58 lines
2.4 KiB
Diff
58 lines
2.4 KiB
Diff
|
Fix CVE-2016-10376.
|
||
|
|
||
|
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10376
|
||
|
http://seclists.org/oss-sec/2017/q2/341
|
||
|
https://dev.gajim.org/gajim/gajim/issues/8378
|
||
|
|
||
|
Patch copied from upstream source repository:
|
||
|
|
||
|
https://dev.gajim.org/gajim/gajim/commit/cb65cfc5aed9efe05208ebbb7fb2d41fcf7253cc
|
||
|
|
||
|
(adapted for context in config.py)
|
||
|
|
||
|
From cb65cfc5aed9efe05208ebbb7fb2d41fcf7253cc Mon Sep 17 00:00:00 2001
|
||
|
From: Philipp Hörist <forenjunkie@chello.at>
|
||
|
Date: Fri, 26 May 2017 23:10:05 +0200
|
||
|
Subject: [PATCH] Add config option to activate XEP-0146 commands
|
||
|
|
||
|
Some of the Commands have security implications, thats why we disable them per default
|
||
|
Fixes #8378
|
||
|
---
|
||
|
src/common/commands.py | 7 ++++---
|
||
|
src/common/config.py | 1 +
|
||
|
2 files changed, 5 insertions(+), 3 deletions(-)
|
||
|
|
||
|
diff --git a/src/common/commands.py b/src/common/commands.py
|
||
|
index 19d8c13..0eeb57c 100644
|
||
|
--- a/src/common/commands.py
|
||
|
+++ b/src/common/commands.py
|
||
|
@@ -345,9 +345,10 @@ class ConnectionCommands:
|
||
|
def __init__(self):
|
||
|
# a list of all commands exposed: node -> command class
|
||
|
self.__commands = {}
|
||
|
- for cmdobj in (ChangeStatusCommand, ForwardMessagesCommand,
|
||
|
- LeaveGroupchatsCommand, FwdMsgThenDisconnectCommand):
|
||
|
- self.__commands[cmdobj.commandnode] = cmdobj
|
||
|
+ if gajim.config.get('remote_commands'):
|
||
|
+ for cmdobj in (ChangeStatusCommand, ForwardMessagesCommand,
|
||
|
+ LeaveGroupchatsCommand, FwdMsgThenDisconnectCommand):
|
||
|
+ self.__commands[cmdobj.commandnode] = cmdobj
|
||
|
|
||
|
# a list of sessions; keys are tuples (jid, sessionid, node)
|
||
|
self.__sessions = {}
|
||
|
diff --git a/src/common/config.py b/src/common/config.py
|
||
|
index cde1f81..fe25455 100644
|
||
|
--- a/src/common/config.py
|
||
|
+++ b/src/common/config.py
|
||
|
@@ -314,6 +314,7 @@ class Config:
|
||
|
'ignore_incoming_attention': [opt_bool, False, _('If True, Gajim will ignore incoming attention requestd ("wizz").')],
|
||
|
'remember_opened_chat_controls': [ opt_bool, True, _('If enabled, Gajim will reopen chat windows that were opened last time Gajim was closed.')],
|
||
|
'positive_184_ack': [ opt_bool, False, _('If enabled, Gajim will show an icon to show that sent message has been received by your contact')],
|
||
|
+ 'remote_commands': [opt_bool, False, _('If True, Gajim will execute XEP-0146 Commands.')],
|
||
|
}, {})
|
||
|
|
||
|
__options_per_key = {
|
||
|
--
|
||
|
libgit2 0.24.0
|
||
|
|