From d53aad43ab7b485628e804ff490f719b86b64166ddc6c9f6fd2fd148c97aab36 Mon Sep 17 00:00:00 2001 From: Vincent Untz Date: Tue, 21 Sep 2010 08:58:36 +0000 Subject: [PATCH] Accepting request 48545 from home:vuntz:branches:GNOME:Factory OBS-URL: https://build.opensuse.org/request/show/48545 OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/libsoup?expand=0&rev=66 --- libsoup-gnutls-allow-tls.patch | 14 ++++++++++++++ libsoup.changes | 9 +++++++++ libsoup.spec | 21 ++++++++++++--------- 3 files changed, 35 insertions(+), 9 deletions(-) create mode 100644 libsoup-gnutls-allow-tls.patch diff --git a/libsoup-gnutls-allow-tls.patch b/libsoup-gnutls-allow-tls.patch new file mode 100644 index 0000000..9dbeacf --- /dev/null +++ b/libsoup-gnutls-allow-tls.patch @@ -0,0 +1,14 @@ +Index: libsoup-2.31.92/libsoup/soup-gnutls.c +=================================================================== +--- libsoup-2.31.92.orig/libsoup/soup-gnutls.c ++++ libsoup-2.31.92/libsoup/soup-gnutls.c +@@ -477,7 +477,8 @@ soup_ssl_wrap_iochannel (GIOChannel *soc + goto THROW_CREATE_ERROR; + + /* See http://bugzilla.gnome.org/show_bug.cgi?id=581342 */ +- if (gnutls_priority_set_direct (session, "NORMAL:!VERS-TLS1.2:!VERS-TLS1.1:!VERS-TLS1.0", NULL) != 0) ++ /* This is what nss uses by default, see https://bugzilla.novell.com/show_bug.cgi?id=634040#c7 */ ++ if (gnutls_priority_set_direct (session, "NORMAL:%COMPAT:!VERS-TLS1.1", NULL) != 0) + goto THROW_CREATE_ERROR; + + if (gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, diff --git a/libsoup.changes b/libsoup.changes index 643fa9f..5290100 100644 --- a/libsoup.changes +++ b/libsoup.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Mon Sep 20 11:29:41 CEST 2010 - vuntz@opensuse.org + +- Add libsoup-gnutls-allow-tls.patch: let gnutls try to use TLS, + instead of being SSL 3.0-only. This might lead to some websites + not being accessible with libsoup, and upstream does not want + this behavior; a proper fix needs a lot of work. See discussion + in bnc#634040. + ------------------------------------------------------------------- Mon Sep 13 22:43:23 CEST 2010 - dimstar@opensuse.org diff --git a/libsoup.spec b/libsoup.spec index 951735d..1efb218 100644 --- a/libsoup.spec +++ b/libsoup.spec @@ -19,6 +19,16 @@ Name: libsoup +Summary: HTTP client/server library for GNOME +Version: 2.31.92 +Release: 1 +License: LGPLv2.1+ +Group: Development/Libraries/GNOME +Url: http://www.gnome.org +Source: ftp://ftp.gnome.org/pub/GNOME/stable/sources/libsoup/2.2/%{name}-%{version}.tar.bz2 +Source99: baselibs.conf +# PATCH-FIX-OPENSUSE libsoup-gnutls-allow-tls.patch bnc#634040 vuntz@opensuse.org -- Allow TLS usage instead of being SSL 3.0-only. Upstream does not want this, and rewriting a lot of code is needed to fix this correctly. However, the openSUSE security team wants TLS to be used if possible. This might lead to some websites being not accessible with libsoup. +Patch0: libsoup-gnutls-allow-tls.patch BuildRequires: gconf2-devel BuildRequires: glib2-devel BuildRequires: gnutls-devel @@ -30,21 +40,13 @@ BuildRequires: libxml2-devel BuildRequires: sqlite3-devel # We do not need these dependencies needed only for tests. #BuildRequires: apache2-mod_php5 php5-xmlrpc -License: LGPLv2.1+ -Group: Development/Libraries/GNOME +Requires: %{name}-2_4-1 = %{version} # bug437293 %ifarch ppc64 Obsoletes: libsoup-64bit %endif # -Summary: HTTP client/server library for GNOME -Version: 2.31.92 -Release: 1 -Source: ftp://ftp.gnome.org/pub/GNOME/stable/sources/libsoup/2.2/%{name}-%{version}.tar.bz2 -Source99: baselibs.conf -Url: http://www.gnome.org BuildRoot: %{_tmppath}/%{name}-%{version}-build -Requires: %{name}-2_4-1 = %{version} %description Libsoup is an HTTP client/server library for GNOME. It uses GObjects @@ -112,6 +114,7 @@ Features: %prep %setup -q +%patch0 -p1 %build %configure\