nss: Provide a more stable URL for pkgconfig patch

Since 2bf0f84f1f, the patch isn't in our
repository anymore but being fetched from its origin.

However, the origin URL is always pointing to the latest master version
of Gentoo. This has the downside that whenever Gentoo changes the patch,
our build of NSS will be broken.

Also, I'm providing a comment here indicating what the patch does.

As to the reason *why* the patch is there, I vaguely remeber seeing a
few libraries/applications that depend on NSS relying that there's a
pkgconfig file.

After checking a few distros, they all seem to have it:

https://anonscm.debian.org/cgit/pkg-mozilla/nss.git/tree/debian?id=5306c4192d6bc0a2685842e9fd533196e7302297
https://apps.fedoraproject.org/packages/nss-devel/
https://git.archlinux.org/svntogit/packages.git/tree/trunk?h=packages/nss&id=3f7f54b357e23b7ac1cec849693334ad29be07d2

The issue is already reported upstream but hasn't been fixed yet:

https://bugzilla.mozilla.org/show_bug.cgi?id=530672

Tested by building nss on x86_64-linux (the hash didn't change anyway,
but just to be sure).

Signed-off-by: aszlig <aszlig@redmoonstudios.org>

pkgs/development/libraries/nss/default.nix

@@ -23,9 +23,13 @@ in stdenv.mkDerivation rec {
   '';
 
   patches =
-    [ # FIXME: what is this patch for? Do we still need it?
+    [ # Install a nss.pc (pkgconfig) file and nss-config script
+      # Upstream issue: https://bugzilla.mozilla.org/show_bug.cgi?id=530672
       (fetchurl {
-        url = "https://gitweb.gentoo.org/repo/gentoo.git/plain/dev-libs/nss/files/nss-3.28-gentoo-fixups.patch";
+        name = "nss-3.28-gentoo-fixups.patch";
+        url = "https://gitweb.gentoo.org/repo/gentoo.git/plain/"
+            + "dev-libs/nss/files/nss-3.28-gentoo-fixups.patch"
+            + "?id=05c31f8cca591b3ce8219e4def7c26c7b1b130d6";
         sha256 = "0z58axd1n7vq4kdp5mrb3dsg6di39a1g40s3shl6n2dzs14c1y2q";
       })
       # Based on http://patch-tracker.debian.org/patch/series/dl/nss/2:3.15.4-1/85_security_load.patch