summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Stahl <michael.stahl@allotropia.de>2021-10-19 15:17:39 +0200
committerAndras Timar <andras.timar@collabora.com>2021-12-06 11:24:17 +0100
commitf59e6ad34a2665f1210938781d39e2d854e5f38b (patch)
tree144d89056ca027df0b14f108c8fb2e5fca28b6a6
parent740e89232eb5ffe50a6b08dd9136a5c176092b2f (diff)
nss: upgrade to release 3.73co-6.4-51
Fixes: CVE-2021-43527 Memory corruption via DER-encoded DSA and RSA-PSS signatures Includes: nss: upgrade to release 3.71 * external/nss/nss.getopt.patch.0: fixed upstream * external/nss/nss-win-arm64.patch: fixed upstream * external/nss/nss_macosx.patch: one hunk was fixed upstream Conflicts: download.lst Reviewed-on: https://gerrit.libreoffice.org/c/core/+/126218 Tested-by: Thorsten Behrens <thorsten.behrens@allotropia.de> Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de> (cherry picked from commit c8e21d246bcb4289cb25c82be440cd07b7418436) Change-Id: I5c3f169c57fc2763029b07ad7e325b2f53b7e28f Reviewed-on: https://gerrit.libreoffice.org/c/core/+/126235 Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com> Reviewed-by: Andras Timar <andras.timar@collabora.com>
-rw-r--r--download.lst4
-rw-r--r--external/nss/UnpackedTarball_nss.mk1
-rw-r--r--external/nss/nss-android.patch.16
-rw-r--r--external/nss/nss-ios.patch6
-rw-r--r--external/nss/nss.getopt.patch.025
-rw-r--r--external/nss/nss_macosx.patch14
6 files changed, 8 insertions, 48 deletions
diff --git a/download.lst b/download.lst
index c5564512a189..5b67845bd0c6 100644
--- a/download.lst
+++ b/download.lst
@@ -205,8 +205,8 @@ export MYTHES_SHA256SUM := 1e81f395d8c851c3e4e75b568e20fa2fa549354e75ab397f9de4b
export MYTHES_TARBALL := a8c2c5b8f09e7ede322d5c602ff6a4b6-mythes-1.2.4.tar.gz
export NEON_SHA256SUM := db0bd8cdec329b48f53a6f00199c92d5ba40b0f015b153718d1b15d3d967fbca
export NEON_TARBALL := neon-0.30.2.tar.gz
-export NSS_SHA256SUM := ec6032d78663c6ef90b4b83eb552dedf721d2bce208cec3bf527b8f637db7e45
-export NSS_TARBALL := nss-3.55-with-nspr-4.27.tar.gz
+export NSS_SHA256SUM := 07a9e5b70f121a62706140d4cacc3006d3efb869da40f3a2bf7a65d37847f4d9
+export NSS_TARBALL := nss-3.73-with-nspr-4.32.tar.gz
export ODFGEN_SHA256SUM := 55200027fd46623b9bdddd38d275e7452d1b0ff8aeddcad6f9ae6dc25f610625
export ODFGEN_VERSION_MICRO := 8
export ODFGEN_TARBALL := libodfgen-0.1.$(ODFGEN_VERSION_MICRO).tar.xz
diff --git a/external/nss/UnpackedTarball_nss.mk b/external/nss/UnpackedTarball_nss.mk
index 4aaa70fc2131..c2195f45aa14 100644
--- a/external/nss/UnpackedTarball_nss.mk
+++ b/external/nss/UnpackedTarball_nss.mk
@@ -26,7 +26,6 @@ $(eval $(call gb_UnpackedTarball_add_patches,nss,\
external/nss/nss.bzmozilla1238154.patch \
external/nss/nss-bz1646594.patch.1 \
external/nss/macos-dlopen.patch.0 \
- external/nss/nss.getopt.patch.0 \
$(if $(filter iOS,$(OS)), \
external/nss/nss-ios.patch) \
$(if $(filter ANDROID,$(OS)), \
diff --git a/external/nss/nss-android.patch.1 b/external/nss/nss-android.patch.1
index 73882e61f3f6..3b6415c23167 100644
--- a/external/nss/nss-android.patch.1
+++ b/external/nss/nss-android.patch.1
@@ -10,9 +10,9 @@ diff -ur nss.org/nspr/build/autoconf/config.sub nss/nspr/build/autoconf/config.s
+if test $1 = "i686-pc-linux-android"; then echo $1; exit; fi
+if test $1 = "x86_64-pc-linux-android"; then echo $1; exit; fi
+
- # Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any).
- # Here we must recognize all the valid KERNEL-OS combinations.
- maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
+ # Split fields of configuration type
+ # shellcheck disable=SC2162
+ IFS="-" read field1 field2 field3 field4 <<EOF
diff -ur nss.org/nspr/configure nss/nspr/configure
--- nss.org/nspr/configure 2017-09-07 15:29:45.018246359 +0200
+++ nss/nspr/configure 2017-09-07 15:31:47.604075663 +0200
diff --git a/external/nss/nss-ios.patch b/external/nss/nss-ios.patch
index 65115a96e806..da09b8d8edf8 100644
--- a/external/nss/nss-ios.patch
+++ b/external/nss/nss-ios.patch
@@ -193,9 +193,9 @@
+if test $1 = "arm64-apple-darwin"; then echo $1; exit; fi
+if test $1 = "aarch64-apple-darwin"; then echo $1; exit; fi
+
- # Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any).
- # Here we must recognize all the valid KERNEL-OS combinations.
- maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
+ # Split fields of configuration type
+ # shellcheck disable=SC2162
+ IFS="-" read field1 field2 field3 field4 <<EOF
--- a/a/nspr/config/autoconf.mk.in
+++ a/a/nspr/config/autoconf.mk.in
@@ -67,7 +67,7 @@
diff --git a/external/nss/nss.getopt.patch.0 b/external/nss/nss.getopt.patch.0
deleted file mode 100644
index aeabb33f9b97..000000000000
--- a/external/nss/nss.getopt.patch.0
+++ /dev/null
@@ -1,25 +0,0 @@
-# pr/tests/sel_spd.c:427:20: error: implicit declaration of function 'getopt' is invalid in C99 [-Werror,-Wimplicit-function-declaration]
---- nspr/pr/tests/sel_spd.c
-+++ nspr/pr/tests/sel_spd.c
-@@ -15,6 +15,9 @@
- #include <stdio.h>
- #include <errno.h>
- #include <string.h>
-+
-+extern char *optarg;
-+int getopt(int argc, char *const argv[], const char *optstring);
-
- #ifdef DEBUG
- #define PORT_INC_DO +100
---- nspr/pr/tests/testfile.c
-+++ nspr/pr/tests/testfile.c
-@@ -23,6 +23,9 @@
- #include <getopt.h>
- #include <errno.h>
- #endif /* XP_OS2 */
-+
-+extern char *optarg;
-+int getopt(int argc, char *const argv[], const char *optstring);
-
- static int _debug_on = 0;
-
diff --git a/external/nss/nss_macosx.patch b/external/nss/nss_macosx.patch
index 07b60a5ed00d..1e7599be6133 100644
--- a/external/nss/nss_macosx.patch
+++ b/external/nss/nss_macosx.patch
@@ -88,17 +88,3 @@ diff -ru a/nss/Makefile b/nss/Makefile
ifdef USE_DEBUG_RTL
NSPR_CONFIGURE_OPTS += --enable-debug-rtl
endif
---- a/a/nspr/pr/include/md/_darwin.h
-+++ b/b/nspr/pr/include/md/_darwin.h
-@@ -40,11 +40,7 @@
-
- #undef HAVE_STACK_GROWING_UP
- #define HAVE_DLL
--#if defined(__x86_64__) || TARGET_OS_IPHONE
- #define USE_DLFCN
--#else
--#define USE_MACH_DYLD
--#endif
- #define _PR_HAVE_SOCKADDR_LEN
- #define _PR_STAT_HAS_ST_ATIMESPEC
- #define _PR_HAVE_LARGE_OFF_T