net-im/gajim: Fix CVE-2016-10376

Gentoo-Bug: 620146
Package-Manager: Portage-2.3.5, Repoman-2.3.2

2 files changed, 170 insertions, 0 deletions

diff --git a/net-im/gajim/files/0.16.6-0001-Add-config-option-to-activate-XEP-0146.patch b/net-im/gajim/files/0.16.6-0001-Add-config-option-to-activate-XEP-0146.patch
new file mode 100644
index 000000000000..046c72c0ca2d
--- /dev/null
+++ b/net-im/gajim/files/0.16.6-0001-Add-config-option-to-activate-XEP-0146.patch
@@ -0,0 +1,45 @@
+From 285392b27db7cb01b0566b4bda3920e6559b75e4 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Philipp=20H=C3=B6rist?= <forenjunkie@chello.at>
+Date: Fri, 26 May 2017 23:10:05 +0200
+Subject: [PATCH] Add config option to activate XEP-0146 commands
+
+Some of the Commands have security implications, thats why we disable them per default
+Fixes #8378
+---
+ src/common/commands.py | 7 ++++---
+ src/common/config.py   | 1 +
+ 2 files changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/src/common/commands.py b/src/common/commands.py
+index 40d700710..46d6947f8 100644
+--- a/src/common/commands.py
++++ b/src/common/commands.py
+@@ -345,9 +345,10 @@ class ConnectionCommands:
+     def __init__(self):
+         # a list of all commands exposed: node -> command class
+         self.__commands = {}
+-        for cmdobj in (ChangeStatusCommand, ForwardMessagesCommand,
+-        LeaveGroupchatsCommand, FwdMsgThenDisconnectCommand):
+-            self.__commands[cmdobj.commandnode] = cmdobj
++        if gajim.config.get('remote_commands'):
++            for cmdobj in (ChangeStatusCommand, ForwardMessagesCommand,
++            LeaveGroupchatsCommand, FwdMsgThenDisconnectCommand):
++                self.__commands[cmdobj.commandnode] = cmdobj
+ 
+         # a list of sessions; keys are tuples (jid, sessionid, node)
+         self.__sessions = {}
+diff --git a/src/common/config.py b/src/common/config.py
+index 3884d9e1d..7c1313fc4 100644
+--- a/src/common/config.py
++++ b/src/common/config.py
+@@ -313,6 +313,7 @@ class Config:
+             'ignore_incoming_attention': [opt_bool, False, _('If True, Gajim will ignore incoming attention requestd ("wizz").')],
+             'remember_opened_chat_controls': [ opt_bool, True, _('If enabled, Gajim will reopen chat windows that were opened last time Gajim was closed.')],
+             'positive_184_ack': [ opt_bool, False, _('If enabled, Gajim will show an icon to show that sent message has been received by your contact')],
++            'remote_commands': [opt_bool, False, _('If True, Gajim will execute XEP-0146 Commands.')],
+     }, {})
+ 
+     __options_per_key = {
+-- 
+2.12.2
+
diff --git a/net-im/gajim/gajim-0.16.6-r1.ebuild b/net-im/gajim/gajim-0.16.6-r1.ebuild
new file mode 100644
index 000000000000..7fc7796b9750
--- /dev/null
+++ b/net-im/gajim/gajim-0.16.6-r1.ebuild
@@ -0,0 +1,125 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=5
+
+PYTHON_COMPAT=( python2_7 )
+PYTHON_REQ_USE="sqlite,xml"
+
+AUTOTOOLS_AUTORECONF=true
+
+inherit autotools-utils python-r1 versionator
+
+MY_PV=${PV/_/-}
+MY_P="${PN}-${MY_PV}"
+
+DESCRIPTION="Jabber client written in PyGTK"
+HOMEPAGE="http://www.gajim.org/"
+SRC_URI="
+	http://www.gajim.org/downloads/$(get_version_component_range 1-2)/${MY_P}.tar.bz2"
+#	test? ( https://dev.gentoo.org/~jlec/distfiles/${PN}-tests-${PV}.tar.xz )"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~ppc ~ppc64 ~x86 ~x86-fbsd"
+IUSE="crypt dbus gnome gnome-keyring kde idle jingle libnotify networkmanager nls spell +srv test X xhtml zeroconf"
+
+REQUIRED_USE="
+	${PYTHON_REQUIRED_USE}
+	libnotify? ( dbus )
+	gnome? ( gnome-keyring )
+	zeroconf? ( dbus )"
+
+COMMON_DEPEND="
+	${PYTHON_DEPS}
+	dev-python/pygtk:2[${PYTHON_USEDEP}]
+	x11-libs/gtk+:2"
+DEPEND="${COMMON_DEPEND}
+	>=dev-util/intltool-0.40.1
+	virtual/pkgconfig
+	>=sys-devel/gettext-0.17-r1"
+RDEPEND="${COMMON_DEPEND}
+	dev-python/pyasn1[${PYTHON_USEDEP}]
+	>=dev-python/pyopenssl-0.14[${PYTHON_USEDEP}]
+	>=dev-python/python-nbxmpp-0.5.3[${PYTHON_USEDEP}]
+	crypt? (
+		app-crypt/gnupg
+		dev-python/pycrypto[${PYTHON_USEDEP}]
+		)
+	dbus? (
+		dev-python/dbus-python[${PYTHON_USEDEP}]
+		dev-libs/dbus-glib
+		libnotify? ( dev-python/notify-python[${PYTHON_USEDEP}] )
+		zeroconf? ( net-dns/avahi[dbus,gtk,python,${PYTHON_USEDEP}] )
+		)
+	gnome? (
+		dev-python/libgnome-python[${PYTHON_USEDEP}]
+		dev-python/egg-python[${PYTHON_USEDEP}]
+		)
+	gnome-keyring? ( dev-python/gnome-keyring-python[${PYTHON_USEDEP}] )
+	idle? ( x11-libs/libXScrnSaver )
+	jingle? ( net-libs/farstream:0.1[python,${PYTHON_USEDEP}] )
+	kde? ( kde-apps/kwalletmanager )
+	networkmanager? (
+			dev-python/dbus-python[${PYTHON_USEDEP}]
+			net-misc/networkmanager
+		)
+	spell? ( app-text/gtkspell:2 )
+	srv? (
+		|| (
+			dev-python/libasyncns-python[${PYTHON_USEDEP}]
+			net-dns/bind-tools
+			)
+		)
+	xhtml? ( dev-python/docutils[${PYTHON_USEDEP}] )"
+
+RESTRICT="test"
+
+PATCHES=(
+	"${FILESDIR}/${PV}-0001-Add-config-option-to-activate-XEP-0146.patch" )
+
+S="${WORKDIR}"/${MY_P}
+
+src_prepare() {
+	autotools-utils_src_prepare
+	python_copy_sources
+}
+
+src_configure() {
+	configuration() {
+		local myeconfargs=(
+			$(use_enable nls)
+			$(use_with X x)
+			--docdir="/usr/share/doc/${PF}"
+			--libdir="$(python_get_sitedir)"
+			--enable-site-packages
+		)
+		run_in_build_dir autotools-utils_src_configure
+	}
+	python_foreach_impl configuration
+}
+
+src_compile() {
+	compilation() {
+		run_in_build_dir autotools-utils_src_compile
+	}
+	python_foreach_impl compilation
+}
+
+src_test() {
+	testing() {
+		run_in_build_dir ${PYTHON} test/runtests.py --verbose 3 || die
+	}
+	python_foreach_impl testing
+}
+
+src_install() {
+	installation() {
+		run_in_build_dir autotools-utils_src_install
+		python_optimize
+	}
+	python_foreach_impl installation
+
+	rm "${ED}/usr/share/doc/${PF}/README.html" || die
+	dohtml README.html
+}