Hexchat, currently does not verify SSL certificates. It's the code but it's commented since revision 2 (of xchat codebase), this patch just enables the commented code. This diff makes the irc/hexchat port use ca_root_nss CA bundle. This diff could also be used by irc/xchat port (maintainer Cc'ed) with some trivial changes to irc/xchat Makefile. Thanks in advance!
Responsible Changed From-To: freebsd-ports-bugs->nemysis Over to maintainer (via the GNATS Auto Assign Tool)
State Changed From-To: open->closed Committed, with minor changes. Thanks!
Author: nemysis Date: Sat Apr 12 15:21:22 2014 New Revision: 351104 URL: http://svnweb.freebsd.org/changeset/ports/351104 QAT: https://qat.redports.org/buildarchive/r351104/ Log: - Bump PORTREVISION for dependencies changes - Define CA_BUNDLE and add to default Options - Add REINPLACE and patches to enable CA_BUNDLE PR: ports/188508 Submitted by: ashish@ Added: head/irc/hexchat/files/patch-src__common__server.c (contents, props changed) head/irc/hexchat/files/patch-src__common__ssl.c (contents, props changed) Modified: head/irc/hexchat/Makefile Modified: head/irc/hexchat/Makefile ============================================================================== --- head/irc/hexchat/Makefile Sat Apr 12 14:56:10 2014 (r351103) +++ head/irc/hexchat/Makefile Sat Apr 12 15:21:22 2014 (r351104) @@ -3,7 +3,7 @@ PORTNAME= hexchat PORTVERSION= 2.9.6.1 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= irc gnome ipv6 MASTER_SITES= http://dl.hexchat.org/${PORTNAME}/ @@ -29,16 +29,18 @@ SUB_FILES= pkg-message PORTDOCS= * -OPTIONS_DEFINE= CANBERRA DBUS DOAT DOCS FISHLIM NLS NOTIFY PERL \ - PYTHON SOCKS TEXTFE XFT +OPTIONS_DEFINE= CA_BUNDLE CANBERRA DBUS DOAT DOCS FISHLIM NLS NOTIFY \ + PERL PYTHON SOCKS TEXTFE XFT OPTIONS_RADIO= SPELL OPTIONS_RADIO_SPELL= GTKSPELL LIBSEXY STATIC -OPTIONS_DEFAULT= CANBERRA DBUS NOTIFY LIBSEXY PERL PYTHON SOCKS XFT +OPTIONS_DEFAULT= CA_BUNDLE CANBERRA DBUS NOTIFY LIBSEXY PERL PYTHON \ + SOCKS XFT OPTIONS_SUB= yes +CA_BUNDLE_DESC= Include CA bundle for SSL verification CANBERRA_DESC= Audio support via Libcanberra DOAT_DESC= Do At plugin GTKSPELL_DESC= Spell checking support via GTKSpell @@ -47,6 +49,7 @@ LIBSEXY_DESC= Spell checking support vi STATIC_DESC= Spell checking embedded in the binary TEXTFE_DESC= Text frontend +CA_BUNDLE_RUN_DEPENDS= ${LOCALBASE}/share/certs/ca-root-nss.crt:${PORTSDIR}/security/ca_root_nss CANBERRA_LIB_DEPENDS= libcanberra.so:${PORTSDIR}/audio/libcanberra CANBERRA_CONFIGURE_ENABLE= libcanberra DBUS_LIB_DEPENDS= libdbus-glib-1.so:${PORTSDIR}/devel/dbus-glib @@ -84,6 +87,12 @@ CONFIGURE_ARGS+=--enable-spell=libsexy CONFIGURE_ARGS+=--enable-spell=static .endif +.if ${PORT_OPTIONS:MCA_BUNDLE} +CA_BUNDLE= "${LOCALBASE}/share/certs/ca-root-nss.crt" +.else +CA_BUNDLE= NULL +.endif + .if ${PORT_OPTIONS:MXFT} USE_XORG+= xft .endif @@ -104,6 +113,8 @@ post-patch: @${REINPLACE_CMD} -e 's|/bin/bash|/bin/sh|g' ${WRKSRC}/autogen.sh @${REINPLACE_CMD} -e '/^appdata_DATA/s|hexchat.appdata.xml||' \ ${WRKSRC}/share/misc/Makefile.am ${WRKSRC}/share/misc/Makefile.in + @${REINPLACE_CMD} -e 's|%%CA_BUNDLE%%|${CA_BUNDLE}|' \ + ${WRKSRC}/src/common/server.c pre-configure: @(cd ${WRKSRC} && ${SETENV} ${CONFIGURE_ENV} ./autogen.sh) Added: head/irc/hexchat/files/patch-src__common__server.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/irc/hexchat/files/patch-src__common__server.c Sat Apr 12 15:21:22 2014 (r351104) @@ -0,0 +1,11 @@ +--- ./src/common/server.c.orig 2013-09-12 00:18:19.000000000 +0200 ++++ ./src/common/server.c 2014-04-12 16:12:48.778585855 +0200 +@@ -862,7 +862,7 @@ + /* it'll be a memory leak, if connection isn't terminated by + server_cleanup() */ + serv->ssl = _SSL_socket (ctx, serv->sok); +- if ((err = _SSL_set_verify (ctx, ssl_cb_verify, NULL))) ++ if ((err = _SSL_set_verify (ctx, ssl_cb_verify, %%CA_BUNDLE%%))) + { + EMIT_SIGNAL (XP_TE_CONNFAIL, serv->server_session, err, NULL, + NULL, NULL, 0); Added: head/irc/hexchat/files/patch-src__common__ssl.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/irc/hexchat/files/patch-src__common__ssl.c Sat Apr 12 15:21:22 2014 (r351104) @@ -0,0 +1,20 @@ +--- ./src/common/ssl.c.orig 2013-09-12 00:18:19.000000000 +0200 ++++ ./src/common/ssl.c 2014-04-12 16:06:12.028592630 +0200 +@@ -305,7 +305,7 @@ + __SSL_fill_err_buf ("SSL_CTX_set_default_verify_paths"); + return (err_buf); + } +-/* ++ + if (cacert) + { + if (!SSL_CTX_load_verify_locations (ctx, cacert, NULL)) +@@ -314,7 +314,7 @@ + return (err_buf); + } + } +-*/ ++ + SSL_CTX_set_verify (ctx, SSL_VERIFY_PEER, verify_callback); + + return (NULL); _______________________________________________ svn-ports-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-ports-all To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"