commit ca-certificates-mozilla for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates-mozilla for openSUSE:Factory checked in at 2020-10-22 14:21:31 Comparing /work/SRC/openSUSE:Factory/ca-certificates-mozilla (Old) and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new.3463 (New) Package is "ca-certificates-mozilla" Thu Oct 22 14:21:31 2020 rev:50 rq:842510 version:2.44 Changes: --- /work/SRC/openSUSE:Factory/ca-certificates-mozilla/ca-certificates-mozilla.changes 2020-07-30 10:00:01.247218360 +0200 +++ /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new.3463/ca-certificates-mozilla.changes 2020-10-22 14:22:50.426780311 +0200 @@ -1,0 +2,14 @@ +Mon Oct 19 09:09:39 UTC 2020 - Marcus Meissner + +- Updated to 2.44 state of the Mozilla NSS Certificate store (bsc#1177864) + +- Removed CAs: + - EE Certification Centre Root CA + - Taiwan GRCA + +- Added CAs: + - Trustwave Global Certification Authority + - Trustwave Global ECC P256 Certification Authority + - Trustwave Global ECC P384 Certification Authority + +--- Other differences: -- ++ ca-certificates-mozilla.spec ++ --- /var/tmp/diff_new_pack.uA3BxX/_old 2020-10-22 14:22:53.890783419 +0200 +++ /var/tmp/diff_new_pack.uA3BxX/_new 2020-10-22 14:22:53.894783423 +0200 @@ -37,7 +37,7 @@ Name: ca-certificates-mozilla # Version number is NSS_BUILTINS_LIBRARY_VERSION in this file: # http://hg.mozilla.org/projects/nss/file/default/lib/ckfw/builtins/nssckbi.h -Version:2.42 +Version:2.44 Release:0 Summary:CA certificates for OpenSSL License:MPL-2.0 ++ certdata.txt ++ 794 lines (skipped) between /work/SRC/openSUSE:Factory/ca-certificates-mozilla/certdata.txt and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new.3463/certdata.txt ++ nssckbi.h ++ --- /var/tmp/diff_new_pack.uA3BxX/_old 2020-10-22 14:22:54.038783552 +0200 +++ /var/tmp/diff_new_pack.uA3BxX/_new 2020-10-22 14:22:54.038783552 +0200 @@ -46,8 +46,8 @@ * It's recommend to switch back to 0 after having reached version 98/99. */ #define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 2 -#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 42 -#define NSS_BUILTINS_LIBRARY_VERSION "2.42" +#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 44 +#define NSS_BUILTINS_LIBRARY_VERSION "2.44" /* These version numbers detail the semantic changes to the ckfw engine. */ #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1
commit ca-certificates-mozilla for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates-mozilla for openSUSE:Factory checked in at 2020-07-30 09:59:40 Comparing /work/SRC/openSUSE:Factory/ca-certificates-mozilla (Old) and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new.3592 (New) Package is "ca-certificates-mozilla" Thu Jul 30 09:59:40 2020 rev:49 rq:823414 version:2.42 Changes: --- /work/SRC/openSUSE:Factory/ca-certificates-mozilla/ca-certificates-mozilla.changes 2020-04-05 20:52:30.273122881 +0200 +++ /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new.3592/ca-certificates-mozilla.changes 2020-07-30 10:00:01.247218360 +0200 @@ -1,0 +2,21 @@ +Wed Jul 29 13:06:19 UTC 2020 - Marcus Meissner + +- update to 2.42 state of the Mozilla NSS Certificate store (bsc#1174673) + + Removed CAs: + - AddTrust External CA Root + - AddTrust Class 1 CA Root + - LuxTrust Global Root 2 + - Staat der Nederlanden Root CA - G2 + - Symantec Class 1 Public Primary Certification Authority - G4 + - Symantec Class 2 Public Primary Certification Authority - G4 + - VeriSign Class 3 Public Primary Certification Authority - G3 + + Added CAs: + - certSIGN Root CA G2 + - e-Szigno Root CA 2017 + - Microsoft ECC Root Certificate Authority 2017 + - Microsoft RSA Root Certificate Authority 2017 + + +--- Other differences: -- ++ ca-certificates-mozilla.spec ++ --- /var/tmp/diff_new_pack.4KoIQJ/_old 2020-07-30 10:00:03.271219569 +0200 +++ /var/tmp/diff_new_pack.4KoIQJ/_new 2020-07-30 10:00:03.275219571 +0200 @@ -37,7 +37,7 @@ Name: ca-certificates-mozilla # Version number is NSS_BUILTINS_LIBRARY_VERSION in this file: # http://hg.mozilla.org/projects/nss/file/default/lib/ckfw/builtins/nssckbi.h -Version:2.40 +Version:2.42 Release:0 Summary:CA certificates for OpenSSL License:MPL-2.0 ++ certdata.txt ++ 2058 lines (skipped) between /work/SRC/openSUSE:Factory/ca-certificates-mozilla/certdata.txt and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new.3592/certdata.txt ++ certdata2pem.py ++ --- /var/tmp/diff_new_pack.4KoIQJ/_old 2020-07-30 10:00:03.419219657 +0200 +++ /var/tmp/diff_new_pack.4KoIQJ/_new 2020-07-30 10:00:03.423219659 +0200 @@ -177,6 +177,11 @@ "CKA_TRUST_EMAIL_PROTECTION": "emailProtection", } +cert_distrust_types = { + "CKA_NSS_SERVER_DISTRUST_AFTER": "nss-server-distrust-after", + "CKA_NSS_EMAIL_DISTRUST_AFTER": "nss-email-distrust-after", +} + for tobj in objects: if tobj['CKA_CLASS'] == 'CKO_NSS_TRUST': key = tobj['CKA_LABEL'] + printable_serial(tobj) @@ -369,6 +374,16 @@ f.write("nss-mozilla-ca-policy: true\n") f.write("modifiable: false\n"); +# requires p11-kit >= 0.23.19 +for t in list(cert_distrust_types.keys()): +if t in obj: +value = obj[t] +if value == 'CK_FALSE': +value = bytearray(1) +f.write(cert_distrust_types[t] + ": \"") +f.write(urllib.parse.quote(value)); +f.write("\"\n") + f.write("-BEGIN CERTIFICATE-\n") temp_encoded_b64 = base64.b64encode(obj['CKA_VALUE']) temp_wrapped = textwrap.wrap(temp_encoded_b64.decode(), 64) ++ nssckbi.h ++ --- /var/tmp/diff_new_pack.4KoIQJ/_old 2020-07-30 10:00:03.443219671 +0200 +++ /var/tmp/diff_new_pack.4KoIQJ/_new 2020-07-30 10:00:03.443219671 +0200 @@ -46,8 +46,8 @@ * It's recommend to switch back to 0 after having reached version 98/99. */ #define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 2 -#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 40 -#define NSS_BUILTINS_LIBRARY_VERSION "2.40" +#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 42 +#define NSS_BUILTINS_LIBRARY_VERSION "2.42" /* These version numbers detail the semantic changes to the ckfw engine. */ #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1
commit ca-certificates-mozilla for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates-mozilla for openSUSE:Factory checked in at 2020-04-05 20:52:28 Comparing /work/SRC/openSUSE:Factory/ca-certificates-mozilla (Old) and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new.3248 (New) Package is "ca-certificates-mozilla" Sun Apr 5 20:52:28 2020 rev:48 rq:790876 version:2.40 Changes: --- /work/SRC/openSUSE:Factory/ca-certificates-mozilla/ca-certificates-mozilla.changes 2020-01-20 22:47:39.883163942 +0100 +++ /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new.3248/ca-certificates-mozilla.changes 2020-04-05 20:52:30.273122881 +0200 @@ -1,0 +2,5 @@ +Thu Mar 26 11:38:06 UTC 2020 - Marcus Meissner + +- also run update-ca-certificates in %posttrans + +--- Other differences: -- ++ ca-certificates-mozilla.spec ++ --- /var/tmp/diff_new_pack.E6tb1k/_old 2020-04-05 20:52:30.993123570 +0200 +++ /var/tmp/diff_new_pack.E6tb1k/_new 2020-04-05 20:52:30.993123570 +0200 @@ -1,7 +1,7 @@ # # spec file for package ca-certificates-mozilla # -# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -122,6 +122,9 @@ %postun update-ca-certificates || true +%posttrans +update-ca-certificates || true + %files %license COPYING %{trustdir_static}
commit ca-certificates-mozilla for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates-mozilla for openSUSE:Factory checked in at 2020-01-20 22:47:37 Comparing /work/SRC/openSUSE:Factory/ca-certificates-mozilla (Old) and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new.26092 (New) Package is "ca-certificates-mozilla" Mon Jan 20 22:47:37 2020 rev:47 rq:764234 version:2.40 Changes: --- /work/SRC/openSUSE:Factory/ca-certificates-mozilla/ca-certificates-mozilla.changes 2019-12-23 22:43:52.781987832 +0100 +++ /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new.26092/ca-certificates-mozilla.changes 2020-01-20 22:47:39.883163942 +0100 @@ -1,0 +2,13 @@ +Tue Jan 14 07:07:51 UTC 2020 - Marcus Meissner + +- update to 2.40 state of the Mozilla NSS Certificate store (bsc#1160160) +- removed: + - Certplus Class 2 Primary CA + - Deutsche Telekom Root CA 2 + - CN=Swisscom Root CA 2 + - UTN-USERFirst-Client Authentication and Email + +- added: + - Entrust Root Certification Authority - G4 + +--- Other differences: -- ++ ca-certificates-mozilla.spec ++ --- /var/tmp/diff_new_pack.E9hvkS/_old 2020-01-20 22:47:42.567164975 +0100 +++ /var/tmp/diff_new_pack.E9hvkS/_new 2020-01-20 22:47:42.571164976 +0100 @@ -1,7 +1,7 @@ # # spec file for package ca-certificates-mozilla # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -37,7 +37,7 @@ Name: ca-certificates-mozilla # Version number is NSS_BUILTINS_LIBRARY_VERSION in this file: # http://hg.mozilla.org/projects/nss/file/default/lib/ckfw/builtins/nssckbi.h -Version:2.34 +Version:2.40 Release:0 Summary:CA certificates for OpenSSL License:MPL-2.0 ++ certdata.txt ++ 2227 lines (skipped) between /work/SRC/openSUSE:Factory/ca-certificates-mozilla/certdata.txt and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new.26092/certdata.txt ++ nssckbi.h ++ --- /var/tmp/diff_new_pack.E9hvkS/_old 2020-01-20 22:47:42.723165034 +0100 +++ /var/tmp/diff_new_pack.E9hvkS/_new 2020-01-20 22:47:42.723165034 +0100 @@ -46,8 +46,8 @@ * It's recommend to switch back to 0 after having reached version 98/99. */ #define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 2 -#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 34 -#define NSS_BUILTINS_LIBRARY_VERSION "2.34" +#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 40 +#define NSS_BUILTINS_LIBRARY_VERSION "2.40" /* These version numbers detail the semantic changes to the ckfw engine. */ #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1
commit ca-certificates-mozilla for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates-mozilla for openSUSE:Factory checked in at 2019-12-23 22:41:57 Comparing /work/SRC/openSUSE:Factory/ca-certificates-mozilla (Old) and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new.6675 (New) Package is "ca-certificates-mozilla" Mon Dec 23 22:41:57 2019 rev:46 rq:757879 version:2.34 Changes: --- /work/SRC/openSUSE:Factory/ca-certificates-mozilla/ca-certificates-mozilla.changes 2019-12-05 17:37:34.561390835 +0100 +++ /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new.6675/ca-certificates-mozilla.changes 2019-12-23 22:43:52.781987832 +0100 @@ -1,0 +2,5 @@ +Wed Dec 18 10:53:59 UTC 2019 - Ludwig Nussel + +- make sure p11-kit with patches is installed on SLE (boo#1154871) + +--- Other differences: -- ++ ca-certificates-mozilla.spec ++ --- /var/tmp/diff_new_pack.gLonOy/_old 2019-12-23 22:43:54.305988493 +0100 +++ /var/tmp/diff_new_pack.gLonOy/_new 2019-12-23 22:43:54.337988507 +0100 @@ -16,6 +16,23 @@ # +# ensure p11-kit has the required features on SLE for +# https://bugzilla.suse.com/show_bug.cgi?id=1154871 +%if 0%{?suse_version} == 1500 +%if 0%{?is_opensuse} +# Leap 15.1 +%define p11_kit_min 0.23.2-lp151.4.3.1 +%else +# 15GA +%define p11_kit_min 0.23.2-4.5.2 +%endif +%else +%if 0%{?suse_version} == 1315 && 0%{?sle_version} > 120300 +# 12SP3 +%define p11_kit_min 0.20.7-3.3.1 +%endif +%endif +# %define certdir %{trustdir_static} Name: ca-certificates-mozilla # Version number is NSS_BUILTINS_LIBRARY_VERSION in this file: @@ -52,6 +69,9 @@ # replaces this package from SLE11 times Obsoletes: openssl-certs BuildArch: noarch +%if %{defined p11_kit_min} +Conflicts: p11-kit-tools < %p11_kit_min +%endif %description This package contains some CA root certificates for OpenSSL extracted
commit ca-certificates-mozilla for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates-mozilla for openSUSE:Factory checked in at 2019-12-05 17:35:01 Comparing /work/SRC/openSUSE:Factory/ca-certificates-mozilla (Old) and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new.4691 (New) Package is "ca-certificates-mozilla" Thu Dec 5 17:35:01 2019 rev:45 rq:754429 version:2.34 Changes: --- /work/SRC/openSUSE:Factory/ca-certificates-mozilla/ca-certificates-mozilla.changes 2019-12-02 11:26:51.950682456 +0100 +++ /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new.4691/ca-certificates-mozilla.changes 2019-12-05 17:37:34.561390835 +0100 @@ -75 +75,2 @@ -- Updated to 2.22 state of the Mozilla NSS Certificate store. +- Updated to 2.22 state of the Mozilla NSS Certificate store (bsc#1071152, + bsc#1071390, bsc#1010996) @@ -210 +211 @@ -- Updated to 2.7. +- Updated to 2.7 (bsc#973042). Other differences: --
commit ca-certificates-mozilla for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates-mozilla for openSUSE:Factory checked in at 2019-12-02 11:26:32 Comparing /work/SRC/openSUSE:Factory/ca-certificates-mozilla (Old) and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new.4691 (New) Package is "ca-certificates-mozilla" Mon Dec 2 11:26:32 2019 rev:44 rq:750502 version:2.34 Changes: --- /work/SRC/openSUSE:Factory/ca-certificates-mozilla/ca-certificates-mozilla.changes 2019-08-15 12:25:20.586607048 +0200 +++ /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new.4691/ca-certificates-mozilla.changes 2019-12-02 11:26:51.950682456 +0100 @@ -1,0 +2,6 @@ +Tue Nov 12 09:58:01 UTC 2019 - Ludwig Nussel + +- export correct p11kit trust attributes so Firefox detects built in + certificates (boo#1154871). Courtesy of Fedora. + +--- Other differences: -- ++ ca-certificates-mozilla.spec ++ --- /var/tmp/diff_new_pack.vnKWC3/_old 2019-12-02 11:26:56.886680589 +0100 +++ /var/tmp/diff_new_pack.vnKWC3/_new 2019-12-02 11:26:56.890680587 +0100 @@ -38,8 +38,7 @@ # accidentally included! Source: http://hg.mozilla.org/projects/nss/raw-file/default/lib/ckfw/builtins/certdata.txt Source1: http://hg.mozilla.org/projects/nss/raw-file/default/lib/ckfw/builtins/nssckbi.h -# from Fedora. Note: currently contains extra fix to remove quotes. Pending upstream approval. -Source10: certdata2pem.py +Source10: https://src.fedoraproject.org/rpms/ca-certificates/raw/master/f/certdata2pem.py Source11: %{name}.COPYING Source12: compareoldnew BuildRequires: ca-certificates @@ -61,7 +60,8 @@ %prep %setup -qcT -/bin/cp %{SOURCE0} . +mkdir certs +ln -s %{SOURCE0} certs install -m 644 %{SOURCE11} COPYING ver=`sed -ne '/NSS_BUILTINS_LIBRARY_VERSION /s/.*"\(.*\)"/\1/p' < "%{SOURCE1}"` @@ -72,44 +72,29 @@ %build export LANG=en_US.UTF-8 +cd certs python3 %{SOURCE10} +cd .. +( + cat <<-EOF + # This is a bundle of X.509 certificates of public Certificate + # Authorities. It was generated from the Mozilla root CA list. + # These certificates and trust/distrust attributes use the file format accepted + # by the p11-kit-trust module. + # + # Source: nss/lib/ckfw/builtins/certdata.txt + # Source: nss/lib/ckfw/builtins/nssckbi.h + # + # Generated from: + EOF + awk '$2 = "NSS_BUILTINS_LIBRARY_VERSION" {print "# " $2 " " $3}'; + echo '#'; + ls -1 certs/*.tmp-p11-kit | sort | xargs cat +) > ca-certificates-mozila.trust.p11-kit %install -mkdir -p %{buildroot}/%{trustdir_static}/anchors -set +x -for i in *.crt; do - args=() - trust=`sed -n '/^# openssl-trust=/{s/^.*=//;p;q;}' "$i"` - distrust=`sed -n '/^# openssl-distrust=/{s/^.*=//;p;q;}' "$i"` - alias=`sed -n '/^# alias=/{s/^.*=//;p;q;}' "$i"` - args+=('-trustout') - for t in $trust; do - args+=("-addtrust" "$t") - done - for t in $distrust; do - args+=("-addreject" "$t") - done - [ -z "$alias" ] || args+=('-setalias' "$alias") - - echo "$i ${args[*]}" - fname="%{buildroot}/%{trustdir_static}$d/${i%%:*}.pem" - if [ -e "$fname" ]; then - fname="${fname%.pem}" - j=1 - while [ -e "$fname.$j.pem" ]; do - j=$((j+1)) - done - fname="$fname.$j.pem" - fi - { - grep '^#' "$i" - openssl x509 -in "$i" "${args[@]}" - } > "$fname" -done -for i in *.p11-kit ; do - install -m 644 "$i" "%{buildroot}/%{trustdir_static}" -done -set -x +mkdir -p %{buildroot}/%{trustdir_static} +install -m 644 ca-certificates-mozila.trust.p11-kit "%{buildroot}/%{trustdir_static}/ca-certificates-mozila.trust.p11-kit" %post update-ca-certificates || true ++ certdata2pem.py ++ --- /var/tmp/diff_new_pack.vnKWC3/_old 2019-12-02 11:26:57.002680545 +0100 +++ /var/tmp/diff_new_pack.vnKWC3/_new 2019-12-02 11:26:57.002680545 +0100 @@ -1,4 +1,4 @@ -#!/usr/bin/python3 +#!/usr/bin/python # vim:set et sw=4: # # certdata2pem.py - splits certdata.txt into multiple files @@ -26,7 +26,8 @@ import re import sys import textwrap -import urllib.parse +import urllib.request, urllib.parse, urllib.error +import subprocess objects = [] @@ -35,7 +36,7 @@ # Dirty file parser. in_data, in_multiline, in_obj = False, False, False -field, vtype, value, obj = None, None, None, dict() +field, ftype, value, binval, obj = None, None, None, bytearray(), dict() for line in open('certdata.txt', 'r'): # Ignore the file header. if not in_da
commit ca-certificates-mozilla for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates-mozilla for openSUSE:Factory checked in at 2019-08-15 12:25:19 Comparing /work/SRC/openSUSE:Factory/ca-certificates-mozilla (Old) and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new.9556 (New) Package is "ca-certificates-mozilla" Thu Aug 15 12:25:19 2019 rev:43 rq:721013 version:2.34 Changes: --- /work/SRC/openSUSE:Factory/ca-certificates-mozilla/ca-certificates-mozilla.changes 2019-01-29 14:45:06.607063338 +0100 +++ /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new.9556/ca-certificates-mozilla.changes 2019-08-15 12:25:20.586607048 +0200 @@ -1,0 +2,13 @@ +Sun Aug 4 14:17:45 UTC 2019 - Andreas Stieger + +- update to 2.34 state of the Mozilla NSS Certificate store (bsc#1144169) +- Removed CAs: + - Certinomis - Root CA +- includes added root CAs from the 2.32 version: + - emSign ECC Root CA - C3 (email and server auth) + - emSign ECC Root CA - G3 (email and server auth) + - emSign Root CA - C1 (email and server auth) + - emSign Root CA - G1 (email and server auth) + - Hongkong Post Root CA 3 (server auth) + +--- Other differences: -- ++ ca-certificates-mozilla.spec ++ --- /var/tmp/diff_new_pack.xMqy4s/_old 2019-08-15 12:25:21.202606895 +0200 +++ /var/tmp/diff_new_pack.xMqy4s/_new 2019-08-15 12:25:21.202606895 +0200 @@ -12,26 +12,20 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # %define certdir %{trustdir_static} -BuildRequires: p11-kit-devel - -BuildRequires: ca-certificates -BuildRequires: openssl -BuildRequires: python3-base - Name: ca-certificates-mozilla # Version number is NSS_BUILTINS_LIBRARY_VERSION in this file: # http://hg.mozilla.org/projects/nss/file/default/lib/ckfw/builtins/nssckbi.h -Version:2.30 +Version:2.34 Release:0 Summary:CA certificates for OpenSSL License:MPL-2.0 Group: Productivity/Networking/Security -Url:http://www.mozilla.org +URL:https://www.mozilla.org # IMPORTANT: procedure to update certificates: # - Check the log of the cert file: # http://hg.mozilla.org/projects/nss/log/default/lib/ckfw/builtins/certdata.txt @@ -48,22 +42,22 @@ Source10: certdata2pem.py Source11: %{name}.COPYING Source12: compareoldnew - -BuildRoot: %{_tmppath}/%{name}-%{version}-build -BuildArch: noarch +BuildRequires: ca-certificates +BuildRequires: openssl +BuildRequires: p11-kit-devel +BuildRequires: python3-base # for update-ca-certificates Requires(post):ca-certificates Requires(postun): ca-certificates # # replaces this package from SLE11 times Obsoletes: openssl-certs +BuildArch: noarch %description This package contains some CA root certificates for OpenSSL extracted from MozillaFirefox - - %prep %setup -qcT @@ -124,7 +118,6 @@ update-ca-certificates || true %files -%defattr(-, root, root) %license COPYING %{trustdir_static} ++ certdata.txt ++ 854 lines (skipped) between /work/SRC/openSUSE:Factory/ca-certificates-mozilla/certdata.txt and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new.9556/certdata.txt ++ nssckbi.h ++ --- /var/tmp/diff_new_pack.xMqy4s/_old 2019-08-15 12:25:21.294606872 +0200 +++ /var/tmp/diff_new_pack.xMqy4s/_new 2019-08-15 12:25:21.294606872 +0200 @@ -46,8 +46,8 @@ * It's recommend to switch back to 0 after having reached version 98/99. */ #define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 2 -#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 30 -#define NSS_BUILTINS_LIBRARY_VERSION "2.30" +#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 34 +#define NSS_BUILTINS_LIBRARY_VERSION "2.34" /* These version numbers detail the semantic changes to the ckfw engine. */ #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1
commit ca-certificates-mozilla for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates-mozilla for openSUSE:Factory checked in at 2019-01-29 14:45:04 Comparing /work/SRC/openSUSE:Factory/ca-certificates-mozilla (Old) and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new.28833 (New) Package is "ca-certificates-mozilla" Tue Jan 29 14:45:04 2019 rev:42 rq:24 version:2.30 Changes: --- /work/SRC/openSUSE:Factory/ca-certificates-mozilla/ca-certificates-mozilla.changes 2018-08-28 09:19:40.763930620 +0200 +++ /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new.28833/ca-certificates-mozilla.changes 2019-01-29 14:45:06.607063338 +0100 @@ -1,0 +2,23 @@ +Thu Jan 17 06:17:05 UTC 2019 - meiss...@suse.com + +- updated to 2.30 state of the Mozilla NSS Certificate store. (bsc#1121446) +- Removed CAs: + - AC Raiz Certicamara S.A. + - Certplus Root CA G1 + - Certplus Root CA G2 + - OpenTrust Root CA G1 + - OpenTrust Root CA G2 + - OpenTrust Root CA G3 + - Visa eCommerce Root + +- Added Root CAs: + - Certigna Root CA (email and server auth) + - GTS Root R1 (server auth) + - GTS Root R2 (server auth) + - GTS Root R3 (server auth) + - GTS Root R4 (server auth) + - OISTE WISeKey Global Root GC CA (email and server auth) + - UCA Extended Validation Root (server auth) + - UCA Global G2 Root (email and server auth) + +--- Other differences: -- ++ ca-certificates-mozilla.spec ++ --- /var/tmp/diff_new_pack.V6QLR2/_old 2019-01-29 14:45:07.467062296 +0100 +++ /var/tmp/diff_new_pack.V6QLR2/_new 2019-01-29 14:45:07.475062286 +0100 @@ -1,7 +1,7 @@ # # spec file for package ca-certificates-mozilla # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -26,7 +26,7 @@ Name: ca-certificates-mozilla # Version number is NSS_BUILTINS_LIBRARY_VERSION in this file: # http://hg.mozilla.org/projects/nss/file/default/lib/ckfw/builtins/nssckbi.h -Version:2.26 +Version:2.30 Release:0 Summary:CA certificates for OpenSSL License:MPL-2.0 ++ certdata.txt ++ 2213 lines (skipped) between /work/SRC/openSUSE:Factory/ca-certificates-mozilla/certdata.txt and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new.28833/certdata.txt ++ nssckbi.h ++ --- /var/tmp/diff_new_pack.V6QLR2/_old 2019-01-29 14:45:07.595062140 +0100 +++ /var/tmp/diff_new_pack.V6QLR2/_new 2019-01-29 14:45:07.599062136 +0100 @@ -46,8 +46,8 @@ * It's recommend to switch back to 0 after having reached version 98/99. */ #define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 2 -#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 26 -#define NSS_BUILTINS_LIBRARY_VERSION "2.26" +#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 30 +#define NSS_BUILTINS_LIBRARY_VERSION "2.30" /* These version numbers detail the semantic changes to the ckfw engine. */ #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1
commit ca-certificates-mozilla for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates-mozilla for openSUSE:Factory checked in at 2018-08-28 09:19:36 Comparing /work/SRC/openSUSE:Factory/ca-certificates-mozilla (Old) and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new (New) Package is "ca-certificates-mozilla" Tue Aug 28 09:19:36 2018 rev:41 rq:629505 version:2.26 Changes: --- /work/SRC/openSUSE:Factory/ca-certificates-mozilla/ca-certificates-mozilla.changes 2018-07-13 10:17:21.126169674 +0200 +++ /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new/ca-certificates-mozilla.changes 2018-08-28 09:19:40.763930620 +0200 @@ -1,0 +2,15 @@ +Thu Aug 16 08:42:38 UTC 2018 - meiss...@suse.com + +- updated to 2.26 state of the Mozilla NSS Certificate store. (bsc#1104780) + - removed server auth +- Certplus Root CA G1 +- Certplus Root CA G2 +- OpenTrust Root CA G1 +- OpenTrust Root CA G2 +- OpenTrust Root CA G3 + - remove CA +- ComSign CA + - added new CA +- GlobalSign + +--- Other differences: -- ++ ca-certificates-mozilla.spec ++ --- /var/tmp/diff_new_pack.lpOM2n/_old 2018-08-28 09:19:42.083934819 +0200 +++ /var/tmp/diff_new_pack.lpOM2n/_new 2018-08-28 09:19:42.087934832 +0200 @@ -26,7 +26,7 @@ Name: ca-certificates-mozilla # Version number is NSS_BUILTINS_LIBRARY_VERSION in this file: # http://hg.mozilla.org/projects/nss/file/default/lib/ckfw/builtins/nssckbi.h -Version:2.24 +Version:2.26 Release:0 Summary:CA certificates for OpenSSL License:MPL-2.0 ++ certdata.txt ++ --- /var/tmp/diff_new_pack.lpOM2n/_old 2018-08-28 09:19:42.195935175 +0200 +++ /var/tmp/diff_new_pack.lpOM2n/_new 2018-08-28 09:19:42.199935188 +0200 @@ -7382,136 +7382,6 @@ CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "ComSign CA" -# -# Issuer: C=IL,O=ComSign,CN=ComSign CA -# Serial Number:14:13:96:83:14:55:8c:ea:7b:63:e5:fc:34:87:77:44 -# Subject: C=IL,O=ComSign,CN=ComSign CA -# Not Valid Before: Wed Mar 24 11:32:18 2004 -# Not Valid After : Mon Mar 19 15:02:18 2029 -# Fingerprint (MD5): CD:F4:39:F3:B5:18:50:D7:3E:A4:C5:91:A0:3E:21:4B -# Fingerprint (SHA1): E1:A4:5B:14:1A:21:DA:1A:79:F4:1A:42:A9:61:D6:69:CD:06:34:C1 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "ComSign CA" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\064\061\023\060\021\006\003\125\004\003\023\012\103\157\155 -\123\151\147\156\040\103\101\061\020\060\016\006\003\125\004\012 -\023\007\103\157\155\123\151\147\156\061\013\060\011\006\003\125 -\004\006\023\002\111\114 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\064\061\023\060\021\006\003\125\004\003\023\012\103\157\155 -\123\151\147\156\040\103\101\061\020\060\016\006\003\125\004\012 -\023\007\103\157\155\123\151\147\156\061\013\060\011\006\003\125 -\004\006\023\002\111\114 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\024\023\226\203\024\125\214\352\173\143\345\374\064\207 -\167\104 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\223\060\202\002\173\240\003\002\001\002\002\020\024 -\023\226\203\024\125\214\352\173\143\345\374\064\207\167\104\060 -\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\064 -\061\023\060\021\006\003\125\004\003\023\012\103\157\155\123\151 -\147\156\040\103\101\061\020\060\016\006\003\125\004\012\023\007 -\103\157\155\123\151\147\156\061\013\060\011\006\003\125\004\006 -\023\002\111\114\060\036\027\015\060\064\060\063\062\064\061\061 -\063\062\061\070\132\027\015\062\071\060\063\061\071\061\065\060 -\062\061\070\132\060\064\061\023\060\021\006\003\125\004\003\023 -\012\103\157\155\123\151\147\156\040\103\101\061\020\060\016\006 -\003\125\004\012\023\007\103\157\155\123\151\147\156\061\013\060 -\011\006\003\125\004\006\023\002\111\114\060\202\001\042\060\015 -\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001 -\017\000\060\202\001\012\002\202\001\001\000\360\344\124\151\053 -\323\307\217\152\104\344\176\130\047\370\013\320\344\224\022\212 -\361\033\070\070\057\037\061\234\006\324\054\247\336\013\052\256 -\032\240\343\236\152\277\237\074\307\156\242\371\213\144\154\072 -\255\205\125\121\124\245\070\125\270\253\203\004\362\077\144\066 -\367\300\215\103\103\152\146\321\367\027\052\325\357\066\372\060 -\020\102\327\123\315\371\372\063\163\114\263\351\204\040\212\326 -\101\047\065\344\070\372\224\233\270\172\344\171\037\063\373\033 -\330\041\011\050\174\115\030\151\136\144\212\172\031\223\312\176 -\354\363\162\347\067\007\130\131\050\254\102\371\305\377\315\077 -\347\245\372\070\26
commit ca-certificates-mozilla for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates-mozilla for openSUSE:Factory checked in at 2018-07-13 10:17:18 Comparing /work/SRC/openSUSE:Factory/ca-certificates-mozilla (Old) and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new (New) Package is "ca-certificates-mozilla" Fri Jul 13 10:17:18 2018 rev:40 rq:621348 version:2.24 Changes: --- /work/SRC/openSUSE:Factory/ca-certificates-mozilla/ca-certificates-mozilla.changes 2018-03-26 12:06:55.246530056 +0200 +++ /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new/ca-certificates-mozilla.changes 2018-07-13 10:17:21.126169674 +0200 @@ -1,0 +2,9 @@ +Fri Jul 6 14:40:58 UTC 2018 - meiss...@suse.com + +- Updated to 2.24 state of the Mozilla NSS Certificate store. (bsc#1100415) +- Removed CAs: + * S-TRUST_Universal_Root_CA:2.16.96.86.197.75.35.64.91.100.212.237.37.218.217.214.30.30.crt + * TC_TrustCenter_Class_3_CA_II:2.14.74.71.0.1.0.2.229.160.93.214.63.0.81.191.crt + * TÜRKTRUST_Elektronik_Sertifika_Hizmet_Sağlayıcısı_H5:2.7.0.142.23.254.36.32.129.crt + +--- Other differences: -- ++ ca-certificates-mozilla.spec ++ --- /var/tmp/diff_new_pack.uyvD4O/_old 2018-07-13 10:17:22.622171447 +0200 +++ /var/tmp/diff_new_pack.uyvD4O/_new 2018-07-13 10:17:22.622171447 +0200 @@ -26,7 +26,7 @@ Name: ca-certificates-mozilla # Version number is NSS_BUILTINS_LIBRARY_VERSION in this file: # http://hg.mozilla.org/projects/nss/file/default/lib/ckfw/builtins/nssckbi.h -Version:2.22 +Version:2.24 Release:0 Summary:CA certificates for OpenSSL License:MPL-2.0 ++ certdata.txt ++ --- /var/tmp/diff_new_pack.uyvD4O/_old 2018-07-13 10:17:22.698171537 +0200 +++ /var/tmp/diff_new_pack.uyvD4O/_new 2018-07-13 10:17:22.702171542 +0200 @@ -7241,163 +7241,6 @@ CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "TC TrustCenter Class 3 CA II" -# -# Issuer: CN=TC TrustCenter Class 3 CA II,OU=TC TrustCenter Class 3 CA,O=TC TrustCenter GmbH,C=DE -# Serial Number:4a:47:00:01:00:02:e5:a0:5d:d6:3f:00:51:bf -# Subject: CN=TC TrustCenter Class 3 CA II,OU=TC TrustCenter Class 3 CA,O=TC TrustCenter GmbH,C=DE -# Not Valid Before: Thu Jan 12 14:41:57 2006 -# Not Valid After : Wed Dec 31 22:59:59 2025 -# Fingerprint (MD5): 56:5F:AA:80:61:12:17:F6:67:21:E6:2B:6D:61:56:8E -# Fingerprint (SHA1): 80:25:EF:F4:6E:70:C8:D4:72:24:65:84:FE:40:3B:8A:8D:6A:DB:F5 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "TC TrustCenter Class 3 CA II" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\166\061\013\060\011\006\003\125\004\006\023\002\104\105\061 -\034\060\032\006\003\125\004\012\023\023\124\103\040\124\162\165 -\163\164\103\145\156\164\145\162\040\107\155\142\110\061\042\060 -\040\006\003\125\004\013\023\031\124\103\040\124\162\165\163\164 -\103\145\156\164\145\162\040\103\154\141\163\163\040\063\040\103 -\101\061\045\060\043\006\003\125\004\003\023\034\124\103\040\124 -\162\165\163\164\103\145\156\164\145\162\040\103\154\141\163\163 -\040\063\040\103\101\040\111\111 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\166\061\013\060\011\006\003\125\004\006\023\002\104\105\061 -\034\060\032\006\003\125\004\012\023\023\124\103\040\124\162\165 -\163\164\103\145\156\164\145\162\040\107\155\142\110\061\042\060 -\040\006\003\125\004\013\023\031\124\103\040\124\162\165\163\164 -\103\145\156\164\145\162\040\103\154\141\163\163\040\063\040\103 -\101\061\045\060\043\006\003\125\004\003\023\034\124\103\040\124 -\162\165\163\164\103\145\156\164\145\162\040\103\154\141\163\163 -\040\063\040\103\101\040\111\111 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\016\112\107\000\001\000\002\345\240\135\326\077\000\121\277 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\004\252\060\202\003\222\240\003\002\001\002\002\016\112 -\107\000\001\000\002\345\240\135\326\077\000\121\277\060\015\006 -\011\052\206\110\206\367\015\001\001\005\005\000\060\166\061\013 -\060\011\006\003\125\004\006\023\002\104\105\061\034\060\032\006 -\003\125\004\012\023\023\124\103\040\124\162\165\163\164\103\145 -\156\164\145\162\040\107\155\142\110\061\042\060\040\006\003\125 -\004\013\023\031\124\103\040\124\162\165\163\164\103\145\156\164 -\145\162\040\103\154\141\163\163\040\063\040\103\101\061\045\060 -\043\006\003\125\004\003\023\034\124\103\040\124\162\165\163\164 -\103\145\156\164\145\162\040\103\154\141\163\163\040\063\040\103 -\101\040\111\111\060\036\027\015\060\066\060\061\061\062\061\064 -\064\061\065\067\132\027\015\062\065\061\062\063\061\062\062\065 -\071\06
commit ca-certificates-mozilla for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates-mozilla for openSUSE:Factory checked in at 2018-03-26 12:06:37 Comparing /work/SRC/openSUSE:Factory/ca-certificates-mozilla (Old) and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new (New) Package is "ca-certificates-mozilla" Mon Mar 26 12:06:37 2018 rev:39 rq:589173 version:2.22 Changes: --- /work/SRC/openSUSE:Factory/ca-certificates-mozilla/ca-certificates-mozilla.changes 2018-01-26 13:35:49.707582343 +0100 +++ /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new/ca-certificates-mozilla.changes 2018-03-26 12:06:55.246530056 +0200 @@ -1,0 +2,5 @@ +Tue Mar 20 13:12:37 CET 2018 - ku...@suse.de + +- Use %license instead of %doc [bsc#1082318] + +--- Other differences: -- ++ ca-certificates-mozilla.spec ++ --- /var/tmp/diff_new_pack.gE86r2/_old 2018-03-26 12:06:59.466378893 +0200 +++ /var/tmp/diff_new_pack.gE86r2/_new 2018-03-26 12:06:59.470378750 +0200 @@ -125,7 +125,7 @@ %files %defattr(-, root, root) -%doc COPYING +%license COPYING %{trustdir_static} %changelog
commit ca-certificates-mozilla for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates-mozilla for openSUSE:Factory checked in at 2018-01-26 13:35:48 Comparing /work/SRC/openSUSE:Factory/ca-certificates-mozilla (Old) and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new (New) Package is "ca-certificates-mozilla" Fri Jan 26 13:35:48 2018 rev:38 rq:569458 version:2.22 Changes: --- /work/SRC/openSUSE:Factory/ca-certificates-mozilla/ca-certificates-mozilla.changes 2017-10-27 13:47:18.583593707 +0200 +++ /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new/ca-certificates-mozilla.changes 2018-01-26 13:35:49.707582343 +0100 @@ -1,0 +2,47 @@ +Thu Jan 25 09:43:25 UTC 2018 - meiss...@suse.com + +- Updated to 2.22 state of the Mozilla NSS Certificate store. +- Removed CAs: + + * ACEDICOM Root + * AddTrust Public CA Root + * AddTrust Qualified CA Root + * ApplicationCA - Japanese Government + * CA Disig Root R1 + * CA WoSign ECC Root + * Certification Authority of WoSign G2 + * Certinomis - Autorité Racine + * China Internet Network Information Center EV Certificates Root + * CNNIC ROOT + * Comodo Secure Certificate Services + * Comodo Trusted Certificate Services + * ComSign Secured CA + * DST ACES CA X6 + * GeoTrust Global CA 2 + * StartCom Certification Authority + * StartCom Certification Authority + * StartCom Certification Authority G2 + * Swisscom Root CA 1 + * TÜBİTAK UEKAE Kök Sertifika Hizmet Sağlayıcısı - Sürüm 3 + * TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı + * TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6 + * UTN USERFirst Hardware Root CA + * UTN USERFirst Object Root CA + * VeriSign Class 3 Secure Server CA - G2 + * WellsSecure Public Root Certificate Authority + * Certification Authority of WoSign + * WoSign China + +- Added CAs: + + * D-TRUST Root CA 3 2013 + * GDCA TrustAUTH R5 ROOT + * SSL.com EV Root Certification Authority ECC + * SSL.com EV Root Certification Authority RSA R2 + * SSL.com Root Certification Authority ECC + * SSL.com Root Certification Authority RSA + * TrustCor RootCert CA-1 + * TrustCor RootCert CA-2 + * TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1 + +--- Other differences: -- ++ ca-certificates-mozilla.spec ++ --- /var/tmp/diff_new_pack.bqoU7k/_old 2018-01-26 13:35:51.135515648 +0100 +++ /var/tmp/diff_new_pack.bqoU7k/_new 2018-01-26 13:35:51.139515461 +0100 @@ -1,7 +1,7 @@ # # spec file for package ca-certificates-mozilla # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -26,7 +26,7 @@ Name: ca-certificates-mozilla # Version number is NSS_BUILTINS_LIBRARY_VERSION in this file: # http://hg.mozilla.org/projects/nss/file/default/lib/ckfw/builtins/nssckbi.h -Version:2.11 +Version:2.22 Release:0 Summary:CA certificates for OpenSSL License:MPL-2.0 ++ certdata.txt ++ 30869 lines (skipped) between /work/SRC/openSUSE:Factory/ca-certificates-mozilla/certdata.txt and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new/certdata.txt ++ nssckbi.h ++ --- /var/tmp/diff_new_pack.bqoU7k/_old 2018-01-26 13:35:51.323506867 +0100 +++ /var/tmp/diff_new_pack.bqoU7k/_new 2018-01-26 13:35:51.323506867 +0100 @@ -22,31 +22,32 @@ * to the list of trusted certificates. * * The NSS_BUILTINS_LIBRARY_VERSION_MINOR macro needs to be bumped - * for each NSS minor release AND whenever we change the list of - * trusted certificates. 10 minor versions are allocated for each - * NSS 3.x branch as follows, allowing us to change the list of - * trusted certificates up to 9 times on each branch. - * - NSS 3.5 branch: 3-9 - * - NSS 3.6 branch: 10-19 - * - NSS 3.7 branch: 20-29 - * - NSS 3.8 branch: 30-39 - * - NSS 3.9 branch: 40-49 - * - NSS 3.10 branch: 50-59 - * - NSS 3.11 branch: 60-69 - * ... - * - NSS 3.12 branch: 70-89 - * - NSS 3.13 branch: 90-99 - * - NSS 3.14 branch: 100-109 - * ... - * - NSS 3.29 branch: 250-255 + * whenever we change the list of trusted certificates. + * + * Please use the following rules when increasing the version number: + * + * - starting with version 2.14, NSS_BUILTINS_LIBRARY_VERSION_MINOR + * must always be an EVEN number (e.g. 16, 18, 20 etc.) + * + * - whenever possible, if older branches require a modification to the + * list, these changes should be made on the main line of development (trunk), + * and the older branches should upd
commit ca-certificates-mozilla for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates-mozilla for openSUSE:Factory checked in at 2017-10-27 13:47:17 Comparing /work/SRC/openSUSE:Factory/ca-certificates-mozilla (Old) and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new (New) Package is "ca-certificates-mozilla" Fri Oct 27 13:47:17 2017 rev:37 rq:536559 version:2.11 Changes: --- /work/SRC/openSUSE:Factory/ca-certificates-mozilla/ca-certificates-mozilla.changes 2017-02-03 17:33:50.933415327 +0100 +++ /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new/ca-certificates-mozilla.changes 2017-10-27 13:47:18.583593707 +0200 @@ -1,0 +2,7 @@ +Wed Oct 25 12:40:36 UTC 2017 - jmate...@suse.com + +- convert processing script to Python 3 +- ensure a stable conversion of UTF8 hex-encoded certificate names +- ensure a stable ordering of trust/distrust bits in headers + +--- Other differences: -- ++ ca-certificates-mozilla.spec ++ --- /var/tmp/diff_new_pack.fZW1Hk/_old 2017-10-27 13:47:19.659543421 +0200 +++ /var/tmp/diff_new_pack.fZW1Hk/_new 2017-10-27 13:47:19.663543234 +0200 @@ -21,7 +21,7 @@ BuildRequires: ca-certificates BuildRequires: openssl -BuildRequires: python +BuildRequires: python3-base Name: ca-certificates-mozilla # Version number is NSS_BUILTINS_LIBRARY_VERSION in this file: @@ -77,7 +77,8 @@ fi %build -python %{SOURCE10} +export LANG=en_US.UTF-8 +python3 %{SOURCE10} %install mkdir -p %{buildroot}/%{trustdir_static}/anchors ++ certdata2pem.py ++ --- /var/tmp/diff_new_pack.fZW1Hk/_old 2017-10-27 13:47:19.779537813 +0200 +++ /var/tmp/diff_new_pack.fZW1Hk/_new 2017-10-27 13:47:19.779537813 +0200 @@ -1,4 +1,4 @@ -#!/usr/bin/python +#!/usr/bin/python3 # vim:set et sw=4: # # certdata2pem.py - splits certdata.txt into multiple files @@ -26,16 +26,16 @@ import re import sys import textwrap -import urllib +import urllib.parse objects = [] def printable_serial(obj): - return ".".join(map(lambda x:str(ord(x)), obj['CKA_SERIAL_NUMBER'])) + return ".".join([str(x) for x in obj['CKA_SERIAL_NUMBER']]) # Dirty file parser. in_data, in_multiline, in_obj = False, False, False -field, type, value, obj = None, None, None, dict() +field, vtype, value, obj = None, None, None, dict() for line in open('certdata.txt', 'r'): # Ignore the file header. if not in_data: @@ -55,10 +55,10 @@ continue if in_multiline: if not line.startswith('END'): -if type == 'MULTILINE_OCTAL': +if vtype == 'MULTILINE_OCTAL': line = line.strip() -for i in re.finditer(r'\\([0-3][0-7][0-7])', line): -value += chr(int(i.group(1), 8)) +numbers = [int(i.group(1), 8) for i in re.finditer(r'\\([0-3][0-7][0-7])', line)] +value += bytes(numbers) else: value += line continue @@ -69,19 +69,19 @@ in_obj = True line_parts = line.strip().split(' ', 2) if len(line_parts) > 2: -field, type = line_parts[0:2] +field, vtype = line_parts[0:2] value = ' '.join(line_parts[2:]) elif len(line_parts) == 2: -field, type = line_parts +field, vtype = line_parts value = None else: -raise NotImplementedError, 'line_parts < 2 not supported.\n' + line -if type == 'MULTILINE_OCTAL': +raise NotImplementedError('line_parts < 2 not supported.\n' + line) +if vtype == 'MULTILINE_OCTAL': in_multiline = True -value = "" +value = b"" continue obj[field] = value -if len(obj.items()) > 0: +if obj: objects.append(obj) # Build up trust database. @@ -91,7 +91,7 @@ continue key = obj['CKA_LABEL'] + printable_serial(obj) trustmap[key] = obj -print " added trust", key +print(" added trust", key) # Build up cert database. certmap = dict() @@ -100,7 +100,7 @@ continue key = obj['CKA_LABEL'] + printable_serial(obj) certmap[key] = obj -print " added cert", key +print(" added cert", key) def obj_to_filename(obj): label = obj['CKA_LABEL'][1:-1] @@ -109,7 +109,12 @@ .replace('(', '=')\ .replace(')', '=')\ .replace(',', '_') -label = re.sub(r'\\x[0-9a-fA-F]{2}', lambda m:chr(int(m.group(0)[2:], 16)), label) +# encode possible Unicode string to UTF8 bytes first +label = label.encode("utf8") +# decode hex escape sequences +label = re.sub(rb'\\x[0-9a-fA-F]{2}', lambda m:bytes([int(m.group(0)[2:], 16)]), label) +# read back UTF8 bytes +label = label.decode("utf8") seri
commit ca-certificates-mozilla for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates-mozilla for openSUSE:Factory checked in at 2017-02-01 09:48:14 Comparing /work/SRC/openSUSE:Factory/ca-certificates-mozilla (Old) and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new (New) Package is "ca-certificates-mozilla" Changes: --- /work/SRC/openSUSE:Factory/ca-certificates-mozilla/ca-certificates-mozilla.changes 2016-04-11 09:14:27.0 +0200 +++ /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new/ca-certificates-mozilla.changes 2017-02-03 17:33:50.933415327 +0100 @@ -1,0 +2,75 @@ +Tue Jan 24 12:46:29 UTC 2017 - meiss...@suse.com + +- updated to 2.11 state of the Mozilla NSS Certificate store. +- removed CAs: + - Buypass_Class_2_CA_1:2.1.1.crt +serverAuth + - EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı:2.8.76.175.115.66.28.142.116.2.crt +codeSigning emailProtection serverAuth + - Equifax_Secure_CA:2.4.53.222.244.207.crt +emailProtection + - Equifax_Secure_eBusiness_CA_1:2.1.4.crt +emailProtection + - Equifax_Secure_Global_eBusiness_CA:2.1.1.crt +emailProtection + - IGC_A:2.5.57.17.69.16.148.crt +codeSigning emailProtection serverAuth + - Juur-SK:2.4.59.142.75.252.crt +codeSigning serverAuth + - Root_CA_Generalitat_Valenciana:2.4.59.69.229.104.crt +codeSigning emailProtection serverAuth + - RSA_Security_2048_v3:2.16.10.1.1.1.0.0.2.124.0.0.0.10.0.0.0.2.crt +codeSigning emailProtection serverAuth + - Sonera_Class_1_Root_CA:2.1.36.crt +emailProtection + - S-TRUST_Authentication_and_Encryption_Root_CA_2005_PN:2.16.55.25.24.230.83.84.124.26.181.184.203.89.90.219.53.183.crt +emailProtection + - Verisign_Class_1_Public_Primary_Certification_Authority:2.16.63.105.30.129.156.240.154.74.243.115.255.185.72.162.228.221.crt +emailProtection + - Verisign_Class_2_Public_Primary_Certification_Authority_-_G2:2.17.0.185.47.96.204.136.159.161.122.70.9.184.91.112.108.138.175.crt +emailProtection + - Verisign_Class_3_Public_Primary_Certification_Authority:2.16.112.186.228.29.16.217.41.52.182.56.202.123.3.204.186.191.crt +emailProtection +- added CAs: + + AC_RAIZ_FNMT-RCM:2.15.93.147.141.48.103.54.200.6.29.26.199.84.132.105.7.crt +serverAuth + + Amazon_Root_CA_1:2.19.6.108.159.207.153.191.140.10.57.226.240.120.138.67.230.150.54.91.202.crt +emailProtection serverAuth + + Amazon_Root_CA_2:2.19.6.108.159.210.150.53.134.159.10.15.229.134.120.248.91.38.187.138.55.crt +emailProtection serverAuth + + Amazon_Root_CA_3:2.19.6.108.159.213.116.151.54.102.63.59.11.154.217.232.158.118.3.242.74.crt +emailProtection serverAuth + + Amazon_Root_CA_4:2.19.6.108.159.215.193.187.16.76.41.67.229.113.123.123.44.200.26.193.14.crt +emailProtection serverAuth + + Certplus_Root_CA_G1:2.18.17.32.85.131.228.45.62.84.86.133.45.131.55.183.44.220.70.17.crt +emailProtection serverAuth + + Certplus_Root_CA_G2:2.18.17.32.217.145.206.174.163.232.197.231.255.233.2.175.207.115.188.85.crt +emailProtection serverAuth + + Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015:2.1.0.crt +emailProtection serverAuth + + Hellenic_Academic_and_Research_Institutions_RootCA_2015:2.1.0.crt +emailProtection serverAuth + + ISRG_Root_X1:2.17.0.130.16.207.176.210.64.227.89.68.99.224.187.99.130.139.0.crt (bsc#1010996) +serverAuth + + LuxTrust_Global_Root_2:2.20.10.126.166.223.75.68.158.218.106.36.133.158.230.184.21.211.22.127.187.177.crt +serverAuth + + OpenTrust_Root_CA_G1:2.18.17.32.179.144.85.57.125.127.54.109.100.194.167.159.107.99.142.103.crt +emailProtection serverAuth + + OpenTrust_Root_CA_G2:2.18.17.32.161.105.27.191.189.185.189.82.150.143.35.232.72.191.38.17.crt +emailProtection serverAuth + + OpenTrust_Root_CA_G3:2.18.17.32.230.248.76.252.36.176.190.5.64.172.218.131.27.52.96.63.crt +emailProtection serverAuth + + Symantec_Class_1_Public_Primary_Certification_Authority_-_G4:2.16.33.110.51.165.203.211.136.164.111.41.7.180.39.60.196.216.crt +emailProtection + + Symantec_Class_1_Public_Primary_Certification_Authority_-_G6:2.16.36.50.117.242.29.47.210.9.51.247.180.106.202.208.243.152.crt +emailProtection + + Symantec_Class_2_Public_Primary_Certification_Authority_-_G4:2.16.52.23.101.18.64.59.183.86.128.45.128.203.121.85.166.30.crt +emailProtection + + Symantec_Class_2_Public_Primary_Certification_Authority_-_G6:2.16.100.130.158.252.55.30.116.93.252.151.255.151.200.177.255.65.crt +emailProtection + +- diff-from-upstream-2.7.patch: removed as we should be able to do + intermediate root chains now with openssl 1.0.2 and also gnutls 3.5 + is able to do so. + +--- Old: diff-from-upstream-2.7.patch ++
commit ca-certificates-mozilla for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates-mozilla for openSUSE:Factory checked in at 2016-04-11 09:13:55 Comparing /work/SRC/openSUSE:Factory/ca-certificates-mozilla (Old) and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new (New) Package is "ca-certificates-mozilla" Changes: --- /work/SRC/openSUSE:Factory/ca-certificates-mozilla/ca-certificates-mozilla.changes 2016-04-05 10:41:40.0 +0200 +++ /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new/ca-certificates-mozilla.changes 2016-04-11 09:14:27.0 +0200 @@ -1,0 +2,6 @@ +Wed Apr 6 11:21:32 UTC 2016 - meiss...@suse.com + +- diff-from-upstream-2.7.patch: restore some important legacy + CAs, otherwise Pidgin fails to talk to Google Talk for instance. + +--- New: diff-from-upstream-2.7.patch Other differences: -- ++ ca-certificates-mozilla.spec ++ --- /var/tmp/diff_new_pack.PfJYNX/_old 2016-04-11 09:14:28.0 +0200 +++ /var/tmp/diff_new_pack.PfJYNX/_new 2016-04-11 09:14:28.0 +0200 @@ -49,9 +49,8 @@ Source11: %{name}.COPYING Source12: compareoldnew -# temporary legacy patch -# openssl 1.0.2 should not need it anymore. -# Patch0: diff-from-upstream-2.2.patch +# openssl 1.0.2 might not need it anymore, but gnutls / pidgin does ... +Patch0: diff-from-upstream-2.7.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildArch: noarch @@ -72,7 +71,7 @@ %setup -qcT /bin/cp %{SOURCE0} . -#patch <%{PATCH0} +patch <%{PATCH0} install -m 644 %{SOURCE11} COPYING ver=`sed -ne '/NSS_BUILTINS_LIBRARY_VERSION /s/.*"\(.*\)"/\1/p' < "%{SOURCE1}"` ++ diff-from-upstream-2.7.patch ++ 1552 lines (skipped)
commit ca-certificates-mozilla for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates-mozilla for openSUSE:Factory checked in at 2016-04-05 10:41:38 Comparing /work/SRC/openSUSE:Factory/ca-certificates-mozilla (Old) and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new (New) Package is "ca-certificates-mozilla" Changes: --- /work/SRC/openSUSE:Factory/ca-certificates-mozilla/ca-certificates-mozilla.changes 2015-01-20 12:26:33.0 +0100 +++ /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new/ca-certificates-mozilla.changes 2016-04-05 10:41:40.0 +0200 @@ -1,0 +2,74 @@ +Thu Mar 31 13:07:40 UTC 2016 - meiss...@suse.com + +- Updated to 2.7. +- diff-from-upstream-2.2.patch: removed as openssl 1.0.2 can do + immediate root CAs. + +- Removed server trust from: + AC Raíz Certicámara S.A. + ComSign Secured CA + NetLock Uzleti (Class B) Tanusitvanykiado + NetLock Business (Class B) Root + NetLock Expressz (Class C) Tanusitvanykiado + TC TrustCenter Class 3 CA II + TURKTRUST Certificate Services Provider Root 1 + TURKTRUST Certificate Services Provider Root 2 + Equifax Secure Global eBusiness CA-1 + Verisign Class 4 Public Primary Certification Authority G3 +- enable server trust + Actalis Authentication Root CA +- Deleted CAs: + A Trust nQual 03 + Buypass Class 3 CA 1 + CA Disig + Digital Signature Trust Co Global CA 1 + Digital Signature Trust Co Global CA 3 + E Guven Kok Elektronik Sertifika Hizmet Saglayicisi + NetLock Expressz (Class C) Tanusitvanykiado + NetLock Kozjegyzoi (Class A) Tanusitvanykiado + NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado + NetLock Uzleti (Class B) Tanusitvanykiado + SG TRUST SERVICES RACINE + Staat der Nederlanden Root CA + TC TrustCenter Class 2 CA II + TC TrustCenter Universal CA I + TDC Internet Root CA + UTN DATACorp SGC Root CA + Verisign Class 1 Public Primary Certification Authority - G2 + Verisign Class 3 Public Primary Certification Authority + Verisign Class 3 Public Primary Certification Authority - G2 + +- New added CAs: + CA WoSign ECC Root + Certification Authority of WoSign + Certification Authority of WoSign G2 + Certinomis - Root CA + Certum Trusted Network CA 2 + CFCA EV ROOT + COMODO RSA Certification Authority + DigiCert Assured ID Root G2 + DigiCert Assured ID Root G3 + DigiCert Global Root G2 + DigiCert Global Root G3 + DigiCert Trusted Root G4 + Entrust Root Certification Authority - EC1 + Entrust Root Certification Authority - G2 + GlobalSign + GlobalSign + IdenTrust Commercial Root CA 1 + IdenTrust Public Sector Root CA 1 + OISTE WISeKey Global Root GB CA + QuoVadis Root CA 1 G3 + QuoVadis Root CA 2 G3 + QuoVadis Root CA 3 G3 + Staat der Nederlanden EV Root CA + Staat der Nederlanden Root CA - G3 + S-TRUST Universal Root CA + SZAFIR ROOT CA2 + TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5 + TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6 + USERTrust ECC Certification Authority + USERTrust RSA Certification Authority + 沃通根证书 + +--- Old: diff-from-upstream-2.2.patch Other differences: -- ++ ca-certificates-mozilla.spec ++ --- /var/tmp/diff_new_pack.WsHe3D/_old 2016-04-05 10:41:41.0 +0200 +++ /var/tmp/diff_new_pack.WsHe3D/_new 2016-04-05 10:41:41.0 +0200 @@ -1,7 +1,7 @@ # # spec file for package ca-certificates-mozilla # -# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -26,7 +26,7 @@ Name: ca-certificates-mozilla # Version number is NSS_BUILTINS_LIBRARY_VERSION in this file: # http://hg.mozilla.org/projects/nss/file/default/lib/ckfw/builtins/nssckbi.h -Version:2.2 +Version:2.7 Release:0 Summary:CA certificates for OpenSSL License:MPL-2.0 @@ -50,7 +50,8 @@ Source12: compareoldnew # temporary legacy patch -Patch0: diff-from-upstream-2.2.patch +# openssl 1.0.2 should not need it anymore. +# Patch0: diff-from-upstream-2.2.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildArch: noarch @@ -71,7 +72,7 @@ %setup -qcT /bin/cp %{SOURCE0} . -patch <%{PATCH0} +#patch <%{PATCH0} install -m 644 %{SOURCE11} COPYING ver=`sed -ne '/NSS_BUILTINS_LIBRARY_VERSION /s/.*"\(.*\)"/\1/p' < "%{SOURCE1}"` ++ certdata.txt ++ 6673 lines (skipped) between /work/SRC/openSUSE:Factory/ca-certificates-mozilla/certdata.txt and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.n
commit ca-certificates-mozilla for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates-mozilla for openSUSE:Factory checked in at 2015-01-20 12:26:28 Comparing /work/SRC/openSUSE:Factory/ca-certificates-mozilla (Old) and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new (New) Package is "ca-certificates-mozilla" Changes: --- /work/SRC/openSUSE:Factory/ca-certificates-mozilla/ca-certificates-mozilla.changes 2014-09-08 21:28:21.0 +0200 +++ /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new/ca-certificates-mozilla.changes 2015-01-20 12:26:33.0 +0100 @@ -1,0 +2,81 @@ +Wed Jan 14 09:40:00 UTC 2015 - meiss...@suse.com + +- diff-from-upstream-2.2.patch: + Temporary reenable some root ca trusts, as openssl/gnutls + have trouble using intermediates as root CA. + + - GTE CyberTrust Global Root + - Thawte Server CA + - Thawte Premium Server CA + - ValiCert Class 1 VA + - ValiCert Class 2 VA + - RSA Root Certificate 1 + - Entrust.net Secure Server CA + - America Online Root Certification Authority 1 + - America Online Root Certification Authority 2 + +--- +Mon Jan 12 16:45:23 UTC 2015 - meiss...@suse.com + +- Updated to 2.2 (bnc#888534) + - The following CAs were removed: ++ America_Online_Root_Certification_Authority_1 ++ America_Online_Root_Certification_Authority_2 ++ GTE_CyberTrust_Global_Root ++ Thawte_Premium_Server_CA ++ Thawte_Server_CA + - The following CAs were added: ++ COMODO_RSA_Certification_Authority + codeSigning emailProtection serverAuth ++ GlobalSign_ECC_Root_CA_-_R4 + codeSigning emailProtection serverAuth ++ GlobalSign_ECC_Root_CA_-_R5 + codeSigning emailProtection serverAuth ++ USERTrust_ECC_Certification_Authority + codeSigning emailProtection serverAuth ++ USERTrust_RSA_Certification_Authority + codeSigning emailProtection serverAuth ++ VeriSign-C3SSA-G2-temporary-intermediate-after-1024bit-removal + - The following CAs were changed: ++ Equifax_Secure_eBusiness_CA_1 + remote code signing and https trust, leave email trust ++ Verisign_Class_3_Public_Primary_Certification_Authority_-_G2 + only trust emailProtection + +--- +Tue Aug 26 13:30:12 UTC 2014 - meiss...@suse.com + +- Updated to 2.1 (bnc#888534) + +- The following 1024-bit CA certificates were removed + - Entrust.net Secure Server Certification Authority + - ValiCert Class 1 Policy Validation Authority + - ValiCert Class 2 Policy Validation Authority + - ValiCert Class 3 Policy Validation Authority + - TDC Internet Root CA +- The following CA certificates were added: + - Certification Authority of WoSign + - CA 沃通根证书 + - DigiCert Assured ID Root G2 + - DigiCert Assured ID Root G3 + - DigiCert Global Root G2 + - DigiCert Global Root G3 + - DigiCert Trusted Root G4 + - QuoVadis Root CA 1 G3 + - QuoVadis Root CA 2 G3 + - QuoVadis Root CA 3 G3 +- The Trust Bits were changed for the following CA certificates + - Class 3 Public Primary Certification Authority + - Class 3 Public Primary Certification Authority + - Class 2 Public Primary Certification Authority - G2 + - VeriSign Class 2 Public Primary Certification Authority - G3 + - AC Raíz Certicámara S.A. + - NetLock Uzleti (Class B) Tanusitvanykiado + - NetLock Expressz (Class C) Tanusitvanykiado + +- certdata-temporary-1024.patch: restore some certificates removed + from NSS as these are still used for some major sites. + openssl is not as clever as NSS in selecting the new ones in the + chain correctly. + +--- New: diff-from-upstream-2.2.patch Other differences: -- ++ ca-certificates-mozilla.spec ++ --- /var/tmp/diff_new_pack.ILfgMR/_old 2015-01-20 12:26:37.0 +0100 +++ /var/tmp/diff_new_pack.ILfgMR/_new 2015-01-20 12:26:37.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package ca-certificates-mozilla # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -25,8 +25,8 @@ Name: ca-certificates-mozilla # Version number is NSS_BUILTINS_LIBRARY_VERSION in this file: -# https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/nssckbi.h -Version:1.97 +# http://hg.mozilla.org/projects/nss/file/default/lib/ckfw/builtins/nssckbi.h +Version:2.2 Release:0 Summary:
commit ca-certificates-mozilla for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates-mozilla for openSUSE:Factory checked in at 2014-09-08 21:28:14 Comparing /work/SRC/openSUSE:Factory/ca-certificates-mozilla (Old) and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new (New) Package is "ca-certificates-mozilla" Changes: --- /work/SRC/openSUSE:Factory/ca-certificates-mozilla/ca-certificates-mozilla.changes 2014-08-30 18:55:50.0 +0200 +++ /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new/ca-certificates-mozilla.changes 2014-09-08 21:28:21.0 +0200 @@ -2,31 +1,0 @@ -Tue Aug 26 13:30:12 UTC 2014 - meiss...@suse.com - -- Updated to 2.1 (bnc#888534) - -- The following 1024-bit CA certificates were removed - - Entrust.net Secure Server Certification Authority - - ValiCert Class 1 Policy Validation Authority - - ValiCert Class 2 Policy Validation Authority - - ValiCert Class 3 Policy Validation Authority - - TDC Internet Root CA -- The following CA certificates were added: - - Certification Authority of WoSign - - CA 沃通根证书 - - DigiCert Assured ID Root G2 - - DigiCert Assured ID Root G3 - - DigiCert Global Root G2 - - DigiCert Global Root G3 - - DigiCert Trusted Root G4 - - QuoVadis Root CA 1 G3 - - QuoVadis Root CA 2 G3 - - QuoVadis Root CA 3 G3 -- The Trust Bits were changed for the following CA certificates - - Class 3 Public Primary Certification Authority - - Class 3 Public Primary Certification Authority - - Class 2 Public Primary Certification Authority - G2 - - VeriSign Class 2 Public Primary Certification Authority - G3 - - AC Raíz Certicámara S.A. - - NetLock Uzleti (Class B) Tanusitvanykiado - - NetLock Expressz (Class C) Tanusitvanykiado - Other differences: -- ++ ca-certificates-mozilla.spec ++ --- /var/tmp/diff_new_pack.ifMzTp/_old 2014-09-08 21:28:22.0 +0200 +++ /var/tmp/diff_new_pack.ifMzTp/_new 2014-09-08 21:28:22.0 +0200 @@ -26,7 +26,7 @@ Name: ca-certificates-mozilla # Version number is NSS_BUILTINS_LIBRARY_VERSION in this file: # https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/nssckbi.h -Version:2.1 +Version:1.97 Release:0 Summary:CA certificates for OpenSSL License:MPL-2.0 ++ certdata.txt ++ 2788 lines (skipped) between /work/SRC/openSUSE:Factory/ca-certificates-mozilla/certdata.txt and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new/certdata.txt ++ nssckbi.h ++ --- /var/tmp/diff_new_pack.ifMzTp/_old 2014-09-08 21:28:22.0 +0200 +++ /var/tmp/diff_new_pack.ifMzTp/_new 2014-09-08 21:28:22.0 +0200 @@ -44,9 +44,9 @@ * whether we may use its full range (0-255) or only 0-99 because * of the comment in the CK_VERSION type definition. */ -#define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 2 -#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 1 -#define NSS_BUILTINS_LIBRARY_VERSION "2.1" +#define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 1 +#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 97 +#define NSS_BUILTINS_LIBRARY_VERSION "1.97" /* These version numbers detail the semantic changes to the ckfw engine. */ #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1 -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ca-certificates-mozilla for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates-mozilla for openSUSE:Factory checked in at 2014-08-30 18:55:49 Comparing /work/SRC/openSUSE:Factory/ca-certificates-mozilla (Old) and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new (New) Package is "ca-certificates-mozilla" Changes: --- /work/SRC/openSUSE:Factory/ca-certificates-mozilla/ca-certificates-mozilla.changes 2014-06-25 15:24:00.0 +0200 +++ /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new/ca-certificates-mozilla.changes 2014-08-30 18:55:50.0 +0200 @@ -1,0 +2,31 @@ +Tue Aug 26 13:30:12 UTC 2014 - meiss...@suse.com + +- Updated to 2.1 (bnc#888534) + +- The following 1024-bit CA certificates were removed + - Entrust.net Secure Server Certification Authority + - ValiCert Class 1 Policy Validation Authority + - ValiCert Class 2 Policy Validation Authority + - ValiCert Class 3 Policy Validation Authority + - TDC Internet Root CA +- The following CA certificates were added: + - Certification Authority of WoSign + - CA 沃通根证书 + - DigiCert Assured ID Root G2 + - DigiCert Assured ID Root G3 + - DigiCert Global Root G2 + - DigiCert Global Root G3 + - DigiCert Trusted Root G4 + - QuoVadis Root CA 1 G3 + - QuoVadis Root CA 2 G3 + - QuoVadis Root CA 3 G3 +- The Trust Bits were changed for the following CA certificates + - Class 3 Public Primary Certification Authority + - Class 3 Public Primary Certification Authority + - Class 2 Public Primary Certification Authority - G2 + - VeriSign Class 2 Public Primary Certification Authority - G3 + - AC Raíz Certicámara S.A. + - NetLock Uzleti (Class B) Tanusitvanykiado + - NetLock Expressz (Class C) Tanusitvanykiado + +--- Other differences: -- ++ ca-certificates-mozilla.spec ++ --- /var/tmp/diff_new_pack.f3j9RC/_old 2014-08-30 18:55:53.0 +0200 +++ /var/tmp/diff_new_pack.f3j9RC/_new 2014-08-30 18:55:53.0 +0200 @@ -26,7 +26,7 @@ Name: ca-certificates-mozilla # Version number is NSS_BUILTINS_LIBRARY_VERSION in this file: # https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/nssckbi.h -Version:1.97 +Version:2.1 Release:0 Summary:CA certificates for OpenSSL License:MPL-2.0 ++ certdata.txt ++ 2740 lines (skipped) between /work/SRC/openSUSE:Factory/ca-certificates-mozilla/certdata.txt and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new/certdata.txt ++ nssckbi.h ++ --- /var/tmp/diff_new_pack.f3j9RC/_old 2014-08-30 18:55:53.0 +0200 +++ /var/tmp/diff_new_pack.f3j9RC/_new 2014-08-30 18:55:53.0 +0200 @@ -44,9 +44,9 @@ * whether we may use its full range (0-255) or only 0-99 because * of the comment in the CK_VERSION type definition. */ -#define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 1 -#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 97 -#define NSS_BUILTINS_LIBRARY_VERSION "1.97" +#define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 2 +#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 1 +#define NSS_BUILTINS_LIBRARY_VERSION "2.1" /* These version numbers detail the semantic changes to the ckfw engine. */ #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1 -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ca-certificates-mozilla for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates-mozilla for openSUSE:Factory checked in at 2014-06-25 15:23:59 Comparing /work/SRC/openSUSE:Factory/ca-certificates-mozilla (Old) and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new (New) Package is "ca-certificates-mozilla" Changes: --- /work/SRC/openSUSE:Factory/ca-certificates-mozilla/ca-certificates-mozilla.changes 2014-06-18 10:59:45.0 +0200 +++ /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new/ca-certificates-mozilla.changes 2014-06-25 15:24:00.0 +0200 @@ -1,0 +2,5 @@ +Wed Jun 18 15:05:23 UTC 2014 - meiss...@suse.com + +- do not provide openssl-certs, just obsolete it. + +--- Other differences: -- ++ ca-certificates-mozilla.spec ++ --- /var/tmp/diff_new_pack.os8EJg/_old 2014-06-25 15:24:01.0 +0200 +++ /var/tmp/diff_new_pack.os8EJg/_new 2014-06-25 15:24:01.0 +0200 @@ -56,8 +56,8 @@ Requires(post):ca-certificates Requires(postun): ca-certificates # -Provides: openssl-certs = %version -Obsoletes: openssl-certs < %version +# replaces this package from SLE11 times +Obsoletes: openssl-certs %description This package contains some CA root certificates for OpenSSL extracted -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ca-certificates-mozilla for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates-mozilla for openSUSE:Factory checked in at 2014-06-18 10:59:38 Comparing /work/SRC/openSUSE:Factory/ca-certificates-mozilla (Old) and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new (New) Package is "ca-certificates-mozilla" Changes: --- /work/SRC/openSUSE:Factory/ca-certificates-mozilla/ca-certificates-mozilla.changes 2014-02-25 16:41:07.0 +0100 +++ /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new/ca-certificates-mozilla.changes 2014-06-18 10:59:45.0 +0200 @@ -1,0 +2,17 @@ +Tue Jun 10 12:52:29 UTC 2014 - meiss...@suse.com + +- in sle11 we bumped openssl-certs version to match the NSS version, + so provide/obsolete the current version. + +--- +Wed Jun 4 08:21:33 UTC 2014 - lnus...@suse.de + +- updated certificates to revision 1.97 (bnc#881241) + new: "Atos TrustedRoot 2011" (codeSigning emailProtection serverAuth) + new: "Tugra Certification Authority" (codeSigning serverAuth) + removed: "Firmaprofesional Root CA" + removed: "TDC OCES Root CA" + new: "TeliaSonera Root CA v1" (emailProtection serverAuth) + new: "T-TeleSec GlobalRoot Class 2" (emailProtection serverAuth) + +--- Other differences: -- ++ ca-certificates-mozilla.spec ++ --- /var/tmp/diff_new_pack.7dVaXR/_old 2014-06-18 10:59:46.0 +0200 +++ /var/tmp/diff_new_pack.7dVaXR/_new 2014-06-18 10:59:46.0 +0200 @@ -26,7 +26,7 @@ Name: ca-certificates-mozilla # Version number is NSS_BUILTINS_LIBRARY_VERSION in this file: # https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/nssckbi.h -Version:1.96 +Version:1.97 Release:0 Summary:CA certificates for OpenSSL License:MPL-2.0 @@ -38,8 +38,10 @@ # - download the new certdata.txt # wget -O certdata.txt "https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt"; # - run compareoldnew to show fingerprints of new and changed certificates -# - check the bugs referenced in cvs log and compare the checksum +# - check the bugs referenced in hg log and compare the checksum # to output of compareoldnew +# The correct history of the file is actually in the nss repo: +# http://hg.mozilla.org/projects/nss/log/8f026c806587/lib/ckfw/builtins/certdata.txt # - Watch out that blacklisted or untrusted certificates are not # accidentally included! Source: https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt @@ -54,8 +56,8 @@ Requires(post):ca-certificates Requires(postun): ca-certificates # -Provides: openssl-certs = 0.9.9 -Obsoletes: openssl-certs < 0.9.9 +Provides: openssl-certs = %version +Obsoletes: openssl-certs < %version %description This package contains some CA root certificates for OpenSSL extracted ++ certdata.txt ++ 1103 lines (skipped) between /work/SRC/openSUSE:Factory/ca-certificates-mozilla/certdata.txt and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new/certdata.txt ++ compareoldnew ++ --- /var/tmp/diff_new_pack.7dVaXR/_old 2014-06-18 10:59:46.0 +0200 +++ /var/tmp/diff_new_pack.7dVaXR/_new 2014-06-18 10:59:46.0 +0200 @@ -8,7 +8,8 @@ showcert() { openssl x509 -in "$1" -noout -subject -fingerprint -nameopt multiline,utf8,-esc_msb \ - | sed -ne 's/ *commonName *= / CN: /p; s/.*Fingerprint=/ sha1: /p' + | sed -ne 's/ *commonName *= / CN=/p; s/.*Fingerprint=/ sha1=/p' + sed -ne '/^# \(openssl\|distrust\|alias\)/s/^#/ /p' < "$1" } cleanup trap cleanup EXIT @@ -32,13 +33,13 @@ new="$2" common="$3" if [ -n "$old" ]; then - echo "> removed: $old" + echo "- $old" showcert old/$old elif [ -n "$new" ]; then - echo "> new: $new" + echo "+ $new" showcert new/$new elif ! cmp "old/$common" "new/$common"; then - echo "> changed: $common" + echo "~ $common" showcert old/$common showcert new/$common diff -u old/$common new/$common || true ++ nssckbi.h ++ --- /var/tmp/diff_new_pack.7dVaXR/_old 2014-06-18 10:59:46.0 +0200 +++ /var/tmp/diff_new_pack.7dVaXR/_new 2014-06-18 10:59:46.0 +0200 @@ -45,8 +45,8 @@ * of the comment in the CK_VERSION type definition. */ #define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 1 -#define NSS_BUI
commit ca-certificates-mozilla for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates-mozilla for openSUSE:Factory checked in at 2014-02-25 16:41:06 Comparing /work/SRC/openSUSE:Factory/ca-certificates-mozilla (Old) and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new (New) Package is "ca-certificates-mozilla" Changes: --- /work/SRC/openSUSE:Factory/ca-certificates-mozilla/ca-certificates-mozilla.changes 2013-12-17 10:00:37.0 +0100 +++ /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new/ca-certificates-mozilla.changes 2014-02-25 16:41:07.0 +0100 @@ -1,0 +2,9 @@ +Fri Feb 21 16:18:35 UTC 2014 - meiss...@suse.com + +- updated certificates to revision 1.96 (bnc#865080) + new: ACCVRAIZ1.pem (Spain) (all trusts) + new: SG_TRUST_SERVICES_RACINE.pem (Singapore) (email signing only) + new: TWCA_Global_Root_CA.pem (Taiwanese) (all trusts) + removed: Wells_Fargo_Root_CA.pem + +--- Other differences: -- ++ ca-certificates-mozilla.spec ++ --- /var/tmp/diff_new_pack.EjUGmd/_old 2014-02-25 16:41:08.0 +0100 +++ /var/tmp/diff_new_pack.EjUGmd/_new 2014-02-25 16:41:08.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package ca-certificates-mozilla # -# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -26,7 +26,7 @@ Name: ca-certificates-mozilla # Version number is NSS_BUILTINS_LIBRARY_VERSION in this file: # https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/nssckbi.h -Version:1.95 +Version:1.96 Release:0 Summary:CA certificates for OpenSSL License:MPL-2.0 ++ certdata.txt ++ 5325 lines (skipped) between /work/SRC/openSUSE:Factory/ca-certificates-mozilla/certdata.txt and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new/certdata.txt ++ nssckbi.h ++ --- /var/tmp/diff_new_pack.EjUGmd/_old 2014-02-25 16:41:08.0 +0100 +++ /var/tmp/diff_new_pack.EjUGmd/_new 2014-02-25 16:41:08.0 +0100 @@ -45,8 +45,8 @@ * of the comment in the CK_VERSION type definition. */ #define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 1 -#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 95 -#define NSS_BUILTINS_LIBRARY_VERSION "1.95" +#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 96 +#define NSS_BUILTINS_LIBRARY_VERSION "1.96" /* These version numbers detail the semantic changes to the ckfw engine. */ #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1 -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ca-certificates-mozilla for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates-mozilla for openSUSE:Factory checked in at 2013-12-17 10:00:36 Comparing /work/SRC/openSUSE:Factory/ca-certificates-mozilla (Old) and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new (New) Package is "ca-certificates-mozilla" Changes: --- /work/SRC/openSUSE:Factory/ca-certificates-mozilla/ca-certificates-mozilla.changes 2013-11-07 08:34:03.0 +0100 +++ /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new/ca-certificates-mozilla.changes 2013-12-17 10:00:37.0 +0100 @@ -1,0 +2,12 @@ +Mon Dec 9 16:01:29 UTC 2013 - meiss...@suse.com + +- Updated to 1.95 + Distrust a sub-ca that issued google.com certificates. + "Distrusted AC DG Tresor SSL" (bnc#854367) + +--- +Mon Dec 9 09:56:32 UTC 2013 - lnus...@suse.de + +- fix handling of certificates with same name (bnc#854163) + +--- Other differences: -- ++ ca-certificates-mozilla.spec ++ --- /var/tmp/diff_new_pack.FUEecT/_old 2013-12-17 10:00:38.0 +0100 +++ /var/tmp/diff_new_pack.FUEecT/_new 2013-12-17 10:00:38.0 +0100 @@ -26,7 +26,7 @@ Name: ca-certificates-mozilla # Version number is NSS_BUILTINS_LIBRARY_VERSION in this file: # https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/nssckbi.h -Version:1.94 +Version:1.95 Release:0 Summary:CA certificates for OpenSSL License:MPL-2.0 @@ -94,10 +94,19 @@ [ -z "$alias" ] || args+=('-setalias' "$alias") echo "$i ${args[*]}" + fname="%{buildroot}/%{trustdir_static}$d/${i%%:*}.pem" + if [ -e "$fname" ]; then + fname="${fname%.pem}" + j=1 + while [ -e "$fname.$j.pem" ]; do + j=$((j+1)) + done + fname="$fname.$j.pem" + fi { grep '^#' "$i" openssl x509 -in "$i" "${args[@]}" - } > "%{buildroot}/%{trustdir_static}$d/${i%%:*}.pem" + } > "$fname" done for i in *.p11-kit ; do install -m 644 "$i" "%{buildroot}/%{trustdir_static}" ++ certdata.txt ++ --- /var/tmp/diff_new_pack.FUEecT/_old 2013-12-17 10:00:38.0 +0100 +++ /var/tmp/diff_new_pack.FUEecT/_new 2013-12-17 10:00:38.0 +0100 @@ -12376,6 +12376,34 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE +# Distrust "Distrusted AC DG Tresor SSL" +# Issuer: CN=AC DGTPE Signature Authentification,O=DGTPE,C=FR +# Serial Number: 204199 (0x31da7) +# Subject: CN=AC DG Tr..sor SSL,O=DG Tr..sor,C=FR +# Not Valid Before: Thu Jul 18 10:05:28 2013 +# Not Valid After : Fri Jul 18 10:05:28 2014 +# Fingerprint (MD5): 3A:EA:9E:FC:00:0C:E2:06:6C:E0:AC:39:C1:31:DE:C8 +# Fingerprint (SHA1): 5C:E3:39:46:5F:41:A1:E4:23:14:9F:65:54:40:95:40:4D:E6:EB:E2 +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Distrusted AC DG Tresor SSL" +CKA_ISSUER MULTILINE_OCTAL +\060\113\061\013\060\011\006\003\125\004\006\023\002\106\122\061 +\016\060\014\006\003\125\004\012\023\005\104\107\124\120\105\061 +\054\060\052\006\003\125\004\003\023\043\101\103\040\104\107\124 +\120\105\040\123\151\147\156\141\164\165\162\145\040\101\165\164 +\150\145\156\164\151\146\151\143\141\164\151\157\156 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\003\003\035\247 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + # # Certificate "Security Communication EV RootCA1" # ++ nssckbi.h ++ --- /var/tmp/diff_new_pack.FUEecT/_old 2013-12-17 10:00:38.0 +0100 +++ /var/tmp/diff_new_pack.FUEecT/_new 2013-12-17 10:00:38.0 +0100 @@ -45,8 +45,8 @@ * of the comment in the CK_VERSION type definition. */ #define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 1 -#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 94 -#define NSS_BUILTINS_LIBRARY_VERSION "1.94" +#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 95 +#define NSS_BUILTINS_LIBRARY_VERSION "1.95" /* These version numbers detail the semantic changes to the ckfw engine. */ #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1 -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ca-certificates-mozilla for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates-mozilla for openSUSE:Factory checked in at 2013-11-07 08:34:02 Comparing /work/SRC/openSUSE:Factory/ca-certificates-mozilla (Old) and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new (New) Package is "ca-certificates-mozilla" Changes: --- /work/SRC/openSUSE:Factory/ca-certificates-mozilla/ca-certificates-mozilla.changes 2013-08-30 11:33:03.0 +0200 +++ /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new/ca-certificates-mozilla.changes 2013-11-07 08:34:03.0 +0100 @@ -1,0 +2,36 @@ +Tue Oct 29 13:52:16 UTC 2013 - meiss...@suse.com + +- Updated to 1.94 + * new: CA_Disig_Root_R1:2.9.0.195.3.154.238.80.144.110.40.crt +server auth, code signing, email signing + * new: CA_Disig_Root_R2:2.9.0.146.184.136.219.176.138.193.99.crt +server auth, code signing, email signing + * new: China_Internet_Network_Information_Center_EV_Certificates_Root:2.4.72.159.0.1.crt +server auth + * changed: Digital_Signature_Trust_Co._Global_CA_1:2.4.54.112.21.150.crt +removed code signing and server auth abilities + * changed: Digital_Signature_Trust_Co._Global_CA_3:2.4.54.110.211.206.crt +removed code signing and server auth abilities + * new: D-TRUST_Root_Class_3_CA_2_2009:2.3.9.131.243.crt +server auth + * new: D-TRUST_Root_Class_3_CA_2_EV_2009:2.3.9.131.244.crt +server auth + * removed: Entrust.net_Premium_2048_Secure_Server_CA:2.4.56.99.185.102.crt + * new: Entrust.net_Premium_2048_Secure_Server_CA:2.4.56.99.222.248.crt +I think the missing flags were adjusted. + * removed: Equifax_Secure_eBusiness_CA_2:2.4.55.112.207.181.crt + * new: PSCProcert:2.1.11.crt +server auth, code signing, email signing + * new: Swisscom_Root_CA_2:2.16.30.158.40.232.72.242.229.239.195.124.74.30.90.24.103.182.crt +server auth, code signing, email signing + * new: Swisscom_Root_EV_CA_2:2.17.0.242.250.100.226.116.99.211.141.253.16.29.4.31.118.202.88.crt +server auth, code signing + * changed: TC_TrustCenter_Universal_CA_III:2.14.99.37.0.1.0.2.20.141.51.21.2.228.108.244.crt +removed all abilities + * new: TURKTRUST_Certificate_Services_Provider_Root_2007:2.1.1.crt +server auth, code signing + * changed: TWCA_Root_Certification_Authority:2.1.1.crt +added code signing ability +- removed temporary Entrust.net_Premium_2048_Secure_Server_CA.p11-kit override. + +--- Old: Entrust.net_Premium_2048_Secure_Server_CA.p11-kit Other differences: -- ++ ca-certificates-mozilla.spec ++ --- /var/tmp/diff_new_pack.kQkFw5/_old 2013-11-07 08:34:04.0 +0100 +++ /var/tmp/diff_new_pack.kQkFw5/_new 2013-11-07 08:34:04.0 +0100 @@ -26,7 +26,7 @@ Name: ca-certificates-mozilla # Version number is NSS_BUILTINS_LIBRARY_VERSION in this file: # https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/nssckbi.h -Version:1.93 +Version:1.94 Release:0 Summary:CA certificates for OpenSSL License:MPL-2.0 @@ -48,11 +48,6 @@ Source10: certdata2pem.py Source11: %{name}.COPYING Source12: compareoldnew -# make p11-kit think there are basic constraints in the Entrust -# cert (https://bugs.freedesktop.org/show_bug.cgi?id=62064) -# Remove after the updated cert is accepted into NSS -# https://bugzilla.mozilla.org/show_bug.cgi?id=694536 -Source99: Entrust.net_Premium_2048_Secure_Server_CA.p11-kit BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildArch: noarch # for update-ca-certificates @@ -104,7 +99,7 @@ openssl x509 -in "$i" "${args[@]}" } > "%{buildroot}/%{trustdir_static}$d/${i%%:*}.pem" done -for i in *.p11-kit %{SOURCE99}; do +for i in *.p11-kit ; do install -m 644 "$i" "%{buildroot}/%{trustdir_static}" done set -x ++ certdata.txt ++ 1838 lines (skipped) between /work/SRC/openSUSE:Factory/ca-certificates-mozilla/certdata.txt and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new/certdata.txt ++ nssckbi.h ++ --- /var/tmp/diff_new_pack.kQkFw5/_old 2013-11-07 08:34:04.0 +0100 +++ /var/tmp/diff_new_pack.kQkFw5/_new 2013-11-07 08:34:04.0 +0100 @@ -45,8 +45,8 @@ * of the comment in the CK_VERSION type definition. */ #define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 1 -#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 93 -#define NSS_BUILTINS_LIBRARY_VERSION "1.93" +#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 94 +#define NSS_BUILTINS_LIBRARY_VERSION "1.94" /* These version numbers detail the semantic changes to the ckfw engine. */ #define NSS_BUILTINS_HA
commit ca-certificates-mozilla for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates-mozilla for openSUSE:Factory checked in at 2013-08-30 11:33:02 Comparing /work/SRC/openSUSE:Factory/ca-certificates-mozilla (Old) and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new (New) Package is "ca-certificates-mozilla" Changes: --- /work/SRC/openSUSE:Factory/ca-certificates-mozilla/ca-certificates-mozilla.changes 2013-07-25 13:18:19.0 +0200 +++ /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new/ca-certificates-mozilla.changes 2013-08-30 11:33:03.0 +0200 @@ -1,0 +2,5 @@ +Mon Aug 19 13:07:07 UTC 2013 - lnus...@suse.de + +- update Entrust root attributes to new format used by p11-kit + +--- Old: Entrust_net_Premium_2048_Secure_Server_CA.p11-kit New: Entrust.net_Premium_2048_Secure_Server_CA.p11-kit Other differences: -- ++ ca-certificates-mozilla.spec ++ --- /var/tmp/diff_new_pack.ptZvju/_old 2013-08-30 11:33:03.0 +0200 +++ /var/tmp/diff_new_pack.ptZvju/_new 2013-08-30 11:33:03.0 +0200 @@ -52,7 +52,7 @@ # cert (https://bugs.freedesktop.org/show_bug.cgi?id=62064) # Remove after the updated cert is accepted into NSS # https://bugzilla.mozilla.org/show_bug.cgi?id=694536 -Source99: Entrust_net_Premium_2048_Secure_Server_CA.p11-kit +Source99: Entrust.net_Premium_2048_Secure_Server_CA.p11-kit BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildArch: noarch # for update-ca-certificates ++ Entrust_net_Premium_2048_Secure_Server_CA.p11-kit -> Entrust.net_Premium_2048_Secure_Server_CA.p11-kit ++ --- /work/SRC/openSUSE:Factory/ca-certificates-mozilla/Entrust_net_Premium_2048_Secure_Server_CA.p11-kit 2013-07-25 13:18:19.0 +0200 +++ /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new/Entrust.net_Premium_2048_Secure_Server_CA.p11-kit 2013-08-30 11:33:03.0 +0200 @@ -1,8 +1,8 @@ [p11-kit-object-v1] label: "Add missing BasicConstraints for Entrust root" id: "%55%e4%81%d1%11%80%be%d8%89%b9%08%a3%31%f9%a1%24%09%16%b9%70" +x-public-key-info: "%30%82%01%22%30%0d%06%09%2a%86%48%86%f7%0d%01%01%01%05%00%03%82%01%0f%00%30%82%01%0a%02%82%01%01%00%ad%4d%4b%a9%12%86%b2%ea%a3%20%07%15%16%64%2a%2b%4b%d1%bf%0b%4a%4d%8e%ed%80%76%a5%67%b7%78%40%c0%73%42%c8%68%c0%db%53%2b%dd%5e%b8%76%98%35%93%8b%1a%9d%7c%13%3a%0e%1f%5b%b7%1e%cf%e5%24%14%1e%b1%81%a9%8d%7d%b8%cc%6b%4b%03%f1%02%0c%dc%ab%a5%40%24%00%7f%74%94%a1%9d%08%29%b3%88%0b%f5%87%77%9d%55%cd%e4%c3%7e%d7%6a%64%ab%85%14%86%95%5b%97%32%50%6f%3d%c8%ba%66%0c%e3%fc%bd%b8%49%c1%76%89%49%19%fd%c0%a8%bd%89%a3%67%2f%c6%9f%bc%71%19%60%b8%2d%e9%2c%c9%90%76%66%7b%94%e2%af%78%d6%65%53%5d%3c%d6%9c%b2%cf%29%03%f9%2f%a4%50%b2%d4%48%ce%05%32%55%8a%fd%b2%64%4c%0e%e4%98%07%75%db%7f%df%b9%08%55%60%85%30%29%f9%7b%48%a4%69%86%e3%35%3f%1e%86%5d%7a%7a%15%bd%ef%00%8e%15%22%54%17%00%90%26%93%bc%0e%49%68%91%bf%f8%47%d3%9d%95%42%c1%0e%4d%df%6f%26%cf%c3%18%21%62%66%43%70%d6%d5%c0%07%e1%02%03%01%00%01" class: x-certificate-extension object-id: 2.5.29.19 -x-critical: true -value: "%30%03%01%01%FF" +value: "%30%0f%06%03%55%1d%13%01%01%ff%04%05%30%03%01%01%ff" -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ca-certificates-mozilla for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates-mozilla for openSUSE:Factory checked in at 2013-07-25 13:18:17 Comparing /work/SRC/openSUSE:Factory/ca-certificates-mozilla (Old) and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new (New) Package is "ca-certificates-mozilla" Changes: --- /work/SRC/openSUSE:Factory/ca-certificates-mozilla/ca-certificates-mozilla.changes 2013-07-03 10:15:10.0 +0200 +++ /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new/ca-certificates-mozilla.changes 2013-07-25 13:18:19.0 +0200 @@ -1,0 +2,15 @@ +Wed Jul 24 15:05:31 UTC 2013 - lnus...@suse.de + +- remove superfluous double quotes from certificate names + +--- +Wed Jul 24 14:21:18 UTC 2013 - lnus...@suse.de + +- add fake basic contraints to Entrust root so p11-kit export the cert + (bnc#829471) +- add nssckbi.h that matches certdata.txt; make sure package has the + correct version number which is currently 1.93. No actual content + change in certdata.txt compared to 1.85, it's just that the + versioning scheme changed. + +--- New: Entrust_net_Premium_2048_Secure_Server_CA.p11-kit nssckbi.h Other differences: -- ++ ca-certificates-mozilla.spec ++ --- /var/tmp/diff_new_pack.kNIjM0/_old 2013-07-25 13:18:21.0 +0200 +++ /var/tmp/diff_new_pack.kNIjM0/_new 2013-07-25 13:18:21.0 +0200 @@ -24,28 +24,35 @@ BuildRequires: python Name: ca-certificates-mozilla -Version:1.85 +# Version number is NSS_BUILTINS_LIBRARY_VERSION in this file: +# https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/nssckbi.h +Version:1.93 Release:0 Summary:CA certificates for OpenSSL License:MPL-2.0 Group: Productivity/Networking/Security Url:http://www.mozilla.org # IMPORTANT: procedure to update certificates: -# - Check the CVS log of the cert file: -# http://bonsai.mozilla.org/cvslog.cgi?file=mozilla/security/nss/lib/ckfw/builtins/certdata.txt&rev=HEAD -# Alternatively hg: +# - Check the log of the cert file: # http://hg.mozilla.org/releases/mozilla-release/file/tip/security/nss/lib/ckfw/builtins/certdata.txt # - download the new certdata.txt -# wget -O certdata.txt "http://mxr.mozilla.org/mozilla/source//security/nss/lib/ckfw/builtins/certdata.txt?raw=1"; +# wget -O certdata.txt "https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt"; # - run compareoldnew to show fingerprints of new and changed certificates # - check the bugs referenced in cvs log and compare the checksum # to output of compareoldnew # - Watch out that blacklisted or untrusted certificates are not # accidentally included! -Source: certdata.txt -Source1:certdata2pem.py -Source2:%{name}.COPYING -Source3:compareoldnew +Source: https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt +Source1: https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/nssckbi.h +# from Fedora. Note: currently contains extra fix to remove quotes. Pending upstream approval. +Source10: certdata2pem.py +Source11: %{name}.COPYING +Source12: compareoldnew +# make p11-kit think there are basic constraints in the Entrust +# cert (https://bugs.freedesktop.org/show_bug.cgi?id=62064) +# Remove after the updated cert is accepted into NSS +# https://bugzilla.mozilla.org/show_bug.cgi?id=694536 +Source99: Entrust_net_Premium_2048_Secure_Server_CA.p11-kit BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildArch: noarch # for update-ca-certificates @@ -64,10 +71,15 @@ %prep %setup -qcT /bin/cp %{SOURCE0} . -install -m 644 %{SOURCE2} COPYING +install -m 644 %{SOURCE11} COPYING +ver=`sed -ne '/NSS_BUILTINS_LIBRARY_VERSION /s/.*"\(.*\)"/\1/p' < "%{SOURCE1}"` +if [ "%{version}" != "$ver" ]; then + echo "*** Version number mismatch: spec file should be version $ver" + false +fi %build -python %{SOURCE1} +python %{SOURCE10} %install mkdir -p %{buildroot}/%{trustdir_static}/anchors @@ -92,7 +104,7 @@ openssl x509 -in "$i" "${args[@]}" } > "%{buildroot}/%{trustdir_static}$d/${i%%:*}.pem" done -for i in *.p11-kit; do +for i in *.p11-kit %{SOURCE99}; do install -m 644 "$i" "%{buildroot}/%{trustdir_static}" done set -x ++ Entrust_net_Premium_2048_Secure_Server_CA.p11-kit ++ [p11-kit-object-v1] label: "Add missing BasicCon
commit ca-certificates-mozilla for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates-mozilla for openSUSE:Factory checked in at 2013-07-03 10:15:09 Comparing /work/SRC/openSUSE:Factory/ca-certificates-mozilla (Old) and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new (New) Package is "ca-certificates-mozilla" Changes: --- /work/SRC/openSUSE:Factory/ca-certificates-mozilla/ca-certificates-mozilla.changes 2013-06-25 14:38:56.0 +0200 +++ /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new/ca-certificates-mozilla.changes 2013-07-03 10:15:10.0 +0200 @@ -1,0 +2,5 @@ +Thu Jun 27 16:03:05 UTC 2013 - lnus...@suse.de + +- use certdata2pem.py from Fedora to extract all certs + +--- Old: extractcerts.pl New: certdata2pem.py Other differences: -- ++ ca-certificates-mozilla.spec ++ --- /var/tmp/diff_new_pack.UaAAam/_old 2013-07-03 10:15:11.0 +0200 +++ /var/tmp/diff_new_pack.UaAAam/_new 2013-07-03 10:15:11.0 +0200 @@ -16,17 +16,12 @@ # -%if 0%{?suse_version} < 1310 -%bcond_with trustedcerts -%define certdir %{_datadir}/ca-certificates/mozilla -%else -%bcond_without trustedcerts -%define certdir %{trustdir_static}/anchors +%define certdir %{trustdir_static} BuildRequires: p11-kit-devel -%endif BuildRequires: ca-certificates BuildRequires: openssl +BuildRequires: python Name: ca-certificates-mozilla Version:1.85 @@ -48,7 +43,7 @@ # - Watch out that blacklisted or untrusted certificates are not # accidentally included! Source: certdata.txt -Source1:extractcerts.pl +Source1:certdata2pem.py Source2:%{name}.COPYING Source3:compareoldnew BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -69,35 +64,36 @@ %prep %setup -qcT /bin/cp %{SOURCE0} . -install -m 644 %{S:1} COPYING +install -m 644 %{SOURCE2} COPYING %build -perl %{SOURCE1} --trustbits < certdata.txt +python %{SOURCE1} %install -mkdir -p %{buildroot}/%{certdir} +mkdir -p %{buildroot}/%{trustdir_static}/anchors set +x -for i in *.pem; do +for i in *.crt; do args=() trust=`sed -n '/^# openssl-trust=/{s/^.*=//;p;q;}' "$i"` + distrust=`sed -n '/^# openssl-distrust=/{s/^.*=//;p;q;}' "$i"` alias=`sed -n '/^# alias=/{s/^.*=//;p;q;}' "$i"` -%if %{with trustedcerts} args+=('-trustout') for t in $trust; do args+=("-addtrust" "$t") done + for t in $distrust; do + args+=("-addreject" "$t") + done [ -z "$alias" ] || args+=('-setalias' "$alias") -%else - case "$trust" in - *serverAuth*) ;; - *) echo "skipping $i, not trusted for serverAuth"; continue ;; - esac -%endif - echo "$i" + + echo "$i ${args[*]}" { grep '^#' "$i" openssl x509 -in "$i" "${args[@]}" - } > "%{buildroot}/%{certdir}/$i" + } > "%{buildroot}/%{trustdir_static}$d/${i%%:*}.pem" +done +for i in *.p11-kit; do + install -m 644 "$i" "%{buildroot}/%{trustdir_static}" done set -x @@ -110,6 +106,6 @@ %files %defattr(-, root, root) %doc COPYING -%{certdir} +%{trustdir_static} %changelog ++ certdata2pem.py ++ #!/usr/bin/python # vim:set et sw=4: # # certdata2pem.py - splits certdata.txt into multiple files # # Copyright (C) 2009 Philipp Kern # Copyright (C) 2013 Kai Engert # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, # USA. import base64 import os.path import re import sys import textwrap import urllib objects = [] def printable_serial(obj): return ".".join(map(lambda x:str(ord(x)), obj['CKA_SERIAL_NUMBER'])) # Dirty file parser. in_data, in_multiline, in_obj = False, False, False field, type, value, obj = None, None, None, dict() for line in open('certdata.txt', 'r'): # Ignore the file header. if not in_data: if line.startswith('BEGINDATA'): in_data = True continue # Ignore comment lines. if line.startswith('#'): continu
commit ca-certificates-mozilla for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates-mozilla for openSUSE:Factory checked in at 2013-06-25 09:22:50 Comparing /work/SRC/openSUSE:Factory/ca-certificates-mozilla (Old) and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new (New) Package is "ca-certificates-mozilla" Changes: --- /work/SRC/openSUSE:Factory/ca-certificates-mozilla/ca-certificates-mozilla.changes 2013-01-04 11:36:10.0 +0100 +++ /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new/ca-certificates-mozilla.changes 2013-06-25 14:38:56.0 +0200 @@ -1,0 +2,11 @@ +Fri Jun 21 12:59:53 UTC 2013 - lnus...@suse.de + +- use correct 'anchors' subdirectory + +--- +Wed Jun 19 09:30:00 UTC 2013 - lnus...@suse.de + +- new location of CA certificate anchors is + /usr/share/ca-certificates/anchors + +--- Other differences: -- ++ ca-certificates-mozilla.spec ++ --- /var/tmp/diff_new_pack.jguPic/_old 2013-06-25 14:38:57.0 +0200 +++ /var/tmp/diff_new_pack.jguPic/_new 2013-06-25 14:38:57.0 +0200 @@ -16,12 +16,19 @@ # +%if 0%{?suse_version} < 1310 %bcond_with trustedcerts +%define certdir %{_datadir}/ca-certificates/mozilla +%else +%bcond_without trustedcerts +%define certdir %{trustdir_static}/anchors +BuildRequires: p11-kit-devel +%endif +BuildRequires: ca-certificates BuildRequires: openssl Name: ca-certificates-mozilla -%define sslusrdir %{_datadir}/ca-certificates Version:1.85 Release:0 Summary:CA certificates for OpenSSL @@ -68,7 +75,7 @@ perl %{SOURCE1} --trustbits < certdata.txt %install -mkdir -p %{buildroot}/%{sslusrdir}/mozilla +mkdir -p %{buildroot}/%{certdir} set +x for i in *.pem; do args=() @@ -90,7 +97,7 @@ { grep '^#' "$i" openssl x509 -in "$i" "${args[@]}" - } > "%{buildroot}/%{sslusrdir}/mozilla/$i" + } > "%{buildroot}/%{certdir}/$i" done set -x @@ -103,6 +110,6 @@ %files %defattr(-, root, root) %doc COPYING -%{sslusrdir}/mozilla +%{certdir} %changelog -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ca-certificates-mozilla for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates-mozilla for openSUSE:Factory checked in at 2013-01-04 11:35:08 Comparing /work/SRC/openSUSE:Factory/ca-certificates-mozilla (Old) and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new (New) Package is "ca-certificates-mozilla", Maintainer is "" Changes: --- /work/SRC/openSUSE:Factory/ca-certificates-mozilla/ca-certificates-mozilla.changes 2012-10-12 07:48:21.0 +0200 +++ /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new/ca-certificates-mozilla.changes 2013-01-04 11:36:10.0 +0100 @@ -1,0 +2,8 @@ +Thu Jan 3 19:16:01 UTC 2013 - idon...@suse.com + +- update certificates to revision 1.87 (bnc#796628) + * new "EE Certification Centre Root CA" + * new "T-TeleSec GlobalRoot Class 3" + * revoke mis-issued intermediate CAs from TURKTRUST + +--- Other differences: -- ++ ca-certificates-mozilla.spec ++ --- /var/tmp/diff_new_pack.jA1Zd0/_old 2013-01-04 11:36:12.0 +0100 +++ /var/tmp/diff_new_pack.jA1Zd0/_new 2013-01-04 11:36:12.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package ca-certificates-mozilla # -# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed ++ certdata.txt ++ --- /var/tmp/diff_new_pack.jA1Zd0/_old 2013-01-04 11:36:12.0 +0100 +++ /var/tmp/diff_new_pack.jA1Zd0/_new 2013-01-04 11:36:12.0 +0100 @@ -2,7 +2,7 @@ # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -CVS_ID "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.85 $ $Date: 2012/06/28 13:50:18 $" +CVS_ID "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.87 $ $Date: 2012/12/29 16:32:45 $" # # certdata.txt @@ -24422,3 +24422,364 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "T-TeleSec GlobalRoot Class 3" +# +# Issuer: CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE +# Serial Number: 1 (0x1) +# Subject: CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE +# Not Valid Before: Wed Oct 01 10:29:56 2008 +# Not Valid After : Sat Oct 01 23:59:59 2033 +# Fingerprint (MD5): CA:FB:40:A8:4E:39:92:8A:1D:FE:8E:2F:C4:27:EA:EF +# Fingerprint (SHA1): 55:A6:72:3E:CB:F2:EC:CD:C3:23:74:70:19:9D:2A:BE:11:E3:81:D1 +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "T-TeleSec GlobalRoot Class 3" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\201\202\061\013\060\011\006\003\125\004\006\023\002\104\105 +\061\053\060\051\006\003\125\004\012\014\042\124\055\123\171\163 +\164\145\155\163\040\105\156\164\145\162\160\162\151\163\145\040 +\123\145\162\166\151\143\145\163\040\107\155\142\110\061\037\060 +\035\006\003\125\004\013\014\026\124\055\123\171\163\164\145\155 +\163\040\124\162\165\163\164\040\103\145\156\164\145\162\061\045 +\060\043\006\003\125\004\003\014\034\124\055\124\145\154\145\123 +\145\143\040\107\154\157\142\141\154\122\157\157\164\040\103\154 +\141\163\163\040\063 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\201\202\061\013\060\011\006\003\125\004\006\023\002\104\105 +\061\053\060\051\006\003\125\004\012\014\042\124\055\123\171\163 +\164\145\155\163\040\105\156\164\145\162\160\162\151\163\145\040 +\123\145\162\166\151\143\145\163\040\107\155\142\110\061\037\060 +\035\006\003\125\004\013\014\026\124\055\123\171\163\164\145\155 +\163\040\124\162\165\163\164\040\103\145\156\164\145\162\061\045 +\060\043\006\003\125\004\003\014\034\124\055\124\145\154\145\123 +\145\143\040\107\154\157\142\141\154\122\157\157\164\040\103\154 +\141\163\163\040\063 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\001\001 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\003\303\060\202\002\253\240\003\002\001\002\002\001\001 +\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060 +\201\202\061\013\060\011\006\003\125\004\006\023\002\104\105\061 +\053\060\051\006\003\125\004\012\014\042\124\055\123\171\163\164 +\145\155\163\040\105\156\164\145\162\160\162\151\163\145\040\123 +\145\162\166\151\143\145\163\040\107\155\142\110\061\037\060\035 +
commit ca-certificates-mozilla for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates-mozilla for openSUSE:Factory checked in at 2012-10-12 07:41:46 Comparing /work/SRC/openSUSE:Factory/ca-certificates-mozilla (Old) and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new (New) Package is "ca-certificates-mozilla", Maintainer is "" Changes: --- /work/SRC/openSUSE:Factory/ca-certificates-mozilla/ca-certificates-mozilla.changes 2012-05-08 12:09:17.0 +0200 +++ /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new/ca-certificates-mozilla.changes 2012-10-12 07:48:21.0 +0200 @@ -1,0 +2,16 @@ +Wed Oct 10 14:50:00 UTC 2012 - meiss...@suse.com + +- updated certificates to revision 1.85 (bnc#783509) + * new "Actalis Authentication Root CA" + * new "Trustis FPS Root CA" + * new "StartCom Certification Authority" + * new "StartCom Certification Authority G2" + * new "Buypass Class 2 Root CA" + * new "Buypass Class 3 Root CA" + * updated: "Sonera Class2 CA": remove code-signing + * updated: "thawte Primary Root CA": added code-signing + * updated: "Trustis_FPS_Root_CA.pem": added code-signing + * updated: VeriSign Class 3 Public Primary Certification Authority - G5": +added code-signing, email-protection + +--- Other differences: -- ++ ca-certificates-mozilla.spec ++ --- /var/tmp/diff_new_pack.F9itlU/_old 2012-10-12 07:48:23.0 +0200 +++ /var/tmp/diff_new_pack.F9itlU/_new 2012-10-12 07:48:23.0 +0200 @@ -22,7 +22,7 @@ Name: ca-certificates-mozilla %define sslusrdir %{_datadir}/ca-certificates -Version:1.76 +Version:1.85 Release:0 Summary:CA certificates for OpenSSL License:MPL-2.0 ++ certdata.txt ++ 1558 lines (skipped) between /work/SRC/openSUSE:Factory/ca-certificates-mozilla/certdata.txt and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new/certdata.txt -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ca-certificates-mozilla for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates-mozilla for openSUSE:Factory checked in at 2012-05-08 12:09:14 Comparing /work/SRC/openSUSE:Factory/ca-certificates-mozilla (Old) and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new (New) Package is "ca-certificates-mozilla", Maintainer is "" Changes: --- /work/SRC/openSUSE:Factory/ca-certificates-mozilla/ca-certificates-mozilla.changes 2012-02-08 15:34:36.0 +0100 +++ /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new/ca-certificates-mozilla.changes 2012-05-08 12:09:17.0 +0200 @@ -1,0 +2,14 @@ +Thu May 3 12:13:20 UTC 2012 - lnus...@suse.de + +- update certificates to revision 1.83 (bnc#760503) + * new: EC_ACC.pem + * new: Hellenic_Academic_and_Research_Institutions_RootCA_2011.pem + * new: Security_Communication_RootCA2.pem + * removed: TC_TrustCenter_Germany_Class_2_CA.pem + * removed: TC_TrustCenter_Germany_Class_3_CA.pem + * removed: Verisign_Class_1_Public_Primary_Certification_Authority.1.pem + * removed: Verisign_Class_2_Public_Primary_Certification_Authority.pem + * removed: Verisign_Class_4_Public_Primary_Certification_Authority_G2.pem +- license change to MPL-2.0 + +--- Other differences: -- ++ ca-certificates-mozilla.spec ++ --- /var/tmp/diff_new_pack.nR7m5a/_old 2012-05-08 12:09:19.0 +0200 +++ /var/tmp/diff_new_pack.nR7m5a/_new 2012-05-08 12:09:19.0 +0200 @@ -15,6 +15,7 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # + %bcond_with trustedcerts BuildRequires: openssl @@ -24,7 +25,7 @@ Version:1.76 Release:0 Summary:CA certificates for OpenSSL -License:MPL-1.1 or GPL-2.0+ or LGPL-2.1+ +License:MPL-2.0 Group: Productivity/Networking/Security Url:http://www.mozilla.org # IMPORTANT: procedure to update certificates: ++ ca-certificates-mozilla.COPYING ++ --- /var/tmp/diff_new_pack.nR7m5a/_old 2012-05-08 12:09:19.0 +0200 +++ /var/tmp/diff_new_pack.nR7m5a/_new 2012-05-08 12:09:19.0 +0200 @@ -1,36 +1,348 @@ -# * BEGIN LICENSE BLOCK * -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# * END LICENSE BLOCK * +Mozilla Public License +Version 2.0 + +1. Definitions + +1.1. “Contributor” + +means each individual or legal entity that creates, contributes to the +creation of, or owns Covered Software. + +1.2. “Contributor Version” + +means the combination of the Contributions of others (if any) used by a +Contributor and that particular Contributor’s Contribution. + +1.3. “Contribution” + +means Covered Software of a particular Contributor. + +1.4. “Covered Software” + +means Source Code Form to which the initial Contributor has attached the +notice in Exhibit A, the Executable Form of such Source Code Form, and +Modifications of such Source Code Form, in each case including portions +thereof. + +1.5. “Incompatible With Secondary Licenses” + +means + + a. that the initial Contributor has attached the
commit ca-certificates-mozilla for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates-mozilla for openSUSE:Factory checked in at 2012-02-08 15:34:34 Comparing /work/SRC/openSUSE:Factory/ca-certificates-mozilla (Old) and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new (New) Package is "ca-certificates-mozilla", Maintainer is "" Changes: --- /work/SRC/openSUSE:Factory/ca-certificates-mozilla/ca-certificates-mozilla.changes 2012-01-17 16:04:25.0 +0100 +++ /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new/ca-certificates-mozilla.changes 2012-02-08 15:34:36.0 +0100 @@ -1,0 +2,6 @@ +Fri Jan 13 08:52:29 UTC 2012 - cfarr...@suse.com + +- license update: MPL-1.1 or GPL-2.0+ or LGPL-2.1+ + SPDX format and correct GPL and LGPL tags to include or later + +--- Other differences: -- ++ ca-certificates-mozilla.spec ++ --- /var/tmp/diff_new_pack.4hrBPS/_old 2012-02-08 15:34:37.0 +0100 +++ /var/tmp/diff_new_pack.4hrBPS/_new 2012-02-08 15:34:37.0 +0100 @@ -24,7 +24,7 @@ Version:1.76 Release:0 Summary:CA certificates for OpenSSL -License:BSD-3-Clause ; MPL-1.1 and GPL-2.0 and LGPL-2.1 +License:MPL-1.1 or GPL-2.0+ or LGPL-2.1+ Group: Productivity/Networking/Security Url:http://www.mozilla.org # IMPORTANT: procedure to update certificates: -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ca-certificates-mozilla for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates-mozilla for openSUSE:Factory checked in at 2012-01-17 11:32:08 Comparing /work/SRC/openSUSE:Factory/ca-certificates-mozilla (Old) and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new (New) Package is "ca-certificates-mozilla", Maintainer is "" Changes: --- /work/SRC/openSUSE:Factory/ca-certificates-mozilla/ca-certificates-mozilla.changes 2011-09-23 01:53:04.0 +0200 +++ /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new/ca-certificates-mozilla.changes 2012-01-17 16:04:25.0 +0100 @@ -1,0 +2,5 @@ +Thu Jan 12 11:30:31 UTC 2012 - co...@suse.com + +- change license to be in spdx.org format + +--- Other differences: -- ++ ca-certificates-mozilla.spec ++ --- /var/tmp/diff_new_pack.5PKS2P/_old 2012-01-17 16:04:26.0 +0100 +++ /var/tmp/diff_new_pack.5PKS2P/_new 2012-01-17 16:04:26.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package ca-certificates-mozilla # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -15,18 +15,17 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # - %bcond_with trustedcerts BuildRequires: openssl Name: ca-certificates-mozilla %define sslusrdir %{_datadir}/ca-certificates -License:BSD3c(or similar) ; MPL 1.1/GPL 2.0/LGPL 2.1 -Group: Productivity/Networking/Security Version:1.76 -Release:1 +Release:0 Summary:CA certificates for OpenSSL +License:BSD-3-Clause ; MPL-1.1 and GPL-2.0 and LGPL-2.1 +Group: Productivity/Networking/Security Url:http://www.mozilla.org # IMPORTANT: procedure to update certificates: # - Check the CVS log of the cert file: -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ca-certificates-mozilla for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates-mozilla for openSUSE:Factory checked in at Wed Sep 21 16:56:36 CEST 2011. --- ca-certificates-mozilla/ca-certificates-mozilla.changes 2011-08-31 11:03:51.0 +0200 +++ /mounts/work_src_done/STABLE/ca-certificates-mozilla/ca-certificates-mozilla.changes 2011-09-17 23:58:41.0 +0200 @@ -1,0 +2,5 @@ +Sat Sep 17 21:58:34 UTC 2011 - jeng...@medozas.de + +- Remove redundant tags/sections from specfile + +--- calling whatdependson for head-i586 Other differences: -- ++ ca-certificates-mozilla.spec ++ --- /var/tmp/diff_new_pack.k8eDkP/_old 2011-09-21 16:56:33.0 +0200 +++ /var/tmp/diff_new_pack.k8eDkP/_new 2011-09-21 16:56:33.0 +0200 @@ -15,7 +15,6 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # -# norootforbuild %bcond_with trustedcerts @@ -25,7 +24,6 @@ %define sslusrdir %{_datadir}/ca-certificates License:BSD3c(or similar) ; MPL 1.1/GPL 2.0/LGPL 2.1 Group: Productivity/Networking/Security -AutoReqProv:on Version:1.76 Release:1 Summary:CA certificates for OpenSSL @@ -33,6 +31,8 @@ # IMPORTANT: procedure to update certificates: # - Check the CVS log of the cert file: # http://bonsai.mozilla.org/cvslog.cgi?file=mozilla/security/nss/lib/ckfw/builtins/certdata.txt&rev=HEAD +# Alternatively hg: +# http://hg.mozilla.org/releases/mozilla-release/file/tip/security/nss/lib/ckfw/builtins/certdata.txt # - download the new certdata.txt # wget -O certdata.txt "http://mxr.mozilla.org/mozilla/source//security/nss/lib/ckfw/builtins/certdata.txt?raw=1"; # - run compareoldnew to show fingerprints of new and changed certificates @@ -94,9 +94,6 @@ done set -x -%clean -rm -rf %{buildroot} - %post update-ca-certificates || true Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ca-certificates-mozilla for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates-mozilla for openSUSE:Factory checked in at Wed Aug 31 13:23:31 CEST 2011. --- ca-certificates-mozilla/ca-certificates-mozilla.changes 2011-01-31 14:45:34.0 +0100 +++ /mounts/work_src_done/STABLE/ca-certificates-mozilla/ca-certificates-mozilla.changes 2011-08-31 11:03:51.0 +0200 @@ -1,0 +2,18 @@ +Wed Aug 31 09:02:10 UTC 2011 - lnus...@suse.de + +- update certificates to revision 1.76 + * new: Go_Daddy_Root_Certificate_Authority_G2.pem + * new: Starfield_Root_Certificate_Authority_G2.pem + * new: Starfield_Services_Root_Certificate_Authority_G2.pem + * new: AffirmTrust_Commercial.pem + * new: AffirmTrust_Networking.pem + * new: AffirmTrust_Premium.pem + * new: AffirmTrust_Premium_ECC.pem + * new: Certum_Trusted_Network_CA.pem + * new: Certinomis_Autorit_Racine.pem + * new: Root_CA_Generalitat_Valenciana.pem + * new: A_Trust_nQual_03.pem + * new: TWCA_Root_Certification_Authority.pem + * removed: DigiNotar_Root_CA.pem (bnc#714931) + +--- calling whatdependson for head-i586 Old: certdata.diff Other differences: -- ++ ca-certificates-mozilla.spec ++ --- /var/tmp/diff_new_pack.hhL6CZ/_old 2011-08-31 13:23:23.0 +0200 +++ /var/tmp/diff_new_pack.hhL6CZ/_new 2011-08-31 13:23:23.0 +0200 @@ -26,7 +26,7 @@ License:BSD3c(or similar) ; MPL 1.1/GPL 2.0/LGPL 2.1 Group: Productivity/Networking/Security AutoReqProv:on -Version:1.70 +Version:1.76 Release:1 Summary:CA certificates for OpenSSL Url:http://www.mozilla.org @@ -44,7 +44,6 @@ Source1:extractcerts.pl Source2:%{name}.COPYING Source3:compareoldnew -Patch0: certdata.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildArch: noarch # for update-ca-certificates @@ -63,7 +62,6 @@ %prep %setup -qcT /bin/cp %{SOURCE0} . -%patch0 -p1 install -m 644 %{S:1} COPYING %build ++ certdata.txt ++ 15697 lines (skipped) between ca-certificates-mozilla/certdata.txt and /mounts/work_src_done/STABLE/ca-certificates-mozilla/certdata.txt ++ extractcerts.pl ++ --- /var/tmp/diff_new_pack.hhL6CZ/_old 2011-08-31 13:23:24.0 +0200 +++ /var/tmp/diff_new_pack.hhL6CZ/_new 2011-08-31 13:23:24.0 +0200 @@ -84,14 +84,21 @@ { my $object = shift; return unless $object; + ### convert old tags to be able to compare pre 1.74 files + $object->{'CKA_CLASS'} =~ s/^CKO_NETSCAPE/CKO_NSS/; + for my $type (keys %trust_types) { +next unless (exists $object->{$type}); +$object->{$type} =~ s/^CKT_NETSCAPE/CKT_NSS/; + } + if($object->{'CKA_CLASS'} eq 'CKO_CERTIFICATE' && $object->{'CKA_CERTIFICATE_TYPE'} eq 'CKC_X_509') { push @certificates, $object; - } elsif ($object->{'CKA_CLASS'} eq 'CKO_NETSCAPE_TRUST') { + } elsif ($object->{'CKA_CLASS'} eq 'CKO_NSS_TRUST') { my $label = $object->{'CKA_LABEL'}; my $serial = colonhex($object->{'CKA_SERIAL_NUMBER'}); die "$label exists ($serial)" if exists($trusts{$label.$serial}); $trusts{$label.$serial} = $object; - } elsif ($object->{'CKA_CLASS'} eq 'CKO_NETSCAPE_BUILTIN_ROOT_LIST') { + } elsif ($object->{'CKA_CLASS'} eq 'CKO_NSS_BUILTIN_ROOT_LIST') { # ignore } else { print STDERR "class ", $object->{'CKA_CLASS'} ," not handled\n"; @@ -159,7 +166,7 @@ if ($output_trustbits) { for my $type (keys %trust_types) { if (exists $trust->{$type} - && $trust->{$type} eq 'CKT_NETSCAPE_TRUSTED_DELEGATOR') { + && $trust->{$type} eq 'CKT_NSS_TRUSTED_DELEGATOR') { push @addtrust, $trust_types{$type}; if (exists $openssl_trust{$type}) { push @addtrust_openssl, $openssl_trust{$type}; @@ -168,14 +175,14 @@ } } } else { - if($trust->{'CKA_TRUST_SERVER_AUTH'} eq 'CKT_NETSCAPE_TRUSTED_DELEGATOR') { + if($trust->{'CKA_TRUST_SERVER_AUTH'} eq 'CKT_NSS_TRUSTED_DELEGATOR') { $trusted = 1; } } if (!$trusted) { my $t = $trust->{'CKA_TRUST_SERVER_AUTH'}; - $t =~ s/CKT_NETSCAPE_//; + $t =~ s/CKT_NSS_//; print STDERR "$t: $alias\n"; next; } Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org