summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichael Stahl <michael.stahl@allotropia.de>2022-06-01 12:14:44 +0200
committerMichael Stahl <michael.stahl@allotropia.de>2022-06-08 11:31:59 +0200
commit25f83bb81ac6bc043b31f2eb8d9614ddac3ff232 (patch)
tree2e4cfe9187365d44d69ebe8898ad90e072896bcf
parentFix leak with stock widgets in a dialog from an extension (diff)
downloadcore-25f83bb81ac6bc043b31f2eb8d9614ddac3ff232.tar.gz
core-25f83bb81ac6bc043b31f2eb8d9614ddac3ff232.zip
nss: upgrade to release 3.79
Fixes CVE-2022-1097 and moz#1767590 "memory safety violations" Reviewed-on: https://gerrit.libreoffice.org/c/core/+/135234 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.stahl@allotropia.de> Signed-off-by: Xisco Fauli <xiscofauli@libreoffice.org> Reviewed-on: https://gerrit.libreoffice.org/c/core/+/135248 Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com> (cherry picked from commit bb5216e345c42be440bce60b127af517c036c8ef) Change-Id: I6895f066ad943402231b616dae0d7ed6f5678b5e
-rw-r--r--download.lst4
-rw-r--r--external/nss/asan.patch.14
-rw-r--r--external/nss/nss.patch6
3 files changed, 7 insertions, 7 deletions
diff --git a/download.lst b/download.lst
index d1c4c4e94bb2..09168e9bde06 100644
--- a/download.lst
+++ b/download.lst
@@ -181,8 +181,8 @@ export MYTHES_SHA256SUM := 1e81f395d8c851c3e4e75b568e20fa2fa549354e75ab397f9de4b
export MYTHES_TARBALL := a8c2c5b8f09e7ede322d5c602ff6a4b6-mythes-1.2.4.tar.gz
export NEON_SHA256SUM := db0bd8cdec329b48f53a6f00199c92d5ba40b0f015b153718d1b15d3d967fbca
export NEON_TARBALL := neon-0.30.2.tar.gz
-export NSS_SHA256SUM := 07a9e5b70f121a62706140d4cacc3006d3efb869da40f3a2bf7a65d37847f4d9
-export NSS_TARBALL := nss-3.73-with-nspr-4.32.tar.gz
+export NSS_SHA256SUM := 5369ed274a19f480ec94e1faef04da63e3cbac1a82e15bb1751e58b2f274b835
+export NSS_TARBALL := nss-3.79-with-nspr-4.34.tar.gz
export ODFGEN_SHA256SUM := 55200027fd46623b9bdddd38d275e7452d1b0ff8aeddcad6f9ae6dc25f610625
export ODFGEN_VERSION_MICRO := 8
export ODFGEN_TARBALL := libodfgen-0.1.$(ODFGEN_VERSION_MICRO).tar.xz
diff --git a/external/nss/asan.patch.1 b/external/nss/asan.patch.1
index 7dfd6ed4e782..ce584a34a3b5 100644
--- a/external/nss/asan.patch.1
+++ b/external/nss/asan.patch.1
@@ -7,6 +7,6 @@ diff -ur nss.org/nss/coreconf/Linux.mk nss/nss/coreconf/Linux.mk
# against the libsanitizer runtime built into the main executable.
-ZDEFS_FLAG = -Wl,-z,defs
+ZDEFS_FLAG =
- DSO_LDOPTS += $(if $(findstring 2.11.90.0.8,$(shell ld -v)),,$(ZDEFS_FLAG)) $(if $(filter-out $(OS),ANDROID),-Wl$(COMMA)-z$(COMMA)origin '-Wl$(COMMA)-rpath$(COMMA)$$ORIGIN')
- LDFLAGS += $(ARCHFLAG) -z noexecstack
+ DSO_LDOPTS += $(if $(findstring 2.11.90.0.8,$(shell $(LD) -v)),,$(ZDEFS_FLAG)) $(if $(filter-out $(OS),ANDROID),-Wl$(COMMA)-z$(COMMA)origin '-Wl$(COMMA)-rpath$(COMMA)$$ORIGIN')
+ LDFLAGS += $(ARCHFLAG) -z noexecstack
diff --git a/external/nss/nss.patch b/external/nss/nss.patch
index d9aaee5199bb..66fbe37dc5ed 100644
--- a/external/nss/nss.patch
+++ b/external/nss/nss.patch
@@ -87,9 +87,9 @@
# Also, -z defs conflicts with Address Sanitizer, which emits relocations
# against the libsanitizer runtime built into the main executable.
ZDEFS_FLAG = -Wl,-z,defs
--DSO_LDOPTS += $(if $(findstring 2.11.90.0.8,$(shell ld -v)),,$(ZDEFS_FLAG))
-+DSO_LDOPTS += $(if $(findstring 2.11.90.0.8,$(shell ld -v)),,$(ZDEFS_FLAG)) $(if $(filter-out $(OS),ANDROID),-Wl$(COMMA)-z$(COMMA)origin '-Wl$(COMMA)-rpath$(COMMA)$$ORIGIN')
- LDFLAGS += $(ARCHFLAG) -z noexecstack
+-DSO_LDOPTS += $(if $(findstring 2.11.90.0.8,$(shell $(LD) -v)),,$(ZDEFS_FLAG))
++DSO_LDOPTS += $(if $(findstring 2.11.90.0.8,$(shell $(LD) -v)),,$(ZDEFS_FLAG)) $(if $(filter-out $(OS),ANDROID),-Wl$(COMMA)-z$(COMMA)origin '-Wl$(COMMA)-rpath$(COMMA)$$ORIGIN')
+ LDFLAGS += $(ARCHFLAG) -z noexecstack
# On Maemo, we need to use the -rpath-link flag for even the standard system
@@ -177,8 +177,13 @@