- updated certificates to revision 1.97 (bnc#881241)

new: "Atos TrustedRoot 2011" (codeSigning emailProtection serverAuth) new: "Tugra Certification Authority" (codeSigning serverAuth) removed: "Firmaprofesional Root CA" removed: "TDC OCES Root CA" new: "TeliaSonera Root CA v1" (emailProtection serverAuth) new: "T-TeleSec GlobalRoot Class 2" (emailProtection serverAuth) OBS-URL: https://build.opensuse.org/package/show/Base:System/ca-certificates-mozilla?expand=0&rev=55
2014-06-04 08:39:37 +00:00 · 2014-06-04 08:39:37 +00:00 · 480a7cdb7f
commit 480a7cdb7f
parent 817799ae13
5 changed files with 781 additions and 316 deletions
--- a/ca-certificates-mozilla.changes
+++ b/ca-certificates-mozilla.changes
@ -1,3 +1,14 @@
+-------------------------------------------------------------------
+Wed Jun  4 08:21:33 UTC 2014 - lnussel@suse.de
+
+- updated certificates to revision 1.97 (bnc#881241)
+  new: "Atos TrustedRoot 2011" (codeSigning emailProtection serverAuth)
+  new: "Tugra Certification Authority" (codeSigning serverAuth)
+  removed: "Firmaprofesional Root CA"
+  removed: "TDC OCES Root CA"
+  new: "TeliaSonera Root CA v1" (emailProtection serverAuth)
+  new: "T-TeleSec GlobalRoot Class 2" (emailProtection serverAuth)
+
 -------------------------------------------------------------------
 Fri Feb 21 16:18:35 UTC 2014 - meissner@suse.com

--- a/ca-certificates-mozilla.spec
+++ b/ca-certificates-mozilla.spec
@ -26,7 +26,7 @@ BuildRequires:  python
 Name:           ca-certificates-mozilla
 # Version number is NSS_BUILTINS_LIBRARY_VERSION in this file:
 # https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/nssckbi.h
-Version:        1.96
+Version:        1.97
 Release:        0
 Summary:        CA certificates for OpenSSL
 License:        MPL-2.0
@ -38,8 +38,10 @@ Url:            http://www.mozilla.org
 # - download the new certdata.txt
 #   wget -O certdata.txt "https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt"
 # - run compareoldnew to show fingerprints of new and changed certificates
-# - check the bugs referenced in cvs log and compare the checksum
+# - check the bugs referenced in hg log and compare the checksum
 #   to output of compareoldnew
+#   The correct history of the file is actually in the nss repo:
+#   http://hg.mozilla.org/projects/nss/log/8f026c806587/lib/ckfw/builtins/certdata.txt
 # - Watch out that blacklisted or untrusted certificates are not
 #   accidentally included!
 Source:         https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt
--- a/certdata.txt
+++ b/certdata.txt
--- a/9
+++ b/9
@ -8,7 +8,8 @@ cleanup()
 showcert()
 {
 	openssl x509 -in "$1" -noout -subject -fingerprint -nameopt multiline,utf8,-esc_msb \
-	| sed -ne 's/ *commonName *= /   CN: /p; s/.*Fingerprint=/ sha1: /p'
+	| sed -ne 's/ *commonName *= /  CN=/p; s/.*Fingerprint=/  sha1=/p'
+	sed -ne '/^# \(openssl\|distrust\|alias\)/s/^#/ /p' < "$1"
 }
 cleanup
 trap cleanup EXIT
@ -32,13 +33,13 @@ while read line; do
 	new="$2"
 	common="$3"
 	if [ -n "$old" ]; then
-		echo "> removed: $old"
+		echo "- $old"
 		showcert old/$old
 	elif [ -n "$new" ]; then
-		echo "> new: $new"
+		echo "+ $new"
 		showcert new/$new
 	elif ! cmp "old/$common" "new/$common"; then
-		echo "> changed: $common"
+		echo "~ $common"
 		showcert old/$common
 		showcert new/$common
 		diff -u old/$common new/$common || true
--- a/nssckbi.h
+++ b/nssckbi.h
@ -45,8 +45,8 @@
 * of the comment in the CK_VERSION type definition.
 */
 #define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 1
-#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 96
-#define NSS_BUILTINS_LIBRARY_VERSION "1.96"
+#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 97
+#define NSS_BUILTINS_LIBRARY_VERSION "1.97"

 /* These version numbers detail the semantic changes to the ckfw engine. */
 #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1