Hello community, here is the log from the commit of package mumble for openSUSE:Factory checked in at 2012-02-16 10:06:19 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/mumble (Old) and /work/SRC/openSUSE:Factory/.mumble.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "mumble", Maintainer is "" Changes: -------- --- /work/SRC/openSUSE:Factory/mumble/mumble.changes 2011-09-23 02:13:37.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.mumble.new/mumble.changes 2012-02-16 10:06:20.000000000 +0100 @@ -1,0 +2,5 @@ +Mon Feb 13 14:00:57 UTC 2012 - lnussel@suse.de + +- don't add built-in CA certificates (bnc#660784) + +------------------------------------------------------------------- New: ---- mumble-1.2.3-nohardcodedcas.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mumble.spec ++++++ --- /var/tmp/diff_new_pack.q9nuul/_old 2012-02-16 10:06:21.000000000 +0100 +++ /var/tmp/diff_new_pack.q9nuul/_new 2012-02-16 10:06:21.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package mumble # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -102,6 +102,7 @@ Patch3: 0001-if-service-name-is-empty-don-t-pass-an-empty-string.diff Patch4: 0001-remove-CAP_NET_ADMIN.diff Patch5: 0001-fix-bonjour-support-using-avahi-compat-lib.diff +Patch6: mumble-1.2.3-nohardcodedcas.diff Patch50: mumble-1.2.2-buildcompare.diff # hack, no clue about glx so no idea to fix this properly Patch99: mumble-1.1.4-sle10glx.diff @@ -171,6 +172,7 @@ %patch3 -p1 %patch4 -p1 %patch5 -p1 +%patch6 -p1 # %patch50 -p1 %if 0%{?suse_version} && 0%{?suse_version} < 1020 @@ -229,7 +231,7 @@ DEFINES*=PLUGIN_PATH=%{_libdir}/mumble/plugins \ CONFIG*=packaged \ %if 0%{?suse_version} - DEFINES*=SYSTEM_CA_DIR=/etc/ssl/certs \ + DEFINES*=NO_SYSTEM_CA_OVERRIDE \ %endif CONFIG*=no-g15 \ CONFIG*=no-embed-qt-translations \ ++++++ mumble-1.2.3-nohardcodedcas.diff ++++++
From b7fb70c101dd6afff86173f3f5dcb6d99376d11e Mon Sep 17 00:00:00 2001 From: Ludwig Nussel
Date: Mon, 13 Feb 2012 14:42:05 +0100 Subject: [PATCH mumble] don't add hardcoded CA's if NO_SYSTEM_CA_OVERRIDE is defined
actually mumble better should never add hardcoded CA certificates,
you never know which one is next to be shut down
---
src/SSL.cpp | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/src/SSL.cpp b/src/SSL.cpp
index ab9f0c8..40aaf13 100644
--- a/src/SSL.cpp
+++ b/src/SSL.cpp
@@ -36,6 +36,7 @@
/* CAs we recommend to end users, so support these */
+#if QT_VERSION < 0x040700 && !defined(NO_SYSTEM_CA_OVERRIDE)
static const char *recommended_cas[] = {
/* StartSSL */
"-----BEGIN CERTIFICATE-----\n"
@@ -143,6 +144,7 @@ static const char *recommended_cas[] = {
};
+#endif // NO_SYSTEM_CA_OVERRIDE
void MumbleSSL::addSystemCA() {
@@ -252,7 +254,6 @@ void MumbleSSL::addSystemCA() {
}
}
QSslSocket::setDefaultCaCertificates(ql);
-#endif // NO_SYSTEM_CA_OVERRIDE
for (unsigned int i=0;i