[gentoo-commits] gentoo-x86 commit in net-im/gajim/files: gajim-0.15.2-CVE-2012-5524.patch - gentoo-commits

From:	"Justin Lecher (jlec)" <jlec@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo-x86 commit in net-im/gajim/files: gajim-0.15.2-CVE-2012-5524.patch
Date:	Sat, 23 Feb 2013 10:32:22
Message-Id:	`20130223103218.DB2A12171E@flycatcher.gentoo.org`

1

jlec        13/02/23 10:32:18

2

3

  Modified:             gajim-0.15.2-CVE-2012-5524.patch

4

  Log:

5

  net-im/gajim: Drop parts of upstream which should fix CVE-2012-5524 but added more code which is incompatible with current implementation

6

7

  (Portage version: 2.2.0_alpha163/cvs/Linux x86_64, RepoMan options: --force, signed Manifest commit with key 8009D6F070EB7916)

8

9

Revision  Changes    Path

10

1.3                  net-im/gajim/files/gajim-0.15.2-CVE-2012-5524.patch

11

12

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-im/gajim/files/gajim-0.15.2-CVE-2012-5524.patch?rev=1.3&view=markup

13

plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-im/gajim/files/gajim-0.15.2-CVE-2012-5524.patch?rev=1.3&content-type=text/plain

14

diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-im/gajim/files/gajim-0.15.2-CVE-2012-5524.patch?r1=1.2&r2=1.3

15

16

Index: gajim-0.15.2-CVE-2012-5524.patch

17

===================================================================

18

RCS file: /var/cvsroot/gentoo-x86/net-im/gajim/files/gajim-0.15.2-CVE-2012-5524.patch,v

19

retrieving revision 1.2

20

retrieving revision 1.3

21

diff -u -r1.2 -r1.3

22

--- gajim-0.15.2-CVE-2012-5524.patch	20 Feb 2013 10:46:25 -0000	1.2

23

+++ gajim-0.15.2-CVE-2012-5524.patch	23 Feb 2013 10:32:18 -0000	1.3

24

@@ -5,7 +5,7 @@

25

 index 8240652..6d3037a 100644

26

 --- a/src/common/connection.py

27

 +++ b/src/common/connection.py

28

-@@ -1309,36 +1309,42 @@ class Connection(CommonConnection, ConnectionHandlers):

29

+@@ -1309,25 +1309,28 @@ class Connection(CommonConnection, ConnectionHandlers):

30

          hostname = gajim.config.get_per('accounts', self.name, 'hostname')

31

          self.connection = con

32

          try:

33

@@ -50,32 +50,3 @@

34

                  'ssl_fingerprint_sha1')

35

              if saved_fingerprint:

36

                  # Check sha1 fingerprint

37

--                if con.Connection.ssl_fingerprint_sha1 != saved_fingerprint:

38

-+                if con.Connection.ssl_fingerprint_sha1[-1] != saved_fingerprint:

39

-                     gajim.nec.push_incoming_event(FingerprintErrorEvent(None,

40

--                        conn=self, certificate=con.Connection.ssl_certificate,

41

--                        new_fingerprint=con.Connection.ssl_fingerprint_sha1))

42

-+                        conn=self,

43

-+                        certificate=con.Connection.ssl_certificate,

44

-+                        new_fingerprint=con.Connection.ssl_fingerprint_sha1[

45

-+                        -1]))

46

-                     return True

47

-             else:

48

-                 gajim.config.set_per('accounts', self.name,

49

--                    'ssl_fingerprint_sha1', con.Connection.ssl_fingerprint_sha1)

50

-+                    'ssl_fingerprint_sha1',

51

-+                    con.Connection.ssl_fingerprint_sha1[-1])

52

-             if not check_X509.check_certificate(con.Connection.ssl_certificate,

53

-             hostname) and '100' not in gajim.config.get_per('accounts',

54

-             self.name, 'ignore_ssl_errors').split():

55

-@@ -1347,8 +1353,8 @@ class Connection(CommonConnection, ConnectionHandlers):

56

-                     hostname

57

-                 gajim.nec.push_incoming_event(SSLErrorEvent(None, conn=self,

58

-                     error_text=txt, error_num=100,

59

--                    cert=con.Connection.ssl_cert_pem,

60

--                    fingerprint=con.Connection.ssl_fingerprint_sha1,

61

-+                    cert=con.Connection.ssl_cert_pem[-1],

62

-+                    fingerprint=con.Connection.ssl_fingerprint_sha1[-1],

63

-                     certificate=con.Connection.ssl_certificate))

64

-                 return True

65

-

1	jlec 13/02/23 10:32:18
2
3	Modified: gajim-0.15.2-CVE-2012-5524.patch
4	Log:
5	net-im/gajim: Drop parts of upstream which should fix CVE-2012-5524 but added more code which is incompatible with current implementation
6
7	(Portage version: 2.2.0_alpha163/cvs/Linux x86_64, RepoMan options: --force, signed Manifest commit with key 8009D6F070EB7916)
8
9	Revision Changes Path
10	1.3 net-im/gajim/files/gajim-0.15.2-CVE-2012-5524.patch
11
12	file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-im/gajim/files/gajim-0.15.2-CVE-2012-5524.patch?rev=1.3&view=markup
13	plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-im/gajim/files/gajim-0.15.2-CVE-2012-5524.patch?rev=1.3&content-type=text/plain
14	diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-im/gajim/files/gajim-0.15.2-CVE-2012-5524.patch?r1=1.2&r2=1.3
15
16	Index: gajim-0.15.2-CVE-2012-5524.patch
17	===================================================================
18	RCS file: /var/cvsroot/gentoo-x86/net-im/gajim/files/gajim-0.15.2-CVE-2012-5524.patch,v
19	retrieving revision 1.2
20	retrieving revision 1.3
21	diff -u -r1.2 -r1.3
22	--- gajim-0.15.2-CVE-2012-5524.patch 20 Feb 2013 10:46:25 -0000 1.2
23	+++ gajim-0.15.2-CVE-2012-5524.patch 23 Feb 2013 10:32:18 -0000 1.3
24	@@ -5,7 +5,7 @@
25	index 8240652..6d3037a 100644
26	--- a/src/common/connection.py
27	+++ b/src/common/connection.py
28	-@@ -1309,36 +1309,42 @@ class Connection(CommonConnection, ConnectionHandlers):
29	+@@ -1309,25 +1309,28 @@ class Connection(CommonConnection, ConnectionHandlers):
30	hostname = gajim.config.get_per('accounts', self.name, 'hostname')
31	self.connection = con
32	try:
33	@@ -50,32 +50,3 @@
34	'ssl_fingerprint_sha1')
35	if saved_fingerprint:
36	# Check sha1 fingerprint
37	-- if con.Connection.ssl_fingerprint_sha1 != saved_fingerprint:
38	-+ if con.Connection.ssl_fingerprint_sha1[-1] != saved_fingerprint:
39	- gajim.nec.push_incoming_event(FingerprintErrorEvent(None,
40	-- conn=self, certificate=con.Connection.ssl_certificate,
41	-- new_fingerprint=con.Connection.ssl_fingerprint_sha1))
42	-+ conn=self,
43	-+ certificate=con.Connection.ssl_certificate,
44	-+ new_fingerprint=con.Connection.ssl_fingerprint_sha1[
45	-+ -1]))
46	- return True
47	- else:
48	- gajim.config.set_per('accounts', self.name,
49	-- 'ssl_fingerprint_sha1', con.Connection.ssl_fingerprint_sha1)
50	-+ 'ssl_fingerprint_sha1',
51	-+ con.Connection.ssl_fingerprint_sha1[-1])
52	- if not check_X509.check_certificate(con.Connection.ssl_certificate,
53	- hostname) and '100' not in gajim.config.get_per('accounts',
54	- self.name, 'ignore_ssl_errors').split():
55	-@@ -1347,8 +1353,8 @@ class Connection(CommonConnection, ConnectionHandlers):
56	- hostname
57	- gajim.nec.push_incoming_event(SSLErrorEvent(None, conn=self,
58	- error_text=txt, error_num=100,
59	-- cert=con.Connection.ssl_cert_pem,
60	-- fingerprint=con.Connection.ssl_fingerprint_sha1,
61	-+ cert=con.Connection.ssl_cert_pem[-1],
62	-+ fingerprint=con.Connection.ssl_fingerprint_sha1[-1],
63	- certificate=con.Connection.ssl_certificate))
64	- return True
65	-

Gentoo Archives: gentoo-commits