CMXSL.org/package-helpers-cmxsl
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

dino-im: apply CVE-2023-28686 missing upstream

Browse source
This commit is contained in:
Luis Guzmán 2024-05-04 00:06:49 +00:00
parent cb72766b55
commit cf01842269
2 changed files with 70 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

37
helpers/DATA/dino-im/cve/01_ef8fb0e94ce79d5fde2943e433ad0422eb7f70ec.patch Normal file
View file

@ -0,0 +1,37 @@
From ef8fb0e94ce79d5fde2943e433ad0422eb7f70ec Mon Sep 17 00:00:00 2001
From: Marvin W <git@larma.de>
Date: Thu, 23 Mar 2023 10:13:30 -0600
Subject: [PATCH] Check sender of bookmark:1 updates
---
xmpp-vala/src/module/xep/0402_bookmarks2.vala | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/xmpp-vala/src/module/xep/0402_bookmarks2.vala b/xmpp-vala/src/module/xep/0402_bookmarks2.vala
index 406f37f43..d1e53e6e3 100644
--- a/xmpp-vala/src/module/xep/0402_bookmarks2.vala
+++ b/xmpp-vala/src/module/xep/0402_bookmarks2.vala
@@ -68,6 +68,11 @@ public class Module : BookmarksProvider, XmppStreamModule {
}
private void on_pupsub_item(XmppStream stream, Jid jid, string id, StanzaNode? node) {
+ if (!jid.equals(stream.get_flag(Bind.Flag.IDENTITY).my_jid.bare_jid)) {
+ warning("Received alleged bookmarks:1 item from %s, ignoring", jid.to_string());
+ return;
+ }
+
Conference conference = parse_item_node(node, id);
Flag? flag = stream.get_flag(Flag.IDENTITY);
if (flag != null) {
@@ -77,6 +82,11 @@ public class Module : BookmarksProvider, XmppStreamModule {
}
private void on_pupsub_retract(XmppStream stream, Jid jid, string id) {
+ if (!jid.equals(stream.get_flag(Bind.Flag.IDENTITY).my_jid.bare_jid)) {
+ warning("Received alleged bookmarks:1 retract from %s, ignoring", jid.to_string());
+ return;
+ }
+
try {
Jid jid_parsed = new Jid(id);
Flag? flag = stream.get_flag(Flag.IDENTITY);

33
helpers/make-dino-im Normal file
View file

@ -0,0 +1,33 @@
#!/bin/sh
#
# Copyright (C) 2024 Luis Guzmán <ark@switnet.org>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
#
VERSION=0
BUILD_UNTIL=11.0
. ./config
# Apply missing CVEs upstream
for patch in $(ls -v ${DATA}/cve/*.patch)
do
echo "> Applying $(echo $patch|xargs basename)"
patch --no-backup-if-mismatch -Np1 < $patch
done
changelog "Add missing CVEs at upstream: · CVE-2023-28686"
package