From 55fc163caf56dd83f45a83e6d3ac1cf6b7d4073457eb70b4c3acee65d47d7091 Mon Sep 17 00:00:00 2001 From: Alexei Sorokin Date: Tue, 7 Jan 2020 11:34:18 +0000 Subject: [PATCH] Accepting request 760984 from home:benoit_monin:branches:network add ssl_use_system_certs.patch (boo#1159017): always use the system certificates and remove the provided one, fix build with newer ca-certificates bundle OBS-URL: https://build.opensuse.org/request/show/760984 OBS-URL: https://build.opensuse.org/package/show/network/gajim?expand=0&rev=71 --- gajim.changes | 7 ++++++ gajim.spec | 13 ++++------- ssl_use_system_certs.patch | 46 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 57 insertions(+), 9 deletions(-) create mode 100644 ssl_use_system_certs.patch diff --git a/gajim.changes b/gajim.changes index e9364f7..773f748 100644 --- a/gajim.changes +++ b/gajim.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Sun Jan 5 14:46:17 UTC 2020 - BenoƮt Monin + +- add ssl_use_system_certs.patch (boo#1159017): + always use the system certificates and remove the provided one, + fix build with newer ca-certificates bundle + ------------------------------------------------------------------- Thu May 23 05:14:14 UTC 2019 - mvetter@suse.com diff --git a/gajim.spec b/gajim.spec index e6b153d..d4067b5 100644 --- a/gajim.spec +++ b/gajim.spec @@ -1,7 +1,7 @@ # # spec file for package gajim # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -25,6 +25,7 @@ License: GPL-3.0-only Group: Productivity/Networking/Talk/Clients URL: https://gajim.org/ Source: https://gajim.org/downloads/%{_version}/%{name}-%{version}.tar.bz2 +Patch: ssl_use_system_certs.patch BuildRequires: ca-certificates-mozilla BuildRequires: fdupes BuildRequires: gobject-introspection-devel @@ -102,6 +103,7 @@ Features: %prep %setup -q +%autopatch -p1 sed -i '/^Keywords/d' data/org.gajim.Gajim.desktop.in # FIXME: Some leftover. @@ -118,13 +120,6 @@ mkdir -p %{buildroot}%{_datadir}/ mv %{buildroot}{%{python3_sitelib}/%{name}/data,%{_datadir}/%{name}}/ ln -s %{_datadir}/%{name} %{buildroot}%{python3_sitelib}/%{name}/data -# Do not package PEM certificates. -for cert in DST_Root_CA_X3.pem; do - [ -f "%{trustdir_static}/$cert" ] - rm "%{buildroot}%{_datadir}/%{name}/plugins/plugin_installer/$cert" - ln -s "%{trustdir_static}/$cert" %{buildroot}%{_datadir}/%{name}/plugins/plugin_installer/ -done - %suse_update_desktop_file -r org.gajim.Gajim Network InstantMessaging %fdupes %{buildroot}%{_prefix}/ %find_lang %{name} diff --git a/ssl_use_system_certs.patch b/ssl_use_system_certs.patch new file mode 100644 index 0000000..958c29a --- /dev/null +++ b/ssl_use_system_certs.patch @@ -0,0 +1,46 @@ +--- + gajim/data/plugins/plugin_installer/DST_Root_CA_X3.pem | 20 ---------------- + gajim/data/plugins/plugin_installer/plugin_installer.py | 8 ------ + 2 files changed, 1 insertion(+), 27 deletions(-) + +--- gajim-1.1.3.orig/gajim/data/plugins/plugin_installer/DST_Root_CA_X3.pem ++++ /dev/null +@@ -1,20 +0,0 @@ +------BEGIN CERTIFICATE----- +-MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/ +-MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT +-DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow +-PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD +-Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +-AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O +-rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq +-OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b +-xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw +-7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD +-aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV +-HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG +-SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69 +-ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr +-AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz +-R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5 +-JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo +-Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ +------END CERTIFICATE----- +\ No newline at end of file +--- gajim-1.1.3.orig/gajim/data/plugins/plugin_installer/plugin_installer.py ++++ gajim-1.1.3/gajim/data/plugins/plugin_installer/plugin_installer.py +@@ -463,13 +463,7 @@ class DownloadAsync(threading.Thread): + def download_url(self, url): + log.info('Fetching %s', url) + ssl_args = {} +- if self.secure: +- ssl_args['context'] = ssl.create_default_context( +- cafile=self.plugin.local_file_path('DST_Root_CA_X3.pem')) +- else: +- ssl_args['context'] = ssl.create_default_context() +- ssl_args['context'].check_hostname = False +- ssl_args['context'].verify_mode = ssl.CERT_NONE ++ ssl_args['context'] = ssl.create_default_context() + + for flag in ('OP_NO_SSLv2', 'OP_NO_SSLv3', + 'OP_NO_TLSv1', 'OP_NO_TLSv1_1',