[arch-commits] Commit in lib32-nss/repos/multilib-testing-x86_64 (6 files)
Jan Steffens
heftig at archlinux.org
Tue Dec 3 15:06:45 UTC 2019
Date: Tuesday, December 3, 2019 @ 15:06:44
Author: heftig
Revision: 534958
archrelease: copy trunk to multilib-testing-x86_64
Added:
lib32-nss/repos/multilib-testing-x86_64/PKGBUILD
(from rev 534957, lib32-nss/trunk/PKGBUILD)
lib32-nss/repos/multilib-testing-x86_64/no-plt.diff
(from rev 534957, lib32-nss/trunk/no-plt.diff)
lib32-nss/repos/multilib-testing-x86_64/nss-3.47-certdb-temp-cert.patch
(from rev 534957, lib32-nss/trunk/nss-3.47-certdb-temp-cert.patch)
Deleted:
lib32-nss/repos/multilib-testing-x86_64/PKGBUILD
lib32-nss/repos/multilib-testing-x86_64/no-plt.diff
lib32-nss/repos/multilib-testing-x86_64/nss-3.47-certdb-temp-cert.patch
---------------------------------+
PKGBUILD | 128 +++++++++++++++++++-------------------
no-plt.diff | 96 ++++++++++++++--------------
nss-3.47-certdb-temp-cert.patch | 85 +++++++++++++++++++------
3 files changed, 176 insertions(+), 133 deletions(-)
Deleted: PKGBUILD
===================================================================
--- PKGBUILD 2019-12-03 15:06:29 UTC (rev 534957)
+++ PKGBUILD 2019-12-03 15:06:44 UTC (rev 534958)
@@ -1,64 +0,0 @@
-# Maintainer: Daniel Wallace <danielwallace at gtmanfred dot com>
-# Contributor: kfgz <kfgz at interia pl>
-# Contributor: Ionut Biru <ibiru at archlinux dot org>
-
-pkgname=lib32-nss
-pkgver=3.47.1
-pkgrel=3
-pkgdesc="Network Security Services (32-bit)"
-url="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
-arch=(x86_64)
-license=(MPL GPL)
-_nsprver=4.20
-depends=("lib32-nspr>=${_nsprver}" lib32-sqlite lib32-zlib lib32-p11-kit nss)
-makedepends=(perl python2 gyp)
-source=("https://ftp.mozilla.org/pub/security/nss/releases/NSS_${pkgver//./_}_RTM/src/nss-${pkgver}.tar.gz"
- nss-3.47-certdb-temp-cert.patch
- no-plt.diff)
-sha256sums=('1ae3d1cb1de345b258788f2ef6b10a460068034c3fd64f42427a183d8342a6fb'
- '82d7924d7c3491de04f42c240fef6dd6e80fc5004ab44f55e6f03571d2d02e58'
- 'ea8e1b871c0f1dd29cdea1b1a2e7f47bf4713e2ae7b947ec832dba7dfcc67daa')
-
-prepare() {
- mkdir path
-
- ln -s /usr/bin/python2 path/python
-
- cd nss-$pkgver
-
- # https://bugzilla.mozilla.org/show_bug.cgi?id=1382942
- patch -Np2 -i ../no-plt.diff
-
- # https://bugzilla.mozilla.org/show_bug.cgi?id=1593167
- patch -d nss -Np1 < ../nss-3.47-certdb-temp-cert.patch
-}
-
-build() {
- export PKG_CONFIG_PATH=/usr/lib32/pkgconfig
-
- cd nss-$pkgver/nss
- PATH="$srcdir/path:$PATH" bash -x ./build.sh -v \
- --m32 --opt --system-sqlite --system-nspr --enable-libpkix --disable-tests
-}
-
-package() {
- cd nss-$pkgver
-
- sed nss/pkg/pkg-config/nss.pc.in \
- -e "s,%libdir%,/usr/lib32,g" \
- -e "s,%prefix%,/usr,g" \
- -e "s,%exec_prefix%,/usr/bin,g" \
- -e "s,%includedir%,/usr/include/nss,g" \
- -e "s,%NSPR_VERSION%,$_nsprver,g" \
- -e "s,%NSS_VERSION%,$pkgver,g" |
- install -Dm644 /dev/stdin "$pkgdir/usr/lib32/pkgconfig/nss.pc"
-
- ln -s nss.pc "$pkgdir/usr/lib32/pkgconfig/mozilla-nss.pc"
-
- cd dist/Release/lib
- install -Dt "$pkgdir/usr/lib32" *.so
- install -Dt "$pkgdir/usr/lib32" -m644 *.chk
-
- # Replace built-in trust with p11-kit connection
- ln -sf libnssckbi-p11-kit.so "$pkgdir/usr/lib32/libnssckbi.so"
-}
Copied: lib32-nss/repos/multilib-testing-x86_64/PKGBUILD (from rev 534957, lib32-nss/trunk/PKGBUILD)
===================================================================
--- PKGBUILD (rev 0)
+++ PKGBUILD 2019-12-03 15:06:44 UTC (rev 534958)
@@ -0,0 +1,64 @@
+# Maintainer: Daniel Wallace <danielwallace at gtmanfred dot com>
+# Contributor: kfgz <kfgz at interia pl>
+# Contributor: Ionut Biru <ibiru at archlinux dot org>
+
+pkgname=lib32-nss
+pkgver=3.47.1
+pkgrel=4
+pkgdesc="Network Security Services (32-bit)"
+url="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
+arch=(x86_64)
+license=(MPL GPL)
+_nsprver=4.20
+depends=("lib32-nspr>=${_nsprver}" lib32-sqlite lib32-zlib lib32-p11-kit nss)
+makedepends=(perl python2 gyp)
+source=("https://ftp.mozilla.org/pub/security/nss/releases/NSS_${pkgver//./_}_RTM/src/nss-${pkgver}.tar.gz"
+ nss-3.47-certdb-temp-cert.patch
+ no-plt.diff)
+sha256sums=('1ae3d1cb1de345b258788f2ef6b10a460068034c3fd64f42427a183d8342a6fb'
+ 'd2a0631328883bdee211d02f0748c97d72ef1462f28415e85efcfb0a6d066dd3'
+ 'ea8e1b871c0f1dd29cdea1b1a2e7f47bf4713e2ae7b947ec832dba7dfcc67daa')
+
+prepare() {
+ mkdir path
+
+ ln -s /usr/bin/python2 path/python
+
+ cd nss-$pkgver
+
+ # https://bugzilla.mozilla.org/show_bug.cgi?id=1382942
+ patch -Np2 -i ../no-plt.diff
+
+ # https://bugzilla.mozilla.org/show_bug.cgi?id=1593167
+ patch -d nss -Np1 < ../nss-3.47-certdb-temp-cert.patch
+}
+
+build() {
+ export PKG_CONFIG_PATH=/usr/lib32/pkgconfig
+
+ cd nss-$pkgver/nss
+ PATH="$srcdir/path:$PATH" bash -x ./build.sh -v \
+ --m32 --opt --system-sqlite --system-nspr --enable-libpkix --disable-tests
+}
+
+package() {
+ cd nss-$pkgver
+
+ sed nss/pkg/pkg-config/nss.pc.in \
+ -e "s,%libdir%,/usr/lib32,g" \
+ -e "s,%prefix%,/usr,g" \
+ -e "s,%exec_prefix%,/usr/bin,g" \
+ -e "s,%includedir%,/usr/include/nss,g" \
+ -e "s,%NSPR_VERSION%,$_nsprver,g" \
+ -e "s,%NSS_VERSION%,$pkgver,g" |
+ install -Dm644 /dev/stdin "$pkgdir/usr/lib32/pkgconfig/nss.pc"
+
+ ln -s nss.pc "$pkgdir/usr/lib32/pkgconfig/mozilla-nss.pc"
+
+ cd dist/Release/lib
+ install -Dt "$pkgdir/usr/lib32" *.so
+ install -Dt "$pkgdir/usr/lib32" -m644 *.chk
+
+ # Replace built-in trust with p11-kit connection
+ ln -sf libnssckbi-p11-kit.so "$pkgdir/usr/lib32/libnssckbi.so"
+}
Deleted: no-plt.diff
===================================================================
--- no-plt.diff 2019-12-03 15:06:29 UTC (rev 534957)
+++ no-plt.diff 2019-12-03 15:06:44 UTC (rev 534958)
@@ -1,48 +0,0 @@
-diff --git i/security/nss/lib/freebl/mpi/mpi_x86.s w/security/nss/lib/freebl/mpi/mpi_x86.s
-index 8f7e2130c3264754..b3ca1ce5b41b3771 100644
---- i/security/nss/lib/freebl/mpi/mpi_x86.s
-+++ w/security/nss/lib/freebl/mpi/mpi_x86.s
-@@ -22,22 +22,41 @@ is_sse: .long -1
- #
- .ifndef NO_PIC
- .macro GET var,reg
-- movl \var at GOTOFF(%ebx),\reg
-+ call thunk.ax
-+ addl $_GLOBAL_OFFSET_TABLE_, %eax
-+ movl \var at GOTOFF(%eax),\reg
- .endm
- .macro PUT reg,var
-- movl \reg,\var at GOTOFF(%ebx)
-+ call thunk.dx
-+ addl $_GLOBAL_OFFSET_TABLE_, %edx
-+ movl \reg,\var at GOTOFF(%edx)
- .endm
- .else
- .macro GET var,reg
- movl \var,\reg
- .endm
- .macro PUT reg,var
- movl \reg,\var
- .endm
- .endif
-
- .text
-
-+.ifndef NO_PIC
-+.globl thunk.ax
-+.hidden thunk.ax
-+.type thunk.ax, @function
-+thunk.ax:
-+ movl (%esp),%eax
-+ ret
-+
-+.globl thunk.dx
-+.hidden thunk.dx
-+.type thunk.dx, @function
-+thunk.dx:
-+ movl (%esp),%edx
-+ ret
-+.endif
-
- # ebp - 36: caller's esi
- # ebp - 32: caller's edi
Copied: lib32-nss/repos/multilib-testing-x86_64/no-plt.diff (from rev 534957, lib32-nss/trunk/no-plt.diff)
===================================================================
--- no-plt.diff (rev 0)
+++ no-plt.diff 2019-12-03 15:06:44 UTC (rev 534958)
@@ -0,0 +1,48 @@
+diff --git i/security/nss/lib/freebl/mpi/mpi_x86.s w/security/nss/lib/freebl/mpi/mpi_x86.s
+index 8f7e2130c3264754..b3ca1ce5b41b3771 100644
+--- i/security/nss/lib/freebl/mpi/mpi_x86.s
++++ w/security/nss/lib/freebl/mpi/mpi_x86.s
+@@ -22,22 +22,41 @@ is_sse: .long -1
+ #
+ .ifndef NO_PIC
+ .macro GET var,reg
+- movl \var at GOTOFF(%ebx),\reg
++ call thunk.ax
++ addl $_GLOBAL_OFFSET_TABLE_, %eax
++ movl \var at GOTOFF(%eax),\reg
+ .endm
+ .macro PUT reg,var
+- movl \reg,\var at GOTOFF(%ebx)
++ call thunk.dx
++ addl $_GLOBAL_OFFSET_TABLE_, %edx
++ movl \reg,\var at GOTOFF(%edx)
+ .endm
+ .else
+ .macro GET var,reg
+ movl \var,\reg
+ .endm
+ .macro PUT reg,var
+ movl \reg,\var
+ .endm
+ .endif
+
+ .text
+
++.ifndef NO_PIC
++.globl thunk.ax
++.hidden thunk.ax
++.type thunk.ax, @function
++thunk.ax:
++ movl (%esp),%eax
++ ret
++
++.globl thunk.dx
++.hidden thunk.dx
++.type thunk.dx, @function
++thunk.dx:
++ movl (%esp),%edx
++ ret
++.endif
+
+ # ebp - 36: caller's esi
+ # ebp - 32: caller's edi
Deleted: nss-3.47-certdb-temp-cert.patch
===================================================================
--- nss-3.47-certdb-temp-cert.patch 2019-12-03 15:06:29 UTC (rev 534957)
+++ nss-3.47-certdb-temp-cert.patch 2019-12-03 15:06:44 UTC (rev 534958)
@@ -1,21 +0,0 @@
-diff --git a/lib/pki/pki3hack.c b/lib/pki/pki3hack.c
---- a/lib/pki/pki3hack.c
-+++ b/lib/pki/pki3hack.c
-@@ -921,11 +921,11 @@
- }
- if (!cc->nssCertificate || forceUpdate) {
- fill_CERTCertificateFields(c, cc, forceUpdate);
-- } else if (CERT_GetCertTrust(cc, &certTrust) != SECSuccess &&
-- !c->object.cryptoContext) {
-- /* if it's a perm cert, it might have been stored before the
-- * trust, so look for the trust again. But a temp cert can be
-- * ignored.
-+ } else if (CERT_GetCertTrust(cc, &certTrust) != SECSuccess) {
-+ /* If it's a perm cert, it might have been stored before the
-+ * trust, so look for the trust again. If it's a temp cert, it
-+ * might have been stored before the builtin module is loaded,
-+ * so still need to look for the trust again.
- */
- CERTCertTrust *trust = NULL;
- trust = nssTrust_GetCERTCertTrustForCert(c, cc);
-
Copied: lib32-nss/repos/multilib-testing-x86_64/nss-3.47-certdb-temp-cert.patch (from rev 534957, lib32-nss/trunk/nss-3.47-certdb-temp-cert.patch)
===================================================================
--- nss-3.47-certdb-temp-cert.patch (rev 0)
+++ nss-3.47-certdb-temp-cert.patch 2019-12-03 15:06:44 UTC (rev 534958)
@@ -0,0 +1,64 @@
+# HG changeset patch
+# User Daiki Ueno <dueno at redhat.com>
+# Date 1575381287 -3600
+# Tue Dec 03 14:54:47 2019 +0100
+# Node ID 5ad40d3c760edac96d22b99e4e3e916b74f903fe
+# Parent d64102b76a437f24d98a20480dcc9f1655143e7c
+Bug 1593167, certdb: prefer perm certs over temp certs when trust is not available
+
+Summary:
+When a builtin root module is loaded after some temp certs being
+loaded, our certificate lookup logic preferred those temp certs over
+perm certs stored on the root module. This was a problem because such
+temp certs are usually not accompanied with trust information.
+
+This makes the certificate lookup logic capable of handling such
+situations by checking if the trust information is attached to temp
+certs and otherwise falling back to perm certs.
+
+Reviewers: rrelyea, keeler
+
+Reviewed By: rrelyea
+
+Subscribers: reviewbot, heftig
+
+Bug #: 1593167
+
+Differential Revision: https://phabricator.services.mozilla.com/D54726
+
+diff --git a/lib/pki/pki3hack.c b/lib/pki/pki3hack.c
+--- a/lib/pki/pki3hack.c
++++ b/lib/pki/pki3hack.c
+@@ -921,14 +921,24 @@ stan_GetCERTCertificate(NSSCertificate *
+ }
+ if (!cc->nssCertificate || forceUpdate) {
+ fill_CERTCertificateFields(c, cc, forceUpdate);
+- } else if (CERT_GetCertTrust(cc, &certTrust) != SECSuccess &&
+- !c->object.cryptoContext) {
+- /* if it's a perm cert, it might have been stored before the
+- * trust, so look for the trust again. But a temp cert can be
+- * ignored.
+- */
+- CERTCertTrust *trust = NULL;
+- trust = nssTrust_GetCERTCertTrustForCert(c, cc);
++ } else if (CERT_GetCertTrust(cc, &certTrust) != SECSuccess) {
++ CERTCertTrust *trust;
++ if (!c->object.cryptoContext) {
++ /* If it's a perm cert, it might have been stored before the
++ * trust, so look for the trust again.
++ */
++ trust = nssTrust_GetCERTCertTrustForCert(c, cc);
++ } else {
++ /* If it's a temp cert, it might have been stored before
++ * the builtin module is loaded, so look for the trust
++ * again, but not set the empty trust if not found.
++ */
++ NSSTrust *t = nssTrustDomain_FindTrustForCertificate(c->object.cryptoContext->td, c);
++ if (!t) {
++ goto loser;
++ }
++ trust = cert_trust_from_stan_trust(t, cc->arena);
++ }
+
+ CERT_LockCertTrust(cc);
+ cc->trust = trust;
More information about the arch-commits
mailing list