nss: upgrade to release 3.55.0
Fixes CVE-2020-6829, CVE-2020-12400 CVE-2020-12401 CVE-2020-12403. (also CVE-2020-12402 CVE-2020-12399 in older releases since 3.47) * external/nss/nss.nspr-parallel-win-debug_build.patch: remove, merged upstream Change-Id: I8b48e25ce68a2327cde1420abdaea8f9e51a7888 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/100345 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.stahl@cib.de>
This commit is contained in:
parent
6ad2f46378
commit
495a5944a3
4 changed files with 11 additions and 52 deletions
|
@ -193,8 +193,8 @@ export MYTHES_SHA256SUM := 1e81f395d8c851c3e4e75b568e20fa2fa549354e75ab397f9de4b
|
|||
export MYTHES_TARBALL := a8c2c5b8f09e7ede322d5c602ff6a4b6-mythes-1.2.4.tar.gz
|
||||
export NEON_SHA256SUM := c9dfcee723050df37ce18ba449d7707b78e7ab8230f3a4c59d9112e17dc2718d
|
||||
export NEON_TARBALL := neon-0.31.1.tar.gz
|
||||
export NSS_SHA256SUM := 861a4510b7c21516f49a4cfa5b871aa796e4e1ef2dfe949091970e56f9d60cdf
|
||||
export NSS_TARBALL := nss-3.53-with-nspr-4.25.tar.gz
|
||||
export NSS_SHA256SUM := ec6032d78663c6ef90b4b83eb552dedf721d2bce208cec3bf527b8f637db7e45
|
||||
export NSS_TARBALL := nss-3.55-with-nspr-4.27.tar.gz
|
||||
export ODFGEN_SHA256SUM := 2c7b21892f84a4c67546f84611eccdad6259875c971e98ddb027da66ea0ac9c2
|
||||
export ODFGEN_VERSION_MICRO := 6
|
||||
export ODFGEN_TARBALL := libodfgen-0.1.$(ODFGEN_VERSION_MICRO).tar.bz2
|
||||
|
|
1
external/nss/UnpackedTarball_nss.mk
vendored
1
external/nss/UnpackedTarball_nss.mk
vendored
|
@ -25,7 +25,6 @@ $(eval $(call gb_UnpackedTarball_add_patches,nss,\
|
|||
external/nss/nss.vs2015.pdb.patch \
|
||||
external/nss/nss.bzmozilla1238154.patch \
|
||||
external/nss/macos-dlopen.patch.0 \
|
||||
external/nss/nss.nspr-parallel-win-debug_build.patch \
|
||||
external/nss/nss.getopt.patch.0 \
|
||||
$(if $(filter iOS,$(OS)), \
|
||||
external/nss/nss-ios.patch) \
|
||||
|
|
18
external/nss/macos-dlopen.patch.0
vendored
18
external/nss/macos-dlopen.patch.0
vendored
|
@ -1,14 +1,14 @@
|
|||
--- nspr/pr/src/linking/prlink.c
|
||||
+++ nspr/pr/src/linking/prlink.c
|
||||
@@ -793,7 +793,7 @@
|
||||
/* ensure the file exists if it contains a slash character i.e. path */
|
||||
/* DARWIN's dlopen ignores the provided path and checks for the */
|
||||
/* plain filename in DYLD_LIBRARY_PATH */
|
||||
- if (strchr(name, PR_DIRECTORY_SEPARATOR) == NULL ||
|
||||
+ if (strchr(name, PR_DIRECTORY_SEPARATOR) == NULL || strncmp(name, "@loader_path/", 13) == 0 ||
|
||||
PR_Access(name, PR_ACCESS_EXISTS) == PR_SUCCESS) {
|
||||
h = dlopen(name, dl_flags);
|
||||
}
|
||||
@@ -799,7 +799,7 @@
|
||||
* The reason is that DARWIN's dlopen ignores the provided path
|
||||
* and checks for the plain filename in DYLD_LIBRARY_PATH,
|
||||
* which could load an unexpected version of a library. */
|
||||
- if (strchr(name, PR_DIRECTORY_SEPARATOR) == NULL) {
|
||||
+ if (strchr(name, PR_DIRECTORY_SEPARATOR) == NULL || strncmp(name, "@loader_path/", 13) == 0) {
|
||||
/* no slash, allow to load from any location */
|
||||
okToLoad = PR_TRUE;
|
||||
} else {
|
||||
--- nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpcertstore.c
|
||||
+++ nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpcertstore.c
|
||||
@@ -224,7 +224,11 @@
|
||||
|
|
|
@ -1,40 +0,0 @@
|
|||
Änderung: 4866:23940b78e965
|
||||
Nutzer: Jan-Marek Glogowski <glogow@fbihome.de>
|
||||
Datum: Fri May 01 22:50:55 2020 +0000
|
||||
Dateien: pr/tests/Makefile.in
|
||||
Beschreibung:
|
||||
Bug 290526 Write separate PDBs for test OBJs r=glandium
|
||||
|
||||
Quite often when running a parallel NSS build, I get the following
|
||||
compiler error message, resulting in a build failure, despite
|
||||
compiling with the -FS flag:
|
||||
|
||||
.../nss/nspr/pr/tests/zerolen.c: fatal error C1041:
|
||||
Programmdatenbank "...\nss\nspr\out\pr\tests\vc140.pdb" kann nicht
|
||||
ge<94>ffnet werden; verwenden Sie /FS, wenn mehrere CL.EXE in
|
||||
dieselbe .PDB-Datei schreiben.
|
||||
|
||||
The failing source file is always one of the last test object
|
||||
files. But the actual problem is not the compiler accessing the
|
||||
PDB file, but the linker already linking the first test
|
||||
executables accessing the shared PDB; at least that's my guess.
|
||||
|
||||
So instead of using a shared PDB for all test object files, this
|
||||
uses -Fd$(@:.$(OBJ_SUFFIX)=.pdb) to write a separate PDB for every
|
||||
test's object file. The linker works fine with the shared OBJ PDB.
|
||||
|
||||
Differential Revision: https://phabricator.services.mozilla.com/D68693
|
||||
|
||||
|
||||
diff -r 219d131499d5 -r 23940b78e965 nss/nspr/pr/tests/Makefile.in
|
||||
--- a/nss/nspr/pr/tests/Makefile.in Mon Feb 10 20:58:42 2020 +0000
|
||||
+++ b/nss/nspr/pr/tests/Makefile.in Fri May 01 22:50:55 2020 +0000
|
||||
@@ -211,6 +211,7 @@
|
||||
else
|
||||
EXTRA_LIBS += ws2_32.lib
|
||||
LDOPTS = -NOLOGO -DEBUG -DEBUGTYPE:CV -INCREMENTAL:NO
|
||||
+ CFLAGS += -Fd$(@:.$(OBJ_SUFFIX)=.pdb)
|
||||
ifdef PROFILE
|
||||
LDOPTS += -PROFILE -MAP
|
||||
endif # profile
|
||||
|
Loading…
Reference in a new issue