commit ca-certificates-mozilla for openSUSE:11.3
Hello community, here is the log from the commit of package ca-certificates-mozilla for openSUSE:11.3 checked in at Wed Aug 31 15:24:49 CEST 2011. -------- --- old-versions/11.3/all/ca-certificates-mozilla/ca-certificates-mozilla.changes 2010-04-08 11:24:54.000000000 +0200 +++ 11.3/ca-certificates-mozilla/ca-certificates-mozilla.changes 2011-08-31 11:03:51.000000000 +0200 @@ -1,0 +2,45 @@ +Wed Aug 31 09:02:10 UTC 2011 - lnussel@suse.de + +- update certificates to revision 1.76 + * new: Go_Daddy_Root_Certificate_Authority_G2.pem + * new: Starfield_Root_Certificate_Authority_G2.pem + * new: Starfield_Services_Root_Certificate_Authority_G2.pem + * new: AffirmTrust_Commercial.pem + * new: AffirmTrust_Networking.pem + * new: AffirmTrust_Premium.pem + * new: AffirmTrust_Premium_ECC.pem + * new: Certum_Trusted_Network_CA.pem + * new: Certinomis_Autorit_Racine.pem + * new: Root_CA_Generalitat_Valenciana.pem + * new: A_Trust_nQual_03.pem + * new: TWCA_Root_Certification_Authority.pem + * removed: DigiNotar_Root_CA.pem (bnc#714931) + +------------------------------------------------------------------- +Mon Jan 31 13:43:23 UTC 2011 - lnussel@suse.de + +- update certificates to revision 1.70 + * new: AddTrust_Qualified_Certificates_Root.pem + * new: Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem + * new: Chambers_of_Commerce_Root_2008.pem + * new: Global_Chambersign_Root_2008.pem + * new: Izenpe_com.pem + * new: TC_TrustCenter_Universal_CA_III.pem + +------------------------------------------------------------------- +Mon Sep 27 14:27:52 UTC 2010 - lnussel@suse.de + +- update certificates to revision 1.65 + * new: E_Guven_Kok_Elektronik_Sertifika_Hizmet_Saglayicisi.pem + * new: GlobalSign_Root_CA_R3.pem + * new: Microsec_e_Szigno_Root_CA_2009.pem + * new: Verisign_Class_1_Public_Primary_Certification_Authority.1.pem + * new: Verisign_Class_3_Public_Primary_Certification_Authority.1.pem + +------------------------------------------------------------------- +Fri May 21 12:30:01 UTC 2010 - lnussel@suse.de + +- update certificates to revision 1.64 + * removed "RSA Security 1024 V3" certificate + +------------------------------------------------------------------- Package does not exist at destination yet. Using Fallback old-versions/11.3/all/ca-certificates-mozilla Destination is old-versions/11.3/UPDATES/all/ca-certificates-mozilla calling whatdependson for 11.3-i586 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ca-certificates-mozilla.spec ++++++ --- /var/tmp/diff_new_pack.oYLz9q/_old 2011-08-31 15:24:21.000000000 +0200 +++ /var/tmp/diff_new_pack.oYLz9q/_new 2011-08-31 15:24:21.000000000 +0200 @@ -1,7 +1,7 @@ # -# spec file for package ca-certificates-mozilla (Version 1.62) +# spec file for package ca-certificates-mozilla # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -26,8 +26,8 @@ License: BSD3c(or similar) ; MPL 1.1/GPL 2.0/LGPL 2.1 Group: Productivity/Networking/Security AutoReqProv: on -Version: 1.62 -Release: 2 +Version: 1.76 +Release: 1.<RELEASE2> Summary: CA certificates for OpenSSL Url: http://www.mozilla.org # IMPORTANT: procedure to update certificates: @@ -61,10 +61,11 @@ %prep %setup -qcT +/bin/cp %{SOURCE0} . install -m 644 %{S:1} COPYING %build -perl %{SOURCE1} --trustbits < %{SOURCE0} +perl %{SOURCE1} --trustbits < certdata.txt %install mkdir -p %{buildroot}/%{sslusrdir}/mozilla ++++++ certdata.txt ++++++ ++++ 20328 lines (skipped) ++++ between old-versions/11.3/all/ca-certificates-mozilla/certdata.txt ++++ and 11.3/ca-certificates-mozilla/certdata.txt ++++++ compareoldnew ++++++ --- /var/tmp/diff_new_pack.oYLz9q/_old 2011-08-31 15:24:21.000000000 +0200 +++ /var/tmp/diff_new_pack.oYLz9q/_new 2011-08-31 15:24:21.000000000 +0200 @@ -15,11 +15,15 @@ mkdir old new cd old echo old... -VERBOSE=1 ../extractcerts.pl < ../.osc/certdata.txt | sort > ../old.files +VERBOSE=1 ../extractcerts.pl --trustbits < ../.osc/certdata.txt > tmp +sort < tmp > ../old.files +rm -f tmp cd .. cd new echo new... -VERBOSE=1 ../extractcerts.pl < ../certdata.txt | sort > ../new.files +VERBOSE=1 ../extractcerts.pl --trustbits < ../certdata.txt > tmp +sort < tmp > ../new.files +rm -f tmp cd .. echo '----------------------------' while read line; do @@ -35,6 +39,7 @@ elif ! cmp "old/$common" "new/$common"; then echo "*** $common differs!" showcert old/$common - showcert old/$common + showcert new/$common + diff -u old/$common new/$common || true fi done < <(comm --output-delimiter='#' old.files new.files) ++++++ extractcerts.pl ++++++ --- /var/tmp/diff_new_pack.oYLz9q/_old 2011-08-31 15:24:21.000000000 +0200 +++ /var/tmp/diff_new_pack.oYLz9q/_new 2011-08-31 15:24:21.000000000 +0200 @@ -75,17 +75,30 @@ $output_trustbits = 1; } +sub colonhex +{ + return join(':', unpack("(H2)*", $_[0])); +} + sub handle_object($) { my $object = shift; return unless $object; + ### convert old tags to be able to compare pre 1.74 files + $object->{'CKA_CLASS'} =~ s/^CKO_NETSCAPE/CKO_NSS/; + for my $type (keys %trust_types) { + next unless (exists $object->{$type}); + $object->{$type} =~ s/^CKT_NETSCAPE/CKT_NSS/; + } + #### if($object->{'CKA_CLASS'} eq 'CKO_CERTIFICATE' && $object->{'CKA_CERTIFICATE_TYPE'} eq 'CKC_X_509') { push @certificates, $object; - } elsif ($object->{'CKA_CLASS'} eq 'CKO_NETSCAPE_TRUST') { + } elsif ($object->{'CKA_CLASS'} eq 'CKO_NSS_TRUST') { my $label = $object->{'CKA_LABEL'}; - die "$label exists" if exists($trusts{$label}); - $trusts{$label} = $object; - } elsif ($object->{'CKA_CLASS'} eq 'CKO_NETSCAPE_BUILTIN_ROOT_LIST') { + my $serial = colonhex($object->{'CKA_SERIAL_NUMBER'}); + die "$label exists ($serial)" if exists($trusts{$label.$serial}); + $trusts{$label.$serial} = $object; + } elsif ($object->{'CKA_CLASS'} eq 'CKO_NSS_BUILTIN_ROOT_LIST') { # ignore } else { print STDERR "class ", $object->{'CKA_CLASS'} ," not handled\n"; @@ -116,11 +129,12 @@ } if( $fields[1] =~ /MULTILINE/ ) { + die "expected MULTILINE_OCTAL" unless $fields[1] eq 'MULTILINE_OCTAL'; $fields[2] = ""; while(<>) { last if /END/; chomp; - $fields[2] .= $_; + $fields[2] .= pack("C", oct($+)) while $_ =~ /\G\\([0-3][0-7][0-7])/g; } } @@ -133,24 +147,26 @@ $object->{$fields[0]} = $fields[2]; } handle_object($object); +undef $object; use MIME::Base64; for my $cert (@certificates) { my $alias = $cert->{'CKA_LABEL'}; - if(!exists($trusts{$alias})) { + my $serial = colonhex($cert->{'CKA_SERIAL_NUMBER'}); + if(!exists($trusts{$alias.$serial})) { print STDERR "NO TRUST: $alias\n"; next; } # check trust. We only include certificates that are trusted for identifying # web sites - my $trust = $trusts{$alias}; + my $trust = $trusts{$alias.$serial}; my @addtrust; my @addtrust_openssl; my $trusted; if ($output_trustbits) { for my $type (keys %trust_types) { if (exists $trust->{$type} - && $trust->{$type} eq 'CKT_NETSCAPE_TRUSTED_DELEGATOR') { + && $trust->{$type} eq 'CKT_NSS_TRUSTED_DELEGATOR') { push @addtrust, $trust_types{$type}; if (exists $openssl_trust{$type}) { push @addtrust_openssl, $openssl_trust{$type}; @@ -159,14 +175,14 @@ } } } else { - if($trust->{'CKA_TRUST_SERVER_AUTH'} eq 'CKT_NETSCAPE_TRUSTED_DELEGATOR') { + if($trust->{'CKA_TRUST_SERVER_AUTH'} eq 'CKT_NSS_TRUSTED_DELEGATOR') { $trusted = 1; } } if (!$trusted) { my $t = $trust->{'CKA_TRUST_SERVER_AUTH'}; - $t =~ s/CKT_NETSCAPE_//; + $t =~ s/CKT_NSS_//; print STDERR "$t: $alias\n"; next; } @@ -178,16 +194,22 @@ my $file = $alias; $alias =~ s/'/-/g; $file =~ s/[^[:alnum:]\\]+/_/g; - $file .= '.pem'; $file = Encode::encode("UTF-8", $file); + if (-e $file.'.pem') { + my $i = 1; + while (-e $file.".$i.pem") { + ++$i; + } + $file .= ".$i.pem"; + } else { + $file .= '.pem'; + } if (!open(O, '>', $file)) { print STDERR "$file: $!\n"; next; } print "$file\n" if $ENV{'VERBOSE'}; my $value = $cert->{'CKA_VALUE'}; - my $enc = ''; - $enc .= pack("C", oct($+)) while $value =~ /\G\\([0-3][0-7][0-7])/g; if ($output_trustbits) { print O "# alias=",Encode::encode("UTF-8", $alias),"\n"; print O "# trust=",join(" ", @addtrust),"\n"; @@ -196,7 +218,7 @@ } } print O "-----BEGIN CERTIFICATE-----\n"; - print O encode_base64($enc); + print O encode_base64($value); print O "-----END CERTIFICATE-----\n"; close O; } ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org
participants (1)
-
root@hilbert.suse.de