...
 
Commits (3)
evolution-ews (3.30.5-1.1) unstable; urgency=medium
* Non-maintainer upload.
* Backport patch to fix Office365 with OAuth2 (Closes: #926249)
* Backport patch to fix CVE-2019-3890 - SSL certificates not being validated
before use. Bump dependency on libedataserver1.2-dev to >= 3.30.5-1.1~ as
the fix requires a change in that library. (Closes: #926712)
-- Luca Boccassi <bluca@debian.org> Tue, 02 Apr 2019 17:56:27 +0100
evolution-ews (3.30.5-1) unstable; urgency=medium
* New upstream release
......
......@@ -14,7 +14,7 @@ Build-Depends: cmake,
evolution-dev (>= 3.30.5),
evolution-data-server-dev (>= 3.30.5),
libcamel1.2-dev (>= 3.30.5),
libedataserver1.2-dev (>= 3.30.5),
libedataserver1.2-dev (>= 3.30.5-1.1~),
libebackend1.2-dev (>= 3.30.5),
libecal1.2-dev (>= 3.30.5),
libedata-cal1.2-dev (>= 3.30.5),
......
......@@ -10,7 +10,7 @@ Build-Depends: cmake,
evolution-dev (>= 3.30.5),
evolution-data-server-dev (>= 3.30.5),
libcamel1.2-dev (>= 3.30.5),
libedataserver1.2-dev (>= 3.30.5),
libedataserver1.2-dev (>= 3.30.5-1.1~),
libebackend1.2-dev (>= 3.30.5),
libecal1.2-dev (>= 3.30.5),
libedata-cal1.2-dev (>= 3.30.5),
......
Author: Luca Boccassi <luca.boccassi@microsoft.com>
Description: do not pass 'scope' parameter in OAuth2 requests on outlook.office365.com server
It is optional and can cause errors like:
error:invalid_request description:AADSTS65002:
Consent between first party applications and resources must be
configured via preauthorization.
Bug-Debian: https://bugs.debian.org/926249
Origin: https://gitlab.gnome.org/GNOME/evolution-ews/merge_requests/1
Applied-upstream: https://gitlab.gnome.org/GNOME/evolution-ews/commit/8dafe925c30e2a2bc53578076eb5710b18eedd42
--- a/src/server/e-oauth2-service-office365.c
+++ b/src/server/e-oauth2-service-office365.c
@@ -30,21 +30,6 @@
#define OFFICE365_RESOURCE "https://outlook.office.com"
-#define OFFICE365_SCOPE "openid offline_access profile " \
- "Mail.ReadWrite " \
- "Mail.ReadWrite.Shared " \
- "Mail.Send " \
- "Mail.Send.Shared " \
- "Calendars.ReadWrite " \
- "Calendars.ReadWrite.Shared " \
- "Contacts.ReadWrite " \
- "Contacts.ReadWrite.Shared " \
- "Tasks.ReadWrite " \
- "Tasks.ReadWrite.Shared " \
- "MailboxSettings.ReadWrite " \
- "People.Read " \
- "User.ReadBasic.All"
-
struct _EOAuth2ServiceOffice365Private
{
GMutex string_cache_lock;
@@ -253,7 +238,6 @@
e_oauth2_service_util_set_to_form (uri_query, "response_mode", "query");
e_oauth2_service_util_set_to_form (uri_query, "prompt", "login");
- e_oauth2_service_util_set_to_form (uri_query, "scope", OFFICE365_SCOPE);
e_oauth2_service_util_set_to_form (uri_query, "resource", OFFICE365_RESOURCE);
}
@@ -321,7 +305,6 @@
{
g_return_if_fail (form != NULL);
- e_oauth2_service_util_set_to_form (form, "scope", OFFICE365_SCOPE);
e_oauth2_service_util_set_to_form (form, "resource", OFFICE365_RESOURCE);
e_oauth2_service_util_set_to_form (form, "redirect_uri", e_oauth2_service_get_redirect_uri (service, source));
}
0001-I-27-SSL-Certificates-are-not-validated.patch
0001-Do-not-pass-scope-parameter-in-OAuth2-requests.patch