From 42b643c2e593b8b30131b1c3ac2d3ea8397c6a93 Mon Sep 17 00:00:00 2001
From: Michael Stahl <michael.stahl@allotropia.de>
Date: Tue, 19 Oct 2021 15:17:39 +0200
Subject: nss: upgrade to release 3.73

Fixes:
CVE-2021-43527 Memory corruption via DER-encoded DSA and RSA-PSS signatures

Includes: nss: upgrade to release 3.71

* external/nss/nss.getopt.patch.0: fixed upstream
* external/nss/nss-win-arm64.patch: fixed upstream
* external/nss/nss_macosx.patch: one hunk was fixed upstream

Conflicts:
     download.lst

Reviewed-on: https://gerrit.libreoffice.org/c/core/+/126218
Tested-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
(cherry picked from commit c8e21d246bcb4289cb25c82be440cd07b7418436)

Change-Id: I5c3f169c57fc2763029b07ad7e325b2f53b7e28f
---
 download.lst                        |  4 ++--
 external/nss/UnpackedTarball_nss.mk |  1 -
 external/nss/nss-android.patch.1    |  6 +++---
 external/nss/nss-ios.patch          |  6 +++---
 external/nss/nss.getopt.patch.0     | 25 -------------------------
 5 files changed, 8 insertions(+), 34 deletions(-)
 delete mode 100644 external/nss/nss.getopt.patch.0

diff --git a/download.lst b/download.lst
index e48ae7d321cb..7d43620e1b7b 100644
--- a/download.lst
+++ b/download.lst
@@ -203,8 +203,8 @@ export MYTHES_SHA256SUM := 1e81f395d8c851c3e4e75b568e20fa2fa549354e75ab397f9de4b
 export MYTHES_TARBALL := a8c2c5b8f09e7ede322d5c602ff6a4b6-mythes-1.2.4.tar.gz
 export NEON_SHA256SUM := db0bd8cdec329b48f53a6f00199c92d5ba40b0f015b153718d1b15d3d967fbca
 export NEON_TARBALL := neon-0.30.2.tar.gz
-export NSS_SHA256SUM := ec6032d78663c6ef90b4b83eb552dedf721d2bce208cec3bf527b8f637db7e45
-export NSS_TARBALL := nss-3.55-with-nspr-4.27.tar.gz
+export NSS_SHA256SUM := 07a9e5b70f121a62706140d4cacc3006d3efb869da40f3a2bf7a65d37847f4d9
+export NSS_TARBALL := nss-3.73-with-nspr-4.32.tar.gz
 export ODFGEN_SHA256SUM := 2c7b21892f84a4c67546f84611eccdad6259875c971e98ddb027da66ea0ac9c2
 export ODFGEN_VERSION_MICRO := 6
 export ODFGEN_TARBALL := libodfgen-0.1.$(ODFGEN_VERSION_MICRO).tar.bz2
diff --git a/external/nss/UnpackedTarball_nss.mk b/external/nss/UnpackedTarball_nss.mk
index b6fcd1346b82..8fa1edd530cc 100644
--- a/external/nss/UnpackedTarball_nss.mk
+++ b/external/nss/UnpackedTarball_nss.mk
@@ -24,7 +24,6 @@ $(eval $(call gb_UnpackedTarball_add_patches,nss,\
     external/nss/nss.bzmozilla1238154.patch \
 	external/nss/nss-bz1646594.patch.1 \
     external/nss/macos-dlopen.patch.0 \
-	external/nss/nss.getopt.patch.0 \
     $(if $(filter iOS,$(OS)), \
         external/nss/nss-ios.patch) \
     $(if $(filter ANDROID,$(OS)), \
diff --git a/external/nss/nss-android.patch.1 b/external/nss/nss-android.patch.1
index 9b120d63ab8c..828892533781 100644
--- a/external/nss/nss-android.patch.1
+++ b/external/nss/nss-android.patch.1
@@ -10,9 +10,9 @@ diff -ur nss.org/nspr/build/autoconf/config.sub nss/nspr/build/autoconf/config.s
 +if test $1 = "i686-pc-linux-android"; then echo $1; exit; fi
 +if test $1 = "x86_64-pc-linux-android"; then echo $1; exit; fi
 +
- # Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any).
- # Here we must recognize all the valid KERNEL-OS combinations.
- maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
+ # Split fields of configuration type
+ # shellcheck disable=SC2162
+ IFS="-" read field1 field2 field3 field4 <<EOF
 diff -ur nss.org/nspr/configure nss/nspr/configure
 --- nss.org/nspr/configure	2017-09-07 15:29:45.018246359 +0200
 +++ nss/nspr/configure	2017-09-07 15:31:47.604075663 +0200
diff --git a/external/nss/nss-ios.patch b/external/nss/nss-ios.patch
index 65115a96e806..da09b8d8edf8 100644
--- a/external/nss/nss-ios.patch
+++ b/external/nss/nss-ios.patch
@@ -193,9 +193,9 @@
 +if test $1 = "arm64-apple-darwin"; then echo $1; exit; fi
 +if test $1 = "aarch64-apple-darwin"; then echo $1; exit; fi
 +
- # Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any).
- # Here we must recognize all the valid KERNEL-OS combinations.
- maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
+ # Split fields of configuration type
+ # shellcheck disable=SC2162
+ IFS="-" read field1 field2 field3 field4 <<EOF
 --- a/a/nspr/config/autoconf.mk.in
 +++ a/a/nspr/config/autoconf.mk.in
 @@ -67,7 +67,7 @@
diff --git a/external/nss/nss.getopt.patch.0 b/external/nss/nss.getopt.patch.0
deleted file mode 100644
index aeabb33f9b97..000000000000
--- a/external/nss/nss.getopt.patch.0
+++ /dev/null
@@ -1,25 +0,0 @@
-# pr/tests/sel_spd.c:427:20: error: implicit declaration of function 'getopt' is invalid in C99 [-Werror,-Wimplicit-function-declaration]
---- nspr/pr/tests/sel_spd.c
-+++ nspr/pr/tests/sel_spd.c
-@@ -15,6 +15,9 @@
- #include <stdio.h>
- #include <errno.h>
- #include <string.h>
-+
-+extern char *optarg;
-+int getopt(int argc, char *const argv[], const char *optstring);
- 
- #ifdef DEBUG
- #define PORT_INC_DO +100
---- nspr/pr/tests/testfile.c
-+++ nspr/pr/tests/testfile.c
-@@ -23,6 +23,9 @@
- #include <getopt.h>
- #include <errno.h>
- #endif /* XP_OS2 */
-+
-+extern char *optarg;
-+int getopt(int argc, char *const argv[], const char *optstring);
- 
- static int _debug_on = 0;
-
-- 
cgit