Accepting request 761541 from network

OBS-URL: https://build.opensuse.org/request/show/761541 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gajim?expand=0&rev=30
2020-01-07 22:55:02 +00:00 · 2020-01-07 22:55:02 +00:00 · fe59b44e12
commit fe59b44e12
parent 91725de098 55fc163caf
3 changed files with 57 additions and 9 deletions
--- a/gajim.changes
+++ b/gajim.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Sun Jan  5 14:46:17 UTC 2020 - Benoît Monin <benoit.monin@gmx.fr>
+
+- add ssl_use_system_certs.patch (boo#1159017):
+  always use the system certificates and remove the provided one,
+  fix build with newer ca-certificates bundle
+
 -------------------------------------------------------------------
 Thu May 23 05:14:14 UTC 2019 - mvetter@suse.com

--- a/gajim.spec
+++ b/gajim.spec
@ -1,7 +1,7 @@
 #
 # spec file for package gajim
 #
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -12,7 +12,7 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.

-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #


@ -25,6 +25,7 @@ License:        GPL-3.0-only
 Group:          Productivity/Networking/Talk/Clients
 URL:            https://gajim.org/
 Source:         https://gajim.org/downloads/%{_version}/%{name}-%{version}.tar.bz2
+Patch:          ssl_use_system_certs.patch
 BuildRequires:  ca-certificates-mozilla
 BuildRequires:  fdupes
 BuildRequires:  gobject-introspection-devel
@ -102,6 +103,7 @@ Features:

 %prep
 %setup -q
+%autopatch -p1
 sed -i '/^Keywords/d' data/org.gajim.Gajim.desktop.in

 # FIXME: Some leftover.
@ -118,13 +120,6 @@ mkdir -p %{buildroot}%{_datadir}/
 mv %{buildroot}{%{python3_sitelib}/%{name}/data,%{_datadir}/%{name}}/
 ln -s %{_datadir}/%{name} %{buildroot}%{python3_sitelib}/%{name}/data

-# Do not package PEM certificates.
-for cert in DST_Root_CA_X3.pem; do
-    [ -f "%{trustdir_static}/$cert" ]
-    rm "%{buildroot}%{_datadir}/%{name}/plugins/plugin_installer/$cert"
-    ln -s "%{trustdir_static}/$cert" %{buildroot}%{_datadir}/%{name}/plugins/plugin_installer/
-done
-
 %suse_update_desktop_file -r org.gajim.Gajim Network InstantMessaging
 %fdupes %{buildroot}%{_prefix}/
 %find_lang %{name}
--- a/ssl_use_system_certs.patch
+++ b/ssl_use_system_certs.patch
@ -0,0 +1,46 @@
+---
+ gajim/data/plugins/plugin_installer/DST_Root_CA_X3.pem  |   20 ----------------
+ gajim/data/plugins/plugin_installer/plugin_installer.py |    8 ------
+ 2 files changed, 1 insertion(+), 27 deletions(-)
+
+--- gajim-1.1.3.orig/gajim/data/plugins/plugin_installer/DST_Root_CA_X3.pem
+++ /dev/null
+@@ -1,20 +0,0 @@
+------BEGIN CERTIFICATE-----
+-MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
+-MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
+-DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
+-PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
+-Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+-AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
+-rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
+-OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
+-xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
+-7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
+-aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
+-HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
+-SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
+-ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
+-AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
+-R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
+-JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
+-Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
+------END CERTIFICATE-----
+\ No newline at end of file
+--- gajim-1.1.3.orig/gajim/data/plugins/plugin_installer/plugin_installer.py
+++ gajim-1.1.3/gajim/data/plugins/plugin_installer/plugin_installer.py
+@@ -463,13 +463,7 @@ class DownloadAsync(threading.Thread):
+     def download_url(self, url):
+         log.info('Fetching %s', url)
+         ssl_args = {}
+-        if self.secure:
+-            ssl_args['context'] = ssl.create_default_context(
+-                cafile=self.plugin.local_file_path('DST_Root_CA_X3.pem'))
+-        else:
+-            ssl_args['context'] = ssl.create_default_context()
+-            ssl_args['context'].check_hostname = False
+-            ssl_args['context'].verify_mode = ssl.CERT_NONE
+        ssl_args['context'] = ssl.create_default_context()
+ 
+         for flag in ('OP_NO_SSLv2', 'OP_NO_SSLv3',
+                      'OP_NO_TLSv1', 'OP_NO_TLSv1_1',