--- gajim-0.13.4.orig/debian/changelog +++ gajim-0.13.4/debian/changelog @@ -0,0 +1,953 @@ +gajim (0.13.4-3ubuntu2.1) natty-security; urgency=low + + * SECURITY UPDATE: assisted code execution (LP: #992618) + - debian/patches/CVE-2012-2085.patch: fix subprocess call to prevent + shell escape from via crafted messages + https://trac.gajim.org/changeset/bc296e96ac10 + - CVE-2012-2085 + * SECURITY UPDATE: sql injection in logging code (LP: #992618) + - debian/patches/CVE-2012-2086.patch: use a prepated statement + https://trac.gajim.org/changeset/bfd5f94489d8 + - CVE-2012-2086 + * SECURITY UPDATE: insecure tmpfile creation (LP: #992613) + - debian/patches/CVE-2012-2093.patch: use safe tmpfile functions + when convering LaTeX IM messages to png images + Thanks to Nico Golde + - CVE-2012-2093 + + -- Julian Taylor Thu, 10 May 2012 17:48:45 -0700 + +gajim (0.13.4-3ubuntu2) natty; urgency=low + + * Rebuild with python 2.7 as the python default. + + -- Matthias Klose Wed, 08 Dec 2010 15:02:54 +0000 + +gajim (0.13.4-3ubuntu1) natty; urgency=low + + * Merge from debian unstable (LP: #672484). Remaining changes: + - Updated debian/watch + - Kept Ubuntu patches + + config-write-sync.patch + + ubuntu-keyring.patch + + -- Angel Abad Mon, 08 Nov 2010 11:27:08 +0100 + +gajim (0.13.4-3) unstable; urgency=low + + * Fix a problem when canceling password keyring creation. + + -- Yann Leboulanger Thu, 04 Nov 2010 20:40:52 +0100 + +gajim (0.13.4-2ubuntu1) natty; urgency=low + + * Merge from debian unstable (LP: #662154). Remaining changes: + - Updated debian/watch + - Kept Ubuntu patches + + config-write-sync.patch + + ubuntu-keyring.patch + * Dropped change: (superceeded in debian) + - Changed python build version from 2.5 to 2.6 in debian/rules + + -- Angel Abad Tue, 14 Sep 2010 11:16:21 +0100 + +gajim (0.13.4-2) unstable; urgency=low + + * don't fail to build with python != 2.5. Closes: #595870 + * fix minimum python-openssl version to 0.9. Closes: #594772 + + -- Yann Leboulanger Tue, 07 Sep 2010 09:28:03 +0200 + +gajim (0.13.4-1ubuntu1) maverick; urgency=low + + * Merge from debian testing (LP: #506049), remaining changes: + - Updated debian/watch + - Kept Ubuntu patches + + config-write-sync.patch + + ubuntu-keyring.patch + - Changed python build version from 2.5 to 2.6 in debian/rules + + -- Jonathan Michalon Tue, 25 May 2010 18:54:10 +0200 + +gajim (0.13.4-1) unstable; urgency=low + + * New upstream release. + * Fix flood when trying to join a full MUC. Closes: #575688 + + -- Yann Leboulanger Fri, 02 Apr 2010 10:19:59 +0200 + +gajim (0.13.3-1) unstable; urgency=low + + * New upstream release. + * Fix connection to facebook. Closes: #569767 + + -- Yann Leboulanger Tue, 23 Feb 2010 21:00:41 +0100 + +gajim (0.13.2-1) unstable; urgency=low + + * New upstream release. + * Fix gnomekeyring usage. Closes: #562913 + * Fix completion. Closes: #563930 + * Fix typo in suggests list. Closes: #564754 + + -- Yann Leboulanger Thu, 14 Jan 2010 21:23:36 +0100 + +gajim (0.13.1-1) unstable; urgency=low + + * New upstream release. Closes: #559905 + * Update PyGTK requirement to 2.12.0 minimum + * Fix filetransfer proxies testing, keepalive handling, memory leak. + Closes: #524514 + * Better connection. Closes: #547267 + * Fix proxy test on startup. Closes: #453910 + * Fix sound playing. Closes: #527275 + * Update debhelper compatibility level to 7 + + -- Yann Leboulanger Sun, 29 Nov 2009 01:21:04 +0100 + +gajim (0.13-0ubuntu2) lucid; urgency=low + + * debian/control: + - Change python-gnome2-extras recommends to python-eggtrayicon. + The former package has gone away in Lucid. + + -- Chris Coulson Tue, 15 Dec 2009 02:32:45 +0000 + +gajim (0.13-0ubuntu1) lucid; urgency=low + + * New upstream release. + * debian/patches: + - Drop add-indicator-support.patch, implemented upstream. + - Drop show_roster_on_startup.patch, merged upstream. + - Drop notify-osd.patch, merged upstream. + * debian/gajim.install: + - Removed usr/lib/gajim/*.so: sources ported to Python, no .so files. + + -- Maia Kozheva Wed, 25 Nov 2009 14:13:30 +0600 + +gajim (0.12.5-1) unstable; urgency=low + + * New upstream release which fixes file transfer. Closes: #544466 + * Fix history manager. Closes: #539109 + * Fix custom host / port usage. Closes: #539267 + * update python-gnome* dependancies. Closes: #541553 + + -- Yann Leboulanger Sun, 08 Aug 2009 00:06:15 +0100 + +gajim (0.12.5-0ubuntu3) lucid; urgency=low + + * Fix indicate support (LP: #433495) + * Bump Standards-Version to 3.8.3 + + -- Laurent Bigonville Thu, 05 Nov 2009 14:17:31 +0100 + +gajim (0.12.5-0ubuntu2) karmic; urgency=low + + * Add show_roster_on_startup.patch to fix: The roster will always shown on + startup even if the user sets show_roster_on_startup to false (LP: #461553). + * debian/rules: Use distclean instead of clean to cleanup. + + -- Benjamin Drung Tue, 27 Oct 2009 00:54:26 +0100 + +gajim (0.12.5-0ubuntu1) karmic; urgency=low + + * New upstream version. + + Fix History manager + + Fix file transfer proxy discovering at connection + + Improve filetransfer with IPv6 + + Fix zeroconf when receiving badly encoded info + + Don't depend on GTK 2.14 + + -- Nafallo Bjälevik Sat, 08 Aug 2009 13:42:07 +0100 + +gajim (0.12.3-1) unstable; urgency=low + + * New upstream release. + * OS info are now caches. Closes: #509675 + * keepalive system has been improved. Closes: #521144 + * Recommends python-crypto for encryption. Closes: #513892 + * update to 3.8.2 Debian Policy + * update to debhelper V6 + * added watch file + + -- Yann Leboulanger Sun, 24 Jun 2009 20:46:15 +0100 + +gajim (0.12.3-0ubuntu1) karmic; urgency=low + + * New upstream release. + + Fix PLAIN authentication (in particular with Gtalk servers) + + Fix PEP discovery + * debian/patches/de-update.patch: + - Drop patch. This is in the new release + * debian/gajim.install: + - Install usr/bin/gajim-history-manager as well + + -- Nafallo Bjälevik Sat, 13 Jun 2009 00:55:25 +0100 + +gajim (0.12.2-0ubuntu1) karmic; urgency=low + + * New upstream bugfix release: + + Better keepalive / ping behaviour + + Fix custom port handling + + Improve error messages handling + + Totem support for played music + + Fix SSL with some servers + + Handle XFCE notification-daemon + + Restore old behaviour of click on systray: left click to open events + + Network manager 0.7 support + + Improve Kerberos support + + Many bugfixes here and there + + Add -c option to history_manager + * debian/patches/00list: + - Disable de-update.patch, since it doesn't apply + - Drop svn-11058.patch since it is included in the new release + * debian/patches/svn-11058.patch: + - Drop patch since it is included in the new release + * debian/control: + - Bump required version for intltool as per upstream's requirements + + -- Nafallo Bjälevik Fri, 12 Jun 2009 13:49:19 +0100 + +gajim (0.12.1-1) unstable; urgency=low + + * New upstream release. + * Fix coming back from suspend. Closes: #500523 + * Fix menuitem shortcut. Closes: #440530 + * Warn user when logs database is brocken. Closes: #447889 + * Check server certificate using python-openssl. Closes: #450756 + * Don't pool to get played music from Banshee. Closes: #472862 + * Escape non-ascii password correcly. Closes: #495540 + * Fix URL recognition. Closes: #407806 + * Suggest python-kerberos for GSSAPI authentication. + * Suggest python-sexy for clickable links in chat banners. + * Recommends python-openssl instead of python-pyopenssl. Package name has + changed. + * Depends on libc6 for gtkspell.so module + * Build Gajim modules against python2.5 + + -- Yann Leboulanger Wed, 21 Dec 2008 14:40:16 +0100 + +gajim (0.12.1-0ubuntu5) jaunty; urgency=low + + * debian/patches/de-update.patch: + - Updated de.po from Niklas Hambüchen + * debian/patches/debian/patches/svn-11058.patch: + - Add upstream revision #11058 for an important bug. + (LP: #362634) + * debian/control: + - Move python-avahi from Suggests to Recommends since + it broke people just enabling the avahi feature. + + -- Nafallo Bjälevik Sun, 19 Apr 2009 17:34:37 +0100 + +gajim (0.12.1-0ubuntu4) jaunty; urgency=low + + * debian/control: + - Change the binary package name from indicate-python + to python-indicate (LP: #340213) + + -- Nafallo Bjälevik Fri, 03 Apr 2009 13:20:42 +0100 + +gajim (0.12.1-0ubuntu3) jaunty; urgency=low + + [ Ken VanDine ] + * debian/patches/patches/add-indicator-support.patch: + - Add support for the message indicator (LP: #340213) + * debian/control: + - Added a Recommends for indicate-python, to take advantage of + the message indicator patch + + [ Nafallo Bjälevik ] + * Convert all other patches to dpatches as well: + - notify-osd.patch from James Westby + - ubuntu-keyring.patch from Nafallo Bjälevik + * debian/control: + - Rework the package relations between Depends, + Recommends and Suggestions a bit (LP: #348793) + * debian/patches/config-write-sync.patch: + - Make the explicit configuration file removal + only happen on Windows. Thanks Jamin W. Collins. + (LP: #349661) + + -- Nafallo Bjälevik Thu, 02 Apr 2009 16:15:05 +0100 + +gajim (0.12.1-0ubuntu2) jaunty; urgency=low + + * Don't use actions in notifications if the server doesn't support them. + (LP: #328615) + + -- James Westby Wed, 25 Feb 2009 13:31:57 +0000 + +gajim (0.12.1-0ubuntu1) jaunty; urgency=low + + * New upstream bugfix release: + + Fix filetransfer + + Updated german translation + + Fix click on notifications when text string is empty + + Improve systray popup menu + + -- Nafallo Bjälevik Wed, 24 Dec 2008 17:00:00 +0000 + +gajim (0.12-0ubuntu1) jaunty; urgency=low + + * New upstream release: + + Fix text rendering in notifications + + Better sessions support + + Better auto-away support + + Fix banshee support + + Quodlibet support + + Fix GSSAPI authentification + + Those translations have been temporarily removed because they are outdated: + Breton (br), Greek (el), Dutch (nl), Portugese (pt). + * debian/control: + - Added python-kerberos (>= 1.1) to Recommends for the GSSAPI auth. + + -- Nafallo Bjälevik Wed, 17 Dec 2008 12:08:19 +0000 + +gajim (0.12~beta1-0ubuntu1) jaunty; urgency=low + + * New upstream beta release: + + Security improvements: End-to-End encryption, SSL certificat verification + + Ability to minimize groupchats in roster + + Chat to groupchat transformation + + Block/Unblock contacts directly from roster + + Single window mode + + PEP support (User activity, mood and tune) + + Security improvements: Kerberos (GSSAPI) SASL Authentication mechanism + + Improve GUI of some windows + + Fix handling of invalid XML + + Fix freeze on connection + * Dropped all changes, patches and backports. + * src/common/passwords.py: + - Change keyring to 'login', which is what gets unlocked at login. + * debian/copyright: + - Updated for the GPL-3 change and for the amount of upstream authors. + * debian/control: + - Update Standards-Version and drop XS for Vcs-Bzr. + - Add Homepage and use ${shlibs:Depends}. + * debian/rules: + - Update to not ignore errors from make clean. + - Update with dh_shlibdeps. + + -- Nafallo Bjälevik Sun, 16 Nov 2008 00:26:27 +0000 + +gajim (0.11.4-1) unstable; urgency=low + + * New upstream release. + * Fix tab switching. Closes: #452257 + * update to 3.7.3 Debian Policy + * Add Homepage, Vcs-Svn, Vcs-Browser fields to control file + + -- Yann Leboulanger Wed, 05 Dec 2007 22:23:30 +0100 + +gajim (0.11.4-0ubuntu2) hardy; urgency=low + + * Fix the html entities to be escaped too many times in notification popup + (taken from upstream) (LP: #205973) + + -- Laurent Bigonville Sat, 12 Jul 2008 13:23:49 +0200 + +gajim (0.11.4-0ubuntu1build1) intrepid; urgency=low + + * Rebuild the package to fix systray icon issue (LP: #240215) + + -- Laurent Bigonville Tue, 01 Jul 2008 22:52:05 +0200 + +gajim (0.11.4-0ubuntu1) hardy; urgency=low + + * New upstream release: + + Fix /nick command in groupchats + + Better Metacontacts sorting + + Fix Ctrl + PageUP/Down behaviour + + Fix saving files from filetransfer under windows + * Merge our changes, patches and backports + + -- Nafallo Bjälevik Thu, 06 Dec 2007 22:28:50 +0000 + +gajim (0.11.3-1) unstable; urgency=low + + * New upstream release. + * Fix depand list so that Gajim will work when python2.5 will be the + default. Closes: #445275 + * Fix focus bug. Closes: #447985 + * Depend on dnsutils to use SRV records. Closes: #434690 + + -- Yann Leboulanger Fri, 16 Nov 2007 19:01:54 +0100 + +gajim (0.11.3-0ubuntu1) hardy; urgency=low + + * New upstream release: + - Fix bookmarks support detection + - Improve file transfer on windows + - Fix some zeroconf bugs + - Fix focus bug in chat window + - Fix nickname changement behaviour in groupchats + * Merge our changes, patches and backports + * po/de.po: + - Removed the fuzzy and the dots for a translation (LP: #162584) + + -- Nafallo Bjälevik Sat, 17 Nov 2007 13:26:57 +0000 + +gajim (0.11.2-1) unstable; urgency=low + + * New upstream release. + * Don't optionaly depend on python2.5. Closes: #418252 + * Better handle gnome-keyring. Closes: #433315, #424293 + * Handle dbus restart. Closes: #434993 + * Don't allow bookmark creation on server that don't support that. + Closes: #438620 + * Fix list_contact dbus signature. Closes: #440225 + * Remove changelog.gz from /usr/share/doc/gajim. Closes: #412632 + + -- Yann Le Boulanger Sun, 22 Sep 2007 22:22:34 +0100 + +gajim (0.11.2-0ubuntu2) UNRELEASED; urgency=low + + * debian/control: + - Change bazaar.launchpad.net to code.launchpad.net + - Change the recommend on dbus-glib to python-dbus (LP: #152333) + * src/common/zeroconf/connection_zeroconf.py: + - Apply patch from Stefan Bethge to fix an IndexError (LP: #151568) + + -- Nafallo Bjälevik Wed, 07 Nov 2007 10:40:57 +0000 + +gajim (0.11.2-0ubuntu1) gutsy; urgency=low + + * New upstream release: + - Improve idle, transports support + - Enable ellipsization in roster and chatwindow + - Fixed some metacontacts problems (#2156, #2761) + - Better support of XEP-0070 (Verifying HTTP Requests via XMPP) + - Make the same height of a banner for all chat tabs + - Fix a bug with french translation and invitations (#3043) + - Fix a bug with UTF-8 and emoticons + - Corrected many bugs with passwords and gnome-keyring + - Improve xhtml-im and pictures support + - Improve Ad-Hoc support + - And many other bufixes + * Merge our changes and patches + + -- Nafallo Bjälevik Tue, 02 Oct 2007 00:19:08 +0100 + +gajim (0.11.1-1) unstable; urgency=low + + * New upstream release. + * Don't depend on python2.4 specifically + * Don't recommand libdbus, python-dbus does + * Tooltips in chat window are now correctly destroyed. Closes: #404693 + + -- Yann Le Boulanger Sun, 18 Feb 2007 22:15:57 +0100 + +gajim (0.11.1-0ubuntu6) gutsy; urgency=low + + * src/common/passwords.py: + - fixed issue with gnome-keyring DeniedError. + see: http://trac.gajim.org/changeset/8701 + It appears only, when there is no keyring available. + + -- Stephan Hermann Sat, 08 Sep 2007 11:43:03 +0200 + +gajim (0.11.1-0ubuntu5) gutsy; urgency=low + + * debian/control: + - Remove python-gnome2 from Suggests and add python-gnomecanvas + to binary Depends (LP: #125957). + * src/network_manager_listener.py: + - Fix bug in 0.11.1 where Gajim failed the interaction with NM + (LP: #116184) (Thanks Stefan Bethge). + - Apply upstream changeset 7718 for this. + * src/common/zeroconf/connection_zeroconf.py: + - Backport the function _disconnectedReconnCB for the above. + + -- Nafallo Bjälevik Sat, 21 Jul 2007 12:31:09 +0200 + +gajim (0.11.1-0ubuntu4) gutsy; urgency=low + + * po/fr.po: + - Fix bug that breaks invitation with the french translation. + (LP: #114301) + - Apply upstream changeset 8022 for this. + + -- Christian Bjälevik Thu, 21 Jun 2007 19:03:17 +0200 + +gajim (0.11.1-0ubuntu3) feisty; urgency=low + + * src/roaster_window.py: + - Remove "" around %(title)s to fix error when reporting + which song you're playing. + * src/{roster_window,music_track_listener}.py: + - music_track_listener for Banshee was crashing internally + if Banshee was closed while listening. + - Apply upstream changeset 8007 to fix the above problem. + * src/roaster_window.py: + - if gajim is quit while roster was hidden, start gajim with + roster minimized next time. + - Apply upstream changeset 7973. + * src/common/contacts.py, src/roaster_window.py: + - when we compare 2 offline contacts, the one which has a + status messages is shown above the one without. + - Apply upstream changeset 8006. + * src/common/config.py, src/roaster_window.py: + - add an ACE option to disable the fact that gajim auto-expand + and selects the contact who sent last message. + - Apply upstream changeset 8015. + * data/glade/gc_control_popup_menu.glade, src/dialogs.py, + src/common/connection_handlers.py, src/common/connection.py, + src/groupchat_control.py, data/glade/dubbleinput_dialog.glade: + - ability to destroy a room when we are owner, give a reason and + alternative room jid. + - Apply upstream changesets 8010 and 8011 to support XEP-0045. + + -- Christian Bjälevik Tue, 20 Mar 2007 15:58:16 +0100 + +gajim (0.11.1-0ubuntu2) feisty; urgency=low + + * debian/control: + - Remove XSBC-Original-Maintainer and finally make myself Maintainer. + We have diverged from Debian since the beginning of this package and + doesn't even have the same packaging they do. + * po/pl.po: + - s/\·/\ /g again... *sighs* + * src/dialogs.py: + - Applied dropped patch to open Debianspecific copyright path. + * src/roster_window.py: + - Re-add LaunchpadIntegration. + + -- Christian Bjälevik Sat, 3 Mar 2007 04:42:21 +0100 + +gajim (0.11.1-0ubuntu1) feisty; urgency=low + + * New upstream release (LP: #86318 and LP: #80770) + * Set Ubuntu maintainer + + -- Emilio Pozuelo Monfort Thu, 22 Feb 2007 20:05:52 +0100 + +gajim (0.11-2) unstable; urgency=low + + * Add missing build depends to get gajim-remote. Closes: #405969 + * Update recommands to support dbus. Closes: #402355 + * Make python-gnupginterface a recommanded package. Closes: #405808 + + -- Yann Le Boulanger Tue, 09 Jan 2007 18:32:26 +0100 + +gajim (0.11-1) unstable; urgency=low + + * New upstream release. Closes: #403806 + * Enable IPv6 support. Closes: #386062 + * Fix popup-menu binding. Closes: #388564 + * Fix quick access letter with spanish translation. Closes: #385410 + * Fix typo in german translation. Closes: #398195 + * Fix a bug with Gaim avatars. Closes: #398911 + + -- Yann Le Boulanger Tue, 19 Dec 2006 14:25:32 +0100 + +gajim (0.11-0ubuntu1) feisty; urgency=low + + * New upstream release: + + Changes: + http://trac.gajim.org/browser/branches/gajim_0.11/ChangeLog + + Bugs fixed: + http://trac.gajim.org/query?status=closed&milestone=0.11 + * debian/compat: 4 -> 5. + * debian/pycompat: Add with value 2. + * debian/control: + - Standards-Version 3.7.2, no changes needed. + - Added dbus-glib and python-avahi to Recommends for link-local + messaging (avahi). + - Bump python-g* from >= 2.4.0 to 2.6.0. + - Bump debhelper from >= 4.0.0 to 5.0.37.2. + - Added libdbus-1-dev to Build-Depends. + * debian/rules: + - Use configure. Upstream changed to GNU automake. + + -- Christian Bjälevik Wed, 20 Dec 2006 05:10:09 +0100 + +gajim (0.10.1-6) unstable; urgency=low + + * fix LDFLAGS problem. Closes: #384439 + + -- Yann Le Boulanger Mon, 24 Jul 2006 14:45:34 +0200 + +gajim (0.10.1-5) unstable; urgency=low + + * Add dependance on python2.4. Closes: #379662 + + -- Yann Le Boulanger Mon, 19 Jul 2006 21:30:08 +0200 + +gajim (0.10.1-4) unstable; urgency=low + + * Fix warning at installation. Closes: #366725 + * Fix pt_BR translation. + + -- Yann Le Boulanger Mon, 19 Jul 2006 21:30:08 +0200 + +gajim (0.10.1-3) unstable; urgency=low + + * Updated for new Python policy. + * nautilus-sendto is now suggested. Closes: #377309 + + -- Yann Le Boulanger Mon, 17 Jul 2006 16:46:58 +0200 + +gajim (0.10.1-2) unstable; urgency=low + + * new pytyhon policy Closes: #375310 + * default player is now 'aplay -q' Closes: #374529 + * python-gnupginterface now support python2.4. Recommends this one. + * Standards-version updated to 3.7.2 (no changes needed). + + -- Yann Le Boulanger Tue, 27 Jun 2006 22:47:08 +0200 + +gajim (0.10.1-1) unstable; urgency=low + + * new upstream release + + -- Yann Le Boulanger Fri, 2 Jun 2006 22:07:29 +0200 + +gajim (0.10.1-0ubuntu5) edgy; urgency=low + + * po/{de,pl}.po: s/\·/\ /g. Translators should now this... + Closes: Ubuntu #66291. + + -- Christian Bjälevik Wed, 18 Oct 2006 21:37:59 +0200 + +gajim (0.10.1-0ubuntu4) edgy; urgency=low + + * src/common/connection_handlers.py: + - Applied changeset 6606 and 6685 from upstream SVN. + Closes Ubuntu: #44321 + + -- Christian Bjälevik Mon, 18 Sep 2006 20:52:35 +0200 + +gajim (0.10.1-0ubuntu3) edgy; urgency=low + + * debian/control: + - Dependency changes for the python transition. + + -- Christian Bjälevik Wed, 19 Jul 2006 23:20:47 +0200 + +gajim (0.10.1-0ubuntu2) edgy; urgency=low + + * Upload to edgy aswell. + + -- Christian Bjälevik Fri, 30 Jun 2006 14:59:47 +0200 + +gajim (0.10.1-0ubuntu1) dapper-updates; urgency=low + + * New upstream release: + + freeze and lost contacts in roster (#1953) + + popup menus are correctly placed + + high CPU usage on FreeBSD (#1963) + + nickname can contain '|' (#1913) + + update pl, cs, fr translations + + don't play sound, when no event is shown (#1970) + + set gajim icon for history manager + + gajim.desktop is generated with translation (#834) + + preventing several TBs and annoyances (r6273, r6275, r6279, r6301, + r6308, r6311, r6323, r6326, r6327, r6335, r6342, r6346, r6348) + + -- Christian Bjälevik Fri, 30 Jun 2006 14:31:09 +0200 + +gajim (0.10-1) unstable; urgency=low + + * new upstream release + * fix description typo Closes: #349249 + * Gajim now recommends dnsutils instead of python-dns + * Gajim now depends on python2.4 Closes: #357777, #364078 + * Use Gajim's GnuPGInterface file as there is no python2.4-gnupginterface + package + + -- Yann Le Boulanger Wed, 12 Apr 2006 10:55:16 +0100 + +gajim (0.10-0ubuntu4) dapper; urgency=low + + * debian/control: + - Add Binary Recommends on libnotify1, notification-daemon + (Closes: Malone #29590). + * Makefile, po/**: + - Applied upstream changeset #6317 (Closes: Malone #45448). + - Reference: http://trac.gajim.org/changeset/6317 + + -- Christian Bjälevik Tue, 23 May 2006 19:17:43 +0200 + +gajim (0.10-0ubuntu3) dapper; urgency=low + + * src/eggtrayicon.c: + + Make the notification area icon background transparent + + -- Sebastian Dröge Tue, 9 May 2006 10:25:29 +0200 + +gajim (0.10-0ubuntu2) dapper; urgency=low + + * po/sv/LC_MESSAGES/gajim.po: + - s/eddeande/eddelande/ (i.e. fix typo). + - Thanks Linus Mannervik! + + -- Christian Bjälevik Mon, 8 May 2006 14:48:23 +0200 + +gajim (0.10-0ubuntu1) dapper; urgency=low + + * New upstream release: + + One Messages Window ability (default to it) with tab reorder ability + + Gajim no longer remains unresponsive + + Gajim now uses less memory + + File Transfer works better (now should work out of the box for all) + + Meta Contacts ability (relationships between contacts) + + Support for legacy composing event (JEP-0022). + Now 'Contact is composing a message' will always work + + Gajim now defaults to theme that uses GTK colors + + Roster Management Improvements (f.e. editablity of transport names, + extended Drag and Drop Functionality) + + History (chat logs) Manager (search globally, delete, etc) + + Animated Emoticons ability + + Support for GTalk email notifications for GMail + + Room administrators can modify room ban list + + Gajim no longer optionally depends on pydns or dnspython. + Requires dnsutils (or whatever package provides the nslookup binary) + + gajim-remote has extended functionality + + Improved Preset Status Messages Experience + + Detection for CRUX as user's operating system + + New art included, appropriate sizes of icons used where available + + Translations under Windows now work okay + + Tons of fixes for bugs and annoyances. + * debian/control: + - Binary Depend on dnsutils instead of dnspython | python-dns + + -- Christian Bjälevik Tue, 2 May 2006 02:11:53 +0200 + +gajim (0.9.1-2ubuntu8) dapper; urgency=low + + * src/common/xmpp/auth.py: + - Reworked and applied patch taken from upstream + (http://trac.gajim.org/changeset/5590). + Will hopefully close Malone #29806. + + -- Christian Bjälevik Thu, 16 Mar 2006 17:59:35 +0100 + +gajim (0.9.1-2ubuntu7) dapper; urgency=low + + * Don't set the MimeType to application/x-executable. Gajim IS an executable + but can't open executables... (Closes: Malone #33321) + + -- Sebastian Dröge Thu, 16 Mar 2006 16:47:08 +0100 + +gajim (0.9.1-2ubuntu6) dapper; urgency=low + + * po/{sk,sv}/LC_MESSAGES/gajim.po: + - Updates taken from the gajim-translators mailinglist. + + -- Christian Bjälevik Thu, 16 Mar 2006 12:30:46 +0100 + +gajim (0.9.1-2ubuntu5) dapper; urgency=low + + * Version-checking patch for libnotify found on upstream + bugtracker (http://trac.gajim.org/ticket/1347). + + -- Christian Bjälevik Mon, 23 Jan 2006 02:01:46 +0100 + +gajim (0.9.1-2ubuntu4) dapper; urgency=low + + * Fixed timeout calculating (seconds*1000 not seconds/1000) + + -- Stephan Hermann Wed, 11 Jan 2006 19:04:42 +0100 + +gajim (0.9.1-2ubuntu3) dapper; urgency=low + + * Fixed one missing line in the libnotify patch (thx to Kaahl) + + -- Stephan Hermann Wed, 11 Jan 2006 16:12:04 +0100 + +gajim (0.9.1-2ubuntu2) dapper; urgency=low + + * Applied patch to fix libnotify issue (Closes: upstram + #1347) + + -- Stephan Hermann Tue, 10 Jan 2006 13:33:07 +0100 + +gajim (0.9.1-2ubuntu1) dapper; urgency=low + + * Resynchronize with Debian + * Got rid of the patch system and moving all ubuntu development to a bzr repos + * Applied all patches + * Applied all debian changes + * debian/control: + + Changed Recommends of dnspython | python-dns to Dependencies (it should be + the default) + * debian/changelog: + + Merged all missing changelog entries from debian + + -- Stephan Hermann Thu, 5 Jan 2006 18:39:41 +0100 + +gajim (0.9.1-2) unstable; urgency=low + + * fix group bug Closes: #345306 + + -- Yann Le Boulanger Fri, 30 Dec 2005 13:09:55 +0100 + +gajim (0.9.1-1) unstable; urgency=low + + * new upstream release + * Gajim now reconnects when connection is lost Closes: #329376 + * Status-changer widget's behaviour has been improved Closes: #340499 + * Gajim now recommends python-dns Closes: #340492 + * new russian translation Closes: #337971 + * Gajim now depends on python-pysqlite2, recommends python-dbus and + notification-daemon, and suggests python-gnome2 + + -- Yann Le Boulanger Fri, 27 Dec 2005 01:20:54 +0100 + +gajim (0.9.1-0ubuntu1) dapper; urgency=low + + * New upstream release: + + Fix a bug when joining a group chat. + + Fix a bug when starting Gajim. + * debian/watch: + - Updated to download tar.gz instead of tar.bz2. + + -- Christian Bjälevik Tue, 27 Dec 2005 10:11:50 +0100 + +gajim (0.9.0-0ubuntu1) dapper; urgency=low + + * New upstream release + * Applied ubuntu human patch + * Applied ubuntu launchpad integration patch + + -- Stephan Hermann Sat, 24 Dec 2005 19:46:28 +0100 + +gajim (0.8.2-1) unstable; urgency=low + + * all files in ~/.gajim are not 700: Closes: #325080 + * gajim-remote.py is now in package: Closes: #324481 + * updated russian translation: Closes: #325126 + * theme issue fixed: Closes: #324493 + * Gajim can now use python-dns so SRV works: Closes: #326655 + * Gajim now depends on python-gtk2 >= 2.6.0 + + -- Yann Le Boulanger Sun, 02 Sep 2005 14:56:48 +0200 + +gajim (0.8.2-0ubuntu4) breezy; urgency=low + + * debian/patches/02_gpg_agent.patch: + - Dropped, crashes without a gpg-agent. + - Closes: Malone #2179. + * debian/watch: + - readded after disapperance. + * po/*: + - Synced with the Rosetta breezy translations. + * po/Makefile: + - Add sv, it, eu. + + -- Christian Bjälevik Fri, 30 Sep 2005 15:22:53 +0200 + +gajim (0.8.2-0ubuntu3) breezy; urgency=low + + * Added patch to provide launchpad integration + * debian/control: added python-launchpad-integration to depends + + -- Stephan Hermann Fri, 9 Sep 2005 20:07:04 +0200 + +gajim (0.8.2-0ubuntu2) breezy; urgency=low + + * debian/gajim.install + + Added the po-files. + + -- Sebastian Dröge Wed, 7 Sep 2005 18:11:51 +0200 + +gajim (0.8.2-0ubuntu1) breezy; urgency=low + + * New upstream release + + Gajim now works in pygtk28. + + Gajim now also can use pydns (apart from dnspython) to + do srv lookups. + * debian/control: + - Added python-dns as an alternative to dnspython in deps. + * debian/patches/03_chatwindow_fix.patch: + - Dropped, this patch is in the new upstream. + * debian/watch: + - Added watchfile. + + -- Christian Bjälevik Tue, 6 Sep 2005 19:14:20 +0200 + +gajim (0.8.1-0ubuntu2) breezy; urgency=low + + * debian/patches/02_gpg-agent.patch: + - Bring back exactly one (1) part of this patch: + We now set "use_gpg_agent = True" by default again! + * debian/patches/04_human-default.patch: + - Applied patch to set "human" as the default theme :-). + + -- Christian Bjälevik Sun, 4 Sep 2005 21:29:30 +0200 + +gajim (0.8.1-0ubuntu1) breezy; urgency=low + + * New upstream release + + Gajim is now also available in Dutch. + + Gajim can now optionally use gpg-agent (advanced setting). + * debian/patches/01_srv-dns-lookup.patch: + - Removed, deprecated. + * debian/patches/02_gpg-agent.patch: + - Removed, deprecated. + + -- Christian Bjälevik Sat, 3 Sep 2005 18:49:56 +0200 + +gajim (0.8-1) unstable; urgency=low + + * new upstream release + * use cdbs + * build-depend on libxss-dev Closes: #323524 + * translation improved Closes: #324094,#323993 + * Standards-version updated to 3.6.2 (no changes needed). + + -- Yann Le Boulanger Fri, 1 Jul 2005 18:35:02 +0200 + +gajim (0.8-0ubuntu5) breezy; urgency=low + + * debian/patches/02_gpg-agent.patch: + - Replaced with a modified version which also fixes + the BADSIG detection and does not sign auto-presence. + - Reference: http://trac.gajim.org/ticket/733 + * debian/patches/03_chatwindow-fix.patch: + - Applied patch to fix the chatwindow crasher + (thanks Sebastian Dröge). + * debian/control: + - Add Suggests for seahorse (seahorse-agent is nifty). + + -- Christian Bjälevik Sat, 3 Sep 2005 15:14:27 +0200 + +gajim (0.8-0ubuntu4) breezy; urgency=low + + * Applied patch to provide gpg-agent support to gajim + (Closes Upstream: http://trac.gajim.org/ticket/733) + + -- Stephan Hermann Thu, 25 Aug 2005 09:44:35 +0200 + +gajim (0.8-0ubuntu3) breezy; urgency=low + + * Applied patch to fix the srv dns lookup for broken server installs + (Closes Upstream: http://trac.gajim.org/ticket/735) + + -- Stephan Hermann Wed, 24 Aug 2005 20:26:47 +0200 + +gajim (0.8-0ubuntu2) breezy; urgency=low + + * debian/control: added python-gnome2-extras to the build-deps and + python2.4-gnome2-extras to install-deps + + -- Stephan Hermann Wed, 24 Aug 2005 11:26:52 +0200 + +gajim (0.8-0ubuntu1) breezy; urgency=low + + * adjusted debian/rules to use dh_python + * Rewrite debian/rules to debhelper + * replaced debmake with debhelper + * New Upstream Version + * Initial Ubuntu Release + + -- Stephan Hermann Sun, 21 Aug 2005 18:07:58 +0200 + +gajim (0.7.1-1) unstable; urgency=low + + * Initial Release. Closes: #311215 + * GnuPGInterface module is in debian, no need to keep it in sources. + + -- Yann Le Boulanger Wed, 15 Jun 2005 23:22:19 +0200 + --- gajim-0.13.4.orig/debian/docs +++ gajim-0.13.4/debian/docs @@ -0,0 +1 @@ +README --- gajim-0.13.4.orig/debian/control +++ gajim-0.13.4/debian/control @@ -0,0 +1,23 @@ +Source: gajim +Section: net +Priority: optional +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Yann Leboulanger +Build-Depends: debhelper (>= 7), cdbs (>= 0.4.43), python-support (>= 0.7.1), python-dev, libgtk2.0-dev, python-gtk2-dev, gettext (>= 0.17-4), intltool (>= 0.40.1), imagemagick, python-central (>= 0.5) +Build-Conflicts: python2.3 +XS-Python-Version: >= 2.4 +Standards-Version: 3.8.3 +Homepage: http://www.gajim.org +Vcs-Hg: http://hg.gajim.org/gajim/ +Vcs-Browser: http://hg.gajim.org/gajim/file + +Package: gajim +Architecture: any +XB-Python-Version: ${python:Versions} +Depends: ${misc:Depends}, ${shlibs:Depends}, ${python:Depends}, python-support (>= 0.7.1), python-glade2 (>= 2.12.0), python-gtk2 (>= 2.12.0), dnsutils +Recommends: dbus, python-dbus, notification-daemon, python-gnupginterface, python-openssl (>= 0.9), python-crypto +Suggests: python-gconf, python-gnome2, nautilus-sendto, avahi-daemon, python-avahi, network-manager, libgtkspell0, aspell-en, python-gnomekeyring, gnome-keyring, python-sexy, python-kerberos (>= 1.1), texlive-latex-base, dvipng +Description: Jabber client written in PyGTK + Gajim is a Jabber client. It has a tabbed user interface with normal chats, + group chats, and has many features such as, TLS, GPG, SSL, multiple accounts, + avatars, file transfers, D-Bus and Metacontacts. --- gajim-0.13.4.orig/debian/gajim.manpages +++ gajim-0.13.4/debian/gajim.manpages @@ -0,0 +1,3 @@ +data/gajim.1 +data/gajim-remote.1 +debian/gajim-history-manager.1 --- gajim-0.13.4.orig/debian/pycompat +++ gajim-0.13.4/debian/pycompat @@ -0,0 +1 @@ +2 --- gajim-0.13.4.orig/debian/compat +++ gajim-0.13.4/debian/compat @@ -0,0 +1 @@ +7 --- gajim-0.13.4.orig/debian/copyright +++ gajim-0.13.4/debian/copyright @@ -0,0 +1,28 @@ +This package was debianized by Yann Leboulanger asterix@lagaule.org on +Wed, 16 Jun 2005 20:00:00 +0100. + +It was downloaded from: + http://www.gajim.org/downloads/ + +Upstream Authors: + - Yann Le Boulanger + - Jean-Marie Traissard + - Stephan Erb + + +Copyright: (c) 2003-2009 Gajim Team + +This program is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; version 3 + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with Debian system; see the file /usr/share/common-licenses/GPL-3. If not, +write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +Boston, MA 02110-1301, USA. + --- gajim-0.13.4.orig/debian/gajim-remote.manpages +++ gajim-0.13.4/debian/gajim-remote.manpages @@ -0,0 +1 @@ +data/gajim-remote.1 --- gajim-0.13.4.orig/debian/pyversions +++ gajim-0.13.4/debian/pyversions @@ -0,0 +1 @@ +2.4 --- gajim-0.13.4.orig/debian/gajim-history-manager.1 +++ gajim-0.13.4/debian/gajim-history-manager.1 @@ -0,0 +1,21 @@ +.\" 20050901 +.TH "Gajim-history-manager" "1" "September 01, 2005" "Gajim dev team" "" +.SH "NAME" +Gajim-history-manager \- Tool to manage gajim logs +.SH "SYNOPSIS" +.B gajim-history-manager [\-c config-path] [\-h] +.SH "DESCRIPTION" +.B Gajim-history-manager +is a tool to manage (do some cleanup) log file of Gajim jabber client. +.PP +.SH "OPTIONS" +.TP +\fB\-c\fR, \fB\-\-config-path\fR path +Path where logs.db is located. ~/.gajim by default. +.TP +\fB\-h\fR, \fB\-\-help\fR +Print this help. +.SH "FEEDBACK" +You can report bugs or feature requests in http://trac.gajim.org or in the mailing list: http://lists.gajim.org/cgi\-bin/listinfo/gajim\-devel. You can also find us in our room gajim@conference.gajim.org +.SH "AUTHORS" +Written by Yann Le Boulanger , Nikos Kouremenos and Dimitur Kirov . --- gajim-0.13.4.orig/debian/README.Debian +++ gajim-0.13.4/debian/README.Debian @@ -0,0 +1,6 @@ +gajim for Debian +---------------- + +If you want to use OpenPGP in gajim, you have to install python-gnupginterface. + + -- Yann Le Boulanger , Mon, 20 Jun 2005 12:02:31 +0200 --- gajim-0.13.4.orig/debian/rules +++ gajim-0.13.4/debian/rules @@ -0,0 +1,17 @@ +#!/usr/bin/make -f +DEB_PYTHON_SYSTEM=pysupport + +# Debhelper must be included before python-distutils to use +# # # dh_python / dh_pycentral / dh_pysupport +include /usr/share/cdbs/1/rules/debhelper.mk +include /usr/share/cdbs/1/rules/simple-patchsys.mk +include /usr/share/cdbs/1/class/autotools.mk + +DEB_CONFIGURE_EXTRA_FLAGS := --prefix=/usr +DEB_MAKE_BUILD_TARGET := all +DEB_MAKE_INSTALL_TARGET = install DESTDIR=$(DEB_DESTDIR) + +binary-install/gajim:: + rm $(DEB_DESTDIR)/usr/share/gajim/src/common/GnuPGInterface.py* + dh_pysupport -pgajim + convert $(DEB_DESTDIR)/usr/share/pixmaps/gajim.png -resize 32x32 $(DEB_DESTDIR)/usr/share/pixmaps/gajim.xpm --- gajim-0.13.4.orig/debian/watch +++ gajim-0.13.4/debian/watch @@ -0,0 +1,4 @@ +version=2 +http://www.gajim.org/downloads/(\d.\d*)/gajim-(.*)\.tar\.gz debian uupdate +# It seems that only release 0.12 was directly in downloads/ directory... +#http://www.gajim.org/downloads/gajim-(.*)\.tar\.gz debian uupdate --- gajim-0.13.4.orig/debian/gajim.menu +++ gajim-0.13.4/debian/gajim.menu @@ -0,0 +1,8 @@ +?package(gajim): \ + needs="X11" \ + section="Applications/Network/Communication" \ + command="/usr/bin/gajim" \ + icon="/usr/share/pixmaps/gajim.xpm" \ + title="Gajim" \ + longtitle="Gajim: GTK Jabber Client" \ + description="GTK Jabber Client." --- gajim-0.13.4.orig/debian/dirs +++ gajim-0.13.4/debian/dirs @@ -0,0 +1,8 @@ +usr/bin +usr/share/gajim +usr/share/man/man1 +usr/share/pixmaps +usr/share/applications +usr/share/menu +usr/share/lintian/overrides +usr/lib/gajim --- gajim-0.13.4.orig/debian/patches/ubuntu-keyring.patch +++ gajim-0.13.4/debian/patches/ubuntu-keyring.patch @@ -0,0 +1,19 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## ubuntu-keyring.dpatch by > +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Description: Change keyring to 'login', which is what gets unlocked at login. + +@DPATCH@ +diff -urNad dev~/src/common/passwords.py dev/src/common/passwords.py +--- dev~/src/common/passwords.py 2009-04-02 15:39:09.000000000 +0100 ++++ dev/src/common/passwords.py 2009-04-02 15:39:49.882017272 +0100 +@@ -56,7 +56,7 @@ + def __init__(self): + self.keyring = gnomekeyring.get_default_keyring_sync() + if self.keyring is None: +- self.keyring = 'default' ++ self.keyring = 'login' + try: + gnomekeyring.create_sync(self.keyring, None) + except gnomekeyring.AlreadyExistsError: --- gajim-0.13.4.orig/debian/patches/CVE-2012-2086.patch +++ gajim-0.13.4/debian/patches/CVE-2012-2086.patch @@ -0,0 +1,152 @@ +Description: prevent sql injections CVE-2012-2086 +Origin: https://trac.gajim.org/changeset/bc296e96ac10 +Bug: https://trac.gajim.org/ticket/7031 + +@DPATCH@ +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' gajim-lucid.orig~/src/common/logger.py gajim-lucid.orig/src/common/logger.py +--- gajim-lucid.orig~/src/common/logger.py 2012-05-01 15:19:52.000000000 +0200 ++++ gajim-lucid.orig/src/common/logger.py 2012-05-01 15:23:03.891116311 +0200 +@@ -527,7 +527,7 @@ + except exceptions.PysqliteOperationalError, e: + # Error trying to create a new jid_id. This means there is no log + return [] +- where_sql = self._build_contact_where(account, jid) ++ where_sql, jid_tuple = self._build_contact_where(account, jid) + + now = int(float(time.time())) + timed_out = now - (timeout * 60) # before that they are too old +@@ -539,10 +539,9 @@ + WHERE (%s) AND kind IN (%d, %d, %d, %d, %d) AND time > %d + ORDER BY time DESC LIMIT %d OFFSET %d + ''' % (where_sql, constants.KIND_SINGLE_MSG_RECV, +- constants.KIND_CHAT_MSG_RECV, constants.KIND_SINGLE_MSG_SENT, +- constants.KIND_CHAT_MSG_SENT, constants.KIND_ERROR, +- timed_out, restore_how_many_rows, pending_how_many) +- ) ++ constants.KIND_CHAT_MSG_RECV, constants.KIND_SINGLE_MSG_SENT, ++ constants.KIND_CHAT_MSG_SENT, constants.KIND_ERROR, timed_out, ++ restore_how_many_rows, pending_how_many), jid_tuple) + + results = self.cur.fetchall() + except sqlite.DatabaseError: +@@ -569,7 +568,7 @@ + except exceptions.PysqliteOperationalError, e: + # Error trying to create a new jid_id. This means there is no log + return [] +- where_sql = self._build_contact_where(account, jid) ++ where_sql, jid_tuple = self._build_contact_where(account, jid) + + start_of_day = self.get_unix_time_from_date(year, month, day) + seconds_in_a_day = 86400 # 60 * 60 * 24 +@@ -580,7 +579,7 @@ + WHERE (%s) + AND time BETWEEN %d AND %d + ORDER BY time +- ''' % (where_sql, start_of_day, last_second_of_day)) ++ ''' % (where_sql, start_of_day, last_second_of_day), jid_tuple) + + results = self.cur.fetchall() + return results +@@ -603,13 +602,13 @@ + return results + + else: # user just typed something, we search in message column +- where_sql = self._build_contact_where(account, jid) ++ where_sql, jid_tuple = self._build_contact_where(account, jid) + like_sql = '%' + query.replace("'", "''") + '%' + self.cur.execute(''' + SELECT contact_name, time, kind, show, message, subject FROM logs + WHERE (%s) AND message LIKE '%s' + ORDER BY time +- ''' % (where_sql, like_sql)) ++ ''' % (where_sql, like_sql), jid_tuple) + + results = self.cur.fetchall() + return results +@@ -622,7 +621,7 @@ + # Error trying to create a new jid_id. This means there is no log + return [] + days_with_logs = [] +- where_sql = self._build_contact_where(account, jid) ++ where_sql, jid_tuple = self._build_contact_where(account, jid) + + # First select all date of month whith logs we want + start_of_month = self.get_unix_time_from_date(year, month, 1) +@@ -640,7 +639,7 @@ + AND kind NOT IN (%d, %d) + ORDER BY time + ''' % (where_sql, start_of_month, last_second_of_month, +- constants.KIND_STATUS, constants.KIND_GCSTATUS)) ++ constants.KIND_STATUS, constants.KIND_GCSTATUS), jid_tuple) + result = self.cur.fetchall() + + # convert timestamps to day of month +@@ -654,19 +653,21 @@ + we had logs (excluding statuses)''' + where_sql = '' + if not is_room: +- where_sql = self._build_contact_where(account, jid) ++ where_sql, jid_tuple = self._build_contact_where(account, jid) + else: + try: + jid_id = self.get_jid_id(jid, 'ROOM') + except exceptions.PysqliteOperationalError, e: + # Error trying to create a new jid_id. This means there is no log + return None +- where_sql = 'jid_id = %s' % jid_id ++ where_sql = 'jid_id = ?' ++ jid_tuple = (jid_id,) + self.cur.execute(''' + SELECT MAX(time) FROM logs + WHERE (%s) + AND kind NOT IN (%d, %d) +- ''' % (where_sql, constants.KIND_STATUS, constants.KIND_GCSTATUS)) ++ ''' % (where_sql, constants.KIND_STATUS, constants.KIND_GCSTATUS), ++ jid_tuple) + + results = self.cur.fetchone() + if results is not None: +@@ -683,11 +684,13 @@ + except exceptions.PysqliteOperationalError, e: + # Error trying to create a new jid_id. This means there is no log + return None +- where_sql = 'jid_id = %s' % jid_id ++ where_sql = 'jid_id = ?' ++ jid_tuple = (jid_id,) ++ + self.cur.execute(''' + SELECT time FROM rooms_last_message_time + WHERE (%s) +- ''' % (where_sql)) ++ ''' % (where_sql), jid_tuple) + + results = self.cur.fetchone() + if results is not None: +@@ -709,6 +712,7 @@ + '''build the where clause for a jid, including metacontacts + jid(s) if any''' + where_sql = '' ++ jid_tuple = () + # will return empty list if jid is not associated with + # any metacontacts + family = gajim.contacts.get_metacontacts_family(account, jid) +@@ -718,13 +722,15 @@ + jid_id = self.get_jid_id(user['jid']) + except exceptions.PysqliteOperationalError, e: + continue +- where_sql += 'jid_id = %s' % jid_id ++ where_sql += 'jid_id = ?' ++ jid_tuple += (jid_id,) + if user != family[-1]: + where_sql += ' OR ' + else: # if jid was not associated with metacontacts + jid_id = self.get_jid_id(jid) +- where_sql = 'jid_id = %s' % jid_id +- return where_sql ++ where_sql = 'jid_id = ?' ++ jid_tuple += (jid_id,) ++ return where_sql,jid_tuple + + def save_transport_type(self, jid, type_): + '''save the type of the transport in DB''' + --- gajim-0.13.4.orig/debian/patches/CVE-2012-2085.patch +++ gajim-0.13.4/debian/patches/CVE-2012-2085.patch @@ -0,0 +1,49 @@ +Description: prevent assisted code execution CVE-2012-2085 +Origin: https://trac.gajim.org/changeset/bc296e96ac10 +Bug: https://trac.gajim.org/ticket/7031 + +@DPATCH@ +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' gajim-lucid.orig~/src/common/helpers.py gajim-lucid.orig/src/common/helpers.py +--- gajim-lucid.orig~/src/common/helpers.py 2012-05-01 15:19:52.000000000 +0200 ++++ gajim-lucid.orig/src/common/helpers.py 2012-05-01 15:20:49.347118151 +0200 +@@ -39,6 +39,7 @@ + import base64 + import sys + import hashlib ++import shlex + + from encodings.punycode import punycode_encode + +@@ -355,8 +356,18 @@ + pass + return False + +-def exec_command(command): +- subprocess.Popen('%s &' % command, shell=True).wait() ++def exec_command(command, use_shell=False): ++ """ ++ execute a command. if use_shell is True, we run the command as is it was ++ typed in a console. So it may be dangerous if you are not sure about what ++ is executed. ++ """ ++ if use_shell: ++ subprocess.Popen('%s &' % command, shell=True).wait() ++ else: ++ args = shlex.split(command.encode('utf-8')) ++ p = subprocess.Popen(args) ++ gajim.thread_interface(p.wait) + + def build_command(executable, parameter): + # we add to the parameter (can hold path with spaces) +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' gajim-lucid.orig~/src/notify.py gajim-lucid.orig/src/notify.py +--- gajim-lucid.orig~/src/notify.py 2012-05-01 15:19:52.000000000 +0200 ++++ gajim-lucid.orig/src/notify.py 2012-05-01 15:21:18.347117755 +0200 +@@ -323,7 +323,7 @@ + command = gajim.config.get_per('notifications', str(advanced_notif_num), + 'command') + try: +- helpers.exec_command(command) ++ helpers.exec_command(command, use_shell=True) + except Exception: + pass + --- gajim-0.13.4.orig/debian/patches/00_gnomekeyring-error.patch +++ gajim-0.13.4/debian/patches/00_gnomekeyring-error.patch @@ -0,0 +1,14 @@ +Index: src/common/passwords.py +=================================================================== +--- src/common/passwords.py Sun Apr 25 21:13:15 2010 +0200 ++++ src/common/passwords.py Thu Nov 04 20:33:05 2010 +0100 +@@ -197,7 +197,8 @@ + if USER_USES_GNOMEKEYRING: + try: + storage = GnomePasswordStorage() +- except (gnomekeyring.NoKeyringDaemonError, gnomekeyring.DeniedError): ++ except (gnomekeyring.NoKeyringDaemonError, gnomekeyring.DeniedError, ++ gnomekeyring.CancelledError): + storage = None + if storage is None: + if gajim.config.get('use_kwalletcli'): --- gajim-0.13.4.orig/debian/patches/00_debian-copying.patch +++ gajim-0.13.4/debian/patches/00_debian-copying.patch @@ -0,0 +1,22 @@ +Index: Makefile.am +=================================================================== +--- Makefile.am (revision 7202) ++++ Makefile.am (working copy) +@@ -9,7 +9,6 @@ + docfiles_DATA = README \ + README.html \ + ChangeLog \ +- COPYING \ + THANKS \ + AUTHORS + +--- Makefile.in ++++ Makefile.in +@@ -273,7 +273,6 @@ + docfiles_DATA = README \ + README.html \ + ChangeLog \ +- COPYING \ + THANKS \ + AUTHORS + --- gajim-0.13.4.orig/debian/patches/CVE-2012-2093.patch +++ gajim-0.13.4/debian/patches/CVE-2012-2093.patch @@ -0,0 +1,109 @@ +Description: fix insecure tmpfile creation CVE-2012-2093 +Origin: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668710 +Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668710 + +@DPATCH@ +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' gajim-lucid.orig~/src/common/latex.py gajim-lucid.orig/src/common/latex.py +--- gajim-lucid.orig~/src/common/latex.py 2012-05-01 15:19:52.000000000 +0200 ++++ gajim-lucid.orig/src/common/latex.py 2012-05-01 15:26:22.031113594 +0200 +@@ -29,7 +29,7 @@ + + import os + import random +-from tempfile import gettempdir ++from tempfile import gettempdir,mkstemp,mkdtemp + from subprocess import Popen, PIPE + + import logging +@@ -57,10 +57,10 @@ + return True + return False + +-def get_tmpfile_name(): ++def get_tmpfile_name(tmpdir): + random.seed() + int_ = random.randint(0, 100) +- return os.path.join(gettempdir(), 'gajimtex_' + int_.__str__()) ++ return os.path.join(tmpdir, 'gajimtex_' + int_.__str__()) + + def write_latex(filename, str_): + texstr = '\\documentclass[12pt]{article}\\usepackage[dvips]{graphicx}' +@@ -78,12 +78,12 @@ + # a wrapper for Popen so that no window gets opened on Windows + # (i think this is the reason we're using Popen rather than just system()) + # stdout goes to a pipe so that it can be read +-def popen_nt_friendly(command): ++def popen_nt_friendly(command, directory): + if os.name == 'nt': + # CREATE_NO_WINDOW +- return Popen(command, creationflags=0x08000000, cwd=gettempdir(), stdout=PIPE) ++ return Popen(command, creationflags=0x08000000, cwd=directory, stdout=PIPE) + else: +- return Popen(command, cwd=gettempdir(), stdout=PIPE) ++ return Popen(command, cwd=directory, stdout=PIPE) + + def check_for_latex_support(): + '''check is latex is available and if it can create a picture.''' +@@ -98,9 +98,9 @@ + except LatexError: + return False + +-def try_run(argv): ++def try_run(argv, directory): + try: +- p = popen_nt_friendly(argv) ++ p = popen_nt_friendly(argv, directory) + out = p.communicate()[0] + log.info(out) + return p.wait() +@@ -125,21 +125,28 @@ + # we triggered the blacklist, immediately return None + return None + +- tmpfile = get_tmpfile_name() ++ tmpdir = "" ++ tmppng = "" ++ try: ++ tmpdir = mkdtemp(prefix="gajim") ++ tmppng = mkstemp(suffix=".png")[1] ++ except Exception: ++ raise LatexError("could not securely create one or more temporary files for LaTeX conversion") + ++ tmpfile = get_tmpfile_name(tmpdir) + # build latex string + write_latex(os.path.join(tmpfile + '.tex'), str_) + + # convert TeX to dvi + exitcode = try_run(['latex', '--interaction=nonstopmode', +- tmpfile + '.tex']) ++ tmpfile + '.tex'], tmpdir) + + if exitcode == 0: + # convert dvi to png + latex_png_dpi = gajim.config.get('latex_png_dpi') + exitcode = try_run(['dvipng', '-bg', bg_str, '-fg', fg_str, '-T', + 'tight', '-D', latex_png_dpi, tmpfile + '.dvi', '-o', +- tmpfile + '.png']) ++ tmpfile + '.png'], tmpdir) + + # remove temp files created by us and TeX + extensions = ['.tex', '.log', '.aux', '.dvi'] +@@ -149,11 +156,17 @@ + except Exception: + pass + ++ if exitcode == 0: ++ os.rename(tmpfile + '.png', tmppng) ++ else: ++ os.remove(tmppng) ++ ++ os.rmdir(tmpdir) + if isinstance(exitcode, (unicode, str)): + raise LatexError(exitcode) + + if exitcode == 0: +- result = tmpfile + '.png' ++ result = tmppng + + return result + --- gajim-0.13.4.orig/debian/patches/config-write-sync.patch +++ gajim-0.13.4/debian/patches/config-write-sync.patch @@ -0,0 +1,33 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## config-write-sync.patch by > +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Ubuntu: https://bugs.launchpad.net/ubuntu/+source/gajim/+bug/349661 +## DP: Description: Make the explicit configuration file removal only happen on Windows. + +@DPATCH@ +diff -urNad dev~/src/common/optparser.py dev/src/common/optparser.py +--- dev~/src/common/optparser.py 2008-12-24 16:57:49.000000000 +0000 ++++ dev/src/common/optparser.py 2009-04-02 16:10:48.942981585 +0100 +@@ -118,13 +118,16 @@ + gajim.config.foreach(self.write_line, f) + except IOError, e: + return str(e) ++ f.flush() ++ os.fsync(f.fileno()) + f.close() + if os.path.exists(self.__filename): +- # win32 needs this +- try: +- os.remove(self.__filename) +- except Exception: +- pass ++ if os.name == 'nt': ++ # win32 needs this ++ try: ++ os.remove(self.__filename) ++ except Exception: ++ pass + try: + os.rename(self.__tempfile, self.__filename) + except IOError, e: