Hello community, here is the log from the commit of package ca-certificates-mozilla for openSUSE:Factory checked in at 2017-02-01 09:48:14 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ca-certificates-mozilla (Old) and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "ca-certificates-mozilla" Changes: -------- --- /work/SRC/openSUSE:Factory/ca-certificates-mozilla/ca-certificates-mozilla.changes 2016-04-11 09:14:27.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new/ca-certificates-mozilla.changes 2017-02-03 17:33:50.933415327 +0100 @@ -1,0 +2,75 @@ +Tue Jan 24 12:46:29 UTC 2017 - meissner@suse.com + +- updated to 2.11 state of the Mozilla NSS Certificate store. +- removed CAs: + - Buypass_Class_2_CA_1:2.1.1.crt + serverAuth + - EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı:2.8.76.175.115.66.28.142.116.2.crt + codeSigning emailProtection serverAuth + - Equifax_Secure_CA:2.4.53.222.244.207.crt + emailProtection + - Equifax_Secure_eBusiness_CA_1:2.1.4.crt + emailProtection + - Equifax_Secure_Global_eBusiness_CA:2.1.1.crt + emailProtection + - IGC_A:2.5.57.17.69.16.148.crt + codeSigning emailProtection serverAuth + - Juur-SK:2.4.59.142.75.252.crt + codeSigning serverAuth + - Root_CA_Generalitat_Valenciana:2.4.59.69.229.104.crt + codeSigning emailProtection serverAuth + - RSA_Security_2048_v3:2.16.10.1.1.1.0.0.2.124.0.0.0.10.0.0.0.2.crt + codeSigning emailProtection serverAuth + - Sonera_Class_1_Root_CA:2.1.36.crt + emailProtection + - S-TRUST_Authentication_and_Encryption_Root_CA_2005_PN:2.16.55.25.24.230.83.84.124.26.181.184.203.89.90.219.53.183.crt + emailProtection + - Verisign_Class_1_Public_Primary_Certification_Authority:2.16.63.105.30.129.156.240.154.74.243.115.255.185.72.162.228.221.crt + emailProtection + - Verisign_Class_2_Public_Primary_Certification_Authority_-_G2:2.17.0.185.47.96.204.136.159.161.122.70.9.184.91.112.108.138.175.crt + emailProtection + - Verisign_Class_3_Public_Primary_Certification_Authority:2.16.112.186.228.29.16.217.41.52.182.56.202.123.3.204.186.191.crt + emailProtection +- added CAs: + + AC_RAIZ_FNMT-RCM:2.15.93.147.141.48.103.54.200.6.29.26.199.84.132.105.7.crt + serverAuth + + Amazon_Root_CA_1:2.19.6.108.159.207.153.191.140.10.57.226.240.120.138.67.230.150.54.91.202.crt + emailProtection serverAuth + + Amazon_Root_CA_2:2.19.6.108.159.210.150.53.134.159.10.15.229.134.120.248.91.38.187.138.55.crt + emailProtection serverAuth + + Amazon_Root_CA_3:2.19.6.108.159.213.116.151.54.102.63.59.11.154.217.232.158.118.3.242.74.crt + emailProtection serverAuth + + Amazon_Root_CA_4:2.19.6.108.159.215.193.187.16.76.41.67.229.113.123.123.44.200.26.193.14.crt + emailProtection serverAuth + + Certplus_Root_CA_G1:2.18.17.32.85.131.228.45.62.84.86.133.45.131.55.183.44.220.70.17.crt + emailProtection serverAuth + + Certplus_Root_CA_G2:2.18.17.32.217.145.206.174.163.232.197.231.255.233.2.175.207.115.188.85.crt + emailProtection serverAuth + + Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015:2.1.0.crt + emailProtection serverAuth + + Hellenic_Academic_and_Research_Institutions_RootCA_2015:2.1.0.crt + emailProtection serverAuth + + ISRG_Root_X1:2.17.0.130.16.207.176.210.64.227.89.68.99.224.187.99.130.139.0.crt (bsc#1010996) + serverAuth + + LuxTrust_Global_Root_2:2.20.10.126.166.223.75.68.158.218.106.36.133.158.230.184.21.211.22.127.187.177.crt + serverAuth + + OpenTrust_Root_CA_G1:2.18.17.32.179.144.85.57.125.127.54.109.100.194.167.159.107.99.142.103.crt + emailProtection serverAuth + + OpenTrust_Root_CA_G2:2.18.17.32.161.105.27.191.189.185.189.82.150.143.35.232.72.191.38.17.crt + emailProtection serverAuth + + OpenTrust_Root_CA_G3:2.18.17.32.230.248.76.252.36.176.190.5.64.172.218.131.27.52.96.63.crt + emailProtection serverAuth + + Symantec_Class_1_Public_Primary_Certification_Authority_-_G4:2.16.33.110.51.165.203.211.136.164.111.41.7.180.39.60.196.216.crt + emailProtection + + Symantec_Class_1_Public_Primary_Certification_Authority_-_G6:2.16.36.50.117.242.29.47.210.9.51.247.180.106.202.208.243.152.crt + emailProtection + + Symantec_Class_2_Public_Primary_Certification_Authority_-_G4:2.16.52.23.101.18.64.59.183.86.128.45.128.203.121.85.166.30.crt + emailProtection + + Symantec_Class_2_Public_Primary_Certification_Authority_-_G6:2.16.100.130.158.252.55.30.116.93.252.151.255.151.200.177.255.65.crt + emailProtection + +- diff-from-upstream-2.7.patch: removed as we should be able to do + intermediate root chains now with openssl 1.0.2 and also gnutls 3.5 + is able to do so. + +------------------------------------------------------------------- Old: ---- diff-from-upstream-2.7.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ca-certificates-mozilla.spec ++++++ --- /var/tmp/diff_new_pack.Kgu3lj/_old 2017-02-03 17:33:51.589322492 +0100 +++ /var/tmp/diff_new_pack.Kgu3lj/_new 2017-02-03 17:33:51.593321926 +0100 @@ -1,7 +1,7 @@ # # spec file for package ca-certificates-mozilla # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -26,7 +26,7 @@ Name: ca-certificates-mozilla # Version number is NSS_BUILTINS_LIBRARY_VERSION in this file: # http://hg.mozilla.org/projects/nss/file/default/lib/ckfw/builtins/nssckbi.h -Version: 2.7 +Version: 2.11 Release: 0 Summary: CA certificates for OpenSSL License: MPL-2.0 @@ -49,9 +49,6 @@ Source11: %{name}.COPYING Source12: compareoldnew -# openssl 1.0.2 might not need it anymore, but gnutls / pidgin does ... -Patch0: diff-from-upstream-2.7.patch - BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildArch: noarch # for update-ca-certificates @@ -71,7 +68,6 @@ %setup -qcT /bin/cp %{SOURCE0} . -patch <%{PATCH0} install -m 644 %{SOURCE11} COPYING ver=`sed -ne '/NSS_BUILTINS_LIBRARY_VERSION /s/.*"\(.*\)"/\1/p' < "%{SOURCE1}"` ++++++ certdata.txt ++++++ ++++ 4640 lines (skipped) ++++ between /work/SRC/openSUSE:Factory/ca-certificates-mozilla/certdata.txt ++++ and /work/SRC/openSUSE:Factory/.ca-certificates-mozilla.new/certdata.txt ++++++ nssckbi.h ++++++ --- /var/tmp/diff_new_pack.Kgu3lj/_old 2017-02-03 17:33:51.733302114 +0100 +++ /var/tmp/diff_new_pack.Kgu3lj/_new 2017-02-03 17:33:51.733302114 +0100 @@ -45,8 +45,8 @@ * of the comment in the CK_VERSION type definition. */ #define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 2 -#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 7 -#define NSS_BUILTINS_LIBRARY_VERSION "2.7" +#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 11 +#define NSS_BUILTINS_LIBRARY_VERSION "2.11" /* These version numbers detail the semantic changes to the ckfw engine. */ #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1