Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 237250 - net-im/pidgin-2.5.3 version bump request
Summary: net-im/pidgin-2.5.3 version bump request
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo net-im Herd
: 251016 251059 (view as bug list)
Depends on:
Reported: 2008-09-10 02:17 UTC by DEMAINE Benoît-Pierre, aka DoubleHP
Modified: 2008-12-26 22:51 UTC (History)
6 users (show)

See Also:
Package list:
Runtime testing required: ---

/tmp/emerge--info (emerge--info,11.58 KB, text/plain)
2008-09-10 02:17 UTC, DEMAINE Benoît-Pierre, aka DoubleHP
Update Microsoft_Secure_Server_Authority.pem (bug237250.patch,4.18 KB, patch)
2008-09-10 11:25 UTC, Martin von Gagern
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description DEMAINE Benoît-Pierre, aka DoubleHP 2008-09-10 02:17:39 UTC
When compiling =net-im/pidgin-2.5.1 with gnutls flag, loading an MSN account produces the following error:

The certificate chain presented by does not have a valid digital signature from the Certificate Authority from which it claims to have a signature.

MSN works, and is usable, but some features are disabled; and getting a pop-up every day is annoying.

Putting this flag off (and rebuilding) pushes this message away. People from IRC confirm that ssl-gnutls is nasty, and should be removed feature. Maybe the guy who think this should report to Pidgin's BTS to disable support for it; but, i come here to propose ban of the gnutls USE flag sensibility for this ebuild (and maybe all future versions).
Comment 1 DEMAINE Benoît-Pierre, aka DoubleHP 2008-09-10 02:17:54 UTC
Created attachment 165065 [details]
Comment 2 Wormo (RETIRED) gentoo-dev 2008-09-10 06:34:46 UTC
gnutls supports some additional protocols,

but perhaps none of them are needed by pidgin, in which case sticking with the more stable nss library sounds like a good idea. Let's see what the net-im maintainers think...
Comment 3 Serkan Kaba (RETIRED) gentoo-dev 2008-09-10 08:28:06 UTC
Upstream bug: TThere's also a certificate which can be used to work around the bug.
Comment 4 Martin von Gagern 2008-09-10 11:25:04 UTC
Created attachment 165098 [details, diff]
Update Microsoft_Secure_Server_Authority.pem

As I just commented on the upstream bug, one of the certificates shipped with pidgin should be updated. This patch here accomplishes the update, and can be applied using epatch.

Alternatively you could fetch the certificate from the upstream bug report and drop it into the fiels dir as is, simply copying in the ebuild. This would require the ebuild to mention the path of the destination, and might be a less common approach than simply calling epatch. On the other hand, this would allow you to handle the file using openssl command line tools, e.g. in order to verify it.

Steps to verify this certificate from its root, GTE CyberTrust Global Root, are described in the upstream bug report. So you don't have to trust me in order to trust this updated certificate.
Comment 5 DEMAINE Benoît-Pierre, aka DoubleHP 2008-12-15 14:40:31 UTC
same for net-im/pidgin-2.5.2 ... and same fix :)
Comment 6 DEMAINE Benoît-Pierre, aka DoubleHP 2008-12-15 14:41:04 UTC
*** Bug 251016 has been marked as a duplicate of this bug. ***
Comment 7 Martin von Gagern 2008-12-15 15:13:04 UTC
Comment on attachment 165098 [details, diff]
Update Microsoft_Secure_Server_Authority.pem

My patch is obsolete, as the certificates have changed yet again. See also
Comment 8 Panagiotis Christopoulos (RETIRED) gentoo-dev 2008-12-15 20:18:59 UTC
*** Bug 251059 has been marked as a duplicate of this bug. ***
Comment 9 Serkan Kaba (RETIRED) gentoo-dev 2008-12-23 07:36:35 UTC
According to upstream ChangeLog[1] this issue is fixed in 2.5.3. Can we bump?

Comment 10 DEMAINE Benoît-Pierre, aka DoubleHP 2008-12-23 14:15:48 UTC
(In reply to comment #3)
> Upstream bug: TThere's also a
> certificate which can be used to work around the bug.

As of today:

> Changed 2 months ago by khc ¶
>    * status changed from new to closed
>    * resolution set to fixed
>Actually I fixed it once, and for some reason I don't really remember,
> disapproved the change. I just disapproved my disapproval, so things should
> work in the next release. Thanks for reminding me and bringing it up again.

So, bumping will fix !

Is maintainance team still alive ? I consider Pidgin as a major application, and, to my despair, MSN as a major protocol (widely used), thus, we need a rapid fix. If maintainers do not show up (at least make a comment, and explain why they don't bump) within 2 weeks, I will ask for reassign.
Comment 11 Olivier Crete (RETIRED) gentoo-dev 2008-12-26 07:36:49 UTC
Already bumped... Dude... waiting 3 days over the xmas holiday isn't a lot...
Comment 12 DEMAINE Benoît-Pierre, aka DoubleHP 2008-12-26 12:02:35 UTC
Problem is that I have the bug in stable x86 ... so, to get my original problem fixed, we need 2.5.2 to be stable ... so, the root problem is not fixed yet ...
Comment 13 DEMAINE Benoît-Pierre, aka DoubleHP 2008-12-26 12:04:43 UTC
... problem only fixed when bug 241374 is cloed.
Comment 14 DEMAINE Benoît-Pierre, aka DoubleHP 2008-12-26 12:05:23 UTC
mistake: depends on 248137 (not on 241374 )
Comment 15 Peter Alfredsen (RETIRED) gentoo-dev 2008-12-26 22:48:00 UTC
A bug is FIXED if it is in the tree. File a bug for stabilization in 30 days if you want this stabilized.