diff options
| author | Michael Stahl <michael.stahl@allotropia.de> | 2021-10-19 15:17:39 +0200 |
|---|---|---|
| committer | Thorsten Behrens <thorsten.behrens@allotropia.de> | 2021-12-04 00:37:11 +0100 |
| commit | 5a2b7d080fd3a373c74d9d61a5e3f5afc5932b9e (patch) | |
| tree | 3ba9417e205400dcb9115f17de4b743113b799e0 | |
| parent | docx export: preserve spaces in field instructions (diff) | |
| download | core-5a2b7d080fd3a373c74d9d61a5e3f5afc5932b9e.tar.gz core-5a2b7d080fd3a373c74d9d61a5e3f5afc5932b9e.zip | |
nss: upgrade to release 3.73
Fixes:
CVE-2021-43527 Memory corruption via DER-encoded DSA and RSA-PSS signatures
Need adding NSS_DISABLE_AVX2 for old vs2015 windows builds.
Includes: nss: upgrade to release 3.71
Conflicts:
download.lst
Change-Id: I5c3f169c57fc2763029b07ad7e325b2f53b7e28f
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/126218
Tested-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
(cherry picked from commit c8e21d246bcb4289cb25c82be440cd07b7418436)
(cherry picked from commit c0be9f7f82d3e9e371b3b08585ad15dd31ebd786)
| -rw-r--r-- | download.lst | 4 | ||||
| -rw-r--r-- | external/nss/ExternalProject_nss.mk | 1 | ||||
| -rw-r--r-- | external/nss/UnpackedTarball_nss.mk | 2 | ||||
| -rw-r--r-- | external/nss/nss-android.patch.1 | 6 | ||||
| -rw-r--r-- | external/nss/nss-ios.patch | 112 |
5 files changed, 6 insertions, 119 deletions
diff --git a/download.lst b/download.lst index d20af4b159f7..bc4d609efa07 100644 --- a/download.lst +++ b/download.lst @@ -181,8 +181,8 @@ export MYTHES_SHA256SUM := 1e81f395d8c851c3e4e75b568e20fa2fa549354e75ab397f9de4b export MYTHES_TARBALL := a8c2c5b8f09e7ede322d5c602ff6a4b6-mythes-1.2.4.tar.gz export NEON_SHA256SUM := db0bd8cdec329b48f53a6f00199c92d5ba40b0f015b153718d1b15d3d967fbca export NEON_TARBALL := neon-0.30.2.tar.gz -export NSS_SHA256SUM := ec6032d78663c6ef90b4b83eb552dedf721d2bce208cec3bf527b8f637db7e45 -export NSS_TARBALL := nss-3.55-with-nspr-4.27.tar.gz +export NSS_SHA256SUM := 07a9e5b70f121a62706140d4cacc3006d3efb869da40f3a2bf7a65d37847f4d9 +export NSS_TARBALL := nss-3.73-with-nspr-4.32.tar.gz export ODFGEN_SHA256SUM := 55200027fd46623b9bdddd38d275e7452d1b0ff8aeddcad6f9ae6dc25f610625 export ODFGEN_VERSION_MICRO := 8 export ODFGEN_TARBALL := libodfgen-0.1.$(ODFGEN_VERSION_MICRO).tar.xz diff --git a/external/nss/ExternalProject_nss.mk b/external/nss/ExternalProject_nss.mk index 4e17c1d4d04f..132ce96ce9da 100644 --- a/external/nss/ExternalProject_nss.mk +++ b/external/nss/ExternalProject_nss.mk @@ -22,6 +22,7 @@ $(call gb_ExternalProject_get_state_target,nss,build): \ $(call gb_ExternalProject_run,build,\ $(if $(MSVC_USE_DEBUG_RUNTIME),USE_DEBUG_RTL=1,BUILD_OPT=1) \ OS_TARGET=WIN95 \ + NSS_DISABLE_AVX2=1 \ $(if $(filter X86_64,$(CPUNAME)),USE_64=1) \ LIB="$(ILIB)" \ XCFLAGS="-arch:SSE $(SOLARINC)" \ diff --git a/external/nss/UnpackedTarball_nss.mk b/external/nss/UnpackedTarball_nss.mk index 2e6e7f80e3ee..7125ac156954 100644 --- a/external/nss/UnpackedTarball_nss.mk +++ b/external/nss/UnpackedTarball_nss.mk @@ -21,8 +21,6 @@ $(eval $(call gb_UnpackedTarball_add_patches,nss,\ external/nss/clang-cl.patch.0 \ external/nss/nss.vs2015.patch \ external/nss/nss.vs2015.pdb.patch \ - $(if $(filter iOS,$(OS)), \ - external/nss/nss-ios.patch) \ $(if $(filter ANDROID,$(OS)), \ external/nss/nss-android.patch.1) \ $(if $(filter MSC-INTEL,$(COM)-$(CPUNAME)), \ diff --git a/external/nss/nss-android.patch.1 b/external/nss/nss-android.patch.1 index d37c70f16ace..41a45adaed78 100644 --- a/external/nss/nss-android.patch.1 +++ b/external/nss/nss-android.patch.1 @@ -8,9 +8,9 @@ diff -ur nss.org/nspr/build/autoconf/config.sub nss/nspr/build/autoconf/config.s +if test $1 = "arm-unknown-linux-androideabi"; then echo $1; exit; fi +if test $1 = "i686-pc-linux-android"; then echo $1; exit; fi + - # Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any). - # Here we must recognize all the valid KERNEL-OS combinations. - maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` + # Split fields of configuration type + # shellcheck disable=SC2162 + IFS="-" read field1 field2 field3 field4 <<EOF diff -ur nss.org/nspr/configure nss/nspr/configure --- nss.org/nspr/configure 2017-09-07 15:29:45.018246359 +0200 +++ nss/nspr/configure 2017-09-07 15:31:47.604075663 +0200 diff --git a/external/nss/nss-ios.patch b/external/nss/nss-ios.patch deleted file mode 100644 index 9d4af2c724e9..000000000000 --- a/external/nss/nss-ios.patch +++ /dev/null @@ -1,112 +0,0 @@ ---- a/a/nspr/config/autoconf.mk.in -+++ a/a/nspr/config/autoconf.mk.in -@@ -67,7 +67,7 @@ - MSC_VER = @MSC_VER@ - AR = @AR@ - AR_FLAGS = @AR_FLAGS@ --LD = @LD@ -+LD = echo - RANLIB = @RANLIB@ - PERL = @PERL@ - RC = @RC@ ---- a/a/nspr/configure -+++ a/a/nspr/configure -@@ -755,7 +755,7 @@ - OBJDIR='$(OBJDIR_NAME)' - OBJDIR_NAME=. - OBJDIR_SUFFIX=OBJ --NSINSTALL='$(MOD_DEPTH)/config/$(OBJDIR_NAME)/nsinstall' -+NSINSTALL=${NSINSTALL?'$(MOD_DEPTH)/config/$(OBJDIR_NAME)/nsinstall'} - NOSUCHFILE=/no-such-file - LIBNSPR='-L$(dist_libdir) -lnspr$(MOD_MAJOR_VERSION)' - LIBPLC='-L$(dist_libdir) -lplc$(MOD_MAJOR_VERSION)' -@@ -3060,7 +3060,7 @@ - LIB_SUFFIX=a - DLL_SUFFIX=so - ASM_SUFFIX=s --MKSHLIB='$(LD) $(DSO_LDOPTS) -o $@' -+MKSHLIB='touch $@; echo' - PR_MD_ASFILES= - PR_MD_CSRCS= - PR_MD_ARCH_DIR=unix -@@ -3904,7 +3904,7 @@ - DSO_CFLAGS=-fPIC - DSO_LDOPTS='-dynamiclib -compatibility_version 1 -current_version 1 -all_load -install_name @__________________________________________________OOO/$@ -headerpad_max_install_names' - _OPTIMIZE_FLAGS=-O2 -- MKSHLIB='$(CC) $(DSO_LDOPTS) -o $@' -+ MKSHLIB=touch $@ - STRIP="$STRIP -x -S" - DLL_SUFFIX=dylib - USE_PTHREADS=1 ---- a/a/nss/coreconf/ruleset.mk -+++ a/a/nss/coreconf/ruleset.mk -@@ -68,7 +68,7 @@ - endif - - ifeq ($(MKPROG),) -- MKPROG = $(CC) -+ MKPROG = touch $@; echo - endif - - # ---- a/a/nss/coreconf/Darwin.mk -+++ a/a/nss/coreconf/Darwin.mk -@@ -124,7 +124,7 @@ - DSO_LDOPTS += --coverage - endif - --MKSHLIB = $(CC) $(DSO_LDOPTS) $(DARWIN_SDK_SHLIBFLAGS) -+MKSHLIB = touch $@; echo - DLL_SUFFIX = dylib - ifdef MAPFILE - MKSHLIB += -exported_symbols_list $(MAPFILE) ---- a/a/nss/coreconf/UNIX.mk -+++ a/a/nss/coreconf/UNIX.mk -@@ -21,10 +21,14 @@ - - ifdef BUILD_TREE - NSINSTALL_DIR = $(BUILD_TREE)/nss -+ifndef NSINSTALL - NSINSTALL = $(BUILD_TREE)/nss/nsinstall -+endif - else - NSINSTALL_DIR = $(CORE_DEPTH)/coreconf/nsinstall -+ifndef NSINSTALL - NSINSTALL = $(NSINSTALL_DIR)/$(OBJDIR_NAME)/nsinstall -+endif - endif - - MKDEPEND_DIR = $(CORE_DEPTH)/coreconf/mkdepend ---- a/a/nspr/pr/include/md/_darwin.h -+++ a/a/nspr/pr/include/md/_darwin.h -@@ -26,6 +26,8 @@ - #define _PR_SI_ARCHITECTURE "ppc" - #elif defined(__arm__) - #define _PR_SI_ARCHITECTURE "arm" -+#elif defined(__arm64__) -+#define _PR_SI_ARCHITECTURE "arm64" - #elif defined(__aarch64__) - #define _PR_SI_ARCHITECTURE "aarch64" - #else ---- a/a/nspr/pr/src/Makefile.in -+++ a/a/nspr/pr/src/Makefile.in -@@ -180,7 +180,7 @@ - endif - - ifeq ($(OS_TARGET),MacOSX) --OS_LIBS = -framework CoreServices -framework CoreFoundation -+OS_LIBS = -framework CoreFoundation - endif - - EXTRA_LIBS += $(OS_LIBS) ---- a/a/nss/cmd/shlibsign/sign.sh -+++ a/a/nss/cmd/shlibsign/sign.sh -@@ -2,6 +2,8 @@ - # This Source Code Form is subject to the terms of the Mozilla Public - # License, v. 2.0. If a copy of the MPL was not distributed with this - # file, You can obtain one at http://mozilla.org/MPL/2.0/. -+ -+exit 0 - - # arguments: - # 1: full path to DIST/OBJDIR (parent dir of "lib") |