import ca-certificates-2020.2.41-80.0.el8_2

2020-08-10 04:55:55 -04:00 · 2020-08-10 04:55:55 -04:00 · 96bcd5660d
commit 96bcd5660d
parent 326bf5ca1b
3 changed files with 587 additions and 1265 deletions
--- a/SOURCES/certdata.txt
+++ b/SOURCES/certdata.txt
--- a/SOURCES/nssckbi.h
+++ b/SOURCES/nssckbi.h
@ -46,8 +46,8 @@
 * It's recommend to switch back to 0 after having reached version 98/99.
 */
 #define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 2
-#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 24
-#define NSS_BUILTINS_LIBRARY_VERSION "2.24"
+#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 41
+#define NSS_BUILTINS_LIBRARY_VERSION "2.41"

 /* These version numbers detail the semantic changes to the ckfw engine. */
 #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1
--- a/SPECS/ca-certificates.spec
+++ b/SPECS/ca-certificates.spec
@ -35,7 +35,7 @@ Name: ca-certificates
 # to have increasing version numbers. However, the new scheme will work, 
 # because all future versions will start with 2013 or larger.)

-Version: 2019.2.32
+Version: 2020.2.41
 # On RHEL 8.x, please keep the release version >= 80
 # When rebasing on Y-Stream (8.y), use 81, 82, 83, ...
 # When rebasing on Z-Stream (8.y.z), use 80.0, 80.1, 80.2, ..
@ -303,14 +303,30 @@ if [ $1 -gt 1 ] ; then
  fi
 fi

-
 %post
 #if [ $1 -gt 1 ] ; then
 #  # when upgrading or downgrading
 #fi
+# if ln is available, go ahead and run the ca-legacy and update
+# scripts. If not, wait until %posttrans.
+if [ -x %{_bindir}/ln ]; then
 %{_bindir}/ca-legacy install
 %{_bindir}/update-ca-trust
+fi

+%posttrans
+# When coreutils is installing with ca-certificates
+# we need to wait until coreutils install to
+# run our update since update requires ln to complete.
+# There is a circular dependency here where
+# ca-certificates depends on coreutils
+# coreutils depends on openssl
+# openssl depends on ca-certificates
+# so we run the scripts here too, in case we couldn't run them in
+# post. If we *could* run them in post this is an unnecessary
+# duplication, but it shouldn't hurt anything
+%{_bindir}/ca-legacy install
+%{_bindir}/update-ca-trust

 %files
 %defattr(-,root,root,-)
@ -373,7 +389,21 @@ fi


 %changelog
-*Fri Jun 21 2019 Bob Relyea <rrelyea@redhat.com> - 2019.2.32-80.0
+*Wed Jun 10 2020 Bob Relyea <rrelyea@redhat.com> - 2020.2.41-80.0
+- Update to CKBI 2.41 from NSS 3.53.0
+-    Removing:
+-     # Certificate "AddTrust Low-Value Services Root"
+-     # Certificate "AddTrust External Root"
+-     # Certificate "UTN USERFirst Email Root CA"
+-     # Certificate "Certplus Class 2 Primary CA"
+-     # Certificate "Deutsche Telekom Root CA 2"
+-     # Certificate "Staat der Nederlanden Root CA - G2"
+-     # Certificate "Swisscom Root CA 2"
+-     # Certificate "Certinomis - Root CA"
+-    Adding:
+-     # Certificate "Entrust Root Certification Authority - G4"
+
+*Fri Jun 21 2019 Bob Relyea <rrelyea@redhat.com> - 2019.2.32-1
 - Update to CKBI 2.32 from NSS 3.44
 -  Removing:
 -   # Certificate "Visa eCommerce Root"