Date: Sunday, June 28, 2015 @ 00:49:16 Author: heftig Revision: 241303
FS#45479: Reenable two legacy certs Added: nss/trunk/legacy-certs.patch (from rev 240589, nss/trunk/legacy-certs.patch) Modified: nss/trunk/PKGBUILD --------------------+ PKGBUILD | 12 +++++++++--- legacy-certs.patch | 26 ++++++++++++++++++++++++++ 2 files changed, 35 insertions(+), 3 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2015-06-27 20:34:18 UTC (rev 241302) +++ PKGBUILD 2015-06-27 22:49:16 UTC (rev 241303) @@ -4,7 +4,7 @@ pkgbase=nss pkgname=(nss ca-certificates-mozilla) pkgver=3.19.2 -pkgrel=1 +pkgrel=2 pkgdesc="Mozilla Network Security Services" arch=(i686 x86_64) url="http://www.mozilla.org/projects/security/pki/nss/" @@ -14,12 +14,13 @@ makedepends=('perl' 'python2') options=('!strip' '!makeflags' 'staticlibs') source=("https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_${pkgver//./_}_RTM/src/${pkgbase}-${pkgver}.tar.gz" - certdata2pem.py bundle.sh nss.pc.in nss-config.in) + certdata2pem.py bundle.sh nss.pc.in nss-config.in legacy-certs.patch) sha256sums=('1306663e8f61d8449ad8cbcffab743a604dcd9f6f34232c210847c51dce2c9ae' 'af13c30801a8a27623948206458432a4cf98061b75ff6e5b5e03912f93c034ee' '045f520403f715a4cc7f3607b4e2c9bcc88fee5bce58d462fddaa2fdb0e4c180' 'b9f1428ca2305bf30b109507ff335fa00bce5a7ce0434b50acd26ad7c47dd5bd' - 'e44ac5095b4d88f24ec7b2e6a9f1581560bd3ad41a3d198596d67ef22f67adb9') + 'e44ac5095b4d88f24ec7b2e6a9f1581560bd3ad41a3d198596d67ef22f67adb9' + '22330fcde2dac5fa4733f7d77bffbbd31d91cbaa338738afdc2a8ebfccb61184') prepare() { mkdir certs @@ -26,6 +27,11 @@ cd nss-$pkgver + # FS#45479: Reenable two weak Verisign certificates used by login.live.com + # Otherwise, accessing this site via Epiphany (GnuTLS) or Skype (OpenSSL) fails + # Also see https://gist.github.com/grawity/15eabf67191e17080241 + patch nss/lib/ckfw/builtins/certdata.txt ../legacy-certs.patch + # Respect LDFLAGS sed -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/' \ -i nss/coreconf/rules.mk Copied: nss/trunk/legacy-certs.patch (from rev 240589, nss/trunk/legacy-certs.patch) =================================================================== --- legacy-certs.patch (rev 0) +++ legacy-certs.patch 2015-06-27 22:49:16 UTC (rev 241303) @@ -0,0 +1,26 @@ +--- certdata.txt 2015-06-27 23:31:01.419795911 +0200 ++++ certdata-legacy-less.txt 2015-06-27 23:57:47.106199639 +0200 +@@ -577,9 +577,9 @@ + \002\020\160\272\344\035\020\331\051\064\266\070\312\173\003\314 + \272\277 + END +-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST ++CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR + CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST ++CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR + CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + + # +@@ -17186,9 +17186,9 @@ + \002\020\074\221\061\313\037\366\320\033\016\232\270\320\104\277 + \022\276 + END +-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST ++CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR + CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST ++CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR + CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + + #