This updates p11-kit and ca-certificates packages to allow new PKCS #11 flag CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER used in the newer certdata.

How to install

sudo dnf upgrade --advisory=FEDORA-2020-f7bb54009e

This update has been submitted for testing by ueno.

7 months ago

This update's test gating status has been changed to 'waiting'.

7 months ago

This update's test gating status has been changed to 'ignored'.

7 months ago

This update has been pushed to testing.

7 months ago
User Icon cmadams commented & provided feedback 7 months ago
karma

I just updated ca-certificates from F31 updates-testing without getting the p11-kit updates, and it broke certificate validation for all sites (including dnf trying to check the metalink). The ca-certificates update needs a requires on the newer version of p11-kit.

Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.

7 months ago
User Icon bojan commented & provided feedback 7 months ago
karma

Notwithstanding the command about missing dependency.

User Icon pizzadude commented & provided feedback 7 months ago
karma

Broke TLS in flatpak applications (discord and cawbird), had to downgrade both p11-kit and ca-certificates.

User Icon benjamind commented & provided feedback 7 months ago
karma

Perhaps not a concern if the advisory is installed or the update reaches stable, rather than just an upgrade to ca-certificates, but certificate validation broke entirely when I upgraded ca-certificates. I had to manually downgrade the package with an rpm downloaded on another device.

User Icon benjamind commented & provided feedback 7 months ago
karma

Correcting because it's not actually an issue for users.

@cmadams, yes, that's why this update contains both ca-certificates and p11-kit. @pizzadude, that's interesting; maybe the flatpak runtime needs an updated p11-kit.

Anyway I will drop ca-cerfificate from this update for now.

ueno edited this update.

Removed build(s):

  • ca-certificates-2020.2.40-1.0.fc31

Karma has been reset.

7 months ago

This update has been submitted for testing by ueno.

7 months ago

@ueno ca-certificates just needs to have its p11-kit version requirement updated to show the new dependency.

User Icon smithp commented & provided feedback 7 months ago
karma

+1

ueno edited this update.

New build(s):

  • p11-kit-0.23.20-1.fc31

Removed build(s):

  • p11-kit-0.23.19-1.fc31

Karma has been reset.

7 months ago

ueno edited this update.

New build(s):

  • ca-certificates-2020.2.40-1.1.fc31

Karma has been reset.

7 months ago

@cmadams right, re-added ca-certificates with a versioned dependency on p11-kit. thanks!

This update has been pushed to testing.

7 months ago
User Icon jayjayjazz commented & provided feedback 7 months ago
karma

LGTM

User Icon chr77 commented & provided feedback 7 months ago
karma

Works for me. No regressions noted compared to previous version.

This update can be pushed to stable now if the maintainer wishes

7 months ago
User Icon cmadams commented & provided feedback 6 months ago
karma

Looks good now!

User Icon pwalter commented & provided feedback 6 months ago
karma

Works

pwalter edited this update.

6 months ago
User Icon kuosmanen commented & provided feedback 6 months ago
karma

Looks good to me.

This update has been submitted for stable by bodhi.

6 months ago

This update has been pushed to stable.

6 months ago

Please login to add feedback.

Metadata
Type
enhancement
Karma
5
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
5
Stable by Time
14 days
Dates
submitted
7 months ago
in testing
7 months ago
in stable
6 months ago
modified
6 months ago

Automated Test Results