Development January 2019

development@lists.ipfire.org

16 participants
57 discussions

[PATCH] Suricata: drop unused cuda HW acceleration
by Peter Müller 29 Jan '19

29 Jan '19

As stated in https://bugzilla.ipfire.org/show_bug.cgi?id=11808#c5 , Cuda hardware acceleration is unused and so the configuration file section can be removed. This partially addresses #11808. Signed-off-by: Peter Müller <peter.mueller(a)link38.eu> Cc: Stefan Schantl <stefan.schantl(a)ipfire.org> --- config/suricata/suricata.yaml | 35 ----------------------------------- 1 file changed, 35 deletions(-) diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml index 94e13f501..55b6c05cf 100644 --- a/config/suricata/suricata.yaml +++ b/config/suricata/suricata.yaml @@ -933,41 +933,6 @@ profiling: filename: pcaplog_stats.log append: yes -## -## Hardware accelaration -## - -# Cuda configuration. -cuda: - # The "mpm" profile. On not specifying any of these parameters, the engine's - # internal default values are used, which are same as the ones specified in - # in the default conf file. - mpm: - # The minimum length required to buffer data to the gpu. - # Anything below this is MPM'ed on the CPU. - # Can be specified in kb, mb, gb. Just a number indicates it's in bytes. - # A value of 0 indicates there's no limit. - data-buffer-size-min-limit: 0 - # The maximum length for data that we would buffer to the gpu. - # Anything over this is MPM'ed on the CPU. - # Can be specified in kb, mb, gb. Just a number indicates it's in bytes. - data-buffer-size-max-limit: 1500 - # The ring buffer size used by the CudaBuffer API to buffer data. - cudabuffer-buffer-size: 500mb - # The max chunk size that can be sent to the gpu in a single go. - gpu-transfer-size: 50mb - # The timeout limit for batching of packets in microseconds. - batching-timeout: 2000 - # The device to use for the mpm. Currently we don't support load balancing - # on multiple gpus. In case you have multiple devices on your system, you - # can specify the device to use, using this conf. By default we hold 0, to - # specify the first device cuda sees. To find out device-id associated with - # the card(s) on the system run "suricata --list-cuda-cards". - device-id: 0 - # No of Cuda streams used for asynchronous processing. All values > 0 are valid. - # For this option you need a device with Compute Capability > 1.0. - cuda-streams: 2 - ## ## Include other configs ## -- 2.16.4

2 1

[PATCH] suricata: Scan outgoing traffic, too
by Michael Tremer 29 Jan '19

29 Jan '19

Connections from the firewall and through the proxy must be filtered, too Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org> --- src/initscripts/system/firewall | 1 + 1 file changed, 1 insertion(+) diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall index 9a79cb1..a4fcee2 100644 --- a/src/initscripts/system/firewall +++ b/src/initscripts/system/firewall @@ -189,6 +189,7 @@ iptables_init() { iptables -N IPS iptables -A INPUT -j IPS iptables -A FORWARD -j IPS + iptables -A OUTPUT -j IPS # Block non-established IPsec networks iptables -N IPSECBLOCK -- 2.6.3

2 1

Core 127 - system TFO setting is missing in sysctl.conf
by ummeegge 29 Jan '19

29 Jan '19

Regarding to the Core 127 announcement where it has been outlined that the "system is now using TCP fast-open where possible" i wanted to report that the regarding patch --> https://patchwork.ipfire.org/patch/2001/ is possibly missing cause the responsible line in sysctl.conf net.ipv4.tcp_fastopen = 3 is after an update to Core 127 not presant. Best, Erik

2 1

[PATCH] ghostscript: Update to 9.26
by Matthias Fischer 28 Jan '19

28 Jan '19

For details see: https://www.ghostscript.com/doc/9.26/News.htm This version fixes CVE-2019-6116 ("code execution via subroutines within pseudo-operators") Some details (german) can be found here: https://www.heise.de/security/meldung/Boeser-Bug-in-PostScript-trifft-ghost… I saw this article and found it could be the time for an update... Building went through with no errors, but I can't test this here, so please: Could someone please check and confirm!? Best, Matthias Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org> --- config/rootfiles/packages/ghostscript | 471 +++++++++++--------------- lfs/ghostscript | 6 +- 2 files changed, 206 insertions(+), 271 deletions(-) diff --git a/config/rootfiles/packages/ghostscript b/config/rootfiles/packages/ghostscript index c15ec1a5e..dd45b5348 100644 --- a/config/rootfiles/packages/ghostscript +++ b/config/rootfiles/packages/ghostscript @@ -1,6 +1,5 @@ usr/bin/dvipdf usr/bin/eps2eps -usr/bin/font2c usr/bin/gs usr/bin/gsbj usr/bin/gsdj @@ -25,270 +24,210 @@ usr/bin/ps2pdfwr usr/bin/ps2ps usr/bin/ps2ps2 usr/bin/unix-lpr.sh -usr/bin/wftopfa +#usr/share/doc/ghostscript +#usr/share/doc/ghostscript/9.26 +#usr/share/doc/ghostscript/9.26/API.htm +#usr/share/doc/ghostscript/9.26/C-style.htm +#usr/share/doc/ghostscript/9.26/Commprod.htm +#usr/share/doc/ghostscript/9.26/DLL.htm +#usr/share/doc/ghostscript/9.26/Deprecated.htm +#usr/share/doc/ghostscript/9.26/Develop.htm +#usr/share/doc/ghostscript/9.26/Devices.htm +#usr/share/doc/ghostscript/9.26/Drivers.htm +#usr/share/doc/ghostscript/9.26/Fonts.htm +#usr/share/doc/ghostscript/9.26/GS9_Color_Management.pdf +#usr/share/doc/ghostscript/9.26/History9.htm +#usr/share/doc/ghostscript/9.26/Install.htm +#usr/share/doc/ghostscript/9.26/Language.htm +#usr/share/doc/ghostscript/9.26/Lib.htm +#usr/share/doc/ghostscript/9.26/Make.htm +#usr/share/doc/ghostscript/9.26/News.htm +#usr/share/doc/ghostscript/9.26/Ps-style.htm +#usr/share/doc/ghostscript/9.26/Ps2epsi.htm +#usr/share/doc/ghostscript/9.26/Psfiles.htm +#usr/share/doc/ghostscript/9.26/Readme.htm +#usr/share/doc/ghostscript/9.26/Release.htm +#usr/share/doc/ghostscript/9.26/SavedPages.htm +#usr/share/doc/ghostscript/9.26/Source.htm +#usr/share/doc/ghostscript/9.26/Unix-lpr.htm +#usr/share/doc/ghostscript/9.26/Use.htm +#usr/share/doc/ghostscript/9.26/VectorDevices.htm +#usr/share/doc/ghostscript/9.26/WhatIsGS.htm +#usr/share/doc/ghostscript/9.26/gdevds32.c +#usr/share/doc/ghostscript/9.26/gs-style.css +#usr/share/doc/ghostscript/9.26/images +#usr/share/doc/ghostscript/9.26/images/Artifex_logo.png +#usr/share/doc/ghostscript/9.26/images/favicon.png +#usr/share/doc/ghostscript/9.26/images/ghostscript_logo.png +#usr/share/doc/ghostscript/9.26/images/hamburger-light.png +#usr/share/doc/ghostscript/9.26/images/x-light.png +#usr/share/doc/ghostscript/9.26/index.html +#usr/share/doc/ghostscript/9.26/index.js +#usr/share/doc/ghostscript/9.26/pscet_status.txt +#usr/share/doc/ghostscript/9.26/sample_downscale_device.htm +#usr/share/doc/ghostscript/9.26/style.css +#usr/share/doc/ghostscript/9.26/subclass.htm +#usr/share/doc/ghostscript/9.26/thirdparty.htm #usr/share/ghostscript -#usr/share/ghostscript/9.20 -#usr/share/ghostscript/9.20/doc -#usr/share/ghostscript/9.20/doc/API.htm -#usr/share/ghostscript/9.20/doc/AUTHORS -#usr/share/ghostscript/9.20/doc/C-style.htm -#usr/share/ghostscript/9.20/doc/COPYING -#usr/share/ghostscript/9.20/doc/Changes.htm -#usr/share/ghostscript/9.20/doc/Commprod.htm -#usr/share/ghostscript/9.20/doc/DLL.htm -#usr/share/ghostscript/9.20/doc/Deprecated.htm -#usr/share/ghostscript/9.20/doc/Details.htm -#usr/share/ghostscript/9.20/doc/Details8.htm -#usr/share/ghostscript/9.20/doc/Details9.htm -#usr/share/ghostscript/9.20/doc/Develop.htm -#usr/share/ghostscript/9.20/doc/Devices.htm -#usr/share/ghostscript/9.20/doc/Drivers.htm -#usr/share/ghostscript/9.20/doc/Fonts.htm -#usr/share/ghostscript/9.20/doc/GS9_Color_Management.pdf -#usr/share/ghostscript/9.20/doc/GS9_Color_Management.tex -#usr/share/ghostscript/9.20/doc/Helpers.htm -#usr/share/ghostscript/9.20/doc/Hershey.htm -#usr/share/ghostscript/9.20/doc/History1.htm -#usr/share/ghostscript/9.20/doc/History2.htm -#usr/share/ghostscript/9.20/doc/History3.htm -#usr/share/ghostscript/9.20/doc/History4.htm -#usr/share/ghostscript/9.20/doc/History5.htm -#usr/share/ghostscript/9.20/doc/History6.htm -#usr/share/ghostscript/9.20/doc/History7.htm -#usr/share/ghostscript/9.20/doc/History8.htm -#usr/share/ghostscript/9.20/doc/History9.htm -#usr/share/ghostscript/9.20/doc/Install.htm -#usr/share/ghostscript/9.20/doc/Issues.htm -#usr/share/ghostscript/9.20/doc/Language.htm -#usr/share/ghostscript/9.20/doc/Lib.htm -#usr/share/ghostscript/9.20/doc/Make.htm -#usr/share/ghostscript/9.20/doc/News.htm -#usr/share/ghostscript/9.20/doc/Projects.htm -#usr/share/ghostscript/9.20/doc/Ps-style.htm -#usr/share/ghostscript/9.20/doc/Ps2epsi.htm -#usr/share/ghostscript/9.20/doc/Psfiles.htm -#usr/share/ghostscript/9.20/doc/Readme.htm -#usr/share/ghostscript/9.20/doc/Release.htm -#usr/share/ghostscript/9.20/doc/Source.htm -#usr/share/ghostscript/9.20/doc/Unix-lpr.htm -#usr/share/ghostscript/9.20/doc/Use.htm -#usr/share/ghostscript/9.20/doc/WhatIsGS.htm -#usr/share/ghostscript/9.20/doc/Xfonts.htm -#usr/share/ghostscript/9.20/doc/gs-vms.hlp -#usr/share/ghostscript/9.20/doc/gs.css -#usr/share/ghostscript/9.20/doc/gsdoc.el -#usr/share/ghostscript/9.20/doc/index.html -#usr/share/ghostscript/9.20/doc/pscet_status.txt -#usr/share/ghostscript/9.20/doc/thirdparty.htm -#usr/share/ghostscript/9.20/examples -#usr/share/ghostscript/9.20/examples/alphabet.ps -#usr/share/ghostscript/9.20/examples/annots.pdf -#usr/share/ghostscript/9.20/examples/cjk -#usr/share/ghostscript/9.20/examples/cjk/all_ac1.ps -#usr/share/ghostscript/9.20/examples/cjk/all_ag1.ps -#usr/share/ghostscript/9.20/examples/cjk/all_aj1.ps -#usr/share/ghostscript/9.20/examples/cjk/all_aj2.ps -#usr/share/ghostscript/9.20/examples/cjk/all_ak1.ps -#usr/share/ghostscript/9.20/examples/cjk/article9.ps -#usr/share/ghostscript/9.20/examples/cjk/gscjk_ac.ps -#usr/share/ghostscript/9.20/examples/cjk/gscjk_ag.ps -#usr/share/ghostscript/9.20/examples/cjk/gscjk_aj.ps -#usr/share/ghostscript/9.20/examples/cjk/gscjk_ak.ps -#usr/share/ghostscript/9.20/examples/cjk/iso2022.ps -#usr/share/ghostscript/9.20/examples/cjk/iso2022v.ps -#usr/share/ghostscript/9.20/examples/colorcir.ps -#usr/share/ghostscript/9.20/examples/doretree.ps -#usr/share/ghostscript/9.20/examples/escher.ps -#usr/share/ghostscript/9.20/examples/golfer.eps -#usr/share/ghostscript/9.20/examples/grayalph.ps -#usr/share/ghostscript/9.20/examples/ridt91.eps -#usr/share/ghostscript/9.20/examples/snowflak.ps -#usr/share/ghostscript/9.20/examples/text_graph_image_cmyk_rgb.pdf -#usr/share/ghostscript/9.20/examples/text_graphic_image.pdf -#usr/share/ghostscript/9.20/examples/tiger.eps -#usr/share/ghostscript/9.20/examples/transparency_example.ps -#usr/share/ghostscript/9.20/examples/vasarely.ps -#usr/share/ghostscript/9.20/examples/waterfal.ps -#usr/share/ghostscript/9.20/lib -#usr/share/ghostscript/9.20/lib/PDFA_def.ps -#usr/share/ghostscript/9.20/lib/PDFX_def.ps -#usr/share/ghostscript/9.20/lib/PM760p.upp -#usr/share/ghostscript/9.20/lib/PM760pl.upp -#usr/share/ghostscript/9.20/lib/PM820p.upp -#usr/share/ghostscript/9.20/lib/PM820pl.upp -#usr/share/ghostscript/9.20/lib/Stc670p.upp -#usr/share/ghostscript/9.20/lib/Stc670pl.upp -#usr/share/ghostscript/9.20/lib/Stc680p.upp -#usr/share/ghostscript/9.20/lib/Stc680pl.upp -#usr/share/ghostscript/9.20/lib/Stc740p.upp -#usr/share/ghostscript/9.20/lib/Stc740pl.upp -#usr/share/ghostscript/9.20/lib/Stc760p.upp -#usr/share/ghostscript/9.20/lib/Stc760pl.upp -#usr/share/ghostscript/9.20/lib/Stc777p.upp -#usr/share/ghostscript/9.20/lib/Stc777pl.upp -#usr/share/ghostscript/9.20/lib/Stp720p.upp -#usr/share/ghostscript/9.20/lib/Stp720pl.upp -#usr/share/ghostscript/9.20/lib/Stp870p.upp -#usr/share/ghostscript/9.20/lib/Stp870pl.upp -#usr/share/ghostscript/9.20/lib/acctest.ps -#usr/share/ghostscript/9.20/lib/addxchar.ps -#usr/share/ghostscript/9.20/lib/align.ps -#usr/share/ghostscript/9.20/lib/bj8.rpd -#usr/share/ghostscript/9.20/lib/bj8gc12f.upp -#usr/share/ghostscript/9.20/lib/bj8hg12f.upp -#usr/share/ghostscript/9.20/lib/bj8oh06n.upp -#usr/share/ghostscript/9.20/lib/bj8pa06n.upp -#usr/share/ghostscript/9.20/lib/bj8pp12f.upp -#usr/share/ghostscript/9.20/lib/bj8ts06n.upp -#usr/share/ghostscript/9.20/lib/bjc6000a1.upp -#usr/share/ghostscript/9.20/lib/bjc6000b1.upp -#usr/share/ghostscript/9.20/lib/bjc610a0.upp -#usr/share/ghostscript/9.20/lib/bjc610a1.upp -#usr/share/ghostscript/9.20/lib/bjc610a2.upp -#usr/share/ghostscript/9.20/lib/bjc610a3.upp -#usr/share/ghostscript/9.20/lib/bjc610a4.upp -#usr/share/ghostscript/9.20/lib/bjc610a5.upp -#usr/share/ghostscript/9.20/lib/bjc610a6.upp -#usr/share/ghostscript/9.20/lib/bjc610a7.upp -#usr/share/ghostscript/9.20/lib/bjc610a8.upp -#usr/share/ghostscript/9.20/lib/bjc610b1.upp -#usr/share/ghostscript/9.20/lib/bjc610b2.upp -#usr/share/ghostscript/9.20/lib/bjc610b3.upp -#usr/share/ghostscript/9.20/lib/bjc610b4.upp -#usr/share/ghostscript/9.20/lib/bjc610b6.upp -#usr/share/ghostscript/9.20/lib/bjc610b7.upp -#usr/share/ghostscript/9.20/lib/bjc610b8.upp -#usr/share/ghostscript/9.20/lib/caption.ps -#usr/share/ghostscript/9.20/lib/cbjc600.ppd -#usr/share/ghostscript/9.20/lib/cbjc800.ppd -#usr/share/ghostscript/9.20/lib/cdj550.upp -#usr/share/ghostscript/9.20/lib/cdj690.upp -#usr/share/ghostscript/9.20/lib/cdj690ec.upp -#usr/share/ghostscript/9.20/lib/cid2code.ps -#usr/share/ghostscript/9.20/lib/decrypt.ps -#usr/share/ghostscript/9.20/lib/dmp_init.ps -#usr/share/ghostscript/9.20/lib/dmp_site.ps -#usr/share/ghostscript/9.20/lib/dnj750c.upp -#usr/share/ghostscript/9.20/lib/dnj750m.upp -#usr/share/ghostscript/9.20/lib/docie.ps -#usr/share/ghostscript/9.20/lib/escp_24.src -#usr/share/ghostscript/9.20/lib/font2c.ps -#usr/share/ghostscript/9.20/lib/font2pcl.ps -#usr/share/ghostscript/9.20/lib/ghostpdf.ppd -#usr/share/ghostscript/9.20/lib/gs_ce_e.ps -#usr/share/ghostscript/9.20/lib/gs_cmdl.ps -#usr/share/ghostscript/9.20/lib/gs_il2_e.ps -#usr/share/ghostscript/9.20/lib/gs_kanji.ps -#usr/share/ghostscript/9.20/lib/gs_ksb_e.ps -#usr/share/ghostscript/9.20/lib/gs_l.xbm -#usr/share/ghostscript/9.20/lib/gs_l.xpm -#usr/share/ghostscript/9.20/lib/gs_l_m.xbm -#usr/share/ghostscript/9.20/lib/gs_lgo_e.ps -#usr/share/ghostscript/9.20/lib/gs_lgx_e.ps -#usr/share/ghostscript/9.20/lib/gs_m.xbm -#usr/share/ghostscript/9.20/lib/gs_m.xpm -#usr/share/ghostscript/9.20/lib/gs_m_m.xbm -#usr/share/ghostscript/9.20/lib/gs_pfile.ps -#usr/share/ghostscript/9.20/lib/gs_rdlin.ps -#usr/share/ghostscript/9.20/lib/gs_s.xbm -#usr/share/ghostscript/9.20/lib/gs_s.xpm -#usr/share/ghostscript/9.20/lib/gs_s_m.xbm -#usr/share/ghostscript/9.20/lib/gs_t.xbm -#usr/share/ghostscript/9.20/lib/gs_t.xpm -#usr/share/ghostscript/9.20/lib/gs_t_m.xbm -#usr/share/ghostscript/9.20/lib/gs_wl1_e.ps -#usr/share/ghostscript/9.20/lib/gs_wl2_e.ps -#usr/share/ghostscript/9.20/lib/gs_wl5_e.ps -#usr/share/ghostscript/9.20/lib/gslp.ps -#usr/share/ghostscript/9.20/lib/gsnup.ps -#usr/share/ghostscript/9.20/lib/ht_ccsto.ps -#usr/share/ghostscript/9.20/lib/image-qa.ps -#usr/share/ghostscript/9.20/lib/impath.ps -#usr/share/ghostscript/9.20/lib/jispaper.ps -#usr/share/ghostscript/9.20/lib/landscap.ps -#usr/share/ghostscript/9.20/lib/level1.ps -#usr/share/ghostscript/9.20/lib/lines.ps -#usr/share/ghostscript/9.20/lib/markhint.ps -#usr/share/ghostscript/9.20/lib/markpath.ps -#usr/share/ghostscript/9.20/lib/mkcidfm.ps -#usr/share/ghostscript/9.20/lib/necp2x.upp -#usr/share/ghostscript/9.20/lib/necp2x6.upp -#usr/share/ghostscript/9.20/lib/packfile.ps -#usr/share/ghostscript/9.20/lib/pcharstr.ps -#usr/share/ghostscript/9.20/lib/pdf2dsc.ps -#usr/share/ghostscript/9.20/lib/pdfwrite.ps -#usr/share/ghostscript/9.20/lib/pf2afm.ps -#usr/share/ghostscript/9.20/lib/pfbtopfa.ps -#usr/share/ghostscript/9.20/lib/ppath.ps -#usr/share/ghostscript/9.20/lib/pphs.ps -#usr/share/ghostscript/9.20/lib/prfont.ps -#usr/share/ghostscript/9.20/lib/printafm.ps -#usr/share/ghostscript/9.20/lib/ps2ai.ps -#usr/share/ghostscript/9.20/lib/ps2ascii.ps -#usr/share/ghostscript/9.20/lib/ps2epsi.ps -#usr/share/ghostscript/9.20/lib/quit.ps -#usr/share/ghostscript/9.20/lib/ras1.upp -#usr/share/ghostscript/9.20/lib/ras24.upp -#usr/share/ghostscript/9.20/lib/ras3.upp -#usr/share/ghostscript/9.20/lib/ras32.upp -#usr/share/ghostscript/9.20/lib/ras4.upp -#usr/share/ghostscript/9.20/lib/ras8m.upp -#usr/share/ghostscript/9.20/lib/rollconv.ps -#usr/share/ghostscript/9.20/lib/s400a1.upp -#usr/share/ghostscript/9.20/lib/s400b1.upp -#usr/share/ghostscript/9.20/lib/sharp.upp -#usr/share/ghostscript/9.20/lib/showchar.ps -#usr/share/ghostscript/9.20/lib/showpage.ps -#usr/share/ghostscript/9.20/lib/sipixa6.upp -#usr/share/ghostscript/9.20/lib/st640ih.upp -#usr/share/ghostscript/9.20/lib/st640ihg.upp -#usr/share/ghostscript/9.20/lib/st640p.upp -#usr/share/ghostscript/9.20/lib/st640pg.upp -#usr/share/ghostscript/9.20/lib/st640pl.upp -#usr/share/ghostscript/9.20/lib/st640plg.upp -#usr/share/ghostscript/9.20/lib/stc.upp -#usr/share/ghostscript/9.20/lib/stc1520h.upp -#usr/share/ghostscript/9.20/lib/stc2.upp -#usr/share/ghostscript/9.20/lib/stc200_h.upp -#usr/share/ghostscript/9.20/lib/stc2_h.upp -#usr/share/ghostscript/9.20/lib/stc2s_h.upp -#usr/share/ghostscript/9.20/lib/stc300.upp -#usr/share/ghostscript/9.20/lib/stc300bl.upp -#usr/share/ghostscript/9.20/lib/stc300bm.upp -#usr/share/ghostscript/9.20/lib/stc500p.upp -#usr/share/ghostscript/9.20/lib/stc500ph.upp -#usr/share/ghostscript/9.20/lib/stc600ih.upp -#usr/share/ghostscript/9.20/lib/stc600p.upp -#usr/share/ghostscript/9.20/lib/stc600pl.upp -#usr/share/ghostscript/9.20/lib/stc640p.upp -#usr/share/ghostscript/9.20/lib/stc740ih.upp -#usr/share/ghostscript/9.20/lib/stc800ih.upp -#usr/share/ghostscript/9.20/lib/stc800p.upp -#usr/share/ghostscript/9.20/lib/stc800pl.upp -#usr/share/ghostscript/9.20/lib/stc_h.upp -#usr/share/ghostscript/9.20/lib/stc_l.upp -#usr/share/ghostscript/9.20/lib/stcany.upp -#usr/share/ghostscript/9.20/lib/stcany_h.upp -#usr/share/ghostscript/9.20/lib/stcinfo.ps -#usr/share/ghostscript/9.20/lib/stcolor.ps -#usr/share/ghostscript/9.20/lib/stocht.ps -#usr/share/ghostscript/9.20/lib/traceimg.ps -#usr/share/ghostscript/9.20/lib/traceop.ps -#usr/share/ghostscript/9.20/lib/type1enc.ps -#usr/share/ghostscript/9.20/lib/type1ops.ps -#usr/share/ghostscript/9.20/lib/uninfo.ps -#usr/share/ghostscript/9.20/lib/unprot.ps -#usr/share/ghostscript/9.20/lib/viewcmyk.ps -#usr/share/ghostscript/9.20/lib/viewgif.ps -#usr/share/ghostscript/9.20/lib/viewjpeg.ps -#usr/share/ghostscript/9.20/lib/viewmiff.ps -#usr/share/ghostscript/9.20/lib/viewpbm.ps -#usr/share/ghostscript/9.20/lib/viewpcx.ps -#usr/share/ghostscript/9.20/lib/viewps2a.ps -#usr/share/ghostscript/9.20/lib/wftopfa.ps -#usr/share/ghostscript/9.20/lib/winmaps.ps -#usr/share/ghostscript/9.20/lib/wrfont.ps -#usr/share/ghostscript/9.20/lib/zeroline.ps +#usr/share/ghostscript/9.26 +#usr/share/ghostscript/9.26/lib +#usr/share/ghostscript/9.26/lib/PDFA_def.ps +#usr/share/ghostscript/9.26/lib/PDFX_def.ps +#usr/share/ghostscript/9.26/lib/PM760p.upp +#usr/share/ghostscript/9.26/lib/PM760pl.upp +#usr/share/ghostscript/9.26/lib/PM820p.upp +#usr/share/ghostscript/9.26/lib/PM820pl.upp +#usr/share/ghostscript/9.26/lib/Stc670p.upp +#usr/share/ghostscript/9.26/lib/Stc670pl.upp +#usr/share/ghostscript/9.26/lib/Stc680p.upp +#usr/share/ghostscript/9.26/lib/Stc680pl.upp +#usr/share/ghostscript/9.26/lib/Stc740p.upp +#usr/share/ghostscript/9.26/lib/Stc740pl.upp +#usr/share/ghostscript/9.26/lib/Stc760p.upp +#usr/share/ghostscript/9.26/lib/Stc760pl.upp +#usr/share/ghostscript/9.26/lib/Stc777p.upp +#usr/share/ghostscript/9.26/lib/Stc777pl.upp +#usr/share/ghostscript/9.26/lib/Stp720p.upp +#usr/share/ghostscript/9.26/lib/Stp720pl.upp +#usr/share/ghostscript/9.26/lib/Stp870p.upp +#usr/share/ghostscript/9.26/lib/Stp870pl.upp +#usr/share/ghostscript/9.26/lib/acctest.ps +#usr/share/ghostscript/9.26/lib/align.ps +#usr/share/ghostscript/9.26/lib/bj8.rpd +#usr/share/ghostscript/9.26/lib/bj8gc12f.upp +#usr/share/ghostscript/9.26/lib/bj8hg12f.upp +#usr/share/ghostscript/9.26/lib/bj8oh06n.upp +#usr/share/ghostscript/9.26/lib/bj8pa06n.upp +#usr/share/ghostscript/9.26/lib/bj8pp12f.upp +#usr/share/ghostscript/9.26/lib/bj8ts06n.upp +#usr/share/ghostscript/9.26/lib/bjc6000a1.upp +#usr/share/ghostscript/9.26/lib/bjc6000b1.upp +#usr/share/ghostscript/9.26/lib/bjc610a0.upp +#usr/share/ghostscript/9.26/lib/bjc610a1.upp +#usr/share/ghostscript/9.26/lib/bjc610a2.upp +#usr/share/ghostscript/9.26/lib/bjc610a3.upp +#usr/share/ghostscript/9.26/lib/bjc610a4.upp +#usr/share/ghostscript/9.26/lib/bjc610a5.upp +#usr/share/ghostscript/9.26/lib/bjc610a6.upp +#usr/share/ghostscript/9.26/lib/bjc610a7.upp +#usr/share/ghostscript/9.26/lib/bjc610a8.upp +#usr/share/ghostscript/9.26/lib/bjc610b1.upp +#usr/share/ghostscript/9.26/lib/bjc610b2.upp +#usr/share/ghostscript/9.26/lib/bjc610b3.upp +#usr/share/ghostscript/9.26/lib/bjc610b4.upp +#usr/share/ghostscript/9.26/lib/bjc610b6.upp +#usr/share/ghostscript/9.26/lib/bjc610b7.upp +#usr/share/ghostscript/9.26/lib/bjc610b8.upp +#usr/share/ghostscript/9.26/lib/caption.ps +#usr/share/ghostscript/9.26/lib/cbjc600.ppd +#usr/share/ghostscript/9.26/lib/cbjc800.ppd +#usr/share/ghostscript/9.26/lib/cdj550.upp +#usr/share/ghostscript/9.26/lib/cdj690.upp +#usr/share/ghostscript/9.26/lib/cdj690ec.upp +#usr/share/ghostscript/9.26/lib/cid2code.ps +#usr/share/ghostscript/9.26/lib/dmp_init.ps +#usr/share/ghostscript/9.26/lib/dmp_site.ps +#usr/share/ghostscript/9.26/lib/dnj750c.upp +#usr/share/ghostscript/9.26/lib/dnj750m.upp +#usr/share/ghostscript/9.26/lib/docie.ps +#usr/share/ghostscript/9.26/lib/escp_24.src +#usr/share/ghostscript/9.26/lib/font2pcl.ps +#usr/share/ghostscript/9.26/lib/ghostpdf.ppd +#usr/share/ghostscript/9.26/lib/gs_ce_e.ps +#usr/share/ghostscript/9.26/lib/gs_il2_e.ps +#usr/share/ghostscript/9.26/lib/gs_kanji.ps +#usr/share/ghostscript/9.26/lib/gs_ksb_e.ps +#usr/share/ghostscript/9.26/lib/gs_l.xbm +#usr/share/ghostscript/9.26/lib/gs_l.xpm +#usr/share/ghostscript/9.26/lib/gs_l_m.xbm +#usr/share/ghostscript/9.26/lib/gs_lgo_e.ps +#usr/share/ghostscript/9.26/lib/gs_lgx_e.ps +#usr/share/ghostscript/9.26/lib/gs_m.xbm +#usr/share/ghostscript/9.26/lib/gs_m.xpm +#usr/share/ghostscript/9.26/lib/gs_m_m.xbm +#usr/share/ghostscript/9.26/lib/gs_s.xbm +#usr/share/ghostscript/9.26/lib/gs_s.xpm +#usr/share/ghostscript/9.26/lib/gs_s_m.xbm +#usr/share/ghostscript/9.26/lib/gs_t.xbm +#usr/share/ghostscript/9.26/lib/gs_t.xpm +#usr/share/ghostscript/9.26/lib/gs_t_m.xbm +#usr/share/ghostscript/9.26/lib/gs_wl1_e.ps +#usr/share/ghostscript/9.26/lib/gs_wl2_e.ps +#usr/share/ghostscript/9.26/lib/gs_wl5_e.ps +#usr/share/ghostscript/9.26/lib/gslp.ps +#usr/share/ghostscript/9.26/lib/gsnup.ps +#usr/share/ghostscript/9.26/lib/ht_ccsto.ps +#usr/share/ghostscript/9.26/lib/image-qa.ps +#usr/share/ghostscript/9.26/lib/jispaper.ps +#usr/share/ghostscript/9.26/lib/landscap.ps +#usr/share/ghostscript/9.26/lib/lines.ps +#usr/share/ghostscript/9.26/lib/mkcidfm.ps +#usr/share/ghostscript/9.26/lib/necp2x.upp +#usr/share/ghostscript/9.26/lib/necp2x6.upp +#usr/share/ghostscript/9.26/lib/pdf2dsc.ps +#usr/share/ghostscript/9.26/lib/pf2afm.ps +#usr/share/ghostscript/9.26/lib/pfbtopfa.ps +#usr/share/ghostscript/9.26/lib/ppath.ps +#usr/share/ghostscript/9.26/lib/pphs.ps +#usr/share/ghostscript/9.26/lib/prfont.ps +#usr/share/ghostscript/9.26/lib/printafm.ps +#usr/share/ghostscript/9.26/lib/ps2ai.ps +#usr/share/ghostscript/9.26/lib/ps2epsi.ps +#usr/share/ghostscript/9.26/lib/ras1.upp +#usr/share/ghostscript/9.26/lib/ras24.upp +#usr/share/ghostscript/9.26/lib/ras3.upp +#usr/share/ghostscript/9.26/lib/ras32.upp +#usr/share/ghostscript/9.26/lib/ras4.upp +#usr/share/ghostscript/9.26/lib/ras8m.upp +#usr/share/ghostscript/9.26/lib/rollconv.ps +#usr/share/ghostscript/9.26/lib/s400a1.upp +#usr/share/ghostscript/9.26/lib/s400b1.upp +#usr/share/ghostscript/9.26/lib/sharp.upp +#usr/share/ghostscript/9.26/lib/sipixa6.upp +#usr/share/ghostscript/9.26/lib/st640ih.upp +#usr/share/ghostscript/9.26/lib/st640ihg.upp +#usr/share/ghostscript/9.26/lib/st640p.upp +#usr/share/ghostscript/9.26/lib/st640pg.upp +#usr/share/ghostscript/9.26/lib/st640pl.upp +#usr/share/ghostscript/9.26/lib/st640plg.upp +#usr/share/ghostscript/9.26/lib/stc.upp +#usr/share/ghostscript/9.26/lib/stc1520h.upp +#usr/share/ghostscript/9.26/lib/stc2.upp +#usr/share/ghostscript/9.26/lib/stc200_h.upp +#usr/share/ghostscript/9.26/lib/stc2_h.upp +#usr/share/ghostscript/9.26/lib/stc2s_h.upp +#usr/share/ghostscript/9.26/lib/stc300.upp +#usr/share/ghostscript/9.26/lib/stc300bl.upp +#usr/share/ghostscript/9.26/lib/stc300bm.upp +#usr/share/ghostscript/9.26/lib/stc500p.upp +#usr/share/ghostscript/9.26/lib/stc500ph.upp +#usr/share/ghostscript/9.26/lib/stc600ih.upp +#usr/share/ghostscript/9.26/lib/stc600p.upp +#usr/share/ghostscript/9.26/lib/stc600pl.upp +#usr/share/ghostscript/9.26/lib/stc640p.upp +#usr/share/ghostscript/9.26/lib/stc740ih.upp +#usr/share/ghostscript/9.26/lib/stc800ih.upp +#usr/share/ghostscript/9.26/lib/stc800p.upp +#usr/share/ghostscript/9.26/lib/stc800pl.upp +#usr/share/ghostscript/9.26/lib/stc_h.upp +#usr/share/ghostscript/9.26/lib/stc_l.upp +#usr/share/ghostscript/9.26/lib/stcany.upp +#usr/share/ghostscript/9.26/lib/stcany_h.upp +#usr/share/ghostscript/9.26/lib/stcinfo.ps +#usr/share/ghostscript/9.26/lib/stcolor.ps +#usr/share/ghostscript/9.26/lib/stocht.ps +#usr/share/ghostscript/9.26/lib/traceimg.ps +#usr/share/ghostscript/9.26/lib/traceop.ps +#usr/share/ghostscript/9.26/lib/uninfo.ps +#usr/share/ghostscript/9.26/lib/viewcmyk.ps +#usr/share/ghostscript/9.26/lib/viewgif.ps +#usr/share/ghostscript/9.26/lib/viewjpeg.ps +#usr/share/ghostscript/9.26/lib/viewmiff.ps +#usr/share/ghostscript/9.26/lib/viewpbm.ps +#usr/share/ghostscript/9.26/lib/viewpcx.ps +#usr/share/ghostscript/9.26/lib/viewps2a.ps +#usr/share/ghostscript/9.26/lib/winmaps.ps +#usr/share/ghostscript/9.26/lib/zeroline.ps #usr/share/ghostscript/fonts #usr/share/ghostscript/fonts/COPYING #usr/share/ghostscript/fonts/ChangeLog @@ -448,7 +387,6 @@ usr/share/ghostscript/fonts/z003034l.pfb usr/share/ghostscript/fonts/z003034l.pfm #usr/share/man/de/man1/dvipdf.1 #usr/share/man/de/man1/eps2eps.1 -#usr/share/man/de/man1/font2c.1 #usr/share/man/de/man1/gsnd.1 #usr/share/man/de/man1/pdf2dsc.1 #usr/share/man/de/man1/pdf2ps.1 @@ -459,10 +397,8 @@ usr/share/ghostscript/fonts/z003034l.pfm #usr/share/man/de/man1/ps2pdf13.1 #usr/share/man/de/man1/ps2pdf14.1 #usr/share/man/de/man1/ps2ps.1 -#usr/share/man/de/man1/wftopfa.1 #usr/share/man/man1/dvipdf.1 #usr/share/man/man1/eps2eps.1 -#usr/share/man/man1/font2c.1 #usr/share/man/man1/gs.1 #usr/share/man/man1/gsbj.1 #usr/share/man/man1/gsdj.1 @@ -483,4 +419,3 @@ usr/share/ghostscript/fonts/z003034l.pfm #usr/share/man/man1/ps2pdf14.1 #usr/share/man/man1/ps2pdfwr.1 #usr/share/man/man1/ps2ps.1 -#usr/share/man/man1/wftopfa.1 diff --git a/lfs/ghostscript b/lfs/ghostscript index 6de18f4d3..5757879ba 100644 --- a/lfs/ghostscript +++ b/lfs/ghostscript @@ -24,7 +24,7 @@ include Config -VER = 9.20 +VER = 9.26 THISAPP = ghostscript-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = ghostscript -PAK_VER = 3 +PAK_VER = 4 DEPS = "cups dbus libtiff" @@ -48,7 +48,7 @@ $(DL_FILE) = $(DL_FROM)/$(DL_FILE) ghostscript-fonts-std-8.11.tar.gz = $(URL_IPFIRE)/ghostscript-fonts-std-8.11.tar.gz gnu-gs-fonts-other-6.0.tar.gz = $(URL_IPFIRE)/gnu-gs-fonts-other-6.0.tar.gz -$(DL_FILE)_MD5 = 93c5987cd3ab341108be1ebbaadc24fe +$(DL_FILE)_MD5 = 806bc2dedbc7f69b003f536658e08d4a ghostscript-fonts-std-8.11.tar.gz_MD5 = 6865682b095f8c4500c54b285ff05ef6 gnu-gs-fonts-other-6.0.tar.gz_MD5 = 33457d3f37de7ef03d2eea05a9e6aa4f -- 2.18.0

2 1

Problem of duplication of firewall rules
by Julien Blais 23 Jan '19

23 Jan '19

Hello, In this new year, apart from wishing you all the best, I would also like to share with you the anomalies I was able to raise in Ipfire on the generation of firewall rules using the HMI. I noticed 3 major problems in the management of firewall rules. In the page https://ipfire:444/cgi-bin/firewall.cgi, it is worth noting 3 tables, namely Firewall Rules, Incoming Firewall Access and Outgoing Firewall Access. The first two deduplication concerns the rules established in the 1st table, Firewall Rules. 1e problem : By defining a FORWARD rule whose destination is the standard network red0 (everything but green0/orange0/blue0/etc...), a rule is created in FORWARDFW. [image: image.png] However, I noticed that also that these same rules were reported in INPUTFW [image: image.png] INPUTFW rules with the -o red0 flag, it feels weird, doesn't it? 2nd problem : It is much more delicate because it concerns DNAT. For the creation of such a rule, here is the example below. [image: image.png] Including the 4 redirection rules : [image: image.png] As we can see, they are correctly created in NAT_DESTINATION : [image: image.png] However, it is not expected to be duplicated in OUTGOINGFW as well. [image: image.png] In fact, the creation of these rules is useless, even dangerous. Hopefully things are going well at home and the potential threat remains my person (LOL). The last case is a little more twisted, it concerns the SNAT, of which here is the example below. [image: image.png] As I was refused a nice creation : [image: image.png] I modified directly in the /var/ipfire/firewall/input file. Here is the result: [image: image.png] Using such a rule allows me to follow the path represented by the diagram below and solve the problem of double NAT: [image: image.png] The rules are correctly created in table NAT_SOURCE. [image: image.png] However, there is also a rule creation in the INPUTFW table, which I think is unnecessary. [image: image.png] Awaiting your thoughts, I hope I have provided all the information you need to understand the 3 cases above. With kind regards. Jbsky

3 4

[PATCH] Postfix: update to 3.3.2
by Peter Müller 23 Jan '19

23 Jan '19

See http://www.postfix.org/announcements/postfix-3.3.2.html for release note. This makes Postfix TLS 1.3/OpenSSL 1.1.1a ready. Signed-off-by: Peter Müller <peter.mueller(a)link38.eu> --- lfs/postfix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lfs/postfix b/lfs/postfix index 2054c68cf..b22eca138 100644 --- a/lfs/postfix +++ b/lfs/postfix @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team <info(a)ipfire.org> # +# Copyright (C) 2007-2019 IPFire Team <info(a)ipfire.org> # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 3.3.1 +VER = 3.3.2 THISAPP = postfix-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = postfix -PAK_VER = 16 +PAK_VER = 17 DEPS = "" @@ -66,7 +66,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 4381c6492f415e4a69cf5099d4acea76 +$(DL_FILE)_MD5 = 4e6ed7056576e0c54cfce6040a0bb0ad install : $(TARGET) -- 2.16.4

1 0

PATCH] Suricata: drop unused cuda HW acceleration
by Peter Müller 23 Jan '19

23 Jan '19

1 0

[PATCH] update ca-certificates CA bundle
by Peter Müller 23 Jan '19

23 Jan '19

Update the CA certificates list to what Mozilla NSS ships currently. The original file can be retrieved from: https://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/b… Signed-off-by: Peter Müller <peter.mueller(a)link38.eu> --- config/ca-certificates/certdata.txt | 1924 +++++++++++++++++++---------------- lfs/ca-certificates | 4 +- 2 files changed, 1038 insertions(+), 890 deletions(-) diff --git a/config/ca-certificates/certdata.txt b/config/ca-certificates/certdata.txt index 61c37a8bd..182dda65e 100644 --- a/config/ca-certificates/certdata.txt +++ b/config/ca-certificates/certdata.txt @@ -6913,193 +6913,6 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE -# -# Certificate "AC Raiz Certicamara S.A." -# -# Issuer: CN=AC Ra..z Certic..mara S.A.,O=Sociedad Cameral de Certificaci..n Digital - Certic..mara S.A.,C=CO -# Serial Number:07:7e:52:93:7b:e0:15:e3:57:f0:69:8c:cb:ec:0c -# Subject: CN=AC Ra..z Certic..mara S.A.,O=Sociedad Cameral de Certificaci..n Digital - Certic..mara S.A.,C=CO -# Not Valid Before: Mon Nov 27 20:46:29 2006 -# Not Valid After : Tue Apr 02 21:42:02 2030 -# Fingerprint (MD5): 93:2A:3E:F6:FD:23:69:0D:71:20:D4:2B:47:99:2B:A6 -# Fingerprint (SHA1): CB:A1:C5:F8:B0:E3:5E:B8:B9:45:12:D3:F9:34:A2:E9:06:10:D3:36 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "AC Ra\xC3\xADz Certic\xC3\xA1mara S.A." -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\173\061\013\060\011\006\003\125\004\006\023\002\103\117\061 -\107\060\105\006\003\125\004\012\014\076\123\157\143\151\145\144 -\141\144\040\103\141\155\145\162\141\154\040\144\145\040\103\145 -\162\164\151\146\151\143\141\143\151\303\263\156\040\104\151\147 -\151\164\141\154\040\055\040\103\145\162\164\151\143\303\241\155 -\141\162\141\040\123\056\101\056\061\043\060\041\006\003\125\004 -\003\014\032\101\103\040\122\141\303\255\172\040\103\145\162\164 -\151\143\303\241\155\141\162\141\040\123\056\101\056 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\173\061\013\060\011\006\003\125\004\006\023\002\103\117\061 -\107\060\105\006\003\125\004\012\014\076\123\157\143\151\145\144 -\141\144\040\103\141\155\145\162\141\154\040\144\145\040\103\145 -\162\164\151\146\151\143\141\143\151\303\263\156\040\104\151\147 -\151\164\141\154\040\055\040\103\145\162\164\151\143\303\241\155 -\141\162\141\040\123\056\101\056\061\043\060\041\006\003\125\004 -\003\014\032\101\103\040\122\141\303\255\172\040\103\145\162\164 -\151\143\303\241\155\141\162\141\040\123\056\101\056 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\017\007\176\122\223\173\340\025\343\127\360\151\214\313\354 -\014 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\006\146\060\202\004\116\240\003\002\001\002\002\017\007 -\176\122\223\173\340\025\343\127\360\151\214\313\354\014\060\015 -\006\011\052\206\110\206\367\015\001\001\005\005\000\060\173\061 -\013\060\011\006\003\125\004\006\023\002\103\117\061\107\060\105 -\006\003\125\004\012\014\076\123\157\143\151\145\144\141\144\040 -\103\141\155\145\162\141\154\040\144\145\040\103\145\162\164\151 -\146\151\143\141\143\151\303\263\156\040\104\151\147\151\164\141 -\154\040\055\040\103\145\162\164\151\143\303\241\155\141\162\141 -\040\123\056\101\056\061\043\060\041\006\003\125\004\003\014\032 -\101\103\040\122\141\303\255\172\040\103\145\162\164\151\143\303 -\241\155\141\162\141\040\123\056\101\056\060\036\027\015\060\066 -\061\061\062\067\062\060\064\066\062\071\132\027\015\063\060\060 -\064\060\062\062\061\064\062\060\062\132\060\173\061\013\060\011 -\006\003\125\004\006\023\002\103\117\061\107\060\105\006\003\125 -\004\012\014\076\123\157\143\151\145\144\141\144\040\103\141\155 -\145\162\141\154\040\144\145\040\103\145\162\164\151\146\151\143 -\141\143\151\303\263\156\040\104\151\147\151\164\141\154\040\055 -\040\103\145\162\164\151\143\303\241\155\141\162\141\040\123\056 -\101\056\061\043\060\041\006\003\125\004\003\014\032\101\103\040 -\122\141\303\255\172\040\103\145\162\164\151\143\303\241\155\141 -\162\141\040\123\056\101\056\060\202\002\042\060\015\006\011\052 -\206\110\206\367\015\001\001\001\005\000\003\202\002\017\000\060 -\202\002\012\002\202\002\001\000\253\153\211\243\123\314\110\043 -\010\373\303\317\121\226\010\056\270\010\172\155\074\220\027\206 -\251\351\355\056\023\064\107\262\320\160\334\311\074\320\215\312 -\356\113\027\253\320\205\260\247\043\004\313\250\242\374\345\165 -\333\100\312\142\211\217\120\236\001\075\046\133\030\204\034\313 -\174\067\267\175\354\323\177\163\031\260\152\262\330\210\212\055 -\105\164\250\367\263\270\300\324\332\315\042\211\164\115\132\025 -\071\163\030\164\117\265\353\231\247\301\036\210\264\302\223\220 -\143\227\363\247\247\022\262\011\042\007\063\331\221\315\016\234 -\037\016\040\307\356\273\063\215\217\302\322\130\247\137\375\145 -\067\342\210\302\330\217\206\165\136\371\055\247\207\063\362\170 -\067\057\213\274\035\206\067\071\261\224\362\330\274\112\234\203 -\030\132\006\374\363\324\324\272\214\025\011\045\360\371\266\215 -\004\176\027\022\063\153\127\110\114\117\333\046\036\353\314\220 -\347\213\371\150\174\160\017\243\052\320\072\070\337\067\227\342 -\133\336\200\141\323\200\330\221\203\102\132\114\004\211\150\021 -\074\254\137\150\200\101\314\140\102\316\015\132\052\014\017\233 -\060\300\246\360\206\333\253\111\327\227\155\110\213\371\003\300 -\122\147\233\022\367\302\362\056\230\145\102\331\326\232\343\320 -\031\061\014\255\207\325\127\002\172\060\350\206\046\373\217\043 -\212\124\207\344\277\074\356\353\303\165\110\137\036\071\157\201 -\142\154\305\055\304\027\124\031\267\067\215\234\067\221\310\366 -\013\325\352\143\157\203\254\070\302\363\077\336\232\373\341\043 -\141\360\310\046\313\066\310\241\363\060\217\244\243\242\241\335 -\123\263\336\360\232\062\037\203\221\171\060\301\251\037\123\233 -\123\242\025\123\077\335\235\263\020\073\110\175\211\017\374\355 -\003\365\373\045\144\165\016\027\031\015\217\000\026\147\171\172 -\100\374\055\131\007\331\220\372\232\255\075\334\200\212\346\134 -\065\242\147\114\021\153\261\370\200\144\000\055\157\042\141\305 -\254\113\046\345\132\020\202\233\244\203\173\064\367\236\211\221 -\040\227\216\267\102\307\146\303\320\351\244\326\365\040\215\304 -\303\225\254\104\012\235\133\163\074\046\075\057\112\276\247\311 -\247\020\036\373\237\120\151\363\002\003\001\000\001\243\201\346 -\060\201\343\060\017\006\003\125\035\023\001\001\377\004\005\060 -\003\001\001\377\060\016\006\003\125\035\017\001\001\377\004\004 -\003\002\001\006\060\035\006\003\125\035\016\004\026\004\024\321 -\011\320\351\327\316\171\164\124\371\072\060\263\364\155\054\003 -\003\033\150\060\201\240\006\003\125\035\040\004\201\230\060\201 -\225\060\201\222\006\004\125\035\040\000\060\201\211\060\053\006 -\010\053\006\001\005\005\007\002\001\026\037\150\164\164\160\072 -\057\057\167\167\167\056\143\145\162\164\151\143\141\155\141\162 -\141\056\143\157\155\057\144\160\143\057\060\132\006\010\053\006 -\001\005\005\007\002\002\060\116\032\114\114\151\155\151\164\141 -\143\151\157\156\145\163\040\144\145\040\147\141\162\141\156\164 -\355\141\163\040\144\145\040\145\163\164\145\040\143\145\162\164 -\151\146\151\143\141\144\157\040\163\145\040\160\165\145\144\145 -\156\040\145\156\143\157\156\164\162\141\162\040\145\156\040\154 -\141\040\104\120\103\056\060\015\006\011\052\206\110\206\367\015 -\001\001\005\005\000\003\202\002\001\000\134\224\265\270\105\221 -\115\216\141\037\003\050\017\123\174\346\244\131\251\263\212\172 -\305\260\377\010\174\054\243\161\034\041\023\147\241\225\022\100 -\065\203\203\217\164\333\063\134\360\111\166\012\201\122\335\111 -\324\232\062\063\357\233\247\313\165\345\172\313\227\022\220\134 -\272\173\305\233\337\273\071\043\310\377\230\316\012\115\042\001 -\110\007\176\212\300\325\040\102\224\104\357\277\167\242\211\147 -\110\033\100\003\005\241\211\354\317\142\343\075\045\166\146\277 -\046\267\273\042\276\157\377\071\127\164\272\172\311\001\225\301 -\225\121\350\253\054\370\261\206\040\351\077\313\065\133\322\027 -\351\052\376\203\023\027\100\356\210\142\145\133\325\073\140\351 -\173\074\270\311\325\177\066\002\045\252\150\302\061\025\267\060 -\145\353\177\035\110\171\261\317\071\342\102\200\026\323\365\223 -\043\374\114\227\311\132\067\154\174\042\330\112\315\322\216\066 -\203\071\221\220\020\310\361\311\065\176\077\270\323\201\306\040 -\144\032\266\120\302\041\244\170\334\320\057\073\144\223\164\360 -\226\220\361\357\373\011\132\064\100\226\360\066\022\301\243\164 -\214\223\176\101\336\167\213\354\206\331\322\017\077\055\321\314 -\100\242\211\146\110\036\040\263\234\043\131\163\251\104\163\274 -\044\171\220\126\067\263\306\051\176\243\017\361\051\071\357\176 -\134\050\062\160\065\254\332\270\310\165\146\374\233\114\071\107 -\216\033\157\233\115\002\124\042\063\357\141\272\236\051\204\357 -\116\113\063\107\166\227\152\313\176\137\375\025\246\236\102\103 -\133\146\132\212\210\015\367\026\271\077\121\145\053\146\152\213 -\321\070\122\242\326\106\021\372\374\232\034\164\236\217\227\013 -\002\117\144\306\365\150\323\113\055\377\244\067\036\213\077\277 -\104\276\141\106\241\204\075\010\047\114\201\040\167\211\010\352 -\147\100\136\154\010\121\137\064\132\214\226\150\315\327\367\211 -\302\034\323\062\000\257\122\313\323\140\133\052\072\107\176\153 -\060\063\241\142\051\177\112\271\341\055\347\024\043\016\016\030 -\107\341\171\374\025\125\320\261\374\045\161\143\165\063\034\043 -\053\257\134\331\355\107\167\140\016\073\017\036\322\300\334\144 -\005\211\374\170\326\134\054\046\103\251 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE - -# Trust for Certificate "AC Raiz Certicamara S.A." -# Issuer: CN=AC Ra..z Certic..mara S.A.,O=Sociedad Cameral de Certificaci..n Digital - Certic..mara S.A.,C=CO -# Serial Number:07:7e:52:93:7b:e0:15:e3:57:f0:69:8c:cb:ec:0c -# Subject: CN=AC Ra..z Certic..mara S.A.,O=Sociedad Cameral de Certificaci..n Digital - Certic..mara S.A.,C=CO -# Not Valid Before: Mon Nov 27 20:46:29 2006 -# Not Valid After : Tue Apr 02 21:42:02 2030 -# Fingerprint (MD5): 93:2A:3E:F6:FD:23:69:0D:71:20:D4:2B:47:99:2B:A6 -# Fingerprint (SHA1): CB:A1:C5:F8:B0:E3:5E:B8:B9:45:12:D3:F9:34:A2:E9:06:10:D3:36 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "AC Ra\xC3\xADz Certic\xC3\xA1mara S.A." -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\313\241\305\370\260\343\136\270\271\105\022\323\371\064\242\351 -\006\020\323\066 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\223\052\076\366\375\043\151\015\161\040\324\053\107\231\053\246 -END -CKA_ISSUER MULTILINE_OCTAL -\060\173\061\013\060\011\006\003\125\004\006\023\002\103\117\061 -\107\060\105\006\003\125\004\012\014\076\123\157\143\151\145\144 -\141\144\040\103\141\155\145\162\141\154\040\144\145\040\103\145 -\162\164\151\146\151\143\141\143\151\303\263\156\040\104\151\147 -\151\164\141\154\040\055\040\103\145\162\164\151\143\303\241\155 -\141\162\141\040\123\056\101\056\061\043\060\041\006\003\125\004 -\003\014\032\101\103\040\122\141\303\255\172\040\103\145\162\164 -\151\143\303\241\155\141\162\141\040\123\056\101\056 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\017\007\176\122\223\173\340\025\343\127\360\151\214\313\354 -\014 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - # # Certificate "Deutsche Telekom Root CA 2" # @@ -18878,707 +18691,6 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE -# -# Certificate "Certplus Root CA G1" -# -# Issuer: CN=Certplus Root CA G1,O=Certplus,C=FR -# Serial Number:11:20:55:83:e4:2d:3e:54:56:85:2d:83:37:b7:2c:dc:46:11 -# Subject: CN=Certplus Root CA G1,O=Certplus,C=FR -# Not Valid Before: Mon May 26 00:00:00 2014 -# Not Valid After : Fri Jan 15 00:00:00 2038 -# Fingerprint (SHA-256): 15:2A:40:2B:FC:DF:2C:D5:48:05:4D:22:75:B3:9C:7F:CA:3E:C0:97:80:78:B0:F0:EA:76:E5:61:A6:C7:43:3E -# Fingerprint (SHA1): 22:FD:D0:B7:FD:A2:4E:0D:AC:49:2C:A0:AC:A6:7B:6A:1F:E3:F7:66 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Certplus Root CA G1" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\076\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\021\060\017\006\003\125\004\012\014\010\103\145\162\164\160\154 -\165\163\061\034\060\032\006\003\125\004\003\014\023\103\145\162 -\164\160\154\165\163\040\122\157\157\164\040\103\101\040\107\061 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\076\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\021\060\017\006\003\125\004\012\014\010\103\145\162\164\160\154 -\165\163\061\034\060\032\006\003\125\004\003\014\023\103\145\162 -\164\160\154\165\163\040\122\157\157\164\040\103\101\040\107\061 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\022\021\040\125\203\344\055\076\124\126\205\055\203\067\267 -\054\334\106\021 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\153\060\202\003\123\240\003\002\001\002\002\022\021 -\040\125\203\344\055\076\124\126\205\055\203\067\267\054\334\106 -\021\060\015\006\011\052\206\110\206\367\015\001\001\015\005\000 -\060\076\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\021\060\017\006\003\125\004\012\014\010\103\145\162\164\160\154 -\165\163\061\034\060\032\006\003\125\004\003\014\023\103\145\162 -\164\160\154\165\163\040\122\157\157\164\040\103\101\040\107\061 -\060\036\027\015\061\064\060\065\062\066\060\060\060\060\060\060 -\132\027\015\063\070\060\061\061\065\060\060\060\060\060\060\132 -\060\076\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\021\060\017\006\003\125\004\012\014\010\103\145\162\164\160\154 -\165\163\061\034\060\032\006\003\125\004\003\014\023\103\145\162 -\164\160\154\165\163\040\122\157\157\164\040\103\101\040\107\061 -\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001\001 -\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002\001 -\000\332\120\207\266\332\270\251\076\235\144\372\126\063\232\126 -\075\026\345\003\225\262\064\034\232\155\142\005\324\330\217\347 -\211\144\237\272\333\144\213\144\346\171\052\141\315\257\217\132 -\211\221\145\271\130\374\264\003\137\221\077\055\020\025\340\176 -\317\274\374\177\103\147\250\255\136\066\043\330\230\263\115\363 -\103\236\071\174\052\374\354\210\325\210\356\160\275\205\026\055 -\352\113\211\074\243\161\102\376\034\375\323\034\055\020\270\206 -\124\352\103\270\333\306\207\332\250\256\200\045\317\172\046\035 -\252\221\260\110\157\256\265\336\236\330\327\372\000\375\306\217 -\320\121\273\142\175\244\261\214\262\377\040\021\272\065\143\005 -\206\107\140\103\063\220\366\107\242\003\117\226\115\235\117\301 -\352\352\234\242\376\064\056\336\267\312\033\166\244\267\255\237 -\351\250\324\170\077\170\376\362\070\011\066\035\322\026\002\310 -\354\052\150\257\365\216\224\357\055\023\172\036\102\112\035\025 -\061\256\014\004\127\374\141\163\363\061\126\206\061\200\240\304 -\021\156\060\166\343\224\360\137\004\304\254\207\162\211\230\305 -\235\314\127\010\232\364\014\374\175\172\005\072\372\107\200\071 -\266\317\204\023\167\157\047\352\377\226\147\027\010\155\351\015 -\326\043\120\060\260\025\164\023\076\345\057\377\016\315\304\013 -\112\135\360\330\000\063\111\146\353\241\030\174\131\056\075\050 -\271\141\161\313\265\245\272\270\352\334\342\160\157\010\152\334 -\207\147\064\357\337\060\162\335\363\311\077\043\377\065\341\276 -\041\051\040\060\201\344\031\245\040\351\045\312\163\061\164\051 -\276\342\102\325\363\262\046\146\307\150\375\031\263\347\040\223 -\231\350\135\340\136\207\347\106\350\045\234\012\051\044\324\315 -\130\206\122\100\044\262\173\017\230\022\040\044\366\220\154\107 -\310\015\273\030\040\056\331\375\374\213\362\051\352\207\164\225 -\340\102\120\170\204\004\101\141\260\364\041\043\217\055\313\050 -\041\362\152\154\364\032\246\305\024\264\067\145\117\225\375\200 -\310\370\162\345\045\153\304\140\261\173\155\216\112\212\163\316 -\131\373\160\172\163\006\023\331\323\164\067\044\101\012\021\157 -\227\334\347\344\176\241\275\025\362\272\207\017\075\150\212\026 -\007\002\003\001\000\001\243\143\060\141\060\016\006\003\125\035 -\017\001\001\377\004\004\003\002\001\006\060\017\006\003\125\035 -\023\001\001\377\004\005\060\003\001\001\377\060\035\006\003\125 -\035\016\004\026\004\024\250\301\300\233\221\250\103\025\174\135 -\006\047\264\052\121\330\227\013\201\261\060\037\006\003\125\035 -\043\004\030\060\026\200\024\250\301\300\233\221\250\103\025\174 -\135\006\047\264\052\121\330\227\013\201\261\060\015\006\011\052 -\206\110\206\367\015\001\001\015\005\000\003\202\002\001\000\234 -\126\157\001\176\321\275\114\365\212\306\360\046\037\344\340\070 -\030\314\062\303\051\073\235\101\051\064\141\306\327\360\000\241 -\353\244\162\217\224\027\274\023\054\165\264\127\356\012\174\011 -\172\334\325\312\241\320\064\023\370\167\253\237\345\376\330\036 -\164\212\205\007\217\177\314\171\172\312\226\315\315\375\117\373 -\375\043\015\220\365\364\136\323\306\141\175\236\021\340\002\356 -\011\004\331\007\335\246\212\267\014\203\044\273\203\120\222\376 -\140\165\021\076\330\235\260\212\172\265\340\235\233\313\220\122 -\113\260\223\052\324\076\026\063\345\236\306\145\025\076\144\073 -\004\077\333\014\217\137\134\035\151\037\257\363\351\041\214\363 -\357\227\366\232\267\031\266\204\164\234\243\124\265\160\116\143 -\330\127\135\123\041\233\100\222\103\372\326\167\125\063\117\144 -\325\373\320\054\152\216\155\045\246\357\205\350\002\304\123\076 -\271\236\207\274\314\065\032\336\241\351\212\143\207\145\036\021 -\052\333\143\167\227\024\276\232\024\231\021\262\300\356\260\117 -\370\024\041\062\103\117\237\253\242\313\250\017\252\073\006\125 -\306\022\051\127\010\324\067\327\207\047\255\111\131\247\221\253 -\104\172\136\215\160\333\227\316\110\120\261\163\223\366\360\203 -\140\371\315\361\341\061\375\133\174\161\041\143\024\024\252\257 -\305\336\223\176\150\261\354\042\242\252\220\165\236\265\103\162 -\352\144\243\204\113\375\014\250\046\153\161\227\356\126\143\146 -\350\102\124\371\307\035\337\320\217\133\337\310\060\157\210\376 -\015\304\063\034\123\250\243\375\110\020\362\344\012\116\341\025 -\127\374\156\144\060\302\125\021\334\352\251\315\112\124\254\051 -\143\104\317\112\100\240\326\150\131\033\063\371\357\072\213\333 -\040\222\334\102\204\277\001\253\207\300\325\040\202\333\306\271 -\203\205\102\134\017\103\073\152\111\065\325\230\364\025\277\372 -\141\201\014\011\040\030\322\320\027\014\313\110\000\120\351\166 -\202\214\144\327\072\240\007\125\314\036\061\300\357\072\264\145 -\373\343\277\102\153\236\017\250\275\153\230\334\330\333\313\213 -\244\335\327\131\364\156\335\376\252\303\221\320\056\102\007\300 -\014\115\123\315\044\261\114\133\036\121\364\337\351\222\372 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE - -# Trust for "Certplus Root CA G1" -# Issuer: CN=Certplus Root CA G1,O=Certplus,C=FR -# Serial Number:11:20:55:83:e4:2d:3e:54:56:85:2d:83:37:b7:2c:dc:46:11 -# Subject: CN=Certplus Root CA G1,O=Certplus,C=FR -# Not Valid Before: Mon May 26 00:00:00 2014 -# Not Valid After : Fri Jan 15 00:00:00 2038 -# Fingerprint (SHA-256): 15:2A:40:2B:FC:DF:2C:D5:48:05:4D:22:75:B3:9C:7F:CA:3E:C0:97:80:78:B0:F0:EA:76:E5:61:A6:C7:43:3E -# Fingerprint (SHA1): 22:FD:D0:B7:FD:A2:4E:0D:AC:49:2C:A0:AC:A6:7B:6A:1F:E3:F7:66 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Certplus Root CA G1" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\042\375\320\267\375\242\116\015\254\111\054\240\254\246\173\152 -\037\343\367\146 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\177\011\234\367\331\271\134\151\151\126\325\067\076\024\015\102 -END -CKA_ISSUER MULTILINE_OCTAL -\060\076\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\021\060\017\006\003\125\004\012\014\010\103\145\162\164\160\154 -\165\163\061\034\060\032\006\003\125\004\003\014\023\103\145\162 -\164\160\154\165\163\040\122\157\157\164\040\103\101\040\107\061 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\022\021\040\125\203\344\055\076\124\126\205\055\203\067\267 -\054\334\106\021 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "Certplus Root CA G2" -# -# Issuer: CN=Certplus Root CA G2,O=Certplus,C=FR -# Serial Number:11:20:d9:91:ce:ae:a3:e8:c5:e7:ff:e9:02:af:cf:73:bc:55 -# Subject: CN=Certplus Root CA G2,O=Certplus,C=FR -# Not Valid Before: Mon May 26 00:00:00 2014 -# Not Valid After : Fri Jan 15 00:00:00 2038 -# Fingerprint (SHA-256): 6C:C0:50:41:E6:44:5E:74:69:6C:4C:FB:C9:F8:0F:54:3B:7E:AB:BB:44:B4:CE:6F:78:7C:6A:99:71:C4:2F:17 -# Fingerprint (SHA1): 4F:65:8E:1F:E9:06:D8:28:02:E9:54:47:41:C9:54:25:5D:69:CC:1A -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Certplus Root CA G2" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\076\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\021\060\017\006\003\125\004\012\014\010\103\145\162\164\160\154 -\165\163\061\034\060\032\006\003\125\004\003\014\023\103\145\162 -\164\160\154\165\163\040\122\157\157\164\040\103\101\040\107\062 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\076\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\021\060\017\006\003\125\004\012\014\010\103\145\162\164\160\154 -\165\163\061\034\060\032\006\003\125\004\003\014\023\103\145\162 -\164\160\154\165\163\040\122\157\157\164\040\103\101\040\107\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\022\021\040\331\221\316\256\243\350\305\347\377\351\002\257 -\317\163\274\125 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\002\034\060\202\001\242\240\003\002\001\002\002\022\021 -\040\331\221\316\256\243\350\305\347\377\351\002\257\317\163\274 -\125\060\012\006\010\052\206\110\316\075\004\003\003\060\076\061 -\013\060\011\006\003\125\004\006\023\002\106\122\061\021\060\017 -\006\003\125\004\012\014\010\103\145\162\164\160\154\165\163\061 -\034\060\032\006\003\125\004\003\014\023\103\145\162\164\160\154 -\165\163\040\122\157\157\164\040\103\101\040\107\062\060\036\027 -\015\061\064\060\065\062\066\060\060\060\060\060\060\132\027\015 -\063\070\060\061\061\065\060\060\060\060\060\060\132\060\076\061 -\013\060\011\006\003\125\004\006\023\002\106\122\061\021\060\017 -\006\003\125\004\012\014\010\103\145\162\164\160\154\165\163\061 -\034\060\032\006\003\125\004\003\014\023\103\145\162\164\160\154 -\165\163\040\122\157\157\164\040\103\101\040\107\062\060\166\060 -\020\006\007\052\206\110\316\075\002\001\006\005\053\201\004\000 -\042\003\142\000\004\315\017\133\126\202\337\360\105\032\326\255 -\367\171\360\035\311\254\226\326\236\116\234\037\264\102\021\312 -\206\277\155\373\205\243\305\345\031\134\327\356\246\077\151\147 -\330\170\342\246\311\304\333\055\171\056\347\213\215\002\157\061 -\042\115\006\343\140\162\105\235\016\102\167\236\316\317\345\177 -\205\233\030\344\374\314\056\162\323\026\223\116\312\231\143\134 -\241\005\052\154\006\243\143\060\141\060\016\006\003\125\035\017 -\001\001\377\004\004\003\002\001\006\060\017\006\003\125\035\023 -\001\001\377\004\005\060\003\001\001\377\060\035\006\003\125\035 -\016\004\026\004\024\332\203\143\002\171\216\332\114\306\074\043 -\024\330\217\303\040\253\050\140\131\060\037\006\003\125\035\043 -\004\030\060\026\200\024\332\203\143\002\171\216\332\114\306\074 -\043\024\330\217\303\040\253\050\140\131\060\012\006\010\052\206 -\110\316\075\004\003\003\003\150\000\060\145\002\060\160\376\260 -\013\331\367\203\227\354\363\125\035\324\334\263\006\016\376\063 -\230\235\213\071\220\153\224\041\355\266\327\135\326\114\327\041 -\247\347\277\041\017\053\315\367\052\334\205\007\235\002\061\000 -\206\024\026\345\334\260\145\302\300\216\024\237\277\044\026\150 -\345\274\371\171\151\334\255\105\053\367\266\061\163\314\006\245 -\123\223\221\032\223\256\160\152\147\272\327\236\345\141\032\137 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE - -# Trust for "Certplus Root CA G2" -# Issuer: CN=Certplus Root CA G2,O=Certplus,C=FR -# Serial Number:11:20:d9:91:ce:ae:a3:e8:c5:e7:ff:e9:02:af:cf:73:bc:55 -# Subject: CN=Certplus Root CA G2,O=Certplus,C=FR -# Not Valid Before: Mon May 26 00:00:00 2014 -# Not Valid After : Fri Jan 15 00:00:00 2038 -# Fingerprint (SHA-256): 6C:C0:50:41:E6:44:5E:74:69:6C:4C:FB:C9:F8:0F:54:3B:7E:AB:BB:44:B4:CE:6F:78:7C:6A:99:71:C4:2F:17 -# Fingerprint (SHA1): 4F:65:8E:1F:E9:06:D8:28:02:E9:54:47:41:C9:54:25:5D:69:CC:1A -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Certplus Root CA G2" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\117\145\216\037\351\006\330\050\002\351\124\107\101\311\124\045 -\135\151\314\032 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\247\356\304\170\055\033\356\055\271\051\316\326\247\226\062\061 -END -CKA_ISSUER MULTILINE_OCTAL -\060\076\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\021\060\017\006\003\125\004\012\014\010\103\145\162\164\160\154 -\165\163\061\034\060\032\006\003\125\004\003\014\023\103\145\162 -\164\160\154\165\163\040\122\157\157\164\040\103\101\040\107\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\022\021\040\331\221\316\256\243\350\305\347\377\351\002\257 -\317\163\274\125 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "OpenTrust Root CA G1" -# -# Issuer: CN=OpenTrust Root CA G1,O=OpenTrust,C=FR -# Serial Number:11:20:b3:90:55:39:7d:7f:36:6d:64:c2:a7:9f:6b:63:8e:67 -# Subject: CN=OpenTrust Root CA G1,O=OpenTrust,C=FR -# Not Valid Before: Mon May 26 08:45:50 2014 -# Not Valid After : Fri Jan 15 00:00:00 2038 -# Fingerprint (SHA-256): 56:C7:71:28:D9:8C:18:D9:1B:4C:FD:FF:BC:25:EE:91:03:D4:75:8E:A2:AB:AD:82:6A:90:F3:45:7D:46:0E:B4 -# Fingerprint (SHA1): 79:91:E8:34:F7:E2:EE:DD:08:95:01:52:E9:55:2D:14:E9:58:D5:7E -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "OpenTrust Root CA G1" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\022\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162 -\165\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160 -\145\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040 -\107\061 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\022\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162 -\165\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160 -\145\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040 -\107\061 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\022\021\040\263\220\125\071\175\177\066\155\144\302\247\237 -\153\143\216\147 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\157\060\202\003\127\240\003\002\001\002\002\022\021 -\040\263\220\125\071\175\177\066\155\144\302\247\237\153\143\216 -\147\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000 -\060\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\022\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162 -\165\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160 -\145\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040 -\107\061\060\036\027\015\061\064\060\065\062\066\060\070\064\065 -\065\060\132\027\015\063\070\060\061\061\065\060\060\060\060\060 -\060\132\060\100\061\013\060\011\006\003\125\004\006\023\002\106 -\122\061\022\060\020\006\003\125\004\012\014\011\117\160\145\156 -\124\162\165\163\164\061\035\060\033\006\003\125\004\003\014\024 -\117\160\145\156\124\162\165\163\164\040\122\157\157\164\040\103 -\101\040\107\061\060\202\002\042\060\015\006\011\052\206\110\206 -\367\015\001\001\001\005\000\003\202\002\017\000\060\202\002\012 -\002\202\002\001\000\370\171\106\332\226\305\060\136\212\161\003 -\055\160\244\273\260\305\010\334\315\346\065\300\200\244\021\055 -\335\346\207\256\135\075\221\322\207\154\067\267\332\142\236\233 -\302\044\327\217\361\333\246\246\337\106\157\121\246\161\313\076 -\033\061\147\142\367\021\133\064\047\325\171\116\214\233\130\275 -\042\020\015\134\047\014\335\060\345\250\323\135\041\070\164\027 -\376\343\037\266\117\073\153\055\333\175\140\037\214\175\114\005 -\302\353\001\026\025\230\024\216\321\220\167\042\077\354\302\071 -\270\171\072\360\111\044\342\225\221\334\141\064\222\214\124\164 -\357\261\175\214\001\342\070\175\301\137\152\137\044\262\216\142 -\027\255\171\040\255\253\035\267\340\264\226\110\117\146\103\020 -\006\026\044\003\341\340\234\216\306\106\117\216\032\231\341\217 -\271\216\063\154\151\336\130\255\240\016\247\144\124\021\151\104 -\146\117\114\022\247\216\054\175\304\324\133\305\000\064\060\301 -\331\231\376\062\316\007\204\264\116\315\012\377\066\115\142\361 -\247\143\127\344\333\152\247\256\277\053\271\311\346\262\047\211 -\345\176\232\034\115\150\306\301\030\336\063\053\121\106\113\034 -\216\367\075\014\371\212\064\024\304\373\063\065\043\361\314\361 -\052\307\245\273\260\242\316\376\123\153\115\101\033\146\050\262 -\226\372\247\256\012\116\271\071\063\104\234\164\301\223\034\370 -\340\236\044\045\103\361\233\043\202\252\337\054\040\260\334\066 -\116\003\263\174\002\324\346\173\032\252\207\023\277\076\241\164 -\273\233\016\341\300\223\237\327\244\146\312\273\033\073\343\060 -\364\063\131\212\007\162\003\125\347\163\152\003\061\156\157\226 -\033\343\242\237\257\222\307\355\365\102\267\045\114\073\023\004 -\317\034\226\257\034\042\243\320\253\005\262\114\022\043\122\334 -\375\031\133\047\234\036\073\172\375\102\043\333\043\200\023\360 -\274\121\025\124\224\246\167\076\320\164\121\275\121\024\010\071 -\067\313\037\064\251\060\235\122\204\056\125\220\261\272\337\125 -\000\013\330\126\055\261\111\111\162\200\251\142\327\300\366\030 -\021\004\125\315\164\173\317\141\160\171\364\173\054\134\134\222 -\374\345\270\132\253\114\223\225\241\047\356\245\276\317\161\043 -\102\272\233\166\055\002\003\001\000\001\243\143\060\141\060\016 -\006\003\125\035\017\001\001\377\004\004\003\002\001\006\060\017 -\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060 -\035\006\003\125\035\016\004\026\004\024\227\106\041\127\041\065 -\332\066\125\307\363\361\067\160\345\010\366\223\051\266\060\037 -\006\003\125\035\043\004\030\060\026\200\024\227\106\041\127\041 -\065\332\066\125\307\363\361\067\160\345\010\366\223\051\266\060 -\015\006\011\052\206\110\206\367\015\001\001\013\005\000\003\202 -\002\001\000\035\335\002\140\174\340\065\247\346\230\173\352\104 -\316\147\100\117\362\223\156\146\324\071\211\046\254\323\115\004 -\074\273\207\041\077\067\364\161\045\332\113\272\253\226\202\201 -\221\266\355\331\261\244\145\227\342\157\144\131\244\226\356\140 -\312\037\043\373\105\272\377\217\044\360\312\251\061\177\171\037 -\200\263\055\062\272\144\147\140\257\271\131\315\337\232\111\323 -\250\202\261\371\230\224\212\314\340\273\340\004\033\231\140\261 -\106\145\334\010\242\262\106\236\104\210\352\223\176\127\026\322 -\025\162\137\056\113\253\324\235\143\270\343\110\345\376\204\056 -\130\012\237\103\035\376\267\030\222\206\103\113\016\234\062\206 -\054\140\365\351\110\352\225\355\160\051\361\325\057\375\065\264 -\127\317\333\205\110\231\271\302\157\154\217\315\170\225\254\144 -\050\375\126\260\303\157\303\276\131\122\341\137\204\217\200\362 -\364\015\066\255\166\263\243\265\341\144\166\072\130\334\175\117 -\136\126\154\345\125\131\127\245\337\361\212\146\060\214\324\122 -\142\070\167\264\276\050\327\312\066\304\233\005\360\370\025\333 -\333\361\357\064\235\035\170\112\210\126\147\156\140\377\217\310 -\213\341\216\275\102\251\063\012\131\102\022\022\052\372\261\235 -\103\216\005\233\231\332\142\255\127\066\263\035\266\015\171\055 -\226\270\353\362\014\113\014\245\224\306\060\247\046\031\055\355 -\114\006\120\060\361\375\130\075\271\113\027\137\031\264\152\204 -\124\264\070\117\071\242\015\226\150\303\050\224\375\355\055\037 -\112\153\103\226\056\220\001\020\373\070\246\201\013\320\277\165 -\323\324\271\316\361\077\157\016\034\036\067\161\345\030\207\165 -\031\077\120\271\136\244\105\064\255\260\312\346\345\023\166\017 -\061\024\251\216\055\224\326\325\205\115\163\025\117\113\362\262 -\076\355\154\275\375\016\235\146\163\260\075\264\367\277\250\340 -\021\244\304\256\165\011\112\143\000\110\040\246\306\235\013\011 -\212\264\340\346\316\076\307\076\046\070\351\053\336\246\010\111 -\003\004\220\212\351\217\277\350\266\264\052\243\043\215\034\034 -\262\071\222\250\217\002\134\100\071\165\324\163\101\002\167\336 -\315\340\103\207\326\344\272\112\303\154\022\177\376\052\346\043 -\326\214\161 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE - -# Trust for "OpenTrust Root CA G1" -# Issuer: CN=OpenTrust Root CA G1,O=OpenTrust,C=FR -# Serial Number:11:20:b3:90:55:39:7d:7f:36:6d:64:c2:a7:9f:6b:63:8e:67 -# Subject: CN=OpenTrust Root CA G1,O=OpenTrust,C=FR -# Not Valid Before: Mon May 26 08:45:50 2014 -# Not Valid After : Fri Jan 15 00:00:00 2038 -# Fingerprint (SHA-256): 56:C7:71:28:D9:8C:18:D9:1B:4C:FD:FF:BC:25:EE:91:03:D4:75:8E:A2:AB:AD:82:6A:90:F3:45:7D:46:0E:B4 -# Fingerprint (SHA1): 79:91:E8:34:F7:E2:EE:DD:08:95:01:52:E9:55:2D:14:E9:58:D5:7E -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "OpenTrust Root CA G1" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\171\221\350\064\367\342\356\335\010\225\001\122\351\125\055\024 -\351\130\325\176 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\166\000\314\201\051\315\125\136\210\152\172\056\367\115\071\332 -END -CKA_ISSUER MULTILINE_OCTAL -\060\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\022\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162 -\165\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160 -\145\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040 -\107\061 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\022\021\040\263\220\125\071\175\177\066\155\144\302\247\237 -\153\143\216\147 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "OpenTrust Root CA G2" -# -# Issuer: CN=OpenTrust Root CA G2,O=OpenTrust,C=FR -# Serial Number:11:20:a1:69:1b:bf:bd:b9:bd:52:96:8f:23:e8:48:bf:26:11 -# Subject: CN=OpenTrust Root CA G2,O=OpenTrust,C=FR -# Not Valid Before: Mon May 26 00:00:00 2014 -# Not Valid After : Fri Jan 15 00:00:00 2038 -# Fingerprint (SHA-256): 27:99:58:29:FE:6A:75:15:C1:BF:E8:48:F9:C4:76:1D:B1:6C:22:59:29:25:7B:F4:0D:08:94:F2:9E:A8:BA:F2 -# Fingerprint (SHA1): 79:5F:88:60:C5:AB:7C:3D:92:E6:CB:F4:8D:E1:45:CD:11:EF:60:0B -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "OpenTrust Root CA G2" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\022\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162 -\165\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160 -\145\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040 -\107\062 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\022\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162 -\165\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160 -\145\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040 -\107\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\022\021\040\241\151\033\277\275\271\275\122\226\217\043\350 -\110\277\046\021 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\157\060\202\003\127\240\003\002\001\002\002\022\021 -\040\241\151\033\277\275\271\275\122\226\217\043\350\110\277\046 -\021\060\015\006\011\052\206\110\206\367\015\001\001\015\005\000 -\060\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\022\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162 -\165\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160 -\145\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040 -\107\062\060\036\027\015\061\064\060\065\062\066\060\060\060\060 -\060\060\132\027\015\063\070\060\061\061\065\060\060\060\060\060 -\060\132\060\100\061\013\060\011\006\003\125\004\006\023\002\106 -\122\061\022\060\020\006\003\125\004\012\014\011\117\160\145\156 -\124\162\165\163\164\061\035\060\033\006\003\125\004\003\014\024 -\117\160\145\156\124\162\165\163\164\040\122\157\157\164\040\103 -\101\040\107\062\060\202\002\042\060\015\006\011\052\206\110\206 -\367\015\001\001\001\005\000\003\202\002\017\000\060\202\002\012 -\002\202\002\001\000\314\266\127\245\063\224\020\201\062\123\337 -\141\176\017\166\071\317\134\302\123\165\035\111\172\226\070\335 -\242\163\152\361\157\336\136\242\132\271\161\041\276\066\331\241 -\374\274\356\154\250\174\064\032\161\032\350\032\330\137\016\104 -\006\355\247\340\363\322\141\013\340\062\242\226\321\070\360\302 -\332\001\027\374\344\254\117\350\356\211\036\164\253\117\277\036 -\011\266\066\152\126\363\341\356\226\211\146\044\006\344\315\102 -\072\112\335\340\232\260\304\202\105\263\376\311\253\134\174\076 -\311\353\027\057\014\175\156\256\245\217\310\254\045\012\157\372 -\325\105\230\322\065\011\366\003\103\224\376\331\277\040\225\171 -\200\230\212\331\211\065\273\121\033\244\067\175\374\231\073\253 -\377\277\254\015\217\103\261\231\173\026\020\176\035\157\107\304 -\025\217\004\226\010\006\102\004\370\204\326\035\274\221\246\102 -\276\111\325\152\210\077\274\055\121\321\236\215\340\122\314\127 -\335\065\065\130\333\264\217\044\210\344\213\337\334\153\124\322 -\201\053\262\316\222\113\034\037\106\372\035\330\222\313\166\147 -\265\011\231\011\345\254\027\024\125\160\306\074\240\126\012\003 -\263\334\142\031\337\310\265\060\177\365\074\046\165\021\275\327 -\033\263\207\236\007\257\145\161\345\240\317\032\247\011\020\035 -\223\211\146\133\350\074\142\062\265\265\072\156\351\205\001\213 -\236\103\214\147\163\050\131\133\353\343\334\054\314\245\046\162 -\142\022\264\346\234\203\104\366\121\244\342\300\172\044\127\312 -\016\245\077\072\265\073\213\345\166\356\160\346\222\336\026\134 -\050\133\227\031\047\222\376\172\222\124\316\223\071\012\026\207 -\274\143\263\365\261\223\134\340\156\267\320\352\371\142\062\210 -\104\373\277\047\050\266\060\225\135\022\050\271\225\276\217\123 -\030\345\242\030\026\342\126\244\262\054\020\365\035\067\246\370 -\267\366\320\131\134\211\367\302\325\265\224\164\321\325\376\033 -\266\360\346\326\036\173\322\074\313\250\343\365\030\363\041\037 -\156\357\115\150\006\173\055\135\156\103\211\246\300\371\240\277 -\202\036\317\123\177\264\353\054\333\135\366\152\175\100\044\005 -\162\211\070\001\223\313\161\302\071\135\006\021\366\157\170\370 -\067\015\071\204\047\002\003\001\000\001\243\143\060\141\060\016 -\006\003\125\035\017\001\001\377\004\004\003\002\001\006\060\017 -\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060 -\035\006\003\125\035\016\004\026\004\024\152\071\372\102\042\367 -\346\211\000\115\136\175\063\203\313\270\156\167\206\257\060\037 -\006\003\125\035\043\004\030\060\026\200\024\152\071\372\102\042 -\367\346\211\000\115\136\175\063\203\313\270\156\167\206\257\060 -\015\006\011\052\206\110\206\367\015\001\001\015\005\000\003\202 -\002\001\000\230\313\253\100\074\345\063\002\227\177\055\207\246 -\217\324\136\112\257\270\036\347\273\161\373\200\144\045\251\263 -\032\076\150\135\047\046\247\272\052\341\360\127\203\012\144\117 -\036\042\164\033\351\220\137\360\254\317\377\117\150\172\070\244 -\020\154\015\261\307\244\167\200\030\266\242\050\104\166\247\064 -\235\161\204\057\312\131\322\107\210\231\101\042\311\060\230\141 -\156\075\250\250\005\155\321\037\300\121\104\126\177\047\065\002 -\335\136\230\012\102\353\060\277\215\241\233\121\252\073\352\223 -\106\144\305\000\171\336\041\153\366\127\240\206\327\006\162\354 -\160\106\113\213\163\335\240\041\165\076\334\035\300\217\323\117 -\163\034\205\331\376\177\142\310\225\157\266\323\173\214\272\123 -\302\157\233\104\114\171\320\035\160\263\327\237\002\364\262\007 -\260\307\345\370\255\043\016\246\126\311\051\022\167\110\331\057 -\106\375\073\360\374\164\160\222\245\216\070\010\037\144\060\266 -\267\113\373\066\254\020\216\240\122\063\143\235\003\065\126\305 -\151\275\306\043\132\047\224\366\244\022\370\055\063\074\241\126 -\245\137\326\031\351\355\174\010\275\167\315\047\144\314\224\332 -\116\106\120\207\340\371\301\123\200\036\273\255\373\107\122\213 -\033\375\242\371\336\016\042\267\075\063\131\154\324\336\365\225 -\006\062\015\121\031\101\134\076\117\006\367\271\053\200\047\366 -\243\252\172\174\006\341\103\303\023\071\142\032\066\275\340\050 -\056\224\002\344\051\056\140\125\256\100\075\260\164\222\136\360 -\040\144\226\077\137\105\135\210\265\212\332\002\240\133\105\124 -\336\070\075\011\300\250\112\145\106\026\374\252\277\124\116\115 -\133\276\070\103\267\050\312\213\063\252\032\045\272\045\134\051 -\057\133\112\156\214\352\055\234\052\366\005\166\340\167\227\200 -\210\335\147\023\157\035\150\044\213\117\267\164\201\345\364\140 -\237\172\125\327\076\067\332\026\153\076\167\254\256\030\160\225 -\010\171\051\003\212\376\301\073\263\077\032\017\244\073\136\037 -\130\241\225\311\253\057\163\112\320\055\156\232\131\017\125\030 -\170\055\074\121\246\227\213\346\273\262\160\252\114\021\336\377 -\174\053\067\324\172\321\167\064\217\347\371\102\367\074\201\014 -\113\122\012 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE - -# Trust for "OpenTrust Root CA G2" -# Issuer: CN=OpenTrust Root CA G2,O=OpenTrust,C=FR -# Serial Number:11:20:a1:69:1b:bf:bd:b9:bd:52:96:8f:23:e8:48:bf:26:11 -# Subject: CN=OpenTrust Root CA G2,O=OpenTrust,C=FR -# Not Valid Before: Mon May 26 00:00:00 2014 -# Not Valid After : Fri Jan 15 00:00:00 2038 -# Fingerprint (SHA-256): 27:99:58:29:FE:6A:75:15:C1:BF:E8:48:F9:C4:76:1D:B1:6C:22:59:29:25:7B:F4:0D:08:94:F2:9E:A8:BA:F2 -# Fingerprint (SHA1): 79:5F:88:60:C5:AB:7C:3D:92:E6:CB:F4:8D:E1:45:CD:11:EF:60:0B -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "OpenTrust Root CA G2" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\171\137\210\140\305\253\174\075\222\346\313\364\215\341\105\315 -\021\357\140\013 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\127\044\266\131\044\153\256\310\376\034\014\040\362\300\116\353 -END -CKA_ISSUER MULTILINE_OCTAL -\060\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\022\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162 -\165\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160 -\145\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040 -\107\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\022\021\040\241\151\033\277\275\271\275\122\226\217\043\350 -\110\277\046\021 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - -# -# Certificate "OpenTrust Root CA G3" -# -# Issuer: CN=OpenTrust Root CA G3,O=OpenTrust,C=FR -# Serial Number:11:20:e6:f8:4c:fc:24:b0:be:05:40:ac:da:83:1b:34:60:3f -# Subject: CN=OpenTrust Root CA G3,O=OpenTrust,C=FR -# Not Valid Before: Mon May 26 00:00:00 2014 -# Not Valid After : Fri Jan 15 00:00:00 2038 -# Fingerprint (SHA-256): B7:C3:62:31:70:6E:81:07:8C:36:7C:B8:96:19:8F:1E:32:08:DD:92:69:49:DD:8F:57:09:A4:10:F7:5B:62:92 -# Fingerprint (SHA1): 6E:26:64:F3:56:BF:34:55:BF:D1:93:3F:7C:01:DE:D8:13:DA:8A:A6 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "OpenTrust Root CA G3" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\022\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162 -\165\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160 -\145\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040 -\107\063 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\022\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162 -\165\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160 -\145\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040 -\107\063 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\022\021\040\346\370\114\374\044\260\276\005\100\254\332\203 -\033\064\140\077 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\002\041\060\202\001\246\240\003\002\001\002\002\022\021 -\040\346\370\114\374\044\260\276\005\100\254\332\203\033\064\140 -\077\060\012\006\010\052\206\110\316\075\004\003\003\060\100\061 -\013\060\011\006\003\125\004\006\023\002\106\122\061\022\060\020 -\006\003\125\004\012\014\011\117\160\145\156\124\162\165\163\164 -\061\035\060\033\006\003\125\004\003\014\024\117\160\145\156\124 -\162\165\163\164\040\122\157\157\164\040\103\101\040\107\063\060 -\036\027\015\061\064\060\065\062\066\060\060\060\060\060\060\132 -\027\015\063\070\060\061\061\065\060\060\060\060\060\060\132\060 -\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061\022 -\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162\165 -\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160\145 -\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040\107 -\063\060\166\060\020\006\007\052\206\110\316\075\002\001\006\005 -\053\201\004\000\042\003\142\000\004\112\356\130\256\115\312\146 -\336\006\072\243\021\374\340\030\360\156\034\272\055\060\014\211 -\331\326\356\233\163\203\251\043\025\214\057\131\212\132\335\024 -\352\235\131\053\103\267\006\354\062\266\272\356\101\265\255\135 -\241\205\314\352\035\024\146\243\147\176\106\342\224\363\347\266 -\126\241\025\131\241\117\067\227\271\042\036\275\021\353\364\262 -\037\136\303\024\232\345\331\227\231\243\143\060\141\060\016\006 -\003\125\035\017\001\001\377\004\004\003\002\001\006\060\017\006 -\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060\035 -\006\003\125\035\016\004\026\004\024\107\167\303\024\213\142\071 -\014\311\157\341\120\115\320\020\130\334\225\210\155\060\037\006 -\003\125\035\043\004\030\060\026\200\024\107\167\303\024\213\142 -\071\014\311\157\341\120\115\320\020\130\334\225\210\155\060\012 -\006\010\052\206\110\316\075\004\003\003\003\151\000\060\146\002 -\061\000\217\250\334\235\272\014\004\027\372\025\351\075\057\051 -\001\227\277\201\026\063\100\223\154\374\371\355\200\160\157\252 -\217\333\204\302\213\365\065\312\006\334\144\157\150\026\341\217 -\221\271\002\061\000\330\113\245\313\302\320\010\154\351\030\373 -\132\335\115\137\044\013\260\000\041\045\357\217\247\004\046\161 -\342\174\151\345\135\232\370\101\037\073\071\223\223\235\125\352 -\315\215\361\373\301 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE - -# Trust for "OpenTrust Root CA G3" -# Issuer: CN=OpenTrust Root CA G3,O=OpenTrust,C=FR -# Serial Number:11:20:e6:f8:4c:fc:24:b0:be:05:40:ac:da:83:1b:34:60:3f -# Subject: CN=OpenTrust Root CA G3,O=OpenTrust,C=FR -# Not Valid Before: Mon May 26 00:00:00 2014 -# Not Valid After : Fri Jan 15 00:00:00 2038 -# Fingerprint (SHA-256): B7:C3:62:31:70:6E:81:07:8C:36:7C:B8:96:19:8F:1E:32:08:DD:92:69:49:DD:8F:57:09:A4:10:F7:5B:62:92 -# Fingerprint (SHA1): 6E:26:64:F3:56:BF:34:55:BF:D1:93:3F:7C:01:DE:D8:13:DA:8A:A6 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "OpenTrust Root CA G3" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\156\046\144\363\126\277\064\125\277\321\223\077\174\001\336\330 -\023\332\212\246 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\041\067\264\027\026\222\173\147\106\160\251\226\327\250\023\044 -END -CKA_ISSUER MULTILINE_OCTAL -\060\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\022\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162 -\165\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160 -\145\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040 -\107\063 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\022\021\040\346\370\114\374\044\260\276\005\100\254\332\203 -\033\064\140\077 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - # # Certificate "ISRG Root X1" # @@ -23005,3 +22117,1039 @@ CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "GTS Root R1" +# +# Issuer: CN=GTS Root R1,O=Google Trust Services LLC,C=US +# Serial Number:6e:47:a9:c5:4b:47:0c:0d:ec:33:d0:89:b9:1c:f4:e1 +# Subject: CN=GTS Root R1,O=Google Trust Services LLC,C=US +# Not Valid Before: Wed Jun 22 00:00:00 2016 +# Not Valid After : Sun Jun 22 00:00:00 2036 +# Fingerprint (SHA-256): 2A:57:54:71:E3:13:40:BC:21:58:1C:BD:2C:F1:3E:15:84:63:20:3E:CE:94:BC:F9:D3:CC:19:6B:F0:9A:54:72 +# Fingerprint (SHA1): E1:C9:50:E6:EF:22:F8:4C:56:45:72:8B:92:20:60:D7:D5:A7:A3:E8 +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "GTS Root R1" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\042\060\040\006\003\125\004\012\023\031\107\157\157\147\154\145 +\040\124\162\165\163\164\040\123\145\162\166\151\143\145\163\040 +\114\114\103\061\024\060\022\006\003\125\004\003\023\013\107\124 +\123\040\122\157\157\164\040\122\061 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\042\060\040\006\003\125\004\012\023\031\107\157\157\147\154\145 +\040\124\162\165\163\164\040\123\145\162\166\151\143\145\163\040 +\114\114\103\061\024\060\022\006\003\125\004\003\023\013\107\124 +\123\040\122\157\157\164\040\122\061 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\156\107\251\305\113\107\014\015\354\063\320\211\271\034 +\364\341 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\005\132\060\202\003\102\240\003\002\001\002\002\020\156 +\107\251\305\113\107\014\015\354\063\320\211\271\034\364\341\060 +\015\006\011\052\206\110\206\367\015\001\001\014\005\000\060\107 +\061\013\060\011\006\003\125\004\006\023\002\125\123\061\042\060 +\040\006\003\125\004\012\023\031\107\157\157\147\154\145\040\124 +\162\165\163\164\040\123\145\162\166\151\143\145\163\040\114\114 +\103\061\024\060\022\006\003\125\004\003\023\013\107\124\123\040 +\122\157\157\164\040\122\061\060\036\027\015\061\066\060\066\062 +\062\060\060\060\060\060\060\132\027\015\063\066\060\066\062\062 +\060\060\060\060\060\060\132\060\107\061\013\060\011\006\003\125 +\004\006\023\002\125\123\061\042\060\040\006\003\125\004\012\023 +\031\107\157\157\147\154\145\040\124\162\165\163\164\040\123\145 +\162\166\151\143\145\163\040\114\114\103\061\024\060\022\006\003 +\125\004\003\023\013\107\124\123\040\122\157\157\164\040\122\061 +\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001\001 +\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002\001 +\000\266\021\002\213\036\343\241\167\233\073\334\277\224\076\267 +\225\247\100\074\241\375\202\371\175\062\006\202\161\366\366\214 +\177\373\350\333\274\152\056\227\227\243\214\113\371\053\366\261 +\371\316\204\035\261\371\305\227\336\357\271\362\243\351\274\022 +\211\136\247\252\122\253\370\043\047\313\244\261\234\143\333\327 +\231\176\360\012\136\353\150\246\364\306\132\107\015\115\020\063 +\343\116\261\023\243\310\030\154\113\354\374\011\220\337\235\144 +\051\045\043\007\241\264\322\075\056\140\340\317\322\011\207\273 +\315\110\360\115\302\302\172\210\212\273\272\317\131\031\326\257 +\217\260\007\260\236\061\361\202\301\300\337\056\246\155\154\031 +\016\265\330\176\046\032\105\003\075\260\171\244\224\050\255\017 +\177\046\345\250\010\376\226\350\074\150\224\123\356\203\072\210 +\053\025\226\011\262\340\172\214\056\165\326\234\353\247\126\144 +\217\226\117\150\256\075\227\302\204\217\300\274\100\300\013\134 +\275\366\207\263\065\154\254\030\120\177\204\340\114\315\222\323 +\040\351\063\274\122\231\257\062\265\051\263\045\052\264\110\371 +\162\341\312\144\367\346\202\020\215\350\235\302\212\210\372\070 +\146\212\374\143\371\001\371\170\375\173\134\167\372\166\207\372 +\354\337\261\016\171\225\127\264\275\046\357\326\001\321\353\026 +\012\273\216\013\265\305\305\212\125\253\323\254\352\221\113\051 +\314\031\244\062\045\116\052\361\145\104\320\002\316\252\316\111 +\264\352\237\174\203\260\100\173\347\103\253\247\154\243\217\175 +\211\201\372\114\245\377\325\216\303\316\113\340\265\330\263\216 +\105\317\166\300\355\100\053\375\123\017\260\247\325\073\015\261 +\212\242\003\336\061\255\314\167\352\157\173\076\326\337\221\042 +\022\346\276\372\330\062\374\020\143\024\121\162\336\135\326\026 +\223\275\051\150\063\357\072\146\354\007\212\046\337\023\327\127 +\145\170\047\336\136\111\024\000\242\000\177\232\250\041\266\251 +\261\225\260\245\271\015\026\021\332\307\154\110\074\100\340\176 +\015\132\315\126\074\321\227\005\271\313\113\355\071\113\234\304 +\077\322\125\023\156\044\260\326\161\372\364\301\272\314\355\033 +\365\376\201\101\330\000\230\075\072\310\256\172\230\067\030\005 +\225\002\003\001\000\001\243\102\060\100\060\016\006\003\125\035 +\017\001\001\377\004\004\003\002\001\006\060\017\006\003\125\035 +\023\001\001\377\004\005\060\003\001\001\377\060\035\006\003\125 +\035\016\004\026\004\024\344\257\053\046\161\032\053\110\047\205 +\057\122\146\054\357\360\211\023\161\076\060\015\006\011\052\206 +\110\206\367\015\001\001\014\005\000\003\202\002\001\000\070\226 +\012\356\075\264\226\036\137\357\235\234\013\063\237\053\340\312 +\375\322\216\012\037\101\164\245\174\252\204\324\345\362\036\346 +\067\122\062\234\013\321\141\035\277\050\301\266\104\051\065\165 +\167\230\262\174\331\275\164\254\212\150\343\251\061\011\051\001 +\140\163\343\107\174\123\250\220\112\047\357\113\327\237\223\347 +\202\066\316\232\150\014\202\347\317\324\020\026\157\137\016\231 +\134\366\037\161\175\357\357\173\057\176\352\066\326\227\160\013 +\025\356\327\134\126\152\063\245\343\111\070\014\270\175\373\215 +\205\244\261\131\136\364\152\341\335\241\366\144\104\256\346\121 +\203\041\146\306\021\076\363\316\107\356\234\050\037\045\332\377 +\254\146\225\335\065\017\134\357\040\054\142\375\221\272\251\314 +\374\132\234\223\201\203\051\227\112\174\132\162\264\071\320\267 +\167\313\171\375\151\072\222\067\355\156\070\145\106\176\351\140 +\275\171\210\227\137\070\022\364\356\257\133\202\310\206\325\341 +\231\155\214\004\362\166\272\111\366\156\351\155\036\137\240\357 +\047\202\166\100\370\246\323\130\134\017\054\102\332\102\306\173 +\210\064\307\301\330\105\233\301\076\305\141\035\331\143\120\111 +\366\064\205\152\340\030\305\156\107\253\101\102\051\233\366\140 +\015\322\061\323\143\230\043\223\132\000\201\110\264\357\315\212 +\315\311\317\231\356\331\236\252\066\341\150\113\161\111\024\066 +\050\072\075\035\316\232\217\045\346\200\161\141\053\265\173\314 +\371\045\026\201\341\061\137\241\243\176\026\244\234\026\152\227 +\030\275\166\162\245\013\236\035\066\346\057\241\057\276\160\221 +\017\250\346\332\370\304\222\100\154\045\176\173\263\011\334\262 +\027\255\200\104\360\150\245\217\224\165\377\164\132\350\250\002 +\174\014\011\342\251\113\013\240\205\013\142\271\357\241\061\222 +\373\357\366\121\004\211\154\350\251\164\241\273\027\263\265\375 +\111\017\174\074\354\203\030\040\103\116\325\223\272\264\064\261 +\037\026\066\037\014\346\144\071\026\114\334\340\376\035\310\251 +\142\075\100\352\312\305\064\002\264\256\211\210\063\065\334\054 +\023\163\330\047\361\320\162\356\165\073\042\336\230\150\146\133 +\361\306\143\107\125\034\272\245\010\121\165\246\110\045 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE + +# Trust for "GTS Root R1" +# Issuer: CN=GTS Root R1,O=Google Trust Services LLC,C=US +# Serial Number:6e:47:a9:c5:4b:47:0c:0d:ec:33:d0:89:b9:1c:f4:e1 +# Subject: CN=GTS Root R1,O=Google Trust Services LLC,C=US +# Not Valid Before: Wed Jun 22 00:00:00 2016 +# Not Valid After : Sun Jun 22 00:00:00 2036 +# Fingerprint (SHA-256): 2A:57:54:71:E3:13:40:BC:21:58:1C:BD:2C:F1:3E:15:84:63:20:3E:CE:94:BC:F9:D3:CC:19:6B:F0:9A:54:72 +# Fingerprint (SHA1): E1:C9:50:E6:EF:22:F8:4C:56:45:72:8B:92:20:60:D7:D5:A7:A3:E8 +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "GTS Root R1" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\341\311\120\346\357\042\370\114\126\105\162\213\222\040\140\327 +\325\247\243\350 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\202\032\357\324\322\112\362\237\342\075\227\006\024\160\162\205 +END +CKA_ISSUER MULTILINE_OCTAL +\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\042\060\040\006\003\125\004\012\023\031\107\157\157\147\154\145 +\040\124\162\165\163\164\040\123\145\162\166\151\143\145\163\040 +\114\114\103\061\024\060\022\006\003\125\004\003\023\013\107\124 +\123\040\122\157\157\164\040\122\061 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\156\107\251\305\113\107\014\015\354\063\320\211\271\034 +\364\341 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "GTS Root R2" +# +# Issuer: CN=GTS Root R2,O=Google Trust Services LLC,C=US +# Serial Number:6e:47:a9:c6:5a:b3:e7:20:c5:30:9a:3f:68:52:f2:6f +# Subject: CN=GTS Root R2,O=Google Trust Services LLC,C=US +# Not Valid Before: Wed Jun 22 00:00:00 2016 +# Not Valid After : Sun Jun 22 00:00:00 2036 +# Fingerprint (SHA-256): C4:5D:7B:B0:8E:6D:67:E6:2E:42:35:11:0B:56:4E:5F:78:FD:92:EF:05:8C:84:0A:EA:4E:64:55:D7:58:5C:60 +# Fingerprint (SHA1): D2:73:96:2A:2A:5E:39:9F:73:3F:E1:C7:1E:64:3F:03:38:34:FC:4D +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "GTS Root R2" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\042\060\040\006\003\125\004\012\023\031\107\157\157\147\154\145 +\040\124\162\165\163\164\040\123\145\162\166\151\143\145\163\040 +\114\114\103\061\024\060\022\006\003\125\004\003\023\013\107\124 +\123\040\122\157\157\164\040\122\062 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\042\060\040\006\003\125\004\012\023\031\107\157\157\147\154\145 +\040\124\162\165\163\164\040\123\145\162\166\151\143\145\163\040 +\114\114\103\061\024\060\022\006\003\125\004\003\023\013\107\124 +\123\040\122\157\157\164\040\122\062 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\156\107\251\306\132\263\347\040\305\060\232\077\150\122 +\362\157 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\005\132\060\202\003\102\240\003\002\001\002\002\020\156 +\107\251\306\132\263\347\040\305\060\232\077\150\122\362\157\060 +\015\006\011\052\206\110\206\367\015\001\001\014\005\000\060\107 +\061\013\060\011\006\003\125\004\006\023\002\125\123\061\042\060 +\040\006\003\125\004\012\023\031\107\157\157\147\154\145\040\124 +\162\165\163\164\040\123\145\162\166\151\143\145\163\040\114\114 +\103\061\024\060\022\006\003\125\004\003\023\013\107\124\123\040 +\122\157\157\164\040\122\062\060\036\027\015\061\066\060\066\062 +\062\060\060\060\060\060\060\132\027\015\063\066\060\066\062\062 +\060\060\060\060\060\060\132\060\107\061\013\060\011\006\003\125 +\004\006\023\002\125\123\061\042\060\040\006\003\125\004\012\023 +\031\107\157\157\147\154\145\040\124\162\165\163\164\040\123\145 +\162\166\151\143\145\163\040\114\114\103\061\024\060\022\006\003 +\125\004\003\023\013\107\124\123\040\122\157\157\164\040\122\062 +\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001\001 +\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002\001 +\000\316\336\375\246\373\354\354\024\064\074\007\006\132\154\131 +\367\031\065\335\367\301\235\125\252\323\315\073\244\223\162\357 +\012\372\155\235\366\360\205\200\133\241\110\122\237\071\305\267 +\356\050\254\357\313\166\150\024\271\337\255\001\154\231\037\304 +\042\035\237\376\162\167\340\054\133\257\344\004\277\117\162\240 +\032\064\230\350\071\150\354\225\045\173\166\241\346\151\271\205 +\031\275\211\214\376\255\355\066\352\163\274\377\203\342\313\175 +\301\322\316\112\263\215\005\236\213\111\223\337\301\133\320\156 +\136\360\056\060\056\202\374\372\274\264\027\012\110\345\210\233 +\305\233\153\336\260\312\264\003\360\332\364\220\270\145\144\367 +\134\114\255\350\176\146\136\231\327\270\302\076\310\320\023\235 +\255\356\344\105\173\211\125\367\212\037\142\122\204\022\263\302 +\100\227\343\212\037\107\221\246\164\132\322\370\261\143\050\020 +\270\263\011\270\126\167\100\242\046\230\171\306\376\337\045\356 +\076\345\240\177\324\141\017\121\113\074\077\214\332\341\160\164 +\330\302\150\241\371\301\014\351\241\342\177\273\125\074\166\006 +\356\152\116\314\222\210\060\115\232\275\117\013\110\232\204\265 +\230\243\325\373\163\301\127\141\335\050\126\165\023\256\207\216 +\347\014\121\011\020\165\210\114\274\215\371\173\074\324\042\110 +\037\052\334\353\153\273\104\261\313\063\161\062\106\257\255\112 +\361\214\350\164\072\254\347\032\042\163\200\322\060\367\045\102 +\307\042\073\073\022\255\226\056\306\303\166\007\252\040\267\065 +\111\127\351\222\111\350\166\026\162\061\147\053\226\176\212\243 +\307\224\126\042\277\152\113\176\001\041\262\043\062\337\344\232 +\104\155\131\133\135\365\000\240\034\233\306\170\227\215\220\377 +\233\310\252\264\257\021\121\071\136\331\373\147\255\325\133\021 +\235\062\232\033\275\325\272\133\245\311\313\045\151\123\125\047 +\134\340\312\066\313\210\141\373\036\267\320\313\356\026\373\323 +\246\114\336\222\245\324\342\337\365\006\124\336\056\235\113\264 +\223\060\252\201\316\335\032\334\121\163\015\117\160\351\345\266 +\026\041\031\171\262\346\211\013\165\144\312\325\253\274\011\301 +\030\241\377\324\124\241\205\074\375\024\044\003\262\207\323\244 +\267\002\003\001\000\001\243\102\060\100\060\016\006\003\125\035 +\017\001\001\377\004\004\003\002\001\006\060\017\006\003\125\035 +\023\001\001\377\004\005\060\003\001\001\377\060\035\006\003\125 +\035\016\004\026\004\024\273\377\312\216\043\237\117\231\312\333 +\342\150\246\245\025\047\027\036\331\016\060\015\006\011\052\206 +\110\206\367\015\001\001\014\005\000\003\202\002\001\000\266\151 +\360\246\167\376\236\356\013\201\255\341\300\251\307\371\065\035 +\100\202\253\346\004\264\337\313\367\035\017\203\360\176\023\115 +\215\214\356\343\063\042\303\071\374\100\337\156\101\113\102\123 +\276\026\210\361\322\070\136\304\150\231\034\230\122\223\214\347 +\150\355\033\152\163\172\005\100\115\177\145\073\326\130\361\316 +\203\107\140\343\377\227\251\234\140\167\030\125\265\176\010\223 +\317\320\366\074\147\003\025\141\011\371\201\171\365\354\123\244 +\237\311\217\001\213\163\304\167\166\334\203\242\365\014\111\032 +\250\166\336\222\233\144\370\263\054\305\047\323\007\300\010\200 +\244\230\222\343\001\226\002\252\002\356\217\073\305\321\155\012 +\063\060\163\170\271\117\124\026\277\013\007\241\244\134\346\313 +\311\134\204\217\017\340\025\167\054\176\046\176\332\304\113\333 +\247\026\167\007\260\315\165\350\162\102\326\225\204\235\206\203 +\362\344\220\315\011\107\324\213\003\160\332\132\306\003\102\364 +\355\067\242\360\033\120\124\113\016\330\204\336\031\050\231\201 +\107\256\011\033\077\110\321\303\157\342\260\140\027\365\356\043 +\002\245\332\000\133\155\220\253\356\242\351\033\073\351\307\104 +\047\105\216\153\237\365\244\204\274\167\371\153\227\254\076\121 +\105\242\021\246\314\205\356\012\150\362\076\120\070\172\044\142 +\036\027\040\067\155\152\115\267\011\233\311\374\244\130\365\266 +\373\234\116\030\273\225\002\347\241\255\233\007\356\066\153\044 +\322\071\206\301\223\203\120\322\201\106\250\137\142\127\054\273 +\154\144\210\010\156\357\023\124\137\335\055\304\147\143\323\317 +\211\067\277\235\040\364\373\172\203\233\240\036\201\000\120\302 +\344\014\042\131\122\020\355\103\126\207\000\370\024\122\247\035 +\213\223\214\242\115\106\177\047\306\161\233\044\336\344\332\206 +\213\015\176\153\040\301\300\236\341\145\330\152\243\246\350\205 +\213\072\007\010\034\272\365\217\125\232\030\165\176\345\354\201 +\146\321\041\163\241\065\104\013\200\075\133\234\136\157\052\027 +\226\321\203\043\210\146\155\346\206\342\160\062\057\122\042\347 +\310\347\177\304\054\140\135\057\303\257\236\105\005\303\204\002 +\267\375\054\010\122\117\202\335\243\360\324\206\011\002 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE + +# Trust for "GTS Root R2" +# Issuer: CN=GTS Root R2,O=Google Trust Services LLC,C=US +# Serial Number:6e:47:a9:c6:5a:b3:e7:20:c5:30:9a:3f:68:52:f2:6f +# Subject: CN=GTS Root R2,O=Google Trust Services LLC,C=US +# Not Valid Before: Wed Jun 22 00:00:00 2016 +# Not Valid After : Sun Jun 22 00:00:00 2036 +# Fingerprint (SHA-256): C4:5D:7B:B0:8E:6D:67:E6:2E:42:35:11:0B:56:4E:5F:78:FD:92:EF:05:8C:84:0A:EA:4E:64:55:D7:58:5C:60 +# Fingerprint (SHA1): D2:73:96:2A:2A:5E:39:9F:73:3F:E1:C7:1E:64:3F:03:38:34:FC:4D +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "GTS Root R2" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\322\163\226\052\052\136\071\237\163\077\341\307\036\144\077\003 +\070\064\374\115 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\104\355\232\016\244\011\073\000\362\256\114\243\306\141\260\213 +END +CKA_ISSUER MULTILINE_OCTAL +\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\042\060\040\006\003\125\004\012\023\031\107\157\157\147\154\145 +\040\124\162\165\163\164\040\123\145\162\166\151\143\145\163\040 +\114\114\103\061\024\060\022\006\003\125\004\003\023\013\107\124 +\123\040\122\157\157\164\040\122\062 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\156\107\251\306\132\263\347\040\305\060\232\077\150\122 +\362\157 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "GTS Root R3" +# +# Issuer: CN=GTS Root R3,O=Google Trust Services LLC,C=US +# Serial Number:6e:47:a9:c7:6c:a9:73:24:40:89:0f:03:55:dd:8d:1d +# Subject: CN=GTS Root R3,O=Google Trust Services LLC,C=US +# Not Valid Before: Wed Jun 22 00:00:00 2016 +# Not Valid After : Sun Jun 22 00:00:00 2036 +# Fingerprint (SHA-256): 15:D5:B8:77:46:19:EA:7D:54:CE:1C:A6:D0:B0:C4:03:E0:37:A9:17:F1:31:E8:A0:4E:1E:6B:7A:71:BA:BC:E5 +# Fingerprint (SHA1): 30:D4:24:6F:07:FF:DB:91:89:8A:0B:E9:49:66:11:EB:8C:5E:46:E5 +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "GTS Root R3" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\042\060\040\006\003\125\004\012\023\031\107\157\157\147\154\145 +\040\124\162\165\163\164\040\123\145\162\166\151\143\145\163\040 +\114\114\103\061\024\060\022\006\003\125\004\003\023\013\107\124 +\123\040\122\157\157\164\040\122\063 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\042\060\040\006\003\125\004\012\023\031\107\157\157\147\154\145 +\040\124\162\165\163\164\040\123\145\162\166\151\143\145\163\040 +\114\114\103\061\024\060\022\006\003\125\004\003\023\013\107\124 +\123\040\122\157\157\164\040\122\063 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\156\107\251\307\154\251\163\044\100\211\017\003\125\335 +\215\035 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\002\014\060\202\001\221\240\003\002\001\002\002\020\156 +\107\251\307\154\251\163\044\100\211\017\003\125\335\215\035\060 +\012\006\010\052\206\110\316\075\004\003\003\060\107\061\013\060 +\011\006\003\125\004\006\023\002\125\123\061\042\060\040\006\003 +\125\004\012\023\031\107\157\157\147\154\145\040\124\162\165\163 +\164\040\123\145\162\166\151\143\145\163\040\114\114\103\061\024 +\060\022\006\003\125\004\003\023\013\107\124\123\040\122\157\157 +\164\040\122\063\060\036\027\015\061\066\060\066\062\062\060\060 +\060\060\060\060\132\027\015\063\066\060\066\062\062\060\060\060 +\060\060\060\132\060\107\061\013\060\011\006\003\125\004\006\023 +\002\125\123\061\042\060\040\006\003\125\004\012\023\031\107\157 +\157\147\154\145\040\124\162\165\163\164\040\123\145\162\166\151 +\143\145\163\040\114\114\103\061\024\060\022\006\003\125\004\003 +\023\013\107\124\123\040\122\157\157\164\040\122\063\060\166\060 +\020\006\007\052\206\110\316\075\002\001\006\005\053\201\004\000 +\042\003\142\000\004\037\117\063\207\063\051\212\241\204\336\313 +\307\041\130\101\211\352\126\235\053\113\205\306\035\114\047\274 +\177\046\121\162\157\342\237\326\243\312\314\105\024\106\213\255 +\357\176\206\214\354\261\176\057\377\251\161\235\030\204\105\004 +\101\125\156\053\352\046\177\273\220\001\343\113\031\272\344\124 +\226\105\011\261\325\154\221\104\255\204\023\216\232\214\015\200 +\014\062\366\340\047\243\102\060\100\060\016\006\003\125\035\017 +\001\001\377\004\004\003\002\001\006\060\017\006\003\125\035\023 +\001\001\377\004\005\060\003\001\001\377\060\035\006\003\125\035 +\016\004\026\004\024\301\361\046\272\240\055\256\205\201\317\323 +\361\052\022\275\270\012\147\375\274\060\012\006\010\052\206\110 +\316\075\004\003\003\003\151\000\060\146\002\061\000\200\133\244 +\174\043\300\225\245\054\334\276\211\157\043\271\243\335\145\000 +\122\136\221\254\310\235\162\164\202\123\013\175\251\100\275\150 +\140\305\341\270\124\073\301\066\027\045\330\301\275\002\061\000 +\236\065\222\164\205\045\121\365\044\354\144\122\044\120\245\037 +\333\350\313\311\166\354\354\202\156\365\205\030\123\350\270\343 +\232\051\252\226\323\203\043\311\244\173\141\263\314\002\350\135 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE + +# Trust for "GTS Root R3" +# Issuer: CN=GTS Root R3,O=Google Trust Services LLC,C=US +# Serial Number:6e:47:a9:c7:6c:a9:73:24:40:89:0f:03:55:dd:8d:1d +# Subject: CN=GTS Root R3,O=Google Trust Services LLC,C=US +# Not Valid Before: Wed Jun 22 00:00:00 2016 +# Not Valid After : Sun Jun 22 00:00:00 2036 +# Fingerprint (SHA-256): 15:D5:B8:77:46:19:EA:7D:54:CE:1C:A6:D0:B0:C4:03:E0:37:A9:17:F1:31:E8:A0:4E:1E:6B:7A:71:BA:BC:E5 +# Fingerprint (SHA1): 30:D4:24:6F:07:FF:DB:91:89:8A:0B:E9:49:66:11:EB:8C:5E:46:E5 +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "GTS Root R3" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\060\324\044\157\007\377\333\221\211\212\013\351\111\146\021\353 +\214\136\106\345 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\032\171\133\153\004\122\234\135\307\164\063\033\045\232\371\045 +END +CKA_ISSUER MULTILINE_OCTAL +\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\042\060\040\006\003\125\004\012\023\031\107\157\157\147\154\145 +\040\124\162\165\163\164\040\123\145\162\166\151\143\145\163\040 +\114\114\103\061\024\060\022\006\003\125\004\003\023\013\107\124 +\123\040\122\157\157\164\040\122\063 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\156\107\251\307\154\251\163\044\100\211\017\003\125\335 +\215\035 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "GTS Root R4" +# +# Issuer: CN=GTS Root R4,O=Google Trust Services LLC,C=US +# Serial Number:6e:47:a9:c8:8b:94:b6:e8:bb:3b:2a:d8:a2:b2:c1:99 +# Subject: CN=GTS Root R4,O=Google Trust Services LLC,C=US +# Not Valid Before: Wed Jun 22 00:00:00 2016 +# Not Valid After : Sun Jun 22 00:00:00 2036 +# Fingerprint (SHA-256): 71:CC:A5:39:1F:9E:79:4B:04:80:25:30:B3:63:E1:21:DA:8A:30:43:BB:26:66:2F:EA:4D:CA:7F:C9:51:A4:BD +# Fingerprint (SHA1): 2A:1D:60:27:D9:4A:B1:0A:1C:4D:91:5C:CD:33:A0:CB:3E:2D:54:CB +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "GTS Root R4" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\042\060\040\006\003\125\004\012\023\031\107\157\157\147\154\145 +\040\124\162\165\163\164\040\123\145\162\166\151\143\145\163\040 +\114\114\103\061\024\060\022\006\003\125\004\003\023\013\107\124 +\123\040\122\157\157\164\040\122\064 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\042\060\040\006\003\125\004\012\023\031\107\157\157\147\154\145 +\040\124\162\165\163\164\040\123\145\162\166\151\143\145\163\040 +\114\114\103\061\024\060\022\006\003\125\004\003\023\013\107\124 +\123\040\122\157\157\164\040\122\064 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\156\107\251\310\213\224\266\350\273\073\052\330\242\262 +\301\231 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\002\012\060\202\001\221\240\003\002\001\002\002\020\156 +\107\251\310\213\224\266\350\273\073\052\330\242\262\301\231\060 +\012\006\010\052\206\110\316\075\004\003\003\060\107\061\013\060 +\011\006\003\125\004\006\023\002\125\123\061\042\060\040\006\003 +\125\004\012\023\031\107\157\157\147\154\145\040\124\162\165\163 +\164\040\123\145\162\166\151\143\145\163\040\114\114\103\061\024 +\060\022\006\003\125\004\003\023\013\107\124\123\040\122\157\157 +\164\040\122\064\060\036\027\015\061\066\060\066\062\062\060\060 +\060\060\060\060\132\027\015\063\066\060\066\062\062\060\060\060 +\060\060\060\132\060\107\061\013\060\011\006\003\125\004\006\023 +\002\125\123\061\042\060\040\006\003\125\004\012\023\031\107\157 +\157\147\154\145\040\124\162\165\163\164\040\123\145\162\166\151 +\143\145\163\040\114\114\103\061\024\060\022\006\003\125\004\003 +\023\013\107\124\123\040\122\157\157\164\040\122\064\060\166\060 +\020\006\007\052\206\110\316\075\002\001\006\005\053\201\004\000 +\042\003\142\000\004\363\164\163\247\150\213\140\256\103\270\065 +\305\201\060\173\113\111\235\373\301\141\316\346\336\106\275\153 +\325\141\030\065\256\100\335\163\367\211\221\060\132\353\074\356 +\205\174\242\100\166\073\251\306\270\107\330\052\347\222\221\152 +\163\351\261\162\071\237\051\237\242\230\323\137\136\130\206\145 +\017\241\204\145\006\321\334\213\311\307\163\310\214\152\057\345 +\304\253\321\035\212\243\102\060\100\060\016\006\003\125\035\017 +\001\001\377\004\004\003\002\001\006\060\017\006\003\125\035\023 +\001\001\377\004\005\060\003\001\001\377\060\035\006\003\125\035 +\016\004\026\004\024\200\114\326\353\164\377\111\066\243\325\330 +\374\265\076\305\152\360\224\035\214\060\012\006\010\052\206\110 +\316\075\004\003\003\003\147\000\060\144\002\060\152\120\122\164 +\010\304\160\334\236\120\164\041\350\215\172\041\303\117\226\156 +\025\321\042\065\141\055\372\010\067\356\031\155\255\333\262\314 +\175\007\064\365\140\031\054\265\064\331\157\040\002\060\003\161 +\261\272\243\140\013\206\355\232\010\152\225\150\237\342\263\341 +\223\144\174\136\223\246\337\171\055\215\205\343\224\317\043\135 +\161\314\362\260\115\326\376\231\310\224\251\165\242\343 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE + +# Trust for "GTS Root R4" +# Issuer: CN=GTS Root R4,O=Google Trust Services LLC,C=US +# Serial Number:6e:47:a9:c8:8b:94:b6:e8:bb:3b:2a:d8:a2:b2:c1:99 +# Subject: CN=GTS Root R4,O=Google Trust Services LLC,C=US +# Not Valid Before: Wed Jun 22 00:00:00 2016 +# Not Valid After : Sun Jun 22 00:00:00 2036 +# Fingerprint (SHA-256): 71:CC:A5:39:1F:9E:79:4B:04:80:25:30:B3:63:E1:21:DA:8A:30:43:BB:26:66:2F:EA:4D:CA:7F:C9:51:A4:BD +# Fingerprint (SHA1): 2A:1D:60:27:D9:4A:B1:0A:1C:4D:91:5C:CD:33:A0:CB:3E:2D:54:CB +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "GTS Root R4" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\052\035\140\047\331\112\261\012\034\115\221\134\315\063\240\313 +\076\055\124\313 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\135\266\152\304\140\027\044\152\032\231\250\113\356\136\264\046 +END +CKA_ISSUER MULTILINE_OCTAL +\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\042\060\040\006\003\125\004\012\023\031\107\157\157\147\154\145 +\040\124\162\165\163\164\040\123\145\162\166\151\143\145\163\040 +\114\114\103\061\024\060\022\006\003\125\004\003\023\013\107\124 +\123\040\122\157\157\164\040\122\064 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\156\107\251\310\213\224\266\350\273\073\052\330\242\262 +\301\231 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "UCA Global G2 Root" +# +# Issuer: CN=UCA Global G2 Root,O=UniTrust,C=CN +# Serial Number:5d:df:b1:da:5a:a3:ed:5d:be:5a:65:20:65:03:90:ef +# Subject: CN=UCA Global G2 Root,O=UniTrust,C=CN +# Not Valid Before: Fri Mar 11 00:00:00 2016 +# Not Valid After : Mon Dec 31 00:00:00 2040 +# Fingerprint (SHA-256): 9B:EA:11:C9:76:FE:01:47:64:C1:BE:56:A6:F9:14:B5:A5:60:31:7A:BD:99:88:39:33:82:E5:16:1A:A0:49:3C +# Fingerprint (SHA1): 28:F9:78:16:19:7A:FF:18:25:18:AA:44:FE:C1:A0:CE:5C:B6:4C:8A +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "UCA Global G2 Root" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\075\061\013\060\011\006\003\125\004\006\023\002\103\116\061 +\021\060\017\006\003\125\004\012\014\010\125\156\151\124\162\165 +\163\164\061\033\060\031\006\003\125\004\003\014\022\125\103\101 +\040\107\154\157\142\141\154\040\107\062\040\122\157\157\164 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\075\061\013\060\011\006\003\125\004\006\023\002\103\116\061 +\021\060\017\006\003\125\004\012\014\010\125\156\151\124\162\165 +\163\164\061\033\060\031\006\003\125\004\003\014\022\125\103\101 +\040\107\154\157\142\141\154\040\107\062\040\122\157\157\164 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\135\337\261\332\132\243\355\135\276\132\145\040\145\003 +\220\357 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\005\106\060\202\003\056\240\003\002\001\002\002\020\135 +\337\261\332\132\243\355\135\276\132\145\040\145\003\220\357\060 +\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\075 +\061\013\060\011\006\003\125\004\006\023\002\103\116\061\021\060 +\017\006\003\125\004\012\014\010\125\156\151\124\162\165\163\164 +\061\033\060\031\006\003\125\004\003\014\022\125\103\101\040\107 +\154\157\142\141\154\040\107\062\040\122\157\157\164\060\036\027 +\015\061\066\060\063\061\061\060\060\060\060\060\060\132\027\015 +\064\060\061\062\063\061\060\060\060\060\060\060\132\060\075\061 +\013\060\011\006\003\125\004\006\023\002\103\116\061\021\060\017 +\006\003\125\004\012\014\010\125\156\151\124\162\165\163\164\061 +\033\060\031\006\003\125\004\003\014\022\125\103\101\040\107\154 +\157\142\141\154\040\107\062\040\122\157\157\164\060\202\002\042 +\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003 +\202\002\017\000\060\202\002\012\002\202\002\001\000\305\346\053 +\157\174\357\046\005\047\243\201\044\332\157\313\001\371\231\232 +\251\062\302\042\207\141\101\221\073\313\303\150\033\006\305\114 +\251\053\301\147\027\042\035\053\355\371\051\211\223\242\170\275 +\222\153\240\243\015\242\176\312\223\263\246\321\214\065\325\165 +\371\027\366\317\105\305\345\172\354\167\223\240\217\043\256\016 +\032\003\177\276\324\320\355\056\173\253\106\043\133\377\054\346 +\124\172\224\300\052\025\360\311\215\260\172\073\044\341\327\150 +\342\061\074\006\063\106\266\124\021\246\245\057\042\124\052\130 +\015\001\002\361\372\025\121\147\154\300\372\327\266\033\177\321 +\126\210\057\032\072\215\073\273\202\021\340\107\000\320\122\207 +\253\373\206\176\017\044\153\100\235\064\147\274\215\307\055\206 +\157\171\076\216\251\074\027\113\177\260\231\343\260\161\140\334 +\013\365\144\303\316\103\274\155\161\271\322\336\047\133\212\350 +\330\306\256\341\131\175\317\050\055\065\270\225\126\032\361\262 +\130\113\267\022\067\310\174\263\355\113\200\341\215\372\062\043 +\266\157\267\110\225\010\261\104\116\205\214\072\002\124\040\057 +\337\277\127\117\073\072\220\041\327\301\046\065\124\040\354\307 +\077\107\354\357\132\277\113\172\301\255\073\027\120\134\142\330 +\017\113\112\334\053\372\156\274\163\222\315\354\307\120\350\101 +\226\327\251\176\155\330\351\035\217\212\265\271\130\222\272\112 +\222\053\014\126\375\200\353\010\360\136\051\156\033\034\014\257 +\217\223\211\255\333\275\243\236\041\312\211\031\354\337\265\303 +\032\353\026\376\170\066\114\326\156\320\076\027\034\220\027\153 +\046\272\373\172\057\277\021\034\030\016\055\163\003\217\240\345 +\065\240\132\342\114\165\035\161\341\071\070\123\170\100\314\203 +\223\327\012\236\235\133\217\212\344\345\340\110\344\110\262\107 +\315\116\052\165\052\173\362\042\366\311\276\011\221\226\127\172 +\210\210\254\356\160\254\371\334\051\343\014\034\073\022\116\104 +\326\247\116\260\046\310\363\331\032\227\221\150\352\357\215\106 +\006\322\126\105\130\232\074\014\017\203\270\005\045\303\071\317 +\073\244\064\211\267\171\022\057\107\305\347\251\227\151\374\246 +\167\147\265\337\173\361\172\145\025\344\141\126\145\002\003\001 +\000\001\243\102\060\100\060\016\006\003\125\035\017\001\001\377 +\004\004\003\002\001\006\060\017\006\003\125\035\023\001\001\377 +\004\005\060\003\001\001\377\060\035\006\003\125\035\016\004\026 +\004\024\201\304\214\314\365\344\060\377\245\014\010\137\214\025 +\147\041\164\001\337\337\060\015\006\011\052\206\110\206\367\015 +\001\001\013\005\000\003\202\002\001\000\023\145\042\365\216\053 +\255\104\344\313\377\271\150\346\303\200\110\075\004\173\372\043 +\057\172\355\066\332\262\316\155\366\346\236\345\137\130\217\313 +\067\062\241\310\145\266\256\070\075\065\033\076\274\073\266\004 +\320\274\371\111\365\233\367\205\305\066\266\313\274\370\310\071 +\325\344\137\007\275\025\124\227\164\312\312\355\117\272\272\144 +\166\237\201\270\204\105\111\114\215\157\242\353\261\314\321\303 +\224\332\104\302\346\342\352\030\350\242\037\047\005\272\327\345 +\326\251\315\335\357\166\230\215\000\016\315\033\372\003\267\216 +\200\130\016\047\077\122\373\224\242\312\136\145\311\326\204\332 +\271\065\161\363\046\300\117\167\346\201\047\322\167\073\232\024 +\157\171\364\366\320\341\323\224\272\320\127\121\275\047\005\015 +\301\375\310\022\060\356\157\215\021\053\010\235\324\324\277\200 +\105\024\232\210\104\332\060\352\264\247\343\356\357\133\202\325 +\076\326\255\170\222\333\134\074\363\330\255\372\270\153\177\304 +\066\050\266\002\025\212\124\054\234\260\027\163\216\320\067\243 +\024\074\230\225\000\014\051\005\133\236\111\111\261\137\307\343 +\313\317\047\145\216\065\027\267\127\310\060\331\101\133\271\024 +\266\350\302\017\224\061\247\224\230\314\152\353\265\341\047\365 +\020\250\001\350\216\022\142\350\210\314\265\177\106\227\300\233 +\020\146\070\032\066\106\137\042\150\075\337\311\306\023\047\253 +\123\006\254\242\074\206\006\145\157\261\176\261\051\104\232\243 +\272\111\151\050\151\217\327\345\137\255\004\206\144\157\032\240 +\014\305\010\142\316\200\243\320\363\354\150\336\276\063\307\027 +\133\177\200\304\114\114\261\246\204\212\303\073\270\011\315\024 +\201\272\030\343\124\127\066\376\333\057\174\107\241\072\063\310 +\371\130\073\104\117\261\312\002\211\004\226\050\150\305\113\270 +\046\211\273\326\063\057\120\325\376\232\211\272\030\062\222\124 +\306\133\340\235\371\136\345\015\042\233\366\332\342\310\041\262 +\142\041\252\206\100\262\056\144\323\137\310\343\176\021\147\105 +\037\005\376\343\242\357\263\250\263\363\175\217\370\014\037\042 +\037\055\160\264\270\001\064\166\060\000\345\043\170\247\126\327 +\120\037\212\373\006\365\302\031\360\320 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE + +# Trust for "UCA Global G2 Root" +# Issuer: CN=UCA Global G2 Root,O=UniTrust,C=CN +# Serial Number:5d:df:b1:da:5a:a3:ed:5d:be:5a:65:20:65:03:90:ef +# Subject: CN=UCA Global G2 Root,O=UniTrust,C=CN +# Not Valid Before: Fri Mar 11 00:00:00 2016 +# Not Valid After : Mon Dec 31 00:00:00 2040 +# Fingerprint (SHA-256): 9B:EA:11:C9:76:FE:01:47:64:C1:BE:56:A6:F9:14:B5:A5:60:31:7A:BD:99:88:39:33:82:E5:16:1A:A0:49:3C +# Fingerprint (SHA1): 28:F9:78:16:19:7A:FF:18:25:18:AA:44:FE:C1:A0:CE:5C:B6:4C:8A +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "UCA Global G2 Root" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\050\371\170\026\031\172\377\030\045\030\252\104\376\301\240\316 +\134\266\114\212 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\200\376\360\304\112\360\134\142\062\237\034\272\170\251\120\370 +END +CKA_ISSUER MULTILINE_OCTAL +\060\075\061\013\060\011\006\003\125\004\006\023\002\103\116\061 +\021\060\017\006\003\125\004\012\014\010\125\156\151\124\162\165 +\163\164\061\033\060\031\006\003\125\004\003\014\022\125\103\101 +\040\107\154\157\142\141\154\040\107\062\040\122\157\157\164 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\135\337\261\332\132\243\355\135\276\132\145\040\145\003 +\220\357 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "UCA Extended Validation Root" +# +# Issuer: CN=UCA Extended Validation Root,O=UniTrust,C=CN +# Serial Number:4f:d2:2b:8f:f5:64:c8:33:9e:4f:34:58:66:23:70:60 +# Subject: CN=UCA Extended Validation Root,O=UniTrust,C=CN +# Not Valid Before: Fri Mar 13 00:00:00 2015 +# Not Valid After : Fri Dec 31 00:00:00 2038 +# Fingerprint (SHA-256): D4:3A:F9:B3:54:73:75:5C:96:84:FC:06:D7:D8:CB:70:EE:5C:28:E7:73:FB:29:4E:B4:1E:E7:17:22:92:4D:24 +# Fingerprint (SHA1): A3:A1:B0:6F:24:61:23:4A:E3:36:A5:C2:37:FC:A6:FF:DD:F0:D7:3A +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "UCA Extended Validation Root" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\107\061\013\060\011\006\003\125\004\006\023\002\103\116\061 +\021\060\017\006\003\125\004\012\014\010\125\156\151\124\162\165 +\163\164\061\045\060\043\006\003\125\004\003\014\034\125\103\101 +\040\105\170\164\145\156\144\145\144\040\126\141\154\151\144\141 +\164\151\157\156\040\122\157\157\164 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\107\061\013\060\011\006\003\125\004\006\023\002\103\116\061 +\021\060\017\006\003\125\004\012\014\010\125\156\151\124\162\165 +\163\164\061\045\060\043\006\003\125\004\003\014\034\125\103\101 +\040\105\170\164\145\156\144\145\144\040\126\141\154\151\144\141 +\164\151\157\156\040\122\157\157\164 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\117\322\053\217\365\144\310\063\236\117\064\130\146\043 +\160\140 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\005\132\060\202\003\102\240\003\002\001\002\002\020\117 +\322\053\217\365\144\310\063\236\117\064\130\146\043\160\140\060 +\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\107 +\061\013\060\011\006\003\125\004\006\023\002\103\116\061\021\060 +\017\006\003\125\004\012\014\010\125\156\151\124\162\165\163\164 +\061\045\060\043\006\003\125\004\003\014\034\125\103\101\040\105 +\170\164\145\156\144\145\144\040\126\141\154\151\144\141\164\151 +\157\156\040\122\157\157\164\060\036\027\015\061\065\060\063\061 +\063\060\060\060\060\060\060\132\027\015\063\070\061\062\063\061 +\060\060\060\060\060\060\132\060\107\061\013\060\011\006\003\125 +\004\006\023\002\103\116\061\021\060\017\006\003\125\004\012\014 +\010\125\156\151\124\162\165\163\164\061\045\060\043\006\003\125 +\004\003\014\034\125\103\101\040\105\170\164\145\156\144\145\144 +\040\126\141\154\151\144\141\164\151\157\156\040\122\157\157\164 +\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001\001 +\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002\001 +\000\251\011\007\050\023\002\260\231\340\144\252\036\103\026\172 +\163\261\221\240\165\076\250\372\343\070\000\172\354\211\152\040 +\017\213\305\260\233\063\003\132\206\306\130\206\325\301\205\273 +\117\306\234\100\115\312\276\356\151\226\270\255\201\060\232\174 +\222\005\353\005\053\232\110\320\270\166\076\226\310\040\273\322 +\260\361\217\330\254\105\106\377\252\147\140\264\167\176\152\037 +\074\032\122\172\004\075\007\074\205\015\204\320\037\166\012\367 +\152\024\337\162\343\064\174\127\116\126\001\076\171\361\252\051 +\073\154\372\370\217\155\115\310\065\337\256\353\334\044\356\171 +\105\247\205\266\005\210\336\210\135\045\174\227\144\147\011\331 +\277\132\025\005\206\363\011\036\354\130\062\063\021\363\167\144 +\260\166\037\344\020\065\027\033\362\016\261\154\244\052\243\163 +\374\011\037\036\062\031\123\021\347\331\263\054\056\166\056\241 +\243\336\176\152\210\011\350\362\007\212\370\262\315\020\347\342 +\163\100\223\273\010\321\077\341\374\013\224\263\045\357\174\246 +\327\321\257\237\377\226\232\365\221\173\230\013\167\324\176\350 +\007\322\142\265\225\071\343\363\361\155\017\016\145\204\212\143 +\124\305\200\266\340\236\113\175\107\046\247\001\010\135\321\210 +\236\327\303\062\104\372\202\112\012\150\124\177\070\123\003\314 +\244\000\063\144\121\131\013\243\202\221\172\136\354\026\302\363 +\052\346\142\332\052\333\131\142\020\045\112\052\201\013\107\007 +\103\006\160\207\322\372\223\021\051\172\110\115\353\224\307\160 +\115\257\147\325\121\261\200\040\001\001\264\172\010\246\220\177 +\116\340\357\007\101\207\257\152\245\136\213\373\317\120\262\232 +\124\257\303\211\272\130\055\365\060\230\261\066\162\071\176\111 +\004\375\051\247\114\171\344\005\127\333\224\271\026\123\215\106 +\263\035\225\141\127\126\177\257\360\026\133\141\130\157\066\120 +\021\013\330\254\053\225\026\032\016\037\010\315\066\064\145\020 +\142\146\325\200\137\024\040\137\055\014\240\170\012\150\326\054 +\327\351\157\053\322\112\005\223\374\236\157\153\147\377\210\361 +\116\245\151\112\122\067\005\352\306\026\215\322\304\231\321\202 +\053\073\272\065\165\367\121\121\130\363\310\007\335\344\264\003 +\177\002\003\001\000\001\243\102\060\100\060\035\006\003\125\035 +\016\004\026\004\024\331\164\072\344\060\075\015\367\022\334\176 +\132\005\237\036\064\232\367\341\024\060\017\006\003\125\035\023 +\001\001\377\004\005\060\003\001\001\377\060\016\006\003\125\035 +\017\001\001\377\004\004\003\002\001\206\060\015\006\011\052\206 +\110\206\367\015\001\001\013\005\000\003\202\002\001\000\066\215 +\227\314\102\025\144\051\067\233\046\054\326\373\256\025\151\054 +\153\032\032\367\137\266\371\007\114\131\352\363\311\310\271\256 +\314\272\056\172\334\300\365\260\055\300\073\257\237\160\005\021 +\152\237\045\117\001\051\160\343\345\014\341\352\132\174\334\111 +\273\301\036\052\201\365\026\113\162\221\310\242\061\271\252\332 +\374\235\037\363\135\100\002\023\374\116\034\006\312\263\024\220 +\124\027\031\022\032\361\037\327\014\151\132\366\161\170\364\224 +\175\221\013\216\354\220\124\216\274\157\241\114\253\374\164\144 +\375\161\232\370\101\007\241\315\221\344\074\232\340\233\062\071 +\163\253\052\325\151\310\170\221\046\061\175\342\307\060\361\374 +\024\170\167\022\016\023\364\335\026\224\277\113\147\173\160\123 +\205\312\260\273\363\070\115\054\220\071\300\015\302\135\153\351 +\342\345\325\210\215\326\054\277\253\033\276\265\050\207\022\027 +\164\156\374\175\374\217\320\207\046\260\033\373\271\154\253\342 +\236\075\025\301\073\056\147\002\130\221\237\357\370\102\037\054 +\267\150\365\165\255\317\265\366\377\021\175\302\360\044\245\255 +\323\372\240\074\251\372\135\334\245\240\357\104\244\276\326\350 +\345\344\023\226\027\173\006\076\062\355\307\267\102\274\166\243 +\330\145\070\053\070\065\121\041\016\016\157\056\064\023\100\341 +\053\147\014\155\112\101\060\030\043\132\062\125\231\311\027\340 +\074\336\366\354\171\255\053\130\031\242\255\054\042\032\225\216 +\276\226\220\135\102\127\304\371\024\003\065\053\034\055\121\127 +\010\247\072\336\077\344\310\264\003\163\302\301\046\200\273\013 +\102\037\255\015\257\046\162\332\314\276\263\243\203\130\015\202 +\305\037\106\121\343\234\030\314\215\233\215\354\111\353\165\120 +\325\214\050\131\312\164\064\332\214\013\041\253\036\352\033\345 +\307\375\025\076\300\027\252\373\043\156\046\106\313\372\371\261 +\162\153\151\317\042\204\013\142\017\254\331\031\000\224\242\166 +\074\324\055\232\355\004\236\055\006\142\020\067\122\034\205\162 +\033\047\345\314\306\061\354\067\354\143\131\233\013\035\166\314 +\176\062\232\210\225\010\066\122\273\336\166\137\166\111\111\255 +\177\275\145\040\262\311\301\053\166\030\166\237\126\261 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE + +# Trust for "UCA Extended Validation Root" +# Issuer: CN=UCA Extended Validation Root,O=UniTrust,C=CN +# Serial Number:4f:d2:2b:8f:f5:64:c8:33:9e:4f:34:58:66:23:70:60 +# Subject: CN=UCA Extended Validation Root,O=UniTrust,C=CN +# Not Valid Before: Fri Mar 13 00:00:00 2015 +# Not Valid After : Fri Dec 31 00:00:00 2038 +# Fingerprint (SHA-256): D4:3A:F9:B3:54:73:75:5C:96:84:FC:06:D7:D8:CB:70:EE:5C:28:E7:73:FB:29:4E:B4:1E:E7:17:22:92:4D:24 +# Fingerprint (SHA1): A3:A1:B0:6F:24:61:23:4A:E3:36:A5:C2:37:FC:A6:FF:DD:F0:D7:3A +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "UCA Extended Validation Root" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\243\241\260\157\044\141\043\112\343\066\245\302\067\374\246\377 +\335\360\327\072 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\241\363\137\103\306\064\233\332\277\214\176\005\123\255\226\342 +END +CKA_ISSUER MULTILINE_OCTAL +\060\107\061\013\060\011\006\003\125\004\006\023\002\103\116\061 +\021\060\017\006\003\125\004\012\014\010\125\156\151\124\162\165 +\163\164\061\045\060\043\006\003\125\004\003\014\034\125\103\101 +\040\105\170\164\145\156\144\145\144\040\126\141\154\151\144\141 +\164\151\157\156\040\122\157\157\164 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\117\322\053\217\365\144\310\063\236\117\064\130\146\043 +\160\140 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "Certigna Root CA" +# +# Issuer: CN=Certigna Root CA,OU=0002 48146308100036,O=Dhimyotis,C=FR +# Serial Number:00:ca:e9:1b:89:f1:55:03:0d:a3:e6:41:6d:c4:e3:a6:e1 +# Subject: CN=Certigna Root CA,OU=0002 48146308100036,O=Dhimyotis,C=FR +# Not Valid Before: Tue Oct 01 08:32:27 2013 +# Not Valid After : Sat Oct 01 08:32:27 2033 +# Fingerprint (SHA-256): D4:8D:3D:23:EE:DB:50:A4:59:E5:51:97:60:1C:27:77:4B:9D:7B:18:C9:4D:5A:05:95:11:A1:02:50:B9:31:68 +# Fingerprint (SHA1): 2D:0D:52:14:FF:9E:AD:99:24:01:74:20:47:6E:6C:85:27:27:F5:43 +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Certigna Root CA" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\132\061\013\060\011\006\003\125\004\006\023\002\106\122\061 +\022\060\020\006\003\125\004\012\014\011\104\150\151\155\171\157 +\164\151\163\061\034\060\032\006\003\125\004\013\014\023\060\060 +\060\062\040\064\070\061\064\066\063\060\070\061\060\060\060\063 +\066\061\031\060\027\006\003\125\004\003\014\020\103\145\162\164 +\151\147\156\141\040\122\157\157\164\040\103\101 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\132\061\013\060\011\006\003\125\004\006\023\002\106\122\061 +\022\060\020\006\003\125\004\012\014\011\104\150\151\155\171\157 +\164\151\163\061\034\060\032\006\003\125\004\013\014\023\060\060 +\060\062\040\064\070\061\064\066\063\060\070\061\060\060\060\063 +\066\061\031\060\027\006\003\125\004\003\014\020\103\145\162\164 +\151\147\156\141\040\122\157\157\164\040\103\101 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\021\000\312\351\033\211\361\125\003\015\243\346\101\155\304 +\343\246\341 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\006\133\060\202\004\103\240\003\002\001\002\002\021\000 +\312\351\033\211\361\125\003\015\243\346\101\155\304\343\246\341 +\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060 +\132\061\013\060\011\006\003\125\004\006\023\002\106\122\061\022 +\060\020\006\003\125\004\012\014\011\104\150\151\155\171\157\164 +\151\163\061\034\060\032\006\003\125\004\013\014\023\060\060\060 +\062\040\064\070\061\064\066\063\060\070\061\060\060\060\063\066 +\061\031\060\027\006\003\125\004\003\014\020\103\145\162\164\151 +\147\156\141\040\122\157\157\164\040\103\101\060\036\027\015\061 +\063\061\060\060\061\060\070\063\062\062\067\132\027\015\063\063 +\061\060\060\061\060\070\063\062\062\067\132\060\132\061\013\060 +\011\006\003\125\004\006\023\002\106\122\061\022\060\020\006\003 +\125\004\012\014\011\104\150\151\155\171\157\164\151\163\061\034 +\060\032\006\003\125\004\013\014\023\060\060\060\062\040\064\070 +\061\064\066\063\060\070\061\060\060\060\063\066\061\031\060\027 +\006\003\125\004\003\014\020\103\145\162\164\151\147\156\141\040 +\122\157\157\164\040\103\101\060\202\002\042\060\015\006\011\052 +\206\110\206\367\015\001\001\001\005\000\003\202\002\017\000\060 +\202\002\012\002\202\002\001\000\315\030\071\145\032\131\261\352 +\144\026\016\214\224\044\225\174\203\323\305\071\046\334\014\357 +\026\127\215\327\330\254\243\102\177\202\312\355\315\133\333\016 +\267\055\355\105\010\027\262\331\263\313\326\027\122\162\050\333 +\216\116\236\212\266\013\371\236\204\232\115\166\336\042\051\134 +\322\263\322\006\076\060\071\251\164\243\222\126\034\241\157\114 +\012\040\155\237\043\172\264\306\332\054\344\035\054\334\263\050 +\320\023\362\114\116\002\111\241\124\100\236\346\345\005\240\055 +\204\310\377\230\154\320\353\212\032\204\010\036\267\150\043\356 +\043\325\160\316\155\121\151\020\356\241\172\302\321\042\061\302 +\202\205\322\362\125\166\120\174\045\172\311\204\134\013\254\335 +\102\116\053\347\202\242\044\211\313\220\262\320\356\043\272\146 +\114\273\142\244\371\123\132\144\173\174\230\372\243\110\236\017 +\225\256\247\030\364\152\354\056\003\105\257\360\164\370\052\315 +\172\135\321\276\104\046\062\051\361\361\365\154\314\176\002\041 +\013\237\157\244\077\276\235\123\342\317\175\251\054\174\130\032 +\227\341\075\067\067\030\146\050\322\100\305\121\212\214\303\055 +\316\123\210\044\130\144\060\026\305\252\340\326\012\246\100\337 +\170\366\365\004\174\151\023\204\274\321\321\247\006\317\001\367 +\150\300\250\127\273\072\141\255\004\214\223\343\255\374\360\333 +\104\155\131\334\111\131\256\254\232\231\066\060\101\173\166\063 +\042\207\243\302\222\206\156\371\160\356\256\207\207\225\033\304 +\172\275\061\363\324\322\345\231\377\276\110\354\165\365\170\026 +\035\246\160\301\177\074\033\241\222\373\317\310\074\326\305\223 +\012\217\365\125\072\166\225\316\131\230\212\011\225\167\062\232 +\203\272\054\004\072\227\275\324\057\276\327\154\233\242\312\175 +\155\046\311\125\325\317\303\171\122\010\011\231\007\044\055\144 +\045\153\246\041\151\233\152\335\164\115\153\227\172\101\275\253 +\027\371\220\027\110\217\066\371\055\325\305\333\356\252\205\105 +\101\372\315\072\105\261\150\346\066\114\233\220\127\354\043\271 +\207\010\302\304\011\361\227\206\052\050\115\342\164\300\332\304 +\214\333\337\342\241\027\131\316\044\131\164\061\332\177\375\060 +\155\331\334\341\152\341\374\137\002\003\001\000\001\243\202\001 +\032\060\202\001\026\060\017\006\003\125\035\023\001\001\377\004 +\005\060\003\001\001\377\060\016\006\003\125\035\017\001\001\377 +\004\004\003\002\001\006\060\035\006\003\125\035\016\004\026\004 +\024\030\207\126\340\156\167\356\044\065\074\116\163\232\037\326 +\341\342\171\176\053\060\037\006\003\125\035\043\004\030\060\026 +\200\024\030\207\126\340\156\167\356\044\065\074\116\163\232\037 +\326\341\342\171\176\053\060\104\006\003\125\035\040\004\075\060 +\073\060\071\006\004\125\035\040\000\060\061\060\057\006\010\053 +\006\001\005\005\007\002\001\026\043\150\164\164\160\163\072\057 +\057\167\167\167\167\056\143\145\162\164\151\147\156\141\056\146 +\162\057\141\165\164\157\162\151\164\145\163\057\060\155\006\003 +\125\035\037\004\146\060\144\060\057\240\055\240\053\206\051\150 +\164\164\160\072\057\057\143\162\154\056\143\145\162\164\151\147 +\156\141\056\146\162\057\143\145\162\164\151\147\156\141\162\157 +\157\164\143\141\056\143\162\154\060\061\240\057\240\055\206\053 +\150\164\164\160\072\057\057\143\162\154\056\144\150\151\155\171 +\157\164\151\163\056\143\157\155\057\143\145\162\164\151\147\156 +\141\162\157\157\164\143\141\056\143\162\154\060\015\006\011\052 +\206\110\206\367\015\001\001\013\005\000\003\202\002\001\000\224 +\270\236\117\360\343\225\010\042\347\315\150\101\367\034\125\325 +\174\000\342\055\072\211\135\150\070\057\121\042\013\112\215\313 +\351\273\135\076\273\134\075\261\050\376\344\123\125\023\317\241 +\220\033\002\035\137\146\106\011\063\050\341\015\044\227\160\323 +\020\037\352\144\127\226\273\135\332\347\304\214\117\114\144\106 +\035\134\207\343\131\336\102\321\233\250\176\246\211\335\217\034 +\311\060\202\355\073\234\315\300\351\031\340\152\330\002\165\067 +\253\367\064\050\050\221\362\004\012\117\065\343\140\046\001\372 +\320\021\214\371\021\152\356\257\075\303\120\323\217\137\063\171 +\074\206\250\163\105\220\214\040\266\162\163\027\043\276\007\145 +\345\170\222\015\272\001\300\353\214\034\146\277\254\206\167\001 +\224\015\234\346\351\071\215\037\246\121\214\231\014\071\167\341 +\264\233\372\034\147\127\157\152\152\216\251\053\114\127\171\172 +\127\042\317\315\137\143\106\215\134\131\072\206\370\062\107\142 +\243\147\015\030\221\334\373\246\153\365\110\141\163\043\131\216 +\002\247\274\104\352\364\111\235\361\124\130\371\140\257\332\030 +\244\057\050\105\334\172\240\210\206\135\363\073\347\377\051\065 +\200\374\144\103\224\346\343\034\157\276\255\016\052\143\231\053 +\311\176\205\366\161\350\006\003\225\376\336\217\110\034\132\324 +\222\350\053\356\347\061\333\272\004\152\207\230\347\305\137\357 +\175\247\042\367\001\330\115\371\211\320\016\232\005\131\244\236 +\230\331\157\053\312\160\276\144\302\125\243\364\351\257\303\222 +\051\334\210\026\044\231\074\215\046\230\266\133\267\314\316\267 +\067\007\375\046\331\230\205\044\377\131\043\003\232\355\235\235 +\250\344\136\070\316\327\122\015\157\322\077\155\261\005\153\111 +\316\212\221\106\163\364\366\057\360\250\163\167\016\145\254\241 +\215\146\122\151\176\113\150\014\307\036\067\047\203\245\214\307 +\002\344\024\315\111\001\260\163\263\375\306\220\072\157\322\154 +\355\073\356\354\221\276\242\103\135\213\000\112\146\045\104\160 +\336\100\017\370\174\025\367\242\316\074\327\136\023\214\201\027 +\030\027\321\275\361\167\020\072\324\145\071\301\047\254\127\054 +\045\124\377\242\332\117\212\141\071\136\256\075\112\214\275 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE + +# Trust for "Certigna Root CA" +# Issuer: CN=Certigna Root CA,OU=0002 48146308100036,O=Dhimyotis,C=FR +# Serial Number:00:ca:e9:1b:89:f1:55:03:0d:a3:e6:41:6d:c4:e3:a6:e1 +# Subject: CN=Certigna Root CA,OU=0002 48146308100036,O=Dhimyotis,C=FR +# Not Valid Before: Tue Oct 01 08:32:27 2013 +# Not Valid After : Sat Oct 01 08:32:27 2033 +# Fingerprint (SHA-256): D4:8D:3D:23:EE:DB:50:A4:59:E5:51:97:60:1C:27:77:4B:9D:7B:18:C9:4D:5A:05:95:11:A1:02:50:B9:31:68 +# Fingerprint (SHA1): 2D:0D:52:14:FF:9E:AD:99:24:01:74:20:47:6E:6C:85:27:27:F5:43 +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Certigna Root CA" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\055\015\122\024\377\236\255\231\044\001\164\040\107\156\154\205 +\047\047\365\103 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\016\134\060\142\047\353\133\274\327\256\142\272\351\325\337\167 +END +CKA_ISSUER MULTILINE_OCTAL +\060\132\061\013\060\011\006\003\125\004\006\023\002\106\122\061 +\022\060\020\006\003\125\004\012\014\011\104\150\151\155\171\157 +\164\151\163\061\034\060\032\006\003\125\004\013\014\023\060\060 +\060\062\040\064\070\061\064\066\063\060\070\061\060\060\060\063 +\066\061\031\060\027\006\003\125\004\003\014\020\103\145\162\164 +\151\147\156\141\040\122\157\157\164\040\103\101 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\021\000\312\351\033\211\361\125\003\015\243\346\101\155\304 +\343\246\341 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE diff --git a/lfs/ca-certificates b/lfs/ca-certificates index 6c684702a..639ef74b7 100644 --- a/lfs/ca-certificates +++ b/lfs/ca-certificates @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team <info(a)ipfire.org> # +# Copyright (C) 2007-2019 IPFire Team <info(a)ipfire.org> # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 20181027 +VER = 20190123 THISAPP = ca-certificates DIR_APP = $(DIR_SRC)/$(THISAPP) -- 2.16.4

1 0

[PATCH] OpenSSH: update to 7.9p1
by Peter Müller 23 Jan '19

23 Jan '19

Update OpenSSH to 7.9p1 (release note is available at https://www.openssh.com/txt/release-7.9). Patching support for OpenSSL 1.1.0 is no longer required, thus the orphaned patchfile has been deleted. Signed-off-by: Peter Müller <peter.mueller(a)link38.eu> --- config/rootfiles/common/openssh | 3 - lfs/openssh | 7 +- src/patches/openssh-7.8p1-openssl-1.1.0-1.patch | 1950 ----------------------- 3 files changed, 3 insertions(+), 1957 deletions(-) delete mode 100644 src/patches/openssh-7.8p1-openssl-1.1.0-1.patch diff --git a/config/rootfiles/common/openssh b/config/rootfiles/common/openssh index c33003fe6..b41190a47 100644 --- a/config/rootfiles/common/openssh +++ b/config/rootfiles/common/openssh @@ -7,8 +7,6 @@ etc/ssh/ssh_config #etc/ssh/ssh_host_ecdsa_key.pub #etc/ssh/ssh_host_ed25519_key #etc/ssh/ssh_host_ed25519_key.pub -#etc/ssh/ssh_host_key -#etc/ssh/ssh_host_key.pub #etc/ssh/ssh_host_rsa_key #etc/ssh/ssh_host_rsa_key.pub etc/ssh/sshd_config @@ -26,7 +24,6 @@ usr/lib/openssh/ssh-pkcs11-helper usr/sbin/sshd #usr/share/man/man1/scp.1 #usr/share/man/man1/sftp.1 -#usr/share/man/man1/slogin.1 #usr/share/man/man1/ssh-add.1 #usr/share/man/man1/ssh-agent.1 #usr/share/man/man1/ssh-keygen.1 diff --git a/lfs/openssh b/lfs/openssh index c67f135e8..7fbb5a928 100644 --- a/lfs/openssh +++ b/lfs/openssh @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team <info(a)ipfire.org> # +# Copyright (C) 2007-2019 IPFire Team <info(a)ipfire.org> # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 7.8p1 +VER = 7.9p1 THISAPP = openssh-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = ce1d090fa6239fd38eb989d5e983b074 +$(DL_FILE)_MD5 = c6af50b7a474d04726a5aa747a5dce8f install : $(TARGET) @@ -70,7 +70,6 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssh-7.8p1-openssl-1.1.0-1.patch cd $(DIR_APP) && sed -i "s/lkrb5 -ldes/lkrb5/" configure cd $(DIR_APP) && ./configure \ --prefix=/usr \ diff --git a/src/patches/openssh-7.8p1-openssl-1.1.0-1.patch b/src/patches/openssh-7.8p1-openssl-1.1.0-1.patch deleted file mode 100644 index 7f8c7cd4f..000000000 --- a/src/patches/openssh-7.8p1-openssl-1.1.0-1.patch +++ /dev/null @@ -1,1950 +0,0 @@ -diff -aurp old/auth-pam.c new/auth-pam.c ---- old/auth-pam.c 2018-08-22 22:41:42.000000000 -0700 -+++ new/auth-pam.c 2018-08-23 21:31:53.324592767 -0700 -@@ -128,6 +128,10 @@ extern u_int utmp_len; - typedef pthread_t sp_pthread_t; - #else - typedef pid_t sp_pthread_t; -+# define pthread_create(a, b, c, d) _ssh_compat_pthread_create(a, b, c, d) -+# define pthread_exit(a) _ssh_compat_pthread_exit(a) -+# define pthread_cancel(a) _ssh_compat_pthread_cancel(a) -+# define pthread_join(a, b) _ssh_compat_pthread_join(a, b) - #endif - - struct pam_ctxt { -diff -aurp old/cipher.c new/cipher.c ---- old/cipher.c 2018-08-22 22:41:42.000000000 -0700 -+++ new/cipher.c 2018-08-23 21:31:53.327926112 -0700 -@@ -299,7 +299,10 @@ cipher_init(struct sshcipher_ctx **ccp, - goto out; - } - } -- if (EVP_CipherInit(cc->evp, NULL, (u_char *)key, NULL, -1) == 0) { -+ /* in OpenSSL 1.1.0, EVP_CipherInit clears all previous setups; -+ use EVP_CipherInit_ex for augmenting */ -+ if (EVP_CipherInit_ex(cc->evp, NULL, NULL, (u_char *)key, NULL, -1) == 0) -+ { - ret = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } -@@ -485,7 +488,7 @@ cipher_get_keyiv(struct sshcipher_ctx *c - len, iv)) - return SSH_ERR_LIBCRYPTO_ERROR; - } else -- memcpy(iv, cc->evp->iv, len); -+ memcpy(iv, EVP_CIPHER_CTX_iv(cc->evp), len); - #endif - return 0; - } -@@ -519,14 +522,19 @@ cipher_set_keyiv(struct sshcipher_ctx *c - EVP_CTRL_GCM_SET_IV_FIXED, -1, (void *)iv)) - return SSH_ERR_LIBCRYPTO_ERROR; - } else -- memcpy(cc->evp->iv, iv, evplen); -+ memcpy(EVP_CIPHER_CTX_iv(cc->evp), iv, evplen); - #endif - return 0; - } - - #ifdef WITH_OPENSSL --#define EVP_X_STATE(evp) (evp)->cipher_data --#define EVP_X_STATE_LEN(evp) (evp)->cipher->ctx_size -+# if OPENSSL_VERSION_NUMBER >= 0x10100000UL -+#define EVP_X_STATE(evp) EVP_CIPHER_CTX_get_cipher_data(evp) -+#define EVP_X_STATE_LEN(evp) EVP_CIPHER_impl_ctx_size(EVP_CIPHER_CTX_cipher(evp)) -+# else -+#define EVP_X_STATE(evp) (evp).cipher_data -+#define EVP_X_STATE_LEN(evp) (evp).cipher->ctx_size -+# endif - #endif - - int -diff -aurp old/cipher.h new/cipher.h ---- old/cipher.h 2018-08-22 22:41:42.000000000 -0700 -+++ new/cipher.h 2018-08-23 21:31:53.327926112 -0700 -@@ -46,7 +46,18 @@ - #define CIPHER_DECRYPT 0 - - struct sshcipher; -+#if 0 -+struct sshcipher_ctx { -+ int plaintext; -+ int encrypt; -+ EVP_CIPHER_CTX *evp; -+ struct chachapoly_ctx cp_ctx; /* XXX union with evp? */ -+ struct aesctr_ctx ac_ctx; /* XXX union with evp? */ -+ const struct sshcipher *cipher; -+}; -+#else - struct sshcipher_ctx; -+#endif - - const struct sshcipher *cipher_by_name(const char *); - const char *cipher_warning_message(const struct sshcipher_ctx *); -diff -aurp old/configure new/configure ---- old/configure 2018-08-23 00:09:30.000000000 -0700 -+++ new/configure 2018-08-23 21:31:53.331259457 -0700 -@@ -13032,7 +13032,6 @@ if ac_fn_c_try_run "$LINENO"; then : - 100*) ;; # 1.0.x - 200*) ;; # LibreSSL - *) -- as_fn_error $? "OpenSSL >= 1.1.0 is not yet supported (have \"$ssl_library_ver\")" "$LINENO" 5 - ;; - esac - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ssl_library_ver" >&5 -diff -aurp old/dh.c new/dh.c ---- old/dh.c 2018-08-22 22:41:42.000000000 -0700 -+++ new/dh.c 2018-08-23 21:39:18.863765579 -0700 -@@ -216,14 +216,15 @@ choose_dh(int min, int wantbits, int max - /* diffie-hellman-groupN-sha1 */ - - int --dh_pub_is_valid(DH *dh, BIGNUM *dh_pub) -+dh_pub_is_valid(const DH *dh, const BIGNUM *dh_pub) - { - int i; - int n = BN_num_bits(dh_pub); - int bits_set = 0; - BIGNUM *tmp; -+ const BIGNUM *p; - -- if (dh_pub->neg) { -+ if (BN_is_negative(dh_pub)) { - logit("invalid public DH value: negative"); - return 0; - } -@@ -236,7 +237,8 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub) - error("%s: BN_new failed", __func__); - return 0; - } -- if (!BN_sub(tmp, dh->p, BN_value_one()) || -+ DH_get0_pqg(dh, &p, NULL, NULL); -+ if (!BN_sub(tmp, p, BN_value_one()) || - BN_cmp(dh_pub, tmp) != -1) { /* pub_exp > p-2 */ - BN_clear_free(tmp); - logit("invalid public DH value: >= p-1"); -@@ -247,14 +249,14 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub) - for (i = 0; i <= n; i++) - if (BN_is_bit_set(dh_pub, i)) - bits_set++; -- debug2("bits set: %d/%d", bits_set, BN_num_bits(dh->p)); -+ debug2("bits set: %d/%d", bits_set, BN_num_bits(p)); - - /* - * if g==2 and bits_set==1 then computing log_g(dh_pub) is trivial - */ - if (bits_set < 4) { - logit("invalid public DH value (%d/%d)", -- bits_set, BN_num_bits(dh->p)); -+ bits_set, BN_num_bits(p)); - return 0; - } - return 1; -@@ -264,9 +266,13 @@ int - dh_gen_key(DH *dh, int need) - { - int pbits; -+ const BIGNUM *p, *pub_key; -+ BIGNUM *priv_key; - -- if (need < 0 || dh->p == NULL || -- (pbits = BN_num_bits(dh->p)) <= 0 || -+ DH_get0_pqg(dh, &p, NULL, NULL); -+ -+ if (need < 0 || p == NULL || -+ (pbits = BN_num_bits(p)) <= 0 || - need > INT_MAX / 2 || 2 * need > pbits) - return SSH_ERR_INVALID_ARGUMENT; - if (need < 256) -@@ -275,11 +281,13 @@ dh_gen_key(DH *dh, int need) - * Pollard Rho, Big step/Little Step attacks are O(sqrt(n)), - * so double requested need here. - */ -- dh->length = MINIMUM(need * 2, pbits - 1); -- if (DH_generate_key(dh) == 0 || -- !dh_pub_is_valid(dh, dh->pub_key)) { -- BN_clear_free(dh->priv_key); -- dh->priv_key = NULL; -+ DH_set_length(dh, MIN(need * 2, pbits - 1)); -+ if (DH_generate_key(dh) == 0) { -+ return SSH_ERR_LIBCRYPTO_ERROR; -+ } -+ DH_get0_key(dh, &pub_key, &priv_key); -+ if (!dh_pub_is_valid(dh, pub_key)) { -+ BN_clear(priv_key); - return SSH_ERR_LIBCRYPTO_ERROR; - } - return 0; -@@ -288,16 +296,27 @@ dh_gen_key(DH *dh, int need) - DH * - dh_new_group_asc(const char *gen, const char *modulus) - { -- DH *dh; -+ DH *dh = NULL; -+ BIGNUM *p=NULL, *g=NULL; - -- if ((dh = DH_new()) == NULL) -- return NULL; -- if (BN_hex2bn(&dh->p, modulus) == 0 || -- BN_hex2bn(&dh->g, gen) == 0) { -- DH_free(dh); -- return NULL; -+ if ((dh = DH_new()) == NULL || -+ (p = BN_new()) == NULL || -+ (g = BN_new()) == NULL) -+ goto null; -+ if (BN_hex2bn(&p, modulus) == 0 || -+ BN_hex2bn(&g, gen) == 0) { -+ goto null; - } -+ if (DH_set0_pqg(dh, p, NULL, g) == 0) { -+ goto null; -+ } -+ p = g = NULL; - return (dh); -+null: -+ BN_free(p); -+ BN_free(g); -+ DH_free(dh); -+ return NULL; - } - - /* -@@ -312,8 +331,8 @@ dh_new_group(BIGNUM *gen, BIGNUM *modulu - - if ((dh = DH_new()) == NULL) - return NULL; -- dh->p = modulus; -- dh->g = gen; -+ if (DH_set0_pqg(dh, modulus, NULL, gen) == 0) -+ return NULL; - - return (dh); - } -diff -aurp old/dh.h new/dh.h ---- old/dh.h 2018-08-22 22:41:42.000000000 -0700 -+++ new/dh.h 2018-08-23 21:31:53.331259457 -0700 -@@ -42,7 +42,7 @@ DH *dh_new_group18(void); - DH *dh_new_group_fallback(int); - - int dh_gen_key(DH *, int); --int dh_pub_is_valid(DH *, BIGNUM *); -+int dh_pub_is_valid(const DH *, const BIGNUM *); - - u_int dh_estimate(int); - -diff -aurp old/digest-openssl.c new/digest-openssl.c ---- old/digest-openssl.c 2018-08-22 22:41:42.000000000 -0700 -+++ new/digest-openssl.c 2018-08-23 21:31:53.331259457 -0700 -@@ -43,7 +43,7 @@ - - struct ssh_digest_ctx { - int alg; -- EVP_MD_CTX mdctx; -+ EVP_MD_CTX *mdctx; - }; - - struct ssh_digest { -@@ -106,20 +106,21 @@ ssh_digest_bytes(int alg) - size_t - ssh_digest_blocksize(struct ssh_digest_ctx *ctx) - { -- return EVP_MD_CTX_block_size(&ctx->mdctx); -+ return EVP_MD_CTX_block_size(ctx->mdctx); - } - - struct ssh_digest_ctx * - ssh_digest_start(int alg) - { - const struct ssh_digest *digest = ssh_digest_by_alg(alg); -- struct ssh_digest_ctx *ret; -+ struct ssh_digest_ctx *ret = NULL; - - if (digest == NULL || ((ret = calloc(1, sizeof(*ret))) == NULL)) - return NULL; - ret->alg = alg; -- EVP_MD_CTX_init(&ret->mdctx); -- if (EVP_DigestInit_ex(&ret->mdctx, digest->mdfunc(), NULL) != 1) { -+ if ((ret->mdctx = EVP_MD_CTX_new()) == NULL || -+ EVP_DigestInit_ex(ret->mdctx, digest->mdfunc(), NULL) != 1) { -+ EVP_MD_CTX_free(ret->mdctx); - free(ret); - return NULL; - } -@@ -132,7 +133,7 @@ ssh_digest_copy_state(struct ssh_digest_ - if (from->alg != to->alg) - return SSH_ERR_INVALID_ARGUMENT; - /* we have bcopy-style order while openssl has memcpy-style */ -- if (!EVP_MD_CTX_copy_ex(&to->mdctx, &from->mdctx)) -+ if (!EVP_MD_CTX_copy_ex(to->mdctx, from->mdctx)) - return SSH_ERR_LIBCRYPTO_ERROR; - return 0; - } -@@ -140,7 +141,7 @@ ssh_digest_copy_state(struct ssh_digest_ - int - ssh_digest_update(struct ssh_digest_ctx *ctx, const void *m, size_t mlen) - { -- if (EVP_DigestUpdate(&ctx->mdctx, m, mlen) != 1) -+ if (EVP_DigestUpdate(ctx->mdctx, m, mlen) != 1) - return SSH_ERR_LIBCRYPTO_ERROR; - return 0; - } -@@ -161,7 +162,7 @@ ssh_digest_final(struct ssh_digest_ctx * - return SSH_ERR_INVALID_ARGUMENT; - if (dlen < digest->digest_len) /* No truncation allowed */ - return SSH_ERR_INVALID_ARGUMENT; -- if (EVP_DigestFinal_ex(&ctx->mdctx, d, &l) != 1) -+ if (EVP_DigestFinal_ex(ctx->mdctx, d, &l) != 1) - return SSH_ERR_LIBCRYPTO_ERROR; - if (l != digest->digest_len) /* sanity */ - return SSH_ERR_INTERNAL_ERROR; -@@ -172,7 +173,7 @@ void - ssh_digest_free(struct ssh_digest_ctx *ctx) - { - if (ctx != NULL) { -- EVP_MD_CTX_cleanup(&ctx->mdctx); -+ EVP_MD_CTX_free(ctx->mdctx); - explicit_bzero(ctx, sizeof(*ctx)); - free(ctx); - } -diff -aurp old/kexdhc.c new/kexdhc.c ---- old/kexdhc.c 2018-08-22 22:41:42.000000000 -0700 -+++ new/kexdhc.c 2018-08-23 21:31:53.331259457 -0700 -@@ -81,11 +81,16 @@ kexdh_client(struct ssh *ssh) - goto out; - } - debug("sending SSH2_MSG_KEXDH_INIT"); -- if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0 || -- (r = sshpkt_start(ssh, SSH2_MSG_KEXDH_INIT)) != 0 || -- (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 || -+ { -+ const BIGNUM *pub_key; -+ if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0) -+ goto out; -+ DH_get0_key(kex->dh, &pub_key, NULL); -+ if ((r = sshpkt_start(ssh, SSH2_MSG_KEXDH_INIT)) != 0 || -+ (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 || - (r = sshpkt_send(ssh)) != 0) - goto out; -+ } - #ifdef DEBUG_KEXDH - DHparams_print_fp(stderr, kex->dh); - fprintf(stderr, "pub= "); -@@ -169,6 +174,9 @@ input_kex_dh(int type, u_int32_t seq, st - - /* calc and verify H */ - hashlen = sizeof(hash); -+ { -+ const BIGNUM *pub_key; -+ DH_get0_key(kex->dh, &pub_key, NULL); - if ((r = kex_dh_hash( - kex->hash_alg, - kex->client_version_string, -@@ -176,11 +184,13 @@ input_kex_dh(int type, u_int32_t seq, st - sshbuf_ptr(kex->my), sshbuf_len(kex->my), - sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), - server_host_key_blob, sbloblen, -- kex->dh->pub_key, -+ pub_key, - dh_server_pub, - shared_secret, -- hash, &hashlen)) != 0) -+ hash, &hashlen)) != 0) { - goto out; -+ } -+ } - - if ((r = sshkey_verify(server_host_key, signature, slen, hash, hashlen, - kex->hostkey_alg, ssh->compat)) != 0) -diff -aurp old/kexdhs.c new/kexdhs.c ---- old/kexdhs.c 2018-08-22 22:41:42.000000000 -0700 -+++ new/kexdhs.c 2018-08-23 21:36:50.600564263 -0700 -@@ -163,6 +163,9 @@ input_kex_dh_init(int type, u_int32_t se - goto out; - /* calc H */ - hashlen = sizeof(hash); -+ { -+ const BIGNUM *pub_key; -+ DH_get0_key(kex->dh, &pub_key, NULL); - if ((r = kex_dh_hash( - kex->hash_alg, - kex->client_version_string, -@@ -171,10 +174,12 @@ input_kex_dh_init(int type, u_int32_t se - sshbuf_ptr(kex->my), sshbuf_len(kex->my), - server_host_key_blob, sbloblen, - dh_client_pub, -- kex->dh->pub_key, -+ pub_key, - shared_secret, -- hash, &hashlen)) != 0) -+ hash, &hashlen)) != 0) { - goto out; -+ } -+ } - - /* save session id := H */ - if (kex->session_id == NULL) { -@@ -195,12 +200,16 @@ input_kex_dh_init(int type, u_int32_t se - /* destroy_sensitive_data(); */ - - /* send server hostkey, DH pubkey 'f' and signed H */ -+ { -+ const BIGNUM *pub_key; -+ DH_get0_key(kex->dh, &pub_key, NULL); - if ((r = sshpkt_start(ssh, SSH2_MSG_KEXDH_REPLY)) != 0 || - (r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 || -- (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 || /* f */ -+ (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 || /* f */ - (r = sshpkt_put_string(ssh, signature, slen)) != 0 || - (r = sshpkt_send(ssh)) != 0) - goto out; -+ } - - if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0) - r = kex_send_newkeys(ssh); -diff -aurp old/kexgexc.c new/kexgexc.c ---- old/kexgexc.c 2018-08-22 22:41:42.000000000 -0700 -+++ new/kexgexc.c 2018-08-23 21:31:53.331259457 -0700 -@@ -118,11 +118,17 @@ input_kex_dh_gex_group(int type, u_int32 - p = g = NULL; /* belong to kex->dh now */ - - /* generate and send 'e', client DH public key */ -- if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0 || -- (r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_INIT)) != 0 || -- (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 || -- (r = sshpkt_send(ssh)) != 0) -+ { -+ const BIGNUM *pub_key; -+ if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0) -+ goto out; -+ DH_get0_key(kex->dh, &pub_key, NULL); -+ if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_INIT)) != 0 || -+ (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 || -+ (r = sshpkt_send(ssh)) != 0) { - goto out; -+ } -+ } - debug("SSH2_MSG_KEX_DH_GEX_INIT sent"); - #ifdef DEBUG_KEXDH - DHparams_print_fp(stderr, kex->dh); -@@ -212,6 +218,10 @@ input_kex_dh_gex_reply(int type, u_int32 - - /* calc and verify H */ - hashlen = sizeof(hash); -+ { -+ const BIGNUM *p, *g, *pub_key; -+ DH_get0_pqg(kex->dh, &p, NULL, &g); -+ DH_get0_key(kex->dh, &pub_key, NULL); - if ((r = kexgex_hash( - kex->hash_alg, - kex->client_version_string, -@@ -220,12 +230,14 @@ input_kex_dh_gex_reply(int type, u_int32 - sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), - server_host_key_blob, sbloblen, - kex->min, kex->nbits, kex->max, -- kex->dh->p, kex->dh->g, -- kex->dh->pub_key, -+ p, g, -+ pub_key, - dh_server_pub, - shared_secret, -- hash, &hashlen)) != 0) -+ hash, &hashlen)) != 0) { - goto out; -+ } -+ } - - if ((r = sshkey_verify(server_host_key, signature, slen, hash, - hashlen, kex->hostkey_alg, ssh->compat)) != 0) -diff -aurp old/kexgexs.c new/kexgexs.c ---- old/kexgexs.c 2018-08-22 22:41:42.000000000 -0700 -+++ new/kexgexs.c 2018-08-23 21:36:11.493972372 -0700 -@@ -101,11 +101,16 @@ input_kex_dh_gex_request(int type, u_int - goto out; - } - debug("SSH2_MSG_KEX_DH_GEX_GROUP sent"); -+ { -+ const BIGNUM *p, *g; -+ DH_get0_pqg(kex->dh, &p, NULL, &g); - if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_GROUP)) != 0 || -- (r = sshpkt_put_bignum2(ssh, kex->dh->p)) != 0 || -- (r = sshpkt_put_bignum2(ssh, kex->dh->g)) != 0 || -- (r = sshpkt_send(ssh)) != 0) -+ (r = sshpkt_put_bignum2(ssh, p)) != 0 || -+ (r = sshpkt_put_bignum2(ssh, g)) != 0 || -+ (r = sshpkt_send(ssh)) != 0) { - goto out; -+ } -+ } - - /* Compute our exchange value in parallel with the client */ - if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0) -@@ -191,6 +196,10 @@ input_kex_dh_gex_init(int type, u_int32_ - goto out; - /* calc H */ - hashlen = sizeof(hash); -+ { -+ const BIGNUM *p, *g, *pub_key; -+ DH_get0_pqg(kex->dh, &p, NULL, &g); -+ DH_get0_key(kex->dh, &pub_key, NULL); - if ((r = kexgex_hash( - kex->hash_alg, - kex->client_version_string, -@@ -199,12 +208,14 @@ input_kex_dh_gex_init(int type, u_int32_ - sshbuf_ptr(kex->my), sshbuf_len(kex->my), - server_host_key_blob, sbloblen, - kex->min, kex->nbits, kex->max, -- kex->dh->p, kex->dh->g, -+ p, g, - dh_client_pub, -- kex->dh->pub_key, -+ pub_key, - shared_secret, -- hash, &hashlen)) != 0) -+ hash, &hashlen)) != 0) { - goto out; -+ } -+ } - - /* save session id := H */ - if (kex->session_id == NULL) { -@@ -225,12 +236,16 @@ input_kex_dh_gex_init(int type, u_int32_ - /* destroy_sensitive_data(); */ - - /* send server hostkey, DH pubkey 'f' and signed H */ -+ { -+ const BIGNUM *pub_key; -+ DH_get0_key(kex->dh, &pub_key, NULL); - if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_REPLY)) != 0 || - (r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 || -- (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 || /* f */ -+ (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 || /* f */ - (r = sshpkt_put_string(ssh, signature, slen)) != 0 || - (r = sshpkt_send(ssh)) != 0) - goto out; -+ } - - if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0) - r = kex_send_newkeys(ssh); -diff -aurp old/monitor.c new/monitor.c ---- old/monitor.c 2018-08-22 22:41:42.000000000 -0700 -+++ new/monitor.c 2018-08-23 21:34:14.594343260 -0700 -@@ -589,10 +589,12 @@ mm_answer_moduli(int sock, struct sshbuf - fatal("%s: buffer error: %s", __func__, ssh_err(r)); - return (0); - } else { -+ const BIGNUM *p, *g; -+ DH_get0_pqg(dh, &p, NULL, &g); - /* Send first bignum */ - if ((r = sshbuf_put_u8(m, 1)) != 0 || -- (r = sshbuf_put_bignum2(m, dh->p)) != 0 || -- (r = sshbuf_put_bignum2(m, dh->g)) != 0) -+ (r = sshbuf_put_bignum2(m, p)) != 0 || -+ (r = sshbuf_put_bignum2(m, g)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); - - DH_free(dh); -diff -aurp old/openbsd-compat/openssl-compat.c new/openbsd-compat/openssl-compat.c ---- old/openbsd-compat/openssl-compat.c 2018-08-22 22:41:42.000000000 -0700 -+++ new/openbsd-compat/openssl-compat.c 2018-08-23 21:31:53.334592801 -0700 -@@ -75,7 +75,6 @@ ssh_OpenSSL_add_all_algorithms(void) - /* Enable use of crypto hardware */ - ENGINE_load_builtin_engines(); - ENGINE_register_all_complete(); -- OPENSSL_config(NULL); - } - #endif - -diff -aurp old/regress/unittests/sshkey/test_file.c new/regress/unittests/sshkey/test_file.c ---- old/regress/unittests/sshkey/test_file.c 2018-08-22 22:41:42.000000000 -0700 -+++ new/regress/unittests/sshkey/test_file.c 2018-08-23 21:31:53.334592801 -0700 -@@ -60,9 +60,14 @@ sshkey_file_tests(void) - a = load_bignum("rsa_1.param.n"); - b = load_bignum("rsa_1.param.p"); - c = load_bignum("rsa_1.param.q"); -- ASSERT_BIGNUM_EQ(k1->rsa->n, a); -- ASSERT_BIGNUM_EQ(k1->rsa->p, b); -- ASSERT_BIGNUM_EQ(k1->rsa->q, c); -+ { -+ const BIGNUM *n, *p, *q; -+ RSA_get0_key(k1->rsa, &n, NULL, NULL); -+ RSA_get0_factors(k1->rsa, &p, &q); -+ ASSERT_BIGNUM_EQ(n, a); -+ ASSERT_BIGNUM_EQ(p, b); -+ ASSERT_BIGNUM_EQ(q, c); -+ } - BN_free(a); - BN_free(b); - BN_free(c); -@@ -151,9 +156,14 @@ sshkey_file_tests(void) - a = load_bignum("dsa_1.param.g"); - b = load_bignum("dsa_1.param.priv"); - c = load_bignum("dsa_1.param.pub"); -- ASSERT_BIGNUM_EQ(k1->dsa->g, a); -- ASSERT_BIGNUM_EQ(k1->dsa->priv_key, b); -- ASSERT_BIGNUM_EQ(k1->dsa->pub_key, c); -+ { -+ const BIGNUM *g, *priv_key, *pub_key; -+ DSA_get0_pqg(k1->dsa, NULL, NULL, &g); -+ DSA_get0_key(k1->dsa, &pub_key, &priv_key); -+ ASSERT_BIGNUM_EQ(g, a); -+ ASSERT_BIGNUM_EQ(priv_key, b); -+ ASSERT_BIGNUM_EQ(pub_key, c); -+ } - BN_free(a); - BN_free(b); - BN_free(c); -diff -aurp old/regress/unittests/sshkey/test_sshkey.c new/regress/unittests/sshkey/test_sshkey.c ---- old/regress/unittests/sshkey/test_sshkey.c 2018-08-22 22:41:42.000000000 -0700 -+++ new/regress/unittests/sshkey/test_sshkey.c 2018-08-23 21:31:53.334592801 -0700 -@@ -197,9 +197,14 @@ sshkey_tests(void) - k1 = sshkey_new(KEY_RSA); - ASSERT_PTR_NE(k1, NULL); - ASSERT_PTR_NE(k1->rsa, NULL); -- ASSERT_PTR_NE(k1->rsa->n, NULL); -- ASSERT_PTR_NE(k1->rsa->e, NULL); -- ASSERT_PTR_EQ(k1->rsa->p, NULL); -+ { -+ const BIGNUM *n, *e, *p; -+ RSA_get0_key(k1->rsa, &n, &e, NULL); -+ RSA_get0_factors(k1->rsa, &p, NULL); -+ ASSERT_PTR_NE(n, NULL); -+ ASSERT_PTR_NE(e, NULL); -+ ASSERT_PTR_EQ(p, NULL); -+ } - sshkey_free(k1); - TEST_DONE(); - -@@ -207,8 +212,13 @@ sshkey_tests(void) - k1 = sshkey_new(KEY_DSA); - ASSERT_PTR_NE(k1, NULL); - ASSERT_PTR_NE(k1->dsa, NULL); -- ASSERT_PTR_NE(k1->dsa->g, NULL); -- ASSERT_PTR_EQ(k1->dsa->priv_key, NULL); -+ { -+ const BIGNUM *g, *priv_key; -+ DSA_get0_pqg(k1->dsa, NULL, NULL, &g); -+ DSA_get0_key(k1->dsa, NULL, &priv_key); -+ ASSERT_PTR_NE(g, NULL); -+ ASSERT_PTR_EQ(priv_key, NULL); -+ } - sshkey_free(k1); - TEST_DONE(); - -@@ -234,9 +244,14 @@ sshkey_tests(void) - k1 = sshkey_new_private(KEY_RSA); - ASSERT_PTR_NE(k1, NULL); - ASSERT_PTR_NE(k1->rsa, NULL); -- ASSERT_PTR_NE(k1->rsa->n, NULL); -- ASSERT_PTR_NE(k1->rsa->e, NULL); -- ASSERT_PTR_NE(k1->rsa->p, NULL); -+ { -+ const BIGNUM *n, *e, *p; -+ RSA_get0_key(k1->rsa, &n, &e, NULL); -+ RSA_get0_factors(k1->rsa, &p, NULL); -+ ASSERT_PTR_NE(n, NULL); -+ ASSERT_PTR_NE(e, NULL); -+ ASSERT_PTR_NE(p, NULL); -+ } - ASSERT_INT_EQ(sshkey_add_private(k1), 0); - sshkey_free(k1); - TEST_DONE(); -@@ -245,8 +260,13 @@ sshkey_tests(void) - k1 = sshkey_new_private(KEY_DSA); - ASSERT_PTR_NE(k1, NULL); - ASSERT_PTR_NE(k1->dsa, NULL); -- ASSERT_PTR_NE(k1->dsa->g, NULL); -- ASSERT_PTR_NE(k1->dsa->priv_key, NULL); -+ { -+ const BIGNUM *g, *priv_key; -+ DSA_get0_pqg(k1->dsa, NULL, NULL, &g); -+ DSA_get0_key(k1->dsa, NULL, &priv_key); -+ ASSERT_PTR_NE(g, NULL); -+ ASSERT_PTR_NE(priv_key, NULL); -+ } - ASSERT_INT_EQ(sshkey_add_private(k1), 0); - sshkey_free(k1); - TEST_DONE(); -@@ -285,18 +305,28 @@ sshkey_tests(void) - ASSERT_INT_EQ(sshkey_generate(KEY_RSA, 1024, &kr), 0); - ASSERT_PTR_NE(kr, NULL); - ASSERT_PTR_NE(kr->rsa, NULL); -- ASSERT_PTR_NE(kr->rsa->n, NULL); -- ASSERT_PTR_NE(kr->rsa->e, NULL); -- ASSERT_PTR_NE(kr->rsa->p, NULL); -- ASSERT_INT_EQ(BN_num_bits(kr->rsa->n), 1024); -+ { -+ const BIGNUM *n, *e, *p; -+ RSA_get0_key(kr->rsa, &n, &e, NULL); -+ RSA_get0_factors(kr->rsa, &p, NULL); -+ ASSERT_PTR_NE(n, NULL); -+ ASSERT_PTR_NE(e, NULL); -+ ASSERT_PTR_NE(p, NULL); -+ ASSERT_INT_EQ(BN_num_bits(n), 1024); -+ } - TEST_DONE(); - - TEST_START("generate KEY_DSA"); - ASSERT_INT_EQ(sshkey_generate(KEY_DSA, 1024, &kd), 0); - ASSERT_PTR_NE(kd, NULL); - ASSERT_PTR_NE(kd->dsa, NULL); -- ASSERT_PTR_NE(kd->dsa->g, NULL); -- ASSERT_PTR_NE(kd->dsa->priv_key, NULL); -+ { -+ const BIGNUM *g, *priv_key; -+ DSA_get0_pqg(kd->dsa, NULL, NULL, &g); -+ DSA_get0_key(kd->dsa, NULL, &priv_key); -+ ASSERT_PTR_NE(g, NULL); -+ ASSERT_PTR_NE(priv_key, NULL); -+ } - TEST_DONE(); - - #ifdef OPENSSL_HAS_ECC -@@ -323,9 +353,14 @@ sshkey_tests(void) - ASSERT_PTR_NE(kr, k1); - ASSERT_INT_EQ(k1->type, KEY_RSA); - ASSERT_PTR_NE(k1->rsa, NULL); -- ASSERT_PTR_NE(k1->rsa->n, NULL); -- ASSERT_PTR_NE(k1->rsa->e, NULL); -- ASSERT_PTR_EQ(k1->rsa->p, NULL); -+ { -+ const BIGNUM *n, *e, *p; -+ RSA_get0_key(k1->rsa, &n, &e, NULL); -+ RSA_get0_factors(k1->rsa, &p, NULL); -+ ASSERT_PTR_NE(n, NULL); -+ ASSERT_PTR_NE(e, NULL); -+ ASSERT_PTR_EQ(p, NULL); -+ } - TEST_DONE(); - - TEST_START("equal KEY_RSA/demoted KEY_RSA"); -@@ -339,8 +374,13 @@ sshkey_tests(void) - ASSERT_PTR_NE(kd, k1); - ASSERT_INT_EQ(k1->type, KEY_DSA); - ASSERT_PTR_NE(k1->dsa, NULL); -- ASSERT_PTR_NE(k1->dsa->g, NULL); -- ASSERT_PTR_EQ(k1->dsa->priv_key, NULL); -+ { -+ const BIGNUM *g, *priv_key; -+ DSA_get0_pqg(k1->dsa, NULL, NULL, &g); -+ DSA_get0_key(k1->dsa, NULL, &priv_key); -+ ASSERT_PTR_NE(g, NULL); -+ ASSERT_PTR_EQ(priv_key, NULL); -+ } - TEST_DONE(); - - TEST_START("equal KEY_DSA/demoted KEY_DSA"); -diff -aurp old/ssh-dss.c new/ssh-dss.c ---- old/ssh-dss.c 2018-08-22 22:41:42.000000000 -0700 -+++ new/ssh-dss.c 2018-08-23 21:31:53.334592801 -0700 -@@ -53,6 +53,7 @@ ssh_dss_sign(const struct sshkey *key, u - DSA_SIG *sig = NULL; - u_char digest[SSH_DIGEST_MAX_LENGTH], sigblob[SIGBLOB_LEN]; - size_t rlen, slen, len, dlen = ssh_digest_bytes(SSH_DIGEST_SHA1); -+ const BIGNUM *r, *s; - struct sshbuf *b = NULL; - int ret = SSH_ERR_INVALID_ARGUMENT; - -@@ -76,15 +77,16 @@ ssh_dss_sign(const struct sshkey *key, u - goto out; - } - -- rlen = BN_num_bytes(sig->r); -- slen = BN_num_bytes(sig->s); -+ DSA_SIG_get0(sig, &r, &s); -+ rlen = BN_num_bytes(r); -+ slen = BN_num_bytes(s); - if (rlen > INTBLOB_LEN || slen > INTBLOB_LEN) { - ret = SSH_ERR_INTERNAL_ERROR; - goto out; - } - explicit_bzero(sigblob, SIGBLOB_LEN); -- BN_bn2bin(sig->r, sigblob + SIGBLOB_LEN - INTBLOB_LEN - rlen); -- BN_bn2bin(sig->s, sigblob + SIGBLOB_LEN - slen); -+ BN_bn2bin(r, sigblob + SIGBLOB_LEN - INTBLOB_LEN - rlen); -+ BN_bn2bin(s, sigblob + SIGBLOB_LEN - slen); - - if ((b = sshbuf_new()) == NULL) { - ret = SSH_ERR_ALLOC_FAIL; -@@ -154,17 +156,26 @@ ssh_dss_verify(const struct sshkey *key, - } - - /* parse signature */ -+ { -+ BIGNUM *r=NULL, *s=NULL; - if ((sig = DSA_SIG_new()) == NULL || -- (sig->r = BN_new()) == NULL || -- (sig->s = BN_new()) == NULL) { -+ (r = BN_new()) == NULL || -+ (s = BN_new()) == NULL) { - ret = SSH_ERR_ALLOC_FAIL; -+ BN_free(r); -+ BN_free(s); - goto out; - } -- if ((BN_bin2bn(sigblob, INTBLOB_LEN, sig->r) == NULL) || -- (BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s) == NULL)) { -+ if ((BN_bin2bn(sigblob, INTBLOB_LEN, r) == NULL) || -+ (BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, s) == NULL)) { - ret = SSH_ERR_LIBCRYPTO_ERROR; -+ BN_free(r); -+ BN_free(s); - goto out; - } -+ DSA_SIG_set0(sig, r, s); -+ r = s = NULL; -+ } - - /* sha1 the data */ - if ((ret = ssh_digest_memory(SSH_DIGEST_SHA1, data, datalen, -diff -aurp old/ssh-ecdsa.c new/ssh-ecdsa.c ---- old/ssh-ecdsa.c 2018-08-22 22:41:42.000000000 -0700 -+++ new/ssh-ecdsa.c 2018-08-23 21:31:53.334592801 -0700 -@@ -80,9 +80,14 @@ ssh_ecdsa_sign(const struct sshkey *key, - ret = SSH_ERR_ALLOC_FAIL; - goto out; - } -- if ((ret = sshbuf_put_bignum2(bb, sig->r)) != 0 || -- (ret = sshbuf_put_bignum2(bb, sig->s)) != 0) -+ { -+ const BIGNUM *r, *s; -+ ECDSA_SIG_get0(sig, &r, &s); -+ if ((ret = sshbuf_put_bignum2(bb, r)) != 0 || -+ (ret = sshbuf_put_bignum2(bb, s)) != 0) { - goto out; -+ } -+ } - if ((ret = sshbuf_put_cstring(b, sshkey_ssh_name_plain(key))) != 0 || - (ret = sshbuf_put_stringb(b, bb)) != 0) - goto out; -@@ -150,11 +155,27 @@ ssh_ecdsa_verify(const struct sshkey *ke - ret = SSH_ERR_ALLOC_FAIL; - goto out; - } -- if (sshbuf_get_bignum2(sigbuf, sig->r) != 0 || -- sshbuf_get_bignum2(sigbuf, sig->s) != 0) { -+ { -+ BIGNUM *r=NULL, *s=NULL; -+ if ((r = BN_new()) == NULL || -+ (s = BN_new()) == NULL) { -+ ret = SSH_ERR_ALLOC_FAIL; -+ goto out_rs; -+ } -+ if (sshbuf_get_bignum2(sigbuf, r) != 0 || -+ sshbuf_get_bignum2(sigbuf, s) != 0) { - ret = SSH_ERR_INVALID_FORMAT; -+ goto out_rs; -+ } -+ if (ECDSA_SIG_set0(sig, r, s) == 0) { -+ ret = SSH_ERR_LIBCRYPTO_ERROR; -+out_rs: -+ BN_free(r); -+ BN_free(s); - goto out; - } -+ r = s = NULL; -+ } - if (sshbuf_len(sigbuf) != 0) { - ret = SSH_ERR_UNEXPECTED_TRAILING_DATA; - goto out; -diff -aurp old/ssh-keygen.c new/ssh-keygen.c ---- old/ssh-keygen.c 2018-08-22 22:41:42.000000000 -0700 -+++ new/ssh-keygen.c 2018-08-23 21:31:53.334592801 -0700 -@@ -494,11 +494,33 @@ do_convert_private_ssh2_from_blob(u_char - - switch (key->type) { - case KEY_DSA: -- buffer_get_bignum_bits(b, key->dsa->p); -- buffer_get_bignum_bits(b, key->dsa->g); -- buffer_get_bignum_bits(b, key->dsa->q); -- buffer_get_bignum_bits(b, key->dsa->pub_key); -- buffer_get_bignum_bits(b, key->dsa->priv_key); -+ { -+ BIGNUM *p=NULL, *g=NULL, *q=NULL, *pub_key=NULL, *priv_key=NULL; -+ if ((p=BN_new()) == NULL || -+ (g=BN_new()) == NULL || -+ (q=BN_new()) == NULL || -+ (pub_key=BN_new()) == NULL || -+ (priv_key=BN_new()) == NULL) { -+ BN_free(p); -+ BN_free(g); -+ BN_free(q); -+ BN_free(pub_key); -+ BN_free(priv_key); -+ return NULL; -+ } -+ buffer_get_bignum_bits(b, p); -+ buffer_get_bignum_bits(b, g); -+ buffer_get_bignum_bits(b, q); -+ buffer_get_bignum_bits(b, pub_key); -+ buffer_get_bignum_bits(b, priv_key); -+ if (DSA_set0_pqg(key->dsa, p, q, g) == 0 || -+ DSA_set0_key(key->dsa, pub_key, priv_key) == 0) { -+ fatal("failed to set DSA key"); -+ BN_free(p); BN_free(g); BN_free(q); -+ BN_free(pub_key); BN_free(priv_key); -+ return NULL; -+ } -+ } - break; - case KEY_RSA: - if ((r = sshbuf_get_u8(b, &e1)) != 0 || -@@ -515,16 +537,52 @@ do_convert_private_ssh2_from_blob(u_char - e += e3; - debug("e %lx", e); - } -- if (!BN_set_word(key->rsa->e, e)) { -+ { -+ BIGNUM *rsa_e = NULL; -+ BIGNUM *d=NULL, *n=NULL, *iqmp=NULL, *q=NULL, *p=NULL; -+ BIGNUM *dmp1=NULL, *dmq1=NULL; /* dummy input to set in RSA_set0_crt_params */ -+ rsa_e = BN_new(); -+ if (!rsa_e || !BN_set_word(rsa_e, e)) { -+ if (rsa_e) BN_free(rsa_e); - sshbuf_free(b); - sshkey_free(key); - return NULL; - } -- buffer_get_bignum_bits(b, key->rsa->d); -- buffer_get_bignum_bits(b, key->rsa->n); -- buffer_get_bignum_bits(b, key->rsa->iqmp); -- buffer_get_bignum_bits(b, key->rsa->q); -- buffer_get_bignum_bits(b, key->rsa->p); -+ if ((d=BN_new()) == NULL || -+ (n=BN_new()) == NULL || -+ (iqmp=BN_new()) == NULL || -+ (q=BN_new()) == NULL || -+ (p=BN_new()) == NULL || -+ (dmp1=BN_new()) == NULL || -+ (dmq1=BN_new()) == NULL) { -+ BN_free(d); BN_free(n); BN_free(iqmp); -+ BN_free(q); BN_free(p); -+ BN_free(dmp1); BN_free(dmq1); -+ return NULL; -+ } -+ BN_clear(dmp1); BN_clear(dmq1); -+ buffer_get_bignum_bits(b, d); -+ buffer_get_bignum_bits(b, n); -+ buffer_get_bignum_bits(b, iqmp); -+ buffer_get_bignum_bits(b, q); -+ buffer_get_bignum_bits(b, p); -+ if (RSA_set0_key(key->rsa, n, rsa_e, d) == 0) -+ goto null; -+ n = d = NULL; -+ if (RSA_set0_factors(key->rsa, p, q) == 0) -+ goto null; -+ p = q = NULL; -+ /* dmp1, dmq1 should not be NULL for initial set0 */ -+ if (RSA_set0_crt_params(key->rsa, dmp1, dmq1, iqmp) == 0) { -+ null: -+ fatal("Failed to set RSA parameters"); -+ BN_free(d); BN_free(n); BN_free(iqmp); -+ BN_free(q); BN_free(p); -+ BN_free(dmp1); BN_free(dmq1); -+ return NULL; -+ } -+ dmp1 = dmq1 = iqmp = NULL; -+ } - if ((r = ssh_rsa_generate_additional_parameters(key)) != 0) - fatal("generate RSA parameters failed: %s", ssh_err(r)); - break; -@@ -634,7 +692,7 @@ do_convert_from_pkcs8(struct sshkey **k, - identity_file); - } - fclose(fp); -- switch (EVP_PKEY_type(pubkey->type)) { -+ switch (EVP_PKEY_type(EVP_PKEY_id(pubkey))) { - case EVP_PKEY_RSA: - if ((*k = sshkey_new(KEY_UNSPEC)) == NULL) - fatal("sshkey_new failed"); -@@ -658,7 +716,7 @@ do_convert_from_pkcs8(struct sshkey **k, - #endif - default: - fatal("%s: unsupported pubkey type %d", __func__, -- EVP_PKEY_type(pubkey->type)); -+ EVP_PKEY_type(EVP_PKEY_id(pubkey))); - } - EVP_PKEY_free(pubkey); - return; -diff -aurp old/ssh-pkcs11-client.c new/ssh-pkcs11-client.c ---- old/ssh-pkcs11-client.c 2018-08-22 22:41:42.000000000 -0700 -+++ new/ssh-pkcs11-client.c 2018-08-23 21:31:53.334592801 -0700 -@@ -156,12 +156,13 @@ pkcs11_rsa_private_encrypt(int flen, con - static int - wrap_key(RSA *rsa) - { -- static RSA_METHOD helper_rsa; -+ static RSA_METHOD *helper_rsa; - -- memcpy(&helper_rsa, RSA_get_default_method(), sizeof(helper_rsa)); -- helper_rsa.name = "ssh-pkcs11-helper"; -- helper_rsa.rsa_priv_enc = pkcs11_rsa_private_encrypt; -- RSA_set_method(rsa, &helper_rsa); -+ if ((helper_rsa = RSA_meth_dup(RSA_get_default_method())) == NULL) -+ return (-1); /* XXX but caller isn't checking */ -+ RSA_meth_set1_name(helper_rsa, "ssh-pkcs11-helper"); -+ RSA_meth_set_priv_enc(helper_rsa, pkcs11_rsa_private_encrypt); -+ RSA_set_method(rsa, helper_rsa); - return (0); - } - -diff -aurp old/ssh-pkcs11.c new/ssh-pkcs11.c ---- old/ssh-pkcs11.c 2018-08-22 22:41:42.000000000 -0700 -+++ new/ssh-pkcs11.c 2018-08-23 21:31:53.334592801 -0700 -@@ -67,7 +67,7 @@ struct pkcs11_key { - struct pkcs11_provider *provider; - CK_ULONG slotidx; - int (*orig_finish)(RSA *rsa); -- RSA_METHOD rsa_method; -+ RSA_METHOD *rsa_method; - char *keyid; - int keyid_len; - }; -@@ -326,13 +326,15 @@ pkcs11_rsa_wrap(struct pkcs11_provider * - k11->keyid = xmalloc(k11->keyid_len); - memcpy(k11->keyid, keyid_attrib->pValue, k11->keyid_len); - } -- k11->orig_finish = def->finish; -- memcpy(&k11->rsa_method, def, sizeof(k11->rsa_method)); -- k11->rsa_method.name = "pkcs11"; -- k11->rsa_method.rsa_priv_enc = pkcs11_rsa_private_encrypt; -- k11->rsa_method.rsa_priv_dec = pkcs11_rsa_private_decrypt; -- k11->rsa_method.finish = pkcs11_rsa_finish; -- RSA_set_method(rsa, &k11->rsa_method); -+ k11->orig_finish = RSA_meth_get_finish(def); -+ -+ if ((k11->rsa_method = RSA_meth_new("pkcs11", RSA_meth_get_flags(def))) == NULL) -+ return -1; -+ RSA_meth_set_priv_enc(k11->rsa_method, pkcs11_rsa_private_encrypt); -+ RSA_meth_set_priv_dec(k11->rsa_method, pkcs11_rsa_private_decrypt); -+ RSA_meth_set_finish(k11->rsa_method, pkcs11_rsa_finish); -+ -+ RSA_set_method(rsa, k11->rsa_method); - RSA_set_app_data(rsa, k11); - return (0); - } -@@ -512,10 +514,19 @@ pkcs11_fetch_keys_filter(struct pkcs11_p - if ((rsa = RSA_new()) == NULL) { - error("RSA_new failed"); - } else { -- rsa->n = BN_bin2bn(attribs[1].pValue, -- attribs[1].ulValueLen, NULL); -- rsa->e = BN_bin2bn(attribs[2].pValue, -- attribs[2].ulValueLen, NULL); -+ BIGNUM *n=NULL, *e=NULL; -+ n = BN_new(); -+ e = BN_new(); -+ if (n == NULL || e == NULL) -+ error("BN_new alloc failed"); -+ if (BN_bin2bn(attribs[1].pValue, -+ attribs[1].ulValueLen, n) == NULL || -+ BN_bin2bn(attribs[2].pValue, -+ attribs[2].ulValueLen, e) == NULL) -+ error("BN_bin2bn failed"); -+ if (RSA_set0_key(rsa, n, e, NULL) == 0) -+ error("RSA_set0_key failed"); -+ n = e = NULL; - } - } else { - cp = attribs[2].pValue; -@@ -525,16 +536,19 @@ pkcs11_fetch_keys_filter(struct pkcs11_p - == NULL) { - error("d2i_X509 failed"); - } else if ((evp = X509_get_pubkey(x509)) == NULL || -- evp->type != EVP_PKEY_RSA || -- evp->pkey.rsa == NULL) { -+ EVP_PKEY_id(evp) != EVP_PKEY_RSA || -+ EVP_PKEY_get0_RSA(evp) == NULL) { - debug("X509_get_pubkey failed or no rsa"); -- } else if ((rsa = RSAPublicKey_dup(evp->pkey.rsa)) -+ } else if ((rsa = RSAPublicKey_dup(EVP_PKEY_get0_RSA(evp))) - == NULL) { - error("RSAPublicKey_dup"); - } - X509_free(x509); - } -- if (rsa && rsa->n && rsa->e && -+ { -+ const BIGNUM *n, *e; -+ RSA_get0_key(rsa, &n, &e, NULL); -+ if (rsa && n && e && - pkcs11_rsa_wrap(p, slotidx, &attribs[0], rsa) == 0) { - if ((key = sshkey_new(KEY_UNSPEC)) == NULL) - fatal("sshkey_new failed"); -@@ -554,6 +568,7 @@ pkcs11_fetch_keys_filter(struct pkcs11_p - } else if (rsa) { - RSA_free(rsa); - } -+ } - for (i = 0; i < 3; i++) - free(attribs[i].pValue); - } -diff -aurp old/ssh-rsa.c new/ssh-rsa.c ---- old/ssh-rsa.c 2018-08-22 22:41:42.000000000 -0700 -+++ new/ssh-rsa.c 2018-08-23 21:31:53.334592801 -0700 -@@ -108,7 +108,6 @@ ssh_rsa_generate_additional_parameters(s - { - BIGNUM *aux = NULL; - BN_CTX *ctx = NULL; -- BIGNUM d; - int r; - - if (key == NULL || key->rsa == NULL || -@@ -123,16 +122,27 @@ ssh_rsa_generate_additional_parameters(s - } - BN_set_flags(aux, BN_FLG_CONSTTIME); - -- BN_init(&d); -- BN_with_flags(&d, key->rsa->d, BN_FLG_CONSTTIME); -- -- if ((BN_sub(aux, key->rsa->q, BN_value_one()) == 0) || -- (BN_mod(key->rsa->dmq1, &d, aux, ctx) == 0) || -- (BN_sub(aux, key->rsa->p, BN_value_one()) == 0) || -- (BN_mod(key->rsa->dmp1, &d, aux, ctx) == 0)) { -+ { -+ const BIGNUM *q, *d, *p; -+ BIGNUM *dmq1=NULL, *dmp1=NULL; -+ if ((dmq1 = BN_new()) == NULL || -+ (dmp1 = BN_new()) == NULL ) { -+ r = SSH_ERR_ALLOC_FAIL; -+ goto out; -+ } -+ RSA_get0_key(key->rsa, NULL, NULL, &d); -+ RSA_get0_factors(key->rsa, &p, &q); -+ if ((BN_sub(aux, q, BN_value_one()) == 0) || -+ (BN_mod(dmq1, d, aux, ctx) == 0) || -+ (BN_sub(aux, p, BN_value_one()) == 0) || -+ (BN_mod(dmp1, d, aux, ctx) == 0) || -+ RSA_set0_crt_params(key->rsa, dmp1, dmq1, NULL) == 0) { - r = SSH_ERR_LIBCRYPTO_ERROR; -+ BN_clear_free(dmp1); -+ BN_clear_free(dmq1); - goto out; - } -+ } - r = 0; - out: - BN_clear_free(aux); -@@ -163,7 +173,7 @@ ssh_rsa_sign(const struct sshkey *key, u - if (key == NULL || key->rsa == NULL || hash_alg == -1 || - sshkey_type_plain(key->type) != KEY_RSA) - return SSH_ERR_INVALID_ARGUMENT; -- if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) -+ if (RSA_bits(key->rsa) < SSH_RSA_MINIMUM_MODULUS_SIZE) - return SSH_ERR_KEY_LENGTH; - slen = RSA_size(key->rsa); - if (slen <= 0 || slen > SSHBUF_MAX_BIGNUM) -@@ -235,7 +245,7 @@ ssh_rsa_verify(const struct sshkey *key, - sshkey_type_plain(key->type) != KEY_RSA || - sig == NULL || siglen == 0) - return SSH_ERR_INVALID_ARGUMENT; -- if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) -+ if (RSA_bits(key->rsa) < SSH_RSA_MINIMUM_MODULUS_SIZE) - return SSH_ERR_KEY_LENGTH; - - if ((b = sshbuf_from(sig, siglen)) == NULL) -diff -aurp old/sshkey.c new/sshkey.c ---- old/sshkey.c 2018-08-22 22:41:42.000000000 -0700 -+++ new/sshkey.c 2018-08-23 21:31:53.334592801 -0700 -@@ -292,10 +292,18 @@ sshkey_size(const struct sshkey *k) - #ifdef WITH_OPENSSL - case KEY_RSA: - case KEY_RSA_CERT: -- return BN_num_bits(k->rsa->n); -+#if OPENSSL_VERSION_NUMBER >= 0x10100000UL -+ return RSA_bits(k->rsa); -+#else -+ return RSA_bits(key->rsa); -+#endif - case KEY_DSA: - case KEY_DSA_CERT: -+#if OPENSSL_VERSION_NUMBER >= 0x10100000UL -+ return DSA_bits(k->dsa); -+#else - return BN_num_bits(k->dsa->p); -+#endif - case KEY_ECDSA: - case KEY_ECDSA_CERT: - return sshkey_curve_nid_to_bits(k->ecdsa_nid); -@@ -500,26 +508,53 @@ sshkey_new(int type) - #ifdef WITH_OPENSSL - case KEY_RSA: - case KEY_RSA_CERT: -+ { -+ BIGNUM *n=NULL, *e=NULL; /* just allocate */ - if ((rsa = RSA_new()) == NULL || -- (rsa->n = BN_new()) == NULL || -- (rsa->e = BN_new()) == NULL) { -+ (n = BN_new()) == NULL || -+ (e = BN_new()) == NULL) { -+ BN_free(n); -+ BN_free(e); - RSA_free(rsa); - free(k); - return NULL; - } -+ BN_clear(n); BN_clear(e); -+ if (RSA_set0_key(rsa, n, e, NULL) == 0) -+ return NULL; -+ n = e = NULL; -+ } - k->rsa = rsa; - break; - case KEY_DSA: - case KEY_DSA_CERT: -+ { -+ BIGNUM *p=NULL, *q=NULL, *g=NULL, *pubkey=NULL; /* just allocate */ - if ((dsa = DSA_new()) == NULL || -- (dsa->p = BN_new()) == NULL || -- (dsa->q = BN_new()) == NULL || -- (dsa->g = BN_new()) == NULL || -- (dsa->pub_key = BN_new()) == NULL) { -+ (p = BN_new()) == NULL || -+ (q = BN_new()) == NULL || -+ (g = BN_new()) == NULL || -+ (pubkey = BN_new()) == NULL) { -+ BN_free(p); -+ BN_free(q); -+ BN_free(g); -+ BN_free(pubkey); - DSA_free(dsa); - free(k); - return NULL; - } -+ if (DSA_set0_pqg(dsa, p, q, g) == 0) { -+ BN_free(p); BN_free(q); BN_free(g); -+ BN_free(pubkey); -+ return NULL; -+ } -+ p = q = g = NULL; -+ if (DSA_set0_key(dsa, pubkey, NULL) == 0) { -+ BN_free(pubkey); -+ return NULL; -+ } -+ pubkey = NULL; -+ } - k->dsa = dsa; - break; - case KEY_ECDSA: -@@ -557,6 +592,51 @@ sshkey_add_private(struct sshkey *k) - #ifdef WITH_OPENSSL - case KEY_RSA: - case KEY_RSA_CERT: -+#if OPENSSL_VERSION_NUMBER >= 0x10100000UL -+ /* Allocate BIGNUM. This is a mess. -+ For OpenSSL 1.1.x API these shouldn't be mandatory, -+ but some regression tests for non-NULL pointer of -+ the data. */ -+#define new_or_dup(bn, nbn) \ -+ if (bn == NULL) { \ -+ if ((nbn = BN_new()) == NULL) \ -+ return SSH_ERR_ALLOC_FAIL; \ -+ } else { \ -+ /* otherwise use-after-free will occur */ \ -+ if ((nbn = BN_dup(bn)) == NULL) \ -+ return SSH_ERR_ALLOC_FAIL; \ -+ } -+ { -+ const BIGNUM *d, *iqmp, *q, *p, *dmq1, *dmp1; /* allocate if NULL */ -+ BIGNUM *nd, *niqmp, *nq, *np, *ndmq1, *ndmp1; -+ -+ RSA_get0_key(k->rsa, NULL, NULL, &d); -+ RSA_get0_factors(k->rsa, &p, &q); -+ RSA_get0_crt_params(k->rsa, &dmp1, &dmq1, &iqmp); -+ -+ new_or_dup(d, nd); -+ new_or_dup(iqmp, niqmp); -+ new_or_dup(q, nq); -+ new_or_dup(p, np); -+ new_or_dup(dmq1, ndmq1); -+ new_or_dup(dmp1, ndmp1); -+ -+ if (RSA_set0_key(k->rsa, NULL, NULL, nd) == 0) -+ goto error1; -+ nd = NULL; -+ if (RSA_set0_factors(k->rsa, np, nq) == 0) -+ goto error1; -+ np = nq = NULL; -+ if (RSA_set0_crt_params(k->rsa, ndmp1, ndmq1, niqmp) == 0) { -+error1: -+ BN_free(nd); -+ BN_free(np); BN_free(nq); -+ BN_free(ndmp1); BN_free(ndmq1); BN_free(niqmp); -+ return SSH_ERR_LIBCRYPTO_ERROR; -+ } -+ ndmp1 = ndmq1 = niqmp = NULL; -+ } -+#else - #define bn_maybe_alloc_failed(p) (p == NULL && (p = BN_new()) == NULL) - if (bn_maybe_alloc_failed(k->rsa->d) || - bn_maybe_alloc_failed(k->rsa->iqmp) || -@@ -565,13 +645,28 @@ sshkey_add_private(struct sshkey *k) - bn_maybe_alloc_failed(k->rsa->dmq1) || - bn_maybe_alloc_failed(k->rsa->dmp1)) - return SSH_ERR_ALLOC_FAIL; -+#endif - break; - case KEY_DSA: - case KEY_DSA_CERT: -+#if OPENSSL_VERSION_NUMBER >= 0x10100000UL -+ { -+ const BIGNUM *priv_key; -+ BIGNUM *npriv_key; -+ DSA_get0_key(k->dsa, NULL, &priv_key); -+ new_or_dup(priv_key, npriv_key); -+ if (DSA_set0_key(k->dsa, NULL, npriv_key) == 0) { -+ BN_free(npriv_key); -+ return SSH_ERR_LIBCRYPTO_ERROR; -+ } -+ } -+#else - if (bn_maybe_alloc_failed(k->dsa->priv_key)) - return SSH_ERR_ALLOC_FAIL; -+#endif - break; - #undef bn_maybe_alloc_failed -+#undef new_or_dup - case KEY_ECDSA: - case KEY_ECDSA_CERT: - /* Cannot do anything until we know the group */ -@@ -695,16 +790,34 @@ sshkey_equal_public(const struct sshkey - #ifdef WITH_OPENSSL - case KEY_RSA_CERT: - case KEY_RSA: -- return a->rsa != NULL && b->rsa != NULL && -- BN_cmp(a->rsa->e, b->rsa->e) == 0 && -- BN_cmp(a->rsa->n, b->rsa->n) == 0; -+ { -+ const BIGNUM *a_e, *b_e, *a_n, *b_n; -+ const BIGNUM *a_d, *b_d; -+ if (a->rsa == NULL) return 0; -+ if (b->rsa == NULL) return 0; -+ RSA_get0_key(a->rsa, &a_n, &a_e, &a_d); -+ RSA_get0_key(b->rsa, &b_n, &b_e, &b_d); -+ return -+ BN_cmp(a_e, b_e) == 0 && -+ BN_cmp(a_n, b_n) == 0; -+ } - case KEY_DSA_CERT: - case KEY_DSA: -- return a->dsa != NULL && b->dsa != NULL && -- BN_cmp(a->dsa->p, b->dsa->p) == 0 && -- BN_cmp(a->dsa->q, b->dsa->q) == 0 && -- BN_cmp(a->dsa->g, b->dsa->g) == 0 && -- BN_cmp(a->dsa->pub_key, b->dsa->pub_key) == 0; -+ { -+ const BIGNUM *a_p, *a_q, *a_g, *a_pub_key; -+ const BIGNUM *b_p, *b_q, *b_g, *b_pub_key; -+ if (a->dsa == NULL) return 0; -+ if (b->dsa == NULL) return 0; -+ DSA_get0_pqg(a->dsa, &a_p, &a_q, &a_g); -+ DSA_get0_pqg(b->dsa, &b_p, &b_q, &b_g); -+ DSA_get0_key(a->dsa, &a_pub_key, NULL); -+ DSA_get0_key(b->dsa, &b_pub_key, NULL); -+ return -+ BN_cmp(a_p, b_p) == 0 && -+ BN_cmp(a_q, b_q) == 0 && -+ BN_cmp(a_g, b_g) == 0 && -+ BN_cmp(a_pub_key, b_pub_key) == 0; -+ } - # ifdef OPENSSL_HAS_ECC - case KEY_ECDSA_CERT: - case KEY_ECDSA: -@@ -793,12 +906,17 @@ to_blob_buf(const struct sshkey *key, st - case KEY_DSA: - if (key->dsa == NULL) - return SSH_ERR_INVALID_ARGUMENT; -+ { -+ const BIGNUM *p, *q, *g, *pub_key; -+ DSA_get0_pqg(key->dsa, &p, &q, &g); -+ DSA_get0_key(key->dsa, &pub_key, NULL); - if ((ret = sshbuf_put_cstring(b, typename)) != 0 || -- (ret = sshbuf_put_bignum2(b, key->dsa->p)) != 0 || -- (ret = sshbuf_put_bignum2(b, key->dsa->q)) != 0 || -- (ret = sshbuf_put_bignum2(b, key->dsa->g)) != 0 || -- (ret = sshbuf_put_bignum2(b, key->dsa->pub_key)) != 0) -+ (ret = sshbuf_put_bignum2(b, p)) != 0 || -+ (ret = sshbuf_put_bignum2(b, q)) != 0 || -+ (ret = sshbuf_put_bignum2(b, g)) != 0 || -+ (ret = sshbuf_put_bignum2(b, pub_key)) != 0) - return ret; -+ } - break; - # ifdef OPENSSL_HAS_ECC - case KEY_ECDSA: -@@ -814,10 +932,14 @@ to_blob_buf(const struct sshkey *key, st - case KEY_RSA: - if (key->rsa == NULL) - return SSH_ERR_INVALID_ARGUMENT; -+ { -+ const BIGNUM *e, *n; -+ RSA_get0_key(key->rsa, &n, &e, NULL); - if ((ret = sshbuf_put_cstring(b, typename)) != 0 || -- (ret = sshbuf_put_bignum2(b, key->rsa->e)) != 0 || -- (ret = sshbuf_put_bignum2(b, key->rsa->n)) != 0) -+ (ret = sshbuf_put_bignum2(b, e)) != 0 || -+ (ret = sshbuf_put_bignum2(b, n)) != 0) - return ret; -+ } - break; - #endif /* WITH_OPENSSL */ - case KEY_ED25519: -@@ -1758,13 +1880,32 @@ sshkey_from_private(const struct sshkey - case KEY_DSA_CERT: - if ((n = sshkey_new(k->type)) == NULL) - return SSH_ERR_ALLOC_FAIL; -- if ((BN_copy(n->dsa->p, k->dsa->p) == NULL) || -- (BN_copy(n->dsa->q, k->dsa->q) == NULL) || -- (BN_copy(n->dsa->g, k->dsa->g) == NULL) || -- (BN_copy(n->dsa->pub_key, k->dsa->pub_key) == NULL)) { -+ { -+ const BIGNUM *p, *q, *g, *pub_key, *priv_key; -+ BIGNUM *cp=NULL, *cq=NULL, *cg=NULL, *cpub_key=NULL; -+ DSA_get0_pqg(k->dsa, &p, &q, &g); -+ DSA_get0_key(k->dsa, &pub_key, &priv_key); -+ if ((cp = BN_dup(p)) == NULL || -+ (cq = BN_dup(q)) == NULL || -+ (cg = BN_dup(g)) == NULL || -+ (cpub_key = BN_dup(pub_key)) == NULL) { -+ BN_free(cp); BN_free(cq); BN_free(cg); -+ BN_free(cpub_key); - sshkey_free(n); - return SSH_ERR_ALLOC_FAIL; - } -+ if (DSA_set0_pqg(n->dsa, cp, cq, cg) == 0) -+ goto error1; -+ cp = cq = cg = NULL; -+ if (DSA_set0_key(n->dsa, cpub_key, NULL) == 0) { -+error1: -+ BN_free(cp); BN_free(cq); BN_free(cg); -+ BN_free(cpub_key); -+ sshkey_free(n); -+ return SSH_ERR_LIBCRYPTO_ERROR; -+ } -+ cpub_key = NULL; -+ } - break; - # ifdef OPENSSL_HAS_ECC - case KEY_ECDSA: -@@ -1788,11 +1929,23 @@ sshkey_from_private(const struct sshkey - case KEY_RSA_CERT: - if ((n = sshkey_new(k->type)) == NULL) - return SSH_ERR_ALLOC_FAIL; -- if ((BN_copy(n->rsa->n, k->rsa->n) == NULL) || -- (BN_copy(n->rsa->e, k->rsa->e) == NULL)) { -+ { -+ const BIGNUM *nn, *e, *d; -+ BIGNUM *cn=NULL, *ce=NULL; -+ RSA_get0_key(k->rsa, &nn, &e, &d); -+ if ((cn = BN_dup(nn)) == NULL || -+ (ce = BN_dup(e)) == NULL ) { -+ BN_free(cn); BN_free(ce); - sshkey_free(n); - return SSH_ERR_ALLOC_FAIL; - } -+ if (RSA_set0_key(n->rsa, cn, ce, NULL) == 0) { -+ BN_free(cn); BN_free(ce); -+ sshkey_free(n); -+ return SSH_ERR_LIBCRYPTO_ERROR; -+ } -+ cn = ce = NULL; -+ } - break; - #endif /* WITH_OPENSSL */ - case KEY_ED25519: -@@ -2013,12 +2166,27 @@ sshkey_from_blob_internal(struct sshbuf - ret = SSH_ERR_ALLOC_FAIL; - goto out; - } -- if (sshbuf_get_bignum2(b, key->rsa->e) != 0 || -- sshbuf_get_bignum2(b, key->rsa->n) != 0) { -+ { -+ BIGNUM *e=NULL, *n=NULL; -+ if ((e = BN_new()) == NULL || -+ (n = BN_new()) == NULL ) { -+ ret = SSH_ERR_ALLOC_FAIL; -+ BN_free(e); BN_free(n); -+ goto out; -+ } -+ if (sshbuf_get_bignum2(b, e) != 0 || -+ sshbuf_get_bignum2(b, n) != 0) { - ret = SSH_ERR_INVALID_FORMAT; -+ BN_free(e); BN_free(n); - goto out; - } -- if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { -+ if (RSA_set0_key(key->rsa, n, e, NULL) == 0) { -+ BN_free(e); BN_free(n); -+ return SSH_ERR_LIBCRYPTO_ERROR; -+ } -+ n = e = NULL; -+ } -+ if (RSA_bits(key->rsa) < SSH_RSA_MINIMUM_MODULUS_SIZE) { - ret = SSH_ERR_KEY_LENGTH; - goto out; - } -@@ -2038,13 +2206,36 @@ sshkey_from_blob_internal(struct sshbuf - ret = SSH_ERR_ALLOC_FAIL; - goto out; - } -- if (sshbuf_get_bignum2(b, key->dsa->p) != 0 || -- sshbuf_get_bignum2(b, key->dsa->q) != 0 || -- sshbuf_get_bignum2(b, key->dsa->g) != 0 || -- sshbuf_get_bignum2(b, key->dsa->pub_key) != 0) { -+ { -+ BIGNUM *p=NULL, *q=NULL, *g=NULL, *pub_key=NULL; -+ if ((p = BN_new()) == NULL || -+ (q = BN_new()) == NULL || -+ (g = BN_new()) == NULL || -+ (pub_key = BN_new()) == NULL) { -+ ret = SSH_ERR_ALLOC_FAIL; -+ goto error1; -+ } -+ if (sshbuf_get_bignum2(b, p) != 0 || -+ sshbuf_get_bignum2(b, q) != 0 || -+ sshbuf_get_bignum2(b, g) != 0 || -+ sshbuf_get_bignum2(b, pub_key) != 0) { - ret = SSH_ERR_INVALID_FORMAT; -+ goto error1; -+ } -+ if (DSA_set0_pqg(key->dsa, p, q, g) == 0) { -+ ret = SSH_ERR_LIBCRYPTO_ERROR; -+ goto error1; -+ } -+ p = q = g = NULL; -+ if (DSA_set0_key(key->dsa, pub_key, NULL) == 0) { -+ ret = SSH_ERR_LIBCRYPTO_ERROR; -+error1: -+ BN_free(p); BN_free(q); BN_free(g); -+ BN_free(pub_key); - goto out; - } -+ pub_key = NULL; -+ } - #ifdef DEBUG_PK - DSA_print_fp(stderr, key->dsa, 8); - #endif -@@ -2389,26 +2580,63 @@ sshkey_demote(const struct sshkey *k, st - goto fail; - /* FALLTHROUGH */ - case KEY_RSA: -- if ((pk->rsa = RSA_new()) == NULL || -- (pk->rsa->e = BN_dup(k->rsa->e)) == NULL || -- (pk->rsa->n = BN_dup(k->rsa->n)) == NULL) { -+ if ((pk->rsa = RSA_new()) == NULL ){ - ret = SSH_ERR_ALLOC_FAIL; - goto fail; - } -+ { -+ const BIGNUM *ke, *kn; -+ BIGNUM *pke=NULL, *pkn=NULL; -+ RSA_get0_key(k->rsa, &kn, &ke, NULL); -+ if ((pke = BN_dup(ke)) == NULL || -+ (pkn = BN_dup(kn)) == NULL) { -+ ret = SSH_ERR_ALLOC_FAIL; -+ BN_free(pke); BN_free(pkn); -+ goto fail; -+ } -+ if (RSA_set0_key(pk->rsa, pkn, pke, NULL) == 0) { -+ ret = SSH_ERR_LIBCRYPTO_ERROR; -+ BN_free(pke); BN_free(pkn); -+ goto fail; -+ } -+ pkn = pke = NULL; -+ } - break; - case KEY_DSA_CERT: - if ((ret = sshkey_cert_copy(k, pk)) != 0) - goto fail; - /* FALLTHROUGH */ - case KEY_DSA: -- if ((pk->dsa = DSA_new()) == NULL || -- (pk->dsa->p = BN_dup(k->dsa->p)) == NULL || -- (pk->dsa->q = BN_dup(k->dsa->q)) == NULL || -- (pk->dsa->g = BN_dup(k->dsa->g)) == NULL || -- (pk->dsa->pub_key = BN_dup(k->dsa->pub_key)) == NULL) { -+ if ((pk->dsa = DSA_new()) == NULL ) { - ret = SSH_ERR_ALLOC_FAIL; - goto fail; - } -+ { -+ const BIGNUM *kp, *kq, *kg, *kpub_key; -+ BIGNUM *pkp=NULL, *pkq=NULL, *pkg=NULL, *pkpub_key=NULL; -+ DSA_get0_pqg(k->dsa, &kp, &kq, &kg); -+ DSA_get0_key(k->dsa, &kpub_key, NULL); -+ if ((pkp = BN_dup(kp)) == NULL || -+ (pkq = BN_dup(kq)) == NULL || -+ (pkg = BN_dup(kg)) == NULL || -+ (pkpub_key = BN_dup(kpub_key)) == NULL) { -+ ret = SSH_ERR_ALLOC_FAIL; -+ goto error1; -+ } -+ if (DSA_set0_pqg(pk->dsa, pkp, pkq, pkg) == 0) { -+ ret = SSH_ERR_LIBCRYPTO_ERROR; -+ goto error1; -+ } -+ pkp = pkq = pkg = NULL; -+ if (DSA_set0_key(pk->dsa, pkpub_key, NULL) == 0) { -+ ret = SSH_ERR_LIBCRYPTO_ERROR; -+error1: -+ BN_free(pkp); BN_free(pkq); BN_free(pkg); -+ BN_free(pkpub_key); -+ goto fail; -+ } -+ pkpub_key = NULL; -+ } - break; - case KEY_ECDSA_CERT: - if ((ret = sshkey_cert_copy(k, pk)) != 0) -@@ -2558,11 +2786,17 @@ sshkey_certify_custom(struct sshkey *k, - switch (k->type) { - #ifdef WITH_OPENSSL - case KEY_DSA_CERT: -- if ((ret = sshbuf_put_bignum2(cert, k->dsa->p)) != 0 || -- (ret = sshbuf_put_bignum2(cert, k->dsa->q)) != 0 || -- (ret = sshbuf_put_bignum2(cert, k->dsa->g)) != 0 || -- (ret = sshbuf_put_bignum2(cert, k->dsa->pub_key)) != 0) -+ { -+ const BIGNUM *p, *q, *g, *pub_key; -+ DSA_get0_pqg(k->dsa, &p, &q, &g); -+ DSA_get0_key(k->dsa, &pub_key, NULL); -+ if ((ret = sshbuf_put_bignum2(cert, p)) != 0 || -+ (ret = sshbuf_put_bignum2(cert, q)) != 0 || -+ (ret = sshbuf_put_bignum2(cert, g)) != 0 || -+ (ret = sshbuf_put_bignum2(cert, pub_key)) != 0) { - goto out; -+ } -+ } - break; - # ifdef OPENSSL_HAS_ECC - case KEY_ECDSA_CERT: -@@ -2575,9 +2809,15 @@ sshkey_certify_custom(struct sshkey *k, - break; - # endif /* OPENSSL_HAS_ECC */ - case KEY_RSA_CERT: -- if ((ret = sshbuf_put_bignum2(cert, k->rsa->e)) != 0 || -- (ret = sshbuf_put_bignum2(cert, k->rsa->n)) != 0) -+ { -+ const BIGNUM *e, *n; -+ RSA_get0_key(k->rsa, &n, &e, NULL); -+ if (n == NULL || e == NULL || -+ (ret = sshbuf_put_bignum2(cert, e)) != 0 || -+ (ret = sshbuf_put_bignum2(cert, n)) != 0) { - goto out; -+ } -+ } - break; - #endif /* WITH_OPENSSL */ - case KEY_ED25519_CERT: -@@ -2764,42 +3004,67 @@ sshkey_private_serialize_opt(const struc - switch (key->type) { - #ifdef WITH_OPENSSL - case KEY_RSA: -- if ((r = sshbuf_put_bignum2(b, key->rsa->n)) != 0 || -- (r = sshbuf_put_bignum2(b, key->rsa->e)) != 0 || -- (r = sshbuf_put_bignum2(b, key->rsa->d)) != 0 || -- (r = sshbuf_put_bignum2(b, key->rsa->iqmp)) != 0 || -- (r = sshbuf_put_bignum2(b, key->rsa->p)) != 0 || -- (r = sshbuf_put_bignum2(b, key->rsa->q)) != 0) -+ { -+ const BIGNUM *n, *e, *d, *iqmp, *p, *q; -+ RSA_get0_key(key->rsa, &n, &e, &d); -+ RSA_get0_crt_params(key->rsa, NULL, NULL, &iqmp); -+ RSA_get0_factors(key->rsa, &p, &q); -+ if ((r = sshbuf_put_bignum2(b, n)) != 0 || -+ (r = sshbuf_put_bignum2(b, e)) != 0 || -+ (r = sshbuf_put_bignum2(b, d)) != 0 || -+ (r = sshbuf_put_bignum2(b, iqmp)) != 0 || -+ (r = sshbuf_put_bignum2(b, p)) != 0 || -+ (r = sshbuf_put_bignum2(b, q)) != 0) { - goto out; -+ } -+ } - break; - case KEY_RSA_CERT: - if (key->cert == NULL || sshbuf_len(key->cert->certblob) == 0) { - r = SSH_ERR_INVALID_ARGUMENT; - goto out; - } -+ { -+ const BIGNUM *d, *iqmp, *p, *q; -+ RSA_get0_key(key->rsa, NULL, NULL, &d); -+ RSA_get0_crt_params(key->rsa, NULL, NULL, &iqmp); -+ RSA_get0_factors(key->rsa, &p, &q); - if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 || -- (r = sshbuf_put_bignum2(b, key->rsa->d)) != 0 || -- (r = sshbuf_put_bignum2(b, key->rsa->iqmp)) != 0 || -- (r = sshbuf_put_bignum2(b, key->rsa->p)) != 0 || -- (r = sshbuf_put_bignum2(b, key->rsa->q)) != 0) -+ (r = sshbuf_put_bignum2(b, d)) != 0 || -+ (r = sshbuf_put_bignum2(b, iqmp)) != 0 || -+ (r = sshbuf_put_bignum2(b, p)) != 0 || -+ (r = sshbuf_put_bignum2(b, q)) != 0) { - goto out; -+ } -+ } - break; - case KEY_DSA: -- if ((r = sshbuf_put_bignum2(b, key->dsa->p)) != 0 || -- (r = sshbuf_put_bignum2(b, key->dsa->q)) != 0 || -- (r = sshbuf_put_bignum2(b, key->dsa->g)) != 0 || -- (r = sshbuf_put_bignum2(b, key->dsa->pub_key)) != 0 || -- (r = sshbuf_put_bignum2(b, key->dsa->priv_key)) != 0) -+ { -+ const BIGNUM *p, *q, *g, *pub_key, *priv_key; -+ DSA_get0_pqg(key->dsa, &p, &q, &g); -+ DSA_get0_key(key->dsa, &pub_key, &priv_key); -+ if ((r = sshbuf_put_bignum2(b, p)) != 0 || -+ (r = sshbuf_put_bignum2(b, q)) != 0 || -+ (r = sshbuf_put_bignum2(b, g)) != 0 || -+ (r = sshbuf_put_bignum2(b, pub_key)) != 0 || -+ (r = sshbuf_put_bignum2(b, priv_key)) != 0) { - goto out; -+ } -+ } - break; - case KEY_DSA_CERT: - if (key->cert == NULL || sshbuf_len(key->cert->certblob) == 0) { - r = SSH_ERR_INVALID_ARGUMENT; - goto out; - } -+ { -+ const BIGNUM *priv_key; -+ DSA_get0_key(key->dsa, NULL, &priv_key); - if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 || -- (r = sshbuf_put_bignum2(b, key->dsa->priv_key)) != 0) -+ (r = sshbuf_put_bignum2(b, priv_key)) != 0) { - goto out; -+ } -+ } - break; - # ifdef OPENSSL_HAS_ECC - case KEY_ECDSA: -@@ -2913,18 +3178,61 @@ sshkey_private_deserialize(struct sshbuf - r = SSH_ERR_ALLOC_FAIL; - goto out; - } -- if ((r = sshbuf_get_bignum2(buf, k->dsa->p)) != 0 || -- (r = sshbuf_get_bignum2(buf, k->dsa->q)) != 0 || -- (r = sshbuf_get_bignum2(buf, k->dsa->g)) != 0 || -- (r = sshbuf_get_bignum2(buf, k->dsa->pub_key)) != 0 || -- (r = sshbuf_get_bignum2(buf, k->dsa->priv_key)) != 0) -+ { -+ BIGNUM *p=NULL, *q=NULL, *g=NULL, *pub_key=NULL, *priv_key=NULL; -+ if ((p = BN_new()) == NULL || -+ (q = BN_new()) == NULL || -+ (g = BN_new()) == NULL || -+ (pub_key = BN_new()) == NULL || -+ (priv_key = BN_new()) == NULL) { -+ r = SSH_ERR_ALLOC_FAIL; -+ goto error1; -+ } -+ if (p == NULL || q == NULL || g == NULL || -+ pub_key == NULL || priv_key == NULL || -+ (r = sshbuf_get_bignum2(buf, p)) != 0 || -+ (r = sshbuf_get_bignum2(buf, q)) != 0 || -+ (r = sshbuf_get_bignum2(buf, g)) != 0 || -+ (r = sshbuf_get_bignum2(buf, pub_key)) != 0 || -+ (r = sshbuf_get_bignum2(buf, priv_key)) != 0) { -+ goto error1; -+ } -+ if (DSA_set0_pqg(k->dsa, p, q, g) == 0) { -+ r = SSH_ERR_LIBCRYPTO_ERROR; -+ goto error1; -+ } -+ p = q = g = NULL; -+ if (DSA_set0_key(k->dsa, pub_key, priv_key) == 0) { -+ r = SSH_ERR_LIBCRYPTO_ERROR; -+error1: -+ BN_free(p); BN_free(q); BN_free(g); -+ BN_free(pub_key); BN_free(priv_key); - goto out; -+ } -+ pub_key = priv_key = NULL; -+ } - break; - case KEY_DSA_CERT: -- if ((r = sshkey_froms(buf, &k)) != 0 || -+ { -+ BIGNUM *priv_key=NULL; -+ if ((priv_key = BN_new()) == NULL) { -+ r = SSH_ERR_ALLOC_FAIL; -+ goto out; -+ } -+ if (priv_key == NULL || -+ (r = sshkey_froms(buf, &k)) != 0 || - (r = sshkey_add_private(k)) != 0 || -- (r = sshbuf_get_bignum2(buf, k->dsa->priv_key)) != 0) -+ (r = sshbuf_get_bignum2(buf, priv_key)) != 0) { -+ BN_free(priv_key); -+ goto out; -+ } -+ if (DSA_set0_key(k->dsa, NULL, priv_key) == 0) { -+ r = SSH_ERR_LIBCRYPTO_ERROR; -+ BN_free(priv_key); - goto out; -+ } -+ priv_key = NULL; -+ } - break; - # ifdef OPENSSL_HAS_ECC - case KEY_ECDSA: -@@ -2983,29 +3291,104 @@ sshkey_private_deserialize(struct sshbuf - r = SSH_ERR_ALLOC_FAIL; - goto out; - } -- if ((r = sshbuf_get_bignum2(buf, k->rsa->n)) != 0 || -- (r = sshbuf_get_bignum2(buf, k->rsa->e)) != 0 || -- (r = sshbuf_get_bignum2(buf, k->rsa->d)) != 0 || -- (r = sshbuf_get_bignum2(buf, k->rsa->iqmp)) != 0 || -- (r = sshbuf_get_bignum2(buf, k->rsa->p)) != 0 || -- (r = sshbuf_get_bignum2(buf, k->rsa->q)) != 0 || -- (r = ssh_rsa_generate_additional_parameters(k)) != 0) -+ { -+ BIGNUM *n=NULL, *e=NULL, *d=NULL, *iqmp=NULL, *p=NULL, *q=NULL; -+ BIGNUM *dmp1=NULL, *dmq1=NULL; /* dummy for RSA_set0_crt_params */ -+ if ((n = BN_new()) == NULL || -+ (e = BN_new()) == NULL || -+ (d = BN_new()) == NULL || -+ (iqmp = BN_new()) == NULL || -+ (p = BN_new()) == NULL || -+ (q = BN_new()) == NULL || -+ (dmp1 = BN_new()) == NULL || -+ (dmq1 = BN_new()) == NULL) { -+ r = SSH_ERR_ALLOC_FAIL; -+ goto error2; -+ } -+ BN_clear(dmp1); BN_clear(dmq1); -+ if ((r = sshbuf_get_bignum2(buf, n)) != 0 || -+ (r = sshbuf_get_bignum2(buf, e)) != 0 || -+ (r = sshbuf_get_bignum2(buf, d)) != 0 || -+ (r = sshbuf_get_bignum2(buf, iqmp)) != 0 || -+ (r = sshbuf_get_bignum2(buf, p)) != 0 || -+ (r = sshbuf_get_bignum2(buf, q)) != 0) { -+ goto error2; -+ } -+ if (RSA_set0_key(k->rsa, n, e, d) == 0) { -+ r = SSH_ERR_LIBCRYPTO_ERROR; -+ goto error2; -+ } -+ n = e = d = NULL; -+ /* dmp1,dmpq1 should be non NULL to set iqmp value */ -+ if (RSA_set0_crt_params(k->rsa, dmp1, dmq1, iqmp) == 0) { -+ r = SSH_ERR_LIBCRYPTO_ERROR; -+ goto error2; -+ } -+ dmp1 = dmq1 = iqmp = NULL; -+ if (RSA_set0_factors(k->rsa, p, q) == 0) { -+ r = SSH_ERR_LIBCRYPTO_ERROR; -+ error2: -+ BN_free(n); BN_free(e); BN_free(d); -+ BN_free(iqmp); -+ BN_free(p); BN_free(q); -+ BN_free(dmp1); BN_free(dmq1); -+ goto out; -+ } -+ p = q = NULL; -+ if ((r = ssh_rsa_generate_additional_parameters(k)) != 0) { - goto out; -- if (BN_num_bits(k->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { -+ } -+ } -+ if (RSA_bits(k->rsa) < SSH_RSA_MINIMUM_MODULUS_SIZE) { - r = SSH_ERR_KEY_LENGTH; - goto out; - } - break; - case KEY_RSA_CERT: -+ { -+ BIGNUM *d=NULL, *iqmp=NULL, *p=NULL, *q=NULL; -+ BIGNUM *dmp1=NULL, *dmq1=NULL; /* dummy for RSA_set0_crt_params */ -+ if ((d = BN_new()) == NULL || -+ (iqmp = BN_new()) == NULL || -+ (p = BN_new()) == NULL || -+ (q = BN_new()) == NULL || -+ (dmp1 = BN_new()) == NULL || -+ (dmq1 = BN_new()) == NULL) { -+ r = SSH_ERR_ALLOC_FAIL; -+ goto error3; -+ } -+ BN_clear(dmp1); BN_clear(dmq1); - if ((r = sshkey_froms(buf, &k)) != 0 || - (r = sshkey_add_private(k)) != 0 || -- (r = sshbuf_get_bignum2(buf, k->rsa->d)) != 0 || -- (r = sshbuf_get_bignum2(buf, k->rsa->iqmp)) != 0 || -- (r = sshbuf_get_bignum2(buf, k->rsa->p)) != 0 || -- (r = sshbuf_get_bignum2(buf, k->rsa->q)) != 0 || -- (r = ssh_rsa_generate_additional_parameters(k)) != 0) -+ (r = sshbuf_get_bignum2(buf, d)) != 0 || -+ (r = sshbuf_get_bignum2(buf, iqmp)) != 0 || -+ (r = sshbuf_get_bignum2(buf, p)) != 0 || -+ (r = sshbuf_get_bignum2(buf, q)) != 0) { -+ goto error3; -+ } -+ if (RSA_set0_key(k->rsa, NULL, NULL, d) == 0) { -+ r = SSH_ERR_LIBCRYPTO_ERROR; -+ goto error3; -+ } -+ /* dmp1,dmpq1 should be non NULL to set value */ -+ if (RSA_set0_crt_params(k->rsa, dmp1, dmq1, iqmp) == 0) { -+ r = SSH_ERR_LIBCRYPTO_ERROR; -+ goto error3; -+ } -+ dmp1 = dmq1 = iqmp = NULL; -+ if (RSA_set0_factors(k->rsa, p, q) == 0) { -+ r = SSH_ERR_LIBCRYPTO_ERROR; -+ error3: -+ BN_free(d); BN_free(iqmp); -+ BN_free(p); BN_free(q); -+ BN_free(dmp1); BN_free(dmq1); - goto out; -- if (BN_num_bits(k->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { -+ } -+ p = q = NULL; -+ if ((r = ssh_rsa_generate_additional_parameters(k)) != 0) -+ goto out; -+ } -+ if (RSA_bits(k->rsa) < SSH_RSA_MINIMUM_MODULUS_SIZE) { - r = SSH_ERR_KEY_LENGTH; - goto out; - } -@@ -3769,7 +4152,6 @@ translate_libcrypto_error(unsigned long - switch (pem_reason) { - case EVP_R_BAD_DECRYPT: - return SSH_ERR_KEY_WRONG_PASSPHRASE; -- case EVP_R_BN_DECODE_ERROR: - case EVP_R_DECODE_ERROR: - #ifdef EVP_R_PRIVATE_KEY_DECODE_ERROR - case EVP_R_PRIVATE_KEY_DECODE_ERROR: -@@ -3834,7 +4216,7 @@ sshkey_parse_private_pem_fileblob(struct - r = convert_libcrypto_error(); - goto out; - } -- if (pk->type == EVP_PKEY_RSA && -+ if (EVP_PKEY_id(pk) == EVP_PKEY_RSA && - (type == KEY_UNSPEC || type == KEY_RSA)) { - if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; -@@ -3849,11 +4231,11 @@ sshkey_parse_private_pem_fileblob(struct - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } -- if (BN_num_bits(prv->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { -+ if (RSA_bits(prv->rsa) < SSH_RSA_MINIMUM_MODULUS_SIZE) { - r = SSH_ERR_KEY_LENGTH; - goto out; - } -- } else if (pk->type == EVP_PKEY_DSA && -+ } else if (EVP_PKEY_id(pk) == EVP_PKEY_DSA && - (type == KEY_UNSPEC || type == KEY_DSA)) { - if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; -@@ -3865,7 +4247,7 @@ sshkey_parse_private_pem_fileblob(struct - DSA_print_fp(stderr, prv->dsa, 8); - #endif - #ifdef OPENSSL_HAS_ECC -- } else if (pk->type == EVP_PKEY_EC && -+ } else if (EVP_PKEY_id(pk) == EVP_PKEY_EC && - (type == KEY_UNSPEC || type == KEY_ECDSA)) { - if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; -- 2.16.4

1 0

[PATCH] tzdata: update to 2018i
by Peter Müller 23 Jan '19

23 Jan '19

Signed-off-by: Peter Müller <peter.mueller(a)link38.eu> --- config/rootfiles/common/tzdata | 262 ++++++++++++++++++++--------------------- lfs/tzdata | 8 +- 2 files changed, 135 insertions(+), 135 deletions(-) diff --git a/config/rootfiles/common/tzdata b/config/rootfiles/common/tzdata index fb118efea..f560ca5e6 100644 --- a/config/rootfiles/common/tzdata +++ b/config/rootfiles/common/tzdata @@ -114,9 +114,9 @@ usr/share/zoneinfo #usr/share/zoneinfo/America/Eirunepe #usr/share/zoneinfo/America/El_Salvador #usr/share/zoneinfo/America/Ensenada -#usr/share/zoneinfo/America/Fortaleza #usr/share/zoneinfo/America/Fort_Nelson #usr/share/zoneinfo/America/Fort_Wayne +#usr/share/zoneinfo/America/Fortaleza #usr/share/zoneinfo/America/Glace_Bay #usr/share/zoneinfo/America/Godthab #usr/share/zoneinfo/America/Goose_Bay @@ -134,11 +134,11 @@ usr/share/zoneinfo #usr/share/zoneinfo/America/Indiana/Knox #usr/share/zoneinfo/America/Indiana/Marengo #usr/share/zoneinfo/America/Indiana/Petersburg -#usr/share/zoneinfo/America/Indianapolis #usr/share/zoneinfo/America/Indiana/Tell_City #usr/share/zoneinfo/America/Indiana/Vevay #usr/share/zoneinfo/America/Indiana/Vincennes #usr/share/zoneinfo/America/Indiana/Winamac +#usr/share/zoneinfo/America/Indianapolis #usr/share/zoneinfo/America/Inuvik #usr/share/zoneinfo/America/Iqaluit #usr/share/zoneinfo/America/Jamaica @@ -187,8 +187,8 @@ usr/share/zoneinfo #usr/share/zoneinfo/America/Paramaribo #usr/share/zoneinfo/America/Phoenix #usr/share/zoneinfo/America/Port-au-Prince -#usr/share/zoneinfo/America/Porto_Acre #usr/share/zoneinfo/America/Port_of_Spain +#usr/share/zoneinfo/America/Porto_Acre #usr/share/zoneinfo/America/Porto_Velho #usr/share/zoneinfo/America/Puerto_Rico #usr/share/zoneinfo/America/Punta_Arenas @@ -310,6 +310,7 @@ usr/share/zoneinfo #usr/share/zoneinfo/Asia/Pontianak #usr/share/zoneinfo/Asia/Pyongyang #usr/share/zoneinfo/Asia/Qatar +#usr/share/zoneinfo/Asia/Qostanay #usr/share/zoneinfo/Asia/Qyzylorda #usr/share/zoneinfo/Asia/Rangoon #usr/share/zoneinfo/Asia/Riyadh @@ -351,8 +352,8 @@ usr/share/zoneinfo #usr/share/zoneinfo/Atlantic/Madeira #usr/share/zoneinfo/Atlantic/Reykjavik #usr/share/zoneinfo/Atlantic/South_Georgia -#usr/share/zoneinfo/Atlantic/Stanley #usr/share/zoneinfo/Atlantic/St_Helena +#usr/share/zoneinfo/Atlantic/Stanley #usr/share/zoneinfo/Australia #usr/share/zoneinfo/Australia/ACT #usr/share/zoneinfo/Australia/Adelaide @@ -367,8 +368,8 @@ usr/share/zoneinfo #usr/share/zoneinfo/Australia/Lindeman #usr/share/zoneinfo/Australia/Lord_Howe #usr/share/zoneinfo/Australia/Melbourne -#usr/share/zoneinfo/Australia/North #usr/share/zoneinfo/Australia/NSW +#usr/share/zoneinfo/Australia/North #usr/share/zoneinfo/Australia/Perth #usr/share/zoneinfo/Australia/Queensland #usr/share/zoneinfo/Australia/South @@ -382,62 +383,61 @@ usr/share/zoneinfo #usr/share/zoneinfo/Brazil/DeNoronha #usr/share/zoneinfo/Brazil/East #usr/share/zoneinfo/Brazil/West +#usr/share/zoneinfo/CET +#usr/share/zoneinfo/CST6CDT #usr/share/zoneinfo/Canada #usr/share/zoneinfo/Canada/Atlantic #usr/share/zoneinfo/Canada/Central #usr/share/zoneinfo/Canada/Eastern -#usr/share/zoneinfo/Canada/East-Saskatchewan #usr/share/zoneinfo/Canada/Mountain #usr/share/zoneinfo/Canada/Newfoundland #usr/share/zoneinfo/Canada/Pacific #usr/share/zoneinfo/Canada/Saskatchewan #usr/share/zoneinfo/Canada/Yukon -#usr/share/zoneinfo/CET #usr/share/zoneinfo/Chile #usr/share/zoneinfo/Chile/Continental #usr/share/zoneinfo/Chile/EasterIsland -#usr/share/zoneinfo/CST6CDT #usr/share/zoneinfo/Cuba #usr/share/zoneinfo/EET -#usr/share/zoneinfo/Egypt -#usr/share/zoneinfo/Eire #usr/share/zoneinfo/EST #usr/share/zoneinfo/EST5EDT +#usr/share/zoneinfo/Egypt +#usr/share/zoneinfo/Eire #usr/share/zoneinfo/Etc #usr/share/zoneinfo/Etc/GMT -#usr/share/zoneinfo/Etc/GMT0 -#usr/share/zoneinfo/Etc/GMT-0 #usr/share/zoneinfo/Etc/GMT+0 -#usr/share/zoneinfo/Etc/GMT-1 #usr/share/zoneinfo/Etc/GMT+1 -#usr/share/zoneinfo/Etc/GMT-10 #usr/share/zoneinfo/Etc/GMT+10 -#usr/share/zoneinfo/Etc/GMT-11 #usr/share/zoneinfo/Etc/GMT+11 -#usr/share/zoneinfo/Etc/GMT-12 #usr/share/zoneinfo/Etc/GMT+12 +#usr/share/zoneinfo/Etc/GMT+2 +#usr/share/zoneinfo/Etc/GMT+3 +#usr/share/zoneinfo/Etc/GMT+4 +#usr/share/zoneinfo/Etc/GMT+5 +#usr/share/zoneinfo/Etc/GMT+6 +#usr/share/zoneinfo/Etc/GMT+7 +#usr/share/zoneinfo/Etc/GMT+8 +#usr/share/zoneinfo/Etc/GMT+9 +#usr/share/zoneinfo/Etc/GMT-0 +#usr/share/zoneinfo/Etc/GMT-1 +#usr/share/zoneinfo/Etc/GMT-10 +#usr/share/zoneinfo/Etc/GMT-11 +#usr/share/zoneinfo/Etc/GMT-12 #usr/share/zoneinfo/Etc/GMT-13 #usr/share/zoneinfo/Etc/GMT-14 #usr/share/zoneinfo/Etc/GMT-2 -#usr/share/zoneinfo/Etc/GMT+2 #usr/share/zoneinfo/Etc/GMT-3 -#usr/share/zoneinfo/Etc/GMT+3 #usr/share/zoneinfo/Etc/GMT-4 -#usr/share/zoneinfo/Etc/GMT+4 #usr/share/zoneinfo/Etc/GMT-5 -#usr/share/zoneinfo/Etc/GMT+5 #usr/share/zoneinfo/Etc/GMT-6 -#usr/share/zoneinfo/Etc/GMT+6 #usr/share/zoneinfo/Etc/GMT-7 -#usr/share/zoneinfo/Etc/GMT+7 #usr/share/zoneinfo/Etc/GMT-8 -#usr/share/zoneinfo/Etc/GMT+8 #usr/share/zoneinfo/Etc/GMT-9 -#usr/share/zoneinfo/Etc/GMT+9 +#usr/share/zoneinfo/Etc/GMT0 #usr/share/zoneinfo/Etc/Greenwich #usr/share/zoneinfo/Etc/UCT -#usr/share/zoneinfo/Etc/Universal #usr/share/zoneinfo/Etc/UTC +#usr/share/zoneinfo/Etc/Universal #usr/share/zoneinfo/Etc/Zulu #usr/share/zoneinfo/Europe #usr/share/zoneinfo/Europe/Amsterdam @@ -506,12 +506,12 @@ usr/share/zoneinfo #usr/share/zoneinfo/GB #usr/share/zoneinfo/GB-Eire #usr/share/zoneinfo/GMT -#usr/share/zoneinfo/GMT0 -#usr/share/zoneinfo/GMT-0 #usr/share/zoneinfo/GMT+0 +#usr/share/zoneinfo/GMT-0 +#usr/share/zoneinfo/GMT0 #usr/share/zoneinfo/Greenwich -#usr/share/zoneinfo/Hongkong #usr/share/zoneinfo/HST +#usr/share/zoneinfo/Hongkong #usr/share/zoneinfo/Iceland #usr/share/zoneinfo/Indian #usr/share/zoneinfo/Indian/Antananarivo @@ -526,22 +526,23 @@ usr/share/zoneinfo #usr/share/zoneinfo/Indian/Mayotte #usr/share/zoneinfo/Indian/Reunion #usr/share/zoneinfo/Iran -#usr/share/zoneinfo/iso3166.tab #usr/share/zoneinfo/Israel #usr/share/zoneinfo/Jamaica #usr/share/zoneinfo/Japan #usr/share/zoneinfo/Kwajalein #usr/share/zoneinfo/Libya #usr/share/zoneinfo/MET +#usr/share/zoneinfo/MST +#usr/share/zoneinfo/MST7MDT #usr/share/zoneinfo/Mexico #usr/share/zoneinfo/Mexico/BajaNorte #usr/share/zoneinfo/Mexico/BajaSur #usr/share/zoneinfo/Mexico/General -#usr/share/zoneinfo/MST -#usr/share/zoneinfo/MST7MDT -#usr/share/zoneinfo/Navajo #usr/share/zoneinfo/NZ #usr/share/zoneinfo/NZ-CHAT +#usr/share/zoneinfo/Navajo +#usr/share/zoneinfo/PRC +#usr/share/zoneinfo/PST8PDT #usr/share/zoneinfo/Pacific #usr/share/zoneinfo/Pacific/Apia #usr/share/zoneinfo/Pacific/Auckland @@ -588,6 +589,31 @@ usr/share/zoneinfo #usr/share/zoneinfo/Pacific/Yap #usr/share/zoneinfo/Poland #usr/share/zoneinfo/Portugal +#usr/share/zoneinfo/ROC +#usr/share/zoneinfo/ROK +#usr/share/zoneinfo/Singapore +#usr/share/zoneinfo/Turkey +#usr/share/zoneinfo/UCT +#usr/share/zoneinfo/US +#usr/share/zoneinfo/US/Alaska +#usr/share/zoneinfo/US/Aleutian +#usr/share/zoneinfo/US/Arizona +#usr/share/zoneinfo/US/Central +#usr/share/zoneinfo/US/East-Indiana +#usr/share/zoneinfo/US/Eastern +#usr/share/zoneinfo/US/Hawaii +#usr/share/zoneinfo/US/Indiana-Starke +#usr/share/zoneinfo/US/Michigan +#usr/share/zoneinfo/US/Mountain +#usr/share/zoneinfo/US/Pacific +#usr/share/zoneinfo/US/Pacific-New +#usr/share/zoneinfo/US/Samoa +#usr/share/zoneinfo/UTC +#usr/share/zoneinfo/Universal +#usr/share/zoneinfo/W-SU +#usr/share/zoneinfo/WET +#usr/share/zoneinfo/Zulu +#usr/share/zoneinfo/iso3166.tab #usr/share/zoneinfo/posix #usr/share/zoneinfo/posix/Africa #usr/share/zoneinfo/posix/Africa/Abidjan @@ -703,9 +729,9 @@ usr/share/zoneinfo #usr/share/zoneinfo/posix/America/Eirunepe #usr/share/zoneinfo/posix/America/El_Salvador #usr/share/zoneinfo/posix/America/Ensenada -#usr/share/zoneinfo/posix/America/Fortaleza #usr/share/zoneinfo/posix/America/Fort_Nelson #usr/share/zoneinfo/posix/America/Fort_Wayne +#usr/share/zoneinfo/posix/America/Fortaleza #usr/share/zoneinfo/posix/America/Glace_Bay #usr/share/zoneinfo/posix/America/Godthab #usr/share/zoneinfo/posix/America/Goose_Bay @@ -723,11 +749,11 @@ usr/share/zoneinfo #usr/share/zoneinfo/posix/America/Indiana/Knox #usr/share/zoneinfo/posix/America/Indiana/Marengo #usr/share/zoneinfo/posix/America/Indiana/Petersburg -#usr/share/zoneinfo/posix/America/Indianapolis #usr/share/zoneinfo/posix/America/Indiana/Tell_City #usr/share/zoneinfo/posix/America/Indiana/Vevay #usr/share/zoneinfo/posix/America/Indiana/Vincennes #usr/share/zoneinfo/posix/America/Indiana/Winamac +#usr/share/zoneinfo/posix/America/Indianapolis #usr/share/zoneinfo/posix/America/Inuvik #usr/share/zoneinfo/posix/America/Iqaluit #usr/share/zoneinfo/posix/America/Jamaica @@ -776,8 +802,8 @@ usr/share/zoneinfo #usr/share/zoneinfo/posix/America/Paramaribo #usr/share/zoneinfo/posix/America/Phoenix #usr/share/zoneinfo/posix/America/Port-au-Prince -#usr/share/zoneinfo/posix/America/Porto_Acre #usr/share/zoneinfo/posix/America/Port_of_Spain +#usr/share/zoneinfo/posix/America/Porto_Acre #usr/share/zoneinfo/posix/America/Porto_Velho #usr/share/zoneinfo/posix/America/Puerto_Rico #usr/share/zoneinfo/posix/America/Punta_Arenas @@ -899,6 +925,7 @@ usr/share/zoneinfo #usr/share/zoneinfo/posix/Asia/Pontianak #usr/share/zoneinfo/posix/Asia/Pyongyang #usr/share/zoneinfo/posix/Asia/Qatar +#usr/share/zoneinfo/posix/Asia/Qostanay #usr/share/zoneinfo/posix/Asia/Qyzylorda #usr/share/zoneinfo/posix/Asia/Rangoon #usr/share/zoneinfo/posix/Asia/Riyadh @@ -940,8 +967,8 @@ usr/share/zoneinfo #usr/share/zoneinfo/posix/Atlantic/Madeira #usr/share/zoneinfo/posix/Atlantic/Reykjavik #usr/share/zoneinfo/posix/Atlantic/South_Georgia -#usr/share/zoneinfo/posix/Atlantic/Stanley #usr/share/zoneinfo/posix/Atlantic/St_Helena +#usr/share/zoneinfo/posix/Atlantic/Stanley #usr/share/zoneinfo/posix/Australia #usr/share/zoneinfo/posix/Australia/ACT #usr/share/zoneinfo/posix/Australia/Adelaide @@ -956,8 +983,8 @@ usr/share/zoneinfo #usr/share/zoneinfo/posix/Australia/Lindeman #usr/share/zoneinfo/posix/Australia/Lord_Howe #usr/share/zoneinfo/posix/Australia/Melbourne -#usr/share/zoneinfo/posix/Australia/North #usr/share/zoneinfo/posix/Australia/NSW +#usr/share/zoneinfo/posix/Australia/North #usr/share/zoneinfo/posix/Australia/Perth #usr/share/zoneinfo/posix/Australia/Queensland #usr/share/zoneinfo/posix/Australia/South @@ -971,62 +998,61 @@ usr/share/zoneinfo #usr/share/zoneinfo/posix/Brazil/DeNoronha #usr/share/zoneinfo/posix/Brazil/East #usr/share/zoneinfo/posix/Brazil/West +#usr/share/zoneinfo/posix/CET +#usr/share/zoneinfo/posix/CST6CDT #usr/share/zoneinfo/posix/Canada #usr/share/zoneinfo/posix/Canada/Atlantic #usr/share/zoneinfo/posix/Canada/Central #usr/share/zoneinfo/posix/Canada/Eastern -#usr/share/zoneinfo/posix/Canada/East-Saskatchewan #usr/share/zoneinfo/posix/Canada/Mountain #usr/share/zoneinfo/posix/Canada/Newfoundland #usr/share/zoneinfo/posix/Canada/Pacific #usr/share/zoneinfo/posix/Canada/Saskatchewan #usr/share/zoneinfo/posix/Canada/Yukon -#usr/share/zoneinfo/posix/CET #usr/share/zoneinfo/posix/Chile #usr/share/zoneinfo/posix/Chile/Continental #usr/share/zoneinfo/posix/Chile/EasterIsland -#usr/share/zoneinfo/posix/CST6CDT #usr/share/zoneinfo/posix/Cuba #usr/share/zoneinfo/posix/EET -#usr/share/zoneinfo/posix/Egypt -#usr/share/zoneinfo/posix/Eire #usr/share/zoneinfo/posix/EST #usr/share/zoneinfo/posix/EST5EDT +#usr/share/zoneinfo/posix/Egypt +#usr/share/zoneinfo/posix/Eire #usr/share/zoneinfo/posix/Etc #usr/share/zoneinfo/posix/Etc/GMT -#usr/share/zoneinfo/posix/Etc/GMT0 -#usr/share/zoneinfo/posix/Etc/GMT-0 #usr/share/zoneinfo/posix/Etc/GMT+0 -#usr/share/zoneinfo/posix/Etc/GMT-1 #usr/share/zoneinfo/posix/Etc/GMT+1 -#usr/share/zoneinfo/posix/Etc/GMT-10 #usr/share/zoneinfo/posix/Etc/GMT+10 -#usr/share/zoneinfo/posix/Etc/GMT-11 #usr/share/zoneinfo/posix/Etc/GMT+11 -#usr/share/zoneinfo/posix/Etc/GMT-12 #usr/share/zoneinfo/posix/Etc/GMT+12 +#usr/share/zoneinfo/posix/Etc/GMT+2 +#usr/share/zoneinfo/posix/Etc/GMT+3 +#usr/share/zoneinfo/posix/Etc/GMT+4 +#usr/share/zoneinfo/posix/Etc/GMT+5 +#usr/share/zoneinfo/posix/Etc/GMT+6 +#usr/share/zoneinfo/posix/Etc/GMT+7 +#usr/share/zoneinfo/posix/Etc/GMT+8 +#usr/share/zoneinfo/posix/Etc/GMT+9 +#usr/share/zoneinfo/posix/Etc/GMT-0 +#usr/share/zoneinfo/posix/Etc/GMT-1 +#usr/share/zoneinfo/posix/Etc/GMT-10 +#usr/share/zoneinfo/posix/Etc/GMT-11 +#usr/share/zoneinfo/posix/Etc/GMT-12 #usr/share/zoneinfo/posix/Etc/GMT-13 #usr/share/zoneinfo/posix/Etc/GMT-14 #usr/share/zoneinfo/posix/Etc/GMT-2 -#usr/share/zoneinfo/posix/Etc/GMT+2 #usr/share/zoneinfo/posix/Etc/GMT-3 -#usr/share/zoneinfo/posix/Etc/GMT+3 #usr/share/zoneinfo/posix/Etc/GMT-4 -#usr/share/zoneinfo/posix/Etc/GMT+4 #usr/share/zoneinfo/posix/Etc/GMT-5 -#usr/share/zoneinfo/posix/Etc/GMT+5 #usr/share/zoneinfo/posix/Etc/GMT-6 -#usr/share/zoneinfo/posix/Etc/GMT+6 #usr/share/zoneinfo/posix/Etc/GMT-7 -#usr/share/zoneinfo/posix/Etc/GMT+7 #usr/share/zoneinfo/posix/Etc/GMT-8 -#usr/share/zoneinfo/posix/Etc/GMT+8 #usr/share/zoneinfo/posix/Etc/GMT-9 -#usr/share/zoneinfo/posix/Etc/GMT+9 +#usr/share/zoneinfo/posix/Etc/GMT0 #usr/share/zoneinfo/posix/Etc/Greenwich #usr/share/zoneinfo/posix/Etc/UCT -#usr/share/zoneinfo/posix/Etc/Universal #usr/share/zoneinfo/posix/Etc/UTC +#usr/share/zoneinfo/posix/Etc/Universal #usr/share/zoneinfo/posix/Etc/Zulu #usr/share/zoneinfo/posix/Europe #usr/share/zoneinfo/posix/Europe/Amsterdam @@ -1095,12 +1121,12 @@ usr/share/zoneinfo #usr/share/zoneinfo/posix/GB #usr/share/zoneinfo/posix/GB-Eire #usr/share/zoneinfo/posix/GMT -#usr/share/zoneinfo/posix/GMT0 -#usr/share/zoneinfo/posix/GMT-0 #usr/share/zoneinfo/posix/GMT+0 +#usr/share/zoneinfo/posix/GMT-0 +#usr/share/zoneinfo/posix/GMT0 #usr/share/zoneinfo/posix/Greenwich -#usr/share/zoneinfo/posix/Hongkong #usr/share/zoneinfo/posix/HST +#usr/share/zoneinfo/posix/Hongkong #usr/share/zoneinfo/posix/Iceland #usr/share/zoneinfo/posix/Indian #usr/share/zoneinfo/posix/Indian/Antananarivo @@ -1121,15 +1147,17 @@ usr/share/zoneinfo #usr/share/zoneinfo/posix/Kwajalein #usr/share/zoneinfo/posix/Libya #usr/share/zoneinfo/posix/MET +#usr/share/zoneinfo/posix/MST +#usr/share/zoneinfo/posix/MST7MDT #usr/share/zoneinfo/posix/Mexico #usr/share/zoneinfo/posix/Mexico/BajaNorte #usr/share/zoneinfo/posix/Mexico/BajaSur #usr/share/zoneinfo/posix/Mexico/General -#usr/share/zoneinfo/posix/MST -#usr/share/zoneinfo/posix/MST7MDT -#usr/share/zoneinfo/posix/Navajo #usr/share/zoneinfo/posix/NZ #usr/share/zoneinfo/posix/NZ-CHAT +#usr/share/zoneinfo/posix/Navajo +#usr/share/zoneinfo/posix/PRC +#usr/share/zoneinfo/posix/PST8PDT #usr/share/zoneinfo/posix/Pacific #usr/share/zoneinfo/posix/Pacific/Apia #usr/share/zoneinfo/posix/Pacific/Auckland @@ -1176,22 +1204,18 @@ usr/share/zoneinfo #usr/share/zoneinfo/posix/Pacific/Yap #usr/share/zoneinfo/posix/Poland #usr/share/zoneinfo/posix/Portugal -#usr/share/zoneinfo/posix/PRC -#usr/share/zoneinfo/posix/PST8PDT #usr/share/zoneinfo/posix/ROC #usr/share/zoneinfo/posix/ROK -#usr/share/zoneinfo/posixrules #usr/share/zoneinfo/posix/Singapore #usr/share/zoneinfo/posix/Turkey #usr/share/zoneinfo/posix/UCT -#usr/share/zoneinfo/posix/Universal #usr/share/zoneinfo/posix/US #usr/share/zoneinfo/posix/US/Alaska #usr/share/zoneinfo/posix/US/Aleutian #usr/share/zoneinfo/posix/US/Arizona #usr/share/zoneinfo/posix/US/Central -#usr/share/zoneinfo/posix/US/Eastern #usr/share/zoneinfo/posix/US/East-Indiana +#usr/share/zoneinfo/posix/US/Eastern #usr/share/zoneinfo/posix/US/Hawaii #usr/share/zoneinfo/posix/US/Indiana-Starke #usr/share/zoneinfo/posix/US/Michigan @@ -1200,11 +1224,11 @@ usr/share/zoneinfo #usr/share/zoneinfo/posix/US/Pacific-New #usr/share/zoneinfo/posix/US/Samoa #usr/share/zoneinfo/posix/UTC -#usr/share/zoneinfo/posix/WET +#usr/share/zoneinfo/posix/Universal #usr/share/zoneinfo/posix/W-SU +#usr/share/zoneinfo/posix/WET #usr/share/zoneinfo/posix/Zulu -#usr/share/zoneinfo/PRC -#usr/share/zoneinfo/PST8PDT +#usr/share/zoneinfo/posixrules #usr/share/zoneinfo/right #usr/share/zoneinfo/right/Africa #usr/share/zoneinfo/right/Africa/Abidjan @@ -1320,9 +1344,9 @@ usr/share/zoneinfo #usr/share/zoneinfo/right/America/Eirunepe #usr/share/zoneinfo/right/America/El_Salvador #usr/share/zoneinfo/right/America/Ensenada -#usr/share/zoneinfo/right/America/Fortaleza #usr/share/zoneinfo/right/America/Fort_Nelson #usr/share/zoneinfo/right/America/Fort_Wayne +#usr/share/zoneinfo/right/America/Fortaleza #usr/share/zoneinfo/right/America/Glace_Bay #usr/share/zoneinfo/right/America/Godthab #usr/share/zoneinfo/right/America/Goose_Bay @@ -1340,11 +1364,11 @@ usr/share/zoneinfo #usr/share/zoneinfo/right/America/Indiana/Knox #usr/share/zoneinfo/right/America/Indiana/Marengo #usr/share/zoneinfo/right/America/Indiana/Petersburg -#usr/share/zoneinfo/right/America/Indianapolis #usr/share/zoneinfo/right/America/Indiana/Tell_City #usr/share/zoneinfo/right/America/Indiana/Vevay #usr/share/zoneinfo/right/America/Indiana/Vincennes #usr/share/zoneinfo/right/America/Indiana/Winamac +#usr/share/zoneinfo/right/America/Indianapolis #usr/share/zoneinfo/right/America/Inuvik #usr/share/zoneinfo/right/America/Iqaluit #usr/share/zoneinfo/right/America/Jamaica @@ -1393,8 +1417,8 @@ usr/share/zoneinfo #usr/share/zoneinfo/right/America/Paramaribo #usr/share/zoneinfo/right/America/Phoenix #usr/share/zoneinfo/right/America/Port-au-Prince -#usr/share/zoneinfo/right/America/Porto_Acre #usr/share/zoneinfo/right/America/Port_of_Spain +#usr/share/zoneinfo/right/America/Porto_Acre #usr/share/zoneinfo/right/America/Porto_Velho #usr/share/zoneinfo/right/America/Puerto_Rico #usr/share/zoneinfo/right/America/Punta_Arenas @@ -1516,6 +1540,7 @@ usr/share/zoneinfo #usr/share/zoneinfo/right/Asia/Pontianak #usr/share/zoneinfo/right/Asia/Pyongyang #usr/share/zoneinfo/right/Asia/Qatar +#usr/share/zoneinfo/right/Asia/Qostanay #usr/share/zoneinfo/right/Asia/Qyzylorda #usr/share/zoneinfo/right/Asia/Rangoon #usr/share/zoneinfo/right/Asia/Riyadh @@ -1557,8 +1582,8 @@ usr/share/zoneinfo #usr/share/zoneinfo/right/Atlantic/Madeira #usr/share/zoneinfo/right/Atlantic/Reykjavik #usr/share/zoneinfo/right/Atlantic/South_Georgia -#usr/share/zoneinfo/right/Atlantic/Stanley #usr/share/zoneinfo/right/Atlantic/St_Helena +#usr/share/zoneinfo/right/Atlantic/Stanley #usr/share/zoneinfo/right/Australia #usr/share/zoneinfo/right/Australia/ACT #usr/share/zoneinfo/right/Australia/Adelaide @@ -1573,8 +1598,8 @@ usr/share/zoneinfo #usr/share/zoneinfo/right/Australia/Lindeman #usr/share/zoneinfo/right/Australia/Lord_Howe #usr/share/zoneinfo/right/Australia/Melbourne -#usr/share/zoneinfo/right/Australia/North #usr/share/zoneinfo/right/Australia/NSW +#usr/share/zoneinfo/right/Australia/North #usr/share/zoneinfo/right/Australia/Perth #usr/share/zoneinfo/right/Australia/Queensland #usr/share/zoneinfo/right/Australia/South @@ -1588,62 +1613,61 @@ usr/share/zoneinfo #usr/share/zoneinfo/right/Brazil/DeNoronha #usr/share/zoneinfo/right/Brazil/East #usr/share/zoneinfo/right/Brazil/West +#usr/share/zoneinfo/right/CET +#usr/share/zoneinfo/right/CST6CDT #usr/share/zoneinfo/right/Canada #usr/share/zoneinfo/right/Canada/Atlantic #usr/share/zoneinfo/right/Canada/Central #usr/share/zoneinfo/right/Canada/Eastern -#usr/share/zoneinfo/right/Canada/East-Saskatchewan #usr/share/zoneinfo/right/Canada/Mountain #usr/share/zoneinfo/right/Canada/Newfoundland #usr/share/zoneinfo/right/Canada/Pacific #usr/share/zoneinfo/right/Canada/Saskatchewan #usr/share/zoneinfo/right/Canada/Yukon -#usr/share/zoneinfo/right/CET #usr/share/zoneinfo/right/Chile #usr/share/zoneinfo/right/Chile/Continental #usr/share/zoneinfo/right/Chile/EasterIsland -#usr/share/zoneinfo/right/CST6CDT #usr/share/zoneinfo/right/Cuba #usr/share/zoneinfo/right/EET -#usr/share/zoneinfo/right/Egypt -#usr/share/zoneinfo/right/Eire #usr/share/zoneinfo/right/EST #usr/share/zoneinfo/right/EST5EDT +#usr/share/zoneinfo/right/Egypt +#usr/share/zoneinfo/right/Eire #usr/share/zoneinfo/right/Etc #usr/share/zoneinfo/right/Etc/GMT -#usr/share/zoneinfo/right/Etc/GMT0 -#usr/share/zoneinfo/right/Etc/GMT-0 #usr/share/zoneinfo/right/Etc/GMT+0 -#usr/share/zoneinfo/right/Etc/GMT-1 #usr/share/zoneinfo/right/Etc/GMT+1 -#usr/share/zoneinfo/right/Etc/GMT-10 #usr/share/zoneinfo/right/Etc/GMT+10 -#usr/share/zoneinfo/right/Etc/GMT-11 #usr/share/zoneinfo/right/Etc/GMT+11 -#usr/share/zoneinfo/right/Etc/GMT-12 #usr/share/zoneinfo/right/Etc/GMT+12 +#usr/share/zoneinfo/right/Etc/GMT+2 +#usr/share/zoneinfo/right/Etc/GMT+3 +#usr/share/zoneinfo/right/Etc/GMT+4 +#usr/share/zoneinfo/right/Etc/GMT+5 +#usr/share/zoneinfo/right/Etc/GMT+6 +#usr/share/zoneinfo/right/Etc/GMT+7 +#usr/share/zoneinfo/right/Etc/GMT+8 +#usr/share/zoneinfo/right/Etc/GMT+9 +#usr/share/zoneinfo/right/Etc/GMT-0 +#usr/share/zoneinfo/right/Etc/GMT-1 +#usr/share/zoneinfo/right/Etc/GMT-10 +#usr/share/zoneinfo/right/Etc/GMT-11 +#usr/share/zoneinfo/right/Etc/GMT-12 #usr/share/zoneinfo/right/Etc/GMT-13 #usr/share/zoneinfo/right/Etc/GMT-14 #usr/share/zoneinfo/right/Etc/GMT-2 -#usr/share/zoneinfo/right/Etc/GMT+2 #usr/share/zoneinfo/right/Etc/GMT-3 -#usr/share/zoneinfo/right/Etc/GMT+3 #usr/share/zoneinfo/right/Etc/GMT-4 -#usr/share/zoneinfo/right/Etc/GMT+4 #usr/share/zoneinfo/right/Etc/GMT-5 -#usr/share/zoneinfo/right/Etc/GMT+5 #usr/share/zoneinfo/right/Etc/GMT-6 -#usr/share/zoneinfo/right/Etc/GMT+6 #usr/share/zoneinfo/right/Etc/GMT-7 -#usr/share/zoneinfo/right/Etc/GMT+7 #usr/share/zoneinfo/right/Etc/GMT-8 -#usr/share/zoneinfo/right/Etc/GMT+8 #usr/share/zoneinfo/right/Etc/GMT-9 -#usr/share/zoneinfo/right/Etc/GMT+9 +#usr/share/zoneinfo/right/Etc/GMT0 #usr/share/zoneinfo/right/Etc/Greenwich #usr/share/zoneinfo/right/Etc/UCT -#usr/share/zoneinfo/right/Etc/Universal #usr/share/zoneinfo/right/Etc/UTC +#usr/share/zoneinfo/right/Etc/Universal #usr/share/zoneinfo/right/Etc/Zulu #usr/share/zoneinfo/right/Europe #usr/share/zoneinfo/right/Europe/Amsterdam @@ -1712,12 +1736,12 @@ usr/share/zoneinfo #usr/share/zoneinfo/right/GB #usr/share/zoneinfo/right/GB-Eire #usr/share/zoneinfo/right/GMT -#usr/share/zoneinfo/right/GMT0 -#usr/share/zoneinfo/right/GMT-0 #usr/share/zoneinfo/right/GMT+0 +#usr/share/zoneinfo/right/GMT-0 +#usr/share/zoneinfo/right/GMT0 #usr/share/zoneinfo/right/Greenwich -#usr/share/zoneinfo/right/Hongkong #usr/share/zoneinfo/right/HST +#usr/share/zoneinfo/right/Hongkong #usr/share/zoneinfo/right/Iceland #usr/share/zoneinfo/right/Indian #usr/share/zoneinfo/right/Indian/Antananarivo @@ -1738,15 +1762,17 @@ usr/share/zoneinfo #usr/share/zoneinfo/right/Kwajalein #usr/share/zoneinfo/right/Libya #usr/share/zoneinfo/right/MET +#usr/share/zoneinfo/right/MST +#usr/share/zoneinfo/right/MST7MDT #usr/share/zoneinfo/right/Mexico #usr/share/zoneinfo/right/Mexico/BajaNorte #usr/share/zoneinfo/right/Mexico/BajaSur #usr/share/zoneinfo/right/Mexico/General -#usr/share/zoneinfo/right/MST -#usr/share/zoneinfo/right/MST7MDT -#usr/share/zoneinfo/right/Navajo #usr/share/zoneinfo/right/NZ #usr/share/zoneinfo/right/NZ-CHAT +#usr/share/zoneinfo/right/Navajo +#usr/share/zoneinfo/right/PRC +#usr/share/zoneinfo/right/PST8PDT #usr/share/zoneinfo/right/Pacific #usr/share/zoneinfo/right/Pacific/Apia #usr/share/zoneinfo/right/Pacific/Auckland @@ -1793,21 +1819,18 @@ usr/share/zoneinfo #usr/share/zoneinfo/right/Pacific/Yap #usr/share/zoneinfo/right/Poland #usr/share/zoneinfo/right/Portugal -#usr/share/zoneinfo/right/PRC -#usr/share/zoneinfo/right/PST8PDT #usr/share/zoneinfo/right/ROC #usr/share/zoneinfo/right/ROK #usr/share/zoneinfo/right/Singapore #usr/share/zoneinfo/right/Turkey #usr/share/zoneinfo/right/UCT -#usr/share/zoneinfo/right/Universal #usr/share/zoneinfo/right/US #usr/share/zoneinfo/right/US/Alaska #usr/share/zoneinfo/right/US/Aleutian #usr/share/zoneinfo/right/US/Arizona #usr/share/zoneinfo/right/US/Central -#usr/share/zoneinfo/right/US/Eastern #usr/share/zoneinfo/right/US/East-Indiana +#usr/share/zoneinfo/right/US/Eastern #usr/share/zoneinfo/right/US/Hawaii #usr/share/zoneinfo/right/US/Indiana-Starke #usr/share/zoneinfo/right/US/Michigan @@ -1816,31 +1839,8 @@ usr/share/zoneinfo #usr/share/zoneinfo/right/US/Pacific-New #usr/share/zoneinfo/right/US/Samoa #usr/share/zoneinfo/right/UTC -#usr/share/zoneinfo/right/WET +#usr/share/zoneinfo/right/Universal #usr/share/zoneinfo/right/W-SU +#usr/share/zoneinfo/right/WET #usr/share/zoneinfo/right/Zulu -#usr/share/zoneinfo/ROC -#usr/share/zoneinfo/ROK -#usr/share/zoneinfo/Singapore -#usr/share/zoneinfo/Turkey -#usr/share/zoneinfo/UCT -#usr/share/zoneinfo/Universal -#usr/share/zoneinfo/US -#usr/share/zoneinfo/US/Alaska -#usr/share/zoneinfo/US/Aleutian -#usr/share/zoneinfo/US/Arizona -#usr/share/zoneinfo/US/Central -#usr/share/zoneinfo/US/Eastern -#usr/share/zoneinfo/US/East-Indiana -#usr/share/zoneinfo/US/Hawaii -#usr/share/zoneinfo/US/Indiana-Starke -#usr/share/zoneinfo/US/Michigan -#usr/share/zoneinfo/US/Mountain -#usr/share/zoneinfo/US/Pacific -#usr/share/zoneinfo/US/Pacific-New -#usr/share/zoneinfo/US/Samoa -#usr/share/zoneinfo/UTC -#usr/share/zoneinfo/WET -#usr/share/zoneinfo/W-SU #usr/share/zoneinfo/zone.tab -#usr/share/zoneinfo/Zulu diff --git a/lfs/tzdata b/lfs/tzdata index 5ed32d8d4..39f262608 100644 --- a/lfs/tzdata +++ b/lfs/tzdata @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team <info(a)ipfire.org> # +# Copyright (C) 2007-2019 IPFire Team <info(a)ipfire.org> # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 2018g +VER = 2018i TZDATA_VER = $(VER) TZCODE_VER = $(VER) @@ -45,8 +45,8 @@ objects = tzdata$(TZDATA_VER).tar.gz tzcode$(TZCODE_VER).tar.gz tzdata$(TZDATA_VER).tar.gz = $(DL_FROM)/tzdata$(TZDATA_VER).tar.gz tzcode$(TZCODE_VER).tar.gz = $(DL_FROM)/tzcode$(TZCODE_VER).tar.gz -tzdata$(TZDATA_VER).tar.gz_MD5 = e71cb1f9d8d53c43904d79d7aeeedc1b -tzcode$(TZCODE_VER).tar.gz_MD5 = b48f0282b80bb7dbe16e35626f446ae9 +tzdata$(TZDATA_VER).tar.gz_MD5 = b3f0a1a789480a036e58466cd0702477 +tzcode$(TZCODE_VER).tar.gz_MD5 = 6a6d98be8fa2fa3485e25343e79188b4 install : $(TARGET) -- 2.16.4

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Development January 2019