9 has been submitted as an update for Fedora 9.
http://admin.fedoraproject.org/updates/evolution-data-server-2.22.3-4.fc9
Comment 9 Fedora Update System 2009-05-13 22:58:31 EDT
evolution-data-server-2.22.3-4.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.