2 files changed, 65 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/nss/nss/0001-Bug-1750624-Pin-validation-date-for-PayPalEE-test-ce.patch b/meta-oe/recipes-support/nss/nss/0001-Bug-1750624-Pin-validation-date-for-PayPalEE-test-ce.patch
new file mode 100644
index 0000000000..d905bf10e3
--- /dev/null
+++ b/meta-oe/recipes-support/nss/nss/0001-Bug-1750624-Pin-validation-date-for-PayPalEE-test-ce.patch
@@ -0,0 +1,64 @@
+From 1109c1b8259ad840ac1688d533f76ca268c67b6b Mon Sep 17 00:00:00 2001
+From: "John M. Schanck" <jschanck@mozilla.com>
+Date: Sat, 5 Feb 2022 11:12:43 +0000
+Subject: [PATCH] Bug 1750624 - Pin validation date for PayPalEE test cert.
+ r=nss-reviewers,bbeurdouche,rrelyea
+Differential Revision: https://phabricator.services.mozilla.com/D136289
+--HG--
+extra : moz-landing-system : lando
+Upstream-Status: Backport
+---
+ tests/chains/chains.sh               | 6 +++++-
+ tests/chains/scenarios/realcerts.cfg | 1 +
+ 2 files changed, 6 insertions(+), 1 deletion(-)
+diff --git a/tests/chains/chains.sh b/tests/chains/chains.sh
+index 32c7ef54c..e13ae52f9 100755
+--- a/nss/tests/chains/chains.sh
+++ b/nss/tests/chains/chains.sh
+@@ -917,7 +917,7 @@ verify_cert()
+     done
+ 
+     VFY_OPTS_TNAME="${DB_OPT} ${ENGINE} ${TRUST_AND_DB_OPT} ${REV_OPTS} ${FETCH_OPT} ${USAGE_OPT} ${POLICY_OPT} ${TRUST_OPT}"
+-    VFY_OPTS_ALL="${DB_OPT} ${ENGINE} -vv ${TRUST_AND_DB_OPT} ${REV_OPTS} ${FETCH_OPT} ${USAGE_OPT} ${POLICY_OPT} ${VFY_CERTS} ${TRUST_OPT}"
+    VFY_OPTS_ALL="${DB_OPT} ${ENGINE} -vv ${VFY_TIME_OPT} ${TRUST_AND_DB_OPT} ${REV_OPTS} ${FETCH_OPT} ${USAGE_OPT} ${POLICY_OPT} ${VFY_CERTS} ${TRUST_OPT}"
+ 
+     TESTNAME="Verifying certificate(s) ${VFY_LIST} with flags ${VFY_OPTS_TNAME}"
+     echo "${SCRIPTNAME}: ${TESTNAME}"
+@@ -1118,6 +1118,7 @@ parse_config()
+             ;;
+         "verify")
+             VERIFY="${VALUE}"
+            VFY_TIME_OPT=
+             TRUST=
+             TRUST_AND_DB=
+             POLICY=
+@@ -1126,6 +1127,9 @@ parse_config()
+             REV_OPTS=
+             USAGE_OPT=
+             ;;
+        "at_time")
+            VFY_TIME_OPT="-b ${VALUE}"
+            ;;
+         "cert")
+             VERIFY="${VERIFY} ${VALUE}"
+             ;;
+diff --git a/tests/chains/scenarios/realcerts.cfg b/tests/chains/scenarios/realcerts.cfg
+index 305443fc3..f8b0fc452 100644
+--- a/nss/tests/chains/scenarios/realcerts.cfg
+++ b/nss/tests/chains/scenarios/realcerts.cfg
+@@ -22,6 +22,7 @@ verify TestUser51:x
+ 
+ verify PayPalEE:x
+   policy OID.2.16.840.1.114412.2.1 
+  at_time 2201010000Z
+   result pass
+ 
+ verify BrAirWaysBadSig:x
+-- 
+2.25.1
diff --git a/meta-oe/recipes-support/nss/nss_3.74.bb b/meta-oe/recipes-support/nss/nss_3.74.bb
index 4a9482fca4..a7048f0fe8 100644
--- a/meta-oe/recipes-support/nss/nss_3.74.bb
+++ b/meta-oe/recipes-support/nss/nss_3.74.bb
@@ -32,6 +32,7 @@ SRC_URI = "http://ftp.mozilla.org/pub/security/nss/releases/${VERSION_DIR}/src/$
           file://system-pkcs11.txt \
           file://nss-fix-nsinstall-build.patch \
           file://0001-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch \
+           file://0001-Bug-1750624-Pin-validation-date-for-PayPalEE-test-ce.patch \
           "
 SRC_URI[sha256sum] = "88928811f9f40f87d42e2eaccdf6e454562e51486067f2ddbe90aa47ea6cd056"

diff --git a/meta-oe/recipes-support/nss/nss/0001-Bug-1750624-Pin-validation-date-for-PayPalEE-test-ce.patch b/meta-oe/recipes-support/nss/nss/0001-Bug-1750624-Pin-validation-date-for-PayPalEE-test-ce.patch new file mode 100644 index 0000000000..d905bf10e3 --- /dev/null +++ b/meta-oe/recipes-support/nss/nss/0001-Bug-1750624-Pin-validation-date-for-PayPalEE-test-ce.patch
@@ -0,0 +1,64 @@
		1	From 1109c1b8259ad840ac1688d533f76ca268c67b6b Mon Sep 17 00:00:00 2001
		2	From: "John M. Schanck" <jschanck@mozilla.com>
		3	Date: Sat, 5 Feb 2022 11:12:43 +0000
		4	Subject: [PATCH] Bug 1750624 - Pin validation date for PayPalEE test cert.
		5	r=nss-reviewers,bbeurdouche,rrelyea
		6
		7	Differential Revision: https://phabricator.services.mozilla.com/D136289
		8
		9	--HG--
		10	extra : moz-landing-system : lando
		11
		12	Upstream-Status: Backport
		13
		14	---
		15	tests/chains/chains.sh \| 6 +++++-
		16	tests/chains/scenarios/realcerts.cfg \| 1 +
		17	2 files changed, 6 insertions(+), 1 deletion(-)
		18
		19	diff --git a/tests/chains/chains.sh b/tests/chains/chains.sh
		20	index 32c7ef54c..e13ae52f9 100755
		21	--- a/nss/tests/chains/chains.sh
		22	+++ b/nss/tests/chains/chains.sh
		23	@@ -917,7 +917,7 @@ verify_cert()
		24	done
		25
		26	VFY_OPTS_TNAME="${DB_OPT} ${ENGINE} ${TRUST_AND_DB_OPT} ${REV_OPTS} ${FETCH_OPT} ${USAGE_OPT} ${POLICY_OPT} ${TRUST_OPT}"
		27	- VFY_OPTS_ALL="${DB_OPT} ${ENGINE} -vv ${TRUST_AND_DB_OPT} ${REV_OPTS} ${FETCH_OPT} ${USAGE_OPT} ${POLICY_OPT} ${VFY_CERTS} ${TRUST_OPT}"
		28	+ VFY_OPTS_ALL="${DB_OPT} ${ENGINE} -vv ${VFY_TIME_OPT} ${TRUST_AND_DB_OPT} ${REV_OPTS} ${FETCH_OPT} ${USAGE_OPT} ${POLICY_OPT} ${VFY_CERTS} ${TRUST_OPT}"
		29
		30	TESTNAME="Verifying certificate(s) ${VFY_LIST} with flags ${VFY_OPTS_TNAME}"
		31	echo "${SCRIPTNAME}: ${TESTNAME}"
		32	@@ -1118,6 +1118,7 @@ parse_config()
		33	;;
		34	"verify")
		35	VERIFY="${VALUE}"
		36	+ VFY_TIME_OPT=
		37	TRUST=
		38	TRUST_AND_DB=
		39	POLICY=
		40	@@ -1126,6 +1127,9 @@ parse_config()
		41	REV_OPTS=
		42	USAGE_OPT=
		43	;;
		44	+ "at_time")
		45	+ VFY_TIME_OPT="-b ${VALUE}"
		46	+ ;;
		47	"cert")
		48	VERIFY="${VERIFY} ${VALUE}"
		49	;;
		50	diff --git a/tests/chains/scenarios/realcerts.cfg b/tests/chains/scenarios/realcerts.cfg
		51	index 305443fc3..f8b0fc452 100644
		52	--- a/nss/tests/chains/scenarios/realcerts.cfg
		53	+++ b/nss/tests/chains/scenarios/realcerts.cfg
		54	@@ -22,6 +22,7 @@ verify TestUser51:x
		55
		56	verify PayPalEE:x
		57	policy OID.2.16.840.1.114412.2.1
		58	+ at_time 2201010000Z
		59	result pass
		60
		61	verify BrAirWaysBadSig:x
		62	--
		63	2.25.1
		64


diff --git a/meta-oe/recipes-support/nss/nss_3.74.bb b/meta-oe/recipes-support/nss/nss_3.74.bb index 4a9482fca4..a7048f0fe8 100644 --- a/meta-oe/recipes-support/nss/nss_3.74.bb +++ b/meta-oe/recipes-support/nss/nss_3.74.bb
@@ -32,6 +32,7 @@ SRC_URI = "http://ftp.mozilla.org/pub/security/nss/releases/${VERSION_DIR}/src/$
32	file://system-pkcs11.txt \	32	file://system-pkcs11.txt \
33	file://nss-fix-nsinstall-build.patch \	33	file://nss-fix-nsinstall-build.patch \
34	file://0001-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch \	34	file://0001-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch \
		35	file://0001-Bug-1750624-Pin-validation-date-for-PayPalEE-test-ce.patch \
35	"	36	"
36	SRC_URI[sha256sum] = "88928811f9f40f87d42e2eaccdf6e454562e51486067f2ddbe90aa47ea6cd056"	37	SRC_URI[sha256sum] = "88928811f9f40f87d42e2eaccdf6e454562e51486067f2ddbe90aa47ea6cd056"
37		38