ELBA-2017-0644
- ULN >
- Oracle Linux Errata repository >
- ELBA-2017-0644
ELBA-2017-0644 - ca-certificates bug fix and enhancement update
| Type: | BUG |
| Impact: | NA |
| Release Date: | 2017-03-27 |
Description
[2016.2.10-65.4]
- fix a typo in the manual page
[2016.2.10-65.3]
- Update to CKBI 2.10 from NSS 3.27 with legacy modifications.
[2015.2.6-65.1]
- Update to CKBI 2.6 from NSS 3.21 with legacy modifications.
[2015.2.4-65.1]
- Update to CKBI 2.4 from NSS 3.18.1 with legacy modifications.
[2015.2.3-65.3]
- Fix a typo in the ca-legacy manual page (rhbz#1208850)
[2015.2.3-65.2]
- Include the legacy CA certificates in the classic TLS bundle, too.
[2015.2.3-65.1]
- Update to CKBI 2.3 from NSS 3.18 with legacy modifications.
- Add a patch to the source RPM that documents the changes from the
upstream version.
- Introduce the ca-legacy utility, a manual page, and the ca-legacy.conf
configuration file.
- The new scriptlets require the coreutils package.
- Remove the obsolete blacklist.txt file.
[2014.1.98-65.2]
- Add an alternative version of the 'Thawte Premium Server CA' root,
which carries a SHA1-RSA signature, to allow OpenJDK to verify applets
which contain that version of the root certificate (rhbz#1138230).
This change doesn't add trust for another key, because both versions
of the certificate use the same public key.
[2014.1.98-65.1]
- Rebuild, ensure y-stream uses larger release number than z-stream.
[2014.1.98-65.0]
- Update to CKBI 1.98 from NSS 3.16.1
[2013.1.95-65.1]
- Bump release number for consistency across branches
[2013.1.95-65.0]
- Update to CKBI 1.95 from NSS 3.15.3.1
[2013.1.94-65.0]
- Update to CKBI 1.94 from NSS 3.15
[2012.87-65.9]
- fix manpage format
[2012.87-65.8]
- improve manpage
[2012.87-65.7]
- ExcludeArch/ExclusiveArch doesn't work to enforce a build host
- Added comment that explains the special build requirements.
- Added a comment suggesting to keep the release number below the
ones used on RHEL 7.
- Fixed permissions of /etc/pki/java (thanks to stefw)
[2012.87-65.6]
- set a certificate alias in trusted bundle (thanks to Ludwig Nussel)
[2012.87-65.5]
- update required p11-kit version
[2012.87-65.4]
- attempt to handle unsupported downgrades, where the admin has enabled
legacy support, but downgrades to an old package that is incompatible
provide the new feature.
- move manual page to the man8 section (system administration commands)
- simplify the README files now that we have a manual page
[2012.87-65.3]
- added a manual page and related build requirements
- updated copyright sections in scripts
- enhance update-ca-trust script
[2012.87-65.2]
- update-ca-trust: Print warnings to stderr
[2012.87-65.1]
- update-ca-trust: Update p11-kit script path
- update-ca-trust: script uses bash not sh
[2012.87-65.0]
- Major rework introducing the SharedSystemCertificates feature,
disabled by default.
- Require the p11-kit package that contains tools to automatically create
other file format bundles.
- Added a update-ca-trust script which can be used to enable the
new system and to regenerate the merged trust output.
- Refer to the various README files that have been added for more detailed
explanation of the new system.
- No longer require rsc for building. Remove use of rcs/ident.
- Update source URLs and comments, add source file for version information.
- Add explanation for the future version numbering scheme,
because the old numbering scheme assumed upstream using cvs,
which is no longer true, and therefore can no longer be used.
[2010.63-4]
- fix inclusion of code-signing-only certs in .trust.crt
- exclude blacklisted root from java keystore too
- remove trust from DigiNotar root (#734678)
[2010.63-3]
- package /etc/ssl/certs symlink for third-party apps (#572725)
[2010.63-2]
- rebuild
[2010.63-1]
- update to certdata.txt r1.63
- use upstream RCS version in Version
[2010-4]
- fix ca-bundle.crt (#575111)
[2010-3]
- update to certdata.txt r1.58
- add /etc/pki/tls/certs/ca-bundle.trust.crt using 'TRUSTED CERTICATE' format
- exclude ECC certs from the Java cacerts database
- catch keytool failures
- fail parsing certdata.txt on finding untrusted but not blacklisted cert
[2010-2]
- fix Java cacert database generation: use Subject rather than Issuer
for alias name; add diagnostics; fix some alias names.
[2010-1]
- adopt Python certdata.txt parsing script from Debian
[2009-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
[2009-1]
- update to certdata.txt r1.53
[2008-8]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
[2008-7]
- update to certdata.txt r1.49
[2008-6]
- Change generate-cacerts.pl to produce pretty aliases.
[2008-5]
- include /etc/pki/tls/cert.pem symlink to ca-bundle.crt
[2008-4]
- use package name for temp dir, recreate it in prep
[2008-3]
- fix source script perms
- mark packaged files as config(noreplace)
[2008-2]
- add (but don't use) mkcabundle.pl
- tweak description
- use /usr/bin/keytool directly; BR java-openjdk
[2008-1]
- Initial build (#448497)
Updated Packages
| Release/Architecture | Filename | sha256 | Superseded By Advisory | Channel Label |
| Oracle Linux 6 (i386) | ca-certificates-2016.2.10-65.4.el6.src.rpm | 44c7d107edb4d6e0366be018f016893b692bc563cbf1408846949b2dee2598fc | ELBA-2022-10005 | ol6_i386_latest |
| ca-certificates-2016.2.10-65.4.el6.src.rpm | 44c7d107edb4d6e0366be018f016893b692bc563cbf1408846949b2dee2598fc | ELBA-2022-10005 | ol6_i386_latest_archive | |
| ca-certificates-2016.2.10-65.4.el6.src.rpm | 44c7d107edb4d6e0366be018f016893b692bc563cbf1408846949b2dee2598fc | ELBA-2022-10005 | ol6_u9_i386_base | |
| ca-certificates-2016.2.10-65.4.el6.noarch.rpm | ea40b3aca9d9be7eb56b61caf9362206878753960f51db6e5d0aa61d9142504f | ELBA-2022-10005 | ol6_i386_latest | |
| ca-certificates-2016.2.10-65.4.el6.noarch.rpm | ea40b3aca9d9be7eb56b61caf9362206878753960f51db6e5d0aa61d9142504f | ELBA-2022-10005 | ol6_i386_latest_archive | |
| ca-certificates-2016.2.10-65.4.el6.noarch.rpm | ea40b3aca9d9be7eb56b61caf9362206878753960f51db6e5d0aa61d9142504f | ELBA-2022-10005 | ol6_u9_i386_base | |
| Oracle Linux 6 (x86_64) | ca-certificates-2016.2.10-65.4.el6.src.rpm | 44c7d107edb4d6e0366be018f016893b692bc563cbf1408846949b2dee2598fc | ELBA-2022-10005 | ol6_u9_x86_64_base |
| ca-certificates-2016.2.10-65.4.el6.src.rpm | 44c7d107edb4d6e0366be018f016893b692bc563cbf1408846949b2dee2598fc | ELBA-2022-10005 | ol6_x86_64_latest | |
| ca-certificates-2016.2.10-65.4.el6.src.rpm | 44c7d107edb4d6e0366be018f016893b692bc563cbf1408846949b2dee2598fc | ELBA-2022-10005 | ol6_x86_64_latest_archive | |
| ca-certificates-2016.2.10-65.4.el6.noarch.rpm | ea40b3aca9d9be7eb56b61caf9362206878753960f51db6e5d0aa61d9142504f | ELBA-2022-10005 | exadata_dbserver_12.1.2.3.5_x86_64_base | |
| ca-certificates-2016.2.10-65.4.el6.noarch.rpm | ea40b3aca9d9be7eb56b61caf9362206878753960f51db6e5d0aa61d9142504f | ELBA-2022-10005 | exadata_dbserver_12.1.2.3.6_x86_64_base | |
| ca-certificates-2016.2.10-65.4.el6.noarch.rpm | ea40b3aca9d9be7eb56b61caf9362206878753960f51db6e5d0aa61d9142504f | ELBA-2022-10005 | exadata_dbserver_12.1.2.3.7_x86_64_base | |
| ca-certificates-2016.2.10-65.4.el6.noarch.rpm | ea40b3aca9d9be7eb56b61caf9362206878753960f51db6e5d0aa61d9142504f | ELBA-2022-10005 | exadata_dbserver_12.2.1.1.1_x86_64_base | |
| ca-certificates-2016.2.10-65.4.el6.noarch.rpm | ea40b3aca9d9be7eb56b61caf9362206878753960f51db6e5d0aa61d9142504f | ELBA-2022-10005 | exadata_dbserver_12.2.1.1.2_x86_64_base | |
| ca-certificates-2016.2.10-65.4.el6.noarch.rpm | ea40b3aca9d9be7eb56b61caf9362206878753960f51db6e5d0aa61d9142504f | ELBA-2022-10005 | ol6_u9_x86_64_base | |
| ca-certificates-2016.2.10-65.4.el6.noarch.rpm | ea40b3aca9d9be7eb56b61caf9362206878753960f51db6e5d0aa61d9142504f | ELBA-2022-10005 | ol6_x86_64_latest | |
| ca-certificates-2016.2.10-65.4.el6.noarch.rpm | ea40b3aca9d9be7eb56b61caf9362206878753960f51db6e5d0aa61d9142504f | ELBA-2022-10005 | ol6_x86_64_latest_archive | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
