Bug#863450: marked as done (unblock: gajim/0.16.6-1.1)

To: Niels Thykier <niels@thykier.net>
Subject: Bug#863450: marked as done (unblock: gajim/0.16.6-1.1)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Sat, 27 May 2017 05:48:03 +0000
Message-id: <[🔎] handler.863450.D863450.149586395421330.ackdone@bugs.debian.org>
References: <f41ecf2e-38d3-3425-0b87-0a7f7d84681e@thykier.net> <[🔎] 20170527002131.ikc5hefxtukziv7y@fama>

Your message dated Sat, 27 May 2017 05:45:00 +0000
with message-id <f41ecf2e-38d3-3425-0b87-0a7f7d84681e@thykier.net>
and subject line Re: Bug#863450: unblock: gajim/0.16.6-1.1
has caused the Debian Bug report #863450,
regarding unblock: gajim/0.16.6-1.1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
863450: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863450
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: unblock: gajim/0.16.6-1.1
From: "W. Martin Borgert" <debacle@debian.org>
Date: Sat, 27 May 2017 02:21:31 +0200
Message-id: <[🔎] 20170527002131.ikc5hefxtukziv7y@fama>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package gajim

Added an upstream commit/patch to solve security problem #863445.


diff -Nru gajim-0.16.6/debian/changelog gajim-0.16.6/debian/changelog
--- gajim-0.16.6/debian/changelog	2016-10-08 12:10:31.000000000 +0200
+++ gajim-0.16.6/debian/changelog	2017-05-27 00:35:49.000000000 +0200
@@ -1,3 +1,10 @@
+gajim (0.16.6-1.1) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * Apply upstream patch to make XEP-0146 opt-in (Closes: #863445)
+
+ -- W. Martin Borgert <debacle@debian.org>  Fri, 26 May 2017 22:35:49 +0000
+
 gajim (0.16.6-1) unstable; urgency=low
 
   * New upstream release (closes: #839780)
diff -Nru gajim-0.16.6/debian/patches/fix-xep-0146-opt-in gajim-0.16.6/debian/patches/fix-xep-0146-opt-in
--- gajim-0.16.6/debian/patches/fix-xep-0146-opt-in	1970-01-01 01:00:00.000000000 +0100
+++ gajim-0.16.6/debian/patches/fix-xep-0146-opt-in	2017-05-27 00:35:49.000000000 +0200
@@ -0,0 +1,35 @@
+Description: Add config option to activate XEP-0146 commands
+ Some of the Commands have security implications, thats why we disable them per default
+Author: Philipp Hörist
+Origin: upstream, https://dev.gajim.org/gajim/gajim/commit/cb65cfc5aed9efe05208ebbb7fb2d41fcf7253cc
+Bug: https://dev.gajim.org/gajim/gajim/issues/8378
+Bug-Debian: https://bugs.debian.org/863445
+Last-Update: 2017-05-27
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/src/common/commands.py
++++ b/src/common/commands.py
+@@ -345,9 +345,10 @@
+     def __init__(self):
+         # a list of all commands exposed: node -> command class
+         self.__commands = {}
+-        for cmdobj in (ChangeStatusCommand, ForwardMessagesCommand,
+-        LeaveGroupchatsCommand, FwdMsgThenDisconnectCommand):
+-            self.__commands[cmdobj.commandnode] = cmdobj
++        if gajim.config.get('remote_commands'):
++            for cmdobj in (ChangeStatusCommand, ForwardMessagesCommand,
++            LeaveGroupchatsCommand, FwdMsgThenDisconnectCommand):
++                self.__commands[cmdobj.commandnode] = cmdobj
+ 
+         # a list of sessions; keys are tuples (jid, sessionid, node)
+         self.__sessions = {}
+--- a/src/common/config.py
++++ b/src/common/config.py
+@@ -313,6 +313,7 @@
+             'ignore_incoming_attention': [opt_bool, False, _('If True, Gajim will ignore incoming attention requestd ("wizz").')],
+             'remember_opened_chat_controls': [ opt_bool, True, _('If enabled, Gajim will reopen chat windows that were opened last time Gajim was closed.')],
+             'positive_184_ack': [ opt_bool, False, _('If enabled, Gajim will show an icon to show that sent message has been received by your contact')],
++            'remote_commands': [opt_bool, False, _('If True, Gajim will execute XEP-0146 Commands. Dangerous!')],
+     }, {})
+ 
+     __options_per_key = {
diff -Nru gajim-0.16.6/debian/patches/series gajim-0.16.6/debian/patches/series
--- gajim-0.16.6/debian/patches/series	1970-01-01 01:00:00.000000000 +0100
+++ gajim-0.16.6/debian/patches/series	2017-05-27 00:35:49.000000000 +0200
@@ -0,0 +1 @@
+fix-xep-0146-opt-in


unblock gajim/0.16.6-1.1

--- End Message ---

--- Begin Message ---

To: "W. Martin Borgert" <debacle@debian.org>, 863450-done@bugs.debian.org

Subject: Re: Bug#863450: unblock: gajim/0.16.6-1.1

From: Niels Thykier <niels@thykier.net>

Date: Sat, 27 May 2017 05:45:00 +0000

Message-id: <f41ecf2e-38d3-3425-0b87-0a7f7d84681e@thykier.net>

In-reply-to: <[🔎] 20170527002131.ikc5hefxtukziv7y@fama>

References: <[🔎] 20170527002131.ikc5hefxtukziv7y@fama>
W. Martin Borgert:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
> 
> Please unblock package gajim
> 
> Added an upstream commit/patch to solve security problem #863445.
> 
> 
> [...]
> 
> 
> unblock gajim/0.16.6-1.1
> 

Unblocked, thanks.

~Niels
--- End Message ---

Reply to:

References:
- Bug#863450: unblock: gajim/0.16.6-1.1
  - From: "W. Martin Borgert" <debacle@debian.org>

Prev by Date: Bug#863453: unblock: acmetool/0.0.59-1
Next by Date: Bug#863448: marked as done (unblock: wimlib/1.11.0-3)
Previous by thread: Bug#863450: unblock: gajim/0.16.6-1.1
Next by thread: Bug#863453: unblock: acmetool/0.0.59-1
Index(es):
- Date
- Thread