Fedora has issued an advisory on March 21: http://lists.fedoraproject.org/pipermail/package-announce/2013-March/101107.html This is fixed upstream in 0.15.3. Mageia 2 is also affected. Reproducible: Steps to Reproduce:
Freeze push requested for Cauldron. Patch added to Mageia 2 SVN and Mageia 1 SVN.
Whiteboard: (none) => MGA2TOO
Updated package uploaded for Cauldron. Patched package uploaded for Mageia 2. Assigning to QA. Note to QA: Reproducer here: https://bugzilla.redhat.com/show_bug.cgi?id=875809 Advisory: ======================== Updated gajim package fixes security vulnerability: A security flaw was found in the way Gajim before 0.15.3 performed verification of invalid (broken / expired) x.509v3 SSL certificates (True as return value was returned always regardless if error during certificate validation occurred or not). A rogue XMPP server could use this flaw to conduct man-in-the-middle attack (MiTM) and trick Gajim client to accept the certificate even when it was invalid / should not be accepted (CVE-2012-5524). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5524 http://lists.fedoraproject.org/pipermail/package-announce/2013-March/101107.html ======================== Updated packages in core/updates_testing: ======================== gajim-0.15-1.2.mga2 from gajim-0.15-1.2.mga2.src.rpm
Version: Cauldron => 2Assignee: bugsquad => qa-bugsWhiteboard: MGA2TOO => (none)
Reproducer needs an XMPP server with expired certificate and alterations to the source so just checking for regressions. Testing complete mga2 32
Whiteboard: (none) => mga2-32-ok
Having problems x86_64 I've tried with 2 different jabber servers comm.unicate.me and jabber.org but unable to connect. Glib errors followed by a traceback and then pages of the same glib error when the mouse is moved onto the gajim window. It's difficult to catch the traceback before it's scrolled away. The traceback seems to recur when the connection fails. Reinstalling the previous version allows it to connect again so some problem with the update. I'll check i586 again to see if I can reproduce the error there too. (gajim:25140): GLib-GObject-CRITICAL **: g_object_set_qdata: assertion `G_IS_OBJECT (object)' failed Traceback (most recent call last): File "/usr/share/gajim/src/common/xmpp/idlequeue.py", line 533, in _process_events return IdleQueue._process_events(self, fd, flags) File "/usr/share/gajim/src/common/xmpp/idlequeue.py", line 394, in _process_events obj.pollin() File "/usr/share/gajim/src/common/xmpp/transports_nb.py", line 414, in pollin self._do_receive() File "/usr/share/gajim/src/common/xmpp/transports_nb.py", line 600, in _do_receive self._on_receive(received) File "/usr/share/gajim/src/common/xmpp/transports_nb.py", line 614, in _on_receive self.on_receive(data) File "/usr/share/gajim/src/common/xmpp/client_nb.py", line 308, in <lambda> self.onreceive(lambda _data:self._xmpp_connect_machine(mode, _data)) File "/usr/share/gajim/src/common/xmpp/client_nb.py", line 359, in _xmpp_connect_machine self._xmpp_connect_machine(mode='STREAM_STARTED') File "/usr/share/gajim/src/common/xmpp/client_nb.py", line 362, in _xmpp_connect_machine self._on_stream_start() File "/usr/share/gajim/src/common/xmpp/client_nb.py", line 398, in _on_stream_start self._on_connect() File "/usr/share/gajim/src/common/xmpp/client_nb.py", line 435, in _on_connect self.on_connect(self, self.connected) File "/usr/share/gajim/src/common/connection.py", line 1265, in _connect_success return self.connection_accepted(con, con_type) File "/usr/share/gajim/src/common/connection.py", line 1296, in connection_accepted for er in errnum: TypeError: 'int' object is not iterable (gajim:25140): GLib-GObject-CRITICAL **: g_object_set_qdata: assertion `G_IS_OBJECT (object)' failed
Whiteboard: mga2-32-ok => mga2-32-ok feedback
Reproduced i586 so I must have made a mistake previously Traceback (most recent call last): File "/usr/share/gajim/src/common/xmpp/idlequeue.py", line 533, in _process_events return IdleQueue._process_events(self, fd, flags) File "/usr/share/gajim/src/common/xmpp/idlequeue.py", line 394, in _process_events obj.pollin() File "/usr/share/gajim/src/common/xmpp/transports_nb.py", line 414, in pollin self._do_receive() File "/usr/share/gajim/src/common/xmpp/transports_nb.py", line 600, in _do_receive self._on_receive(received) File "/usr/share/gajim/src/common/xmpp/transports_nb.py", line 614, in _on_receive self.on_receive(data) File "/usr/share/gajim/src/common/xmpp/client_nb.py", line 308, in <lambda> self.onreceive(lambda _data:self._xmpp_connect_machine(mode, _data)) File "/usr/share/gajim/src/common/xmpp/client_nb.py", line 343, in _xmpp_connect_machine self._xmpp_connect_machine(mode='STREAM_STARTED') File "/usr/share/gajim/src/common/xmpp/client_nb.py", line 362, in _xmpp_connect_machine self._on_stream_start() File "/usr/share/gajim/src/common/xmpp/client_nb.py", line 398, in _on_stream_start self._on_connect() File "/usr/share/gajim/src/common/xmpp/client_nb.py", line 435, in _on_connect self.on_connect(self, self.connected) File "/usr/share/gajim/src/common/connection.py", line 1265, in _connect_success return self.connection_accepted(con, con_type) File "/usr/share/gajim/src/common/connection.py", line 1296, in connection_accepted for er in errnum: TypeError: 'int' object is not iterable
Whiteboard: mga2-32-ok feedback => feedback
Thanks Claire. IIRC, the same thing happened the first time we tried to patch this for a Mageia 1 update, and we just had to update it to a newer version. I've updated it to 0.15.3. Advisory: ======================== Updated gajim package fixes security vulnerability: A security flaw was found in the way Gajim before 0.15.3 performed verification of invalid (broken / expired) x.509v3 SSL certificates (True as return value was returned always regardless if error during certificate validation occurred or not). A rogue XMPP server could use this flaw to conduct man-in-the-middle attack (MiTM) and trick Gajim client to accept the certificate even when it was invalid / should not be accepted (CVE-2012-5524). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5524 http://lists.fedoraproject.org/pipermail/package-announce/2013-March/101107.html ======================== Updated packages in core/updates_testing: ======================== gajim-0.15.3-1.mga2 from gajim-0.15.3-1.mga2.src.rpm
Whiteboard: feedback => (none)
Testing complete mga2 32 I noticed a warning in coloured text fly past though as it started up and connected. (W) gajim.c.check_X509 Import of PyOpenSSL or pyasn1 failed. Cannot correctly check SSL certificate It seems to need pyasn1 (https://bugzilla.redhat.com/show_bug.cgi?id=826737) In Help => Features it shows being not able to validate ssl certificates. Installing pyasn1 and restarting gajim cleared the warning and shows validating certificates is now possible. It connects and works fine, no regressions noticed.
Whiteboard: (none) => has_procedure mga2-32-ok
OK, that Requires should really be added, so I added it. Thanks again Claire. pyasn1 will probably need linked because of the added requires. Advisory: ======================== Updated gajim package fixes security vulnerability: A security flaw was found in the way Gajim before 0.15.3 performed verification of invalid (broken / expired) x.509v3 SSL certificates (True as return value was returned always regardless if error during certificate validation occurred or not). A rogue XMPP server could use this flaw to conduct man-in-the-middle attack (MiTM) and trick Gajim client to accept the certificate even when it was invalid / should not be accepted (CVE-2012-5524). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5524 http://lists.fedoraproject.org/pipermail/package-announce/2013-March/101107.html ======================== Updated packages in core/updates_testing: ======================== gajim-0.15.3-1.1.mga2 from gajim-0.15.3-1.1.mga2.src.rpm
Retested OK, confirmed the added require. Adding bug 2317, links required: Mageia release 2 (Official) for i586 Latest version found in "Core Release" is gajim-0.14.4-2.mga2 Latest version found in "Core Updates Testing" is gajim-0.15.3-1.1.mga2 ---------------------------------------- The following packages will require linking: pyasn1-0.0.13-1.mga2 (Core Release) ----------------------------------------
Depends on: (none) => 2317
Testing complete mga2 64 Validating Could sysadmin please push from core/updates_testing to core/updates and link pyasn1 from Core release to updates for bug 2317. Advisory & srpm in comment 8 Thanks!
Keywords: (none) => validated_updateWhiteboard: has_procedure mga2-32-ok => has_procedure mga2-32-ok mga2-64-OKCC: (none) => sysadmin-bugs
Packages linked and update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0111
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED