Hello community,
here is the log from the commit of package ca-certificates-mozilla for
openSUSE:11.3
checked in at Wed Aug 31 15:24:49 CEST 2011.
--------
---
old-versions/11.3/all/ca-certificates-mozilla/ca-certificates-mozilla.changes
2010-04-08 11:24:54.000000000 +0200
+++ 11.3/ca-certificates-mozilla/ca-certificates-mozilla.changes
2011-08-31 11:03:51.000000000 +0200
@@ -1,0 +2,45 @@
+Wed Aug 31 09:02:10 UTC 2011 - [email protected]
+
+- update certificates to revision 1.76
+ * new: Go_Daddy_Root_Certificate_Authority_G2.pem
+ * new: Starfield_Root_Certificate_Authority_G2.pem
+ * new: Starfield_Services_Root_Certificate_Authority_G2.pem
+ * new: AffirmTrust_Commercial.pem
+ * new: AffirmTrust_Networking.pem
+ * new: AffirmTrust_Premium.pem
+ * new: AffirmTrust_Premium_ECC.pem
+ * new: Certum_Trusted_Network_CA.pem
+ * new: Certinomis_Autorit_Racine.pem
+ * new: Root_CA_Generalitat_Valenciana.pem
+ * new: A_Trust_nQual_03.pem
+ * new: TWCA_Root_Certification_Authority.pem
+ * removed: DigiNotar_Root_CA.pem (bnc#714931)
+
+-------------------------------------------------------------------
+Mon Jan 31 13:43:23 UTC 2011 - [email protected]
+
+- update certificates to revision 1.70
+ * new: AddTrust_Qualified_Certificates_Root.pem
+ * new: Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem
+ * new: Chambers_of_Commerce_Root_2008.pem
+ * new: Global_Chambersign_Root_2008.pem
+ * new: Izenpe_com.pem
+ * new: TC_TrustCenter_Universal_CA_III.pem
+
+-------------------------------------------------------------------
+Mon Sep 27 14:27:52 UTC 2010 - [email protected]
+
+- update certificates to revision 1.65
+ * new: E_Guven_Kok_Elektronik_Sertifika_Hizmet_Saglayicisi.pem
+ * new: GlobalSign_Root_CA_R3.pem
+ * new: Microsec_e_Szigno_Root_CA_2009.pem
+ * new: Verisign_Class_1_Public_Primary_Certification_Authority.1.pem
+ * new: Verisign_Class_3_Public_Primary_Certification_Authority.1.pem
+
+-------------------------------------------------------------------
+Fri May 21 12:30:01 UTC 2010 - [email protected]
+
+- update certificates to revision 1.64
+ * removed "RSA Security 1024 V3" certificate
+
+-------------------------------------------------------------------
Package does not exist at destination yet. Using Fallback
old-versions/11.3/all/ca-certificates-mozilla
Destination is old-versions/11.3/UPDATES/all/ca-certificates-mozilla
calling whatdependson for 11.3-i586
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ ca-certificates-mozilla.spec ++++++
--- /var/tmp/diff_new_pack.oYLz9q/_old 2011-08-31 15:24:21.000000000 +0200
+++ /var/tmp/diff_new_pack.oYLz9q/_new 2011-08-31 15:24:21.000000000 +0200
@@ -1,7 +1,7 @@
#
-# spec file for package ca-certificates-mozilla (Version 1.62)
+# spec file for package ca-certificates-mozilla
#
-# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -26,8 +26,8 @@
License: BSD3c(or similar) ; MPL 1.1/GPL 2.0/LGPL 2.1
Group: Productivity/Networking/Security
AutoReqProv: on
-Version: 1.62
-Release: 2
+Version: 1.76
+Release: 1.<RELEASE2>
Summary: CA certificates for OpenSSL
Url: http://www.mozilla.org
# IMPORTANT: procedure to update certificates:
@@ -61,10 +61,11 @@
%prep
%setup -qcT
+/bin/cp %{SOURCE0} .
install -m 644 %{S:1} COPYING
%build
-perl %{SOURCE1} --trustbits < %{SOURCE0}
+perl %{SOURCE1} --trustbits < certdata.txt
%install
mkdir -p %{buildroot}/%{sslusrdir}/mozilla
++++++ certdata.txt ++++++
++++ 20328 lines (skipped)
++++ between old-versions/11.3/all/ca-certificates-mozilla/certdata.txt
++++ and 11.3/ca-certificates-mozilla/certdata.txt
++++++ compareoldnew ++++++
--- /var/tmp/diff_new_pack.oYLz9q/_old 2011-08-31 15:24:21.000000000 +0200
+++ /var/tmp/diff_new_pack.oYLz9q/_new 2011-08-31 15:24:21.000000000 +0200
@@ -15,11 +15,15 @@
mkdir old new
cd old
echo old...
-VERBOSE=1 ../extractcerts.pl < ../.osc/certdata.txt | sort > ../old.files
+VERBOSE=1 ../extractcerts.pl --trustbits < ../.osc/certdata.txt > tmp
+sort < tmp > ../old.files
+rm -f tmp
cd ..
cd new
echo new...
-VERBOSE=1 ../extractcerts.pl < ../certdata.txt | sort > ../new.files
+VERBOSE=1 ../extractcerts.pl --trustbits < ../certdata.txt > tmp
+sort < tmp > ../new.files
+rm -f tmp
cd ..
echo '----------------------------'
while read line; do
@@ -35,6 +39,7 @@
elif ! cmp "old/$common" "new/$common"; then
echo "*** $common differs!"
showcert old/$common
- showcert old/$common
+ showcert new/$common
+ diff -u old/$common new/$common || true
fi
done < <(comm --output-delimiter='#' old.files new.files)
++++++ extractcerts.pl ++++++
--- /var/tmp/diff_new_pack.oYLz9q/_old 2011-08-31 15:24:21.000000000 +0200
+++ /var/tmp/diff_new_pack.oYLz9q/_new 2011-08-31 15:24:21.000000000 +0200
@@ -75,17 +75,30 @@
$output_trustbits = 1;
}
+sub colonhex
+{
+ return join(':', unpack("(H2)*", $_[0]));
+}
+
sub handle_object($)
{
my $object = shift;
return unless $object;
+ ### convert old tags to be able to compare pre 1.74 files
+ $object->{'CKA_CLASS'} =~ s/^CKO_NETSCAPE/CKO_NSS/;
+ for my $type (keys %trust_types) {
+ next unless (exists $object->{$type});
+ $object->{$type} =~ s/^CKT_NETSCAPE/CKT_NSS/;
+ }
+ ####
if($object->{'CKA_CLASS'} eq 'CKO_CERTIFICATE' &&
$object->{'CKA_CERTIFICATE_TYPE'} eq 'CKC_X_509') {
push @certificates, $object;
- } elsif ($object->{'CKA_CLASS'} eq 'CKO_NETSCAPE_TRUST') {
+ } elsif ($object->{'CKA_CLASS'} eq 'CKO_NSS_TRUST') {
my $label = $object->{'CKA_LABEL'};
- die "$label exists" if exists($trusts{$label});
- $trusts{$label} = $object;
- } elsif ($object->{'CKA_CLASS'} eq 'CKO_NETSCAPE_BUILTIN_ROOT_LIST') {
+ my $serial = colonhex($object->{'CKA_SERIAL_NUMBER'});
+ die "$label exists ($serial)" if exists($trusts{$label.$serial});
+ $trusts{$label.$serial} = $object;
+ } elsif ($object->{'CKA_CLASS'} eq 'CKO_NSS_BUILTIN_ROOT_LIST') {
# ignore
} else {
print STDERR "class ", $object->{'CKA_CLASS'} ," not handled\n";
@@ -116,11 +129,12 @@
}
if( $fields[1] =~ /MULTILINE/ ) {
+ die "expected MULTILINE_OCTAL" unless $fields[1] eq 'MULTILINE_OCTAL';
$fields[2] = "";
while(<>) {
last if /END/;
chomp;
- $fields[2] .= $_;
+ $fields[2] .= pack("C", oct($+)) while $_ =~ /\G\\([0-3][0-7][0-7])/g;
}
}
@@ -133,24 +147,26 @@
$object->{$fields[0]} = $fields[2];
}
handle_object($object);
+undef $object;
use MIME::Base64;
for my $cert (@certificates) {
my $alias = $cert->{'CKA_LABEL'};
- if(!exists($trusts{$alias})) {
+ my $serial = colonhex($cert->{'CKA_SERIAL_NUMBER'});
+ if(!exists($trusts{$alias.$serial})) {
print STDERR "NO TRUST: $alias\n";
next;
}
# check trust. We only include certificates that are trusted for identifying
# web sites
- my $trust = $trusts{$alias};
+ my $trust = $trusts{$alias.$serial};
my @addtrust;
my @addtrust_openssl;
my $trusted;
if ($output_trustbits) {
for my $type (keys %trust_types) {
if (exists $trust->{$type}
- && $trust->{$type} eq 'CKT_NETSCAPE_TRUSTED_DELEGATOR') {
+ && $trust->{$type} eq 'CKT_NSS_TRUSTED_DELEGATOR') {
push @addtrust, $trust_types{$type};
if (exists $openssl_trust{$type}) {
push @addtrust_openssl, $openssl_trust{$type};
@@ -159,14 +175,14 @@
}
}
} else {
- if($trust->{'CKA_TRUST_SERVER_AUTH'} eq
'CKT_NETSCAPE_TRUSTED_DELEGATOR') {
+ if($trust->{'CKA_TRUST_SERVER_AUTH'} eq 'CKT_NSS_TRUSTED_DELEGATOR') {
$trusted = 1;
}
}
if (!$trusted) {
my $t = $trust->{'CKA_TRUST_SERVER_AUTH'};
- $t =~ s/CKT_NETSCAPE_//;
+ $t =~ s/CKT_NSS_//;
print STDERR "$t: $alias\n";
next;
}
@@ -178,16 +194,22 @@
my $file = $alias;
$alias =~ s/'/-/g;
$file =~ s/[^[:alnum:]\\]+/_/g;
- $file .= '.pem';
$file = Encode::encode("UTF-8", $file);
+ if (-e $file.'.pem') {
+ my $i = 1;
+ while (-e $file.".$i.pem") {
+ ++$i;
+ }
+ $file .= ".$i.pem";
+ } else {
+ $file .= '.pem';
+ }
if (!open(O, '>', $file)) {
print STDERR "$file: $!\n";
next;
}
print "$file\n" if $ENV{'VERBOSE'};
my $value = $cert->{'CKA_VALUE'};
- my $enc = '';
- $enc .= pack("C", oct($+)) while $value =~ /\G\\([0-3][0-7][0-7])/g;
if ($output_trustbits) {
print O "# alias=",Encode::encode("UTF-8", $alias),"\n";
print O "# trust=",join(" ", @addtrust),"\n";
@@ -196,7 +218,7 @@
}
}
print O "-----BEGIN CERTIFICATE-----\n";
- print O encode_base64($enc);
+ print O encode_base64($value);
print O "-----END CERTIFICATE-----\n";
close O;
}
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
--
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
