GitLab

If I try to update NSS from 3.51.1 to 3.52 and build the package, the following error is generated:

Linux5.4_x86_64_gcc_glibc_PTH_64_OPT.OBJ/certdata.c:14:51: error: 'CKO_NETSCAPE_TRUST' undeclared here (not in a 
function); did you mean 'CKO_NSS_TRUST'?                                                                         
   14 | static const CK_OBJECT_CLASS cko_netscape_trust = CKO_NETSCAPE_TRUST;                                    
      |                                                   ^~~~~~~~~~~~~~~~~~                                     
      |                                                   CKO_NSS_TRUST                                          
Linux5.4_x86_64_gcc_glibc_PTH_64_OPT.OBJ/certdata.c:17:56: error: 'CKT_NETSCAPE_TRUSTED_DELEGATOR' undeclared her
e (not in a function); did you mean 'CKT_NSS_TRUSTED_DELEGATOR'?
   17 | static const CK_TRUST ckt_netscape_trusted_delegator = CKT_NETSCAPE_TRUSTED_DELEGATOR;
      |                                                        ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      |                                                        CKT_NSS_TRUSTED_DELEGATOR
make[3]: *** [../../../coreconf/rules.mk:410: Linux5.4_x86_64_gcc_glibc_PTH_64_OPT.OBJ/certdata.o] Error 1

After removing the patch 'add_spi+cacert_ca_certs.patch', NSS 3.52 will build without problems.

This patch was added in 2010 and last changed in 2013. I see it add various certificates, but I'm not sure why this was/is needed in Alpine? Void Linux does not use the patch. Can anyone explain?

I'm wondering if this could be a security issue with NSS in Alpine? who knows if any of these old certificates added with the patch has been revoked long ago?