Accepting request 104741 from games:tools

- don't add built-in CA certificates (bnc#660784)

OBS-URL: https://build.opensuse.org/request/show/104741
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mumble?expand=0&rev=14

mumble-1.2.3-nohardcodedcas.diff

@@ -0,0 +1,49 @@
+From b7fb70c101dd6afff86173f3f5dcb6d99376d11e Mon Sep 17 00:00:00 2001
+From: Ludwig Nussel <ludwig.nussel@suse.de>
+Date: Mon, 13 Feb 2012 14:42:05 +0100
+Subject: [PATCH mumble] don't add hardcoded CA's if NO_SYSTEM_CA_OVERRIDE is
+ defined
+
+actually mumble better should never add hardcoded CA certificates,
+you never know which one is next to be shut down
+---
+ src/SSL.cpp |    4 +++-
+ 1 files changed, 3 insertions(+), 1 deletions(-)
+
+diff --git a/src/SSL.cpp b/src/SSL.cpp
+index ab9f0c8..40aaf13 100644
+--- a/src/SSL.cpp
++++ b/src/SSL.cpp
+@@ -36,6 +36,7 @@
+ 
+ /* CAs we recommend to end users, so support these */
+ 
++#if QT_VERSION < 0x040700 && !defined(NO_SYSTEM_CA_OVERRIDE)
+ static const char *recommended_cas[] = {
+ 	/* StartSSL */
+ 	"-----BEGIN CERTIFICATE-----\n"
+@@ -143,6 +144,7 @@ static const char *recommended_cas[] = {
+ 
+ 
+ };
++#endif // NO_SYSTEM_CA_OVERRIDE
+ 
+ 
+ void MumbleSSL::addSystemCA() {
+@@ -252,7 +254,6 @@ void MumbleSSL::addSystemCA() {
+ 		}
+ 	}
+ 	QSslSocket::setDefaultCaCertificates(ql);
+-#endif // NO_SYSTEM_CA_OVERRIDE
+ 
+ 	for (unsigned int i=0;i<sizeof(recommended_cas)/sizeof(recommended_cas[0]);++i) {
+ 		QSslCertificate cert(recommended_cas[i]);
+@@ -261,4 +262,5 @@ void MumbleSSL::addSystemCA() {
+ 			QSslSocket::addDefaultCaCertificates(QList<QSslCertificate>() << cert);
+ 		}
+ 	}
++#endif // NO_SYSTEM_CA_OVERRIDE
+ }
+-- 
+1.7.7
+

mumble.changes

@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Mon Feb 13 14:00:57 UTC 2012 - lnussel@suse.de
+
+- don't add built-in CA certificates (bnc#660784)
+
 -------------------------------------------------------------------
 Wed Jul  6 08:22:17 UTC 2011 - aj@suse.de
 

mumble.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package mumble
 #
-# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -102,6 +102,7 @@ Patch2:         0001-open-log-file-early-so-log-dir-can-be-root-owned.diff
 Patch3:         0001-if-service-name-is-empty-don-t-pass-an-empty-string.diff
 Patch4:         0001-remove-CAP_NET_ADMIN.diff
 Patch5:         0001-fix-bonjour-support-using-avahi-compat-lib.diff
+Patch6:         mumble-1.2.3-nohardcodedcas.diff
 Patch50:        mumble-1.2.2-buildcompare.diff
 # hack, no clue about glx so no idea to fix this properly
 Patch99:        mumble-1.1.4-sle10glx.diff
@@ -171,6 +172,7 @@ won't be audible to other players.
 %patch3 -p1
 %patch4 -p1
 %patch5 -p1
+%patch6 -p1
 #
 %patch50 -p1
 %if 0%{?suse_version} && 0%{?suse_version} < 1020
@@ -229,7 +231,7 @@ qmake \
 	DEFINES*=PLUGIN_PATH=%{_libdir}/mumble/plugins \
 	CONFIG*=packaged \
 %if 0%{?suse_version}
-	DEFINES*=SYSTEM_CA_DIR=/etc/ssl/certs \
+	DEFINES*=NO_SYSTEM_CA_OVERRIDE \
 %endif
 	CONFIG*=no-g15 \
 	CONFIG*=no-embed-qt-translations \