Date: Thu, 21 Mar 2013 21:46:40 +0800 (CST) From: Lung-Pin Chang <changlp@cs.nctu.edu.tw> To: FreeBSD-gnats-submit@freebsd.org Subject: ports/177196: [MAINTAINER] www/gist: obsolete bundled certificate Message-ID: <20130321134640.E32369C643@Archon.iamben.csie.net> Resent-Message-ID: <201303211400.r2LE02m0086684@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 177196
>Category: ports
>Synopsis: [MAINTAINER] www/gist: obsolete bundled certificate
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Thu Mar 21 14:00:01 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator: Lung-Pin Chang
>Release: FreeBSD 9.1-RELEASE amd64
>Organization:
>Environment:
System: FreeBSD Archon.iamben.csie.net 9.1-RELEASE FreeBSD 9.1-RELEASE #0 r243825: Tue Dec 4 09:23:10
>Description:
The certificate bundled within gist-3.1.0 is out-of-date,
but the new certificate is only available in HEAD.
Since this also happened during gist-2.x, it seems that
depending on the certificate bundled is much more error-prone.
This patch instead depends on certificate provided by security/ca_root_nss.
Note that this patch also includes changes made in ports/171705
Added file(s):
- files/patch-gist
Generated with FreeBSD Port Tools 0.99
>How-To-Repeat:
% gist < files
reports: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
>Fix:
--- gist-3.1.0_3.patch begins here ---
diff -ruN --exclude=CVS /usr/ports/www/gist/Makefile /home/iamben/tmp/ports/www/gist/Makefile
--- /usr/ports/www/gist/Makefile 2012-11-17 14:02:34.000000000 +0800
+++ /home/iamben/tmp/ports/www/gist/Makefile 2013-03-21 21:30:08.958539518 +0800
@@ -7,12 +7,14 @@
PORTNAME= gist
PORTVERSION= 3.1.0
-PORTREVISION= 2
+PORTREVISION= 3
CATEGORIES= www net
MAINTAINER= changlp@cs.nctu.edu.tw
COMMENT= A gist pastebin posting command
+RUN_DEPENDS= ${LOCALBASE}/share/certs/ca-root-nss.crt:${PORTSDIR}/security/ca_root_nss
+
CONFLICTS= p5-App-gist-[0-9]*
USE_GITHUB= yes
@@ -26,8 +28,18 @@
NO_BUILD= YES
PLIST_FILES= bin/gist
+.include <bsd.port.pre.mk>
+
+.if ${RUBY_VER} < 1.9
+RUN_DEPENDS+= ${DEPEND_RUBY_ICONV}
+.endif
+
+post-patch:
+ @${REINPLACE_CMD} -e 's|%%LOCALBASE%%|${LOCALBASE}|g' \
+ ${WRKSRC}/gist
+
do-install:
${INSTALL_SCRIPT} ${WRKSRC}/gist ${PREFIX}/bin/gist
${INSTALL_MAN} ${WRKSRC}/man/gist.1 ${MAN1PREFIX}/man/man1
-.include <bsd.port.mk>
+.include <bsd.port.post.mk>
diff -ruN --exclude=CVS /usr/ports/www/gist/files/patch-gist /home/iamben/tmp/ports/www/gist/files/patch-gist
--- /usr/ports/www/gist/files/patch-gist 1970-01-01 08:00:00.000000000 +0800
+++ /home/iamben/tmp/ports/www/gist/files/patch-gist 2013-03-21 21:27:59.525535658 +0800
@@ -0,0 +1,11 @@
+--- gist.orig 2013-03-21 21:19:12.580541283 +0800
++++ gist 2013-03-21 21:18:07.352536038 +0800
+@@ -1224,7 +1224,7 @@
+
+ http.use_ssl = true
+ http.verify_mode = OpenSSL::SSL::VERIFY_PEER
+- http.ca_file = ca_cert
++ http.ca_file = "%%LOCALBASE%%/share/certs/ca-root-nss.crt"
+
+ req = Net::HTTP::Post.new(url.path)
+ req.body = JSON.generate(data(files, private_gist, description))
--- gist-3.1.0_3.patch ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130321134640.E32369C643>