core/nss to 3.23-3

2024-11-28 22:57:37 +00:00 · 2016-03-31 18:51:12 +00:00 · 2016-03-31 18:51:12 +00:00 · 09b48c7c41
commit 09b48c7c41
parent d8b3759f24
2 changed files with 14 additions and 63 deletions
--- a/core/nss/PKGBUILD
+++ b/core/nss/PKGBUILD
@ -6,33 +6,32 @@

 pkgbase=nss
 pkgname=(nss ca-certificates-mozilla)
-pkgver=3.22.1
-pkgrel=1
+pkgver=3.23
+pkgrel=3
 pkgdesc="Mozilla Network Security Services"
 arch=(i686 x86_64)
 url="http://www.mozilla.org/projects/security/pki/nss/"
 license=('MPL' 'GPL')
-_nsprver=4.10.10
+_nsprver=4.12
 depends=("nspr>=${_nsprver}" 'sqlite' 'zlib' 'sh' 'p11-kit')
 makedepends=('perl' 'python2')
 options=('!strip' '!makeflags' 'staticlibs')
 source=("https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_${pkgver//./_}_RTM/src/${pkgbase}-${pkgver}.tar.gz"
        certdata2pem.py bundle.sh nss.pc.in nss-config.in legacy-certs.patch)
-sha256sums=('89e1fc7074e5c325962821289f4cd7d8207ae95af2308ba881215ed9ca68fa4f'
+sha256sums=('94b383e31c9671e9dfcca81084a8a813817e8f05a57f54533509b318d26e11cf'
            '2a2ff9131c21fa3b23ad7c7a2f069eabc783e56c6eb05419ac5f365f48dea0fc'
            '045f520403f715a4cc7f3607b4e2c9bcc88fee5bce58d462fddaa2fdb0e4c180'
            'b9f1428ca2305bf30b109507ff335fa00bce5a7ce0434b50acd26ad7c47dd5bd'
            'e44ac5095b4d88f24ec7b2e6a9f1581560bd3ad41a3d198596d67ef22f67adb9'
-            'e91e91b8106c7e11ee8aaf8d4097c84915ff7dfdf42280dc7618336aa71d7dd8')
+            '5f793af9c8558324e4188163862e0e70a5b069a44ad9e7817e0767093739f2a0')

 prepare() {
  mkdir certs

  cd nss-$pkgver

-  # FS#45479: Reenable two weak Verisign certificates used by login.live.com
-  # Otherwise, accessing this site via Epiphany (GnuTLS) or Skype (OpenSSL) fails
-  # Also see https://gist.github.com/grawity/15eabf67191e17080241
+  # Still needed - Evolution (Camel) and Telepathy-Gabble (Wocky) use
+  # their own validation which doesn't work with trusted intermediates
  patch nss/lib/ckfw/builtins/certdata.txt ../legacy-certs.patch

  # Respect LDFLAGS
--- a/core/nss/legacy-certs.patch
+++ b/core/nss/legacy-certs.patch
@ -1,5 +1,5 @@
--- certdata.txt	2015-12-18 14:15:57.900921728 +0100
-+++ certdata-legacy.txt	2015-12-18 14:20:10.393176933 +0100
+--- certdata.txt	2016-02-26 22:21:17.016942918 +0100
+++ certdata-legacy.txt	2016-03-21 10:47:41.022763306 +0100
@@ -70,6 +70,421 @@
 CKA_LABEL UTF8 "Mozilla Builtin Roots"
 
@ -446,7 +446,7 @@
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
-@@ -627,7 +1042,7 @@
+@@ -480,7 +895,7 @@
 END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
@ -455,19 +455,7 @@
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
-@@ -772,9 +1187,9 @@
- \002\020\175\331\376\007\317\250\036\267\020\171\147\373\247\211
- \064\306
- END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
- CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
- CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
- 
- #
-@@ -1041,6 +1456,426 @@
+@@ -747,6 +1162,426 @@
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
@ -894,7 +882,7 @@
 # Certificate "Verisign Class 1 Public Primary Certification Authority - G3"
 #
 # Issuer: CN=VeriSign Class 1 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
-@@ -1645,6 +2480,180 @@
+@@ -1351,6 +2186,180 @@
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
@ -1075,7 +1063,7 @@
 # Certificate "Entrust.net Premium 2048 Secure Server CA"
 #
 # Issuer: CN=Entrust.net Certification Authority (2048),OU=(c) 1999 Entrust.net Limited,OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.),O=Entrust.net
-@@ -2047,9 +3056,9 @@
+@@ -1753,9 +2762,9 @@
 CKA_SERIAL_NUMBER MULTILINE_OCTAL
 \002\001\001
 END
@ -1087,7 +1075,7 @@
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
-@@ -2163,9 +3172,9 @@
+@@ -1869,9 +2878,9 @@
 CKA_SERIAL_NUMBER MULTILINE_OCTAL
 \002\001\004
 END
@ -1098,40 +1086,4 @@
 +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
- #
-@@ -6729,9 +7738,9 @@
- CKA_SERIAL_NUMBER MULTILINE_OCTAL
- \002\001\151
- END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
- CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
- CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
- 
- #
-@@ -6902,9 +7911,9 @@
- CKA_SERIAL_NUMBER MULTILINE_OCTAL
- \002\001\150
- END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
- CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
- CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
- 
- #
-@@ -15706,9 +16715,9 @@
- \002\020\074\221\061\313\037\366\320\033\016\232\270\320\104\277
- \022\276
- END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
- CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
- CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
- 
 #