diff options
| author | Natanael Copa <ncopa@alpinelinux.org> | 2014-03-03 14:05:03 +0000 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2014-03-03 14:05:03 +0000 |
| commit | 474e2665c36421fbdf81f35c7e14a019195e6b9b (patch) | |
| tree | b781ebe4a00475d898c12fac5587fa2a4a6c4f89 | |
| parent | 934da98b301e08141380811b39affba078ff7118 (diff) | |
| download | aports-474e2665c36421fbdf81f35c7e14a019195e6b9b.tar.bz2 aports-474e2665c36421fbdf81f35c7e14a019195e6b9b.tar.xz | |
main/nss: distrust mis-issued ANSSI/DCSSI cert
fixes #2572
| -rw-r--r-- | main/nss/APKBUILD | 6 | ||||
| -rw-r--r-- | main/nss/distrusted-ac-dg-tresor-ssl.patch | 39 |
2 files changed, 43 insertions, 2 deletions
diff --git a/main/nss/APKBUILD b/main/nss/APKBUILD index 4358dcfebe..c61f04777e 100644 --- a/main/nss/APKBUILD +++ b/main/nss/APKBUILD @@ -2,7 +2,7 @@ pkgname=nss pkgver=3.13.4 _ver=${pkgver//./_} -pkgrel=0 +pkgrel=1 pkgdesc="Mozilla Network Security Services" url="http://www.mozilla.org/projects/security/pki/nss/" arch="all" @@ -16,6 +16,7 @@ source="ftp://ftp.mozilla.org/pub/security/$pkgname/releases/NSS_${_ver}_RTM/src nss-config.in add_spi+cacert_ca_certs.patch ssl-renegotiate-transitional.patch + distrusted-ac-dg-tresor-ssl.patch " depends_dev="nspr-dev" @@ -145,4 +146,5 @@ e5c97db0c884d5f4cfda21e562dc9bba nss-no-rpath.patch c547b030c57fe1ed8b77c73bf52b3ded nss.pc.in 46bee81908f1e5b26d6a7a2e14c64d9f nss-config.in 7f39c19b1dfd62d7db7d8bf19f156fed add_spi+cacert_ca_certs.patch -d83c7b61abb7e9f8f7bcd157183d1ade ssl-renegotiate-transitional.patch" +d83c7b61abb7e9f8f7bcd157183d1ade ssl-renegotiate-transitional.patch +c529827935164ef44d68efab40352563 distrusted-ac-dg-tresor-ssl.patch" diff --git a/main/nss/distrusted-ac-dg-tresor-ssl.patch b/main/nss/distrusted-ac-dg-tresor-ssl.patch new file mode 100644 index 0000000000..924921ecca --- /dev/null +++ b/main/nss/distrusted-ac-dg-tresor-ssl.patch @@ -0,0 +1,39 @@ +diff --git a/mozilla/security/nss/lib/ckfw/builtins/certdata.txt b/mozilla/security/nss/lib/ckfw/builtins/certdata.txt +index a1d1e6e..3612ad1 100644 +--- a/mozilla/security/nss/lib/ckfw/builtins/certdata.txt ++++ b/mozilla/security/nss/lib/ckfw/builtins/certdata.txt +@@ -12507,6 +12507,34 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR + CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR + CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + ++# Distrust "Distrusted AC DG Tresor SSL" ++# Issuer: CN=AC DGTPE Signature Authentification,O=DGTPE,C=FR ++# Serial Number: 204199 (0x31da7) ++# Subject: CN=AC DG Tr..sor SSL,O=DG Tr..sor,C=FR ++# Not Valid Before: Thu Jul 18 10:05:28 2013 ++# Not Valid After : Fri Jul 18 10:05:28 2014 ++# Fingerprint (MD5): 3A:EA:9E:FC:00:0C:E2:06:6C:E0:AC:39:C1:31:DE:C8 ++# Fingerprint (SHA1): 5C:E3:39:46:5F:41:A1:E4:23:14:9F:65:54:40:95:40:4D:E6:EB:E2 ++CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST ++CKA_TOKEN CK_BBOOL CK_TRUE ++CKA_PRIVATE CK_BBOOL CK_FALSE ++CKA_MODIFIABLE CK_BBOOL CK_FALSE ++CKA_LABEL UTF8 "Distrusted AC DG Tresor SSL" ++CKA_ISSUER MULTILINE_OCTAL ++\060\113\061\013\060\011\006\003\125\004\006\023\002\106\122\061 ++\016\060\014\006\003\125\004\012\023\005\104\107\124\120\105\061 ++\054\060\052\006\003\125\004\003\023\043\101\103\040\104\107\124 ++\120\105\040\123\151\147\156\141\164\165\162\145\040\101\165\164 ++\150\145\156\164\151\146\151\143\141\164\151\157\156 ++END ++CKA_SERIAL_NUMBER MULTILINE_OCTAL ++\002\003\003\035\247 ++END ++CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED ++CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED ++CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED ++CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE ++ + # + # Certificate "Security Communication EV RootCA1" + # |