guix-devel/gnu/packages/patches/gajim-CVE-2016-10376.patch

58 lines
2.4 KiB
Diff
Raw Normal View History

Fix CVE-2016-10376.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10376
http://seclists.org/oss-sec/2017/q2/341
https://dev.gajim.org/gajim/gajim/issues/8378
Patch copied from upstream source repository:
https://dev.gajim.org/gajim/gajim/commit/cb65cfc5aed9efe05208ebbb7fb2d41fcf7253cc
(adapted for context in config.py)
From cb65cfc5aed9efe05208ebbb7fb2d41fcf7253cc Mon Sep 17 00:00:00 2001
From: Philipp Hörist <forenjunkie@chello.at>
Date: Fri, 26 May 2017 23:10:05 +0200
Subject: [PATCH] Add config option to activate XEP-0146 commands
Some of the Commands have security implications, thats why we disable them per default
Fixes #8378
---
src/common/commands.py | 7 ++++---
src/common/config.py | 1 +
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/src/common/commands.py b/src/common/commands.py
index 19d8c13..0eeb57c 100644
--- a/src/common/commands.py
+++ b/src/common/commands.py
@@ -345,9 +345,10 @@ class ConnectionCommands:
def __init__(self):
# a list of all commands exposed: node -> command class
self.__commands = {}
- for cmdobj in (ChangeStatusCommand, ForwardMessagesCommand,
- LeaveGroupchatsCommand, FwdMsgThenDisconnectCommand):
- self.__commands[cmdobj.commandnode] = cmdobj
+ if gajim.config.get('remote_commands'):
+ for cmdobj in (ChangeStatusCommand, ForwardMessagesCommand,
+ LeaveGroupchatsCommand, FwdMsgThenDisconnectCommand):
+ self.__commands[cmdobj.commandnode] = cmdobj
# a list of sessions; keys are tuples (jid, sessionid, node)
self.__sessions = {}
diff --git a/src/common/config.py b/src/common/config.py
index cde1f81..fe25455 100644
--- a/src/common/config.py
+++ b/src/common/config.py
@@ -314,6 +314,7 @@ class Config:
'ignore_incoming_attention': [opt_bool, False, _('If True, Gajim will ignore incoming attention requestd ("wizz").')],
'remember_opened_chat_controls': [ opt_bool, True, _('If enabled, Gajim will reopen chat windows that were opened last time Gajim was closed.')],
'positive_184_ack': [ opt_bool, False, _('If enabled, Gajim will show an icon to show that sent message has been received by your contact')],
+ 'remote_commands': [opt_bool, False, _('If True, Gajim will execute XEP-0146 Commands.')],
}, {})
__options_per_key = {
--
libgit2 0.24.0