Bug 1722213 - Update ca-certificates
Summary: Update ca-certificates
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: ca-certificates
Version: 31
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
Assignee: Bob Relyea
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On: 1689628
Blocks: 1722211
TreeView+ depends on / blocked
 
Reported: 2019-06-19 17:15 UTC by Bob Relyea
Modified: 2020-07-03 01:37 UTC (History)
9 users (show)

Fixed In Version: ca-certificates-2019.2.32-2.fc31 ca-certificates-2020.2.41-1.1.fc31
Clone Of: 1689628
Environment:
Last Closed: 2020-06-16 19:54:25 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Bob Relyea 2019-06-19 17:15:54 UTC 
+++ This bug was initially created as a clone of Bug #1689628 +++

ca-certificates currently matches NSS 3.39 in all current Fedora branches.  That puts us several months behind, during which there have been several additions and removals:

https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.40_release_notes
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41_release_notes
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.43_release_notes

Please update ca-certificates to match NSS 3.43 ASAP.

--- Additional comment from Yaakov Selkowitz on 2019-05-02 08:09 PDT ---

Update to CKBI 2.30 from NSS 3.43

Scratch build: https://koji.fedoraproject.org/koji/taskinfo?taskID=34580195
Comment 1 Bob Relyea 2019-06-19 17:45:56 UTC 
fixed in ca-certificates-2019.2.32-2.fc31 for rawhide
Upgrading 2018.2.26 -> 2019.2.32:
*Wed Jun 19 2019 Bob Relyea <rrelyea> 2019.2.32-1.0
 - Update to CKBI 2.32 from NSS 3.44
   Removing: 
    # Certificate "Visa eCommerce Root"
    # Certificate "AC Raiz Certicamara S.A."
    # Certificate "Certplus Root CA G1"
    # Certificate "Certplus Root CA G2"
    # Certificate "OpenTrust Root CA G1"
    # Certificate "OpenTrust Root CA G2"
    # Certificate "OpenTrust Root CA G3"
   Adding: 
    # Certificate "GTS Root R1"
    # Certificate "GTS Root R2"
    # Certificate "GTS Root R3"
    # Certificate "GTS Root R4"
    # Certificate "UCA Global G2 Root"
    # Certificate "UCA Extended Validation Root"
    # Certificate "Certigna Root CA"
    # Certificate "emSign Root CA - G1"
    # Certificate "emSign ECC Root CA - G3"
    # Certificate "emSign Root CA - C1"
    # Certificate "emSign ECC Root CA - C3"
    # Certificate "Hongkong Post Root CA 3"
Comment 2 Ben Cotton 2019-08-13 16:57:24 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 31 development cycle.
Changing version to '31'.
Comment 3 Ben Cotton 2019-08-13 19:09:58 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 31 development cycle.
Changing version to 31.
Comment 4 Adam Williamson 2020-06-16 19:54:25 UTC 
Don't see any reason why this would still be open.
Comment 5 Fedora Update System 2020-06-16 22:56:27 UTC 
FEDORA-2020-dfa2b94854 has been submitted as an update to Fedora 31. https://bodhi.fedoraproject.org/updates/FEDORA-2020-dfa2b94854
Comment 6 Fedora Update System 2020-06-18 13:41:10 UTC 
FEDORA-2020-dfa2b94854 has been pushed to the Fedora 31 testing repository.
In short time you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-dfa2b94854`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-dfa2b94854

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 7 Fedora Update System 2020-07-03 01:37:12 UTC 
FEDORA-2020-dfa2b94854 has been pushed to the Fedora 31 stable repository.
If problem still persists, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.