archlinuxarm/PKGBUILDs
1
0
Fork 0
mirror of https://github.com/archlinuxarm/PKGBUILDs.git synced 2025-03-19 00:21:40 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

core/nss to 3.23-3

Browse source
This commit is contained in:
Kevin Mihelich 2016-03-31 18:51:12 +00:00
parent d8b3759f24
commit 09b48c7c41
2 changed files with 14 additions and 63 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
core/nss/PKGBUILD
View file

@ -6,33 +6,32 @@
pkgbase=nss pkgbase=nss
pkgname=(nss ca-certificates-mozilla) pkgname=(nss ca-certificates-mozilla)
pkgver=3.22.1 pkgver=3.23
pkgrel=1 pkgrel=3
pkgdesc="Mozilla Network Security Services" pkgdesc="Mozilla Network Security Services"
arch=(i686 x86_64) arch=(i686 x86_64)
url="http://www.mozilla.org/projects/security/pki/nss/" url="http://www.mozilla.org/projects/security/pki/nss/"
license=('MPL' 'GPL') license=('MPL' 'GPL')
_nsprver=4.10.10 _nsprver=4.12
depends=("nspr>=${_nsprver}" 'sqlite' 'zlib' 'sh' 'p11-kit') depends=("nspr>=${_nsprver}" 'sqlite' 'zlib' 'sh' 'p11-kit')
makedepends=('perl' 'python2') makedepends=('perl' 'python2')
options=('!strip' '!makeflags' 'staticlibs') options=('!strip' '!makeflags' 'staticlibs')
source=("https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_${pkgver//./_}_RTM/src/${pkgbase}-${pkgver}.tar.gz" source=("https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_${pkgver//./_}_RTM/src/${pkgbase}-${pkgver}.tar.gz"
certdata2pem.py bundle.sh nss.pc.in nss-config.in legacy-certs.patch) certdata2pem.py bundle.sh nss.pc.in nss-config.in legacy-certs.patch)
sha256sums=('89e1fc7074e5c325962821289f4cd7d8207ae95af2308ba881215ed9ca68fa4f' sha256sums=('94b383e31c9671e9dfcca81084a8a813817e8f05a57f54533509b318d26e11cf'
'2a2ff9131c21fa3b23ad7c7a2f069eabc783e56c6eb05419ac5f365f48dea0fc' '2a2ff9131c21fa3b23ad7c7a2f069eabc783e56c6eb05419ac5f365f48dea0fc'
'045f520403f715a4cc7f3607b4e2c9bcc88fee5bce58d462fddaa2fdb0e4c180' '045f520403f715a4cc7f3607b4e2c9bcc88fee5bce58d462fddaa2fdb0e4c180'
'b9f1428ca2305bf30b109507ff335fa00bce5a7ce0434b50acd26ad7c47dd5bd' 'b9f1428ca2305bf30b109507ff335fa00bce5a7ce0434b50acd26ad7c47dd5bd'
'e44ac5095b4d88f24ec7b2e6a9f1581560bd3ad41a3d198596d67ef22f67adb9' 'e44ac5095b4d88f24ec7b2e6a9f1581560bd3ad41a3d198596d67ef22f67adb9'
'e91e91b8106c7e11ee8aaf8d4097c84915ff7dfdf42280dc7618336aa71d7dd8') '5f793af9c8558324e4188163862e0e70a5b069a44ad9e7817e0767093739f2a0')
prepare() { prepare() {
mkdir certs mkdir certs
cd nss-$pkgver cd nss-$pkgver
# FS#45479: Reenable two weak Verisign certificates used by login.live.com # Still needed - Evolution (Camel) and Telepathy-Gabble (Wocky) use
# Otherwise, accessing this site via Epiphany (GnuTLS) or Skype (OpenSSL) fails # their own validation which doesn't work with trusted intermediates
# Also see https://gist.github.com/grawity/15eabf67191e17080241
patch nss/lib/ckfw/builtins/certdata.txt ../legacy-certs.patch patch nss/lib/ckfw/builtins/certdata.txt ../legacy-certs.patch
# Respect LDFLAGS # Respect LDFLAGS

62
core/nss/legacy-certs.patch
View file

@ -1,5 +1,5 @@
--- certdata.txt 2015-12-18 14:15:57.900921728 +0100 --- certdata.txt 2016-02-26 22:21:17.016942918 +0100
+++ certdata-legacy.txt 2015-12-18 14:20:10.393176933 +0100 +++ certdata-legacy.txt 2016-03-21 10:47:41.022763306 +0100
@@ -70,6 +70,421 @@ @@ -70,6 +70,421 @@
CKA_LABEL UTF8 "Mozilla Builtin Roots" CKA_LABEL UTF8 "Mozilla Builtin Roots"
@ -446,7 +446,7 @@
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
# #
@@ -627,7 +1042,7 @@ @@ -480,7 +895,7 @@
END END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
@ -455,19 +455,7 @@
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
# #
@@ -772,9 +1187,9 @@ @@ -747,6 +1162,426 @@
\002\020\175\331\376\007\317\250\036\267\020\171\147\373\247\211
\064\306
END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
@@ -1041,6 +1456,426 @@
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
# #
@ -894,7 +882,7 @@
# Certificate "Verisign Class 1 Public Primary Certification Authority - G3" # Certificate "Verisign Class 1 Public Primary Certification Authority - G3"
# #
# Issuer: CN=VeriSign Class 1 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US # Issuer: CN=VeriSign Class 1 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
@@ -1645,6 +2480,180 @@ @@ -1351,6 +2186,180 @@
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
# #
@ -1075,7 +1063,7 @@
# Certificate "Entrust.net Premium 2048 Secure Server CA" # Certificate "Entrust.net Premium 2048 Secure Server CA"
# #
# Issuer: CN=Entrust.net Certification Authority (2048),OU=(c) 1999 Entrust.net Limited,OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.),O=Entrust.net # Issuer: CN=Entrust.net Certification Authority (2048),OU=(c) 1999 Entrust.net Limited,OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.),O=Entrust.net
@@ -2047,9 +3056,9 @@ @@ -1753,9 +2762,9 @@
CKA_SERIAL_NUMBER MULTILINE_OCTAL CKA_SERIAL_NUMBER MULTILINE_OCTAL
\002\001\001 \002\001\001
END END
@ -1087,7 +1075,7 @@
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
# #
@@ -2163,9 +3172,9 @@ @@ -1869,9 +2878,9 @@
CKA_SERIAL_NUMBER MULTILINE_OCTAL CKA_SERIAL_NUMBER MULTILINE_OCTAL
\002\001\004 \002\001\004
END END
@ -1098,40 +1086,4 @@
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
@@ -6729,9 +7738,9 @@
CKA_SERIAL_NUMBER MULTILINE_OCTAL
\002\001\151
END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
@@ -6902,9 +7911,9 @@
CKA_SERIAL_NUMBER MULTILINE_OCTAL
\002\001\150
END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
@@ -15706,9 +16715,9 @@
\002\020\074\221\061\313\037\366\320\033\016\232\270\320\104\277
\022\276
END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
# #