Hello community, here is the log from the commit of package mumble for openSUSE:Factory checked in at 2012-02-16 10:06:19 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/mumble (Old) and /work/SRC/openSUSE:Factory/.mumble.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mumble", Maintainer is "" Changes: -------- --- /work/SRC/openSUSE:Factory/mumble/mumble.changes 2011-09-23 02:13:37.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.mumble.new/mumble.changes 2012-02-16 10:06:20.000000000 +0100 @@ -1,0 +2,5 @@ +Mon Feb 13 14:00:57 UTC 2012 - [email protected] + +- don't add built-in CA certificates (bnc#660784) + +------------------------------------------------------------------- New: ---- mumble-1.2.3-nohardcodedcas.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mumble.spec ++++++ --- /var/tmp/diff_new_pack.q9nuul/_old 2012-02-16 10:06:21.000000000 +0100 +++ /var/tmp/diff_new_pack.q9nuul/_new 2012-02-16 10:06:21.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package mumble # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -102,6 +102,7 @@ Patch3: 0001-if-service-name-is-empty-don-t-pass-an-empty-string.diff Patch4: 0001-remove-CAP_NET_ADMIN.diff Patch5: 0001-fix-bonjour-support-using-avahi-compat-lib.diff +Patch6: mumble-1.2.3-nohardcodedcas.diff Patch50: mumble-1.2.2-buildcompare.diff # hack, no clue about glx so no idea to fix this properly Patch99: mumble-1.1.4-sle10glx.diff @@ -171,6 +172,7 @@ %patch3 -p1 %patch4 -p1 %patch5 -p1 +%patch6 -p1 # %patch50 -p1 %if 0%{?suse_version} && 0%{?suse_version} < 1020 @@ -229,7 +231,7 @@ DEFINES*=PLUGIN_PATH=%{_libdir}/mumble/plugins \ CONFIG*=packaged \ %if 0%{?suse_version} - DEFINES*=SYSTEM_CA_DIR=/etc/ssl/certs \ + DEFINES*=NO_SYSTEM_CA_OVERRIDE \ %endif CONFIG*=no-g15 \ CONFIG*=no-embed-qt-translations \ ++++++ mumble-1.2.3-nohardcodedcas.diff ++++++ >From b7fb70c101dd6afff86173f3f5dcb6d99376d11e Mon Sep 17 00:00:00 2001 From: Ludwig Nussel <[email protected]> Date: Mon, 13 Feb 2012 14:42:05 +0100 Subject: [PATCH mumble] don't add hardcoded CA's if NO_SYSTEM_CA_OVERRIDE is defined actually mumble better should never add hardcoded CA certificates, you never know which one is next to be shut down --- src/SSL.cpp | 4 +++- 1 files changed, 3 insertions(+), 1 deletions(-) diff --git a/src/SSL.cpp b/src/SSL.cpp index ab9f0c8..40aaf13 100644 --- a/src/SSL.cpp +++ b/src/SSL.cpp @@ -36,6 +36,7 @@ /* CAs we recommend to end users, so support these */ +#if QT_VERSION < 0x040700 && !defined(NO_SYSTEM_CA_OVERRIDE) static const char *recommended_cas[] = { /* StartSSL */ "-----BEGIN CERTIFICATE-----\n" @@ -143,6 +144,7 @@ static const char *recommended_cas[] = { }; +#endif // NO_SYSTEM_CA_OVERRIDE void MumbleSSL::addSystemCA() { @@ -252,7 +254,6 @@ void MumbleSSL::addSystemCA() { } } QSslSocket::setDefaultCaCertificates(ql); -#endif // NO_SYSTEM_CA_OVERRIDE for (unsigned int i=0;i<sizeof(recommended_cas)/sizeof(recommended_cas[0]);++i) { QSslCertificate cert(recommended_cas[i]); @@ -261,4 +262,5 @@ void MumbleSSL::addSystemCA() { QSslSocket::addDefaultCaCertificates(QList<QSslCertificate>() << cert); } } +#endif // NO_SYSTEM_CA_OVERRIDE } -- 1.7.7 -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
