commit ca-certificates-mozilla for openSUSE:11.3

Wed, 31 Aug 2011 06:24:55 -0700 

Hello community,

here is the log from the commit of package ca-certificates-mozilla for 
openSUSE:11.3
checked in at Wed Aug 31 15:24:49 CEST 2011.



--------
--- 
old-versions/11.3/all/ca-certificates-mozilla/ca-certificates-mozilla.changes   
    2010-04-08 11:24:54.000000000 +0200
+++ 11.3/ca-certificates-mozilla/ca-certificates-mozilla.changes        
2011-08-31 11:03:51.000000000 +0200
@@ -1,0 +2,45 @@
+Wed Aug 31 09:02:10 UTC 2011 - lnus...@suse.de
+
+- update certificates to revision 1.76
+  * new: Go_Daddy_Root_Certificate_Authority_G2.pem
+  * new: Starfield_Root_Certificate_Authority_G2.pem
+  * new: Starfield_Services_Root_Certificate_Authority_G2.pem
+  * new: AffirmTrust_Commercial.pem
+  * new: AffirmTrust_Networking.pem
+  * new: AffirmTrust_Premium.pem
+  * new: AffirmTrust_Premium_ECC.pem
+  * new: Certum_Trusted_Network_CA.pem
+  * new: Certinomis_Autorit_Racine.pem
+  * new: Root_CA_Generalitat_Valenciana.pem
+  * new: A_Trust_nQual_03.pem
+  * new: TWCA_Root_Certification_Authority.pem
+  * removed: DigiNotar_Root_CA.pem (bnc#714931)
+
+-------------------------------------------------------------------
+Mon Jan 31 13:43:23 UTC 2011 - lnus...@suse.de
+
+- update certificates to revision 1.70
+  * new: AddTrust_Qualified_Certificates_Root.pem
+  * new: Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem
+  * new: Chambers_of_Commerce_Root_2008.pem
+  * new: Global_Chambersign_Root_2008.pem
+  * new: Izenpe_com.pem
+  * new: TC_TrustCenter_Universal_CA_III.pem
+
+-------------------------------------------------------------------
+Mon Sep 27 14:27:52 UTC 2010 - lnus...@suse.de
+
+- update certificates to revision 1.65
+  * new: E_Guven_Kok_Elektronik_Sertifika_Hizmet_Saglayicisi.pem
+  * new: GlobalSign_Root_CA_R3.pem
+  * new: Microsec_e_Szigno_Root_CA_2009.pem
+  * new: Verisign_Class_1_Public_Primary_Certification_Authority.1.pem
+  * new: Verisign_Class_3_Public_Primary_Certification_Authority.1.pem
+
+-------------------------------------------------------------------
+Fri May 21 12:30:01 UTC 2010 - lnus...@suse.de
+
+- update certificates to revision 1.64
+  * removed "RSA Security 1024 V3" certificate
+
+-------------------------------------------------------------------

Package does not exist at destination yet. Using Fallback 
old-versions/11.3/all/ca-certificates-mozilla
Destination is old-versions/11.3/UPDATES/all/ca-certificates-mozilla
calling whatdependson for 11.3-i586


++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ ca-certificates-mozilla.spec ++++++
--- /var/tmp/diff_new_pack.oYLz9q/_old  2011-08-31 15:24:21.000000000 +0200
+++ /var/tmp/diff_new_pack.oYLz9q/_new  2011-08-31 15:24:21.000000000 +0200
@@ -1,7 +1,7 @@
 #
-# spec file for package ca-certificates-mozilla (Version 1.62)
+# spec file for package ca-certificates-mozilla
 #
-# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -26,8 +26,8 @@
 License:        BSD3c(or similar) ; MPL 1.1/GPL 2.0/LGPL 2.1
 Group:          Productivity/Networking/Security
 AutoReqProv:    on
-Version:        1.62
-Release:        2
+Version:        1.76
+Release:        1.<RELEASE2>
 Summary:        CA certificates for OpenSSL
 Url:            http://www.mozilla.org
 # IMPORTANT: procedure to update certificates:
@@ -61,10 +61,11 @@
 
 %prep
 %setup -qcT
+/bin/cp %{SOURCE0} .
 install -m 644 %{S:1} COPYING
 
 %build
-perl %{SOURCE1} --trustbits < %{SOURCE0}
+perl %{SOURCE1} --trustbits < certdata.txt
 
 %install
 mkdir -p %{buildroot}/%{sslusrdir}/mozilla

++++++ certdata.txt ++++++
++++ 20328 lines (skipped)
++++ between old-versions/11.3/all/ca-certificates-mozilla/certdata.txt
++++ and 11.3/ca-certificates-mozilla/certdata.txt

++++++ compareoldnew ++++++
--- /var/tmp/diff_new_pack.oYLz9q/_old  2011-08-31 15:24:21.000000000 +0200
+++ /var/tmp/diff_new_pack.oYLz9q/_new  2011-08-31 15:24:21.000000000 +0200
@@ -15,11 +15,15 @@
 mkdir old new
 cd old
 echo old...
-VERBOSE=1 ../extractcerts.pl < ../.osc/certdata.txt | sort > ../old.files
+VERBOSE=1 ../extractcerts.pl --trustbits < ../.osc/certdata.txt > tmp
+sort < tmp > ../old.files
+rm -f tmp
 cd ..
 cd new
 echo new...
-VERBOSE=1 ../extractcerts.pl < ../certdata.txt | sort > ../new.files
+VERBOSE=1 ../extractcerts.pl --trustbits < ../certdata.txt > tmp
+sort < tmp > ../new.files
+rm -f tmp
 cd ..
 echo '----------------------------'
 while read line; do
@@ -35,6 +39,7 @@
        elif ! cmp "old/$common" "new/$common"; then
                echo "*** $common differs!"
                showcert old/$common
-               showcert old/$common
+               showcert new/$common
+               diff -u old/$common new/$common || true
        fi
 done < <(comm --output-delimiter='#' old.files new.files)

++++++ extractcerts.pl ++++++
--- /var/tmp/diff_new_pack.oYLz9q/_old  2011-08-31 15:24:21.000000000 +0200
+++ /var/tmp/diff_new_pack.oYLz9q/_new  2011-08-31 15:24:21.000000000 +0200
@@ -75,17 +75,30 @@
        $output_trustbits = 1;
 }
 
+sub colonhex
+{
+  return join(':', unpack("(H2)*", $_[0]));
+}
+
 sub handle_object($)
 {
   my $object = shift;
   return unless $object;
+  ### convert old tags to be able to compare pre 1.74 files
+  $object->{'CKA_CLASS'} =~ s/^CKO_NETSCAPE/CKO_NSS/;
+  for my $type (keys %trust_types) {
+    next unless (exists $object->{$type});
+    $object->{$type} =~ s/^CKT_NETSCAPE/CKT_NSS/;
+  }
+  ####
   if($object->{'CKA_CLASS'} eq 'CKO_CERTIFICATE' && 
$object->{'CKA_CERTIFICATE_TYPE'} eq 'CKC_X_509') {
     push @certificates, $object;
-  } elsif ($object->{'CKA_CLASS'} eq 'CKO_NETSCAPE_TRUST') {
+  } elsif ($object->{'CKA_CLASS'} eq 'CKO_NSS_TRUST') {
     my $label = $object->{'CKA_LABEL'};
-    die "$label exists" if exists($trusts{$label});
-    $trusts{$label} = $object;
-  } elsif ($object->{'CKA_CLASS'} eq 'CKO_NETSCAPE_BUILTIN_ROOT_LIST') {
+    my $serial = colonhex($object->{'CKA_SERIAL_NUMBER'});
+    die "$label exists ($serial)" if exists($trusts{$label.$serial});
+    $trusts{$label.$serial} = $object;
+  } elsif ($object->{'CKA_CLASS'} eq 'CKO_NSS_BUILTIN_ROOT_LIST') {
     # ignore
   } else {
     print STDERR "class ", $object->{'CKA_CLASS'} ," not handled\n";
@@ -116,11 +129,12 @@
   }
 
   if( $fields[1] =~ /MULTILINE/ ) {
+    die "expected MULTILINE_OCTAL" unless $fields[1] eq 'MULTILINE_OCTAL';
     $fields[2] = "";
     while(<>) {
       last if /END/;
       chomp;
-      $fields[2] .= $_;
+      $fields[2] .= pack("C", oct($+)) while $_ =~ /\G\\([0-3][0-7][0-7])/g;
     }
   }
 
@@ -133,24 +147,26 @@
   $object->{$fields[0]} = $fields[2];
 }
 handle_object($object);
+undef $object;
 
 use MIME::Base64;
 for my $cert (@certificates) {
   my $alias = $cert->{'CKA_LABEL'};
-  if(!exists($trusts{$alias})) {
+  my $serial = colonhex($cert->{'CKA_SERIAL_NUMBER'});
+  if(!exists($trusts{$alias.$serial})) {
     print STDERR "NO TRUST: $alias\n";
     next;
   }
   # check trust. We only include certificates that are trusted for identifying
   # web sites
-  my $trust = $trusts{$alias};
+  my $trust = $trusts{$alias.$serial};
   my @addtrust;
   my @addtrust_openssl;
   my $trusted;
   if ($output_trustbits) {
          for my $type (keys %trust_types) {
                  if (exists $trust->{$type}
-                 && $trust->{$type} eq 'CKT_NETSCAPE_TRUSTED_DELEGATOR') {
+                 && $trust->{$type} eq 'CKT_NSS_TRUSTED_DELEGATOR') {
                          push @addtrust, $trust_types{$type};
                          if (exists $openssl_trust{$type}) {
                                  push @addtrust_openssl, $openssl_trust{$type};
@@ -159,14 +175,14 @@
                  }
          }
   } else {
-         if($trust->{'CKA_TRUST_SERVER_AUTH'} eq 
'CKT_NETSCAPE_TRUSTED_DELEGATOR') {
+         if($trust->{'CKA_TRUST_SERVER_AUTH'} eq 'CKT_NSS_TRUSTED_DELEGATOR') {
                  $trusted = 1;
          }
   }
 
   if (!$trusted) {
          my $t = $trust->{'CKA_TRUST_SERVER_AUTH'};
-         $t =~ s/CKT_NETSCAPE_//;
+         $t =~ s/CKT_NSS_//;
          print STDERR "$t: $alias\n";
          next;
   }
@@ -178,16 +194,22 @@
   my $file = $alias;
   $alias =~ s/'/-/g;
   $file =~ s/[^[:alnum:]\\]+/_/g;
-  $file .= '.pem';
   $file = Encode::encode("UTF-8", $file);
+  if (-e $file.'.pem') {
+    my $i = 1;
+    while (-e $file.".$i.pem") {
+      ++$i;
+    }
+    $file .= ".$i.pem";
+  } else {
+    $file .= '.pem';
+  }
   if (!open(O, '>', $file)) {
          print STDERR "$file: $!\n";
          next;
   }
   print "$file\n" if $ENV{'VERBOSE'};
   my $value = $cert->{'CKA_VALUE'};
-  my $enc = '';
-  $enc .= pack("C", oct($+)) while $value =~ /\G\\([0-3][0-7][0-7])/g;
   if ($output_trustbits) {
          print O "# alias=",Encode::encode("UTF-8", $alias),"\n";
          print O "# trust=",join(" ", @addtrust),"\n";
@@ -196,7 +218,7 @@
          }
   }
   print O "-----BEGIN CERTIFICATE-----\n";
-  print O encode_base64($enc);
+  print O encode_base64($value);
   print O "-----END CERTIFICATE-----\n";
   close O;
 }


++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



Remember to have fun...

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org

Reply via email to