aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--gnu/local.mk1
-rw-r--r--gnu/packages/messaging.scm6
-rw-r--r--gnu/packages/patches/gajim-CVE-2016-10376.patch57
3 files changed, 2 insertions, 62 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index f9f18ec308..ecd80acda5 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -601,7 +601,6 @@ dist_patch_DATA = \
%D%/packages/patches/freetype-CVE-2017-8105.patch \
%D%/packages/patches/freetype-CVE-2017-8287.patch \
%D%/packages/patches/fuse-overlapping-headers.patch \
- %D%/packages/patches/gajim-CVE-2016-10376.patch \
%D%/packages/patches/gawk-shell.patch \
%D%/packages/patches/gcc-arm-bug-71399.patch \
%D%/packages/patches/gcc-arm-link-spec-fix.patch \
diff --git a/gnu/packages/messaging.scm b/gnu/packages/messaging.scm
index aefd24b849..827e9edee9 100644
--- a/gnu/packages/messaging.scm
+++ b/gnu/packages/messaging.scm
@@ -487,17 +487,15 @@ was initially a fork of xmpppy, but uses non-blocking sockets.")
(define-public gajim
(package
(name "gajim")
- (version "0.16.7")
+ (version "0.16.8")
(source (origin
(method url-fetch)
(uri (string-append "https://gajim.org/downloads/"
(version-major+minor version)
"/gajim-" version ".tar.bz2"))
- (patches
- (search-patches "gajim-CVE-2016-10376.patch"))
(sha256
(base32
- "13sxz0hpvyj2yvcbsfqq9yn0hp1d1zsxsj40r0v16jlibha5da9n"))))
+ "0ckakdjg30fsyjsgyy2573x9nmjivdg76y049l86wns5axw8im26"))))
(build-system gnu-build-system)
(arguments
`(#:phases
diff --git a/gnu/packages/patches/gajim-CVE-2016-10376.patch b/gnu/packages/patches/gajim-CVE-2016-10376.patch
deleted file mode 100644
index 591dd1af21..0000000000
--- a/gnu/packages/patches/gajim-CVE-2016-10376.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-Fix CVE-2016-10376.
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10376
-http://seclists.org/oss-sec/2017/q2/341
-https://dev.gajim.org/gajim/gajim/issues/8378
-
-Patch copied from upstream source repository:
-
-https://dev.gajim.org/gajim/gajim/commit/cb65cfc5aed9efe05208ebbb7fb2d41fcf7253cc
-
-(adapted for context in config.py)
-
-From cb65cfc5aed9efe05208ebbb7fb2d41fcf7253cc Mon Sep 17 00:00:00 2001
-From: Philipp Hörist <forenjunkie@chello.at>
-Date: Fri, 26 May 2017 23:10:05 +0200
-Subject: [PATCH] Add config option to activate XEP-0146 commands
-
-Some of the Commands have security implications, thats why we disable them per default
-Fixes #8378
----
- src/common/commands.py | 7 ++++---
- src/common/config.py | 1 +
- 2 files changed, 5 insertions(+), 3 deletions(-)
-
-diff --git a/src/common/commands.py b/src/common/commands.py
-index 19d8c13..0eeb57c 100644
---- a/src/common/commands.py
-+++ b/src/common/commands.py
-@@ -345,9 +345,10 @@ class ConnectionCommands:
- def __init__(self):
- # a list of all commands exposed: node -> command class
- self.__commands = {}
-- for cmdobj in (ChangeStatusCommand, ForwardMessagesCommand,
-- LeaveGroupchatsCommand, FwdMsgThenDisconnectCommand):
-- self.__commands[cmdobj.commandnode] = cmdobj
-+ if gajim.config.get('remote_commands'):
-+ for cmdobj in (ChangeStatusCommand, ForwardMessagesCommand,
-+ LeaveGroupchatsCommand, FwdMsgThenDisconnectCommand):
-+ self.__commands[cmdobj.commandnode] = cmdobj
-
- # a list of sessions; keys are tuples (jid, sessionid, node)
- self.__sessions = {}
-diff --git a/src/common/config.py b/src/common/config.py
-index cde1f81..fe25455 100644
---- a/src/common/config.py
-+++ b/src/common/config.py
-@@ -314,6 +314,7 @@ class Config:
- 'ignore_incoming_attention': [opt_bool, False, _('If True, Gajim will ignore incoming attention requestd ("wizz").')],
- 'remember_opened_chat_controls': [ opt_bool, True, _('If enabled, Gajim will reopen chat windows that were opened last time Gajim was closed.')],
- 'positive_184_ack': [ opt_bool, False, _('If enabled, Gajim will show an icon to show that sent message has been received by your contact')],
-+ 'remote_commands': [opt_bool, False, _('If True, Gajim will execute XEP-0146 Commands.')],
- }, {})
-
- __options_per_key = {
---
-libgit2 0.24.0
-