Accepting request 237853 from Base:System

Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/237853
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/ca-certificates-mozilla?expand=0&rev=28

ca-certificates-mozilla.changes

@@ -1,3 +1,20 @@
+-------------------------------------------------------------------
+Tue Jun 10 12:52:29 UTC 2014 - meissner@suse.com
+
+- in sle11 we bumped openssl-certs version to match the NSS version,
+  so provide/obsolete the current version.
+
+-------------------------------------------------------------------
+Wed Jun  4 08:21:33 UTC 2014 - lnussel@suse.de
+
+- updated certificates to revision 1.97 (bnc#881241)
+  new: "Atos TrustedRoot 2011" (codeSigning emailProtection serverAuth)
+  new: "Tugra Certification Authority" (codeSigning serverAuth)
+  removed: "Firmaprofesional Root CA"
+  removed: "TDC OCES Root CA"
+  new: "TeliaSonera Root CA v1" (emailProtection serverAuth)
+  new: "T-TeleSec GlobalRoot Class 2" (emailProtection serverAuth)
+
 -------------------------------------------------------------------
 Fri Feb 21 16:18:35 UTC 2014 - meissner@suse.com
 

ca-certificates-mozilla.spec

@@ -26,7 +26,7 @@ BuildRequires:  python
 Name:           ca-certificates-mozilla
 # Version number is NSS_BUILTINS_LIBRARY_VERSION in this file:
 # https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/nssckbi.h
-Version:        1.96
+Version:        1.97
 Release:        0
 Summary:        CA certificates for OpenSSL
 License:        MPL-2.0
@@ -38,8 +38,10 @@ Url:            http://www.mozilla.org
 # - download the new certdata.txt
 #   wget -O certdata.txt "https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt"
 # - run compareoldnew to show fingerprints of new and changed certificates
-# - check the bugs referenced in cvs log and compare the checksum
+# - check the bugs referenced in hg log and compare the checksum
 #   to output of compareoldnew
+#   The correct history of the file is actually in the nss repo:
+#   http://hg.mozilla.org/projects/nss/log/8f026c806587/lib/ckfw/builtins/certdata.txt
 # - Watch out that blacklisted or untrusted certificates are not
 #   accidentally included!
 Source:         https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt
@@ -54,8 +56,8 @@ BuildArch:      noarch
 Requires(post):    ca-certificates
 Requires(postun):  ca-certificates
 #
-Provides:       openssl-certs = 0.9.9
+Provides:       openssl-certs = %version
-Obsoletes:      openssl-certs < 0.9.9
+Obsoletes:      openssl-certs < %version
 
 %description
 This package contains some CA root certificates for OpenSSL extracted

compareoldnew

@@ -8,7 +8,8 @@ cleanup()
 showcert()
 {
 	openssl x509 -in "$1" -noout -subject -fingerprint -nameopt multiline,utf8,-esc_msb \
-	| sed -ne 's/ *commonName *= /   CN: /p; s/.*Fingerprint=/ sha1: /p'
+	| sed -ne 's/ *commonName *= /  CN=/p; s/.*Fingerprint=/  sha1=/p'
+	sed -ne '/^# \(openssl\|distrust\|alias\)/s/^#/ /p' < "$1"
 }
 cleanup
 trap cleanup EXIT
@@ -32,13 +33,13 @@ while read line; do
 	new="$2"
 	common="$3"
 	if [ -n "$old" ]; then
-		echo "> removed: $old"
+		echo "- $old"
 		showcert old/$old
 	elif [ -n "$new" ]; then
-		echo "> new: $new"
+		echo "+ $new"
 		showcert new/$new
 	elif ! cmp "old/$common" "new/$common"; then
-		echo "> changed: $common"
+		echo "~ $common"
 		showcert old/$common
 		showcert new/$common
 		diff -u old/$common new/$common || true

nssckbi.h

@@ -45,8 +45,8 @@
  * of the comment in the CK_VERSION type definition.
  */
 #define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 1
-#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 96
+#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 97
-#define NSS_BUILTINS_LIBRARY_VERSION "1.96"
+#define NSS_BUILTINS_LIBRARY_VERSION "1.97"
 
 /* These version numbers detail the semantic changes to the ckfw engine. */
 #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1