commit ca-certificates-mozilla for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates-mozilla for openSUSE:Factory checked in at 2020-10-22 14:21:31 Comparing /work/SRC/openSUSE:Factory/ca-certificates-mozilla (Old) and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new.3463 (New) Package is "ca-certificates-mozilla" Thu Oct 22 14:21:31 2020 rev:50 rq:842510 version:2.44 Changes: --- /work/SRC/openSUSE:Factory/ca-certificates-mozilla/ca-certificates-mozilla.changes 2020-07-30 10:00:01.247218360 +0200 +++ /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new.3463/ca-certificates-mozilla.changes 2020-10-22 14:22:50.426780311 +0200 @@ -1,0 +2,14 @@ +Mon Oct 19 09:09:39 UTC 2020 - Marcus Meissner + +- Updated to 2.44 state of the Mozilla NSS Certificate store (bsc#1177864) + +- Removed CAs: + - EE Certification Centre Root CA + - Taiwan GRCA + +- Added CAs: + - Trustwave Global Certification Authority + - Trustwave Global ECC P256 Certification Authority + - Trustwave Global ECC P384 Certification Authority + +--- Other differences: -- ++ ca-certificates-mozilla.spec ++ --- /var/tmp/diff_new_pack.uA3BxX/_old 2020-10-22 14:22:53.890783419 +0200 +++ /var/tmp/diff_new_pack.uA3BxX/_new 2020-10-22 14:22:53.894783423 +0200 @@ -37,7 +37,7 @@ Name: ca-certificates-mozilla # Version number is NSS_BUILTINS_LIBRARY_VERSION in this file: # http://hg.mozilla.org/projects/nss/file/default/lib/ckfw/builtins/nssckbi.h -Version:2.42 +Version:2.44 Release:0 Summary:CA certificates for OpenSSL License:MPL-2.0 ++ certdata.txt ++ 794 lines (skipped) between /work/SRC/openSUSE:Factory/ca-certificates-mozilla/certdata.txt and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new.3463/certdata.txt ++ nssckbi.h ++ --- /var/tmp/diff_new_pack.uA3BxX/_old 2020-10-22 14:22:54.038783552 +0200 +++ /var/tmp/diff_new_pack.uA3BxX/_new 2020-10-22 14:22:54.038783552 +0200 @@ -46,8 +46,8 @@ * It's recommend to switch back to 0 after having reached version 98/99. */ #define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 2 -#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 42 -#define NSS_BUILTINS_LIBRARY_VERSION "2.42" +#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 44 +#define NSS_BUILTINS_LIBRARY_VERSION "2.44" /* These version numbers detail the semantic changes to the ckfw engine. */ #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1
commit ca-certificates-mozilla for openSUSE:Factory
Hello community,
here is the log from the commit of package ca-certificates-mozilla for
openSUSE:Factory checked in at 2020-07-30 09:59:40
Comparing /work/SRC/openSUSE:Factory/ca-certificates-mozilla (Old)
and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new.3592 (New)
Package is "ca-certificates-mozilla"
Thu Jul 30 09:59:40 2020 rev:49 rq:823414 version:2.42
Changes:
---
/work/SRC/openSUSE:Factory/ca-certificates-mozilla/ca-certificates-mozilla.changes
2020-04-05 20:52:30.273122881 +0200
+++
/work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new.3592/ca-certificates-mozilla.changes
2020-07-30 10:00:01.247218360 +0200
@@ -1,0 +2,21 @@
+Wed Jul 29 13:06:19 UTC 2020 - Marcus Meissner
+
+- update to 2.42 state of the Mozilla NSS Certificate store (bsc#1174673)
+
+ Removed CAs:
+ - AddTrust External CA Root
+ - AddTrust Class 1 CA Root
+ - LuxTrust Global Root 2
+ - Staat der Nederlanden Root CA - G2
+ - Symantec Class 1 Public Primary Certification Authority - G4
+ - Symantec Class 2 Public Primary Certification Authority - G4
+ - VeriSign Class 3 Public Primary Certification Authority - G3
+
+ Added CAs:
+ - certSIGN Root CA G2
+ - e-Szigno Root CA 2017
+ - Microsoft ECC Root Certificate Authority 2017
+ - Microsoft RSA Root Certificate Authority 2017
+
+
+---
Other differences:
--
++ ca-certificates-mozilla.spec ++
--- /var/tmp/diff_new_pack.4KoIQJ/_old 2020-07-30 10:00:03.271219569 +0200
+++ /var/tmp/diff_new_pack.4KoIQJ/_new 2020-07-30 10:00:03.275219571 +0200
@@ -37,7 +37,7 @@
Name: ca-certificates-mozilla
# Version number is NSS_BUILTINS_LIBRARY_VERSION in this file:
# http://hg.mozilla.org/projects/nss/file/default/lib/ckfw/builtins/nssckbi.h
-Version:2.40
+Version:2.42
Release:0
Summary:CA certificates for OpenSSL
License:MPL-2.0
++ certdata.txt ++
2058 lines (skipped)
between /work/SRC/openSUSE:Factory/ca-certificates-mozilla/certdata.txt
and
/work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new.3592/certdata.txt
++ certdata2pem.py ++
--- /var/tmp/diff_new_pack.4KoIQJ/_old 2020-07-30 10:00:03.419219657 +0200
+++ /var/tmp/diff_new_pack.4KoIQJ/_new 2020-07-30 10:00:03.423219659 +0200
@@ -177,6 +177,11 @@
"CKA_TRUST_EMAIL_PROTECTION": "emailProtection",
}
+cert_distrust_types = {
+ "CKA_NSS_SERVER_DISTRUST_AFTER": "nss-server-distrust-after",
+ "CKA_NSS_EMAIL_DISTRUST_AFTER": "nss-email-distrust-after",
+}
+
for tobj in objects:
if tobj['CKA_CLASS'] == 'CKO_NSS_TRUST':
key = tobj['CKA_LABEL'] + printable_serial(tobj)
@@ -369,6 +374,16 @@
f.write("nss-mozilla-ca-policy: true\n")
f.write("modifiable: false\n");
+# requires p11-kit >= 0.23.19
+for t in list(cert_distrust_types.keys()):
+if t in obj:
+value = obj[t]
+if value == 'CK_FALSE':
+value = bytearray(1)
+f.write(cert_distrust_types[t] + ": \"")
+f.write(urllib.parse.quote(value));
+f.write("\"\n")
+
f.write("-BEGIN CERTIFICATE-\n")
temp_encoded_b64 = base64.b64encode(obj['CKA_VALUE'])
temp_wrapped = textwrap.wrap(temp_encoded_b64.decode(), 64)
++ nssckbi.h ++
--- /var/tmp/diff_new_pack.4KoIQJ/_old 2020-07-30 10:00:03.443219671 +0200
+++ /var/tmp/diff_new_pack.4KoIQJ/_new 2020-07-30 10:00:03.443219671 +0200
@@ -46,8 +46,8 @@
* It's recommend to switch back to 0 after having reached version 98/99.
*/
#define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 2
-#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 40
-#define NSS_BUILTINS_LIBRARY_VERSION "2.40"
+#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 42
+#define NSS_BUILTINS_LIBRARY_VERSION "2.42"
/* These version numbers detail the semantic changes to the ckfw engine. */
#define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1
commit ca-certificates-mozilla for openSUSE:Factory
Hello community,
here is the log from the commit of package ca-certificates-mozilla for
openSUSE:Factory checked in at 2020-04-05 20:52:28
Comparing /work/SRC/openSUSE:Factory/ca-certificates-mozilla (Old)
and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new.3248 (New)
Package is "ca-certificates-mozilla"
Sun Apr 5 20:52:28 2020 rev:48 rq:790876 version:2.40
Changes:
---
/work/SRC/openSUSE:Factory/ca-certificates-mozilla/ca-certificates-mozilla.changes
2020-01-20 22:47:39.883163942 +0100
+++
/work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new.3248/ca-certificates-mozilla.changes
2020-04-05 20:52:30.273122881 +0200
@@ -1,0 +2,5 @@
+Thu Mar 26 11:38:06 UTC 2020 - Marcus Meissner
+
+- also run update-ca-certificates in %posttrans
+
+---
Other differences:
--
++ ca-certificates-mozilla.spec ++
--- /var/tmp/diff_new_pack.E6tb1k/_old 2020-04-05 20:52:30.993123570 +0200
+++ /var/tmp/diff_new_pack.E6tb1k/_new 2020-04-05 20:52:30.993123570 +0200
@@ -1,7 +1,7 @@
#
# spec file for package ca-certificates-mozilla
#
-# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -122,6 +122,9 @@
%postun
update-ca-certificates || true
+%posttrans
+update-ca-certificates || true
+
%files
%license COPYING
%{trustdir_static}
commit ca-certificates-mozilla for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates-mozilla for openSUSE:Factory checked in at 2020-01-20 22:47:37 Comparing /work/SRC/openSUSE:Factory/ca-certificates-mozilla (Old) and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new.26092 (New) Package is "ca-certificates-mozilla" Mon Jan 20 22:47:37 2020 rev:47 rq:764234 version:2.40 Changes: --- /work/SRC/openSUSE:Factory/ca-certificates-mozilla/ca-certificates-mozilla.changes 2019-12-23 22:43:52.781987832 +0100 +++ /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new.26092/ca-certificates-mozilla.changes 2020-01-20 22:47:39.883163942 +0100 @@ -1,0 +2,13 @@ +Tue Jan 14 07:07:51 UTC 2020 - Marcus Meissner + +- update to 2.40 state of the Mozilla NSS Certificate store (bsc#1160160) +- removed: + - Certplus Class 2 Primary CA + - Deutsche Telekom Root CA 2 + - CN=Swisscom Root CA 2 + - UTN-USERFirst-Client Authentication and Email + +- added: + - Entrust Root Certification Authority - G4 + +--- Other differences: -- ++ ca-certificates-mozilla.spec ++ --- /var/tmp/diff_new_pack.E9hvkS/_old 2020-01-20 22:47:42.567164975 +0100 +++ /var/tmp/diff_new_pack.E9hvkS/_new 2020-01-20 22:47:42.571164976 +0100 @@ -1,7 +1,7 @@ # # spec file for package ca-certificates-mozilla # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -37,7 +37,7 @@ Name: ca-certificates-mozilla # Version number is NSS_BUILTINS_LIBRARY_VERSION in this file: # http://hg.mozilla.org/projects/nss/file/default/lib/ckfw/builtins/nssckbi.h -Version:2.34 +Version:2.40 Release:0 Summary:CA certificates for OpenSSL License:MPL-2.0 ++ certdata.txt ++ 2227 lines (skipped) between /work/SRC/openSUSE:Factory/ca-certificates-mozilla/certdata.txt and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new.26092/certdata.txt ++ nssckbi.h ++ --- /var/tmp/diff_new_pack.E9hvkS/_old 2020-01-20 22:47:42.723165034 +0100 +++ /var/tmp/diff_new_pack.E9hvkS/_new 2020-01-20 22:47:42.723165034 +0100 @@ -46,8 +46,8 @@ * It's recommend to switch back to 0 after having reached version 98/99. */ #define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 2 -#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 34 -#define NSS_BUILTINS_LIBRARY_VERSION "2.34" +#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 40 +#define NSS_BUILTINS_LIBRARY_VERSION "2.40" /* These version numbers detail the semantic changes to the ckfw engine. */ #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1
commit ca-certificates-mozilla for openSUSE:Factory
Hello community,
here is the log from the commit of package ca-certificates-mozilla for
openSUSE:Factory checked in at 2019-12-23 22:41:57
Comparing /work/SRC/openSUSE:Factory/ca-certificates-mozilla (Old)
and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new.6675 (New)
Package is "ca-certificates-mozilla"
Mon Dec 23 22:41:57 2019 rev:46 rq:757879 version:2.34
Changes:
---
/work/SRC/openSUSE:Factory/ca-certificates-mozilla/ca-certificates-mozilla.changes
2019-12-05 17:37:34.561390835 +0100
+++
/work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new.6675/ca-certificates-mozilla.changes
2019-12-23 22:43:52.781987832 +0100
@@ -1,0 +2,5 @@
+Wed Dec 18 10:53:59 UTC 2019 - Ludwig Nussel
+
+- make sure p11-kit with patches is installed on SLE (boo#1154871)
+
+---
Other differences:
--
++ ca-certificates-mozilla.spec ++
--- /var/tmp/diff_new_pack.gLonOy/_old 2019-12-23 22:43:54.305988493 +0100
+++ /var/tmp/diff_new_pack.gLonOy/_new 2019-12-23 22:43:54.337988507 +0100
@@ -16,6 +16,23 @@
#
+# ensure p11-kit has the required features on SLE for
+# https://bugzilla.suse.com/show_bug.cgi?id=1154871
+%if 0%{?suse_version} == 1500
+%if 0%{?is_opensuse}
+# Leap 15.1
+%define p11_kit_min 0.23.2-lp151.4.3.1
+%else
+# 15GA
+%define p11_kit_min 0.23.2-4.5.2
+%endif
+%else
+%if 0%{?suse_version} == 1315 && 0%{?sle_version} > 120300
+# 12SP3
+%define p11_kit_min 0.20.7-3.3.1
+%endif
+%endif
+#
%define certdir %{trustdir_static}
Name: ca-certificates-mozilla
# Version number is NSS_BUILTINS_LIBRARY_VERSION in this file:
@@ -52,6 +69,9 @@
# replaces this package from SLE11 times
Obsoletes: openssl-certs
BuildArch: noarch
+%if %{defined p11_kit_min}
+Conflicts: p11-kit-tools < %p11_kit_min
+%endif
%description
This package contains some CA root certificates for OpenSSL extracted
commit ca-certificates-mozilla for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates-mozilla for openSUSE:Factory checked in at 2019-12-05 17:35:01 Comparing /work/SRC/openSUSE:Factory/ca-certificates-mozilla (Old) and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new.4691 (New) Package is "ca-certificates-mozilla" Thu Dec 5 17:35:01 2019 rev:45 rq:754429 version:2.34 Changes: --- /work/SRC/openSUSE:Factory/ca-certificates-mozilla/ca-certificates-mozilla.changes 2019-12-02 11:26:51.950682456 +0100 +++ /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new.4691/ca-certificates-mozilla.changes 2019-12-05 17:37:34.561390835 +0100 @@ -75 +75,2 @@ -- Updated to 2.22 state of the Mozilla NSS Certificate store. +- Updated to 2.22 state of the Mozilla NSS Certificate store (bsc#1071152, + bsc#1071390, bsc#1010996) @@ -210 +211 @@ -- Updated to 2.7. +- Updated to 2.7 (bsc#973042). Other differences: --
commit ca-certificates-mozilla for openSUSE:Factory
Hello community,
here is the log from the commit of package ca-certificates-mozilla for
openSUSE:Factory checked in at 2019-12-02 11:26:32
Comparing /work/SRC/openSUSE:Factory/ca-certificates-mozilla (Old)
and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new.4691 (New)
Package is "ca-certificates-mozilla"
Mon Dec 2 11:26:32 2019 rev:44 rq:750502 version:2.34
Changes:
---
/work/SRC/openSUSE:Factory/ca-certificates-mozilla/ca-certificates-mozilla.changes
2019-08-15 12:25:20.586607048 +0200
+++
/work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new.4691/ca-certificates-mozilla.changes
2019-12-02 11:26:51.950682456 +0100
@@ -1,0 +2,6 @@
+Tue Nov 12 09:58:01 UTC 2019 - Ludwig Nussel
+
+- export correct p11kit trust attributes so Firefox detects built in
+ certificates (boo#1154871). Courtesy of Fedora.
+
+---
Other differences:
--
++ ca-certificates-mozilla.spec ++
--- /var/tmp/diff_new_pack.vnKWC3/_old 2019-12-02 11:26:56.886680589 +0100
+++ /var/tmp/diff_new_pack.vnKWC3/_new 2019-12-02 11:26:56.890680587 +0100
@@ -38,8 +38,7 @@
# accidentally included!
Source:
http://hg.mozilla.org/projects/nss/raw-file/default/lib/ckfw/builtins/certdata.txt
Source1:
http://hg.mozilla.org/projects/nss/raw-file/default/lib/ckfw/builtins/nssckbi.h
-# from Fedora. Note: currently contains extra fix to remove quotes. Pending
upstream approval.
-Source10: certdata2pem.py
+Source10:
https://src.fedoraproject.org/rpms/ca-certificates/raw/master/f/certdata2pem.py
Source11: %{name}.COPYING
Source12: compareoldnew
BuildRequires: ca-certificates
@@ -61,7 +60,8 @@
%prep
%setup -qcT
-/bin/cp %{SOURCE0} .
+mkdir certs
+ln -s %{SOURCE0} certs
install -m 644 %{SOURCE11} COPYING
ver=`sed -ne '/NSS_BUILTINS_LIBRARY_VERSION /s/.*"\(.*\)"/\1/p' < "%{SOURCE1}"`
@@ -72,44 +72,29 @@
%build
export LANG=en_US.UTF-8
+cd certs
python3 %{SOURCE10}
+cd ..
+(
+ cat <<-EOF
+ # This is a bundle of X.509 certificates of public Certificate
+ # Authorities. It was generated from the Mozilla root CA list.
+ # These certificates and trust/distrust attributes use the file format
accepted
+ # by the p11-kit-trust module.
+ #
+ # Source: nss/lib/ckfw/builtins/certdata.txt
+ # Source: nss/lib/ckfw/builtins/nssckbi.h
+ #
+ # Generated from:
+ EOF
+ awk '$2 = "NSS_BUILTINS_LIBRARY_VERSION" {print "# " $2 " " $3}';
+ echo '#';
+ ls -1 certs/*.tmp-p11-kit | sort | xargs cat
+) > ca-certificates-mozila.trust.p11-kit
%install
-mkdir -p %{buildroot}/%{trustdir_static}/anchors
-set +x
-for i in *.crt; do
- args=()
- trust=`sed -n '/^# openssl-trust=/{s/^.*=//;p;q;}' "$i"`
- distrust=`sed -n '/^# openssl-distrust=/{s/^.*=//;p;q;}' "$i"`
- alias=`sed -n '/^# alias=/{s/^.*=//;p;q;}' "$i"`
- args+=('-trustout')
- for t in $trust; do
- args+=("-addtrust" "$t")
- done
- for t in $distrust; do
- args+=("-addreject" "$t")
- done
- [ -z "$alias" ] || args+=('-setalias' "$alias")
-
- echo "$i ${args[*]}"
- fname="%{buildroot}/%{trustdir_static}$d/${i%%:*}.pem"
- if [ -e "$fname" ]; then
- fname="${fname%.pem}"
- j=1
- while [ -e "$fname.$j.pem" ]; do
- j=$((j+1))
- done
- fname="$fname.$j.pem"
- fi
- {
- grep '^#' "$i"
- openssl x509 -in "$i" "${args[@]}"
- } > "$fname"
-done
-for i in *.p11-kit ; do
- install -m 644 "$i" "%{buildroot}/%{trustdir_static}"
-done
-set -x
+mkdir -p %{buildroot}/%{trustdir_static}
+install -m 644 ca-certificates-mozila.trust.p11-kit
"%{buildroot}/%{trustdir_static}/ca-certificates-mozila.trust.p11-kit"
%post
update-ca-certificates || true
++ certdata2pem.py ++
--- /var/tmp/diff_new_pack.vnKWC3/_old 2019-12-02 11:26:57.002680545 +0100
+++ /var/tmp/diff_new_pack.vnKWC3/_new 2019-12-02 11:26:57.002680545 +0100
@@ -1,4 +1,4 @@
-#!/usr/bin/python3
+#!/usr/bin/python
# vim:set et sw=4:
#
# certdata2pem.py - splits certdata.txt into multiple files
@@ -26,7 +26,8 @@
import re
import sys
import textwrap
-import urllib.parse
+import urllib.request, urllib.parse, urllib.error
+import subprocess
objects = []
@@ -35,7 +36,7 @@
# Dirty file parser.
in_data, in_multiline, in_obj = False, False, False
-field, vtype, value, obj = None, None, None, dict()
+field, ftype, value, binval, obj = None, None, None, bytearray(), dict()
for line in open('certdata.txt', 'r'):
# Ignore the file header.
if not
commit ca-certificates-mozilla for openSUSE:Factory
Hello community,
here is the log from the commit of package ca-certificates-mozilla for
openSUSE:Factory checked in at 2019-08-15 12:25:19
Comparing /work/SRC/openSUSE:Factory/ca-certificates-mozilla (Old)
and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new.9556 (New)
Package is "ca-certificates-mozilla"
Thu Aug 15 12:25:19 2019 rev:43 rq:721013 version:2.34
Changes:
---
/work/SRC/openSUSE:Factory/ca-certificates-mozilla/ca-certificates-mozilla.changes
2019-01-29 14:45:06.607063338 +0100
+++
/work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new.9556/ca-certificates-mozilla.changes
2019-08-15 12:25:20.586607048 +0200
@@ -1,0 +2,13 @@
+Sun Aug 4 14:17:45 UTC 2019 - Andreas Stieger
+
+- update to 2.34 state of the Mozilla NSS Certificate store (bsc#1144169)
+- Removed CAs:
+ - Certinomis - Root CA
+- includes added root CAs from the 2.32 version:
+ - emSign ECC Root CA - C3 (email and server auth)
+ - emSign ECC Root CA - G3 (email and server auth)
+ - emSign Root CA - C1 (email and server auth)
+ - emSign Root CA - G1 (email and server auth)
+ - Hongkong Post Root CA 3 (server auth)
+
+---
Other differences:
--
++ ca-certificates-mozilla.spec ++
--- /var/tmp/diff_new_pack.xMqy4s/_old 2019-08-15 12:25:21.202606895 +0200
+++ /var/tmp/diff_new_pack.xMqy4s/_new 2019-08-15 12:25:21.202606895 +0200
@@ -12,26 +12,20 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define certdir %{trustdir_static}
-BuildRequires: p11-kit-devel
-
-BuildRequires: ca-certificates
-BuildRequires: openssl
-BuildRequires: python3-base
-
Name: ca-certificates-mozilla
# Version number is NSS_BUILTINS_LIBRARY_VERSION in this file:
# http://hg.mozilla.org/projects/nss/file/default/lib/ckfw/builtins/nssckbi.h
-Version:2.30
+Version:2.34
Release:0
Summary:CA certificates for OpenSSL
License:MPL-2.0
Group: Productivity/Networking/Security
-Url:http://www.mozilla.org
+URL:https://www.mozilla.org
# IMPORTANT: procedure to update certificates:
# - Check the log of the cert file:
#
http://hg.mozilla.org/projects/nss/log/default/lib/ckfw/builtins/certdata.txt
@@ -48,22 +42,22 @@
Source10: certdata2pem.py
Source11: %{name}.COPYING
Source12: compareoldnew
-
-BuildRoot: %{_tmppath}/%{name}-%{version}-build
-BuildArch: noarch
+BuildRequires: ca-certificates
+BuildRequires: openssl
+BuildRequires: p11-kit-devel
+BuildRequires: python3-base
# for update-ca-certificates
Requires(post):ca-certificates
Requires(postun): ca-certificates
#
# replaces this package from SLE11 times
Obsoletes: openssl-certs
+BuildArch: noarch
%description
This package contains some CA root certificates for OpenSSL extracted
from MozillaFirefox
-
-
%prep
%setup -qcT
@@ -124,7 +118,6 @@
update-ca-certificates || true
%files
-%defattr(-, root, root)
%license COPYING
%{trustdir_static}
++ certdata.txt ++
854 lines (skipped)
between /work/SRC/openSUSE:Factory/ca-certificates-mozilla/certdata.txt
and
/work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new.9556/certdata.txt
++ nssckbi.h ++
--- /var/tmp/diff_new_pack.xMqy4s/_old 2019-08-15 12:25:21.294606872 +0200
+++ /var/tmp/diff_new_pack.xMqy4s/_new 2019-08-15 12:25:21.294606872 +0200
@@ -46,8 +46,8 @@
* It's recommend to switch back to 0 after having reached version 98/99.
*/
#define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 2
-#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 30
-#define NSS_BUILTINS_LIBRARY_VERSION "2.30"
+#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 34
+#define NSS_BUILTINS_LIBRARY_VERSION "2.34"
/* These version numbers detail the semantic changes to the ckfw engine. */
#define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1
commit ca-certificates-mozilla for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates-mozilla for openSUSE:Factory checked in at 2019-01-29 14:45:04 Comparing /work/SRC/openSUSE:Factory/ca-certificates-mozilla (Old) and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new.28833 (New) Package is "ca-certificates-mozilla" Tue Jan 29 14:45:04 2019 rev:42 rq:24 version:2.30 Changes: --- /work/SRC/openSUSE:Factory/ca-certificates-mozilla/ca-certificates-mozilla.changes 2018-08-28 09:19:40.763930620 +0200 +++ /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new.28833/ca-certificates-mozilla.changes 2019-01-29 14:45:06.607063338 +0100 @@ -1,0 +2,23 @@ +Thu Jan 17 06:17:05 UTC 2019 - meiss...@suse.com + +- updated to 2.30 state of the Mozilla NSS Certificate store. (bsc#1121446) +- Removed CAs: + - AC Raiz Certicamara S.A. + - Certplus Root CA G1 + - Certplus Root CA G2 + - OpenTrust Root CA G1 + - OpenTrust Root CA G2 + - OpenTrust Root CA G3 + - Visa eCommerce Root + +- Added Root CAs: + - Certigna Root CA (email and server auth) + - GTS Root R1 (server auth) + - GTS Root R2 (server auth) + - GTS Root R3 (server auth) + - GTS Root R4 (server auth) + - OISTE WISeKey Global Root GC CA (email and server auth) + - UCA Extended Validation Root (server auth) + - UCA Global G2 Root (email and server auth) + +--- Other differences: -- ++ ca-certificates-mozilla.spec ++ --- /var/tmp/diff_new_pack.V6QLR2/_old 2019-01-29 14:45:07.467062296 +0100 +++ /var/tmp/diff_new_pack.V6QLR2/_new 2019-01-29 14:45:07.475062286 +0100 @@ -1,7 +1,7 @@ # # spec file for package ca-certificates-mozilla # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -26,7 +26,7 @@ Name: ca-certificates-mozilla # Version number is NSS_BUILTINS_LIBRARY_VERSION in this file: # http://hg.mozilla.org/projects/nss/file/default/lib/ckfw/builtins/nssckbi.h -Version:2.26 +Version:2.30 Release:0 Summary:CA certificates for OpenSSL License:MPL-2.0 ++ certdata.txt ++ 2213 lines (skipped) between /work/SRC/openSUSE:Factory/ca-certificates-mozilla/certdata.txt and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new.28833/certdata.txt ++ nssckbi.h ++ --- /var/tmp/diff_new_pack.V6QLR2/_old 2019-01-29 14:45:07.595062140 +0100 +++ /var/tmp/diff_new_pack.V6QLR2/_new 2019-01-29 14:45:07.599062136 +0100 @@ -46,8 +46,8 @@ * It's recommend to switch back to 0 after having reached version 98/99. */ #define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 2 -#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 26 -#define NSS_BUILTINS_LIBRARY_VERSION "2.26" +#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 30 +#define NSS_BUILTINS_LIBRARY_VERSION "2.30" /* These version numbers detail the semantic changes to the ckfw engine. */ #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1
commit ca-certificates-mozilla for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates-mozilla for openSUSE:Factory checked in at 2018-08-28 09:19:36 Comparing /work/SRC/openSUSE:Factory/ca-certificates-mozilla (Old) and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new (New) Package is "ca-certificates-mozilla" Tue Aug 28 09:19:36 2018 rev:41 rq:629505 version:2.26 Changes: --- /work/SRC/openSUSE:Factory/ca-certificates-mozilla/ca-certificates-mozilla.changes 2018-07-13 10:17:21.126169674 +0200 +++ /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new/ca-certificates-mozilla.changes 2018-08-28 09:19:40.763930620 +0200 @@ -1,0 +2,15 @@ +Thu Aug 16 08:42:38 UTC 2018 - meiss...@suse.com + +- updated to 2.26 state of the Mozilla NSS Certificate store. (bsc#1104780) + - removed server auth +- Certplus Root CA G1 +- Certplus Root CA G2 +- OpenTrust Root CA G1 +- OpenTrust Root CA G2 +- OpenTrust Root CA G3 + - remove CA +- ComSign CA + - added new CA +- GlobalSign + +--- Other differences: -- ++ ca-certificates-mozilla.spec ++ --- /var/tmp/diff_new_pack.lpOM2n/_old 2018-08-28 09:19:42.083934819 +0200 +++ /var/tmp/diff_new_pack.lpOM2n/_new 2018-08-28 09:19:42.087934832 +0200 @@ -26,7 +26,7 @@ Name: ca-certificates-mozilla # Version number is NSS_BUILTINS_LIBRARY_VERSION in this file: # http://hg.mozilla.org/projects/nss/file/default/lib/ckfw/builtins/nssckbi.h -Version:2.24 +Version:2.26 Release:0 Summary:CA certificates for OpenSSL License:MPL-2.0 ++ certdata.txt ++ --- /var/tmp/diff_new_pack.lpOM2n/_old 2018-08-28 09:19:42.195935175 +0200 +++ /var/tmp/diff_new_pack.lpOM2n/_new 2018-08-28 09:19:42.199935188 +0200 @@ -7382,136 +7382,6 @@ CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "ComSign CA" -# -# Issuer: C=IL,O=ComSign,CN=ComSign CA -# Serial Number:14:13:96:83:14:55:8c:ea:7b:63:e5:fc:34:87:77:44 -# Subject: C=IL,O=ComSign,CN=ComSign CA -# Not Valid Before: Wed Mar 24 11:32:18 2004 -# Not Valid After : Mon Mar 19 15:02:18 2029 -# Fingerprint (MD5): CD:F4:39:F3:B5:18:50:D7:3E:A4:C5:91:A0:3E:21:4B -# Fingerprint (SHA1): E1:A4:5B:14:1A:21:DA:1A:79:F4:1A:42:A9:61:D6:69:CD:06:34:C1 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "ComSign CA" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\064\061\023\060\021\006\003\125\004\003\023\012\103\157\155 -\123\151\147\156\040\103\101\061\020\060\016\006\003\125\004\012 -\023\007\103\157\155\123\151\147\156\061\013\060\011\006\003\125 -\004\006\023\002\111\114 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\064\061\023\060\021\006\003\125\004\003\023\012\103\157\155 -\123\151\147\156\040\103\101\061\020\060\016\006\003\125\004\012 -\023\007\103\157\155\123\151\147\156\061\013\060\011\006\003\125 -\004\006\023\002\111\114 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\024\023\226\203\024\125\214\352\173\143\345\374\064\207 -\167\104 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\223\060\202\002\173\240\003\002\001\002\002\020\024 -\023\226\203\024\125\214\352\173\143\345\374\064\207\167\104\060 -\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\064 -\061\023\060\021\006\003\125\004\003\023\012\103\157\155\123\151 -\147\156\040\103\101\061\020\060\016\006\003\125\004\012\023\007 -\103\157\155\123\151\147\156\061\013\060\011\006\003\125\004\006 -\023\002\111\114\060\036\027\015\060\064\060\063\062\064\061\061 -\063\062\061\070\132\027\015\062\071\060\063\061\071\061\065\060 -\062\061\070\132\060\064\061\023\060\021\006\003\125\004\003\023 -\012\103\157\155\123\151\147\156\040\103\101\061\020\060\016\006 -\003\125\004\012\023\007\103\157\155\123\151\147\156\061\013\060 -\011\006\003\125\004\006\023\002\111\114\060\202\001\042\060\015 -\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001 -\017\000\060\202\001\012\002\202\001\001\000\360\344\124\151\053 -\323\307\217\152\104\344\176\130\047\370\013\320\344\224\022\212 -\361\033\070\070\057\037\061\234\006\324\054\247\336\013\052\256 -\032\240\343\236\152\277\237\074\307\156\242\371\213\144\154\072 -\255\205\125\121\124\245\070\125\270\253\203\004\362\077\144\066 -\367\300\215\103\103\152\146\321\367\027\052\325\357\066\372\060 -\020\102\327\123\315\371\372\063\163\114\263\351\204\040\212\326 -\101\047\065\344\070\372\224\233\270\172\344\171\037\063\373\033 -\330\041\011\050\174\115\030\151\136\144\212\172\031\223\312\176 -\354\363\162\347\067\007\130\131\050\254\102\371\305\377\315\077
commit ca-certificates-mozilla for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates-mozilla for openSUSE:Factory checked in at 2018-07-13 10:17:18 Comparing /work/SRC/openSUSE:Factory/ca-certificates-mozilla (Old) and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new (New) Package is "ca-certificates-mozilla" Fri Jul 13 10:17:18 2018 rev:40 rq:621348 version:2.24 Changes: --- /work/SRC/openSUSE:Factory/ca-certificates-mozilla/ca-certificates-mozilla.changes 2018-03-26 12:06:55.246530056 +0200 +++ /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new/ca-certificates-mozilla.changes 2018-07-13 10:17:21.126169674 +0200 @@ -1,0 +2,9 @@ +Fri Jul 6 14:40:58 UTC 2018 - meiss...@suse.com + +- Updated to 2.24 state of the Mozilla NSS Certificate store. (bsc#1100415) +- Removed CAs: + * S-TRUST_Universal_Root_CA:2.16.96.86.197.75.35.64.91.100.212.237.37.218.217.214.30.30.crt + * TC_TrustCenter_Class_3_CA_II:2.14.74.71.0.1.0.2.229.160.93.214.63.0.81.191.crt + * TÜRKTRUST_Elektronik_Sertifika_Hizmet_Sağlayıcısı_H5:2.7.0.142.23.254.36.32.129.crt + +--- Other differences: -- ++ ca-certificates-mozilla.spec ++ --- /var/tmp/diff_new_pack.uyvD4O/_old 2018-07-13 10:17:22.622171447 +0200 +++ /var/tmp/diff_new_pack.uyvD4O/_new 2018-07-13 10:17:22.622171447 +0200 @@ -26,7 +26,7 @@ Name: ca-certificates-mozilla # Version number is NSS_BUILTINS_LIBRARY_VERSION in this file: # http://hg.mozilla.org/projects/nss/file/default/lib/ckfw/builtins/nssckbi.h -Version:2.22 +Version:2.24 Release:0 Summary:CA certificates for OpenSSL License:MPL-2.0 ++ certdata.txt ++ --- /var/tmp/diff_new_pack.uyvD4O/_old 2018-07-13 10:17:22.698171537 +0200 +++ /var/tmp/diff_new_pack.uyvD4O/_new 2018-07-13 10:17:22.702171542 +0200 @@ -7241,163 +7241,6 @@ CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "TC TrustCenter Class 3 CA II" -# -# Issuer: CN=TC TrustCenter Class 3 CA II,OU=TC TrustCenter Class 3 CA,O=TC TrustCenter GmbH,C=DE -# Serial Number:4a:47:00:01:00:02:e5:a0:5d:d6:3f:00:51:bf -# Subject: CN=TC TrustCenter Class 3 CA II,OU=TC TrustCenter Class 3 CA,O=TC TrustCenter GmbH,C=DE -# Not Valid Before: Thu Jan 12 14:41:57 2006 -# Not Valid After : Wed Dec 31 22:59:59 2025 -# Fingerprint (MD5): 56:5F:AA:80:61:12:17:F6:67:21:E6:2B:6D:61:56:8E -# Fingerprint (SHA1): 80:25:EF:F4:6E:70:C8:D4:72:24:65:84:FE:40:3B:8A:8D:6A:DB:F5 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "TC TrustCenter Class 3 CA II" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\166\061\013\060\011\006\003\125\004\006\023\002\104\105\061 -\034\060\032\006\003\125\004\012\023\023\124\103\040\124\162\165 -\163\164\103\145\156\164\145\162\040\107\155\142\110\061\042\060 -\040\006\003\125\004\013\023\031\124\103\040\124\162\165\163\164 -\103\145\156\164\145\162\040\103\154\141\163\163\040\063\040\103 -\101\061\045\060\043\006\003\125\004\003\023\034\124\103\040\124 -\162\165\163\164\103\145\156\164\145\162\040\103\154\141\163\163 -\040\063\040\103\101\040\111\111 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\166\061\013\060\011\006\003\125\004\006\023\002\104\105\061 -\034\060\032\006\003\125\004\012\023\023\124\103\040\124\162\165 -\163\164\103\145\156\164\145\162\040\107\155\142\110\061\042\060 -\040\006\003\125\004\013\023\031\124\103\040\124\162\165\163\164 -\103\145\156\164\145\162\040\103\154\141\163\163\040\063\040\103 -\101\061\045\060\043\006\003\125\004\003\023\034\124\103\040\124 -\162\165\163\164\103\145\156\164\145\162\040\103\154\141\163\163 -\040\063\040\103\101\040\111\111 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\016\112\107\000\001\000\002\345\240\135\326\077\000\121\277 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\004\252\060\202\003\222\240\003\002\001\002\002\016\112 -\107\000\001\000\002\345\240\135\326\077\000\121\277\060\015\006 -\011\052\206\110\206\367\015\001\001\005\005\000\060\166\061\013 -\060\011\006\003\125\004\006\023\002\104\105\061\034\060\032\006 -\003\125\004\012\023\023\124\103\040\124\162\165\163\164\103\145 -\156\164\145\162\040\107\155\142\110\061\042\060\040\006\003\125 -\004\013\023\031\124\103\040\124\162\165\163\164\103\145\156\164 -\145\162\040\103\154\141\163\163\040\063\040\103\101\061\045\060 -\043\006\003\125\004\003\023\034\124\103\040\124\162\165\163\164 -\103\145\156\164\145\162\040\103\154\141\163\163\040\063\040\103 -\101\040\111\111\060\036\027\015\060\066\060\061\061\062\061\064 -\064\061\065\067\132\027\015\062\065\061\062\063\061\062\062\065
commit ca-certificates-mozilla for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates-mozilla for openSUSE:Factory checked in at 2018-01-26 13:35:48 Comparing /work/SRC/openSUSE:Factory/ca-certificates-mozilla (Old) and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new (New) Package is "ca-certificates-mozilla" Fri Jan 26 13:35:48 2018 rev:38 rq:569458 version:2.22 Changes: --- /work/SRC/openSUSE:Factory/ca-certificates-mozilla/ca-certificates-mozilla.changes 2017-10-27 13:47:18.583593707 +0200 +++ /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new/ca-certificates-mozilla.changes 2018-01-26 13:35:49.707582343 +0100 @@ -1,0 +2,47 @@ +Thu Jan 25 09:43:25 UTC 2018 - meiss...@suse.com + +- Updated to 2.22 state of the Mozilla NSS Certificate store. +- Removed CAs: + + * ACEDICOM Root + * AddTrust Public CA Root + * AddTrust Qualified CA Root + * ApplicationCA - Japanese Government + * CA Disig Root R1 + * CA WoSign ECC Root + * Certification Authority of WoSign G2 + * Certinomis - Autorité Racine + * China Internet Network Information Center EV Certificates Root + * CNNIC ROOT + * Comodo Secure Certificate Services + * Comodo Trusted Certificate Services + * ComSign Secured CA + * DST ACES CA X6 + * GeoTrust Global CA 2 + * StartCom Certification Authority + * StartCom Certification Authority + * StartCom Certification Authority G2 + * Swisscom Root CA 1 + * TÜBİTAK UEKAE Kök Sertifika Hizmet Sağlayıcısı - Sürüm 3 + * TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı + * TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6 + * UTN USERFirst Hardware Root CA + * UTN USERFirst Object Root CA + * VeriSign Class 3 Secure Server CA - G2 + * WellsSecure Public Root Certificate Authority + * Certification Authority of WoSign + * WoSign China + +- Added CAs: + + * D-TRUST Root CA 3 2013 + * GDCA TrustAUTH R5 ROOT + * SSL.com EV Root Certification Authority ECC + * SSL.com EV Root Certification Authority RSA R2 + * SSL.com Root Certification Authority ECC + * SSL.com Root Certification Authority RSA + * TrustCor RootCert CA-1 + * TrustCor RootCert CA-2 + * TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1 + +--- Other differences: -- ++ ca-certificates-mozilla.spec ++ --- /var/tmp/diff_new_pack.bqoU7k/_old 2018-01-26 13:35:51.135515648 +0100 +++ /var/tmp/diff_new_pack.bqoU7k/_new 2018-01-26 13:35:51.139515461 +0100 @@ -1,7 +1,7 @@ # # spec file for package ca-certificates-mozilla # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -26,7 +26,7 @@ Name: ca-certificates-mozilla # Version number is NSS_BUILTINS_LIBRARY_VERSION in this file: # http://hg.mozilla.org/projects/nss/file/default/lib/ckfw/builtins/nssckbi.h -Version:2.11 +Version:2.22 Release:0 Summary:CA certificates for OpenSSL License:MPL-2.0 ++ certdata.txt ++ 30869 lines (skipped) between /work/SRC/openSUSE:Factory/ca-certificates-mozilla/certdata.txt and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new/certdata.txt ++ nssckbi.h ++ --- /var/tmp/diff_new_pack.bqoU7k/_old 2018-01-26 13:35:51.323506867 +0100 +++ /var/tmp/diff_new_pack.bqoU7k/_new 2018-01-26 13:35:51.323506867 +0100 @@ -22,31 +22,32 @@ * to the list of trusted certificates. * * The NSS_BUILTINS_LIBRARY_VERSION_MINOR macro needs to be bumped - * for each NSS minor release AND whenever we change the list of - * trusted certificates. 10 minor versions are allocated for each - * NSS 3.x branch as follows, allowing us to change the list of - * trusted certificates up to 9 times on each branch. - * - NSS 3.5 branch: 3-9 - * - NSS 3.6 branch: 10-19 - * - NSS 3.7 branch: 20-29 - * - NSS 3.8 branch: 30-39 - * - NSS 3.9 branch: 40-49 - * - NSS 3.10 branch: 50-59 - * - NSS 3.11 branch: 60-69 - * ... - * - NSS 3.12 branch: 70-89 - * - NSS 3.13 branch: 90-99 - * - NSS 3.14 branch: 100-109 - * ... - * - NSS 3.29 branch: 250-255 + * whenever we change the list of trusted certificates. + * + * Please use the following rules when increasing the version number: + * + * - starting with version 2.14, NSS_BUILTINS_LIBRARY_VERSION_MINOR + * must always be an EVEN number (e.g. 16, 18, 20 etc.) + * + * - whenever possible, if older branches require a modification to the + * list, these changes should be made on the main line of development (trunk), + * and the older branches should
commit ca-certificates-mozilla for openSUSE:Factory
Hello community,
here is the log from the commit of package ca-certificates-mozilla for
openSUSE:Factory checked in at 2017-10-27 13:47:17
Comparing /work/SRC/openSUSE:Factory/ca-certificates-mozilla (Old)
and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new (New)
Package is "ca-certificates-mozilla"
Fri Oct 27 13:47:17 2017 rev:37 rq:536559 version:2.11
Changes:
---
/work/SRC/openSUSE:Factory/ca-certificates-mozilla/ca-certificates-mozilla.changes
2017-02-03 17:33:50.933415327 +0100
+++
/work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new/ca-certificates-mozilla.changes
2017-10-27 13:47:18.583593707 +0200
@@ -1,0 +2,7 @@
+Wed Oct 25 12:40:36 UTC 2017 - jmate...@suse.com
+
+- convert processing script to Python 3
+- ensure a stable conversion of UTF8 hex-encoded certificate names
+- ensure a stable ordering of trust/distrust bits in headers
+
+---
Other differences:
--
++ ca-certificates-mozilla.spec ++
--- /var/tmp/diff_new_pack.fZW1Hk/_old 2017-10-27 13:47:19.659543421 +0200
+++ /var/tmp/diff_new_pack.fZW1Hk/_new 2017-10-27 13:47:19.663543234 +0200
@@ -21,7 +21,7 @@
BuildRequires: ca-certificates
BuildRequires: openssl
-BuildRequires: python
+BuildRequires: python3-base
Name: ca-certificates-mozilla
# Version number is NSS_BUILTINS_LIBRARY_VERSION in this file:
@@ -77,7 +77,8 @@
fi
%build
-python %{SOURCE10}
+export LANG=en_US.UTF-8
+python3 %{SOURCE10}
%install
mkdir -p %{buildroot}/%{trustdir_static}/anchors
++ certdata2pem.py ++
--- /var/tmp/diff_new_pack.fZW1Hk/_old 2017-10-27 13:47:19.779537813 +0200
+++ /var/tmp/diff_new_pack.fZW1Hk/_new 2017-10-27 13:47:19.779537813 +0200
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/python3
# vim:set et sw=4:
#
# certdata2pem.py - splits certdata.txt into multiple files
@@ -26,16 +26,16 @@
import re
import sys
import textwrap
-import urllib
+import urllib.parse
objects = []
def printable_serial(obj):
- return ".".join(map(lambda x:str(ord(x)), obj['CKA_SERIAL_NUMBER']))
+ return ".".join([str(x) for x in obj['CKA_SERIAL_NUMBER']])
# Dirty file parser.
in_data, in_multiline, in_obj = False, False, False
-field, type, value, obj = None, None, None, dict()
+field, vtype, value, obj = None, None, None, dict()
for line in open('certdata.txt', 'r'):
# Ignore the file header.
if not in_data:
@@ -55,10 +55,10 @@
continue
if in_multiline:
if not line.startswith('END'):
-if type == 'MULTILINE_OCTAL':
+if vtype == 'MULTILINE_OCTAL':
line = line.strip()
-for i in re.finditer(r'\\([0-3][0-7][0-7])', line):
-value += chr(int(i.group(1), 8))
+numbers = [int(i.group(1), 8) for i in
re.finditer(r'\\([0-3][0-7][0-7])', line)]
+value += bytes(numbers)
else:
value += line
continue
@@ -69,19 +69,19 @@
in_obj = True
line_parts = line.strip().split(' ', 2)
if len(line_parts) > 2:
-field, type = line_parts[0:2]
+field, vtype = line_parts[0:2]
value = ' '.join(line_parts[2:])
elif len(line_parts) == 2:
-field, type = line_parts
+field, vtype = line_parts
value = None
else:
-raise NotImplementedError, 'line_parts < 2 not supported.\n' + line
-if type == 'MULTILINE_OCTAL':
+raise NotImplementedError('line_parts < 2 not supported.\n' + line)
+if vtype == 'MULTILINE_OCTAL':
in_multiline = True
-value = ""
+value = b""
continue
obj[field] = value
-if len(obj.items()) > 0:
+if obj:
objects.append(obj)
# Build up trust database.
@@ -91,7 +91,7 @@
continue
key = obj['CKA_LABEL'] + printable_serial(obj)
trustmap[key] = obj
-print " added trust", key
+print(" added trust", key)
# Build up cert database.
certmap = dict()
@@ -100,7 +100,7 @@
continue
key = obj['CKA_LABEL'] + printable_serial(obj)
certmap[key] = obj
-print " added cert", key
+print(" added cert", key)
def obj_to_filename(obj):
label = obj['CKA_LABEL'][1:-1]
@@ -109,7 +109,12 @@
.replace('(', '=')\
.replace(')', '=')\
.replace(',', '_')
-label = re.sub(r'\\x[0-9a-fA-F]{2}', lambda m:chr(int(m.group(0)[2:],
16)), label)
+# encode possible Unicode string to UTF8 bytes first
+label = label.encode("utf8")
+# decode hex escape sequences
+label = re.sub(rb'\\x[0-9a-fA-F]{2}', lambda m:bytes([int(m.group(0)[2:],
16)]), label)
+# read back UTF8 bytes
+label = label.decode("utf8")
commit ca-certificates-mozilla for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates-mozilla for openSUSE:Factory checked in at 2017-02-01 09:48:14 Comparing /work/SRC/openSUSE:Factory/ca-certificates-mozilla (Old) and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new (New) Package is "ca-certificates-mozilla" Changes: --- /work/SRC/openSUSE:Factory/ca-certificates-mozilla/ca-certificates-mozilla.changes 2016-04-11 09:14:27.0 +0200 +++ /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new/ca-certificates-mozilla.changes 2017-02-03 17:33:50.933415327 +0100 @@ -1,0 +2,75 @@ +Tue Jan 24 12:46:29 UTC 2017 - meiss...@suse.com + +- updated to 2.11 state of the Mozilla NSS Certificate store. +- removed CAs: + - Buypass_Class_2_CA_1:2.1.1.crt +serverAuth + - EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı:2.8.76.175.115.66.28.142.116.2.crt +codeSigning emailProtection serverAuth + - Equifax_Secure_CA:2.4.53.222.244.207.crt +emailProtection + - Equifax_Secure_eBusiness_CA_1:2.1.4.crt +emailProtection + - Equifax_Secure_Global_eBusiness_CA:2.1.1.crt +emailProtection + - IGC_A:2.5.57.17.69.16.148.crt +codeSigning emailProtection serverAuth + - Juur-SK:2.4.59.142.75.252.crt +codeSigning serverAuth + - Root_CA_Generalitat_Valenciana:2.4.59.69.229.104.crt +codeSigning emailProtection serverAuth + - RSA_Security_2048_v3:2.16.10.1.1.1.0.0.2.124.0.0.0.10.0.0.0.2.crt +codeSigning emailProtection serverAuth + - Sonera_Class_1_Root_CA:2.1.36.crt +emailProtection + - S-TRUST_Authentication_and_Encryption_Root_CA_2005_PN:2.16.55.25.24.230.83.84.124.26.181.184.203.89.90.219.53.183.crt +emailProtection + - Verisign_Class_1_Public_Primary_Certification_Authority:2.16.63.105.30.129.156.240.154.74.243.115.255.185.72.162.228.221.crt +emailProtection + - Verisign_Class_2_Public_Primary_Certification_Authority_-_G2:2.17.0.185.47.96.204.136.159.161.122.70.9.184.91.112.108.138.175.crt +emailProtection + - Verisign_Class_3_Public_Primary_Certification_Authority:2.16.112.186.228.29.16.217.41.52.182.56.202.123.3.204.186.191.crt +emailProtection +- added CAs: + + AC_RAIZ_FNMT-RCM:2.15.93.147.141.48.103.54.200.6.29.26.199.84.132.105.7.crt +serverAuth + + Amazon_Root_CA_1:2.19.6.108.159.207.153.191.140.10.57.226.240.120.138.67.230.150.54.91.202.crt +emailProtection serverAuth + + Amazon_Root_CA_2:2.19.6.108.159.210.150.53.134.159.10.15.229.134.120.248.91.38.187.138.55.crt +emailProtection serverAuth + + Amazon_Root_CA_3:2.19.6.108.159.213.116.151.54.102.63.59.11.154.217.232.158.118.3.242.74.crt +emailProtection serverAuth + + Amazon_Root_CA_4:2.19.6.108.159.215.193.187.16.76.41.67.229.113.123.123.44.200.26.193.14.crt +emailProtection serverAuth + + Certplus_Root_CA_G1:2.18.17.32.85.131.228.45.62.84.86.133.45.131.55.183.44.220.70.17.crt +emailProtection serverAuth + + Certplus_Root_CA_G2:2.18.17.32.217.145.206.174.163.232.197.231.255.233.2.175.207.115.188.85.crt +emailProtection serverAuth + + Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015:2.1.0.crt +emailProtection serverAuth + + Hellenic_Academic_and_Research_Institutions_RootCA_2015:2.1.0.crt +emailProtection serverAuth + + ISRG_Root_X1:2.17.0.130.16.207.176.210.64.227.89.68.99.224.187.99.130.139.0.crt (bsc#1010996) +serverAuth + + LuxTrust_Global_Root_2:2.20.10.126.166.223.75.68.158.218.106.36.133.158.230.184.21.211.22.127.187.177.crt +serverAuth + + OpenTrust_Root_CA_G1:2.18.17.32.179.144.85.57.125.127.54.109.100.194.167.159.107.99.142.103.crt +emailProtection serverAuth + + OpenTrust_Root_CA_G2:2.18.17.32.161.105.27.191.189.185.189.82.150.143.35.232.72.191.38.17.crt +emailProtection serverAuth + + OpenTrust_Root_CA_G3:2.18.17.32.230.248.76.252.36.176.190.5.64.172.218.131.27.52.96.63.crt +emailProtection serverAuth + + Symantec_Class_1_Public_Primary_Certification_Authority_-_G4:2.16.33.110.51.165.203.211.136.164.111.41.7.180.39.60.196.216.crt +emailProtection + + Symantec_Class_1_Public_Primary_Certification_Authority_-_G6:2.16.36.50.117.242.29.47.210.9.51.247.180.106.202.208.243.152.crt +emailProtection + + Symantec_Class_2_Public_Primary_Certification_Authority_-_G4:2.16.52.23.101.18.64.59.183.86.128.45.128.203.121.85.166.30.crt +emailProtection + + Symantec_Class_2_Public_Primary_Certification_Authority_-_G6:2.16.100.130.158.252.55.30.116.93.252.151.255.151.200.177.255.65.crt +emailProtection + +- diff-from-upstream-2.7.patch: removed as we should be able to do + intermediate root chains now with openssl 1.0.2 and also gnutls 3.5 + is able to do so. + +--- Old: diff-from-upstream-2.7.patch
commit ca-certificates-mozilla for openSUSE:Factory
Hello community,
here is the log from the commit of package ca-certificates-mozilla for
openSUSE:Factory checked in at 2016-04-11 09:13:55
Comparing /work/SRC/openSUSE:Factory/ca-certificates-mozilla (Old)
and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new (New)
Package is "ca-certificates-mozilla"
Changes:
---
/work/SRC/openSUSE:Factory/ca-certificates-mozilla/ca-certificates-mozilla.changes
2016-04-05 10:41:40.0 +0200
+++
/work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new/ca-certificates-mozilla.changes
2016-04-11 09:14:27.0 +0200
@@ -1,0 +2,6 @@
+Wed Apr 6 11:21:32 UTC 2016 - meiss...@suse.com
+
+- diff-from-upstream-2.7.patch: restore some important legacy
+ CAs, otherwise Pidgin fails to talk to Google Talk for instance.
+
+---
New:
diff-from-upstream-2.7.patch
Other differences:
--
++ ca-certificates-mozilla.spec ++
--- /var/tmp/diff_new_pack.PfJYNX/_old 2016-04-11 09:14:28.0 +0200
+++ /var/tmp/diff_new_pack.PfJYNX/_new 2016-04-11 09:14:28.0 +0200
@@ -49,9 +49,8 @@
Source11: %{name}.COPYING
Source12: compareoldnew
-# temporary legacy patch
-# openssl 1.0.2 should not need it anymore.
-# Patch0: diff-from-upstream-2.2.patch
+# openssl 1.0.2 might not need it anymore, but gnutls / pidgin does ...
+Patch0: diff-from-upstream-2.7.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildArch: noarch
@@ -72,7 +71,7 @@
%setup -qcT
/bin/cp %{SOURCE0} .
-#patch <%{PATCH0}
+patch <%{PATCH0}
install -m 644 %{SOURCE11} COPYING
ver=`sed -ne '/NSS_BUILTINS_LIBRARY_VERSION /s/.*"\(.*\)"/\1/p' < "%{SOURCE1}"`
++ diff-from-upstream-2.7.patch ++
1552 lines (skipped)
commit ca-certificates-mozilla for openSUSE:Factory
Hello community,
here is the log from the commit of package ca-certificates-mozilla for
openSUSE:Factory checked in at 2016-04-05 10:41:38
Comparing /work/SRC/openSUSE:Factory/ca-certificates-mozilla (Old)
and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new (New)
Package is "ca-certificates-mozilla"
Changes:
---
/work/SRC/openSUSE:Factory/ca-certificates-mozilla/ca-certificates-mozilla.changes
2015-01-20 12:26:33.0 +0100
+++
/work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new/ca-certificates-mozilla.changes
2016-04-05 10:41:40.0 +0200
@@ -1,0 +2,74 @@
+Thu Mar 31 13:07:40 UTC 2016 - meiss...@suse.com
+
+- Updated to 2.7.
+- diff-from-upstream-2.2.patch: removed as openssl 1.0.2 can do
+ immediate root CAs.
+
+- Removed server trust from:
+ AC Raíz Certicámara S.A.
+ ComSign Secured CA
+ NetLock Uzleti (Class B) Tanusitvanykiado
+ NetLock Business (Class B) Root
+ NetLock Expressz (Class C) Tanusitvanykiado
+ TC TrustCenter Class 3 CA II
+ TURKTRUST Certificate Services Provider Root 1
+ TURKTRUST Certificate Services Provider Root 2
+ Equifax Secure Global eBusiness CA-1
+ Verisign Class 4 Public Primary Certification Authority G3
+- enable server trust
+ Actalis Authentication Root CA
+- Deleted CAs:
+ A Trust nQual 03
+ Buypass Class 3 CA 1
+ CA Disig
+ Digital Signature Trust Co Global CA 1
+ Digital Signature Trust Co Global CA 3
+ E Guven Kok Elektronik Sertifika Hizmet Saglayicisi
+ NetLock Expressz (Class C) Tanusitvanykiado
+ NetLock Kozjegyzoi (Class A) Tanusitvanykiado
+ NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado
+ NetLock Uzleti (Class B) Tanusitvanykiado
+ SG TRUST SERVICES RACINE
+ Staat der Nederlanden Root CA
+ TC TrustCenter Class 2 CA II
+ TC TrustCenter Universal CA I
+ TDC Internet Root CA
+ UTN DATACorp SGC Root CA
+ Verisign Class 1 Public Primary Certification Authority - G2
+ Verisign Class 3 Public Primary Certification Authority
+ Verisign Class 3 Public Primary Certification Authority - G2
+
+- New added CAs:
+ CA WoSign ECC Root
+ Certification Authority of WoSign
+ Certification Authority of WoSign G2
+ Certinomis - Root CA
+ Certum Trusted Network CA 2
+ CFCA EV ROOT
+ COMODO RSA Certification Authority
+ DigiCert Assured ID Root G2
+ DigiCert Assured ID Root G3
+ DigiCert Global Root G2
+ DigiCert Global Root G3
+ DigiCert Trusted Root G4
+ Entrust Root Certification Authority - EC1
+ Entrust Root Certification Authority - G2
+ GlobalSign
+ GlobalSign
+ IdenTrust Commercial Root CA 1
+ IdenTrust Public Sector Root CA 1
+ OISTE WISeKey Global Root GB CA
+ QuoVadis Root CA 1 G3
+ QuoVadis Root CA 2 G3
+ QuoVadis Root CA 3 G3
+ Staat der Nederlanden EV Root CA
+ Staat der Nederlanden Root CA - G3
+ S-TRUST Universal Root CA
+ SZAFIR ROOT CA2
+ TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5
+ TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6
+ USERTrust ECC Certification Authority
+ USERTrust RSA Certification Authority
+ 沃通根证书
+
+---
Old:
diff-from-upstream-2.2.patch
Other differences:
--
++ ca-certificates-mozilla.spec ++
--- /var/tmp/diff_new_pack.WsHe3D/_old 2016-04-05 10:41:41.0 +0200
+++ /var/tmp/diff_new_pack.WsHe3D/_new 2016-04-05 10:41:41.0 +0200
@@ -1,7 +1,7 @@
#
# spec file for package ca-certificates-mozilla
#
-# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -26,7 +26,7 @@
Name: ca-certificates-mozilla
# Version number is NSS_BUILTINS_LIBRARY_VERSION in this file:
# http://hg.mozilla.org/projects/nss/file/default/lib/ckfw/builtins/nssckbi.h
-Version:2.2
+Version:2.7
Release:0
Summary:CA certificates for OpenSSL
License:MPL-2.0
@@ -50,7 +50,8 @@
Source12: compareoldnew
# temporary legacy patch
-Patch0: diff-from-upstream-2.2.patch
+# openssl 1.0.2 should not need it anymore.
+# Patch0: diff-from-upstream-2.2.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildArch: noarch
@@ -71,7 +72,7 @@
%setup -qcT
/bin/cp %{SOURCE0} .
-patch <%{PATCH0}
+#patch <%{PATCH0}
install -m 644 %{SOURCE11} COPYING
ver=`sed -ne '/NSS_BUILTINS_LIBRARY_VERSION /s/.*"\(.*\)"/\1/p' < "%{SOURCE1}"`
++ certdata.txt ++
6673 lines (skipped)
between /work/SRC/openSUSE:Factory/ca-certificates-mozilla/certdata.txt
and
commit ca-certificates-mozilla for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates-mozilla for openSUSE:Factory checked in at 2015-01-20 12:26:28 Comparing /work/SRC/openSUSE:Factory/ca-certificates-mozilla (Old) and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new (New) Package is ca-certificates-mozilla Changes: --- /work/SRC/openSUSE:Factory/ca-certificates-mozilla/ca-certificates-mozilla.changes 2014-09-08 21:28:21.0 +0200 +++ /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new/ca-certificates-mozilla.changes 2015-01-20 12:26:33.0 +0100 @@ -1,0 +2,81 @@ +Wed Jan 14 09:40:00 UTC 2015 - meiss...@suse.com + +- diff-from-upstream-2.2.patch: + Temporary reenable some root ca trusts, as openssl/gnutls + have trouble using intermediates as root CA. + + - GTE CyberTrust Global Root + - Thawte Server CA + - Thawte Premium Server CA + - ValiCert Class 1 VA + - ValiCert Class 2 VA + - RSA Root Certificate 1 + - Entrust.net Secure Server CA + - America Online Root Certification Authority 1 + - America Online Root Certification Authority 2 + +--- +Mon Jan 12 16:45:23 UTC 2015 - meiss...@suse.com + +- Updated to 2.2 (bnc#888534) + - The following CAs were removed: ++ America_Online_Root_Certification_Authority_1 ++ America_Online_Root_Certification_Authority_2 ++ GTE_CyberTrust_Global_Root ++ Thawte_Premium_Server_CA ++ Thawte_Server_CA + - The following CAs were added: ++ COMODO_RSA_Certification_Authority + codeSigning emailProtection serverAuth ++ GlobalSign_ECC_Root_CA_-_R4 + codeSigning emailProtection serverAuth ++ GlobalSign_ECC_Root_CA_-_R5 + codeSigning emailProtection serverAuth ++ USERTrust_ECC_Certification_Authority + codeSigning emailProtection serverAuth ++ USERTrust_RSA_Certification_Authority + codeSigning emailProtection serverAuth ++ VeriSign-C3SSA-G2-temporary-intermediate-after-1024bit-removal + - The following CAs were changed: ++ Equifax_Secure_eBusiness_CA_1 + remote code signing and https trust, leave email trust ++ Verisign_Class_3_Public_Primary_Certification_Authority_-_G2 + only trust emailProtection + +--- +Tue Aug 26 13:30:12 UTC 2014 - meiss...@suse.com + +- Updated to 2.1 (bnc#888534) + +- The following 1024-bit CA certificates were removed + - Entrust.net Secure Server Certification Authority + - ValiCert Class 1 Policy Validation Authority + - ValiCert Class 2 Policy Validation Authority + - ValiCert Class 3 Policy Validation Authority + - TDC Internet Root CA +- The following CA certificates were added: + - Certification Authority of WoSign + - CA 沃通根证书 + - DigiCert Assured ID Root G2 + - DigiCert Assured ID Root G3 + - DigiCert Global Root G2 + - DigiCert Global Root G3 + - DigiCert Trusted Root G4 + - QuoVadis Root CA 1 G3 + - QuoVadis Root CA 2 G3 + - QuoVadis Root CA 3 G3 +- The Trust Bits were changed for the following CA certificates + - Class 3 Public Primary Certification Authority + - Class 3 Public Primary Certification Authority + - Class 2 Public Primary Certification Authority - G2 + - VeriSign Class 2 Public Primary Certification Authority - G3 + - AC Raíz Certicámara S.A. + - NetLock Uzleti (Class B) Tanusitvanykiado + - NetLock Expressz (Class C) Tanusitvanykiado + +- certdata-temporary-1024.patch: restore some certificates removed + from NSS as these are still used for some major sites. + openssl is not as clever as NSS in selecting the new ones in the + chain correctly. + +--- New: diff-from-upstream-2.2.patch Other differences: -- ++ ca-certificates-mozilla.spec ++ --- /var/tmp/diff_new_pack.ILfgMR/_old 2015-01-20 12:26:37.0 +0100 +++ /var/tmp/diff_new_pack.ILfgMR/_new 2015-01-20 12:26:37.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package ca-certificates-mozilla # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -25,8 +25,8 @@ Name: ca-certificates-mozilla # Version number is NSS_BUILTINS_LIBRARY_VERSION in this file: -# https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/nssckbi.h -Version:1.97 +# http://hg.mozilla.org/projects/nss/file/default/lib/ckfw/builtins/nssckbi.h +Version:2.2 Release:0 Summary:
commit ca-certificates-mozilla for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates-mozilla for openSUSE:Factory checked in at 2014-09-08 21:28:14 Comparing /work/SRC/openSUSE:Factory/ca-certificates-mozilla (Old) and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new (New) Package is ca-certificates-mozilla Changes: --- /work/SRC/openSUSE:Factory/ca-certificates-mozilla/ca-certificates-mozilla.changes 2014-08-30 18:55:50.0 +0200 +++ /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new/ca-certificates-mozilla.changes 2014-09-08 21:28:21.0 +0200 @@ -2,31 +1,0 @@ -Tue Aug 26 13:30:12 UTC 2014 - meiss...@suse.com - -- Updated to 2.1 (bnc#888534) - -- The following 1024-bit CA certificates were removed - - Entrust.net Secure Server Certification Authority - - ValiCert Class 1 Policy Validation Authority - - ValiCert Class 2 Policy Validation Authority - - ValiCert Class 3 Policy Validation Authority - - TDC Internet Root CA -- The following CA certificates were added: - - Certification Authority of WoSign - - CA 沃通根证书 - - DigiCert Assured ID Root G2 - - DigiCert Assured ID Root G3 - - DigiCert Global Root G2 - - DigiCert Global Root G3 - - DigiCert Trusted Root G4 - - QuoVadis Root CA 1 G3 - - QuoVadis Root CA 2 G3 - - QuoVadis Root CA 3 G3 -- The Trust Bits were changed for the following CA certificates - - Class 3 Public Primary Certification Authority - - Class 3 Public Primary Certification Authority - - Class 2 Public Primary Certification Authority - G2 - - VeriSign Class 2 Public Primary Certification Authority - G3 - - AC Raíz Certicámara S.A. - - NetLock Uzleti (Class B) Tanusitvanykiado - - NetLock Expressz (Class C) Tanusitvanykiado - Other differences: -- ++ ca-certificates-mozilla.spec ++ --- /var/tmp/diff_new_pack.ifMzTp/_old 2014-09-08 21:28:22.0 +0200 +++ /var/tmp/diff_new_pack.ifMzTp/_new 2014-09-08 21:28:22.0 +0200 @@ -26,7 +26,7 @@ Name: ca-certificates-mozilla # Version number is NSS_BUILTINS_LIBRARY_VERSION in this file: # https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/nssckbi.h -Version:2.1 +Version:1.97 Release:0 Summary:CA certificates for OpenSSL License:MPL-2.0 ++ certdata.txt ++ 2788 lines (skipped) between /work/SRC/openSUSE:Factory/ca-certificates-mozilla/certdata.txt and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new/certdata.txt ++ nssckbi.h ++ --- /var/tmp/diff_new_pack.ifMzTp/_old 2014-09-08 21:28:22.0 +0200 +++ /var/tmp/diff_new_pack.ifMzTp/_new 2014-09-08 21:28:22.0 +0200 @@ -44,9 +44,9 @@ * whether we may use its full range (0-255) or only 0-99 because * of the comment in the CK_VERSION type definition. */ -#define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 2 -#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 1 -#define NSS_BUILTINS_LIBRARY_VERSION 2.1 +#define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 1 +#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 97 +#define NSS_BUILTINS_LIBRARY_VERSION 1.97 /* These version numbers detail the semantic changes to the ckfw engine. */ #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1 -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ca-certificates-mozilla for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates-mozilla for openSUSE:Factory checked in at 2014-08-30 18:55:49 Comparing /work/SRC/openSUSE:Factory/ca-certificates-mozilla (Old) and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new (New) Package is ca-certificates-mozilla Changes: --- /work/SRC/openSUSE:Factory/ca-certificates-mozilla/ca-certificates-mozilla.changes 2014-06-25 15:24:00.0 +0200 +++ /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new/ca-certificates-mozilla.changes 2014-08-30 18:55:50.0 +0200 @@ -1,0 +2,31 @@ +Tue Aug 26 13:30:12 UTC 2014 - meiss...@suse.com + +- Updated to 2.1 (bnc#888534) + +- The following 1024-bit CA certificates were removed + - Entrust.net Secure Server Certification Authority + - ValiCert Class 1 Policy Validation Authority + - ValiCert Class 2 Policy Validation Authority + - ValiCert Class 3 Policy Validation Authority + - TDC Internet Root CA +- The following CA certificates were added: + - Certification Authority of WoSign + - CA 沃通根证书 + - DigiCert Assured ID Root G2 + - DigiCert Assured ID Root G3 + - DigiCert Global Root G2 + - DigiCert Global Root G3 + - DigiCert Trusted Root G4 + - QuoVadis Root CA 1 G3 + - QuoVadis Root CA 2 G3 + - QuoVadis Root CA 3 G3 +- The Trust Bits were changed for the following CA certificates + - Class 3 Public Primary Certification Authority + - Class 3 Public Primary Certification Authority + - Class 2 Public Primary Certification Authority - G2 + - VeriSign Class 2 Public Primary Certification Authority - G3 + - AC Raíz Certicámara S.A. + - NetLock Uzleti (Class B) Tanusitvanykiado + - NetLock Expressz (Class C) Tanusitvanykiado + +--- Other differences: -- ++ ca-certificates-mozilla.spec ++ --- /var/tmp/diff_new_pack.f3j9RC/_old 2014-08-30 18:55:53.0 +0200 +++ /var/tmp/diff_new_pack.f3j9RC/_new 2014-08-30 18:55:53.0 +0200 @@ -26,7 +26,7 @@ Name: ca-certificates-mozilla # Version number is NSS_BUILTINS_LIBRARY_VERSION in this file: # https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/nssckbi.h -Version:1.97 +Version:2.1 Release:0 Summary:CA certificates for OpenSSL License:MPL-2.0 ++ certdata.txt ++ 2740 lines (skipped) between /work/SRC/openSUSE:Factory/ca-certificates-mozilla/certdata.txt and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new/certdata.txt ++ nssckbi.h ++ --- /var/tmp/diff_new_pack.f3j9RC/_old 2014-08-30 18:55:53.0 +0200 +++ /var/tmp/diff_new_pack.f3j9RC/_new 2014-08-30 18:55:53.0 +0200 @@ -44,9 +44,9 @@ * whether we may use its full range (0-255) or only 0-99 because * of the comment in the CK_VERSION type definition. */ -#define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 1 -#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 97 -#define NSS_BUILTINS_LIBRARY_VERSION 1.97 +#define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 2 +#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 1 +#define NSS_BUILTINS_LIBRARY_VERSION 2.1 /* These version numbers detail the semantic changes to the ckfw engine. */ #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1 -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ca-certificates-mozilla for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates-mozilla for openSUSE:Factory checked in at 2014-06-25 15:23:59 Comparing /work/SRC/openSUSE:Factory/ca-certificates-mozilla (Old) and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new (New) Package is ca-certificates-mozilla Changes: --- /work/SRC/openSUSE:Factory/ca-certificates-mozilla/ca-certificates-mozilla.changes 2014-06-18 10:59:45.0 +0200 +++ /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new/ca-certificates-mozilla.changes 2014-06-25 15:24:00.0 +0200 @@ -1,0 +2,5 @@ +Wed Jun 18 15:05:23 UTC 2014 - meiss...@suse.com + +- do not provide openssl-certs, just obsolete it. + +--- Other differences: -- ++ ca-certificates-mozilla.spec ++ --- /var/tmp/diff_new_pack.os8EJg/_old 2014-06-25 15:24:01.0 +0200 +++ /var/tmp/diff_new_pack.os8EJg/_new 2014-06-25 15:24:01.0 +0200 @@ -56,8 +56,8 @@ Requires(post):ca-certificates Requires(postun): ca-certificates # -Provides: openssl-certs = %version -Obsoletes: openssl-certs %version +# replaces this package from SLE11 times +Obsoletes: openssl-certs %description This package contains some CA root certificates for OpenSSL extracted -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ca-certificates-mozilla for openSUSE:Factory
Hello community,
here is the log from the commit of package ca-certificates-mozilla for
openSUSE:Factory checked in at 2014-06-18 10:59:38
Comparing /work/SRC/openSUSE:Factory/ca-certificates-mozilla (Old)
and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new (New)
Package is ca-certificates-mozilla
Changes:
---
/work/SRC/openSUSE:Factory/ca-certificates-mozilla/ca-certificates-mozilla.changes
2014-02-25 16:41:07.0 +0100
+++
/work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new/ca-certificates-mozilla.changes
2014-06-18 10:59:45.0 +0200
@@ -1,0 +2,17 @@
+Tue Jun 10 12:52:29 UTC 2014 - meiss...@suse.com
+
+- in sle11 we bumped openssl-certs version to match the NSS version,
+ so provide/obsolete the current version.
+
+---
+Wed Jun 4 08:21:33 UTC 2014 - lnus...@suse.de
+
+- updated certificates to revision 1.97 (bnc#881241)
+ new: Atos TrustedRoot 2011 (codeSigning emailProtection serverAuth)
+ new: Tugra Certification Authority (codeSigning serverAuth)
+ removed: Firmaprofesional Root CA
+ removed: TDC OCES Root CA
+ new: TeliaSonera Root CA v1 (emailProtection serverAuth)
+ new: T-TeleSec GlobalRoot Class 2 (emailProtection serverAuth)
+
+---
Other differences:
--
++ ca-certificates-mozilla.spec ++
--- /var/tmp/diff_new_pack.7dVaXR/_old 2014-06-18 10:59:46.0 +0200
+++ /var/tmp/diff_new_pack.7dVaXR/_new 2014-06-18 10:59:46.0 +0200
@@ -26,7 +26,7 @@
Name: ca-certificates-mozilla
# Version number is NSS_BUILTINS_LIBRARY_VERSION in this file:
#
https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/nssckbi.h
-Version:1.96
+Version:1.97
Release:0
Summary:CA certificates for OpenSSL
License:MPL-2.0
@@ -38,8 +38,10 @@
# - download the new certdata.txt
# wget -O certdata.txt
https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt;
# - run compareoldnew to show fingerprints of new and changed certificates
-# - check the bugs referenced in cvs log and compare the checksum
+# - check the bugs referenced in hg log and compare the checksum
# to output of compareoldnew
+# The correct history of the file is actually in the nss repo:
+#
http://hg.mozilla.org/projects/nss/log/8f026c806587/lib/ckfw/builtins/certdata.txt
# - Watch out that blacklisted or untrusted certificates are not
# accidentally included!
Source:
https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt
@@ -54,8 +56,8 @@
Requires(post):ca-certificates
Requires(postun): ca-certificates
#
-Provides: openssl-certs = 0.9.9
-Obsoletes: openssl-certs 0.9.9
+Provides: openssl-certs = %version
+Obsoletes: openssl-certs %version
%description
This package contains some CA root certificates for OpenSSL extracted
++ certdata.txt ++
1103 lines (skipped)
between /work/SRC/openSUSE:Factory/ca-certificates-mozilla/certdata.txt
and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new/certdata.txt
++ compareoldnew ++
--- /var/tmp/diff_new_pack.7dVaXR/_old 2014-06-18 10:59:46.0 +0200
+++ /var/tmp/diff_new_pack.7dVaXR/_new 2014-06-18 10:59:46.0 +0200
@@ -8,7 +8,8 @@
showcert()
{
openssl x509 -in $1 -noout -subject -fingerprint -nameopt
multiline,utf8,-esc_msb \
- | sed -ne 's/ *commonName *= / CN: /p; s/.*Fingerprint=/ sha1: /p'
+ | sed -ne 's/ *commonName *= / CN=/p; s/.*Fingerprint=/ sha1=/p'
+ sed -ne '/^# \(openssl\|distrust\|alias\)/s/^#/ /p' $1
}
cleanup
trap cleanup EXIT
@@ -32,13 +33,13 @@
new=$2
common=$3
if [ -n $old ]; then
- echo removed: $old
+ echo - $old
showcert old/$old
elif [ -n $new ]; then
- echo new: $new
+ echo + $new
showcert new/$new
elif ! cmp old/$common new/$common; then
- echo changed: $common
+ echo ~ $common
showcert old/$common
showcert new/$common
diff -u old/$common new/$common || true
++ nssckbi.h ++
--- /var/tmp/diff_new_pack.7dVaXR/_old 2014-06-18 10:59:46.0 +0200
+++ /var/tmp/diff_new_pack.7dVaXR/_new 2014-06-18 10:59:46.0 +0200
@@ -45,8 +45,8 @@
* of the comment in the CK_VERSION type definition.
*/
#define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 1
-#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 96
-#define
commit ca-certificates-mozilla for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates-mozilla for openSUSE:Factory checked in at 2014-02-25 16:41:06 Comparing /work/SRC/openSUSE:Factory/ca-certificates-mozilla (Old) and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new (New) Package is ca-certificates-mozilla Changes: --- /work/SRC/openSUSE:Factory/ca-certificates-mozilla/ca-certificates-mozilla.changes 2013-12-17 10:00:37.0 +0100 +++ /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new/ca-certificates-mozilla.changes 2014-02-25 16:41:07.0 +0100 @@ -1,0 +2,9 @@ +Fri Feb 21 16:18:35 UTC 2014 - meiss...@suse.com + +- updated certificates to revision 1.96 (bnc#865080) + new: ACCVRAIZ1.pem (Spain) (all trusts) + new: SG_TRUST_SERVICES_RACINE.pem (Singapore) (email signing only) + new: TWCA_Global_Root_CA.pem (Taiwanese) (all trusts) + removed: Wells_Fargo_Root_CA.pem + +--- Other differences: -- ++ ca-certificates-mozilla.spec ++ --- /var/tmp/diff_new_pack.EjUGmd/_old 2014-02-25 16:41:08.0 +0100 +++ /var/tmp/diff_new_pack.EjUGmd/_new 2014-02-25 16:41:08.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package ca-certificates-mozilla # -# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -26,7 +26,7 @@ Name: ca-certificates-mozilla # Version number is NSS_BUILTINS_LIBRARY_VERSION in this file: # https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/nssckbi.h -Version:1.95 +Version:1.96 Release:0 Summary:CA certificates for OpenSSL License:MPL-2.0 ++ certdata.txt ++ 5325 lines (skipped) between /work/SRC/openSUSE:Factory/ca-certificates-mozilla/certdata.txt and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new/certdata.txt ++ nssckbi.h ++ --- /var/tmp/diff_new_pack.EjUGmd/_old 2014-02-25 16:41:08.0 +0100 +++ /var/tmp/diff_new_pack.EjUGmd/_new 2014-02-25 16:41:08.0 +0100 @@ -45,8 +45,8 @@ * of the comment in the CK_VERSION type definition. */ #define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 1 -#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 95 -#define NSS_BUILTINS_LIBRARY_VERSION 1.95 +#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 96 +#define NSS_BUILTINS_LIBRARY_VERSION 1.96 /* These version numbers detail the semantic changes to the ckfw engine. */ #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1 -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ca-certificates-mozilla for openSUSE:Factory
Hello community,
here is the log from the commit of package ca-certificates-mozilla for
openSUSE:Factory checked in at 2013-12-17 10:00:36
Comparing /work/SRC/openSUSE:Factory/ca-certificates-mozilla (Old)
and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new (New)
Package is ca-certificates-mozilla
Changes:
---
/work/SRC/openSUSE:Factory/ca-certificates-mozilla/ca-certificates-mozilla.changes
2013-11-07 08:34:03.0 +0100
+++
/work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new/ca-certificates-mozilla.changes
2013-12-17 10:00:37.0 +0100
@@ -1,0 +2,12 @@
+Mon Dec 9 16:01:29 UTC 2013 - meiss...@suse.com
+
+- Updated to 1.95
+ Distrust a sub-ca that issued google.com certificates.
+ Distrusted AC DG Tresor SSL (bnc#854367)
+
+---
+Mon Dec 9 09:56:32 UTC 2013 - lnus...@suse.de
+
+- fix handling of certificates with same name (bnc#854163)
+
+---
Other differences:
--
++ ca-certificates-mozilla.spec ++
--- /var/tmp/diff_new_pack.FUEecT/_old 2013-12-17 10:00:38.0 +0100
+++ /var/tmp/diff_new_pack.FUEecT/_new 2013-12-17 10:00:38.0 +0100
@@ -26,7 +26,7 @@
Name: ca-certificates-mozilla
# Version number is NSS_BUILTINS_LIBRARY_VERSION in this file:
#
https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/nssckbi.h
-Version:1.94
+Version:1.95
Release:0
Summary:CA certificates for OpenSSL
License:MPL-2.0
@@ -94,10 +94,19 @@
[ -z $alias ] || args+=('-setalias' $alias)
echo $i ${args[*]}
+ fname=%{buildroot}/%{trustdir_static}$d/${i%%:*}.pem
+ if [ -e $fname ]; then
+ fname=${fname%.pem}
+ j=1
+ while [ -e $fname.$j.pem ]; do
+ j=$((j+1))
+ done
+ fname=$fname.$j.pem
+ fi
{
grep '^#' $i
openssl x509 -in $i ${args[@]}
- } %{buildroot}/%{trustdir_static}$d/${i%%:*}.pem
+ } $fname
done
for i in *.p11-kit ; do
install -m 644 $i %{buildroot}/%{trustdir_static}
++ certdata.txt ++
--- /var/tmp/diff_new_pack.FUEecT/_old 2013-12-17 10:00:38.0 +0100
+++ /var/tmp/diff_new_pack.FUEecT/_new 2013-12-17 10:00:38.0 +0100
@@ -12376,6 +12376,34 @@
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+# Distrust Distrusted AC DG Tresor SSL
+# Issuer: CN=AC DGTPE Signature Authentification,O=DGTPE,C=FR
+# Serial Number: 204199 (0x31da7)
+# Subject: CN=AC DG Tr..sor SSL,O=DG Tr..sor,C=FR
+# Not Valid Before: Thu Jul 18 10:05:28 2013
+# Not Valid After : Fri Jul 18 10:05:28 2014
+# Fingerprint (MD5): 3A:EA:9E:FC:00:0C:E2:06:6C:E0:AC:39:C1:31:DE:C8
+# Fingerprint (SHA1):
5C:E3:39:46:5F:41:A1:E4:23:14:9F:65:54:40:95:40:4D:E6:EB:E2
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 Distrusted AC DG Tresor SSL
+CKA_ISSUER MULTILINE_OCTAL
+\060\113\061\013\060\011\006\003\125\004\006\023\002\106\122\061
+\016\060\014\006\003\125\004\012\023\005\104\107\124\120\105\061
+\054\060\052\006\003\125\004\003\023\043\101\103\040\104\107\124
+\120\105\040\123\151\147\156\141\164\165\162\145\040\101\165\164
+\150\145\156\164\151\146\151\143\141\164\151\157\156
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\003\003\035\247
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
#
# Certificate Security Communication EV RootCA1
#
++ nssckbi.h ++
--- /var/tmp/diff_new_pack.FUEecT/_old 2013-12-17 10:00:38.0 +0100
+++ /var/tmp/diff_new_pack.FUEecT/_new 2013-12-17 10:00:38.0 +0100
@@ -45,8 +45,8 @@
* of the comment in the CK_VERSION type definition.
*/
#define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 1
-#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 94
-#define NSS_BUILTINS_LIBRARY_VERSION 1.94
+#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 95
+#define NSS_BUILTINS_LIBRARY_VERSION 1.95
/* These version numbers detail the semantic changes to the ckfw engine. */
#define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ca-certificates-mozilla for openSUSE:Factory
Hello community,
here is the log from the commit of package ca-certificates-mozilla for
openSUSE:Factory checked in at 2013-11-07 08:34:02
Comparing /work/SRC/openSUSE:Factory/ca-certificates-mozilla (Old)
and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new (New)
Package is ca-certificates-mozilla
Changes:
---
/work/SRC/openSUSE:Factory/ca-certificates-mozilla/ca-certificates-mozilla.changes
2013-08-30 11:33:03.0 +0200
+++
/work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new/ca-certificates-mozilla.changes
2013-11-07 08:34:03.0 +0100
@@ -1,0 +2,36 @@
+Tue Oct 29 13:52:16 UTC 2013 - meiss...@suse.com
+
+- Updated to 1.94
+ * new: CA_Disig_Root_R1:2.9.0.195.3.154.238.80.144.110.40.crt
+server auth, code signing, email signing
+ * new: CA_Disig_Root_R2:2.9.0.146.184.136.219.176.138.193.99.crt
+server auth, code signing, email signing
+ * new:
China_Internet_Network_Information_Center_EV_Certificates_Root:2.4.72.159.0.1.crt
+server auth
+ * changed: Digital_Signature_Trust_Co._Global_CA_1:2.4.54.112.21.150.crt
+removed code signing and server auth abilities
+ * changed: Digital_Signature_Trust_Co._Global_CA_3:2.4.54.110.211.206.crt
+removed code signing and server auth abilities
+ * new: D-TRUST_Root_Class_3_CA_2_2009:2.3.9.131.243.crt
+server auth
+ * new: D-TRUST_Root_Class_3_CA_2_EV_2009:2.3.9.131.244.crt
+server auth
+ * removed: Entrust.net_Premium_2048_Secure_Server_CA:2.4.56.99.185.102.crt
+ * new: Entrust.net_Premium_2048_Secure_Server_CA:2.4.56.99.222.248.crt
+I think the missing flags were adjusted.
+ * removed: Equifax_Secure_eBusiness_CA_2:2.4.55.112.207.181.crt
+ * new: PSCProcert:2.1.11.crt
+server auth, code signing, email signing
+ * new:
Swisscom_Root_CA_2:2.16.30.158.40.232.72.242.229.239.195.124.74.30.90.24.103.182.crt
+server auth, code signing, email signing
+ * new:
Swisscom_Root_EV_CA_2:2.17.0.242.250.100.226.116.99.211.141.253.16.29.4.31.118.202.88.crt
+server auth, code signing
+ * changed:
TC_TrustCenter_Universal_CA_III:2.14.99.37.0.1.0.2.20.141.51.21.2.228.108.244.crt
+removed all abilities
+ * new: TURKTRUST_Certificate_Services_Provider_Root_2007:2.1.1.crt
+server auth, code signing
+ * changed: TWCA_Root_Certification_Authority:2.1.1.crt
+added code signing ability
+- removed temporary Entrust.net_Premium_2048_Secure_Server_CA.p11-kit override.
+
+---
Old:
Entrust.net_Premium_2048_Secure_Server_CA.p11-kit
Other differences:
--
++ ca-certificates-mozilla.spec ++
--- /var/tmp/diff_new_pack.kQkFw5/_old 2013-11-07 08:34:04.0 +0100
+++ /var/tmp/diff_new_pack.kQkFw5/_new 2013-11-07 08:34:04.0 +0100
@@ -26,7 +26,7 @@
Name: ca-certificates-mozilla
# Version number is NSS_BUILTINS_LIBRARY_VERSION in this file:
#
https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/nssckbi.h
-Version:1.93
+Version:1.94
Release:0
Summary:CA certificates for OpenSSL
License:MPL-2.0
@@ -48,11 +48,6 @@
Source10: certdata2pem.py
Source11: %{name}.COPYING
Source12: compareoldnew
-# make p11-kit think there are basic constraints in the Entrust
-# cert (https://bugs.freedesktop.org/show_bug.cgi?id=62064)
-# Remove after the updated cert is accepted into NSS
-# https://bugzilla.mozilla.org/show_bug.cgi?id=694536
-Source99: Entrust.net_Premium_2048_Secure_Server_CA.p11-kit
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildArch: noarch
# for update-ca-certificates
@@ -104,7 +99,7 @@
openssl x509 -in $i ${args[@]}
} %{buildroot}/%{trustdir_static}$d/${i%%:*}.pem
done
-for i in *.p11-kit %{SOURCE99}; do
+for i in *.p11-kit ; do
install -m 644 $i %{buildroot}/%{trustdir_static}
done
set -x
++ certdata.txt ++
1838 lines (skipped)
between /work/SRC/openSUSE:Factory/ca-certificates-mozilla/certdata.txt
and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new/certdata.txt
++ nssckbi.h ++
--- /var/tmp/diff_new_pack.kQkFw5/_old 2013-11-07 08:34:04.0 +0100
+++ /var/tmp/diff_new_pack.kQkFw5/_new 2013-11-07 08:34:04.0 +0100
@@ -45,8 +45,8 @@
* of the comment in the CK_VERSION type definition.
*/
#define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 1
-#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 93
-#define NSS_BUILTINS_LIBRARY_VERSION 1.93
+#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 94
+#define NSS_BUILTINS_LIBRARY_VERSION 1.94
/* These version numbers detail the semantic changes to the ckfw engine. */
#define
commit ca-certificates-mozilla for openSUSE:Factory
Hello community,
here is the log from the commit of package ca-certificates-mozilla for
openSUSE:Factory checked in at 2013-08-30 11:33:02
Comparing /work/SRC/openSUSE:Factory/ca-certificates-mozilla (Old)
and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new (New)
Package is ca-certificates-mozilla
Changes:
---
/work/SRC/openSUSE:Factory/ca-certificates-mozilla/ca-certificates-mozilla.changes
2013-07-25 13:18:19.0 +0200
+++
/work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new/ca-certificates-mozilla.changes
2013-08-30 11:33:03.0 +0200
@@ -1,0 +2,5 @@
+Mon Aug 19 13:07:07 UTC 2013 - lnus...@suse.de
+
+- update Entrust root attributes to new format used by p11-kit
+
+---
Old:
Entrust_net_Premium_2048_Secure_Server_CA.p11-kit
New:
Entrust.net_Premium_2048_Secure_Server_CA.p11-kit
Other differences:
--
++ ca-certificates-mozilla.spec ++
--- /var/tmp/diff_new_pack.ptZvju/_old 2013-08-30 11:33:03.0 +0200
+++ /var/tmp/diff_new_pack.ptZvju/_new 2013-08-30 11:33:03.0 +0200
@@ -52,7 +52,7 @@
# cert (https://bugs.freedesktop.org/show_bug.cgi?id=62064)
# Remove after the updated cert is accepted into NSS
# https://bugzilla.mozilla.org/show_bug.cgi?id=694536
-Source99: Entrust_net_Premium_2048_Secure_Server_CA.p11-kit
+Source99: Entrust.net_Premium_2048_Secure_Server_CA.p11-kit
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildArch: noarch
# for update-ca-certificates
++ Entrust_net_Premium_2048_Secure_Server_CA.p11-kit -
Entrust.net_Premium_2048_Secure_Server_CA.p11-kit ++
---
/work/SRC/openSUSE:Factory/ca-certificates-mozilla/Entrust_net_Premium_2048_Secure_Server_CA.p11-kit
2013-07-25 13:18:19.0 +0200
+++
/work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new/Entrust.net_Premium_2048_Secure_Server_CA.p11-kit
2013-08-30 11:33:03.0 +0200
@@ -1,8 +1,8 @@
[p11-kit-object-v1]
label: Add missing BasicConstraints for Entrust root
id: %55%e4%81%d1%11%80%be%d8%89%b9%08%a3%31%f9%a1%24%09%16%b9%70
+x-public-key-info:
%30%82%01%22%30%0d%06%09%2a%86%48%86%f7%0d%01%01%01%05%00%03%82%01%0f%00%30%82%01%0a%02%82%01%01%00%ad%4d%4b%a9%12%86%b2%ea%a3%20%07%15%16%64%2a%2b%4b%d1%bf%0b%4a%4d%8e%ed%80%76%a5%67%b7%78%40%c0%73%42%c8%68%c0%db%53%2b%dd%5e%b8%76%98%35%93%8b%1a%9d%7c%13%3a%0e%1f%5b%b7%1e%cf%e5%24%14%1e%b1%81%a9%8d%7d%b8%cc%6b%4b%03%f1%02%0c%dc%ab%a5%40%24%00%7f%74%94%a1%9d%08%29%b3%88%0b%f5%87%77%9d%55%cd%e4%c3%7e%d7%6a%64%ab%85%14%86%95%5b%97%32%50%6f%3d%c8%ba%66%0c%e3%fc%bd%b8%49%c1%76%89%49%19%fd%c0%a8%bd%89%a3%67%2f%c6%9f%bc%71%19%60%b8%2d%e9%2c%c9%90%76%66%7b%94%e2%af%78%d6%65%53%5d%3c%d6%9c%b2%cf%29%03%f9%2f%a4%50%b2%d4%48%ce%05%32%55%8a%fd%b2%64%4c%0e%e4%98%07%75%db%7f%df%b9%08%55%60%85%30%29%f9%7b%48%a4%69%86%e3%35%3f%1e%86%5d%7a%7a%15%bd%ef%00%8e%15%22%54%17%00%90%26%93%bc%0e%49%68%91%bf%f8%47%d3%9d%95%42%c1%0e%4d%df%6f%26%cf%c3%18%21%62%66%43%70%d6%d5%c0%07%e1%02%03%01%00%01
class: x-certificate-extension
object-id: 2.5.29.19
-x-critical: true
-value: %30%03%01%01%FF
+value: %30%0f%06%03%55%1d%13%01%01%ff%04%05%30%03%01%01%ff
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ca-certificates-mozilla for openSUSE:Factory
Hello community,
here is the log from the commit of package ca-certificates-mozilla for
openSUSE:Factory checked in at 2013-07-25 13:18:17
Comparing /work/SRC/openSUSE:Factory/ca-certificates-mozilla (Old)
and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new (New)
Package is ca-certificates-mozilla
Changes:
---
/work/SRC/openSUSE:Factory/ca-certificates-mozilla/ca-certificates-mozilla.changes
2013-07-03 10:15:10.0 +0200
+++
/work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new/ca-certificates-mozilla.changes
2013-07-25 13:18:19.0 +0200
@@ -1,0 +2,15 @@
+Wed Jul 24 15:05:31 UTC 2013 - lnus...@suse.de
+
+- remove superfluous double quotes from certificate names
+
+---
+Wed Jul 24 14:21:18 UTC 2013 - lnus...@suse.de
+
+- add fake basic contraints to Entrust root so p11-kit export the cert
+ (bnc#829471)
+- add nssckbi.h that matches certdata.txt; make sure package has the
+ correct version number which is currently 1.93. No actual content
+ change in certdata.txt compared to 1.85, it's just that the
+ versioning scheme changed.
+
+---
New:
Entrust_net_Premium_2048_Secure_Server_CA.p11-kit
nssckbi.h
Other differences:
--
++ ca-certificates-mozilla.spec ++
--- /var/tmp/diff_new_pack.kNIjM0/_old 2013-07-25 13:18:21.0 +0200
+++ /var/tmp/diff_new_pack.kNIjM0/_new 2013-07-25 13:18:21.0 +0200
@@ -24,28 +24,35 @@
BuildRequires: python
Name: ca-certificates-mozilla
-Version:1.85
+# Version number is NSS_BUILTINS_LIBRARY_VERSION in this file:
+#
https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/nssckbi.h
+Version:1.93
Release:0
Summary:CA certificates for OpenSSL
License:MPL-2.0
Group: Productivity/Networking/Security
Url:http://www.mozilla.org
# IMPORTANT: procedure to update certificates:
-# - Check the CVS log of the cert file:
-#
http://bonsai.mozilla.org/cvslog.cgi?file=mozilla/security/nss/lib/ckfw/builtins/certdata.txtrev=HEAD
-# Alternatively hg:
+# - Check the log of the cert file:
#
http://hg.mozilla.org/releases/mozilla-release/file/tip/security/nss/lib/ckfw/builtins/certdata.txt
# - download the new certdata.txt
-# wget -O certdata.txt
http://mxr.mozilla.org/mozilla/source//security/nss/lib/ckfw/builtins/certdata.txt?raw=1;
+# wget -O certdata.txt
https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt;
# - run compareoldnew to show fingerprints of new and changed certificates
# - check the bugs referenced in cvs log and compare the checksum
# to output of compareoldnew
# - Watch out that blacklisted or untrusted certificates are not
# accidentally included!
-Source: certdata.txt
-Source1:certdata2pem.py
-Source2:%{name}.COPYING
-Source3:compareoldnew
+Source:
https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt
+Source1:
https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/nssckbi.h
+# from Fedora. Note: currently contains extra fix to remove quotes. Pending
upstream approval.
+Source10: certdata2pem.py
+Source11: %{name}.COPYING
+Source12: compareoldnew
+# make p11-kit think there are basic constraints in the Entrust
+# cert (https://bugs.freedesktop.org/show_bug.cgi?id=62064)
+# Remove after the updated cert is accepted into NSS
+# https://bugzilla.mozilla.org/show_bug.cgi?id=694536
+Source99: Entrust_net_Premium_2048_Secure_Server_CA.p11-kit
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildArch: noarch
# for update-ca-certificates
@@ -64,10 +71,15 @@
%prep
%setup -qcT
/bin/cp %{SOURCE0} .
-install -m 644 %{SOURCE2} COPYING
+install -m 644 %{SOURCE11} COPYING
+ver=`sed -ne '/NSS_BUILTINS_LIBRARY_VERSION /s/.*\(.*\)/\1/p' %{SOURCE1}`
+if [ %{version} != $ver ]; then
+ echo *** Version number mismatch: spec file should be version $ver
+ false
+fi
%build
-python %{SOURCE1}
+python %{SOURCE10}
%install
mkdir -p %{buildroot}/%{trustdir_static}/anchors
@@ -92,7 +104,7 @@
openssl x509 -in $i ${args[@]}
} %{buildroot}/%{trustdir_static}$d/${i%%:*}.pem
done
-for i in *.p11-kit; do
+for i in *.p11-kit %{SOURCE99}; do
install -m 644 $i %{buildroot}/%{trustdir_static}
done
set -x
++ Entrust_net_Premium_2048_Secure_Server_CA.p11-kit ++
[p11-kit-object-v1]
label: Add missing BasicConstraints for Entrust root
id:
commit ca-certificates-mozilla for openSUSE:Factory
Hello community,
here is the log from the commit of package ca-certificates-mozilla for
openSUSE:Factory checked in at 2013-07-03 10:15:09
Comparing /work/SRC/openSUSE:Factory/ca-certificates-mozilla (Old)
and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new (New)
Package is ca-certificates-mozilla
Changes:
---
/work/SRC/openSUSE:Factory/ca-certificates-mozilla/ca-certificates-mozilla.changes
2013-06-25 14:38:56.0 +0200
+++
/work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new/ca-certificates-mozilla.changes
2013-07-03 10:15:10.0 +0200
@@ -1,0 +2,5 @@
+Thu Jun 27 16:03:05 UTC 2013 - lnus...@suse.de
+
+- use certdata2pem.py from Fedora to extract all certs
+
+---
Old:
extractcerts.pl
New:
certdata2pem.py
Other differences:
--
++ ca-certificates-mozilla.spec ++
--- /var/tmp/diff_new_pack.UaAAam/_old 2013-07-03 10:15:11.0 +0200
+++ /var/tmp/diff_new_pack.UaAAam/_new 2013-07-03 10:15:11.0 +0200
@@ -16,17 +16,12 @@
#
-%if 0%{?suse_version} 1310
-%bcond_with trustedcerts
-%define certdir %{_datadir}/ca-certificates/mozilla
-%else
-%bcond_without trustedcerts
-%define certdir %{trustdir_static}/anchors
+%define certdir %{trustdir_static}
BuildRequires: p11-kit-devel
-%endif
BuildRequires: ca-certificates
BuildRequires: openssl
+BuildRequires: python
Name: ca-certificates-mozilla
Version:1.85
@@ -48,7 +43,7 @@
# - Watch out that blacklisted or untrusted certificates are not
# accidentally included!
Source: certdata.txt
-Source1:extractcerts.pl
+Source1:certdata2pem.py
Source2:%{name}.COPYING
Source3:compareoldnew
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -69,35 +64,36 @@
%prep
%setup -qcT
/bin/cp %{SOURCE0} .
-install -m 644 %{S:1} COPYING
+install -m 644 %{SOURCE2} COPYING
%build
-perl %{SOURCE1} --trustbits certdata.txt
+python %{SOURCE1}
%install
-mkdir -p %{buildroot}/%{certdir}
+mkdir -p %{buildroot}/%{trustdir_static}/anchors
set +x
-for i in *.pem; do
+for i in *.crt; do
args=()
trust=`sed -n '/^# openssl-trust=/{s/^.*=//;p;q;}' $i`
+ distrust=`sed -n '/^# openssl-distrust=/{s/^.*=//;p;q;}' $i`
alias=`sed -n '/^# alias=/{s/^.*=//;p;q;}' $i`
-%if %{with trustedcerts}
args+=('-trustout')
for t in $trust; do
args+=(-addtrust $t)
done
+ for t in $distrust; do
+ args+=(-addreject $t)
+ done
[ -z $alias ] || args+=('-setalias' $alias)
-%else
- case $trust in
- *serverAuth*) ;;
- *) echo skipping $i, not trusted for serverAuth; continue ;;
- esac
-%endif
- echo $i
+
+ echo $i ${args[*]}
{
grep '^#' $i
openssl x509 -in $i ${args[@]}
- } %{buildroot}/%{certdir}/$i
+ } %{buildroot}/%{trustdir_static}$d/${i%%:*}.pem
+done
+for i in *.p11-kit; do
+ install -m 644 $i %{buildroot}/%{trustdir_static}
done
set -x
@@ -110,6 +106,6 @@
%files
%defattr(-, root, root)
%doc COPYING
-%{certdir}
+%{trustdir_static}
%changelog
++ certdata2pem.py ++
#!/usr/bin/python
# vim:set et sw=4:
#
# certdata2pem.py - splits certdata.txt into multiple files
#
# Copyright (C) 2009 Philipp Kern pk...@debian.org
# Copyright (C) 2013 Kai Engert k...@redhat.com
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301,
# USA.
import base64
import os.path
import re
import sys
import textwrap
import urllib
objects = []
def printable_serial(obj):
return ..join(map(lambda x:str(ord(x)), obj['CKA_SERIAL_NUMBER']))
# Dirty file parser.
in_data, in_multiline, in_obj = False, False, False
field, type, value, obj = None, None, None, dict()
for line in open('certdata.txt', 'r'):
# Ignore the file header.
if not in_data:
if line.startswith('BEGINDATA'):
in_data = True
continue
# Ignore comment lines.
if line.startswith('#'):
continue
# Empty
commit ca-certificates-mozilla for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates-mozilla for openSUSE:Factory checked in at 2013-01-04 11:35:08 Comparing /work/SRC/openSUSE:Factory/ca-certificates-mozilla (Old) and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new (New) Package is ca-certificates-mozilla, Maintainer is Changes: --- /work/SRC/openSUSE:Factory/ca-certificates-mozilla/ca-certificates-mozilla.changes 2012-10-12 07:48:21.0 +0200 +++ /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new/ca-certificates-mozilla.changes 2013-01-04 11:36:10.0 +0100 @@ -1,0 +2,8 @@ +Thu Jan 3 19:16:01 UTC 2013 - idon...@suse.com + +- update certificates to revision 1.87 (bnc#796628) + * new EE Certification Centre Root CA + * new T-TeleSec GlobalRoot Class 3 + * revoke mis-issued intermediate CAs from TURKTRUST + +--- Other differences: -- ++ ca-certificates-mozilla.spec ++ --- /var/tmp/diff_new_pack.jA1Zd0/_old 2013-01-04 11:36:12.0 +0100 +++ /var/tmp/diff_new_pack.jA1Zd0/_new 2013-01-04 11:36:12.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package ca-certificates-mozilla # -# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed ++ certdata.txt ++ --- /var/tmp/diff_new_pack.jA1Zd0/_old 2013-01-04 11:36:12.0 +0100 +++ /var/tmp/diff_new_pack.jA1Zd0/_new 2013-01-04 11:36:12.0 +0100 @@ -2,7 +2,7 @@ # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -CVS_ID @(#) $RCSfile: certdata.txt,v $ $Revision: 1.85 $ $Date: 2012/06/28 13:50:18 $ +CVS_ID @(#) $RCSfile: certdata.txt,v $ $Revision: 1.87 $ $Date: 2012/12/29 16:32:45 $ # # certdata.txt @@ -24422,3 +24422,364 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate T-TeleSec GlobalRoot Class 3 +# +# Issuer: CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE +# Serial Number: 1 (0x1) +# Subject: CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE +# Not Valid Before: Wed Oct 01 10:29:56 2008 +# Not Valid After : Sat Oct 01 23:59:59 2033 +# Fingerprint (MD5): CA:FB:40:A8:4E:39:92:8A:1D:FE:8E:2F:C4:27:EA:EF +# Fingerprint (SHA1): 55:A6:72:3E:CB:F2:EC:CD:C3:23:74:70:19:9D:2A:BE:11:E3:81:D1 +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 T-TeleSec GlobalRoot Class 3 +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\201\202\061\013\060\011\006\003\125\004\006\023\002\104\105 +\061\053\060\051\006\003\125\004\012\014\042\124\055\123\171\163 +\164\145\155\163\040\105\156\164\145\162\160\162\151\163\145\040 +\123\145\162\166\151\143\145\163\040\107\155\142\110\061\037\060 +\035\006\003\125\004\013\014\026\124\055\123\171\163\164\145\155 +\163\040\124\162\165\163\164\040\103\145\156\164\145\162\061\045 +\060\043\006\003\125\004\003\014\034\124\055\124\145\154\145\123 +\145\143\040\107\154\157\142\141\154\122\157\157\164\040\103\154 +\141\163\163\040\063 +END +CKA_ID UTF8 0 +CKA_ISSUER MULTILINE_OCTAL +\060\201\202\061\013\060\011\006\003\125\004\006\023\002\104\105 +\061\053\060\051\006\003\125\004\012\014\042\124\055\123\171\163 +\164\145\155\163\040\105\156\164\145\162\160\162\151\163\145\040 +\123\145\162\166\151\143\145\163\040\107\155\142\110\061\037\060 +\035\006\003\125\004\013\014\026\124\055\123\171\163\164\145\155 +\163\040\124\162\165\163\164\040\103\145\156\164\145\162\061\045 +\060\043\006\003\125\004\003\014\034\124\055\124\145\154\145\123 +\145\143\040\107\154\157\142\141\154\122\157\157\164\040\103\154 +\141\163\163\040\063 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\001\001 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\003\303\060\202\002\253\240\003\002\001\002\002\001\001 +\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060 +\201\202\061\013\060\011\006\003\125\004\006\023\002\104\105\061 +\053\060\051\006\003\125\004\012\014\042\124\055\123\171\163\164 +\145\155\163\040\105\156\164\145\162\160\162\151\163\145\040\123 +\145\162\166\151\143\145\163\040\107\155\142\110\061\037\060\035
commit ca-certificates-mozilla for openSUSE:Factory
Hello community,
here is the log from the commit of package ca-certificates-mozilla for
openSUSE:Factory checked in at 2012-10-12 07:41:46
Comparing /work/SRC/openSUSE:Factory/ca-certificates-mozilla (Old)
and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new (New)
Package is ca-certificates-mozilla, Maintainer is
Changes:
---
/work/SRC/openSUSE:Factory/ca-certificates-mozilla/ca-certificates-mozilla.changes
2012-05-08 12:09:17.0 +0200
+++
/work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new/ca-certificates-mozilla.changes
2012-10-12 07:48:21.0 +0200
@@ -1,0 +2,16 @@
+Wed Oct 10 14:50:00 UTC 2012 - meiss...@suse.com
+
+- updated certificates to revision 1.85 (bnc#783509)
+ * new Actalis Authentication Root CA
+ * new Trustis FPS Root CA
+ * new StartCom Certification Authority
+ * new StartCom Certification Authority G2
+ * new Buypass Class 2 Root CA
+ * new Buypass Class 3 Root CA
+ * updated: Sonera Class2 CA: remove code-signing
+ * updated: thawte Primary Root CA: added code-signing
+ * updated: Trustis_FPS_Root_CA.pem: added code-signing
+ * updated: VeriSign Class 3 Public Primary Certification Authority - G5:
+added code-signing, email-protection
+
+---
Other differences:
--
++ ca-certificates-mozilla.spec ++
--- /var/tmp/diff_new_pack.F9itlU/_old 2012-10-12 07:48:23.0 +0200
+++ /var/tmp/diff_new_pack.F9itlU/_new 2012-10-12 07:48:23.0 +0200
@@ -22,7 +22,7 @@
Name: ca-certificates-mozilla
%define sslusrdir %{_datadir}/ca-certificates
-Version:1.76
+Version:1.85
Release:0
Summary:CA certificates for OpenSSL
License:MPL-2.0
++ certdata.txt ++
1558 lines (skipped)
between /work/SRC/openSUSE:Factory/ca-certificates-mozilla/certdata.txt
and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new/certdata.txt
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ca-certificates-mozilla for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates-mozilla for openSUSE:Factory checked in at 2012-02-08 15:34:34 Comparing /work/SRC/openSUSE:Factory/ca-certificates-mozilla (Old) and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new (New) Package is ca-certificates-mozilla, Maintainer is Changes: --- /work/SRC/openSUSE:Factory/ca-certificates-mozilla/ca-certificates-mozilla.changes 2012-01-17 16:04:25.0 +0100 +++ /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new/ca-certificates-mozilla.changes 2012-02-08 15:34:36.0 +0100 @@ -1,0 +2,6 @@ +Fri Jan 13 08:52:29 UTC 2012 - cfarr...@suse.com + +- license update: MPL-1.1 or GPL-2.0+ or LGPL-2.1+ + SPDX format and correct GPL and LGPL tags to include or later + +--- Other differences: -- ++ ca-certificates-mozilla.spec ++ --- /var/tmp/diff_new_pack.4hrBPS/_old 2012-02-08 15:34:37.0 +0100 +++ /var/tmp/diff_new_pack.4hrBPS/_new 2012-02-08 15:34:37.0 +0100 @@ -24,7 +24,7 @@ Version:1.76 Release:0 Summary:CA certificates for OpenSSL -License:BSD-3-Clause ; MPL-1.1 and GPL-2.0 and LGPL-2.1 +License:MPL-1.1 or GPL-2.0+ or LGPL-2.1+ Group: Productivity/Networking/Security Url:http://www.mozilla.org # IMPORTANT: procedure to update certificates: -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ca-certificates-mozilla for openSUSE:Factory
Hello community,
here is the log from the commit of package ca-certificates-mozilla for
openSUSE:Factory checked in at 2012-01-17 11:32:08
Comparing /work/SRC/openSUSE:Factory/ca-certificates-mozilla (Old)
and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new (New)
Package is ca-certificates-mozilla, Maintainer is
Changes:
---
/work/SRC/openSUSE:Factory/ca-certificates-mozilla/ca-certificates-mozilla.changes
2011-09-23 01:53:04.0 +0200
+++
/work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new/ca-certificates-mozilla.changes
2012-01-17 16:04:25.0 +0100
@@ -1,0 +2,5 @@
+Thu Jan 12 11:30:31 UTC 2012 - co...@suse.com
+
+- change license to be in spdx.org format
+
+---
Other differences:
--
++ ca-certificates-mozilla.spec ++
--- /var/tmp/diff_new_pack.5PKS2P/_old 2012-01-17 16:04:26.0 +0100
+++ /var/tmp/diff_new_pack.5PKS2P/_new 2012-01-17 16:04:26.0 +0100
@@ -1,7 +1,7 @@
#
# spec file for package ca-certificates-mozilla
#
-# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -15,18 +15,17 @@
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
-
%bcond_with trustedcerts
BuildRequires: openssl
Name: ca-certificates-mozilla
%define sslusrdir %{_datadir}/ca-certificates
-License:BSD3c(or similar) ; MPL 1.1/GPL 2.0/LGPL 2.1
-Group: Productivity/Networking/Security
Version:1.76
-Release:1
+Release:0
Summary:CA certificates for OpenSSL
+License:BSD-3-Clause ; MPL-1.1 and GPL-2.0 and LGPL-2.1
+Group: Productivity/Networking/Security
Url:http://www.mozilla.org
# IMPORTANT: procedure to update certificates:
# - Check the CVS log of the cert file:
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ca-certificates-mozilla for openSUSE:Factory
Hello community,
here is the log from the commit of package ca-certificates-mozilla for
openSUSE:Factory
checked in at Wed Sep 21 16:56:36 CEST 2011.
--- ca-certificates-mozilla/ca-certificates-mozilla.changes 2011-08-31
11:03:51.0 +0200
+++
/mounts/work_src_done/STABLE/ca-certificates-mozilla/ca-certificates-mozilla.changes
2011-09-17 23:58:41.0 +0200
@@ -1,0 +2,5 @@
+Sat Sep 17 21:58:34 UTC 2011 - jeng...@medozas.de
+
+- Remove redundant tags/sections from specfile
+
+---
calling whatdependson for head-i586
Other differences:
--
++ ca-certificates-mozilla.spec ++
--- /var/tmp/diff_new_pack.k8eDkP/_old 2011-09-21 16:56:33.0 +0200
+++ /var/tmp/diff_new_pack.k8eDkP/_new 2011-09-21 16:56:33.0 +0200
@@ -15,7 +15,6 @@
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
-# norootforbuild
%bcond_with trustedcerts
@@ -25,7 +24,6 @@
%define sslusrdir %{_datadir}/ca-certificates
License:BSD3c(or similar) ; MPL 1.1/GPL 2.0/LGPL 2.1
Group: Productivity/Networking/Security
-AutoReqProv:on
Version:1.76
Release:1
Summary:CA certificates for OpenSSL
@@ -33,6 +31,8 @@
# IMPORTANT: procedure to update certificates:
# - Check the CVS log of the cert file:
#
http://bonsai.mozilla.org/cvslog.cgi?file=mozilla/security/nss/lib/ckfw/builtins/certdata.txtrev=HEAD
+# Alternatively hg:
+#
http://hg.mozilla.org/releases/mozilla-release/file/tip/security/nss/lib/ckfw/builtins/certdata.txt
# - download the new certdata.txt
# wget -O certdata.txt
http://mxr.mozilla.org/mozilla/source//security/nss/lib/ckfw/builtins/certdata.txt?raw=1;
# - run compareoldnew to show fingerprints of new and changed certificates
@@ -94,9 +94,6 @@
done
set -x
-%clean
-rm -rf %{buildroot}
-
%post
update-ca-certificates || true
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ca-certificates-mozilla for openSUSE:Factory
Hello community,
here is the log from the commit of package ca-certificates-mozilla for
openSUSE:Factory
checked in at Wed Aug 31 13:23:31 CEST 2011.
--- ca-certificates-mozilla/ca-certificates-mozilla.changes 2011-01-31
14:45:34.0 +0100
+++
/mounts/work_src_done/STABLE/ca-certificates-mozilla/ca-certificates-mozilla.changes
2011-08-31 11:03:51.0 +0200
@@ -1,0 +2,18 @@
+Wed Aug 31 09:02:10 UTC 2011 - lnus...@suse.de
+
+- update certificates to revision 1.76
+ * new: Go_Daddy_Root_Certificate_Authority_G2.pem
+ * new: Starfield_Root_Certificate_Authority_G2.pem
+ * new: Starfield_Services_Root_Certificate_Authority_G2.pem
+ * new: AffirmTrust_Commercial.pem
+ * new: AffirmTrust_Networking.pem
+ * new: AffirmTrust_Premium.pem
+ * new: AffirmTrust_Premium_ECC.pem
+ * new: Certum_Trusted_Network_CA.pem
+ * new: Certinomis_Autorit_Racine.pem
+ * new: Root_CA_Generalitat_Valenciana.pem
+ * new: A_Trust_nQual_03.pem
+ * new: TWCA_Root_Certification_Authority.pem
+ * removed: DigiNotar_Root_CA.pem (bnc#714931)
+
+---
calling whatdependson for head-i586
Old:
certdata.diff
Other differences:
--
++ ca-certificates-mozilla.spec ++
--- /var/tmp/diff_new_pack.hhL6CZ/_old 2011-08-31 13:23:23.0 +0200
+++ /var/tmp/diff_new_pack.hhL6CZ/_new 2011-08-31 13:23:23.0 +0200
@@ -26,7 +26,7 @@
License:BSD3c(or similar) ; MPL 1.1/GPL 2.0/LGPL 2.1
Group: Productivity/Networking/Security
AutoReqProv:on
-Version:1.70
+Version:1.76
Release:1
Summary:CA certificates for OpenSSL
Url:http://www.mozilla.org
@@ -44,7 +44,6 @@
Source1:extractcerts.pl
Source2:%{name}.COPYING
Source3:compareoldnew
-Patch0: certdata.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildArch: noarch
# for update-ca-certificates
@@ -63,7 +62,6 @@
%prep
%setup -qcT
/bin/cp %{SOURCE0} .
-%patch0 -p1
install -m 644 %{S:1} COPYING
%build
++ certdata.txt ++
15697 lines (skipped)
between ca-certificates-mozilla/certdata.txt
and /mounts/work_src_done/STABLE/ca-certificates-mozilla/certdata.txt
++ extractcerts.pl ++
--- /var/tmp/diff_new_pack.hhL6CZ/_old 2011-08-31 13:23:24.0 +0200
+++ /var/tmp/diff_new_pack.hhL6CZ/_new 2011-08-31 13:23:24.0 +0200
@@ -84,14 +84,21 @@
{
my $object = shift;
return unless $object;
+ ### convert old tags to be able to compare pre 1.74 files
+ $object-{'CKA_CLASS'} =~ s/^CKO_NETSCAPE/CKO_NSS/;
+ for my $type (keys %trust_types) {
+next unless (exists $object-{$type});
+$object-{$type} =~ s/^CKT_NETSCAPE/CKT_NSS/;
+ }
+
if($object-{'CKA_CLASS'} eq 'CKO_CERTIFICATE'
$object-{'CKA_CERTIFICATE_TYPE'} eq 'CKC_X_509') {
push @certificates, $object;
- } elsif ($object-{'CKA_CLASS'} eq 'CKO_NETSCAPE_TRUST') {
+ } elsif ($object-{'CKA_CLASS'} eq 'CKO_NSS_TRUST') {
my $label = $object-{'CKA_LABEL'};
my $serial = colonhex($object-{'CKA_SERIAL_NUMBER'});
die $label exists ($serial) if exists($trusts{$label.$serial});
$trusts{$label.$serial} = $object;
- } elsif ($object-{'CKA_CLASS'} eq 'CKO_NETSCAPE_BUILTIN_ROOT_LIST') {
+ } elsif ($object-{'CKA_CLASS'} eq 'CKO_NSS_BUILTIN_ROOT_LIST') {
# ignore
} else {
print STDERR class , $object-{'CKA_CLASS'} , not handled\n;
@@ -159,7 +166,7 @@
if ($output_trustbits) {
for my $type (keys %trust_types) {
if (exists $trust-{$type}
- $trust-{$type} eq 'CKT_NETSCAPE_TRUSTED_DELEGATOR') {
+ $trust-{$type} eq 'CKT_NSS_TRUSTED_DELEGATOR') {
push @addtrust, $trust_types{$type};
if (exists $openssl_trust{$type}) {
push @addtrust_openssl, $openssl_trust{$type};
@@ -168,14 +175,14 @@
}
}
} else {
- if($trust-{'CKA_TRUST_SERVER_AUTH'} eq
'CKT_NETSCAPE_TRUSTED_DELEGATOR') {
+ if($trust-{'CKA_TRUST_SERVER_AUTH'} eq 'CKT_NSS_TRUSTED_DELEGATOR') {
$trusted = 1;
}
}
if (!$trusted) {
my $t = $trust-{'CKA_TRUST_SERVER_AUTH'};
- $t =~ s/CKT_NETSCAPE_//;
+ $t =~ s/CKT_NSS_//;
print STDERR $t: $alias\n;
next;
}
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
