!52 [sync] PR-48: remove expired and sync new certificates

From: @openeuler-sync-bot 
Reviewed-by: @HuaxinLuGitee 
Signed-off-by: @HuaxinLuGitee

ca-certificates.spec

@@ -35,10 +35,10 @@ Name: ca-certificates
 # to have increasing version numbers. However, the new scheme will work, 
 # because all future versions will start with 2013 or larger.)
 
-Version: 2020.2.46
+Version: 2023.2.60
 # for Rawhide, please always use release >= 2
 # for Fedora release branches, please use release < 2 (1.0, 1.1, ...)
-Release: 2
+Release: 3
 License: Public Domain
 
 Group: System Environment/Base
@@ -307,9 +307,18 @@ fi
 #if [ $1 -gt 1 ] ; then
 #  # when upgrading or downgrading
 #fi
+# When coreutils is installing with ca-certificates
+# we need to wait until coreutils install to
+# run our update since update requires ln to complete.
+if [ -x %{_bindir}/ln ]; then
 %{_bindir}/ca-legacy install
 %{_bindir}/update-ca-trust
+fi
 
+%posttrans
+# we run the scripts here too, in case we couldn't run them in post
+%{_bindir}/ca-legacy install
+%{_bindir}/update-ca-trust
 
 %files
 %dir %{_sysconfdir}/ssl
@@ -370,6 +379,49 @@ fi
 
 
 %changelog
+* Mon Jul 01 2024 wangjiang <wangjiang37@h-partners.com> - 2023.2.60-3
+- remove expired and sync new certificates
+  Removing:
+    Security Communication Root CA
+  Adding:
+    Atos TrustedRoot Root CA ECC G2 2020
+    Atos TrustedRoot Root CA ECC TLS 2021
+    Atos TrustedRoot Root CA RSA G2 2020
+    Atos TrustedRoot Root CA RSA TLS 2021
+    CommScope Public Trust ECC Root-01
+    CommScope Public Trust ECC Root-02
+    CommScope Public Trust RSA Root-01
+    CommScope Public Trust RSA Root-02
+    D-Trust SBR Root CA 1 2022
+    D-Trust SBR Root CA 2 2022
+    LAWtrust Root CA2 (4096)
+    Sectigo Public Email Protection Root E46
+    Sectigo Public Email Protection Root R46
+    Sectigo Public Server Authentication Root E46
+    Sectigo Public Server Authentication Root R46
+    SSL.com Client ECC Root CA 2022
+    SSL.com Client RSA Root CA 2022
+    SSL.com TLS ECC Root CA 2022
+    SSL.com TLS RSA Root CA 2022
+    Telekom Security SMIME ECC Root 2021
+    Telekom Security SMIME RSA Root 2023
+    Telekom Security TLS ECC Root 2020
+    Telekom Security TLS RSA Root 2023
+    TrustAsia Global Root CA G3
+    TrustAsia Global Root CA G4
+
+* Mon Nov 06 2023 wangjiang <wangjiang37@h-partners.com> - 2023.2.60-2
+- delete the unsecure certificates
+
+* Tue Jun 06 2023 wangjiang <wangjiang37@h-partners.com> - 2023.2.60-1
+- upgrade version to 2023.2.60
+
+* Sat Oct 22 2022 wangjiang <wangjiang37@h-partners.com> - 2021.2.52-2
+- lagging install ca-legacy and update-ca-trust
+
+* Wed Dec 1 2021 liudabo <liudabo1@huawei.com> - 2021.2.52-1
+- upgrade version to 2021.2.52
+
 * Thu Jun 10 2021 liudabo <liudabo1@huawei.com> - 2021.2.46-2
 - Refresh the original the original certificate file and delete the insercure certificates
 

nssckbi.h

@@ -46,8 +46,8 @@
  * It's recommend to switch back to 0 after having reached version 98/99.
  */
 #define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 2
-#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 46
-#define NSS_BUILTINS_LIBRARY_VERSION "2.46"
+#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 60
+#define NSS_BUILTINS_LIBRARY_VERSION "2.60"
 
 /* These version numbers detail the semantic changes to the ckfw engine. */
 #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1