[Midnightbsd-cvs] mports [19650] trunk/security: update ca_root_nss and nss ports to 3.19.2

laffer1 at midnightbsd.org laffer1 at midnightbsd.org
Sat Aug 1 09:25:17 EDT 2015 

Revision: 19650
          http://svnweb.midnightbsd.org/mports/?rev=19650
Author:   laffer1
Date:     2015-08-01 09:25:16 -0400 (Sat, 01 Aug 2015)
Log Message:
-----------
update ca_root_nss and nss ports to 3.19.2

Modified Paths:
--------------
    trunk/security/ca_root_nss/Makefile
    trunk/security/ca_root_nss/distinfo
    trunk/security/ca_root_nss/files/MAca-bundle.pl.in
    trunk/security/ca_root_nss/pkg-plist
    trunk/security/nss/Makefile
    trunk/security/nss/distinfo

Added Paths:
-----------
    trunk/security/ca_root_nss/files/pkg-message.in

Modified: trunk/security/ca_root_nss/Makefile
===================================================================
--- trunk/security/ca_root_nss/Makefile	2015-08-01 13:15:05 UTC (rev 19649)
+++ trunk/security/ca_root_nss/Makefile	2015-08-01 13:25:16 UTC (rev 19650)
@@ -4,7 +4,7 @@
 PORTVERSION=	${VERSION_NSS}
 PORTREVISION=	1
 CATEGORIES=	security
-MASTER_SITES=	MOZILLA/security/nss/releases/${DISTNAME:U:C/[-.]/_/g}_RTM/src
+MASTER_SITES=	MOZILLA/security/nss/releases/${DISTNAME:tu:C/[-.]/_/g}_RTM/src
 DISTNAME=	nss-${VERSION_NSS}${NSS_SUFFIX}
 
 MAINTAINER=	ports at MidnightBSD.org
@@ -27,11 +27,12 @@
 # !!!  Please DO NOT submit patches for new version until it has !!!
 # !!!  been committed there first.                               !!!
 # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-VERSION_NSS=	3.14.3
-#NSS_SUFFIX=	.with.ckbi.1.93
-CERTDATA_TXT_PATH=	nss-${VERSION_NSS}/mozilla/security/nss/lib/ckfw/builtins/certdata.txt
+VERSION_NSS=	3.19.2
+#NSS_SUFFIX=	.with.ckbi.1.98
+CERTDATA_TXT_PATH=	nss-${VERSION_NSS}/nss/lib/ckfw/builtins/certdata.txt
 BUNDLE_PROCESSOR=	MAca-bundle.pl
-SUB_FILES=	MAca-bundle.pl
+
+SUB_FILES=	MAca-bundle.pl pkg-message
 SUB_LIST=	VERSION_NSS=${VERSION_NSS}
 
 .include <bsd.mport.options.mk>
@@ -61,5 +62,9 @@
 .if ${PORT_OPTIONS:METCSYMLINK}
 	${LN} -sf ${PREFIX}/${CERTDIR}/ca-root-nss.crt /etc/ssl/cert.pem
 .endif
+	${MKDIR} ${PREFIX}/etc/ssl
+	${LN} -sf ${PREFIX}/${CERTDIR}/ca-root-nss.crt ${PREFIX}/etc/ssl/cert.pem.sample
+	${MKDIR} ${PREFIX}/openssl
+	${LN} -sf ${PREFIX}/${CERTDIR}/ca-root-nss.crt ${PREFIX}/openssl/cert.pem.sample
 
 .include <bsd.port.mk>

Modified: trunk/security/ca_root_nss/distinfo
===================================================================
--- trunk/security/ca_root_nss/distinfo	2015-08-01 13:15:05 UTC (rev 19649)
+++ trunk/security/ca_root_nss/distinfo	2015-08-01 13:25:16 UTC (rev 19650)
@@ -1,2 +1,2 @@
-SHA256 (nss-3.14.3.tar.gz) = d9d366be94d33395597ebf82363fcdedfa693a6d627cf7f6bec025f609d54cc0
-SIZE (nss-3.14.3.tar.gz) = 6189790
+SHA256 (nss-3.19.2.tar.gz) = 1306663e8f61d8449ad8cbcffab743a604dcd9f6f34232c210847c51dce2c9ae
+SIZE (nss-3.19.2.tar.gz) = 6953657

Modified: trunk/security/ca_root_nss/files/MAca-bundle.pl.in
===================================================================
--- trunk/security/ca_root_nss/files/MAca-bundle.pl.in	2015-08-01 13:15:05 UTC (rev 19649)
+++ trunk/security/ca_root_nss/files/MAca-bundle.pl.in	2015-08-01 13:25:16 UTC (rev 19650)
@@ -32,9 +32,10 @@
 ##  POSSIBILITY OF SUCH DAMAGE.
 
 use strict;
+use Carp;
 use MIME::Base64;
 
-my $VERSION = '$FreeBSD$';
+my $VERSION = '$FreeBSD: head/security/ca_root_nss/files/MAca-bundle.pl.in 325572 2013-08-29 08:10:09Z mandree $';
 
 #   configuration
 print <<EOH;
@@ -125,7 +126,8 @@
 sub grabtrust() {
     my $cka_label;
     my $serial;
-    my $trust = 1;
+    my $maytrust = 0;
+    my $distrust = 0;
 
     while (<>) {
 	chomp;
@@ -139,21 +141,36 @@
 	    $serial = graboct();
 	}
 
-	if (/^CKA_TRUST_.*\s.*_(UN|NOT_)TRUSTED/) {
-	    $trust = 0;
+	if (/^CKA_TRUST_(SERVER_AUTH|EMAIL_PROTECTION|CODE_SIGNING) CK_TRUST (\S+)$/)
+	{
+	    if ($2 eq      'CKT_NSS_NOT_TRUSTED') {
+		$distrust = 1;
+	    } elsif ($2 eq 'CKT_NSS_TRUSTED_DELEGATOR') {
+		$maytrust = 1;
+	    } elsif ($2 ne 'CKT_NSS_MUST_VERIFY_TRUST') {
+		confess "Unknown trust setting on line $.:\n"
+		. "$_\n"
+		. "Script must be updated:";
+	    }
 	}
     }
+
+    if (!$maytrust && !$distrust && $debug) {
+	print STDERR "line $.: no explicit trust/distrust found for $cka_label\n";
+    }
+
+    my $trust = ($maytrust and not $distrust);
     return ($serial, $cka_label, $trust);
 }
 
 while (<>) {
-    if (/^CKA_CLASS .* CKO_CERTIFICATE/) {
+    if (/^CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE/) {
 	my ($serial, $label, $certdata) = grabcert();
 	if (defined $certs{$label."\0".$serial}) {
 	    warn "Certificate $label duplicated!\n";
 	}
 	$certs{$label."\0".$serial} = $certdata;
-    } elsif (/^CKA_CLASS .* CKO_(NSS|NETSCAPE)_TRUST/) {
+    } elsif (/^CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST/) {
 	my ($serial, $label, $trust) = grabtrust();
 	if (defined $trusts{$label."\0".$serial}) {
 	    warn "Trust for $label duplicated!\n";
@@ -184,7 +201,8 @@
     }
 }
 
-print "##  Untrusted certificates omitted from this bundle: $untrusted\n\n";
+print		"##  Untrusted certificates omitted from this bundle: $untrusted\n\n";
+print STDERR	"##  Untrusted certificates omitted from this bundle: $untrusted\n";
 
 my $certcount = 0;
 foreach my $it (sort {uc($a) cmp uc($b)} keys %certs) {
@@ -197,5 +215,10 @@
     print STDERR "Trusting $certcount: ".printlabel($it)."\n" if $debug;
 }
 
-print "##  Number of certificates: $certcount\n";
+if ($certcount < 25) {
+    die "Certificate count of $certcount is implausibly low.\nAbort";
+}
+
+print		"##  Number of certificates: $certcount\n";
+print STDERR	"##  Number of certificates: $certcount\n";
 print "##  End of file.\n";

Added: trunk/security/ca_root_nss/files/pkg-message.in
===================================================================
--- trunk/security/ca_root_nss/files/pkg-message.in	                        (rev 0)
+++ trunk/security/ca_root_nss/files/pkg-message.in	2015-08-01 13:25:16 UTC (rev 19650)
@@ -0,0 +1,25 @@
+********************************* WARNING *********************************
+
+FreeBSD does not, and can not warrant that the certification authorities
+whose certificates are included in this package have in any way been
+audited for trustworthiness or RFC 3647 compliance.
+
+Assessment and verification of trust is the complete responsibility of the
+system administrator.
+
+*********************************** NOTE **********************************
+
+This package installs symlinks to support root certificates discovery by
+default for software that uses OpenSSL.
+
+This enables SSL Certificate Verification by client software without manual
+intervention.
+
+If you prefer to do this manually, replace the following symlinks with
+either an empty file or your site-local certificate bundle.
+
+  * /etc/ssl/cert.pem
+  * %%PREFIX%%/etc/ssl/cert.pem
+  * %%PREFIX%%/openssl/cert.pem
+
+***************************************************************************


Property changes on: trunk/security/ca_root_nss/files/pkg-message.in
___________________________________________________________________
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Modified: trunk/security/ca_root_nss/pkg-plist
===================================================================
--- trunk/security/ca_root_nss/pkg-plist	2015-08-01 13:15:05 UTC (rev 19649)
+++ trunk/security/ca_root_nss/pkg-plist	2015-08-01 13:25:16 UTC (rev 19650)
@@ -1,4 +1,5 @@
 %%CERTDIR%%/ca-root-nss.crt
- at dirrmtry %%CERTDIR%%
+ at sample etc/ssl/cert.pem.sample
+ at sample openssl/cert.pem.sample
 %%ETCSYMLINK%%@cwd /
 %%ETCSYMLINK%%@exec ln -sf /usr/local/%%CERTDIR%%/ca-root-nss.crt /etc/ssl/cert.pem

Modified: trunk/security/nss/Makefile
===================================================================
--- trunk/security/nss/Makefile	2015-08-01 13:15:05 UTC (rev 19649)
+++ trunk/security/nss/Makefile	2015-08-01 13:25:16 UTC (rev 19650)
@@ -1,19 +1,22 @@
 # $MidnightBSD$
 
 PORTNAME=	nss
-PORTVERSION=	3.19
-PORTREVISION=	0
+PORTVERSION=	3.19.2
+#DISTVERSIONSUFFIX=	.with.ckbi.1.93
 CATEGORIES=	security
 MASTER_SITES=	MOZILLA/security/${PORTNAME}/releases/${DISTNAME:tu:C/[-.]/_/g}_RTM/src
 
 MAINTAINER=	ports at MidnightBSD.org
 COMMENT=	Libraries to support development of security-enabled applications
+
 LICENSE=	unknown
 #mpl?
 
 BUILD_DEPENDS=	zip:${PORTSDIR}/archivers/zip \
-		nspr>=4.10.5:${PORTSDIR}/devel/nspr
-LIB_DEPENDS=	libnspr4.so:${PORTSDIR}/devel/nspr
+		nspr>=4.10.5:${PORTSDIR}/devel/nspr \
+		sqlite3>=3.7.15:${PORTSDIR}/databases/sqlite3
+LIB_DEPENDS=	libnspr4.so:${PORTSDIR}/devel/nspr \
+		libsqlite3.so:${PORTSDIR}/databases/sqlite3
 
 WRKSRC=		${WRKDIR}/${PORTNAME}-${PORTVERSION}/nss
 

Modified: trunk/security/nss/distinfo
===================================================================
--- trunk/security/nss/distinfo	2015-08-01 13:15:05 UTC (rev 19649)
+++ trunk/security/nss/distinfo	2015-08-01 13:25:16 UTC (rev 19650)
@@ -1,2 +1,2 @@
-SHA256 (nss-3.19.tar.gz) = 989ebdf79374f24181f060d332445b1a4baf3df39d08514c4349ba8573cefa9b
-SIZE (nss-3.19.tar.gz) = 6951461
+SHA256 (nss-3.19.2.tar.gz) = 1306663e8f61d8449ad8cbcffab743a604dcd9f6f34232c210847c51dce2c9ae
+SIZE (nss-3.19.2.tar.gz) = 6953657

More information about the Midnightbsd-cvs mailing list