--- gajim-0.15.orig/debian/gajim.manpages +++ gajim-0.15/debian/gajim.manpages @@ -0,0 +1,3 @@ +data/gajim.1 +data/gajim-remote.1 +data/gajim-history-manager.1 --- gajim-0.15.orig/debian/docs +++ gajim-0.15/debian/docs @@ -0,0 +1 @@ +README.html --- gajim-0.15.orig/debian/gajim.menu +++ gajim-0.15/debian/gajim.menu @@ -0,0 +1,8 @@ +?package(gajim): \ + needs="X11" \ + section="Applications/Network/Communication" \ + command="/usr/bin/gajim" \ + icon="/usr/share/pixmaps/gajim.xpm" \ + title="Gajim" \ + longtitle="Gajim: GTK Jabber Client" \ + description="GTK Jabber Client." --- gajim-0.15.orig/debian/rules +++ gajim-0.15/debian/rules @@ -0,0 +1,15 @@ +#!/usr/bin/make -f + +%: + dh $@ --with python2 + +# test target is broken +override_dh_auto_test: + +override_dh_auto_configure: + convert icons/hicolor/64x64/apps/gajim.png -resize 32x32 debian/gajim.xpm + dh_auto_configure + +override_dh_auto_clean: + -rm -f debian/gajim.xpm + dh_auto_clean --- gajim-0.15.orig/debian/pyversions +++ gajim-0.15/debian/pyversions @@ -0,0 +1 @@ +2.5- --- gajim-0.15.orig/debian/README.Debian +++ gajim-0.15/debian/README.Debian @@ -0,0 +1,7 @@ +gajim for Debian +---------------- + +For video chat support, you have to install python-farsight. + + -- Yann Le Boulanger , Mon, 20 Jun 2005 12:02:31 +0200 + -- Julien Valroff Sat, 07 May 2011 13:50:27 +0200 --- gajim-0.15.orig/debian/copyright +++ gajim-0.15/debian/copyright @@ -0,0 +1,27 @@ +This package was debianized by Yann Leboulanger asterix@lagaule.org on +Wed, 16 Jun 2005 20:00:00 +0100. + +It was downloaded from: + http://www.gajim.org/downloads/ + +Upstream Authors: + - Denis Fomin + - Yann Leboulanger + + +Copyright: (c) 2003-2012 Gajim Team + +This program is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; version 3 + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with Debian system; see the file /usr/share/common-licenses/GPL-3. If not, +write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +Boston, MA 02110-1301, USA. + --- gajim-0.15.orig/debian/compat +++ gajim-0.15/debian/compat @@ -0,0 +1 @@ +7 --- gajim-0.15.orig/debian/install +++ gajim-0.15/debian/install @@ -0,0 +1 @@ +debian/gajim.xpm usr/share/pixmaps --- gajim-0.15.orig/debian/gajim-remote.manpages +++ gajim-0.15/debian/gajim-remote.manpages @@ -0,0 +1 @@ +data/gajim-remote.1 --- gajim-0.15.orig/debian/control +++ gajim-0.15/debian/control @@ -0,0 +1,19 @@ +Source: gajim +Section: net +Priority: optional +Maintainer: Yann Leboulanger +Build-Depends: debhelper (>= 7.0.50~), python (>= 2.6.6-3~), gettext (>= 0.17-4), intltool (>= 0.40.1), imagemagick, libglib2.0-dev +Standards-Version: 3.9.3 +Homepage: http://www.gajim.org +Vcs-Hg: http://hg.gajim.org/gajim/ +Vcs-Browser: http://hg.gajim.org/gajim/file + +Package: gajim +Architecture: all +Depends: ${misc:Depends}, ${python:Depends}, python-gtk2 (>= 2.16.0), dnsutils +Recommends: dbus, python-dbus, notification-daemon, python-openssl (>= 0.12), python-crypto, python-pyasn1 +Suggests: python-gconf, python-gnome2, nautilus-sendto, avahi-daemon, python-avahi, network-manager, libgtkspell0, aspell-en, python-gnomekeyring, gnome-keyring, python-kerberos (>= 1.1), texlive-latex-base, dvipng, python-farsight, gstreamer0.10-plugins-ugly, python-pycurl +Description: Jabber client written in PyGTK + Gajim is a Jabber client. It has a tabbed user interface with normal chats, + group chats, and has many features such as, TLS, GPG, SSL, multiple accounts, + avatars, file transfers, audio/video call, D-Bus and Metacontacts. --- gajim-0.15.orig/debian/changelog +++ gajim-0.15/debian/changelog @@ -0,0 +1,298 @@ +gajim (0.15-1.1) unstable; urgency=high + + * Non-maintainer upload by the Security Team. + * Fix CVE-2012-2093: insecure use of temporary files when convering LaTeX + IM messages to png images. Closes: #668710 + + -- Luk Claes Sat, 16 Jun 2012 18:22:00 +0200 + +gajim (0.15-1) unstable; urgency=low + + * New upstream release. + * remove 00_debian-copying.diff because upstream doesn't install it anymore + * remove 01_configure-ac.diff because upstream changed configure dependencies + * remove python-gnupginterface from recommands list, it's no more used + + -- Yann Leboulanger Sat, 18 Mar 2012 10:32:38 +0100 + +gajim (0.14.4-1) unstable; urgency=low + + * New upstream release. Closes: #637071 + * Fixes weird error. Closes: #632226 + * Stop suggesting unused python-sexy. Closes: #633301 + * Modify 00_debian-copying.diff to also not install ChangeLog file. + dh_changelogs will do it. + + -- Yann Leboulanger Fri, 22 Jul 2011 12:56:30 +0200 + +gajim (0.14.3-1) unstable; urgency=low + + * New upstream release. + * Fix closing roster window. Closes: #630315 + + -- Yann Leboulanger Sun, 19 Jun 2011 21:46:09 +0200 + +gajim (0.14.2-1) unstable; urgency=low + + * New upstream release. + * Fix CPU usage when testing file transfer proxies. Closes: #626576 + + -- Yann Leboulanger Tue, 07 Jun 2011 19:30:43 +0200 + +gajim (0.14.1-1) unstable; urgency=low + + [ Yann Leboulanger ] + * New upstream release. Closes: #604966 + * Correctly sanitize menuentries in chat window action context menu. + Closes: #574839 + * Fix traceback when closing file request dialog. Closes: #587186 + * Recommend python-openssl >= 0.9. Closes: #594772 + * Improve a string. Closes: #553527 + * Fix cancelling file transfer. Closes: #587679 + + [ Julien Valroff ] + * Switch to dh from CDBS and drop unused (build-)dependencies. + * Switch to dh_python2 from pysupport. Closes: #616819 + * Drop useless debian/dirs. + * Switch to 3.0 (quilt) source format. + * Update Standards-Version to 3.9.2. + * Remove useless and unused shlibs:Depends substvar. + * Add a note about python-farsight in README.Debian. + * Add patch and use dh_autoreconf to remove build-dependencies on + python-dev, python-gtk2-dev and libgtk2.0-dev. + + -- Yann Leboulanger Sat, 07 May 2011 16:01:37 +0200 + +gajim (0.13.4-1) unstable; urgency=low + + * New upstream release. + * Fix flood when trying to join a full MUC. Closes: #575688 + + -- Yann Leboulanger Fri, 02 Apr 2010 10:19:59 +0200 + +gajim (0.13.3-1) unstable; urgency=low + + * New upstream release. + * Fix connection to facebook. Closes: #569767 + + -- Yann Leboulanger Tue, 23 Feb 2010 21:00:41 +0100 + +gajim (0.13.2-1) unstable; urgency=low + + * New upstream release. + * Fix gnomekeyring usage. Closes: #562913 + * Fix completion. Closes: #563930 + * Fix typo in suggests list. Closes: #564754 + + -- Yann Leboulanger Thu, 14 Jan 2010 21:23:36 +0100 + +gajim (0.13.1-1) unstable; urgency=low + + * New upstream release. Closes: #559905 + * Update PyGTK requirement to 2.12.0 minimum + * Fix filetransfer proxies testing, keepalive handling, memory leak. + Closes: #524514 + * Better connection. Closes: #547267 + * Fix proxy test on startup. Closes: #453910 + * Fix sound playing. Closes: #527275 + * Update debhelper compatibility level to 7 + + -- Yann Leboulanger Sun, 29 Nov 2009 01:21:04 +0100 + +gajim (0.12.5-1) unstable; urgency=low + + * New upstream release which fixes file transfer. Closes: #544466 + * Fix history manager. Closes: #539109 + * Fix custom host / port usage. Closes: #539267 + * update python-gnome* dependancies. Closes: #541553 + + -- Yann Leboulanger Sun, 08 Aug 2009 00:06:15 +0100 + +gajim (0.12.3-1) unstable; urgency=low + + * New upstream release. + * OS info are now caches. Closes: #509675 + * keepalive system has been improved. Closes: #521144 + * Recommends python-crypto for encryption. Closes: #513892 + * update to 3.8.2 Debian Policy + * update to debhelper V6 + * added watch file + + -- Yann Leboulanger Sun, 24 Jun 2009 20:46:15 +0100 + +gajim (0.12.1-1) unstable; urgency=low + + * New upstream release. + * Fix coming back from suspend. Closes: #500523 + * Fix menuitem shortcut. Closes: #440530 + * Warn user when logs database is brocken. Closes: #447889 + * Check server certificate using python-openssl. Closes: #450756 + * Don't pool to get played music from Banshee. Closes: #472862 + * Escape non-ascii password correcly. Closes: #495540 + * Fix URL recognition. Closes: #407806 + * Suggest python-kerberos for GSSAPI authentication. + * Suggest python-sexy for clickable links in chat banners. + * Recommends python-openssl instead of python-pyopenssl. Package name has + changed. + * Depends on libc6 for gtkspell.so module + * Build Gajim modules against python2.5 + + -- Yann Leboulanger Wed, 21 Dec 2008 14:40:16 +0100 + +gajim (0.11.4-1) unstable; urgency=low + + * New upstream release. + * Fix tab switching. Closes: #452257 + * update to 3.7.3 Debian Policy + * Add Homepage, Vcs-Svn, Vcs-Browser fields to control file + + -- Yann Leboulanger Wed, 05 Dec 2007 22:23:30 +0100 + +gajim (0.11.3-1) unstable; urgency=low + + * New upstream release. + * Fix depand list so that Gajim will work when python2.5 will be the + default. Closes: #445275 + * Fix focus bug. Closes: #447985 + * Depend on dnsutils to use SRV records. Closes: #434690 + + -- Yann Leboulanger Fri, 16 Nov 2007 19:01:54 +0100 + +gajim (0.11.2-1) unstable; urgency=low + + * New upstream release. + * Don't optionaly depend on python2.5. Closes: #418252 + * Better handle gnome-keyring. Closes: #433315, #424293 + * Handle dbus restart. Closes: #434993 + * Don't allow bookmark creation on server that don't support that. + Closes: #438620 + * Fix list_contact dbus signature. Closes: #440225 + * Remove changelog.gz from /usr/share/doc/gajim. Closes: #412632 + + -- Yann Le Boulanger Sun, 22 Sep 2007 22:22:34 +0100 + +gajim (0.11.1-1) unstable; urgency=low + + * New upstream release. + * Don't depend on python2.4 specifically + * Don't recommand libdbus, python-dbus does + * Tooltips in chat window are now correctly destroyed. Closes: #404693 + + -- Yann Le Boulanger Sun, 18 Feb 2007 22:15:57 +0100 + +gajim (0.11-2) unstable; urgency=low + + * Add missing build depends to get gajim-remote. Closes: #405969 + * Update recommands to support dbus. Closes: #402355 + * Make python-gnupginterface a recommanded package. Closes: #405808 + + -- Yann Le Boulanger Tue, 09 Jan 2007 18:32:26 +0100 + +gajim (0.11-1) unstable; urgency=low + + * New upstream release. Closes: #403806 + * Enable IPv6 support. Closes: #386062 + * Fix popup-menu binding. Closes: #388564 + * Fix quick access letter with spanish translation. Closes: #385410 + * Fix typo in german translation. Closes: #398195 + * Fix a bug with Gaim avatars. Closes: #398911 + + -- Yann Le Boulanger Tue, 19 Dec 2006 14:25:32 +0100 + +gajim (0.10.1-6) unstable; urgency=low + + * fix LDFLAGS problem. Closes: #384439 + + -- Yann Le Boulanger Mon, 24 Jul 2006 14:45:34 +0200 + +gajim (0.10.1-5) unstable; urgency=low + + * Add dependance on python2.4. Closes: #379662 + + -- Yann Le Boulanger Mon, 19 Jul 2006 21:30:08 +0200 + +gajim (0.10.1-4) unstable; urgency=low + + * Fix warning at installation. Closes: #366725 + * Fix pt_BR translation. + + -- Yann Le Boulanger Mon, 19 Jul 2006 21:30:08 +0200 + +gajim (0.10.1-3) unstable; urgency=low + + * Updated for new Python policy. + * nautilus-sendto is now suggested. Closes: #377309 + + -- Yann Le Boulanger Mon, 17 Jul 2006 16:46:58 +0200 + +gajim (0.10.1-2) unstable; urgency=low + + * new pytyhon policy Closes: #375310 + * default player is now 'aplay -q' Closes: #374529 + * python-gnupginterface now support python2.4. Recommends this one. + * Standards-version updated to 3.7.2 (no changes needed). + + -- Yann Le Boulanger Tue, 27 Jun 2006 22:47:08 +0200 + +gajim (0.10.1-1) unstable; urgency=low + + * new upstream release + + -- Yann Le Boulanger Fri, 2 Jun 2006 22:07:29 +0200 + +gajim (0.10-1) unstable; urgency=low + + * new upstream release + * fix description typo Closes: #349249 + * Gajim now recommends dnsutils instead of python-dns + * Gajim now depends on python2.4 Closes: #357777, #364078 + * Use Gajim's GnuPGInterface file as there is no python2.4-gnupginterface + package + + -- Yann Le Boulanger Wed, 12 Apr 2006 10:55:16 +0100 + +gajim (0.9.1-2) unstable; urgency=low + + * fix group bug Closes: #345306 + + -- Yann Le Boulanger Fri, 30 Dec 2005 13:09:55 +0100 + +gajim (0.9.1-1) unstable; urgency=low + + * new upstream release + * Gajim now reconnects when connection is lost Closes: #329376 + * Status-changer widget's behaviour has been improved Closes: #340499 + * Gajim now recommends python-dns Closes: #340492 + * new russian translation Closes: #337971 + * Gajim now depends on python-pysqlite2, recommends python-dbus and + notification-daemon, and suggests python-gnome2 + + -- Yann Le Boulanger Fri, 27 Dec 2005 01:20:54 +0100 + +gajim (0.8.2-1) unstable; urgency=low + + * all files in ~/.gajim are not 700: Closes: #325080 + * gajim-remote.py is now in package: Closes: #324481 + * updated russian translation: Closes: #325126 + * theme issue fixed: Closes: #324493 + * Gajim can now use python-dns so SRV works: Closes: #326655 + * Gajim now depends on python-gtk2 >= 2.6.0 + + -- Yann Le Boulanger Sun, 02 Sep 2005 14:56:48 +0200 + +gajim (0.8-1) unstable; urgency=low + + * new upstream release + * use cdbs + * build-depend on libxss-dev Closes: #323524 + * translation improved Closes: #324094,#323993 + * Standards-version updated to 3.6.2 (no changes needed). + + -- Yann Le Boulanger Fri, 1 Jul 2005 18:35:02 +0200 + +gajim (0.7.1-1) unstable; urgency=low + + * Initial Release. Closes: #311215 + * GnuPGInterface module is in debian, no need to keep it in sources. + + -- Yann Le Boulanger Wed, 15 Jun 2005 23:22:19 +0200 --- gajim-0.15.orig/debian/watch +++ gajim-0.15/debian/watch @@ -0,0 +1,8 @@ +# Control file for uscan +# Run the "uscan" command to check for upstream updates and more. +# See uscan(1) for format + +# Compulsory line, this is a version 3 file +version=3 + +http://www.gajim.org/downloads/([\d.]*)/gajim-([\d\.]*)\.tar\.gz --- gajim-0.15.orig/src/common/latex.py +++ gajim-0.15/src/common/latex.py @@ -29,7 +29,7 @@ import os import random -from tempfile import gettempdir +from tempfile import gettempdir,mkstemp,mkdtemp from subprocess import Popen, PIPE import logging @@ -57,10 +57,10 @@ return True return False -def get_tmpfile_name(): +def get_tmpfile_name(tmpdir): random.seed() int_ = random.randint(0, 100) - return os.path.join(gettempdir(), 'gajimtex_' + int_.__str__()) + return os.path.join(tmpdir, 'gajimtex_' + int_.__str__()) def write_latex(filename, str_): texstr = '\\documentclass[12pt]{article}\\usepackage[dvips]{graphicx}' @@ -78,12 +78,12 @@ # a wrapper for Popen so that no window gets opened on Windows # (i think this is the reason we're using Popen rather than just system()) # stdout goes to a pipe so that it can be read -def popen_nt_friendly(command): +def popen_nt_friendly(command, directory): if os.name == 'nt': # CREATE_NO_WINDOW - return Popen(command, creationflags=0x08000000, cwd=gettempdir(), stdout=PIPE) + return Popen(command, creationflags=0x08000000, cwd=directory, stdout=PIPE) else: - return Popen(command, cwd=gettempdir(), stdout=PIPE) + return Popen(command, cwd=directory, stdout=PIPE) def check_for_latex_support(): """ @@ -99,9 +99,9 @@ except LatexError: return False -def try_run(argv): +def try_run(argv, directory): try: - p = popen_nt_friendly(argv) + p = popen_nt_friendly(argv, directory) out = p.communicate()[0] log.info(out) return p.wait() @@ -131,25 +131,32 @@ # we triggered the blacklist, immediately return None return None - tmpfile = get_tmpfile_name() + tmpdir = "" + tmppng = "" + try: + tmpdir = mkdtemp(prefix="gajim") + tmppng = mkstemp(suffix=".png")[1] + except Exception: + raise LatexError("could not securely create one or more temporary files for LaTeX conversion") + tmpfile = get_tmpfile_name(tmpdir) # build latex string write_latex(os.path.join(tmpfile + '.tex'), str_) # convert TeX to dvi exitcode = try_run(['latex', '--interaction=nonstopmode', - tmpfile + '.tex']) + tmpfile + '.tex'], tmpdir) if exitcode == 0: # convert dvi to png latex_png_dpi = gajim.config.get('latex_png_dpi') exitcode = try_run(['dvipng'] + fg_str('tex') + ['-T', 'tight', '-D', - latex_png_dpi, tmpfile + '.dvi', '-o', tmpfile + '.png']) + latex_png_dpi, tmpfile + '.dvi', '-o', tmpfile + '.png'], tmpdir) if exitcode: # dvipng failed, try convert exitcode = try_run(['convert'] + fg_str('hex') + ['-trim', - '-density', latex_png_dpi, tmpfile + '.dvi', tmpfile + '.png']) + '-density', latex_png_dpi, tmpfile + '.dvi', tmpfile + '.png'], tmpdir) # remove temp files created by us and TeX extensions = ['.tex', '.log', '.aux', '.dvi'] @@ -159,10 +166,17 @@ except Exception: pass + if exitcode == 0: + os.rename(tmpfile + '.png', tmppng) + else: + os.remove(tmppng) + + os.rmdir(tmpdir) + if isinstance(exitcode, (unicode, str)): raise LatexError(exitcode) if exitcode == 0: - result = tmpfile + '.png' + result = tmppng return result