|
|
|
@ -36,13 +36,11 @@ Name: ca-certificates
|
|
|
|
|
# because all future versions will start with 2013 or larger.)
|
|
|
|
|
|
|
|
|
|
Version: 2023.2.60_v7.0.306
|
|
|
|
|
# On RHEL 8.x, please keep the release version >= 80
|
|
|
|
|
# When rebasing on Y-Stream (8.y), use 81, 82, 83, ...
|
|
|
|
|
# When rebasing on Z-Stream (8.y.z), use 80.0, 80.1, 80.2, ..
|
|
|
|
|
Release: 80.0%{?dist}
|
|
|
|
|
# for y-stream, please always use 91 <= release < 100 (91,92,93)
|
|
|
|
|
# for z-stream release branches, please use 90 <= release < 91 (90.0, 90.1, ...)
|
|
|
|
|
Release: 90.1%{?dist}
|
|
|
|
|
License: Public Domain
|
|
|
|
|
|
|
|
|
|
Group: System Environment/Base
|
|
|
|
|
URL: https://fedoraproject.org/wiki/CA-Certificates
|
|
|
|
|
|
|
|
|
|
#Please always update both certdata.txt and nssckbi.h
|
|
|
|
@ -73,13 +71,13 @@ Requires(post): coreutils
|
|
|
|
|
Requires: bash
|
|
|
|
|
Requires: grep
|
|
|
|
|
Requires: sed
|
|
|
|
|
Requires(post): p11-kit >= 0.23.12
|
|
|
|
|
Requires(post): p11-kit-trust >= 0.23.12
|
|
|
|
|
Requires: p11-kit >= 0.23.12
|
|
|
|
|
Requires: p11-kit-trust >= 0.23.12
|
|
|
|
|
Requires(post): p11-kit >= 0.24
|
|
|
|
|
Requires(post): p11-kit-trust >= 0.24
|
|
|
|
|
Requires: p11-kit >= 0.24
|
|
|
|
|
Requires: p11-kit-trust >= 0.24
|
|
|
|
|
|
|
|
|
|
BuildRequires: perl-interpreter
|
|
|
|
|
BuildRequires: python3-devel
|
|
|
|
|
BuildRequires: python3
|
|
|
|
|
BuildRequires: openssl
|
|
|
|
|
BuildRequires: asciidoc
|
|
|
|
|
BuildRequires: libxslt
|
|
|
|
@ -100,7 +98,7 @@ mkdir %{name}/java
|
|
|
|
|
pushd %{name}/certs
|
|
|
|
|
pwd
|
|
|
|
|
cp %{SOURCE0} .
|
|
|
|
|
%{__python3} %{SOURCE4} >c2p.log 2>c2p.err
|
|
|
|
|
python3 %{SOURCE4} >c2p.log 2>c2p.err
|
|
|
|
|
popd
|
|
|
|
|
pushd %{name}
|
|
|
|
|
(
|
|
|
|
@ -186,7 +184,7 @@ mkdir -p -m 755 $RPM_BUILD_ROOT%{pkidir}/java
|
|
|
|
|
mkdir -p -m 755 $RPM_BUILD_ROOT%{_sysconfdir}/ssl
|
|
|
|
|
mkdir -p -m 755 $RPM_BUILD_ROOT%{catrustdir}/source
|
|
|
|
|
mkdir -p -m 755 $RPM_BUILD_ROOT%{catrustdir}/source/anchors
|
|
|
|
|
mkdir -p -m 755 $RPM_BUILD_ROOT%{catrustdir}/source/blacklist
|
|
|
|
|
mkdir -p -m 755 $RPM_BUILD_ROOT%{catrustdir}/source/blocklist
|
|
|
|
|
mkdir -p -m 755 $RPM_BUILD_ROOT%{catrustdir}/extracted
|
|
|
|
|
mkdir -p -m 755 $RPM_BUILD_ROOT%{catrustdir}/extracted/pem
|
|
|
|
|
mkdir -p -m 755 $RPM_BUILD_ROOT%{catrustdir}/extracted/openssl
|
|
|
|
@ -194,7 +192,7 @@ mkdir -p -m 755 $RPM_BUILD_ROOT%{catrustdir}/extracted/java
|
|
|
|
|
mkdir -p -m 755 $RPM_BUILD_ROOT%{catrustdir}/extracted/edk2
|
|
|
|
|
mkdir -p -m 755 $RPM_BUILD_ROOT%{_datadir}/pki/ca-trust-source
|
|
|
|
|
mkdir -p -m 755 $RPM_BUILD_ROOT%{_datadir}/pki/ca-trust-source/anchors
|
|
|
|
|
mkdir -p -m 755 $RPM_BUILD_ROOT%{_datadir}/pki/ca-trust-source/blacklist
|
|
|
|
|
mkdir -p -m 755 $RPM_BUILD_ROOT%{_datadir}/pki/ca-trust-source/blocklist
|
|
|
|
|
mkdir -p -m 755 $RPM_BUILD_ROOT%{_datadir}/pki/ca-trust-legacy
|
|
|
|
|
mkdir -p -m 755 $RPM_BUILD_ROOT%{_bindir}
|
|
|
|
|
mkdir -p -m 755 $RPM_BUILD_ROOT%{_mandir}/man8
|
|
|
|
@ -243,9 +241,15 @@ chmod 444 $RPM_BUILD_ROOT%{catrustdir}/extracted/%{java_bundle}
|
|
|
|
|
touch $RPM_BUILD_ROOT%{catrustdir}/extracted/edk2/cacerts.bin
|
|
|
|
|
chmod 444 $RPM_BUILD_ROOT%{catrustdir}/extracted/edk2/cacerts.bin
|
|
|
|
|
|
|
|
|
|
# /etc/ssl/certs symlink for 3rd-party tools
|
|
|
|
|
ln -s ../pki/tls/certs \
|
|
|
|
|
# /etc/ssl symlinks for 3rd-party tools and cross-distro compatibility
|
|
|
|
|
ln -s /etc/pki/tls/certs \
|
|
|
|
|
$RPM_BUILD_ROOT%{_sysconfdir}/ssl/certs
|
|
|
|
|
ln -s %{catrustdir}/extracted/pem/tls-ca-bundle.pem \
|
|
|
|
|
$RPM_BUILD_ROOT%{_sysconfdir}/ssl/cert.pem
|
|
|
|
|
ln -s /etc/pki/tls/openssl.cnf \
|
|
|
|
|
$RPM_BUILD_ROOT%{_sysconfdir}/ssl/openssl.cnf
|
|
|
|
|
ln -s /etc/pki/tls/ct_log_list.cnf \
|
|
|
|
|
$RPM_BUILD_ROOT%{_sysconfdir}/ssl/ct_log_list.cnf
|
|
|
|
|
# legacy filenames
|
|
|
|
|
ln -s %{catrustdir}/extracted/pem/tls-ca-bundle.pem \
|
|
|
|
|
$RPM_BUILD_ROOT%{pkidir}/tls/cert.pem
|
|
|
|
@ -303,6 +307,7 @@ if [ $1 -gt 1 ] ; then
|
|
|
|
|
fi
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
%post
|
|
|
|
|
#if [ $1 -gt 1 ] ; then
|
|
|
|
|
# # when upgrading or downgrading
|
|
|
|
@ -329,8 +334,6 @@ fi
|
|
|
|
|
%{_bindir}/update-ca-trust
|
|
|
|
|
|
|
|
|
|
%files
|
|
|
|
|
%defattr(-,root,root,-)
|
|
|
|
|
|
|
|
|
|
%dir %{_sysconfdir}/ssl
|
|
|
|
|
%dir %{pkidir}/tls
|
|
|
|
|
%dir %{pkidir}/tls/certs
|
|
|
|
@ -338,7 +341,7 @@ fi
|
|
|
|
|
%dir %{catrustdir}
|
|
|
|
|
%dir %{catrustdir}/source
|
|
|
|
|
%dir %{catrustdir}/source/anchors
|
|
|
|
|
%dir %{catrustdir}/source/blacklist
|
|
|
|
|
%dir %{catrustdir}/source/blocklist
|
|
|
|
|
%dir %{catrustdir}/extracted
|
|
|
|
|
%dir %{catrustdir}/extracted/pem
|
|
|
|
|
%dir %{catrustdir}/extracted/openssl
|
|
|
|
@ -346,7 +349,7 @@ fi
|
|
|
|
|
%dir %{_datadir}/pki
|
|
|
|
|
%dir %{_datadir}/pki/ca-trust-source
|
|
|
|
|
%dir %{_datadir}/pki/ca-trust-source/anchors
|
|
|
|
|
%dir %{_datadir}/pki/ca-trust-source/blacklist
|
|
|
|
|
%dir %{_datadir}/pki/ca-trust-source/blocklist
|
|
|
|
|
%dir %{_datadir}/pki/ca-trust-legacy
|
|
|
|
|
|
|
|
|
|
%config(noreplace) %{catrustdir}/ca-legacy.conf
|
|
|
|
@ -367,10 +370,13 @@ fi
|
|
|
|
|
%{pkidir}/tls/certs/%{classic_tls_bundle}
|
|
|
|
|
%{pkidir}/tls/certs/%{openssl_format_trust_bundle}
|
|
|
|
|
%{pkidir}/%{java_bundle}
|
|
|
|
|
# symlink directory
|
|
|
|
|
# symlinks to cross-distro compatibility files and directory
|
|
|
|
|
%{_sysconfdir}/ssl/certs
|
|
|
|
|
%{_sysconfdir}/ssl/cert.pem
|
|
|
|
|
%{_sysconfdir}/ssl/openssl.cnf
|
|
|
|
|
%{_sysconfdir}/ssl/ct_log_list.cnf
|
|
|
|
|
|
|
|
|
|
# master bundle file with trust
|
|
|
|
|
# primary bundle file with trust
|
|
|
|
|
%{_datadir}/pki/ca-trust-source/%{p11_format_bundle}
|
|
|
|
|
|
|
|
|
|
%{_datadir}/pki/ca-trust-legacy/%{legacy_default_bundle}
|
|
|
|
@ -389,7 +395,10 @@ fi
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
%changelog
|
|
|
|
|
*Tue Aug 01 2023 Robert Relyea <rrelyea@redhat.com> - 2023.2.60_v7.0.306-80.0
|
|
|
|
|
*Tue Aug 29 2023 Robert Relyea <rrelyea@redhat.com> - 2023.2.60_v7.0.306-90.1
|
|
|
|
|
- Bump release number to make CI happy
|
|
|
|
|
|
|
|
|
|
*Tue Aug 01 2023 Robert Relyea <rrelyea@redhat.com> - 2023.2.60_v7.0.306-90.0
|
|
|
|
|
- Update to CKBI 2.60_v7.0.306 from NSS 3.91
|
|
|
|
|
- Removing:
|
|
|
|
|
- # Certificate "Camerfirma Global Chambersign Root"
|
|
|
|
@ -469,7 +478,7 @@ fi
|
|
|
|
|
- # Certificate "GlobalSign Code Signing Root R45"
|
|
|
|
|
- # Certificate "Entrust Code Signing Root Certification Authority - CSBR1"
|
|
|
|
|
|
|
|
|
|
*Thu Jul 28 2022 Bob Relyea <rrelyea@redhat.com> - 2022.2.54-80.2
|
|
|
|
|
*Thu Jul 28 2022 Bob Relyea <rrelyea@redhat.com> - 2022.2.54-90.2
|
|
|
|
|
- Update to CKBI 2.54 from NSS 3.79
|
|
|
|
|
- Removing:
|
|
|
|
|
- # Certificate "TrustCor ECA-1"
|
|
|
|
@ -490,12 +499,29 @@ fi
|
|
|
|
|
- # Certificate "Government Root Certification Authority"
|
|
|
|
|
- # Certificate "AC Raíz Certicámara S.A."
|
|
|
|
|
|
|
|
|
|
*Wed Jul 27 2022 Bob Relyea <rrelyea@redhat.com> - 2022.2.54-80.1
|
|
|
|
|
*Wed Jul 27 2022 Bob Relyea <rrelyea@redhat.com> - 2022.2.54-90.1
|
|
|
|
|
- Update to CKBI 2.54 from NSS 3.79
|
|
|
|
|
|
|
|
|
|
*Fri Jul 15 2022 Bob Relyea <rrelyea@redhat.com> - 2022.2.54-80.0
|
|
|
|
|
*Fri Jul 15 2022 Bob Relyea <rrelyea@redhat.com> - 2022.2.54-90.0
|
|
|
|
|
- Update to CKBI 2.54 from NSS 3.79
|
|
|
|
|
- Removing:
|
|
|
|
|
- # Certificate "GlobalSign Root CA - R2"
|
|
|
|
|
- # Certificate "DST Root CA X3"
|
|
|
|
|
- # Certificate "Explicitly Distrusted DigiNotar PKIoverheid G2"
|
|
|
|
|
- Adding:
|
|
|
|
|
- # Certificate "TunTrust Root CA"
|
|
|
|
|
- # Certificate "HARICA TLS RSA Root CA 2021"
|
|
|
|
|
- # Certificate "HARICA TLS ECC Root CA 2021"
|
|
|
|
|
- # Certificate "HARICA Client RSA Root CA 2021"
|
|
|
|
|
- # Certificate "HARICA Client ECC Root CA 2021"
|
|
|
|
|
- # Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068"
|
|
|
|
|
- # Certificate "vTrus ECC Root CA"
|
|
|
|
|
- # Certificate "vTrus Root CA"
|
|
|
|
|
- # Certificate "ISRG Root X2"
|
|
|
|
|
- # Certificate "HiPKI Root CA - G1"
|
|
|
|
|
- # Certificate "Telia Root CA v2"
|
|
|
|
|
- # Certificate "D-TRUST BR Root CA 1 2020"
|
|
|
|
|
- # Certificate "D-TRUST EV Root CA 1 2020"
|
|
|
|
|
- # Certificate "CAEDICOM Root"
|
|
|
|
|
- # Certificate "I.CA Root CA/RSA"
|
|
|
|
|
- # Certificate "MULTICERT Root Certification Authority 01"
|
|
|
|
@ -637,7 +663,6 @@ fi
|
|
|
|
|
- # Certificate "Certipost E-Trust TOP Root CA"
|
|
|
|
|
- # Certificate "Certipost E-Trust Primary Qualified CA"
|
|
|
|
|
- # Certificate "Certipost E-Trust Primary Normalised CA"
|
|
|
|
|
- # Certificate "Cybertrust Global Root"
|
|
|
|
|
- # Certificate "GlobalSign"
|
|
|
|
|
- # Certificate "IGC/A"
|
|
|
|
|
- # Certificate "S-TRUST Authentication and Encryption Root CA 2005:PN"
|
|
|
|
@ -711,129 +736,113 @@ fi
|
|
|
|
|
- # Certificate "HARICA Code Signing ECC Root CA 2021"
|
|
|
|
|
- # Certificate "Microsoft Identity Verification Root Certificate Authority 2020"
|
|
|
|
|
|
|
|
|
|
*Mon Jul 11 2022 Bob Relyea <rrelyea@redhat.com> - 2022.2.54-81
|
|
|
|
|
- Update to CKBI 2.54 from NSS 3.79
|
|
|
|
|
- Removing:
|
|
|
|
|
- # Certificate "GlobalSign Root CA - R2"
|
|
|
|
|
- # Certificate "DST Root CA X3"
|
|
|
|
|
- # Certificate "Cybertrust Global Root"
|
|
|
|
|
- # Certificate "Explicitly Distrusted DigiNotar PKIoverheid G2"
|
|
|
|
|
- Adding:
|
|
|
|
|
- # Certificate "TunTrust Root CA"
|
|
|
|
|
- # Certificate "HARICA TLS RSA Root CA 2021"
|
|
|
|
|
- # Certificate "HARICA TLS ECC Root CA 2021"
|
|
|
|
|
- # Certificate "HARICA Client RSA Root CA 2021"
|
|
|
|
|
- # Certificate "HARICA Client ECC Root CA 2021"
|
|
|
|
|
- # Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068"
|
|
|
|
|
- # Certificate "vTrus ECC Root CA"
|
|
|
|
|
- # Certificate "vTrus Root CA"
|
|
|
|
|
- # Certificate "ISRG Root X2"
|
|
|
|
|
- # Certificate "HiPKI Root CA - G1"
|
|
|
|
|
- # Certificate "Telia Root CA v2"
|
|
|
|
|
- # Certificate "D-TRUST BR Root CA 1 2020"
|
|
|
|
|
- # Certificate "D-TRUST EV Root CA 1 2020"
|
|
|
|
|
* Mon Nov 1 2021 Bob Relyea <rrelyea@redhat.com> - 2020.2.50-94
|
|
|
|
|
- remove blacklist directory and references now that p11-kit has been updated.
|
|
|
|
|
|
|
|
|
|
*Wed Jun 16 2021 Bob Relyea <rrelyea@redhat.com> - 2021.2.50-82
|
|
|
|
|
- Update to CKBI 2.50 from NSS 3.67
|
|
|
|
|
- version number update only
|
|
|
|
|
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2020.2.50-93
|
|
|
|
|
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
|
|
|
|
Related: rhbz#1991688
|
|
|
|
|
|
|
|
|
|
*Fri Jun 11 2021 Bob Relyea <rrelyea@redhat.com> - 2021.2.48-82
|
|
|
|
|
- Update to CKBI 2.48 from NSS 3.66
|
|
|
|
|
- Removing:
|
|
|
|
|
- # Certificate "QuoVadis Root CA"
|
|
|
|
|
- # Certificate "Sonera Class 2 Root CA"
|
|
|
|
|
- # Certificate "Trustis FPS Root CA"
|
|
|
|
|
- Adding:
|
|
|
|
|
- # Certificate "GLOBALTRUST 2020"
|
|
|
|
|
- # Certificate "ANF Secure Server Root CA"
|
|
|
|
|
- # Certificate "Certum EC-384 CA"
|
|
|
|
|
- # Certificate "Certum Trusted Root CA"
|
|
|
|
|
* Tue Jun 22 2021 Mohan Boddu <mboddu@redhat.com> - 2020.2.50-92
|
|
|
|
|
- Rebuilt for RHEL 9 BETA for openssl 3.0
|
|
|
|
|
Related: rhbz#1971065
|
|
|
|
|
|
|
|
|
|
*Tue Jun 08 2021 Bob Relyea <rrelyea@redhat.com> - 2021.2.48-81
|
|
|
|
|
- Update to CKBI 2.48 from NSS 3.64
|
|
|
|
|
- Removing:
|
|
|
|
|
- # Certificate "Verisign Class 3 Public Primary Certification Authority - G3"
|
|
|
|
|
- # Certificate "GeoTrust Global CA"
|
|
|
|
|
- # Certificate "GeoTrust Universal CA"
|
|
|
|
|
- # Certificate "GeoTrust Universal CA 2"
|
|
|
|
|
- # Certificate "Taiwan GRCA"
|
|
|
|
|
- # Certificate "GeoTrust Primary Certification Authority"
|
|
|
|
|
- # Certificate "thawte Primary Root CA"
|
|
|
|
|
- # Certificate "VeriSign Class 3 Public Primary Certification Authority - G5"
|
|
|
|
|
- # Certificate "GeoTrust Primary Certification Authority - G3"
|
|
|
|
|
- # Certificate "thawte Primary Root CA - G2"
|
|
|
|
|
- # Certificate "thawte Primary Root CA - G3"
|
|
|
|
|
- # Certificate "GeoTrust Primary Certification Authority - G2"
|
|
|
|
|
- # Certificate "VeriSign Universal Root Certification Authority"
|
|
|
|
|
- # Certificate "VeriSign Class 3 Public Primary Certification Authority - G4"
|
|
|
|
|
- # Certificate "EE Certification Centre Root CA"
|
|
|
|
|
- # Certificate "LuxTrust Global Root 2"
|
|
|
|
|
- # Certificate "Symantec Class 1 Public Primary Certification Authority - G4"
|
|
|
|
|
- # Certificate "Symantec Class 2 Public Primary Certification Authority - G4"
|
|
|
|
|
- Adding:
|
|
|
|
|
- # Certificate "Microsoft ECC Root Certificate Authority 2017"
|
|
|
|
|
- # Certificate "Microsoft RSA Root Certificate Authority 2017"
|
|
|
|
|
- # Certificate "e-Szigno Root CA 2017"
|
|
|
|
|
- # Certificate "certSIGN Root CA G2"
|
|
|
|
|
- # Certificate "Trustwave Global Certification Authority"
|
|
|
|
|
- # Certificate "Trustwave Global ECC P256 Certification Authority"
|
|
|
|
|
- # Certificate "Trustwave Global ECC P384 Certification Authority"
|
|
|
|
|
- # Certificate "NAVER Global Root Certification Authority"
|
|
|
|
|
- # Certificate "AC RAIZ FNMT-RCM SERVIDORES SEGUROS"
|
|
|
|
|
- # Certificate "GlobalSign Secure Mail Root R45"
|
|
|
|
|
- # Certificate "GlobalSign Secure Mail Root E45"
|
|
|
|
|
- # Certificate "GlobalSign Root R46"
|
|
|
|
|
- # Certificate "GlobalSign Root E46"
|
|
|
|
|
* Wed Jun 16 2021 Bob Relyea <rrelyea@redhat.com> - 2020.2.50-90
|
|
|
|
|
- Update to CKBI 2.50 from NSS 3.67
|
|
|
|
|
- Removing:
|
|
|
|
|
- # Certificate "QuoVadis Root CA"
|
|
|
|
|
- # Certificate "Sonera Class 2 Root CA"
|
|
|
|
|
- # Certificate "Trustis FPS Root CA"
|
|
|
|
|
- Adding:
|
|
|
|
|
- # Certificate "GLOBALTRUST 2020"
|
|
|
|
|
- # Certificate "ANF Secure Server Root CA"
|
|
|
|
|
- # Certificate "Certum EC-384 CA"
|
|
|
|
|
- # Certificate "Certum Trusted Root CA"
|
|
|
|
|
|
|
|
|
|
*Wed Jun 17 2020 Bob Relyea <rrelyea@redhat.com> - 2020.2.41-82
|
|
|
|
|
- fix post issues
|
|
|
|
|
* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 2020.2.41-8
|
|
|
|
|
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
|
|
|
|
|
|
|
|
|
|
*Wed Jun 10 2020 Bob Relyea <rrelyea@redhat.com> - 2020.2.41-81
|
|
|
|
|
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2020.2.41-7
|
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
|
|
|
|
|
|
|
|
|
* Wed Jan 13 2021 Bob Relyea <rrelyea@redhat.com> - 2020.2.41-6
|
|
|
|
|
- remove unnecessarily divisive terms, take 1.
|
|
|
|
|
- in ca-certificates there are 3 cases:
|
|
|
|
|
- 1) master refering to the fedora master branch in the fetch.sh script.
|
|
|
|
|
- This can only be changed once fedora changes the master branch name.
|
|
|
|
|
- 2) a reference to the 'master bundle' in this file: this has been changed
|
|
|
|
|
- to 'primary bundle'.
|
|
|
|
|
- 3) a couple of blacklist directories owned by this package, but used to
|
|
|
|
|
- p11-kit. New 'blocklist' directories have been created, but p11-kit
|
|
|
|
|
- needs to be updated before the old blacklist directories can be removed
|
|
|
|
|
- and the man pages corrected.
|
|
|
|
|
|
|
|
|
|
* Mon Nov 09 2020 Christian Heimes <cheimes@redhat.com> - 2020.2.41-5
|
|
|
|
|
- Add cross-distro compatibility symlinks to /etc/ssl (rhbz#1895619)
|
|
|
|
|
|
|
|
|
|
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2020.2.41-4
|
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
|
|
|
|
|
|
|
|
|
* Tue Jun 16 2020 Adam Williamson <awilliam@redhat.com> - 2020.2.41-3
|
|
|
|
|
- Fix up broken %post and %postinstall scriptlet changes from -2
|
|
|
|
|
|
|
|
|
|
* Wed Jun 10 2020 Bob Relyea <rrelyea@redhat.com> - 2020.2.41-2
|
|
|
|
|
- Update to CKBI 2.41 from NSS 3.53.0
|
|
|
|
|
- Removing:
|
|
|
|
|
- # Certificate "AddTrust Low-Value Services Root"
|
|
|
|
|
- # Certificate "AddTrust External Root"
|
|
|
|
|
- # Certificate "Staat der Nederlanden Root CA - G2"
|
|
|
|
|
|
|
|
|
|
* Tue Jan 28 2020 Daiki Ueno <dueno@redhat.com> - 2020.2.40-3
|
|
|
|
|
- Update versioned dependency on p11-kit
|
|
|
|
|
|
|
|
|
|
* Wed Jan 22 2020 Daiki Ueno <dueno@redhat.com> - 2020.2.40-2
|
|
|
|
|
- Update to CKBI 2.40 from NSS 3.48
|
|
|
|
|
- Removing:
|
|
|
|
|
- # Certificate "UTN USERFirst Email Root CA"
|
|
|
|
|
- # Certificate "Certplus Class 2 Primary CA"
|
|
|
|
|
- # Certificate "Deutsche Telekom Root CA 2"
|
|
|
|
|
- # Certificate "Staat der Nederlanden Root CA - G2"
|
|
|
|
|
- # Certificate "Swisscom Root CA 2"
|
|
|
|
|
- # Certificate "Certinomis - Root CA"
|
|
|
|
|
- Adding:
|
|
|
|
|
- # Certificate "Entrust Root Certification Authority - G4"
|
|
|
|
|
- certdata2pem.py: emit flags for CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER
|
|
|
|
|
|
|
|
|
|
*Fri Jun 21 2019 Bob Relyea <rrelyea@redhat.com> - 2019.2.32-1
|
|
|
|
|
- Update to CKBI 2.32 from NSS 3.44
|
|
|
|
|
- Removing:
|
|
|
|
|
- # Certificate "Visa eCommerce Root"
|
|
|
|
|
- # Certificate "AC Raiz Certicamara S.A."
|
|
|
|
|
- # Certificate "ComSign CA"
|
|
|
|
|
- # Certificate "Certplus Root CA G1"
|
|
|
|
|
- # Certificate "Certplus Root CA G2"
|
|
|
|
|
- # Certificate "OpenTrust Root CA G1"
|
|
|
|
|
- # Certificate "OpenTrust Root CA G2"
|
|
|
|
|
- # Certificate "OpenTrust Root CA G3"
|
|
|
|
|
- Adding:
|
|
|
|
|
- # Certificate "GlobalSign Root CA - R6"
|
|
|
|
|
- # Certificate "OISTE WISeKey Global Root GC CA"
|
|
|
|
|
- # Certificate "GTS Root R1"
|
|
|
|
|
- # Certificate "GTS Root R2"
|
|
|
|
|
- # Certificate "GTS Root R3"
|
|
|
|
|
- # Certificate "GTS Root R4"
|
|
|
|
|
- # Certificate "UCA Global G2 Root"
|
|
|
|
|
- # Certificate "UCA Extended Validation Root"
|
|
|
|
|
- # Certificate "Certigna Root CA"
|
|
|
|
|
- # Certificate "emSign Root CA - G1"
|
|
|
|
|
- # Certificate "emSign ECC Root CA - G3"
|
|
|
|
|
- # Certificate "emSign Root CA - C1"
|
|
|
|
|
- # Certificate "emSign ECC Root CA - C3"
|
|
|
|
|
- # Certificate "Hongkong Post Root CA 3"
|
|
|
|
|
* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2019.2.32-3
|
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
|
|
|
|
|
|
|
|
|
* Fri May 10 2019 Robert Relyea <rrelyea@redhat.com> - 2018.2.24-6.1
|
|
|
|
|
- Test gating
|
|
|
|
|
* Wed Jun 19 2019 Bob Relyea <rrelyea@redhat.com> 2019.2.32-2
|
|
|
|
|
- Update to CKBI 2.32 from NSS 3.44
|
|
|
|
|
Removing:
|
|
|
|
|
# Certificate "Visa eCommerce Root"
|
|
|
|
|
# Certificate "AC Raiz Certicamara S.A."
|
|
|
|
|
# Certificate "Certplus Root CA G1"
|
|
|
|
|
# Certificate "Certplus Root CA G2"
|
|
|
|
|
# Certificate "OpenTrust Root CA G1"
|
|
|
|
|
# Certificate "OpenTrust Root CA G2"
|
|
|
|
|
# Certificate "OpenTrust Root CA G3"
|
|
|
|
|
Adding:
|
|
|
|
|
# Certificate "GTS Root R1"
|
|
|
|
|
# Certificate "GTS Root R2"
|
|
|
|
|
# Certificate "GTS Root R3"
|
|
|
|
|
# Certificate "GTS Root R4"
|
|
|
|
|
# Certificate "UCA Global G2 Root"
|
|
|
|
|
# Certificate "UCA Extended Validation Root"
|
|
|
|
|
# Certificate "Certigna Root CA"
|
|
|
|
|
# Certificate "emSign Root CA - G1"
|
|
|
|
|
# Certificate "emSign ECC Root CA - G3"
|
|
|
|
|
# Certificate "emSign Root CA - C1"
|
|
|
|
|
# Certificate "emSign ECC Root CA - C3"
|
|
|
|
|
# Certificate "Hongkong Post Root CA 3"
|
|
|
|
|
|
|
|
|
|
* Mon Aug 13 2018 Tomáš Mráz <tmraz@redhat.com> - 2018.2.24-6
|
|
|
|
|
- Use __python3 macro when invoking Python
|
|
|
|
|
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2018.2.26-3
|
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
|
|
|
|
|
|
|
|
|
* Mon Sep 24 2018 Bob Relyea <rrelyea@redhat.com> - 2018.2.26-2
|
|
|
|
|
- Update to CKBI 2.26 from NSS 3.39
|
|
|
|
|
|
|
|
|
|
* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2018.2.24-6
|
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
|
|
|
|
|
|
|
|
|
* Thu Jun 28 2018 Kai Engert <kaie@redhat.com> - 2018.2.24-5
|
|
|
|
|
- Ported scripts to python3
|
|
|
|
|