Accepting request 211084 from Base:System

Automatic submission by obs-autosubmit OBS-URL: https://build.opensuse.org/request/show/211084 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/ca-certificates-mozilla?expand=0&rev=26
2013-12-17 09:00:36 +00:00 · 2013-12-17 09:00:36 +00:00 · e859c2a51b
commit e859c2a51b
parent 901fd4e824 993d8b9f94
4 changed files with 53 additions and 4 deletions
--- a/ca-certificates-mozilla.changes
+++ b/ca-certificates-mozilla.changes
@ -1,3 +1,15 @@
+-------------------------------------------------------------------
+Mon Dec  9 16:01:29 UTC 2013 - meissner@suse.com
+
+- Updated to 1.95
+  Distrust a sub-ca that issued google.com certificates.
+  "Distrusted AC DG Tresor SSL" (bnc#854367)
+
+-------------------------------------------------------------------
+Mon Dec  9 09:56:32 UTC 2013 - lnussel@suse.de
+
+- fix handling of certificates with same name (bnc#854163)
+
 -------------------------------------------------------------------
 Tue Oct 29 13:52:16 UTC 2013 - meissner@suse.com

--- a/ca-certificates-mozilla.spec
+++ b/ca-certificates-mozilla.spec
@ -26,7 +26,7 @@ BuildRequires:  python
 Name:           ca-certificates-mozilla
 # Version number is NSS_BUILTINS_LIBRARY_VERSION in this file:
 # https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/nssckbi.h
-Version:        1.94
+Version:        1.95
 Release:        0
 Summary:        CA certificates for OpenSSL
 License:        MPL-2.0
@ -94,10 +94,19 @@ for i in *.crt; do
 	[ -z "$alias" ] || args+=('-setalias' "$alias")

 	echo "$i ${args[*]}"
+	fname="%{buildroot}/%{trustdir_static}$d/${i%%:*}.pem"
+	if [ -e "$fname" ]; then
+		fname="${fname%.pem}"
+		j=1
+		while [ -e "$fname.$j.pem" ]; do
+			j=$((j+1))
+		done
+		fname="$fname.$j.pem"
+	fi
 	{
 		grep '^#' "$i"
 		openssl x509 -in "$i" "${args[@]}"
-	} > "%{buildroot}/%{trustdir_static}$d/${i%%:*}.pem"
+	} > "$fname"
 done
 for i in *.p11-kit ; do
 	install -m 644 "$i" "%{buildroot}/%{trustdir_static}"
--- a/certdata.txt
+++ b/certdata.txt
@ -12376,6 +12376,34 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE

+# Distrust "Distrusted AC DG Tresor SSL"
+# Issuer: CN=AC DGTPE Signature Authentification,O=DGTPE,C=FR
+# Serial Number: 204199 (0x31da7)
+# Subject: CN=AC DG Tr..sor SSL,O=DG Tr..sor,C=FR
+# Not Valid Before: Thu Jul 18 10:05:28 2013
+# Not Valid After : Fri Jul 18 10:05:28 2014
+# Fingerprint (MD5): 3A:EA:9E:FC:00:0C:E2:06:6C:E0:AC:39:C1:31:DE:C8
+# Fingerprint (SHA1): 5C:E3:39:46:5F:41:A1:E4:23:14:9F:65:54:40:95:40:4D:E6:EB:E2
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Distrusted AC DG Tresor SSL"
+CKA_ISSUER MULTILINE_OCTAL
+\060\113\061\013\060\011\006\003\125\004\006\023\002\106\122\061
+\016\060\014\006\003\125\004\012\023\005\104\107\124\120\105\061
+\054\060\052\006\003\125\004\003\023\043\101\103\040\104\107\124
+\120\105\040\123\151\147\156\141\164\165\162\145\040\101\165\164
+\150\145\156\164\151\146\151\143\141\164\151\157\156
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\003\003\035\247
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
 #
 # Certificate "Security Communication EV RootCA1"
 #
--- a/nssckbi.h
+++ b/nssckbi.h
@ -45,8 +45,8 @@
 * of the comment in the CK_VERSION type definition.
 */
 #define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 1
-#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 94
-#define NSS_BUILTINS_LIBRARY_VERSION "1.94"
+#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 95
+#define NSS_BUILTINS_LIBRARY_VERSION "1.95"

 /* These version numbers detail the semantic changes to the ckfw engine. */
 #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1