{"update": {"autokarma": false, "autotime": false, "stable_karma": 3, "stable_days": 0, "unstable_karma": -3, "require_bugs": true, "require_testcases": true, "display_name": "", "notes": "This update supports a new PKCS#11 attribute CKA_NSS_MOZILLA_CA_POLICY. The attribute has been defined by NSS version 3.30. The attribute is expected to be set to true for CA certificates that have been added as part of the Mozilla CA Policy process.\n\nThe enhancement is required for compatibility with the future Firefox 54 release, which will query this attribute when accessing root CA certificates from the loaded CA trust module. On Fedora, Firefox is configured to access the p11-kit-trust module, instead of the NSS CA trust module nssckbi. This change to the ca-certificates package will make the attribute available to p11-kit-trust and Firefox.\n\nSupport for this new attribute requires p11-kit-trust version and build 0.23.2-3, which contains the relevant backported functionality from upstream version 0.23.5.\n\nTo enable the addition of this attribute, the ca-certificates package has been changed to use p11-kit-trust's flexible p11-kit-object-v1 file format for the internal packaging of the CA certificates list.\n\nThe update-ca-trust command has been changed to add comments to extracted PEM format files.\n\nThe changes in this package version shouldn't affect any existing functionality or trust.\n", "type": "enhancement", "status": "stable", "request": null, "severity": "unspecified", "suggest": "unspecified", "locked": false, "pushed": true, "critpath": true, "critpath_groups": null, "close_bugs": true, "date_submitted": "2017-04-05 12:37:08", "date_modified": null, "date_approved": null, "date_testing": "2017-04-13 14:10:48", "date_stable": "2017-04-19 16:59:10", "alias": "FEDORA-2017-3753e75f72", "test_gating_status": null, "from_tag": null, "date_pushed": "2017-04-19 16:59:10", "meets_testing_requirements": false, "url": "https://bodhi.stg.fedoraproject.org/updates/FEDORA-2017-3753e75f72", "title": "ca-certificates-2017.2.11-1.1.fc24", "version_hash": "7b8531451493c90456018cfddd6b60497225bcad", "release": {"name": "F24", "long_name": "Fedora 24", "version": "24", "id_prefix": "FEDORA", "branch": "f24", "dist_tag": "f24", "stable_tag": "f24-updates", "testing_tag": "f24-updates-testing", "candidate_tag": "f24-updates-candidate", "pending_signing_tag": "f24-signing-pending", "pending_testing_tag": "f24-updates-testing-pending", "pending_stable_tag": "f24-updates-pending", "override_tag": "f24-override", "mail_template": "fedora_errata_template", "state": "archived", "composed_by_bodhi": true, "create_automatic_updates": null, "package_manager": "dnf", "testing_repository": "updates-testing", "released_on": null, "eol": null, "critpath_mandatory_days_in_testing": 14, "mandatory_days_in_testing": 7, "critpath_min_karma": 2, "min_karma": 1, "setting_status": null}, "user": {"name": "kengert", "email": "kai-engert-fedora@kuix.de", "id": 1030, "avatar": "https://seccdn.libravatar.org/avatar/1f8015896a445a65769ff0da04232eeba4b2f70c4cc625310d621534ab032b1c?s=24&d=retro", "openid": "kengert.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "provenpackager"}]}, "comments": [{"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for testing by kengert. ", "timestamp": "2017-04-05 12:37:08", "update_id": 84359, "user_id": 91, "id": 588205, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to testing.", "timestamp": "2017-04-05 19:54:58", "update_id": 84359, "user_id": 91, "id": 588443, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 1, "karma_critpath": 0, "text": "no regressions noted", "timestamp": "2017-04-07 00:43:47", "update_id": 84359, "user_id": 124, "id": 589249, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "filiperosset", "email": "rosset.filipe@gmail.com", "id": 124, "avatar": "https://seccdn.libravatar.org/avatar/f4394b8fb4c9a99c4b534dc724912fe75a5b87fe15048985ece8388c2441d0ca?s=24&d=retro", "openid": "filiperosset.id.stg.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "provenpackager"}, {"name": "packager"}, {"name": "trust admins"}, {"name": "signed_fpca"}, {"name": "fedora-contributor"}, {"name": "l10n"}, {"name": "cvsl10n"}, {"name": "ipausers"}, {"name": "fedora-br"}, {"name": "fedorabugs"}, {"name": "ambassadors"}]}}, {"karma": 1, "karma_critpath": 0, "text": "works for me", "timestamp": "2017-04-07 15:31:29", "update_id": 84359, "user_id": 2998, "id": 589672, "bug_feedback": [{"karma": 0, "comment_id": 589672, "bug_id": 1418741, "bug": {"bug_id": 1418741, "title": "Change the CA + trust input format given from ca-certificates to p11-kit-trust", "security": false, "parent": false}}, {"karma": 0, "comment_id": 589672, "bug_id": 1418739, "bug": {"bug_id": 1418739, "title": "ca-certificates must set the nss-mozilla-ca-policy pkcs#11 attribute for Mozilla CAs", "security": false, "parent": false}}], "testcase_feedback": [], "user": {"name": "samoht0", "email": "samoht0-bugzilla@yahoo.com", "id": 2998, "avatar": "https://seccdn.libravatar.org/avatar/4a429e081c6c9f7b9d9cd4a3f4037fc93517c13e17258f8549f2d2f85f0912e7?s=24&d=retro", "openid": "samoht0.id.stg.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "trust admins"}]}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for stable by kengert. ", "timestamp": "2017-04-13 11:47:18", "update_id": 84359, "user_id": 91, "id": 592938, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been unpushed.", "timestamp": "2017-04-13 11:49:58", "update_id": 84359, "user_id": 1030, "id": 592942, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "kengert", "email": "kai-engert-fedora@kuix.de", "id": 1030, "avatar": "https://seccdn.libravatar.org/avatar/1f8015896a445a65769ff0da04232eeba4b2f70c4cc625310d621534ab032b1c?s=24&d=retro", "openid": "kengert.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "provenpackager"}]}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for testing by kengert. ", "timestamp": "2017-04-13 11:50:43", "update_id": 84359, "user_id": 91, "id": 592944, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to testing.", "timestamp": "2017-04-13 15:21:17", "update_id": 84359, "user_id": 91, "id": 593036, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 1, "karma_critpath": 0, "text": "works for me", "timestamp": "2017-04-15 02:36:38", "update_id": 84359, "user_id": 182, "id": 593797, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "hreindl", "email": "h.reindl@thelounge.net", "id": 182, "avatar": "https://seccdn.libravatar.org/avatar/664e0d25c0404b7a153b4dbc5dc1f3d1be6a2e9fd91115fbb929fe16a55d21d7?s=24&d=retro", "openid": "hreindl.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for stable by kengert. ", "timestamp": "2017-04-19 10:38:06", "update_id": 84359, "user_id": 91, "id": 595782, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to stable.", "timestamp": "2017-04-19 22:18:36", "update_id": 84359, "user_id": 91, "id": 596095, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}], "builds": [{"nvr": "ca-certificates-2017.2.11-1.1.fc24", "signed": true, "release_id": 14, "type": "rpm", "epoch": 0}], "bugs": [{"bug_id": 1418739, "title": "ca-certificates must set the nss-mozilla-ca-policy pkcs#11 attribute for Mozilla CAs", "security": false, "parent": false, "feedback": [{"karma": 0, "comment_id": 588597, "bug_id": 1418739, "comment": {"karma": 1, "karma_critpath": 1, "text": "Works here on x86_64.", "timestamp": "2017-04-05 22:55:33", "update_id": 84354, "user_id": 198, "id": 588597, "testcase_feedback": [], "user": {"name": "bojan", "email": "bojan@rexursive.com", "id": 198, "avatar": "https://seccdn.libravatar.org/avatar/adb4c3f28bd6969871988f992b1bf71e404f03e3570fbfa0fc9bd7d0bf0003f8?s=24&d=retro", "openid": "bojan.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}}, {"karma": 0, "comment_id": 589100, "bug_id": 1418739, "comment": {"karma": 1, "karma_critpath": 1, "text": "", "timestamp": "2017-04-06 21:56:42", "update_id": 84354, "user_id": 3508, "id": 589100, "testcase_feedback": [], "user": {"name": "alciregi", "email": "alciregi@posteo.net", "id": 3508, "avatar": "https://seccdn.libravatar.org/avatar/614b820b4858bf877566255c8126286f39536cf4cc1a85010923262801aa563e?s=24&d=retro", "openid": "alciregi.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ask-fedora"}, {"name": "cvsl10n"}, {"name": "respins-sig"}, {"name": "wikiedit"}, {"name": "l10n"}, {"name": "signed_fpca"}, {"name": "advocates"}, {"name": "ambassadors"}, {"name": "fedora-join"}, {"name": "fedora-contributor"}, {"name": "ipausers"}, {"name": "neuro-sig"}, {"name": "qa"}, {"name": "fedorabugs"}, {"name": "common-issues-triage"}]}}}, {"karma": 0, "comment_id": 589672, "bug_id": 1418739, "comment": {"karma": 1, "karma_critpath": 0, "text": "works for me", "timestamp": "2017-04-07 15:31:29", "update_id": 84359, "user_id": 2998, "id": 589672, "testcase_feedback": [], "user": {"name": "samoht0", "email": "samoht0-bugzilla@yahoo.com", "id": 2998, "avatar": "https://seccdn.libravatar.org/avatar/4a429e081c6c9f7b9d9cd4a3f4037fc93517c13e17258f8549f2d2f85f0912e7?s=24&d=retro", "openid": "samoht0.id.stg.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "trust admins"}]}}}]}, {"bug_id": 1418741, "title": "Change the CA + trust input format given from ca-certificates to p11-kit-trust", "security": false, "parent": false, "feedback": [{"karma": 0, "comment_id": 588597, "bug_id": 1418741, "comment": {"karma": 1, "karma_critpath": 1, "text": "Works here on x86_64.", "timestamp": "2017-04-05 22:55:33", "update_id": 84354, "user_id": 198, "id": 588597, "testcase_feedback": [], "user": {"name": "bojan", "email": "bojan@rexursive.com", "id": 198, "avatar": "https://seccdn.libravatar.org/avatar/adb4c3f28bd6969871988f992b1bf71e404f03e3570fbfa0fc9bd7d0bf0003f8?s=24&d=retro", "openid": "bojan.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}}, {"karma": 0, "comment_id": 589100, "bug_id": 1418741, "comment": {"karma": 1, "karma_critpath": 1, "text": "", "timestamp": "2017-04-06 21:56:42", "update_id": 84354, "user_id": 3508, "id": 589100, "testcase_feedback": [], "user": {"name": "alciregi", "email": "alciregi@posteo.net", "id": 3508, "avatar": "https://seccdn.libravatar.org/avatar/614b820b4858bf877566255c8126286f39536cf4cc1a85010923262801aa563e?s=24&d=retro", "openid": "alciregi.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ask-fedora"}, {"name": "cvsl10n"}, {"name": "respins-sig"}, {"name": "wikiedit"}, {"name": "l10n"}, {"name": "signed_fpca"}, {"name": "advocates"}, {"name": "ambassadors"}, {"name": "fedora-join"}, {"name": "fedora-contributor"}, {"name": "ipausers"}, {"name": "neuro-sig"}, {"name": "qa"}, {"name": "fedorabugs"}, {"name": "common-issues-triage"}]}}}, {"karma": 0, "comment_id": 589672, "bug_id": 1418741, "comment": {"karma": 1, "karma_critpath": 0, "text": "works for me", "timestamp": "2017-04-07 15:31:29", "update_id": 84359, "user_id": 2998, "id": 589672, "testcase_feedback": [], "user": {"name": "samoht0", "email": "samoht0-bugzilla@yahoo.com", "id": 2998, "avatar": "https://seccdn.libravatar.org/avatar/4a429e081c6c9f7b9d9cd4a3f4037fc93517c13e17258f8549f2d2f85f0912e7?s=24&d=retro", "openid": "samoht0.id.stg.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "trust admins"}]}}}]}], "updateid": "FEDORA-2017-3753e75f72", "karma": 3, "content_type": "rpm", "test_cases": []}, "can_edit": false, "ci_allowed": false}