nss: upgrade to release 3.55.0

Fixes CVE-2020-6829, CVE-2020-12400 CVE-2020-12401 CVE-2020-12403. (also CVE-2020-12402 CVE-2020-12399 in older releases since 3.47) * external/nss/nss.nspr-parallel-win-debug_build.patch: remove, merged upstream Change-Id: I8b48e25ce68a2327cde1420abdaea8f9e51a7888 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/100345 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.stahl@cib.de>
author: Michael Stahl <Michael.Stahl@cib.de> 2020-08-07 18:57:00 +0200
committer: Michael Stahl <michael.stahl@cib.de> 2020-08-10 11:39:38 +0200
commit: 495a5944a3d442cfe748a3bb0dcef76f6a961d30 (patch)
tree: c525b0b6c100507ad473238438db63a6dbc2f4b1 /external
parent: 6ad2f463784a24c566477cdd60ae729651bb8564 (diff)
3 files changed, 9 insertions, 50 deletions
diff --git a/external/nss/UnpackedTarball_nss.mk b/external/nss/UnpackedTarball_nss.mk
index 5904e267b668..beb9afe11890 100644
--- a/external/nss/UnpackedTarball_nss.mk
+++ b/external/nss/UnpackedTarball_nss.mk
@@ -25,7 +25,6 @@ $(eval $(call gb_UnpackedTarball_add_patches,nss,\
     external/nss/nss.vs2015.pdb.patch \
     external/nss/nss.bzmozilla1238154.patch \
     external/nss/macos-dlopen.patch.0 \
-    external/nss/nss.nspr-parallel-win-debug_build.patch \
 	external/nss/nss.getopt.patch.0 \
     $(if $(filter iOS,$(OS)), \
         external/nss/nss-ios.patch) \
diff --git a/external/nss/macos-dlopen.patch.0 b/external/nss/macos-dlopen.patch.0
index 8c484e4c6841..1889b8df7cd3 100644
--- a/external/nss/macos-dlopen.patch.0
+++ b/external/nss/macos-dlopen.patch.0
@@ -1,14 +1,14 @@
 --- nspr/pr/src/linking/prlink.c
 +++ nspr/pr/src/linking/prlink.c
-@@ -793,7 +793,7 @@
-         /* ensure the file exists if it contains a slash character i.e. path */
-         /* DARWIN's dlopen ignores the provided path and checks for the */
-         /* plain filename in DYLD_LIBRARY_PATH */
--        if (strchr(name, PR_DIRECTORY_SEPARATOR) == NULL ||
-+        if (strchr(name, PR_DIRECTORY_SEPARATOR) == NULL || strncmp(name, "@loader_path/", 13) == 0 ||
-             PR_Access(name, PR_ACCESS_EXISTS) == PR_SUCCESS) {
-             h = dlopen(name, dl_flags);
-         }
+@@ -799,7 +799,7 @@
+          * The reason is that DARWIN's dlopen ignores the provided path
+          * and checks for the plain filename in DYLD_LIBRARY_PATH,
+          * which could load an unexpected version of a library. */
+-        if (strchr(name, PR_DIRECTORY_SEPARATOR) == NULL) {
++        if (strchr(name, PR_DIRECTORY_SEPARATOR) == NULL || strncmp(name, "@loader_path/", 13) == 0) {
+           /* no slash, allow to load from any location */
+           okToLoad = PR_TRUE;
+         } else {
 --- nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpcertstore.c
 +++ nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpcertstore.c
 @@ -224,7 +224,11 @@
diff --git a/external/nss/nss.nspr-parallel-win-debug_build.patch b/external/nss/nss.nspr-parallel-win-debug_build.patch
deleted file mode 100644
index 86b55e1ccf7f..000000000000
--- a/external/nss/nss.nspr-parallel-win-debug_build.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-Änderung:        4866:23940b78e965
-Nutzer:          Jan-Marek Glogowski <glogow@fbihome.de>
-Datum:           Fri May 01 22:50:55 2020 +0000
-Dateien:         pr/tests/Makefile.in
-Beschreibung:
-Bug 290526 Write separate PDBs for test OBJs r=glandium
-
-Quite often when running a parallel NSS build, I get the following
-compiler error message, resulting in a build failure, despite
-compiling with the -FS flag:
-
-.../nss/nspr/pr/tests/zerolen.c: fatal error C1041:
-Programmdatenbank "...\nss\nspr\out\pr\tests\vc140.pdb" kann nicht
-ge<94>ffnet werden; verwenden Sie /FS, wenn mehrere CL.EXE in
-dieselbe .PDB-Datei schreiben.
-
-The failing source file is always one of the last test object
-files. But the actual problem is not the compiler accessing the
-PDB file, but the linker already linking the first test
-executables accessing the shared PDB; at least that's my guess.
-
-So instead of using a shared PDB for all test object files, this
-uses -Fd$(@:.$(OBJ_SUFFIX)=.pdb) to write a separate PDB for every
-test's object file. The linker works fine with the shared OBJ PDB.
-
-Differential Revision: https://phabricator.services.mozilla.com/D68693
-
-
-diff -r 219d131499d5 -r 23940b78e965 nss/nspr/pr/tests/Makefile.in
---- a/nss/nspr/pr/tests/Makefile.in	Mon Feb 10 20:58:42 2020 +0000
-+++ b/nss/nspr/pr/tests/Makefile.in	Fri May 01 22:50:55 2020 +0000
-@@ -211,6 +211,7 @@
- else
-   EXTRA_LIBS += ws2_32.lib
-   LDOPTS = -NOLOGO -DEBUG -DEBUGTYPE:CV -INCREMENTAL:NO
-+  CFLAGS += -Fd$(@:.$(OBJ_SUFFIX)=.pdb)
-   ifdef PROFILE
-     LDOPTS += -PROFILE -MAP
-   endif # profile
-
author	Michael Stahl <Michael.Stahl@cib.de>	2020-08-07 18:57:00 +0200
committer	Michael Stahl <michael.stahl@cib.de>	2020-08-10 11:39:38 +0200
commit	495a5944a3d442cfe748a3bb0dcef76f6a961d30 (patch)
tree	c525b0b6c100507ad473238438db63a6dbc2f4b1 /external
parent	6ad2f463784a24c566477cdd60ae729651bb8564 (diff)