notbugAs an Amazon Associate I earn from qualifying purchases.
Want a good read? Try FreeBSD Mastery: Jails (IT Mastery Book 15)
Want a good monitor light? See my photosAll times are UTC
Ukraine

Bot filter coming soon

To deter bots pegging the database CPU to 100%, a bot testing filter to be added to the website. This should not affect newsfeeds etc. Anubis seems light-weight - it is already in use within the FreeBSD Project. This notice is just a heads up in case you see something odd. This notice will be updated after Anubis is installed.

Port details
ca_root_nss Root certificate bundle from the Mozilla Project
3.108 security on this many watch lists=134 search for ports that depend on this port An older version of this port was marked as vulnerable. Find issues related to this port Report an issue related to this port View this port on Repology. pkg-fallout 3.108Version of this port present on the latest quarterly branch.
Maintainer: ports-secteam@FreeBSD.org search for ports maintained by this maintainer
Port Added: 2007-07-06 21:39:01
Last Update: 2025-02-22 09:34:09
Commit Hash: f3b0945
People watching this port, also watch:: curl, libiconv, libxml2, expat, pcre
License: MPL20
Description:
Root certificates from certificate authorities included in the Mozilla NSS library and thus in Firefox and Thunderbird. This port directly tracks the version of NSS in the security/nss port.
cgit ¦ Codeberg ¦ GitHub ¦ GitLab ¦ SVNWeb

Manual pages:
FreshPorts has no man page information for this port.
pkg-plist: as obtained via: make generate-plist
Expand this list (13 items)
Collapse this list.
  1. /usr/local/share/licenses/ca_root_nss-3.108/catalog.mk
  2. /usr/local/share/licenses/ca_root_nss-3.108/LICENSE
  3. /usr/local/share/licenses/ca_root_nss-3.108/MPL20
  4. share/certs/ca-root-nss.crt
  5. @sample etc/ssl/cert.pem.sample
  6. openssl/cert.pem
  7. /etc/ssl/cert.pem
  8. @postexec certctl rehash
  9. @postunexec certctl rehash
  10. @postexec [ ! -e /usr/local/bin/cert-sync ] || /usr/local/bin/cert-sync --quiet %D/share/certs/ca-root-nss.crt
  11. @owner
  12. @group
  13. @mode
Collapse this list.
Dependency lines:
  • ca_root_nss>0:security/ca_root_nss
Conflicts:
CONFLICTS_INSTALL:
  • ca-roots-[0-9]*
To install the port:
cd /usr/ports/security/ca_root_nss/ && make install clean
To add the package, run one of these commands:
  • pkg install security/ca_root_nss
  • pkg install ca_root_nss
NOTE: If this package has multiple flavors (see below), then use one of them instead of the name specified above.
PKGNAME: ca_root_nss
Flavors: there is no flavor information for this port.
distinfo:
TIMESTAMP = 1739303198 SHA256 (nss-3.108.tar.gz) = a0f6fcb5dbadc1635b43827517a979e3a6d005d0788527802a6b31e2c5f66eec SIZE (nss-3.108.tar.gz) = 76630022

Packages (timestamps in pop-ups are UTC):
ca_root_nss
ABIaarch64amd64armv6armv7i386powerpcpowerpc64powerpc64le
FreeBSD:13:latest3.1083.1083.583.1083.108-3.58-
FreeBSD:13:quarterly3.1083.1083.89.13.1083.1083.93_23.93_23.93_2
FreeBSD:14:latest3.1083.1083.873.1083.1083.89.1-3.89.1
FreeBSD:14:quarterly3.1083.108-3.1083.1083.93_23.93_23.93_2
FreeBSD:15:latest3.1083.108n/a3.108n/a3.93_23.93_23.93_2
Dependencies
NOTE: FreshPorts displays only information on required and default dependencies. Optional dependencies are not covered.
Build dependencies:
  1. perl5>=5.36<5.37 : lang/perl5.36
This port is required by:
for Build
  1. devel/librest
  2. devel/please
  3. devel/qca
  4. lang/julia
  5. misc/outside
  6. net-im/telepathy-gabble
  7. sysutils/kleene-daemon

Deleted ports which required this port:

Expand this list of 5 deleted ports
  1. devel/qca-legacy*
  2. devel/qca-qt5*
  3. net/s3ql*
  4. net-im/empathy*
  5. security/mate-keyring*
  6. Collapse this list of deleted ports.
for Fetch
  1. archivers/plakar
  2. audio/gonic
  3. databases/pg_tileserv
  4. databases/rqlite
  5. databases/usql
  6. deskutils/pet
  7. devel/athens
Expand this list (104 items / 97 hidden - sorry, this count includes any deleted ports)
  1. Collapse this list).
  2. devel/atlantis
  3. devel/capslock
  4. devel/etcd34
  5. devel/etcd35
  6. devel/etcd36
  7. devel/gilt
  8. devel/git-town
  9. devel/gitleaks
  10. devel/glab
  11. devel/gomigrate
  12. devel/lefthook
  13. devel/protobuf-go
  14. devel/revive
  15. dns/dnsx
  16. dns/mosdns
  17. editors/orbiton
  18. ftp/wush
  19. games/tetrigo
  20. graphics/oidn
  21. irc/soju
  22. lang/gptscript
  23. mail/mox
  24. math/ttmath
  25. misc/fabric
  26. misc/gollama
  27. misc/ls-lint
  28. misc/ollama
  29. net/frp
  30. net/gotify-cli
  31. net/k6
  32. net/mihomo
  33. net/sing-box
  34. net/yggdrasil
  35. net-im/dendrite
  36. net-mgmt/bind_exporter
  37. net-mgmt/check_syncthing
  38. net-mgmt/check_wg
  39. net-mgmt/mysqld_exporter
  40. net-mgmt/netdata-go
  41. net-mgmt/prometheus2
  42. security/certspotter
  43. security/gauth
  44. security/git-credential-gopass
  45. security/naabu
  46. security/openbao
  47. security/sops
  48. security/sshesame
  49. security/trufflehog
  50. security/vouch-proxy
  51. security/zlint
  52. sysutils/alloy
  53. sysutils/cilium
  54. sysutils/envconsul
  55. sysutils/govmomi
  56. sysutils/infracost
  57. sysutils/kapp
  58. sysutils/kubo-go
  59. sysutils/kustomize
  60. sysutils/nerdctl
  61. sysutils/nomad
  62. sysutils/nomad-pot-driver
  63. sysutils/popeye
  64. sysutils/terraform
  65. textproc/codesearch
  66. textproc/dasel
  67. textproc/jqp
  68. textproc/moar
  69. textproc/termshot
  70. textproc/vacuum
  71. textproc/xlnt
  72. textproc/ytt
  73. textproc/zed
  74. textproc/zq
  75. www/fabio
  76. www/ghostunnel
  77. www/httpx
  78. www/lux
  79. www/opengist
  80. www/owncast
  81. www/xurls
  82. www/youtube
  83. Collapse this list.

Deleted ports which required this port:

Expand this list of 16 deleted ports
  1. devel/gitlab-metrics-exporter*
  2. devel/pydio-packr*
  3. editors/o*
  4. finance/cointop*
  5. net/clash*
  6. net/nebula*
  7. net-mgmt/chronograf*
  8. security/tfsec*
  9. sysutils/container-diff*
  10. sysutils/ipfs-go*
  11. sysutils/zrepl*
  12. sysutils/zrepl-dsh2dsh*
  13. textproc/mergestat*
  14. www/annie*
  15. www/cliqz*
  16. www/grafana9*
  17. Collapse this list of deleted ports.
for Patch
  1. deskutils/calibre
for Run
  1. audio/teamspeak3-server
  2. databases/mongosh
  3. devel/brz
  4. devel/gitlab-runner
  5. devel/hs-hoogle
  6. devel/hs-spago
  7. devel/librest
Expand this list (137 items / 130 hidden - sorry, this count includes any deleted ports)
  1. Collapse this list).
  2. devel/py-libioc
  3. devel/qca
  4. devel/stack
  5. dns/dnscrypt-proxy2
  6. dns/inadyn
  7. dns/nextdns
  8. dns/void-zones-tools
  9. games/linux-steam-utils
  10. games/prismlauncher
  11. graphics/variety
  12. irc/ircd-hybrid
  13. lang/gauche
  14. lang/julia
  15. lang/mono5.10
  16. lang/mono5.20
  17. lang/mono6.8
  18. mail/claws-mail
  19. mail/courier
  20. mail/msmtp
  21. mail/py-postfix-mta-sts-resolver
  22. mail/rspamd
  23. mail/rspamd-devel
  24. mail/sylpheed
  25. multimedia/jellyfin
  26. multimedia/tautulli
  27. net/boinc-client
  28. net/bsdec2-image-upload
  29. net/cloudflared
  30. net/hblock
  31. net/mosquitto
  32. net/ooni-mini
  33. net/ooni-probe-cli
  34. net/openntpd
  35. net/rclone
  36. net/rubygem-grpc
  37. net/rubygem-grpc-gitlab
  38. net/speedtest
  39. net-im/conduit
  40. net-im/py-matrix-synapse
  41. net-im/telepathy-gabble
  42. net-mgmt/arpwatch
  43. net-mgmt/netmagis-database
  44. net-mgmt/netmagis-www
  45. net-mgmt/py-arouteserver
  46. net-p2p/lidarr
  47. net-p2p/prowlarr
  48. net-p2p/radarr
  49. net-p2p/readarr
  50. net-p2p/sonarr
  51. ports-mgmt/freebsd-bugzilla-cli
  52. security/bitwarden-cli
  53. security/cargo-audit
  54. security/go-cve-dictionary
  55. security/headscale
  56. security/lego
  57. security/netbird
  58. security/pulledpork
  59. security/py-certbot-dns-cpanel
  60. security/snowflake-tor
  61. security/ssllabs-scan
  62. security/tailscale
  63. security/webtunnel-tor
  64. sysutils/amazon-ssm-agent
  65. sysutils/azure-agent
  66. sysutils/iocage-devel
  67. sysutils/minipot
  68. sysutils/ucspi-ssl
  69. sysutils/vagrant
  70. textproc/py-asciinema
  71. textproc/py-sphinx
  72. www/adguardhome
  73. www/gist
  74. www/grafana
  75. www/mattermost-server
  76. www/midori
  77. www/netsurf
  78. www/node18
  79. www/node20
  80. www/node22
  81. www/node24
  82. www/onlyoffice-documentserver
  83. www/py-woob
  84. Collapse this list.

Deleted ports which required this port:

Expand this list of 48 deleted ports
  1. deskutils/google-gadgets*
  2. devel/bazaar-ng*
  3. devel/bzr*
  4. devel/php-composer2*
  5. devel/py-libiocage*
  6. devel/qca-legacy*
  7. devel/qca-qt5*
  8. filesystems/httpfs*
  9. ftp/curl-hiphop*
  10. mail/fetchmail64*
  11. mail/opensmtpd-devel*
  12. multimedia/mps-youtube*
  13. multimedia/plexpy*
  14. net/py-matrix-synapse*
  15. net/qt4-network*
  16. net/rubygem-grpc124*
  17. net/rubygem-grpc130*
  18. net/rubygem-grpc142*
  19. net/s3ql*
  20. net-im/biboumi*
  21. net-im/empathy*
  22. net-p2p/sonarr-devel*
  23. ports-mgmt/redports-node*
  24. security/acme-client*
  25. security/mate-keyring*
  26. security/protonvpn-cli*
  27. sysutils/fusefs-httpfs*
  28. sysutils/osquery*
  29. sysutils/py-iocage*
  30. sysutils/py3-iocage*
  31. sysutils/ucspi-ssl-tls*
  32. textproc/py-sphinx18*
  33. textproc/py3-asciinema*
  34. textproc/py3-sphinx*
  35. www/ffsend*
  36. www/grafana7*
  37. www/grafana8*
  38. www/grafana9*
  39. www/neon29*
  40. www/node10*
  41. www/node12*
  42. www/node14*
  43. www/node16*
  44. www/node19*
  45. www/node21*
  46. www/node23*
  47. www/node8*
  48. www/py-weboob*
  49. Collapse this list of deleted ports.
* - deleted ports are only shown under the This port is required by section. It was harder to do for the Required section. Perhaps later...

Configuration Options:
===> The following configuration options are available for ca_root_nss-3.108: ETCSYMLINK=on: Add symlinks to default bundle locations ===> Use 'make config' to modify these settings
Options name:
security_ca_root_nss
USES:
perl5 ssl:build
pkg-message:
For install:
FreeBSD does not, and can not warrant that the certification authorities whose certificates are included in this package have in any way been audited for trustworthiness or RFC 3647 compliance. Assessment and verification of trust is the complete responsibility of the system administrator. This package installs symlinks to support root certificate discovery for software that either uses other cryptographic libraries than OpenSSL, or use OpenSSL but do not follow recommended practice. If you prefer to do this manually, replace the following symlinks with either an empty file or your site-local certificate bundle. * /etc/ssl/cert.pem * /usr/local/etc/ssl/cert.pem * /usr/local/openssl/cert.pem
Master Sites:
Expand this list (2 items)
Collapse this list.
  1. https://archive.mozilla.org/pub/security/nss/releases/NSS_3_108_RTM/src/
  2. https://download.cdn.mozilla.net/pub/security/nss/releases/NSS_3_108_RTM/src/
Collapse this list.

Number of commits found: 169 (showing only 69 on this page)

«  1 | 2 

Commit History - (may be incomplete: for full details, see links to repositories near top of page)
CommitCreditsLog message
3.25
24 Jun 2016 15:14:56
Revision:417431Original commit files touched by this commit
jbeich search for other commits by this committer
security/nss: update to 3.25

Changes:	https://developer.mozilla.org/docs/Mozilla/Projects/NSS/NSS_3.25_release_notes
3.22.2
02 Mar 2016 22:49:20
Revision:409978Original commit files touched by this commit
jbeich search for other commits by this committer
security/nss: update to 3.22.2

Changes:	https://developer.mozilla.org/docs/Mozilla/Projects/NSS/NSS_3.22.2_release_notes
Changes:	https://hg.mozilla.org/projects/nss/rev/ec7aee1a4c24
MFH:		2016Q1 (maybe security)
3.22
09 Feb 2016 00:09:38
Revision:408519Original commit files touched by this commit
jbeich search for other commits by this committer
security/nss: update to 3.22

Changes:	https://developer.mozilla.org/docs/Mozilla/Projects/NSS/NSS_3.22_release_notes
PR:		207030
Submitted by:	Christoph Moench-Tegeder <cmt@burggraben.net>
3.21
08 Jan 2016 00:45:54
Revision:405494Original commit files touched by this commit
jbeich search for other commits by this committer
security/nss: update to 3.21

Temporarily disable gtests as they require C++0x support and install a
library that may have conflicting API with devel/googletest.

Changes:	https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21_release_notes
3.20.1
02 Jan 2016 15:15:06
Revision:405074Original commit files touched by this commit
miwi search for other commits by this committer
- Pass maintainership to ports-secteam, with a explicit approval for gecko@

Differential Revision:	D2640
3.20.1
20 Nov 2015 00:38:41
Revision:401981Original commit files touched by this commit
jbeich search for other commits by this committer
gecko: catch up with 2015-11-03 release train

- Update NSPR to 4.10.10 [1]
- Update NSS to 3.20.1 [2]
- Update Firefox ESR and libxul to 38.4.0
- Update Firefox to 42.0 [2]
- Update SeaMonkey to 2.39

Changes:	http://mozilla.6506.n7.nabble.com/ANNOUNCE-NSPR-4-10-10-Release-td346822.html
Changes:	https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.1_release_notes
Changes:	https://www.mozilla.org/en-US/firefox/42.0/releasenotes/
Changes:	http://www.seamonkey-project.org/news#2015-11-08
PR:		204277 [1], 204332 [2], 203099
Submitted by:	swills, Christoph Moench-Tegeder
MFH:		2015Q4
Security:	9d04936c-75f1-4a2c-9ade-4c1708be5df9
3.20
20 Aug 2015 13:13:52
Revision:394868Original commit files touched by this commit
jbeich search for other commits by this committer
security/{,ca_root_}nss: update to 3.20

No CA root changes, just chasing NSS version.

Changes:	https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20_release_notes
3.19.3
14 Aug 2015 12:35:27
Revision:394204Original commit files touched by this commit
jbeich search for other commits by this committer
security/{,ca_root_}nss: update to 3.19.3

Changes:	https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.3_release_notes
MFH:		2015Q3
3.19.2
16 Jul 2015 06:06:00
Revision:392273Original commit files touched by this commit
jbeich search for other commits by this committer
- Update NSS and ca_root_nss to 3.19.2
- Update Firefox and gmp-api to 39.0
- Update Firefox ESR and libxul to 38.1.0

Changes:	https://developer.mozilla.org/docs/Mozilla/Projects/NSS/NSS_3.19.2_release_notes
Changes:	https://www.mozilla.org/firefox/39.0/releasenotes/
Changes:	https://www.mozilla.org/firefox/38.1.0/releasenotes/
MFH:		2015Q3
Security:	https://vuxml.freebsd.org/freebsd/44d9daee-940c-4179-86bb-6e3ffd617869.html
3.19.1_1
06 Jun 2015 07:41:52
Revision:388657Original commit files touched by this commit
koobs search for other commits by this committer
security/ca_root_nss: Enable certificate verification (for Base OpenSSL)

Enable the ETCSYMLINK option so that SSL certificate verification is
enabled by default for OpenSSL in base.

This change is the third in a set of changes [1][2] that improves the
default configuration and behaviour of client software relying on
OpenSSL for SSL/TLS and certificate verification.

A symlink is installed which points to the root certificate bundle in
the location that OpenSSL in base looks for them, as configured at build
time [2].

This allows any and all software utilising SSL_CTX_load_verify_locations
function to verify SSL certificates by default after installation of
this package.

[1] https://svnweb.freebsd.org/changeset/ports/372629
[2] https://svnweb.freebsd.org/changeset/ports/378720

PR:		189811 196357
Requested by:	many
Submitted by:	dreamcat4 gmail com
Approved by:	maintainer timeout (>1 year)
3.19.1
01 Jun 2015 14:21:54
Revision:388230Original commit files touched by this commit
jbeich search for other commits by this committer
- Update NSS and ca_root_nss to 3.19.1
- Update Firefox to 38.0.5

Changes:	https://developer.mozilla.org/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes
Changes:	https://www.mozilla.org/firefox/38.0.5/releasenotes/
MFH:		2015Q2
3.19
20 May 2015 18:08:36
Revision:386873Original commit files touched by this commit
bjk search for other commits by this committer
Fix spelling of "certification authority"

Approved by:	portmgr (bapt), bapt (ports committer)
3.19
12 May 2015 18:06:37
Revision:386162Original commit files touched by this commit
jbeich search for other commits by this committer
- Update NSS and ca_root_nss to 3.19
- Update Firefox to 38.0
- Update Firefox ESR and libxul to 31.7.0
- Update Thunderbird to 31.7.0
- Update Enigmail to 1.8.2

Changes:	https://developer.mozilla.org/docs/Mozilla/Projects/NSS/NSS_3.19_release_notes
Changes:	https://www.mozilla.org/firefox/38.0/releasenotes/
Changes:	https://www.mozilla.org/firefox/31.7.0/releasenotes/
Changes:	http://sourceforge.net/p/enigmail/bugs/search/?q=status%3Afixed+%26%26+_fixed%3A1.8.1
MFH:		2015Q2
Security:	https://vuxml.freebsd.org/freebsd/d9b43004-f5fd-4807-b1d7-dbf66455b244.html
3.18.1
24 Apr 2015 14:31:06
Revision:384648Original commit files touched by this commit
jbeich search for other commits by this committer
- Update NSS to 3.18.1

Changes:	https://developer.mozilla.org/docs/Mozilla/Projects/NSS/NSS_3.18.1_release_notes
MFH:		2015Q2
3.18
22 Mar 2015 08:00:19
Revision:381889Original commit files touched by this commit
jbeich search for other commits by this committer
- Update OpenH264 to 1.4.0
- Update NSS and ca_root_nss to 3.18
- Update Firefox to 36.0.4
- Update Firefox ESR and libxul to 31.5.3
- Update SeaMonkey to 2.33.1
- Update Enigmail to 1.8

Changes:	https://github.com/cisco/openh264/releases/tag/v1.4.0
Changes:	https://developer.mozilla.org/docs/Mozilla/Projects/NSS/NSS_3.18_release_notes
Changes:	https://www.mozilla.org/firefox/36.0.4/releasenotes/
Changes:	https://www.mozilla.org/firefox/31.5.3/releasenotes/
Changes:	http://www.seamonkey-project.org/releases/seamonkey2.33/
Changes:	https://www.enigmail.net/download/changelog.php#enig1.8
MFH:		2015Q1
X-MFH-With:	r380090
Security:	https://vuxml.freebsd.org/freebsd/76ff65f4-17ca-4d3f-864a-a3d6026194fb.html
3.17.4_1
09 Feb 2015 09:44:28
Revision:378720Original commit files touched by this commit
koobs search for other commits by this committer
security/ca_root_nss: Fix SSL verification for ports OpenSSL consumers

Since 2.7.9, Python verifies SSL certificates by default. Currently,
even with security/ca_root_nss installed, Python fails certificate
verification.

Upon investigation, Python uses OpenSSL's standard
SSL_CTX_load_verify_locations function to load a list of CA root
certificates.

Support was added to ca_root_nss for "out of the box" certificate
verification for a number of base utilities in r372629 [1], but this
did not include support for software that uses OpenSSL's
SSL_CTX_load_verify_locations function.
(Only the first 15 lines of the commit message are shown above View all of this commit message)
3.17.4
01 Feb 2015 16:46:25
Revision:378253Original commit files touched by this commit
jbeich search for other commits by this committer
- Update NSPR to 4.10.8
- Update NSS to 3.17.2
- Update Firefox to 35.0.1

Changes:	http://mozilla.6506.n7.nabble.com/ANNOUNCE-NSPR-4-10-8-Release-td332365.html
Changes:	https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.17.4_release_notes
Changes:	https://www.mozilla.org/en-US/firefox/35.0.1/releasenotes/
Differential Revision:	https://reviews.freebsd.org/D1736
Approved by:	bapt (mentor)
3.17.3_1
08 Dec 2014 21:30:24
Revision:374329Original commit files touched by this commit
bapt search for other commits by this committer
Remove useless @cwd
3.17.3_1
03 Dec 2014 14:55:26
Revision:373830Original commit files touched by this commit
beat search for other commits by this committer
- Update Thunderbird to 31.3.0
- Update gmp-api to 35.0
- Update openh264 to 1.2
- Update NSS to 3.17.3
- Update Firefox to 34.0.5
- Update Firefox ESR 31.3.0
- Update libxul to 31.3.0
- Improve CONFIGURE_TARGET handling
- Always build using client.mk
- Switch to clang by default on systems without libc++
  (/stable/8 and /stable/9)
- Drop lang/python2 dependency, only lang/python27 is required
  to build
- Use DuckDuckGo searchplugin from upstream (has suggestions
  and purposes)
- Backport a few about:memory fixes
- Backport Web Notifications libnotify integration
- Add GTK3 option for www/firefox. Adwaita is a bit broken
  since Gtk 3.14, see:
  https://bugzilla.mozilla.org/show_bug.cgi?id=1073117

PR:		195559
Submitted by:	Jan Beich
MFH:		2014Q4
Security:	http://vuxml.org/freebsd/7ae61870-9dd2-4884-a2f2-f19bb5784d09.html
3.17.2_1
16 Nov 2014 10:15:21
Revision:372630Original commit files touched by this commit
bapt search for other commits by this committer
Link in the right place and fix plist
3.17.2_1
16 Nov 2014 10:10:13
Revision:372629Original commit files touched by this commit
bapt search for other commits by this committer
Always install ${PREFIX}/etc/ssl/cert.pem symlink to allow both some base
applications some root certificates.

Discussed with:	des
3.17.2
15 Oct 2014 15:48:17
Revision:370932Original commit files touched by this commit
beat search for other commits by this committer
- Update Firefox to 33.0
- Update Firefox ESR to 31.2.0
- Update NSS to 3.17.2
- Update Thunderbird to 31.2.0
- Update libxul to 31.2.0 (and mark as BROKEN)
- Disable SSL 3.0 with pref (Upstream bug 1076983)
- (workaround) replace USE_GCC=yes with USES=compiler:gcc-c++11-lib in
  order to fix runtime for PGO and powerpc/powerpc64 on libc++ systems
- Add OSS audio fallback for HTML5 audio from upstream bug;
  not exposed yet because WebRTC still needs ALSA or PulseAudio
- Kill @dirrm from gecko@ ports per CHANGES from 20140922
- Drop workaround for LLVM PR 19007: base and lang/clang34 have the fix
- Improve workaround comment for LLVM PR 15840, partially rejecting
  r348851 by marino@ until bug 193555

PR:		194356
Submitted by:	Jan Beich
Security:	http://www.vuxml.org/freebsd/9c1495ac-8d8c-4789-a0f3-8ca6b476619c.html
3.17.1
25 Sep 2014 11:08:06
Revision:369237Original commit files touched by this commit
beat search for other commits by this committer
- Update ca_root_nss to 3.17.1
- Update thunderbird to 31.1.2
- Update seamonkey to 2.29.1
- Update firefox to 32.0.3
- Update firefox-esr to 31.1.1
- Update libxul to 24.8.1

Submitted by:	Jan Beich
Security:	http://www.vuxml.org/freebsd/48108fb0-751c-4cbb-8f33-09239ead4b55.html
3.17
23 Sep 2014 09:25:44
Revision:369007Original commit files touched by this commit
bapt search for other commits by this committer
Simplify plist (and avoir @cwd)
3.17
09 Sep 2014 06:16:36
Revision:367712Original commit files touched by this commit
bapt search for other commits by this committer
Mozilla upgrades:
- Update nspr to 4.10.7
- Update ca_root_nss to 3.17 (mark as NO_ARCH while here)
- Update firefox to 32.0
- Update thunderbird to 31.1.0
- Add net-im/linux-instantbird
- Update firefox-est to 31.1.0
- Update libxul to 24.8.0
- Update seamonkey to 2.29

Submitted by:	Jan Beich for gecko@
3.16.3
04 Aug 2014 09:06:06
Revision:363977Original commit files touched by this commit
bapt search for other commits by this committer
Update to 3.16.3
Add cpe informations

Submitted by:	Jan Beich
3.16.1
11 Jun 2014 03:42:55
Revision:357413Original commit files touched by this commit
beat search for other commits by this committer
- Update Firefox to 30.0
- Update Firefox ESR to 24.6.0
- Update libxul to 24.6.0
- Update NSS to 3.16.1
- Update NSPR to 4.10.6
- Update Thunderbird to 24.6.0
- Convert USE_BZIP2 to USES
- Backport ff31 fix against crashing DEBUG build on newegg.com [1]
- Add a note in UPDATING to not build audio/soundtouch with
  INTEGER_SAMPLES [2]
- Use arc4random_buf(3) to generate UUIDs (version 4)
- Fix debugger detection used by Telemetry and the slow script dialog
- Add STAGE support [3]

PR:		ports/189991 [1]
PR:		ports/189217 [2]
PR:		ports/189488 [2]
Submitted by:	bapt [3]
Sumbitted by:	Jan Beich
Security:	http://www.vuxml.org/freebsd/888a0262-f0d9-11e3-ba0c-b4b52fce4ce8.html
3.16
05 May 2014 09:45:37
Revision:352986Original commit files touched by this commit
bapt search for other commits by this committer
Convert all :U to :tu and :L to :tl

Since FreeBSD 8.4 and FreeBSD 9.1 make(1) do support :tu and :tl as a
replacement for :U and :L (which has been marked as deprecated)

bmake which is the default on FreeBSD 10+ only support by default
:tu/:tl a hack has been added at the time to support :U and :L to ease
migration. This hack is now not necessary anymore

Note that this makes the ports tree incompatible with make(1) from
FreeBSD 8.3 or earlier

With hat:	portmgr
3.16
29 Apr 2014 20:35:24
Revision:352640Original commit files touched by this commit
beat search for other commits by this committer
- Update Firefox to 29.0
- Update Firefox ESR to 24.5.0
- Update Thunderbird to 24.5.0
- Update NSS to 3.16
- Use port dependency for soundtouch library
- Require recent graphite2 version explicitly [1]
- Require gst-libav version that doesn't crash on seeking [2]
  and doesn't error out on plugin load [3]
- Remove gstreamer note in pkg-message for www/firefox, [3] may still
  happen with www/firefox-esr but only until it tracks esr31 (ca 2014-09-01)
- Fix USE_XPI in mail/thunderbird-i18n [4]

Security:	http://www.vuxml.org/freebsd/985d4d6c-cfbd-11e3-a003-b4b52fce4ce8.html
PR:		ports/187939 [1]
PR:		ports/188133 [2]
PR:		ports/181964 [3]
PR:		ports/188984 [4]
Submitted by:	Toomas Aas <toomas.aas@raad.tartu.ee> [1]
Submitted by:	Jakub Lach <jakub_lach@mailplus.pl> [2]
Submitted by:	Jan Beich [3] and this update!
Submitted by:	Toni Ballesta <mustelator@yahoo.es> [4]
Approved by:	portmgr (bdrewery, security update to non-staged port)
3.15.5
19 Mar 2014 20:46:38
Revision:348650Original commit files touched by this commit
beat search for other commits by this committer
- Update Firefox to 28.0
- Update Firefox ESR to 24.4.0
- Update Thunderbird to 24.4.0
- Update NSPR to 4.10.4
- Update NSS to 3.15.5
- Switch GSTREAMER option for non-esr ports to depend on
  multimedia/gstreamer1 [2]
- Switch to Uses/compiler.mk, defaults to lang/gcc47 on 8.x and 9.x
- Use port dependencies for libogg, libvorbis, libopus, harfbuzz, graphite2
- Enable readahead in url-classifier, asmjs, download resume like on Linux
- Build www/firefox and www/seamonkey faster using unified compilation
- Unbreak build on sparc64 [1]
- Workaround OPTIMIZED_CFLAGS startup crash on 8.x and 9.x
- OPTIMIZED_CFLAGS is enabled by default
- A few DEBUG build fixes
- Add clang 3.2/3.3/3.4 workarounds for i386
- Mention known GSTREAMER issue in pkg-message

Submitted by:	Jan Beich
PR:		ports/186580 [1]
Requested by:	kwm [2]
Security:	http://www.vuxml.org/freebsd/610de647-af8d-11e3-a25b-b4b52fce4ce8.html
3.15.4
05 Feb 2014 05:23:30
Revision:342632Original commit files touched by this commit
beat search for other commits by this committer
- Update Firefox to 27.0
- Update Firefox ESR to 24.3.0
- Update Thunderbird to 24.3.0
- Update NSPR to 4.10.3
- Update NSS to 3.15.4
- Depend on yasm when building with bundled libvpx or libjpeg-turbo
- Prepare gstreamer conditional for upcoming Firefox versions
- Improve jemalloc3 conditional
- Break build unless alsa-lib port installs new config file
- Chase USE_DOS2UNIX deprecation
- Temporarily disable system cairo over screen corruption with
  smoothScroll [1]

Submitted by:	Jan Beich
Reported by:	flo [1]
Security:	http://www.vuxml.org/freebsd/1753f0ff-8dd5-11e3-9b45-b4b52fce4ce8.html
3.15.3.1
14 Dec 2013 13:42:06
Revision:336446Original commit files touched by this commit
flo search for other commits by this committer
Update to nspr 4.10.2
Update to nss 3.15.3.1
Update firefox-esr and thunderbird to 24.2.0
Update firefox to 26.0
Update seamonkey to 2.23

- catch up with directory renames since USES=webplugins was introduced;
  fixes plugins not being automatically enabled after install
- linux-firefox and linux-seamonkey can play HTML5 audio [2][3] and
  measure about:memory usage, again
- dom.ipc.plugins.enabled->true no longer crash linux-firefox which makes
  some flash sites work again; as there's no nspluginwrapper in-between
  the infamous "youtube issue" never occurs
- install DEBUG with symbols [3] and describe the option better [4]
- enable dumping about:memory upon kill -65, kill -66 and GC/CC log
  upon kill -67 to a file under /tmp directory; linux-firefox uses
  kill -34, kill -35 and kill -36 respectively

PR:		ports/183861 [1]
PR:		ports/184006 [2]
PR:		ports/169896 [3]
PR:		ports/184285 [3]
PR:		ports/184286 [4]
Security:	dd116b19-64b3-11e3-868f-0025905a4771
In collaboration with: Jan Beich <jbeich@tormail.org>
3.15.2_1
24 Oct 2013 20:45:09
Revision:331531Original commit files touched by this commit
flo search for other commits by this committer
- fix stage conversion in the ETCSYMLINK case
- move the check to post-install

Reported by:	ak
3.15.2
24 Oct 2013 20:10:52
Revision:331529Original commit files touched by this commit
flo search for other commits by this committer
- update to 3.15.2 [1]
- support stage

PR:		ports/183282 [1]
Submitted by:	pfg [1]
3.15.1_1
20 Sep 2013 22:55:26
Revision:327769Original commit files touched by this commit
bapt search for other commits by this committer
Add NO_STAGE all over the place in preparation for the staging support (cat:
security)
3.15.1_1
16 Sep 2013 16:58:42
Revision:327417Original commit files touched by this commit
bapt search for other commits by this committer
Convert to new perl framework
Convert USE_GMAKE to USES=gmake
3.15.1_1
29 Aug 2013 08:10:09
Revision:325572Original commit files touched by this commit
mandree search for other commits by this committer
Update extraction script to:

- Only look at CKA_TRUST_SERVER_AUTH, _EMAIL_PROTECTION, and
  _CODE_SIGNING attributes.

- Omit certificates that do not have any explicit trust value in these
  three attributes; at least one of the purposes must mark the
  certificate a trusted delegator.

- Validate that the trust is one of three known trust values, to become
  aware of syntax changes in certdata.txt. If it is an unknown token,
  abort with an error stating that the script must be updated.

- Check that we have at least 25 certificates in the output or abort.
(Only the first 15 lines of the commit message are shown above View all of this commit message)
3.15.1
10 Jul 2013 13:01:52
Revision:322687Original commit files touched by this commit
flo search for other commits by this committer
Update to 3.15.1

Submitted by:	Jan Beich <jbeich@tormail.org>
3.14.3
16 May 2013 02:00:38
Revision:318268Original commit files touched by this commit
flo search for other commits by this committer
- update firefox to 21.0
- update firefox-esr and thunderbird to 17.0.6
- WEBRTC now supports PULSEAUDIO
- make linux-firefox work with plugins again (e.g. quakelive)

Security:		4a1ca8a4-bd82-11e2-b7a0-d43d7e0c7c02
In collaboration with:	Jan Beich <jbeich@tormail.org>
3.14.3
20 Feb 2013 08:07:13
Revision:312617Original commit files touched by this commit
mandree search for other commits by this committer
Support WITH_DEBUG=yes to get more debug output from the bundle
creation, to verbosely print omitted and included certificates.

Approved by:	flo@ on "as long as you fix it if it breaks" condition
3.14.3
19 Feb 2013 23:53:08
Revision:312608Original commit files touched by this commit
flo search for other commits by this committer
- update firefox to 19.0
- update firefox-esr, thunderbird, linux-firefox, linux-thunderbird to 17.0.3
- update linux-seamonkey to 2.16
- update nspr to 4.9.5
- update nss to 3.14.3
- add DuckDuckGo search plugin to firefox [1]
- mark kompozer deprecated
- clang fixes for www/libxul19 [2]

Security:	http://www.vuxml.org/freebsd/e3f0374a-7ad6-11e2-84cd-d43d7e0c7c02.html
Submitted by:	DuckDuckGo [1], dim [2]
In collaboration with:	Jan Beich <jbeich@tormail.org>
3.14.1
09 Jan 2013 23:28:20
Revision:310165Original commit files touched by this commit
flo search for other commits by this committer
- update firefox, thunderbird, linux-firefox and linux-thunderbird to 17.0.2
- update firefox-esr, thunderbird-esr and libxul to 10.0.12
- update linux-seamonkey to 2.15

Security:	http://www.vuxml.org/freebsd/a4ed6632-5aa9-11e2-8fcb-c8600054b392.html
3.14.1
05 Jan 2013 21:34:26
Revision:309970Original commit files touched by this commit
flo search for other commits by this committer
Update to 3.14.1.with.ckbi.1.93

This was released to revoke certificates that were used for MITM. For
details see:

https://blog.mozilla.org/security/2013/01/03/revoking-trust-in-two-turktrust-certficates/
3.14
28 Oct 2012 17:03:29
Revision:306558Original commit files touched by this commit This port version is marked as vulnerable.
flo search for other commits by this committer
- Update www/firefox{,-i18n} to 16.0.2
- Update seamonkey to 2.13.2
- Update ESR ports and libxul to 10.0.10
- Update nspr to 4.9.3
- Update nss to 3.14
- with GNOMEVFS2 option build its extension, too [1]
- make heap-committed and heap-dirty reporters work in about:memory
- properly mark QT4 as experimental (needs love upstream)
- *miscellaneous cleanups and fixups*

mail/thunderbird will be updated once the tarballs are available.

PR:		ports/173052 [1]
Security:	6b3b1b97-207c-11e2-a03f-c8600054b392
Feature safe:	yes
In collaboration with:	Jan Beich <jbeich@tormail.org>
3.13.6
10 Oct 2012 21:13:07
Revision:305684Original commit files touched by this commit This port version is marked as vulnerable.
flo search for other commits by this committer
- Update firefox-esr, thunderbird-esr, linux-firefox and linux-thunderbird to
10.0.8
- Update firefox and thunderbird to 16.0
- Update seamonkey to 2.13
- Update all -i18n ports respectively
- switch firefox 16.0 and seamonkey 2.13 to ALSA by default for better
  latency during pause and seeking with HTML5 video
- remove fedisableexcept() hacks, obsolete since FreeBSD 4.0
- support system hunspell dictionaries [1]
- unbreak -esr ports with clang3.2 [2]
- unbreak nss build when CC contains full path [3]
- remove GNOME option grouping [4]
- integrate enigmail into thunderbird/seamonkey as an option [5]
- remove mail/enigmail* [6]
- enable ENIGMAIL, LIGHTNING and GIO options by default
- add more reporters in about:memory: page-faults-hard, page-faults-soft,
(Only the first 15 lines of the commit message are shown above View all of this commit message)
3.13.5
04 Jun 2012 21:14:31
Original commit files touched by this commit This port version is marked as vulnerable.
flo search for other commits by this committer
- Update to 3.13.5
- Convert to optionsng
3.13.4
14 Apr 2012 21:09:51
Original commit files touched by this commit This port version is marked as vulnerable.
flo search for other commits by this committer
update to 3.13.4
3.13.3
05 Mar 2012 17:00:58
Original commit files touched by this commit This port version is marked as vulnerable.
flo search for other commits by this committer
Update to 3.13.3
3.13.2
02 Mar 2012 19:53:35
Original commit files touched by this commit This port version is marked as vulnerable.
flo search for other commits by this committer
Just overwrite the link if it still exists. That way we are sure that the link
points to the correct file and there is no reason trying to protect the link as
it would be deleted on deinstall anyway.

Suggested by:   dougb
3.13.2
27 Feb 2012 23:35:11
Original commit files touched by this commit This port version is marked as vulnerable.
flo search for other commits by this committer
make sure installation does not fail if for whatever reason the symlink in
/etc/ssl is still there on (re)install phase with ETCSYMLINK option set.

Submitted by:   mi
3.13.2
20 Feb 2012 21:41:44
Original commit files touched by this commit This port version is marked as vulnerable.
flo search for other commits by this committer
update to 3.13.2
3.13.1
12 Jan 2012 23:41:00
Original commit files touched by this commit This port version is marked as vulnerable.
flo search for other commits by this committer
- update to NSS_3_13_1_WITH_CKBI_1_88_RTM
3.12.11_2
28 Dec 2011 22:16:13
Original commit files touched by this commit This port version is marked as vulnerable.
flo search for other commits by this committer
update to CKBI version 1.88 which includes the latest mozilla cert data
3.12.11_1
08 Oct 2011 21:37:44
Original commit files touched by this commit This port version is marked as vulnerable.
flo search for other commits by this committer
now that gecko maintains security/nss also take this port into gecko custody

Discussed with: brooks @ EuroBSDCon 2011
Approved by:    brooks
3.12.11_1
04 Sep 2011 15:11:48
Original commit files touched by this commit This port version is marked as vulnerable.
mandree search for other commits by this committer
Change extract program:
- Also work with HEAD (1.79) version of Mozilla's certdata.txt,
  reported by Daniel Stenberg.
- Add BSD 2-clause license.
- Die when certificates without trust block appear.
3.12.11_1
04 Sep 2011 13:25:06
Original commit files touched by this commit This port version is marked as vulnerable.
mandree search for other commits by this committer
Forced commit to note:
VID: aa5bc971-d635-11e0-b3cf-080027ef73ec
VID: 1b27af46-d6f6-11e0-89a6-080027ef73ec
3.12.11_1
04 Sep 2011 13:21:09
Original commit files touched by this commit This port version is marked as vulnerable.
mandree search for other commits by this committer
See to proper version tags in the bundle .pem file.
3.12.11
04 Sep 2011 13:08:49
Original commit files touched by this commit This port version is marked as vulnerable.
mandree search for other commits by this committer
Security update: use newer Mozilla Builtin-Trust store
to revoke DigiNotar.nl trust.

Security fix: the modssl ca-bundle.pl script did not process
"untrusted" marks on certificates. Drop it and write a new
script in its place that does that.

Synch up with security/nss port to 3.12.11.

Not asking for maintainer approval because of multiple
timeouts in response to related PRs vs. security/[ca_root_]nss.
3.12.9
26 May 2011 14:56:01
Original commit files touched by this commit This port version is marked as vulnerable.
brooks search for other commits by this committer
Increase the size and verbosity of the comment that the versions used in
this port should track security/nss and www/apache13-modssl.

No functional impact.
3.12.9
25 Feb 2011 17:19:01
Original commit files touched by this commit This port version is marked as vulnerable.
brooks search for other commits by this committer
Chase nss revision and update to 3.12.9.

PR:             ports/154961
Submitted by:   Niclas Zeising
3.12.6
08 Sep 2010 01:42:36
Original commit files touched by this commit This port version is marked as vulnerable.
pgollucci search for other commits by this committer
- fix file name ca-bundle.crt -> ca-root-nss.crt [1]
- Properly sub VERSION_NSS var [1]
- While here, update to 3.12.6 to sync with security/nss

PR:             ports/143584 [1]
Submitted by:   Kevin Kobb <kkobb@skylinecorp.com> [1]
Approved by:    maintainer timeout (brooks ; 209 days) [1]
3.12.4
08 Dec 2009 19:28:24
Original commit files touched by this commit This port version is marked as vulnerable.
brooks search for other commits by this committer
Upgrade to 3.12.4.

PR:             ports/140609
Submitted by:   Tijl Coosemans <tijl at ulyssis dot org>
3.11.9_2
27 Jun 2009 20:51:15
Original commit files touched by this commit This port version is marked as vulnerable.
brooks search for other commits by this committer
Add a comment documenting the fact that we track the versions of
security/nss and www/apach13-modssl.

PR:             ports/136093
3.11.9_2
17 Mar 2008 16:00:46
Original commit files touched by this commit This port version is marked as vulnerable.
brooks search for other commits by this committer
o Fix port OPTION ETCSYMLINK which was not creating the proper link.
  Instead of pointing to the crt file, it was pointing to the directory.
o Bump PORTREVISION

PR:             ports/121782
Submitted by:   lioux
Point hat to:   brooks
3.11.9_1
12 Mar 2008 21:02:01
Original commit files touched by this commit This port version is marked as vulnerable.
brooks search for other commits by this committer
Add an option (defaulting to off since messing with files outside PREFIX is
to be avoided) to link the installed certificate bundle to /etc/ssh/cert.pem
3.11.9_1
12 Mar 2008 20:19:50
Original commit files touched by this commit This port version is marked as vulnerable.
brooks search for other commits by this committer
Add text to pkg-descr:

This port directly tracks the version of NSS in the security/nss port.
3.11.9
12 Mar 2008 19:39:58
Original commit files touched by this commit This port version is marked as vulnerable.
brooks search for other commits by this committer
Chase nss version to 3.11.9 and modssl to 2.8.31-1.3.41.  This
includes the changes:

Bug 411299, Add Identrust, Truktrust, SwissSign Roots
Bug 229335, Remove certificates that expired in August 2004 from tree
3.11.7
11 Jul 2007 17:07:14
Original commit files touched by this commit This port version is marked as vulnerable.
brooks search for other commits by this committer
Update to NSS 3.11.7 to match security/nss.

8 new root certiticates added.
3.11.5
06 Jul 2007 21:37:35
Original commit files touched by this commit This port version is marked as vulnerable.
brooks search for other commits by this committer
Add ca_root_nss:

Root certificates from certificate authorities included in the Mozilla
NSS library and thus in Firefox and Thunderbird.

Number of commits found: 169 (showing only 69 on this page)

«  1 | 2