net-im/gajim: Backport fix for CVE-2012-5524, #442860

Package-Manager: portage-2.2.0_alpha163/cvs/Linux x86_64
Manifest-Sign-Key: 0x70EB7916

5 files changed, 106 insertions, 16 deletions

diff --git a/net-im/gajim/ChangeLog b/net-im/gajim/ChangeLog
index 2afa9e26e008..5151983b1815 100644
--- a/net-im/gajim/ChangeLog
+++ b/net-im/gajim/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for net-im/gajim
 # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-im/gajim/ChangeLog,v 1.161 2013/02/02 23:01:13 ago Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-im/gajim/ChangeLog,v 1.162 2013/02/19 16:42:22 jlec Exp $
+
+*gajim-0.15.2-r1 (19 Feb 2013)
+
+  19 Feb 2013; Justin Lecher <jlec@gentoo.org> -gajim-0.15.2.ebuild,
+  +gajim-0.15.2-r1.ebuild, +files/gajim-0.15.2-CVE-2012-5524.patch,
+  metadata.xml:
+  Backport fix for CVE-2012-5524, #442860
 
   02 Feb 2013; Agostino Sarubbo <ago@gentoo.org> gajim-0.15.2.ebuild:
   Add ~arm, wrt bug #449220
diff --git a/net-im/gajim/Manifest b/net-im/gajim/Manifest
index 9bbe86e68a15..e07e7b50a582 100644
--- a/net-im/gajim/Manifest
+++ b/net-im/gajim/Manifest
@@ -1,3 +1,6 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA256
+
 AUX 0.14-python-version.patch 316 SHA256 b4aba8ebc6241442f9eb1c335ba22c2eb5a3b3a24533cb2f944f3f812e06b687 SHA512 e7fc69f87b3106e171bc8c9db786217e1c903c5e82d2b60035f00203e32b17f73be17e64f1d013afd32ce280c53c32af2c46a6c9f33d25e9cf52db6dfb7ece3e WHIRLPOOL 107ac113d5ae3645155ba9eb1e215eb0d9750e2e440976ab0a3da28da1526b408eb37eeafe74e3a0a1bae79a1af5af724fe2ec9a6d7a044392d0b236479efc92
 AUX 0.14.1-testing.patch 237 SHA256 128da6d0a8ae48132df78f9027dc5ef5d8167e561fe12b1d774c628a5fc33638 SHA512 8c6df58972e22886599f99e1b9d59b088a155dcf1c5ccdff9002d8fd4a12a9ec2d38dc62f30f191342190200c0aebb60a19f2cbf1b2073449ad61bdd0adff6d5 WHIRLPOOL 5fc62c7beadb6c2bd39d2c966ab7bfd9ef857d799f0c06d80a9cece681f8d9bfc19657c8a7463d9743bff61708a8795e01b55d28a794b7d5a812670fa8430f70
 AUX 0.14.4-unicode.patch 671 SHA256 d27b8f3ca5323200b3151ec9a580bab62722ce2e8be403b0c8395b64b603726b SHA512 2c839646d99182f14ba62c386c2be69b1f17079749ba607f077768622e6d74eb1c6b3b94cc586faed9398f94c74bdfa4bd85709936b25cd5e65e0972dae5515b WHIRLPOOL dde88172bb81f8bff54488c07b96eea9a9d390774de8e9ced498a48f80c4b68e8035af7f9c4f5c807d451ecf78f3099d3c61653f3a323a6ab1daa9e07a11707e
@@ -5,9 +8,17 @@ AUX gajim-0.14.4-debian_patches_unicode.patch 3590 SHA256 b9a95103317d9ed543ecfe
 AUX gajim-0.15-SA48695-2.patch 4581 SHA256 76ea7870b1939282b18198927bfac5b299736ca77b0e0d8486d2ba375cfbe046 SHA512 8f735f6c97ab7292a02cdf810df4eda50e322f2ee69b076b46f55720215da013fd4f880fc995fada7e53b57dbea952f24191e95f06b7026db64cf743d259d37e WHIRLPOOL 615c735927626e73c26f7dcac077f5d8be5c99b5310f7b1168bf2b47c8c90736a7fb39bd5167a046d1f882ca3391e6e8cb22f63ddc0cddfef0b0295d57c784bd
 AUX gajim-0.15-SA48695.patch 862 SHA256 9d6c0bef13e7161465e6fda2ad7031c383011e66e24b7322ce19df387d79db6d SHA512 40a5c9c572c755050993191266287e11bbfa9ea2731c975d088c85c069391e79a6a982c13eb0c007ece036d216dc5a42d72b4ed128d95192864313a444ccb050 WHIRLPOOL 41d369123b06f6afc77ab70e8fd152b98e0202111bf1dc889b573783398f467ab40cd8c6cd47b18944b7258116270341ec051d367fda4803f589e71e7dce8c9e
 AUX gajim-0.15-plugin.patch 383 SHA256 6003e53ca42b3efda9f132fd9253e5577f128ae596ce458ac7c2ce5a29c1759d SHA512 a8bf05e69547cb62db119e1faeaff6a4cfc27a44e4b925921cb43f22b4970d19c08c97d00d5166d4d439dcf706e972f617d20ff58f040cfe28dc5cf6389e408f WHIRLPOOL 6a16b97758015c7e51f43df45614ccbae3d682f5c75270118ea06b780a9f10a2184650265ae1aa3e663dc06d7ed803f263b8054433a8b64552c3b71f8be938c7
+AUX gajim-0.15.2-CVE-2012-5524.patch 3910 SHA256 7573f16ac2aa4dfc0a4b27d6c8fb8c29cfac669a44c4de825f0a3c34a523aa3c SHA512 65298d8a0911fc5776190b4cfb8dc35be8466ee5aa73d632c975fa14a4e00fb56838b27be25f3cae7aa728ea45adc82830f383fa63668629b39240e3bb81f188 WHIRLPOOL 7871538338b57de613c951f9a783231ce49f2064addd6abfd3b97cddfb4a8585f8ea826adb05d0b83fc99f769009a14bc90bd874f542dab18c6fb40c30c13782
 DIST gajim-0.15.1.tar.bz2 4473442 SHA256 530e2fd6b2fb14b0582c8333cd59c751940037fd4c28c59ae643a4ddf0c31f92 SHA512 c929c4c115a189f0d3a302aa999e836d6f1d38e38ca9825fcc5eb8208c3880f39d4822512eedaf04b225c234c2f93b1b5328abb2c75ad9a08f05943420f153f2 WHIRLPOOL 72df6396ec007cfca17a99a4e313ca467dc8d7c640d2febfac1520d6b5ac78a1ff2e2ab582908cf8abf0c21931b75ad935cc0b8f98ab44dc98ca3df9be5ee60b
 DIST gajim-0.15.2.tar.bz2 4473077 SHA256 7e71ee82e44303992792644803c749cb89ecad7ec7547db4f9841fcbeec49940 SHA512 ea1e64de54bd15a5af40e3fdfcc46808467555e671a8a86708f22400f7a329290d9d921d9e3ae56e7f47b90842c49b4f8d432d0df4fed7471d457ed2092f552a WHIRLPOOL 0faec1b189d48d83beed5aaf89a1a9d6351e30fda5b86abc8c57ffaf6c867d1a6531318c30c66a0b280899cef584068c7a684286d0be78c118fa528f54f6afbf
 EBUILD gajim-0.15.1.ebuild 2212 SHA256 8c5f62f5f5914668cbb0571c5869b36e0826f32abf9e63788efd98097001cef5 SHA512 5267156c17448eec193d534f0f977cc7153e578e34416a427422389cda71eb02e49d990f715258e7a2f2f2731a525f39b2b70a00ac3c3939e1529d6c03729740 WHIRLPOOL 87a9a54bd5618717a8bfd2cf6c13b04db70aab25ed903ed6f16d5b461906d3ed19098784246d7923562a22f2d4b49fee2f53dc618019b8458f30dabd1495e757
-EBUILD gajim-0.15.2.ebuild 2217 SHA256 f7af075f58afc59c525cd5b45abde1b1f21976bd7ee5eaba09896678afb3b45f SHA512 24d48895f3dae7c6c3c10c4da5302f82720b9703f0404ff81b20b001d15a7bd965f59c9fa010ef68d5def5badfc03468e92bb9d53f17dd4396045235f4091f74 WHIRLPOOL e8b6011641b6409b3a5b9a78b8818ca89ec5a6d9be3ec66d53087f5fe478937db5a9097354ad41c261c6a352104aa9ef76fdc18e2796c413b4d58ec5f5d7352d
-MISC ChangeLog 23175 SHA256 5e822717f74ced1c3fc05d0cb505716df3c1ec770167f49084f95795e9131ec2 SHA512 0ca259f71e0f0e5a3a807d1a6af24149a1b4db9fc50154dfd407a7254e42a5e4a3dfa280143f52b67e376cf51be93f757f25fbd40f1d2f7c6b4832831e2ce751 WHIRLPOOL d8a2d690e8e770b53e07f848729ff58216eca36106d278713d2904195c580f1ff90b4f1ad40f8f5be5a377b7e314ce0c1f0091e393441463e6e01434f52c3629
-MISC metadata.xml 489 SHA256 d3641da629913c0bd2c28d510499c1a62e2534b316f0affe46d74c02b3ab29a8 SHA512 731ac2dca03a08365bb683b593d3d9882c003c71a6a030cc84a16f56d23dc05efff83cc8cad791a81d74ac4fa840087f864e604625b90806449c6704b2ac1089 WHIRLPOOL 412a6b8f320caaf6e206bec2c42d0fab25272ed3123cf548d6ceccc2992b9b5657adeaafa060202e8839a4be03a0c1caa70578faf86615a47b9a48f116358a41
+EBUILD gajim-0.15.2-r1.ebuild 2264 SHA256 f97d8f2248ffd9698206bb29fd2f33c2c89d4f4ccf7ad3cf861d186516ff1d4b SHA512 85667ca9694c611f9f6675ba1103f35e828b4fb10c7fe7856ef9bbc33fb3b03c6594952fcde085e86c9133493975ab6bb7d819ff54a3d06bb0ee9f329ce67baf WHIRLPOOL 19aedd1e94c1bff54a7d27411edeb200c7cc265ffc9e2f75b35263a5d00f0989f3c3e2e3f23f1fad4089b3132e1cd630df35dc5397fb0babf16c925bffc674c7
+MISC ChangeLog 23404 SHA256 8c860256aa41c7960ba45483679b6db817df3ca6b2dbd3f7ab5cd3aff4dfcbf5 SHA512 2923411c8110ca7ccc2b46ff2071305c8a8deaf659f5705dec7900ce9ba5f292d853ece90a5d461b107ca2edc2117b466bf4219cc7b93507a92cff1fa61fc4cb WHIRLPOOL 02d24992cf0cf47bf8b32d9e83fa1369a9b0a1a0b3f202ccae16d6650aafc567768d39b6d6e2f2a9bfce668d890179f0647f87a30ecddd555e8fd53a2e8bbb16
+MISC metadata.xml 503 SHA256 781012e83e7e3d1480ed6413a58f8a294e3a1b4c4968b1217c9bf7b41cca3ae5 SHA512 cfc7f159daf5007962ea035289002df56575042d567aa36c495b95dcf7ca7bb931be622599537e9ea67c25b7cb75014acf38a13bda349218af7a5eb576ebb0a4 WHIRLPOOL 3ff97b378ffe5c79d63ba206dec6c346480c42aa4988bed662066efbf5599e0986c83cd1ade54bded8bb2e2ad0ab6ad6f18c791b59f11215c2a52c4503721cbb
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.19 (GNU/Linux)
+
+iEYEAREIAAYFAlEjq3AACgkQgAnW8HDreRY5SACfWIas95dbVJ8Grq3W8Kiot9ks
+0b4AnjB4BOYlM5w3jCBZBDUmT4y/az/5
+=G+Qa
+-----END PGP SIGNATURE-----
diff --git a/net-im/gajim/files/gajim-0.15.2-CVE-2012-5524.patch b/net-im/gajim/files/gajim-0.15.2-CVE-2012-5524.patch
new file mode 100644
index 000000000000..8cb0b976bcc4
--- /dev/null
+++ b/net-im/gajim/files/gajim-0.15.2-CVE-2012-5524.patch
@@ -0,0 +1,71 @@
+Index: src/common/connection.py

+===================================================================

+--- src/common/connection.py	(revision 14377)

++++ src/common/connection.py	(revision 14379)

+@@ -1312,19 +1312,22 @@

+             errnum = con.Connection.ssl_errnum

+         except AttributeError:

+-            errnum = -1 # we don't have an errnum

+-        if errnum > 0 and str(errnum) not in gajim.config.get_per('accounts',

+-        self.name, 'ignore_ssl_errors').split():

+-            text = _('The authenticity of the %s certificate could be invalid.'

+-                ) % hostname

+-            if errnum in ssl_error:

+-                text += _('\nSSL Error: <b>%s</b>') % ssl_error[errnum]

+-            else:

+-                text += _('\nUnknown SSL error: %d') % errnum

+-            gajim.nec.push_incoming_event(SSLErrorEvent(None, conn=self,

+-                error_text=text, error_num=errnum,

+-                cert=con.Connection.ssl_cert_pem,

+-                fingerprint=con.Connection.ssl_fingerprint_sha1,

+-                certificate=con.Connection.ssl_certificate))

+-            return True

++            errnum = [] # we don't have an errnum

++        i = 0

++        for er in errnum:

++            if er > 0 and str(er) not in gajim.config.get_per('accounts',

++            self.name, 'ignore_ssl_errors').split():

++                text = _('The authenticity of the %s certificate could be '

++                    'invalid.') % hostname

++                if er in ssl_error:

++                    text += _('\nSSL Error: <b>%s</b>') % ssl_error[er]

++                else:

++                    text += _('\nUnknown SSL error: %d') % er

++                gajim.nec.push_incoming_event(SSLErrorEvent(None, conn=self,

++                    error_text=text, error_num=er,

++                    cert=con.Connection.ssl_cert_pem[i],

++                    fingerprint=con.Connection.ssl_fingerprint_sha1[i],

++                    certificate=con.Connection.ssl_certificate[i]))

++                return True

++            i += 1

+         if hasattr(con.Connection, 'ssl_fingerprint_sha1'):

+             saved_fingerprint = gajim.config.get_per('accounts', self.name,

+@@ -1332,12 +1335,15 @@

+             if saved_fingerprint:

+                 # Check sha1 fingerprint

+-                if con.Connection.ssl_fingerprint_sha1 != saved_fingerprint:

++                if con.Connection.ssl_fingerprint_sha1[-1] != saved_fingerprint:

+                     gajim.nec.push_incoming_event(FingerprintErrorEvent(None,

+-                        conn=self, certificate=con.Connection.ssl_certificate,

+-                        new_fingerprint=con.Connection.ssl_fingerprint_sha1))

++                        conn=self,

++                        certificate=con.Connection.ssl_certificate,

++                        new_fingerprint=con.Connection.ssl_fingerprint_sha1[

++                        -1]))

+                     return True

+             else:

+                 gajim.config.set_per('accounts', self.name,

+-                    'ssl_fingerprint_sha1', con.Connection.ssl_fingerprint_sha1)

++                    'ssl_fingerprint_sha1',

++                    con.Connection.ssl_fingerprint_sha1[-1])

+             if not check_X509.check_certificate(con.Connection.ssl_certificate,

+             hostname) and '100' not in gajim.config.get_per('accounts',

+@@ -1348,6 +1354,6 @@

+                 gajim.nec.push_incoming_event(SSLErrorEvent(None, conn=self,

+                     error_text=txt, error_num=100,

+-                    cert=con.Connection.ssl_cert_pem,

+-                    fingerprint=con.Connection.ssl_fingerprint_sha1,

++                    cert=con.Connection.ssl_cert_pem[-1],

++                    fingerprint=con.Connection.ssl_fingerprint_sha1[-1],

+                     certificate=con.Connection.ssl_certificate))

+                 return True

diff --git a/net-im/gajim/gajim-0.15.2.ebuild b/net-im/gajim/gajim-0.15.2-r1.ebuild
index f7723938144b..30527d446c76 100644
--- a/net-im/gajim/gajim-0.15.2.ebuild
+++ b/net-im/gajim/gajim-0.15.2-r1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2013 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-im/gajim/gajim-0.15.2.ebuild,v 1.3 2013/02/02 23:01:13 ago Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-im/gajim/gajim-0.15.2-r1.ebuild,v 1.1 2013/02/19 16:42:22 jlec Exp $
 
 EAPI=4
 
@@ -71,7 +71,8 @@ src_prepare() {
 	echo "src/command_system/mapping.py" >> po/POTFILES.in
 	epatch \
 		"${FILESDIR}"/0.14-python-version.patch \
-		"${FILESDIR}"/0.14.1-testing.patch
+		"${FILESDIR}"/0.14.1-testing.patch \
+		"${FILESDIR}"/${P}-CVE-2012-5524.patch
 	echo '#!/bin/sh' > config/py-compile
 	eautoreconf
 }
diff --git a/net-im/gajim/metadata.xml b/net-im/gajim/metadata.xml
index 42b3e87f5dd3..ea54566d67ff 100644
--- a/net-im/gajim/metadata.xml
+++ b/net-im/gajim/metadata.xml
@@ -1,16 +1,16 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
 <pkgmetadata>
-	<herd>net-im</herd>
-	<maintainer>
-		<email>jlec@gentoo.org</email>
-	</maintainer>
-	<longdescription>
+  <herd>net-im</herd>
+  <maintainer>
+    <email>jlec@gentoo.org</email>
+  </maintainer>
+  <longdescription>
     A fully featured and easy to use GTK+ Jabber client written in PyGTK.
   </longdescription>
-	<use>
-		<flag name="idle">Enable idle module</flag>
-		<flag name="srv">SRV capabilities</flag>
-		<flag name="xhtml">Enable XHTML support</flag>
-	</use>
+  <use>
+    <flag name="idle">Enable idle module</flag>
+    <flag name="srv">SRV capabilities</flag>
+    <flag name="xhtml">Enable XHTML support</flag>
+  </use>
 </pkgmetadata>