diff options
author | Simon McVittie <simon.mcvittie@collabora.co.uk> | 2013-05-30 12:55:31 +0100 |
---|---|---|
committer | Simon McVittie <simon.mcvittie@collabora.co.uk> | 2013-05-30 12:55:31 +0100 |
commit | 880a75bbf354d48a706c56afafd381040a1d9de8 (patch) | |
tree | d19d27821d7f70646ceeb722cd336f463459d6bc | |
parent | 3157284e58195cab12a404752f7d96e3c4ea650b (diff) | |
parent | 84a20687c54c84aa61c9f3a606c8eb3bd14a8544 (diff) |
Merge branch 'telepathy-gabble-0.16'
Conflicts:
NEWS
configure.ac
lib/ext/wocky
-rw-r--r-- | NEWS | 15 | ||||
m--------- | lib/ext/wocky | 0 | ||||
-rw-r--r-- | tests/twisted/Makefile.am | 1 | ||||
-rw-r--r-- | tests/twisted/gabbletest.py | 2 | ||||
-rw-r--r-- | tests/twisted/tls/legacy-jabber.py | 36 |
5 files changed, 53 insertions, 1 deletions
@@ -1,11 +1,26 @@ telepathy-gabble 0.17.4 (UNRELEASED) ==================================== +This release fixes the same man-in-the-middle attack as 0.16.6. + +If you use an unencrypted connection to a "legacy Jabber" (pre-XMPP) +server, this version of Gabble will not connect until you make +one of these configuration changes: + +• upgrade the server software to something that supports XMPP 1.0; or +• use an encrypted "old SSL" connection, typically on port 5223 (old-ssl); or +• turn off "Encryption required (TLS/SSL)" (require-encryption) + Fixes: • update Wocky: · fd.o #61792: fix linking an example program with ld versions that default to --no-copy-dt-needed-entries + · fd.o #65036 (CVE-2013-1431): update Wocky to respect the tls-required + flag on legacy Jabber servers + +• fd.o #63119: improve regression tests' isolation from the session bus + (Simon) telepathy-gabble 0.17.3 (2013-03-01) ==================================== diff --git a/lib/ext/wocky b/lib/ext/wocky -Subproject d739d2e14952a1e75571de7839827d73f9568df +Subproject d6c995608d4840df2bef38a5baf8e5b0f90915f diff --git a/tests/twisted/Makefile.am b/tests/twisted/Makefile.am index 7797d5173..fdc6d612a 100644 --- a/tests/twisted/Makefile.am +++ b/tests/twisted/Makefile.am @@ -121,6 +121,7 @@ TWISTED_TESTS = \ text/test-text-delayed.py \ text/test-text-no-body.py \ text/test-text.py \ + tls/legacy-jabber.py \ tls/server-tls-channel.py \ version.py \ $(NULL) diff --git a/tests/twisted/gabbletest.py b/tests/twisted/gabbletest.py index 8cc7d24f3..0985cd422 100644 --- a/tests/twisted/gabbletest.py +++ b/tests/twisted/gabbletest.py @@ -161,7 +161,7 @@ class JabberAuthenticator(GabbleAuthenticator): self._event_func(Event('auth-second-iq', authenticator=self, iq=iq, id=iq["id"])) else: - self.respondToSecondIq(self, iq) + self.respondToSecondIq(iq) def respondToSecondIq(self, iq): username = xpath.queryForNodes('/iq/query/username', iq) diff --git a/tests/twisted/tls/legacy-jabber.py b/tests/twisted/tls/legacy-jabber.py new file mode 100644 index 000000000..e2090bb18 --- /dev/null +++ b/tests/twisted/tls/legacy-jabber.py @@ -0,0 +1,36 @@ +""" +fd.o #65036: connecting to legacy Jabber servers should respect + require-encryption +""" + +from servicetest import assertEquals +from gabbletest import exec_test, JabberXmlStream, JabberAuthenticator +import constants as cs + +JID = 'alice@example.com' +PASSWORD = 's3kr1t' + +def test_require_encryption(q, bus, conn, stream): + conn.Connect() + q.expect('dbus-signal', signal='StatusChanged', + args=[cs.CONN_STATUS_CONNECTING, cs.CSR_REQUESTED]) + + # FIXME: arrange to get a better error + new = q.expect('dbus-signal', signal='ConnectionError') + assertEquals(cs.NETWORK_ERROR, new.args[0]) + + q.expect('dbus-signal', signal='StatusChanged', + args=[cs.CONN_STATUS_DISCONNECTED, cs.CSR_NETWORK_ERROR]) + +if __name__ == '__main__': + exec_test(test_require_encryption, + { + 'password': PASSWORD, + 'account': JID, + 'require-encryption': True, + 'old-ssl': False, + 'resource': 'legacy-require-encryption', + }, + protocol=JabberXmlStream, + authenticator=JabberAuthenticator(JID.split('@')[0], PASSWORD), + do_connect=False) |