rpms/pidgin/F-10 pidgin-2.5.8-nss-md2.patch, NONE, 1.1 pidgin.spec, 1.77, 1.78
Stu Tomlinson
nosnilmot at fedoraproject.org
Mon Jul 20 01:15:51 UTC 2009
Author: nosnilmot
Update of /cvs/extras/rpms/pidgin/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv20230/F-10
Modified Files:
pidgin.spec
Added Files:
pidgin-2.5.8-nss-md2.patch
Log Message:
nss-3.12.3.99.3 has been pushed as a stable update to F10 now, so we need
this patch backported there too now :(
- Backport patch from upstream to enable NSS to recognize root CA
certificates that use MD2 & MD4 algorithms in their signature, as
used by some MSN and XMPP servers
pidgin-2.5.8-nss-md2.patch:
ssl-nss.c | 4 ++++
1 file changed, 4 insertions(+)
--- NEW FILE pidgin-2.5.8-nss-md2.patch ---
Original Author: qulogic at pidgin.im
Date: 2009-07-11T06:46:21
Branch: im.pidgin.pidgin
Modified files:
libpurple/plugins/ssl/ssl-nss.c
ChangeLog:
Enable the weaker MD2 and MD4 with RSA encryption signing algorithms that
are now disabled in NSS 3.12.3. This allows signing in without errors on at
least MSN, and some XMPP servers.
============================================================
--- libpurple/plugins/ssl/ssl-nss.c 54d9228e9319318b825b3aa486075d372e8cc8aa
+++ libpurple/plugins/ssl/ssl-nss.c 5d35e88f8d79d3e07316c324c55c30cec67a1aad
@@ -152,6 +152,10 @@ ssl_nss_init_nss(void)
SSL_CipherPrefSetDefault(SSL_DHE_RSA_WITH_DES_CBC_SHA, 1);
SSL_CipherPrefSetDefault(SSL_DHE_DSS_WITH_DES_CBC_SHA, 1);
+ /* Enable some weaker algorithms for XMPP and MSN */
+ NSS_SetAlgorithmPolicy(SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION, NSS_USE_ALG_IN_CERT_SIGNATURE, 0);
+ NSS_SetAlgorithmPolicy(SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION, NSS_USE_ALG_IN_CERT_SIGNATURE, 0);
+
_identity = PR_GetUniqueIdentity("Purple");
_nss_methods = PR_GetDefaultIOMethods();
}
Index: pidgin.spec
===================================================================
RCS file: /cvs/extras/rpms/pidgin/F-10/pidgin.spec,v
retrieving revision 1.77
retrieving revision 1.78
diff -u -p -r1.77 -r1.78
--- pidgin.spec 29 Jun 2009 00:40:28 -0000 1.77
+++ pidgin.spec 20 Jul 2009 01:15:21 -0000 1.78
@@ -29,6 +29,7 @@
%define perl_embed_separated 0
%define api_docs 0
%define krb4_removed 0
+%define nss_md2_disabled 0
# RHEL4: Use ALSA aplay to output sounds because it lacks gstreamer
%if 0%{?fedora} < 5
@@ -60,6 +61,10 @@
%define perl_embed_separated 1
%define api_docs 1
%endif
+# F11+: New NSS (3.12.3) disables weaker MD2 algorithm
+%if 0%{?fedora} >= 10
+%define nss_md2_disabled 1
+%endif
# F12+: krb4 removed
%if 0%{?fedora} >= 12
%define krb4_removed 1
@@ -68,7 +73,7 @@
Name: pidgin
Version: 2.5.8
-Release: 1%{?dist}
+Release: 2%{?dist}
License: GPLv2+ and GPLv2 and MIT
# GPLv2+ - libpurple, gnt, finch, pidgin, most prpls
# GPLv2 - silc & novell prpls
@@ -103,6 +108,7 @@ Patch0: pidgin-NOT-UPSTREAM-2.5.3-reread
Patch1: pidgin-NOT-UPSTREAM-2.5.2-rhel4-sound-migration.patch
## Patches 100+: To be Included in Future Upstream
+Patch100: pidgin-2.5.8-nss-md2.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-root
Summary: A Gtk+ based multiprotocol instant messaging client
@@ -125,7 +131,11 @@ BuildRequires: autoconf
BuildRequires: libtool
BuildRequires: startup-notification-devel
BuildRequires: cyrus-sasl-devel
-BuildRequires: nss-devel
+%if %{nss_md2_disabled}
+BuildRequires: nss-devel >= 3.12.3
+%else
+BuildRequires: nss-devel
+%endif
BuildRequires: gtk2-devel
BuildRequires: gettext
BuildRequires: intltool
@@ -140,7 +150,7 @@ BuildRequires: libxml2-devel
BuildRequires: krb5-devel
%endif
# gtkspell integration (FC1+)
-BuildRequires: gtkspell-devel, aspell-devel
+BuildRequires: gtkspell-devel
# Evolution integration (FC3+)
BuildRequires: evolution-data-server-devel
# SILC integration (FC3+)
@@ -349,6 +359,9 @@ echo "FEDORA=%{fedora} RHEL=%{rhel}"
%endif
## Patches 100+: To be Included in Future Upstream
+%if %{nss_md2_disabled}
+%patch100 -p0 -b .nssmd2
+%endif
# Our preferences
cp %{SOURCE1} prefs.xml
@@ -585,6 +598,11 @@ rm -rf $RPM_BUILD_ROOT
%endif
%changelog
+* Sat Jul 11 2009 Stu Tomlison <stu at nosnilmot.com> 2.5.8-2
+- Backport patch from upstream to enable NSS to recognize root CA
+ certificates that use MD2 & MD4 algorithms in their signature, as
+ used by some MSN and XMPP servers
+
* Sun Jun 28 2009 Warren Togami <wtogami at redat.com> 2.5.8-1
- 2.5.8 with several important bug fixes
More information about the fedora-extras-commits
mailing list