Hello community, here is the log from the commit of package gajim for openSUSE:Factory checked in at 2020-01-07 23:55:02 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gajim (Old) and /work/SRC/openSUSE:Factory/.gajim.new.6675 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gajim" Tue Jan 7 23:55:02 2020 rev:30 rq:761541 version:1.1.3 Changes: -------- --- /work/SRC/openSUSE:Factory/gajim/gajim.changes 2019-05-25 13:35:29.587966543 +0200 +++ /work/SRC/openSUSE:Factory/.gajim.new.6675/gajim.changes 2020-01-07 23:55:33.984100233 +0100 @@ -1,0 +2,7 @@ +Sun Jan 5 14:46:17 UTC 2020 - BenoƮt Monin <benoit.mo...@gmx.fr> + +- add ssl_use_system_certs.patch (boo#1159017): + always use the system certificates and remove the provided one, + fix build with newer ca-certificates bundle + +------------------------------------------------------------------- New: ---- ssl_use_system_certs.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gajim.spec ++++++ --- /var/tmp/diff_new_pack.Dx9tKY/_old 2020-01-07 23:55:34.788100651 +0100 +++ /var/tmp/diff_new_pack.Dx9tKY/_new 2020-01-07 23:55:34.812100663 +0100 @@ -1,7 +1,7 @@ # # spec file for package gajim # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -25,6 +25,7 @@ Group: Productivity/Networking/Talk/Clients URL: https://gajim.org/ Source: https://gajim.org/downloads/%{_version}/%{name}-%{version}.tar.bz2 +Patch: ssl_use_system_certs.patch BuildRequires: ca-certificates-mozilla BuildRequires: fdupes BuildRequires: gobject-introspection-devel @@ -102,6 +103,7 @@ %prep %setup -q +%autopatch -p1 sed -i '/^Keywords/d' data/org.gajim.Gajim.desktop.in # FIXME: Some leftover. @@ -118,13 +120,6 @@ mv %{buildroot}{%{python3_sitelib}/%{name}/data,%{_datadir}/%{name}}/ ln -s %{_datadir}/%{name} %{buildroot}%{python3_sitelib}/%{name}/data -# Do not package PEM certificates. -for cert in DST_Root_CA_X3.pem; do - [ -f "%{trustdir_static}/$cert" ] - rm "%{buildroot}%{_datadir}/%{name}/plugins/plugin_installer/$cert" - ln -s "%{trustdir_static}/$cert" %{buildroot}%{_datadir}/%{name}/plugins/plugin_installer/ -done - %suse_update_desktop_file -r org.gajim.Gajim Network InstantMessaging %fdupes %{buildroot}%{_prefix}/ %find_lang %{name} ++++++ ssl_use_system_certs.patch ++++++ --- gajim/data/plugins/plugin_installer/DST_Root_CA_X3.pem | 20 ---------------- gajim/data/plugins/plugin_installer/plugin_installer.py | 8 ------ 2 files changed, 1 insertion(+), 27 deletions(-) --- gajim-1.1.3.orig/gajim/data/plugins/plugin_installer/DST_Root_CA_X3.pem +++ /dev/null @@ -1,20 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/ -MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT -DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow -PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD -Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O -rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq -OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b -xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw -7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD -aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV -HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG -SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69 -ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr -AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz -R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5 -JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo -Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ ------END CERTIFICATE----- \ No newline at end of file --- gajim-1.1.3.orig/gajim/data/plugins/plugin_installer/plugin_installer.py +++ gajim-1.1.3/gajim/data/plugins/plugin_installer/plugin_installer.py @@ -463,13 +463,7 @@ class DownloadAsync(threading.Thread): def download_url(self, url): log.info('Fetching %s', url) ssl_args = {} - if self.secure: - ssl_args['context'] = ssl.create_default_context( - cafile=self.plugin.local_file_path('DST_Root_CA_X3.pem')) - else: - ssl_args['context'] = ssl.create_default_context() - ssl_args['context'].check_hostname = False - ssl_args['context'].verify_mode = ssl.CERT_NONE + ssl_args['context'] = ssl.create_default_context() for flag in ('OP_NO_SSLv2', 'OP_NO_SSLv3', 'OP_NO_TLSv1', 'OP_NO_TLSv1_1',