Hello community,
here is the log from the commit of package ca-certificates-mozilla for
openSUSE:Factory checked in at 2020-07-30 09:59:40
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/ca-certificates-mozilla (Old)
and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new.3592 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ca-certificates-mozilla"
Thu Jul 30 09:59:40 2020 rev:49 rq:823414 version:2.42
Changes:
--------
---
/work/SRC/openSUSE:Factory/ca-certificates-mozilla/ca-certificates-mozilla.changes
2020-04-05 20:52:30.273122881 +0200
+++
/work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new.3592/ca-certificates-mozilla.changes
2020-07-30 10:00:01.247218360 +0200
@@ -1,0 +2,21 @@
+Wed Jul 29 13:06:19 UTC 2020 - Marcus Meissner <[email protected]>
+
+- update to 2.42 state of the Mozilla NSS Certificate store (bsc#1174673)
+
+ Removed CAs:
+ - AddTrust External CA Root
+ - AddTrust Class 1 CA Root
+ - LuxTrust Global Root 2
+ - Staat der Nederlanden Root CA - G2
+ - Symantec Class 1 Public Primary Certification Authority - G4
+ - Symantec Class 2 Public Primary Certification Authority - G4
+ - VeriSign Class 3 Public Primary Certification Authority - G3
+
+ Added CAs:
+ - certSIGN Root CA G2
+ - e-Szigno Root CA 2017
+ - Microsoft ECC Root Certificate Authority 2017
+ - Microsoft RSA Root Certificate Authority 2017
+
+
+-------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ ca-certificates-mozilla.spec ++++++
--- /var/tmp/diff_new_pack.4KoIQJ/_old 2020-07-30 10:00:03.271219569 +0200
+++ /var/tmp/diff_new_pack.4KoIQJ/_new 2020-07-30 10:00:03.275219571 +0200
@@ -37,7 +37,7 @@
Name: ca-certificates-mozilla
# Version number is NSS_BUILTINS_LIBRARY_VERSION in this file:
# http://hg.mozilla.org/projects/nss/file/default/lib/ckfw/builtins/nssckbi.h
-Version: 2.40
+Version: 2.42
Release: 0
Summary: CA certificates for OpenSSL
License: MPL-2.0
++++++ certdata.txt ++++++
++++ 2058 lines (skipped)
++++ between /work/SRC/openSUSE:Factory/ca-certificates-mozilla/certdata.txt
++++ and
/work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new.3592/certdata.txt
++++++ certdata2pem.py ++++++
--- /var/tmp/diff_new_pack.4KoIQJ/_old 2020-07-30 10:00:03.419219657 +0200
+++ /var/tmp/diff_new_pack.4KoIQJ/_new 2020-07-30 10:00:03.423219659 +0200
@@ -177,6 +177,11 @@
"CKA_TRUST_EMAIL_PROTECTION": "emailProtection",
}
+cert_distrust_types = {
+ "CKA_NSS_SERVER_DISTRUST_AFTER": "nss-server-distrust-after",
+ "CKA_NSS_EMAIL_DISTRUST_AFTER": "nss-email-distrust-after",
+}
+
for tobj in objects:
if tobj['CKA_CLASS'] == 'CKO_NSS_TRUST':
key = tobj['CKA_LABEL'] + printable_serial(tobj)
@@ -369,6 +374,16 @@
f.write("nss-mozilla-ca-policy: true\n")
f.write("modifiable: false\n");
+ # requires p11-kit >= 0.23.19
+ for t in list(cert_distrust_types.keys()):
+ if t in obj:
+ value = obj[t]
+ if value == 'CK_FALSE':
+ value = bytearray(1)
+ f.write(cert_distrust_types[t] + ": \"")
+ f.write(urllib.parse.quote(value));
+ f.write("\"\n")
+
f.write("-----BEGIN CERTIFICATE-----\n")
temp_encoded_b64 = base64.b64encode(obj['CKA_VALUE'])
temp_wrapped = textwrap.wrap(temp_encoded_b64.decode(), 64)
++++++ nssckbi.h ++++++
--- /var/tmp/diff_new_pack.4KoIQJ/_old 2020-07-30 10:00:03.443219671 +0200
+++ /var/tmp/diff_new_pack.4KoIQJ/_new 2020-07-30 10:00:03.443219671 +0200
@@ -46,8 +46,8 @@
* It's recommend to switch back to 0 after having reached version 98/99.
*/
#define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 2
-#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 40
-#define NSS_BUILTINS_LIBRARY_VERSION "2.40"
+#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 42
+#define NSS_BUILTINS_LIBRARY_VERSION "2.42"
/* These version numbers detail the semantic changes to the ckfw engine. */
#define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1
