Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock package telepathy-gabble: unblock telepathy-gabble/0.16.5-1 This fixes a remotely-triggerable DoS (variously known as CVE-2013-1769, #702252, fd.o #61433), and catches up with the upstream stable-branch to fix some more minor bugs and reduce the delta between Debian and upstream: * don't accidentally switch off use of the "modern" Call API preferred by Empathy, making calls work better (fd.o #56181) * fix a server-triggerable crash (fd.o #57521) * fix a crash if we disconnect at a bad time (fd.o #52362) * fix some race conditions and other badness in the regression tests (which are not packaged or run in Debian wheezy) * turn off deprecation warnings, which are inappropriate for a stable-branch (ignored in Debian anyway) * fix some brokenness in the procedure for making releases (not used in Debian) The remaining upstream changes in 0.16.2, 0.16.3 were already made in Debian via patches. See below for a filtered diff, excluding the regression tests (which are not run in Debian), re-generated Autotools goo, and debian/patches. This diff is between the patched tree currently in wheezy (with patches already applied), and the new tree (which has an empty debian/patches). Please let me know if anything in this is problematic: with my upstream hat on, I'm trying to make sure we make "clean" upstream stable releases. Regards, S configure.ac | 3 telepathy-gabble-0.16.5/NEWS | 50 ++++++++++ telepathy-gabble-0.16.5/debian/changelog | 8 + telepathy-gabble-0.16.5/gabble/caps-channel-manager.h | 3 telepathy-gabble-0.16.5/lib/ext/wocky/wocky/wocky-caps-hash.c | 37 ++++++- telepathy-gabble-0.16.5/lib/ext/wocky/wocky/wocky-data-form.c | 2 telepathy-gabble-0.16.5/src/caps-channel-manager.c | 15 --- telepathy-gabble-0.16.5/src/conn-presence.c | 11 -- telepathy-gabble-0.16.5/src/connection.c | 15 --- telepathy-gabble-0.16.5/src/media-factory.c | 9 - telepathy-gabble-0.16.5/src/muc-factory.c | 3 telepathy-gabble-0.16.5/tools/telepathy.am | 17 ++- 12 files changed, 113 insertions(+), 60 deletions(-) diff -Nrua telepathy-gabble-0.16.1/aclocal.m4 telepathy-gabble-0.16.5/aclocal.m4 diff -Nrua telepathy-gabble-0.16.1/ChangeLog telepathy-gabble-0.16.5/ChangeLog diff -Nrua telepathy-gabble-0.16.1/config.sub telepathy-gabble-0.16.5/config.sub diff -Nrua telepathy-gabble-0.16.1/configure telepathy-gabble-0.16.5/configure diff -Nrua telepathy-gabble-0.16.1/configure.ac telepathy-gabble-0.16.5/configure.ac --- telepathy-gabble-0.16.1/configure.ac 2012-06-20 14:24:44.000000000 +0100 +++ telepathy-gabble-0.16.5/configure.ac 2013-03-01 12:24:05.000000000 +0000 @@ -9,7 +9,7 @@ m4_define([gabble_major_version], [0]) m4_define([gabble_minor_version], [16]) -m4_define([gabble_micro_version], [1]) +m4_define([gabble_micro_version], [5]) m4_define([gabble_nano_version], [0]) # Some magic @@ -93,6 +93,7 @@ format-security \ init-self], [missing-field-initializers \ + deprecated-declarations \ unused-parameter]) AC_SUBST([ERROR_CFLAGS]) diff -Nrua telepathy-gabble-0.16.1/data/Makefile.in telepathy-gabble-0.16.5/data/Makefile.in diff -Nrua telepathy-gabble-0.16.1/debian/changelog telepathy-gabble-0.16.5/debian/changelog --- telepathy-gabble-0.16.1/debian/changelog 2012-09-14 12:39:09.000000000 +0100 +++ telepathy-gabble-0.16.5/debian/changelog 2013-03-04 15:10:50.000000000 +0000 @@ -1,3 +1,11 @@ +telepathy-gabble (0.16.5-1) unstable; urgency=medium + + * New upstream stable release + - drop all patches, applied upstream + - fixes a remotely-triggerable DoS (CVE-2013-1769, Closes: #702252) + + -- Simon McVittie <s...@debian.org> Mon, 04 Mar 2013 15:10:21 +0000 + telepathy-gabble (0.16.1-2) unstable; urgency=low * Add patch from 0.16.2 to fix a potential use-after-free when diff -Nrua telepathy-gabble-0.16.1/debian/patches/0001-server-tls-manager-deal-with-modification-of-the-GLi.patch telepathy-gabble-0.16.5/debian/patches/0001-server-tls-manager-deal-with-modification-of-the-GLi.patch diff -Nrua telepathy-gabble-0.16.1/debian/patches/0011-Add-Google-camera-v1-as-a-first-class-caps-bundle.patch telepathy-gabble-0.16.5/debian/patches/0011-Add-Google-camera-v1-as-a-first-class-caps-bundle.patch diff -Nrua telepathy-gabble-0.16.1/debian/patches/0012-Now-that-camera-v1-has-a-caps-URI-don-t-treat-it-as-.patch telepathy-gabble-0.16.5/debian/patches/0012-Now-that-camera-v1-has-a-caps-URI-don-t-treat-it-as-.patch diff -Nrua telepathy-gabble-0.16.1/debian/patches/series telepathy-gabble-0.16.5/debian/patches/series diff -Nrua telepathy-gabble-0.16.1/depcomp telepathy-gabble-0.16.5/depcomp diff -Nrua telepathy-gabble-0.16.1/docs/Makefile.in telepathy-gabble-0.16.5/docs/Makefile.in diff -Nrua telepathy-gabble-0.16.1/extensions/Makefile.in telepathy-gabble-0.16.5/extensions/Makefile.in diff -Nrua telepathy-gabble-0.16.1/gabble/caps-channel-manager.h telepathy-gabble-0.16.5/gabble/caps-channel-manager.h --- telepathy-gabble-0.16.1/gabble/caps-channel-manager.h 2012-06-20 13:49:34.000000000 +0100 +++ telepathy-gabble-0.16.5/gabble/caps-channel-manager.h 2013-03-01 12:11:58.000000000 +0000 @@ -73,9 +73,6 @@ GabbleCapabilitySet *cap_set, GPtrArray *data_forms); -void gabble_caps_channel_manager_reset_capabilities ( - GabbleCapsChannelManager *caps_manager); - void gabble_caps_channel_manager_get_contact_capabilities ( GabbleCapsChannelManager *caps_manager, TpHandle handle, diff -Nrua telepathy-gabble-0.16.1/gabble/Makefile.in telepathy-gabble-0.16.5/gabble/Makefile.in diff -Nrua telepathy-gabble-0.16.1/lib/ext/Makefile.in telepathy-gabble-0.16.5/lib/ext/Makefile.in diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/aclocal.m4 telepathy-gabble-0.16.5/lib/ext/wocky/aclocal.m4 diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/ChangeLog telepathy-gabble-0.16.5/lib/ext/wocky/ChangeLog diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/compile telepathy-gabble-0.16.5/lib/ext/wocky/compile diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/config.sub telepathy-gabble-0.16.5/lib/ext/wocky/config.sub diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/configure telepathy-gabble-0.16.5/lib/ext/wocky/configure diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/depcomp telepathy-gabble-0.16.5/lib/ext/wocky/depcomp diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/docs/Makefile.in telepathy-gabble-0.16.5/lib/ext/wocky/docs/Makefile.in diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/docs/reference/html/api-index-full.html telepathy-gabble-0.16.5/lib/ext/wocky/docs/reference/html/api-index-full.html diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/docs/reference/html/ch01.html telepathy-gabble-0.16.5/lib/ext/wocky/docs/reference/html/ch01.html diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/docs/reference/html/home.png telepathy-gabble-0.16.5/lib/ext/wocky/docs/reference/html/home.png diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/docs/reference/html/index.html telepathy-gabble-0.16.5/lib/ext/wocky/docs/reference/html/index.html diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/docs/reference/html/left.png telepathy-gabble-0.16.5/lib/ext/wocky/docs/reference/html/left.png diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/docs/reference/html/right.png telepathy-gabble-0.16.5/lib/ext/wocky/docs/reference/html/right.png diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/docs/reference/html/up.png telepathy-gabble-0.16.5/lib/ext/wocky/docs/reference/html/up.png diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/docs/reference/html/WockyAuthRegistry.html telepathy-gabble-0.16.5/lib/ext/wocky/docs/reference/html/WockyAuthRegistry.html diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/docs/reference/html/WockyCapsCache.html telepathy-gabble-0.16.5/lib/ext/wocky/docs/reference/html/WockyCapsCache.html diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/docs/reference/html/WockyContact.html telepathy-gabble-0.16.5/lib/ext/wocky/docs/reference/html/WockyContact.html diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/docs/reference/html/wocky.devhelp2 telepathy-gabble-0.16.5/lib/ext/wocky/docs/reference/html/wocky.devhelp2 diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/docs/reference/html/WockyNodeTree.html telepathy-gabble-0.16.5/lib/ext/wocky/docs/reference/html/WockyNodeTree.html diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/docs/reference/html/WockyPubsubNode.html telepathy-gabble-0.16.5/lib/ext/wocky/docs/reference/html/WockyPubsubNode.html diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/docs/reference/html/WockyResourceContact.html telepathy-gabble-0.16.5/lib/ext/wocky/docs/reference/html/WockyResourceContact.html diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/docs/reference/html/WockySession.html telepathy-gabble-0.16.5/lib/ext/wocky/docs/reference/html/WockySession.html diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/docs/reference/html/wocky-WockyAuthHandler.html telepathy-gabble-0.16.5/lib/ext/wocky/docs/reference/html/wocky-WockyAuthHandler.html diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/docs/reference/html/wocky-wocky-auth-registry-enumtypes.html telepathy-gabble-0.16.5/lib/ext/wocky/docs/reference/html/wocky-wocky-auth-registry-enumtypes.html diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/docs/reference/html/wocky-WockyC2SPorter.html telepathy-gabble-0.16.5/lib/ext/wocky/docs/reference/html/wocky-WockyC2SPorter.html diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/docs/reference/html/wocky-wocky-connector-enumtypes.html telepathy-gabble-0.16.5/lib/ext/wocky/docs/reference/html/wocky-wocky-connector-enumtypes.html diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/docs/reference/html/wocky-WockyConnector.html telepathy-gabble-0.16.5/lib/ext/wocky/docs/reference/html/wocky-WockyConnector.html diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/docs/reference/html/wocky-wocky-data-form-enumtypes.html telepathy-gabble-0.16.5/lib/ext/wocky/docs/reference/html/wocky-wocky-data-form-enumtypes.html diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/docs/reference/html/wocky-WockyDataForm.html telepathy-gabble-0.16.5/lib/ext/wocky/docs/reference/html/wocky-WockyDataForm.html diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/docs/reference/html/wocky-wocky-debug.html telepathy-gabble-0.16.5/lib/ext/wocky/docs/reference/html/wocky-wocky-debug.html diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/docs/reference/html/wocky-wocky-heartbeat-source.html telepathy-gabble-0.16.5/lib/ext/wocky/docs/reference/html/wocky-wocky-heartbeat-source.html diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/docs/reference/html/wocky-wocky.html telepathy-gabble-0.16.5/lib/ext/wocky/docs/reference/html/wocky-wocky.html diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/docs/reference/html/wocky-wocky-http-proxy.html telepathy-gabble-0.16.5/lib/ext/wocky/docs/reference/html/wocky-wocky-http-proxy.html diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/docs/reference/html/wocky-wocky-jabber-auth-digest.html telepathy-gabble-0.16.5/lib/ext/wocky/docs/reference/html/wocky-wocky-jabber-auth-digest.html diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/docs/reference/html/wocky-WockyJabberAuth.html telepathy-gabble-0.16.5/lib/ext/wocky/docs/reference/html/wocky-WockyJabberAuth.html diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/docs/reference/html/wocky-wocky-jabber-auth-password.html telepathy-gabble-0.16.5/lib/ext/wocky/docs/reference/html/wocky-wocky-jabber-auth-password.html diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/docs/reference/html/wocky-WockyMetaPorter.html telepathy-gabble-0.16.5/lib/ext/wocky/docs/reference/html/wocky-WockyMetaPorter.html diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/docs/reference/html/wocky-wocky-muc-enumtypes.html telepathy-gabble-0.16.5/lib/ext/wocky/docs/reference/html/wocky-wocky-muc-enumtypes.html diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/docs/reference/html/wocky-WockyMuc.html telepathy-gabble-0.16.5/lib/ext/wocky/docs/reference/html/wocky-WockyMuc.html diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/docs/reference/html/wocky-wocky-namespaces.html telepathy-gabble-0.16.5/lib/ext/wocky/docs/reference/html/wocky-wocky-namespaces.html diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/docs/reference/html/wocky-WockyNode.html telepathy-gabble-0.16.5/lib/ext/wocky/docs/reference/html/wocky-WockyNode.html diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/docs/reference/html/wocky-Wocky-OpenSSL-TLS.html telepathy-gabble-0.16.5/lib/ext/wocky/docs/reference/html/wocky-Wocky-OpenSSL-TLS.html diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/docs/reference/html/wocky-WockyPepService.html telepathy-gabble-0.16.5/lib/ext/wocky/docs/reference/html/wocky-WockyPepService.html diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/docs/reference/html/wocky-WockyPing.html telepathy-gabble-0.16.5/lib/ext/wocky/docs/reference/html/wocky-WockyPing.html diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/docs/reference/html/wocky-WockyPorter.html telepathy-gabble-0.16.5/lib/ext/wocky/docs/reference/html/wocky-WockyPorter.html diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/docs/reference/html/wocky-wocky-pubsub-helpers.html telepathy-gabble-0.16.5/lib/ext/wocky/docs/reference/html/wocky-wocky-pubsub-helpers.html diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/docs/reference/html/wocky-wocky-pubsub-node-enumtypes.html telepathy-gabble-0.16.5/lib/ext/wocky/docs/reference/html/wocky-wocky-pubsub-node-enumtypes.html diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/docs/reference/html/wocky-wocky-pubsub-node-protected.html telepathy-gabble-0.16.5/lib/ext/wocky/docs/reference/html/wocky-wocky-pubsub-node-protected.html diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/docs/reference/html/wocky-wocky-pubsub-service-enumtypes.html telepathy-gabble-0.16.5/lib/ext/wocky/docs/reference/html/wocky-wocky-pubsub-service-enumtypes.html diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/docs/reference/html/wocky-WockyPubsubService.html telepathy-gabble-0.16.5/lib/ext/wocky/docs/reference/html/wocky-WockyPubsubService.html diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/docs/reference/html/wocky-wocky-pubsub-service-protected.html telepathy-gabble-0.16.5/lib/ext/wocky/docs/reference/html/wocky-wocky-pubsub-service-protected.html diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/docs/reference/html/wocky-WockyRoster.html telepathy-gabble-0.16.5/lib/ext/wocky/docs/reference/html/wocky-WockyRoster.html diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/docs/reference/html/wocky-WockySaslAuth.html telepathy-gabble-0.16.5/lib/ext/wocky/docs/reference/html/wocky-WockySaslAuth.html diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/docs/reference/html/wocky-wocky-sasl-digest-md5.html telepathy-gabble-0.16.5/lib/ext/wocky/docs/reference/html/wocky-wocky-sasl-digest-md5.html diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/docs/reference/html/wocky-wocky-sasl-plain.html telepathy-gabble-0.16.5/lib/ext/wocky/docs/reference/html/wocky-wocky-sasl-plain.html diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/docs/reference/html/wocky-wocky-sasl-scram.html telepathy-gabble-0.16.5/lib/ext/wocky/docs/reference/html/wocky-wocky-sasl-scram.html diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/docs/reference/html/wocky-wocky-sasl-utils.html telepathy-gabble-0.16.5/lib/ext/wocky/docs/reference/html/wocky-wocky-sasl-utils.html diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/docs/reference/html/wocky-WockyStanza.html telepathy-gabble-0.16.5/lib/ext/wocky/docs/reference/html/wocky-WockyStanza.html diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/docs/reference/html/wocky-WockyTLSConnector.html telepathy-gabble-0.16.5/lib/ext/wocky/docs/reference/html/wocky-WockyTLSConnector.html diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/docs/reference/html/wocky-wocky-tls-enumtypes.html telepathy-gabble-0.16.5/lib/ext/wocky/docs/reference/html/wocky-wocky-tls-enumtypes.html diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/docs/reference/html/wocky-WockyTLSHandler.html telepathy-gabble-0.16.5/lib/ext/wocky/docs/reference/html/wocky-WockyTLSHandler.html diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/docs/reference/html/wocky-wocky-utils.html telepathy-gabble-0.16.5/lib/ext/wocky/docs/reference/html/wocky-wocky-utils.html diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/docs/reference/html/wocky-WockyXmppConnection.html telepathy-gabble-0.16.5/lib/ext/wocky/docs/reference/html/wocky-WockyXmppConnection.html diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/docs/reference/html/wocky-wocky-xmpp-error-enumtypes.html telepathy-gabble-0.16.5/lib/ext/wocky/docs/reference/html/wocky-wocky-xmpp-error-enumtypes.html diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/docs/reference/html/wocky-wocky-xmpp-error.html telepathy-gabble-0.16.5/lib/ext/wocky/docs/reference/html/wocky-wocky-xmpp-error.html diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/docs/reference/html/wocky-wocky-xmpp-reader-enumtypes.html telepathy-gabble-0.16.5/lib/ext/wocky/docs/reference/html/wocky-wocky-xmpp-reader-enumtypes.html diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/docs/reference/Makefile.in telepathy-gabble-0.16.5/lib/ext/wocky/docs/reference/Makefile.in diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/examples/Makefile.in telepathy-gabble-0.16.5/lib/ext/wocky/examples/Makefile.in diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/ltmain.sh telepathy-gabble-0.16.5/lib/ext/wocky/ltmain.sh diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/m4/libtool.m4 telepathy-gabble-0.16.5/lib/ext/wocky/m4/libtool.m4 diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/m4/Makefile.in telepathy-gabble-0.16.5/lib/ext/wocky/m4/Makefile.in diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/Makefile.in telepathy-gabble-0.16.5/lib/ext/wocky/Makefile.in diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/tests/Makefile.in telepathy-gabble-0.16.5/lib/ext/wocky/tests/Makefile.in diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/tools/Makefile.in telepathy-gabble-0.16.5/lib/ext/wocky/tools/Makefile.in diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/wocky/Makefile.in telepathy-gabble-0.16.5/lib/ext/wocky/wocky/Makefile.in diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/wocky/wocky-caps-hash.c telepathy-gabble-0.16.5/lib/ext/wocky/wocky/wocky-caps-hash.c --- telepathy-gabble-0.16.1/lib/ext/wocky/wocky/wocky-caps-hash.c 2012-06-13 13:39:16.000000000 +0100 +++ telepathy-gabble-0.16.5/lib/ext/wocky/wocky/wocky-caps-hash.c 2013-03-01 08:53:00.000000000 +0000 @@ -80,8 +80,17 @@ else if (left_type != NULL && right_type == NULL) return 1; else /* left_type != NULL && right_type != NULL */ - return strcmp (g_value_get_string (left_type->default_value), - g_value_get_string (right_type->default_value)); + { + const gchar *left_value = NULL, *right_value = NULL; + + if (left_type->raw_value_contents != NULL) + left_value = left_type->raw_value_contents[0]; + + if (right_type->raw_value_contents != NULL) + right_value = right_type->raw_value_contents[0]; + + return g_strcmp0 (left_value, right_value); + } } static GPtrArray * @@ -190,16 +199,22 @@ continue; } - form_name = g_value_get_string (field->default_value); - if (field->type != WOCKY_DATA_FORM_FIELD_TYPE_HIDDEN) { - DEBUG ("FORM_TYPE field of form '%s' is not hidden; " - "ignoring form and moving onto next one", - form_name); + DEBUG ("FORM_TYPE field is not hidden; " + "ignoring form and moving onto next one"); continue; } + if (field->raw_value_contents == NULL || + g_strv_length (field->raw_value_contents) != 1) + { + DEBUG ("FORM_TYPE field does not have exactly one value; failing"); + goto cleanup; + } + + form_name = field->raw_value_contents[0]; + if (g_hash_table_lookup (form_names, form_name) != NULL) { DEBUG ("error: there are multiple data forms with the " @@ -224,6 +239,14 @@ field = l->data; + if (field->var == NULL) + { + DEBUG ("can't hash form '%s': it has an anonymous field", + form_name); + g_slist_free (fields); + goto cleanup; + } + if (!wocky_strdiff (field->var, "FORM_TYPE")) continue; diff -Nrua telepathy-gabble-0.16.1/lib/ext/wocky/wocky/wocky-data-form.c telepathy-gabble-0.16.5/lib/ext/wocky/wocky/wocky-data-form.c --- telepathy-gabble-0.16.1/lib/ext/wocky/wocky/wocky-data-form.c 2012-06-20 13:39:57.000000000 +0100 +++ telepathy-gabble-0.16.5/lib/ext/wocky/wocky/wocky-data-form.c 2013-03-01 08:53:00.000000000 +0000 @@ -1050,7 +1050,7 @@ wocky_data_form_field_cmp (const WockyDataFormField *left, const WockyDataFormField *right) { - return strcmp (left->var, right->var); + return g_strcmp0 (left->var, right->var); } static void diff -Nrua telepathy-gabble-0.16.1/lib/gibber/Makefile.in telepathy-gabble-0.16.5/lib/gibber/Makefile.in diff -Nrua telepathy-gabble-0.16.1/lib/Makefile.in telepathy-gabble-0.16.5/lib/Makefile.in diff -Nrua telepathy-gabble-0.16.1/ltmain.sh telepathy-gabble-0.16.5/ltmain.sh diff -Nrua telepathy-gabble-0.16.1/m4/libtool.m4 telepathy-gabble-0.16.5/m4/libtool.m4 diff -Nrua telepathy-gabble-0.16.1/m4/Makefile.in telepathy-gabble-0.16.5/m4/Makefile.in diff -Nrua telepathy-gabble-0.16.1/Makefile.in telepathy-gabble-0.16.5/Makefile.in diff -Nrua telepathy-gabble-0.16.1/NEWS telepathy-gabble-0.16.5/NEWS --- telepathy-gabble-0.16.1/NEWS 2012-06-20 14:24:31.000000000 +0100 +++ telepathy-gabble-0.16.5/NEWS 2013-03-01 12:13:04.000000000 +0000 @@ -1,3 +1,53 @@ +telepathy-gabble 0.16.5 (2013-03-01) +==================================== + +The “In Actuality You Are A Gigantic, Bloodthirsty Grizzly Bear” +release. This fixes a remotely-triggered denial-of-service bug. You +should upgrade. + +Fixes: + +• fd.o#57521: don't crash when the server sends back malformed or error + replies to privacy list queries. (wjt) + +• fd.o#61433: don't crash on weirdly-shaped data forms in caps query + replies. This issue is tracked as CVE-2013-1769. Unfortunately, this + bug can be triggered by any XMPP user who knows your bare JID, not + just by people you've authorized to see your presence. Fortunately, it + is just a NULL pointer dereference, rather than allowing the attacker + to do anything more nefarious like execute code. (wjt) + +telepathy-gabble 0.16.4 (2012-11-09) +==================================== + +Fixes: + +• fd.o#56181: don't inadvertantly disable creating Call1 channels. (rishi) + +• fd.o#52362: hopefully, don't crash if we disconnect in the middle of trying + to change our Google Talk presence. (wjt) + +telepathy-gabble 0.16.3 (2012-09-11) +==================================== + +Fixes: + +• Turn off deprecation warnings: we're not going to fix them on a + stable branch (Simon) + +• Make sure capability discovery works for the camera-v1 capability bundle, + avoiding an iChat bug in which it repeats failed capability discovery + requests in a rapid loop (fd.o #54634, Simon) + +• Fix some race conditions and other brokenness in the tests (Sjoerd) + +telepathy-gabble 0.16.2 (2012-08-14) +==================================== + +Fixes: + +• fd.o#53087 - Crash in tp_base_channel_close + telepathy-gabble 0.16.1 (2012-06-20) ==================================== diff -Nrua telepathy-gabble-0.16.1/.pc/0001-server-tls-manager-deal-with-modification-of-the-GLi.patch/src/server-tls-manager.c telepathy-gabble-0.16.5/.pc/0001-server-tls-manager-deal-with-modification-of-the-GLi.patch/src/server-tls-manager.c diff -Nrua telepathy-gabble-0.16.1/.pc/0011-Add-Google-camera-v1-as-a-first-class-caps-bundle.patch/gabble/capabilities.h telepathy-gabble-0.16.5/.pc/0011-Add-Google-camera-v1-as-a-first-class-caps-bundle.patch/gabble/capabilities.h diff -Nrua telepathy-gabble-0.16.1/.pc/0011-Add-Google-camera-v1-as-a-first-class-caps-bundle.patch/src/capabilities.c telepathy-gabble-0.16.5/.pc/0011-Add-Google-camera-v1-as-a-first-class-caps-bundle.patch/src/capabilities.c diff -Nrua telepathy-gabble-0.16.1/.pc/0011-Add-Google-camera-v1-as-a-first-class-caps-bundle.patch/src/connection.c telepathy-gabble-0.16.5/.pc/0011-Add-Google-camera-v1-as-a-first-class-caps-bundle.patch/src/connection.c diff -Nrua telepathy-gabble-0.16.1/.pc/0011-Add-Google-camera-v1-as-a-first-class-caps-bundle.patch/src/namespaces.h telepathy-gabble-0.16.5/.pc/0011-Add-Google-camera-v1-as-a-first-class-caps-bundle.patch/src/namespaces.h diff -Nrua telepathy-gabble-0.16.1/.pc/0011-Add-Google-camera-v1-as-a-first-class-caps-bundle.patch/src/presence-cache.c telepathy-gabble-0.16.5/.pc/0011-Add-Google-camera-v1-as-a-first-class-caps-bundle.patch/src/presence-cache.c diff -Nrua telepathy-gabble-0.16.1/.pc/0012-Now-that-camera-v1-has-a-caps-URI-don-t-treat-it-as-.patch/src/connection.c telepathy-gabble-0.16.5/.pc/0012-Now-that-camera-v1-has-a-caps-URI-don-t-treat-it-as-.patch/src/connection.c diff -Nrua telepathy-gabble-0.16.1/.pc/0012-Now-that-camera-v1-has-a-caps-URI-don-t-treat-it-as-.patch/src/media-factory.c telepathy-gabble-0.16.5/.pc/0012-Now-that-camera-v1-has-a-caps-URI-don-t-treat-it-as-.patch/src/media-factory.c diff -Nrua telepathy-gabble-0.16.1/.pc/applied-patches telepathy-gabble-0.16.5/.pc/applied-patches diff -Nrua telepathy-gabble-0.16.1/plugins/Makefile.in telepathy-gabble-0.16.5/plugins/Makefile.in diff -Nrua telepathy-gabble-0.16.1/src/caps-channel-manager.c telepathy-gabble-0.16.5/src/caps-channel-manager.c --- telepathy-gabble-0.16.1/src/caps-channel-manager.c 2012-06-20 13:49:34.000000000 +0100 +++ telepathy-gabble-0.16.5/src/caps-channel-manager.c 2013-03-01 12:11:58.000000000 +0000 @@ -42,21 +42,6 @@ /* Virtual-method wrappers */ void -gabble_caps_channel_manager_reset_capabilities ( - GabbleCapsChannelManager *caps_manager) -{ - GabbleCapsChannelManagerInterface *iface = - GABBLE_CAPS_CHANNEL_MANAGER_GET_INTERFACE (caps_manager); - GabbleCapsChannelManagerResetCapsFunc method = iface->reset_caps; - - if (method != NULL) - { - method (caps_manager); - } - /* ... else assume there is no need to reset the caps */ -} - -void gabble_caps_channel_manager_get_contact_capabilities ( GabbleCapsChannelManager *caps_manager, TpHandle handle, diff -Nrua telepathy-gabble-0.16.1/src/connection.c telepathy-gabble-0.16.5/src/connection.c --- telepathy-gabble-0.16.1/src/connection.c 2013-03-04 15:10:11.000000000 +0000 +++ telepathy-gabble-0.16.5/src/connection.c 2013-03-01 12:11:59.000000000 +0000 @@ -3368,25 +3368,12 @@ GabbleConnection *self = GABBLE_CONNECTION (iface); TpBaseConnection *base = (TpBaseConnection *) self; GabbleCapabilitySet *old_caps = NULL; - TpChannelManagerIter iter; - TpChannelManager *manager; guint i; /* Now that someone has told us our *actual* capabilities, we can stop * advertising spurious caps in initial presence */ gabble_capability_set_clear (self->priv->bonus_caps); - tp_base_connection_channel_manager_iter_init (&iter, base); - - while (tp_base_connection_channel_manager_iter_next (&iter, &manager)) - { - if (GABBLE_IS_CAPS_CHANNEL_MANAGER (manager)) - { - gabble_caps_channel_manager_reset_capabilities ( - GABBLE_CAPS_CHANNEL_MANAGER (manager)); - } - } - DEBUG ("enter"); for (i = 0; i < clients->len; i++) @@ -3397,6 +3384,8 @@ const gchar * const * cap_tokens = g_value_get_boxed (va->values + 2); GabbleCapabilitySet *cap_set; GPtrArray *data_forms; + TpChannelManagerIter iter; + TpChannelManager *manager; g_hash_table_remove (self->priv->client_caps, client_name); g_hash_table_remove (self->priv->client_data_forms, client_name); diff -Nrua telepathy-gabble-0.16.1/src/conn-presence.c telepathy-gabble-0.16.5/src/conn-presence.c --- telepathy-gabble-0.16.1/src/conn-presence.c 2012-06-20 13:49:34.000000000 +0100 +++ telepathy-gabble-0.16.5/src/conn-presence.c 2013-03-01 12:11:59.000000000 +0000 @@ -706,10 +706,7 @@ GError *error = NULL; if (wocky_stanza_extract_errors (reply_msg, NULL, &error, NULL, NULL)) - { - g_simple_async_result_set_from_error (result, error); - g_free (error); - } + g_simple_async_result_take_error (result, error); g_simple_async_result_complete_in_idle (result); @@ -1290,10 +1287,10 @@ if (query_node != NULL) list_node = wocky_node_get_child (query_node, "list"); - if (!wocky_stanza_extract_errors (reply_msg, NULL, &error, NULL, NULL) && - list_node != NULL) + if (!wocky_stanza_extract_errors (reply_msg, NULL, &error, NULL, NULL)) { - if (!is_valid_invisible_list (list_node)) + if (list_node == NULL || + !is_valid_invisible_list (list_node)) { g_free (priv->invisible_list_name); priv->invisible_list_name = g_strdup ("invisible-gabble"); diff -Nrua telepathy-gabble-0.16.1/src/Makefile.in telepathy-gabble-0.16.5/src/Makefile.in diff -Nrua telepathy-gabble-0.16.1/src/media-factory.c telepathy-gabble-0.16.5/src/media-factory.c --- telepathy-gabble-0.16.1/src/media-factory.c 2013-03-04 15:10:11.000000000 +0000 +++ telepathy-gabble-0.16.5/src/media-factory.c 2013-03-01 12:11:59.000000000 +0000 @@ -1124,14 +1124,6 @@ } static void -gabble_media_factory_reset_caps (GabbleCapsChannelManager *manager) -{ - GabbleMediaFactory *self = GABBLE_MEDIA_FACTORY (manager); - - self->priv->use_call_channels = FALSE; -} - -static void gabble_media_factory_get_contact_caps (GabbleCapsChannelManager *manager, TpHandle handle, const GabbleCapabilitySet *caps, @@ -1342,7 +1334,6 @@ { GabbleCapsChannelManagerInterface *iface = g_iface; - iface->reset_caps = gabble_media_factory_reset_caps; iface->get_contact_caps = gabble_media_factory_get_contact_caps; iface->represent_client = gabble_media_factory_represent_client; } diff -Nrua telepathy-gabble-0.16.1/src/muc-factory.c telepathy-gabble-0.16.5/src/muc-factory.c --- telepathy-gabble-0.16.1/src/muc-factory.c 2012-06-20 13:49:34.000000000 +0100 +++ telepathy-gabble-0.16.5/src/muc-factory.c 2013-03-01 12:11:59.000000000 +0000 @@ -830,6 +830,9 @@ GHashTableIter iter; gpointer channel = NULL; + if (priv->text_channels == NULL) + return; + g_hash_table_iter_init (&iter, priv->text_channels); while (g_hash_table_iter_next (&iter, NULL, &channel)) diff -Nrua telepathy-gabble-0.16.1/tests/Makefile.in telepathy-gabble-0.16.5/tests/Makefile.in diff -Nrua telepathy-gabble-0.16.1/tests/suppressions/Makefile.in telepathy-gabble-0.16.5/tests/suppressions/Makefile.in diff -Nrua telepathy-gabble-0.16.1/tests/twisted/caps/trust-thyself.py telepathy-gabble-0.16.5/tests/twisted/caps/trust-thyself.py diff -Nrua telepathy-gabble-0.16.1/tests/twisted/jingle/call-codecoffer.py telepathy-gabble-0.16.5/tests/twisted/jingle/call-codecoffer.py diff -Nrua telepathy-gabble-0.16.1/tests/twisted/jingle/call_helper.py telepathy-gabble-0.16.5/tests/twisted/jingle/call_helper.py diff -Nrua telepathy-gabble-0.16.1/tests/twisted/jingle/jingletest2.py telepathy-gabble-0.16.5/tests/twisted/jingle/jingletest2.py diff -Nrua telepathy-gabble-0.16.1/tests/twisted/Makefile.am telepathy-gabble-0.16.5/tests/twisted/Makefile.am diff -Nrua telepathy-gabble-0.16.1/tests/twisted/Makefile.in telepathy-gabble-0.16.5/tests/twisted/Makefile.in diff -Nrua telepathy-gabble-0.16.1/tests/twisted/run-test.sh.in telepathy-gabble-0.16.5/tests/twisted/run-test.sh.in diff -Nrua telepathy-gabble-0.16.1/tests/twisted/test-debug.py telepathy-gabble-0.16.5/tests/twisted/test-debug.py diff -Nrua telepathy-gabble-0.16.1/tests/twisted/tls/server-tls-channel.py telepathy-gabble-0.16.5/tests/twisted/tls/server-tls-channel.py diff -Nrua telepathy-gabble-0.16.1/tools/Makefile.in telepathy-gabble-0.16.5/tools/Makefile.in diff -Nrua telepathy-gabble-0.16.1/tools/telepathy.am telepathy-gabble-0.16.5/tools/telepathy.am --- telepathy-gabble-0.16.1/tools/telepathy.am 2012-05-17 17:16:15.000000000 +0100 +++ telepathy-gabble-0.16.5/tools/telepathy.am 2013-03-01 12:11:59.000000000 +0000 @@ -45,9 +45,16 @@ %.tar.gz.asc: %.tar.gz $(AM_V_GEN)gpg --detach-sign --armor $@ -@PACKAGE@-@vers...@.tar.gz: _is-release-check check distcheck - -maintainer-prepare-release: _is-release-check all distcheck release-mail +@PACKAGE@-@vers...@.tar.gz: + $(MAKE) _is-release-check + $(MAKE) check + $(MAKE) distcheck + +maintainer-prepare-release: + $(MAKE) _is-release-check + $(MAKE) all + $(MAKE) distcheck + $(MAKE) release-mail git tag -s @PACKAGE@-@VERSION@ -m @PACKAGE@' '@VERSION@ gpg --detach-sign --armor @PACKAGE@-@vers...@.tar.gz @@ -67,7 +74,9 @@ rsync -vzP @PACKAGE@-@vers...@.tar.gz telepathy.freedesktop.org:/srv/telepathy.freedesktop.org/www/releases/@PACKAGE@/@PACKAGE@-@vers...@.tar.gz rsync -vzP @PACKAGE@-@vers...@.tar.gz.asc telepathy.freedesktop.org:/srv/telepathy.freedesktop.org/www/releases/@PACKAGE@/@PACKAGE@-@vers...@.tar.gz.asc -maintainer-make-release: maintainer-prepare-release maintainer-upload-release +maintainer-make-release: + $(MAKE) maintainer-prepare-release + $(MAKE) maintainer-upload-release @echo "Now:" @echo " • bump the nano-version;" @echo " • push the branch and tags upstream; and" -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130304155349.ga25...@reptile.pseudorandom.co.uk