[arch-commits] Commit in nss/trunk (PKGBUILD nss-3.47-certdb-temp-cert.patch)

Jan Steffens heftig at archlinux.org
Tue Jan 7 20:10:40 UTC 2020 

    Date: Tuesday, January 7, 2020 @ 20:10:40
  Author: heftig
Revision: 372769

3.49-1

Modified:
  nss/trunk/PKGBUILD
Deleted:
  nss/trunk/nss-3.47-certdb-temp-cert.patch

---------------------------------+
 PKGBUILD                        |    9 +----
 nss-3.47-certdb-temp-cert.patch |   68 --------------------------------------
 2 files changed, 2 insertions(+), 75 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2020-01-07 20:01:26 UTC (rev 372768)
+++ PKGBUILD	2020-01-07 20:10:40 UTC (rev 372769)
@@ -2,7 +2,7 @@
 
 pkgbase=nss
 pkgname=(nss ca-certificates-mozilla)
-pkgver=3.48
+pkgver=3.49
 pkgrel=1
 pkgdesc="Network Security Services"
 url="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
@@ -12,10 +12,8 @@
 depends=("nspr>=${_nsprver}" sqlite zlib sh p11-kit)
 makedepends=(perl python gyp)
 source=("https://ftp.mozilla.org/pub/security/nss/releases/NSS_${pkgver//./_}_RTM/src/nss-${pkgver}.tar.gz"
-        nss-3.47-certdb-temp-cert.patch
         certdata2pem.py bundle.sh)
-sha256sums=('3f9c822a86a4e3e1bfe63e2ed0f922d8b7c2e0b7cafe36774b1c627970d0f8ac'
-            'bd16ba87e5ea736888f76dd54dff18b25ca6608245c0195fb85bad3d782db73c'
+sha256sums=('6738094dc4fd63061118a122bf3999a64fe8c7117fc52f6e81c2279181bde71d'
             '0be02cecc27a6e55e1cad1783033b147f502b26f9fb1bb5a53e7a43bbcb68fa0'
             '3bfadf722da6773bdabdd25bdf78158648043d1b7e57615574f189a88ca865dd')
 
@@ -25,9 +23,6 @@
   cd nss-$pkgver
   ln -sr nss/lib/ckfw/builtins/certdata.txt ../certs/
   ln -sr nss/lib/ckfw/builtins/nssckbi.h ../certs/
-
-  # https://bugzilla.mozilla.org/show_bug.cgi?id=1593167
-  patch -d nss -Np1 < ../nss-3.47-certdb-temp-cert.patch
 }
 
 build() {

Deleted: nss-3.47-certdb-temp-cert.patch
===================================================================
--- nss-3.47-certdb-temp-cert.patch	2020-01-07 20:01:26 UTC (rev 372768)
+++ nss-3.47-certdb-temp-cert.patch	2020-01-07 20:10:40 UTC (rev 372769)
@@ -1,68 +0,0 @@
-From 9530978d1552674792e281391100269305a38c47 Mon Sep 17 00:00:00 2001
-From: Daiki Ueno <dueno at redhat.com>
-Date: Fri, 6 Dec 2019 10:47:01 +0100
-Subject: [PATCH] Bug 1593167, certdb: propagate trust information if trust
- module is loaded afterwards, r=rrelyea,keeler
-
-Summary:
-When the builtin trust module is loaded after some temp certs being created, these temp certs are usually not accompanied by trust information. This causes a problem in Firefox as it loads the module from a separate thread while accessing the network cache which populates temp certs.
-
-This change makes it properly roll up the trust information, if a temp cert doesn't have trust information.
-
-Reviewers: rrelyea, keeler
-
-Reviewed By: rrelyea, keeler
-
-Subscribers: reviewbot, heftig
-
-Bug #: 1593167
-
-Differential Revision: https://phabricator.services.mozilla.com/D54726
----
- lib/pki/pki3hack.c | 30 ++++++++++++++++++++++--------
- 1 file changed, 22 insertions(+), 8 deletions(-)
-
-diff --git a/lib/pki/pki3hack.c b/lib/pki/pki3hack.c
-index 29d2fb5a40..eac4a5705e 100644
---- a/lib/pki/pki3hack.c
-+++ b/lib/pki/pki3hack.c
-@@ -921,14 +921,28 @@ stan_GetCERTCertificate(NSSCertificate *c, PRBool forceUpdate)
-     }
-     if (!cc->nssCertificate || forceUpdate) {
-         fill_CERTCertificateFields(c, cc, forceUpdate);
--    } else if (CERT_GetCertTrust(cc, &certTrust) != SECSuccess &&
--               !c->object.cryptoContext) {
--        /* if it's a perm cert, it might have been stored before the
--         * trust, so look for the trust again.  But a temp cert can be
--         * ignored.
--         */
--        CERTCertTrust *trust = NULL;
--        trust = nssTrust_GetCERTCertTrustForCert(c, cc);
-+    } else if (CERT_GetCertTrust(cc, &certTrust) != SECSuccess) {
-+        CERTCertTrust *trust;
-+        if (!c->object.cryptoContext) {
-+            /* If it's a perm cert, it might have been stored before the
-+             * trust, so look for the trust again.
-+             */
-+            trust = nssTrust_GetCERTCertTrustForCert(c, cc);
-+        } else {
-+            /* If it's a temp cert, it might have been stored before the
-+             * builtin trust module is loaded, so look for the trust
-+             * again, but don't set the empty trust if it is not found.
-+             */
-+            NSSTrust *t = nssTrustDomain_FindTrustForCertificate(c->object.cryptoContext->td, c);
-+            if (!t) {
-+                goto loser;
-+            }
-+            trust = cert_trust_from_stan_trust(t, cc->arena);
-+            nssTrust_Destroy(t);
-+            if (!trust) {
-+                goto loser;
-+            }
-+        }
- 
-         CERT_LockCertTrust(cc);
-         cc->trust = trust;
--- 
-2.24.0
-

More information about the arch-commits mailing list