diff options
| author | Michael Stahl <Michael.Stahl@cib.de> | 2020-08-07 18:57:00 +0200 |
|---|---|---|
| committer | Vasily Melenchuk <vasily.melenchuk@cib.de> | 2021-03-29 09:57:23 +0300 |
| commit | 9150f466d49e857be5e9013f44af43722c42f055 (patch) | |
| tree | d7ee348fb1ac339f59535820c23194dc58e2c54e /external | |
| parent | 6ec407b4a0ec246105c3f44d404ba32533153617 (diff) | |
nss: upgrade to release 3.55.0
Fixes CVE-2020-6829, CVE-2020-12400 CVE-2020-12401 CVE-2020-12403.
(also CVE-2020-12402 CVE-2020-12399 in older releases since 3.47)
* external/nss/nss.nspr-parallel-win-debug_build.patch:
remove, merged upstream
Change-Id: I8b48e25ce68a2327cde1420abdaea8f9e51a7888
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/100345
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@cib.de>
(cherry picked from commit 495a5944a3d442cfe748a3bb0dcef76f6a961d30)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/100420
Reviewed-by: Xisco Fauli <xiscofauli@libreoffice.org>
(cherry picked from commit 227d30a3a17f2fffb1a166cdc3e2a796bb335214)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/100590
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
(cherry picked from commit 94cecbfdf3cf01fe3d5658c7edf78696da2a249f)
Diffstat (limited to 'external')
| -rw-r--r-- | external/nss/UnpackedTarball_nss.mk | 3 | ||||
| -rw-r--r-- | external/nss/macos-dlopen.patch.0 | 25 |
2 files changed, 28 insertions, 0 deletions
diff --git a/external/nss/UnpackedTarball_nss.mk b/external/nss/UnpackedTarball_nss.mk index 0ac6717503b9..e579950183f7 100644 --- a/external/nss/UnpackedTarball_nss.mk +++ b/external/nss/UnpackedTarball_nss.mk @@ -22,6 +22,9 @@ $(eval $(call gb_UnpackedTarball_add_patches,nss,\ external/nss/nss.vs2015.patch) \ external/nss/ubsan.patch.0 \ external/nss/clang-cl.patch.0 \ + external/nss/nss.vs2015.patch \ + external/nss/nss.vs2015.pdb.patch \ + external/nss/macos-dlopen.patch.0 \ $(if $(filter iOS,$(OS)), \ external/nss/nss-ios.patch) \ $(if $(filter MSC-INTEL,$(COM)-$(CPUNAME)), \ diff --git a/external/nss/macos-dlopen.patch.0 b/external/nss/macos-dlopen.patch.0 new file mode 100644 index 000000000000..1889b8df7cd3 --- /dev/null +++ b/external/nss/macos-dlopen.patch.0 @@ -0,0 +1,25 @@ +--- nspr/pr/src/linking/prlink.c ++++ nspr/pr/src/linking/prlink.c +@@ -799,7 +799,7 @@ + * The reason is that DARWIN's dlopen ignores the provided path + * and checks for the plain filename in DYLD_LIBRARY_PATH, + * which could load an unexpected version of a library. */ +- if (strchr(name, PR_DIRECTORY_SEPARATOR) == NULL) { ++ if (strchr(name, PR_DIRECTORY_SEPARATOR) == NULL || strncmp(name, "@loader_path/", 13) == 0) { + /* no slash, allow to load from any location */ + okToLoad = PR_TRUE; + } else { +--- nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpcertstore.c ++++ nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpcertstore.c +@@ -224,7 +224,11 @@ + static PRStatus PR_CALLBACK pkix_getDecodeFunction(void) + { + pkix_decodeFunc.smimeLib = ++#if defined DARWIN ++ PR_LoadLibrary("@loader_path/" SHLIB_PREFIX"smime3."SHLIB_SUFFIX); ++#else + PR_LoadLibrary(SHLIB_PREFIX"smime3."SHLIB_SUFFIX); ++#endif + if (pkix_decodeFunc.smimeLib == NULL) { + return PR_FAILURE; + } |