Hello community, here is the log from the commit of package openssl-certs for openSUSE:Factory checked in at Fri Mar 5 02:13:34 CET 2010. -------- --- openssl-certs/openssl-certs.changes 2009-09-30 15:33:48.000000000 +0200 +++ /mounts/work_src_done/STABLE/openssl-certs/openssl-certs.changes 2010-02-02 17:28:37.000000000 +0100 @@ -1,0 +2,6 @@ +Tue Feb 2 16:27:35 UTC 2010 - lnussel@suse.de + +- update certificates to revision 1.57 +- add script to compare with previous certificates + +------------------------------------------------------------------- calling whatdependson for head-i586 New: ---- compareoldnew ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openssl-certs.spec ++++++ --- /var/tmp/diff_new_pack.Cju9Ad/_old 2010-03-05 02:13:21.000000000 +0100 +++ /var/tmp/diff_new_pack.Cju9Ad/_new 2010-03-05 02:13:21.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package openssl-certs (Version 0.9.8h) # -# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -21,17 +21,27 @@ Name: openssl-certs %define ssletcdir %{_sysconfdir}/ssl -License: BSD 3-clause (or similar) ; MPL 1.1/GPL 2.0/LGPL 2.1 +License: BSD3c(or similar) ; MPL 1.1/GPL 2.0/LGPL 2.1 Group: Productivity/Networking/Security AutoReqProv: on Version: 0.9.8h -Release: 27 +Release: 28 Summary: CA certificates for OpenSSL Url: http://www.mozilla.org +# IMPORTANT: procedure to update certificates: +# - Check the CVS log of the cert file: +# http://bonsai.mozilla.org/cvslog.cgi?file=mozilla/security/nss/lib/ckfw/builtins/certdata.txt&rev=HEAD +# - download the new certdata.txt # wget -O certdata.txt "http://mxr.mozilla.org/mozilla/source//security/nss/lib/ckfw/builtins/certda..." +# - run compareoldnew to show fingerprints of new and changed certificates +# - check the bugs referenced in cvs log and compare the checksum +# to output of compareoldnew +# - Watch out that blacklisted or untrusted certificates are not +# accidentally included! Source: certdata.txt Source1: extractcerts.pl Source2: %{name}.COPYING +Source3: compareoldnew BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildArch: noarch # for c_rehash @@ -45,7 +55,7 @@ %prep %setup -qcT -cp -a %{S:1} COPYING +install -m 644 %{S:1} COPYING %build perl %{SOURCE1} < %{SOURCE0} ++++++ certdata.txt ++++++ ++++ 1168 lines (skipped) ++++ between openssl-certs/certdata.txt ++++ and /mounts/work_src_done/STABLE/openssl-certs/certdata.txt ++++++ compareoldnew ++++++ #!/bin/bash # print fingerprints of new or changed certificates set -e cleanup() { rm -rf new{,.files} old{,.files} } showcert() { openssl x509 -in "$1" -noout -subject -fingerprint -nameopt multiline,utf8,-esc_msb \ | sed -ne 's/ *commonName *= / CN: /p; s/.*Fingerprint=/ sha1: /p' } cleanup trap cleanup EXIT mkdir old new cd old echo old... ../extractcerts.pl < ../.osc/certdata.txt | sort > ../old.files cd .. cd new echo new... ../extractcerts.pl < ../certdata.txt | sort > ../new.files cd .. echo '----------------------------' while read line; do IFS='#' eval set -- \$line old="$1" new="$2" common="$3" if [ -n "$old" ]; then echo "$old has been deleted" elif [ -n "$new" ]; then echo "new: $new" showcert new/$new elif ! cmp "old/$common" "new/$common"; then echo "*** $common differs!" showcert old/$common showcert old/$common fi done < <(comm --output-delimiter='#' old.files new.files) ++++++ extractcerts.pl ++++++ --- /var/tmp/diff_new_pack.Cju9Ad/_old 2010-03-05 02:13:22.000000000 +0100 +++ /var/tmp/diff_new_pack.Cju9Ad/_new 2010-03-05 02:13:22.000000000 +0100 @@ -53,6 +53,8 @@ my $label = $object->{'CKA_LABEL'}; die "$label exists" if exists($trusts{$label}); $trusts{$label} = $object; + } elsif ($object->{'CKA_CLASS'} eq 'CKO_NETSCAPE_BUILTIN_ROOT_LIST') { + # ignore } else { print STDERR "class ", $object->{'CKA_CLASS'} ," not handled\n"; } ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org