up to 20240203

diff --git a/blacklist.patch b/blacklist.patch
index 94792ae13a2fce4347ffd8c51bd60fa4cbdaa2aa..8b087f2b82e4fb17c48945bb65ae9ecb56cbcfd0 100644 (file)
--- a/blacklist.patch
+++ b/blacklist.patch
@@ -4,4 +4,4 @@
  "Explicitly Distrust DigiNotar Root CA"
  
  # Expired CAs
-+"E-Tugra Certification Authority"
++"Security Communication Root CA"

diff --git a/ca-certificates-etc-certs.patch b/ca-certificates-etc-certs.patch
index 597a163c40681d47e3cab8be4d5d290f2cad9758..6e30546aca8488f56cd1cce1011caba861318b4c 100644 (file)
--- a/ca-certificates-etc-certs.patch
+++ b/ca-certificates-etc-certs.patch
@@ -40,7 +40,7 @@
      rm -f "$PEM"
 @@ -111,24 +111,18 @@
  
- sed -e '/^$/d' -e '/^#/d' -e '/^!/d' "$CERTSCONF" | while read crt
+ sed -e '/^$/d' -e '/^#/d' -e '/^!/d' "$CERTSCONF" | while read -r crt
  do
 -  if ! test -f "$CERTSDIR/$crt"
 +  if test -f "$CERTSDIR/$crt"
@@ -61,7 +61,7 @@
 -# administrator.
 -if [ -d "$LOCALCERTSDIR" ]
 -then
--  find -L "$LOCALCERTSDIR" -type f -name '*.crt' | sort | while read crt
+-  find -L "$LOCALCERTSDIR" -type f -name '*.crt' | sort | while read -r crt
 -  do
 -    add "$crt"
 -  done

diff --git a/ca-certificates-undebianize.patch b/ca-certificates-undebianize.patch
index a7c4212c5f779400419f1c4cebd12da42221236d..6013e8846179aa4bde2fd9a9beb468771b313b0d 100644 (file)
--- a/ca-certificates-undebianize.patch
+++ b/ca-certificates-undebianize.patch
@@ -19,7 +19,7 @@
 -  echo "Running hooks in $HOOKSDIR..."
 -  VERBOSE_ARG=
 -  [ "$verbose" = 0 ] || VERBOSE_ARG="--verbose"
--  eval run-parts "$VERBOSE_ARG" --test -- "$HOOKSDIR" | while read hook
+-  eval run-parts "$VERBOSE_ARG" --test -- "$HOOKSDIR" | while read -r hook
 -  do
 -    ( cat "$ADDED"
 -      cat "$REMOVED" ) | "$hook" || echo "E: $hook exited with code $?."
@@ -40,19 +40,10 @@
  .SH SYNOPSIS
  .B update-ca-certificates
  .RI [ options ]
-@@ -26,7 +26,7 @@ This manual page documents briefly the
- command.
- .PP
- \fBupdate-ca-certificates\fP is a program that updates the directory
--/etc/ssl/certs to hold SSL certificates and generates ca-certificates.crt,
-+@openssldir@ to hold SSL certificates and generates ca-certificates.crt,
- a concatenated single-file list of certificates.
- .PP
- It reads the file /etc/ca-certificates.conf. Each line gives a pathname of
 @@ -38,11 +38,6 @@
- .PP
- Furthermore all certificates with a .crt extension found below
- /usr/local/share/ca-certificates are also included as implicitly trusted.
+ should be one certificate per file, and not multiple certificates in a single
+ file. Then run update-ca-certificates to merge the new certificates into the
+ existing machine store at /etc/ssl/certs.
 -.PP
 -Before terminating, \fBupdate-ca-certificates\fP invokes
 -\fBrun-parts\fP on /etc/ca-certificates/update.d and calls each hook with
@@ -61,19 +52,21 @@
  .SH OPTIONS
  A summary of options is included below.
  .TP
-@@ -53,13 +48,13 @@
+@@ -61,7 +61,7 @@
  Be verbose. Output \fBopenssl rehash\fP.
  .TP
  .B \-f, \-\-fresh
 -Fresh updates.  Remove symlinks in /etc/ssl/certs directory.
 +Fresh updates.  Remove symlinks in @openssldir@ directory.
- .SH FILES
  .TP
+ .B \-\-certsconf
+ Change the configuration file. By default, the file
+@@ -84,7 +84,7 @@
  .I /etc/ca-certificates.conf
  A configuration file.
  .TP
 -.I /etc/ssl/certs/ca-certificates.crt
 +.I /etc/openssl/ca-certificates.crt
- A single-file version of CA certificates.  This holds
- all CA certificates that you activated in /etc/ca-certificates.conf.
+ A single-file version of CA certificates. This holds all CA certificates
+ that were activated in /etc/ca-certificates.conf.
  .TP

diff --git a/ca-certificates.d.patch b/ca-certificates.d.patch
index 203a92e82747c192003cb2ce6943a66bbf9c0a1b..2c91adb2ed0cea2c0808258c9ed9bb78de88f2fd 100644 (file)
--- a/ca-certificates.d.patch
+++ b/ca-certificates.d.patch
@@ -22,7 +22,7 @@
  
 -# Handle certificates that should be removed.  This is an explicit act
 -# by prefixing lines in the configuration files with exclamation marks (!).
--sed -n -e '/^$/d' -e 's/^!//p' "$CERTSCONF" | while read crt
+-sed -n -e '/^$/d' -e 's/^!//p' "$CERTSCONF" | while read -r crt
 -do
 -  remove "$CERTSDIR/$crt"
 -done
@@ -32,12 +32,12 @@
 +
 +  # Handle certificates that should be removed.  This is an explicit act
 +  # by prefixing lines in the configuration files with exclamation marks (!).
-+  sed -n -e '/^$/d' -e 's/^!//p' $conf | while read crt
++  sed -n -e '/^$/d' -e 's/^!//p' $conf | while read -r crt
 +  do
 +    remove "$CERTSDIR/$crt"
 +  done
  
--sed -e '/^$/d' -e '/^#/d' -e '/^!/d' "$CERTSCONF" | while read crt
+-sed -e '/^$/d' -e '/^#/d' -e '/^!/d' "$CERTSCONF" | while read -r crt
 -do
 -  if test -f "$CERTSDIR/$crt"
 -   then
@@ -49,7 +49,7 @@
 -    echo "W: $CERTSDIR/$crt or $LOCALCERTSDIR/$crt not found, but listed in $CERTSCONF." >&2
 -    continue
 -  fi
-+  sed -e '/^$/d' -e '/^#/d' -e '/^!/d' $conf | while read crt
++  sed -e '/^$/d' -e '/^#/d' -e '/^!/d' $conf | while read -r crt
 +  do
 +    if test -f "$CERTSDIR/$crt"
 +    then

diff --git a/ca-certificates.spec b/ca-certificates.spec
index 1a8c0490a8b97a7a2927b0bf8db3552f9f7d0404..5f8f48172746203d64719e442ebbb424d3e98d6b 100644 (file)
--- a/ca-certificates.spec
+++ b/ca-certificates.spec
@@ -11,13 +11,13 @@
 Summary:       Common CA Certificates PEM files
 Summary(pl.UTF-8):     Pliki PEM popularnych certyfikatów CA
 Name:          ca-certificates
-%define        ver_date        20230311
+%define        ver_date        20240203
 Version:       %{ver_date}
-Release:       2
+Release:       1
 License:       GPL v2 (scripts), MPL v2 (mozilla certs), distributable (other certs)
 Group:         Base
 Source0:       http://ftp.debian.org/debian/pool/main/c/ca-certificates/%{name}_%{version}.tar.xz
-# Source0-md5: fc1c3ec0067385f0be8ac7f6e670a0f8
+# Source0-md5: 228129ccf8cd99b991d771c44dd4052c
 Source2:       http://www.certum.pl/keys/CA.pem
 # Source2-md5: 35610177afc9c64e70f1ce62c1885496
 Source14:      http://www.certum.pl/CTNCA.pem