[Pkg-telepathy-commits] [telepathy-gabble] 04/04: New upstream stable release
Simon McVittie
smcv at alioth.debian.org
Tue Sep 24 15:21:25 UTC 2013
This is an automated email from the git hooks/post-receive script.
smcv pushed a commit to branch debian-wheezy-proposed
in repository telepathy-gabble.
commit 7ac162973b7a3415d4045ad49b8d6b1ae945ee69
Author: Simon McVittie <smcv at debian.org>
Date: Tue Sep 24 11:20:27 2013 +0100
New upstream stable release
- drop patch for CVE-2013-1431, fixed upstream
- work around Facebook server behaviour change so we don't consider its
service discovery response to be spoofed (Closes: #721883)
- fix potential FTBFS in highly-parallel builds
- initialize libdbus for thread-safety, as a precaution against
plugins which might use it in a thread (e.g. libproxy GIO extension)
---
debian/changelog | 13 ++++++--
...spect-tls-required-flag-on-legacy-Jabber-.patch | 31 --------------------
debian/patches/series | 1 -
3 files changed, 10 insertions(+), 35 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index bb59a44..033395f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,8 +1,15 @@
-telepathy-gabble (0.16.5-1+deb7u2) UNRELEASED; urgency=low
+telepathy-gabble (0.16.7-0+deb7u1) wheezy; urgency=low
* debian/gbp.conf: switch to wheezy branch
-
- -- Simon McVittie <smcv at debian.org> Tue, 24 Sep 2013 11:14:12 +0100
+ * New upstream stable release
+ - drop patch for CVE-2013-1431, fixed upstream
+ - work around Facebook server behaviour change so we don't consider its
+ service discovery response to be spoofed (Closes: #721883)
+ - fix potential FTBFS in highly-parallel builds
+ - initialize libdbus for thread-safety, as a precaution against
+ plugins which might use it in a thread (e.g. libproxy GIO extension)
+
+ -- Simon McVittie <smcv at debian.org> Tue, 24 Sep 2013 11:20:13 +0100
telepathy-gabble (0.16.5-1+deb7u1) wheezy-security; urgency=high
diff --git a/debian/patches/0001-security-respect-tls-required-flag-on-legacy-Jabber-.patch b/debian/patches/0001-security-respect-tls-required-flag-on-legacy-Jabber-.patch
deleted file mode 100644
index 89cc326..0000000
--- a/debian/patches/0001-security-respect-tls-required-flag-on-legacy-Jabber-.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From: Simon McVittie <simon.mcvittie at collabora.co.uk>
-Date: Mon, 27 May 2013 13:16:22 +0100
-Subject: CVE-2013-1431: respect tls-required flag on legacy Jabber servers
-
-It's checked elsewhere for XMPP 1.0 servers, which can either
-use "old SSL" or perform STARTTLS. Legacy Jabber can only use
-"old SSL", which is similar to https - connect to a separate port,
-typically 5223, and start speaking SSL - so if the connection was
-ever going to be encrypted, by this point it already would be.
-
-Bug: https://bugs.freedesktop.org/show_bug.cgi?id=65036
-Reviewed-by: Sjoerd Simons <sjoerd.simons at collabora.co.uk>
-Origin: upstream, 0.16.6
----
- wocky/wocky-connector.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/lib/ext/wocky/wocky/wocky-connector.c b/lib/ext/wocky/wocky/wocky-connector.c
-index 133b9fd..3287285 100644
---- a/lib/ext/wocky/wocky/wocky-connector.c
-+++ b/lib/ext/wocky/wocky/wocky-connector.c
-@@ -1135,6 +1135,9 @@ xmpp_init_recv_cb (GObject *source,
- if (!priv->legacy_support)
- abort_connect_code (self, WOCKY_CONNECTOR_ERROR_NON_XMPP_V1_SERVER,
- "Server not XMPP 1.0 Compliant");
-+ else if (priv->tls_required && !priv->encrypted)
-+ abort_connect_code (data, WOCKY_CONNECTOR_ERROR_TLS_UNAVAILABLE,
-+ "TLS requested but server is not XMPP 1.0 compliant (try using \"old SSL\")");
- else
- jabber_request_auth (self);
- }
diff --git a/debian/patches/series b/debian/patches/series
index 0152452..e69de29 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +0,0 @@
-0001-security-respect-tls-required-flag-on-legacy-Jabber-.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-telepathy/telepathy-gabble.git
More information about the Pkg-telepathy-commits
mailing list