diff options
-rw-r--r-- | gnu/local.mk | 1 | ||||
-rw-r--r-- | gnu/packages/messaging.scm | 6 | ||||
-rw-r--r-- | gnu/packages/patches/gajim-CVE-2016-10376.patch | 57 |
3 files changed, 2 insertions, 62 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index f9f18ec308..ecd80acda5 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -601,7 +601,6 @@ dist_patch_DATA = \ %D%/packages/patches/freetype-CVE-2017-8105.patch \ %D%/packages/patches/freetype-CVE-2017-8287.patch \ %D%/packages/patches/fuse-overlapping-headers.patch \ - %D%/packages/patches/gajim-CVE-2016-10376.patch \ %D%/packages/patches/gawk-shell.patch \ %D%/packages/patches/gcc-arm-bug-71399.patch \ %D%/packages/patches/gcc-arm-link-spec-fix.patch \ diff --git a/gnu/packages/messaging.scm b/gnu/packages/messaging.scm index aefd24b849..827e9edee9 100644 --- a/gnu/packages/messaging.scm +++ b/gnu/packages/messaging.scm @@ -487,17 +487,15 @@ was initially a fork of xmpppy, but uses non-blocking sockets.") (define-public gajim (package (name "gajim") - (version "0.16.7") + (version "0.16.8") (source (origin (method url-fetch) (uri (string-append "https://gajim.org/downloads/" (version-major+minor version) "/gajim-" version ".tar.bz2")) - (patches - (search-patches "gajim-CVE-2016-10376.patch")) (sha256 (base32 - "13sxz0hpvyj2yvcbsfqq9yn0hp1d1zsxsj40r0v16jlibha5da9n")))) + "0ckakdjg30fsyjsgyy2573x9nmjivdg76y049l86wns5axw8im26")))) (build-system gnu-build-system) (arguments `(#:phases diff --git a/gnu/packages/patches/gajim-CVE-2016-10376.patch b/gnu/packages/patches/gajim-CVE-2016-10376.patch deleted file mode 100644 index 591dd1af21..0000000000 --- a/gnu/packages/patches/gajim-CVE-2016-10376.patch +++ /dev/null @@ -1,57 +0,0 @@ -Fix CVE-2016-10376. - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10376 -http://seclists.org/oss-sec/2017/q2/341 -https://dev.gajim.org/gajim/gajim/issues/8378 - -Patch copied from upstream source repository: - -https://dev.gajim.org/gajim/gajim/commit/cb65cfc5aed9efe05208ebbb7fb2d41fcf7253cc - -(adapted for context in config.py) - -From cb65cfc5aed9efe05208ebbb7fb2d41fcf7253cc Mon Sep 17 00:00:00 2001 -From: Philipp Hörist <forenjunkie@chello.at> -Date: Fri, 26 May 2017 23:10:05 +0200 -Subject: [PATCH] Add config option to activate XEP-0146 commands - -Some of the Commands have security implications, thats why we disable them per default -Fixes #8378 ---- - src/common/commands.py | 7 ++++--- - src/common/config.py | 1 + - 2 files changed, 5 insertions(+), 3 deletions(-) - -diff --git a/src/common/commands.py b/src/common/commands.py -index 19d8c13..0eeb57c 100644 ---- a/src/common/commands.py -+++ b/src/common/commands.py -@@ -345,9 +345,10 @@ class ConnectionCommands: - def __init__(self): - # a list of all commands exposed: node -> command class - self.__commands = {} -- for cmdobj in (ChangeStatusCommand, ForwardMessagesCommand, -- LeaveGroupchatsCommand, FwdMsgThenDisconnectCommand): -- self.__commands[cmdobj.commandnode] = cmdobj -+ if gajim.config.get('remote_commands'): -+ for cmdobj in (ChangeStatusCommand, ForwardMessagesCommand, -+ LeaveGroupchatsCommand, FwdMsgThenDisconnectCommand): -+ self.__commands[cmdobj.commandnode] = cmdobj - - # a list of sessions; keys are tuples (jid, sessionid, node) - self.__sessions = {} -diff --git a/src/common/config.py b/src/common/config.py -index cde1f81..fe25455 100644 ---- a/src/common/config.py -+++ b/src/common/config.py -@@ -314,6 +314,7 @@ class Config: - 'ignore_incoming_attention': [opt_bool, False, _('If True, Gajim will ignore incoming attention requestd ("wizz").')], - 'remember_opened_chat_controls': [ opt_bool, True, _('If enabled, Gajim will reopen chat windows that were opened last time Gajim was closed.')], - 'positive_184_ack': [ opt_bool, False, _('If enabled, Gajim will show an icon to show that sent message has been received by your contact')], -+ 'remote_commands': [opt_bool, False, _('If True, Gajim will execute XEP-0146 Commands.')], - }, {}) - - __options_per_key = { --- -libgit2 0.24.0 - |