Accepting request 452187 from Base:System

- updated to 2.11 state of the Mozilla NSS Certificate store. - removed CAs: - Buypass_Class_2_CA_1:2.1.1.crt serverAuth - EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı:2.8.76.175.115.66.28.142.116.2.crt codeSigning emailProtection serverAuth - Equifax_Secure_CA:2.4.53.222.244.207.crt emailProtection - Equifax_Secure_eBusiness_CA_1:2.1.4.crt emailProtection - Equifax_Secure_Global_eBusiness_CA:2.1.1.crt emailProtection - IGC_A:2.5.57.17.69.16.148.crt codeSigning emailProtection serverAuth - Juur-SK:2.4.59.142.75.252.crt codeSigning serverAuth - Root_CA_Generalitat_Valenciana:2.4.59.69.229.104.crt codeSigning emailProtection serverAuth - RSA_Security_2048_v3:2.16.10.1.1.1.0.0.2.124.0.0.0.10.0.0.0.2.crt codeSigning emailProtection serverAuth - Sonera_Class_1_Root_CA:2.1.36.crt emailProtection - S-TRUST_Authentication_and_Encryption_Root_CA_2005_PN:2.16.55.25.24.230.83.84.124.26.181.184.203.89.90.219.53.183.crt emailProtection - Verisign_Class_1_Public_Primary_Certification_Authority:2.16.63.105.30.129.156.240.154.74.243.115.255.185.72.162.228.221.crt emailProtection - Verisign_Class_2_Public_Primary_Certification_Authority_-_G2:2.17.0.185.47.96.204.136.159.161.122.70.9.184.91.112.108.138.175.crt emailProtection - Verisign_Class_3_Public_Primary_Certification_Authority:2.16.112.186.228.29.16.217.41.52.182.56.202.123.3.204.186.191.crt emailProtection OBS-URL: https://build.opensuse.org/request/show/452187 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/ca-certificates-mozilla?expand=0&rev=36
2017-02-01 08:48:14 +00:00 · 2017-02-01 08:48:14 +00:00 · 6a431e5dee
commit 6a431e5dee
parent 01f362cbf4 7a4b756f81
5 changed files with 2640 additions and 3499 deletions
--- a/ca-certificates-mozilla.changes
+++ b/ca-certificates-mozilla.changes
@ -1,3 +1,78 @@
+-------------------------------------------------------------------
+Tue Jan 24 12:46:29 UTC 2017 - meissner@suse.com
+
+- updated to 2.11 state of the Mozilla NSS Certificate store.
+- removed CAs:
+  - Buypass_Class_2_CA_1:2.1.1.crt
+    serverAuth
+  - EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı:2.8.76.175.115.66.28.142.116.2.crt
+    codeSigning emailProtection serverAuth
+  - Equifax_Secure_CA:2.4.53.222.244.207.crt
+    emailProtection
+  - Equifax_Secure_eBusiness_CA_1:2.1.4.crt
+    emailProtection
+  - Equifax_Secure_Global_eBusiness_CA:2.1.1.crt
+    emailProtection
+  - IGC_A:2.5.57.17.69.16.148.crt
+    codeSigning emailProtection serverAuth
+  - Juur-SK:2.4.59.142.75.252.crt
+    codeSigning serverAuth
+  - Root_CA_Generalitat_Valenciana:2.4.59.69.229.104.crt
+    codeSigning emailProtection serverAuth
+  - RSA_Security_2048_v3:2.16.10.1.1.1.0.0.2.124.0.0.0.10.0.0.0.2.crt
+    codeSigning emailProtection serverAuth
+  - Sonera_Class_1_Root_CA:2.1.36.crt
+    emailProtection
+  - S-TRUST_Authentication_and_Encryption_Root_CA_2005_PN:2.16.55.25.24.230.83.84.124.26.181.184.203.89.90.219.53.183.crt
+    emailProtection
+  - Verisign_Class_1_Public_Primary_Certification_Authority:2.16.63.105.30.129.156.240.154.74.243.115.255.185.72.162.228.221.crt
+    emailProtection
+  - Verisign_Class_2_Public_Primary_Certification_Authority_-_G2:2.17.0.185.47.96.204.136.159.161.122.70.9.184.91.112.108.138.175.crt
+    emailProtection
+  - Verisign_Class_3_Public_Primary_Certification_Authority:2.16.112.186.228.29.16.217.41.52.182.56.202.123.3.204.186.191.crt
+    emailProtection
+- added CAs:
+  + AC_RAIZ_FNMT-RCM:2.15.93.147.141.48.103.54.200.6.29.26.199.84.132.105.7.crt
+    serverAuth
+  + Amazon_Root_CA_1:2.19.6.108.159.207.153.191.140.10.57.226.240.120.138.67.230.150.54.91.202.crt
+    emailProtection serverAuth
+  + Amazon_Root_CA_2:2.19.6.108.159.210.150.53.134.159.10.15.229.134.120.248.91.38.187.138.55.crt
+    emailProtection serverAuth
+  + Amazon_Root_CA_3:2.19.6.108.159.213.116.151.54.102.63.59.11.154.217.232.158.118.3.242.74.crt
+    emailProtection serverAuth
+  + Amazon_Root_CA_4:2.19.6.108.159.215.193.187.16.76.41.67.229.113.123.123.44.200.26.193.14.crt
+    emailProtection serverAuth
+  + Certplus_Root_CA_G1:2.18.17.32.85.131.228.45.62.84.86.133.45.131.55.183.44.220.70.17.crt
+    emailProtection serverAuth
+  + Certplus_Root_CA_G2:2.18.17.32.217.145.206.174.163.232.197.231.255.233.2.175.207.115.188.85.crt
+    emailProtection serverAuth
+  + Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015:2.1.0.crt
+    emailProtection serverAuth
+  + Hellenic_Academic_and_Research_Institutions_RootCA_2015:2.1.0.crt
+    emailProtection serverAuth
+  + ISRG_Root_X1:2.17.0.130.16.207.176.210.64.227.89.68.99.224.187.99.130.139.0.crt (bsc#1010996)
+    serverAuth
+  + LuxTrust_Global_Root_2:2.20.10.126.166.223.75.68.158.218.106.36.133.158.230.184.21.211.22.127.187.177.crt
+    serverAuth
+  + OpenTrust_Root_CA_G1:2.18.17.32.179.144.85.57.125.127.54.109.100.194.167.159.107.99.142.103.crt
+    emailProtection serverAuth
+  + OpenTrust_Root_CA_G2:2.18.17.32.161.105.27.191.189.185.189.82.150.143.35.232.72.191.38.17.crt
+    emailProtection serverAuth
+  + OpenTrust_Root_CA_G3:2.18.17.32.230.248.76.252.36.176.190.5.64.172.218.131.27.52.96.63.crt
+    emailProtection serverAuth
+  + Symantec_Class_1_Public_Primary_Certification_Authority_-_G4:2.16.33.110.51.165.203.211.136.164.111.41.7.180.39.60.196.216.crt
+    emailProtection
+  + Symantec_Class_1_Public_Primary_Certification_Authority_-_G6:2.16.36.50.117.242.29.47.210.9.51.247.180.106.202.208.243.152.crt
+    emailProtection
+  + Symantec_Class_2_Public_Primary_Certification_Authority_-_G4:2.16.52.23.101.18.64.59.183.86.128.45.128.203.121.85.166.30.crt
+    emailProtection
+  + Symantec_Class_2_Public_Primary_Certification_Authority_-_G6:2.16.100.130.158.252.55.30.116.93.252.151.255.151.200.177.255.65.crt
+    emailProtection
+
+- diff-from-upstream-2.7.patch: removed as we should be able to do
+  intermediate root chains now with openssl 1.0.2 and also gnutls 3.5 
+  is able to do so.
+
 -------------------------------------------------------------------
 Wed Apr  6 11:21:32 UTC 2016 - meissner@suse.com

--- a/ca-certificates-mozilla.spec
+++ b/ca-certificates-mozilla.spec
@ -1,7 +1,7 @@
 #
 # spec file for package ca-certificates-mozilla
 #
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -26,7 +26,7 @@ BuildRequires:  python
 Name:           ca-certificates-mozilla
 # Version number is NSS_BUILTINS_LIBRARY_VERSION in this file:
 # http://hg.mozilla.org/projects/nss/file/default/lib/ckfw/builtins/nssckbi.h
-Version:        2.7
+Version:        2.11
 Release:        0
 Summary:        CA certificates for OpenSSL
 License:        MPL-2.0
@ -49,9 +49,6 @@ Source10:       certdata2pem.py
 Source11:       %{name}.COPYING
 Source12:       compareoldnew

-# openssl 1.0.2 might not need it anymore, but gnutls / pidgin does ... 
-Patch0:         diff-from-upstream-2.7.patch
-
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildArch:      noarch
 # for update-ca-certificates
@ -71,7 +68,6 @@ from MozillaFirefox
 %setup -qcT

 /bin/cp %{SOURCE0} .
-patch <%{PATCH0}

 install -m 644 %{SOURCE11} COPYING
 ver=`sed -ne '/NSS_BUILTINS_LIBRARY_VERSION /s/.*"\(.*\)"/\1/p' < "%{SOURCE1}"`
--- a/certdata.txt
+++ b/certdata.txt
--- a/diff-from-upstream-2.7.patch
+++ b/diff-from-upstream-2.7.patch
--- a/nssckbi.h
+++ b/nssckbi.h
@ -45,8 +45,8 @@
 * of the comment in the CK_VERSION type definition.
 */
 #define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 2
-#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 7
-#define NSS_BUILTINS_LIBRARY_VERSION "2.7"
+#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 11
+#define NSS_BUILTINS_LIBRARY_VERSION "2.11"

 /* These version numbers detail the semantic changes to the ckfw engine. */
 #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1