[arch-commits] Commit in nss/trunk (PKGBUILD legacy-certs.patch)
Jan Steffens
heftig at archlinux.org
Sat Jun 27 22:49:16 UTC 2015
Date: Sunday, June 28, 2015 @ 00:49:16
Author: heftig
Revision: 241303
FS#45479: Reenable two legacy certs
Added:
nss/trunk/legacy-certs.patch
(from rev 240589, nss/trunk/legacy-certs.patch)
Modified:
nss/trunk/PKGBUILD
--------------------+
PKGBUILD | 12 +++++++++---
legacy-certs.patch | 26 ++++++++++++++++++++++++++
2 files changed, 35 insertions(+), 3 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2015-06-27 20:34:18 UTC (rev 241302)
+++ PKGBUILD 2015-06-27 22:49:16 UTC (rev 241303)
@@ -4,7 +4,7 @@
pkgbase=nss
pkgname=(nss ca-certificates-mozilla)
pkgver=3.19.2
-pkgrel=1
+pkgrel=2
pkgdesc="Mozilla Network Security Services"
arch=(i686 x86_64)
url="http://www.mozilla.org/projects/security/pki/nss/"
@@ -14,12 +14,13 @@
makedepends=('perl' 'python2')
options=('!strip' '!makeflags' 'staticlibs')
source=("https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_${pkgver//./_}_RTM/src/${pkgbase}-${pkgver}.tar.gz"
- certdata2pem.py bundle.sh nss.pc.in nss-config.in)
+ certdata2pem.py bundle.sh nss.pc.in nss-config.in legacy-certs.patch)
sha256sums=('1306663e8f61d8449ad8cbcffab743a604dcd9f6f34232c210847c51dce2c9ae'
'af13c30801a8a27623948206458432a4cf98061b75ff6e5b5e03912f93c034ee'
'045f520403f715a4cc7f3607b4e2c9bcc88fee5bce58d462fddaa2fdb0e4c180'
'b9f1428ca2305bf30b109507ff335fa00bce5a7ce0434b50acd26ad7c47dd5bd'
- 'e44ac5095b4d88f24ec7b2e6a9f1581560bd3ad41a3d198596d67ef22f67adb9')
+ 'e44ac5095b4d88f24ec7b2e6a9f1581560bd3ad41a3d198596d67ef22f67adb9'
+ '22330fcde2dac5fa4733f7d77bffbbd31d91cbaa338738afdc2a8ebfccb61184')
prepare() {
mkdir certs
@@ -26,6 +27,11 @@
cd nss-$pkgver
+ # FS#45479: Reenable two weak Verisign certificates used by login.live.com
+ # Otherwise, accessing this site via Epiphany (GnuTLS) or Skype (OpenSSL) fails
+ # Also see https://gist.github.com/grawity/15eabf67191e17080241
+ patch nss/lib/ckfw/builtins/certdata.txt ../legacy-certs.patch
+
# Respect LDFLAGS
sed -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/' \
-i nss/coreconf/rules.mk
Copied: nss/trunk/legacy-certs.patch (from rev 240589, nss/trunk/legacy-certs.patch)
===================================================================
--- legacy-certs.patch (rev 0)
+++ legacy-certs.patch 2015-06-27 22:49:16 UTC (rev 241303)
@@ -0,0 +1,26 @@
+--- certdata.txt 2015-06-27 23:31:01.419795911 +0200
++++ certdata-legacy-less.txt 2015-06-27 23:57:47.106199639 +0200
+@@ -577,9 +577,9 @@
+ \002\020\160\272\344\035\020\331\051\064\266\070\312\173\003\314
+ \272\277
+ END
+-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
++CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
++CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+ CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+ #
+@@ -17186,9 +17186,9 @@
+ \002\020\074\221\061\313\037\366\320\033\016\232\270\320\104\277
+ \022\276
+ END
+-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
++CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
++CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+ CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+ #
More information about the arch-commits
mailing list