Accepting request 1000222 from Base:System

- Create /var/lib/ca-certificates during build to ensure rpm gives the %ghost'ed directory proper mode attributes. (forwarded request 1000216 from dimstar) OBS-URL: https://build.opensuse.org/request/show/1000222 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/ca-certificates-mozilla?expand=0&rev=54
2022-08-31 16:08:41 +00:00 · 2022-08-31 16:08:41 +00:00 · 40201cca5e
commit 40201cca5e
parent 8fb21c3598 892eb1b6a1
6 changed files with 3164 additions and 1709 deletions
--- a/ca-certificates-mozilla-prebuilt.changes
+++ b/ca-certificates-mozilla-prebuilt.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Tue Aug 30 10:23:35 UTC 2022 - Dominique Leuenberger <dimstar@opensuse.org>
+
+- Create /var/lib/ca-certificates during build to ensure rpm gives
+  the %ghost'ed directory proper mode attributes.
+
 -------------------------------------------------------------------
 Mon Oct  4 14:38:44 UTC 2021 - Ludwig Nussel <lnussel@suse.de>

--- a/ca-certificates-mozilla-prebuilt.spec
+++ b/ca-certificates-mozilla-prebuilt.spec
@ -1,7 +1,7 @@
 #
 # spec file for package ca-certificates-mozilla-prebuilt
 #
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -53,6 +53,7 @@ cp /usr/share/licenses/ca-certificates-mozilla/COPYING .

 %install
 mkdir -p %{buildroot}/etc/ssl
+mkdir -p %{buildroot}/var/lib/ca-certificates
 ln -s /var/lib/ca-certificates/pem %{buildroot}/etc/ssl/certs
 ln -s /var/lib/ca-certificates/ca-bundle.pem %{buildroot}/etc/ssl/ca-bundle.pem
 mkdir -p %{buildroot}/usr/share/factory/var/lib
--- a/ca-certificates-mozilla.changes
+++ b/ca-certificates-mozilla.changes
@ -1,3 +1,49 @@
+-------------------------------------------------------------------
+Mon Aug 29 11:46:01 UTC 2022 - Marcus Meissner <meissner@suse.com>
+
+- Updated to 2.56 state of Mozilla SSL root CAs (bsc#1202868)
+  Added:
+  - Certainly Root E1
+  - Certainly Root R1
+  - DigiCert SMIME ECC P384 Root G5
+  - DigiCert SMIME RSA4096 Root G5
+  - DigiCert TLS ECC P384 Root G5
+  - DigiCert TLS RSA4096 Root G5
+  - E-Tugra Global Root CA ECC v3
+  - E-Tugra Global Root CA RSA v3
+  Removed:
+  - Hellenic Academic and Research Institutions RootCA 2011
+
+-------------------------------------------------------------------
+Mon May  2 11:35:33 UTC 2022 - Marcus Meissner <meissner@suse.com>
+
+- Updated to 2.54 state of Mozilla SSL root CAs (bsc#1199079)
+  Added:
+  - Autoridad de Certificacion Firmaprofesional CIF A62634068
+  - D-TRUST BR Root CA 1 2020
+  - D-TRUST EV Root CA 1 2020
+  - GlobalSign ECC Root CA R4
+  - GTS Root R1
+  - GTS Root R2
+  - GTS Root R3
+  - GTS Root R4
+  - HiPKI Root CA - G1
+  - ISRG Root X2
+  - Telia Root CA v2
+  - vTrus ECC Root CA
+  - vTrus Root CA
+
+  Removed:
+  - Cybertrust Global Root
+  - DST Root CA X3
+  - DigiNotar PKIoverheid CA Organisatie - G2
+  - GlobalSign ECC Root CA R4
+  - GlobalSign Root CA R2
+  - GTS Root R1
+  - GTS Root R2
+  - GTS Root R3
+  - GTS Root R4
+  
 -------------------------------------------------------------------
 Sat Oct  2 07:33:52 UTC 2021 - Marcus Meissner <meissner@suse.com>

--- a/ca-certificates-mozilla.spec
+++ b/ca-certificates-mozilla.spec
@ -1,7 +1,7 @@
 #
 # spec file for package ca-certificates-mozilla
 #
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -37,7 +37,7 @@
 Name:           ca-certificates-mozilla
 # Version number is NSS_BUILTINS_LIBRARY_VERSION in this file:
 # http://hg.mozilla.org/projects/nss/file/default/lib/ckfw/builtins/nssckbi.h
-Version:        2.52
+Version:        2.56
 Release:        0
 Summary:        CA certificates for OpenSSL
 License:        MPL-2.0
@ -53,8 +53,8 @@ URL:            https://www.mozilla.org
 #   to output of compareoldnew
 # - Watch out that blacklisted or untrusted certificates are not
 #   accidentally included!
-Source:         http://hg.mozilla.org/projects/nss/raw-file/default/lib/ckfw/builtins/certdata.txt
-Source1:        http://hg.mozilla.org/projects/nss/raw-file/default/lib/ckfw/builtins/nssckbi.h
+Source:         https://hg.mozilla.org/projects/nss/raw-file/default/lib/ckfw/builtins/certdata.txt
+Source1:        https://hg.mozilla.org/projects/nss/raw-file/default/lib/ckfw/builtins/nssckbi.h
 #Source10:       https://src.fedoraproject.org/rpms/ca-certificates/raw/master/f/certdata2pem.py
 Source10:       certdata2pem.py
 Source11:       %{name}.COPYING
@ -95,8 +95,6 @@ fi
 export LANG=en_US.UTF-8
 cd certs
 python3 %{SOURCE10}
-# temporary remove expired CA
-rm DST_Root_CA_X3:2.16.68.175.176.128.214.163.39.186.137.48.57.134.46.248.64.107.tmp-p11-kit
 cd ..
 (
  cat <<-EOF
--- a/certdata.txt
+++ b/certdata.txt
--- a/nssckbi.h
+++ b/nssckbi.h
@ -46,8 +46,8 @@
 * It's recommend to switch back to 0 after having reached version 98/99.
 */
 #define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 2
-#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 52
-#define NSS_BUILTINS_LIBRARY_VERSION "2.52"
+#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 56
+#define NSS_BUILTINS_LIBRARY_VERSION "2.56"

 /* These version numbers detail the semantic changes to the ckfw engine. */
 #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1