Update to nss 3.12.11p0 with ckbi 1.87, ckbi being the internal builtin CA

root/certificate database. This special release (along incoming mozilla releases) fixes the DigiNotar mess, for which more info is available at http://blog.gerv.net/2011/09/diginotar-compromise/, MFSA2011-34 and http://blog.mozilla.com/security/2011/09/02/diginotar-removal-follow-up/
2011-09-06 19:39:34 +00:00 · 2011-09-06 19:39:34 +00:00 · 21a1502fbb
commit 21a1502fbb
parent e0aed4fb77
4 changed files with 1129 additions and 50 deletions
--- a/security/nss/Makefile
+++ b/security/nss/Makefile
@ -1,16 +1,19 @@
-# $OpenBSD: Makefile,v 1.22 2011/08/23 20:07:50 landry Exp $
+# $OpenBSD: Makefile,v 1.23 2011/09/06 19:39:34 landry Exp $

 SHARED_ONLY=		Yes

 COMMENT=		libraries to support development of security-enabled apps

 VERSION=		3.12.11
-DISTNAME=		nss-${VERSION}
+DISTNAME=		nss-${VERSION}.with.ckbi.1.87
+WRKDIST=		${WRKDIR}/nss-${VERSION}
+PKGNAME =		nss-${VERSION}
 SO_VERSION=		28.0
 .for _lib in freebl3 nss3 nssckbi nssdbm3 nssutil3 smime3 softokn3 ssl3
 SHARED_LIBS+=		${_lib} ${SO_VERSION}
 .endfor
 CATEGORIES=		security
+REVISION=		0

 HOMEPAGE=		http://www.mozilla.org/projects/security/pki/nss/

@ -23,8 +26,10 @@ PERMIT_DISTFILES_CDROM=	Yes
 PERMIT_DISTFILES_FTP=	Yes
 WANTLIB += c pthread z nspr4 plc4 plds4 sqlite3

-MASTER_SITES=		http://ftp.eu.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_${VERSION:S/./_/g}_RTM/src/ \
-			http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_${VERSION:S/./_/g}_RTM/src/
+MASTER_SITES =		ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_12_11_WITH_CKBI_1_87_RTM/src/
+#for regular releases
+#MASTER_SITES=		http://ftp.eu.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_${VERSION:S/./_/g}_RTM/src/ \
+#			http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_${VERSION:S/./_/g}_RTM/src/

 LIB_DEPENDS=		devel/nspr>=4.8 \
 			databases/sqlite3>=3.6.13
--- a/security/nss/distinfo
+++ b/security/nss/distinfo
@ -1,5 +1,5 @@
-MD5 (nss-3.12.11.tar.gz) = ygygWDgL4gDPJH6iSWtTUg==
-RMD160 (nss-3.12.11.tar.gz) = RSjUvplrzoAf9fTJeEV70XyOhiU=
-SHA1 (nss-3.12.11.tar.gz) = GHroOoNoUSu4cpwgbaLtNNsXJa0=
-SHA256 (nss-3.12.11.tar.gz) = 0EP41EISvJQYtqlUyojgW4qypx+MWeaCmpo22KKOnxY=
-SIZE (nss-3.12.11.tar.gz) = 5944840
+MD5 (nss-3.12.11.with.ckbi.1.87.tar.gz) = qatOBYZYJjpvEo+zhtawZg==
+RMD160 (nss-3.12.11.with.ckbi.1.87.tar.gz) = hQ8zVNa4AP+QjSsbT7FKOV9l3ns=
+SHA1 (nss-3.12.11.with.ckbi.1.87.tar.gz) = 92l2EDiiZn51HoTWg/IyImEzg1Q=
+SHA256 (nss-3.12.11.with.ckbi.1.87.tar.gz) = S4SnzTYb8tFJNdDydoHdFIzzEk7fVYonHP3oiC9/cCA=
+SIZE (nss-3.12.11.with.ckbi.1.87.tar.gz) = 6035595
--- a/security/nss/patches/patch-mozilla_security_nss_lib_ckfw_builtins_certdata_c
+++ b/security/nss/patches/patch-mozilla_security_nss_lib_ckfw_builtins_certdata_c
--- a/security/nss/patches/patch-mozilla_security_nss_lib_ckfw_builtins_certdata_txt
+++ b/security/nss/patches/patch-mozilla_security_nss_lib_ckfw_builtins_certdata_txt
@ -1,7 +1,9 @@
-$OpenBSD: patch-mozilla_security_nss_lib_ckfw_builtins_certdata_txt,v 1.5 2011/08/23 20:07:50 landry Exp $
--- mozilla/security/nss/lib/ckfw/builtins/certdata.txt.orig	Thu Apr  7 01:59:09 2011
-+++ mozilla/security/nss/lib/ckfw/builtins/certdata.txt	Sat Jul 30 16:22:25 2011
-@@ -15040,6 +15040,352 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUST_UNK
+$OpenBSD: patch-mozilla_security_nss_lib_ckfw_builtins_certdata_txt,v 1.6 2011/09/06 19:39:34 landry Exp $
+add CACert CA
+https://bugzilla.mozilla.org/show_bug.cgi?id=215243
+--- mozilla/security/nss/lib/ckfw/builtins/certdata.txt.orig	Fri Sep  2 21:39:06 2011
+++ mozilla/security/nss/lib/ckfw/builtins/certdata.txt	Fri Sep  2 22:24:18 2011
+@@ -14885,6 +14885,352 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUST_UNK
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #