Your message dated Sat, 27 May 2017 05:45:00 +0000
with message-id <[email protected]>
and subject line Re: Bug#863450: unblock: gajim/0.16.6-1.1
has caused the Debian Bug report #863450,
regarding unblock: gajim/0.16.6-1.1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
863450: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863450
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: [email protected]
Usertags: unblock
Please unblock package gajim
Added an upstream commit/patch to solve security problem #863445.
diff -Nru gajim-0.16.6/debian/changelog gajim-0.16.6/debian/changelog
--- gajim-0.16.6/debian/changelog 2016-10-08 12:10:31.000000000 +0200
+++ gajim-0.16.6/debian/changelog 2017-05-27 00:35:49.000000000 +0200
@@ -1,3 +1,10 @@
+gajim (0.16.6-1.1) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * Apply upstream patch to make XEP-0146 opt-in (Closes: #863445)
+
+ -- W. Martin Borgert <[email protected]> Fri, 26 May 2017 22:35:49 +0000
+
gajim (0.16.6-1) unstable; urgency=low
* New upstream release (closes: #839780)
diff -Nru gajim-0.16.6/debian/patches/fix-xep-0146-opt-in
gajim-0.16.6/debian/patches/fix-xep-0146-opt-in
--- gajim-0.16.6/debian/patches/fix-xep-0146-opt-in 1970-01-01
01:00:00.000000000 +0100
+++ gajim-0.16.6/debian/patches/fix-xep-0146-opt-in 2017-05-27
00:35:49.000000000 +0200
@@ -0,0 +1,35 @@
+Description: Add config option to activate XEP-0146 commands
+ Some of the Commands have security implications, thats why we disable them
per default
+Author: Philipp Hörist
+Origin: upstream,
https://dev.gajim.org/gajim/gajim/commit/cb65cfc5aed9efe05208ebbb7fb2d41fcf7253cc
+Bug: https://dev.gajim.org/gajim/gajim/issues/8378
+Bug-Debian: https://bugs.debian.org/863445
+Last-Update: 2017-05-27
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/src/common/commands.py
++++ b/src/common/commands.py
+@@ -345,9 +345,10 @@
+ def __init__(self):
+ # a list of all commands exposed: node -> command class
+ self.__commands = {}
+- for cmdobj in (ChangeStatusCommand, ForwardMessagesCommand,
+- LeaveGroupchatsCommand, FwdMsgThenDisconnectCommand):
+- self.__commands[cmdobj.commandnode] = cmdobj
++ if gajim.config.get('remote_commands'):
++ for cmdobj in (ChangeStatusCommand, ForwardMessagesCommand,
++ LeaveGroupchatsCommand, FwdMsgThenDisconnectCommand):
++ self.__commands[cmdobj.commandnode] = cmdobj
+
+ # a list of sessions; keys are tuples (jid, sessionid, node)
+ self.__sessions = {}
+--- a/src/common/config.py
++++ b/src/common/config.py
+@@ -313,6 +313,7 @@
+ 'ignore_incoming_attention': [opt_bool, False, _('If True, Gajim
will ignore incoming attention requestd ("wizz").')],
+ 'remember_opened_chat_controls': [ opt_bool, True, _('If enabled,
Gajim will reopen chat windows that were opened last time Gajim was closed.')],
+ 'positive_184_ack': [ opt_bool, False, _('If enabled, Gajim will
show an icon to show that sent message has been received by your contact')],
++ 'remote_commands': [opt_bool, False, _('If True, Gajim will
execute XEP-0146 Commands. Dangerous!')],
+ }, {})
+
+ __options_per_key = {
diff -Nru gajim-0.16.6/debian/patches/series gajim-0.16.6/debian/patches/series
--- gajim-0.16.6/debian/patches/series 1970-01-01 01:00:00.000000000 +0100
+++ gajim-0.16.6/debian/patches/series 2017-05-27 00:35:49.000000000 +0200
@@ -0,0 +1 @@
+fix-xep-0146-opt-in
unblock gajim/0.16.6-1.1
--- End Message ---
--- Begin Message ---
W. Martin Borgert:
> Package: release.debian.org
> Severity: normal
> User: [email protected]
> Usertags: unblock
>
> Please unblock package gajim
>
> Added an upstream commit/patch to solve security problem #863445.
>
>
> [...]
>
>
> unblock gajim/0.16.6-1.1
>
Unblocked, thanks.
~Niels
--- End Message ---
