From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id CBD5D1396D2 for ; Tue, 8 Aug 2017 07:41:02 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 053D6E0BE0; Tue, 8 Aug 2017 07:41:02 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id D3179E0BCB for ; Tue, 8 Aug 2017 07:41:01 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id C3CBE3419C3 for ; Tue, 8 Aug 2017 07:41:00 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 3877C75F7 for ; Tue, 8 Aug 2017 07:40:59 +0000 (UTC) From: "Lars Wendler" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Lars Wendler" Message-ID: <1502178050.b2cae8b25d30cee6412433139fbc323f08cffb8a.polynomial-c@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/ X-VCS-Repository: repo/gentoo X-VCS-Files: app-misc/ca-certificates/ca-certificates-20161130.3.30.2.ebuild X-VCS-Directories: app-misc/ca-certificates/ X-VCS-Committer: polynomial-c X-VCS-Committer-Name: Lars Wendler X-VCS-Revision: b2cae8b25d30cee6412433139fbc323f08cffb8a X-VCS-Branch: master Date: Tue, 8 Aug 2017 07:40:59 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 96aa182f-37b0-475a-bcd9-26dc825a8620 X-Archives-Hash: 168af6658be2dd5526846979cb050c49 commit: b2cae8b25d30cee6412433139fbc323f08cffb8a Author: Lars Wendler gentoo org> AuthorDate: Tue Aug 8 07:38:15 2017 +0000 Commit: Lars Wendler gentoo org> CommitDate: Tue Aug 8 07:40:50 2017 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b2cae8b2 app-misc/ca-certificates: Fixed removal of untrusted certs (#616002). Package-Manager: Portage-2.3.6, Repoman-2.3.3 .../ca-certificates/ca-certificates-20161130.3.30.2.ebuild | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/app-misc/ca-certificates/ca-certificates-20161130.3.30.2.ebuild b/app-misc/ca-certificates/ca-certificates-20161130.3.30.2.ebuild index a72077ebef8..45efcd9d581 100644 --- a/app-misc/ca-certificates/ca-certificates-20161130.3.30.2.ebuild +++ b/app-misc/ca-certificates/ca-certificates-20161130.3.30.2.ebuild @@ -138,9 +138,15 @@ src_compile() { fi if ! use insecure_certs ; then + elog "To prevent applications relying on system's trusted root certificate store" + elog "from using CAs where at least one major browser vendor Gentoo is following" + elog "has decided to apply trust level restrictions, the following" + elog "certificate(s) were removed:" # Remove untrusted certs from StartCom and WoSign (bug #598072) - rm "${c}"/mozilla/StartCom* || die - rm "${c}"/mozilla/WoSign* || die + elog "$(find "${c}" -type f \( \ + -iname '*startcom*' \ + -o -iname '*wosign*' \ + \) -printf '%P removed; see https://bugs.gentoo.org/598072 for details\n' -delete)" fi (