Hi pidgin-sipe maintainers! intrigeri wrote (30 Dec 2015 11:32:19 GMT) : > Guido Günther wrote (19 Nov 2015 13:29:13 GMT) : >> $ dpkg -S /usr/bin/pidgin.orig >> diversion by pidgin-sipe from: /usr/bin/pidgin >> diversion by pidgin-sipe to: /usr/bin/pidgin.orig
>> It's a shell wrapper: >> ---- >> #!/bin/bash >> CONF=/etc/default/pidgin-sipe >> if [[ -r $CONF ]] >> then >> . $CONF >> fi >> /usr/bin/pidgin.orig $* >> ---- > OK, got it, thanks! I had a quick look. > It seems that this wrapper [1] and the corresponding 'default' file > [2] were introduced three years ago in pidgin-sipe 1.13.1-2.1, as > a way to make it slightly easier for users of to communicate with > Microsoft OCS/Lync servers that had not got the fixes for the BEAST > attack (CVE-2011-3389) yet. This workaround that apparently was meant > to be temporary [3]. My understanding is that Microsoft published the > fixes needed server-side on 2012-01-10 ([4], [5]). I would hope that > the server-side situation has evolved a bit in four years, wrt. > supporting BEAST fixes. > With this in mind, I'm not super excited at the idea of modifying the > Pidgin profile to support this possibly obsolete workaround: I'd like > to first see its relevance reconsidered among pidgin-sipe maintainers. > Was it done recently? > If they decide it's worth keeping the workaround in testing/sid, then > yay, why not, let's check what exact modifications the dpkg-divert > + wrapper technique requires on our side, and consider adding them to > the profile somehow (possibly #include'ing a file that could be > shipped by pidgin-sipe?). > Fair enough? > [1] https://sources.debian.net/src/pidgin-sipe/1.20.0-2/debian/extra/pidgin/ > [2] > https://sources.debian.net/src/pidgin-sipe/1.20.0-2/debian/extra/pidgin-sipe/ > [3] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642199#76 > [4] https://technet.microsoft.com/library/security/ms12-006 > [5] https://support.microsoft.com/en-us/kb/2643584 Ping? Cheers, -- intrigeri
