diff options
| author |   Justin Lecher <jlec@gentoo.org> | 2013-02-20 10:46:26 +0000 |
|---|---|---|
| committer | Justin Lecher <jlec@gentoo.org> | 2013-02-20 10:46:26 +0000 |
| commit | 20f162da9e5bd168b8b0d30b39c4408748ae7d6f (patch) | |
| tree | 6c3e62d532296da0bd827d9fa31b98795707f9a3 /net-im/gajim/files | |
| parent | dev-python/notify-python: Move to new python eclasses (diff) | |
| download | historical-20f162da9e5bd168b8b0d30b39c4408748ae7d6f.tar.gz historical-20f162da9e5bd168b8b0d30b39c4408748ae7d6f.tar.bz2 historical-20f162da9e5bd168b8b0d30b39c4408748ae7d6f.zip | |
net-im/gajim: Update Patch, thanks Suloev Dmitry for the fix; move to new python eclasses
Package-Manager: portage-2.2.0_alpha163/cvs/Linux x86_64
Manifest-Sign-Key: 0x70EB7916
Diffstat (limited to 'net-im/gajim/files')
| -rw-r--r-- | net-im/gajim/files/gajim-0.15.2-CVE-2012-5524.patch | 152 |
1 files changed, 81 insertions, 71 deletions
diff --git a/net-im/gajim/files/gajim-0.15.2-CVE-2012-5524.patch b/net-im/gajim/files/gajim-0.15.2-CVE-2012-5524.patch index 8cb0b976bcc4..5249ce80da54 100644 --- a/net-im/gajim/files/gajim-0.15.2-CVE-2012-5524.patch +++ b/net-im/gajim/files/gajim-0.15.2-CVE-2012-5524.patch @@ -1,71 +1,81 @@ -Index: src/common/connection.py
-===================================================================
---- src/common/connection.py (revision 14377)
-+++ src/common/connection.py (revision 14379)
-@@ -1312,19 +1312,22 @@
- errnum = con.Connection.ssl_errnum
- except AttributeError:
-- errnum = -1 # we don't have an errnum
-- if errnum > 0 and str(errnum) not in gajim.config.get_per('accounts',
-- self.name, 'ignore_ssl_errors').split():
-- text = _('The authenticity of the %s certificate could be invalid.'
-- ) % hostname
-- if errnum in ssl_error:
-- text += _('\nSSL Error: <b>%s</b>') % ssl_error[errnum]
-- else:
-- text += _('\nUnknown SSL error: %d') % errnum
-- gajim.nec.push_incoming_event(SSLErrorEvent(None, conn=self,
-- error_text=text, error_num=errnum,
-- cert=con.Connection.ssl_cert_pem,
-- fingerprint=con.Connection.ssl_fingerprint_sha1,
-- certificate=con.Connection.ssl_certificate))
-- return True
-+ errnum = [] # we don't have an errnum
-+ i = 0
-+ for er in errnum:
-+ if er > 0 and str(er) not in gajim.config.get_per('accounts',
-+ self.name, 'ignore_ssl_errors').split():
-+ text = _('The authenticity of the %s certificate could be '
-+ 'invalid.') % hostname
-+ if er in ssl_error:
-+ text += _('\nSSL Error: <b>%s</b>') % ssl_error[er]
-+ else:
-+ text += _('\nUnknown SSL error: %d') % er
-+ gajim.nec.push_incoming_event(SSLErrorEvent(None, conn=self,
-+ error_text=text, error_num=er,
-+ cert=con.Connection.ssl_cert_pem[i],
-+ fingerprint=con.Connection.ssl_fingerprint_sha1[i],
-+ certificate=con.Connection.ssl_certificate[i]))
-+ return True
-+ i += 1
- if hasattr(con.Connection, 'ssl_fingerprint_sha1'):
- saved_fingerprint = gajim.config.get_per('accounts', self.name,
-@@ -1332,12 +1335,15 @@
- if saved_fingerprint:
- # Check sha1 fingerprint
-- if con.Connection.ssl_fingerprint_sha1 != saved_fingerprint:
-+ if con.Connection.ssl_fingerprint_sha1[-1] != saved_fingerprint:
- gajim.nec.push_incoming_event(FingerprintErrorEvent(None,
-- conn=self, certificate=con.Connection.ssl_certificate,
-- new_fingerprint=con.Connection.ssl_fingerprint_sha1))
-+ conn=self,
-+ certificate=con.Connection.ssl_certificate,
-+ new_fingerprint=con.Connection.ssl_fingerprint_sha1[
-+ -1]))
- return True
- else:
- gajim.config.set_per('accounts', self.name,
-- 'ssl_fingerprint_sha1', con.Connection.ssl_fingerprint_sha1)
-+ 'ssl_fingerprint_sha1',
-+ con.Connection.ssl_fingerprint_sha1[-1])
- if not check_X509.check_certificate(con.Connection.ssl_certificate,
- hostname) and '100' not in gajim.config.get_per('accounts',
-@@ -1348,6 +1354,6 @@
- gajim.nec.push_incoming_event(SSLErrorEvent(None, conn=self,
- error_text=txt, error_num=100,
-- cert=con.Connection.ssl_cert_pem,
-- fingerprint=con.Connection.ssl_fingerprint_sha1,
-+ cert=con.Connection.ssl_cert_pem[-1],
-+ fingerprint=con.Connection.ssl_fingerprint_sha1[-1],
- certificate=con.Connection.ssl_certificate))
- return True
+ src/common/connection.py | 50 +++++++++++++++++++++++++++--------------------- + 1 file changed, 28 insertions(+), 22 deletions(-) + +diff --git a/src/common/connection.py b/src/common/connection.py +index 8240652..6d3037a 100644 +--- a/src/common/connection.py ++++ b/src/common/connection.py +@@ -1309,36 +1309,42 @@ class Connection(CommonConnection, ConnectionHandlers): + hostname = gajim.config.get_per('accounts', self.name, 'hostname') + self.connection = con + try: +- errnum = con.Connection.ssl_errnum ++ errnum = [con.Connection.ssl_errnum] + except AttributeError: +- errnum = -1 # we don't have an errnum +- if errnum > 0 and str(errnum) not in gajim.config.get_per('accounts', +- self.name, 'ignore_ssl_errors').split(): +- text = _('The authenticity of the %s certificate could be invalid.' +- ) % hostname +- if errnum in ssl_error: +- text += _('\nSSL Error: <b>%s</b>') % ssl_error[errnum] +- else: +- text += _('\nUnknown SSL error: %d') % errnum +- gajim.nec.push_incoming_event(SSLErrorEvent(None, conn=self, +- error_text=text, error_num=errnum, +- cert=con.Connection.ssl_cert_pem, +- fingerprint=con.Connection.ssl_fingerprint_sha1, +- certificate=con.Connection.ssl_certificate)) +- return True ++ errnum = [] # we don't have an errnum ++ i = 0 ++ for er in errnum: ++ if er > 0 and str(er) not in gajim.config.get_per('accounts', ++ self.name, 'ignore_ssl_errors').split(): ++ text = _('The authenticity of the %s certificate could be ' ++ 'invalid.') % hostname ++ if er in ssl_error: ++ text += _('\nSSL Error: <b>%s</b>') % ssl_error[er] ++ else: ++ text += _('\nUnknown SSL error: %d') % er ++ gajim.nec.push_incoming_event(SSLErrorEvent(None, conn=self, ++ error_text=text, error_num=er, ++ cert=con.Connection.ssl_cert_pem[i], ++ fingerprint=con.Connection.ssl_fingerprint_sha1[i], ++ certificate=con.Connection.ssl_certificate[i])) ++ return True ++ i += 1 + if hasattr(con.Connection, 'ssl_fingerprint_sha1'): + saved_fingerprint = gajim.config.get_per('accounts', self.name, + 'ssl_fingerprint_sha1') + if saved_fingerprint: + # Check sha1 fingerprint +- if con.Connection.ssl_fingerprint_sha1 != saved_fingerprint: ++ if con.Connection.ssl_fingerprint_sha1[-1] != saved_fingerprint: + gajim.nec.push_incoming_event(FingerprintErrorEvent(None, +- conn=self, certificate=con.Connection.ssl_certificate, +- new_fingerprint=con.Connection.ssl_fingerprint_sha1)) ++ conn=self, ++ certificate=con.Connection.ssl_certificate, ++ new_fingerprint=con.Connection.ssl_fingerprint_sha1[ ++ -1])) + return True + else: + gajim.config.set_per('accounts', self.name, +- 'ssl_fingerprint_sha1', con.Connection.ssl_fingerprint_sha1) ++ 'ssl_fingerprint_sha1', ++ con.Connection.ssl_fingerprint_sha1[-1]) + if not check_X509.check_certificate(con.Connection.ssl_certificate, + hostname) and '100' not in gajim.config.get_per('accounts', + self.name, 'ignore_ssl_errors').split(): +@@ -1347,8 +1353,8 @@ class Connection(CommonConnection, ConnectionHandlers): + hostname + gajim.nec.push_incoming_event(SSLErrorEvent(None, conn=self, + error_text=txt, error_num=100, +- cert=con.Connection.ssl_cert_pem, +- fingerprint=con.Connection.ssl_fingerprint_sha1, ++ cert=con.Connection.ssl_cert_pem[-1], ++ fingerprint=con.Connection.ssl_fingerprint_sha1[-1], + certificate=con.Connection.ssl_certificate)) + return True + |