pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/security



Module Name:    pkgsrc
Committed By:   maya
Date:           Fri Jun 12 10:35:11 UTC 2020

Modified Files:
        pkgsrc/security/mozilla-rootcerts: Makefile distinfo
        pkgsrc/security/mozilla-rootcerts-openssl: Makefile PLIST
        pkgsrc/security/mozilla-rootcerts/patches: patch-certdata.txt

Log Message:
mozilla-rootcerts*: remove Kamu SM from the list of certificates.

Mozilla only trusts this for Turkish domains, see:
https://wiki.mozilla.org/CA/Additional_Trust_Changes

And users of mozilla-rootcerts likely don't implement the same fine-grained
trust.

Proposed on tech-pkg


To generate a diff of this commit:
cvs rdiff -u -r1.38 -r1.39 pkgsrc/security/mozilla-rootcerts/Makefile
cvs rdiff -u -r1.17 -r1.18 pkgsrc/security/mozilla-rootcerts/distinfo
cvs rdiff -u -r1.13 -r1.14 pkgsrc/security/mozilla-rootcerts-openssl/Makefile
cvs rdiff -u -r1.12 -r1.13 pkgsrc/security/mozilla-rootcerts-openssl/PLIST
cvs rdiff -u -r1.2 -r1.3 \
    pkgsrc/security/mozilla-rootcerts/patches/patch-certdata.txt

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/security/mozilla-rootcerts/Makefile
diff -u pkgsrc/security/mozilla-rootcerts/Makefile:1.38 pkgsrc/security/mozilla-rootcerts/Makefile:1.39
--- pkgsrc/security/mozilla-rootcerts/Makefile:1.38     Tue Jun  2 22:32:02 2020
+++ pkgsrc/security/mozilla-rootcerts/Makefile  Fri Jun 12 10:35:11 2020
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.38 2020/06/02 22:32:02 jperkin Exp $
+# $NetBSD: Makefile,v 1.39 2020/06/12 10:35:11 maya Exp $
 
 DISTNAME=      mozilla-rootcerts-1.0.${CERTDATA_DATE}
+PKGREVISION=   1
 CATEGORIES=    security
 MASTER_SITES=  -https://hg.mozilla.org/mozilla-central/raw-file/4f0b2cc28b1482e285bcfceec472a568f3843299/security/nss/lib/ckfw/builtins/certdata.txt
 EXTRACT_SUFX=  # empty

Index: pkgsrc/security/mozilla-rootcerts/distinfo
diff -u pkgsrc/security/mozilla-rootcerts/distinfo:1.17 pkgsrc/security/mozilla-rootcerts/distinfo:1.18
--- pkgsrc/security/mozilla-rootcerts/distinfo:1.17     Sat May 30 22:39:08 2020
+++ pkgsrc/security/mozilla-rootcerts/distinfo  Fri Jun 12 10:35:11 2020
@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.17 2020/05/30 22:39:08 tnn Exp $
+$NetBSD: distinfo,v 1.18 2020/06/12 10:35:11 maya Exp $
 
 SHA1 (certdata-20200529.txt) = 3707d1ea79b8feba0a97431a39ae27112a1ccfca
 RMD160 (certdata-20200529.txt) = d2359410858af530b960d4157f780d5400a82e0b
 SHA512 (certdata-20200529.txt) = 39383103063dde12962a182f438163be2ff3b53c95da2b8433d6688b8405c36491b862c248d0f7f4ed6a4b67fa3752b75d9e5d6c6761b096cc5363fbacd7682c
 Size (certdata-20200529.txt) = 1271692 bytes
-SHA1 (patch-certdata.txt) = 4d90a8f5126397961d0afe15c0c96c1d7fcf046f
+SHA1 (patch-certdata.txt) = 08dc8064508c4914aaa0b14dc194dd935035776b

Index: pkgsrc/security/mozilla-rootcerts-openssl/Makefile
diff -u pkgsrc/security/mozilla-rootcerts-openssl/Makefile:1.13 pkgsrc/security/mozilla-rootcerts-openssl/Makefile:1.14
--- pkgsrc/security/mozilla-rootcerts-openssl/Makefile:1.13     Sat May 30 12:56:54 2020
+++ pkgsrc/security/mozilla-rootcerts-openssl/Makefile  Fri Jun 12 10:35:11 2020
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.13 2020/05/30 12:56:54 tnn Exp $
+# $NetBSD: Makefile,v 1.14 2020/06/12 10:35:11 maya Exp $
 
 PKGNAME=       mozilla-rootcerts-openssl-2.4
+PKGREVISION=   1
 CATEGORIES=    security
 MASTER_SITES=  # empty
 DISTFILES=     # empty

Index: pkgsrc/security/mozilla-rootcerts-openssl/PLIST
diff -u pkgsrc/security/mozilla-rootcerts-openssl/PLIST:1.12 pkgsrc/security/mozilla-rootcerts-openssl/PLIST:1.13
--- pkgsrc/security/mozilla-rootcerts-openssl/PLIST:1.12        Sat May 30 12:56:54 2020
+++ pkgsrc/security/mozilla-rootcerts-openssl/PLIST     Fri Jun 12 10:35:11 2020
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.12 2020/05/30 12:56:54 tnn Exp $
+@comment $NetBSD: PLIST,v 1.13 2020/06/12 10:35:11 maya Exp $
 ${MYETCDIR}/openssl/certs/02265526.0
 ${MYETCDIR}/openssl/certs/03179a64.0
 ${MYETCDIR}/openssl/certs/062cdee6.0
@@ -146,7 +146,6 @@ ${MYETCDIR}/openssl/certs/f51bb24c.0
 ${MYETCDIR}/openssl/certs/f90208f7.0
 ${MYETCDIR}/openssl/certs/fc5a8f99.0
 ${MYETCDIR}/openssl/certs/fe8a2cd8.0
-${MYETCDIR}/openssl/certs/ff34af3f.0
 ${MYETCDIR}/openssl/certs/mozilla-rootcert-0.pem
 ${MYETCDIR}/openssl/certs/mozilla-rootcert-1.pem
 ${MYETCDIR}/openssl/certs/mozilla-rootcert-10.pem
@@ -202,7 +201,6 @@ ${MYETCDIR}/openssl/certs/mozilla-rootce
 ${MYETCDIR}/openssl/certs/mozilla-rootcert-145.pem
 ${MYETCDIR}/openssl/certs/mozilla-rootcert-146.pem
 ${MYETCDIR}/openssl/certs/mozilla-rootcert-147.pem
-${MYETCDIR}/openssl/certs/mozilla-rootcert-148.pem
 ${MYETCDIR}/openssl/certs/mozilla-rootcert-15.pem
 ${MYETCDIR}/openssl/certs/mozilla-rootcert-16.pem
 ${MYETCDIR}/openssl/certs/mozilla-rootcert-17.pem

Index: pkgsrc/security/mozilla-rootcerts/patches/patch-certdata.txt
diff -u pkgsrc/security/mozilla-rootcerts/patches/patch-certdata.txt:1.2 pkgsrc/security/mozilla-rootcerts/patches/patch-certdata.txt:1.3
--- pkgsrc/security/mozilla-rootcerts/patches/patch-certdata.txt:1.2    Sat May 30 22:39:08 2020
+++ pkgsrc/security/mozilla-rootcerts/patches/patch-certdata.txt        Fri Jun 12 10:35:11 2020
@@ -1,11 +1,15 @@
-$NetBSD: patch-certdata.txt,v 1.2 2020/05/30 22:39:08 tnn Exp $
+$NetBSD: patch-certdata.txt,v 1.3 2020/06/12 10:35:11 maya Exp $
 
 Delete the following expired certificates:
 C = SE, O = AddTrust AB, OU = AddTrust TTP Network, CN = AddTrust Class 1 CA Root
 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
 C = NL, O = Staat der Nederlanden, CN = Staat der Nederlanden Root CA - G2
 
---- certdata.txt.orig  2020-05-30 12:42:07.645376642 +0000
+Remove certs that are not globally trusted by Mozilla (Kamu SM). Mozilla only
+trusts this for use with Turkish domains, and users of mozilla-rootcerts might
+not implement the same fine-grained controls.
+https://wiki.mozilla.org/CA/Additional_Trust_Changes
+--- certdata.txt.orig  2020-06-12 10:28:24.526237142 +0000
 +++ certdata.txt
 @@ -1251,305 +1251,6 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_
  CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
@@ -491,3 +495,183 @@ C = NL, O = Staat der Nederlanden, CN = 
  # Certificate "Hongkong Post Root CA 1"
  #
  # Issuer: CN=Hongkong Post Root CA 1,O=Hongkong Post,C=HK
+@@ -19901,179 +19431,6 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_
+ CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+ 
+ #
+-# Certificate "TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1"
+-#
+-# Issuer: CN=TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1,OU=Kamu Sertifikasyon Merkezi - Kamu SM,O=Turkiye Bilimsel ve Teknolojik Arastirma Kurumu - TUBITAK,L=Gebze - Kocaeli,C=TR
+-# Serial Number: 1 (0x1)
+-# Subject: CN=TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1,OU=Kamu Sertifikasyon Merkezi - Kamu SM,O=Turkiye Bilimsel ve Teknolojik Arastirma Kurumu - TUBITAK,L=Gebze - Kocaeli,C=TR
+-# Not Valid Before: Mon Nov 25 08:25:55 2013
+-# Not Valid After : Sun Oct 25 08:25:55 2043
+-# Fingerprint (SHA-256): 46:ED:C3:68:90:46:D5:3A:45:3F:B3:10:4A:B8:0D:CA:EC:65:8B:26:60:EA:16:29:DD:7E:86:79:90:64:87:16
+-# Fingerprint (SHA1): 31:43:64:9B:EC:CE:27:EC:ED:3A:3F:0B:8F:0D:E4:E8:91:DD:EE:CA
+-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+-CKA_TOKEN CK_BBOOL CK_TRUE
+-CKA_PRIVATE CK_BBOOL CK_FALSE
+-CKA_MODIFIABLE CK_BBOOL CK_FALSE
+-CKA_LABEL UTF8 "TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1"
+-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+-CKA_SUBJECT MULTILINE_OCTAL
+-\060\201\322\061\013\060\011\006\003\125\004\006\023\002\124\122
+-\061\030\060\026\006\003\125\004\007\023\017\107\145\142\172\145
+-\040\055\040\113\157\143\141\145\154\151\061\102\060\100\006\003
+-\125\004\012\023\071\124\165\162\153\151\171\145\040\102\151\154
+-\151\155\163\145\154\040\166\145\040\124\145\153\156\157\154\157
+-\152\151\153\040\101\162\141\163\164\151\162\155\141\040\113\165
+-\162\165\155\165\040\055\040\124\125\102\111\124\101\113\061\055
+-\060\053\006\003\125\004\013\023\044\113\141\155\165\040\123\145
+-\162\164\151\146\151\153\141\163\171\157\156\040\115\145\162\153
+-\145\172\151\040\055\040\113\141\155\165\040\123\115\061\066\060
+-\064\006\003\125\004\003\023\055\124\125\102\111\124\101\113\040
+-\113\141\155\165\040\123\115\040\123\123\114\040\113\157\153\040
+-\123\145\162\164\151\146\151\153\141\163\151\040\055\040\123\165
+-\162\165\155\040\061
+-END
+-CKA_ID UTF8 "0"
+-CKA_ISSUER MULTILINE_OCTAL
+-\060\201\322\061\013\060\011\006\003\125\004\006\023\002\124\122
+-\061\030\060\026\006\003\125\004\007\023\017\107\145\142\172\145
+-\040\055\040\113\157\143\141\145\154\151\061\102\060\100\006\003
+-\125\004\012\023\071\124\165\162\153\151\171\145\040\102\151\154
+-\151\155\163\145\154\040\166\145\040\124\145\153\156\157\154\157
+-\152\151\153\040\101\162\141\163\164\151\162\155\141\040\113\165
+-\162\165\155\165\040\055\040\124\125\102\111\124\101\113\061\055
+-\060\053\006\003\125\004\013\023\044\113\141\155\165\040\123\145
+-\162\164\151\146\151\153\141\163\171\157\156\040\115\145\162\153
+-\145\172\151\040\055\040\113\141\155\165\040\123\115\061\066\060
+-\064\006\003\125\004\003\023\055\124\125\102\111\124\101\113\040
+-\113\141\155\165\040\123\115\040\123\123\114\040\113\157\153\040
+-\123\145\162\164\151\146\151\153\141\163\151\040\055\040\123\165
+-\162\165\155\040\061
+-END
+-CKA_SERIAL_NUMBER MULTILINE_OCTAL
+-\002\001\001
+-END
+-CKA_VALUE MULTILINE_OCTAL
+-\060\202\004\143\060\202\003\113\240\003\002\001\002\002\001\001
+-\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060
+-\201\322\061\013\060\011\006\003\125\004\006\023\002\124\122\061
+-\030\060\026\006\003\125\004\007\023\017\107\145\142\172\145\040
+-\055\040\113\157\143\141\145\154\151\061\102\060\100\006\003\125
+-\004\012\023\071\124\165\162\153\151\171\145\040\102\151\154\151
+-\155\163\145\154\040\166\145\040\124\145\153\156\157\154\157\152
+-\151\153\040\101\162\141\163\164\151\162\155\141\040\113\165\162
+-\165\155\165\040\055\040\124\125\102\111\124\101\113\061\055\060
+-\053\006\003\125\004\013\023\044\113\141\155\165\040\123\145\162
+-\164\151\146\151\153\141\163\171\157\156\040\115\145\162\153\145
+-\172\151\040\055\040\113\141\155\165\040\123\115\061\066\060\064
+-\006\003\125\004\003\023\055\124\125\102\111\124\101\113\040\113
+-\141\155\165\040\123\115\040\123\123\114\040\113\157\153\040\123
+-\145\162\164\151\146\151\153\141\163\151\040\055\040\123\165\162
+-\165\155\040\061\060\036\027\015\061\063\061\061\062\065\060\070
+-\062\065\065\065\132\027\015\064\063\061\060\062\065\060\070\062
+-\065\065\065\132\060\201\322\061\013\060\011\006\003\125\004\006
+-\023\002\124\122\061\030\060\026\006\003\125\004\007\023\017\107
+-\145\142\172\145\040\055\040\113\157\143\141\145\154\151\061\102
+-\060\100\006\003\125\004\012\023\071\124\165\162\153\151\171\145
+-\040\102\151\154\151\155\163\145\154\040\166\145\040\124\145\153
+-\156\157\154\157\152\151\153\040\101\162\141\163\164\151\162\155
+-\141\040\113\165\162\165\155\165\040\055\040\124\125\102\111\124
+-\101\113\061\055\060\053\006\003\125\004\013\023\044\113\141\155
+-\165\040\123\145\162\164\151\146\151\153\141\163\171\157\156\040
+-\115\145\162\153\145\172\151\040\055\040\113\141\155\165\040\123
+-\115\061\066\060\064\006\003\125\004\003\023\055\124\125\102\111
+-\124\101\113\040\113\141\155\165\040\123\115\040\123\123\114\040
+-\113\157\153\040\123\145\162\164\151\146\151\153\141\163\151\040
+-\055\040\123\165\162\165\155\040\061\060\202\001\042\060\015\006
+-\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001\017
+-\000\060\202\001\012\002\202\001\001\000\257\165\060\063\252\273
+-\153\323\231\054\022\067\204\331\215\173\227\200\323\156\347\377
+-\233\120\225\076\220\225\126\102\327\031\174\046\204\215\222\372
+-\001\035\072\017\342\144\070\267\214\274\350\210\371\213\044\253
+-\056\243\365\067\344\100\216\030\045\171\203\165\037\073\377\154
+-\250\305\306\126\370\264\355\212\104\243\253\154\114\374\035\320
+-\334\357\150\275\317\344\252\316\360\125\367\242\064\324\203\153
+-\067\174\034\302\376\265\003\354\127\316\274\264\265\305\355\000
+-\017\123\067\052\115\364\117\014\203\373\206\317\313\376\214\116
+-\275\207\371\247\213\041\127\234\172\337\003\147\211\054\235\227
+-\141\247\020\270\125\220\177\016\055\047\070\164\337\347\375\332
+-\116\022\343\115\025\042\002\310\340\340\374\017\255\212\327\311
+-\124\120\314\073\017\312\026\200\204\320\121\126\303\216\126\177
+-\211\042\063\057\346\205\012\275\245\250\033\066\336\323\334\054
+-\155\073\307\023\275\131\043\054\346\345\244\367\330\013\355\352
+-\220\100\104\250\225\273\223\325\320\200\064\266\106\170\016\037
+-\000\223\106\341\356\351\371\354\117\027\002\003\001\000\001\243
+-\102\060\100\060\035\006\003\125\035\016\004\026\004\024\145\077
+-\307\212\206\306\074\335\074\124\134\065\370\072\355\122\014\107
+-\127\310\060\016\006\003\125\035\017\001\001\377\004\004\003\002
+-\001\006\060\017\006\003\125\035\023\001\001\377\004\005\060\003
+-\001\001\377\060\015\006\011\052\206\110\206\367\015\001\001\013
+-\005\000\003\202\001\001\000\052\077\341\361\062\216\256\341\230
+-\134\113\136\317\153\036\152\011\322\042\251\022\307\136\127\175
+-\163\126\144\200\204\172\223\344\011\271\020\315\237\052\047\341
+-\000\167\276\110\310\065\250\201\237\344\270\054\311\177\016\260
+-\322\113\067\135\352\271\325\013\136\064\275\364\163\051\303\355
+-\046\025\234\176\010\123\212\130\215\320\113\050\337\301\263\337
+-\040\363\371\343\343\072\337\314\234\224\330\116\117\303\153\027
+-\267\367\162\350\255\146\063\265\045\123\253\340\370\114\251\235
+-\375\362\015\272\256\271\331\252\306\153\371\223\273\256\253\270
+-\227\074\003\032\272\103\306\226\271\105\162\070\263\247\241\226
+-\075\221\173\176\300\041\123\114\207\355\362\013\124\225\121\223
+-\325\042\245\015\212\361\223\016\076\124\016\260\330\311\116\334
+-\362\061\062\126\352\144\371\352\265\235\026\146\102\162\363\177
+-\323\261\061\103\374\244\216\027\361\155\043\253\224\146\370\255
+-\373\017\010\156\046\055\177\027\007\011\262\214\373\120\300\237
+-\226\215\317\266\375\000\235\132\024\232\277\002\104\365\301\302
+-\237\042\136\242\017\241\343
+-END
+-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+-CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+-CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
+-
+-# Trust for "TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1"
+-# Issuer: CN=TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1,OU=Kamu Sertifikasyon Merkezi - Kamu SM,O=Turkiye Bilimsel ve Teknolojik Arastirma Kurumu - TUBITAK,L=Gebze - Kocaeli,C=TR
+-# Serial Number: 1 (0x1)
+-# Subject: CN=TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1,OU=Kamu Sertifikasyon Merkezi - Kamu SM,O=Turkiye Bilimsel ve Teknolojik Arastirma Kurumu - TUBITAK,L=Gebze - Kocaeli,C=TR
+-# Not Valid Before: Mon Nov 25 08:25:55 2013
+-# Not Valid After : Sun Oct 25 08:25:55 2043
+-# Fingerprint (SHA-256): 46:ED:C3:68:90:46:D5:3A:45:3F:B3:10:4A:B8:0D:CA:EC:65:8B:26:60:EA:16:29:DD:7E:86:79:90:64:87:16
+-# Fingerprint (SHA1): 31:43:64:9B:EC:CE:27:EC:ED:3A:3F:0B:8F:0D:E4:E8:91:DD:EE:CA
+-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+-CKA_TOKEN CK_BBOOL CK_TRUE
+-CKA_PRIVATE CK_BBOOL CK_FALSE
+-CKA_MODIFIABLE CK_BBOOL CK_FALSE
+-CKA_LABEL UTF8 "TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1"
+-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+-\061\103\144\233\354\316\047\354\355\072\077\013\217\015\344\350
+-\221\335\356\312
+-END
+-CKA_CERT_MD5_HASH MULTILINE_OCTAL
+-\334\000\201\334\151\057\076\057\260\073\366\075\132\221\216\111
+-END
+-CKA_ISSUER MULTILINE_OCTAL
+-\060\201\322\061\013\060\011\006\003\125\004\006\023\002\124\122
+-\061\030\060\026\006\003\125\004\007\023\017\107\145\142\172\145
+-\040\055\040\113\157\143\141\145\154\151\061\102\060\100\006\003
+-\125\004\012\023\071\124\165\162\153\151\171\145\040\102\151\154
+-\151\155\163\145\154\040\166\145\040\124\145\153\156\157\154\157
+-\152\151\153\040\101\162\141\163\164\151\162\155\141\040\113\165
+-\162\165\155\165\040\055\040\124\125\102\111\124\101\113\061\055
+-\060\053\006\003\125\004\013\023\044\113\141\155\165\040\123\145
+-\162\164\151\146\151\153\141\163\171\157\156\040\115\145\162\153
+-\145\172\151\040\055\040\113\141\155\165\040\123\115\061\066\060
+-\064\006\003\125\004\003\023\055\124\125\102\111\124\101\113\040
+-\113\141\155\165\040\123\115\040\123\123\114\040\113\157\153\040
+-\123\145\162\164\151\146\151\153\141\163\151\040\055\040\123\165
+-\162\165\155\040\061
+-END
+-CKA_SERIAL_NUMBER MULTILINE_OCTAL
+-\002\001\001
+-END
+-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+-
+-#
+ # Certificate "GDCA TrustAUTH R5 ROOT"
+ #
+ # Issuer: CN=GDCA TrustAUTH R5 ROOT,O="GUANG DONG CERTIFICATE AUTHORITY CO.,LTD.",C=CN



Home | Main Index | Thread Index | Old Index