diff options
| author | Michael Stahl <michael.stahl@allotropia.de> | 2022-06-01 12:14:44 +0200 |
|---|---|---|
| committer | Michael Stahl <michael.stahl@allotropia.de> | 2022-06-01 15:38:14 +0200 |
| commit | 9b453e699ff53253ddc2562435dc2b91d883b1df (patch) | |
| tree | 4b74e676a7b3ad70faa000ec804a7cfe03cf72b3 /external | |
| parent | 7e1108f6ec9b959f9b4c0917a0fc18c1dd801ca2 (diff) | |
nss: upgrade to release 3.79
Fixes CVE-2022-1097 and moz#1767590 "memory safety violations"
Change-Id: I6895f066ad943402231b616dae0d7ed6f5678b5e
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/135234
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
Diffstat (limited to 'external')
| -rw-r--r-- | external/nss/asan.patch.1 | 4 | ||||
| -rw-r--r-- | external/nss/nss-ios.patch | 8 | ||||
| -rw-r--r-- | external/nss/nss.patch | 6 |
3 files changed, 9 insertions, 9 deletions
diff --git a/external/nss/asan.patch.1 b/external/nss/asan.patch.1 index 7dfd6ed4e782..ce584a34a3b5 100644 --- a/external/nss/asan.patch.1 +++ b/external/nss/asan.patch.1 @@ -7,6 +7,6 @@ diff -ur nss.org/nss/coreconf/Linux.mk nss/nss/coreconf/Linux.mk # against the libsanitizer runtime built into the main executable. -ZDEFS_FLAG = -Wl,-z,defs +ZDEFS_FLAG = - DSO_LDOPTS += $(if $(findstring 2.11.90.0.8,$(shell ld -v)),,$(ZDEFS_FLAG)) $(if $(filter-out $(OS),ANDROID),-Wl$(COMMA)-z$(COMMA)origin '-Wl$(COMMA)-rpath$(COMMA)$$ORIGIN') - LDFLAGS += $(ARCHFLAG) -z noexecstack + DSO_LDOPTS += $(if $(findstring 2.11.90.0.8,$(shell $(LD) -v)),,$(ZDEFS_FLAG)) $(if $(filter-out $(OS),ANDROID),-Wl$(COMMA)-z$(COMMA)origin '-Wl$(COMMA)-rpath$(COMMA)$$ORIGIN') + LDFLAGS += $(ARCHFLAG) -z noexecstack diff --git a/external/nss/nss-ios.patch b/external/nss/nss-ios.patch index 4263ecbe5f3d..86f85a873810 100644 --- a/external/nss/nss-ios.patch +++ b/external/nss/nss-ios.patch @@ -68,13 +68,13 @@ secmod_LoadPKCS11Module(SECMODModule *mod, SECMODModule **oldModule) { @@ -465,6 +465,7 @@ - /* load the library. If this succeeds, then we have to remember to + /* load the library. If this succeeds, then we have to remember to * unload the library if anything goes wrong from here on out... */ +#ifndef NSS_STATIC_PKCS11 // With NSS_STATIC_PKCS11, the only module wodule we load here is nssckbi - library = PR_LoadLibrary(mod->dllName); - mod->library = (void *)library; - + #if defined(_WIN32) + if (nssUTF8_Length(mod->dllName, NULL)) { + wchar_t *dllNameWide = _NSSUTIL_UTF8ToWide(mod->dllName); @@ -487,6 +487,11 @@ mod->moduleDBFunc = (void *) PR_FindSymbol(library, "NSS_ReturnModuleSpecData"); diff --git a/external/nss/nss.patch b/external/nss/nss.patch index d9aaee5199bb..66fbe37dc5ed 100644 --- a/external/nss/nss.patch +++ b/external/nss/nss.patch @@ -87,9 +87,9 @@ # Also, -z defs conflicts with Address Sanitizer, which emits relocations # against the libsanitizer runtime built into the main executable. ZDEFS_FLAG = -Wl,-z,defs --DSO_LDOPTS += $(if $(findstring 2.11.90.0.8,$(shell ld -v)),,$(ZDEFS_FLAG)) -+DSO_LDOPTS += $(if $(findstring 2.11.90.0.8,$(shell ld -v)),,$(ZDEFS_FLAG)) $(if $(filter-out $(OS),ANDROID),-Wl$(COMMA)-z$(COMMA)origin '-Wl$(COMMA)-rpath$(COMMA)$$ORIGIN') - LDFLAGS += $(ARCHFLAG) -z noexecstack +-DSO_LDOPTS += $(if $(findstring 2.11.90.0.8,$(shell $(LD) -v)),,$(ZDEFS_FLAG)) ++DSO_LDOPTS += $(if $(findstring 2.11.90.0.8,$(shell $(LD) -v)),,$(ZDEFS_FLAG)) $(if $(filter-out $(OS),ANDROID),-Wl$(COMMA)-z$(COMMA)origin '-Wl$(COMMA)-rpath$(COMMA)$$ORIGIN') + LDFLAGS += $(ARCHFLAG) -z noexecstack # On Maemo, we need to use the -rpath-link flag for even the standard system @@ -177,8 +177,13 @@ |