ca_root_nss Root certificate bundle from the Mozilla Project

3.46 security =129 3.45Version of this port present on the latest quarterly branch.

Maintainer: ports-secteam@FreeBSD.org

Port Added: 2007-07-06 21:39:01

Last Update: 2019-08-31 01:50:47

SVN Revision: 510302

License: MPL20

Description:

Root certificates from certificate authorities included in the Mozilla NSS library and thus in Firefox and Thunderbird. This port directly tracks the version of NSS in the security/nss port.

SVNWeb

pkg-plist: as obtained via: make generate-plist

Expand this list (9 items)

1. /usr/local/share/licenses/ca_root_nss-3.46/catalog.mk
2. /usr/local/share/licenses/ca_root_nss-3.46/LICENSE
3. /usr/local/share/licenses/ca_root_nss-3.46/MPL20
4. share/certs/ca-root-nss.crt
5. @sample etc/ssl/cert.pem.sample
6. @sample openssl/cert.pem.sample
7. /etc/ssl/cert.pem
8. @dir /etc/ssl
9. @postexec [ ! -e /usr/local/bin/cert-sync ] || /usr/local/bin/cert-sync --quiet %D/share/certs/ca-root-nss.crt

Collapse this list.

Dependency lines:

• ca_root_nss>0:security/ca_root_nss

Conflicts:

CONFLICTS_INSTALL:

• ca-roots-[0-9]*

Conflicts Matches:

There are no Conflicts Matches for this port. This is usually an error.

To install the port: cd /usr/ports/security/ca_root_nss/ && make install clean

To add the package: pkg install ca_root_nss

PKGNAME: ca_root_nss

Flavors: there is no flavor information for this port.

distinfo:

TIMESTAMP = 1567179992 SHA256 (nss-3.46.tar.gz) = 6b699649d285602ba258a4b0957cb841eafc94eff5735a9da8da0adbb9a10cef SIZE (nss-3.46.tar.gz) = 76417155

Dependencies

NOTE: FreshPorts displays only information on required and default dependencies. Optional dependencies are not covered.

Build dependencies:

1. perl5>=5.30.r1<5.31 : lang/perl5.30

This port is required by:

for Build

1. devel/librest
2. devel/qca
3. net/glib-networking
4. net/s3ql
5. net-im/empathy
6. net-im/telepathy-gabble
7. security/gnome-keyring

Expand this list (12 items / 5 hidden)

8. security/p11-kit
9. sysutils/cinnamon-control-center
10. x11/cinnamon
11. Collapse this list.

Deleted ports which required this port:

Expand this list of 2 deleted ports

1. devel/qca-qt5^*
2. security/mate-keyring^*
3. Collapse this list of deleted ports.

for Fetch

1. www/cliqz

for Run

1. audio/teamspeak3-server
2. devel/brz
3. devel/bzr
4. devel/gitlab-runner
5. devel/hs-hoogle
6. devel/librest
7. devel/mercurial

Expand this list (100 items / 93 hidden)

8. devel/osc
9. devel/php-composer
10. devel/py-libioc
11. devel/py-libiocage
12. devel/qca
13. devel/stack
14. dns/ddclient
15. dns/dnscrypt-proxy2
16. dns/void-zones-tools
17. ftp/curl
18. graphics/variety
19. irc/hexchat
20. irc/weechat
21. lang/mono
22. mail/courier
23. mail/fetchmail
24. mail/fetchmail64
25. mail/msmtp
26. mail/opensmtpd
27. mail/opensmtpd-devel
28. mail/rspamd
29. mail/rspamd-devel
30. mail/sylpheed
31. multimedia/mps-youtube
32. multimedia/tautulli
33. net/boinc-client
34. net/bsdec2-image-upload
35. net/geoipupdate
36. net/glib-networking
37. net/measurement-kit
38. net/mosquitto
39. net/openntpd
40. net/qt5-network
41. net/rubygem-grpc
42. net/s3ql
43. net-im/empathy
44. net-im/py-matrix-synapse
45. net-im/telepathy-gabble
46. net-mgmt/netmagis-database
47. net-mgmt/netmagis-www
48. ports-mgmt/freebsd-bugzilla-cli
49. ports-mgmt/poudriere
50. ports-mgmt/poudriere-devel
51. security/gnome-keyring
52. security/gnutls
53. security/go-cve-dictionary
54. security/lego
55. security/p11-kit
56. security/pulledpork
57. security/ssllabs-scan
58. sysutils/amazon-ssm-agent
59. sysutils/azure-agent
60. sysutils/cbsd
61. sysutils/cinnamon-control-center
62. sysutils/iocage
63. sysutils/iocage-devel
64. sysutils/osquery
65. sysutils/ucspi-ssl
66. sysutils/vagrant
67. sysutils/vm-bhyve
68. textproc/py-asciinema
69. textproc/py-sphinx
70. www/aria2
71. www/caddy
72. www/ffsend
73. www/gist
74. www/mattermost-server
75. www/midori
76. www/miniflux
77. www/neon
78. www/netsurf
79. www/node
80. www/node10
81. www/node8
82. www/py-weboob
83. x11/cinnamon
84. Collapse this list.

Deleted ports which required this port:

Expand this list of 17 deleted ports

1. deskutils/google-gadgets^*
2. devel/bazaar-ng^*
3. devel/qca-qt5^*
4. ftp/curl-hiphop^*
5. multimedia/plexpy^*
6. net/py-matrix-synapse^*
7. net/qt4-network^*
8. ports-mgmt/redports-node^*
9. security/acme-client^*
10. security/mate-keyring^*
11. sysutils/py-iocage^*
12. sysutils/py3-iocage^*
13. sysutils/ucspi-ssl-tls^*
14. textproc/py3-asciinema^*
15. textproc/py3-sphinx^*
16. www/deforaos-surfer^*
17. www/neon29^*
18. Collapse this list of deleted ports.

* - deleted ports are only shown under the This port is required by section. It was harder to do for the Required section. Perhaps later...

Configuration Options

===> The following configuration options are available for ca_root_nss-3.46: ETCSYMLINK=on: Add symlink to /etc/ssl/cert.pem ===> Use 'make config' to modify these settings

USES:

perl5 ssl:build

Master Sites:

1. https://archive.mozilla.org/pub/security/nss/releases/NSS_3_46_RTM/src/
2. https://download.cdn.mozilla.net/pub/security/nss/releases/NSS_3_46_RTM/src/

See to proper version tags in the bundle .pem file.

Security update: use newer Mozilla Builtin-Trust store
to revoke DigiNotar.nl trust.

Security fix: the modssl ca-bundle.pl script did not process
"untrusted" marks on certificates. Drop it and write a new
script in its place that does that.

Synch up with security/nss port to 3.12.11.

Not asking for maintainer approval because of multiple
timeouts in response to related PRs vs. security/[ca_root_]nss.

Increase the size and verbosity of the comment that the versions used in
this port should track security/nss and www/apache13-modssl.

No functional impact.

Chase nss revision and update to 3.12.9.

PR:             ports/154961
Submitted by:   Niclas Zeising

- fix file name ca-bundle.crt -> ca-root-nss.crt [1]
- Properly sub VERSION_NSS var [1]
- While here, update to 3.12.6 to sync with security/nss

PR:             ports/143584 [1]
Submitted by:   Kevin Kobb <kkobb@skylinecorp.com> [1]
Approved by:    maintainer timeout (brooks ; 209 days) [1]

Upgrade to 3.12.4.

PR:             ports/140609
Submitted by:   Tijl Coosemans <tijl at ulyssis dot org>

Add a comment documenting the fact that we track the versions of
security/nss and www/apach13-modssl.

PR:             ports/136093

o Fix port OPTION ETCSYMLINK which was not creating the proper link.
  Instead of pointing to the crt file, it was pointing to the directory.
o Bump PORTREVISION

PR:             ports/121782
Submitted by:   lioux
Point hat to:   brooks

Add an option (defaulting to off since messing with files outside PREFIX is
to be avoided) to link the installed certificate bundle to /etc/ssh/cert.pem

Add text to pkg-descr:

This port directly tracks the version of NSS in the security/nss port.

Chase nss version to 3.11.9 and modssl to 2.8.31-1.3.41.  This
includes the changes:

Bug 411299, Add Identrust, Truktrust, SwissSign Roots
Bug 229335, Remove certificates that expired in August 2004 from tree

Update to NSS 3.11.7 to match security/nss.

8 new root certiticates added.

Add ca_root_nss:

Root certificates from certificate authorities included in the Mozilla
NSS library and thus in Firefox and Thunderbird.

14 vulnerabilities affecting 199 ports have been reported in the past 14 days

^* - modified, not new

All vulnerabilities

Last updated:
2019-09-16 12:47:59