GNU bug report logs - #72851
[PATCH] gnu: pidgin: Update to 2.14.13 [security fixes].

Previous Next

Package: guix-patches;

Reported by: Dariqq <dariqq <at> posteo.net>

Date: Wed, 28 Aug 2024 07:54:02 UTC

Severity: normal

Tags: patch

Done: Liliana Marie Prikler <liliana.prikler <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

Message #44 received at 72851 <at> debbugs.gnu.org (full text, mbox):

From: Dariqq <dariqq <at> posteo.net>
To: Liliana Marie Prikler <liliana.prikler <at> gmail.com>, 72851 <at> debbugs.gnu.org
Cc: me <at> tobias.gr
Subject: Re: [PATCH v2 4/6] gnu: pidgin: Use system ssl certs.
Date: Sat, 31 Aug 2024 09:07:36 +0000

Hi Liliana,

On 30.08.24 22:09, Liliana Marie Prikler wrote:
> Am Donnerstag, dem 29.08.2024 um 08:35 +0000 schrieb Dariqq:
>> If not present pidgin bundles its own certs otherwise.
> This should probably be a code comment or none at all.
> 
>> * gnu/packages/messaging.scm (pdigin) [inputs]: Add nss-certs.
> Note: pdgin, not pidgin.
>> [#:configure-flags]: Add  --with-system-ssl-certs
>>
>> Change-Id: I14ec36002b31b4de52871f065bd18c9d30eca275
>> ---
>>   gnu/packages/messaging.scm | 5 +++++
>>   1 file changed, 5 insertions(+)
>>
>> diff --git a/gnu/packages/messaging.scm b/gnu/packages/messaging.scm
>> index 6b3dff2152..4992db1bee 100644
>> --- a/gnu/packages/messaging.scm
>> +++ b/gnu/packages/messaging.scm
>> @@ -74,6 +74,7 @@ (define-module (gnu packages messaging)
>>     #:use-module (gnu packages bison)
>>     #:use-module (gnu packages boost)
>>     #:use-module (gnu packages check)
>> +  #:use-module (gnu packages certs)
>>     #:use-module (gnu packages code)
>>     #:use-module (gnu packages compression)
>>     #:use-module (gnu packages cpp)
>> @@ -1002,6 +1003,7 @@ (define-public pidgin
>>              network-manager
>>              nspr
>>              nss
>> +           nss-certs
>>              pango
>>              perl
>>              python-2
>> @@ -1024,6 +1026,9 @@ (define-public pidgin
>>           "--disable-gevolution"
>>           "--enable-cap"
>>           "--enable-cyrus-sasl"
>> +        (string-append "--with-system-ssl-certs="
>> +                       (assoc-ref %build-inputs "nss-certs")
>> +                       "/etc/ssl/certs")
> If pidgin bundles certificates, we should also drop them with a
> snippet. 

Removing the share/ca-certs/ dir in the source breaks the build system.

pidign/libpurple only installs and uses the bundled certs if the 
--with-system-ssl-certs is *not* given.


>  A runtime option would still be preferable – search for
> SSL_CERT_DIR.
> 

I am not motivated enough to try to patch pidgin to make this work, when 
all I initially wanted is a version that is not 3 years out of date.


> Cheers

Have a nice day
This bug report was last modified 265 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.