NetBSD Problem Report #58667
From www@netbsd.org Sun Sep 8 12:19:07 2024
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
client-signature RSA-PSS (2048 bits) client-digest SHA256)
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id C5DB81A923B
for <gnats-bugs@gnats.NetBSD.org>; Sun, 8 Sep 2024 12:19:06 +0000 (UTC)
Message-Id: <20240908121905.81CB01A9241@mollari.NetBSD.org>
Date: Sun, 8 Sep 2024 12:19:05 +0000 (UTC)
From: campbell+netbsd@mumble.net
Reply-To: campbell+netbsd@mumble.net
To: gnats-bugs@NetBSD.org
Subject: mozilla-certdata: Update to 2024-08-23
X-Send-Pr-Version: www-1.0
>Number: 58667
>Category: misc
>Synopsis: mozilla-certdata: Update to 2024-08-23
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: misc-bug-people
>State: needs-pullups
>Class: change-request
>Submitter-Id: net
>Arrival-Date: Sun Sep 08 12:20:00 +0000 2024
>Closed-Date:
>Last-Modified: Thu Sep 12 09:45:01 +0000 2024
>Originator: Taylor R Campbell
>Release: current, 10
>Organization:
The NetBSD Certification 2024-08
>Environment:
>Description:
Mozilla certdata has had updates since we last updated it from 2024-02-12:
https://hg.mozilla.org/projects/nss/log/872bd5fefe12bc48a9c65e9ea7f189df243d835a/lib/ckfw/builtins/certdata.txt?revcount=9
Nothing major or urgent -- some new CAs, some CAs scheduled to be decommissioned, some removal of S/MIME trust. No security incidents requiring prompt updates.
>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
From: Taylor R Campbell <riastradh@NetBSD.org>
To: gnats-bugs@NetBSD.org, netbsd-bugs@NetBSD.org
Cc:
Subject: Re: misc/58667: mozilla-certdata: Update to 2024-08-23
Date: Sun, 8 Sep 2024 16:56:33 +0000
Forgot to cite the PR in the following commits:
https://mail-index.netbsd.org/source-changes/2024/09/08/msg153213.html
https://mail-index.netbsd.org/source-changes/2024/09/08/msg153214.html
https://mail-index.netbsd.org/source-changes/2024/09/08/msg153215.html
https://mail-index.netbsd.org/source-changes/2024/09/08/msg153216.html
Module Name: src
Committed By: riastradh
Date: Sun Sep 8 15:21:50 UTC 2024
Update of /cvsroot/src/external/mpl/mozilla-certdata/dist
In directory ivanova.netbsd.org:/tmp/cvs-serv19721
Log Message:
mozilla-certdata: Update Mozilla certdata.txt.
nss hg date: 2024-08-23
nss hg revision: 872bd5fefe12bc48a9c65e9ea7f189df243d835a
Status:
Vendor Tag: MOZILLA-CERTDATA
Release Tags: mozilla-certdata-20240823
=20
U src/external/mpl/mozilla-certdata/dist/certdata.txt
No conflicts created by this import
Module Name: src
Committed By: riastradh
Date: Sun Sep 8 15:23:55 UTC 2024
Modified Files:
src/external/mpl/mozilla-certdata/share: Makefile
Log Message:
mozilla-certdata: Update reference in Makefile.
To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 src/external/mpl/mozilla-certdata/share/Makefile
Module Name: src
Committed By: riastradh
Date: Sun Sep 8 15:24:37 UTC 2024
Modified Files:
src/external/mpl/mozilla-certdata/share: email.trust server.trust
Added Files:
src/external/mpl/mozilla-certdata/share/certs:
FIRMAPROFESIONAL_CA_ROOT-A_WEB.pem SecureSign_Root_CA12.pem
SecureSign_Root_CA14.pem SecureSign_Root_CA15.pem
TWCA_CYBER_Root_CA.pem TWCA_Global_Root_CA_G2.pem
Log Message:
mozilla-certdata: regen
To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 src/external/mpl/mozilla-certdata/share/email.trus=
t \
src/external/mpl/mozilla-certdata/share/server.trust
cvs rdiff -u -r0 -r1.1 \
src/external/mpl/mozilla-certdata/share/certs/FIRMAPROFESIONAL_CA_ROOT-=
A_WEB.pem \
src/external/mpl/mozilla-certdata/share/certs/SecureSign_Root_CA12.pem \
src/external/mpl/mozilla-certdata/share/certs/SecureSign_Root_CA14.pem \
src/external/mpl/mozilla-certdata/share/certs/SecureSign_Root_CA15.pem \
src/external/mpl/mozilla-certdata/share/certs/TWCA_CYBER_Root_CA.pem \
src/external/mpl/mozilla-certdata/share/certs/TWCA_Global_Root_CA_G2.pem
Module Name: src
Committed By: riastradh
Date: Sun Sep 8 15:25:09 UTC 2024
Modified Files:
src/distrib/sets/lists/base: mi
Log Message:
mozilla-certdata: Update set lists.
To generate a diff of this commit:
cvs rdiff -u -r1.1350 -r1.1351 src/distrib/sets/lists/base/mi
State-Changed-From-To: open->needs-pullups
State-Changed-By: riastradh@NetBSD.org
State-Changed-When: Sun, 08 Sep 2024 17:01:29 +0000
State-Changed-Why:
needs pullup-10, inapplicable <10
From: Taylor R Campbell <riastradh@NetBSD.org>
To: gnats-bugs@NetBSD.org, netbsd-bugs@NetBSD.org
Cc:
Subject: Re: misc/58667: mozilla-certdata: Update to 2024-08-23
Date: Mon, 9 Sep 2024 00:19:56 +0000
And another one -- not sure how I missed this when I verified
checkflist failed before postinstall-fix-obsolete and passed after, oh
well:
https://mail-index.netbsd.org/source-changes/2024/09/08/msg153220.html
Module Name: src
Committed By: kre
Date: Sun Sep 8 22:35:02 UTC 2024
Modified Files:
src/distrib/sets/lists/base: mi
Log Message:
One more mozilla-rootcerts file that is now obsolete.
This fixes one current build breakage, but there is more to come.
To generate a diff of this commit:
cvs rdiff -u -r1.1351 -r1.1352 src/distrib/sets/lists/base/mi
From: "Taylor R Campbell" <riastradh@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/58667 CVS commit: src/distrib/sets/lists/base
Date: Thu, 12 Sep 2024 09:43:56 +0000
Module Name: src
Committed By: riastradh
Date: Thu Sep 12 09:43:56 UTC 2024
Modified Files:
src/distrib/sets/lists/base: mi
Log Message:
distrib/sets/lists/base/mi: Un-obsolete certSIGN_ROOT_CA.pem file.
The CA is still kosher for TLS servers, so the original file
/usr/share/certs/mozilla/all/certSIGN_ROOT_CA.pem and the symlink
/usr/share/certs/mozilla/server/certSIGN_ROOT_CA.pem should still be
there. It was only removed from S/MIME email trust, so only the
symlink /usr/share/certs/mozilla/email/certSIGN_ROOT_CA.pem is
obsolete.
PR misc/58667
To generate a diff of this commit:
cvs rdiff -u -r1.1352 -r1.1353 src/distrib/sets/lists/base/mi
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.47 2022/09/11 19:34:41 kim Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2024
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.