File _patchinfo of Package patchinfo.42786

<patchinfo incident="42786">
  <issue tracker="bnc" id="1258002">VUL-0: ca-certificates-mozilla: 2.84 update</issue>
  <issue tracker="bnc" id="1229003">ca-certificates-mozilla-prebuilt: java-cacerts differ</issue>
  <packager>msmeissn</packager>
  <rating>moderate</rating>
  <category>recommended</category>
  <summary>Recommended update for ca-certificates-mozilla</summary>
  <description>This update for ca-certificates-mozilla fixes the following issues:

- test for a concretely missing certificate rather than
  just the directory, as the latter is now also provided by openssl-3
- Re-create java-cacerts with SOURCE_DATE_EPOCH set
  for reproducible builds (bsc#1229003)
- Also mark /usr/share/factory/var/lib/ca-certificates/ as writable by the user 
  during install: allow rpm to properly execute %clean when completed.
- Create /var/lib/ca-certificates during build to ensure rpm gives
  the %ghost'ed directory proper mode attributes.
- Updated to 2.84 state (bsc#1258002)
    * Removed:
        + Baltimore CyberTrust Root
        + CommScope Public Trust ECC Root-01
        + CommScope Public Trust ECC Root-02
        + CommScope Public Trust RSA Root-01
        + CommScope Public Trust RSA Root-02
        + DigiNotar Root CA
    * Added: 
        + e-Szigno TLS Root CA 2023
        + OISTE Client Root ECC G1
        + OISTE Client Root RSA G1
        + OISTE Server Root ECC G1
        + OISTE Server Root RSA G1
        + SwissSign RSA SMIME Root CA 2022 - 1
        + SwissSign RSA TLS Root CA 2022 - 1
        + TrustAsia SMIME ECC Root CA
        + TrustAsia SMIME RSA Root CA
        + TrustAsia TLS ECC Root CA
        + TrustAsia TLS RSA Root CA
- reenable the distrusted certs again. the distrust is only for certs
  issued after the distrust date, not for all certs of a CA.
  </description>
</patchinfo>