Accepting request 569458 from Base:System

- Updated to 2.22 state of the Mozilla NSS Certificate store.
- Removed CAs:
  * ACEDICOM Root
  * AddTrust Public CA Root
  * AddTrust Qualified CA Root
  * ApplicationCA - Japanese Government
  * CA Disig Root R1
  * CA WoSign ECC Root
  * Certification Authority of WoSign G2
  * Certinomis - Autorité Racine
  * China Internet Network Information Center EV Certificates Root
  * CNNIC ROOT
  * Comodo Secure Certificate Services
  * Comodo Trusted Certificate Services
  * ComSign Secured CA
  * DST ACES CA X6
  * GeoTrust Global CA 2
  * StartCom Certification Authority
  * StartCom Certification Authority
  * StartCom Certification Authority G2
  * Swisscom Root CA 1
  * TÜBİTAK UEKAE Kök Sertifika Hizmet Sağlayıcısı - Sürüm 3
  * TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı
  * TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6
  * UTN USERFirst Hardware Root CA
  * UTN USERFirst Object Root CA
  * VeriSign Class 3 Secure Server CA - G2
  * WellsSecure Public Root Certificate Authority
  * Certification Authority of WoSign
  * WoSign China

OBS-URL: https://build.opensuse.org/request/show/569458
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/ca-certificates-mozilla?expand=0&rev=38

ca-certificates-mozilla.changes

@@ -1,3 +1,50 @@
+-------------------------------------------------------------------
+Thu Jan 25 09:43:25 UTC 2018 - meissner@suse.com
+
+- Updated to 2.22 state of the Mozilla NSS Certificate store.
+- Removed CAs:
+
+  * ACEDICOM Root
+  * AddTrust Public CA Root
+  * AddTrust Qualified CA Root
+  * ApplicationCA - Japanese Government
+  * CA Disig Root R1
+  * CA WoSign ECC Root
+  * Certification Authority of WoSign G2
+  * Certinomis - Autorité Racine
+  * China Internet Network Information Center EV Certificates Root
+  * CNNIC ROOT
+  * Comodo Secure Certificate Services
+  * Comodo Trusted Certificate Services
+  * ComSign Secured CA
+  * DST ACES CA X6
+  * GeoTrust Global CA 2
+  * StartCom Certification Authority
+  * StartCom Certification Authority
+  * StartCom Certification Authority G2
+  * Swisscom Root CA 1
+  * TÜBİTAK UEKAE Kök Sertifika Hizmet Sağlayıcısı - Sürüm 3
+  * TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı
+  * TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6
+  * UTN USERFirst Hardware Root CA
+  * UTN USERFirst Object Root CA
+  * VeriSign Class 3 Secure Server CA - G2
+  * WellsSecure Public Root Certificate Authority
+  * Certification Authority of WoSign
+  * WoSign China
+
+- Added CAs:
+
+  * D-TRUST Root CA 3 2013
+  * GDCA TrustAUTH R5 ROOT
+  * SSL.com EV Root Certification Authority ECC
+  * SSL.com EV Root Certification Authority RSA R2
+  * SSL.com Root Certification Authority ECC
+  * SSL.com Root Certification Authority RSA
+  * TrustCor RootCert CA-1
+  * TrustCor RootCert CA-2
+  * TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1
+
 -------------------------------------------------------------------
 Wed Oct 25 12:40:36 UTC 2017 - jmatejek@suse.com
 

ca-certificates-mozilla.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package ca-certificates-mozilla
 #
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -26,7 +26,7 @@ BuildRequires:  python3-base
 Name:           ca-certificates-mozilla
 # Version number is NSS_BUILTINS_LIBRARY_VERSION in this file:
 # http://hg.mozilla.org/projects/nss/file/default/lib/ckfw/builtins/nssckbi.h
-Version:        2.11
+Version:        2.22
 Release:        0
 Summary:        CA certificates for OpenSSL
 License:        MPL-2.0

nssckbi.h

@@ -22,31 +22,32 @@
  * to the list of trusted certificates.
  *
  * The NSS_BUILTINS_LIBRARY_VERSION_MINOR macro needs to be bumped
- * for each NSS minor release AND whenever we change the list of
+ * whenever we change the list of trusted certificates.
- * trusted certificates.  10 minor versions are allocated for each
+ *
- * NSS 3.x branch as follows, allowing us to change the list of
+ * Please use the following rules when increasing the version number:
- * trusted certificates up to 9 times on each branch.
+ *
- *   - NSS 3.5 branch:  3-9
+ * - starting with version 2.14, NSS_BUILTINS_LIBRARY_VERSION_MINOR
- *   - NSS 3.6 branch:  10-19
+ *   must always be an EVEN number (e.g. 16, 18, 20 etc.)
- *   - NSS 3.7 branch:  20-29
+ *
- *   - NSS 3.8 branch:  30-39
+ * - whenever possible, if older branches require a modification to the
- *   - NSS 3.9 branch:  40-49
+ *   list, these changes should be made on the main line of development (trunk),
- *   - NSS 3.10 branch: 50-59
+ *   and the older branches should update to the most recent list.
- *   - NSS 3.11 branch: 60-69
+ * 
- *     ...
+ * - ODD minor version numbers are reserved to indicate a snapshot that has
- *   - NSS 3.12 branch: 70-89
+ *   deviated from the main line of development, e.g. if it was necessary
- *   - NSS 3.13 branch: 90-99
+ *   to modify the list on a stable branch.
- *   - NSS 3.14 branch: 100-109
+ *   Once the version has been changed to an odd number (e.g. 2.13) on a branch,
- *     ...
+ *   it should remain unchanged on that branch, even if further changes are
- *   - NSS 3.29 branch: 250-255
+ *   made on that branch.
  *
  * NSS_BUILTINS_LIBRARY_VERSION_MINOR is a CK_BYTE.  It's not clear
  * whether we may use its full range (0-255) or only 0-99 because
  * of the comment in the CK_VERSION type definition.
+ * It's recommend to switch back to 0 after having reached version 98/99.
  */
 #define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 2
-#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 11
+#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 22
-#define NSS_BUILTINS_LIBRARY_VERSION "2.11"
+#define NSS_BUILTINS_LIBRARY_VERSION "2.22"
 
 /* These version numbers detail the semantic changes to the ckfw engine. */
 #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1