NetBSD Problem Report #58667

From www@netbsd.org  Sun Sep  8 12:19:07 2024
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id C5DB81A923B
	for <gnats-bugs@gnats.NetBSD.org>; Sun,  8 Sep 2024 12:19:06 +0000 (UTC)
Message-Id: <20240908121905.81CB01A9241@mollari.NetBSD.org>
Date: Sun,  8 Sep 2024 12:19:05 +0000 (UTC)
From: campbell+netbsd@mumble.net
Reply-To: campbell+netbsd@mumble.net
To: gnats-bugs@NetBSD.org
Subject: mozilla-certdata: Update to 2024-08-23
X-Send-Pr-Version: www-1.0

>Number:         58667
>Category:       misc
>Synopsis:       mozilla-certdata: Update to 2024-08-23
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    misc-bug-people
>State:          needs-pullups
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Sun Sep 08 12:20:00 +0000 2024
>Closed-Date:    
>Last-Modified:  Thu Sep 12 09:45:01 +0000 2024
>Originator:     Taylor R Campbell
>Release:        current, 10
>Organization:
The NetBSD Certification 2024-08
>Environment:
>Description:
Mozilla certdata has had updates since we last updated it from 2024-02-12:

https://hg.mozilla.org/projects/nss/log/872bd5fefe12bc48a9c65e9ea7f189df243d835a/lib/ckfw/builtins/certdata.txt?revcount=9

Nothing major or urgent -- some new CAs, some CAs scheduled to be decommissioned, some removal of S/MIME trust.  No security incidents requiring prompt updates.
>How-To-Repeat:

>Fix:

>Release-Note:

>Audit-Trail:
From: Taylor R Campbell <riastradh@NetBSD.org>
To: gnats-bugs@NetBSD.org, netbsd-bugs@NetBSD.org
Cc: 
Subject: Re: misc/58667: mozilla-certdata: Update to 2024-08-23
Date: Sun, 8 Sep 2024 16:56:33 +0000

 Forgot to cite the PR in the following commits:

 https://mail-index.netbsd.org/source-changes/2024/09/08/msg153213.html
 https://mail-index.netbsd.org/source-changes/2024/09/08/msg153214.html
 https://mail-index.netbsd.org/source-changes/2024/09/08/msg153215.html
 https://mail-index.netbsd.org/source-changes/2024/09/08/msg153216.html


 Module Name:    src
 Committed By:   riastradh
 Date:           Sun Sep  8 15:21:50 UTC 2024

 Update of /cvsroot/src/external/mpl/mozilla-certdata/dist
 In directory ivanova.netbsd.org:/tmp/cvs-serv19721

 Log Message:
 mozilla-certdata: Update Mozilla certdata.txt.

 nss hg date: 2024-08-23
 nss hg revision: 872bd5fefe12bc48a9c65e9ea7f189df243d835a


 Status:

 Vendor Tag:     MOZILLA-CERTDATA
 Release Tags:   mozilla-certdata-20240823
                =20
 U src/external/mpl/mozilla-certdata/dist/certdata.txt

 No conflicts created by this import



 Module Name:    src
 Committed By:   riastradh
 Date:           Sun Sep  8 15:23:55 UTC 2024

 Modified Files:
         src/external/mpl/mozilla-certdata/share: Makefile

 Log Message:
 mozilla-certdata: Update reference in Makefile.


 To generate a diff of this commit:
 cvs rdiff -u -r1.4 -r1.5 src/external/mpl/mozilla-certdata/share/Makefile



 Module Name:    src
 Committed By:   riastradh
 Date:           Sun Sep  8 15:24:37 UTC 2024

 Modified Files:
         src/external/mpl/mozilla-certdata/share: email.trust server.trust
 Added Files:
         src/external/mpl/mozilla-certdata/share/certs:
             FIRMAPROFESIONAL_CA_ROOT-A_WEB.pem SecureSign_Root_CA12.pem
             SecureSign_Root_CA14.pem SecureSign_Root_CA15.pem
             TWCA_CYBER_Root_CA.pem TWCA_Global_Root_CA_G2.pem

 Log Message:
 mozilla-certdata: regen


 To generate a diff of this commit:
 cvs rdiff -u -r1.2 -r1.3 src/external/mpl/mozilla-certdata/share/email.trus=
 t \
     src/external/mpl/mozilla-certdata/share/server.trust
 cvs rdiff -u -r0 -r1.1 \
     src/external/mpl/mozilla-certdata/share/certs/FIRMAPROFESIONAL_CA_ROOT-=
 A_WEB.pem \
     src/external/mpl/mozilla-certdata/share/certs/SecureSign_Root_CA12.pem \
     src/external/mpl/mozilla-certdata/share/certs/SecureSign_Root_CA14.pem \
     src/external/mpl/mozilla-certdata/share/certs/SecureSign_Root_CA15.pem \
     src/external/mpl/mozilla-certdata/share/certs/TWCA_CYBER_Root_CA.pem \
     src/external/mpl/mozilla-certdata/share/certs/TWCA_Global_Root_CA_G2.pem



 Module Name:    src
 Committed By:   riastradh
 Date:           Sun Sep  8 15:25:09 UTC 2024

 Modified Files:
         src/distrib/sets/lists/base: mi

 Log Message:
 mozilla-certdata: Update set lists.


 To generate a diff of this commit:
 cvs rdiff -u -r1.1350 -r1.1351 src/distrib/sets/lists/base/mi

State-Changed-From-To: open->needs-pullups
State-Changed-By: riastradh@NetBSD.org
State-Changed-When: Sun, 08 Sep 2024 17:01:29 +0000
State-Changed-Why:
needs pullup-10, inapplicable <10


From: Taylor R Campbell <riastradh@NetBSD.org>
To: gnats-bugs@NetBSD.org, netbsd-bugs@NetBSD.org
Cc: 
Subject: Re: misc/58667: mozilla-certdata: Update to 2024-08-23
Date: Mon, 9 Sep 2024 00:19:56 +0000

 And another one -- not sure how I missed this when I verified
 checkflist failed before postinstall-fix-obsolete and passed after, oh
 well:


 https://mail-index.netbsd.org/source-changes/2024/09/08/msg153220.html

 Module Name:    src
 Committed By:   kre
 Date:           Sun Sep  8 22:35:02 UTC 2024

 Modified Files:
         src/distrib/sets/lists/base: mi

 Log Message:
 One more mozilla-rootcerts file that is now obsolete.
 This fixes one current build breakage, but there is more to come.


 To generate a diff of this commit:
 cvs rdiff -u -r1.1351 -r1.1352 src/distrib/sets/lists/base/mi

From: "Taylor R Campbell" <riastradh@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/58667 CVS commit: src/distrib/sets/lists/base
Date: Thu, 12 Sep 2024 09:43:56 +0000

 Module Name:	src
 Committed By:	riastradh
 Date:		Thu Sep 12 09:43:56 UTC 2024

 Modified Files:
 	src/distrib/sets/lists/base: mi

 Log Message:
 distrib/sets/lists/base/mi: Un-obsolete certSIGN_ROOT_CA.pem file.

 The CA is still kosher for TLS servers, so the original file
 /usr/share/certs/mozilla/all/certSIGN_ROOT_CA.pem and the symlink
 /usr/share/certs/mozilla/server/certSIGN_ROOT_CA.pem should still be
 there.  It was only removed from S/MIME email trust, so only the
 symlink /usr/share/certs/mozilla/email/certSIGN_ROOT_CA.pem is
 obsolete.

 PR misc/58667


 To generate a diff of this commit:
 cvs rdiff -u -r1.1352 -r1.1353 src/distrib/sets/lists/base/mi

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

>Unformatted:

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.47 2022/09/11 19:34:41 kim Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2024 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.