From 65e38169a7edff860082509a596105deaf4afb7c Mon Sep 17 00:00:00 2001 From: Don Lewis Date: Mon, 18 Jul 2016 07:09:58 +0000 Subject: #i126891# bundled nss-3.14.4-with-nspr-4.9.5 has many security vulnerabilities Upgrade bundled nss-3.14.4-with-nspr-4.9.5 to nss-3.25-with-nspr-4.12. These CVEs have been fixed since nss-3.14.4 was released: CVE-2014-1533 CVE-2014-1534 CVE-2014-1536 CVE-2014-1537 CVE-2014-1540 CVE-2014-1541 CVE-2014-1542 CVE-2014-1543 CVE-2014-1544 CVE-2014-1545 CVE-2014-1547 CVE-2014-1548 CVE-2014-1549 CVE-2014-1550 CVE-2014-1551 CVE-2014-1552 CVE-2014-1555 CVE-2014-1556 CVE-2014-1557 CVE-2014-1558 CVE-2014-1559 CVE-2014-1560 CVE-2014-1561 CVE-2014-1568 CVE-2014-1569 CVE-2014-1587 CVE-2014-1588 CVE-2014-1589 CVE-2014-1590 CVE-2014-1591 CVE-2014-1592 CVE-2014-1593 CVE-2014-1594 CVE-2014-1595 CVE-2015-4513 CVE-2015-4514 CVE-2015-4515 CVE-2015-4518 CVE-2015-7181 CVE-2015-7182 CVE-2015-7183 CVE-2015-7185 CVE-2015-7186 CVE-2015-7187 CVE-2015-7188 CVE-2015-7189 CVE-2015-7190 CVE-2015-7191 CVE-2015-7192 CVE-2015-7193 CVE-2015-7194 CVE-2015-7195 CVE-2015-7196 CVE-2015-7197 CVE-2015-7198 CVE-2015-7199 CVE-2015-7200 CVE-2015-7575 CVE-2016-1938 CVE-2016-1950 CVE-2016-1978 CVE-2016-1979 Whether any of these actually impacts OpenOffice is not known. Rebase the nss patches to the new version and move any non-conflicting changes from the platform-specific patch files to nss.patch. The nss.patch.mingw file was already out of date and was not updated. Disable nss tests which require at least partial c++11 (-stdc++0x) support because they use nullptr. This reportedly requires at least gcc 4.6, which is newer that some of what is provided by some of our supported platforms. Fix build issue on FreeBSD 11.0 and other platforms with picky compilers. The result of shifting a negative signed value is undefined in C and C++. The generated code does the expected thing in my experience and this construct just generates a compiler warning, but nss-3.24/nss/lib/zlib/inflate.c is compiled with -Werror, which breaks the build. Fix the issue by doing the calculations using the equivalent unsigned type. The function return should probably also be changed, but that is more invasive. Patch pratom.h to no include inside an extern "C" block because it breaks the build on Windows. Recent versions of nss include a new shared library, libfreeblpriv3.so, so package it so that it gets installed. Temporarily change nss download URL from https to http to avoid breaking bootstrap on the buildbots. --- scp2/source/ooo/file_library_ooo.scp | 1 + 1 file changed, 1 insertion(+) (limited to 'scp2') diff --git a/scp2/source/ooo/file_library_ooo.scp b/scp2/source/ooo/file_library_ooo.scp index 4c6bca65d1bd..195856388374 100644 --- a/scp2/source/ooo/file_library_ooo.scp +++ b/scp2/source/ooo/file_library_ooo.scp @@ -1643,6 +1643,7 @@ SPECIAL_LIB_FILE( gid_File_Lib_AVMediaWin, avmediawin ) #ifdef BUNDLE_NSS_LIBS STD_LIB_FILE( gid_File_Lib_Freebl3, freebl3) +STD_LIB_FILE( gid_File_Lib_Freeblpriv3, freeblpriv3) STD_LIB_FILE( gid_File_Lib_Nspr4, nspr4) STD_LIB_FILE( gid_File_Lib_Nss3, nss3) STD_LIB_FILE( gid_File_Lib_Nsckbi, nssckbi) -- cgit