core/nss to 3.23-3

This commit is contained in:
Kevin Mihelich 2016-03-31 18:51:12 +00:00
parent d8b3759f24
commit 09b48c7c41
2 changed files with 14 additions and 63 deletions

View file

@ -6,33 +6,32 @@
pkgbase=nss
pkgname=(nss ca-certificates-mozilla)
pkgver=3.22.1
pkgrel=1
pkgver=3.23
pkgrel=3
pkgdesc="Mozilla Network Security Services"
arch=(i686 x86_64)
url="http://www.mozilla.org/projects/security/pki/nss/"
license=('MPL' 'GPL')
_nsprver=4.10.10
_nsprver=4.12
depends=("nspr>=${_nsprver}" 'sqlite' 'zlib' 'sh' 'p11-kit')
makedepends=('perl' 'python2')
options=('!strip' '!makeflags' 'staticlibs')
source=("https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_${pkgver//./_}_RTM/src/${pkgbase}-${pkgver}.tar.gz"
certdata2pem.py bundle.sh nss.pc.in nss-config.in legacy-certs.patch)
sha256sums=('89e1fc7074e5c325962821289f4cd7d8207ae95af2308ba881215ed9ca68fa4f'
sha256sums=('94b383e31c9671e9dfcca81084a8a813817e8f05a57f54533509b318d26e11cf'
'2a2ff9131c21fa3b23ad7c7a2f069eabc783e56c6eb05419ac5f365f48dea0fc'
'045f520403f715a4cc7f3607b4e2c9bcc88fee5bce58d462fddaa2fdb0e4c180'
'b9f1428ca2305bf30b109507ff335fa00bce5a7ce0434b50acd26ad7c47dd5bd'
'e44ac5095b4d88f24ec7b2e6a9f1581560bd3ad41a3d198596d67ef22f67adb9'
'e91e91b8106c7e11ee8aaf8d4097c84915ff7dfdf42280dc7618336aa71d7dd8')
'5f793af9c8558324e4188163862e0e70a5b069a44ad9e7817e0767093739f2a0')
prepare() {
mkdir certs
cd nss-$pkgver
# FS#45479: Reenable two weak Verisign certificates used by login.live.com
# Otherwise, accessing this site via Epiphany (GnuTLS) or Skype (OpenSSL) fails
# Also see https://gist.github.com/grawity/15eabf67191e17080241
# Still needed - Evolution (Camel) and Telepathy-Gabble (Wocky) use
# their own validation which doesn't work with trusted intermediates
patch nss/lib/ckfw/builtins/certdata.txt ../legacy-certs.patch
# Respect LDFLAGS

View file

@ -1,5 +1,5 @@
--- certdata.txt 2015-12-18 14:15:57.900921728 +0100
+++ certdata-legacy.txt 2015-12-18 14:20:10.393176933 +0100
--- certdata.txt 2016-02-26 22:21:17.016942918 +0100
+++ certdata-legacy.txt 2016-03-21 10:47:41.022763306 +0100
@@ -70,6 +70,421 @@
CKA_LABEL UTF8 "Mozilla Builtin Roots"
@ -446,7 +446,7 @@
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
@@ -627,7 +1042,7 @@
@@ -480,7 +895,7 @@
END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
@ -455,19 +455,7 @@
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
@@ -772,9 +1187,9 @@
\002\020\175\331\376\007\317\250\036\267\020\171\147\373\247\211
\064\306
END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
@@ -1041,6 +1456,426 @@
@@ -747,6 +1162,426 @@
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
@ -894,7 +882,7 @@
# Certificate "Verisign Class 1 Public Primary Certification Authority - G3"
#
# Issuer: CN=VeriSign Class 1 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
@@ -1645,6 +2480,180 @@
@@ -1351,6 +2186,180 @@
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
@ -1075,7 +1063,7 @@
# Certificate "Entrust.net Premium 2048 Secure Server CA"
#
# Issuer: CN=Entrust.net Certification Authority (2048),OU=(c) 1999 Entrust.net Limited,OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.),O=Entrust.net
@@ -2047,9 +3056,9 @@
@@ -1753,9 +2762,9 @@
CKA_SERIAL_NUMBER MULTILINE_OCTAL
\002\001\001
END
@ -1087,7 +1075,7 @@
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
@@ -2163,9 +3172,9 @@
@@ -1869,9 +2878,9 @@
CKA_SERIAL_NUMBER MULTILINE_OCTAL
\002\001\004
END
@ -1098,40 +1086,4 @@
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
@@ -6729,9 +7738,9 @@
CKA_SERIAL_NUMBER MULTILINE_OCTAL
\002\001\151
END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
@@ -6902,9 +7911,9 @@
CKA_SERIAL_NUMBER MULTILINE_OCTAL
\002\001\150
END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
@@ -15706,9 +16715,9 @@
\002\020\074\221\061\313\037\366\320\033\016\232\270\320\104\277
\022\276
END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#