mirror of
https://git.savannah.gnu.org/git/guix.git
synced 2025-01-19 14:07:01 +01:00
gnu: gajim: Fix CVE-2016-10376.
* gnu/packages/patches/gajim-CVE-2016-10376.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/messaging.scm (gajim)[source]: Use it.
This commit is contained in:
parent
ca40d4e7c5
commit
3803b069f6
3 changed files with 60 additions and 0 deletions
|
@ -598,6 +598,7 @@ dist_patch_DATA = \
|
|||
%D%/packages/patches/freetype-CVE-2017-8105.patch \
|
||||
%D%/packages/patches/freetype-CVE-2017-8287.patch \
|
||||
%D%/packages/patches/fuse-overlapping-headers.patch \
|
||||
%D%/packages/patches/gajim-CVE-2016-10376.patch \
|
||||
%D%/packages/patches/gawk-shell.patch \
|
||||
%D%/packages/patches/gcc-arm-bug-71399.patch \
|
||||
%D%/packages/patches/gcc-arm-link-spec-fix.patch \
|
||||
|
|
|
@ -490,6 +490,8 @@ (define-public gajim
|
|||
(uri (string-append "https://gajim.org/downloads/"
|
||||
(version-major+minor version)
|
||||
"/gajim-" version ".tar.bz2"))
|
||||
(patches
|
||||
(search-patches "gajim-CVE-2016-10376.patch"))
|
||||
(sha256
|
||||
(base32
|
||||
"13sxz0hpvyj2yvcbsfqq9yn0hp1d1zsxsj40r0v16jlibha5da9n"))))
|
||||
|
|
57
gnu/packages/patches/gajim-CVE-2016-10376.patch
Normal file
57
gnu/packages/patches/gajim-CVE-2016-10376.patch
Normal file
|
@ -0,0 +1,57 @@
|
|||
Fix CVE-2016-10376.
|
||||
|
||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10376
|
||||
http://seclists.org/oss-sec/2017/q2/341
|
||||
https://dev.gajim.org/gajim/gajim/issues/8378
|
||||
|
||||
Patch copied from upstream source repository:
|
||||
|
||||
https://dev.gajim.org/gajim/gajim/commit/cb65cfc5aed9efe05208ebbb7fb2d41fcf7253cc
|
||||
|
||||
(adapted for context in config.py)
|
||||
|
||||
From cb65cfc5aed9efe05208ebbb7fb2d41fcf7253cc Mon Sep 17 00:00:00 2001
|
||||
From: Philipp Hörist <forenjunkie@chello.at>
|
||||
Date: Fri, 26 May 2017 23:10:05 +0200
|
||||
Subject: [PATCH] Add config option to activate XEP-0146 commands
|
||||
|
||||
Some of the Commands have security implications, thats why we disable them per default
|
||||
Fixes #8378
|
||||
---
|
||||
src/common/commands.py | 7 ++++---
|
||||
src/common/config.py | 1 +
|
||||
2 files changed, 5 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/common/commands.py b/src/common/commands.py
|
||||
index 19d8c13..0eeb57c 100644
|
||||
--- a/src/common/commands.py
|
||||
+++ b/src/common/commands.py
|
||||
@@ -345,9 +345,10 @@ class ConnectionCommands:
|
||||
def __init__(self):
|
||||
# a list of all commands exposed: node -> command class
|
||||
self.__commands = {}
|
||||
- for cmdobj in (ChangeStatusCommand, ForwardMessagesCommand,
|
||||
- LeaveGroupchatsCommand, FwdMsgThenDisconnectCommand):
|
||||
- self.__commands[cmdobj.commandnode] = cmdobj
|
||||
+ if gajim.config.get('remote_commands'):
|
||||
+ for cmdobj in (ChangeStatusCommand, ForwardMessagesCommand,
|
||||
+ LeaveGroupchatsCommand, FwdMsgThenDisconnectCommand):
|
||||
+ self.__commands[cmdobj.commandnode] = cmdobj
|
||||
|
||||
# a list of sessions; keys are tuples (jid, sessionid, node)
|
||||
self.__sessions = {}
|
||||
diff --git a/src/common/config.py b/src/common/config.py
|
||||
index cde1f81..fe25455 100644
|
||||
--- a/src/common/config.py
|
||||
+++ b/src/common/config.py
|
||||
@@ -314,6 +314,7 @@ class Config:
|
||||
'ignore_incoming_attention': [opt_bool, False, _('If True, Gajim will ignore incoming attention requestd ("wizz").')],
|
||||
'remember_opened_chat_controls': [ opt_bool, True, _('If enabled, Gajim will reopen chat windows that were opened last time Gajim was closed.')],
|
||||
'positive_184_ack': [ opt_bool, False, _('If enabled, Gajim will show an icon to show that sent message has been received by your contact')],
|
||||
+ 'remote_commands': [opt_bool, False, _('If True, Gajim will execute XEP-0146 Commands.')],
|
||||
}, {})
|
||||
|
||||
__options_per_key = {
|
||||
--
|
||||
libgit2 0.24.0
|
||||
|
Loading…
Reference in a new issue