On 31 Oct, arie...@apache.org wrote: > This is an automated email from the ASF dual-hosted git repository. > > arielch pushed a commit to branch AOO42X > in repository https://gitbox.apache.org/repos/asf/openoffice.git > > commit 0803cc9dcc220e6714fbf389f163ad96cd701b38 > Author: Ariel Constenla-Haile <arie...@apache.org> > AuthorDate: Thu Oct 31 10:28:47 2019 -0300 > > Fixes from upstream for newer GCC > > Bug 1348767 - logical rather than bitwise OR operator used in OCSP > requests > Bug 1437734 - sign.c use of sprintf generates format-overflow errors > Bug 1438426 - stringop-truncation warning in pathsub.c > > (cherry picked from commit 4363d9ee5e5c293c9bd85e268df59a8aa7a874c4) > --- > main/nss/makefile.mk | 5 +- > main/nss/nss_bug_1348767.patch | 14 ++++++ > main/nss/nss_bug_1437734.patch | 107 > +++++++++++++++++++++++++++++++++++++++++ > main/nss/nss_bug_1438426.patch | 12 +++++ > 4 files changed, 137 insertions(+), 1 deletion(-) > > diff --git a/main/nss/makefile.mk b/main/nss/makefile.mk > index c2d51a5..6e717f0 100644 > --- a/main/nss/makefile.mk > +++ b/main/nss/makefile.mk > @@ -42,7 +42,10 @@ all: > TARFILE_NAME=nss-3.25-with-nspr-4.12 > TARFILE_MD5=4ec9a36c0f7c9360b149491c013b8d50 > TARFILE_ROOTDIR=nss-3.25 > -PATCH_FILES=nss.patch > +PATCH_FILES=nss.patch \ > + nss_bug_1438426.patch \ > + nss_bug_1348767.patch \ > + nss_bug_1437734.patch > > .IF "$(OS)"=="MACOSX" > MACOS_SDK_DIR=$(SDK_PATH) > diff --git a/main/nss/nss_bug_1348767.patch b/main/nss/nss_bug_1348767.patch > new file mode 100644 > index 0000000..b776682 > --- /dev/null > +++ b/main/nss/nss_bug_1348767.patch > @@ -0,0 +1,14 @@ > +diff -uNrp > misc/nss-3.25/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocsprequest.c > misc/build/nss-3.25/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocsprequest.c > +--- misc/nss-3.25/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocsprequest.c > 2016-06-20 14:11:28.000000000 -0300 > ++++ > misc/build/nss-3.25/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocsprequest.c > 2019-10-27 12:38:20.163600289 -0300 > +@@ -89,8 +89,8 @@ pkix_pl_OcspRequest_Hashcode( > + PKIX_HASHCODE(ocspRq->signerCert, &signerHash, plContext, > + PKIX_CERTHASHCODEFAILED); > + > +- *pHashcode = (((((extensionHash << 8) || certHash) << 8) || > +- dateHash) << 8) || signerHash; > ++ *pHashcode = (((((extensionHash << 8) | certHash) << 8) | > ++ dateHash) << 8) | signerHash; > + > + cleanup: > + > diff --git a/main/nss/nss_bug_1437734.patch b/main/nss/nss_bug_1437734.patch > new file mode 100644 > index 0000000..19e7ead > --- /dev/null > +++ b/main/nss/nss_bug_1437734.patch > @@ -0,0 +1,107 @@ > +--- misc/nss-3.25/nss/cmd/signtool/sign.c 2016-06-20 14:11:28.000000000 > -0300 > ++++ misc/build/nss-3.25/nss/cmd/signtool/sign.c 2019-10-28 > 21:16:32.798336910 -0300 > +@@ -43,6 +43,7 @@ SignArchive(char *tree, char *keyName, c > + int status; > + char tempfn[FNSIZE], fullfn[FNSIZE]; > + int keyType = rsaKey; > ++ int count; > + > + metafile = meta_file; > + optimize = _optimize; > +@@ -81,11 +82,18 @@ SignArchive(char *tree, char *keyName, c > + } > + > + /* rsa/dsa to zip */ > +- sprintf(tempfn, "META-INF/%s.%s", base, (keyType == dsaKey ? > +- "dsa" > +- : > +- "rsa")); > +- sprintf(fullfn, "%s/%s", tree, tempfn); > ++ count = snprintf(tempfn, sizeof(tempfn), "META-INF/%s.%s", base, > (keyType == dsaKey ? "dsa" : "rsa")); > ++ if (count >= sizeof(tempfn)) { > ++ PR_fprintf(errorFD, "unable to write key metadata\n"); > ++ errorCount++; > ++ exit(ERRX); > ++ } > ++ count = snprintf(fullfn, sizeof(fullfn), "%s/%s", tree, tempfn); > ++ if (count >= sizeof(fullfn)) { > ++ PR_fprintf(errorFD, "unable to write key metadata\n"); > ++ errorCount++; > ++ exit(ERRX); > ++ } > + JzipAdd(fullfn, tempfn, zipfile, compression_level); > + > + /* Loop through all files & subdirectories, add to archive */ > +@@ -95,22 +103,44 @@ SignArchive(char *tree, char *keyName, c > + } > + /* mf to zip */ > + strcpy(tempfn, "META-INF/manifest.mf"); > +- sprintf(fullfn, "%s/%s", tree, tempfn); > ++ count = snprintf(fullfn, sizeof(fullfn), "%s/%s", tree, tempfn); > ++ if (count >= sizeof(fullfn)) { > ++ PR_fprintf(errorFD, "unable to write manifest\n"); > ++ errorCount++; > ++ exit(ERRX); > ++ } > + JzipAdd(fullfn, tempfn, zipfile, compression_level); > + > + /* sf to zip */ > +- sprintf(tempfn, "META-INF/%s.sf", base); > +- sprintf(fullfn, "%s/%s", tree, tempfn); > ++ count = snprintf(tempfn, sizeof(tempfn), "META-INF/%s.sf", base); > ++ if (count >= sizeof(tempfn)) { > ++ PR_fprintf(errorFD, "unable to write sf metadata\n"); > ++ errorCount++; > ++ exit(ERRX); > ++ } > ++ count = snprintf(fullfn, sizeof(fullfn), "%s/%s", tree, tempfn); > ++ if (count >= sizeof(fullfn)) { > ++ PR_fprintf(errorFD, "unable to write sf metadata\n"); > ++ errorCount++; > ++ exit(ERRX); > ++ } > + JzipAdd(fullfn, tempfn, zipfile, compression_level); > + > + /* Add the rsa/dsa file to the zip archive normally */ > + if (!xpi_arc) { > + /* rsa/dsa to zip */ > +- sprintf(tempfn, "META-INF/%s.%s", base, (keyType == dsaKey ? > +- "dsa" > +- : > +- "rsa")); > +- sprintf(fullfn, "%s/%s", tree, tempfn); > ++ count = snprintf(tempfn, sizeof(tempfn), "META-INF/%s.%s", base, > (keyType == dsaKey ? "dsa" : "rsa")); > ++ if (count >= sizeof(tempfn)) { > ++ PR_fprintf(errorFD, "unable to write key metadata\n"); > ++ errorCount++; > ++ exit(ERRX); > ++ } > ++ count = snprintf(fullfn, sizeof(fullfn), "%s/%s", tree, tempfn); > ++ if (count >= sizeof(fullfn)) { > ++ PR_fprintf(errorFD, "unable to write key metadata\n"); > ++ errorCount++; > ++ exit(ERRX); > ++ } > + JzipAdd(fullfn, tempfn, zipfile, compression_level); > + } > + > +@@ -413,6 +443,7 @@ static int > + manifesto_xpi_fn(char *relpath, char *basedir, char *reldir, char > *filename, void *arg) > + { > + char fullname[FNSIZE]; > ++ int count; > + > + if (verbosity >= 0) { > + PR_fprintf(outputFD, "--> %s\n", relpath); > +@@ -426,7 +457,10 @@ manifesto_xpi_fn(char *relpath, char *ba > + if (!PL_HashTableLookup(extensions, ext)) > + return 0; > + } > +- sprintf(fullname, "%s/%s", basedir, relpath); > ++ count = snprintf(fullname, sizeof(fullname), "%s/%s", basedir, relpath); > ++ if (count >= sizeof(fullname)) { > ++ return 1; > ++ } > + JzipAdd(fullname, relpath, zipfile, compression_level); > + > + return 0; > diff --git a/main/nss/nss_bug_1438426.patch b/main/nss/nss_bug_1438426.patch > new file mode 100644 > index 0000000..978c270 > --- /dev/null > +++ b/main/nss/nss_bug_1438426.patch > @@ -0,0 +1,12 @@ > +diff -uNrp misc/nss-3.25/nss/coreconf/nsinstall/pathsub.c > misc/build/nss-3.25/nss/coreconf/nsinstall/pathsub.c > +--- misc/nss-3.25/nss/coreconf/nsinstall/pathsub.c 2016-06-20 > 14:11:28.000000000 -0300 > ++++ misc/build/nss-3.25/nss/coreconf/nsinstall/pathsub.c 2019-10-27 > 12:26:03.251950354 -0300 > +@@ -214,7 +214,7 @@ reversepath(char *inpath, char *name, in > + xchdir(".."); > + } else { > + cp -= 3; > +- strncpy(cp, "../", 3); > ++ memcpy(cp, "../", 3); > + xchdir(buf); > + } > + } >
nss really needs to be updated. Unfortunately very recent versions can't be built with some of the ancient compilers that we are stuck with (like the old version of Visual C++ that we use for 32-bit Windows builds), or at least not without an insane amount of patching. I don't know if gcc on CentOS 6 is also a problem. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
