Control: tag -1 -moreinfo On 26/02/17 18:51, Jonathan Wiltshire wrote: > Control: tag -1 confirmed moreinfo > > [...] > > You should close the bug in your changelog, and you do not mention the > metadata changes in patch fix_spelling_error. With those corrections, > please go ahead and remove the moreinfo tag from this bug. > > Thanks,
Done. I attach a new debdiff as well. Tomasz
diff -Nru profanity-0.4.7/debian/changelog profanity-0.4.7/debian/changelog --- profanity-0.4.7/debian/changelog 2015-09-26 16:47:33.000000000 +0200 +++ profanity-0.4.7/debian/changelog 2017-02-25 18:29:37.000000000 +0100 @@ -1,3 +1,11 @@ +profanity (0.4.7-1.1) testing-proposed-updates; urgency=medium + + * Non-maintainer upload + * Fix CVE-2017-5592 (Closes: #854735) + * Update debian/patches with gbp import/export (side effect of the above fix) + + -- Tomasz Buchert <tom...@debian.org> Sat, 25 Feb 2017 18:29:37 +0100 + profanity (0.4.7-1) unstable; urgency=medium * Imported Upstream version 0.4.7 @@ -43,4 +51,3 @@ * Initial release (Closes: #745872) -- Dariusz Dwornikowski <dariusz.dwornikow...@cs.put.poznan.pl> Wed, 27 Aug 2014 12:34:59 +0200 - diff -Nru profanity-0.4.7/debian/patches/0002-Import-the-patch-fixing-CVE-2017-5592.patch profanity-0.4.7/debian/patches/0002-Import-the-patch-fixing-CVE-2017-5592.patch --- profanity-0.4.7/debian/patches/0002-Import-the-patch-fixing-CVE-2017-5592.patch 1970-01-01 01:00:00.000000000 +0100 +++ profanity-0.4.7/debian/patches/0002-Import-the-patch-fixing-CVE-2017-5592.patch 2017-02-25 18:29:37.000000000 +0100 @@ -0,0 +1,41 @@ +From: Tomasz Buchert <tom...@buchert.pl> +Date: Sat, 25 Feb 2017 17:01:33 +0100 +Subject: Import the patch fixing CVE-2017-5592. + +The patch was provided by the upstream author. +--- + src/xmpp/message.c | 7 +++++++ + tests/functionaltests/test_carbons.c | 2 +- + 2 files changed, 8 insertions(+), 1 deletion(-) + +diff --git a/src/xmpp/message.c b/src/xmpp/message.c +index 5581521..f6bb864 100644 +--- a/src/xmpp/message.c ++++ b/src/xmpp/message.c +@@ -687,6 +687,13 @@ _handle_carbons(xmpp_stanza_t * const stanza) + return FALSE; + } + ++ Jid *my_jid = jid_create(jabber_get_fulljid()); ++ const char *const stanza_from = xmpp_stanza_get_attribute(stanza, STANZA_ATTR_FROM); ++ if (g_strcmp0(my_jid->barejid, stanza_from) != 0) { ++ log_warning("Invalid carbon received, from: %s", stanza_from); ++ return TRUE; ++ } ++ + char *name = xmpp_stanza_get_name(carbons); + if ((g_strcmp0(name, "received") == 0) || (g_strcmp0(name, "sent")) == 0) { + xmpp_stanza_t *forwarded = xmpp_stanza_get_child_by_ns(carbons, STANZA_NS_FORWARD); +diff --git a/tests/functionaltests/test_carbons.c b/tests/functionaltests/test_carbons.c +index 96639d6..3bbe65d 100644 +--- a/tests/functionaltests/test_carbons.c ++++ b/tests/functionaltests/test_carbons.c +@@ -70,7 +70,7 @@ receive_carbon(void **state) + prof_output_exact("unencrypted"); + + stbbr_send( +- "<message type=\"chat\" to=\"stabber@localhost/profanity\" from=\"buddy1@localhost\">" ++ "<message type=\"chat\" to=\"stabber@localhost/profanity\" from=\"stabber@localhost\">" + "<received xmlns=\"urn:xmpp:carbons:2\">" + "<forwarded xmlns=\"urn:xmpp:forward:0\">" + "<message id=\"prof_msg_7\" xmlns=\"jabber:client\" type=\"chat\" lang=\"en\" to=\"stabber@localhost/profanity\" from=\"buddy1@localhost/mobile\">" diff -Nru profanity-0.4.7/debian/patches/fix_spelling_error profanity-0.4.7/debian/patches/fix_spelling_error --- profanity-0.4.7/debian/patches/fix_spelling_error 2015-09-26 16:47:33.000000000 +0200 +++ profanity-0.4.7/debian/patches/fix_spelling_error 2017-02-25 18:29:37.000000000 +0100 @@ -1,10 +1,16 @@ -Author: Dariusz Dwornikowski <dariusz.dwornikow...@cs.put.poznan.pl> -Subject: Fix spelling errors -Last-Update: 2015-09-25 -Forwarded: not-needed +From: Dariusz Dwornikowski <dariusz.dwornikow...@cs.put.poznan.pl> +Date: Sat, 25 Feb 2017 17:03:17 +0100 +Subject: Fix spelling errors. + +--- + src/xmpp/iq.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/xmpp/iq.c b/src/xmpp/iq.c +index 496e9ca..6466eb5 100644 --- a/src/xmpp/iq.c +++ b/src/xmpp/iq.c -@@ -861,13 +861,13 @@ +@@ -861,13 +861,13 @@ _version_result_handler(xmpp_conn_t * const conn, xmpp_stanza_t * const stanza, xmpp_stanza_t *query = xmpp_stanza_get_child_by_name(stanza, STANZA_NAME_QUERY); if (query == NULL) { diff -Nru profanity-0.4.7/debian/patches/series profanity-0.4.7/debian/patches/series --- profanity-0.4.7/debian/patches/series 2015-09-26 16:47:33.000000000 +0200 +++ profanity-0.4.7/debian/patches/series 2017-02-25 18:29:37.000000000 +0100 @@ -1 +1,2 @@ fix_spelling_error +0002-Import-the-patch-fixing-CVE-2017-5592.patch
signature.asc
Description: PGP signature