archlinuxarm/PKGBUILDs
1
0
Fork 0
mirror of https://github.com/archlinuxarm/PKGBUILDs.git synced 2025-01-27 23:44:04 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

core/nss to 3.49-1

Browse source
This commit is contained in:
Kevin Mihelich 2020-01-08 14:49:09 +00:00
parent 4ea0fb278e
commit b6427a6f26
2 changed files with 2 additions and 75 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
core/nss/PKGBUILD
View file

@ -6,7 +6,7 @@
pkgbase=nss
pkgname=(nss ca-certificates-mozilla)
pkgver=3.48
pkgver=3.49
pkgrel=1
pkgdesc="Network Security Services"
url="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
@ -16,10 +16,8 @@ _nsprver=4.20
depends=("nspr>=${_nsprver}" sqlite zlib sh p11-kit)
makedepends=(perl python gyp)
source=("https://ftp.mozilla.org/pub/security/nss/releases/NSS_${pkgver//./_}_RTM/src/nss-${pkgver}.tar.gz"
nss-3.47-certdb-temp-cert.patch
certdata2pem.py bundle.sh)
sha256sums=('3f9c822a86a4e3e1bfe63e2ed0f922d8b7c2e0b7cafe36774b1c627970d0f8ac'
'bd16ba87e5ea736888f76dd54dff18b25ca6608245c0195fb85bad3d782db73c'
sha256sums=('6738094dc4fd63061118a122bf3999a64fe8c7117fc52f6e81c2279181bde71d'
'0be02cecc27a6e55e1cad1783033b147f502b26f9fb1bb5a53e7a43bbcb68fa0'
'3bfadf722da6773bdabdd25bdf78158648043d1b7e57615574f189a88ca865dd'
'8372d34fdeeebd23e1daa7ee1f67510f050cba30c884f81e067dba46f94d1dcf')
@ -30,9 +28,6 @@ prepare() {
cd nss-$pkgver
ln -sr nss/lib/ckfw/builtins/certdata.txt ../certs/
ln -sr nss/lib/ckfw/builtins/nssckbi.h ../certs/
# https://bugzilla.mozilla.org/show_bug.cgi?id=1593167
patch -d nss -Np1 < ../nss-3.47-certdb-temp-cert.patch
}
build() {

68
core/nss/nss-3.47-certdb-temp-cert.patch
View file

@ -1,68 +0,0 @@
From 9530978d1552674792e281391100269305a38c47 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <dueno@redhat.com>
Date: Fri, 6 Dec 2019 10:47:01 +0100
Subject: [PATCH] Bug 1593167, certdb: propagate trust information if trust
module is loaded afterwards, r=rrelyea,keeler
Summary:
When the builtin trust module is loaded after some temp certs being created, these temp certs are usually not accompanied by trust information. This causes a problem in Firefox as it loads the module from a separate thread while accessing the network cache which populates temp certs.
This change makes it properly roll up the trust information, if a temp cert doesn't have trust information.
Reviewers: rrelyea, keeler
Reviewed By: rrelyea, keeler
Subscribers: reviewbot, heftig
Bug #: 1593167
Differential Revision: https://phabricator.services.mozilla.com/D54726
---
lib/pki/pki3hack.c | 30 ++++++++++++++++++++++--------
1 file changed, 22 insertions(+), 8 deletions(-)
diff --git a/lib/pki/pki3hack.c b/lib/pki/pki3hack.c
index 29d2fb5a40..eac4a5705e 100644
--- a/lib/pki/pki3hack.c
+++ b/lib/pki/pki3hack.c
@@ -921,14 +921,28 @@ stan_GetCERTCertificate(NSSCertificate *c, PRBool forceUpdate)
}
if (!cc->nssCertificate || forceUpdate) {
fill_CERTCertificateFields(c, cc, forceUpdate);
- } else if (CERT_GetCertTrust(cc, &certTrust) != SECSuccess &&
- !c->object.cryptoContext) {
- /* if it's a perm cert, it might have been stored before the
- * trust, so look for the trust again. But a temp cert can be
- * ignored.
- */
- CERTCertTrust *trust = NULL;
- trust = nssTrust_GetCERTCertTrustForCert(c, cc);
+ } else if (CERT_GetCertTrust(cc, &certTrust) != SECSuccess) {
+ CERTCertTrust *trust;
+ if (!c->object.cryptoContext) {
+ /* If it's a perm cert, it might have been stored before the
+ * trust, so look for the trust again.
+ */
+ trust = nssTrust_GetCERTCertTrustForCert(c, cc);
+ } else {
+ /* If it's a temp cert, it might have been stored before the
+ * builtin trust module is loaded, so look for the trust
+ * again, but don't set the empty trust if it is not found.
+ */
+ NSSTrust *t = nssTrustDomain_FindTrustForCertificate(c->object.cryptoContext->td, c);
+ if (!t) {
+ goto loser;
+ }
+ trust = cert_trust_from_stan_trust(t, cc->arena);
+ nssTrust_Destroy(t);
+ if (!trust) {
+ goto loser;
+ }
+ }
CERT_LockCertTrust(cc);
cc->trust = trust;
--
2.24.0