c5e7af92eb
Fixes CVE-2023-5388 Also update README, and remove obsolete documentation of Debian's mangled SONAME; relevant Debian changelog: nss (2:3.13.4-2) unstable; urgency=low * debian/control, debian/libnss3*, debian/rules, mozilla/security/coreconf/*, mozilla/security/nss/lib/*/manifest.mn: Move to unversioned library. ABI compatibility is ensured upstream, and the SO version, if it needed a change at any time, would be a change in the library name. There is no reason to keep making compatibility more difficult with other distros and upstream binary releases. While previous versions were one-way compatible (binaries built against other distros or upstream nspr could work on Debian), this approach works both ways. -- Mike Hommey <glandium@debian.org> Thu, 17 May 2012 09:45:36 +0200 Change-Id: Ifc1eae68827fa88ae001a3903c8555af67b488ac Reviewed-on: https://gerrit.libreoffice.org/c/core/+/163482 Tested-by: Michael Stahl <michael.stahl@allotropia.de> Reviewed-by: Michael Stahl <michael.stahl@allotropia.de> |
||
---|---|---|
.. | ||
asan.patch.1 | ||
clang-cl.patch.0 | ||
ExternalPackage_nss.mk | ||
ExternalProject_nss.mk | ||
macos-dlopen.patch.0 | ||
Makefile | ||
Module_nss.mk | ||
nsinstall.py | ||
nss-android.patch.1 | ||
nss-bz1646594.patch.1 | ||
nss-ios.patch | ||
nss-restore-manual-pre-dependencies.patch.1 | ||
nss-win32-make.patch.1 | ||
nss.bzmozilla1238154.patch | ||
nss.cygwin64.in32bit.patch | ||
nss.nowerror.patch | ||
nss.patch | ||
nss.utf8bom.patch.1 | ||
nss.vs2015.patch | ||
nss.vs2015.pdb.patch | ||
nss.windows.patch | ||
nss_macosx.patch | ||
README | ||
ubsan.patch.0 | ||
UnpackedTarball_nss.mk | ||
Wincompatible-function-pointer-types.patch.0 |
Contains the Network Security Services (NSS) libraries from Mozilla == ESR versions == Upstream releases both regular and "ESR" versions, the latter go into Firefox ESR and Thunderbird. There is a new ESR version about once a year, and a ESR version gets micro updates only when there are security issues to fix, and it's not always obvious from the release notes of a regular release if there are security issues that are relevant to LibreOffice, hence it's probably best to bundle only the ESR versions and upgrade for every micro release (as recommended by upstream). == Fips 140 and signed libraries == Fips 140 mode is not supported. That is, the *.chk files containing the checksums for the cryptographic module are not delivered into instdir and will not be part of the OOo installation sets. Signing has been turned off because - we change the rpath (install names) after signing which breaks the signatures (Mac) - sqlite conflicts with the system sqlite when signing which breaks the build See also [https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Tech_Notes/nss_tech_note6] == libsqlite3 == With all supported macOS SDK we use NSS_USE_SYSTEM_SQLITE=1 to build using the system sqlite.