20210119 (patches unapplied)

Imported using git-ubuntu import.
[ Julien Cristau ] * New maintainer (closes: #976406) * mozilla/{certdata.txt,nssckbi.h}: Update Mozilla certificate authority bundle to version 2.46. The following certificate authorities were added (+): + "certSIGN ROOT CA G2" + "e-Szigno Root CA 2017" + "Microsoft ECC Root Certificate Authority 2017" + "Microsoft RSA Root Certificate Authority 2017" + "NAVER Global Root Certification Authority" + "Trustwave Global Certification Authority" + "Trustwave Global ECC P256 Certification Authority" + "Trustwave Global ECC P384 Certification Authority" The following certificate authorities were removed (-): - "EE Certification Centre Root CA" - "GeoTrust Universal CA 2" - "LuxTrust Global Root 2" - "OISTE WISeKey Global Root GA CA" - "Staat der Nederlanden Root CA - G2" (closes: #962079) - "Taiwan GRCA" - "Verisign Class 3 Public Primary Certification Authority - G3" [ Michael Shuler ] * mozilla/blacklist: Revert Symantec CA blacklist (#911289). Closes: #962596 The following root certificates were added back (+): + "GeoTrust Primary Certification Authority - G2" + "VeriSign Universal Root Certification Authority" [ Gianfranco Costamagna ] * debian/{rules,control}: Merge Ubuntu patch from Matthias Klose to use Python3 during build. Closes: #942915
2025-09-18 21:39:43 +00:00 · 2021-01-19 11:11:04 +01:00 · 2021-01-19 11:11:04 +01:00 · 47275c9bd2 · 2021-01-19 16:44:41 +00:00
commit 47275c9bd2
parent bb7135fa45
7 changed files with 1254 additions and 3089 deletions
--- a/debian/changelog
+++ b/debian/changelog
@ -1,3 +1,41 @@
+ca-certificates (20210119) unstable; urgency=medium
+
+  [ Julien Cristau ]
+  * New maintainer (closes: #976406)
+  * mozilla/{certdata.txt,nssckbi.h}: Update Mozilla certificate authority
+    bundle to version 2.46.
+    The following certificate authorities were added (+):
+    + "certSIGN ROOT CA G2"
+    + "e-Szigno Root CA 2017"
+    + "Microsoft ECC Root Certificate Authority 2017"
+    + "Microsoft RSA Root Certificate Authority 2017"
+    + "NAVER Global Root Certification Authority"
+    + "Trustwave Global Certification Authority"
+    + "Trustwave Global ECC P256 Certification Authority"
+    + "Trustwave Global ECC P384 Certification Authority"
+    The following certificate authorities were removed (-):
+    - "EE Certification Centre Root CA"
+    - "GeoTrust Universal CA 2"
+    - "LuxTrust Global Root 2"
+    - "OISTE WISeKey Global Root GA CA"
+    - "Staat der Nederlanden Root CA - G2" (closes: #962079)
+    - "Taiwan GRCA"
+    - "Verisign Class 3 Public Primary Certification Authority - G3"
+
+  [ Michael Shuler ]
+  * mozilla/blacklist:
+    Revert Symantec CA blacklist (#911289). Closes: #962596
+    The following root certificates were added back (+):
+    + "GeoTrust Primary Certification Authority - G2"
+    + "VeriSign Universal Root Certification Authority"
+
+  [ Gianfranco Costamagna ]
+  * debian/{rules,control}:
+    Merge Ubuntu patch from Matthias Klose to use Python3 during build.
+    Closes: #942915
+
+ -- Julien Cristau <jcristau@debian.org>  Tue, 19 Jan 2021 11:11:04 +0100
+
 ca-certificates (20200601) unstable; urgency=medium

  * debian/control:
--- a/debian/control
+++ b/debian/control
@ -1,11 +1,9 @@
 Source: ca-certificates
 Section: misc
 Priority: optional
-Maintainer: Michael Shuler <michael@pbandjelly.org>
-Uploaders: Raphael Geissert <geissert@debian.org>,
-           Thijs Kinkhorst <thijs@debian.org>
+Maintainer: Julien Cristau <jcristau@debian.org>
 Build-Depends: debhelper-compat (= 13), po-debconf
-Build-Depends-Indep: python, openssl
+Build-Depends-Indep: python3, openssl
 Standards-Version: 4.5.0.2
 Vcs-Git: https://salsa.debian.org/debian/ca-certificates.git
 Vcs-Browser: https://salsa.debian.org/debian/ca-certificates
--- a/mozilla/Makefile
+++ b/mozilla/Makefile
@ -3,7 +3,7 @@
 #

 all:
-	python certdata2pem.py
+	python3 certdata2pem.py

 clean:
 	-rm -f *.crt
--- a/mozilla/blacklist.txt
+++ b/mozilla/blacklist.txt
@ -1,39 +1,9 @@
 # One blacklist entry per line, corresponding to the label in certdata.txt.

 # Blacklist explicitly distrusted certificates to explicitly ignore them and prevent build errors
-"Distrust: O=Egypt Trust, OU=VeriSign Trust Network (cert 1/3)"
-"Distrust: O=Egypt Trust, OU=VeriSign Trust Network (cert 2/3)"
-"Distrust: O=Egypt Trust, OU=VeriSign Trust Network (cert 3/3)"
 "Explicitly Distrust DigiNotar Root CA"
 "Explicitly Distrusted DigiNotar PKIoverheid G2"
 "MITM subCA 1 issued by Trustwave"
 "MITM subCA 2 issued by Trustwave"
 "TURKTRUST Mis-issued Intermediate CA 1"
 "TURKTRUST Mis-issued Intermediate CA 2"
-
-# Distrusted Symantec Root CAs:
-"GeoTrust Global CA"
-"GeoTrust Primary Certification Authority"
-"GeoTrust Primary Certification Authority - G2"
-"GeoTrust Primary Certification Authority - G3"
-"GeoTrust Universal CA"
-"Thawte Premium Server CA"
-"thawte Primary Root CA"
-"thawte Primary Root CA - G2"
-"thawte Primary Root CA - G3"
-"Symantec Class 1 Public Primary Certification Authority - G4"
-"Symantec Class 1 Public Primary Certification Authority - G6"
-"Symantec Class 2 Public Primary Certification Authority - G4"
-"Symantec Class 2 Public Primary Certification Authority - G6"
-"Symantec Class 3 Public Primary Certification Authority - G4"
-"Symantec Class 3 Public Primary Certification Authority - G6"
-"VeriSign Class 1 Public Primary Certification Authority - G3"
-"VeriSign Class 2 Public Primary Certification Authority - G3"
-"VeriSign Class 3 Public Primary Certification Authority - G3"
-"VeriSign Class 3 Public Primary Certification Authority - G4"
-"VeriSign Class 3 Public Primary Certification Authority - G5"
-"VeriSign Universal Root Certification Authority"
-
-# Blacklist expired certificate (Not After : May 30 10:48:38 2020 GMT)
-# See: https://bugs.debian.org/961907
-"AddTrust External Root"
--- a/mozilla/certdata.txt
+++ b/mozilla/certdata.txt
--- a/mozilla/certdata2pem.py
+++ b/mozilla/certdata2pem.py
@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/python3
 # vim:set et sw=4:
 #
 # certdata2pem.py - splits certdata.txt into multiple files
--- a/mozilla/nssckbi.h
+++ b/mozilla/nssckbi.h
@ -46,8 +46,8 @@
 * It's recommend to switch back to 0 after having reached version 98/99.
 */
 #define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 2
-#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 40
-#define NSS_BUILTINS_LIBRARY_VERSION "2.40"
+#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 46
+#define NSS_BUILTINS_LIBRARY_VERSION "2.46"

 /* These version numbers detail the semantic changes to the ckfw engine. */
 #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1