Update to CKBI 2.14 from NSS 3.30.2

This commit is contained in:
Kai Engert 2017-04-26 14:37:22 +02:00
parent c1c275770a
commit 6cea01c4b1
3 changed files with 504 additions and 679 deletions

View File

@ -35,10 +35,10 @@ Name: ca-certificates
# to have increasing version numbers. However, the new scheme will work, # to have increasing version numbers. However, the new scheme will work,
# because all future versions will start with 2013 or larger.) # because all future versions will start with 2013 or larger.)
Version: 2017.2.11 Version: 2017.2.14
# for Rawhide, please always use release >= 2 # for Rawhide, please always use release >= 2
# for Fedora release branches, please use release < 2 (1.0, 1.1, ...) # for Fedora release branches, please use release < 2 (1.0, 1.1, ...)
Release: 5%{?dist} Release: 2%{?dist}
License: Public Domain License: Public Domain
Group: System Environment/Base Group: System Environment/Base
@ -352,6 +352,9 @@ fi
%changelog %changelog
* Wed Apr 26 2017 Kai Engert <kaie@redhat.com> - 2017.2.14-2
- Update to CKBI 2.14 from NSS 3.30.2
* Thu Feb 23 2017 Kai Engert <kaie@redhat.com> - 2017.2.11-5 * Thu Feb 23 2017 Kai Engert <kaie@redhat.com> - 2017.2.11-5
- For CAs trusted by Mozilla, set attribute nss-mozilla-ca-policy: true - For CAs trusted by Mozilla, set attribute nss-mozilla-ca-policy: true
- Set attribute modifiable: false - Set attribute modifiable: false

File diff suppressed because it is too large Load Diff

View File

@ -22,31 +22,32 @@
* to the list of trusted certificates. * to the list of trusted certificates.
* *
* The NSS_BUILTINS_LIBRARY_VERSION_MINOR macro needs to be bumped * The NSS_BUILTINS_LIBRARY_VERSION_MINOR macro needs to be bumped
* for each NSS minor release AND whenever we change the list of * whenever we change the list of trusted certificates.
* trusted certificates. 10 minor versions are allocated for each *
* NSS 3.x branch as follows, allowing us to change the list of * Please use the following rules when increasing the version number:
* trusted certificates up to 9 times on each branch. *
* - NSS 3.5 branch: 3-9 * - starting with version 2.14, NSS_BUILTINS_LIBRARY_VERSION_MINOR
* - NSS 3.6 branch: 10-19 * must always be an EVEN number (e.g. 16, 18, 20 etc.)
* - NSS 3.7 branch: 20-29 *
* - NSS 3.8 branch: 30-39 * - whenever possible, if older branches require a modification to the
* - NSS 3.9 branch: 40-49 * list, these changes should be made on the main line of development (trunk),
* - NSS 3.10 branch: 50-59 * and the older branches should update to the most recent list.
* - NSS 3.11 branch: 60-69 *
* ... * - ODD minor version numbers are reserved to indicate a snapshot that has
* - NSS 3.12 branch: 70-89 * deviated from the main line of development, e.g. if it was necessary
* - NSS 3.13 branch: 90-99 * to modify the list on a stable branch.
* - NSS 3.14 branch: 100-109 * Once the version has been changed to an odd number (e.g. 2.13) on a branch,
* ... * it should remain unchanged on that branch, even if further changes are
* - NSS 3.29 branch: 250-255 * made on that branch.
* *
* NSS_BUILTINS_LIBRARY_VERSION_MINOR is a CK_BYTE. It's not clear * NSS_BUILTINS_LIBRARY_VERSION_MINOR is a CK_BYTE. It's not clear
* whether we may use its full range (0-255) or only 0-99 because * whether we may use its full range (0-255) or only 0-99 because
* of the comment in the CK_VERSION type definition. * of the comment in the CK_VERSION type definition.
* It's recommend to switch back to 0 after having reached version 98/99.
*/ */
#define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 2 #define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 2
#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 11 #define NSS_BUILTINS_LIBRARY_VERSION_MINOR 14
#define NSS_BUILTINS_LIBRARY_VERSION "2.11" #define NSS_BUILTINS_LIBRARY_VERSION "2.14"
/* These version numbers detail the semantic changes to the ckfw engine. */ /* These version numbers detail the semantic changes to the ckfw engine. */
#define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1 #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1