From patchwork Thu Nov 28 17:19:00 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?=
 <peter.mueller@ipfire.org>
X-Patchwork-Id: 2617
Return-Path: <development-bounces@lists.ipfire.org>
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384)
	 client-signature ECDSA (P-384))
	(Client CN "mail01.haj.ipfire.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
	by web04.haj.ipfire.org (Postfix) with ESMTPS id 47P4Bl4qntz43Tf
	for <patchwork@web04.haj.ipfire.org>; Thu, 28 Nov 2019 17:19:43 +0000 (UTC)
Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384
	 client-signature ECDSA (P-384) client-digest SHA384)
	(Client CN "mail02.haj.ipfire.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
	by mail01.ipfire.org (Postfix) with ESMTPS id 47P4Bk3vWXz1yW;
	Thu, 28 Nov 2019 17:19:42 +0000 (UTC)
Received: from mail02.haj.ipfire.org (localhost [127.0.0.1])
	by mail02.haj.ipfire.org (Postfix) with ESMTP id 47P4Bk1VZXz2yYZ;
	Thu, 28 Nov 2019 17:19:42 +0000 (UTC)
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384)
 client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mail02.haj.ipfire.org (Postfix) with ESMTPS id 47P4Bh4QV9z2xws
 for <development@lists.ipfire.org>; Thu, 28 Nov 2019 17:19:40 +0000 (UTC)
Received: from [127.0.0.1] (localhost [127.0.0.1])
 (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mail01.ipfire.org (Postfix) with ESMTPSA id 47P4Bg3jzjz1yW
 for <development@lists.ipfire.org>; Thu, 28 Nov 2019 17:19:39 +0000 (UTC)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=201909ed25519; t=1574961580;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding;
 bh=O6DLJGwxJmuN6LP92V6yECdo1CespKEzENU2818mmvc=;
 b=AJviLFMwMHPNZ1/Hyc+ctIm6R2vsJ/xJfcJtu3S9HtgEwnBjKX8eaDJ72z3pUjqgDLBiOx
 yjWvu/7NF9rpBlCA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=201909rsa;
 t=1574961580;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding;
 bh=O6DLJGwxJmuN6LP92V6yECdo1CespKEzENU2818mmvc=;
 b=I6tfyQkEKgLjZN/luNBjvxlpLmaOpTy5z5u6UfkZzyEbiYOWDjXBR7aQfyVLsxWQ0f6vPK
 LsvZ6qwVCuHuKNjye6ErD8tnf3L3bR+9lYs4ZAwMM8yprvM7fgClpFCL9i3J1dETCH2aFD
 JFCitBn7SslsNKbFEGjan231F8XD3vYz634DF/Pie7TP5Y7BUJW22TLGGbmsspLEV79aEw
 NRAcAvCSYFIBqFo2Zm9Hmn0TDjnomYo+DdC1naPpz4W8ZeFZvDdJapLsOlduWBRJJRavPP
 Vg5SzDu2hzmLCEfhirISt40PhCqJzayEzbsmaDahfXBsVIvJTD9AwbIGqOvQzw==
To: "IPFire: Development-List" <development@lists.ipfire.org>
From: =?utf-8?q?Peter_M=C3=BCller?= <peter.mueller@ipfire.org>
Subject: [PATCH] update ca-certificates CA bundle
Message-ID: <27aedc43-fc9d-68af-40d3-82d7007363c4@ipfire.org>
Date: Thu, 28 Nov 2019 17:19:00 +0000
MIME-Version: 1.0
Content-Language: en-US
Authentication-Results: mail01.ipfire.org;
 auth=pass smtp.auth=pmueller smtp.mailfrom=peter.mueller@ipfire.org
X-BeenThere: development@lists.ipfire.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IPFire development talk <development.lists.ipfire.org>
List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>,
 <mailto:development-request@lists.ipfire.org?subject=unsubscribe>
List-Archive: <http://lists.ipfire.org/pipermail/development/>
List-Post: <mailto:development@lists.ipfire.org>
List-Help: <mailto:development-request@lists.ipfire.org?subject=help>
List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>,
 <mailto:development-request@lists.ipfire.org?subject=subscribe>
Errors-To: development-bounces@lists.ipfire.org
Sender: "Development" <development-bounces@lists.ipfire.org>

Update the CA certificates list to what Mozilla NSS ships currently.

The original file can be retrieved from:
https://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/builtins/certdata.txt

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---
 config/ca-certificates/certdata.txt | 200 ++++++++++++++++++++++++++++++++++++
 lfs/ca-certificates                 |   2 +-
 2 files changed, 201 insertions(+), 1 deletion(-)

diff --git a/config/ca-certificates/certdata.txt b/config/ca-certificates/certdata.txt
index 3a44db293..5b9d679d1 100644
--- a/config/ca-certificates/certdata.txt
+++ b/config/ca-certificates/certdata.txt
@@ -23345,3 +23345,203 @@ CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Entrust Root Certification Authority - G4"
+#
+# Issuer: CN=Entrust Root Certification Authority - G4,OU="(c) 2015 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US
+# Serial Number:00:d9:b5:43:7f:af:a9:39:0f:00:00:00:00:55:65:ad:58
+# Subject: CN=Entrust Root Certification Authority - G4,OU="(c) 2015 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US
+# Not Valid Before: Wed May 27 11:11:16 2015
+# Not Valid After : Sun Dec 27 11:41:16 2037
+# Fingerprint (SHA-256): DB:35:17:D1:F6:73:2A:2D:5A:B9:7C:53:3E:C7:07:79:EE:32:70:A6:2F:B4:AC:42:38:37:24:60:E6:F0:1E:88
+# Fingerprint (SHA1): 14:88:4E:86:26:37:B0:26:AF:59:62:5C:40:77:EC:35:29:BA:96:01
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Entrust Root Certification Authority - G4"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\276\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\026\060\024\006\003\125\004\012\023\015\105\156\164\162\165
+\163\164\054\040\111\156\143\056\061\050\060\046\006\003\125\004
+\013\023\037\123\145\145\040\167\167\167\056\145\156\164\162\165
+\163\164\056\156\145\164\057\154\145\147\141\154\055\164\145\162
+\155\163\061\071\060\067\006\003\125\004\013\023\060\050\143\051
+\040\062\060\061\065\040\105\156\164\162\165\163\164\054\040\111
+\156\143\056\040\055\040\146\157\162\040\141\165\164\150\157\162
+\151\172\145\144\040\165\163\145\040\157\156\154\171\061\062\060
+\060\006\003\125\004\003\023\051\105\156\164\162\165\163\164\040
+\122\157\157\164\040\103\145\162\164\151\146\151\143\141\164\151
+\157\156\040\101\165\164\150\157\162\151\164\171\040\055\040\107
+\064
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\276\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\026\060\024\006\003\125\004\012\023\015\105\156\164\162\165
+\163\164\054\040\111\156\143\056\061\050\060\046\006\003\125\004
+\013\023\037\123\145\145\040\167\167\167\056\145\156\164\162\165
+\163\164\056\156\145\164\057\154\145\147\141\154\055\164\145\162
+\155\163\061\071\060\067\006\003\125\004\013\023\060\050\143\051
+\040\062\060\061\065\040\105\156\164\162\165\163\164\054\040\111
+\156\143\056\040\055\040\146\157\162\040\141\165\164\150\157\162
+\151\172\145\144\040\165\163\145\040\157\156\154\171\061\062\060
+\060\006\003\125\004\003\023\051\105\156\164\162\165\163\164\040
+\122\157\157\164\040\103\145\162\164\151\146\151\143\141\164\151
+\157\156\040\101\165\164\150\157\162\151\164\171\040\055\040\107
+\064
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\021\000\331\265\103\177\257\251\071\017\000\000\000\000\125
+\145\255\130
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\006\113\060\202\004\063\240\003\002\001\002\002\021\000
+\331\265\103\177\257\251\071\017\000\000\000\000\125\145\255\130
+\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060
+\201\276\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\026\060\024\006\003\125\004\012\023\015\105\156\164\162\165\163
+\164\054\040\111\156\143\056\061\050\060\046\006\003\125\004\013
+\023\037\123\145\145\040\167\167\167\056\145\156\164\162\165\163
+\164\056\156\145\164\057\154\145\147\141\154\055\164\145\162\155
+\163\061\071\060\067\006\003\125\004\013\023\060\050\143\051\040
+\062\060\061\065\040\105\156\164\162\165\163\164\054\040\111\156
+\143\056\040\055\040\146\157\162\040\141\165\164\150\157\162\151
+\172\145\144\040\165\163\145\040\157\156\154\171\061\062\060\060
+\006\003\125\004\003\023\051\105\156\164\162\165\163\164\040\122
+\157\157\164\040\103\145\162\164\151\146\151\143\141\164\151\157
+\156\040\101\165\164\150\157\162\151\164\171\040\055\040\107\064
+\060\036\027\015\061\065\060\065\062\067\061\061\061\061\061\066
+\132\027\015\063\067\061\062\062\067\061\061\064\061\061\066\132
+\060\201\276\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\026\060\024\006\003\125\004\012\023\015\105\156\164\162\165
+\163\164\054\040\111\156\143\056\061\050\060\046\006\003\125\004
+\013\023\037\123\145\145\040\167\167\167\056\145\156\164\162\165
+\163\164\056\156\145\164\057\154\145\147\141\154\055\164\145\162
+\155\163\061\071\060\067\006\003\125\004\013\023\060\050\143\051
+\040\062\060\061\065\040\105\156\164\162\165\163\164\054\040\111
+\156\143\056\040\055\040\146\157\162\040\141\165\164\150\157\162
+\151\172\145\144\040\165\163\145\040\157\156\154\171\061\062\060
+\060\006\003\125\004\003\023\051\105\156\164\162\165\163\164\040
+\122\157\157\164\040\103\145\162\164\151\146\151\143\141\164\151
+\157\156\040\101\165\164\150\157\162\151\164\171\040\055\040\107
+\064\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001
+\001\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002
+\001\000\261\354\054\102\356\342\321\060\377\245\222\107\342\055
+\303\272\144\227\155\312\367\015\265\131\301\263\313\250\150\031
+\330\257\204\155\060\160\135\176\363\056\322\123\231\341\376\037
+\136\331\110\257\135\023\215\333\377\143\063\115\323\000\002\274
+\304\370\321\006\010\224\171\130\212\025\336\051\263\375\375\304
+\117\350\252\342\240\073\171\315\277\153\103\062\335\331\164\020
+\271\367\364\150\324\273\320\207\325\252\113\212\052\157\052\004
+\265\262\246\307\240\172\346\110\253\322\321\131\314\326\176\043
+\346\227\154\360\102\345\334\121\113\025\101\355\111\112\311\336
+\020\227\326\166\301\357\245\265\066\024\227\065\330\170\042\065
+\122\357\103\275\333\047\333\141\126\202\064\334\313\210\140\014
+\013\132\345\054\001\306\124\257\327\252\301\020\173\322\005\132
+\270\100\236\206\247\303\220\206\002\126\122\011\172\234\322\047
+\202\123\112\145\122\152\365\074\347\250\362\234\257\213\275\323
+\016\324\324\136\156\207\236\152\075\105\035\321\135\033\364\351
+\012\254\140\231\373\211\264\377\230\054\317\174\035\351\002\252
+\004\232\036\270\334\210\156\045\263\154\146\367\074\220\363\127
+\301\263\057\365\155\362\373\312\241\370\051\235\106\213\263\152
+\366\346\147\007\276\054\147\012\052\037\132\262\076\127\304\323
+\041\041\143\145\122\221\033\261\231\216\171\176\346\353\215\000
+\331\132\252\352\163\350\244\202\002\107\226\376\133\216\124\141
+\243\353\057\113\060\260\213\043\165\162\174\041\074\310\366\361
+\164\324\034\173\243\005\125\356\273\115\073\062\276\232\167\146
+\236\254\151\220\042\007\037\141\072\226\276\345\232\117\314\005
+\074\050\131\323\301\014\124\250\131\141\275\310\162\114\350\334
+\237\207\177\275\234\110\066\136\225\243\016\271\070\044\125\374
+\165\146\353\002\343\010\064\051\112\306\343\053\057\063\240\332
+\243\206\245\022\227\375\200\053\332\024\102\343\222\275\076\362
+\135\136\147\164\056\034\210\107\051\064\137\342\062\250\234\045
+\067\214\272\230\000\227\213\111\226\036\375\045\212\254\334\332
+\330\135\164\156\146\260\377\104\337\241\030\306\276\110\057\067
+\224\170\370\225\112\077\177\023\136\135\131\375\164\206\103\143
+\163\111\002\003\001\000\001\243\102\060\100\060\017\006\003\125
+\035\023\001\001\377\004\005\060\003\001\001\377\060\016\006\003
+\125\035\017\001\001\377\004\004\003\002\001\006\060\035\006\003
+\125\035\016\004\026\004\024\237\070\304\126\043\303\071\350\240
+\161\154\350\124\114\344\350\072\261\277\147\060\015\006\011\052
+\206\110\206\367\015\001\001\013\005\000\003\202\002\001\000\022
+\345\102\246\173\213\017\014\344\106\245\266\140\100\207\214\045
+\176\255\270\150\056\133\306\100\166\074\003\370\311\131\364\363
+\253\142\316\020\215\264\132\144\214\150\300\260\162\103\064\322
+\033\013\366\054\123\322\312\220\113\206\146\374\252\203\042\364
+\213\032\157\046\110\254\166\167\010\277\305\230\134\364\046\211
+\236\173\303\271\144\062\001\177\323\303\335\130\155\354\261\253
+\204\125\164\167\204\004\047\122\153\206\114\316\335\271\145\377
+\326\306\136\237\232\020\231\113\165\152\376\152\351\227\040\344
+\344\166\172\306\320\044\252\220\315\040\220\272\107\144\373\177
+\007\263\123\170\265\012\142\362\163\103\316\101\053\201\152\056
+\205\026\224\123\324\153\137\162\042\253\121\055\102\325\000\234
+\231\277\336\273\224\073\127\375\232\365\206\313\126\073\133\210
+\001\345\174\050\113\003\371\111\203\174\262\177\174\343\355\216
+\241\177\140\123\216\125\235\120\064\022\017\267\227\173\154\207
+\112\104\347\365\155\354\200\067\360\130\031\156\112\150\166\360
+\037\222\344\352\265\222\323\141\121\020\013\255\247\331\137\307
+\137\334\037\243\134\214\241\176\233\267\236\323\126\157\146\136
+\007\226\040\355\013\164\373\146\116\213\021\025\351\201\111\176
+\157\260\324\120\177\042\327\137\145\002\015\246\364\205\036\330
+\256\006\113\112\247\322\061\146\302\370\316\345\010\246\244\002
+\226\104\150\127\304\325\063\317\031\057\024\304\224\034\173\244
+\331\360\237\016\261\200\342\321\236\021\144\251\210\021\072\166
+\202\345\142\302\200\330\244\203\355\223\357\174\057\220\260\062
+\114\226\025\150\110\122\324\231\010\300\044\350\034\343\263\245
+\041\016\222\300\220\037\317\040\137\312\073\070\307\267\155\072
+\363\346\104\270\016\061\153\210\216\160\353\234\027\122\250\101
+\224\056\207\266\347\246\022\305\165\337\133\300\012\156\173\244
+\344\136\206\371\066\224\337\167\303\351\015\300\071\361\171\273
+\106\216\253\103\131\047\267\040\273\043\351\126\100\041\354\061
+\075\145\252\103\362\075\337\160\104\341\272\115\046\020\073\230
+\237\363\310\216\033\070\126\041\152\121\223\323\221\312\106\332
+\211\267\075\123\203\054\010\037\213\217\123\335\377\254\037
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "Entrust Root Certification Authority - G4"
+# Issuer: CN=Entrust Root Certification Authority - G4,OU="(c) 2015 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US
+# Serial Number:00:d9:b5:43:7f:af:a9:39:0f:00:00:00:00:55:65:ad:58
+# Subject: CN=Entrust Root Certification Authority - G4,OU="(c) 2015 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US
+# Not Valid Before: Wed May 27 11:11:16 2015
+# Not Valid After : Sun Dec 27 11:41:16 2037
+# Fingerprint (SHA-256): DB:35:17:D1:F6:73:2A:2D:5A:B9:7C:53:3E:C7:07:79:EE:32:70:A6:2F:B4:AC:42:38:37:24:60:E6:F0:1E:88
+# Fingerprint (SHA1): 14:88:4E:86:26:37:B0:26:AF:59:62:5C:40:77:EC:35:29:BA:96:01
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Entrust Root Certification Authority - G4"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\024\210\116\206\046\067\260\046\257\131\142\134\100\167\354\065
+\051\272\226\001
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\211\123\361\203\043\267\174\216\005\361\214\161\070\116\037\210
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\276\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\026\060\024\006\003\125\004\012\023\015\105\156\164\162\165
+\163\164\054\040\111\156\143\056\061\050\060\046\006\003\125\004
+\013\023\037\123\145\145\040\167\167\167\056\145\156\164\162\165
+\163\164\056\156\145\164\057\154\145\147\141\154\055\164\145\162
+\155\163\061\071\060\067\006\003\125\004\013\023\060\050\143\051
+\040\062\060\061\065\040\105\156\164\162\165\163\164\054\040\111
+\156\143\056\040\055\040\146\157\162\040\141\165\164\150\157\162
+\151\172\145\144\040\165\163\145\040\157\156\154\171\061\062\060
+\060\006\003\125\004\003\023\051\105\156\164\162\165\163\164\040
+\122\157\157\164\040\103\145\162\164\151\146\151\143\141\164\151
+\157\156\040\101\165\164\150\157\162\151\164\171\040\055\040\107
+\064
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\021\000\331\265\103\177\257\251\071\017\000\000\000\000\125
+\145\255\130
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
diff --git a/lfs/ca-certificates b/lfs/ca-certificates
index 769f38217..aea240a5d 100644
--- a/lfs/ca-certificates
+++ b/lfs/ca-certificates
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 20191029
+VER        = 20191128
 
 THISAPP    = ca-certificates
 DIR_APP    = $(DIR_SRC)/$(THISAPP)