FreshPorts -- The Place For Ports If you buy from Amazon USA, please support us by using this link.
Follow us
Blog
Twitter

I am looking for an LTO tape library. Do you have one to spare?
Port details
ca_root_nss 3.16.3 security on this many watch lists=101 search for ports that depend on this port An older version of this port was marked as vulnerable.
The root certificate bundle from the Mozilla Project
Maintained by: gecko@FreeBSD.org search for ports maintained by this maintainer
Port Added: 06 Jul 2007 21:39:01
License: not specified in port


Root certificates from certificate authorities included in the Mozilla
NSS library and thus in Firefox and Thunderbird.

This port directly tracks the version of NSS in the security/nss port.
SVNWeb : Distfiles Availability : PortsMon

NOTE: FreshPorts displays only information on required and default dependencies. Optional dependencies are not covered.

Required To Build:
  1. lang/perl5.16

This port is required by:

for Build for Run * - deleted ports are only shown under the This port is required by section. It was harder to do for the Required section. Perhaps later...

To install the port: cd /usr/ports/security/ca_root_nss/ && make install clean
To add the package: pkg install security/ca_root_nss


Configuration Options
===> The following configuration options are available for ca_root_nss-3.16.3:
     ETCSYMLINK=off: Add symlink to /etc/ssl/cert.pem
===> Use 'make config' to modify these settings

Master Sites:
  1. ftp://ftp.fh-wolfenbuettel.de/pub/www/mozilla/security/nss/releases/NSS_3_16_3_RTM/src/
  2. ftp://ftp.informatik.rwth-aachen.de/pub/mirror/ftp.mozilla.org/pub/security/nss/releases/NSS_3_16_3_RTM/src/
  3. ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_16_3_RTM/src/
  4. http://distcache.FreeBSD.org/ports-distfiles/
  5. http://ftp.acc.umu.se/pub/mozilla.org/security/nss/releases/NSS_3_16_3_RTM/src/
  6. http://ftp.twaren.net/Unix/Mozilla/security/nss/releases/NSS_3_16_3_RTM/src/
  7. http://jp-nii01.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_16_3_RTM/src/
  8. http://jp-nii02.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_16_3_RTM/src/
  9. http://kyoto-mz-dl.sinet.ad.jp/pub/mozilla.org/security/nss/releases/NSS_3_16_3_RTM/src/
  10. http://mirror.internode.on.net/pub/mozilla/security/nss/releases/NSS_3_16_3_RTM/src/
  11. http://mirror3.mirrors.tds.net/pub/mozilla.org/security/nss/releases/NSS_3_16_3_RTM/src/
  12. http://mozilla.c3sl.ufpr.br/releases/security/nss/releases/NSS_3_16_3_RTM/src/
  13. http://mozilla.isc.org/pub/mozilla.org/security/nss/releases/NSS_3_16_3_RTM/src/
  14. http://releases.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_16_3_RTM/src/
  15. http://ring.nict.go.jp/archives/net/www/mozilla/security/nss/releases/NSS_3_16_3_RTM/src/
  16. http://www.gtlib.gatech.edu/pub/mozilla.org/security/nss/releases/NSS_3_16_3_RTM/src/
  17. https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_16_3_RTM/src/

Number of commits found: 44

Commit History - (may be incomplete: see SVNWeb link above for full details)
DateByDescription
04 Aug 2014 09:06:06
Original commit files touched by this commit  3.16.3
Revision:363977
bapt search for other commits by this committer
Update to 3.16.3
Add cpe informations

Submitted by:	Jan Beich
11 Jun 2014 03:42:55
Original commit files touched by this commit  3.16.1
Revision:357413
beat search for other commits by this committer
- Update Firefox to 30.0
- Update Firefox ESR to 24.6.0
- Update libxul to 24.6.0
- Update NSS to 3.16.1
- Update NSPR to 4.10.6
- Update Thunderbird to 24.6.0
- Convert USE_BZIP2 to USES
- Backport ff31 fix against crashing DEBUG build on newegg.com [1]
- Add a note in UPDATING to not build audio/soundtouch with
  INTEGER_SAMPLES [2]
- Use arc4random_buf(3) to generate UUIDs (version 4)
- Fix debugger detection used by Telemetry and the slow script dialog
- Add STAGE support [3]

PR:		ports/189991 [1]
PR:		ports/189217 [2]
PR:		ports/189488 [2]
Submitted by:	bapt [3]
Sumbitted by:	Jan Beich
Security:	http://www.vuxml.org/freebsd/888a0262-f0d9-11e3-ba0c-b4b52fce4ce8.html
05 May 2014 09:45:37
Original commit files touched by this commit  3.16
Revision:352986
bapt search for other commits by this committer
Convert all :U to :tu and :L to :tl

Since FreeBSD 8.4 and FreeBSD 9.1 make(1) do support :tu and :tl as a
replacement for :U and :L (which has been marked as deprecated)

bmake which is the default on FreeBSD 10+ only support by default
:tu/:tl a hack has been added at the time to support :U and :L to ease
migration. This hack is now not necessary anymore

Note that this makes the ports tree incompatible with make(1) from
FreeBSD 8.3 or earlier

With hat:	portmgr
29 Apr 2014 20:35:24
Original commit files touched by this commit  3.16
Revision:352640
beat search for other commits by this committer
- Update Firefox to 29.0
- Update Firefox ESR to 24.5.0
- Update Thunderbird to 24.5.0
- Update NSS to 3.16
- Use port dependency for soundtouch library
- Require recent graphite2 version explicitly [1]
- Require gst-libav version that doesn't crash on seeking [2]
  and doesn't error out on plugin load [3]
- Remove gstreamer note in pkg-message for www/firefox, [3] may still
  happen with www/firefox-esr but only until it tracks esr31 (ca 2014-09-01)
- Fix USE_XPI in mail/thunderbird-i18n [4]

Security:	http://www.vuxml.org/freebsd/985d4d6c-cfbd-11e3-a003-b4b52fce4ce8.html
PR:		ports/187939 [1]
PR:		ports/188133 [2]
PR:		ports/181964 [3]
PR:		ports/188984 [4]
Submitted by:	Toomas Aas <toomas.aas@raad.tartu.ee> [1]
Submitted by:	Jakub Lach <jakub_lach@mailplus.pl> [2]
Submitted by:	Jan Beich [3] and this update!
Submitted by:	Toni Ballesta <mustelator@yahoo.es> [4]
Approved by:	portmgr (bdrewery, security update to non-staged port)
19 Mar 2014 20:46:38
Original commit files touched by this commit  3.15.5
Revision:348650
beat search for other commits by this committer
- Update Firefox to 28.0
- Update Firefox ESR to 24.4.0
- Update Thunderbird to 24.4.0
- Update NSPR to 4.10.4
- Update NSS to 3.15.5
- Switch GSTREAMER option for non-esr ports to depend on
  multimedia/gstreamer1 [2]
- Switch to Uses/compiler.mk, defaults to lang/gcc47 on 8.x and 9.x
- Use port dependencies for libogg, libvorbis, libopus, harfbuzz, graphite2
- Enable readahead in url-classifier, asmjs, download resume like on Linux
- Build www/firefox and www/seamonkey faster using unified compilation
- Unbreak build on sparc64 [1]
- Workaround OPTIMIZED_CFLAGS startup crash on 8.x and 9.x
- OPTIMIZED_CFLAGS is enabled by default
- A few DEBUG build fixes
- Add clang 3.2/3.3/3.4 workarounds for i386
- Mention known GSTREAMER issue in pkg-message

Submitted by:	Jan Beich
PR:		ports/186580 [1]
Requested by:	kwm [2]
Security:	http://www.vuxml.org/freebsd/610de647-af8d-11e3-a25b-b4b52fce4ce8.html
05 Feb 2014 05:23:30
Original commit files touched by this commit  3.15.4
Revision:342632
beat search for other commits by this committer
- Update Firefox to 27.0
- Update Firefox ESR to 24.3.0
- Update Thunderbird to 24.3.0
- Update NSPR to 4.10.3
- Update NSS to 3.15.4
- Depend on yasm when building with bundled libvpx or libjpeg-turbo
- Prepare gstreamer conditional for upcoming Firefox versions
- Improve jemalloc3 conditional
- Break build unless alsa-lib port installs new config file
- Chase USE_DOS2UNIX deprecation
- Temporarily disable system cairo over screen corruption with
  smoothScroll [1]

Submitted by:	Jan Beich
Reported by:	flo [1]
Security:	http://www.vuxml.org/freebsd/1753f0ff-8dd5-11e3-9b45-b4b52fce4ce8.html
14 Dec 2013 13:42:06
Original commit files touched by this commit  3.15.3.1
Revision:336446
flo search for other commits by this committer
Update to nspr 4.10.2
Update to nss 3.15.3.1
Update firefox-esr and thunderbird to 24.2.0
Update firefox to 26.0
Update seamonkey to 2.23

- catch up with directory renames since USES=webplugins was introduced;
  fixes plugins not being automatically enabled after install
- linux-firefox and linux-seamonkey can play HTML5 audio [2][3] and
  measure about:memory usage, again
- dom.ipc.plugins.enabled->true no longer crash linux-firefox which makes
  some flash sites work again; as there's no nspluginwrapper in-between
  the infamous "youtube issue" never occurs
- install DEBUG with symbols [3] and describe the option better [4]
- enable dumping about:memory upon kill -65, kill -66 and GC/CC log
  upon kill -67 to a file under /tmp directory; linux-firefox uses
  kill -34, kill -35 and kill -36 respectively

PR:		ports/183861 [1]
PR:		ports/184006 [2]
PR:		ports/169896 [3]
PR:		ports/184285 [3]
PR:		ports/184286 [4]
Security:	dd116b19-64b3-11e3-868f-0025905a4771
In collaboration with: Jan Beich <jbeich@tormail.org>
24 Oct 2013 20:45:09
Original commit files touched by this commit  3.15.2_1
Revision:331531
flo search for other commits by this committer
- fix stage conversion in the ETCSYMLINK case
- move the check to post-install

Reported by:	ak
24 Oct 2013 20:10:52
Original commit files touched by this commit  3.15.2
Revision:331529
flo search for other commits by this committer
- update to 3.15.2 [1]
- support stage

PR:		ports/183282 [1]
Submitted by:	pfg [1]
20 Sep 2013 22:55:26
Original commit files touched by this commit  3.15.1_1
Revision:327769
bapt search for other commits by this committer
Add NO_STAGE all over the place in preparation for the staging support (cat:
security)
16 Sep 2013 16:58:42
Original commit files touched by this commit  3.15.1_1
Revision:327417
bapt search for other commits by this committer
Convert to new perl framework
Convert USE_GMAKE to USES=gmake
29 Aug 2013 08:10:09
Original commit files touched by this commit  3.15.1_1
Revision:325572
mandree search for other commits by this committer
Update extraction script to:

- Only look at CKA_TRUST_SERVER_AUTH, _EMAIL_PROTECTION, and
  _CODE_SIGNING attributes.

- Omit certificates that do not have any explicit trust value in these
  three attributes; at least one of the purposes must mark the
  certificate a trusted delegator.

- Validate that the trust is one of three known trust values, to become
  aware of syntax changes in certdata.txt. If it is an unknown token,
  abort with an error stating that the script must be updated.

- Check that we have at least 25 certificates in the output or abort.
(Only the first 15 lines of the commit message are shown above View all of this commit message)
10 Jul 2013 13:01:52
Original commit files touched by this commit  3.15.1
Revision:322687
flo search for other commits by this committer
Update to 3.15.1

Submitted by:	Jan Beich <jbeich@tormail.org>
16 May 2013 02:00:38
Original commit files touched by this commit  3.14.3
Revision:318268
flo search for other commits by this committer
- update firefox to 21.0
- update firefox-esr and thunderbird to 17.0.6
- WEBRTC now supports PULSEAUDIO
- make linux-firefox work with plugins again (e.g. quakelive)

Security:		4a1ca8a4-bd82-11e2-b7a0-d43d7e0c7c02
In collaboration with:	Jan Beich <jbeich@tormail.org>
20 Feb 2013 08:07:13
Original commit files touched by this commit  3.14.3
Revision:312617
mandree search for other commits by this committer
Support WITH_DEBUG=yes to get more debug output from the bundle
creation, to verbosely print omitted and included certificates.

Approved by:	flo@ on "as long as you fix it if it breaks" condition
19 Feb 2013 23:53:08
Original commit files touched by this commit  3.14.3
Revision:312608
flo search for other commits by this committer
- update firefox to 19.0
- update firefox-esr, thunderbird, linux-firefox, linux-thunderbird to 17.0.3
- update linux-seamonkey to 2.16
- update nspr to 4.9.5
- update nss to 3.14.3
- add DuckDuckGo search plugin to firefox [1]
- mark kompozer deprecated
- clang fixes for www/libxul19 [2]

Security:	http://www.vuxml.org/freebsd/e3f0374a-7ad6-11e2-84cd-d43d7e0c7c02.html
Submitted by:	DuckDuckGo [1], dim [2]
In collaboration with:	Jan Beich <jbeich@tormail.org>
09 Jan 2013 23:28:20
Original commit files touched by this commit  3.14.1
Revision:310165
flo search for other commits by this committer
- update firefox, thunderbird, linux-firefox and linux-thunderbird to 17.0.2
- update firefox-esr, thunderbird-esr and libxul to 10.0.12
- update linux-seamonkey to 2.15

Security:	http://www.vuxml.org/freebsd/a4ed6632-5aa9-11e2-8fcb-c8600054b392.html
05 Jan 2013 21:34:26
Original commit files touched by this commit  3.14.1
Revision:309970
flo search for other commits by this committer
Update to 3.14.1.with.ckbi.1.93

This was released to revoke certificates that were used for MITM. For
details see:

https://blog.mozilla.org/security/2013/01/03/revoking-trust-in-two-turktrust-certficates/
28 Oct 2012 17:03:29
Original commit files touched by this commit  3.14
Revision:306558 This port version is marked as vulnerable.
flo search for other commits by this committer
- Update www/firefox{,-i18n} to 16.0.2
- Update seamonkey to 2.13.2
- Update ESR ports and libxul to 10.0.10
- Update nspr to 4.9.3
- Update nss to 3.14
- with GNOMEVFS2 option build its extension, too [1]
- make heap-committed and heap-dirty reporters work in about:memory
- properly mark QT4 as experimental (needs love upstream)
- *miscellaneous cleanups and fixups*

mail/thunderbird will be updated once the tarballs are available.

PR:		ports/173052 [1]
Security:	6b3b1b97-207c-11e2-a03f-c8600054b392
Feature safe:	yes
In collaboration with:	Jan Beich <jbeich@tormail.org>
10 Oct 2012 21:13:07
Original commit files touched by this commit  3.13.6
Revision:305684 This port version is marked as vulnerable.
flo search for other commits by this committer
- Update firefox-esr, thunderbird-esr, linux-firefox and linux-thunderbird to
10.0.8
- Update firefox and thunderbird to 16.0
- Update seamonkey to 2.13
- Update all -i18n ports respectively
- switch firefox 16.0 and seamonkey 2.13 to ALSA by default for better
  latency during pause and seeking with HTML5 video
- remove fedisableexcept() hacks, obsolete since FreeBSD 4.0
- support system hunspell dictionaries [1]
- unbreak -esr ports with clang3.2 [2]
- unbreak nss build when CC contains full path [3]
- remove GNOME option grouping [4]
- integrate enigmail into thunderbird/seamonkey as an option [5]
- remove mail/enigmail* [6]
- enable ENIGMAIL, LIGHTNING and GIO options by default
- add more reporters in about:memory: page-faults-hard, page-faults-soft,
(Only the first 15 lines of the commit message are shown above View all of this commit message)
04 Jun 2012 21:14:31
Original commit files touched by this commit  3.13.5
 This port version is marked as vulnerable.
flo search for other commits by this committer
- Update to 3.13.5
- Convert to optionsng
14 Apr 2012 21:09:51
Original commit files touched by this commit  3.13.4
 This port version is marked as vulnerable.
flo search for other commits by this committer
update to 3.13.4
05 Mar 2012 17:00:58
Original commit files touched by this commit  3.13.3
 This port version is marked as vulnerable.
flo search for other commits by this committer
Update to 3.13.3
02 Mar 2012 19:53:35
Original commit files touched by this commit  3.13.2
 This port version is marked as vulnerable.
flo search for other commits by this committer
Just overwrite the link if it still exists. That way we are sure that the link
points to the correct file and there is no reason trying to protect the link as
it would be deleted on deinstall anyway.

Suggested by:   dougb
27 Feb 2012 23:35:11
Original commit files touched by this commit  3.13.2
 This port version is marked as vulnerable.
flo search for other commits by this committer
make sure installation does not fail if for whatever reason the symlink in
/etc/ssl is still there on (re)install phase with ETCSYMLINK option set.

Submitted by:   mi
20 Feb 2012 21:41:44
Original commit files touched by this commit  3.13.2
 This port version is marked as vulnerable.
flo search for other commits by this committer
update to 3.13.2
12 Jan 2012 23:41:00
Original commit files touched by this commit  3.13.1
 This port version is marked as vulnerable.
flo search for other commits by this committer
- update to NSS_3_13_1_WITH_CKBI_1_88_RTM
28 Dec 2011 22:16:13
Original commit files touched by this commit  3.12.11_2
 This port version is marked as vulnerable.
flo search for other commits by this committer
update to CKBI version 1.88 which includes the latest mozilla cert data
08 Oct 2011 21:37:44
Original commit files touched by this commit  3.12.11_1
 This port version is marked as vulnerable.
flo search for other commits by this committer
now that gecko maintains security/nss also take this port into gecko custody

Discussed with: brooks @ EuroBSDCon 2011
Approved by:    brooks
04 Sep 2011 15:11:48
Original commit files touched by this commit  3.12.11_1
 This port version is marked as vulnerable.
mandree search for other commits by this committer
Change extract program:
- Also work with HEAD (1.79) version of Mozilla's certdata.txt,
  reported by Daniel Stenberg.
- Add BSD 2-clause license.
- Die when certificates without trust block appear.
04 Sep 2011 13:25:06
Original commit files touched by this commit  3.12.11_1
 This port version is marked as vulnerable.
mandree search for other commits by this committer
Forced commit to note:
VID: aa5bc971-d635-11e0-b3cf-080027ef73ec
VID: 1b27af46-d6f6-11e0-89a6-080027ef73ec
04 Sep 2011 13:21:09
Original commit files touched by this commit  3.12.11_1
 This port version is marked as vulnerable.
mandree search for other commits by this committer
See to proper version tags in the bundle .pem file.
04 Sep 2011 13:08:49
Original commit files touched by this commit  3.12.11
 This port version is marked as vulnerable.
mandree search for other commits by this committer
Security update: use newer Mozilla Builtin-Trust store
to revoke DigiNotar.nl trust.

Security fix: the modssl ca-bundle.pl script did not process
"untrusted" marks on certificates. Drop it and write a new
script in its place that does that.

Synch up with security/nss port to 3.12.11.

Not asking for maintainer approval because of multiple
timeouts in response to related PRs vs. security/[ca_root_]nss.
26 May 2011 14:56:01
Original commit files touched by this commit  3.12.9
 This port version is marked as vulnerable.
brooks search for other commits by this committer
Increase the size and verbosity of the comment that the versions used in
this port should track security/nss and www/apache13-modssl.

No functional impact.
25 Feb 2011 17:19:01
Original commit files touched by this commit  3.12.9
 This port version is marked as vulnerable.
brooks search for other commits by this committer
Chase nss revision and update to 3.12.9.

PR:             ports/154961
Submitted by:   Niclas Zeising
08 Sep 2010 01:42:36
Original commit files touched by this commit  3.12.6
 This port version is marked as vulnerable.
pgollucci search for other commits by this committer
- fix file name ca-bundle.crt -> ca-root-nss.crt [1]
- Properly sub VERSION_NSS var [1]
- While here, update to 3.12.6 to sync with security/nss

PR:             ports/143584 [1]
Submitted by:   Kevin Kobb <kkobb@skylinecorp.com> [1]
Approved by:    maintainer timeout (brooks ; 209 days) [1]
08 Dec 2009 19:28:24
Original commit files touched by this commit  3.12.4
 This port version is marked as vulnerable.
brooks search for other commits by this committer
Upgrade to 3.12.4.

PR:             ports/140609
Submitted by:   Tijl Coosemans <tijl at ulyssis dot org>
27 Jun 2009 20:51:15
Original commit files touched by this commit  3.11.9_2
 This port version is marked as vulnerable.
brooks search for other commits by this committer
Add a comment documenting the fact that we track the versions of
security/nss and www/apach13-modssl.

PR:             ports/136093
17 Mar 2008 16:00:46
Original commit files touched by this commit  3.11.9_2
 This port version is marked as vulnerable.
brooks search for other commits by this committer
o Fix port OPTION ETCSYMLINK which was not creating the proper link.
  Instead of pointing to the crt file, it was pointing to the directory.
o Bump PORTREVISION

PR:             ports/121782
Submitted by:   lioux
Point hat to:   brooks
12 Mar 2008 21:02:01
Original commit files touched by this commit  3.11.9_1
 This port version is marked as vulnerable.
brooks search for other commits by this committer
Add an option (defaulting to off since messing with files outside PREFIX is
to be avoided) to link the installed certificate bundle to /etc/ssh/cert.pem
12 Mar 2008 20:19:50
Original commit files touched by this commit  3.11.9_1
 This port version is marked as vulnerable.
brooks search for other commits by this committer
Add text to pkg-descr:

This port directly tracks the version of NSS in the security/nss port.
12 Mar 2008 19:39:58
Original commit files touched by this commit  3.11.9
 This port version is marked as vulnerable.
brooks search for other commits by this committer
Chase nss version to 3.11.9 and modssl to 2.8.31-1.3.41.  This
includes the changes:

Bug 411299, Add Identrust, Truktrust, SwissSign Roots
Bug 229335, Remove certificates that expired in August 2004 from tree
11 Jul 2007 17:07:14
Original commit files touched by this commit  3.11.7
 This port version is marked as vulnerable.
brooks search for other commits by this committer
Update to NSS 3.11.7 to match security/nss.

8 new root certiticates added.
06 Jul 2007 21:37:35
Original commit files touched by this commit  3.11.5
 This port version is marked as vulnerable.
brooks search for other commits by this committer
Add ca_root_nss:

Root certificates from certificate authorities included in the Mozilla
NSS library and thus in Firefox and Thunderbird.

Number of commits found: 44

Login
User Login
Create account

Servers and bandwidth provided by
New York Internet, SuperNews, and RootBSD

This site
What is FreshPorts?
About the authors
FAQ
How big is it?
The latest upgrade!
Privacy
Forums
Blog
Contact

Search
Enter Keywords:
 
more...

Latest Vulnerabilities
chromiumAug 26
fileAug 21
py-djangoAug 21
py-django-develAug 21
py-django14Aug 21
py-django15Aug 21
php53Aug 18
phpmyadminAug 17
chromiumAug 13
serfAug 11
subversionAug 11
subversion17Aug 11
nginxAug 09
nginx-develAug 09
mingw32-opensslAug 06

6 vulnerabilities affecting 9 ports have been reported in the past 14 days

* - modified, not new

All vulnerabilities


Ports
Home
Categories
Deleted ports
Sanity Test Failures
Newsfeeds


Statistics
Graphs
NEW Graphs (Javascript)
Traffic

Calculated hourly:
Port count 24503
Broken 219
Deprecated 742
Ignore 563
Forbidden 36
Restricted 261
No CDROM 101
Vulnerable 23
Expired 0
Set to expire 732
Interactive 0
new 24 hours 2
new 48 hours13
new 7 days51
new fortnight96
new month251

Servers and bandwidth provided by
New York Internet, SuperNews, and RootBSD
Valid HTML, CSS, and RSS.
Copyright © 2000-2014 Dan Langille. All rights reserved.