head 1.6; access; symbols pkgsrc-2026Q1:1.6.0.8 pkgsrc-2026Q1-base:1.6 pkgsrc-2025Q4:1.6.0.6 pkgsrc-2025Q4-base:1.6 pkgsrc-2025Q3:1.6.0.4 pkgsrc-2025Q3-base:1.6 pkgsrc-2025Q2:1.6.0.2 pkgsrc-2025Q2-base:1.6 pkgsrc-2025Q1:1.5.0.14 pkgsrc-2025Q1-base:1.5 pkgsrc-2024Q4:1.5.0.12 pkgsrc-2024Q4-base:1.5 pkgsrc-2024Q3:1.5.0.10 pkgsrc-2024Q3-base:1.5 pkgsrc-2024Q2:1.5.0.8 pkgsrc-2024Q2-base:1.5 pkgsrc-2024Q1:1.5.0.6 pkgsrc-2024Q1-base:1.5 pkgsrc-2023Q4:1.5.0.4 pkgsrc-2023Q4-base:1.5 pkgsrc-2023Q3:1.5.0.2 pkgsrc-2023Q3-base:1.5 pkgsrc-2023Q2:1.3.0.2 pkgsrc-2023Q2-base:1.3 pkgsrc-2023Q1:1.2.0.8 pkgsrc-2023Q1-base:1.2 pkgsrc-2022Q4:1.2.0.6 pkgsrc-2022Q4-base:1.2 pkgsrc-2022Q3:1.2.0.4 pkgsrc-2022Q3-base:1.2 pkgsrc-2022Q2:1.2.0.2 pkgsrc-2022Q2-base:1.2 pkgsrc-2022Q1:1.1.0.2 pkgsrc-2022Q1-base:1.1; locks; strict; comment @# @; 1.6 date 2025.04.30.18.29.53; author kim; state Exp; branches; next 1.5; commitid zNqzGQd3BmT7A6TF; 1.5 date 2023.07.05.18.13.22; author kim; state Exp; branches; next 1.4; commitid WmbmrTXh8jUHRDvE; 1.4 date 2023.07.05.17.30.24; author kim; state Exp; branches; next 1.3; commitid O8LQPOkDyEHWCDvE; 1.3 date 2023.05.21.16.33.50; author kim; state Exp; branches; next 1.2; commitid A0i8GSfBouJIKQpE; 1.2 date 2022.06.12.07.05.30; author kim; state Exp; branches; next 1.1; commitid 7USBYLAYYSZWCIHD; 1.1 date 2022.02.28.06.46.52; author kim; state Exp; branches; next ; commitid DjZ5tOP9rVWLSluD; desc @@ 1.6 log @ca-certificates: Update to 20250419 ca-certificates (20250419) unstable; urgency=medium [ Alexander Kanavin ] * update-ca-certificates: add a --sysroot option [ Julien Cristau ] * Update Mozilla certificate authority bundle to version 2.74. The following certificate authorities were added (+): + D-TRUST BR Root CA 2 2023 + D-TRUST EV Root CA 2 2023 The following certificate authorities were removed (-): - Entrust Root Certification Authority - G4 - SecureSign RootCA11 - Security Communication RootCA3 - SwissSign Silver CA - G2 -- Julien Cristau Sat, 19 Apr 2025 09:25:37 +0200 ca-certificates (20241223) unstable; urgency=medium * Update Mozilla certificate authority bundle to version 2.70. The following certificate authorities were added (+): + Telekom Security TLS ECC Root 2020 + Telekom Security TLS RSA Root 2023 + FIRMAPROFESIONAL CA ROOT-A WEB + TWCA CYBER Root CA + SecureSign Root CA12 + SecureSign Root CA14 + SecureSign Root CA15 The following certificate authorities were removed (-): - Security Communication Root CA (closes: #1063093) * Add Romanian debconf translation, thanks to Remus-Gabriel Chelu. Closes: #1067042, #1031490. -- Julien Cristau Mon, 23 Dec 2024 12:53:45 +0100 @ text @$NetBSD: patch-sbin_update-ca-certificates,v 1.5 2023/07/05 18:13:22 kim Exp $ Add a configuration file for enabling CA certificate management in a system directory (such as /etc/openssl on NetBSD). --- sbin/update-ca-certificates.orig 2025-04-19 07:12:33.000000000 +0000 +++ sbin/update-ca-certificates 2025-04-30 18:06:44.691505573 +0000 @@@@ -25,12 +25,27 @@@@ fresh=0 default=0 CERTSCONF=/etc/ca-certificates.conf -CERTSDIR=/usr/share/ca-certificates +PROGDIR="$(dirname "${0}")" +CERTSDIR="${PROGDIR}/../share/ca-certificates" LOCALCERTSDIR=/usr/local/share/ca-certificates CERTBUNDLE=ca-certificates.crt -ETCCERTSDIR=/etc/ssl/certs +ETCCERTSDIR=disabled +ETCCERTSDIRCONF=/etc/ca-certificates-dir.conf HOOKSDIR=/etc/ca-certificates/update.d +if [ -s "$ETCCERTSDIRCONF" ] +then + _ETCCERTSDIR="$(sed -n -e ' + /^ETCCERTSDIR=/ { + s///; + s/#.*$//; + s/ *$//; + s/^ *//; + p; + }' "$ETCCERTSDIRCONF")" + ETCCERTSDIR="${_ETCCERTSDIR:-${ETCCERTSDIR}}" +fi + while [ $# -gt 0 ]; do case $1 in @@@@ -74,6 +89,20 @@@@ shift done +case "$ETCCERTSDIR" in +/*) + ;; +*) + cat <<-EOF + Please enable update-ca-certificates by setting ETCCERTSDIR + to an absolute path (e.g. /etc/ssl/certs) in + $ETCCERTSDIRCONF + and then run update-ca-certificates again. + EOF + exit 1 + ;; +esac + if [ ! -s "$CERTSCONF" ] then fresh=1 @ 1.5 log @ca-certificates: Fix previously improved relocatability @ text @d1 1 a1 1 $NetBSD: patch-sbin_update-ca-certificates,v 1.4 2023/07/05 17:30:24 kim Exp $ d6 2 a7 2 --- sbin/update-ca-certificates.orig 2021-12-15 18:51:05.000000000 +0000 +++ sbin/update-ca-certificates 2023-07-05 18:10:26.326602441 +0000 d38 1 a38 1 @@@@ -66,6 +81,20 @@@@ @ 1.4 log @ca-certificates: Be more relocatable @ text @d1 1 a1 1 $NetBSD: patch-sbin_update-ca-certificates,v 1.3 2023/05/21 16:33:50 kim Exp $ d7 1 a7 1 +++ sbin/update-ca-certificates 2023-07-05 16:50:18.405110442 +0000 d13 1 a13 1 +PROGDIR="$(dirname "${0%/*}")" @ 1.3 log @ca-certificates: Update to 20230311 ca-certificates (20230311) unstable; urgency=medium [ Đoàn Trần Công Danh ] * ca-certificates: compat with non-GNU mktemp (closes: #1000847) [ Ilya Lipnitskiy ] * certdata2pem.py: use UTC time when checking cert validity [ Julien Cristau ] * Update Mozilla certificate authority bundle to version 2.60 The following certificate authorities were added (+): + "Autoridad de Certificacion Firmaprofesional CIF A62634068" + "Certainly Root E1" + "Certainly Root R1" + "D-TRUST BR Root CA 1 2020" + "D-TRUST EV Root CA 1 2020" + "DigiCert TLS ECC P384 Root G5" + "DigiCert TLS RSA4096 Root G5" + "E-Tugra Global Root CA ECC v3" + "E-Tugra Global Root CA RSA v3" + "HARICA TLS ECC Root CA 2021" + "HARICA TLS RSA Root CA 2021" + "HiPKI Root CA - G1" + "ISRG Root X2" + "Security Communication ECC RootCA1" + "Security Communication RootCA3" + "Telia Root CA v2" + "TunTrust Root CA" + "vTrus ECC Root CA" + "vTrus Root CA" The following certificate authorities were removed (-): - "Cybertrust Global Root" (expired) - "EC-ACC" - "GlobalSign Root CA - R2" (expired) - "Hellenic Academic and Research Institutions RootCA 2011" - "Network Solutions Certificate Authority" - "Staat der Nederlanden EV Root CA" (expired) * Drop trailing space from debconf template causing misformatting (closes: #980821) [ Wataru Ashihara ] * Make certdata2pem.py compatible with cryptography >= 35 (closes: #1008244) -- Julien Cristau Sat, 11 Mar 2023 09:47:05 +0100 @ text @d1 1 a1 1 $NetBSD: patch-sbin_update-ca-certificates,v 1.2 2022/06/12 07:05:30 kim Exp $ d7 8 a14 3 +++ sbin/update-ca-certificates 2023-05-21 15:58:00.334161148 +0000 @@@@ -28,9 +28,23 @@@@ CERTSDIR=/usr/share/ca-certificates d38 1 a38 1 @@@@ -66,6 +80,27 @@@@ a42 8 +disabled) + cat <<-EOF + Please enable update-ca-certificates by editing + $ETCCERTSDIRCONF + and then run it again. + EOF + exit 1 + ;; d47 2 a48 1 + Please set ETCCERTSDIR to an absolute path in @ 1.2 log @security/ca-certificates: Add configurability for certificate store - The location of the system certificate store can now be set using a new configuration file (ca-certificates-dir.conf). - Installing the certificates to the system certificate store must be enabled by the administrator. @ text @d1 1 a1 1 $NetBSD: patch-sbin_update-ca-certificates,v 1.1 2022/02/28 06:46:52 kim Exp $ d3 5 a7 2 --- sbin/update-ca-certificates.orig 2021-10-16 16:09:43.000000000 +0000 +++ sbin/update-ca-certificates 2022-06-12 16:09:43.000000000 +0000 d52 1 a52 1 + and then run it again. a60 11 @@@@ -81,8 +116,8 @@@@ # Helper files. (Some of them are not simple arrays because we spawn # subshells later on.) TEMPBUNDLE="${ETCCERTSDIR}/${CERTBUNDLE}.new" -ADDED="$(mktemp --tmpdir "ca-certificates.tmp.XXXXXX")" -REMOVED="$(mktemp --tmpdir "ca-certificates.tmp.XXXXXX")" +ADDED="$(mktemp -t "ca-certificates.tmp.XXXXXX")" +REMOVED="$(mktemp -t "ca-certificates.tmp.XXXXXX")" # Adds a certificate to the list of trusted ones. This includes a symlink # in /etc/ssl/certs to the certificate file and its inclusion into the @ 1.1 log @security/ca-certificates: Fix mktemp usage @ text @d1 1 a1 1 $NetBSD$ d4 55 a58 2 +++ sbin/update-ca-certificates 2022-02-28 06:38:12.674110664 +0000 @@@@ -81,8 +81,8 @@@@ @