- Only look at CKA_TRUST_SERVER_AUTH, _EMAIL_PROTECTION, and
_CODE_SIGNING attributes.
- Omit certificates that do not have any explicit trust value in these
three attributes; at least one of the purposes must mark the
certificate a trusted delegator.
- Validate that the trust is one of three known trust values, to become
aware of syntax changes in certdata.txt. If it is an unknown token,
abort with an error stating that the script must be updated.
- Check that we have at least 25 certificates in the output or abort.
This removes these two certificates that have "unknown"
(CKT_NSS_MUST_VERIFY_TRUST) in all three tokens, making them unfit as
trust anchors:
1 C=DE, O=TC TrustCenter GmbH, OU=TC TrustCenter Universal CA,
CN=TC TrustCenter Universal CA III
2 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network,
OU=http://www.usertrust.com,
CN=UTN-USERFirst-Network Applications
164 trusted certificates remain.
Changes:
* Many changes to Matrix classes for AVX and SSE.
* FXHash hash-table improvements.
* FXHash, FXPtrList needlessly had virtual destructors.
* API's equalElms() added to FXElement.h.
* Problems with initial list fixed in FXFileList and FXDirList.
* Dropped default parameter value for FXString::mid() API.
* Signed/unsigned warning issues fixed in FXArray.h.
* FXArray and FXHash now use FXival to allow truly large arrays and
dictionaries.
* Fixed some warnings compiling synchronization classes.
* Use FXuval for fxmalloc() and ilk.
* Minor additional tweaks to CPU identification.
* FXRefPtr moved into the Atomic Age:- use atomic swap when changing
pointer value.
* Add overloads for long, unsigned long in FXElement.h.
* FXArray now consists of single (never NULL) pointer, same as FXString.
This means FXArray takes up only a pointer's worth of space when empty.
* Sign-extend macro added to fxdefs.h.
Update dependent packages with more recent releases.
Remove old and bit-rotted ones.
Switch to using clang 3.3 and libobjc2 1.7 by default, so modern Objective-C features work out of the box and remove a lot of configurable options for sub-optimal (and, often, unsupported / deprecated upstream) configurations.
Take maintainership of GNUstep-related ports.
Several of the ports left in have scary warnings which mean that they are likely broken in lots of cases. Future commits will fix them.
Approved by: bapt
- modify policyd-spf so ${PREFIX}/etc/postfix-policyd-spf-python/policyd-spf.conf
is used as default configuration files and change pkg-message.in accordingly
- modify misc file paths in man pages so they match installed ones
- adopt to new options framework (DOCS)
- add license information (AL2)
- trim makefile header.
- update WWW url in pkg-descr
while I'm here:
- use absolute url in MASTER_SITES and remove http redirection quirks
- replace PYTHON_SITELIBDIR with PYTHON_PKGNAMEPREFIX in depends
- shortened overly long lines to make Makefile more readable
- remove attribution from pkg-descr, that's no more supported in ports
PR: 177797
Submitted by: Yasuhiro KIMURA <yasu@utahime.org>
Approved by: Giel van Schijndel <me@mortis.eu> (maintainer)
