Description: workaround against buggy Cisco jabber server
 Cisco jabber responds to following stansa:
 <iq type="set" id="323910323921"><query xmlns="jabber:iq:privacy">
   <list name="invisible">
     <item action="deny" order="1"><presence-out/></item>
   </list>
 </query></iq>
 With following reply
 <iq from='privacy-cm.95-108-178-233' id='323910323921' to='darkk@yandex-team.ru/ya' type='error'>
   <error type='cancel'><item-not-found xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/></error>
 </iq>
 Note bad `from` in the reply stansa.
 I assume, that it's safe to assume this stana non-spoofed if
 1) `id` is not predictable
 2) request was sent to server (should_be_from == NULL)
 3) connection is TLS-protected -- TODO
 .
 telepathy-gabble (0.18.3-0ubuntu0.1+yndx20160518) unstable; urgency=medium
 .
   * Workaround for cisco server.
Author: Leonid Evdokimov <leon@darkk.net.ru>

---

Origin: other, https://bugs.freedesktop.org/show_bug.cgi?id=39057
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=39057
Forwarded: no
Last-Update: 2016-05-18

--- telepathy-gabble-0.18.3.orig/lib/ext/wocky/wocky/wocky-c2s-porter.c
+++ telepathy-gabble-0.18.3/lib/ext/wocky/wocky/wocky-c2s-porter.c
@@ -857,6 +857,9 @@ check_spoofing (WockyC2SPorter *self,
     {
       if (stanza_is_from_server (self, nfrom))
         goto finally;
+      /* That's buggy Cisco jabber, `id' was already verified, so let's just drop `from'. */
+      if (/* TODO: is_tls(self) && */ g_str_has_prefix(from, "privacy-cm."))
+        goto finally;
     }
 
   /* If we sent an IQ to the server itself, allow it to
diff --git lib/ext/wocky/wocky/wocky-sasl-utils.c lib/ext/wocky/wocky/wocky-sasl-utils.c
index 5dbad28..733bcab 100644
--- telepathy-gabble-0.18.3.orig/lib/ext/wocky/wocky/wocky-sasl-utils.c
+++ telepathy-gabble-0.18.3/lib/ext/wocky/wocky/wocky-sasl-utils.c
@@ -37,6 +37,10 @@ sasl_generate_base64_nonce (void)
   guint32 n[NR];
   int i;
 
+  /* FIXME: replace g_random_int() with secure PRNG.
+   * > Do not use this API for cryptographic purposes such as key generation,
+   * > nonces(!), salts or one-time pads.
+   * -- https://developer.gnome.org/glib/stable/glib-Random-Numbers.html */
   for (i = 0; i < NR; i++)
     n[i] = g_random_int ();
 
diff --git lib/ext/wocky/wocky/wocky-xmpp-connection.c lib/ext/wocky/wocky/wocky-xmpp-connection.c
index 6097763..3d7bb60 100644
--- telepathy-gabble-0.18.3.orig/lib/ext/wocky/wocky/wocky-xmpp-connection.c
+++ telepathy-gabble-0.18.3/lib/ext/wocky/wocky/wocky-xmpp-connection.c
@@ -48,6 +48,7 @@
 #include "wocky-xmpp-writer.h"
 #include "wocky-stanza.h"
 #include "wocky-utils.h"
+#include "wocky-sasl-utils.h"
 
 #define BUFFER_SIZE 1024
 
@@ -91,8 +92,6 @@ struct _WockyXmppConnectionPrivate
   gsize length;
 
   GSimpleAsyncResult *force_close_result;
-
-  guint last_id;
 };
 
 /**
@@ -1159,15 +1158,10 @@ wocky_xmpp_connection_reset (WockyXmppConnection *connection)
 gchar *
 wocky_xmpp_connection_new_id (WockyXmppConnection *self)
 {
-  WockyXmppConnectionPrivate *priv =
-    self->priv;
-  GTimeVal tv;
-  glong val;
-
-  g_get_current_time (&tv);
-  val = (tv.tv_sec & tv.tv_usec) + priv->last_id++;
-
-  return g_strdup_printf ("%ld%ld", val, tv.tv_usec);
+  // Previous version was contatenation of decimal representation of two 64-bit
+  // integers. On the other hand it was effectevly 32-bit integer (timestamp &
+  // usec + last_id_32) + 20-bit integer (usec count).
+  return sasl_generate_base64_nonce();
 }
 
 static void