From 1567362cc5460c0eb1b87edd31a9bd6275cf46d6 Mon Sep 17 00:00:00 2001 From: Kevin Mihelich Date: Fri, 24 Jan 2020 13:27:43 +0000 Subject: [PATCH] core/nss to 3.49.1-2 --- core/nss/PKGBUILD | 10 +++++----- core/nss/certdata2pem.py | 15 +++++++++++++++ 2 files changed, 20 insertions(+), 5 deletions(-) diff --git a/core/nss/PKGBUILD b/core/nss/PKGBUILD index 853334852..cdeebbb99 100644 --- a/core/nss/PKGBUILD +++ b/core/nss/PKGBUILD @@ -7,18 +7,18 @@ pkgbase=nss pkgname=(nss ca-certificates-mozilla) pkgver=3.49.1 -pkgrel=1 +pkgrel=2 pkgdesc="Network Security Services" url="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS" arch=(x86_64) license=(MPL GPL) -_nsprver=4.20 -depends=("nspr>=${_nsprver}" sqlite zlib sh p11-kit) +_nsprver=4.24 +depends=("nspr>=${_nsprver}" sqlite zlib sh 'p11-kit>=0.23.19') makedepends=(perl python gyp) source=("https://ftp.mozilla.org/pub/security/nss/releases/NSS_${pkgver//./_}_RTM/src/nss-${pkgver}.tar.gz" certdata2pem.py bundle.sh) sha256sums=('d9aa42e49e02bb0dc0a2f164604cfc718e11a2a06ddb266cd676376ac21b026e' - '0be02cecc27a6e55e1cad1783033b147f502b26f9fb1bb5a53e7a43bbcb68fa0' + 'd2a1579dae05fd16175fac27ef08b54731ecefdf414085c610179afcf62b096c' '3bfadf722da6773bdabdd25bdf78158648043d1b7e57615574f189a88ca865dd' '8372d34fdeeebd23e1daa7ee1f67510f050cba30c884f81e067dba46f94d1dcf') @@ -90,7 +90,7 @@ package_nss() { package_ca-certificates-mozilla() { pkgdesc="Mozilla's set of trusted CA certificates" - depends=(ca-certificates-utils) + depends=('ca-certificates-utils>=20181109-3') install -Dm644 ca-bundle.trust.p11-kit \ "$pkgdir/usr/share/ca-certificates/trust-source/mozilla.trust.p11-kit" diff --git a/core/nss/certdata2pem.py b/core/nss/certdata2pem.py index a4f38c2d8..a52ce9c74 100755 --- a/core/nss/certdata2pem.py +++ b/core/nss/certdata2pem.py @@ -177,6 +177,11 @@ openssl_trust = { "CKA_TRUST_EMAIL_PROTECTION": "emailProtection", } +cert_distrust_types = { + "CKA_NSS_SERVER_DISTRUST_AFTER": "nss-server-distrust-after", + "CKA_NSS_EMAIL_DISTRUST_AFTER": "nss-email-distrust-after", +} + for tobj in objects: if tobj['CKA_CLASS'] == 'CKO_NSS_TRUST': key = tobj['CKA_LABEL'] + printable_serial(tobj) @@ -369,6 +374,16 @@ for tobj in objects: f.write("nss-mozilla-ca-policy: true\n") f.write("modifiable: false\n"); + # requires p11-kit >= 0.23.19 + for t in list(cert_distrust_types.keys()): + if t in obj: + value = obj[t] + if value == 'CK_FALSE': + value = bytearray(1) + f.write(cert_distrust_types[t] + ": \"") + f.write(urllib.parse.quote(value)); + f.write("\"\n") + f.write("-----BEGIN CERTIFICATE-----\n") temp_encoded_b64 = base64.b64encode(obj['CKA_VALUE']) temp_wrapped = textwrap.wrap(temp_encoded_b64.decode(), 64)