notbugAs an Amazon Associate I earn from qualifying purchases.
Want a good read? Try FreeBSD Mastery: Jails (IT Mastery Book 15)
Want a good monitor light? See my photosAll times are UTC
Ukraine
This referral link gives you 10% off a Fastmail.com account and gives me a discount on my Fastmail account.

Get notified when packages are built

A new feature has been added. FreshPorts already tracks package built by the FreeBSD project. This information is displayed on each port page. You can now get an email when FreshPorts notices a new package is available for something on one of your watch lists. However, you must opt into that. Click on Report Subscriptions on the right, and New Package Notification box, and click on Update.

Finally, under Watch Lists, click on ABI Package Subscriptions to select your ABI (e.g. FreeBSD:14:amd64) & package set (latest/quarterly) combination for a given watch list. This is what FreshPorts will look for.

non port: security/ca_root_nss/pkg-plist

Number of commits found: 15

Sunday, 8 Oct 2023
04:36 Dag-Erling Smørgrav (des) search for other commits by this committer
security/ca_root_nss: Restore the ETC_SYMLINK.

It turns out that some ports have an undisclosed dependency on the
symlink and cannot be trivially changed to use the system trust
store instead.

Amend the package message to make it clear that software which relies
on this symlink is not following recommended practice.

I will look into getting certctl(8) to provide cert.pem instead, but
it may take a while until we can rely on this being in place on all
supported releases.

This partly reverts commit 483e74f44b82.

PR:		274322
MFH:		2023Q4
Reviewed by:	fluffy
Differential Revision:	https://reviews.freebsd.org/D42120
commit hash: 52e0c40367d3ebd09ab7169e025c37fbf70b8dee commit hash: 52e0c40367d3ebd09ab7169e025c37fbf70b8dee commit hash: 52e0c40367d3ebd09ab7169e025c37fbf70b8dee commit hash: 52e0c40367d3ebd09ab7169e025c37fbf70b8dee 52e0c40
Friday, 6 Oct 2023
15:48 Dag-Erling Smørgrav (des) search for other commits by this committer
security/ca_root_nss: Use certctl instead of a symlink.

MFH:		2023Q4
Reviewed by:	fluffy, sunpoet
Differential Revision:	https://reviews.freebsd.org/D42045
commit hash: 483e74f44b82f20bddd5608beef74b2a5ab38a88 commit hash: 483e74f44b82f20bddd5608beef74b2a5ab38a88 commit hash: 483e74f44b82f20bddd5608beef74b2a5ab38a88 commit hash: 483e74f44b82f20bddd5608beef74b2a5ab38a88 483e74f
Wednesday, 6 Sep 2023
21:07 Po-Chuan Hsieh (sunpoet) search for other commits by this committer
security/ca_root_nss: Remove duplicate PLIST entry

These 2 files are already handled by @sample.

===>  Deinstalling for ca_root_nss
===>   Deinstalling ca_root_nss-3.93
Updating database digests format: 100%
Checking integrity... done (0 conflicting)
Deinstallation has been requested for the following 1 packages (of 0 packages in
the universe):

Installed packages to be REMOVED:
        ca_root_nss: 3.93

Number of packages to be removed: 1
[1/1] Deinstalling ca_root_nss-3.93...
[1/1] Deleting files for ca_root_nss-3.93:  11%
ca_root_nss-3.93: missing file /usr/local/etc/ssl/cert.pem
[1/1] Deleting files for ca_root_nss-3.93:  33%
ca_root_nss-3.93: missing file /usr/local/openssl/cert.pem
[1/1] Deleting files for ca_root_nss-3.93: 100%

Approved by:	portmgr (blanket)
commit hash: 574c939eccd322f546365bff8a68c7a5b7c3dc92 commit hash: 574c939eccd322f546365bff8a68c7a5b7c3dc92 commit hash: 574c939eccd322f546365bff8a68c7a5b7c3dc92 commit hash: 574c939eccd322f546365bff8a68c7a5b7c3dc92 574c939
Saturday, 28 May 2022
13:59 Jochen Neumeister (joneum) search for other commits by this committer
security/ca_root_nss: Update to 3.78

Update to 3.78
changelog:
https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/hQUjX_jwbEk

While here, fix a problem with ETCSYMLINK (1)

PR:	262755 (1)
Sponsored by:	Netzkommune GmbH
commit hash: ccb9f933491611faff4958a14b0f03ae64e374bb commit hash: ccb9f933491611faff4958a14b0f03ae64e374bb commit hash: ccb9f933491611faff4958a14b0f03ae64e374bb commit hash: ccb9f933491611faff4958a14b0f03ae64e374bb ccb9f93
Sunday, 13 Mar 2022
12:05 Jochen Neumeister (joneum) search for other commits by this committer
security/ca_root_nss: Update to 3.76

Update to 3.76 and fix do-install (1)

PR:	228550 (1)
Approved by:	ports-secteam (with hat)
Sponsored by:	Netzkommune GmbH
commit hash: 8c042351fc7f0b70658c9bb1207a781b1f0fb10b commit hash: 8c042351fc7f0b70658c9bb1207a781b1f0fb10b commit hash: 8c042351fc7f0b70658c9bb1207a781b1f0fb10b commit hash: 8c042351fc7f0b70658c9bb1207a781b1f0fb10b 8c04235
Thursday, 15 Feb 2018
15:21 tijl search for other commits by this committer
Fix an error reported by pkg when cert-sync doesn't exist.
Original commitRevision:461930 
Tuesday, 13 Feb 2018
20:45 feld search for other commits by this committer
security/ca_root_nss: Add post-exec script to automatically sync to mono's
certificate store

PR:		225357
Original commitRevision:461746 
Sunday, 9 Oct 2016
01:09 marino search for other commits by this committer
security/ca_root_nss: adjust pkg-plist to address leftover directory

The port creates /etc/ssl directory with the default option, but until now,
did not remove it upon deinstallation.  While technically this requires
a revbump, rebuilding this port to fix a cleanup step would cause a
tremendous amount of fallout and it's not worth the pain IMO.

PR:		213121
Approved by:	feld (ports-secteam)
Original commitRevision:423559 
Monday, 9 Feb 2015
09:44 koobs search for other commits by this committer
security/ca_root_nss: Fix SSL verification for ports OpenSSL consumers

Since 2.7.9, Python verifies SSL certificates by default. Currently,
even with security/ca_root_nss installed, Python fails certificate
verification.

Upon investigation, Python uses OpenSSL's standard
SSL_CTX_load_verify_locations function to load a list of CA root
certificates.

Support was added to ca_root_nss for "out of the box" certificate
verification for a number of base utilities in r372629 [1], but this
did not include support for software that uses OpenSSL's
SSL_CTX_load_verify_locations function.

[1] https://svnweb.freebsd.org/changeset/ports/372629

OpenSSL defaults (at compile time) to the following paths and filenames
for certificate and CAFile lookup:

Base:
  SSL_CERT_DIR=/etc/ssl/certs
  SSL_CERT_FILE/etc/ssl/cert.pem

Ports:
  SSL_CERT_DIR=/usr/local/openssl/certs
  SSL_CERT_FILE=/usr/local/openssl/cert.pem

This change installs a symlink which points to the root certificate
bundle in the location that OpenSSL from ports looks for them.

This allows any and all software utilising SSL_CTX_load_verify_locations
function to verify SSL certificates by default after installation of
this package.

Additionally, display a pkg-message to the user about the lack of
warranty associated with these certificates.

Note: This is *NOT* related to solving for SSL certificate verification
for OpenSSL in Base, which is covered in bug 189811.

While I'm here:

- Add LICENSE
- Use options helpers and OPTIONS_SUB
- Fix typo in !!! message !!!

PR: 196431
Submitted by:	koobs
Reviewed by:	jbeich
Approved by:	maintainer timeout (1 month)
Original commitRevision:378720 
Monday, 8 Dec 2014
21:30 bapt search for other commits by this committer
Remove useless @cwd
Original commitRevision:374329 
Sunday, 16 Nov 2014
10:15 bapt search for other commits by this committer
Link in the right place and fix plist
Original commitRevision:372630 
Wednesday, 15 Oct 2014
15:48 beat search for other commits by this committer
- Update Firefox to 33.0
- Update Firefox ESR to 31.2.0
- Update NSS to 3.17.2
- Update Thunderbird to 31.2.0
- Update libxul to 31.2.0 (and mark as BROKEN)
- Disable SSL 3.0 with pref (Upstream bug 1076983)
- (workaround) replace USE_GCC=yes with USES=compiler:gcc-c++11-lib in
  order to fix runtime for PGO and powerpc/powerpc64 on libc++ systems
- Add OSS audio fallback for HTML5 audio from upstream bug;
  not exposed yet because WebRTC still needs ALSA or PulseAudio
- Kill @dirrm from gecko@ ports per CHANGES from 20140922
- Drop workaround for LLVM PR 19007: base and lang/clang34 have the fix
- Improve workaround comment for LLVM PR 15840, partially rejecting
  r348851 by marino@ until bug 193555

PR:		194356
Submitted by:	Jan Beich
Security:	http://www.vuxml.org/freebsd/9c1495ac-8d8c-4789-a0f3-8ca6b476619c.html
Original commitRevision:370932 
Tuesday, 23 Sep 2014
09:25 bapt search for other commits by this committer
Simplify plist (and avoir @cwd)
Original commitRevision:369007 
Sunday, 4 Sep 2011
13:25 mandree search for other commits by this committer
Forced commit to note:
VID: aa5bc971-d635-11e0-b3cf-080027ef73ec
VID: 1b27af46-d6f6-11e0-89a6-080027ef73ec
Original commit
Wednesday, 12 Mar 2008
21:02 brooks search for other commits by this committer
Add an option (defaulting to off since messing with files outside PREFIX is
to be avoided) to link the installed certificate bundle to /etc/ssh/cert.pem
Original commit

Number of commits found: 15