- Updated to 1.95

Distrust a sub-ca that issued google.com certificates. "Distrusted AC DG Tresor SSL" (bnc#854367) OBS-URL: https://build.opensuse.org/package/show/Base:System/ca-certificates-mozilla?expand=0&rev=51
2013-12-09 16:03:09 +00:00 · 2013-12-09 16:03:09 +00:00 · 993d8b9f94
commit 993d8b9f94
parent ba1b821fcd
4 changed files with 38 additions and 3 deletions
--- a/ca-certificates-mozilla.changes
+++ b/ca-certificates-mozilla.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Mon Dec  9 16:01:29 UTC 2013 - meissner@suse.com
+
+- Updated to 1.95
+  Distrust a sub-ca that issued google.com certificates.
+  "Distrusted AC DG Tresor SSL" (bnc#854367)
+
 -------------------------------------------------------------------
 Mon Dec  9 09:56:32 UTC 2013 - lnussel@suse.de

--- a/ca-certificates-mozilla.spec
+++ b/ca-certificates-mozilla.spec
@ -26,7 +26,7 @@ BuildRequires:  python
 Name:           ca-certificates-mozilla
 # Version number is NSS_BUILTINS_LIBRARY_VERSION in this file:
 # https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/nssckbi.h
-Version:        1.94
+Version:        1.95
 Release:        0
 Summary:        CA certificates for OpenSSL
 License:        MPL-2.0
--- a/certdata.txt
+++ b/certdata.txt
@ -12376,6 +12376,34 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE

+# Distrust "Distrusted AC DG Tresor SSL"
+# Issuer: CN=AC DGTPE Signature Authentification,O=DGTPE,C=FR
+# Serial Number: 204199 (0x31da7)
+# Subject: CN=AC DG Tr..sor SSL,O=DG Tr..sor,C=FR
+# Not Valid Before: Thu Jul 18 10:05:28 2013
+# Not Valid After : Fri Jul 18 10:05:28 2014
+# Fingerprint (MD5): 3A:EA:9E:FC:00:0C:E2:06:6C:E0:AC:39:C1:31:DE:C8
+# Fingerprint (SHA1): 5C:E3:39:46:5F:41:A1:E4:23:14:9F:65:54:40:95:40:4D:E6:EB:E2
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Distrusted AC DG Tresor SSL"
+CKA_ISSUER MULTILINE_OCTAL
+\060\113\061\013\060\011\006\003\125\004\006\023\002\106\122\061
+\016\060\014\006\003\125\004\012\023\005\104\107\124\120\105\061
+\054\060\052\006\003\125\004\003\023\043\101\103\040\104\107\124
+\120\105\040\123\151\147\156\141\164\165\162\145\040\101\165\164
+\150\145\156\164\151\146\151\143\141\164\151\157\156
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\003\003\035\247
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
 #
 # Certificate "Security Communication EV RootCA1"
 #
--- a/nssckbi.h
+++ b/nssckbi.h
@ -45,8 +45,8 @@
 * of the comment in the CK_VERSION type definition.
 */
 #define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 1
-#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 94
-#define NSS_BUILTINS_LIBRARY_VERSION "1.94"
+#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 95
+#define NSS_BUILTINS_LIBRARY_VERSION "1.95"

 /* These version numbers detail the semantic changes to the ckfw engine. */
 #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1