From b6427a6f266888763160797e9d5c2872c6901a46 Mon Sep 17 00:00:00 2001 From: Kevin Mihelich <kevin@archlinuxarm.org> Date: Wed, 8 Jan 2020 14:49:09 +0000 Subject: [PATCH] core/nss to 3.49-1 --- core/nss/PKGBUILD | 9 +--- core/nss/nss-3.47-certdb-temp-cert.patch | 68 ------------------------ 2 files changed, 2 insertions(+), 75 deletions(-) delete mode 100644 core/nss/nss-3.47-certdb-temp-cert.patch diff --git a/core/nss/PKGBUILD b/core/nss/PKGBUILD index f23da901a..e8233bb7c 100644 --- a/core/nss/PKGBUILD +++ b/core/nss/PKGBUILD @@ -6,7 +6,7 @@ pkgbase=nss pkgname=(nss ca-certificates-mozilla) -pkgver=3.48 +pkgver=3.49 pkgrel=1 pkgdesc="Network Security Services" url="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS" @@ -16,10 +16,8 @@ _nsprver=4.20 depends=("nspr>=${_nsprver}" sqlite zlib sh p11-kit) makedepends=(perl python gyp) source=("https://ftp.mozilla.org/pub/security/nss/releases/NSS_${pkgver//./_}_RTM/src/nss-${pkgver}.tar.gz" - nss-3.47-certdb-temp-cert.patch certdata2pem.py bundle.sh) -sha256sums=('3f9c822a86a4e3e1bfe63e2ed0f922d8b7c2e0b7cafe36774b1c627970d0f8ac' - 'bd16ba87e5ea736888f76dd54dff18b25ca6608245c0195fb85bad3d782db73c' +sha256sums=('6738094dc4fd63061118a122bf3999a64fe8c7117fc52f6e81c2279181bde71d' '0be02cecc27a6e55e1cad1783033b147f502b26f9fb1bb5a53e7a43bbcb68fa0' '3bfadf722da6773bdabdd25bdf78158648043d1b7e57615574f189a88ca865dd' '8372d34fdeeebd23e1daa7ee1f67510f050cba30c884f81e067dba46f94d1dcf') @@ -30,9 +28,6 @@ prepare() { cd nss-$pkgver ln -sr nss/lib/ckfw/builtins/certdata.txt ../certs/ ln -sr nss/lib/ckfw/builtins/nssckbi.h ../certs/ - - # https://bugzilla.mozilla.org/show_bug.cgi?id=1593167 - patch -d nss -Np1 < ../nss-3.47-certdb-temp-cert.patch } build() { diff --git a/core/nss/nss-3.47-certdb-temp-cert.patch b/core/nss/nss-3.47-certdb-temp-cert.patch deleted file mode 100644 index 160ab2c1d..000000000 --- a/core/nss/nss-3.47-certdb-temp-cert.patch +++ /dev/null @@ -1,68 +0,0 @@ -From 9530978d1552674792e281391100269305a38c47 Mon Sep 17 00:00:00 2001 -From: Daiki Ueno <dueno@redhat.com> -Date: Fri, 6 Dec 2019 10:47:01 +0100 -Subject: [PATCH] Bug 1593167, certdb: propagate trust information if trust - module is loaded afterwards, r=rrelyea,keeler - -Summary: -When the builtin trust module is loaded after some temp certs being created, these temp certs are usually not accompanied by trust information. This causes a problem in Firefox as it loads the module from a separate thread while accessing the network cache which populates temp certs. - -This change makes it properly roll up the trust information, if a temp cert doesn't have trust information. - -Reviewers: rrelyea, keeler - -Reviewed By: rrelyea, keeler - -Subscribers: reviewbot, heftig - -Bug #: 1593167 - -Differential Revision: https://phabricator.services.mozilla.com/D54726 ---- - lib/pki/pki3hack.c | 30 ++++++++++++++++++++++-------- - 1 file changed, 22 insertions(+), 8 deletions(-) - -diff --git a/lib/pki/pki3hack.c b/lib/pki/pki3hack.c -index 29d2fb5a40..eac4a5705e 100644 ---- a/lib/pki/pki3hack.c -+++ b/lib/pki/pki3hack.c -@@ -921,14 +921,28 @@ stan_GetCERTCertificate(NSSCertificate *c, PRBool forceUpdate) - } - if (!cc->nssCertificate || forceUpdate) { - fill_CERTCertificateFields(c, cc, forceUpdate); -- } else if (CERT_GetCertTrust(cc, &certTrust) != SECSuccess && -- !c->object.cryptoContext) { -- /* if it's a perm cert, it might have been stored before the -- * trust, so look for the trust again. But a temp cert can be -- * ignored. -- */ -- CERTCertTrust *trust = NULL; -- trust = nssTrust_GetCERTCertTrustForCert(c, cc); -+ } else if (CERT_GetCertTrust(cc, &certTrust) != SECSuccess) { -+ CERTCertTrust *trust; -+ if (!c->object.cryptoContext) { -+ /* If it's a perm cert, it might have been stored before the -+ * trust, so look for the trust again. -+ */ -+ trust = nssTrust_GetCERTCertTrustForCert(c, cc); -+ } else { -+ /* If it's a temp cert, it might have been stored before the -+ * builtin trust module is loaded, so look for the trust -+ * again, but don't set the empty trust if it is not found. -+ */ -+ NSSTrust *t = nssTrustDomain_FindTrustForCertificate(c->object.cryptoContext->td, c); -+ if (!t) { -+ goto loser; -+ } -+ trust = cert_trust_from_stan_trust(t, cc->arena); -+ nssTrust_Destroy(t); -+ if (!trust) { -+ goto loser; -+ } -+ } - - CERT_LockCertTrust(cc); - cc->trust = trust; --- -2.24.0 -