nss: upgrade to release 3.55.0

Fixes CVE-2020-6829, CVE-2020-12400 CVE-2020-12401 CVE-2020-12403.
(also CVE-2020-12402 CVE-2020-12399 in older releases since 3.47)

* external/nss/nss.nspr-parallel-win-debug_build.patch:
  remove, merged upstream

Change-Id: I8b48e25ce68a2327cde1420abdaea8f9e51a7888
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/100345
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@cib.de>
This commit is contained in:
Michael Stahl 2020-08-07 18:57:00 +02:00 committed by Michael Stahl
parent 6ad2f46378
commit 495a5944a3
4 changed files with 11 additions and 52 deletions

View file

@ -193,8 +193,8 @@ export MYTHES_SHA256SUM := 1e81f395d8c851c3e4e75b568e20fa2fa549354e75ab397f9de4b
export MYTHES_TARBALL := a8c2c5b8f09e7ede322d5c602ff6a4b6-mythes-1.2.4.tar.gz
export NEON_SHA256SUM := c9dfcee723050df37ce18ba449d7707b78e7ab8230f3a4c59d9112e17dc2718d
export NEON_TARBALL := neon-0.31.1.tar.gz
export NSS_SHA256SUM := 861a4510b7c21516f49a4cfa5b871aa796e4e1ef2dfe949091970e56f9d60cdf
export NSS_TARBALL := nss-3.53-with-nspr-4.25.tar.gz
export NSS_SHA256SUM := ec6032d78663c6ef90b4b83eb552dedf721d2bce208cec3bf527b8f637db7e45
export NSS_TARBALL := nss-3.55-with-nspr-4.27.tar.gz
export ODFGEN_SHA256SUM := 2c7b21892f84a4c67546f84611eccdad6259875c971e98ddb027da66ea0ac9c2
export ODFGEN_VERSION_MICRO := 6
export ODFGEN_TARBALL := libodfgen-0.1.$(ODFGEN_VERSION_MICRO).tar.bz2

View file

@ -25,7 +25,6 @@ $(eval $(call gb_UnpackedTarball_add_patches,nss,\
external/nss/nss.vs2015.pdb.patch \
external/nss/nss.bzmozilla1238154.patch \
external/nss/macos-dlopen.patch.0 \
external/nss/nss.nspr-parallel-win-debug_build.patch \
external/nss/nss.getopt.patch.0 \
$(if $(filter iOS,$(OS)), \
external/nss/nss-ios.patch) \

View file

@ -1,14 +1,14 @@
--- nspr/pr/src/linking/prlink.c
+++ nspr/pr/src/linking/prlink.c
@@ -793,7 +793,7 @@
/* ensure the file exists if it contains a slash character i.e. path */
/* DARWIN's dlopen ignores the provided path and checks for the */
/* plain filename in DYLD_LIBRARY_PATH */
- if (strchr(name, PR_DIRECTORY_SEPARATOR) == NULL ||
+ if (strchr(name, PR_DIRECTORY_SEPARATOR) == NULL || strncmp(name, "@loader_path/", 13) == 0 ||
PR_Access(name, PR_ACCESS_EXISTS) == PR_SUCCESS) {
h = dlopen(name, dl_flags);
}
@@ -799,7 +799,7 @@
* The reason is that DARWIN's dlopen ignores the provided path
* and checks for the plain filename in DYLD_LIBRARY_PATH,
* which could load an unexpected version of a library. */
- if (strchr(name, PR_DIRECTORY_SEPARATOR) == NULL) {
+ if (strchr(name, PR_DIRECTORY_SEPARATOR) == NULL || strncmp(name, "@loader_path/", 13) == 0) {
/* no slash, allow to load from any location */
okToLoad = PR_TRUE;
} else {
--- nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpcertstore.c
+++ nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpcertstore.c
@@ -224,7 +224,11 @@

View file

@ -1,40 +0,0 @@
Änderung: 4866:23940b78e965
Nutzer: Jan-Marek Glogowski <glogow@fbihome.de>
Datum: Fri May 01 22:50:55 2020 +0000
Dateien: pr/tests/Makefile.in
Beschreibung:
Bug 290526 Write separate PDBs for test OBJs r=glandium
Quite often when running a parallel NSS build, I get the following
compiler error message, resulting in a build failure, despite
compiling with the -FS flag:
.../nss/nspr/pr/tests/zerolen.c: fatal error C1041:
Programmdatenbank "...\nss\nspr\out\pr\tests\vc140.pdb" kann nicht
ge<94>ffnet werden; verwenden Sie /FS, wenn mehrere CL.EXE in
dieselbe .PDB-Datei schreiben.
The failing source file is always one of the last test object
files. But the actual problem is not the compiler accessing the
PDB file, but the linker already linking the first test
executables accessing the shared PDB; at least that's my guess.
So instead of using a shared PDB for all test object files, this
uses -Fd$(@:.$(OBJ_SUFFIX)=.pdb) to write a separate PDB for every
test's object file. The linker works fine with the shared OBJ PDB.
Differential Revision: https://phabricator.services.mozilla.com/D68693
diff -r 219d131499d5 -r 23940b78e965 nss/nspr/pr/tests/Makefile.in
--- a/nss/nspr/pr/tests/Makefile.in Mon Feb 10 20:58:42 2020 +0000
+++ b/nss/nspr/pr/tests/Makefile.in Fri May 01 22:50:55 2020 +0000
@@ -211,6 +211,7 @@
else
EXTRA_LIBS += ws2_32.lib
LDOPTS = -NOLOGO -DEBUG -DEBUGTYPE:CV -INCREMENTAL:NO
+ CFLAGS += -Fd$(@:.$(OBJ_SUFFIX)=.pdb)
ifdef PROFILE
LDOPTS += -PROFILE -MAP
endif # profile