rpms/pidgin/F-10 pidgin-2.5.8-nss-md2.patch, NONE, 1.1 pidgin.spec, 1.77, 1.78

Stu Tomlinson nosnilmot at fedoraproject.org
Mon Jul 20 01:15:51 UTC 2009


Author: nosnilmot

Update of /cvs/extras/rpms/pidgin/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv20230/F-10

Modified Files:
	pidgin.spec 
Added Files:
	pidgin-2.5.8-nss-md2.patch 
Log Message:
nss-3.12.3.99.3 has been pushed as a stable update to F10 now, so we need
this patch backported there too now :(
- Backport patch from upstream to enable NSS to recognize root CA
  certificates that use MD2 & MD4 algorithms in their signature, as
  used by some MSN and XMPP servers


pidgin-2.5.8-nss-md2.patch:
 ssl-nss.c |    4 ++++
 1 file changed, 4 insertions(+)

--- NEW FILE pidgin-2.5.8-nss-md2.patch ---
Original Author: qulogic at pidgin.im
Date: 2009-07-11T06:46:21
Branch: im.pidgin.pidgin

Modified files:
        libpurple/plugins/ssl/ssl-nss.c

ChangeLog: 

Enable the weaker MD2 and MD4 with RSA encryption signing algorithms that
are now disabled in NSS 3.12.3. This allows signing in without errors on at
least MSN, and some XMPP servers.

============================================================
--- libpurple/plugins/ssl/ssl-nss.c	54d9228e9319318b825b3aa486075d372e8cc8aa
+++ libpurple/plugins/ssl/ssl-nss.c	5d35e88f8d79d3e07316c324c55c30cec67a1aad
@@ -152,6 +152,10 @@ ssl_nss_init_nss(void)
 	SSL_CipherPrefSetDefault(SSL_DHE_RSA_WITH_DES_CBC_SHA, 1);
 	SSL_CipherPrefSetDefault(SSL_DHE_DSS_WITH_DES_CBC_SHA, 1);
 
+	/* Enable some weaker algorithms for XMPP and MSN */
+	NSS_SetAlgorithmPolicy(SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION, NSS_USE_ALG_IN_CERT_SIGNATURE, 0);
+	NSS_SetAlgorithmPolicy(SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION, NSS_USE_ALG_IN_CERT_SIGNATURE, 0);
+
 	_identity = PR_GetUniqueIdentity("Purple");
 	_nss_methods = PR_GetDefaultIOMethods();
 }


Index: pidgin.spec
===================================================================
RCS file: /cvs/extras/rpms/pidgin/F-10/pidgin.spec,v
retrieving revision 1.77
retrieving revision 1.78
diff -u -p -r1.77 -r1.78
--- pidgin.spec	29 Jun 2009 00:40:28 -0000	1.77
+++ pidgin.spec	20 Jul 2009 01:15:21 -0000	1.78
@@ -29,6 +29,7 @@
 %define perl_embed_separated	0
 %define api_docs		0
 %define krb4_removed		0
+%define nss_md2_disabled	0
 
 # RHEL4: Use ALSA aplay to output sounds because it lacks gstreamer
 %if 0%{?fedora} < 5
@@ -60,6 +61,10 @@
 %define perl_embed_separated	1
 %define api_docs		1
 %endif
+# F11+: New NSS (3.12.3) disables weaker MD2 algorithm
+%if 0%{?fedora} >= 10
+%define nss_md2_disabled	1
+%endif
 # F12+: krb4 removed
 %if 0%{?fedora} >= 12
 %define krb4_removed	1
@@ -68,7 +73,7 @@
 
 Name:		pidgin
 Version:	2.5.8
-Release:	1%{?dist}
+Release:	2%{?dist}
 License:        GPLv2+ and GPLv2 and MIT
 # GPLv2+ - libpurple, gnt, finch, pidgin, most prpls
 # GPLv2 - silc & novell prpls
@@ -103,6 +108,7 @@ Patch0: pidgin-NOT-UPSTREAM-2.5.3-reread
 Patch1: pidgin-NOT-UPSTREAM-2.5.2-rhel4-sound-migration.patch
 
 ## Patches 100+: To be Included in Future Upstream
+Patch100: pidgin-2.5.8-nss-md2.patch
 
 BuildRoot:	%{_tmppath}/%{name}-%{version}-root
 Summary:	A Gtk+ based multiprotocol instant messaging client
@@ -125,7 +131,11 @@ BuildRequires:  autoconf
 BuildRequires:  libtool
 BuildRequires:	startup-notification-devel
 BuildRequires:  cyrus-sasl-devel
-BuildRequires:	nss-devel
+%if %{nss_md2_disabled}
+BuildRequires:	nss-devel >= 3.12.3
+%else
+BuildRequires:  nss-devel
+%endif
 BuildRequires:	gtk2-devel
 BuildRequires:  gettext
 BuildRequires:  intltool
@@ -140,7 +150,7 @@ BuildRequires:  libxml2-devel
 BuildRequires:	krb5-devel
 %endif
 # gtkspell integration (FC1+)
-BuildRequires:	gtkspell-devel, aspell-devel
+BuildRequires:	gtkspell-devel
 # Evolution integration (FC3+)
 BuildRequires:	evolution-data-server-devel
 # SILC integration (FC3+)
@@ -349,6 +359,9 @@ echo "FEDORA=%{fedora} RHEL=%{rhel}"
 %endif
 
 ## Patches 100+: To be Included in Future Upstream
+%if %{nss_md2_disabled}
+%patch100 -p0 -b .nssmd2
+%endif
 
 # Our preferences
 cp %{SOURCE1} prefs.xml
@@ -585,6 +598,11 @@ rm -rf $RPM_BUILD_ROOT
 %endif
 
 %changelog
+* Sat Jul 11 2009 Stu Tomlison <stu at nosnilmot.com> 2.5.8-2
+- Backport patch from upstream to enable NSS to recognize root CA
+  certificates that use MD2 & MD4 algorithms in their signature, as
+  used by some MSN and XMPP servers
+
 * Sun Jun 28 2009 Warren Togami <wtogami at redat.com> 2.5.8-1
 - 2.5.8 with several important bug fixes
 




More information about the fedora-extras-commits mailing list