[packages/pidgin] add support for loading certificates from /etc/certs/ca-certificates.crt

Thu Oct 22 18:08:31 CEST 2020

commit b611b90d3ab3c00c1b135485396a2c95a30a23b5
Author: Jan Palus <atler at pld-linux.org>
Date:   Thu Oct 22 18:06:10 2020 +0200

    add support for loading certificates from /etc/certs/ca-certificates.crt

 pidgin-ca_file.patch | 69 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 pidgin.spec          |  2 ++
 2 files changed, 71 insertions(+)
---

diff --git a/pidgin.spec b/pidgin.spec
index 6a3462e..58f05b5 100644
--- a/pidgin.spec
+++ b/pidgin.spec
@@ -49,6 +49,7 @@ Source0:	http://downloads.sourceforge.net/pidgin/%{name}-%{version}.tar.bz2
 # Source0-md5:	e135798bcf952ddb3c9e030c4b160c3e
 Patch0:		%{name}-nolibs.patch
 Patch1:		%{name}-dbus-dir.patch
+Patch2:		%{name}-ca_file.patch
 URL:		http://www.pidgin.im/
 BuildRequires:	GConf2
 BuildRequires:	GConf2-devel >= 2.16.0
@@ -556,6 +557,7 @@ Dokumentacja Pidgina dla programistów (format HTML).
 %setup -q
 %patch0 -p1
 %patch1 -p1
+%patch2 -p1
 
 %{__sed} -i -e '1s|#!/usr/bin/env python$|#!%{__python}|'  libpurple/purple-{remote,url-handler}
 
diff --git a/pidgin-ca_file.patch b/pidgin-ca_file.patch
new file mode 100644
index 0000000..91ef4c5
--- /dev/null
+++ b/pidgin-ca_file.patch
@@ -0,0 +1,69 @@
+diff --color -urN pidgin-2.14.1.orig/libpurple/certificate.c pidgin-2.14.1/libpurple/certificate.c
+--- pidgin-2.14.1.orig/libpurple/certificate.c	2020-06-10 04:41:32.000000000 +0200
++++ pidgin-2.14.1/libpurple/certificate.c	2020-10-22 17:55:33.752632736 +0200
+@@ -845,6 +845,7 @@
+ 	GPatternSpec *pempat, *crtpat;
+ 	GList *iter = NULL;
+ 	GSList *crts = NULL;
++	gboolean is_ca_file;
+ 
+ 	if (x509_ca_initialized) return TRUE;
+ 
+@@ -864,13 +865,16 @@
+ 
+ 	/* Populate the certificates pool from the search path(s) */
+ 	for (iter = x509_ca_paths; iter; iter = iter->next) {
+-		certdir = g_dir_open(iter->data, 0, NULL);
+-		if (!certdir) {
+-			purple_debug_error("certificate/x509/ca", "Couldn't open location '%s'\n", (const char *)iter->data);
+-			continue;
++		is_ca_file = g_file_test(iter->data, G_FILE_TEST_IS_REGULAR);
++		if (!is_ca_file) {
++			certdir = g_dir_open(iter->data, 0, NULL);
++			if (!certdir) {
++				purple_debug_error("certificate/x509/ca", "Couldn't open location '%s'\n", (const char *)iter->data);
++				continue;
++			}
+ 		}
+ 
+-		while ( (entry = g_dir_read_name(certdir)) ) {
++		while ((is_ca_file && (entry = iter->data)) || (entry = g_dir_read_name(certdir)) ) {
+ 			gchar *fullpath;
+ 			PurpleCertificate *crt;
+ 
+@@ -878,7 +882,7 @@
+ 				continue;
+ 			}
+ 
+-			fullpath = g_build_filename(iter->data, entry, NULL);
++			fullpath = is_ca_file ? g_strdup(entry) : g_build_filename(iter->data, entry, NULL);
+ 
+ 			/* TODO: Respond to a failure in the following? */
+ 			crts = purple_certificates_import(x509, fullpath);
+@@ -902,8 +906,14 @@
+ 			}
+ 
+ 			g_free(fullpath);
++
++			if (is_ca_file) {
++				break;
++			}
++		}
++		if (!is_ca_file) {
++			g_dir_close(certdir);
+ 		}
+-		g_dir_close(certdir);
+ 	}
+ 
+ 	g_pattern_spec_free(pempat);
+@@ -924,8 +934,9 @@
+ 		x509_ca_paths = g_list_append(NULL, g_build_filename(DATADIR,
+ 						   "ca-certs", NULL));
+ #else
++		x509_ca_paths = g_list_append(x509_ca_paths, g_strdup("/etc/certs/ca-certificates.crt"));
+ # ifdef SSL_CERTIFICATES_DIR
+-		x509_ca_paths = g_list_append(NULL, g_strdup(SSL_CERTIFICATES_DIR));
++		x509_ca_paths = g_list_append(x509_ca_paths, g_strdup(SSL_CERTIFICATES_DIR));
+ # endif
+ 		x509_ca_paths = g_list_append(x509_ca_paths,
+ 			g_build_filename(DATADIR, "purple", "ca-certs", NULL));
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/pidgin.git/commitdiff/b611b90d3ab3c00c1b135485396a2c95a30a23b5

