head	1.30;
access;
symbols
	RELEASE_8_3_0:1.21
	RELEASE_9_0_0:1.15
	RELEASE_7_4_0:1.9
	RELEASE_8_2_0:1.9
	RELEASE_6_EOL:1.9
	RELEASE_8_1_0:1.8
	RELEASE_7_3_0:1.8
	RELEASE_8_0_0:1.7
	RELEASE_7_2_0:1.6
	RELEASE_7_1_0:1.6
	RELEASE_6_4_0:1.6
	RELEASE_5_EOL:1.6
	RELEASE_7_0_0:1.2
	RELEASE_6_3_0:1.2;
locks; strict;
comment	@# @;


1.30
date	2013.02.20.00.52.21;	author svnexp;	state Exp;
branches;
next	1.29;

1.29
date	2013.01.09.23.56.32;	author svnexp;	state Exp;
branches;
next	1.28;

1.28
date	2013.01.05.21.44.39;	author svnexp;	state Exp;
branches;
next	1.27;

1.27
date	2012.11.17.06.01.01;	author svnexp;	state Exp;
branches;
next	1.26;

1.26
date	2012.10.28.17.03.28;	author flo;	state Exp;
branches;
next	1.25;

1.25
date	2012.10.10.21.13.06;	author flo;	state Exp;
branches;
next	1.24;

1.24
date	2012.08.30.14.54.17;	author flo;	state Exp;
branches;
next	1.23;

1.23
date	2012.06.04.21.14.30;	author flo;	state Exp;
branches;
next	1.22;

1.22
date	2012.04.14.21.09.51;	author flo;	state Exp;
branches;
next	1.21;

1.21
date	2012.03.05.17.00.58;	author flo;	state Exp;
branches;
next	1.20;

1.20
date	2012.03.02.19.53.35;	author flo;	state Exp;
branches;
next	1.19;

1.19
date	2012.02.27.23.35.11;	author flo;	state Exp;
branches;
next	1.18;

1.18
date	2012.02.20.21.41.44;	author flo;	state Exp;
branches;
next	1.17;

1.17
date	2012.01.12.23.41.00;	author flo;	state Exp;
branches;
next	1.16;

1.16
date	2011.12.28.22.16.13;	author flo;	state Exp;
branches;
next	1.15;

1.15
date	2011.10.08.21.37.44;	author flo;	state Exp;
branches;
next	1.14;

1.14
date	2011.09.04.13.25.06;	author mandree;	state Exp;
branches;
next	1.13;

1.13
date	2011.09.04.13.21.09;	author mandree;	state Exp;
branches;
next	1.12;

1.12
date	2011.09.04.13.08.49;	author mandree;	state Exp;
branches;
next	1.11;

1.11
date	2011.05.26.14.56.01;	author brooks;	state Exp;
branches;
next	1.10;

1.10
date	2011.02.25.17.19.01;	author brooks;	state Exp;
branches;
next	1.9;

1.9
date	2010.09.08.01.42.36;	author pgollucci;	state Exp;
branches;
next	1.8;

1.8
date	2009.12.08.19.28.24;	author brooks;	state Exp;
branches;
next	1.7;

1.7
date	2009.06.27.20.51.15;	author brooks;	state Exp;
branches;
next	1.6;

1.6
date	2008.03.17.16.00.45;	author brooks;	state Exp;
branches;
next	1.5;

1.5
date	2008.03.12.21.02.01;	author brooks;	state Exp;
branches;
next	1.4;

1.4
date	2008.03.12.20.19.50;	author brooks;	state Exp;
branches;
next	1.3;

1.3
date	2008.03.12.19.39.58;	author brooks;	state Exp;
branches;
next	1.2;

1.2
date	2007.07.11.17.07.13;	author brooks;	state Exp;
branches;
next	1.1;

1.1
date	2007.07.06.21.37.35;	author brooks;	state Exp;
branches;
next	;


desc
@@


1.30
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/312608
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
@
text
@# Created by: Brooks Davis <brooks@@FreeBSD.org>
# $FreeBSD: head/security/ca_root_nss/Makefile 312608 2013-02-19 23:53:07Z flo $

PORTNAME=	ca_root_nss
PORTVERSION=	${VERSION_NSS}
CATEGORIES=	security
MASTER_SITES=	${MASTER_SITE_MOZILLA}
MASTER_SITE_SUBDIR=	security/nss/releases/${DISTNAME:U:C/[-.]/_/g}_RTM/src
DISTNAME=	nss-${VERSION_NSS}${NSS_SUFFIX}

MAINTAINER=	gecko@@FreeBSD.org
COMMENT=	The root certificate bundle from the Mozilla Project

OPTIONS_DEFINE=	ETCSYMLINK
ETCSYMLINK_DESC=	Add symlink to /etc/ssl/cert.pem

USE_PERL5_BUILD=	yes
NO_WRKSUBDIR=	yes

CERTDIR?=	share/certs
PLIST_SUB+=	CERTDIR=${CERTDIR}

# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# !!!  These versions are indented to track security/nss.        !!!
# !!!  Please DO NOT submit patches for new version until it has !!!
# !!!  been committed there first.                               !!!
# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
VERSION_NSS=	3.14.3
#NSS_SUFFIX=	.with.ckbi.1.93
CERTDATA_TXT_PATH=	nss-${VERSION_NSS}/mozilla/security/nss/lib/ckfw/builtins/certdata.txt
BUNDLE_PROCESSOR=	MAca-bundle.pl
SUB_FILES=	MAca-bundle.pl
SUB_LIST=	VERSION_NSS=${VERSION_NSS}

.include <bsd.port.options.mk>

.if ${PORT_OPTIONS:METCSYMLINK}
PLIST_SUB+=	ETCSYMLINK=
CONFLICTS=	ca-roots-[0-9]*
.else
PLIST_SUB+=	ETCSYMLINK="@@comment "
.endif

do-extract:
	@@${MKDIR} ${WRKDIR}
	@@${TAR} -C ${WRKDIR} -xf ${DISTDIR}/nss-${VERSION_NSS}${NSS_SUFFIX}${EXTRACT_SUFX} \
	    ${CERTDATA_TXT_PATH}
	@@${CP} ${WRKDIR}/${CERTDATA_TXT_PATH} ${WRKDIR}
	@@${RM} -rf ${WRKDIR}/nss-${VERSION_NSS}

do-build:	apply-slist
	@@${PERL} ${WRKDIR}/${BUNDLE_PROCESSOR} \
	    < ${WRKDIR}/certdata.txt > \
	    ${WRKDIR}/ca-root-nss.crt

do-install:
	${MKDIR} ${PREFIX}/${CERTDIR}
	${INSTALL_DATA} ${WRKDIR}/ca-root-nss.crt ${PREFIX}/${CERTDIR}
.if ${PORT_OPTIONS:METCSYMLINK}
	${LN} -sf ${PREFIX}/${CERTDIR}/ca-root-nss.crt /etc/ssl/cert.pem
.endif

.include <bsd.port.mk>
@


1.29
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/310165
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ## r310165 | flo | 2013-01-09 23:28:19 +0000 (Wed, 09 Jan 2013) | 6 lines
## SVN ##
## SVN ## - update firefox, thunderbird, linux-firefox and linux-thunderbird to 17.0.2
## SVN ## - update firefox-esr, thunderbird-esr and libxul to 10.0.12
## SVN ## - update linux-seamonkey to 2.15
## SVN ##
## SVN ## Security:	http://www.vuxml.org/freebsd/a4ed6632-5aa9-11e2-8fcb-c8600054b392.html
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ##
@
text
@d2 1
a2 1
# $FreeBSD: head/security/ca_root_nss/Makefile 310165 2013-01-09 23:28:19Z flo $
d8 1
a8 1
MASTER_SITE_SUBDIR=	security/nss/releases/NSS_${PORTVERSION:S/./_/g}_WITH_CKBI_${CKBI_VER:S/./_/}_RTM/src
d28 2
a29 3
VERSION_NSS=	3.14.1
CKBI_VER=	1.93
NSS_SUFFIX=	.with.ckbi.${CKBI_VER}
d32 2
a48 1
	@@${CP} ${FILESDIR}/${BUNDLE_PROCESSOR} ${WRKDIR}
d51 1
a51 5
post-patch:
	@@${PERL} -pi -e 's,%%VERSION_NSS%%,${VERSION_NSS}${NSS_SUFFIX},g;' \
	    ${WRKDIR}/${BUNDLE_PROCESSOR}

do-build:
@


1.28
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/309970
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ## r309970 | flo | 2013-01-05 21:34:25 +0000 (Sat, 05 Jan 2013) | 7 lines
## SVN ##
## SVN ## Update to 3.14.1.with.ckbi.1.93
## SVN ##
## SVN ## This was released to revoke certificates that were used for MITM. For
## SVN ## details see:
## SVN ##
## SVN ## https://blog.mozilla.org/security/2013/01/03/revoking-trust-in-two-turktrust-certficates/
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ##
@
text
@d1 2
a2 6
# New ports collection makefile for:    ca-root-nss
# Date created:				Thu Jan 25 13:02:14 CST 2007
# Whom:	      				Brooks Davis <brooks@@FreeBSD.org>
#
# $FreeBSD: head/security/ca_root_nss/Makefile 309970 2013-01-05 21:34:25Z flo $
#
@


1.27
log
@Switch exporter over
@
text
@d5 1
a5 1
# $FreeBSD: head/security/ca_root_nss/Makefile 306558 2012-10-28 17:03:28Z flo $
d12 1
a12 1
MASTER_SITE_SUBDIR=	security/nss/releases/NSS_${PORTVERSION:S/./_/g}_RTM/src
d32 3
a34 1
VERSION_NSS=	3.14
@


1.26
log
@SVN rev 306558 on 2012-10-28 17:03:28Z by flo

- Update www/firefox{,-i18n} to 16.0.2
- Update seamonkey to 2.13.2
- Update ESR ports and libxul to 10.0.10
- Update nspr to 4.9.3
- Update nss to 3.14
- with GNOMEVFS2 option build its extension, too [1]
- make heap-committed and heap-dirty reporters work in about:memory
- properly mark QT4 as experimental (needs love upstream)
- *miscellaneous cleanups and fixups*

mail/thunderbird will be updated once the tarballs are available.

PR:		ports/173052 [1]
Security:	6b3b1b97-207c-11e2-a03f-c8600054b392
Feature safe:	yes
In collaboration with:	Jan Beich <jbeich@@tormail.org>
@
text
@d5 1
a5 1
# $FreeBSD$
@


1.25
log
@SVN rev 305684 on 2012-10-10 21:13:06Z by flo

- Update firefox-esr, thunderbird-esr, linux-firefox and linux-thunderbird to 10.0.8
- Update firefox and thunderbird to 16.0
- Update seamonkey to 2.13
- Update all -i18n ports respectively
- switch firefox 16.0 and seamonkey 2.13 to ALSA by default for better
  latency during pause and seeking with HTML5 video
- remove fedisableexcept() hacks, obsolete since FreeBSD 4.0
- support system hunspell dictionaries [1]
- unbreak -esr ports with clang3.2 [2]
- unbreak nss build when CC contains full path [3]
- remove GNOME option grouping [4]
- integrate enigmail into thunderbird/seamonkey as an option [5]
- remove mail/enigmail* [6]
- enable ENIGMAIL, LIGHTNING and GIO options by default
- add more reporters in about:memory: page-faults-hard, page-faults-soft,
  resident, vsize
- use bundled jemalloc 3.0.0 on FreeBSD < 10.0 for gecko 16.0,
  only heap-allocated reporter works in about:memory (see bug 762445)
- use lrintf() instead of slow C cast in bundled libopus
- use libjpeg-turbo's faster color conversion if available during build
- record startup time for telemetry
- use -z origin instead of hardcoding path to gecko runtime
- fail early if incompatible libxul version is installed (in USE_GECKO)
- *miscellaneous cleanups and fixups*

PR:		ports/171534 [1]
PR:		ports/171566 [2]
PR:		ports/172164 [3]
PR:		ports/172201 [4]
Discussed with:	ale, beat, Jan Beich [5]
Approved by:	ale [6]
In collaboration with:	Jan Beich <jbeich@@tormail.org>
Security:	6e5a9afd-12d3-11e2-b47d-c8600054b392
Feature safe:	yes
Approved by:	portmgr (beat)
@
text
@d32 1
a32 1
VERSION_NSS=	3.13.6
@


1.24
log
@SVN rev 303378 on 2012-08-30 14:54:17Z by flo

- update firefox and thunderbird to 15.0
- update firefox-esr, thunderbird-esr, linux-thunderbird and linux-firefox to 10.0.7
- update seamonkey and linux-seamonkey to 2.12
- update nss to 3.13.6
- update bsdipc code (posix_spawn, SysV shared memory)
- rename patches to easily track those not (yet) submitted upstream
- reduce package size, except for www/libxul[1]
- restore default objdir to what it was in 13.0
- fix mail/enigmail after thunderbird build changes
- don't accidentally pick up headers from installed ports[3]
- add support for PREFIX != LOCALBASE to Makefile.webplugins [4]
- document vulnerabilities in vuln.xml
- *miscellaneous cleanups and fixups*

Obtained from:	OpenBSD ports[1]
PR:		ports/159831, ports/160933, ports/170467[3], ports/170236 [4]
Submitted by:	avilla [4]
In collaboration with:	Jan Beich <jbeich@@tormail.net> Who did most of the hard
			work.
@
text
@d28 3
a30 3
# !!!  These versions are indented to track security/nss and     !!!
# !!!  www/apache13-modssl.  Please DO NOT submit patches for    !!!
# !!!  new versions until they have been committed there first.  !!!
a32 1
VERSION_APACHE=	1.3.41
@


1.23
log
@- Update to 3.13.5
- Convert to optionsng
@
text
@d32 1
a32 1
VERSION_NSS=	3.13.5
@


1.22
log
@update to 3.13.4
@
text
@d18 2
a19 1
OPTIONS=	ETCSYMLINK "Add symlink to /etc/ssl/cert.pem" off
d32 1
a32 1
VERSION_NSS=	3.13.4
d37 1
a37 1
.include <bsd.port.pre.mk>
d39 1
a39 1
.if !defined(WITHOUT_ETCSYMLINK)
d66 1
a66 1
.if !defined(WITHOUT_ETCSYMLINK)
d70 1
a70 1
.include <bsd.port.post.mk>
@


1.21
log
@Update to 3.13.3
@
text
@d31 1
a31 1
VERSION_NSS=	3.13.3
@


1.20
log
@Just overwrite the link if it still exists. That way we are sure that the link
points to the correct file and there is no reason trying to protect the link as
it would be deleted on deinstall anyway.

Suggested by:	dougb
@
text
@d31 1
a31 1
VERSION_NSS=	3.13.2
@


1.19
log
@make sure installation does not fail if for whatever reason the symlink in
/etc/ssl is still there on (re)install phase with ETCSYMLINK option set.

Submitted by:	mi
@
text
@d66 1
a66 2
	${TEST} -e /etc/ssl/cert.pem ||	\
		${LN} -s ${PREFIX}/${CERTDIR}/ca-root-nss.crt /etc/ssl/cert.pem
@


1.18
log
@update to 3.13.2
@
text
@d66 2
a67 1
	${LN} -s ${PREFIX}/${CERTDIR}/ca-root-nss.crt /etc/ssl/cert.pem
@


1.17
log
@- update to NSS_3_13_1_WITH_CKBI_1_88_RTM
@
text
@d12 1
a12 1
MASTER_SITE_SUBDIR=	security/nss/releases/NSS_${PORTVERSION:S/./_/g}_WITH_CKBI_${CKBI_VER:S/./_/}_RTM/src
d31 1
a31 2
VERSION_NSS=	3.13.1
CKBI_VER=	1.88
a32 1
NSS_SUFFIX=	.with.ckbi.${CKBI_VER}
@


1.16
log
@update to CKBI version 1.88 which includes the latest mozilla cert data
@
text
@a9 1
PORTREVISION=	2
d31 1
a31 1
VERSION_NSS=	3.12.11
@


1.15
log
@now that gecko maintains security/nss also take this port into gecko custody

Discussed with:	brooks @@ EuroBSDCon 2011
Approved by:	brooks
@
text
@d10 1
a10 1
PORTREVISION=	1
d33 1
a33 1
CKBI_VER=	1.87
@


1.14
log
@Forced commit to note:
VID: aa5bc971-d635-11e0-b3cf-080027ef73ec
VID: 1b27af46-d6f6-11e0-89a6-080027ef73ec
@
text
@d16 1
a16 1
MAINTAINER=	brooks@@FreeBSD.org
@


1.13
log
@See to proper version tags in the bundle .pem file.
@
text
@@


1.12
log
@Security update: use newer Mozilla Builtin-Trust store
to revoke DigiNotar.nl trust.

Security fix: the modssl ca-bundle.pl script did not process
"untrusted" marks on certificates. Drop it and write a new
script in its place that does that.

Synch up with security/nss port to 3.12.11.

Not asking for maintainer approval because of multiple
timeouts in response to related PRs vs. security/[ca_root_]nss.
@
text
@d10 1
d57 1
a57 1
	@@${PERL} -pi -e 's,%%VERSION_NSS%%,${VERSION_NSS},g;' \
@


1.11
log
@Increase the size and verbosity of the comment that the versions used in
this port should track security/nss and www/apache13-modssl.

No functional impact.
@
text
@d11 3
a13 4
MASTER_SITES=	${MASTER_SITE_MOZILLA} \
		${MASTER_SITES_MODSSL:S/$/:mod_ssl/}
MASTER_SITE_SUBDIR=	security/nss/releases/NSS_${PORTVERSION:S/./_/g}_RTM/src
DISTFILES=	${NSS_FILE} ${MODSSL_FILE}:mod_ssl
d31 2
a32 1
VERSION_NSS=	3.12.9
d34 1
a34 8
VERSION_MODSSL=	2.8.31
MASTER_SITES_MODSSL=	http://www.modssl.org/source/ \
		ftp://ftp.modssl.org/source/ \
		ftp://ftp.blatzheim.com/pub/mod_ssl/ \
		ftp://ftp.fu-berlin.de/unix/security/mod_ssl/ \
		${MASTER_SITE_RINGSERVER:S,%SUBDIR%,net/www/mod_ssl/source,}
MODSSL_FILE=	mod_ssl-${VERSION_MODSSL}-${VERSION_APACHE}${EXTRACT_SUFX}
NSS_FILE=	nss-${VERSION_NSS}${EXTRACT_SUFX}
d36 1
a36 1
CA_BUNDLE_PL_PATH=	mod_ssl-${VERSION_MODSSL}-${VERSION_APACHE}/pkg.sslcfg/ca-bundle.pl
d49 1
a49 3
	@@${TAR} -C ${WRKDIR} -xf ${DISTDIR}/${MODSSL_FILE} \
	    ${CA_BUNDLE_PL_PATH}
	@@${TAR} -C ${WRKDIR} -xf ${DISTDIR}/nss-${VERSION_NSS}${EXTRACT_SUFX} \
a50 1
	@@${CP} ${WRKDIR}/${CA_BUNDLE_PL_PATH} ${WRKDIR}
d52 2
a53 2
	@@${RM} -rf ${WRKDIR}/mod_ssl-${VERSION_MODSSL}-${VERSION_APACHE} \
	    ${WRKDIR}/nss-${VERSION_NSS}
d57 1
a57 1
	    ${WRKDIR}/ca-bundle.pl
d60 2
a61 1
	@@${PERL} ${WRKDIR}/ca-bundle.pl < ${WRKDIR}/certdata.txt > \
@


1.10
log
@Chase nss revision and update to 3.12.9.

PR:		ports/154961
Submitted by:	Niclas Zeising
@
text
@d27 5
a31 1
# These versions intend to track security/nss and www/apache13-modssl.
@


1.9
log
@- fix file name ca-bundle.crt -> ca-root-nss.crt [1]
- Properly sub VERSION_NSS var [1]
- While here, update to 3.12.6 to sync with security/nss

PR:             ports/143584 [1]
Submitted by:   Kevin Kobb <kkobb@@skylinecorp.com> [1]
Approved by:    maintainer timeout (brooks ; 209 days) [1]
@
text
@d28 1
a28 1
VERSION_NSS=	3.12.6
@


1.8
log
@Upgrade to 3.12.4.

PR:		ports/140609
Submitted by:	Tijl Coosemans <tijl at ulyssis dot org>
@
text
@d28 1
a28 1
VERSION_NSS=	3.12.4
d61 4
@


1.7
log
@Add a comment documenting the fact that we track the versions of
security/nss and www/apach13-modssl.

PR:		ports/136093
@
text
@a9 1
PORTREVISION=	2
d28 1
a28 1
VERSION_NSS=	3.11.9
@


1.6
log
@o Fix port OPTION ETCSYMLINK which was not creating the proper link.
  Instead of pointing to the crt file, it was pointing to the directory.
o Bump PORTREVISION

PR:		ports/121782
Submitted by:	lioux
Point hat to:	brooks
@
text
@d28 1
@


1.5
log
@Add an option (defaulting to off since messing with files outside PREFIX is
to be avoided) to link the installed certificate bundle to /etc/ssh/cert.pem
@
text
@d10 1
a10 1
PORTREVISION=	1
d69 1
a69 1
	${LN} -s ${PREFIX}/${CERTDIR} /etc/ssl/cert.pem
@


1.4
log
@Add text to pkg-descr:

This port directly tracks the version of NSS in the security/nss port.
@
text
@d20 2
d26 1
a26 2
PLIST_DIRS=	${CERTDIR}
PLIST_FILES=	${CERTDIR}/ca-root-nss.crt
d41 9
d68 3
d72 1
a72 1
.include <bsd.port.mk>
@


1.3
log
@Chase nss version to 3.11.9 and modssl to 2.8.31-1.3.41.  This
includes the changes:

Bug 411299, Add Identrust, Truktrust, SwissSign Roots
Bug 229335, Remove certificates that expired in August 2004 from tree
@
text
@d10 1
@


1.2
log
@Update to NSS 3.11.7 to match security/nss.

8 new root certiticates added.
@
text
@d26 3
a28 3
VERSION_NSS=	3.11.7
VERSION_APACHE=	1.3.37
VERSION_MODSSL=	2.8.28
@


1.1
log
@Add ca_root_nss:

Root certificates from certificate authorities included in the Mozilla
NSS library and thus in Firefox and Thunderbird.
@
text
@d26 1
a26 1
VERSION_NSS=	3.11.5
@

