~ubuntu-branches/ubuntu/utopic/irssi-plugin-xmpp/utopic-proposed

Viewing changes to debian/patches/require-starttls.patch

Committer: Package Import Robot
Author(s): Florian Schlichting
Date: 2014-07-15 15:01:05 UTC
Revision ID: package-import@ubuntu.com-20140715150105-b15bondvgyduzfwd

Tags: 0.52+git20140102-2

http://bugs.debian.org/754839

http://bugs.debian.org/749411

* Add require-starttls.patch to ensure encrypted connections and prevent
ssl-stripping attacks (closes: #754839). Thanks dkg for the patch!
* Fix conflicting declarations of set_ssl and ensure encryption when
registering (closes: #749411)

files added:
.pc/require-starttls.patch

.pc/require-starttls.patch/src

.pc/require-starttls.patch/src/core

.pc/require-starttls.patch/src/core/xmpp-servers.c

.pc/set_ssl-conflicting-declarations.patch

.pc/set_ssl-conflicting-declarations.patch/src

.pc/set_ssl-conflicting-declarations.patch/src/core

.pc/set_ssl-conflicting-declarations.patch/src/core/xep

.pc/set_ssl-conflicting-declarations.patch/src/core/xep/registration.c

debian/patches/require-starttls.patch

debian/patches/set_ssl-conflicting-declarations.patch

files modified:
.pc/applied-patches

debian/changelog

debian/patches/series

src/core/xep/registration.c

src/core/xmpp-servers.c

Show diffs side-by-side

added added

removed removed

debian/patches/require-starttls.patch

Description: require TLS-on-connect or STARTTLS

This patch disables unencrypted connections, which is in line with the

XMPP manifesto of early 2014. As a side effect, it protects against

SSL-stripping attacks (closes: #754839)

Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Forwarded: http://cybione.org/lists/irssi-xmpp-list/msg00714.html

--- a/src/core/xmpp-servers.c

+++ b/src/core/xmpp-servers.c

@@ -423,7 +423,7 @@

ssl = lm_ssl_new(NULL, lm_ssl_cb, user_data, NULL);

lm_connection_set_ssl(lmconn, ssl);

if (use_starttls)

- lm_ssl_use_starttls(ssl, TRUE, FALSE);

+ lm_ssl_use_starttls(ssl, TRUE, TRUE);

lm_ssl_unref(ssl);

return TRUE;

}

Older »