[bitlbee: 1/2] Harmonize SSL/NSS implementation.
Matej Cepl
mcepl at fedoraproject.org
Tue Aug 28 14:23:15 UTC 2012
commit 7fe5b470a85eb85307fbc92da6e7a3c09dcc56e1
Author: Matěj Cepl <mcepl at redhat.com>
Date: Tue Aug 28 16:23:51 2012 +0200
Harmonize SSL/NSS implementation.
bitlbee-3.0.5-des3-implement.patch | 118 -----
bitlbee-3.0.5-moreerrorhandling-rhbz749895.patch | 146 -------
bitlbee-3.0.5-ssl_nss-implement.patch | 506 ++++++++++++++++++++++
bitlbee.spec | 65 ++-
4 files changed, 548 insertions(+), 287 deletions(-)
---
diff --git a/bitlbee-3.0.5-ssl_nss-implement.patch b/bitlbee-3.0.5-ssl_nss-implement.patch
new file mode 100644
index 0000000..af6263e
--- /dev/null
+++ b/bitlbee-3.0.5-ssl_nss-implement.patch
@@ -0,0 +1,506 @@
+From 828371c632ac8f9362591b515124234b7dff918d Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= <mcepl at redhat.com>
+Date: Mon, 22 Nov 2010 01:36:24 +0100
+Subject: [PATCH] NSS-based implementation of SSL-related operations.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+ * no verification support
+ * ssl_des3_encrypt implemented and functional.
+
+Signed-off-by: Matěj Cepl <mcepl at redhat.com>
+---
+ .gitignore | 7 ++
+ configure | 6 +-
+ lib/ssl_nss.c | 330 ++++++++++++++++++++++++++++++++++++++++++---------------
+ 3 files changed, 257 insertions(+), 86 deletions(-)
+ create mode 100644 .gitignore
+
+diff --git a/.gitignore b/.gitignore
+new file mode 100644
+index 0000000..1899086
+--- /dev/null
++++ b/.gitignore
+@@ -0,0 +1,7 @@
++*~
++*.o
++.depend/
++Makefile.settings
++bitlbee
++bitlbee.pc
++config.h
+diff --git a/configure b/configure
+index 697a33b..c0d3735 100755
+--- a/configure
++++ b/configure
+@@ -453,10 +453,10 @@ if [ "$ret" = "0" ]; then
+ exit 1
+ fi;
+
+-if [ "$msn" = "1" -a "$ssl" != "openssl" -a "$ssl" != "gnutls" ]; then
+- # Needed for MSN only. OpenSSL exports nice cipher functions already,
++if [ "$msn" = "1" -a "$ssl" != "openssl" -a "$ssl" != "gnutls" -a "$ssl" != "nss" ]; then
++ # Needed for MSN only. OpenSSL and NSS export nice cipher functions already,
+ # in case of GnuTLS we should be able to use gcrypt. Otherwise, use
+- # built-in stuff. (Since right now those are the only two supported
++ # built-in stuff. (Since right now those are the only three supported
+ # SSL modules anyway, this is mostly unnecessary.)
+ echo 'DES=des.o' >> Makefile.settings
+ fi
+diff --git a/lib/ssl_nss.c b/lib/ssl_nss.c
+index d50620d..4e7a79d 100644
+--- a/lib/ssl_nss.c
++++ b/lib/ssl_nss.c
+@@ -39,39 +39,46 @@
+ #include <seccomon.h>
+ #include <secerr.h>
+ #include <sslerr.h>
++#include <assert.h>
++#include <unistd.h>
+
+ int ssl_errno = 0;
+
+ static gboolean initialized = FALSE;
+
+-struct scd
+-{
++#define SSLDEBUG 0
++
++struct scd {
+ ssl_input_function func;
+ gpointer data;
+ int fd;
++ char *hostname;
+ PRFileDesc *prfd;
+ gboolean established;
+ gboolean verify;
+ };
+
+-static gboolean ssl_connected( gpointer data, gint source, b_input_condition cond );
+-static gboolean ssl_starttls_real( gpointer data, gint source, b_input_condition cond );
++static gboolean ssl_connected(gpointer data, gint source,
++ b_input_condition cond);
++static gboolean ssl_starttls_real(gpointer data, gint source,
++ b_input_condition cond);
+
+-
+-static SECStatus nss_auth_cert (void *arg, PRFileDesc *socket, PRBool checksig, PRBool isserver)
++static SECStatus nss_auth_cert(void *arg, PRFileDesc * socket, PRBool checksig,
++ PRBool isserver)
+ {
+ return SECSuccess;
+ }
+
+-static SECStatus nss_bad_cert (void *arg, PRFileDesc *socket)
++static SECStatus nss_bad_cert(void *arg, PRFileDesc * socket)
+ {
+ PRErrorCode err;
+
+- if(!arg) return SECFailure;
++ if (!arg)
++ return SECFailure;
+
+- *(PRErrorCode *)arg = err = PORT_GetError();
++ *(PRErrorCode *) arg = err = PORT_GetError();
+
+- switch(err) {
++ switch (err) {
+ case SEC_ERROR_INVALID_AVA:
+ case SEC_ERROR_INVALID_TIME:
+ case SEC_ERROR_BAD_SIGNATURE:
+@@ -93,52 +100,63 @@ static SECStatus nss_bad_cert (void *arg, PRFileDesc *socket)
+ }
+ }
+
+-
+-void ssl_init( void )
++void ssl_init(void)
+ {
+- PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
++ PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
++ // https://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslfnc.html#1234224
++ // This NSS function is not intended for use with SSL, which
++ // requires that the certificate and key database files be
++ // opened. Relates to whole non-verification of servers for now.
+ NSS_NoDB_Init(NULL);
+ NSS_SetDomesticPolicy();
+ initialized = TRUE;
+ }
+
+-void *ssl_connect( char *host, int port, gboolean verify, ssl_input_function func, gpointer data )
++void *ssl_connect(char *host, int port, gboolean verify,
++ ssl_input_function func, gpointer data)
+ {
+- struct scd *conn = g_new0( struct scd, 1 );
+-
+- conn->fd = proxy_connect( host, port, ssl_connected, conn );
++ struct scd *conn = g_new0(struct scd, 1);
++
++ conn->fd = proxy_connect(host, port, ssl_connected, conn);
+ conn->func = func;
+ conn->data = data;
+-
+- if( conn->fd < 0 )
+- {
+- g_free( conn );
+- return( NULL );
++ conn->hostname = g_strdup(host);
++
++ if (conn->fd < 0) {
++ g_free(conn->hostname);
++ g_free(conn);
++ return (NULL);
+ }
+-
+- if( !initialized )
+- {
++
++ if (!initialized) {
+ ssl_init();
+ }
+
+-
+- return( conn );
++ return (conn);
+ }
+
+-static gboolean ssl_starttls_real( gpointer data, gint source, b_input_condition cond )
++static gboolean ssl_starttls_real(gpointer data, gint source,
++ b_input_condition cond)
+ {
+ struct scd *conn = data;
+
+- return ssl_connected( conn, conn->fd, B_EV_IO_WRITE );
++ return ssl_connected(conn, conn->fd, B_EV_IO_WRITE);
+ }
+
+-void *ssl_starttls( int fd, char *hostname, gboolean verify, ssl_input_function func, gpointer data )
++void *ssl_starttls(int fd, char *hostname, gboolean verify,
++ ssl_input_function func, gpointer data)
+ {
+- struct scd *conn = g_new0( struct scd, 1 );
++ struct scd *conn = g_new0(struct scd, 1);
+
+ conn->fd = fd;
+ conn->func = func;
+ conn->data = data;
++ conn->hostname = hostname;
++
++ /* For now, SSL verification is globally enabled by setting the cafile
++ setting in bitlbee.conf. Commented out by default because probably
++ not everyone has this file in the same place and plenty of folks
++ may not have the cert of their private Jabber server in it. */
+ conn->verify = verify && global.conf->cafile;
+
+ /* This function should be called via a (short) timeout instead of
+@@ -150,108 +168,254 @@ void *ssl_starttls( int fd, char *hostname, gboolean verify, ssl_input_function
+ In short, doing things like this makes the rest of the code a lot
+ simpler. */
+
+- b_timeout_add( 1, ssl_starttls_real, conn );
++ b_timeout_add(1, ssl_starttls_real, conn);
+
+ return conn;
+ }
+
+-static gboolean ssl_connected( gpointer data, gint source, b_input_condition cond )
++static gboolean ssl_connected(gpointer data, gint source,
++ b_input_condition cond)
+ {
+ struct scd *conn = data;
+-
++
+ /* Right now we don't have any verification functionality for NSS. */
+
+- if( conn->verify )
+- {
+- conn->func( conn->data, 1, NULL, cond );
+- if( source >= 0 ) closesocket( source );
+- g_free( conn );
++ if (conn->verify) {
++ conn->func(conn->data, 1, NULL, cond);
++ if (source >= 0)
++ closesocket(source);
++ g_free(conn->hostname);
++ g_free(conn);
+
+ return FALSE;
+ }
+-
+- if( source == -1 )
++
++ if (source == -1)
+ goto ssl_connected_failure;
+-
++
+ /* Until we find out how to handle non-blocking I/O with NSS... */
+- sock_make_blocking( conn->fd );
+-
++ sock_make_blocking(conn->fd);
++
+ conn->prfd = SSL_ImportFD(NULL, PR_ImportTCPSocket(source));
++ if (!conn->prfd)
++ goto ssl_connected_failure;
+ SSL_OptionSet(conn->prfd, SSL_SECURITY, PR_TRUE);
+ SSL_OptionSet(conn->prfd, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE);
+- SSL_BadCertHook(conn->prfd, (SSLBadCertHandler)nss_bad_cert, NULL);
+- SSL_AuthCertificateHook(conn->prfd, (SSLAuthCertificate)nss_auth_cert, (void *)CERT_GetDefaultCertDB());
++ SSL_BadCertHook(conn->prfd, (SSLBadCertHandler) nss_bad_cert, NULL);
++ SSL_AuthCertificateHook(conn->prfd, (SSLAuthCertificate) nss_auth_cert,
++ (void *)CERT_GetDefaultCertDB());
++ SSL_SetURL(conn->prfd, conn->hostname);
+ SSL_ResetHandshake(conn->prfd, PR_FALSE);
+
+ if (SSL_ForceHandshake(conn->prfd)) {
+ goto ssl_connected_failure;
+ }
+-
+-
++
+ conn->established = TRUE;
+- conn->func( conn->data, 0, conn, cond );
++ conn->func(conn->data, 0, conn, cond);
+ return FALSE;
+-
+- ssl_connected_failure:
+-
+- conn->func( conn->data, 0, NULL, cond );
+-
+- PR_Close( conn -> prfd );
+- if( source >= 0 ) closesocket( source );
+- g_free( conn );
+-
++
++ ssl_connected_failure:
++
++ conn->func(conn->data, 0, NULL, cond);
++
++ if (conn->prfd)
++ PR_Close(conn->prfd);
++ if (source >= 0)
++ closesocket(source);
++ g_free(conn->hostname);
++ g_free(conn);
++
+ return FALSE;
+ }
+
+-int ssl_read( void *conn, char *buf, int len )
++int ssl_read(void *conn, char *buf, int len)
+ {
+- if( !((struct scd*)conn)->established )
+- return( 0 );
+-
+- return( PR_Read( ((struct scd*)conn)->prfd, buf, len ) );
++ int st;
++ PRErrorCode PR_err;
++
++ if (!((struct scd *)conn)->established) {
++ ssl_errno = SSL_NOHANDSHAKE;
++ return -1;
++ }
++
++ st = PR_Read(((struct scd *)conn)->prfd, buf, len);
++ PR_err = PR_GetError();
++
++ ssl_errno = SSL_OK;
++ if (PR_err == PR_WOULD_BLOCK_ERROR)
++ ssl_errno = SSL_AGAIN;
++
++ if (SSLDEBUG && getenv("BITLBEE_DEBUG") && st > 0)
++ len = write(STDERR_FILENO, buf, st);
++
++ return st;
+ }
+
+-int ssl_write( void *conn, const char *buf, int len )
++int ssl_write(void *conn, const char *buf, int len)
+ {
+- if( !((struct scd*)conn)->established )
+- return( 0 );
+-
+- return( PR_Write ( ((struct scd*)conn)->prfd, buf, len ) );
++ int st;
++ PRErrorCode PR_err;
++
++ if (!((struct scd *)conn)->established) {
++ ssl_errno = SSL_NOHANDSHAKE;
++ return -1;
++ }
++ st = PR_Write(((struct scd *)conn)->prfd, buf, len);
++
++ ssl_errno = SSL_OK;
++ if (PR_err == PR_WOULD_BLOCK_ERROR)
++ ssl_errno = SSL_AGAIN;
++
++ if (SSLDEBUG && getenv("BITLBEE_DEBUG") && st > 0)
++ len = write(2, buf, st);
++
++ return st;
+ }
+
+-int ssl_pending( void *conn )
++int ssl_pending(void *conn)
+ {
+- struct scd *c = (struct scd *) conn;
++ struct scd *c = (struct scd *)conn;
+
+- if( c == NULL ) {
++ if (c == NULL) {
+ return 0;
+ }
+
+- return ( c->established && SSL_DataPending( c->prfd ) > 0 );
++ return (c->established && SSL_DataPending(c->prfd) > 0);
+ }
+
+-void ssl_disconnect( void *conn_ )
++void ssl_disconnect(void *conn_)
+ {
+ struct scd *conn = conn_;
+-
+- PR_Close( conn->prfd );
+- closesocket( conn->fd );
+-
+- g_free( conn );
++
++ // When we swich to NSS_Init, we should have here
++ // NSS_Shutdown();
++
++ if (conn->prfd)
++ PR_Close(conn->prfd);
++
++ g_free(conn->hostname);
++ g_free(conn);
+ }
+
+-int ssl_getfd( void *conn )
++int ssl_getfd(void *conn)
+ {
+- return( ((struct scd*)conn)->fd );
++ return (((struct scd *)conn)->fd);
+ }
+
+-b_input_condition ssl_getdirection( void *conn )
++b_input_condition ssl_getdirection(void *conn)
+ {
+ /* Just in case someone calls us, let's return the most likely case: */
+ return B_EV_IO_READ;
+ }
+
+-char *ssl_verify_strerror( int code )
++char *ssl_verify_strerror(int code)
++{
++ return
++ g_strdup
++ ("SSL certificate verification not supported by BitlBee NSS code.");
++}
++
++size_t ssl_des3_encrypt(const unsigned char *key, size_t key_len,
++ const unsigned char *input, size_t input_len,
++ const unsigned char *iv, unsigned char **res)
+ {
+- return g_strdup( "SSL certificate verification not supported by BitlBee NSS code." );
++#define CIPHER_MECH CKM_DES3_CBC
++#define MAX_OUTPUT_LEN 72
++
++ int len1;
++ unsigned int len2;
++
++ PK11Context *ctx = NULL;
++ PK11SlotInfo *slot = NULL;
++ SECItem keyItem;
++ SECItem ivItem;
++ SECItem *secParam = NULL;
++ PK11SymKey *symKey = NULL;
++
++ size_t rc;
++ SECStatus rv;
++
++ if (!initialized) {
++ ssl_init();
++ }
++
++ keyItem.data = (unsigned char *)key;
++ keyItem.len = key_len;
++
++ slot = PK11_GetBestSlot(CIPHER_MECH, NULL);
++ if (slot == NULL) {
++ fprintf(stderr, "PK11_GetBestSlot failed (err %d)\n",
++ PR_GetError());
++ rc = 0;
++ goto out;
++ }
++
++ symKey =
++ PK11_ImportSymKey(slot, CIPHER_MECH, PK11_OriginUnwrap, CKA_ENCRYPT,
++ &keyItem, NULL);
++ if (symKey == NULL) {
++ fprintf(stderr, "PK11_ImportSymKey failed (err %d)\n",
++ PR_GetError());
++ rc = 0;
++ goto out;
++ }
++
++ ivItem.data = (unsigned char *)iv;
++ /* See msn_soap_passport_sso_handle_response in protocols/msn/soap.c */
++ ivItem.len = 8;
++
++ secParam = PK11_ParamFromIV(CIPHER_MECH, &ivItem);
++ if (secParam == NULL) {
++ fprintf(stderr, "PK11_ParamFromIV failed (err %d)\n",
++ PR_GetError());
++ rc = 0;
++ goto out;
++ }
++
++ ctx =
++ PK11_CreateContextBySymKey(CIPHER_MECH, CKA_ENCRYPT, symKey,
++ secParam);
++ if (ctx == NULL) {
++ fprintf(stderr, "PK11_CreateContextBySymKey failed (err %d)\n",
++ PR_GetError());
++ rc = 0;
++ goto out;
++ }
++
++ *res = g_new0(unsigned char, MAX_OUTPUT_LEN);
++
++ rv = PK11_CipherOp(ctx, *res, &len1, MAX_OUTPUT_LEN,
++ (unsigned char *)input, input_len);
++ if (rv != SECSuccess) {
++ fprintf(stderr, "PK11_CipherOp failed (err %d)\n",
++ PR_GetError());
++ rc = 0;
++ goto out;
++ }
++
++ assert(len1 <= MAX_OUTPUT_LEN);
++
++ rv = PK11_DigestFinal(ctx, *res + len1, &len2,
++ (unsigned int)MAX_OUTPUT_LEN - len1);
++ if (rv != SECSuccess) {
++ fprintf(stderr, "PK11_DigestFinal failed (err %d)\n",
++ PR_GetError());
++ rc = 0;
++ goto out;
++ }
++
++ rc = len1 + len2;
++
++ out:
++ if (ctx)
++ PK11_DestroyContext(ctx, PR_TRUE);
++ if (symKey)
++ PK11_FreeSymKey(symKey);
++ if (secParam)
++ SECITEM_FreeItem(secParam, PR_TRUE);
++ if (slot)
++ PK11_FreeSlot(slot);
++
++ return rc;
+ }
+--
+1.7.10.2
+
diff --git a/bitlbee.spec b/bitlbee.spec
index dfd78da..6af3d6e 100644
--- a/bitlbee.spec
+++ b/bitlbee.spec
@@ -1,7 +1,19 @@
+%if 0%{?fedora} >= 15 || 0%{?rhel} >= 7
+%bcond_without otr
+%else
+%bcond_with otr
+%endif
+
+%if 0%{?fedora} >= 15 || 0%{?rhel} >= 7
+%bcond_without systemd
+%else
+%bcond_with systemd
+%endif
+
Summary: IRC to other chat networks gateway
Name: bitlbee
Version: 3.0.5
-Release: 2%{?dist}
+Release: 3%{?dist}
License: GPLv2+ and MIT
Group: System Environment/Daemons
URL: http://www.bitlbee.org/
@@ -20,25 +32,27 @@ Patch1: bitlbee-3.0.5-installP.patch
Patch2: bitlbee-libresolv.patch
# Completion of NSS-based SSL implementation. Sent upstream. #714
# (combined with two tiny fixes from RHBZ #666022)
-Patch4: bitlbee-3.0.5-des3-implement.patch
+Patch4: bitlbee-3.0.5-ssl_nss-implement.patch
# When the above patches will be consolidated upstream, this should merge
# with Patch1 or Patch2 or something like that
Patch5: bitlbee-forkdaemon.patch
# Patch rejected upstream, however we need to keep this, because
# of the SELinux policy is set up for this mode of operation.
Patch6: bitlbee-systemd.patch
-# Suggested fix for RHBZ# 749895
-Patch7: bitlbee-3.0.5-moreerrorhandling-rhbz749895.patch
+
Requires(pre): shadow-utils
Requires(preun): /sbin/service
BuildRequires: glib2-devel >= 2.4, libxslt
BuildRequires: nss-devel
-%if 0%{?fedora} >= 15 || 0%{?rhel} >= 7
+%if %{with systemd}
BuildRequires: pkgconfig(systemd)
Requires: systemd-units
%else
Requires: xinetd
%endif
+%if %{with otr}
+BuildRequires: libotr-devel >= 3.2.0
+%endif
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
%description
@@ -56,11 +70,10 @@ Requires: %{name}%{?_isa} = %{version}-%{release}, pkgconfig
The bitlbee-devel package includes header files necessary for building and
developing programs and plugins which use bitlbee.
-%if 0%{?fedora}%{?rhel} >= 6
+%if %{with otr}
%package otr
Summary: OTR plugin for bitlbee
Group: System Environment/Daemons
-BuildRequires: libotr-devel >= 3.2.0
Requires: %{name}%{?_isa} = %{version}-%{release}
%description otr
@@ -72,15 +85,17 @@ completely stable and not 100% foolproof so use at your own risk.
%setup -q
%patch0 -p1
%patch1 -p1
-%if 0%{?fedora}%{?rhel} < 6
+
+%if 0%{?rhel} < 6
%patch2 -p1
%endif
+
%patch4 -p1
-%if 0%{?fedora} >= 15 || 0%{?rhel} >= 7
+
+%if %{with systemd}
%patch5 -p1
%patch6 -p1
%endif
-%patch7 -p1
%build
# Note that we cannot use openssl in Fedora packages ... it breaks GPL
@@ -96,7 +111,7 @@ CFLAGS="$RPM_OPT_FLAGS" ./configure \
--strip=0 \
--plugins=1 \
--ssl=nss \
-%if 0%{?fedora}%{?rhel} >= 6
+%if %{with otr}
--otr=plugin
%endif
@@ -108,11 +123,11 @@ make DESTDIR=$RPM_BUILD_ROOT install install-dev install-etc
# Install some files manually to their correct destination
mkdir -p $RPM_BUILD_ROOT{%{_localstatedir}/lib,%{_libdir}}/%{name}
-%if 0%{?fedora} < 15
-install -D -p -m 644 %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/xinetd.d/%{name}
-%else
+%if %{with systemd}
install -p -d $RPM_BUILD_ROOT%{_unitdir}
install -p -m 644 init/%{name}{.service, at .service,.socket} $RPM_BUILD_ROOT%{_unitdir}
+%else
+install -D -p -m 644 %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/xinetd.d/%{name}
%endif
install -D -p -m 644 %{name}.conf $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/%{name}.conf
@@ -135,7 +150,7 @@ getent passwd %{name} > /dev/null || %{_sbindir}/useradd -r -g %{name} -d %{_loc
exit 0
%post
-%if 0%{?fedora} >= 15
+%if %{with systemd}
if [ $1 -eq 1 ]; then
# Package install, not upgrade
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
@@ -143,21 +158,21 @@ fi
%endif
%preun
-%if 0%{?fedora} < 15
-if [ $1 -eq 0 ]; then
- /sbin/service xinetd condrestart > /dev/null 2>&1
-fi
-%else
+%if %{with systemd}
# Work around RHBZ #655116
if [ $1 -eq 0 ] ; then
# Package removal, not upgrade
/bin/systemctl disable bitlbee.service > /dev/null 2>&1 || :
/bin/systemctl stop bitlbee.service > /dev/null 2>&1 || :
fi
+%else
+if [ $1 -eq 0 ]; then
+ /sbin/service xinetd condrestart > /dev/null 2>&1
+fi
%endif
%postun
-%if 0%{?fedora} >= 15
+%if %{with systemd}
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
if [ $1 -ge 1 ] ; then
# Package upgrade, not uninstall
@@ -179,7 +194,7 @@ rm -rf $RPM_BUILD_ROOT
%{_datadir}/%{name}/
%{_mandir}/man?/%{name}*
%attr(0700,bitlbee,bitlbee) %dir %{_localstatedir}/lib/%{name}
-%if 0%{?fedora} >= 15
+%if %{with systemd}
%{_unitdir}/%{name}*
%else
%config(noreplace) %{_sysconfdir}/xinetd.d/%{name}
@@ -191,17 +206,21 @@ rm -rf $RPM_BUILD_ROOT
%{_includedir}/%{name}/
%{_libdir}/pkgconfig/%{name}.pc
-%if 0%{?fedora}%{?rhel} >= 6
+%if %{with otr}
%defattr(-,root,root,-)
%files otr
%{_libdir}/%{name}/otr.so
%endif
%changelog
+* Tue Jul 24 2012 Matej Cepl <mcepl at redhat.com> - 3.0.5-3
+- The last version of SSL/NSS patch for the upstream #714
+
* Thu Jun 21 2012 Matej Cepl <mcepl at redhat.com> - 3.0.5-2
- Add more error handling to lib/ssl_nss.c
- Checking patches for compatibility with the current state of the word
and updating comments.
+- Improve otr conditional
* Sat Mar 31 2012 Adam Williamson <awilliam at redhat.com> - 3.0.5-1
- new upstream release 3.0.5
More information about the scm-commits
mailing list