non port: security/ca_root_nss/pkg-plist |
Number of commits found: 15 |
Sunday, 8 Oct 2023
|
04:36 Dag-Erling Smørgrav (des)
security/ca_root_nss: Restore the ETC_SYMLINK.
It turns out that some ports have an undisclosed dependency on the
symlink and cannot be trivially changed to use the system trust
store instead.
Amend the package message to make it clear that software which relies
on this symlink is not following recommended practice.
I will look into getting certctl(8) to provide cert.pem instead, but
it may take a while until we can rely on this being in place on all
supported releases.
This partly reverts commit 483e74f44b82.
PR: 274322
MFH: 2023Q4
Reviewed by: fluffy
Differential Revision: https://reviews.freebsd.org/D42120
52e0c40 |
Friday, 6 Oct 2023
|
15:48 Dag-Erling Smørgrav (des)
security/ca_root_nss: Use certctl instead of a symlink.
MFH: 2023Q4
Reviewed by: fluffy, sunpoet
Differential Revision: https://reviews.freebsd.org/D42045
483e74f |
Wednesday, 6 Sep 2023
|
21:07 Po-Chuan Hsieh (sunpoet)
security/ca_root_nss: Remove duplicate PLIST entry
These 2 files are already handled by @sample.
===> Deinstalling for ca_root_nss
===> Deinstalling ca_root_nss-3.93
Updating database digests format: 100%
Checking integrity... done (0 conflicting)
Deinstallation has been requested for the following 1 packages (of 0 packages in
the universe):
Installed packages to be REMOVED:
ca_root_nss: 3.93
Number of packages to be removed: 1
[1/1] Deinstalling ca_root_nss-3.93...
[1/1] Deleting files for ca_root_nss-3.93: 11%
ca_root_nss-3.93: missing file /usr/local/etc/ssl/cert.pem
[1/1] Deleting files for ca_root_nss-3.93: 33%
ca_root_nss-3.93: missing file /usr/local/openssl/cert.pem
[1/1] Deleting files for ca_root_nss-3.93: 100%
Approved by: portmgr (blanket)
574c939 |
Saturday, 28 May 2022
|
13:59 Jochen Neumeister (joneum)
security/ca_root_nss: Update to 3.78
Update to 3.78
changelog:
https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/hQUjX_jwbEk
While here, fix a problem with ETCSYMLINK (1)
PR: 262755 (1)
Sponsored by: Netzkommune GmbH
ccb9f93 |
Sunday, 13 Mar 2022
|
12:05 Jochen Neumeister (joneum)
security/ca_root_nss: Update to 3.76
Update to 3.76 and fix do-install (1)
PR: 228550 (1)
Approved by: ports-secteam (with hat)
Sponsored by: Netzkommune GmbH
8c04235 |
Thursday, 15 Feb 2018
|
15:21 tijl
Fix an error reported by pkg when cert-sync doesn't exist.
|
Tuesday, 13 Feb 2018
|
20:45 feld
security/ca_root_nss: Add post-exec script to automatically sync to mono's
certificate store
PR: 225357
|
Sunday, 9 Oct 2016
|
01:09 marino
security/ca_root_nss: adjust pkg-plist to address leftover directory
The port creates /etc/ssl directory with the default option, but until now,
did not remove it upon deinstallation. While technically this requires
a revbump, rebuilding this port to fix a cleanup step would cause a
tremendous amount of fallout and it's not worth the pain IMO.
PR: 213121
Approved by: feld (ports-secteam)
|
Monday, 9 Feb 2015
|
09:44 koobs
security/ca_root_nss: Fix SSL verification for ports OpenSSL consumers
Since 2.7.9, Python verifies SSL certificates by default. Currently,
even with security/ca_root_nss installed, Python fails certificate
verification.
Upon investigation, Python uses OpenSSL's standard
SSL_CTX_load_verify_locations function to load a list of CA root
certificates.
Support was added to ca_root_nss for "out of the box" certificate
verification for a number of base utilities in r372629 [1], but this
did not include support for software that uses OpenSSL's
SSL_CTX_load_verify_locations function.
[1] https://svnweb.freebsd.org/changeset/ports/372629
OpenSSL defaults (at compile time) to the following paths and filenames
for certificate and CAFile lookup:
Base:
SSL_CERT_DIR=/etc/ssl/certs
SSL_CERT_FILE/etc/ssl/cert.pem
Ports:
SSL_CERT_DIR=/usr/local/openssl/certs
SSL_CERT_FILE=/usr/local/openssl/cert.pem
This change installs a symlink which points to the root certificate
bundle in the location that OpenSSL from ports looks for them.
This allows any and all software utilising SSL_CTX_load_verify_locations
function to verify SSL certificates by default after installation of
this package.
Additionally, display a pkg-message to the user about the lack of
warranty associated with these certificates.
Note: This is *NOT* related to solving for SSL certificate verification
for OpenSSL in Base, which is covered in bug 189811.
While I'm here:
- Add LICENSE
- Use options helpers and OPTIONS_SUB
- Fix typo in !!! message !!!
PR: 196431
Submitted by: koobs
Reviewed by: jbeich
Approved by: maintainer timeout (1 month)
|
Monday, 8 Dec 2014
|
21:30 bapt
Remove useless @cwd
|
Sunday, 16 Nov 2014
|
10:15 bapt
Link in the right place and fix plist
|
Wednesday, 15 Oct 2014
|
15:48 beat
- Update Firefox to 33.0
- Update Firefox ESR to 31.2.0
- Update NSS to 3.17.2
- Update Thunderbird to 31.2.0
- Update libxul to 31.2.0 (and mark as BROKEN)
- Disable SSL 3.0 with pref (Upstream bug 1076983)
- (workaround) replace USE_GCC=yes with USES=compiler:gcc-c++11-lib in
order to fix runtime for PGO and powerpc/powerpc64 on libc++ systems
- Add OSS audio fallback for HTML5 audio from upstream bug;
not exposed yet because WebRTC still needs ALSA or PulseAudio
- Kill @dirrm from gecko@ ports per CHANGES from 20140922
- Drop workaround for LLVM PR 19007: base and lang/clang34 have the fix
- Improve workaround comment for LLVM PR 15840, partially rejecting
r348851 by marino@ until bug 193555
PR: 194356
Submitted by: Jan Beich
Security: http://www.vuxml.org/freebsd/9c1495ac-8d8c-4789-a0f3-8ca6b476619c.html
|
Tuesday, 23 Sep 2014
|
09:25 bapt
Simplify plist (and avoir @cwd)
|
Sunday, 4 Sep 2011
|
13:25 mandree
Forced commit to note:
VID: aa5bc971-d635-11e0-b3cf-080027ef73ec
VID: 1b27af46-d6f6-11e0-89a6-080027ef73ec
|
Wednesday, 12 Mar 2008
|
21:02 brooks
Add an option (defaulting to off since messing with files outside PREFIX is
to be avoided) to link the installed certificate bundle to /etc/ssh/cert.pem
|
Number of commits found: 15 |