|Summary:||net-im/pidgin-2.5.3 version bump request|
|Product:||Gentoo Linux||Reporter:||DEMAINE Benoît-Pierre, aka DoubleHP <dhp_gentoo>|
|Component:||New packages||Assignee:||Gentoo net-im Herd <net-im>|
|Severity:||minor||CC:||amigadave, cazort, Martin.vGagern, pchrist, serkan, spatz|
|Package list:||Runtime testing required:||---|
Description DEMAINE Benoît-Pierre, aka DoubleHP 2008-09-10 02:17:39 UTC
When compiling =net-im/pidgin-2.5.1 with gnutls flag, loading an MSN account produces the following error: The certificate chain presented by rsi.hotmail.com does not have a valid digital signature from the Certificate Authority from which it claims to have a signature. MSN works, and is usable, but some features are disabled; and getting a pop-up every day is annoying. Putting this flag off (and rebuilding) pushes this message away. People from IRC confirm that ssl-gnutls is nasty, and should be removed feature. Maybe the guy who think this should report to Pidgin's BTS to disable support for it; but, i come here to propose ban of the gnutls USE flag sensibility for this ebuild (and maybe all future versions).
Comment 1 DEMAINE Benoît-Pierre, aka DoubleHP 2008-09-10 02:17:54 UTC
Created attachment 165065 [details] /tmp/emerge--info
Comment 2 Wormo (RETIRED) 2008-09-10 06:34:46 UTC
gnutls supports some additional protocols, http://www.gnu.org/software/gnutls/comparison.html but perhaps none of them are needed by pidgin, in which case sticking with the more stable nss library sounds like a good idea. Let's see what the net-im maintainers think...
Comment 3 Serkan Kaba (RETIRED) 2008-09-10 08:28:06 UTC
Upstream bug: http://developer.pidgin.im/ticket/6680. TThere's also a certificate which can be used to work around the bug.
Comment 4 Martin von Gagern 2008-09-10 11:25:04 UTC
Created attachment 165098 [details, diff] Update Microsoft_Secure_Server_Authority.pem As I just commented on the upstream bug, one of the certificates shipped with pidgin should be updated. This patch here accomplishes the update, and can be applied using epatch. Alternatively you could fetch the certificate from the upstream bug report and drop it into the fiels dir as is, simply copying in the ebuild. This would require the ebuild to mention the path of the destination, and might be a less common approach than simply calling epatch. On the other hand, this would allow you to handle the file using openssl command line tools, e.g. in order to verify it. Steps to verify this certificate from its root, GTE CyberTrust Global Root, are described in the upstream bug report. So you don't have to trust me in order to trust this updated certificate.
Comment 5 DEMAINE Benoît-Pierre, aka DoubleHP 2008-12-15 14:40:31 UTC
same for net-im/pidgin-2.5.2 ... and same fix :)
Comment 6 DEMAINE Benoît-Pierre, aka DoubleHP 2008-12-15 14:41:04 UTC
*** Bug 251016 has been marked as a duplicate of this bug. ***
Comment 7 Martin von Gagern 2008-12-15 15:13:04 UTC
Comment on attachment 165098 [details, diff] Update Microsoft_Secure_Server_Authority.pem My patch is obsolete, as the certificates have changed yet again. See also http://developer.pidgin.im/ticket/6680#comment:22
Comment 8 Panagiotis Christopoulos (RETIRED) 2008-12-15 20:18:59 UTC
*** Bug 251059 has been marked as a duplicate of this bug. ***
Comment 9 Serkan Kaba (RETIRED) 2008-12-23 07:36:35 UTC
According to upstream ChangeLog this issue is fixed in 2.5.3. Can we bump? 1: http://developer.pidgin.im/wiki/ChangeLog
Comment 10 DEMAINE Benoît-Pierre, aka DoubleHP 2008-12-23 14:15:48 UTC
(In reply to comment #3) > Upstream bug: http://developer.pidgin.im/ticket/6680. TThere's also a > certificate which can be used to work around the bug. > As of today: > Changed 2 months ago by khc ¶ > > * status changed from new to closed > * resolution set to fixed > >Actually I fixed it once, and for some reason I don't really remember, > disapproved the change. I just disapproved my disapproval, so things should > work in the next release. Thanks for reminding me and bringing it up again. So, bumping will fix ! Is maintainance team email@example.com still alive ? I consider Pidgin as a major application, and, to my despair, MSN as a major protocol (widely used), thus, we need a rapid fix. If maintainers do not show up (at least make a comment, and explain why they don't bump) within 2 weeks, I will ask for reassign.
Comment 11 Olivier Crete (RETIRED) 2008-12-26 07:36:49 UTC
Already bumped... Dude... waiting 3 days over the xmas holiday isn't a lot...
Comment 12 DEMAINE Benoît-Pierre, aka DoubleHP 2008-12-26 12:02:35 UTC
Problem is that I have the bug in stable x86 ... so, to get my original problem fixed, we need 2.5.2 to be stable ... so, the root problem is not fixed yet ...
Comment 13 DEMAINE Benoît-Pierre, aka DoubleHP 2008-12-26 12:04:43 UTC
... problem only fixed when bug 241374 is cloed.
Comment 14 DEMAINE Benoît-Pierre, aka DoubleHP 2008-12-26 12:05:23 UTC
mistake: depends on 248137 (not on 241374 )
Comment 15 Peter Alfredsen (RETIRED) 2008-12-26 22:48:00 UTC
A bug is FIXED if it is in the tree. File a bug for stabilization in 30 days if you want this stabilized.