Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 15 Jan 2012 18:39:34 GMT
From:      Winston Weinert <winstonw@lavabit.com>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   ports/164181: [PATCH] www/xterm: Fix ssl_ca_file path and style
Message-ID:  <201201151839.q0FIdYNV044582@red.freebsd.org>
Resent-Message-ID: <201201151840.q0FIeCkH009922@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help

>Number:         164181
>Category:       ports
>Synopsis:       [PATCH] www/xterm: Fix ssl_ca_file path and style
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Sun Jan 15 18:40:12 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator:     Winston Weinert
>Release:        9.0-STABLE
>Organization:
>Environment:
FreeBSD ironwood 9.0-STABLE FreeBSD 9.0-STABLE #2: Sat Jan 14 10:36:22 CST 2012     root@ironwood:/usr/obj/usr/src/sys/GENERIC  amd64

>Description:
Though www/xxxterm depends on security/ca_root_nss, it does not by default use the SSL certificate file provided by security/ca_root_nss. This means www/xxxterm could be misconfigured out of the box and consequently never checks HTTPS websites' certificates for authenticity.

Cleaned up the Makefile by removing a distracting comment and removing a parenthesis pair that isn't necessary. Added 'PORTREVISION= 1' to the Makefile since this is a revision to the port, not an update.
>How-To-Repeat:
Load a HTTPS website; get red bar (indicates possibly insecure connection) on known verified site.
>Fix:
echo 'ssl_ca_file = /usr/local/share/certs/ca-root-nss.crt' >> $HOME/.xxxterm.conf


Patch attached with submission follows:

diff -uNr xxxterm.orig/Makefile xxxterm/Makefile
--- xxxterm.orig/Makefile	2012-01-15 12:14:24.801847905 -0600
+++ xxxterm/Makefile	2012-01-15 12:09:48.607847009 -0600
@@ -8,6 +8,7 @@
 PORTNAME=	xxxterm
 PORTVERSION=	1.9.0
 PORTEPOCH=	1
+PORTREVISION=	1
 CATEGORIES=	www
 MASTER_SITES=	https://opensource.conformal.com/snapshots/xxxterm/ \
 		SF/xxxterm/
@@ -41,7 +42,7 @@
 PLIST_FILES+=	share/xxxterm/style.css
 
 do-build:
-	(cd ${WRKSRC}/freebsd && make)
+	cd ${WRKSRC}/freebsd && make
 
 do-install:
 	${INSTALL_SCRIPT} ${WRKSRC}/freebsd/xxxterm ${PREFIX}/bin/
@@ -57,5 +58,4 @@
 	${INSTALL_DATA} ${WRKSRC}/xxxterm.conf ${EXAMPLESDIR}/
 .endif
 
-# vim: set ts=8 sw=8:
 .include <bsd.port.post.mk>
diff -uNr xxxterm.orig/files/patch-settings.c xxxterm/files/patch-settings.c
--- xxxterm.orig/files/patch-settings.c	1969-12-31 18:00:00.000000000 -0600
+++ xxxterm/files/patch-settings.c	2012-01-15 11:44:08.486847483 -0600
@@ -0,0 +1,11 @@
+--- settings.c.bak	2011-12-08 09:01:51.000000000 -0600
++++ settings.c	2012-01-15 11:41:53.510843452 -0600
+@@ -58,7 +58,7 @@
+ int		enable_js_whitelist = 0;
+ int		session_timeout = 3600; /* cookie session timeout */
+ int		cookie_policy = SOUP_COOKIE_JAR_ACCEPT_ALWAYS;
+-char		*ssl_ca_file = NULL;
++char		*ssl_ca_file = "/usr/local/share/certs/ca-root-nss.crt";
+ char		*resource_dir = NULL;
+ gboolean	ssl_strict_certs = FALSE;
+ int		append_next = 1; /* append tab after current tab */


>Release-Note:
>Audit-Trail:
>Unformatted:



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201201151839.q0FIdYNV044582>