ports/177196: [MAINTAINER] www/gist: obsolete bundled certificate

Lung-Pin Chang changlp at cs.nctu.edu.tw
Thu Mar 21 14:00:02 UTC 2013 

>Number:         177196
>Category:       ports
>Synopsis:       [MAINTAINER] www/gist: obsolete bundled certificate
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Thu Mar 21 14:00:01 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator:     Lung-Pin Chang
>Release:        FreeBSD 9.1-RELEASE amd64
>Organization:
>Environment:
System: FreeBSD Archon.iamben.csie.net 9.1-RELEASE FreeBSD 9.1-RELEASE #0 r243825: Tue Dec  4 09:23:10
>Description:
The certificate bundled within gist-3.1.0 is out-of-date,
    
but the new certificate is only available in HEAD.

Since this also happened during gist-2.x, it seems that

depending on the certificate bundled is much more error-prone.

This patch instead depends on certificate provided by security/ca_root_nss.

Note that this patch also includes changes made in ports/171705

Added file(s):
- files/patch-gist

Generated with FreeBSD Port Tools 0.99
>How-To-Repeat:
% gist < files

reports: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
>Fix:

--- gist-3.1.0_3.patch begins here ---
diff -ruN --exclude=CVS /usr/ports/www/gist/Makefile /home/iamben/tmp/ports/www/gist/Makefile
--- /usr/ports/www/gist/Makefile	2012-11-17 14:02:34.000000000 +0800
+++ /home/iamben/tmp/ports/www/gist/Makefile	2013-03-21 21:30:08.958539518 +0800
@@ -7,12 +7,14 @@
 
 PORTNAME=	gist
 PORTVERSION=	3.1.0
-PORTREVISION=	2
+PORTREVISION=	3
 CATEGORIES=	www net
 
 MAINTAINER=	changlp at cs.nctu.edu.tw
 COMMENT=	A gist pastebin posting command
 
+RUN_DEPENDS=	${LOCALBASE}/share/certs/ca-root-nss.crt:${PORTSDIR}/security/ca_root_nss
+
 CONFLICTS=	p5-App-gist-[0-9]*
 
 USE_GITHUB=	yes
@@ -26,8 +28,18 @@
 NO_BUILD=	YES
 PLIST_FILES=	bin/gist
 
+.include <bsd.port.pre.mk>
+
+.if ${RUBY_VER} < 1.9
+RUN_DEPENDS+=	${DEPEND_RUBY_ICONV}
+.endif
+
+post-patch:
+	@${REINPLACE_CMD} -e 's|%%LOCALBASE%%|${LOCALBASE}|g' \
+		${WRKSRC}/gist
+
 do-install:
 	${INSTALL_SCRIPT} ${WRKSRC}/gist ${PREFIX}/bin/gist
 	${INSTALL_MAN} ${WRKSRC}/man/gist.1 ${MAN1PREFIX}/man/man1
 
-.include <bsd.port.mk>
+.include <bsd.port.post.mk>
diff -ruN --exclude=CVS /usr/ports/www/gist/files/patch-gist /home/iamben/tmp/ports/www/gist/files/patch-gist
--- /usr/ports/www/gist/files/patch-gist	1970-01-01 08:00:00.000000000 +0800
+++ /home/iamben/tmp/ports/www/gist/files/patch-gist	2013-03-21 21:27:59.525535658 +0800
@@ -0,0 +1,11 @@
+--- gist.orig	2013-03-21 21:19:12.580541283 +0800
++++ gist	2013-03-21 21:18:07.352536038 +0800
+@@ -1224,7 +1224,7 @@
+ 
+     http.use_ssl = true
+     http.verify_mode = OpenSSL::SSL::VERIFY_PEER
+-    http.ca_file = ca_cert
++    http.ca_file = "%%LOCALBASE%%/share/certs/ca-root-nss.crt"
+ 
+     req = Net::HTTP::Post.new(url.path)
+     req.body = JSON.generate(data(files, private_gist, description))
--- gist-3.1.0_3.patch ends here ---

>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list