diff options
author | Michael Stahl <michael.stahl@allotropia.de> | 2021-10-19 15:17:39 +0200 |
---|---|---|
committer | Thorsten Behrens <thorsten.behrens@allotropia.de> | 2021-12-03 14:07:09 +0100 |
commit | 973df7d7872f2c93cd6a8191802c98b5da0b3b6f (patch) | |
tree | 4fca26a899f07537a79637841743ff578ac08e40 | |
parent | 9513e03fd7425391c3673ffe8614d29ae3135426 (diff) |
nss: upgrade to release 3.73
mimo-7-1-branch-pointlibreoffice-7-1
Fixes:
CVE-2021-43527 Memory corruption via DER-encoded DSA and RSA-PSS signatures
Includes: nss: upgrade to release 3.71
* external/nss/nss.getopt.patch.0: fixed upstream
* external/nss/nss-win-arm64.patch: fixed upstream
* external/nss/nss_macosx.patch: one hunk was fixed upstream
Conflicts:
download.lst
Change-Id: I5c3f169c57fc2763029b07ad7e325b2f53b7e28f
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/126218
Tested-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
(cherry picked from commit c8e21d246bcb4289cb25c82be440cd07b7418436)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/126252
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
-rw-r--r-- | download.lst | 4 | ||||
-rw-r--r-- | external/nss/UnpackedTarball_nss.mk | 2 | ||||
-rw-r--r-- | external/nss/nss-android.patch.1 | 6 | ||||
-rw-r--r-- | external/nss/nss-ios.patch | 6 | ||||
-rw-r--r-- | external/nss/nss-restore-manual-pre-dependencies.patch.1 | 4 | ||||
-rw-r--r-- | external/nss/nss-win-arm64.patch | 66 | ||||
-rw-r--r-- | external/nss/nss.getopt.patch.0 | 25 | ||||
-rw-r--r-- | external/nss/nss_macosx.patch | 14 |
8 files changed, 10 insertions, 117 deletions
diff --git a/download.lst b/download.lst index a6dfb58d0a75..cc0480cc9994 100644 --- a/download.lst +++ b/download.lst @@ -193,8 +193,8 @@ export MYTHES_SHA256SUM := 1e81f395d8c851c3e4e75b568e20fa2fa549354e75ab397f9de4b export MYTHES_TARBALL := a8c2c5b8f09e7ede322d5c602ff6a4b6-mythes-1.2.4.tar.gz export NEON_SHA256SUM := cf1ee3ac27a215814a9c80803fcee4f0ede8466ebead40267a9bd115e16a8678 export NEON_TARBALL := neon-0.31.2.tar.gz -export NSS_SHA256SUM := ec6032d78663c6ef90b4b83eb552dedf721d2bce208cec3bf527b8f637db7e45 -export NSS_TARBALL := nss-3.55-with-nspr-4.27.tar.gz +export NSS_SHA256SUM := 07a9e5b70f121a62706140d4cacc3006d3efb869da40f3a2bf7a65d37847f4d9 +export NSS_TARBALL := nss-3.73-with-nspr-4.32.tar.gz export ODFGEN_SHA256SUM := 2c7b21892f84a4c67546f84611eccdad6259875c971e98ddb027da66ea0ac9c2 export ODFGEN_VERSION_MICRO := 6 export ODFGEN_TARBALL := libodfgen-0.1.$(ODFGEN_VERSION_MICRO).tar.bz2 diff --git a/external/nss/UnpackedTarball_nss.mk b/external/nss/UnpackedTarball_nss.mk index fb8b8b061265..4f8499e8a835 100644 --- a/external/nss/UnpackedTarball_nss.mk +++ b/external/nss/UnpackedTarball_nss.mk @@ -26,8 +26,6 @@ $(eval $(call gb_UnpackedTarball_add_patches,nss,\ external/nss/nss.bzmozilla1238154.patch \ external/nss/nss-bz1646594.patch.1 \ external/nss/macos-dlopen.patch.0 \ - external/nss/nss.getopt.patch.0 \ - external/nss/nss-win-arm64.patch \ external/nss/nss-restore-manual-pre-dependencies.patch.1 \ $(if $(filter iOS,$(OS)), \ external/nss/nss-ios.patch) \ diff --git a/external/nss/nss-android.patch.1 b/external/nss/nss-android.patch.1 index 0f75715e8b86..05172eaad16a 100644 --- a/external/nss/nss-android.patch.1 +++ b/external/nss/nss-android.patch.1 @@ -10,9 +10,9 @@ diff -ur nss.org/nspr/build/autoconf/config.sub nss/nspr/build/autoconf/config.s +if test $1 = "i686-pc-linux-android"; then echo $1; exit; fi +if test $1 = "x86_64-pc-linux-android"; then echo $1; exit; fi + - # Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any). - # Here we must recognize all the valid KERNEL-OS combinations. - maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` + # Split fields of configuration type + # shellcheck disable=SC2162 + IFS="-" read field1 field2 field3 field4 <<EOF diff -ur nss.org/nspr/configure nss/nspr/configure --- nss.org/nspr/configure 2017-09-07 15:29:45.018246359 +0200 +++ nss/nspr/configure 2017-09-07 15:31:47.604075663 +0200 diff --git a/external/nss/nss-ios.patch b/external/nss/nss-ios.patch index 4293cc5243ad..4263ecbe5f3d 100644 --- a/external/nss/nss-ios.patch +++ b/external/nss/nss-ios.patch @@ -193,9 +193,9 @@ +if test $1 = "arm64-apple-darwin"; then echo $1; exit; fi +if test $1 = "aarch64-apple-darwin"; then echo $1; exit; fi + - # Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any). - # Here we must recognize all the valid KERNEL-OS combinations. - maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` + # Split fields of configuration type + # shellcheck disable=SC2162 + IFS="-" read field1 field2 field3 field4 <<EOF --- a/a/nspr/config/autoconf.mk.in +++ a/a/nspr/config/autoconf.mk.in @@ -67,7 +67,7 @@ diff --git a/external/nss/nss-restore-manual-pre-dependencies.patch.1 b/external/nss/nss-restore-manual-pre-dependencies.patch.1 index ebcc5b48c540..06691b1ec957 100644 --- a/external/nss/nss-restore-manual-pre-dependencies.patch.1 +++ b/external/nss/nss-restore-manual-pre-dependencies.patch.1 @@ -79,5 +79,5 @@ summary: Bug 1637083 Replace pre-dependency with shell hack r=rrelyea + $(MAKE) -C lib/base libs + IGNORE_DIRS=1 $(MAKE) -C lib/ckfw/builtins libs - all: prepare_build - $(MAKE) libs + lib: coreconf + cmd: lib diff --git a/external/nss/nss-win-arm64.patch b/external/nss/nss-win-arm64.patch deleted file mode 100644 index eda198f85afc..000000000000 --- a/external/nss/nss-win-arm64.patch +++ /dev/null @@ -1,66 +0,0 @@ ---- a/a/nspr/configure -+++ a/a/nspr/configure -@@ -821,6 +821,7 @@ - linux*) OS_ARCH=Linux ;; - solaris*) OS_ARCH=SunOS OS_RELEASE=5 ;; - mingw*) OS_ARCH=WINNT CPU_ARCH=x86 ;; -+ cygwin*) OS_ARCH=WINNT ;; - darwin*) OS_ARCH=Darwin ;; - riscos*) OS_ARCH=RISCOS ;; - esac ---- a/a/nss/lib/freebl/Makefile.orig -+++ a/a/nss/lib/freebl/Makefile -@@ -119,8 +119,23 @@ - endif - endif - ifeq ($(CPU_ARCH),aarch64) -- DEFINES += -DUSE_HW_AES -DUSE_HW_SHA2 -- EXTRA_SRCS += aes-armv8.c gcm-aarch64.c sha256-armv8.c -+ ifdef CC_IS_CLANG -+ DEFINES += -DUSE_HW_AES -DUSE_HW_SHA2 -+ EXTRA_SRCS += aes-armv8.c gcm-aarch64.c sha256-armv8.c -+ else ifeq (1,$(CC_IS_GCC)) -+ # GCC versions older than 4.9 don't support ARM AES. The check -+ # is done in two parts, first allows "major.minor" == "4.9", -+ # and then rejects any major versions prior to 5. Note that -+ # there has been no GCC 4.10, as it is renamed to GCC 5. -+ ifneq (,$(filter 4.9,$(word 1,$(GCC_VERSION)).$(word 2,$(GCC_VERSION)))) -+ DEFINES += -DUSE_HW_AES -DUSE_HW_SHA2 -+ EXTRA_SRCS += aes-armv8.c gcm-aarch64.c sha256-armv8.c -+ endif -+ ifeq (,$(filter 0 1 2 3 4,$(word 1,$(GCC_VERSION)))) -+ DEFINES += -DUSE_HW_AES -DUSE_HW_SHA2 -+ EXTRA_SRCS += aes-armv8.c gcm-aarch64.c sha256-armv8.c -+ endif -+ endif - endif - ifeq ($(CPU_ARCH),arm) - ifndef NSS_DISABLE_ARM32_NEON -@@ -133,7 +146,10 @@ - DEFINES += -DUSE_HW_AES -DUSE_HW_SHA2 - EXTRA_SRCS += aes-armv8.c sha256-armv8.c - else ifeq (1,$(CC_IS_GCC)) -- # Old compiler doesn't support ARM AES. -+ # GCC versions older than 4.9 don't support ARM AES. The check -+ # is done in two parts, first allows "major.minor" == "4.9", -+ # and then rejects any major versions prior to 5. Note that -+ # there has been no GCC 4.10, as it is renamed to GCC 5. - ifneq (,$(filter 4.9,$(word 1,$(GCC_VERSION)).$(word 2,$(GCC_VERSION)))) - DEFINES += -DUSE_HW_AES -DUSE_HW_SHA2 - EXTRA_SRCS += aes-armv8.c sha256-armv8.c -@@ -198,6 +200,7 @@ - ifdef BUILD_OPT - OPTIMIZER += -Ox # maximum optimization for freebl - endif -+ifeq ($(CPU_ARCH),x86_64) - ASFILES = arcfour-amd64-masm.asm mpi_amd64_masm.asm mp_comba_amd64_masm.asm - DEFINES += -DNSS_BEVAND_ARCFOUR -DMPI_AMD64 -DMP_ASSEMBLY_MULTIPLY - DEFINES += -DNSS_USE_COMBA -@@ -215,6 +218,7 @@ - endif - endif - endif -+endif - - ifeq ($(OS_TARGET),IRIX) - ifeq ($(USE_N32),1) diff --git a/external/nss/nss.getopt.patch.0 b/external/nss/nss.getopt.patch.0 deleted file mode 100644 index aeabb33f9b97..000000000000 --- a/external/nss/nss.getopt.patch.0 +++ /dev/null @@ -1,25 +0,0 @@ -# pr/tests/sel_spd.c:427:20: error: implicit declaration of function 'getopt' is invalid in C99 [-Werror,-Wimplicit-function-declaration] ---- nspr/pr/tests/sel_spd.c -+++ nspr/pr/tests/sel_spd.c -@@ -15,6 +15,9 @@ - #include <stdio.h> - #include <errno.h> - #include <string.h> -+ -+extern char *optarg; -+int getopt(int argc, char *const argv[], const char *optstring); - - #ifdef DEBUG - #define PORT_INC_DO +100 ---- nspr/pr/tests/testfile.c -+++ nspr/pr/tests/testfile.c -@@ -23,6 +23,9 @@ - #include <getopt.h> - #include <errno.h> - #endif /* XP_OS2 */ -+ -+extern char *optarg; -+int getopt(int argc, char *const argv[], const char *optstring); - - static int _debug_on = 0; - diff --git a/external/nss/nss_macosx.patch b/external/nss/nss_macosx.patch index 07b60a5ed00d..1e7599be6133 100644 --- a/external/nss/nss_macosx.patch +++ b/external/nss/nss_macosx.patch @@ -88,17 +88,3 @@ diff -ru a/nss/Makefile b/nss/Makefile ifdef USE_DEBUG_RTL NSPR_CONFIGURE_OPTS += --enable-debug-rtl endif ---- a/a/nspr/pr/include/md/_darwin.h -+++ b/b/nspr/pr/include/md/_darwin.h -@@ -40,11 +40,7 @@ - - #undef HAVE_STACK_GROWING_UP - #define HAVE_DLL --#if defined(__x86_64__) || TARGET_OS_IPHONE - #define USE_DLFCN --#else --#define USE_MACH_DYLD --#endif - #define _PR_HAVE_SOCKADDR_LEN - #define _PR_STAT_HAS_ST_ATIMESPEC - #define _PR_HAVE_LARGE_OFF_T |