Remove Kamu SM from mozilla-rootcerts

[maya%NetBSD.org@localhost]

Hi,

Mozilla doesn't globally trust Kamu SM, but limits it to Turkish
domains. Consumers of mozilla-rootcerts can't be expected to implement
this additional limitation, so remove it from the list of trusted certs.

Additional changes to mozilla rootcerts:
https://wiki.mozilla.org/CA/Additional_Trust_Changes

Any objections?
If there aren't any, I will commit this change in a few days.

Index: mozilla-rootcerts/Makefile
===================================================================
RCS file: /cvsroot/pkgsrc/security/mozilla-rootcerts/Makefile,v
retrieving revision 1.38
diff -u -r1.38 Makefile
--- mozilla-rootcerts/Makefile	2 Jun 2020 22:32:02 -0000	1.38
+++ mozilla-rootcerts/Makefile	5 Jun 2020 17:09:08 -0000
@@ -1,6 +1,7 @@
 # $NetBSD: Makefile,v 1.38 2020/06/02 22:32:02 jperkin Exp $
 
 DISTNAME=	mozilla-rootcerts-1.0.${CERTDATA_DATE}
+PKGREVISION=	1
 CATEGORIES=	security
 MASTER_SITES=	-https://hg.mozilla.org/mozilla-central/raw-file/4f0b2cc28b1482e285bcfceec472a568f3843299/security/nss/lib/ckfw/builtins/certdata.txt
 EXTRACT_SUFX=	# empty
Index: mozilla-rootcerts/distinfo
===================================================================
RCS file: /cvsroot/pkgsrc/security/mozilla-rootcerts/distinfo,v
retrieving revision 1.17
diff -u -r1.17 distinfo
--- mozilla-rootcerts/distinfo	30 May 2020 22:39:08 -0000	1.17
+++ mozilla-rootcerts/distinfo	5 Jun 2020 17:09:08 -0000
@@ -4,4 +4,4 @@
 RMD160 (certdata-20200529.txt) = d2359410858af530b960d4157f780d5400a82e0b
 SHA512 (certdata-20200529.txt) = 39383103063dde12962a182f438163be2ff3b53c95da2b8433d6688b8405c36491b862c248d0f7f4ed6a4b67fa3752b75d9e5d6c6761b096cc5363fbacd7682c
 Size (certdata-20200529.txt) = 1271692 bytes
-SHA1 (patch-certdata.txt) = 4d90a8f5126397961d0afe15c0c96c1d7fcf046f
+SHA1 (patch-certdata.txt) = a177132bc9e5a6050be8b342ced2e035b6fa6f98
Index: mozilla-rootcerts/patches/patch-certdata.txt
===================================================================
RCS file: /cvsroot/pkgsrc/security/mozilla-rootcerts/patches/patch-certdata.txt,v
retrieving revision 1.2
diff -u -r1.2 patch-certdata.txt
--- mozilla-rootcerts/patches/patch-certdata.txt	30 May 2020 22:39:08 -0000	1.2
+++ mozilla-rootcerts/patches/patch-certdata.txt	5 Jun 2020 17:09:09 -0000
@@ -5,7 +5,11 @@
 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
 C = NL, O = Staat der Nederlanden, CN = Staat der Nederlanden Root CA - G2
 
---- certdata.txt.orig	2020-05-30 12:42:07.645376642 +0000
+Remove trust in Kamu SM. Mozilla doesn't trust this for all domains, and
+consumers of mozilla-rootcerts won't implement the same restriction.
+https://wiki.mozilla.org/CA/Additional_Trust_Changes
+
+--- certdata.txt.orig	2020-06-05 16:59:55.485787812 +0000
 +++ certdata.txt
 @@ -1251,305 +1251,6 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_
  CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
@@ -491,3 +495,183 @@
  # Certificate "Hongkong Post Root CA 1"
  #
  # Issuer: CN=Hongkong Post Root CA 1,O=Hongkong Post,C=HK
+@@ -19901,179 +19431,6 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_
+ CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+ 
+ #
+-# Certificate "TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1"
+-#
+-# Issuer: CN=TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1,OU=Kamu Sertifikasyon Merkezi - Kamu SM,O=Turkiye Bilimsel ve Teknolojik Arastirma Kurumu - TUBITAK,L=Gebze - Kocaeli,C=TR
+-# Serial Number: 1 (0x1)
+-# Subject: CN=TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1,OU=Kamu Sertifikasyon Merkezi - Kamu SM,O=Turkiye Bilimsel ve Teknolojik Arastirma Kurumu - TUBITAK,L=Gebze - Kocaeli,C=TR
+-# Not Valid Before: Mon Nov 25 08:25:55 2013
+-# Not Valid After : Sun Oct 25 08:25:55 2043
+-# Fingerprint (SHA-256): 46:ED:C3:68:90:46:D5:3A:45:3F:B3:10:4A:B8:0D:CA:EC:65:8B:26:60:EA:16:29:DD:7E:86:79:90:64:87:16
+-# Fingerprint (SHA1): 31:43:64:9B:EC:CE:27:EC:ED:3A:3F:0B:8F:0D:E4:E8:91:DD:EE:CA
+-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+-CKA_TOKEN CK_BBOOL CK_TRUE
+-CKA_PRIVATE CK_BBOOL CK_FALSE
+-CKA_MODIFIABLE CK_BBOOL CK_FALSE
+-CKA_LABEL UTF8 "TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1"
+-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+-CKA_SUBJECT MULTILINE_OCTAL
+-\060\201\322\061\013\060\011\006\003\125\004\006\023\002\124\122
+-\061\030\060\026\006\003\125\004\007\023\017\107\145\142\172\145
+-\040\055\040\113\157\143\141\145\154\151\061\102\060\100\006\003
+-\125\004\012\023\071\124\165\162\153\151\171\145\040\102\151\154
+-\151\155\163\145\154\040\166\145\040\124\145\153\156\157\154\157
+-\152\151\153\040\101\162\141\163\164\151\162\155\141\040\113\165
+-\162\165\155\165\040\055\040\124\125\102\111\124\101\113\061\055
+-\060\053\006\003\125\004\013\023\044\113\141\155\165\040\123\145
+-\162\164\151\146\151\153\141\163\171\157\156\040\115\145\162\153
+-\145\172\151\040\055\040\113\141\155\165\040\123\115\061\066\060
+-\064\006\003\125\004\003\023\055\124\125\102\111\124\101\113\040
+-\113\141\155\165\040\123\115\040\123\123\114\040\113\157\153\040
+-\123\145\162\164\151\146\151\153\141\163\151\040\055\040\123\165
+-\162\165\155\040\061
+-END
+-CKA_ID UTF8 "0"
+-CKA_ISSUER MULTILINE_OCTAL
+-\060\201\322\061\013\060\011\006\003\125\004\006\023\002\124\122
+-\061\030\060\026\006\003\125\004\007\023\017\107\145\142\172\145
+-\040\055\040\113\157\143\141\145\154\151\061\102\060\100\006\003
+-\125\004\012\023\071\124\165\162\153\151\171\145\040\102\151\154
+-\151\155\163\145\154\040\166\145\040\124\145\153\156\157\154\157
+-\152\151\153\040\101\162\141\163\164\151\162\155\141\040\113\165
+-\162\165\155\165\040\055\040\124\125\102\111\124\101\113\061\055
+-\060\053\006\003\125\004\013\023\044\113\141\155\165\040\123\145
+-\162\164\151\146\151\153\141\163\171\157\156\040\115\145\162\153
+-\145\172\151\040\055\040\113\141\155\165\040\123\115\061\066\060
+-\064\006\003\125\004\003\023\055\124\125\102\111\124\101\113\040
+-\113\141\155\165\040\123\115\040\123\123\114\040\113\157\153\040
+-\123\145\162\164\151\146\151\153\141\163\151\040\055\040\123\165
+-\162\165\155\040\061
+-END
+-CKA_SERIAL_NUMBER MULTILINE_OCTAL
+-\002\001\001
+-END
+-CKA_VALUE MULTILINE_OCTAL
+-\060\202\004\143\060\202\003\113\240\003\002\001\002\002\001\001
+-\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060
+-\201\322\061\013\060\011\006\003\125\004\006\023\002\124\122\061
+-\030\060\026\006\003\125\004\007\023\017\107\145\142\172\145\040
+-\055\040\113\157\143\141\145\154\151\061\102\060\100\006\003\125
+-\004\012\023\071\124\165\162\153\151\171\145\040\102\151\154\151
+-\155\163\145\154\040\166\145\040\124\145\153\156\157\154\157\152
+-\151\153\040\101\162\141\163\164\151\162\155\141\040\113\165\162
+-\165\155\165\040\055\040\124\125\102\111\124\101\113\061\055\060
+-\053\006\003\125\004\013\023\044\113\141\155\165\040\123\145\162
+-\164\151\146\151\153\141\163\171\157\156\040\115\145\162\153\145
+-\172\151\040\055\040\113\141\155\165\040\123\115\061\066\060\064
+-\006\003\125\004\003\023\055\124\125\102\111\124\101\113\040\113
+-\141\155\165\040\123\115\040\123\123\114\040\113\157\153\040\123
+-\145\162\164\151\146\151\153\141\163\151\040\055\040\123\165\162
+-\165\155\040\061\060\036\027\015\061\063\061\061\062\065\060\070
+-\062\065\065\065\132\027\015\064\063\061\060\062\065\060\070\062
+-\065\065\065\132\060\201\322\061\013\060\011\006\003\125\004\006
+-\023\002\124\122\061\030\060\026\006\003\125\004\007\023\017\107
+-\145\142\172\145\040\055\040\113\157\143\141\145\154\151\061\102
+-\060\100\006\003\125\004\012\023\071\124\165\162\153\151\171\145
+-\040\102\151\154\151\155\163\145\154\040\166\145\040\124\145\153
+-\156\157\154\157\152\151\153\040\101\162\141\163\164\151\162\155
+-\141\040\113\165\162\165\155\165\040\055\040\124\125\102\111\124
+-\101\113\061\055\060\053\006\003\125\004\013\023\044\113\141\155
+-\165\040\123\145\162\164\151\146\151\153\141\163\171\157\156\040
+-\115\145\162\153\145\172\151\040\055\040\113\141\155\165\040\123
+-\115\061\066\060\064\006\003\125\004\003\023\055\124\125\102\111
+-\124\101\113\040\113\141\155\165\040\123\115\040\123\123\114\040
+-\113\157\153\040\123\145\162\164\151\146\151\153\141\163\151\040
+-\055\040\123\165\162\165\155\040\061\060\202\001\042\060\015\006
+-\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001\017
+-\000\060\202\001\012\002\202\001\001\000\257\165\060\063\252\273
+-\153\323\231\054\022\067\204\331\215\173\227\200\323\156\347\377
+-\233\120\225\076\220\225\126\102\327\031\174\046\204\215\222\372
+-\001\035\072\017\342\144\070\267\214\274\350\210\371\213\044\253
+-\056\243\365\067\344\100\216\030\045\171\203\165\037\073\377\154
+-\250\305\306\126\370\264\355\212\104\243\253\154\114\374\035\320
+-\334\357\150\275\317\344\252\316\360\125\367\242\064\324\203\153
+-\067\174\034\302\376\265\003\354\127\316\274\264\265\305\355\000
+-\017\123\067\052\115\364\117\014\203\373\206\317\313\376\214\116
+-\275\207\371\247\213\041\127\234\172\337\003\147\211\054\235\227
+-\141\247\020\270\125\220\177\016\055\047\070\164\337\347\375\332
+-\116\022\343\115\025\042\002\310\340\340\374\017\255\212\327\311
+-\124\120\314\073\017\312\026\200\204\320\121\126\303\216\126\177
+-\211\042\063\057\346\205\012\275\245\250\033\066\336\323\334\054
+-\155\073\307\023\275\131\043\054\346\345\244\367\330\013\355\352
+-\220\100\104\250\225\273\223\325\320\200\064\266\106\170\016\037
+-\000\223\106\341\356\351\371\354\117\027\002\003\001\000\001\243
+-\102\060\100\060\035\006\003\125\035\016\004\026\004\024\145\077
+-\307\212\206\306\074\335\074\124\134\065\370\072\355\122\014\107
+-\127\310\060\016\006\003\125\035\017\001\001\377\004\004\003\002
+-\001\006\060\017\006\003\125\035\023\001\001\377\004\005\060\003
+-\001\001\377\060\015\006\011\052\206\110\206\367\015\001\001\013
+-\005\000\003\202\001\001\000\052\077\341\361\062\216\256\341\230
+-\134\113\136\317\153\036\152\011\322\042\251\022\307\136\127\175
+-\163\126\144\200\204\172\223\344\011\271\020\315\237\052\047\341
+-\000\167\276\110\310\065\250\201\237\344\270\054\311\177\016\260
+-\322\113\067\135\352\271\325\013\136\064\275\364\163\051\303\355
+-\046\025\234\176\010\123\212\130\215\320\113\050\337\301\263\337
+-\040\363\371\343\343\072\337\314\234\224\330\116\117\303\153\027
+-\267\367\162\350\255\146\063\265\045\123\253\340\370\114\251\235
+-\375\362\015\272\256\271\331\252\306\153\371\223\273\256\253\270
+-\227\074\003\032\272\103\306\226\271\105\162\070\263\247\241\226
+-\075\221\173\176\300\041\123\114\207\355\362\013\124\225\121\223
+-\325\042\245\015\212\361\223\016\076\124\016\260\330\311\116\334
+-\362\061\062\126\352\144\371\352\265\235\026\146\102\162\363\177
+-\323\261\061\103\374\244\216\027\361\155\043\253\224\146\370\255
+-\373\017\010\156\046\055\177\027\007\011\262\214\373\120\300\237
+-\226\215\317\266\375\000\235\132\024\232\277\002\104\365\301\302
+-\237\042\136\242\017\241\343
+-END
+-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+-CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+-CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
+-
+-# Trust for "TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1"
+-# Issuer: CN=TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1,OU=Kamu Sertifikasyon Merkezi - Kamu SM,O=Turkiye Bilimsel ve Teknolojik Arastirma Kurumu - TUBITAK,L=Gebze - Kocaeli,C=TR
+-# Serial Number: 1 (0x1)
+-# Subject: CN=TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1,OU=Kamu Sertifikasyon Merkezi - Kamu SM,O=Turkiye Bilimsel ve Teknolojik Arastirma Kurumu - TUBITAK,L=Gebze - Kocaeli,C=TR
+-# Not Valid Before: Mon Nov 25 08:25:55 2013
+-# Not Valid After : Sun Oct 25 08:25:55 2043
+-# Fingerprint (SHA-256): 46:ED:C3:68:90:46:D5:3A:45:3F:B3:10:4A:B8:0D:CA:EC:65:8B:26:60:EA:16:29:DD:7E:86:79:90:64:87:16
+-# Fingerprint (SHA1): 31:43:64:9B:EC:CE:27:EC:ED:3A:3F:0B:8F:0D:E4:E8:91:DD:EE:CA
+-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+-CKA_TOKEN CK_BBOOL CK_TRUE
+-CKA_PRIVATE CK_BBOOL CK_FALSE
+-CKA_MODIFIABLE CK_BBOOL CK_FALSE
+-CKA_LABEL UTF8 "TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1"
+-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+-\061\103\144\233\354\316\047\354\355\072\077\013\217\015\344\350
+-\221\335\356\312
+-END
+-CKA_CERT_MD5_HASH MULTILINE_OCTAL
+-\334\000\201\334\151\057\076\057\260\073\366\075\132\221\216\111
+-END
+-CKA_ISSUER MULTILINE_OCTAL
+-\060\201\322\061\013\060\011\006\003\125\004\006\023\002\124\122
+-\061\030\060\026\006\003\125\004\007\023\017\107\145\142\172\145
+-\040\055\040\113\157\143\141\145\154\151\061\102\060\100\006\003
+-\125\004\012\023\071\124\165\162\153\151\171\145\040\102\151\154
+-\151\155\163\145\154\040\166\145\040\124\145\153\156\157\154\157
+-\152\151\153\040\101\162\141\163\164\151\162\155\141\040\113\165
+-\162\165\155\165\040\055\040\124\125\102\111\124\101\113\061\055
+-\060\053\006\003\125\004\013\023\044\113\141\155\165\040\123\145
+-\162\164\151\146\151\153\141\163\171\157\156\040\115\145\162\153
+-\145\172\151\040\055\040\113\141\155\165\040\123\115\061\066\060
+-\064\006\003\125\004\003\023\055\124\125\102\111\124\101\113\040
+-\113\141\155\165\040\123\115\040\123\123\114\040\113\157\153\040
+-\123\145\162\164\151\146\151\153\141\163\151\040\055\040\123\165
+-\162\165\155\040\061
+-END
+-CKA_SERIAL_NUMBER MULTILINE_OCTAL
+-\002\001\001
+-END
+-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+-
+-#
+ # Certificate "GDCA TrustAUTH R5 ROOT"
+ #
+ # Issuer: CN=GDCA TrustAUTH R5 ROOT,O="GUANG DONG CERTIFICATE AUTHORITY CO.,LTD.",C=CN
Index: mozilla-rootcerts-openssl/Makefile
===================================================================
RCS file: /cvsroot/pkgsrc/security/mozilla-rootcerts-openssl/Makefile,v
retrieving revision 1.13
diff -u -r1.13 Makefile
--- mozilla-rootcerts-openssl/Makefile	30 May 2020 12:56:54 -0000	1.13
+++ mozilla-rootcerts-openssl/Makefile	5 Jun 2020 17:09:09 -0000
@@ -1,6 +1,7 @@
 # $NetBSD: Makefile,v 1.13 2020/05/30 12:56:54 tnn Exp $
 
 PKGNAME=	mozilla-rootcerts-openssl-2.4
+PKGREVISION=	1
 CATEGORIES=	security
 MASTER_SITES=	# empty
 DISTFILES=	# empty