Adding:

# Certificate "TWCA CYBER Root CA" # Certificate "TWCA Global Root CA G2" # Certificate "SecureSign Root CA12" # Certificate "SecureSign Root CA14" # Certificate "SecureSign Root CA15" # Certificate "D-TRUST BR Root CA 2 2023" # Certificate "TrustAsia SMIME ECC Root CA" # Certificate "TrustAsia SMIME RSA Root CA" # Certificate "TrustAsia TLS ECC Root CA" # Certificate "TrustAsia TLS RSA Root CA" # Certificate "D-TRUST EV Root CA 2 2023" # Certificate "SwissSign RSA SMIME Root CA 2022 - 1" # Certificate "SwissSign RSA TLS Root CA 2022 - 1"
Update to CKBI 2.69_v8.0.401 from NSS 3.103
2025-08-26 13:36:24 +02:00 · 2024-09-23 14:50:24 +02:00 · 2024-09-09 11:29:44 +02:00
3 changed files with 2981 additions and 632 deletions
--- a/ca-certificates.spec
+++ b/ca-certificates.spec
@ -35,10 +35,10 @@ Name: ca-certificates
 # to have increasing version numbers. However, the new scheme will work, 
 # because all future versions will start with 2013 or larger.)

-Version: 2024.2.68_v8.0.302
+Version: 2025.2.80_v9.0.304
 # for Rawhide, please always use release >= 2
 # for Fedora release branches, please use release < 2 (1.0, 1.1, ...)
-Release: 4%{?dist}
+Release: 1.0%{?dist}
 License: MIT AND GPL-2.0-or-later

 URL: https://fedoraproject.org/wiki/CA-Certificates
@ -76,6 +76,8 @@ Requires(post): p11-kit >= 0.24
 Requires(post): p11-kit-trust >= 0.24
 Requires: p11-kit >= 0.24
 Requires: p11-kit-trust >= 0.24
+Requires: libffi
+Requires(post): libffi

 BuildRequires: perl-interpreter
 BuildRequires: python3
@ -400,6 +402,32 @@ fi


 %changelog
+*Tue Aug 26 2025 rhel-developer-toolbox <krenzelok.frantisek@gmail.com> - 2025.2.80_v9.0.304-1.0
+- Update to CKBI 2.80_v9.0.304 from NSS 3.114
+-    Adding:
+-     # Certificate "TWCA CYBER Root CA"
+-     # Certificate "TWCA Global Root CA G2"
+-     # Certificate "SecureSign Root CA12"
+-     # Certificate "SecureSign Root CA14"
+-     # Certificate "SecureSign Root CA15"
+-     # Certificate "D-TRUST BR Root CA 2 2023"
+-     # Certificate "TrustAsia SMIME ECC Root CA"
+-     # Certificate "TrustAsia SMIME RSA Root CA"
+-     # Certificate "TrustAsia TLS ECC Root CA"
+-     # Certificate "TrustAsia TLS RSA Root CA"
+-     # Certificate "D-TRUST EV Root CA 2 2023"
+-     # Certificate "SwissSign RSA SMIME Root CA 2022 - 1"
+-     # Certificate "SwissSign RSA TLS Root CA 2022 - 1"
+
+*Mon Sep 23 2024 Frantisek Krenzelok <fkrenzel@redhat.com> - 2024.2.69_v8.0.401-1.0
+- Update to CKBI 2.69_v8.0.401 from NSS 3.103
+-    Adding:
+-     # Certificate "Sectigo Public Code Signing Root R46"
+-     # Certificate "Sectigo Public Code Signing Root E46"
+
+*Mon Jul 29 2024 Frantisek Krenzelok <fkrenzel@redhat.com> - 2024.2.68_v8.0.302-5
+- Add libffi to required packages
+
 *Thu Jul 18 2024 Frantisek Krenzelok <fkrenzel@redhat.com> - 2024.2.68_v8.0.302-4
 - Remove blacklist use blocklist-only.

--- a/certdata.txt
+++ b/certdata.txt
--- a/nssckbi.h
+++ b/nssckbi.h
@ -46,8 +46,8 @@
 * It's recommend to switch back to 0 after having reached version 98/99.
 */
 #define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 2
-#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 68
-#define NSS_BUILTINS_LIBRARY_VERSION "2.68"
+#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 80
+#define NSS_BUILTINS_LIBRARY_VERSION "2.80"

 /* These version numbers detail the semantic changes to the ckfw engine. */
 #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1