ports/164181: [PATCH] www/xterm: Fix ssl_ca_file path and style
Winston Weinert
winstonw at lavabit.com
Sun Jan 15 18:40:12 UTC 2012
>Number: 164181
>Category: ports
>Synopsis: [PATCH] www/xterm: Fix ssl_ca_file path and style
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Sun Jan 15 18:40:12 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator: Winston Weinert
>Release: 9.0-STABLE
>Organization:
>Environment:
FreeBSD ironwood 9.0-STABLE FreeBSD 9.0-STABLE #2: Sat Jan 14 10:36:22 CST 2012 root at ironwood:/usr/obj/usr/src/sys/GENERIC amd64
>Description:
Though www/xxxterm depends on security/ca_root_nss, it does not by default use the SSL certificate file provided by security/ca_root_nss. This means www/xxxterm could be misconfigured out of the box and consequently never checks HTTPS websites' certificates for authenticity.
Cleaned up the Makefile by removing a distracting comment and removing a parenthesis pair that isn't necessary. Added 'PORTREVISION= 1' to the Makefile since this is a revision to the port, not an update.
>How-To-Repeat:
Load a HTTPS website; get red bar (indicates possibly insecure connection) on known verified site.
>Fix:
echo 'ssl_ca_file = /usr/local/share/certs/ca-root-nss.crt' >> $HOME/.xxxterm.conf
Patch attached with submission follows:
diff -uNr xxxterm.orig/Makefile xxxterm/Makefile
--- xxxterm.orig/Makefile 2012-01-15 12:14:24.801847905 -0600
+++ xxxterm/Makefile 2012-01-15 12:09:48.607847009 -0600
@@ -8,6 +8,7 @@
PORTNAME= xxxterm
PORTVERSION= 1.9.0
PORTEPOCH= 1
+PORTREVISION= 1
CATEGORIES= www
MASTER_SITES= https://opensource.conformal.com/snapshots/xxxterm/ \
SF/xxxterm/
@@ -41,7 +42,7 @@
PLIST_FILES+= share/xxxterm/style.css
do-build:
- (cd ${WRKSRC}/freebsd && make)
+ cd ${WRKSRC}/freebsd && make
do-install:
${INSTALL_SCRIPT} ${WRKSRC}/freebsd/xxxterm ${PREFIX}/bin/
@@ -57,5 +58,4 @@
${INSTALL_DATA} ${WRKSRC}/xxxterm.conf ${EXAMPLESDIR}/
.endif
-# vim: set ts=8 sw=8:
.include <bsd.port.post.mk>
diff -uNr xxxterm.orig/files/patch-settings.c xxxterm/files/patch-settings.c
--- xxxterm.orig/files/patch-settings.c 1969-12-31 18:00:00.000000000 -0600
+++ xxxterm/files/patch-settings.c 2012-01-15 11:44:08.486847483 -0600
@@ -0,0 +1,11 @@
+--- settings.c.bak 2011-12-08 09:01:51.000000000 -0600
++++ settings.c 2012-01-15 11:41:53.510843452 -0600
+@@ -58,7 +58,7 @@
+ int enable_js_whitelist = 0;
+ int session_timeout = 3600; /* cookie session timeout */
+ int cookie_policy = SOUP_COOKIE_JAR_ACCEPT_ALWAYS;
+-char *ssl_ca_file = NULL;
++char *ssl_ca_file = "/usr/local/share/certs/ca-root-nss.crt";
+ char *resource_dir = NULL;
+ gboolean ssl_strict_certs = FALSE;
+ int append_next = 1; /* append tab after current tab */
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list