FFe: Sync gajim 0.15-1 (universe) from Debian testing (main)

Bug #984616 reported by Steve Beattie on 2012-04-18
This bug affects 1 person
Affects Status Importance Assigned to Milestone
gajim (Ubuntu)

Bug Description

Please sync gajim 0.15-1 (universe) from Debian testing (main)

Explanation of the Ubuntu delta and why it can be dropped:
  * Merge from debian unstable(LP: #630876). Remaining changes:
    - Kept Ubuntu patches
      + config-write-sync.patch
      + ubuntu-keyring.patch
  * Drop the debian/watch change as debian version of the watch file just
    works fine I think.

The delta between Ubuntu and Debian can be dropped because both
the config-write-sync.patch and ubuntu-keyring.patch were applied
upstream. (It should be noted that the patches were not actually
applied in the 0.14.1-1ubuntu1 merge, despite the changelog message
to the contrary.)

Explanation of FeatureFreeze exception:

Upgrading gajim to 0.15-1 will address two CVEs, CVE-2012-2086 and
CVE-2012-2085, the latter of which is a remote code execution issue (a
user can be tricked into clicking a URL that executes code on their
local machine).

This version does not include the fix for CVE-2012-2093 (latex tmp
races), but that fix introduced a critical regression that causes gajim
not to start (debian bug 669105); note that /tmp races are mitigated in
Ubuntu due to YAMA restrictions being enabled.

I've verified that the package builds in a precise/amd64 schroot and
will attach the build log. I installed the built package and was able to
connect and chat through google talk's jabber server.

Relevant entries from the upstream Changelog file:

Gajim 0.15 (18 March 2012)

  * Plugin system
  * Whiteboard (via a plugin)
  * Message archiving
  * Stream managment
  * IBB
  * Nested roster group
  * Roster filtrering
  * UPower support
  * GPG support for windows
  * Spell checking support for windows

Gajim 0.14.4 (22 July 2011)

  * Fix translation issue
  * other minor fixes

Gajim 0.14.3 (19 June 2011)

  * Fix history viewer
  * Fix closing roster window
  * Prevent some erros with metacontacts

Gajim 0.14.2 (07 June 2011)

  * Fix CPU usage when testing file transfer proxies
  * Fix invalid XML char regex
  * Fix subscription request window handling
  * Fix URL display in chat message banner
  * Other minor bugfixes

Changelog entries since current precise version 0.14.1-1ubuntu1:

gajim (0.15-1) unstable; urgency=low

  * New upstream release.
  * remove 00_debian-copying.diff because upstream doesn't install it anymore
  * remove 01_configure-ac.diff because upstream changed configure dependencies
  * remove python-gnupginterface from recommands list, it's no more used

 -- Yann Leboulanger <email address hidden> Sat, 18 Mar 2012 10:32:38 +0100

gajim (0.14.4-1) unstable; urgency=low

  * New upstream release. Closes: #637071
  * Fixes weird error. Closes: #632226
  * Stop suggesting unused python-sexy. Closes: #633301
  * Modify 00_debian-copying.diff to also not install ChangeLog file.
    dh_changelogs will do it.

 -- Yann Leboulanger <email address hidden> Fri, 22 Jul 2011 12:56:30 +0200

gajim (0.14.3-1) unstable; urgency=low

  * New upstream release.
  * Fix closing roster window. Closes: #630315

 -- Yann Leboulanger <email address hidden> Sun, 19 Jun 2011 21:46:09 +0200

gajim (0.14.2-1) unstable; urgency=low

  * New upstream release.
  * Fix CPU usage when testing file transfer proxies. Closes: #626576

 -- Yann Leboulanger <email address hidden> Tue, 07 Jun 2011 19:30:43 +0200

Steve Beattie (sbeattie) wrote :

As promised, the build log from building the testing version of gajim on precise/amd64.

Changed in gajim (Ubuntu):
importance: Undecided → Wishlist
Steve Beattie (sbeattie) wrote :

Installation log:

$ sudo apt-get install gajim
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
  libfile-copy-recursive-perl bitlbee-common comerr-dev update-inetd libproxy0 libcgroup1 libindicator3-6 libgnutls28
  libkrb5-dev libaprutil1-ldap libapr1-dev libgssrpc4 libpcrecpp0 apache2.2-common libept1 libtirpc1 libaprutil1-dbd-sqlite3
  libvpx0 apache2.2-bin libhogweed2 spawn-fcgi libzip1 libnfsidmap2 uuid-dev libkadm5clnt-mit8 libpq-dev libkadm5srv-mit8
  libnl3 libattica0 libsqlite3-dev libpq5 libpcre3-dev libkdb5-6 krb5-multidev libgssglue1 libllvm2.9 libldap2-dev
Use 'apt-get autoremove' to remove them.
The following extra packages will be installed:
Suggested packages:
  python-gconf python-gnome2 nautilus-sendto avahi-daemon python-avahi network-manager libgtkspell0 python-gnomekeyring
  gnome-keyring python-kerberos python-farsight gstreamer0.10-plugins-ugly
The following NEW packages will be installed:
  gajim python-pyasn1
0 upgraded, 2 newly installed, 0 to remove and 43 not upgraded.
Need to get 4,599 kB of archives.
After this operation, 13.6 MB of additional disk space will be used.
Do you want to continue [Y/n]? y
Get:1 http://test-repo/testing/ precise/ gajim 0.15-1 [4,569 kB]
Get:2 http://ubuntu-mirror.nxnw.org/ubuntu/ precise/main python-pyasn1 all 0.0.11a-1ubuntu1 [30.4 kB]
Fetched 4,599 kB in 2s (2,021 kB/s)
Selecting previously unselected package gajim.
(Reading database ... 316077 files and directories currently installed.)
Unpacking gajim (from .../archives/gajim_0.15-1_all.deb) ...
Selecting previously unselected package python-pyasn1.
Unpacking python-pyasn1 (from .../python-pyasn1_0.0.11a-1ubuntu1_all.deb) ...
Processing triggers for hicolor-icon-theme ...
Processing triggers for man-db ...
Processing triggers for doc-base ...
Processing 1 added doc-base file...
Setting up gajim (0.15-1) ...
Setting up python-pyasn1 (0.0.11a-1ubuntu1) ...

Steve Beattie (sbeattie) wrote :

For reference, the two security issues fixed in the upstream 0.15 release have upstream bug reports; they are:


Martin Pitt (pitti) wrote :

Approved, thanks.

Changed in gajim (Ubuntu):
status: New → Triaged
Martin Pitt (pitti) wrote :


Changed in gajim (Ubuntu):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.