Bug 13000

Summary: uzbl browser's ca-certificates.crt file is missing
Product: Mageia Reporter: Pavel Kreuzt <pkreuzt>
Component: RPM PackagesAssignee: Mageia Bug Squad <bugsquad>
Status: RESOLVED OLD QA Contact:
Severity: normal    
Priority: Normal CC: zooplah
Version: 4Keywords: Triaged
Target Milestone: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard: todrop?
Source RPM: uzbl-0.0-0.20120514.3.mga4.src.rpm CVE:
Status comment:

Description Pavel Kreuzt 2014-03-12 13:02:53 CET 
Description of problem: uzbl cannot login to secure webs because it cannot find required certificates.

[pavel@localhost ~]$ uzbl-browser 
No bp log location saved, using default.
[000:000] Cpu: 6.37.5, x4, 2399Mhz, 3745MB
[000:000] Computer model: Not available
[000:000] Browser XEmbed support present: 1
[000:000] Browser toolkit is Gtk2.
[000:009] Using Gtk2 toolkit
No bp log location saved, using default.
[000:000] Cpu: 6.37.5, x4, 2399Mhz, 3745MB
[000:000] Computer model: Not available
java version "1.7.0_45"
OpenJDK Runtime Environment (mageia-2.4.4.2.mga4-x86_64 u45-b15)
OpenJDK 64-Bit Server VM (build 24.45-b08, mixed mode)

(uzbl-core:5631): libsoup-WARNING **: Could not set SSL credentials from '/etc/ssl/certs/ca-certificates.crt': Failed to open file «/etc/ssl/certs/ca-certificates.crt»: File doesn't exist


Version-Release number of selected component (if applicable): 0.0-0.20120514.3.mga4


How reproducible: Every time I try to login to a secure web


Steps to Reproduce:
1. Open uzbl-browser or uzbl-tabbed
2. Browse to a secure web with login, like this one
3. Try to login. Connection is rejected


Reproducible: 

Steps to Reproduce:
Pavel Kreuzt 2014-03-14 19:31:37 CET

Summary: uzbl cannot login to secure (https) webs => uzbl browser's ca-certificates.crt file is missing

Comment 1 Manuel Hiebel 2014-03-15 21:59:09 CET 
well looks not maintained so also some security bugs could be present... http://svnweb.mageia.org/packages/updates/4/uzbl/current/SPECS/uzbl.spec?view=log

Keywords: (none) => Triaged
Assignee: bugsquad => alexander
Whiteboard: (none) => todrop?

Comment 2 Manuel Hiebel 2014-03-15 22:07:46 CET 
I here that the assigne left the project

Assignee: alexander => bugsquad

Comment 3 David Walser 2014-03-15 22:19:32 CET 
It should be patched to look for ca-bundle.crt and require rootcerts.

But looking at the log, it definitely looks like it should be dropped.
Comment 4 Pavel Kreuzt 2014-03-16 00:16:30 CET 
There are also some alternatives. Luakit is one of them, or use already packaged surf with tabbed tool to make a tabbed and simple browser.
Comment 5 Pavel Kreuzt 2014-03-21 16:19:43 CET 
Discovered that there is a property in uzbl's config file (~/.config/uzbl/config) to especify certificates file, so setting it to /etc/ssl/certs/ca-bundle.crt solves this issue. It would be a good idea to at least provide a default config adapted to this path, but this bug should be closed.
Comment 6 Samuel Verschelde 2015-09-21 13:19:58 CEST 
Mageia 4 changed to end-of-life (EOL) status on 2015-09-19. It is is no longer 
maintained, which means that it will not receive any further security or bug 
fix updates.

Package Maintainer: If you wish for this bug to remain open because you plan to 
fix it in a currently maintained version, simply change the 'version' to a later 
Mageia version.

Bug Reporter: Thank you for reporting this issue and we are sorry that we weren't 
able to fix it before Mageia 4's end of life. If you are able to reproduce it 
against a later version of Mageia, you are encouraged to click on "Version" and 
change it against that version of Mageia. If it's valid in several versions, 
select the highest and add MGAxTOO in whiteboard for each other valid release.
Example: it's valid in cauldron and Mageia 5, set to cauldron and add MGA5TOO.

Although we aim to fix as many bugs as possible during every release's lifetime, 
sometimes those efforts are overtaken by events. Often a more recent Mageia 
release includes newer upstream software that fixes bugs or makes them obsolete.

If you would like to help fixing bugs in the future, don't hesitate to join the
packager team via our mentoring program [1] or join the teams that fit you 
most [2].

[1] https://wiki.mageia.org/en/Becoming_a_Mageia_Packager
[2] http://www.mageia.org/contribute/
Comment 7 Marja Van Waes 2015-10-27 06:57:15 CET 
As announced over a month ago, Mageia 4 changed to end-of-life (EOL) status on 2015-09-19. It is is no longer maintained, which means that it will not receive any further security or bug fix updates.

This issue may have been fixed in a later Mageia release, so, if you still see it and didn't already do so: please upgrade to Mageia 5 (or, if you read this much later than this is written: make sure you run a currently maintained Mageia version)

If you are able to reproduce it against a maintained version of Mageia, you are encouraged to 
1. reopen this bug report, by changing the "Status" from "RESOLVED - OLD" to "REOPENED"
2. click on "Version" and change it against that version of Mageia. If you know it's valid in several versions, select the highest and add MGAxTOO in whiteboard for each other valid release.
Example: it's valid in cauldron and Mageia 5, set to cauldron and add MGA5TOO.
3. give as much relevant information as possible. If you're not an experienced bug reporter and have some time: please read this page:
https://wiki.mageia.org/en/How_to_report_a_bug_properly

If you see a similar issue, but are _not_sure_ it is the same, with the same cause, then please file a new bug report and mention this one in it (please include the bug number, too). 


If you would like to help fixing bugs in the future, don't hesitate to join the
packager team via our mentoring program [1] or join the teams that fit you 
most [2].
[1] https://wiki.mageia.org/en/Becoming_a_Mageia_Packager
[2] http://www.mageia.org/contribute/

Status: NEW => RESOLVED
Resolution: (none) => OLD

Comment 8 Keith Bowes 2017-03-01 16:13:40 CET 
Surf doesn't seem to have the scripting capabilities of uzbl.  Also, checking the uzbl git commit log, there don't seem to be any security problems.  Surely, the biggest security issue is the old version of Webkit that Mageia ships.  You can look through the news of Webkit releases since 2.4.10 and see how many security-related bugs have been fixed.  Of course, that also affects surf and all other Webkit-based browsers.

CC: (none) => zooplah