Submitted By:            Douglas R. Reno <renodr at linuxfromscratch dot org>
Date:                    2019-02-22
Initial Package Version: 3.30.5
Upstream Status:         Committed
Origin:                  Upstream
Description:             Fix an OpenPGP Spoofing Vulnerability (CVE-2018-15587).

diff -Naurp evolution-3.30.5.orig/src/em-format/e-mail-parser.c evolution-3.30.5/src/em-format/e-mail-parser.c
--- evolution-3.30.5.orig/src/em-format/e-mail-parser.c	2019-02-04 05:26:02.000000000 -0600
+++ evolution-3.30.5/src/em-format/e-mail-parser.c	2019-02-21 15:15:08.713449875 -0600
@@ -80,6 +80,67 @@ GType e_mail_parser_application_smime_ge
 static gpointer parent_class;
 
 static void
+mail_parser_move_security_before_headers (GQueue *part_queue)
+{
+   GList *link, *last_headers = NULL;
+   GSList *headers_stack = NULL;
+
+   link = g_queue_peek_head_link (part_queue);
+   while (link) {
+      EMailPart *part = link->data;
+      const gchar *id;
+
+      if (!part) {
+         link = g_list_next (link);
+         continue;
+      }
+
+      id = e_mail_part_get_id (part);
+      if (!id) {
+         link = g_list_next (link);
+         continue;
+      }
+
+      if (g_str_has_suffix (id, ".rfc822")) {
+         headers_stack = g_slist_prepend (headers_stack, last_headers);
+         last_headers = NULL;
+      } else if (g_str_has_suffix (id, ".rfc822.end")) {
+         g_warn_if_fail (headers_stack != NULL);
+
+         if (headers_stack) {
+            last_headers = headers_stack->data;
+            headers_stack = g_slist_remove (headers_stack, last_headers);
+         } else {
+            last_headers = NULL;
+         }
+      }
+
+      if (g_strcmp0 (e_mail_part_get_mime_type (part), "application/vnd.evolution.headers") == 0) {
+         last_headers = link;
+         link = g_list_next (link);
+      } else if (g_strcmp0 (e_mail_part_get_mime_type (part), "application/vnd.evolution.secure-button") == 0) {
+         g_warn_if_fail (last_headers != NULL) ;
+
+         if (last_headers) {
+            GList *next = g_list_next(link);
+
+            g_warn_if_fail (g_queue_remove (part_queue, part));
+            g_queue_insert_before (part_queue, last_headers, part);
+
+            link = next;
+         } else {
+            link = g_list_next(link);
+         }
+      } else {
+         link = g_list_next (link);
+      }
+   }
+
+   g_warn_if_fail (headers_stack == NULL);
+   g_slist_free (headers_stack);
+}
+
+static void
 mail_parser_run (EMailParser *parser,
                  EMailPartList *part_list,
                  GCancellable *cancellable)
@@ -142,6 +203,8 @@ mail_parser_run (EMailParser *parser,
 			break;
 	}
 
+   mail_parser_move_security_before_headers (&mail_part_queue);
+
 	while (!g_queue_is_empty (&mail_part_queue)) {
 		mail_part = g_queue_pop_head (&mail_part_queue);
 		e_mail_part_list_add_part (part_list, mail_part);