[Pkg-telepathy-commits] [SCM] telepathy-gabble packaging branch, debian-experimental, updated. debian/0.15.3-1

Thu Jan 26 19:16:16 UTC 2012

The following commit has been merged in the debian-experimental branch:
commit f6e20e61e94346d8b01bd9201996e9bfd74a4ab5
Author: Simon McVittie <smcv at debian.org>
Date:   Thu Jan 26 17:43:42 2012 +0000

    New upstream release
    
    * New upstream release
      - remove unused patch 01-jingleinfo.diff, fixed differently upstream

diff --git a/debian/changelog b/debian/changelog
index f28724d..87b5a54 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,8 @@
-telepathy-gabble (0.15.0-2) UNRELEASED; urgency=low
+telepathy-gabble (0.15.3-1) UNRELEASED; urgency=low
 
   * Merge from unstable
+  * New upstream release
+    - remove unused patch 01-jingleinfo.diff, fixed differently upstream
 
  -- Simon McVittie <smcv at debian.org>  Thu, 26 Jan 2012 17:34:27 +0000
 
diff --git a/debian/patches/01-jingleinfo.diff b/debian/patches/01-jingleinfo.diff
deleted file mode 100644
index 3ad744b..0000000
--- a/debian/patches/01-jingleinfo.diff
+++ /dev/null
@@ -1,54 +0,0 @@
-From 5ab349b6837389d21a2664a71db464d1b9c6644c Mon Sep 17 00:00:00 2001
-From: Will Thompson <will.thompson at collabora.co.uk>
-Date: Tue, 8 Feb 2011 18:43:21 +0000
-Subject: [PATCH] Ignore google:jingleinfo pushes from contacts.
-
-Previously, Gabble would erroneously process google:jingleinfo updates
-sent by anybody, rather than only paying attention to those sent by the
-user's server. This may theoretically allow an attacker to trick Gabble
-into relaying streamed media through a server of the attacker's
-choosing, enabling them to intercept, obstruct or modify the user's
-audio and video calls.
-
-This patch addresses this flaw, following the same pattern as the
-corresponding check in the roster code.
-
-Note that even without this flaw, no security guarantees on media in
-calls can be provided in the presence of malicious network admins or
-insecure networks: an attacker who can eavesdrop the network traffic
-still has the ability to intercept the content of the call, as the media
-is transmitted unencrypted.
----
- src/jingle-factory.c |   16 ++++++++++++++++
- 1 files changed, 16 insertions(+), 0 deletions(-)
-
-diff --git a/src/jingle-factory.c b/src/jingle-factory.c
-index 0ad4d6b..02add56 100644
---- a/src/jingle-factory.c
-+++ b/src/jingle-factory.c
-@@ -254,6 +254,22 @@ got_jingle_info_stanza (GabbleJingleFactory *fac,
-   GabbleJingleFactoryPrivate *priv = fac->priv;
-   LmMessageSubType sub_type;
-   LmMessageNode *query_node, *node;
-+  const gchar *from = wocky_node_get_attribute (wocky_stanza_get_top_node (message), "from");
-+
-+  if (from != NULL)
-+    {
-+      TpBaseConnection *base_conn = TP_BASE_CONNECTION (priv->conn);
-+      TpHandleRepoIface *contact_repo = tp_base_connection_get_handles (
-+          base_conn, TP_HANDLE_TYPE_CONTACT);
-+      TpHandle sender = tp_handle_lookup (contact_repo, from, NULL, NULL);
-+
-+      if (sender != base_conn->self_handle)
-+        {
-+          DEBUG ("ignoring jingleinfo from '%s', not ourself nor the server",
-+              from);
-+          return LM_HANDLER_RESULT_ALLOW_MORE_HANDLERS;
-+        }
-+    }
- 
-   query_node = lm_message_node_get_child_with_namespace (
-       wocky_stanza_get_top_node (message), "query", NS_GOOGLE_JINGLE_INFO);
--- 
-1.7.2.3
-

-- 
telepathy-gabble packaging

