The Package net-dns/dnssec-root-20181220 Download a XML File, a certificate and a CA from the IANA Homepage. As already reported in Bug 822447, the Verification will fail because the Certificate drom 2018-12-20 has already expired. The Bugfix was the remove the verification of the Certifiacte (commit from 2021-11-08 ). If you are using a fresh download from IANA, you have never problem, because here, under the same filename, is already a new certificate. But If you are using a Gentoo Mirror/Reposity, the files are stored under the filename root-anchors-20181220.xml, root-anchors-20181220.p7s and icannbundle-20181220.pem and will not be updated and the old certificate. On the IANA Server there was an Update to 2021-09-02. So it makes sense to update the packacke Version to 20210902. and add the new files root-anchors-20210902.xml, root-anchors-20210902.p7s and icannbundle-20210902.pem to the Gentoo Mirrors. With this step you can still add der CA check back. Reproducible: Sometimes Steps to Reproduce: 1. Remove -noverify from the SMIME Verificate 2. Using a local Gentoo Mirror (or copy root-anchors-20181220.xml, root-anchors-20181220.p7s and icannbundle-20181220.pem to the distfiles folder) 3. Install the package
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d7d3e1a3f72e278bbb37c64400ea906553d207b8 commit d7d3e1a3f72e278bbb37c64400ea906553d207b8 Author: Marc Schiffbauer <mschiff@gentoo.org> AuthorDate: 2022-11-10 00:34:30 +0000 Commit: Marc Schiffbauer <mschiff@gentoo.org> CommitDate: 2022-11-10 00:35:30 +0000 net-dns/dnssec-root: add 20210902 Closes: https://bugs.gentoo.org/870358 Signed-off-by: Marc Schiffbauer <mschiff@gentoo.org> net-dns/dnssec-root/Manifest | 3 + net-dns/dnssec-root/dnssec-root-20210902.ebuild | 81 +++++++++++++++++++++++++ 2 files changed, 84 insertions(+)
