diff options
| author | Michael Stahl <michael.stahl@allotropia.de> | 2021-10-19 15:17:39 +0200 |
|---|---|---|
| committer | Thorsten Behrens <thorsten.behrens@allotropia.de> | 2021-12-02 21:50:55 +0100 |
| commit | d7925c5f0dff50820e1a1ffc672ad1d0775fb18e (patch) | |
| tree | f0451348633c77b6b177b9e9848159c753d770fa | |
| parent | 59176a5ce3bddbec3cb7cc91d93b640650564743 (diff) | |
nss: upgrade to release 3.73
Fixes:
CVE-2021-43527 Memory corruption via DER-encoded DSA and RSA-PSS signatures
Includes: nss: upgrade to release 3.71
* external/nss/nss.getopt.patch.0: fixed upstream
* external/nss/nss-win-arm64.patch: fixed upstream
* external/nss/nss_macosx.patch: one hunk was fixed upstream
Conflicts:
download.lst
Change-Id: I5c3f169c57fc2763029b07ad7e325b2f53b7e28f
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/126218
Tested-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
(cherry picked from commit c8e21d246bcb4289cb25c82be440cd07b7418436)
(cherry picked from commit c99f4359a2901bde5d6cfb623a47f99ba2d5e18a)
| -rw-r--r-- | download.lst | 4 | ||||
| -rw-r--r-- | external/nss/UnpackedTarball_nss.mk | 2 | ||||
| -rw-r--r-- | external/nss/nss-android.patch.1 | 6 | ||||
| -rw-r--r-- | external/nss/nss-ios.patch | 112 | ||||
| -rw-r--r-- | external/nss/nss-restore-manual-pre-dependencies.patch.1 | 4 |
5 files changed, 7 insertions, 121 deletions
diff --git a/download.lst b/download.lst index 2632c4e06f8f..5b19920c281b 100644 --- a/download.lst +++ b/download.lst @@ -183,8 +183,8 @@ export MYTHES_SHA256SUM := 1e81f395d8c851c3e4e75b568e20fa2fa549354e75ab397f9de4b export MYTHES_TARBALL := a8c2c5b8f09e7ede322d5c602ff6a4b6-mythes-1.2.4.tar.gz export NEON_SHA256SUM := db0bd8cdec329b48f53a6f00199c92d5ba40b0f015b153718d1b15d3d967fbca export NEON_TARBALL := neon-0.30.2.tar.gz -export NSS_SHA256SUM := ec6032d78663c6ef90b4b83eb552dedf721d2bce208cec3bf527b8f637db7e45 -export NSS_TARBALL := nss-3.55-with-nspr-4.27.tar.gz +export NSS_SHA256SUM := 07a9e5b70f121a62706140d4cacc3006d3efb869da40f3a2bf7a65d37847f4d9 +export NSS_TARBALL := nss-3.73-with-nspr-4.32.tar.gz export ODFGEN_SHA256SUM := 55200027fd46623b9bdddd38d275e7452d1b0ff8aeddcad6f9ae6dc25f610625 export ODFGEN_VERSION_MICRO := 8 export ODFGEN_TARBALL := libodfgen-0.1.$(ODFGEN_VERSION_MICRO).tar.xz diff --git a/external/nss/UnpackedTarball_nss.mk b/external/nss/UnpackedTarball_nss.mk index f49d55fab46e..017dc8def922 100644 --- a/external/nss/UnpackedTarball_nss.mk +++ b/external/nss/UnpackedTarball_nss.mk @@ -25,8 +25,6 @@ $(eval $(call gb_UnpackedTarball_add_patches,nss,\ external/nss/nss-bz1646594.patch.1 \ external/nss/macos-dlopen.patch.0 \ external/nss/nss-restore-manual-pre-dependencies.patch.1 \ - $(if $(filter iOS,$(OS)), \ - external/nss/nss-ios.patch) \ $(if $(filter ANDROID,$(OS)), \ external/nss/nss-android.patch.1) \ $(if $(filter MSC-INTEL,$(COM)-$(CPUNAME)), \ diff --git a/external/nss/nss-android.patch.1 b/external/nss/nss-android.patch.1 index f8b4cdaf3753..9677caebbcec 100644 --- a/external/nss/nss-android.patch.1 +++ b/external/nss/nss-android.patch.1 @@ -9,9 +9,9 @@ diff -ur nss.org/nspr/build/autoconf/config.sub nss/nspr/build/autoconf/config.s +if test $1 = "i686-pc-linux-android"; then echo $1; exit; fi +if test $1 = "x86_64-pc-linux-android"; then echo $1; exit; fi + - # Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any). - # Here we must recognize all the valid KERNEL-OS combinations. - maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` + # Split fields of configuration type + # shellcheck disable=SC2162 + IFS="-" read field1 field2 field3 field4 <<EOF diff -ur nss.org/nspr/configure nss/nspr/configure --- nss.org/nspr/configure 2017-09-07 15:29:45.018246359 +0200 +++ nss/nspr/configure 2017-09-07 15:31:47.604075663 +0200 diff --git a/external/nss/nss-ios.patch b/external/nss/nss-ios.patch deleted file mode 100644 index 9d4af2c724e9..000000000000 --- a/external/nss/nss-ios.patch +++ /dev/null @@ -1,112 +0,0 @@ ---- a/a/nspr/config/autoconf.mk.in -+++ a/a/nspr/config/autoconf.mk.in -@@ -67,7 +67,7 @@ - MSC_VER = @MSC_VER@ - AR = @AR@ - AR_FLAGS = @AR_FLAGS@ --LD = @LD@ -+LD = echo - RANLIB = @RANLIB@ - PERL = @PERL@ - RC = @RC@ ---- a/a/nspr/configure -+++ a/a/nspr/configure -@@ -755,7 +755,7 @@ - OBJDIR='$(OBJDIR_NAME)' - OBJDIR_NAME=. - OBJDIR_SUFFIX=OBJ --NSINSTALL='$(MOD_DEPTH)/config/$(OBJDIR_NAME)/nsinstall' -+NSINSTALL=${NSINSTALL?'$(MOD_DEPTH)/config/$(OBJDIR_NAME)/nsinstall'} - NOSUCHFILE=/no-such-file - LIBNSPR='-L$(dist_libdir) -lnspr$(MOD_MAJOR_VERSION)' - LIBPLC='-L$(dist_libdir) -lplc$(MOD_MAJOR_VERSION)' -@@ -3060,7 +3060,7 @@ - LIB_SUFFIX=a - DLL_SUFFIX=so - ASM_SUFFIX=s --MKSHLIB='$(LD) $(DSO_LDOPTS) -o $@' -+MKSHLIB='touch $@; echo' - PR_MD_ASFILES= - PR_MD_CSRCS= - PR_MD_ARCH_DIR=unix -@@ -3904,7 +3904,7 @@ - DSO_CFLAGS=-fPIC - DSO_LDOPTS='-dynamiclib -compatibility_version 1 -current_version 1 -all_load -install_name @__________________________________________________OOO/$@ -headerpad_max_install_names' - _OPTIMIZE_FLAGS=-O2 -- MKSHLIB='$(CC) $(DSO_LDOPTS) -o $@' -+ MKSHLIB=touch $@ - STRIP="$STRIP -x -S" - DLL_SUFFIX=dylib - USE_PTHREADS=1 ---- a/a/nss/coreconf/ruleset.mk -+++ a/a/nss/coreconf/ruleset.mk -@@ -68,7 +68,7 @@ - endif - - ifeq ($(MKPROG),) -- MKPROG = $(CC) -+ MKPROG = touch $@; echo - endif - - # ---- a/a/nss/coreconf/Darwin.mk -+++ a/a/nss/coreconf/Darwin.mk -@@ -124,7 +124,7 @@ - DSO_LDOPTS += --coverage - endif - --MKSHLIB = $(CC) $(DSO_LDOPTS) $(DARWIN_SDK_SHLIBFLAGS) -+MKSHLIB = touch $@; echo - DLL_SUFFIX = dylib - ifdef MAPFILE - MKSHLIB += -exported_symbols_list $(MAPFILE) ---- a/a/nss/coreconf/UNIX.mk -+++ a/a/nss/coreconf/UNIX.mk -@@ -21,10 +21,14 @@ - - ifdef BUILD_TREE - NSINSTALL_DIR = $(BUILD_TREE)/nss -+ifndef NSINSTALL - NSINSTALL = $(BUILD_TREE)/nss/nsinstall -+endif - else - NSINSTALL_DIR = $(CORE_DEPTH)/coreconf/nsinstall -+ifndef NSINSTALL - NSINSTALL = $(NSINSTALL_DIR)/$(OBJDIR_NAME)/nsinstall -+endif - endif - - MKDEPEND_DIR = $(CORE_DEPTH)/coreconf/mkdepend ---- a/a/nspr/pr/include/md/_darwin.h -+++ a/a/nspr/pr/include/md/_darwin.h -@@ -26,6 +26,8 @@ - #define _PR_SI_ARCHITECTURE "ppc" - #elif defined(__arm__) - #define _PR_SI_ARCHITECTURE "arm" -+#elif defined(__arm64__) -+#define _PR_SI_ARCHITECTURE "arm64" - #elif defined(__aarch64__) - #define _PR_SI_ARCHITECTURE "aarch64" - #else ---- a/a/nspr/pr/src/Makefile.in -+++ a/a/nspr/pr/src/Makefile.in -@@ -180,7 +180,7 @@ - endif - - ifeq ($(OS_TARGET),MacOSX) --OS_LIBS = -framework CoreServices -framework CoreFoundation -+OS_LIBS = -framework CoreFoundation - endif - - EXTRA_LIBS += $(OS_LIBS) ---- a/a/nss/cmd/shlibsign/sign.sh -+++ a/a/nss/cmd/shlibsign/sign.sh -@@ -2,6 +2,8 @@ - # This Source Code Form is subject to the terms of the Mozilla Public - # License, v. 2.0. If a copy of the MPL was not distributed with this - # file, You can obtain one at http://mozilla.org/MPL/2.0/. -+ -+exit 0 - - # arguments: - # 1: full path to DIST/OBJDIR (parent dir of "lib") diff --git a/external/nss/nss-restore-manual-pre-dependencies.patch.1 b/external/nss/nss-restore-manual-pre-dependencies.patch.1 index ebcc5b48c540..06691b1ec957 100644 --- a/external/nss/nss-restore-manual-pre-dependencies.patch.1 +++ b/external/nss/nss-restore-manual-pre-dependencies.patch.1 @@ -79,5 +79,5 @@ summary: Bug 1637083 Replace pre-dependency with shell hack r=rrelyea + $(MAKE) -C lib/base libs + IGNORE_DIRS=1 $(MAKE) -C lib/ckfw/builtins libs - all: prepare_build - $(MAKE) libs + lib: coreconf + cmd: lib |