diff options
| author | Michael Stahl <Michael.Stahl@cib.de> | 2019-07-10 12:20:00 +0200 |
|---|---|---|
| committer | Michael Stahl <Michael.Stahl@cib.de> | 2019-07-10 14:59:10 +0200 |
| commit | 6efc8a33f69bc7f4be45b7b81f67cd74c163b99e (patch) | |
| tree | a383b8b3c7fcaaeedd791a53c7a9a16d49d41aaf | |
| parent | fb52df57abe51a5923a49fb0818f4b58565dfc25 (diff) | |
nss: upgrade to release 3.45
Fixes CVE-2019-11729 CVE-2019-11719 CVE-2019-11727, and the less
important CVE-2018-12384 and CVE-2018-12404 from intermediate releases.
Since NSS 3.44 it's possible to build as static libraries and for iOS;
drop the nss-chromium-nss-static.patch and nss-more-static.patch and
hope that it works.
Drop one hunk from nss.patch that looks fixed upstream.
Change-Id: I7f37ac36f7f8dfd49d0bfb4a6185ca49d4f618a3
Reviewed-on: https://gerrit.libreoffice.org/75344
Tested-by: Jenkins
Reviewed-by: Michael Stahl <Michael.Stahl@cib.de>
| -rw-r--r-- | download.lst | 4 | ||||
| -rw-r--r-- | external/nss/UnpackedTarball_nss.mk | 2 | ||||
| -rw-r--r-- | external/nss/clang-cl.patch.0 | 14 | ||||
| -rw-r--r-- | external/nss/nss-chromium-nss-static.patch | 487 | ||||
| -rw-r--r-- | external/nss/nss-more-static.patch | 39 | ||||
| -rw-r--r-- | external/nss/nss.patch | 13 |
6 files changed, 9 insertions, 550 deletions
diff --git a/download.lst b/download.lst index 0855f47a90c5..0fea7d9b17c2 100644 --- a/download.lst +++ b/download.lst @@ -181,8 +181,8 @@ export MYTHES_SHA256SUM := 1e81f395d8c851c3e4e75b568e20fa2fa549354e75ab397f9de4b export MYTHES_TARBALL := a8c2c5b8f09e7ede322d5c602ff6a4b6-mythes-1.2.4.tar.gz export NEON_SHA256SUM := db0bd8cdec329b48f53a6f00199c92d5ba40b0f015b153718d1b15d3d967fbca export NEON_TARBALL := neon-0.30.2.tar.gz -export NSS_SHA256SUM := f271ec73291fa3e4bd4b59109f8035cc3a192fc33886f40ed4f9ee4b31c746e9 -export NSS_TARBALL := nss-3.38-with-nspr-4.19.tar.gz +export NSS_SHA256SUM := fae11751100510d26f16a245f0db9a5b3d638ab28ce0bccd50d4314f7e526ba1 +export NSS_TARBALL := nss-3.45-with-nspr-4.21.tar.gz export ODFGEN_SHA256SUM := 2c7b21892f84a4c67546f84611eccdad6259875c971e98ddb027da66ea0ac9c2 export ODFGEN_VERSION_MICRO := 6 export ODFGEN_TARBALL := libodfgen-0.1.$(ODFGEN_VERSION_MICRO).tar.bz2 diff --git a/external/nss/UnpackedTarball_nss.mk b/external/nss/UnpackedTarball_nss.mk index 8abcb867318e..3079216b674e 100644 --- a/external/nss/UnpackedTarball_nss.mk +++ b/external/nss/UnpackedTarball_nss.mk @@ -23,8 +23,6 @@ $(eval $(call gb_UnpackedTarball_add_patches,nss,\ external/nss/ubsan.patch.0 \ external/nss/clang-cl.patch.0 \ $(if $(filter iOS,$(OS)), \ - external/nss/nss-chromium-nss-static.patch \ - external/nss/nss-more-static.patch \ external/nss/nss-ios.patch) \ $(if $(filter MSC-INTEL,$(COM)-$(CPUNAME)), \ external/nss/nss.cygwin64.in32bit.patch) \ diff --git a/external/nss/clang-cl.patch.0 b/external/nss/clang-cl.patch.0 index 684cf74d3ca6..111ec934d147 100644 --- a/external/nss/clang-cl.patch.0 +++ b/external/nss/clang-cl.patch.0 @@ -15,11 +15,11 @@ --- nspr/pr/include/prbit.h +++ nspr/pr/include/prbit.h @@ -14,7 +14,7 @@ - ** functions. */ #if defined(_WIN32) && (_MSC_VER >= 1300) && \ -- (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_ARM)) -+ (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_ARM)) && !defined __clang__ + (defined(_M_IX86) || defined(_M_X64) || defined(_M_ARM) || \ +- defined(_M_ARM64)) ++ defined(_M_ARM64)) && !defined __clang__ # include <intrin.h> # pragma intrinsic(_BitScanForward,_BitScanReverse) __forceinline static int __prBitScanForward32(unsigned int val) @@ -29,15 +29,15 @@ # define PR_HAVE_BUILTIN_BITSCAN32 -#elif ((__GNUC__ >= 4) || (__GNUC__ == 3 && __GNUC_MINOR__ >= 4)) && \ +#elif defined __GNUC__ && ((__GNUC__ >= 4) || (__GNUC__ == 3 && __GNUC_MINOR__ >= 4)) && \ - (defined(__i386__) || defined(__x86_64__) || defined(__arm__)) + (defined(__i386__) || defined(__x86_64__) || defined(__arm__) || \ + defined(__aarch64__)) # define pr_bitscan_ctz32(val) __builtin_ctz(val) - # define pr_bitscan_clz32(val) __builtin_clz(val) @@ -136,7 +136,7 @@ */ #if defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_AMD64) || \ -- defined(_M_X64) || defined(_M_ARM)) -+ defined(_M_X64) || defined(_M_ARM)) && !defined __clang__ +- defined(_M_X64) || defined(_M_ARM) || defined(_M_ARM64)) ++ defined(_M_X64) || defined(_M_ARM) || defined(_M_ARM64)) && !defined __clang__ #include <stdlib.h> #pragma intrinsic(_rotl, _rotr) #define PR_ROTATE_LEFT32(a, bits) _rotl(a, bits) diff --git a/external/nss/nss-chromium-nss-static.patch b/external/nss/nss-chromium-nss-static.patch deleted file mode 100644 index 9d7a4e4352b1..000000000000 --- a/external/nss/nss-chromium-nss-static.patch +++ /dev/null @@ -1,487 +0,0 @@ -Based on http://src.chromium.org/viewvc/chrome/trunk/deps/third_party/nss/patches/nss-static.patch - ---- a/a/nss/lib/certhigh/certvfy.c Tue May 28 23:37:46 2013 +0200 -+++ a/a/nss/lib/certhigh/certvfy.c Fri May 31 17:44:06 2013 -0700 -@@ -13,9 +13,11 @@ - #include "certdb.h" - #include "certi.h" - #include "cryptohi.h" -+#ifndef NSS_DISABLE_LIBPKIX - #include "pkix.h" - /*#include "pkix_sample_modules.h" */ - #include "pkix_pl_cert.h" -+#endif /* NSS_DISABLE_LIBPKIX */ - - - #include "nsspki.h" -@@ -24,6 +26,47 @@ - #include "pki3hack.h" - #include "base.h" - -+#ifdef NSS_DISABLE_LIBPKIX -+SECStatus -+cert_VerifyCertChainPkix( -+ CERTCertificate *cert, -+ PRBool checkSig, -+ SECCertUsage requiredUsage, -+ PRTime time, -+ void *wincx, -+ CERTVerifyLog *log, -+ PRBool *pSigerror, -+ PRBool *pRevoked) -+{ -+ PORT_SetError(PR_NOT_IMPLEMENTED_ERROR); -+ return SECFailure; -+} -+ -+SECStatus -+CERT_SetUsePKIXForValidation(PRBool enable) -+{ -+ PORT_SetError(PR_NOT_IMPLEMENTED_ERROR); -+ return SECFailure; -+} -+ -+PRBool -+CERT_GetUsePKIXForValidation() -+{ -+ return PR_FALSE; -+} -+ -+SECStatus CERT_PKIXVerifyCert( -+ CERTCertificate *cert, -+ SECCertificateUsage usages, -+ CERTValInParam *paramsIn, -+ CERTValOutParam *paramsOut, -+ void *wincx) -+{ -+ PORT_SetError(PR_NOT_IMPLEMENTED_ERROR); -+ return SECFailure; -+} -+#endif /* NSS_DISABLE_LIBPKIX */ -+ - /* - * Check the validity times of a certificate - */ ---- a/a/nss/lib/ckfw/nssck.api Tue May 28 23:37:46 2013 +0200 -+++ a/a/nss/lib/ckfw/nssck.api Fri May 31 17:44:06 2013 -0700 -@@ -1752,7 +1752,7 @@ - } - #endif /* DECLARE_STRICT_CRYPTOKI_NAMES */ - --static CK_RV CK_ENTRY -+CK_RV CK_ENTRY - __ADJOIN(MODULE_NAME,C_GetFunctionList) - ( - CK_FUNCTION_LIST_PTR_PTR ppFunctionList -@@ -1830,7 +1830,7 @@ - __ADJOIN(MODULE_NAME,C_WaitForSlotEvent) - }; - --static CK_RV CK_ENTRY -+CK_RV CK_ENTRY - __ADJOIN(MODULE_NAME,C_GetFunctionList) - ( - CK_FUNCTION_LIST_PTR_PTR ppFunctionList -@@ -1840,6 +1840,8 @@ - return CKR_OK; - } - -+#define NSS_STATIC -+#ifndef NSS_STATIC - /* This one is always present */ - CK_RV CK_ENTRY - C_GetFunctionList -@@ -1849,6 +1850,7 @@ - { - return __ADJOIN(MODULE_NAME,C_GetFunctionList)(ppFunctionList); - } -+#endif - - #undef __ADJOIN - ---- a/a/nss/lib/freebl/rsa.c Tue May 28 23:37:46 2013 +0200 -+++ a/a/nss/lib/freebl/rsa.c Fri May 31 17:44:06 2013 -0700 -@@ -1559,6 +1559,14 @@ - RSA_Cleanup(); - } - -+#define NSS_STATIC -+#ifdef NSS_STATIC -+void -+BL_Unload(void) -+{ -+} -+#endif -+ - PRBool bl_parentForkedAfterC_Initialize; - - /* ---- a/a/nss/lib/freebl/shvfy.c Tue May 28 23:37:46 2013 +0200 -+++ a/a/nss/lib/freebl/shvfy.c Fri May 31 17:44:06 2013 -0700 -@@ -273,9 +273,22 @@ - return SECSuccess; - } - -+/* -+ * Define PSEUDO_FIPS if you can't do FIPS software integrity test (e.g., -+ * if you're using NSS as static libraries), but want to conform to the -+ * rest of the FIPS requirements. -+ */ -+#define NSS_STATIC -+#ifdef NSS_STATIC -+#define PSEUDO_FIPS -+#endif -+ - PRBool - BLAPI_SHVerify(const char *name, PRFuncPtr addr) - { -+#ifdef PSEUDO_FIPS -+ return PR_TRUE; /* a lie, hence *pseudo* FIPS */ -+#else - PRBool result = PR_FALSE; /* if anything goes wrong, - * the signature does not verify */ - /* find our shared library name */ -@@ -291,11 +303,15 @@ - } - - return result; -+#endif /* PSEUDO_FIPS */ - } - - PRBool - BLAPI_SHVerifyFile(const char *shName) - { -+#ifdef PSEUDO_FIPS -+ return PR_TRUE; /* a lie, hence *pseudo* FIPS */ -+#else - char *checkName = NULL; - PRFileDesc *checkFD = NULL; - PRFileDesc *shFD = NULL; -@@ -492,6 +508,7 @@ - } - - return result; -+#endif /* PSEUDO_FIPS */ - } - - PRBool ---- a/a/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpcertstore.c Tue May 28 23:37:46 2013 +0200 -+++ a/a/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpcertstore.c Fri May 31 17:44:06 2013 -0700 -@@ -201,7 +201,11 @@ - - typedef SECStatus (*pkix_DecodeCertsFunc)(char *certbuf, int certlen, - CERTImportCertificateFunc f, void *arg); -- -+#define NSS_STATIC -+#ifdef NSS_STATIC -+extern SECStatus CERT_DecodeCertPackage(char* certbuf, int certlen, -+ CERTImportCertificateFunc f, void* arg); -+#endif - - struct pkix_DecodeFuncStr { - pkix_DecodeCertsFunc func; /* function pointer to the -@@ -223,6 +226,11 @@ - */ - static PRStatus PR_CALLBACK pkix_getDecodeFunction(void) - { -+#ifdef NSS_STATIC -+ pkix_decodeFunc.smimeLib = NULL; -+ pkix_decodeFunc.func = CERT_DecodeCertPackage; -+ return PR_SUCCESS; -+#else - pkix_decodeFunc.smimeLib = - PR_LoadLibrary(SHLIB_PREFIX"smime3."SHLIB_SUFFIX); - if (pkix_decodeFunc.smimeLib == NULL) { -@@ -235,7 +243,7 @@ - return PR_FAILURE; - } - return PR_SUCCESS; -- -+#endif - } - - /* ---- a/a/nss/lib/nss/nssinit.c Tue May 28 23:37:46 2013 +0200 -+++ a/a/nss/lib/nss/nssinit.c Fri May 31 17:44:06 2013 -0700 -@@ -20,9 +20,11 @@ - #include "secerr.h" - #include "nssbase.h" - #include "nssutil.h" -+#ifndef NSS_DISABLE_LIBPKIX - #include "pkixt.h" - #include "pkix.h" - #include "pkix_tools.h" -+#endif /* NSS_DISABLE_LIBPKIX */ - - #include "pki3hack.h" - #include "certi.h" -@@ -530,8 +532,10 @@ - PRBool dontFinalizeModules) - { - SECStatus rv = SECFailure; -+#ifndef NSS_DISABLE_LIBPKIX - PKIX_UInt32 actualMinorVersion = 0; - PKIX_Error *pkixError = NULL; -+#endif - PRBool isReallyInitted; - char *configStrings = NULL; - char *configName = NULL; -@@ -685,6 +689,7 @@ - pk11sdr_Init(); - cert_CreateSubjectKeyIDHashTable(); - -+#ifndef NSS_DISABLE_LIBPKIX - pkixError = PKIX_Initialize - (PKIX_FALSE, PKIX_MAJOR_VERSION, PKIX_MINOR_VERSION, - PKIX_MINOR_VERSION, &actualMinorVersion, &plContext); -@@ -697,6 +702,7 @@ - CERT_SetUsePKIXForValidation(PR_TRUE); - } - } -+#endif /* NSS_DISABLE_LIBPKIX */ - - - } -@@ -1081,7 +1087,9 @@ - cert_DestroyLocks(); - ShutdownCRLCache(); - OCSP_ShutdownGlobal(); -+#ifndef NSS_DISABLE_LIBPKIX - PKIX_Shutdown(plContext); -+#endif - SECOID_Shutdown(); - status = STAN_Shutdown(); - cert_DestroySubjectKeyIDHashTable(); ---- a/a/nss/lib/pk11wrap/pk11load.c Tue May 28 23:37:46 2013 +0200 -+++ a/a/nss/lib/pk11wrap/pk11load.c Fri May 31 17:44:06 2013 -0700 -@@ -318,6 +318,13 @@ - } - } - -+#define NSS_STATIC -+#ifdef NSS_STATIC -+extern CK_RV NSC_GetFunctionList(CK_FUNCTION_LIST_PTR *pFunctionList); -+extern CK_RV FC_GetFunctionList(CK_FUNCTION_LIST_PTR *pFunctionList); -+extern char **NSC_ModuleDBFunc(unsigned long function,char *parameters, void *args); -+extern CK_RV builtinsC_GetFunctionList(CK_FUNCTION_LIST_PTR *pFunctionList); -+#else - static const char* my_shlib_name = - SHLIB_PREFIX"nss"SHLIB_VERSION"."SHLIB_SUFFIX; - static const char* softoken_shlib_name = -@@ -326,12 +332,14 @@ - static PRCallOnceType loadSoftokenOnce; - static PRLibrary* softokenLib; - static PRInt32 softokenLoadCount; -+#endif /* NSS_STATIC */ - - #include "prio.h" - #include "prprf.h" - #include <stdio.h> - #include "prsystem.h" - -+#ifndef NSS_STATIC - /* This function must be run only once. */ - /* determine if hybrid platform, then actually load the DSO. */ - static PRStatus -@@ -348,6 +356,7 @@ - } - return PR_FAILURE; - } -+#endif /* !NSS_STATIC */ - - /* - * load a new module into our address space and initialize it. -@@ -366,6 +375,16 @@ - - /* intenal modules get loaded from their internal list */ - if (mod->internal && (mod->dllName == NULL)) { -+#ifdef NSS_STATIC -+ if (mod->isFIPS) { -+ entry = FC_GetFunctionList; -+ } else { -+ entry = NSC_GetFunctionList; -+ } -+ if (mod->isModuleDB) { -+ mod->moduleDBFunc = NSC_ModuleDBFunc; -+ } -+#else - /* - * Loads softoken as a dynamic library, - * even though the rest of NSS assumes this as the "internal" module. -@@ -391,6 +410,7 @@ - mod->moduleDBFunc = (CK_C_GetFunctionList) - PR_FindSymbol(softokenLib, "NSC_ModuleDBFunc"); - } -+#endif - - if (mod->moduleDBOnly) { - mod->loaded = PR_TRUE; -@@ -401,6 +421,15 @@ - if (mod->dllName == NULL) { - return SECFailure; - } -+#if defined(NSS_STATIC) && !defined(NSS_DISABLE_ROOT_CERTS) -+ if (strstr(mod->dllName, "nssckbi") != NULL) { -+ mod->library = NULL; -+ PORT_Assert(!mod->moduleDBOnly); -+ entry = builtinsC_GetFunctionList; -+ PORT_Assert(!mod->isModuleDB); -+ goto library_loaded; -+ } -+#endif - - /* load the library. If this succeeds, then we have to remember to - * unload the library if anything goes wrong from here on out... -@@ -423,6 +452,9 @@ - mod->moduleDBFunc = (void *) - PR_FindSymbol(library, "NSS_ReturnModuleSpecData"); - } -+#if defined(NSS_STATIC) && !defined(NSS_DISABLE_ROOT_CERTS) -+library_loaded: -+#endif - if (mod->moduleDBFunc == NULL) mod->isModuleDB = PR_FALSE; - if (entry == NULL) { - if (mod->isModuleDB) { -@@ -562,6 +594,7 @@ - * if not, we should change this to SECFailure and move it above the - * mod->loaded = PR_FALSE; */ - if (mod->internal && (mod->dllName == NULL)) { -+#ifndef NSS_STATIC - if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) { - if (softokenLib) { - disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD"); -@@ -573,12 +606,18 @@ - } - loadSoftokenOnce = pristineCallOnce; - } -+#endif - return SECSuccess; - } - - library = (PRLibrary *)mod->library; - /* paranoia */ - if (library == NULL) { -+#if defined(NSS_STATIC) && !defined(NSS_DISABLE_ROOT_CERTS) -+ if (strstr(mod->dllName, "nssckbi") != NULL) { -+ return SECSuccess; -+ } -+#endif - return SECFailure; - } - ---- a/a/nss/lib/softoken/lgglue.c Tue May 28 23:37:46 2013 +0200 -+++ a/a/nss/lib/softoken/lgglue.c Fri May 31 17:44:06 2013 -0700 -@@ -23,6 +23,8 @@ - static LGAddSecmodFunc legacy_glue_addSecmod = NULL; - static LGShutdownFunc legacy_glue_shutdown = NULL; - -+#define NSS_STATIC -+#ifndef NSS_STATIC - /* - * The following 3 functions duplicate the work done by bl_LoadLibrary. - * We should make bl_LoadLibrary a global and replace the call to -@@ -160,6 +161,7 @@ - - return lib; - } -+#endif /* STATIC LIBRARIES */ - - /* - * stub files for legacy db's to be able to encrypt and decrypt -@@ -272,6 +274,21 @@ - return SECSuccess; - } - -+#ifdef NSS_STATIC -+#ifdef NSS_DISABLE_DBM -+ return SECFailure; -+#else -+ lib = (PRLibrary *) 0x8; -+ -+ legacy_glue_open = legacy_Open; -+ legacy_glue_readSecmod = legacy_ReadSecmodDB; -+ legacy_glue_releaseSecmod = legacy_ReleaseSecmodDBData; -+ legacy_glue_deleteSecmod = legacy_DeleteSecmodDB; -+ legacy_glue_addSecmod = legacy_AddSecmodDB; -+ legacy_glue_shutdown = legacy_Shutdown; -+ setCryptFunction = legacy_SetCryptFunctions; -+#endif -+#else - lib = sftkdb_LoadLibrary(LEGACY_LIB_NAME); - if (lib == NULL) { - return SECFailure; -@@ -297,11 +314,14 @@ - PR_UnloadLibrary(lib); - return SECFailure; - } -+#endif /* NSS_STATIC */ - - /* verify the loaded library if we are in FIPS mode */ - if (isFIPS) { - if (!BLAPI_SHVerify(LEGACY_LIB_NAME,(PRFuncPtr)legacy_glue_open)) { -+#ifndef NSS_STATIC - PR_UnloadLibrary(lib); -+#endif - return SECFailure; - } - legacy_glue_libCheckSucceeded = PR_TRUE; -@@ -418,10 +438,12 @@ - #endif - crv = (*legacy_glue_shutdown)(parentForkedAfterC_Initialize); - } -+#ifndef NSS_STATIC - disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD"); - if (!disableUnload) { - PR_UnloadLibrary(legacy_glue_lib); - } -+#endif - legacy_glue_lib = NULL; - legacy_glue_open = NULL; - legacy_glue_readSecmod = NULL; ---- a/a/nss/lib/softoken/lgglue.h Tue May 28 23:37:46 2013 +0200 -+++ a/a/nss/lib/softoken/lgglue.h Fri May 31 17:44:06 2013 -0700 -@@ -38,6 +38,25 @@ - typedef void (*LGSetForkStateFunc)(PRBool); - typedef void (*LGSetCryptFunc)(LGEncryptFunc, LGDecryptFunc); - -+extern CK_RV legacy_Open(const char *dir, const char *certPrefix, -+ const char *keyPrefix, -+ int certVersion, int keyVersion, int flags, -+ SDB **certDB, SDB **keyDB); -+extern char ** legacy_ReadSecmodDB(const char *appName, -+ const char *filename, -+ const char *dbname, char *params, PRBool rw); -+extern SECStatus legacy_ReleaseSecmodDBData(const char *appName, -+ const char *filename, -+ const char *dbname, char **params, PRBool rw); -+extern SECStatus legacy_DeleteSecmodDB(const char *appName, -+ const char *filename, -+ const char *dbname, char *params, PRBool rw); -+extern SECStatus legacy_AddSecmodDB(const char *appName, -+ const char *filename, -+ const char *dbname, char *params, PRBool rw); -+extern SECStatus legacy_Shutdown(PRBool forked); -+extern void legacy_SetCryptFunctions(LGEncryptFunc, LGDecryptFunc); -+ - /* - * Softoken Glue Functions - */ ---- a/a/nss/lib/util/secport.h Tue May 28 23:37:46 2013 +0200 -+++ a/a/nss/lib/util/secport.h Fri May 31 17:44:06 2013 -0700 -@@ -210,6 +210,8 @@ - - extern int NSS_SecureMemcmp(const void *a, const void *b, size_t n); - -+#define NSS_STATIC -+#ifndef NSS_STATIC - /* - * Load a shared library called "newShLibName" in the same directory as - * a shared library that is already loaded, called existingShLibName. -@@ -244,6 +245,7 @@ - PORT_LoadLibraryFromOrigin(const char* existingShLibName, - PRFuncPtr staticShLibFunc, - const char *newShLibName); -+#endif /* NSS_STATIC */ - - SEC_END_PROTOS - diff --git a/external/nss/nss-more-static.patch b/external/nss/nss-more-static.patch deleted file mode 100644 index 26948f0be24c..000000000000 --- a/external/nss/nss-more-static.patch +++ /dev/null @@ -1,39 +0,0 @@ ---- a/a/nss/lib/freebl/loader.c -+++ a/a/nss/lib/freebl/loader.c -@@ -114,6 +114,7 @@ - - #include "genload.c" - -+extern FREEBLGetVectorFn FREEBL_GetVector; - /* This function must be run only once. */ - /* determine if hybrid platform, then actually load the DSO. */ - static PRStatus -@@ -136,9 +136,9 @@ - return PR_FAILURE; - } - -- handle = loader_LoadLibrary(name); -- if (handle) { -- PRFuncPtr address = PR_FindFunctionSymbol(handle, "FREEBL_GetVector"); -+ handle = 0; -+ { -+ PRFuncPtr address = FREEBL_GetVector; - if (address) { - FREEBLGetVectorFn *getVector = (FREEBLGetVectorFn *)address; - const FREEBLVector *dsoVector = getVector(); -@@ -887,6 +887,7 @@ - void - BL_Unload(void) - { -+#if 0 - /* This function is not thread-safe, but doesn't need to be, because it is - * only called from functions that are also defined as not thread-safe, - * namely C_Finalize in softoken, and the SSL bypass shutdown callback called -@@ -905,6 +905,7 @@ - } - blLib = NULL; - loadFreeBLOnce = pristineCallOnce; -+#endif - } - - /* ============== New for 3.003 =============================== */ diff --git a/external/nss/nss.patch b/external/nss/nss.patch index 6219775c2d3c..c367bce9097b 100644 --- a/external/nss/nss.patch +++ b/external/nss/nss.patch @@ -153,16 +153,3 @@ #! gmake # # This Source Code Form is subject to the terms of the Mozilla Public -@@ -89,10 +91,10 @@ - NSPR_CONFIGURE_ENV = CC=gcc CXX=g++ - endif - ifdef CC --NSPR_CONFIGURE_ENV = CC=$(CC) -+NSPR_CONFIGURE_ENV = CC="$(CC) " - endif - ifdef CCC --NSPR_CONFIGURE_ENV += CXX=$(CCC) -+NSPR_CONFIGURE_ENV += CXX="$(CCC) " - endif - # Remove -arch definitions. NSPR can't handle that. - NSPR_CONFIGURE_ENV := $(filter-out -arch x86_64,$(NSPR_CONFIGURE_ENV)) |