diff options
| author | Michael Stahl <Michael.Stahl@cib.de> | 2020-08-07 18:57:00 +0200 |
|---|---|---|
| committer | Andras Timar <andras.timar@collabora.com> | 2020-08-18 10:29:51 +0200 |
| commit | 9770f350d2eb8719a1a8f70f4e5cecb70583e25a (patch) | |
| tree | aa17e420c8838d5fa3c2aa8a21631eb48c1b1dd3 /external | |
| parent | 7cbd7326eedc402319306d5b7df6a6e52025bf82 (diff) | |
nss: upgrade to release 3.55.0
Fixes CVE-2020-6829, CVE-2020-12400 CVE-2020-12401 CVE-2020-12403.
(also CVE-2020-12402 CVE-2020-12399 in older releases since 3.47)
* external/nss/nss.nspr-parallel-win-debug_build.patch:
remove, merged upstream
Change-Id: I8b48e25ce68a2327cde1420abdaea8f9e51a7888
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/100345
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@cib.de>
(cherry picked from commit 495a5944a3d442cfe748a3bb0dcef76f6a961d30)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/100420
Reviewed-by: Xisco Fauli <xiscofauli@libreoffice.org>
(cherry picked from commit 227d30a3a17f2fffb1a166cdc3e2a796bb335214)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/100590
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Diffstat (limited to 'external')
| -rw-r--r-- | external/nss/UnpackedTarball_nss.mk | 1 | ||||
| -rw-r--r-- | external/nss/macos-dlopen.patch.0 | 18 | ||||
| -rw-r--r-- | external/nss/nss.nspr-parallel-win-debug_build.patch | 40 |
3 files changed, 9 insertions, 50 deletions
diff --git a/external/nss/UnpackedTarball_nss.mk b/external/nss/UnpackedTarball_nss.mk index 8801c7cdad63..1cad5852fa89 100644 --- a/external/nss/UnpackedTarball_nss.mk +++ b/external/nss/UnpackedTarball_nss.mk @@ -23,7 +23,6 @@ $(eval $(call gb_UnpackedTarball_add_patches,nss,\ external/nss/nss.vs2015.pdb.patch \ external/nss/nss.bzmozilla1238154.patch \ external/nss/macos-dlopen.patch.0 \ - external/nss/nss.nspr-parallel-win-debug_build.patch \ $(if $(filter iOS,$(OS)), \ external/nss/nss-ios.patch) \ $(if $(filter ANDROID,$(OS)), \ diff --git a/external/nss/macos-dlopen.patch.0 b/external/nss/macos-dlopen.patch.0 index 8c484e4c6841..1889b8df7cd3 100644 --- a/external/nss/macos-dlopen.patch.0 +++ b/external/nss/macos-dlopen.patch.0 @@ -1,14 +1,14 @@ --- nspr/pr/src/linking/prlink.c +++ nspr/pr/src/linking/prlink.c -@@ -793,7 +793,7 @@ - /* ensure the file exists if it contains a slash character i.e. path */ - /* DARWIN's dlopen ignores the provided path and checks for the */ - /* plain filename in DYLD_LIBRARY_PATH */ -- if (strchr(name, PR_DIRECTORY_SEPARATOR) == NULL || -+ if (strchr(name, PR_DIRECTORY_SEPARATOR) == NULL || strncmp(name, "@loader_path/", 13) == 0 || - PR_Access(name, PR_ACCESS_EXISTS) == PR_SUCCESS) { - h = dlopen(name, dl_flags); - } +@@ -799,7 +799,7 @@ + * The reason is that DARWIN's dlopen ignores the provided path + * and checks for the plain filename in DYLD_LIBRARY_PATH, + * which could load an unexpected version of a library. */ +- if (strchr(name, PR_DIRECTORY_SEPARATOR) == NULL) { ++ if (strchr(name, PR_DIRECTORY_SEPARATOR) == NULL || strncmp(name, "@loader_path/", 13) == 0) { + /* no slash, allow to load from any location */ + okToLoad = PR_TRUE; + } else { --- nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpcertstore.c +++ nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpcertstore.c @@ -224,7 +224,11 @@ diff --git a/external/nss/nss.nspr-parallel-win-debug_build.patch b/external/nss/nss.nspr-parallel-win-debug_build.patch deleted file mode 100644 index 86b55e1ccf7f..000000000000 --- a/external/nss/nss.nspr-parallel-win-debug_build.patch +++ /dev/null @@ -1,40 +0,0 @@ -Änderung: 4866:23940b78e965 -Nutzer: Jan-Marek Glogowski <glogow@fbihome.de> -Datum: Fri May 01 22:50:55 2020 +0000 -Dateien: pr/tests/Makefile.in -Beschreibung: -Bug 290526 Write separate PDBs for test OBJs r=glandium - -Quite often when running a parallel NSS build, I get the following -compiler error message, resulting in a build failure, despite -compiling with the -FS flag: - -.../nss/nspr/pr/tests/zerolen.c: fatal error C1041: -Programmdatenbank "...\nss\nspr\out\pr\tests\vc140.pdb" kann nicht -ge<94>ffnet werden; verwenden Sie /FS, wenn mehrere CL.EXE in -dieselbe .PDB-Datei schreiben. - -The failing source file is always one of the last test object -files. But the actual problem is not the compiler accessing the -PDB file, but the linker already linking the first test -executables accessing the shared PDB; at least that's my guess. - -So instead of using a shared PDB for all test object files, this -uses -Fd$(@:.$(OBJ_SUFFIX)=.pdb) to write a separate PDB for every -test's object file. The linker works fine with the shared OBJ PDB. - -Differential Revision: https://phabricator.services.mozilla.com/D68693 - - -diff -r 219d131499d5 -r 23940b78e965 nss/nspr/pr/tests/Makefile.in ---- a/nss/nspr/pr/tests/Makefile.in Mon Feb 10 20:58:42 2020 +0000 -+++ b/nss/nspr/pr/tests/Makefile.in Fri May 01 22:50:55 2020 +0000 -@@ -211,6 +211,7 @@ - else - EXTRA_LIBS += ws2_32.lib - LDOPTS = -NOLOGO -DEBUG -DEBUGTYPE:CV -INCREMENTAL:NO -+ CFLAGS += -Fd$(@:.$(OBJ_SUFFIX)=.pdb) - ifdef PROFILE - LDOPTS += -PROFILE -MAP - endif # profile - |