Date: Sun, 15 Jan 2012 18:39:34 GMT From: Winston Weinert <winstonw@lavabit.com> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/164181: [PATCH] www/xterm: Fix ssl_ca_file path and style Message-ID: <201201151839.q0FIdYNV044582@red.freebsd.org> Resent-Message-ID: <201201151840.q0FIeCkH009922@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 164181 >Category: ports >Synopsis: [PATCH] www/xterm: Fix ssl_ca_file path and style >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Sun Jan 15 18:40:12 UTC 2012 >Closed-Date: >Last-Modified: >Originator: Winston Weinert >Release: 9.0-STABLE >Organization: >Environment: FreeBSD ironwood 9.0-STABLE FreeBSD 9.0-STABLE #2: Sat Jan 14 10:36:22 CST 2012 root@ironwood:/usr/obj/usr/src/sys/GENERIC amd64 >Description: Though www/xxxterm depends on security/ca_root_nss, it does not by default use the SSL certificate file provided by security/ca_root_nss. This means www/xxxterm could be misconfigured out of the box and consequently never checks HTTPS websites' certificates for authenticity. Cleaned up the Makefile by removing a distracting comment and removing a parenthesis pair that isn't necessary. Added 'PORTREVISION= 1' to the Makefile since this is a revision to the port, not an update. >How-To-Repeat: Load a HTTPS website; get red bar (indicates possibly insecure connection) on known verified site. >Fix: echo 'ssl_ca_file = /usr/local/share/certs/ca-root-nss.crt' >> $HOME/.xxxterm.conf Patch attached with submission follows: diff -uNr xxxterm.orig/Makefile xxxterm/Makefile --- xxxterm.orig/Makefile 2012-01-15 12:14:24.801847905 -0600 +++ xxxterm/Makefile 2012-01-15 12:09:48.607847009 -0600 @@ -8,6 +8,7 @@ PORTNAME= xxxterm PORTVERSION= 1.9.0 PORTEPOCH= 1 +PORTREVISION= 1 CATEGORIES= www MASTER_SITES= https://opensource.conformal.com/snapshots/xxxterm/ \ SF/xxxterm/ @@ -41,7 +42,7 @@ PLIST_FILES+= share/xxxterm/style.css do-build: - (cd ${WRKSRC}/freebsd && make) + cd ${WRKSRC}/freebsd && make do-install: ${INSTALL_SCRIPT} ${WRKSRC}/freebsd/xxxterm ${PREFIX}/bin/ @@ -57,5 +58,4 @@ ${INSTALL_DATA} ${WRKSRC}/xxxterm.conf ${EXAMPLESDIR}/ .endif -# vim: set ts=8 sw=8: .include <bsd.port.post.mk> diff -uNr xxxterm.orig/files/patch-settings.c xxxterm/files/patch-settings.c --- xxxterm.orig/files/patch-settings.c 1969-12-31 18:00:00.000000000 -0600 +++ xxxterm/files/patch-settings.c 2012-01-15 11:44:08.486847483 -0600 @@ -0,0 +1,11 @@ +--- settings.c.bak 2011-12-08 09:01:51.000000000 -0600 ++++ settings.c 2012-01-15 11:41:53.510843452 -0600 +@@ -58,7 +58,7 @@ + int enable_js_whitelist = 0; + int session_timeout = 3600; /* cookie session timeout */ + int cookie_policy = SOUP_COOKIE_JAR_ACCEPT_ALWAYS; +-char *ssl_ca_file = NULL; ++char *ssl_ca_file = "/usr/local/share/certs/ca-root-nss.crt"; + char *resource_dir = NULL; + gboolean ssl_strict_certs = FALSE; + int append_next = 1; /* append tab after current tab */ >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201201151839.q0FIdYNV044582>