diff options
| author | Michael Stahl <michael.stahl@allotropia.de> | 2022-06-01 12:14:44 +0200 |
|---|---|---|
| committer | Christian Lohmaier <lohmaier+LibreOffice@googlemail.com> | 2022-06-01 23:02:54 +0200 |
| commit | 4f6f8f371e053860604ce6664bb64276f3c4450f (patch) | |
| tree | 4620c0a1619f8c74613d501d34e8844f2024f1e6 | |
| parent | 9b2d3afe413f3bffcee169bd48d945f849896b7f (diff) | |
nss: upgrade to release 3.79
Fixes CVE-2022-1097 and moz#1767590 "memory safety violations"
Change-Id: I6895f066ad943402231b616dae0d7ed6f5678b5e
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/135234
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
Signed-off-by: Xisco Fauli <xiscofauli@libreoffice.org>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/135248
Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
(cherry picked from commit bb5216e345c42be440bce60b127af517c036c8ef)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/135262
Tested-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
| -rw-r--r-- | download.lst | 4 | ||||
| -rw-r--r-- | external/nss/asan.patch.1 | 4 | ||||
| -rw-r--r-- | external/nss/nss-ios.patch | 8 | ||||
| -rw-r--r-- | external/nss/nss.patch | 6 |
4 files changed, 11 insertions, 11 deletions
diff --git a/download.lst b/download.lst index e0258307b3f3..316bdf1a695b 100644 --- a/download.lst +++ b/download.lst @@ -191,8 +191,8 @@ export MYTHES_SHA256SUM := 1e81f395d8c851c3e4e75b568e20fa2fa549354e75ab397f9de4b export MYTHES_TARBALL := a8c2c5b8f09e7ede322d5c602ff6a4b6-mythes-1.2.4.tar.gz export NEON_SHA256SUM := cf1ee3ac27a215814a9c80803fcee4f0ede8466ebead40267a9bd115e16a8678 export NEON_TARBALL := neon-0.31.2.tar.gz -export NSS_SHA256SUM := 07a9e5b70f121a62706140d4cacc3006d3efb869da40f3a2bf7a65d37847f4d9 -export NSS_TARBALL := nss-3.73-with-nspr-4.32.tar.gz +export NSS_SHA256SUM := 5369ed274a19f480ec94e1faef04da63e3cbac1a82e15bb1751e58b2f274b835 +export NSS_TARBALL := nss-3.79-with-nspr-4.34.tar.gz export ODFGEN_SHA256SUM := 55200027fd46623b9bdddd38d275e7452d1b0ff8aeddcad6f9ae6dc25f610625 export ODFGEN_VERSION_MICRO := 8 export ODFGEN_TARBALL := libodfgen-0.1.$(ODFGEN_VERSION_MICRO).tar.xz diff --git a/external/nss/asan.patch.1 b/external/nss/asan.patch.1 index 7dfd6ed4e782..ce584a34a3b5 100644 --- a/external/nss/asan.patch.1 +++ b/external/nss/asan.patch.1 @@ -7,6 +7,6 @@ diff -ur nss.org/nss/coreconf/Linux.mk nss/nss/coreconf/Linux.mk # against the libsanitizer runtime built into the main executable. -ZDEFS_FLAG = -Wl,-z,defs +ZDEFS_FLAG = - DSO_LDOPTS += $(if $(findstring 2.11.90.0.8,$(shell ld -v)),,$(ZDEFS_FLAG)) $(if $(filter-out $(OS),ANDROID),-Wl$(COMMA)-z$(COMMA)origin '-Wl$(COMMA)-rpath$(COMMA)$$ORIGIN') - LDFLAGS += $(ARCHFLAG) -z noexecstack + DSO_LDOPTS += $(if $(findstring 2.11.90.0.8,$(shell $(LD) -v)),,$(ZDEFS_FLAG)) $(if $(filter-out $(OS),ANDROID),-Wl$(COMMA)-z$(COMMA)origin '-Wl$(COMMA)-rpath$(COMMA)$$ORIGIN') + LDFLAGS += $(ARCHFLAG) -z noexecstack diff --git a/external/nss/nss-ios.patch b/external/nss/nss-ios.patch index 4263ecbe5f3d..86f85a873810 100644 --- a/external/nss/nss-ios.patch +++ b/external/nss/nss-ios.patch @@ -68,13 +68,13 @@ secmod_LoadPKCS11Module(SECMODModule *mod, SECMODModule **oldModule) { @@ -465,6 +465,7 @@ - /* load the library. If this succeeds, then we have to remember to + /* load the library. If this succeeds, then we have to remember to * unload the library if anything goes wrong from here on out... */ +#ifndef NSS_STATIC_PKCS11 // With NSS_STATIC_PKCS11, the only module wodule we load here is nssckbi - library = PR_LoadLibrary(mod->dllName); - mod->library = (void *)library; - + #if defined(_WIN32) + if (nssUTF8_Length(mod->dllName, NULL)) { + wchar_t *dllNameWide = _NSSUTIL_UTF8ToWide(mod->dllName); @@ -487,6 +487,11 @@ mod->moduleDBFunc = (void *) PR_FindSymbol(library, "NSS_ReturnModuleSpecData"); diff --git a/external/nss/nss.patch b/external/nss/nss.patch index d9aaee5199bb..66fbe37dc5ed 100644 --- a/external/nss/nss.patch +++ b/external/nss/nss.patch @@ -87,9 +87,9 @@ # Also, -z defs conflicts with Address Sanitizer, which emits relocations # against the libsanitizer runtime built into the main executable. ZDEFS_FLAG = -Wl,-z,defs --DSO_LDOPTS += $(if $(findstring 2.11.90.0.8,$(shell ld -v)),,$(ZDEFS_FLAG)) -+DSO_LDOPTS += $(if $(findstring 2.11.90.0.8,$(shell ld -v)),,$(ZDEFS_FLAG)) $(if $(filter-out $(OS),ANDROID),-Wl$(COMMA)-z$(COMMA)origin '-Wl$(COMMA)-rpath$(COMMA)$$ORIGIN') - LDFLAGS += $(ARCHFLAG) -z noexecstack +-DSO_LDOPTS += $(if $(findstring 2.11.90.0.8,$(shell $(LD) -v)),,$(ZDEFS_FLAG)) ++DSO_LDOPTS += $(if $(findstring 2.11.90.0.8,$(shell $(LD) -v)),,$(ZDEFS_FLAG)) $(if $(filter-out $(OS),ANDROID),-Wl$(COMMA)-z$(COMMA)origin '-Wl$(COMMA)-rpath$(COMMA)$$ORIGIN') + LDFLAGS += $(ARCHFLAG) -z noexecstack # On Maemo, we need to use the -rpath-link flag for even the standard system @@ -177,8 +177,13 @@ |